24/7/365 Support

Printing with CUPS in CentOS

Print servers allow local printing devices to be connected to a network and be shared among several users and departments. There are many advantages using such a system, including the lack of a need to buy dedicated printer hardware for each user, room, or department. The Common Unix Printing System (CUPS) is the de-facto standard for print servers on Linux, as well as Unix distributions including OS X. It is built with a typical client/server architecture, where clients in the network send print jobs to the centralized print server that schedules these tasks, then delegates and executes the actual printing on a printer that is locally connected to our printer server or sends the print job remotely to the computer that has the physical connection to the requested printer or to a standalone network printer. If you set up your printers within the CUPS system, almost all Linux and OS X printing application on any client in your network will be automatically configured to use them out-of-the-box, without the need to install additional drivers. Here, in this process, we will show you how to get started with the CUPS printing server system.

To Start With: What Do You Need?

To complete this process, you will require a working installation of the CentOS 7 operating system with root privileges, a console-based text editor of your choice, and a connection to the Internet in order to download additional packages. In this process, we will use the network interface with the IP address, 192.168.1.8, and the corresponding network address of 192.168.1.0/24 to serve the CUPS printer server to our network.

The Process

We begin this process by installing the CUPS printing server software, which is not available by default on a fresh CentOS 7 minimal system:

  1. To do this, log in as root and install the following package:
    yum install cups
  2. Next, create an SSL certificate for the CUPS server, which we will need for secure authentication to the CUPS web application (add a secure password when asked):
    cd /etc/pki/tls/certs make cups-server.key
  3. Now, let’s open the CUPS main configuration file to customize the server (backup first):
    cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.BAK vi /etc/cups/cupsd.conf
  4. First, to make CUPS available on the entire network, find the following line: Listen localhost:631, than change it to:
    Listen 631
  5. Next, we want to configure access to all normal web pages of the web-based CUPS frontend. Search for the <Location /> directive (don’t confuse this with other directives such as <Location /admin>) and change the complete block by adding your network address. After changing, the complete block looks like this:
    <Location />
    Order allow,deny
    Allow 192.168.1.0/24
    </Location>
  6. Next, set access permissions for the /admin and /admin/conf Location directives, granting access to the local server only:
    <Location /admin>
           Order allow,deny
            Allow localhost
    </Location>
    <Location /admin/conf>
            AuthType Default Require user @SYSTEM
            Order allow,deny
            Allow localhost
    </Location>
  7. Finally, add our SSL certificate information to the end of the configuration file:
    ServerCertificate /etc/pki/tls/certs/cups-server.crt
    ServerKey /etc/pki/tls/certs/cups-server.key
  8. Close and save the file, then restart the CUPS server and enable it on boot:
    systemctl restart cups.service systemctl enable cups.service
  9. Now, we have to open the CUPS server ports in firewalld so that other computers in the network can connect to it:
    firewall-cmd --permanent --add-service=ipp firewall-cmd --reload
  10. You can test the accessibility of your CUPS server from another computer in your 192.168.1.0/24 network by browsing to the following location (allow a security exception in the browser when asked):
    https://<IP address of your CUPS server>:631
  11. To access the administration area within the CUPS frontend, you need to be on the same server as CUPS is running (on a CentOS 7 minimal installation, please install a window manager and browser), and then use the system user, root, with the appropriate password to login.

How Does It Work?

In this process, we showed you how easy it is to install and set up a CUPS printing server.

So, what did we learn from this experience?

We began our journey by installing the CUPS server package on our server because it is not available on the CentOS 7 system by default. Afterwards, we generated a SSL key-pair, which we will need later in the process (to learn more, read the Generating self-signed certificates process.) It is used to allow the encrypted submission of your login credentials to the CUPS administration web frontend (over secure HTTPS connections). Next, we opened CUPS’s main configuration file, /etc/cups/cupsd.conf, with the text editor of our choice. As you may notice, the configuration format is very similar to the Apache configuration file format. We started changing the Listen address by removing the localhost name, therefore allowing all clients from everywhere in your network (192.168.1.0/24) to access our CUPS server at port 631 instead of allowing only the local interface to connect to the printer server.

Note
By default, the CUPS server has Browsing On enabled, which will broadcast, every 30 seconds, an updated list of all printers that are being shared in the system to all client computers on the same subnet. If you want to broadcast to other subnets as well, use the BrowseRelay directive.

