Share
Explore

Setup & Config Server Centos

Fresh Set Up

Php

- dnf update
- dnf install nginx php php-fpm php-common php-xml php-mbstring php-json php-zip mariadb-server php-mysqlnd
- sudo yum search php-
- sudo yum module list php
- sudo yum module list php
- sudo yum module reset php
- sudo yum module enable php:remi-7.4

## verify it php set to 7.4 ##

- sudo yum module list php
- sudo yum install php php-fpm
- sudo yum install php-fpm php-common php-cli
- sudo systemctl enable php-fpm.service
- sudo systemctl start php-fpm.service
- sudo systemctl status php-fpm.service
- sudo systemctl stop php-fpm.service
- sudo systemctl restart php-fpm.service

Nginx & Firewall

- sudo dnf install nginx
- sudo systemctl enable nginx
- sudo systemctl start nginx
- yum install firewalld
- systemctl start firewalld
- systemctl enable firewalld
- systemctl status firewalld
- firewall-cmd --zone=public --add-port=80/tcp --permanent
- firewall-cmd --reload
- sudo firewall-cmd --permanent --add-service=http
- firewall-cmd --zone=public --permanent --add-service=https
- sudo firewall-cmd --permanent --list-all
- sudo firewall-cmd --reload

Mariadb

- yum search mariadb
- yum info mariadb
- yum install mariadb-server
- systemctl enable mariadb.service
- sudo systemctl stop mariadb.service
- sudo systemctl start mariadb.service
- sudo systemctl restart mariadb.service
- sudo systemctl status mariadb.service
- sudo mysql_secure_installation
- mysql -u root -p

Create database with user db

- Create database —username—
- create database bottelegram;
- CREATE USER 'bottelegram@db'@'localhost' IDENTIFIED BY 'bottelegram123';
- GRANT ALL ON bottelegram.* TO 'bottelegram@db'@'localhost';
- FLUSH PRIVILEGES;

Swap Ram

- sudo dd if=/dev/zero of=/swapfile count=4096 bs=1MiB
- ls -lh /swapfile
- sudo chmod 600 /swapfile
- ls -lh /swapfile
- sudo mkswap /swapfile
- sudo swapon /swapfile
- swapon -s
- free -m

Install Composer
# curl -sS https://getcomposer.org/installer | php
# mv composer.phar /usr/local/bin/composer
# chmod +x /usr/local/bin/composer
Install Laravel PHP Framework with Nginx
Config Securing PHP & Nginx
- vim /etc/php-fpm.d/www.conf
image.png

listen.owner = nginx
listen.group = nginx
listen.mode = 066
image.png

- vim /etc/php.ini
image.png

cgi.fix_pathinfo=1
image.png

- vim /etc/php-fpm.d/www.conf
security.limit_extensions = .php .php3 .php4 .php5 .php7
image.png

install Laravel

- composer create-project --prefer-dist laravel/laravel

set permission mode on selinux

# chown -R :nginx /var/www/api_bot_telegram/storage/
# chown -R :nginx /var/www/api_bot_telegram/bootstrap/cache/
# chmod -R 0777 /var/www/api_bot_telegram/storage/
# chmod -R 0775 /var/www/api_bot_telegram/bootstrap/cache/

# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/api_bot_telegram/storage(/.*)?'
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/api_bot_telegram/bootstrap/cache(/.*)?'
# restorecon -Rv '/var/www/api_bot_telegram'

config laravel with Nginx

- vim /etc/nginx/nginx.conf

server {
listen 80;
server_name mysite.com;
root /var/www/html/mysite.com/public;
index index.php;

charset utf-8;
gzip on;
gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
location / {
try_files $uri $uri/ /index.php?$query_string;
}

location ~ \.php {
include fastcgi.conf;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php-fpm/www.sock;
}
location ~ /\.ht {
deny all;
}

}

# nginx -t
# systemctl restart php-fpm
# systemctl restart nginx
Nginx to permissive mode
set permission for nginx
semanage permissive -a httpd_t
Denied databases
For check
getsebool -a | grep httpd
For enable
setsebool -P httpd_can_network_connect_db 1
New Port Public
- firewall-cmd --permanent --zone=public --add-port=81/tcp
- semanage port -l | grep http_port_t
- semanage port -a -t http_port_t -p tcp 87
- firewall-cmd --reload
Permission Access Folder
- chown -R $USER:$USER /var/www/laravel
- chcon -R -t httpd_sys_content_t $SITE_PATH
- chcon -R -t httpd_sys_rw_content_t $SITE_PATH
Config SSl

Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.