Version 8 (modified by 9 years ago) (diff) | ,
---|
Services
- Apache2.4.6 (
service httpd start
service httpd status
) - Tomcat 7.0.54 (
service tomcat start
service tomcat status
) - java-1.8.0-openjdk
- Collectd
- firewalld (http://www.certdepot.net/rhel7-get-started-firewalld/)
Applications
- Vlo
- Solr
- /srv/webapps/vlo/current/war/solr
- Vlo webapp
- /srv/webapps/vlo/current/war/vlo/
- Vlo importer
- /srv/webapps/vlo/current/bin
- Solr
- OAI Harvest manager
- /opt/oaiharvest-vloimport.sh
- bin: /opt/oai-harvest-manager
- uses java 1.7 in /opt/jre1.7.0_79
Data
- /srv/vlo-data
Firewalld configuration
http://www.certdepot.net/rhel7-get-started-firewalld/ https://www.digitalocean.com/community/tutorials/how-to-configure-firewalld-to-protect-your-centos-7-server http://forums.fedoraforum.org/showthread.php?t=289907
By default interfaces are assigned to the public zone. This zone only allows external ssh access.
Create a new zone "webserver":
Create the new zone
sudo firewall-cmd --permanent --new-zone=webserver
Add services to the new zone
sudo firewall-cmd --permanent --zone=webserver --add-service=http sudo firewall-cmd --permanent --zone=webserver --add-service=https sudo firewall-cmd --permanent --zone=webserver --add-service=ssh
Assign a network interface to the zone
firewall-cmd --permanent --zone=webserver --change-interface=venet0
Activate the changes
sudo firewall-cmd --reload
Note: The interface assignment might not be persisted over reboots. An alternative is to add "ZONE=webserver" to /etc/sysconfig/network-scripts/ifcfg-<interface name>.
See: