Updated by Edward Angert Written by Linode
Install FreeRADIUS and Daloradius on CentOS 7 and RHEL 7. FreeRADIUS is an high performance,open source RADIUS server developed under the GNU General Public License. FreeRADIUS is the most used RADIUS server in the world. FreeRADIUS comes with web based user administration tool and is modular, very scalable and rich sets of features. Checking for Open Ports with nmap. First check the IP address of your CentOS 7 server with the following command: You can check for all the open ports with nmap utility from another computer as follows: As you can see, right now, only the port 22 is open.
Report an Issue | View File | Edit File
Apache is an open-source web server that can be configured to serve a single or multiple websites using the same Linode. This guide explains how to install and configure the Apache web server on CentOS 7.
NoteHow To Install Daloradius
This guide is written for a non-root user. Commands that require elevated privileges are prefixed with sudo. If you’re not familiar with the sudo command, you can check our Users and Groups guide.
Replace each instance of example.com in this guide with your site’s domain name.
Before You Begin
Ensure that you have followed the Getting Started and Securing Your Server guides, and the Linode’s hostname is set.
To check your hostname run:
The first command should show your short hostname, and the second should show your Fully Qualified Domain Name (FQDN).
Update your system:
Apache
Install and Configure Apache
Install Apache 2.4:
Modify
httpd.confwith your document root directory to point Apache to your site’s files. Add the<IfModule prefork.c>section below to adjust the resource use settings. The settings shown below are a good starting point for a Linode 2GB:Note
Before changing any configuration files, we recommend that you make a backup of the file. To make a backup:
cp /etc/httpd/conf/httpd.conf ~/httpd.conf.backup
- /etc/httpd/conf/httpd.conf
These settings can also be added to a separate file. The file must be located in the
conf.module.dorconfdirectories, and must end in.conf, since this is the format of files included in the resulting configuration.
Configure Name-based Virtual Hosts
You can choose many ways to set up a virtual host. In this section we recommend and explain one of the easier methods.
Within the
conf.ddirectory createvhost.confto store your virtual host configurations. The example below is a template for websiteexample.com; change the necessary values for your domain:- /etc/httpd/conf.d/vhost.conf
Additional domains can be added to the
vhost.conffile as needed. To add domains, copy theVirtualHostblock above and modify its values for each additional virtual host. When new requests come in from the internet, Apache checks which VirtualHost block matches the requested url, and serves the appropriate content:Note
ErrorLogandCustomLogentries are suggested for more specific logging, but are not required. If they are defined (as shown above), thelogsdirectories must be created before you restart Apache.Create the directories referenced above:
Enable Apache to start at boot, and restart the service for the above changes to take effect:
You can now visit your domain to test the Apache server. A default Apache page will be visible if no index page is found in your Document Root as declared in
/etc/httpd/conf/httpd.conf:
Configure firewalld to Allow Web Traffic
CentOS 7’s built-in firewall is set to block web traffic by default. Run the following commands to allow web traffic:
Next Steps: Add SSL for Security and Install GlusterFS for High Availability
Congratulations! You’ve set up Apache and you’re now ready to host websites. If you’re wondering what additional configuration changes are available to get the most out of your server, some optional steps can be found below.
Secure Your Site with SSL
To add additional security to your site, consider enabling a Secure Sockets Layer (SSL) certificate.
Install and Configure GlusterFS, Galera, and XtraDB for High Availability
Consult our Host a Website with High Availability guide to mitigate downtime through redundancy, monitoring, and failover.
More Information
You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.
Join our Community
This guide is published under a CC BY-ND 4.0 license.
On this page
- WifiAuthentication/Accounting With FreeRadius On CentOS 5
- Step 3 ( ***********OpenSSL Certificate Generation ***********)
WifiAuthentication/Accounting With FreeRadius On CentOS 5
(Date:2-June-2008)
This tutorial explains how you can set up a FreeRadius server with Wifi authentication and accounting on CentOS 5. This howto should work for a newbie.Production deployment is also possible with minor tweaking. But asusual I do not guarantee anything & take no responsibilities ifsomething goes wrong.
(Note: For the faint-hearted you can use this turn-key solution. http://www.howtoforge.com/how-to-set-up-an-aaa-server-with-ciitix-wifi )This configuration has been tested onfollowing:
OS: CentOS 5.x (patched)
Certificates: Openssl 0.98b
Radius Sever: Freeradius version1.1.7 (built from fc6 src.rpms)
(Note: This document also assumesthat you have a dhcp server already configured & running on thesame subnet.)
Protocols configuredfor:
- WPA1/2 enterprise
- EAP/PEAP/TTLS
Following processes areinvolved:
1- Install OS
2- Install openssl
3- Generate digital certificates
4- Install / Configure freeradius
5- Configure Access points
6- Configure end wifi clients
Step 1
How To Install Daloradius On Centos Firewall Windows 7
1- Install the OS in the minimal mode(refer to some howto).
Step 2
2- Install openssl (if not alreadyinstalled)
Step 3 ( ***********OpenSSL Certificate Generation ***********)
There are numerous ways of generatingssl based certificates. You can create your certificates at anothercomputer or on this server.
Following is a manual way of creatingcertificates which I adopted. But you are suggested to use somescript to create them(skip this step if you . Freeradius 1.1.7 &2.x version comes with nice certificate generating scripts, use themif you are new to certificates. (In 2.X the scripts are usually in/etc/radd/certs/, in 1.X it is in the scripts/ directory of un-tgz'edfreeradius).
Note: Following process alsocreates client certificates which you would not be needing withEAP/PEAP.
