6.6 KiB

Raw Blame History

Initial Fedora 33 Super-LEMP setup:

Based on https://www.howtoforge.com/how-to-install-nginx-with-php-and-mariadb-lemp-stack-on-

fedora-32/

Massive swiss-army knife setup

dnf install certbot* htop iftop iotop iptraf nano openssh-server net-tools nginx* rsync screen vim wget

dnf groupinstall "Development Tools" "Web Server" "Mysql" "php"

Add non-root administrator

adduser user usermod -aG wheel user passwd user vi /etc/sudoers sudo -i -u user

COnfigure SSH

ssh-keygen -t rsa -b 4096

vi /etc/ssh/sshd_config ## Change port and root login settings

vi .ssh/authorized_keys ## add keys (also (ssh-copy-id))

Firewall settings

systemctl enable firewalld systemctl start firewalld systemctl stop firewalld systemctl restart firewalld firewall-cmd --state firewall-cmd --set-default-zone=public firewall-cmd --zone=public --permanent --list-services firewall-cmd --zone=public --permanent --add-service=http firewall-cmd --zone=public --permanent --add-service=https firewall-cmd --add-port 20022/tcp firewall-cmd --permanent --add-port 20022/tcp firewall-cmd --permanent --add-port YOUR_PORT_HERE/tcp firewall-cmd --remove-service ssh --permanent firewall-cmd --reload systemctl reload firewalld

MariaDB

systemctl enable mariadb systemctl start mariadb mysql_secure_installation # Y-N-Y-Y-Y-Y mysql -u root -p CREATE USER 'user1'@localhost IDENTIFIED BY 'password1'; CREATE USER 'namenode'@localhost IDENTIFIED BY ':passwd'; GRANT ALL PRIVILEGES ON . TO 'user1'@localhost IDENTIFIED BY 'password1'; GRANT ALL PRIVILEGES ON . TO 'namenode'@localhost IDENTIFIED BY ':passwd'; FLUSH PRIVILEGES; SHOW GRANTS FOR 'user1'@localhost; SHOW GRANTS FOR 'namenode'@localhost; CREATE DATABASE 'yourDB'; SHOW DATABASES; DROP USER 'user1'@localhost;

Redis Setup

dnf install redis php-redis sudo systemctl enable --now redis

vi /etc/redis/redis.conf ## Change bind (0.0.0.0) & requirepass && port (2*) && maxmemory (256mb) && maxmemory-policy allkeys-lru

systemctl restart redis firewall-cmd --zone=public --permanent --add-port=26379/tcp firewall-cmd --reload

NGINX Detailed explanation below

Simple recap moving forward:

systemctl start nginx systemctl restart nginx systemctl enable nginx systemctl status nginx systemctl reload nginx nginx -t mkdir /etc/nginx/sites-available mkdir /usr/share/nginx/example.com/html -p vi /etc/nginx/sites-available/example.com.conf ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/conf.d/ vi /etc/nginx/nginx.com # comment out the root in default server block???? systemctl reload nginx

There are some caveats with tutorials and default directory locations across operating systems.

The following is the fairly generic advice followed and always created confusion for me as a

newcomer to nginx.

mkdir /etc/nginx/sites-available ## Create a directory for nginx.conf files

mkdir /etc/nginx/sites-enabled ## Create a directory for active ones (Which is unnecessary as you could publish symlinks later to the existing conf.d directory) But we will just place our symlinks in nginx directory

In most installation/setup guides, no one explains what we are doing here (or that the folders

could be named anything).But, it is actually an advanced structure where you can control sites that are published to the web by creating and deleting the symlinks and reloading nginx.

Nginx specific guides don't usually resort to this as it adds unnecessary complexity. Third-party installation guides tend to lean towards this old Debian convention and continue repeating this advice.

The next part is where it gets tricky, because this step is where nginx guides and installation

guides really begin to conflict.

Install guides want us to, essentially, hijack the default apache web root (/var/www/). Now, this

may be best practice if you plan on doing some apache integration later, but it confuses the process and implementation when comparing to nginx guides using the nginx webroot (/usr/share/nginx/).

The following creates a new directory to use as website root while creating any necessary parent

(-p) directories.

mkdir /var/www/example.com/html -p

But you could do this same thing inside the existing nginx webroot instead:

mkdir /usr/share/nginx/example.com/html -p

or

mkdir /usr/share/nginx/example.com/public_html -p

And then use that directory as the root inside your individual nginx conf files (in place of

/var/www). Doing this would align better with nginx specific guides for repository based packages (fedora/centos/redhat). However, then it must be substituted in any following instructions for /var/www/* (trivial)

Additionally, all of that extra fluff is unnecessary for a single site instance where

/usr/share/nginx/html/ is already being served as the main directory for the domain pointed at the server. We are now ready to host our site. Best practice says we will better protect our work from future update breakage by keeping site specific work separate from installation defaults. And so,I digress.

