CSnap/cheetsheetz
CSnap
/
cheetsheetz
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

So formatting. Such broken.

This commit is contained in:
CSnap 2023-11-17 20:50:15 +00:00
parent 3a59c2f859
commit b80f78b411
1 changed files with 83 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

178
LEMP.md
View File

@ -1,35 +1,30 @@
# Initial Fedora 33 Super-LEMP setup:
## Based on https://www.howtoforge.com/how-to-install-nginx-with-php-and-mariadb-lemp-stack-on-
fedora-32/
# Initial Fedora Super-LEMP setup:
### *Based on https://www.howtoforge.com/how-to-install-nginx-with-php-and-mariadb-lemp-stack-on-fedora-32/*
## Massive swiss-army knife setup
```
dnf install certbot* htop iftop iotop iptraf nano openssh-server net-tools nginx* rsync screen vim
wget
dnf groupinstall "Development Tools" "Web Server" "Mysql" "php"
wget && dnf groupinstall "Development Tools" "Web Server" "Mysql" "php"
```
## Add non-root administrator
adduser user
usermod -aG wheel user
passwd user
vi /etc/sudoers
sudo -i -u user
`adduser user`
`usermod -aG wheel user`
`passwd user`
`vi /etc/sudoers`
`sudo -i -u user`
## Configure SSH
`ssh-keygen -t rsa -b 4096`
## COnfigure SSH
ssh-keygen -t rsa -b 4096
vi /etc/ssh/sshd_config ## Change port and root login settings
vi .ssh/authorized_keys ## add keys (also (ssh-copy-id))
### Change port and root login settings
`vi /etc/ssh/sshd_config`
### Add keys (also see `ssh-copy-id`)
`vi .ssh/authorized_keys`
## Firewall settings
```
systemctl enable firewalld
systemctl start firewalld
systemctl stop firewalld
@ -46,8 +41,10 @@ firewall-cmd --remove-service ssh --permanent
firewall-cmd --reload
systemctl reload firewalld
```
## MariaDB
```
systemctl enable mariadb
systemctl start mariadb
mysql_secure_installation # Y-N-Y-Y-Y-Y
@ -62,24 +59,25 @@ SHOW GRANTS FOR 'namenode'@localhost;
CREATE DATABASE 'yourDB';
SHOW DATABASES;
DROP USER 'user1'@localhost;
```
## Redis Setup
dnf install redis php-redis
sudo systemctl enable --now redis
`dnf install redis php-redis`
`sudo systemctl enable --now redis`
```
vi /etc/redis/redis.conf ## Change bind (0.0.0.0) & requirepass && port (2*) && maxmemory (256mb) &&
maxmemory-policy allkeys-lru
systemctl restart redis
```
`systemctl restart redis`
```
firewall-cmd --zone=public --permanent --add-port=26379/tcp
firewall-cmd --reload
```
## NGINX Detailed explanation below
## Simple recap moving forward:
### Simple recap moving forward:
```
systemctl start nginx
systemctl restart nginx
systemctl enable nginx
@ -92,92 +90,89 @@ vi /etc/nginx/sites-available/example.com.conf
ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/conf.d/
vi /etc/nginx/nginx.com # comment out the root in default server block????
systemctl reload nginx
```
***There are some caveats with tutorials and default directory locations across operating systems.***
## There are some caveats with tutorials and default directory locations across operating systems.
## The following is the fairly generic advice followed and always created confusion for me as a
The following is the fairly generic advice followed and always created confusion for me as a
newcomer to nginx.
```
mkdir /etc/nginx/sites-available # Create a directory for nginx.conf files
mkdir /etc/nginx/sites-available ## Create a directory for nginx.conf files
mkdir /etc/nginx/sites-enabled # Create a directory for active ones (Which is unnecessary as you could publish symlinks later to the existing conf.d directory)
mkdir /etc/nginx/sites-enabled ## Create a directory for active ones (Which is unnecessary as you
could publish symlinks later to the existing conf.d directory) But we will just place our symlinks in nginx directory
```
## In most installation/setup guides, no one explains what we are doing here (or that the folders
could be named anything).But, it is actually an advanced structure where you can
control sites that are published to the web by creating and deleting the symlinks and reloading
nginx.
## Nginx specific guides don't usually resort to this as it adds unnecessary complexity. Third-party installation guides tend to lean towards this old Debian convention and continue repeating this advice.
In most installation/setup guides, no one explains what we are doing here (or that the folders could be named anything).
But, it is actually an advanced structure where you can control sites that are published to the web by creating and deleting the symlinks and reloading nginx.
## The next part is where it gets tricky, because this step is where nginx guides and installation
guides really begin to conflict.
Nginx specific guides don't usually resort to this as it adds unnecessary complexity. Third-party installation guides tend to lean towards this old Debian convention and continue repeating this advice.
## Install guides want us to, essentially, hijack the default apache web root (/var/www/). Now, this
may be best practice if you plan on doing some apache integration later, but it confuses the process