3.1 Create a new self-signedcertificate authority (if not already created) in /etc/ssl:
Edit /etc/pki/tls/openssl.cnf &change
to
openssl req -new -x509-extensions v3_ca -keyout private/cakey.pem -out cacert.pem -days3650
Passphrase: 'letmein' was thepasswd I chose.
Following is the output:
[[email protected] ssl]# openssl req -new-x509 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem-days 3650
writing new private key to'private/cakey.pem'
You are about to be asked to enterinformation that will be incorporated
What you are about to enter is what iscalled a Distinguished Name or a DN.
There are quite a few fields but youcan leave some blank
For some fields there will be a defaultvalue,
If you enter '.', the field will beleft blank.
State or Province Name (full name)[Berkshire]:pakhtoonkhwa
Locality Name (eg, city)[abbottabad]:abbottabad
Organization Name (eg, company)[ciit]:ciit
Organizational Unit Name (eg, section)[]:
Common Name (eg, your name or yourserver's hostname) []:ciitwifi
Email Address[]:[email protected]@ciit.net.pk
3.2 Create server certificate requestin /etc/ssl: (note the passwd 'lettheserverin')
openssl req -new -nodes -keyoutserver_key.pem -out server_req.pem -days 730
Output:
[[email protected] ssl]# openssl req -new-nodes -keyout server_key.pem -out server_req.pem -days 730
writing new private key to'server_key.pem'
You are about to be asked to enterinformation that will be incorporated
What you are about to enter is what iscalled a Distinguished Name or a DN.
There are quite a few fields but youcan leave some blank
For some fields there will be a defaultvalue,
If you enter '.', the field will beleft blank.
State or Province Name (full name)[Berkshire]:pakhtoonkhwa
Locality Name (eg, city)[abbottabad]:abbottabad
Organization Name (eg, company)[ciit]:ciit
Organizational Unit Name (eg, section)[]:
Common Name (eg, your name or yourserver's hostname) []:ciitwifi
Please enter the following 'extra'attributes
to be sent with your certificaterequest
[[email protected] ssl]#
3.3 Sign server certificate using thecertificate authority created earlier (with XP extensions):
Create an xpextensions file at /etc/ssl location with the following content.
openssl ca -policypolicy_anything -out server_cert.pem -extensions xpserver_ext-extfile /etc/ssl/xpextensions -infiles /etc/ssl/server_req.pem
(Note: passphrase was letmein in step3.)
[[email protected] ssl]# openssl ca -policypolicy_anything -out server_cert.pem -extensions xpserver_ext-extfile /etc/ssl/xpextensions -infiles /etc/ssl/server_req.pem
Using configuration from/etc/pki/tls/openssl.cnf
Enter pass phrase for/etc/ssl/private/cakey.pem:
Check that the request matches thesignature
X509v3 Extended Key Usage:
Certificate is to be certified untilJun 10 03:22:22 2009 GMT (365 days)
1 out of 1 certificate requestscertified, commit? [y/n]y
[[email protected] ssl]#
3.4 Create a server file with both theserver key and the server certificate:
cat server_key.pemserver_cert.pem > server_keycert.pem
3.5 Create a client certificaterequest in /etc/ssl:
openssl req -new -keyoutclient_key.pem -out client_req.pem -days 730
'ciitwificlient' is the PEMpassphrase I used.
Output:
[[email protected] ssl]# openssl req -new-keyout client_key.pem -out client_req.pem -days 730
writing new private key to'client_key.pem'
You are about to be asked to enterinformation that will be incorporated
What you are about to enter is what iscalled a Distinguished Name or a DN.
There are quite a few fields but youcan leave some blank
For some fields there will be a defaultvalue,
If you enter '.', the field will beleft blank.
State or Province Name (full name)[Berkshire]:pakhtoonkhwa
Locality Name (eg, city)[abbottabad]:abbottabad
Organization Name (eg, company)[ciit]:ciit
Organizational Unit Name (eg, section)[]:
Common Name (eg, your name or yourserver's hostname) []:ciitwifi
Please enter the following 'extra'attributes
to be sent with your certificaterequest
[[email protected] ssl]#
3.6 Sign client certificate using thecertificate authority created earlier (with XP extensions):
openssl ca -policypolicy_anything -out client_cert.pem -extensions xpclient_ext-extfile /etc/ssl/xpextensions -infiles /etc/ssl/client_req.pem
'letmein' is the passphrase Iused.
[[email protected] ssl]# openssl ca -policypolicy_anything -out client_cert.pem -extensions xpclient_ext-extfile /etc/ssl/xpextensions -infiles /etc/ssl/client_req.pem
Using configuration from/etc/pki/tls/openssl.cnf
How To Install Daloradius On Centos Firewall Windows 10
Enter pass phrase for/etc/ssl/private/cakey.pem:
Check that the request matches thesignature
X509v3 Extended Key Usage:
Certificate is to be certified untilJun 10 03:49:46 2009 GMT (365 days)
1 out of 1 certificate requestscertified, commit? [y/n]y
How To Install Daloradius On Centos Firewall Mac
[[email protected] ssl]#
3.7 Export the client certificate inthe appropriate format (P12) for an XP client:
openssl pkcs12 -export -inclient_cert.pem -inkey client_key.pem -out client_cert.p12 -clcerts
'ciitwificlient' is thepassphrase.
'Idontknow' is the exportpassword. This is the password that the you will be giving thewindows XP clients, who will be using this while installing theclient_cert.
Output:
[[email protected] ssl]# openssl pkcs12-export -in client_cert.pem -inkey client_key.pem -outclient_cert.p12 -clcerts
[[email protected] ssl]#
3.8 Export the root certificate ofthe server in the appropriate format (DER) for an XP client:
openssl x509 -setalias'[email protected]' -outform DER -in cacert.pem -out cacert.der
Comments are closed.