Saturday, July 29, 2023

How to Secure http with LetsEncrypt in Centos7 | How to Secure http with LetsEncrypt in REdHat 7

Securing your website with Let's Encrypt on CentOS 7 involves a few steps. Let's walk through the process step-by-step:

  1. Prerequisites:

    • Make sure you have root access to your CentOS 7 server.
    • Ensure your domain is properly pointed to your server's IP address.

  2. Install Certbot: Certbot is a client application that helps you obtain and manage Let's Encrypt SSL certificates. Install Certbot with the EPEL repository: 

    bash
    yum install epel-release

    yum install certbot python2-certbot-apache

  3. Set Up Apache: If you're using Apache as your web server, you'll need to enable the required modules: 

    bash
    yum install httpd 
    systemctl start httpd

    systemctl     enable httpd

  4. Configure Firewall: Allow HTTP and HTTPS traffic through the firewall: 

    bash
    firewall-cmd --permanent --add-service=http

    firewall-cmd --permanent --add-service=https

    firewall-cmd --reload

  5. Obtain the SSL Certificate: Use Certbot to obtain an SSL certificate for your domain. Replace domain.com with your actual domain name: 

    bash
    certbot --apache -d domain.com -d www.domain.com

    Certbot will guide you through the process, and you may need to provide an email address for renewal notifications.

  6. Automate Certificate Renewal: Let's Encrypt certificates are valid for 90 days. To ensure your certificates are automatically renewed, set up a cron job: 

    bash
    crontab -e

    Add the following line to run the renewal check daily: 

    bash
    30 2 * * * /usr/bin/certbot renew >> /var/log/letsencrypt/renewal.log

  7. Update Apache Configuration: Certbot will automatically update your Apache configuration to use the SSL certificate. However, you might need to adjust your virtual host settings to include the following lines: 

    bash
    <VirtualHost *:443>

    ServerName domain.com

    ServerAlias www.domain.com

    DocumentRoot /var/www/html

    
    # SSL Configuration

    SSLEngine on

    SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem

    
    # Other configurations as needed

    </VirtualHost>

  8. Restart Apache: After making any configuration changes, restart Apache to apply the new settings: 

    bash
    systemctl restart httpd

That's it! Your website should now be accessible over HTTPS with a valid SSL certificate from Let's Encrypt. Remember to periodically check your SSL certificate's expiration and ensure that the automatic renewal process is working correctly.

at No comments:

How to Configure Yum Server in RHEL/CentOS/Rocky Linux | Create Local Yum Server Configuration


To create a local YUM (Yellowdog Updater Modified) server, you'll need a system with access to the packages you want to host locally. This local server can then be used to distribute packages to other systems on the same network, improving installation and update speeds and reducing external internet dependencies. Here's a step-by-step guide to creating a local YUM server:

Steps To follow:

1 - Set Up a CentOS/RHEL System (or Similar) 

2 - Install Required Software 

3 - Prepare the Package Repository 

4 - Create the YUM Repository Metadata 

5 - Configure HTTP Server (Apache) 

6 -  Configure Firewall (if necessary) 

7 - Verify the YUM Repository

8 - Configure YUM Clients:

9 - Update YUM Cache on Clients

10 - Install Packages from Local Repository

 


  1. 1: Set Up a CentOS/RHEL System (or Similar):

  2. Choose a CentOS, Red Hat Enterprise Linux (RHEL), or a similar distribution as the base for your local YUM server. You can also use a virtual machine for this purpose.


  4. 2: Install Required Software: Open a terminal and make sure your system is up to date. Install the necessary packages: 

    bash
    sudo yum update

    sudo yum install epel-release

    sudo yum install createrepo httpd


  6. 3: Prepare the Package Repository: Create a directory to store the RPM packages you want to make available via YUM. For example, you can use the following directory structure: 

    bash
    sudo mkdir -p /var/www/html/local-yum/repo

    Copy or download the RPM packages you want to host into this directory.


  8. 4: Create the YUM Repository Metadata: Now, you need to generate metadata for the repository using the createrepo command. This metadata helps YUM clients understand the package dependencies and other information. 

    bash
    sudo createrepo /var/www/html/local-yum/repo

  9. 5: Configure HTTP Server (Apache): Since YUM clients will access the repository over HTTP, you need to configure a web server. The most common choice is Apache. 

    bash
    sudo systemctl start httpd

    sudo systemctl enable httpd

  10. 6: Configure Firewall (if necessary): If you have an active firewall, you need to open the HTTP port (port 80) to allow incoming connections.

    bash
    sudo firewall-cmd --add-service=http --permanent

    sudo firewall-cmd --reload

  11. 7: Verify the YUM Repository: At this point, your local YUM repository should be set up and accessible over HTTP. To verify it, open a web browser and go to http://your_server_ip/local-yum/repo/. You should see the repository's directory listing and the repodata folder containing the repository metadata.


  13. 8: Configure YUM Clients: On the client machines, create a .repo file in the /etc/yum.repos.d/ directory to configure YUM to use your local repository. For example: 

    bash
    sudo vi /etc/yum.repos.d/local-yum.repo

    Add the following content to the file (replace your_server_ip with the IP address or hostname of your YUM server): 

    makefile
    [local-yum]

    name=Local YUM Repository

    baseurl=http://your_server_ip/local-yum/repo

    enabled=1

    gpgcheck=0  # If you're not using GPG signing

    Save the file and exit the editor.


  15. 9: Update YUM Cache on Clients: On the client systems, update the YUM cache to include the new local repository: 

    bash
    sudo yum clean all

    sudo yum makecache

  16. 10: Install Packages from Local Repository: Now, you can install packages from your local repository as you would with any other YUM repository:

bash
sudo yum install package_name

That's it! You now have a local YUM server that provides packages to your local network. Keep in mind that you'll need to regularly update the packages in your local repository to keep it up to date with the latest versions. Additionally, you can explore further configurations, such as setting up GPG signing for added security.

at No comments:
Subscribe to: Posts (Atom)

Linux server hardening | Secure Linux Servers

 Linux server hardening is the process of securing a Linux server by reducing its attack surface and mitigating security risks. The goal is ...