Learning to setup a Fedora server after converting from Ubuntu

  • 03 Dec 2016
  • Matthew Wittering

About a month ago I decided to try another Linux distribution instead of Ubuntu

After a little trial and error I settled on Fedora. I have been using Linux is one for or another since 2002 or 2003. Since 2008 I've just used Ubuntu on my desktop as the OS.

My journey with Linux started after a family computer upgrade. I quickly commandeered the decommissioned Pentium 3 500Mhz and installed Mandrake which was quickly replaced with Suse 9.1. Something which is dwarfed in many respects by a RaspberryPi, became a fertile ground to try out new software and learn about libre software.

In my most recent jaunt between distribution, I tried Ubuntu Gnome, Debian, openSUSE and finally settling on Fedora. There was quite a lot of trial and error, but after trying Ubuntu Gnome I quick realised I loved Gnome 3.

Something didn't fit with Ubuntu Gnome, and as it didn't resolve the wireless instability I found with Ubuntu 16.04 I decided to keep searching. Next was Debian - which fell by the wayside quick as I didn't like the vanilla nature of Gnome. Now enter openSuse. This was like trying on an old coat. Familiar and reassuring, but with a smaller a community than I was used too and poor performance on my low powered laptop I decided to try Fedora.

Fedora looks great and has become dependable instantly. Though I still have intermittent wireless grumbles, I've fallen in love with the simplicity and easy from it's implementation of Gnome 3. I've found the migration easy principally because of the community of users and the content they've put online.

Anyway, I should say that despite the instability and wireless frustration with Ubuntu 15.10 onwards I feel that Ubuntu has become rather stale. After a short trial with Gnome 3, I decided it is a more pleasurable experience than Unity 7. While Ubuntu is calmly building the future, for the time being the grass is certainly green this site of the fence.

Migration Frustration

One frustration of moving system, has resulted in the need for me to rewrite some of the scripts I use to configure machines. As I decided to replace the machine severing this site, it's meant reworking the script I use to setup Apache and Django.

The tutorial below combines a number of articles which I've read and found crucial to helping me configure a new server. Much is familiar but there are certainly difference between Ubuntu and Fedora which stretched me as I navigated the frustrations and pleasure of a hobbyist sysadmin.

I am going to assume that you've already build a new Fedora instance in Digital Ocean or a similar service.

Creating a Standard User Account

To add the user, type:

adduser demo

The provide a password:

passwd demo

Then add the user to the wheel group, which gives it sudo privileges.

gpasswd -a demo wheel

I then copied over my SSH Keys to login without a password from my local machine...

ssh-copy-id -i ~/.ssh/id_rsa.pub <username>@<ip_address>

Locking down Root Login and Password Authentication

In this step, we'll make SSH logins more secure by disabling root logins. To edit configuration files, you'll need to install a text editor. I use nano but you can use whichever is your favourite. First, apply any available updates using:

sudo dnf update -y

Then, to install nano, type:

sudo dnf install -y nano

Now, open the the SSH daemon's configuration file for editing.

sudo nano /etc/ssh/sshd_config

Inside that file, look for the PermitRootLogin directive. You're going to modify it to read as:

PermitRootLogin no

Save and exit the file, then reload the configuration to put your changes into place.

sudo systemctl reload sshd

Enabling a Firewall

Apparently a new Fedora server has no active firewall application. In this step, we'll enable the IPTables firewall application and make sure that runtime rules persist after a reboot.

sudo dnf install -y iptables iptables-services

You may then enable IPTables so that it automatically starts on boot.

sudo systemctl enable iptables

Next, start IPTables.

sudo systemctl start iptables

To view the default rules, type:

sudo iptables -L

If you're going to run websites from the machine like me you'll need to allow access via ports 80 (HTTP) and 443 (HTTPS). This is done by adding these additional lines into the configuration file. To open the firewall rules file by typing:

sudo nano /etc/sysconfig/iptables

And add the following lines:

-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT

Then to activate the new ruleset, restart IPTables.

sudo systemctl restart iptables

Finally save the current runtime rules to a file so that they persist after a reboot, type:

sudo /usr/libexec/iptables/iptables.init save

Installing some helpful software

Next I install the following as they are helpful for running my Django sites and maintaining the system.

sudo dnf install -y git python-pip sqlite tree

Installing the required Python software

The next I created a Python Virtual Environment, something which was new. We need to install the virtualenv command to create these environments. We can get this using pip:

sudo pip install virtualenv

With virtualenv installed, we can start forming our project. Create a directory where you wish to keep your project and move into the directory:

mkdir -p ~/website
cd ~/website

Within the project directory, create a Python virtual environment by typing:

virtualenv websiteenv

Then activate the virtual environment:

source websiteenv/bin/activate

As a baseline I always ensure these Python packages are available on my machines. I use pip as I find it easier to manage some packages and versions:

pip install arrow Django==1.10.3 django-bootstrap-pagination django-crispy-forms humanize markdown pyyaml requests simplejson sqlite3dbm xmltodict

To exist the virtual python environment type:

deactivate

Finally it might be worth updating pip.

sudo pip install --upgrade pip

Installing the required Web Server software

sudo dnf install -y httpd mod_wsgi

Now we need to turn off SELinux so that we can server the website... What you need to do is to change is “SELINUX=enforcing” to “SELINUX=disabled” in:

sudo nano /etc/sysconfig/selinux

To configure a Virtual Host in Apache we need to create a new configuration file. Open nano with the following path:

sudo nano /etc/httpd/conf.d/example.com.conf

Example configuration file:

<VirtualHost *:80>
  ServerName www.example.com
  ServerAlias www.example.com
  Redirect / http://example.com/
</VirtualHost>
<VirtualHost *:80>
  ServerName example.com
  ServerAlias example.com

  Alias /static /home/demo/website/static
  Alias /robots.txt /home/demo/website/static/robots.txt

  <Directory /home/demo/website/static>
      Require all granted
  </Directory>

  <Directory /home/demo/website/website>
    <Files wsgi.py>
      Require all granted
    </Files>
  </Directory>

  WSGIDaemonProcess website python-path=/home/demo/website:/home/demo/website/websiteenv/lib/python2.7/site-packages
  WSGIProcessGroup website
  WSGIScriptAlias / /home/demo/website/website/wsgi.py
</VirtualHost>

Add the apache user to your group with the following command. Substitute your own username for the user in the command:

sudo usermod -a -G demo apache

Now, we can give our user group execute permissions on our home directory. This will allow the Apache process to enter and access content within:

chmod 710 /home/demo
chmod 664 ~/website/db.sqlite3
sudo chown :apache ~/website/db.sqlite3
sudo chown :apache ~/website/

Once these steps are done, you are ready to start the Apache service. To do so, type:

sudo systemctl restart httpd

If everything works as expected, you can enable the Apache service so that it starts automatically at boot:

sudo systemctl enable httpd

References

  1. Initial Setup of a Fedora 21 Server | DigitalOcean
  2. Apache vs Nginx: Practical Considerations | DigitalOcean
  3. How To Serve Django Applications with Apache and mod_wsgi on CentOS 7 | DigitalOcean
  4. Deploying Python Web Applications with nginx and uWSGI Emperor | Chris Warrick
  5. Howto- Disable SELinux on Fedora/Centos/RHEL/SL | Unixmen