nginx
sudo dnf update
sudo dnf install nginx mod_ssl
sudo systemctl start nginx
TEST
curl -4 ec2-3-123-2-191.eu-central-1.compute.amazonaws.com
SSL
openssl req -new -newkey rsa:4096 -nodes -keyout rho-demo.key -out rho-demo.csr #(Copy and send .csr file content to Certificate Authority)
mkdir -p /etc/pki/nginx
mkdir -p /etc/pki/nginx/private
openssl req -newkey rsa:4096 -nodes -keyout /etc/pki/nginx/private/server.key -x509 -days 365 -out /etc/pki/nginx/server.crt -subj "/C=GH/ST=Greater Accra/L=Accra/O=Rhomicom Demo/OU=IT/CN=*.rhomicom.com/[email protected]"
openssl dhparam -out /etc/pki/nginx/dhparam.pem 4096
nano /etc/nginx/nginx.conf #(# Add DH parameters
ssl_dhparam /etc/pki/nginx/dhparam.pem;)
nginx -t
systemctl restart nginx
Letsencrypt
dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
# (for centos 8) dnf config-manager --set-enabled PowerTools
sudo dnf install certbot python3-certbot-nginx
OR dnf install certbot python3-certbot-apache
certbot --version
certbot --nginx
OR certbot --apache
certbot renew
certbot certificates
certbot certonly --apache
certbot certonly --nginx
echo "0 0,12 * * * root python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew -q" | sudo tee -a /etc/crontab > /dev/null
Or Apache
yum -y install httpd httpd-tools mod_ssl
sudo systemctl status httpd
sudo systemctl start httpd.service
sudo systemctl enable httpd.service
firewalld
sudo yum install firewalld
sudo systemctl start firewalld
sudo systemctl enable firewalld
sudo systemctl status firewalld
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --permanent --list-all
sudo firewall-cmd --reload
nano /etc/firewalld/firewalld.conf
# AllowZoneDrifting=no
SELinux
setsebool -P httpd_can_network_connect 1
setsebool -P httpd_execmem 1
setsebool -P httpd_setrlimit 1
setsebool -P httpd_can_sendmail 1
setsebool -P allow_httpd_mod_auth_pam 1
setsebool -P httpd_mod_auth_pam 1
setsebool -P httpd_read_user_content 1
setsebool -P httpd_run_stickshift 1
setsebool -P httpd_enable_cgi 1
setsebool -P httpd_unified 1
setsebool -P httpd_enable_homedirs 1
MariaDB
sudo dnf install mariadb-server
sudo systemctl start mariadb
sudo systemctl enable mariadb
sudo mysql_secure_installation #(Set Root Password and disable test and insecure features)
sudo mysql -p #(Use \q to quit)
CREATE DATABASE rho_database;
GRANT ALL ON rho_database.* TO 'root'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;
FLUSH PRIVILEGES;
REDIS
dnf module install redis
sysctl vm.overcommit_memory=1 (# nano /etc/sysctl.conf)
echo never > /sys/kernel/mm/transparent_hugepage/enabled
systemctl start redis
systemctl enable redis
systemctl status redis
ss -tlpn
redis-cli (#PING -> PONG)
PHP
sudo dnf module list php
sudo dnf module install php:7.4 #(use dnf module reset php to reset if necessary before running command)
sudo dnf install php-fpm php-opcache php-openssl php-curl php-cli php-common php-zip php-gd php-xml php-pear php-bcmath php-json php-pdo php-mysqlnd php-pgsql php-mbstring php-soap php-sockets php-pecl-apcu php-json php-ctype php-dom php-exif php-mysqli php-iconv php-fileinfo
sudo nano /etc/php-fpm.d/www.conf #(Change user and group to nginx)
sudo systemctl start php-fpm
systemctl status php-fpm.service
sudo systemctl restart nginx
nano /etc/php.ini
# session.save_handler = redis
# session.save_path = tcp://127.0.0.1:6379
nano /etc/php-fpm.d/www.conf
# php_value[session.save_handler] = redis
# php_value[session.save_path] = tcp://127.0.0.1:6379
PostgreSQL
dnf install https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm
dnf update
dnf install postgresql11-server postgresql11 postgresql11-contrib
systemctl start postgresql
systemctl enable postgresql
systemctl status postgresql
/usr/bin/postgresql-setup --initdb
passwd postgres
su - postgres
psql -c "ALTER USER postgres WITH PASSWORD 'adminpasswdhere123';"
OR \password
tree -L 1 /var/lib/pgsql/data/
nano /var/lib/pgsql/data/pg_hba.conf
#host all all 127.0.0.1/32 md5
#host all all ::1/128 md5
systemctl reload postgresql
su - postgres
psql