nginx
sudo dnf update
sudo dnf install nginx mod_ssl
sudo systemctl start nginx
TEST
curl -4 ec2-3-123-2-191.eu-central-1.compute.amazonaws.com
SSL
openssl req -new -newkey rsa:4096 -nodes -keyout rho-demo.key -out rho-demo.csr #(Copy and send .csr file content to Certificate Authority)
mkdir -p /etc/pki/nginx
mkdir -p /etc/pki/nginx/private
openssl req -newkey rsa:4096 -nodes -keyout /etc/pki/nginx/private/server.key -x509 -days 365 -out /etc/pki/nginx/server.crt -subj "/C=GH/ST=Greater Accra/L=Accra/O=Rhomicom Demo/OU=IT/CN=*.rhomicom.com/[email protected]"
openssl dhparam -out /etc/pki/nginx/dhparam.pem 4096
nano /etc/nginx/nginx.conf #(# Add DH parameters
ssl_dhparam /etc/pki/nginx/dhparam.pem;)
nginx -t
systemctl restart nginx
Letsencrypt
dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
# (for centos 8) dnf config-manager --set-enabled PowerTools
sudo dnf install certbot python3-certbot-nginx
OR dnf install certbot python3-certbot-apache
certbot --version
certbot --nginx
OR certbot --apache
certbot renew
certbot certificates
certbot certonly --apache
certbot certonly --nginx
echo "0 0,12 * * * root python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew -q" | sudo tee -a /etc/crontab > /dev/null
Or Apache
yum -y install httpd httpd-tools mod_ssl
sudo systemctl status httpd
sudo systemctl start httpd.service
sudo systemctl enable httpd.service
firewalld
sudo yum install firewalld
sudo systemctl start firewalld
sudo systemctl enable firewalld
sudo systemctl status firewalld
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --permanent --list-all
sudo firewall-cmd --reload
nano /etc/firewalld/firewalld.conf
# AllowZoneDrifting=no
SELinux
setsebool -P httpd_can_network_connect 1
setsebool -P httpd_execmem 1
setsebool -P httpd_setrlimit 1
setsebool -P httpd_can_sendmail 1
setsebool -P allow_httpd_mod_auth_pam 1
setsebool -P httpd_mod_auth_pam 1
setsebool -P httpd_read_user_content 1
setsebool -P httpd_run_stickshift 1
setsebool -P httpd_enable_cgi 1
setsebool -P httpd_unified 1
setsebool -P httpd_enable_homedirs 1
MySQL
sudo dnf install mysql-server
sudo systemctl start mysqld
sudo systemctl enable mysqld
sudo mysql_secure_installation
sudo grep 'temporary password' /var/log/mysqld.log
mysql -u [user] -p
create database [database_name];
mysql -u [new_user] -p [database_name] < [file_name].sql
mysql -u root -p rhomicom < rhomicom.sql
#Backup of all databases
mysqldump -u [user] -p all-databases > [file_name].sql
REDIS
dnf module install redis
sysctl vm.overcommit_memory=1 (# nano /etc/sysctl.conf)
echo never > /sys/kernel/mm/transparent_hugepage/enabled
systemctl start redis
systemctl enable redis
systemctl status redis
ss -tlpn
redis-cli (#PING -> PONG)
PHP
sudo dnf module list php
sudo dnf module install php:7.4 #(use dnf module reset php to reset if necessary before running command)
sudo dnf install php-fpm php-opcache php-openssl php-curl php-cli php-common php-zip php-gd php-xml php-pear php-bcmath php-json php-pdo php-mysqlnd php-pgsql php-mbstring php-soap php-sockets php-pecl-apcu php-json php-ctype php-dom php-exif php-mysqli php-iconv php-fileinfo
sudo nano /etc/php-fpm.d/www.conf #(Change user and group to nginx)
sudo systemctl start php-fpm
systemctl status php-fpm.service
sudo systemctl restart nginx
nano /etc/php.ini
# session.save_handler = redis
# session.save_path = tcp://127.0.0.1:6379
nano /etc/php-fpm.d/www.conf
# php_value[session.save_handler] = redis
# php_value[session.save_path] = tcp://127.0.0.1:6379
PostgreSQL
dnf module list postgresql
sudo dnf module enable postgresql:12
sudo dnf install postgresql-server
sudo postgresql-setup --initdb
sudo systemctl start postgresql
sudo systemctl enable postgresql
su - postgres -c "psql"
\password postgres
systemctl restart postgresql
cd /var/lib/pgsql/data/
nano pg_hba.conf
nano postgresql.conf