Difference between revisions of "CentOS8 -Install nginx, Apache, Redis, php7.4-fpm, MySQL, PostgreSQL"
Jump to navigation
Jump to search
| Line 1: | Line 1: | ||
{{DISPLAYTITLE:CentOS8 -Install nginx, Apache, Redis, php7.4-fpm, MySQL, PostgreSQL}} | {{DISPLAYTITLE:CentOS8 -Install nginx, Apache, Redis, php7.4-fpm, MySQL, PostgreSQL}} | ||
| − | == nginx == | + | == Install nginx == |
sudo dnf update | sudo dnf update | ||
sudo dnf install nginx mod_ssl | sudo dnf install nginx mod_ssl | ||
| Line 6: | Line 6: | ||
==== TEST ==== | ==== TEST ==== | ||
curl -4 https://your_url | curl -4 https://your_url | ||
| − | |||
==== SSL ==== | ==== SSL ==== | ||
openssl req -new -newkey rsa:4096 -nodes -keyout rho-demo.key -out rho-demo.csr #(Copy and send .csr file content to Certificate Authority) | openssl req -new -newkey rsa:4096 -nodes -keyout rho-demo.key -out rho-demo.csr #(Copy and send .csr file content to Certificate Authority) | ||
| Line 18: | Line 17: | ||
nginx -t | nginx -t | ||
systemctl restart nginx | systemctl restart nginx | ||
| − | + | ==== Install Letsencrypt ==== | |
| − | ==== Letsencrypt ==== | ||
dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm | dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm | ||
# (for centos 8) dnf config-manager --set-enabled PowerTools | # (for centos 8) dnf config-manager --set-enabled PowerTools | ||
| Line 35: | Line 33: | ||
echo "0 0,12 * * * root python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew -q" | sudo tee -a /etc/crontab > /dev/null | echo "0 0,12 * * * root python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew -q" | sudo tee -a /etc/crontab > /dev/null | ||
| − | + | == Or Install Apache == | |
| − | == Or Apache == | ||
yum -y install httpd httpd-tools mod_ssl | yum -y install httpd httpd-tools mod_ssl | ||
sudo systemctl status httpd | sudo systemctl status httpd | ||
sudo systemctl start httpd.service | sudo systemctl start httpd.service | ||
sudo systemctl enable httpd.service | sudo systemctl enable httpd.service | ||
| − | + | == Install firewalld == | |
| − | == firewalld == | ||
sudo yum install firewalld | sudo yum install firewalld | ||
sudo systemctl start firewalld | sudo systemctl start firewalld | ||
| Line 55: | Line 51: | ||
nano /etc/firewalld/firewalld.conf | nano /etc/firewalld/firewalld.conf | ||
<nowiki>#</nowiki> AllowZoneDrifting=no | <nowiki>#</nowiki> AllowZoneDrifting=no | ||
| − | == SELinux == | + | == SELinux Permissions == |
setsebool -P httpd_can_network_connect 1 | setsebool -P httpd_can_network_connect 1 | ||
setsebool -P httpd_execmem 1 | setsebool -P httpd_execmem 1 | ||
| Line 67: | Line 63: | ||
setsebool -P httpd_unified 1 | setsebool -P httpd_unified 1 | ||
setsebool -P httpd_enable_homedirs 1 | setsebool -P httpd_enable_homedirs 1 | ||
| − | == MySQL== | + | == Install MySQL== |
sudo dnf install mysql-server | sudo dnf install mysql-server | ||
sudo systemctl start mysqld | sudo systemctl start mysqld | ||
| Line 80: | Line 76: | ||
#Backup of all databases | #Backup of all databases | ||
mysqldump -u [user] -p all-databases > [file_name].sql | mysqldump -u [user] -p all-databases > [file_name].sql | ||
| − | + | == INSTALL REDIS == | |
| − | == REDIS == | ||
dnf module install redis | dnf module install redis | ||
| Line 92: | Line 87: | ||
ss -tlpn | ss -tlpn | ||
redis-cli (#PING -> PONG) | redis-cli (#PING -> PONG) | ||
| − | == PHP == | + | == INSTALL PHP == |
sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm | sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm | ||
