User
1 2 3 4
| adduser username passwd username Grant sudo permission gpasswd -a username wheel
|
Install SSH public key:
@local$ ssh-copy-id username@SERVER_IP_ADDRESS
Hint: To search for this line, type /PermitRoot then hit ENTER. This should bring the cursor to the “P” character on that line.
Uncomment the line by deleting the “#” symbol (press Shift-x).
Now move the cursor to the “yes” by pressing c.
Now replace “yes” by pressing cw, then typing in “no”. Hit Escape when you are done editing. It should look like this:
PermitRootLogin no
1 2
| systemctl reload sshd exit
|
Login with new user
@local$ ssh username@SERVER_IP_ADDRESS
Firewall
1 2 3 4 5 6
| sudo yum install firewalld sudo systemctl start firewalld sudo firewall-cmd --get-services sudo firewall-cmd --permanent --add-service=ssh sudo firewall-cmd --permanent --add-service=http sudo firewall-cmd --permanent --add-service=https
|
If it’s a port:
sudo firewall-cmd –permanent –add-port=8484/tcp
1 2 3
| sudo firewall-cmd --permanent --list-all sudo firewall-cmd --reload sudo systemctl enable firewalld
|
Date & Time
1 2 3 4 5 6
| sudo timedatectl list-timezones sudo timedatectl set-timezone Asia/Taipei sudo systemctl start ntpd sudo systemctl enable ntpd sudo yum install ntp sudo timedatectl
|
Prerequisites
1 2 3
| sudo yum install epel-release sudo yum install yum-utils sudo yum install https://rpms.remirepo.net/enterprise/remi-release-7.rpm
|
Nginx
1
| sudo vi /etc/yum.repos.d/nginx.repo
|
/etc/yum.repos.d/nginx.repo1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
| [nginx-stable] name=nginx stable repo baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ gpgcheck=1 enabled=1 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true
[nginx-mainline] name=nginx mainline repo baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/ gpgcheck=1 enabled=0 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true
|
1 2 3
| sudo yum-config-manager --enable nginx-mainline sudo yum install nginx sudo systemctl start nginx
|
Test http://server_domain_name_or_IP/
1
| sudo systemctl enable nginx
|
MariaDB
1
| sudo vi /etc/yum.repos.d/MariaDB.repo
|
/etc/yum.repos.d/MariaDB.repo1 2 3 4 5 6 7
| # MariaDB 10.4 CentOS repository list - created 2020-03-17 15:09 UTC # http://downloads.mariadb.org/mariadb/repositories/ [mariadb] name = MariaDB baseurl = http://yum.mariadb.org/10.4/centos7-amd64 gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB gpgcheck=1
|
1 2 3 4
| sudo yum install MariaDB-server MariaDB-client sudo systemctl start mariadb sudo mysql_secure_installation sudo systemctl enable mariadb
|
PHP
1 2
| sudo yum-config-manager --enable remi-php72 sudo yum install php php-fpm php-mysql php-cli php-mbstring php-mcrypt php-gd php-curl php-zip php-xml
|
/etc/php.ini1 2 3
| ... cgi.fix_pathinfo=0 ...
|
1
| sudo vi /etc/php-fpm.d/www.conf
|
/etc/php-fpm.d/www.conf1 2 3 4 5
| user = nginx group = nginx listen.owner = nobody listen.group = nobody listen = /var/run/php-fpm/php-fpm.sock
|
1 2
| sudo systemctl start php-fpm sudo systemctl enable php-fpm
|
Composer
1
| sudo yum install composer
|
Node.js
1 2
| curl -sL https://rpm.nodesource.com/setup_13.x | sudo bash - sudo yum install -y nodejs
|
To install the Yarn package manager, run:
curl -sL https://dl.yarnpkg.com/rpm/yarn.repo | sudo tee /etc/yum.repos.d/yarn.repo
sudo yum install yarn
Git
1 2 3
| sudo yum remove git sudo rpm -U https://centos7.iuscommunity.org/ius-release.rpm sudo yum install git2u
|
Nginx Config
https://www.digitalocean.com/community/tools/nginx#
sudo nginx -t && systemctl restart nginx
Note that the path of php-fpm.sock might be different from the template.
GODDAMN SELinux
Got Permission denied
in /var/log/nginx/error.log???
Check the SELinux audit log:
1
| sudo cat /var/log/audit/audit.log | grep nginx | grep denied
|
1 2
| ls -Z /var/www sudo chcon -Rv -t httpd_sys_content_t /var/www/
|
To enable write permission for httpd:
1 2 3 4 5
| sudo chcon -Rv -t httpd_sys_rw_content_t /var/www/html/storage sudo chcon -Rv -t httpd_sys_rw_content_t /var/www/html/bootstrap/cache sudo chown $USER:nginx -R /var/www/html sudo chmod -R 775 /var/www/html/storage sudo chmod -R 775 /var/www/html/bootstrap/cache
|
some says sudo chmod u=+srwX,g=+srX,o=rX -R /var/www/html/
To allow httpd to create connection (usually to a load balancer or WebSocket):
1
| sudo setsebool -P httpd_can_network_connect 1
|
Fix PHP session permission:
1
| sudo chown -R nginx: /var/lib/php/session
|
If there’s another permission denied problem:
sudo chcon -R -t httpd_var_run_t /var/lib/php/session
Reference (maybe httpd_var_run_t is enough?):
sudo restorecon -v /var/lib/php/session
sudo semanage fcontext -a -t httpd_sys_rw_content_t /var/lib/php/session
MDFK
Flying is learning how to throw yourself at the ground and miss.