and implementation when comparing to nginx guides using the nginx webroot (/usr/share/nginx/).
The next part is where it gets tricky, because this step is where nginx guides and installation guides really begin to conflict.
Install guides want us to, essentially, hijack the default apache web root (`/var/www/`).
Now, this may be best practice if you plan on doing some apache integration later.
But it confuses the process and implementation when comparing to nginx guides using the common nginx webroot: `/usr/share/nginx/`.
## The following creates a new directory to use as website root while creating any necessary parent
(-p) directories.
***The following creates a new directory to use as website root while creating any necessary parent (`-p`) directories.***
mkdir /var/www/example.com/html -p
`mkdir /var/www/example.com/html -p`
## But you could do this same thing inside the existing nginx webroot instead:
***But you could do this same thing inside the existing nginx webroot instead:***
mkdir /usr/share/nginx/example.com/html -p
`mkdir /usr/share/nginx/example.com/html -p`
## or
***or***
mkdir /usr/share/nginx/example.com/public_html -p
`mkdir /usr/share/nginx/example.com/public_html -p`
## And then use that directory as the root inside your individual nginx conf files (in place of
/var/www). Doing this would align better with nginx specific guides for repository based packages
(fedora/centos/redhat). However, then it must be substituted in any following instructions for
/var/www/* (trivial)
And then use that directory as the root inside your individual nginx conf files (in place of /var/www).
Doing this would align better with nginx specific guides for repository based packages (fedora/centos/redhat).
However, then it must be substituted in any following instructions for `/var/www/*` (trivial).
## Additionally, all of that extra fluff is unnecessary for a single site instance where
/usr/share/nginx/html/ is already being served as the main directory for the domain pointed at the
server. We are now ready to host our site. Best practice says we will better protect our work from
future update breakage by keeping site specific work separate from installation defaults. And so,I
digress.
Additionally, all of that extra fluff is unnecessary for a single site instance where `/usr/share/nginx/html/` is already being served as the main directory for the domain pointed at the server.
Best practice says we will better protect our work from future update breakage by keeping site specific work separate from installation defaults.
And so, I digress.
## Now we can create a new config file to start with:
**Now we can create a new config file to start with:**
vi /etc/nginx/sites-available/example.com.conf
`vi /etc/nginx/sites-available/example.com.conf`
## Once we are ready to activate this site to be served (will make sense after nginx.conf settings)
we will link it:
**Once we are ready to activate this site to be served (will make sense after nginx.conf settings) we will link it:**
ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-enabled/
`ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-enabled/`
## What they don't tell you is that removing that symlink is as easy as:
**What they don't tell you is that removing that symlink is as easy as:**
rm /etc/nginx/sites-enabled/example.com.conf
`rm /etc/nginx/sites-enabled/example.com.conf`
## Now we edit the nginx.conf
**Now we edit the nginx.conf**
vi /etc/nginx/nginx.conf
`vi /etc/nginx/nginx.conf`
## Paste the following lines after the line "include /etc/nginx/conf.d/*.conf"
*Paste the following lines after the line:* `include /etc/nginx/conf.d/*.conf`
```
include /etc/nginx/sites-enabled/*.conf;
server_names_hash_bucket_size 64;
```
## and
**and**
```
types_hash_max_size 4096; ## Should already be set
## Now there is usually a root described in the main conf so you will need to remove/alter that line
```
Now there is usually a root described in the main conf so you will need to remove/alter that line
as well. You could also create some kind of redirect to send generic requests to the default IP to
the main domain of the server, but nobody explains or gives examples of any of that. So the default
is usually easiest to remove the main directive.
**To test and reload the configuration:**
```
nginx -t
systemctl reload nginx
```
## Simple recap moving forward:
### Simple recap moving forward:
```
systemctl start nginx
systemctl restart nginx
systemctl enable nginx
@ -191,23 +186,16 @@ ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/conf.d
vi /etc/nginx/nginx.com # comment out the root in default server block
systemctl reload nginx
```
## PHP-FPM setup
### PHP-FPM setup
## Change user in configuration:
### Change user in configuration:
```
vi /etc/php-fpm.d/www.conf
systemctl restart php-fpm
## phpMyAdmin setup
```
### phpMyAdmin setup
```
dnf install phpmyadmin
```