CSnap/cheetsheetz
CSnap
/
cheetsheetz
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
cheetsheetz/LEMP.md

202 lines
6.7 KiB
Markdown
Raw Blame History

# Initial Fedora Super-LEMP setup:
### *Based on https://www.howtoforge.com/how-to-install-nginx-with-php-and-mariadb-lemp-stack-on-fedora-32/*
## Massive swiss-army knife setup
```
dnf install certbot* htop iftop iotop iptraf nano openssh-server net-tools nginx* rsync screen vim
wget && dnf groupinstall "Development Tools" "Web Server" "Mysql" "php"
```
## Add non-root administrator
`adduser user`
`usermod -aG wheel user`
`passwd user`
`vi /etc/sudoers`
`sudo -i -u user`
## Configure SSH
`ssh-keygen -t rsa -b 4096`
### Change port and root login settings
`vi /etc/ssh/sshd_config`
### Add keys (also see `ssh-copy-id`)
`vi .ssh/authorized_keys`
## Firewall settings
```
systemctl enable firewalld
systemctl start firewalld
systemctl stop firewalld
systemctl restart firewalld
firewall-cmd --state
firewall-cmd --set-default-zone=public
firewall-cmd --zone=public --permanent --list-services
firewall-cmd --zone=public --permanent --add-service=http
firewall-cmd --zone=public --permanent --add-service=https
firewall-cmd --add-port 20022/tcp
firewall-cmd --permanent --add-port 20022/tcp
firewall-cmd --permanent --add-port YOUR_PORT_HERE/tcp
firewall-cmd --remove-service ssh --permanent
firewall-cmd --reload
systemctl reload firewalld
```
## MariaDB
```
systemctl enable mariadb
systemctl start mariadb
mysql_secure_installation # Y-N-Y-Y-Y-Y
mysql -u root -p
CREATE USER 'user1'@localhost IDENTIFIED BY 'password1';
CREATE USER 'namenode'@localhost IDENTIFIED BY ':passwd';
GRANT ALL PRIVILEGES ON *.* TO 'user1'@localhost IDENTIFIED BY 'password1';
GRANT ALL PRIVILEGES ON *.* TO 'namenode'@localhost IDENTIFIED BY ':passwd';
FLUSH PRIVILEGES;
SHOW GRANTS FOR 'user1'@localhost;
SHOW GRANTS FOR 'namenode'@localhost;
CREATE DATABASE 'yourDB';
SHOW DATABASES;
DROP USER 'user1'@localhost;
```
## Redis Setup
`dnf install redis php-redis`
`sudo systemctl enable --now redis`
```
vi /etc/redis/redis.conf ## Change bind (0.0.0.0) & requirepass && port (2*) && maxmemory (256mb) &&
maxmemory-policy allkeys-lru
```
`systemctl restart redis`
```
firewall-cmd --zone=public --permanent --add-port=26379/tcp
firewall-cmd --reload
```
## NGINX Detailed explanation below
### Simple recap moving forward:
```
systemctl start nginx
systemctl restart nginx
systemctl enable nginx
systemctl status nginx
systemctl reload nginx
nginx -t
mkdir /etc/nginx/sites-available
mkdir /usr/share/nginx/example.com/html -p
vi /etc/nginx/sites-available/example.com.conf
ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/conf.d/
vi /etc/nginx/nginx.com # comment out the root in default server block????
systemctl reload nginx
```
***There are some caveats with tutorials and default directory locations across operating systems.***
The following is the fairly generic advice followed and always created confusion for me as a
newcomer to nginx.
```
mkdir /etc/nginx/sites-available # Create a directory for nginx.conf files
mkdir /etc/nginx/sites-enabled # Create a directory for active ones (Which is unnecessary as you could publish symlinks later to the existing conf.d directory)
```
In most installation/setup guides, no one explains what we are doing here (or that the folders could be named anything).
But, it is actually an advanced structure where you can control sites that are published to the web by creating and deleting the symlinks and reloading nginx.
Nginx specific guides don't usually resort to this as it adds unnecessary complexity. Third-party installation guides tend to lean towards this old Debian convention and continue repeating this advice.
The next part is where it gets tricky, because this step is where nginx guides and installation guides really begin to conflict.
Install guides want us to, essentially, hijack the default apache web root (`/var/www/`).
Now, this may be best practice if you plan on doing some apache integration later.
But it confuses the process and implementation when comparing to nginx guides using the common nginx webroot: `/usr/share/nginx/`.
***The following creates a new directory to use as website root while creating any necessary parent (`-p`) directories.***
`mkdir /var/www/example.com/html -p`
***But you could do this same thing inside the existing nginx webroot instead:***
`mkdir /usr/share/nginx/example.com/html -p`
***or***
`mkdir /usr/share/nginx/example.com/public_html -p`
And then use that directory as the root inside your individual nginx conf files (in place of /var/www).
Doing this would align better with nginx specific guides for repository based packages (fedora/centos/redhat).
However, then it must be substituted in any following instructions for `/var/www/*` (trivial).
Additionally, all of that extra fluff is unnecessary for a single site instance where `/usr/share/nginx/html/` is already being served as the main directory for the domain pointed at the server.
Best practice says we will better protect our work from future update breakage by keeping site specific work separate from installation defaults.
And so, I digress.
**Now we can create a new config file to start with:**
`vi /etc/nginx/sites-available/example.com.conf`
**Once we are ready to activate this site to be served (will make sense after nginx.conf settings) we will link it:**
`ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-enabled/`
**What they don't tell you is that removing that symlink is as easy as:**
`rm /etc/nginx/sites-enabled/example.com.conf`
**Now we edit the nginx.conf**
`vi /etc/nginx/nginx.conf`
*Paste the following lines after the line:* `include /etc/nginx/conf.d/*.conf`
```
include /etc/nginx/sites-enabled/*.conf;
server_names_hash_bucket_size 64;
```
**and**
```
types_hash_max_size 4096; ## Should already be set
```
Now there is usually a root described in the main conf so you will need to remove/alter that line
as well. You could also create some kind of redirect to send generic requests to the default IP to
the main domain of the server, but nobody explains or gives examples of any of that. So the default
is usually easiest to remove the main directive.
**To test and reload the configuration:**
```
nginx -t
systemctl reload nginx
```
### Simple recap moving forward:
```
systemctl start nginx
systemctl restart nginx
systemctl enable nginx
systemctl status nginx
systemctl reload nginx
nginx -t
mkdir /etc/nginx/sites-available
mkdir /usr/share/nginx/example.com/html -p
vi /etc/nginx/sites-available/example.com.conf
ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/conf.d
vi /etc/nginx/nginx.com # comment out the root in default server block
systemctl reload nginx
```
## PHP-FPM setup
### Change user in configuration:
```
vi /etc/php-fpm.d/www.conf
systemctl restart php-fpm
```
### phpMyAdmin setup
```
dnf install phpmyadmin
```
Reference in New Issue View Git Blame Copy Permalink