CentOS8 -Install nginx, Apache, Redis, php7.4-fpm, MySQL, PostgreSQL
Jump to navigation
Jump to search
nginx
sudo dnf update sudo dnf install nginx mod_ssl sudo systemctl start nginx
TEST
curl -4 ec2-3-123-2-191.eu-central-1.compute.amazonaws.com
SSL
openssl req -new -newkey rsa:4096 -nodes -keyout rho-demo.key -out rho-demo.csr #(Copy and send .csr file content to Certificate Authority)
mkdir -p /etc/pki/nginx mkdir -p /etc/pki/nginx/private openssl req -newkey rsa:4096 -nodes -keyout /etc/pki/nginx/private/server.key -x509 -days 365 -out /etc/pki/nginx/server.crt -subj "/C=GH/ST=Greater Accra/L=Accra/O=Rhomicom Demo/OU=IT/CN=*.rhomicom.com/[email protected]" openssl dhparam -out /etc/pki/nginx/dhparam.pem 4096 nano /etc/nginx/nginx.conf #(# Add DH parameters ssl_dhparam /etc/pki/nginx/dhparam.pem;) nginx -t systemctl restart nginx
Letsencrypt
dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm # (for centos 8) dnf config-manager --set-enabled PowerTools sudo dnf install certbot python3-certbot-nginx OR dnf install certbot python3-certbot-apache
certbot --version certbot --nginx OR certbot --apache
certbot renew certbot certificates certbot certonly --apache certbot certonly --nginx
echo "0 0,12 * * * root python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew -q" | sudo tee -a /etc/crontab > /dev/null
Or Apache
sudo dnf install httpd httpd-tools mod_ssl sudo systemctl enable httpd sudo systemctl start httpd
firewalld
sudo yum install firewalld sudo systemctl start firewalld sudo systemctl enable firewalld sudo systemctl status firewalld
sudo firewall-cmd --permanent --add-service=http sudo firewall-cmd --permanent --add-service=https sudo firewall-cmd --permanent --list-all sudo firewall-cmd --reload
nano /etc/firewalld/firewalld.conf # AllowZoneDrifting=no
SELinux
setsebool -P httpd_can_network_connect 1 setsebool -P httpd_execmem 1 setsebool -P httpd_setrlimit 1 setsebool -P httpd_can_sendmail 1 setsebool -P allow_httpd_mod_auth_pam 1 setsebool -P httpd_mod_auth_pam 1 setsebool -P httpd_read_user_content 1 setsebool -P httpd_run_stickshift 1 setsebool -P httpd_enable_cgi 1 setsebool -P httpd_unified 1 setsebool -P httpd_enable_homedirs 1
MariaDB
sudo dnf install mariadb-server sudo systemctl start mariadb sudo systemctl enable mariadb
sudo mysql_secure_installation #(Set Root Password and disable test and insecure features)
sudo mysql -p #(Use \q to quit) CREATE DATABASE rho_database; GRANT ALL ON rho_database.* TO 'root'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION; FLUSH PRIVILEGES;
REDIS
dnf module install redis sysctl vm.overcommit_memory=1 (# nano /etc/sysctl.conf) echo never > /sys/kernel/mm/transparent_hugepage/enabled
systemctl start redis systemctl enable redis systemctl status redis ss -tlpn redis-cli (#PING -> PONG)
PHP
sudo dnf module list php sudo dnf module install php:7.4 #(use dnf module reset php to reset if necessary before running command) sudo dnf install php-fpm php-opcache php-openssl php-curl php-cli php-common php-zip php-gd php-xml php-pear php-bcmath php-json php-pdo php-mysqlnd php-pgsql php-mbstring php-soap php-sockets php-pecl-apcu php-json php-ctype php-dom php-exif php-mysqli php-iconv php-fileinfo
sudo nano /etc/php-fpm.d/www.conf #(Change user and group to nginx) sudo systemctl start php-fpm systemctl status php-fpm.service sudo systemctl restart nginx
nano /etc/php.ini # session.save_handler = redis # session.save_path = tcp://127.0.0.1:6379 nano /etc/php-fpm.d/www.conf # php_value[session.save_handler] = redis # php_value[session.save_path] = tcp://127.0.0.1:6379
PostgreSQL
dnf install https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm dnf update dnf install postgresql11-server postgresql11 postgresql11-contrib systemctl start postgresql systemctl enable postgresql systemctl status postgresql
/usr/bin/postgresql-setup --initdb passwd postgres su - postgres psql -c "ALTER USER postgres WITH PASSWORD 'adminpasswdhere123';" OR \password tree -L 1 /var/lib/pgsql/data/ nano /var/lib/pgsql/data/pg_hba.conf #host all all 127.0.0.1/32 md5 #host all all ::1/128 md5 systemctl reload postgresql su - postgres psql