So formatting. Such broken.

2023-11-17 20:50:15 +00:00 · 2023-11-17 20:50:15 +00:00 · b80f78b411
parent 3a59c2f859
commit b80f78b411
1 changed files with 83 additions and 95 deletions
--- a/LEMP.md
+++ b/LEMP.md
@ -1,35 +1,30 @@
-# Initial Fedora 33 Super-LEMP setup:
+# Initial Fedora Super-LEMP setup:
 ## Based on https://www.howtoforge.com/how-to-install-nginx-with-php-and-mariadb-lemp-stack-on-
 fedora-32/
 ### *Based on https://www.howtoforge.com/how-to-install-nginx-with-php-and-mariadb-lemp-stack-on-fedora-32/*
 ## Massive swiss-army knife setup 
-
+```
 dnf install certbot* htop iftop iotop iptraf nano openssh-server net-tools nginx* rsync screen vim 
-wget
+wget && dnf groupinstall "Development Tools" "Web Server" "Mysql" "php"
-
+```
 dnf groupinstall "Development Tools" "Web Server" "Mysql" "php"
 ## Add non-root administrator
-adduser user
+`adduser user`
-usermod -aG wheel user
+`usermod -aG wheel user`
-passwd user
+`passwd user`
-vi /etc/sudoers
+`vi /etc/sudoers`
-sudo -i -u user
+`sudo -i -u user`
 ## Configure SSH
 `ssh-keygen -t rsa -b 4096`
-## COnfigure SSH
+### Change port and root login settings
-ssh-keygen -t rsa -b 4096
+`vi /etc/ssh/sshd_config`
 vi /etc/ssh/sshd_config ## Change port and root login settings
 vi .ssh/authorized_keys ## add keys (also (ssh-copy-id))
 ### Add keys (also see `ssh-copy-id`)
 `vi .ssh/authorized_keys`
 ## Firewall settings
 ```
 systemctl enable firewalld
 systemctl start firewalld
 systemctl stop firewalld
@ -46,8 +41,10 @@ firewall-cmd --remove-service ssh --permanent
 firewall-cmd --reload
 systemctl reload firewalld
 ```
 ## MariaDB
 ```
 systemctl enable mariadb
 systemctl start mariadb
 mysql_secure_installation # Y-N-Y-Y-Y-Y
@ -62,24 +59,25 @@ SHOW GRANTS FOR 'namenode'@localhost;
 CREATE DATABASE 'yourDB';
 SHOW DATABASES;
 DROP USER 'user1'@localhost;
-
+```
 ## Redis Setup
-dnf install redis php-redis
+`dnf install redis php-redis`
-sudo systemctl enable --now redis
+`sudo systemctl enable --now redis`
-
+```
 vi /etc/redis/redis.conf ## Change bind (0.0.0.0) & requirepass && port (2*) && maxmemory (256mb) && 
 maxmemory-policy allkeys-lru
- 
+```
-systemctl restart redis
+`systemctl restart redis`
 ```
 firewall-cmd --zone=public --permanent --add-port=26379/tcp
 firewall-cmd --reload
-
+```
 ## NGINX Detailed explanation below
-## Simple recap moving forward:
+### Simple recap moving forward:
-
+```
 systemctl start nginx
 systemctl restart nginx
 systemctl enable nginx
@ -92,92 +90,89 @@ vi /etc/nginx/sites-available/example.com.conf
 ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/conf.d/
 vi /etc/nginx/nginx.com # comment out the root in default server block????
 systemctl reload nginx
 ```
 ***There are some caveats with tutorials and default directory locations across operating systems.***
-## There are some caveats with tutorials and default directory locations across operating systems.
+The following is the fairly generic advice followed and always created confusion for me as a 
 ## The following is the fairly generic advice followed and always created confusion for me as a 
 newcomer to nginx.
 ```
 mkdir /etc/nginx/sites-available  # Create a directory for nginx.conf files
-mkdir /etc/nginx/sites-available  ## Create a directory for nginx.conf files
+mkdir /etc/nginx/sites-enabled  # Create a directory for active ones (Which is unnecessary as you could publish symlinks later to the existing conf.d directory) 
-mkdir /etc/nginx/sites-enabled  ## Create a directory for active ones (Which is unnecessary as you 
+```
 could publish symlinks later to the existing conf.d directory) But we will just place our symlinks in nginx directory
- ## In most installation/setup guides, no one explains what we are doing here (or that the folders 
+In most installation/setup guides, no one explains what we are doing here (or that the folders could be named anything).
-could be named anything).But, it is actually an advanced structure where you can 
+But, it is actually an advanced structure where you can control sites that are published to the web by creating and deleting the symlinks and reloading nginx. 
 control sites that are published to the web by creating and deleting the symlinks and reloading 
 nginx. 
 ## Nginx specific guides don't usually resort to this as it adds unnecessary complexity. Third-party installation guides tend to lean towards this old Debian convention and continue repeating this advice. 