sudo dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm | sudo dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm | ||
| Line 120: | Line 115: | ||
# php_value[session.save_handler] = redis | # php_value[session.save_handler] = redis | ||
# php_value[session.save_path] = tcp://127.0.0.1:6379 | # php_value[session.save_path] = tcp://127.0.0.1:6379 | ||
| − | + | == Install PostgreSQL == | |
| − | == PostgreSQL == | ||
dnf module list postgresql | dnf module list postgresql | ||
sudo dnf module enable postgresql:12 | sudo dnf module enable postgresql:12 | ||
| Line 136: | Line 130: | ||
nano pg_hba.conf | nano pg_hba.conf | ||
nano postgresql.conf | nano postgresql.conf | ||
| − | == WEBMIN == | + | == INSTALL WEBMIN == |
yum -y install perl-Digest-Perl-MD5 | yum -y install perl-Digest-Perl-MD5 | ||
yum -y install perl-Digest-MD5 | yum -y install perl-Digest-MD5 | ||
| Line 156: | Line 150: | ||
sudo firewall-cmd --zone=public --add-port=10000/tcp --permanent | sudo firewall-cmd --zone=public --add-port=10000/tcp --permanent | ||
sudo firewall-cmd --reload | sudo firewall-cmd --reload | ||
| − | == JAVA == | + | == INSTALL JAVA == |
sudo dnf install java-11-openjdk-devel | sudo dnf install java-11-openjdk-devel | ||
Revision as of 11:53, 30 January 2021
Install nginx
sudo dnf update sudo dnf install nginx mod_ssl sudo systemctl start nginx
TEST
curl -4 https://your_url
SSL
openssl req -new -newkey rsa:4096 -nodes -keyout rho-demo.key -out rho-demo.csr #(Copy and send .csr file content to Certificate Authority)
mkdir -p /etc/pki/nginx mkdir -p /etc/pki/nginx/private openssl req -newkey rsa:4096 -nodes -keyout /etc/pki/nginx/private/server.key -x509 -days 365 -out /etc/pki/nginx/server.crt -subj "/C=GH/ST=Greater Accra/L=Accra/O=Rhomicom Demo/OU=IT/CN=*.rhomicom.com/[email protected]" openssl dhparam -out /etc/pki/nginx/dhparam.pem 4096 nano /etc/nginx/nginx.conf #(# Add DH parameters ssl_dhparam /etc/pki/nginx/dhparam.pem;) nginx -t systemctl restart nginx
Install Letsencrypt
dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm # (for centos 8) dnf config-manager --set-enabled PowerTools sudo dnf install certbot python3-certbot-nginx OR dnf install certbot python3-certbot-apache
certbot --version certbot --nginx OR certbot --apache
certbot renew certbot certificates certbot certonly --apache certbot certonly --nginx
echo "0 0,12 * * * root python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew -q" | sudo tee -a /etc/crontab > /dev/null
Or Install Apache
yum -y install httpd httpd-tools mod_ssl sudo systemctl status httpd sudo systemctl start httpd.service sudo systemctl enable httpd.service
Install firewalld
sudo yum install firewalld sudo systemctl start firewalld sudo systemctl enable firewalld sudo systemctl status firewalld
sudo firewall-cmd --permanent --add-service=http sudo firewall-cmd --permanent --add-service=https sudo firewall-cmd --permanent --list-all sudo firewall-cmd --reload
nano /etc/firewalld/firewalld.conf # AllowZoneDrifting=no
SELinux Permissions
setsebool -P httpd_can_network_connect 1 setsebool -P httpd_execmem 1 setsebool -P httpd_setrlimit 1 setsebool -P httpd_can_sendmail 1 setsebool -P allow_httpd_mod_auth_pam 1 setsebool -P httpd_mod_auth_pam 1 setsebool -P httpd_read_user_content 1 setsebool -P httpd_run_stickshift 1 setsebool -P httpd_enable_cgi 1 setsebool -P httpd_unified 1 setsebool -P httpd_enable_homedirs 1
Install MySQL
sudo dnf install mysql-server sudo systemctl start mysqld sudo systemctl enable mysqld sudo mysql_secure_installation sudo grep 'temporary password' /var/log/mysqld.log
