Explore

Setup & Config Server Centos

Mengthong Oeng

Fresh Set Up

Php

- dnf update

- dnf install nginx php php-fpm php-common php-xml php-mbstring php-json php-zip mariadb-server php-mysqlnd

- sudo yum search php-

- sudo yum module list php

- sudo yum install yum-utils

http://rpms.remirepo.net/enterprise/remi-release-8.rpm⁠

⁠

https://rpms.remirepo.net/enterprise/8/test81/x86_64/php-8.1.14~RC1-1.el8.remi.x86_64.rpm⁠

⁠

- sudo yum module list php

- sudo yum module reset php

- sudo yum module enable php:remi-8.1

## verify it php set to 8.1 ##

- sudo yum module list php

- sudo yum install php php-fpm

- sudo yum install php-fpm php-common php-cli

- sudo systemctl enable php-fpm.service

- sudo systemctl start php-fpm.service

- sudo systemctl status php-fpm.service

- sudo systemctl stop php-fpm.service

- sudo systemctl restart php-fpm.service

Nginx & Firewall

- sudo dnf install nginx

- sudo systemctl enable nginx

- sudo systemctl start nginx

- yum install firewalld

- systemctl start firewalld

- systemctl enable firewalld

- systemctl status firewalld

- firewall-cmd --zone=public --add-port=80/tcp --permanent

- firewall-cmd --reload

- sudo firewall-cmd --permanent --add-service=http

- firewall-cmd --zone=public --permanent --add-service=https

- sudo firewall-cmd --permanent --list-all

- sudo firewall-cmd --reload

Mariadb

- yum search mariadb

- yum info mariadb

- yum install mariadb-server

- systemctl enable mariadb.service

- sudo systemctl stop mariadb.service

- sudo systemctl start mariadb.service

- sudo systemctl restart mariadb.service

- sudo systemctl status mariadb.service

- sudo mysql_secure_installation

- mysql -u root -p

Create database with user db

- Create database —username—

- create database rental_housing_rights_db;

- CREATE USER 'rental_housing_rights_db@db'@'localhost' IDENTIFIED BY 'rental_housing_rights_db123';

- GRANT ALL ON rental_housing_rights_db.* TO 'rental_housing_rights_db@db'@'localhost';

- FLUSH PRIVILEGES;

Swap Ram

- sudo dd if=/dev/zero of=/swapfile count=4096 bs=1MiB && ls -lh /swapfile && sudo chmod 600 /swapfile && ls -lh /swapfile && sudo mkswap /swapfile && sudo swapon /swapfile && swapon -s && free -m

Install Composer

# curl -sS https://getcomposer.org/installer | php

# mv composer.phar /usr/local/bin/composer

# chmod +x /usr/local/bin/composer

Install Laravel PHP Framework with Nginx

Config Securing PHP & Nginx

- vim /etc/php-fpm.d/www.conf

⁠

listen.owner = nginx

listen.group = nginx

listen.mode = 066

⁠

- vim /etc/php.ini

⁠

cgi.fix_pathinfo=1

⁠

- vim /etc/php-fpm.d/www.conf

security.limit_extensions = .php .php3 .php4 .php5 .php7

⁠

install Laravel

- composer global require laravel/installer

set permission mode on selinux

# chown -R :nginx /var/www/davane_api/storage/

# chown -R :nginx /var/www/davane_api/bootstrap/cache/

# chmod -R 0777 /var/www/davane_api/storage/

# chmod -R 0775 /var/www/davane_api/bootstrap/cache/

# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/davane_api/storage(/.*)?'

# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/davane_api/bootstrap/cache(/.*)?'

# restorecon -Rv '/var/www/davane_api'

config laravel with Nginx

- vim /etc/nginx/nginx.conf

server {

listen 82;

server_name api.rentalhousingrights.org www.api.rentalhousingrights.org;

root /var/www/stt_api/public;

index index.php;

charset utf-8;

gzip on;

gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;

location / {

try_files $uri $uri/ /index.php?$query_string;

}

location ~ \.php {

include fastcgi.conf;

fastcgi_split_path_info ^(.+\.php)(/.+)$;

fastcgi_pass unix:/run/php-fpm/www.sock;

}

location ~ /\.ht {

deny all;

}

# nginx -t

# systemctl restart php-fpm

# systemctl restart nginx

Nginx to permissive mode

set permission for nginx

semanage permissive -a httpd_t

Denied databases

For check

getsebool -a | grep httpd

For enable

setsebool -P httpd_can_network_connect_db 1

New Port Public

firewall-cmd --permanent --zone=public --add-port=27017/tcp && semanage port -l | grep http_port_t && semanage port -a -t http_port_t -p tcp 27017 && firewall-cmd --reload

Permission Access Folder

- chown -R $USER:$USER /var/www/davane_api

- chcon -R -t httpd_sys_content_t /var/www/davane_api

- chcon -R -t httpd_sys_rw_content_t /var/www/davane_api

Config SSl

⁠

https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-centos-7⁠

⁠

https://upcloud.com/community/tutorials/install-lets-encrypt-nginx/⁠

⁠

Want to print your doc?
This is not the way.

Try clicking the ⋯ next to your doc name or using a keyboard shortcut (

CtrlP

) instead.