CSnap/cheetsheetz
CSnap
/
cheetsheetz
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Modified Python Sheet.

This commit is contained in:
CSnap 2023-11-19 07:17:42 +00:00
parent 0839076441
commit dad8bebf54
2 changed files with 180 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

251
LEMP.md
View File

@ -1,29 +1,56 @@
# Initial Fedora Super-LEMP setup:
# Fedora Super-LEMP setup:
### *Based on https://www.howtoforge.com/how-to-install-nginx-with-php-and-mariadb-lemp-stack-on-fedora-32/*
*Based on https://www.howtoforge.com/how-to-install-nginx-with-php-and-mariadb-lemp-stack-on-fedora-32/*
## Massive swiss-army knife setup
## Install packages
### Massive swiss-army knife setup
```
dnf install certbot* htop iftop iotop iptraf nano openssh-server net-tools nginx* rsync screen vim
wget && dnf groupinstall "Development Tools" "Web Server" "Mysql" "php"
dnf install certbot certbot-nginx cockpit htop iftop iptraf nano openssh-server net-tools nginx* rsync screen vim wget && dnf groupinstall "Development Tools" "Web Server" "Mysql" "php"
```
### Or Less Extra
`dnf install certbot certbot-nginx nginx `
`dnf install vim nano rsync screen vim wget net-tools htop iftop iptraf openssh-server bash-completion`
`dnf groupinstall "Development Tools" "Web Server" "Mysql" "php"`
### More butter Rocky variant
`dnf install epel-release`
`dnf install git vim nano rsync screen vim wget net-tools htop iftop iptraf openssh-server bash-completion mariadb mariadb-server certbot python3-certbot-nginx nginx php-fpm`
`dnf groupinstall "Development Tools"`
## Add non-root administrator
`adduser user`
`usermod -aG wheel user`
`passwd user`
`vi /etc/sudoers`
`sudo -i -u user`
## Configure SSH
`ssh-keygen -t rsa -b 4096`
### Change port and root login settings
`vi /etc/ssh/sshd_config`
### Add keys (also see `ssh-copy-id`)
### Add keys ( also see `ssh-copy-id` )
`vi .ssh/authorized_keys`
## Firewall settings
```
systemctl enable firewalld
systemctl start firewalld
@ -52,33 +79,84 @@ mysql -u root -p
CREATE USER 'user1'@localhost IDENTIFIED BY 'password1';
CREATE USER 'namenode'@localhost IDENTIFIED BY ':passwd';
GRANT ALL PRIVILEGES ON *.* TO 'user1'@localhost IDENTIFIED BY 'password1';
GRANT ALL PRIVILEGES ON *.* TO 'namenode'@localhost IDENTIFIED BY ':passwd';
GRANT ALL PRIVILEGES ON *.* TO 'user2'@localhost IDENTIFIED BY 'passwd2';
FLUSH PRIVILEGES;
SHOW GRANTS FOR 'user1'@localhost;
SHOW GRANTS FOR 'namenode'@localhost;
SHOW GRANTS FOR 'user2'@localhost;
CREATE DATABASE 'yourDB';
SHOW DATABASES;
DROP USER 'user1'@localhost;
DROP USER 'user1'@localhost; # Just for example to show how to delete a user
```
## Redis Setup
`dnf install redis php-redis`
`sudo systemctl enable --now redis`
```
vi /etc/redis/redis.conf ## Change bind (0.0.0.0) & requirepass && port (2*) && maxmemory (256mb) &&
maxmemory-policy allkeys-lru
```
`vi /etc/redis/redis.conf`
Change bind (0.0.0.0), `requirepass`, `port (2*)`, `maxmemory` (256mb), and `maxmemory-policy allkeys-lru`.