Now we can create a new config file to start with:

vi /etc/nginx/sites-available/example.com.conf

Once we are ready to activate this site to be served (will make sense after nginx.conf settings)

we will link it:

ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-enabled/

What they don't tell you is that removing that symlink is as easy as:

rm /etc/nginx/sites-enabled/example.com.conf

Now we edit the nginx.conf

vi /etc/nginx/nginx.conf

Paste the following lines after the line "include /etc/nginx/conf.d/*.conf"

include /etc/nginx/sites-enabled/*.conf;
server_names_hash_bucket_size 64;

and

types_hash_max_size 4096; ## Should already be set

Now there is usually a root described in the main conf so you will need to remove/alter that line

as well. You could also create some kind of redirect to send generic requests to the default IP to the main domain of the server, but nobody explains or gives examples of any of that. So the default is usually easiest to remove the main directive.

nginx -t systemctl reload nginx

Simple recap moving forward:

systemctl start nginx systemctl restart nginx systemctl enable nginx systemctl status nginx systemctl reload nginx nginx -t mkdir /etc/nginx/sites-available mkdir /usr/share/nginx/example.com/html -p vi /etc/nginx/sites-available/example.com.conf ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/conf.d vi /etc/nginx/nginx.com # comment out the root in default server block systemctl reload nginx

6.6 KiB

Raw Blame History

Initial Fedora 33 Super-LEMP setup:

Based on https://www.howtoforge.com/how-to-install-nginx-with-php-and-mariadb-lemp-stack-on-

Massive swiss-army knife setup

Add non-root administrator

COnfigure SSH

Firewall settings

MariaDB

Redis Setup

NGINX Detailed explanation below

Simple recap moving forward:

There are some caveats with tutorials and default directory locations across operating systems.

The following is the fairly generic advice followed and always created confusion for me as a

In most installation/setup guides, no one explains what we are doing here (or that the folders

Nginx specific guides don't usually resort to this as it adds unnecessary complexity. Third-party installation guides tend to lean towards this old Debian convention and continue repeating this advice.

The next part is where it gets tricky, because this step is where nginx guides and installation

Install guides want us to, essentially, hijack the default apache web root (/var/www/). Now, this

The following creates a new directory to use as website root while creating any necessary parent

But you could do this same thing inside the existing nginx webroot instead:

or

And then use that directory as the root inside your individual nginx conf files (in place of

Additionally, all of that extra fluff is unnecessary for a single site instance where

Now we can create a new config file to start with:

Once we are ready to activate this site to be served (will make sense after nginx.conf settings)

What they don't tell you is that removing that symlink is as easy as:

Now we edit the nginx.conf

Paste the following lines after the line "include /etc/nginx/conf.d/*.conf"

and

Now there is usually a root described in the main conf so you will need to remove/alter that line

Simple recap moving forward:

PHP-FPM setup

Change user in configuration:

phpMyAdmin setup

6.6 KiB Raw Blame History

Initial Fedora 33 Super-LEMP setup:

Based on https://www.howtoforge.com/how-to-install-nginx-with-php-and-mariadb-lemp-stack-on-

Massive swiss-army knife setup

Add non-root administrator

COnfigure SSH

Firewall settings

MariaDB

Redis Setup

NGINX Detailed explanation below

Simple recap moving forward:

There are some caveats with tutorials and default directory locations across operating systems.

The following is the fairly generic advice followed and always created confusion for me as a

In most installation/setup guides, no one explains what we are doing here (or that the folders

Nginx specific guides don't usually resort to this as it adds unnecessary complexity. Third-party installation guides tend to lean towards this old Debian convention and continue repeating this advice.

The next part is where it gets tricky, because this step is where nginx guides and installation

Install guides want us to, essentially, hijack the default apache web root (/var/www/). Now, this

The following creates a new directory to use as website root while creating any necessary parent

But you could do this same thing inside the existing nginx webroot instead:

or

And then use that directory as the root inside your individual nginx conf files (in place of

Additionally, all of that extra fluff is unnecessary for a single site instance where

Now we can create a new config file to start with:

Once we are ready to activate this site to be served (will make sense after nginx.conf settings)

What they don't tell you is that removing that symlink is as easy as:

Now we edit the nginx.conf

Paste the following lines after the line "include /etc/nginx/conf.d/*.conf"

and

Now there is usually a root described in the main conf so you will need to remove/alter that line

Simple recap moving forward:

PHP-FPM setup

Change user in configuration:

phpMyAdmin setup

6.6 KiB

Raw Blame History