mysql -u [user] -p create database [database_name]; mysql -u [new_user] -p [database_name] < [file_name].sql mysql -u root -p rhomicom < rhomicom.sql #Backup of all databases mysqldump -u [user] -p all-databases > [file_name].sql
INSTALL REDIS
dnf module install redis sysctl vm.overcommit_memory=1 (# nano /etc/sysctl.conf) echo never > /sys/kernel/mm/transparent_hugepage/enabled
systemctl start redis systemctl enable redis systemctl status redis ss -tlpn redis-cli (#PING -> PONG)
INSTALL PHP
sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm sudo dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm sudo dnf install dnf-utils sudo dnf module list php sudo dnf module install php:remi-7.4 sudo dnf install -y php-fpm php-cli php-common php-zip php-gd php-mcrypt php-mbstring php-curl php-xml php-pear php-bcmath php-json php-pdo php-mysqlnd php-pgsql sudo dnf install php-fpm php-opcache php-openssl php-curl php-cli php-common php-zip php-gd php-xml php-pear php-bcmath php-json php-pdo php-mysqlnd php-pgsql php-mbstring php-soap php-sockets php-pecl-apcu php-json php-ctype php-dom php-exif php-mysqli php-iconv php-fileinfo
php -v sudo nano /etc/php.ini #Add cgi.fix_pathinfo=0 max_execution_time = 600 max_input_time = 600 disable_functions =exec,passthru,shell_exec,system,proc_open,popen,curl_multi_exec,parse_ini_file,show_source,phpinfo,apache_child_terminate,apache_setenv,define_syslog_variables, eval, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist,highlight_file,ini_alter,ini_get_all,ini_restore,inject_code,mysql_pconnect,openlog,phpAds_remoteInfo,phpAds_XmlRpc,phpAds_xmlrpcDecode,phpAds_xmlrpcEncode,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,posix_setuid,posix_uname,proc_close,proc_get_status,proc_nice,proc_terminate,syslog,xmlrpc_entity_decode,curl_exec
sudo nano /etc/php-fpm.d/www.conf
sudo nano /etc/php-fpm.d/www.conf #(Change user and group to nginx) sudo systemctl start php-fpm systemctl status php-fpm.service sudo systemctl restart nginx
nano /etc/php.ini # session.save_handler = redis # session.save_path = tcp://127.0.0.1:6379 nano /etc/php-fpm.d/www.conf # php_value[session.save_handler] = redis # php_value[session.save_path] = tcp://127.0.0.1:6379
Install PostgreSQL
dnf module list postgresql sudo dnf module enable postgresql:12 sudo dnf install postgresql-server sudo postgresql-setup --initdb sudo systemctl start postgresql sudo systemctl enable postgresql
su - postgres -c "psql" \password postgres systemctl restart postgresql
cd /var/lib/pgsql/data/ nano pg_hba.conf nano postgresql.conf
INSTALL WEBMIN
yum -y install perl-Digest-Perl-MD5 yum -y install perl-Digest-MD5 yum -y install perl-DBD-Pg
nano /etc/yum.repos.d/webmin.repo [Webmin] name=Webmin Distribution Neutral #baseurl=http://download.webmin.com/download/yum mirrorlist=http://download.webmin.com/download/yum/mirrorlist enabled=1
wget http://www.webmin.com/jcameron-key.asc rpm --import jcameron-key.asc yum -y update yum -y install webmin service webmin start chkconfig webmin on sudo firewall-cmd --zone=public --add-port=10000/tcp --permanent sudo firewall-cmd --reload
INSTALL JAVA
sudo dnf install java-11-openjdk-devel
#OPEN JRE sudo yum -y install java-1.8.0-openjdk
#OPEN JDK sudo yum -y install java-1.8.0-openjdk-devel
#ORACLE JDK -- AFTER DOWNLOAD sudo yum localinstall jdk-8u181-linux-x64.rpm
java -version sudo alternatives --config java sudo sh -c "echo export JAVA_HOME=/usr/java/jdk1.8.0_181-amd64/jre >> /etc/environment"