|
1 |
sudo yum install open-vm-tools -y |
Category: Operating System
How to Install NGINX and PHP-FPM on RHEL/CentOS 7
Basic Server Setup
|
1 2 3 |
# update system sudo yum install epel-release -y sudo yum update -y |
|
1 2 |
# temporary switches off SELinux enforcing sudo setenforce 0 |
|
1 2 3 4 5 6 7 8 9 |
# setup timezone sudo rm /etc/localtime sudo ln -s /usr/share/zoneinfo/Hongkong /etc/localtime # setup ntp service sudo yum -y install ntp sudo ntpdate pool.ntp.org sudo systemctl enable ntpd sudo systemctl start ntpd |
Setup NGINX and PHP-FPM
|
1 2 3 4 |
# install NGINX and PHP with PHP-FPM sudo yum install -y vim nginx php php-fpm php-mbstring php-gd php-bcmath php-mcrypt php-tidy php-xml php-xmlrpc php-soap php-mysql php-pdo php-devel sudo systemctl enable nginx php-fpm sudo systemctl start nginx php-fpm |
Update Configuration
|
1 2 3 4 5 |
# update PHP configuration sudo vi /etc/php.ini :%s#;date.timezone =#date.timezone = Asia/Hong_Kong# :%s#expose_php = On#expose_php = Off# :wq |
|
1 2 3 4 |
# update php-fpm configuration sed -i 's/^user =.*$/user = nginx/g' /etc/php-fpm.d/www.conf sed -i 's/^group =.*$/group = nginx/g' /etc/php-fpm.d/www.conf cat /etc/php-fpm.d/www.conf |
|
1 2 3 4 5 6 |
# update NGINX configuration sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak sudo tac /etc/nginx/nginx.conf.bak | awk '!p && /}/{print "\n}\n include /etc/nginx/vhosts/*.conf;";p=1;next} 1' | tac \ | awk '!p && /server {/{print " index index.php index.html index.htm;\n";p=1} 1' \ | awk '!p && /root/{print " root /var/www/html;";p=1;next} 1' \ | sudo tee /etc/nginx/nginx.conf |
|
1 2 3 4 5 6 |
# create folders and update permission sudo mkdir -p /etc/nginx/vhosts/ sudo mkdir -p /var/www/html/ sudo mkdir -p /var/www/vhosts/ sudo chown nginx:nginx /var/www/html/ -R sudo chown nginx:nginx /var/www/vhosts/ -R |
Create Virtual Hosts
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
# create dummy virtual host sudo cat > /etc/nginx/vhosts/example.com.conf <<- "EOF" # redirect to www ##server { ## listen 80; ## server_name example.com; ## return 301 http://www.example.com$request_uri; ##} server { listen 80; server_name www.example.com; root /var/www/vhosts/example.com/www; location / { try_files $uri $uri/ /index.php?$args; } location ~ .php$ { #fastcgi_pass unix:/var/run/php-fpm.sock; fastcgi_pass 127.0.0.1:9000; fastcgi_index /index.php; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_read_timeout 300; } } EOF |
|
1 2 3 4 5 |
# create ip vhost from dummy virtual host cat /etc/nginx/vhosts/example.com.conf | sed '/^#/ d' | sed "s/[www.]*example.com/10.0.6.29/" | sudo tee /etc/nginx/vhosts/10.0.6.29.conf sudo mkdir -p /var/www/vhosts/10.0.6.29/www/ echo "<?php phpinfo();" | sudo tee /var/www/vhosts/10.0.6.29/www/index.php sudo nginx -s reload |
|
1 2 3 4 5 |
# create www vhost from dummy virtual host cat /etc/nginx/vhosts/example.com.conf | sed "s/example.com/yctin.com/" | sed "s/##//" | sudo tee /etc/nginx/vhosts/yctin.com.conf sudo mkdir -p /var/www/vhosts/yctin.com/www/ echo "<?php phpinfo();" | sudo tee /var/www/vhosts/yctin.com/www/index.php sudo nginx -s reload |
|
1 2 3 4 5 |