`systemctl restart redis`
```
firewall-cmd --zone=public --permanent --add-port=26379/tcp
firewall-cmd --reload
```
## NGINX Detailed explanation below
## NGINX
### Important working directories:
```
/usr/share/nginx/
/etc/nginx/
```
### Create user working directory for custom configuration files:
```
mkdir /etc/nginx/sites-available # Create a directory for nginx.conf files
mkdir /usr/share/nginx/example.com/html -p # Create new webroot with specified structure
```
### Now we can create a new config file to start with:
`vi /etc/nginx/sites-available/example.com.conf`
### Link it to active conf directory
`ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/conf.d/`
### If it is required at some point, removing that symlink is as easy as:
`rm /etc/nginx/conf.d/example.com.conf`
### Now we edit the nginx.conf
`vi /etc/nginx/nginx.conf`
### Set the following lines after the line "include /etc/nginx/conf.d/*.conf" (if not already set):
```
server_names_hash_bucket_size 64; # Should already exist in recent versions
types_hash_max_size 4096; ## Should already be set
```
### Comment out the root location directive (Can uncomment after setup so as not to confuse cache while testing?)
**To test and reload the configuration:**
`nginx -t`
`systemctl reload nginx`
### Simple recap moving forward:
```
systemctl start nginx
ystemctl start nginx
systemctl restart nginx
systemctl enable nginx
systemctl status nginx
@ -88,114 +166,107 @@ mkdir /etc/nginx/sites-available
mkdir /usr/share/nginx/example.com/html -p
vi /etc/nginx/sites-available/example.com.conf
ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/conf.d/
vi /etc/nginx/nginx.com # comment out the root in default server block????
vi /etc/nginx/nginx.com # comment out the root in default server block (troubleshooting)
systemctl reload nginx
```
***There are some caveats with tutorials and default directory locations across operating systems.***
## PHP-FPM setup
The following is the fairly generic advice followed and always created confusion for me as a
newcomer to nginx.
```
mkdir /etc/nginx/sites-available # Create a directory for nginx.conf files
### Change user in configuration (nginx):
mkdir /etc/nginx/sites-enabled # Create a directory for active ones (Which is unnecessary as you could publish symlinks later to the existing conf.d directory)
`vi /etc/php-fpm.d/www.conf`
`systemctl enable php-fpm`
`systemctl restart php-fpm`
### PHP-OPCache setup
`vi /etc/php.d/10-opcache.ini`
```
opcache.enable_cli=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=4000
opcache.revalidate_freq=60
```
In most installation/setup guides, no one explains what we are doing here (or that the folders could be named anything).
But, it is actually an advanced structure where you can control sites that are published to the web by creating and deleting the symlinks and reloading nginx.
`systemctl restart php-fpm`
Nginx specific guides don't usually resort to this as it adds unnecessary complexity. Third-party installation guides tend to lean towards this old Debian convention and continue repeating this advice.
`systemctl reload nginx`
The next part is where it gets tricky, because this step is where nginx guides and installation guides really begin to conflict.
### phpMyAdmin setup
Install guides want us to, essentially, hijack the default apache web root (`/var/www/`).
Now, this may be best practice if you plan on doing some apache integration later.
But it confuses the process and implementation when comparing to nginx guides using the common nginx webroot: `/usr/share/nginx/`.
***The following creates a new directory to use as website root while creating any necessary parent (`-p`) directories.***
`dnf install phpmyadmin `
`mkdir /var/www/example.com/html -p`
`ln -s /usr/share/phpMyAdmin/ /usr/share/nginx/hosting.namenode.xyz/dbpma`
***But you could do this same thing inside the existing nginx webroot instead:***
`chown -R nginx:nginx /var/lib/php/session`
`mkdir /usr/share/nginx/example.com/html -p`
`chown -R nginx:nginx /var/lib/phpMyAdmin`
***or***
`chown -R nginx:nginx /etc/phpMyAdmin`
`mkdir /usr/share/nginx/example.com/public_html -p`
`vi /etc/phpMyAdmin/config.inc.php`
And then use that directory as the root inside your individual nginx conf files (in place of /var/www).
Doing this would align better with nginx specific guides for repository based packages (fedora/centos/redhat).
However, then it must be substituted in any following instructions for `/var/www/*` (trivial).
```
$cfg['Servers'][$i]['AllowNoPassword'] = false;
$cfg['Servers'][$i]['AllowRoot'] = false;
Additionally, all of that extra fluff is unnecessary for a single site instance where `/usr/share/nginx/html/` is already being served as the main directory for the domain pointed at the server.
Best practice says we will better protect our work from future update breakage by keeping site specific work separate from installation defaults.
And so, I digress.
