Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 6. Preparing a UEFI HTTP installation source

As an administrator of a server on a local network, you can configure an HTTP server to enable HTTP boot and network installation for other systems on your network.

6.1. Network installation overview
Copy link

A network installation allows you to install Red Hat Enterprise Linux to a system that has access to an installation server. At a minimum, two systems are required for a network installation:

Server
A system running a DHCP server, an HTTP, HTTPS, FTP, or NFS server, and in the PXE boot case, a TFTP server. Although each server can run on a different physical system, the procedures in this section assume a single system is running all servers.
Client
The system to which you are installing Red Hat Enterprise Linux. Once installation starts, the client queries the DHCP server, receives the boot files from the HTTP or TFTP server, and downloads the installation environment image from the HTTP, HTTPS, FTP or NFS server. Unlike other installation methods, the client does not require any physical boot media for the installation to start.

To boot a client from the network, enable network boot in the firmware or in a quick boot menu on the client. On some hardware, the option to boot from a network might be disabled, or not available.

The workflow to prepare for an installation of Red Hat Enterprise Linux from a network by using HTTP or PXE is as follows:

  1. Export the installation ISO image or the installation tree to an NFS, HTTPS, HTTP, or FTP server.
  2. Configure the HTTP or TFTP server and DHCP server, and start the HTTP or TFTP service on the server.
  3. Boot the client and start the installation.

You can choose between the following network boot protocols:

HTTP
Use the HTTP boot if your client UEFI supports it. HTTP boot is usually more reliable.
PXE (TFTP)
PXE boot is more widely supported by client systems, but sending the boot files over TFTP protocol might be slow and result in timeout failures.

Enable the DHCP version 4 (DHCPv4) service on your server, so that it can provide network boot functionality.

Prerequisites

  • You are preparing network installation over the IPv4 protocol.

  • Find the network addresses of the server.

    In the following examples, the server has a network interface enp1s0 with this configuration:

    IPv4 address
    192.168.124.2/24
    IPv4 gateway + DNS server
    192.168.124.1

Procedure

  1. Install the DHCP server: 

    # dnf install kea
    Copy to Clipboard Toggle word wrap

  2. Set up a DHCPv4 server. Enter the following configuration in the /etc/kea/kea-dhcp4.conf file. Replace the addresses to match your network card. 

    {
  "Dhcp4": {
    "interfaces-config": {
      "interfaces": [ "enp1s0" ]
    },
    "subnet4": [
      {
        "id": 1,
        "subnet": "192.168.124.0/24",
        "pools": [
          {
            "pool": "192.168.124.100 - 192.168.124.200"
          }
        ],
        "option-data": [
          {
            "space": "dhcp4",
            "name": "routers",
            "code": 3,
            "data": "192.168.124.10"
          },
          {
            "space": "dhcp4",
            "name": "domain-name-servers",
            "code": 6,
            "data": "192.168.124.10"
          }
        ]
      }
    ],
    "client-classes": [
      {
        "name": "uefi PXE Clients",
        "test": "substring(option[60].hex,0,9) == 'PXEClient' and option[93].hex == 0x0007",
        "next-server": "192.168.124.2",
        "boot-file-name": "/uefi/BOOT/BOOTX64.EFI"
      },
      {
        "name": "bios PXE Clients",
        "test": "substring(option[60].hex,0,9) == 'PXEClient' and option[93].hex == 0x0000",
        "next-server": "192.168.124.2",
        "boot-file-name": "syslinux/pxelinux.0"
      },
      {
        "name": "uefi HTTP Clients",
        "test": "substring(option[60].hex,0,10) == 'HTTPClient' and option[93].hex == 0x0007",
        "option-data": [
          {
            "space": "dhcp4",
            "name": "vendor-class-identifier",
            "code": 60,
            "data": "HTTPClient"
          }
        ],
        "next-server": "192.168.124.2",
        "boot-file-name": "http://192.168.124.2/uefi/BOOT/BOOTX64.EFI"
      }
    ]
  }
}
    Copy to Clipboard Toggle word wrap

  3. Start the DHCPv4 service: 

    # systemctl enable --now kea-dhcp4
    Copy to Clipboard Toggle word wrap

Enable the DHCP version 6 (DHCPv4) service on your server, so that it can provide network boot functionality.

Prerequisites

  • You are preparing network installation over the IPv6 protocol.

  • Find the network addresses of the server.

    In the following examples, the server has a network interface enp1s0 with this configuration:

    IPv6 address
    fd33::2/64
    IPv6 gateway
    fd33::1

Procedure

  1. Install the DHCP server: 

    # dnf install kea
    Copy to Clipboard Toggle word wrap

  2. Set up a DHCPv6 server. Enter the following configuration in the /etc/kea/kea-dhcp6.conf file. Replace the addresses to match your network card. 