# create subdomain vhost from dummy virtual host cat /etc/nginx/vhosts/example.com.conf | sed '/^#/ d' | sed "s/example.com/yctin.com/g" | sed "s/www\./demo\./g" | sed "s/www;/demo;/g" | sudo tee /etc/nginx/vhosts/yctin.com.conf sudo mkdir -p /var/www/vhosts/yctin.com/demo/ echo "<?php phpinfo();" | sudo tee /var/www/vhosts/yctin.com/demo/index.php sudo nginx -s reload |
Setup Firewall (Optional)
|
1 2 3 4 5 6 7 |
# setup firewall sudo yum install firewalld -y sudo systemctl enable firewalld sudo systemctl start firewalld sudo firewall-cmd --add-service=http --permanent sudo firewall-cmd --add-service=https --permanent sudo systemctl restart firewalld |
SELinux Settings (Optional for SELinux enabled)
|
1 2 3 4 5 6 7 8 9 10 |
# update selinux policy, required for selinux enabled (p.s. not best practice) sudo setsebool -P httpd_anon_write 1 sudo chcon -u system_u -t httpd_sys_rw_content_t /var/www/html -R sudo chcon -u system_u -t httpd_sys_rw_content_t /var/www/vhosts/ -R # Allow PHP connect network setsebool -P httpd_can_network_connect 1 # Allow PHP connect remote database setsebool -P httpd_can_network_connect_db 1 |
Reboot after Setup
|
1 |
sudo reboot |
Mounting a Cloud Storage Buckets as a File System on CentOS 7 Compute Engine Instances
Problem:
I need to mount a Google Cloud Storage Buckets to file system, and grant access to the web server.
Solution:
Use the Google Cloud Storage FUSE (gcsfuse) tool to mount a Cloud Storage bucket to your Compute Engine instance.
Steps:
Assumption:
- I have a bucket named yctin-bucket
- I want to mount this bucket to /cloud/yctin-bucket/
- I was generated the Google Service Key, and stored into /src/gcloud_service_account.json
Mounting a bucket
|
1 2 3 4 5 |
# create the directory mkdir -p /cloud/yctin-bucket/ # mount the bucket with 777 permission gcsfuse --key-file=/src/gcloud_service_account.json -o allow_other --dir-mode 777 --file-mode 777 yctin-bucket /cloud/yctin-bucket/ |
To unmount the bucket
|
1 |
umount /cloud/yctin-bucket/ |
References:
- https://cloud.google.com/compute/docs/disks/gcs-buckets
http://stackoverflow.com/questions/34779921/gcsfuse-gives-a-input-output-error-when-reading-or-writing-to-mounted-directory
Install & Setup Google Cloud SDK (gcloud command) on RHEL / CentOS 7
Problem:
bash: gcloud: command not found
Solution:
Install & Setup Google Cloud SDK
Steps:
1. Installing SDK
|
1 2 3 4 5 6 7 8 9 10 11 |
sudo tee -a /etc/yum.repos.d/google-cloud-sdk.repo << EOM [google-cloud-sdk] name=Google Cloud SDK baseurl=https://packages.cloud.google.com/yum/repos/cloud-sdk-el7-x86_64 enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg EOM yum install google-cloud-sdk -y |
Reference: https://cloud.google.com/sdk/downloads
2. Initializing Cloud SDK
|
1 |
gcloud init --console-only |
Reference: https://cloud.google.com/sdk/docs/initializing
3. Authorizing Cloud SDK Tools
|
1 |
gcloud auth activate-service-account --key-file [KEY_FILE] |
Reference: https://cloud.google.com/sdk/docs/authorizing
Generating an SSH Key Pair on Linux and Mac
Short Version
|
1 |
ssh-keygen -t rsa |
Increased Security
|
1 |
ssh-keygen -b 4096 -t rsa |
My Favorite
|
1 |
ssh-keygen -b 4096 -t rsa -f <EMAIL ADDRESS> -C <EMAIL ADDRESS> |
How to Install MySQL 5.7 on RHEL/CentOS 7
Basic Server Setup
|
1 2 3 |
# update system sudo yum install epel-release -y sudo yum update -y |
|
1 2 |