Next, we configured access to the CUPS web interface. This frontend can be used to conveniently browse all available printers on the network, or even install new printers or configure them if you log in with an administrator account. As there are different tasks in the user interface, there are three different directives that can be used to fine-grain its access. Access to all normal web pages can be set using the <Location /> directive, whereas all administration pages can be managed with <Location /admin> and more specifically to change the configuration within the <Location /admin/conf> tag. In each of these Location tags, we added different Allow directives, thus granting normal CUPS web pages (such as, browsing all available network printers) from your complete network (for example, 192.168.1.0/24) while accessing the special administration pages is restricted to the server that runs the CUPS service (localhost). Remember, if this is too restrictive for your environment, you can always adjust these Allow settings. Also, there are various other Location types available, such as one that is used for activating our service in additional subnets. Please read the CUPS configuration manual using man cupsd.conf. Next, we configured SSL encryption, thus activating secure https:// addresses for the web interface. Then, we started the CUPS server for the first time and enabled it to start automatically when the server boots up. Finally, we added the ipp firewalld service, thus allowing incoming CUPS client connections to the server.

There's more…

Now that we have successfully set up and configured our CUPS server, it’s time to add some printers to it and print a test page. Here, we will show you how to add two different types of printers to the system using the command line.

Note
Adding or configuring printers can also be done using the graphical web-based CUPS interface.

First, we will install a true network printer that is already available in the same network (in our case, the 192.168.1.0/24 network) as our CUPS server and afterwards a locally connected printer (for example, via USB to our CUPS server or any other computer in the same network).

Note
Why should you want to install an already connected network printer to our CUPS server? CUPS can do much more than just printing: it is a centralized printer server, thus managing to schedule and queuing of printers and their jobs, serving printers in different subnets, and providing unified printing protocols and standards for convenient access on any Linux or Mac client.

How to add a network printer to the CUPS server

To start adding a network printer to our CUPS server, we will use the command lpinfo v to list all the available printing devices or drivers known to the CUPS server. Normally, the CUPS server will automatically identify all locally (USB, parallel, serial, and so on) and remotely available (network protocols such as socket, http, ipp, lpd, and so on) printers from most common printing protocols without any problems. In our example, the following network printer has been successfully identified (the output has been truncated):
network dnssd://Photosmart%20C5100%20series%20%5BF8B652%5D._pdldatastream._tcp.local/

Next, we will install this printer on the CUPS server to put it under its control. First, we need to look for the correct printer driver. As we can see in the last output, it is an HP Photosmart C5100 series printer. So, let’s search for the driver in the list of all currently installed drivers on our CUPS server:
lpinfo --make-and-model HP -m | grep Photosmart

The list does not contain our model C5100, so we have to install an additional HP driver package using:
yum install hplip

Now, if we issue our command again, we can find the correct driver:
lpinfo --make-and-model HP -m | grep Photosmart | grep c5100

Note
For other printer models and manufacturers, there are other driver packages available as well, for example, the gutenprint-cups RPM package.

The correct driver for this printer will be shown as follows:
drv:///hp/hpcups.drv/hp-photosmart_c5100_series.ppd

Now, we have everything ready to install the printer using the following syntax:
lpadmin -p <printer-name> -v <device-uri> -m <model> -L <location> -E

In our example, we installed it using:
lpadmin -p hp-photosmart -v
"dnssd://Photosmart%20C5100%20series%20%5BF8B652%5D._pdl
datastream._tcp.local/" -m "drv:///hp/hpcups.drv/hp-
photosmart_c5100_series.ppd" -L room123 -E

Now, the printer should be under our CUPS server’s control and should immediately be shared and seen in the entire network from any Linux or OS X computer (on a CentOS 7 minimal client, you will first need to install the cups package as well and enable incoming ipp connections using firewalld’s ipp-client service before any shared network printer information from our CUPS server will become available).

You can later change the configuration of this printer by opening and changing the file at /etc/cups/printers.conf. To actually print a test page, you should now be able to access the printer using its name, hp-photosmart, from any client (on a CentOS 7 minimal client, you would need to install the package cups-client):
echo "Hello printing world" | lpr -P hp-photosmart -H 192.168.1.8:631

How to share a local printer to the CUPS server

If you want to share a local printer physically connected to our CUPS server, just plug in the printer to the system (for example, via USB) and follow the previous process, How to add a network printer to the CUPS server. In the step lpinfo -v, you should see it appear as a usb:// address, so you need to take this address and follow the rest of the steps.

If you want to connect and share a printer on your centralized CUPS server, which is physically connected to any other computer on your CUPS network, install the cups daemon on this other machine (follow all the steps in the main process) and then install the printer driver for it as shown here in this section. This will make sure that the local CUPS daemon will make the printer available on the network, as it would be on our centralized CUPS server. Now that it is available on the network, you can easily add it to our main CUPS server to enjoy all the benefits of a centralized printing server.

Here in this process, we have only scratched the surface and introduced you to the basics of setting up a CUPS server for your network. There is always more to learn, and you can build very complex CUPS server systems managing hundreds of printers in the corporate environment, which is outside the scope of this process.

 

Help Category:

What Our Clients Say