-## The next part is where it gets tricky, because this step is where nginx guides and installation 
+Nginx specific guides don't usually resort to this as it adds unnecessary complexity. Third-party installation guides tend to lean towards this old Debian convention and continue repeating this advice. 
 guides really begin to conflict.
-## Install guides want us to, essentially, hijack the default apache web root (/var/www/). Now, this 
+The next part is where it gets tricky, because this step is where nginx guides and installation guides really begin to conflict.
-may be best practice if you plan on doing some apache integration later, but it confuses the process 
+
-and implementation when comparing to nginx guides using the nginx webroot (/usr/share/nginx/).
+Install guides want us to, essentially, hijack the default apache web root (`/var/www/`). 
 Now, this may be best practice if you plan on doing some apache integration later. 
 But it confuses the process and implementation when comparing to nginx guides using the common nginx webroot: `/usr/share/nginx/`.
-## The following creates a new directory to use as website root while creating any necessary parent 
+***The following creates a new directory to use as website root while creating any necessary parent (`-p`) directories.***
 (-p) directories.
-mkdir /var/www/example.com/html -p
+`mkdir /var/www/example.com/html -p`
-## But you could do this same thing inside the existing nginx webroot instead:
+***But you could do this same thing inside the existing nginx webroot instead:***
-mkdir /usr/share/nginx/example.com/html -p
+`mkdir /usr/share/nginx/example.com/html -p`
-## or
+***or***
-mkdir /usr/share/nginx/example.com/public_html -p
+`mkdir /usr/share/nginx/example.com/public_html -p`
-## And then use that directory as the root inside your individual nginx conf files (in place of 
+And then use that directory as the root inside your individual nginx conf files (in place of /var/www). 
-/var/www). Doing this would align better with nginx specific guides for repository based packages
+Doing this would align better with nginx specific guides for repository based packages (fedora/centos/redhat). 
-(fedora/centos/redhat). However, then it must be substituted in any following instructions for 
+However, then it must be substituted in any following instructions for `/var/www/*` (trivial).
 /var/www/* (trivial)
-## Additionally, all of that extra fluff is unnecessary for a single site instance where 
+Additionally, all of that extra fluff is unnecessary for a single site instance where `/usr/share/nginx/html/` is already being served as the main directory for the domain pointed at the server.  
-/usr/share/nginx/html/ is already being served as the main directory for the domain pointed at the 
+Best practice says we will better protect our work from future update breakage by keeping site specific work separate from installation defaults. 
-server. We are now ready to host our site. Best practice says we will better protect our work from 
+And so, I digress.  
 future update breakage by keeping site specific work separate from installation defaults. And so,I 
 digress.  
-## Now we can create a new config file to start with:
+**Now we can create a new config file to start with:**
-vi /etc/nginx/sites-available/example.com.conf
+`vi /etc/nginx/sites-available/example.com.conf`
-## Once we are ready to activate this site to be served (will make sense after nginx.conf settings) 
+**Once we are ready to activate this site to be served (will make sense after nginx.conf settings) we will link it:**
 we will link it:
-ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-enabled/
+`ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-enabled/`
-## What they don't tell you is that removing that symlink is as easy as:
+**What they don't tell you is that removing that symlink is as easy as:**
-rm /etc/nginx/sites-enabled/example.com.conf
+`rm /etc/nginx/sites-enabled/example.com.conf`
-## Now we edit the nginx.conf
+**Now we edit the nginx.conf**
-vi /etc/nginx/nginx.conf
+`vi /etc/nginx/nginx.conf`
-## Paste the following lines after the line "include /etc/nginx/conf.d/*.conf"
+*Paste the following lines after the line:* `include /etc/nginx/conf.d/*.conf`
 ```
 include /etc/nginx/sites-enabled/*.conf;
 server_names_hash_bucket_size 64;
 ```
-## and
+**and**
-
+```
 types_hash_max_size 4096; ## Should already be set
-
+```
-## Now there is usually a root described in the main conf so you will need to remove/alter that line 
+Now there is usually a root described in the main conf so you will need to remove/alter that line 
 as well. You could also create some kind of redirect to send generic requests to the default IP to 
 the main domain of the server, but nobody explains or gives examples of any of that. So the default 
 is usually easiest to remove the main directive. 
-  
+
 **To test and reload the configuration:**  
 ```
 nginx -t
 systemctl reload nginx
 ```
-## Simple recap moving forward:
+### Simple recap moving forward:
-
+```
 systemctl start nginx
 systemctl restart nginx
 systemctl enable nginx
@ -191,23 +186,16 @@ ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/conf.d
 vi /etc/nginx/nginx.com # comment out the root in default server block
 systemctl reload nginx
 ```
 ## PHP-FPM setup
-### PHP-FPM setup
+### Change user in configuration:
-
+```
 ## Change user in configuration:
 vi /etc/php-fpm.d/www.conf
 systemctl restart php-fpm
-
+```
-## phpMyAdmin setup
+### phpMyAdmin setup
-
+```
 dnf install phpmyadmin 
-
+```