# temporary switches off SELinux enforcing sudo setenforce 0 |
|
1 2 3 4 5 6 7 8 9 |
# setup timezone sudo rm /etc/localtime sudo ln -s /usr/share/zoneinfo/Hongkong /etc/localtime # setup ntp service sudo yum -y install ntp sudo ntpdate pool.ntp.org sudo systemctl enable ntpd sudo systemctl start ntpd |
Setup MySQL 5.7
|
1 2 3 4 5 6 7 |
# adding the MySQL Yum Repository sudo rpm -Uvh http://dev.mysql.com/get/mysql57-community-release-el7-9.noarch.rpm # setup mysql server sudo yum install mysql-server -y sudo systemctl enable mysqld sudo systemctl start mysqld |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
# get temporary root password sudo cat /var/log/mysqld.log | grep "temporary password" # 2016-10-22T06:14:44.222048Z 1 [Note] A temporary password is # generated for root@localhost: [TEMPORARY ROOT PASSWORD] # config mysql server mysql_secure_installation # Securing the MySQL server deployment. # Enter password for user root: [TEMPORARY ROOT PASSWORD] # The existing password for the user account root has expired. Please set a new password. # New password: [NEW PASSWORD] # Re-enter new password: [NEW PASSWORD] # Change the password for root ? : N # Remove anonymous users? : Y # Disallow root login remotely? : Y # Remove test database and access to it? : Y # Reload privilege tables now? : Y |
Setup Firewall (Optional)
|
1 2 3 4 5 |
# setup firewall sudo yum install firewalld -y sudo systemctl enable firewalld sudo systemctl start firewalld sudo firewall-cmd --add-service=mysql --permanent |
Reboot after Setup
|
1 |
reboot |
Optional Settings for MySQL 5.7
Disable MySQL Strict Mode
|
1 2 3 4 |
# disable MySQL strict mode vi /etc/my.cnf sql-mode= sudo systemctl restart mysqld |
Reference: https://dev.mysql.com/doc/refman/5.7/en/sql-mode.html
Fix MySQL Password Expired
To establish a global policy such that passwords never expire.
Update /etc/my.cnf
|
1 2 |
[mysqld] default_password_lifetime=0 |
Reference: https://dev.mysql.com/doc/refman/5.7/en/password-expiration-policy.html
Convert .cer to .crt certificates for Apache/mod_ssl using OpenSSL
Assume you have a CER is an DER encoded X.509 certificate in binary form, and you want to have a PEM-encoded X.509 Certificate file for Apache.
The following command may help:
|
1 |
openssl x509 -inform DER -in certfile.cer -out certfile.crt |
Apache/mod_ssl request PEM-encoded X.509 Certificate file
Reference: http://www.modssl.org/docs/2.8/ssl_reference.html#ToC10
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
SSLCertificateFile Name: SSLCertificateFile Description: Server PEM-encoded X.509 Certificate file Syntax: SSLCertificateFile filename Default: None Context: server config, virtual host Override: Not applicable Status: Extension Module: mod_ssl Compatibility: mod_ssl 2.0 This directive points to the PEM-encoded Certificate file for the server and optionally also to the corresponding RSA or DSA Private Key file for it (contained in the same file). If the contained Private Key is encrypted the Pass Phrase dialog is forced at startup time. This directive can be used up to two times (referencing different filenames) when both a RSA and a DSA based server certificate is used in parallel. Example: SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt |