Difference between revisions of "CentOS8 -Install nginx, Apache, Redis, php7.4-fpm, MySQL, PostgreSQL"
Jump to navigation
Jump to search
Line 108: | Line 108: | ||
# php_value[session.save_path] = tcp://127.0.0.1:6379 | # php_value[session.save_path] = tcp://127.0.0.1:6379 | ||
== PostgreSQL == | == PostgreSQL == | ||
− | dnf | + | dnf module list postgresql |
− | dnf | + | sudo dnf module enable postgresql:12 |
− | dnf install | + | sudo dnf install postgresql-server |
− | systemctl start postgresql | + | sudo postgresql-setup --initdb |
− | systemctl enable | + | sudo systemctl start postgresql |
− | + | sudo systemctl enable postgresql | |
− | + | su - postgres -c "psql" | |
− | + | \password postgres | |
− | su - postgres | + | systemctl restart postgresql |
− | + | ||
− | + | cd /var/lib/pgsql/data/ | |
− | + | nano pg_hba.conf | |
− | + | nano postgresql.conf | |
− | nano | ||
− | |||
− | |||
− | |||
− | |||
− |
Revision as of 11:42, 30 January 2021
nginx
sudo dnf update sudo dnf install nginx mod_ssl sudo systemctl start nginx
TEST
curl -4 ec2-3-123-2-191.eu-central-1.compute.amazonaws.com
SSL
openssl req -new -newkey rsa:4096 -nodes -keyout rho-demo.key -out rho-demo.csr #(Copy and send .csr file content to Certificate Authority)
mkdir -p /etc/pki/nginx mkdir -p /etc/pki/nginx/private openssl req -newkey rsa:4096 -nodes -keyout /etc/pki/nginx/private/server.key -x509 -days 365 -out /etc/pki/nginx/server.crt -subj "/C=GH/ST=Greater Accra/L=Accra/O=Rhomicom Demo/OU=IT/CN=*.rhomicom.com/[email protected]" openssl dhparam -out /etc/pki/nginx/dhparam.pem 4096 nano /etc/nginx/nginx.conf #(# Add DH parameters ssl_dhparam /etc/pki/nginx/dhparam.pem;) nginx -t systemctl restart nginx
Letsencrypt
dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm # (for centos 8) dnf config-manager --set-enabled PowerTools sudo dnf install certbot python3-certbot-nginx OR dnf install certbot python3-certbot-apache
certbot --version certbot --nginx OR certbot --apache
certbot renew certbot certificates certbot certonly --apache certbot certonly --nginx
echo "0 0,12 * * * root python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew -q" | sudo tee -a /etc/crontab > /dev/null
Or Apache
yum -y install httpd httpd-tools mod_ssl sudo systemctl status httpd sudo systemctl start httpd.service sudo systemctl enable httpd.service
firewalld
sudo yum install firewalld sudo systemctl start firewalld sudo systemctl enable firewalld sudo systemctl status firewalld
sudo firewall-cmd --permanent --add-service=http sudo firewall-cmd --permanent --add-service=https sudo firewall-cmd --permanent --list-all sudo firewall-cmd --reload
nano /etc/firewalld/firewalld.conf # AllowZoneDrifting=no
SELinux
setsebool -P httpd_can_network_connect 1 setsebool -P httpd_execmem 1 setsebool -P httpd_setrlimit 1 setsebool -P httpd_can_sendmail 1 setsebool -P allow_httpd_mod_auth_pam 1 setsebool -P httpd_mod_auth_pam 1 setsebool -P httpd_read_user_content 1 setsebool -P httpd_run_stickshift 1 setsebool -P httpd_enable_cgi 1 setsebool -P httpd_unified 1 setsebool -P httpd_enable_homedirs 1
MySQL
sudo dnf install mysql-server sudo systemctl start mysqld sudo systemctl enable mysqld sudo mysql_secure_installation sudo grep 'temporary password' /var/log/mysqld.log
mysql -u [user] -p create database [database_name]; mysql -u [new_user] -p [database_name] < [file_name].sql mysql -u root -p rhomicom < rhomicom.sql #Backup of all databases mysqldump -u [user] -p all-databases > [file_name].sql
REDIS
dnf module install redis sysctl vm.overcommit_memory=1 (# nano /etc/sysctl.conf) echo never > /sys/kernel/mm/transparent_hugepage/enabled
systemctl start redis systemctl enable redis systemctl status redis ss -tlpn redis-cli (#PING -> PONG)
PHP
sudo dnf module list php sudo dnf module install php:7.4 #(use dnf module reset php to reset if necessary before running command) sudo dnf install php-fpm php-opcache php-openssl php-curl php-cli php-common php-zip php-gd php-xml php-pear php-bcmath php-json php-pdo php-mysqlnd php-pgsql php-mbstring php-soap php-sockets php-pecl-apcu php-json php-ctype php-dom php-exif php-mysqli php-iconv php-fileinfo
sudo nano /etc/php-fpm.d/www.conf #(Change user and group to nginx) sudo systemctl start php-fpm systemctl status php-fpm.service sudo systemctl restart nginx
nano /etc/php.ini # session.save_handler = redis # session.save_path = tcp://127.0.0.1:6379 nano /etc/php-fpm.d/www.conf # php_value[session.save_handler] = redis # php_value[session.save_path] = tcp://127.0.0.1:6379
PostgreSQL
dnf module list postgresql sudo dnf module enable postgresql:12 sudo dnf install postgresql-server sudo postgresql-setup --initdb sudo systemctl start postgresql sudo systemctl enable postgresql
su - postgres -c "psql" \password postgres systemctl restart postgresql
cd /var/lib/pgsql/data/ nano pg_hba.conf nano postgresql.conf