    {
  "Dhcp6": {
    "interfaces-config": {
      "interfaces": [ "enp1s0" ]
    },
    "subnet6": [
      {
        "id": 1,
        "subnet": "fd33::/64",
        "interface": "enp1s0",
        "pools": [
          {
            "pool": "fd33::100-fd33::200"
          }
        ]
      }
    ],
    "client-classes": [
      {
        "name": "uefi PXE Clients",
        "test": "substring(option[16].hex,6,9) == 'PXEClient' and substring(option[16].hex,21,5) == '00007'",
        "option-data": [
          {
            "space": "dhcp6",
            "name": "bootfile-url",
            "code": 59,
            "data": "tftp://[fd33::2]/uefi/BOOT/BOOTX64.EFI"
          }
        ]
      },
      {
        "name": "bios PXE Clients",
        "test": "substring(option[16].hex,6,9) == 'PXEClient' and substring(option[16].hex,21,5) == '00000'",
        "option-data": [
          {
            "space": "dhcp6",
            "name": "bootfile-url",
            "code": 59,
            "data": "tftp://[fd33::2]/syslinux/pxelinux.0"
          }
        ]
      },
      {
        "name": "uefi HTTP Clients",
        "test": "substring(option[16].hex,6,10) == 'HTTPClient' and substring(option[16].hex,22,5) == '00007'",
        "option-data": [
          {
            "space": "dhcp6",
            "name": "bootfile-url",
            "code": 59,
            "data": "http://[fd33::2]/uefi/BOOT/BOOTX64.EFI"
          }
        ]
      }
    ]
  }
}
    Copy to Clipboard Toggle word wrap

  3. Start the DHCPv6 service: 

    # systemctl enable --now kea-dhcp6
    Copy to Clipboard Toggle word wrap

  4. If DHCPv6 packets are dropped by the RP filter in the firewall, check its log. If the log contains the rpfilter_DROP entry, disable the filter using the following configuration in the /etc/firewalld/firewalld.conf file: 

    IPv6_rpfilter=no
    Copy to Clipboard Toggle word wrap

6.4. Configuring the HTTP server for HTTP boot
Copy link

You must install and enable the httpd service on your server so that the server can provide HTTP boot resources on your network.

Prerequisites

  • Find the network addresses of the server.

    In the following examples, the server has a network card with the 192.168.124.2 IPv4 address.

Procedure

  1. Install the HTTP server: 

    # dnf install httpd
    Copy to Clipboard Toggle word wrap

  2. Create the /var/www/html/redhat directory: 

    # mkdir -p /var/www/html/redhat
    Copy to Clipboard Toggle word wrap
  3. Download the RHEL DVD ISO file. See All Red Hat Enterprise Linux Downloads.

  4. Create a mount point for the ISO file: 

    # mkdir -p /var/www/html/redhat/iso
    Copy to Clipboard Toggle word wrap

  5. Mount the ISO file: 

    # mount -o loop,ro -t iso9660 path-to-RHEL-DVD.iso /var/www/html/redhat/iso
    Copy to Clipboard Toggle word wrap

  6. Copy the boot loader, kernel, and initramfs from the mounted ISO file into your HTML directory: 

    # cp -r /var/www/html/redhat/iso/images /var/www/html/redhat
# cp -r /var/www/html/redhat/iso/EFI /var/www/html/redhat
    Copy to Clipboard Toggle word wrap

  7. Make the boot loader configuration editable and ensure the boot files are owned by the user running httpd server (apache): 

    # chmod 644 /var/www/html/redhat/EFI/BOOT/grub.cfg
# chown -R apache:apache /var/www/html/redhat/EFI
    Copy to Clipboard Toggle word wrap

  8. Edit the /var/www/html/redhat/EFI/BOOT/grub.cfg file and replace its content with the following: 

    set default="1"

function load_video {
  insmod efi_gop
  insmod efi_uga
  insmod video_bochs
  insmod video_cirrus
  insmod all_video
}

load_video
set gfxpayload=keep

set timeout=60

menuentry 'Install Red Hat Enterprise Linux 10.0' --class fedora --class gnu-linux --class gnu --class os {
    	linuxefi /redhat/images/pxeboot/vmlinuz inst.repo=http://192.168.124.2/redhat/iso quiet
    	initrdefi /redhat/images/pxeboot/initrd.img
}
submenu 'Troubleshooting -->' {
    	menuentry 'Install Red Hat Enterprise Linux 10.0 in text mode' --class fedora --class gnu-linux --class gnu --class os {
            	linuxefi /redhat/images/pxeboot/vmlinuz inst.repo=http://192.168.124.2/redhat/iso inst.text quiet
            	initrdefi /redhat/images/pxeboot/initrd.img
    	}
    	menuentry 'Rescue a Red Hat Enterprise Linux system' --class fedora --class gnu-linux --class gnu --class os {
            	linuxefi /redhat/images/pxeboot/vmlinuz inst.stage2=http://192.168.124.2/redhat/iso inst.rescue quiet
            	initrdefi /redhat/images/pxeboot/initrd.img
    	}
}
    Copy to Clipboard Toggle word wrap

    In this file, update the following strings:

    Install Red Hat Enterprise Linux 10.0
    Edit the version number to match the version of RHEL that you downloaded.
    192.168.124.2
    Replace with the IP address of your server.

  9. Open ports in the firewall to allow HTTP (80), DHCP (67, 68) and DHCPv6 (546, 547) traffic: 

    # firewall-cmd --zone public \
               --add-port={80/tcp,67/udp,68/udp,546/udp,547/udp}
    Copy to Clipboard Toggle word wrap

    This command enables temporary access until the next server reboot.

  10. Optional: To enable permanent access, add the --permanent option to the command.

  11. Reload firewall rules: 

    # firewall-cmd --reload
    Copy to Clipboard Toggle word wrap

  12. Start the HTTP server: 

    # systemctl enable --now httpd
    Copy to Clipboard Toggle word wrap

  13. Make the html directory and its content readable and executable: 

    # chmod -cR u=rwX,g=rX,o=rX /var/www/html
    Copy to Clipboard Toggle word wrap

  14. Restore the SELinux context of the html directory: 

    # restorecon -FvvR /var/www/html
    Copy to Clipboard Toggle word wrap
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat