Prepare the environment of CentOS 8 with Sakura VPS
Overview
If you subscribe to Sakura VPS, the environment will be CentOS 7 by default. If you want to use it with much effort, a new environment is good, so prepare an environment for CentOS 8.
CentOS 8 setup
Various settings-> OS installation
Select a custom OS and select CentOS 8 x86_64 as the installation OS.
Press the button to execute the installation.
After waiting for a while, the start button of the VNC console will be displayed at the bottom of the screen, so press it.
Make two settings, Language Support and Installation Destination.
First, select Japanese in Language Support and Done
Select the red frame displayed on the Installation Destination screen and delete all (press the - button).
If you delete it, it looks like this.
Click here to create them automatically Click the link
If you are particular about it, set the partition yourself, otherwise press the Done button
Press the Accept Changes button
Press the Begine Installation button
The installation screen will appear, so set the Root Password here.
Set any password and Done
If you want to create it other than the root user, create it and Done
A screen like an error appears, but this state seems to be the state of installation completion.
Press the start button from the Sakura VPS control panel
Since my environment is Mac, start Terminal and check the SSH connection with the following command.
$ ssh [email protected]
The authenticity of host '199.19.199.199 (199.19.199.199)' can't be established.
ECDSA key fingerprint is SHA256:abcde99zxyJ1jMEtDSr8DZC6GzrmvExoE1oPoySlw30.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '199.19.199.199' (ECDSA) to the list of known hosts.
[email protected]'s password:
$ less /etc/redhat-release
CentOS Linux release 8.2.2004 (Core)
/etc/redhat-release (END)
For the time being, only the installation of CentOS 8 is completed.
Various initial settings
For the time being, dnf update
$ sudo dnf -y update
You should have taken regular training from your system administrator.
This is usually summarized in three points::
#1)Respect the privacy of others.
#2)Think before typing.
#3)Great power comes with great responsibility.
[sudo]yamaguchi password:
Final confirmation of metadata expiration: 0:07:It was held 40 hours ago on October 02, 2020 at 20:28:01.
The dependency has been resolved.
There is nothing to do.
Has completed!
There is no particular update
Check Time Zone
It's kind to Japanese people. It's already Asia / Tokyo.
$ timedatectl status
Local time:Fri 2020-10-02 20:37:22 JST
Universal time:Fri 2020-10-02 11:37:22 UTC
RTC time:Fri 2020-10-02 11:37:21
Time zone: Asia/Tokyo (JST, +0900)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
Locale confirmation
Oh, this is en_US.UTF-8.
$ localectl status
System Locale: LANG=en_US.UTF-8
VC Keymap: jp106
X11 Layout: jp
$ sudo localectl set-locale LANG=ja_JP.UTF-8
[yamaguchi@tk2-253-36402 ~]$ localectl status
System Locale: LANG=ja_JP.UTF-8
VC Keymap: jp106
X11 Layout: jp
I'll put Vim in
$ sudo dnf -y install vim
Secure connection settings with SSH Keys
Create an RSA key pair in the terminal on the client machine (Mac).
Commands on Mac
$ cd ~/.ssh
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/you_name_is_yu/.ssh/id_rsa): sakura_id_rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in sakura_id_rsa.
Your public key has been saved in sakura_id_rsa.pub.
The key fingerprint is:
....
$ ls -la | grep sakura
-rw------- 1 you_name_is_yu staff 2675 10 2 20:56 sakura_id_rsa
-rw-r--r-- 1 you_name_is_yu staff 592 10 2 20:56 sakura_id_rsa.pub
RSA key pair made on Mac
Commands on Mac
$ ssh-copy-id -i sakura_id_rsa.pub [email protected]
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "sakura_id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
At this point, the sakura_id_rsa.pub key has been uploaded to the specified account on the Sakura VPS server.
Let's check it just in case.
Sakura VPS command
$ cd ~/.ssh
$ $ ls
authorized_keys
Now when you connect to ssh from the Mac side, you can log in with key authentication without entering ID / PASS.
Mac terminal
$ ssh [email protected] -i ~/.ssh/sakura_id_rsa
Last login: Fri Oct 2 20:52:39 2020 from 60.125.73.203
I wasn't asked for my password.
Disable SSH connection on root account
Sakura VPS
# sudo cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config.org
# sudo vim /etc/ssh/sshd_config
/etc/ssh/sshd_config
PermitRootLogin no # yes ->Change to no
Restart sshd when the settings are complete
$ sudo systemctl restart sshd
Make sure you can't ssh as root.
OK if you get Permission denied as shown below
Mac terminal
$ ssh [email protected]
[email protected]'s password:
Permission denied, please try again.
Of course, it is possible to access from the console from the control panel of Sakura VPS, so It's okay if you make a mistake and even a normal user can't connect to ssh, let alone root.
For the time being, I think that the basic part of the CentOS 8 environment has been set.
Sakura VPS packet filter settings
In the environment we are building this time, we are assuming a web application with nginx + php, so we need to be able to connect to ports 80 and 443. By default, it seems that none of the ports are open, so set that.
Press the button to packet filter settings
Select to use packet filter> Select Web from filter usage> Press the button to save settings
When the setting is completed, the packet filter tab will be displayed as follows.
** With this setting, it seems that SSH will not be connected this time, so it seems that SSH also needs to be set in the packet filter. ** **
In addition to the packet filter, it seems that you have to set http / https in the firewall setting of CentOS 8 as well.
$ sudo firewall-cmd --add-service=http --zone=public --permanent
$ sudo firewall-cmd --add-service=https --zone=public --permanent
$ sudo firewall-cmd --reload
By doing this, I was able to move to the Nginx Welcom page for the time being.
Recommended Posts