Difference between revisions of "Redhat8 - Install Nginx, Apache, Redis, php7.4-fpm, MySQL, PostgreSQL"

From Rhomicom Wiki
Jump to navigation Jump to search
 
(15 intermediate revisions by the same user not shown)
Line 2: Line 2:
 
== nginx ==
 
== nginx ==
 
   sudo dnf update
 
   sudo dnf update
 +
  sudo dnf module list nginx
 +
  sudo dnf module install nginx:1.18 mod_ssl
 +
  sudo dnf install mod_ssl
 +
 +
  OR
 
   sudo dnf install nginx mod_ssl
 
   sudo dnf install nginx mod_ssl
 +
 
   sudo systemctl start nginx
 
   sudo systemctl start nginx
 +
  sudo systemctl enable nginx
 +
 +
  sudo dnf remove nginx
 +
  sudo dnf module reset nginx
 
==== TEST ====
 
==== TEST ====
 
   curl -4 ec2-3-123-2-191.eu-central-1.compute.amazonaws.com
 
   curl -4 ec2-3-123-2-191.eu-central-1.compute.amazonaws.com
==== SSL ====
 
  openssl req -new -newkey rsa:4096 -nodes -keyout rho-demo.key -out rho-demo.csr #(Copy and send .csr file content to Certificate Authority)
 
  
  mkdir -p /etc/pki/nginx
+
==== SSL AND SECURITY ====
  mkdir -p /etc/pki/nginx/private
+
Visit this page for SSL and all other Security Settings [[SELinux,Fail2ban,Security Configurations]]
  openssl req -newkey rsa:4096 -nodes -keyout /etc/pki/nginx/private/server.key -x509 -days 365 -out /etc/pki/nginx/server.crt -subj "/C=GH/ST=Greater Accra/L=Accra/O=Rhomicom Demo/OU=IT/CN=*.rhomicom.com/[[/cdn-cgi/l/email-protection|[email protected]]]"
+
 
  openssl dhparam -out /etc/pki/nginx/dhparam.pem 4096
 
  nano /etc/nginx/nginx.conf #(# Add DH parameters
 
        ssl_dhparam /etc/pki/nginx/dhparam.pem;)
 
  nginx -t
 
  systemctl restart nginx
 
 
== Or Apache ==
 
== Or Apache ==
 
   sudo dnf install httpd httpd-tools mod_ssl
 
   sudo dnf install httpd httpd-tools mod_ssl
 
   sudo systemctl enable httpd
 
   sudo systemctl enable httpd
 
   sudo systemctl start httpd
 
   sudo systemctl start httpd
== firewalld ==
 
  sudo yum install firewalld
 
  sudo systemctl start firewalld
 
  sudo systemctl enable firewalld
 
  sudo systemctl status firewalld
 
 
  sudo firewall-cmd --permanent --add-service=http
 
  sudo firewall-cmd --permanent --add-service=https
 
  sudo firewall-cmd --permanent --list-all
 
  sudo firewall-cmd --reload
 
 
  nano /etc/firewalld/firewalld.conf
 
  <nowiki>#</nowiki> AllowZoneDrifting=no
 
== SELinux ==
 
  setsebool -P httpd_can_network_connect 1
 
  setsebool -P httpd_execmem 1
 
  setsebool -P httpd_setrlimit 1
 
  setsebool -P httpd_can_sendmail 1
 
  setsebool -P allow_httpd_mod_auth_pam 1
 
  setsebool -P httpd_mod_auth_pam 1
 
  setsebool -P httpd_read_user_content 1
 
  setsebool -P httpd_run_stickshift 1
 
  setsebool -P httpd_enable_cgi 1
 
  setsebool -P httpd_unified 1
 
  setsebool -P httpd_enable_homedirs 1
 
 
== MariaDB ==
 
== MariaDB ==
 
   sudo dnf install mariadb-server
 
   sudo dnf install mariadb-server
Line 57: Line 35:
 
   GRANT ALL ON rho_database.* TO 'root'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;
 
   GRANT ALL ON rho_database.* TO 'root'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;
 
   FLUSH PRIVILEGES;
 
   FLUSH PRIVILEGES;
 
 
== REDIS ==
 
== REDIS ==
 
   dnf module install redis
 
   dnf module install redis
 
+
 
   nano /etc/sysctl.conf
+
   sysctl vm.overcommit_memory=1 (# nano /etc/sysctl.conf)
   <nowiki>#</nowiki> sysctl vm.overcommit_memory=1
+
   echo never > /sys/kernel/mm/transparent_hugepage/enabled
  <nowiki>#</nowiki> echo never > /sys/kernel/mm/transparent_hugepage/enabled
 
