CentOS8 -Install nginx, Apache, Redis, php7.4-fpm, MySQL, PostgreSQL

From Rhomicom Wiki
Revision as of 11:39, 30 January 2021 by Admin (talk | contribs) (→‎Or Apache)
Jump to navigation Jump to search

nginx

 sudo dnf update
 sudo dnf install nginx mod_ssl
 sudo systemctl start nginx

TEST

 curl -4 ec2-3-123-2-191.eu-central-1.compute.amazonaws.com

SSL

 openssl req -new -newkey rsa:4096 -nodes -keyout rho-demo.key -out rho-demo.csr #(Copy and send .csr file content to Certificate Authority)

 mkdir -p /etc/pki/nginx
 mkdir -p /etc/pki/nginx/private
 openssl req -newkey rsa:4096 -nodes -keyout /etc/pki/nginx/private/server.key -x509 -days 365 -out /etc/pki/nginx/server.crt -subj "/C=GH/ST=Greater Accra/L=Accra/O=Rhomicom Demo/OU=IT/CN=*.rhomicom.com/[email protected]"
 openssl dhparam -out /etc/pki/nginx/dhparam.pem 4096
 nano /etc/nginx/nginx.conf #(# Add DH parameters
       ssl_dhparam /etc/pki/nginx/dhparam.pem;)
 nginx -t
 systemctl restart nginx

Letsencrypt

 dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
 # (for centos 8) dnf config-manager --set-enabled PowerTools
 sudo dnf install certbot python3-certbot-nginx
 OR dnf install certbot python3-certbot-apache

 certbot --version
 certbot --nginx
 OR certbot --apache

 certbot renew
 certbot certificates
 certbot certonly --apache
 certbot certonly --nginx

 echo "0 0,12 * * * root python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew -q" | sudo tee -a /etc/crontab > /dev/null

Or Apache

 yum -y install httpd httpd-tools mod_ssl
 sudo systemctl status httpd
 sudo systemctl start httpd.service
 sudo systemctl enable httpd.service

firewalld

 sudo yum install firewalld
 sudo systemctl start firewalld
 sudo systemctl enable firewalld
 sudo systemctl status firewalld

 sudo firewall-cmd --permanent --add-service=http
 sudo firewall-cmd --permanent --add-service=https
 sudo firewall-cmd --permanent --list-all
 sudo firewall-cmd --reload

 nano /etc/firewalld/firewalld.conf
 # AllowZoneDrifting=no

SELinux

 setsebool -P httpd_can_network_connect 1
 setsebool -P httpd_execmem 1
 setsebool -P httpd_setrlimit 1
 setsebool -P httpd_can_sendmail 1
 setsebool -P allow_httpd_mod_auth_pam 1
 setsebool -P httpd_mod_auth_pam 1
 setsebool -P httpd_read_user_content 1
 setsebool -P httpd_run_stickshift 1
 setsebool -P httpd_enable_cgi 1
 setsebool -P httpd_unified 1
 setsebool -P httpd_enable_homedirs 1

MariaDB

 sudo dnf install mariadb-server
 sudo systemctl start mariadb
 sudo systemctl enable mariadb

 sudo mysql_secure_installation #(Set Root Password and disable test and insecure features)

 sudo mysql -p #(Use \q to quit)
 CREATE DATABASE rho_database;
 GRANT ALL ON rho_database.* TO 'root'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;
 FLUSH PRIVILEGES;

REDIS

 dnf module install redis
 
 sysctl vm.overcommit_memory=1 (# nano /etc/sysctl.conf)
 echo never > /sys/kernel/mm/transparent_hugepage/enabled

 systemctl start redis
 systemctl enable redis
 systemctl status redis
 ss -tlpn
 redis-cli (#PING -> PONG)

PHP

 sudo dnf module list php
 sudo dnf module install php:7.4 #(use dnf module reset php to reset if necessary before running command)
 sudo dnf install php-fpm php-opcache php-openssl php-curl php-cli php-common php-zip php-gd php-xml php-pear php-bcmath php-json php-pdo php-mysqlnd php-pgsql php-mbstring  php-soap php-sockets php-pecl-apcu php-json php-ctype php-dom php-exif php-mysqli php-iconv php-fileinfo

 sudo nano /etc/php-fpm.d/www.conf  #(Change user and group to nginx)
 sudo systemctl start php-fpm
 systemctl status php-fpm.service
 sudo systemctl restart nginx

 nano /etc/php.ini
  # session.save_handler = redis
  # session.save_path = tcp://127.0.0.1:6379
 nano /etc/php-fpm.d/www.conf
  # php_value[session.save_handler] = redis
  # php_value[session.save_path]    = tcp://127.0.0.1:6379

PostgreSQL

 dnf install https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm
 dnf update
 dnf install postgresql11-server postgresql11  postgresql11-contrib
 systemctl start postgresql
 systemctl enable postgresql
 systemctl status postgresql

 /usr/bin/postgresql-setup --initdb
 passwd postgres
 su - postgres
 psql -c "ALTER USER postgres WITH PASSWORD 'adminpasswdhere123';"
 OR \password
 
 tree -L 1 /var/lib/pgsql/data/
 nano /var/lib/pgsql/data/pg_hba.conf
  #host    all             all         127.0.0.1/32            md5
  #host    all             all		::1/128                 md5
 systemctl reload postgresql
 su - postgres
 psql
Retrieved from "https://wiki.rhomicom.com/index.php?title=CentOS8_-Install_nginx,_Apache,_Redis,_php7.4-fpm,_MySQL,_PostgreSQL&oldid=133"