From 3a59c2f859f08732329bcd35f83e157b92ec901c Mon Sep 17 00:00:00 2001
From: CSnap <clarence@namenode.xyz>
Date: Fri, 17 Nov 2023 20:25:12 +0000
Subject: [PATCH] Added LEMP guide

---
 LEMP.md   | 213 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 README.md |   5 ++
 2 files changed, 218 insertions(+)
 create mode 100644 LEMP.md

diff --git a/LEMP.md b/LEMP.md
new file mode 100644
index 0000000..3b9fef6
--- /dev/null
+++ b/LEMP.md
@@ -0,0 +1,213 @@
+# Initial Fedora 33 Super-LEMP setup:
+
+## Based on https://www.howtoforge.com/how-to-install-nginx-with-php-and-mariadb-lemp-stack-on-
+fedora-32/
+
+
+## Massive swiss-army knife setup 
+
+dnf install certbot* htop iftop iotop iptraf nano openssh-server net-tools nginx* rsync screen vim 
+wget
+
+
+dnf groupinstall "Development Tools" "Web Server" "Mysql" "php"
+
+
+## Add non-root administrator
+adduser user
+usermod -aG wheel user
+passwd user
+vi /etc/sudoers
+sudo -i -u user
+
+
+## COnfigure SSH
+ssh-keygen -t rsa -b 4096
+
+vi /etc/ssh/sshd_config ## Change port and root login settings
+
+vi .ssh/authorized_keys ## add keys (also (ssh-copy-id))
+
+
+## Firewall settings
+systemctl enable firewalld
+systemctl start firewalld
+systemctl stop firewalld
+systemctl restart firewalld
+firewall-cmd --state
+firewall-cmd --set-default-zone=public
+firewall-cmd --zone=public --permanent --list-services
+firewall-cmd --zone=public --permanent --add-service=http
+firewall-cmd --zone=public --permanent --add-service=https
+firewall-cmd --add-port 20022/tcp
+firewall-cmd --permanent --add-port 20022/tcp
+firewall-cmd --permanent --add-port YOUR_PORT_HERE/tcp
+firewall-cmd --remove-service ssh --permanent
+firewall-cmd --reload
+systemctl reload firewalld
+
+
+## MariaDB
+systemctl enable mariadb
+systemctl start mariadb
+mysql_secure_installation # Y-N-Y-Y-Y-Y
+mysql -u root -p
+CREATE USER 'user1'@localhost IDENTIFIED BY 'password1';
+CREATE USER 'namenode'@localhost IDENTIFIED BY ':passwd';
+GRANT ALL PRIVILEGES ON *.* TO 'user1'@localhost IDENTIFIED BY 'password1';
+GRANT ALL PRIVILEGES ON *.* TO 'namenode'@localhost IDENTIFIED BY ':passwd';
+FLUSH PRIVILEGES;
+SHOW GRANTS FOR 'user1'@localhost;
+SHOW GRANTS FOR 'namenode'@localhost;
+CREATE DATABASE 'yourDB';
+SHOW DATABASES;
+DROP USER 'user1'@localhost;
+
+
+## Redis Setup
+dnf install redis php-redis
+sudo systemctl enable --now redis
+
+vi /etc/redis/redis.conf ## Change bind (0.0.0.0) & requirepass && port (2*) && maxmemory (256mb) && 
+maxmemory-policy allkeys-lru
+ 
+systemctl restart redis
+firewall-cmd --zone=public --permanent --add-port=26379/tcp
+firewall-cmd --reload
+
+
+## NGINX Detailed explanation below
+
+## Simple recap moving forward:
+
+systemctl start nginx
+systemctl restart nginx
+systemctl enable nginx
+systemctl status nginx
+systemctl reload nginx
+nginx -t
+mkdir /etc/nginx/sites-available
+mkdir /usr/share/nginx/example.com/html -p
+vi /etc/nginx/sites-available/example.com.conf
+ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/conf.d/
+vi /etc/nginx/nginx.com # comment out the root in default server block????
+systemctl reload nginx
+
+
+## There are some caveats with tutorials and default directory locations across operating systems.
+
+## The following is the fairly generic advice followed and always created confusion for me as a 
+newcomer to nginx.
+
+mkdir /etc/nginx/sites-available  ## Create a directory for nginx.conf files
+
+mkdir /etc/nginx/sites-enabled  ## Create a directory for active ones (Which is unnecessary as you 
+could publish symlinks later to the existing conf.d directory) But we will just place our symlinks in nginx directory
+
+ ## In most installation/setup guides, no one explains what we are doing here (or that the folders 
+could be named anything).But, it is actually an advanced structure where you can 
+control sites that are published to the web by creating and deleting the symlinks and reloading 
+nginx. 