  
 
   systemctl start redis
 
   systemctl start redis
Line 70: Line 46:
 
   ss -tlpn
 
   ss -tlpn
 
   redis-cli (#PING -> PONG)
 
   redis-cli (#PING -> PONG)
 
 
== PHP ==
 
== PHP ==
 
   sudo dnf module list php
 
   sudo dnf module list php
Line 81: Line 56:
 
   sudo systemctl restart nginx
 
   sudo systemctl restart nginx
  
 +
  nano /etc/php.ini
 +
  # session.save_handler = redis
 +
  # session.save_path = tcp://127.0.0.1:6379
 +
  nano /etc/php-fpm.d/www.conf
 +
  # php_value[session.save_handler] = redis
 +
  # php_value[session.save_path]    = tcp://127.0.0.1:6379
 
== PostgreSQL ==
 
== PostgreSQL ==
 
   dnf install https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm
 
   dnf install https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm
Line 97: Line 78:
 
   tree -L 1 /var/lib/pgsql/data/
 
   tree -L 1 /var/lib/pgsql/data/
 
   nano /var/lib/pgsql/data/pg_hba.conf
 
   nano /var/lib/pgsql/data/pg_hba.conf
   #host    all            all             127.0.0.1/32            md5
+
   #host    all            all         127.0.0.1/32            md5
 
   #host    all            all ::1/128                md5
 
   #host    all            all ::1/128                md5
 
   systemctl reload postgresql
 
   systemctl reload postgresql
 
   su - postgres
 
   su - postgres
 
   psql
 
   psql

Latest revision as of 23:43, 25 July 2021

nginx

 sudo dnf update
 sudo dnf module list nginx
 sudo dnf module install nginx:1.18 mod_ssl
 sudo dnf install mod_ssl

 OR
 sudo dnf install nginx mod_ssl

 sudo systemctl start nginx
 sudo systemctl enable nginx

 sudo dnf remove nginx
 sudo dnf module reset nginx

TEST

 curl -4 ec2-3-123-2-191.eu-central-1.compute.amazonaws.com

SSL AND SECURITY

Visit this page for SSL and all other Security Settings SELinux,Fail2ban,Security Configurations

Or Apache

 sudo dnf install httpd httpd-tools mod_ssl
 sudo systemctl enable httpd
 sudo systemctl start httpd

MariaDB

 sudo dnf install mariadb-server
 sudo systemctl start mariadb
 sudo systemctl enable mariadb

 sudo mysql_secure_installation #(Set Root Password and disable test and insecure features)

 sudo mysql -p #(Use \q to quit)
 CREATE DATABASE rho_database;
 GRANT ALL ON rho_database.* TO 'root'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;
 FLUSH PRIVILEGES;

REDIS

 dnf module install redis
 
 sysctl vm.overcommit_memory=1 (# nano /etc/sysctl.conf)
 echo never > /sys/kernel/mm/transparent_hugepage/enabled

 systemctl start redis
 systemctl enable redis
 systemctl status redis
 ss -tlpn
 redis-cli (#PING -> PONG)

PHP

 sudo dnf module list php
 sudo dnf module install php:7.4 #(use dnf module reset php to reset if necessary before running command)
 sudo dnf install php-fpm php-opcache php-openssl php-curl php-cli php-common php-zip php-gd php-xml php-pear php-bcmath php-json php-pdo php-mysqlnd php-pgsql php-mbstring  php-soap php-sockets php-pecl-apcu php-json php-ctype php-dom php-exif php-mysqli php-iconv php-fileinfo

 sudo nano /etc/php-fpm.d/www.conf  #(Change user and group to nginx)
 sudo systemctl start php-fpm
 systemctl status php-fpm.service
 sudo systemctl restart nginx

 nano /etc/php.ini
  # session.save_handler = redis
  # session.save_path = tcp://127.0.0.1:6379
 nano /etc/php-fpm.d/www.conf
  # php_value[session.save_handler] = redis
  # php_value[session.save_path]    = tcp://127.0.0.1:6379

PostgreSQL

 dnf install https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm
 dnf update
 dnf install postgresql11-server postgresql11  postgresql11-contrib
 systemctl start postgresql
 systemctl enable postgresql
 systemctl status postgresql

 /usr/bin/postgresql-setup --initdb
 passwd postgres
 su - postgres
 psql -c "ALTER USER postgres WITH PASSWORD 'adminpasswdhere123';"
 OR \password
 
 tree -L 1 /var/lib/pgsql/data/
 nano /var/lib/pgsql/data/pg_hba.conf
  #host    all             all         127.0.0.1/32            md5
  #host    all             all		::1/128                 md5
 systemctl reload postgresql
 su - postgres
 psql
Retrieved from "https://wiki.rhomicom.com/index.php?title=Redhat8_-_Install_Nginx,_Apache,_Redis,_php7.4-fpm,_MySQL,_PostgreSQL&oldid=250"