$cfg['TempDir'] = '/var/lib/phpMyAdmin/temp';
**Now we can create a new config file to start with:**
```
`systemctl reload php-fpm`
`systemctl reload nginx`
### Securing phpMyAdmin further
```
vi pass-infile ## make a password for openssl to encrypt - one line no spaces
```
```
openssl passwd -in pass-infile ## Copy the output (your encrypted password)
```
```
vi /etc/nginx/pma_pass # Create a user/pass pair for the authentication gateway.
```
### Format:
```
user:p@s$w0Rd # one line
```
### Add the required "dbpma" section
`vi /etc/nginx/sites-available/example.com.conf`
**Once we are ready to activate this site to be served (will make sense after nginx.conf settings) we will link it:**
`systemctl reload nginx`
`ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-enabled/`
[Install and secure PMA with NGINX Ubuntu 18.04](https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-phpmyadmin-with-nginx-on-an-ubuntu-18-04-server)
**What they don't tell you is that removing that symlink is as easy as:**
`rm /etc/nginx/sites-enabled/example.com.conf`
## Cockpit Setup
**Now we edit the nginx.conf**
`vi /etc/cockpit/cockpit.conf`
`vi /etc/nginx/nginx.conf`
`vi /etc/nginx/sites-available/example.com.conf`
*Paste the following lines after the line:* `include /etc/nginx/conf.d/*.conf`
[Proxying Cockpit over NGINX](https://github.com/cockpit-project/cockpit/wiki/Proxying-Cockpit-over-nginx)
[Reverse proxy Cockpit over NGINX](https://www.freesoftwareservers.com/display/FREES/Reverse+Proxy+Cockpit+over+NGinX)
## Certbot setup (Examples)
```
include /etc/nginx/sites-enabled/*.conf;
server_names_hash_bucket_size 64;
certbot --nginx -d example.com -d www.example.com
```
**and**
```
types_hash_max_size 4096; ## Should already be set
```
Now there is usually a root described in the main conf so you will need to remove/alter that line
as well. You could also create some kind of redirect to send generic requests to the default IP to
the main domain of the server, but nobody explains or gives examples of any of that. So the default
is usually easiest to remove the main directive.
certbot --nginx --agree-tos -d example.com -d www.example.com --email your-email-address
**To test and reload the configuration:**
```
nginx -t
systemctl reload nginx
certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --must-staple -d example.com -d www.example.com --email your-email-address
```
### Simple recap moving forward:
```
systemctl start nginx
systemctl restart nginx
systemctl enable nginx
systemctl status nginx
systemctl reload nginx
nginx -t
mkdir /etc/nginx/sites-available
mkdir /usr/share/nginx/example.com/html -p
vi /etc/nginx/sites-available/example.com.conf
ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/conf.d
vi /etc/nginx/nginx.com # comment out the root in default server block
systemctl reload nginx
`$ EDITOR=vim crontab -e`
```
## PHP-FPM setup
### Change user in configuration:
```
vi /etc/php-fpm.d/www.conf
systemctl restart php-fpm
```
### phpMyAdmin setup
```
dnf install phpmyadmin
25 2 * * 0 /usr/bin/certbot renew --quiet # Every Sunday 2:25am
```

28
python.md
View File

@ -16,16 +16,26 @@
12. [Exception Handling](#exception-handling)
13. [Classes and Objects](#classes-and-objects)
14. [SQLite3 Database Connection](#sqlite3-database-connection)
- 14.1 [Connecting to a Database](#connecting-to-a-database)
- 14.2 [Creating a Table](#creating-a-table)
- 14.3 [Inserting Data](#inserting-data)
- 14.4 [Querying Data](#querying-data)
- 14.5 [Updating Data](#updating-data)
- 14.6 [Deleting Data](#deleting-data)
- 14.7 [Closing the Connection](#closing-the-connection)
14.1 [Connecting to a Database](#connecting-to-a-database)
14.2 [Creating a Table](#creating-a-table)
14.3 [Inserting Data](#inserting-data)
14.4 [Querying Data](#querying-data)
14.5 [Updating Data](#updating-data)
14.6 [Deleting Data](#deleting-data)
14.7 [Closing the Connection](#closing-the-connection)
15. [JSON Data Connection](#json-data-connection)
- 15.1 [Loading JSON Data](#loading-json-data)
- 15.2 [Writing JSON Data](#writing-json-data)
15.1 [Loading JSON Data](#loading-json-data)
15.2 [Writing JSON Data](#writing-json-data)
## Variables