+## Nginx specific guides don't usually resort to this as it adds unnecessary complexity. Third-party installation guides tend to lean towards this old Debian convention and continue repeating this advice. 
+
+## The next part is where it gets tricky, because this step is where nginx guides and installation 
+guides really begin to conflict.
+
+## Install guides want us to, essentially, hijack the default apache web root (/var/www/). Now, this 
+may be best practice if you plan on doing some apache integration later, but it confuses the process 
+and implementation when comparing to nginx guides using the nginx webroot (/usr/share/nginx/).
+ 
+## The following creates a new directory to use as website root while creating any necessary parent 
+(-p) directories.
+
+mkdir /var/www/example.com/html -p
+
+## But you could do this same thing inside the existing nginx webroot instead:
+
+mkdir /usr/share/nginx/example.com/html -p
+
+## or
+
+mkdir /usr/share/nginx/example.com/public_html -p
+
+## And then use that directory as the root inside your individual nginx conf files (in place of 
+/var/www). Doing this would align better with nginx specific guides for repository based packages
+(fedora/centos/redhat). However, then it must be substituted in any following instructions for 
+/var/www/* (trivial)
+
+## Additionally, all of that extra fluff is unnecessary for a single site instance where 
+/usr/share/nginx/html/ is already being served as the main directory for the domain pointed at the 
+server. We are now ready to host our site. Best practice says we will better protect our work from 
+future update breakage by keeping site specific work separate from installation defaults. And so,I 
+digress.  
+
+## Now we can create a new config file to start with:
+
+vi /etc/nginx/sites-available/example.com.conf
+
+## Once we are ready to activate this site to be served (will make sense after nginx.conf settings) 
+we will link it:
+
+ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-enabled/
+
+## What they don't tell you is that removing that symlink is as easy as:
+
+rm /etc/nginx/sites-enabled/example.com.conf
+
+## Now we edit the nginx.conf
+
+vi /etc/nginx/nginx.conf
+
+## Paste the following lines after the line "include /etc/nginx/conf.d/*.conf"
+```
+include /etc/nginx/sites-enabled/*.conf;
+server_names_hash_bucket_size 64;
+
+```
+## and
+
+types_hash_max_size 4096; ## Should already be set
+
+## Now there is usually a root described in the main conf so you will need to remove/alter that line 
+as well. You could also create some kind of redirect to send generic requests to the default IP to 
+the main domain of the server, but nobody explains or gives examples of any of that. So the default 
+is usually easiest to remove the main directive. 
+  
+nginx -t
+systemctl reload nginx
+
+## Simple recap moving forward:
+
+systemctl start nginx
+systemctl restart nginx
+systemctl enable nginx
+systemctl status nginx
+systemctl reload nginx
+nginx -t
+mkdir /etc/nginx/sites-available
+mkdir /usr/share/nginx/example.com/html -p
+vi /etc/nginx/sites-available/example.com.conf
+ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/conf.d
+vi /etc/nginx/nginx.com # comment out the root in default server block
+systemctl reload nginx
+
+
+### PHP-FPM setup
+
+## Change user in configuration:
+
+vi /etc/php-fpm.d/www.conf
+systemctl restart php-fpm
+
+## phpMyAdmin setup
+
+dnf install phpmyadmin 
+
+
+
+
+
+
+
+
+
diff --git a/README.md b/README.md
index de05f87..fa99518 100644
--- a/README.md
+++ b/README.md
@@ -2,5 +2,10 @@
 
 Collection of various technical "cheat sheets".
 
+[Markdown](https://git.namenode.xyz/CSnap/cheetsheetz/src/branch/main/markdown.md)
+[Python](https://git.namenode.xyz/CSnap/cheetsheetz/src/branch/main/python.md)
+
+[LEMP Guide](https://git.namenode.xyz/CSnap/cheetsheetz/src/branch/main/LEMP.md)
+
 ![CheetSheetz](https://namenode.xyz/img/badges/cheetsheetzbadge.png)
 ![Formatted using Markdown](https://namenode.xyz/img/badges/markdownbadge.png)