{ CentOS }

  • CentOS 7 LEMP Nginx MariaDB PHP Setup

    | /

    User

    1
    2
    3
    4
    adduser username
    passwd username
    Grant sudo permission
    gpasswd -a username wheel

    Install SSH public key:
    @local$ ssh-copy-id username@SERVER_IP_ADDRESS

    1
    vi /etc/ssh/sshd_config

    Hint: To search for this line, type /PermitRoot then hit ENTER. This should bring the cursor to the “P” character on that line.

    Uncomment the line by deleting the “#” symbol (press Shift-x).

    Now move the cursor to the “yes” by pressing c.

    Now replace “yes” by pressing cw, then typing in “no”. Hit Escape when you are done editing. It should look like this:

    PermitRootLogin no

    DigitalOcean
    1
    2
    systemctl reload sshd
    exit

    Login with new user
    @local$ ssh username@SERVER_IP_ADDRESS

    Firewall

    1
    2
    3
    4
    5
    6
    sudo yum install firewalld
    sudo systemctl start firewalld
    sudo firewall-cmd --get-services
    sudo firewall-cmd --permanent --add-service=ssh
    sudo firewall-cmd --permanent --add-service=http
    sudo firewall-cmd --permanent --add-service=https

    If it’s a port:

    sudo firewall-cmd –permanent –add-port=8484/tcp

    1
    2
    3
    sudo firewall-cmd --permanent --list-all
    sudo firewall-cmd --reload
    sudo systemctl enable firewalld

    Date & Time

    1
    2
    3
    4
    5
    6
    sudo timedatectl list-timezones
    sudo timedatectl set-timezone Asia/Taipei
    sudo systemctl start ntpd
    sudo systemctl enable ntpd
    sudo yum install ntp
    sudo timedatectl

    Prerequisites

    1
    2
    3
    sudo yum install epel-release
    sudo yum install yum-utils
    sudo yum install https://rpms.remirepo.net/enterprise/remi-release-7.rpm

    Nginx

    1
    sudo vi /etc/yum.repos.d/nginx.repo
    /etc/yum.repos.d/nginx.repo
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    [nginx-stable]
    name=nginx stable repo
    baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
    gpgcheck=1
    enabled=1
    gpgkey=https://nginx.org/keys/nginx_signing.key
    module_hotfixes=true

    [nginx-mainline]
    name=nginx mainline repo
    baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
    gpgcheck=1
    enabled=0
    gpgkey=https://nginx.org/keys/nginx_signing.key
    module_hotfixes=true
    1
    2
    3
    sudo yum-config-manager --enable nginx-mainline
    sudo yum install nginx
    sudo systemctl start nginx

    Test http://server_domain_name_or_IP/

    1
    sudo systemctl enable nginx

    MariaDB

    1
    sudo vi /etc/yum.repos.d/MariaDB.repo
    /etc/yum.repos.d/MariaDB.repo
    1
    2
    3
    4
    5
    6
    7
    # MariaDB 10.4 CentOS repository list - created 2020-03-17 15:09 UTC
    # http://downloads.mariadb.org/mariadb/repositories/
    [mariadb]
    name = MariaDB
    baseurl = http://yum.mariadb.org/10.4/centos7-amd64
    gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
    gpgcheck=1
    1
    2
    3
    4
    sudo yum install MariaDB-server MariaDB-client
    sudo systemctl start mariadb
    sudo mysql_secure_installation
    sudo systemctl enable mariadb

    PHP

    1
    2
    sudo yum-config-manager --enable remi-php72
    sudo yum install php php-fpm php-mysql php-cli php-mbstring php-mcrypt php-gd php-curl php-zip php-xml
    1
    sudo vi /etc/php.ini
    /etc/php.ini
    1
    2
    3
    ...
    cgi.fix_pathinfo=0
    ...
    1
    sudo vi /etc/php-fpm.d/www.conf
    /etc/php-fpm.d/www.conf
    1
    2
    3
    4
    5
    user = nginx
    group = nginx
    listen.owner = nobody
    listen.group = nobody
    listen = /var/run/php-fpm/php-fpm.sock
    1
    2
    sudo systemctl start php-fpm
    sudo systemctl enable php-fpm

    Composer

    1
    sudo yum install composer

    Node.js

    1
    2
    curl -sL https://rpm.nodesource.com/setup_13.x | sudo bash -
    sudo yum install -y nodejs

    To install the Yarn package manager, run:
    curl -sL https://dl.yarnpkg.com/rpm/yarn.repo | sudo tee /etc/yum.repos.d/yarn.repo
    sudo yum install yarn

    Git

    1
    2
    3
    sudo yum remove git
    sudo rpm -U https://centos7.iuscommunity.org/ius-release.rpm
    sudo yum install git2u

    Nginx Config

    https://www.digitalocean.com/community/tools/nginx#
    sudo nginx -t && systemctl restart nginx

    Note that the path of php-fpm.sock might be different from the template.

    GODDAMN SELinux

    Got Permission denied in /var/log/nginx/error.log???

    Check the SELinux audit log:

    1
    sudo cat /var/log/audit/audit.log | grep nginx | grep denied
    1
    2
    ls -Z /var/www
    sudo chcon -Rv -t httpd_sys_content_t /var/www/

    To enable write permission for httpd:

    1
    2
    3
    4
    5
    sudo chcon -Rv -t httpd_sys_rw_content_t /var/www/html/storage
    sudo chcon -Rv -t httpd_sys_rw_content_t /var/www/html/bootstrap/cache
    sudo chown $USER:nginx -R /var/www/html
    sudo chmod -R 775 /var/www/html/storage
    sudo chmod -R 775 /var/www/html/bootstrap/cache

    some says sudo chmod u=+srwX,g=+srX,o=rX -R /var/www/html/

    To allow httpd to create connection (usually to a load balancer or WebSocket):

    1
    sudo setsebool -P httpd_can_network_connect 1

    Fix PHP session permission:

    1
    sudo chown -R nginx: /var/lib/php/session

    If there’s another permission denied problem:
    sudo chcon -R -t httpd_var_run_t /var/lib/php/session
    Reference (maybe httpd_var_run_t is enough?):
    sudo restorecon -v /var/lib/php/session
    sudo semanage fcontext -a -t httpd_sys_rw_content_t /var/lib/php/session

    MDFK

    Flying is learning how to throw yourself at the ground and miss.

    Douglas Adams