4,461
edits
RHEL: Difference between revisions
m
no edit summary
→Useful commands: List all services Tag: visualeditor |
mNo edit summary |
||
| Line 5: | Line 5: | ||
=== Create a new group === | === Create a new group === | ||
< | <syntaxhighlight lang="console"> | ||
$ sudo groupadd dev | $ sudo groupadd dev | ||
$ sudo usermod -a -G dev mhan1 | $ sudo usermod -a -G dev mhan1 | ||
</ | </syntaxhighlight> | ||
== Folder set up for web services == | == Folder set up for web services == | ||
< | <syntaxhighlight lang="console"> | ||
$ sudo mkdir /srv/www | $ sudo mkdir /srv/www | ||
$ sudo chown -R mhan1:dev /srv/www | $ sudo chown -R mhan1:dev /srv/www | ||
$ sudo chmod g+s /srv/www | $ sudo chmod g+s /srv/www | ||
</ | </syntaxhighlight> | ||
== Web services == | == Web services == | ||
| Line 24: | Line 24: | ||
Disable apache | Disable apache | ||
< | <syntaxhighlight lang="sh"> | ||
# systemctl stop httpd | # systemctl stop httpd | ||
# systemctl disable httpd | # systemctl disable httpd | ||
</ | </syntaxhighlight> | ||
< | <syntaxhighlight lang="sh"> | ||
$ sudo yum install yum-utils | $ sudo yum install yum-utils | ||
</ | </syntaxhighlight> | ||
Create <code>/etc/yum.repos.d/nginx.repo</code> | Create <code>/etc/yum.repos.d/nginx.repo</code> | ||
< | <syntaxhighlight lang="cfg"> | ||
[nginx-stable] | [nginx-stable] | ||
name=nginx stable repo | name=nginx stable repo | ||
| Line 51: | Line 51: | ||
gpgkey=https://nginx.org/keys/nginx_signing.key | gpgkey=https://nginx.org/keys/nginx_signing.key | ||
module_hotfixes=true | module_hotfixes=true | ||
</ | </syntaxhighlight> | ||
Install nginx | Install nginx | ||
< | <syntaxhighlight lang="sh"> | ||
$ sudo yum install nginx | $ sudo yum install nginx | ||
</ | </syntaxhighlight> | ||
Set up folders | Set up folders | ||
< | <syntaxhighlight lang="console"> | ||
# cd /etc/nginx | # cd /etc/nginx | ||
# mkdir sites-available | # mkdir sites-available | ||
# mkdir sites-enabled | # mkdir sites-enabled | ||
</ | </syntaxhighlight> | ||
Create a file named <code>sites-available/unm.edu.conf</code> | Create a file named <code>sites-available/unm.edu.conf</code> | ||
< | <syntaxhighlight lang="nginx"> | ||
server { | server { | ||
listen 80; | listen 80; | ||
| Line 109: | Line 109: | ||
include ssl_params.conf; | include ssl_params.conf; | ||
} | } | ||
</ | </syntaxhighlight> | ||
| Line 115: | Line 115: | ||
Create a file named <code>/etc/nginx/php_81_params.conf</code> | Create a file named <code>/etc/nginx/php_81_params.conf</code> | ||
< | <syntaxhighlight lang="nginx"> | ||
location ~ \.php$ { | location ~ \.php$ { | ||
fastcgi_split_path_info ^(.+\.php)(/.+)$; | fastcgi_split_path_info ^(.+\.php)(/.+)$; | ||
| Line 131: | Line 131: | ||
fastcgi_pass 127.0.0.1:9000; | fastcgi_pass 127.0.0.1:9000; | ||
} | } | ||
</ | </syntaxhighlight> | ||
Add <code>include /etc/nginx/sites-enabled/*.conf;</code> at the end of the first block before the closing brace. Then add a link inside the /etc/nginx/sites-enabled/ folder | Add <code>include /etc/nginx/sites-enabled/*.conf;</code> at the end of the first block before the closing brace. Then add a link inside the /etc/nginx/sites-enabled/ folder | ||
< | <syntaxhighlight lang="console"> | ||
# ln -s /etc/nginx/sites-available/unm.edu.conf ./ | # ln -s /etc/nginx/sites-available/unm.edu.conf ./ | ||
</ | </syntaxhighlight> | ||
Create <code>/etc/ssl/certs/dhparam.pem</code> | Create <code>/etc/ssl/certs/dhparam.pem</code> | ||
< | <syntaxhighlight lang="console"> | ||
# openssl dhparam -out dhparam.pem 4096 | # openssl dhparam -out dhparam.pem 4096 | ||
</ | </syntaxhighlight> | ||
Create a file named <code>/etc/nginx/ssl_params.conf</code> | Create a file named <code>/etc/nginx/ssl_params.conf</code> | ||
< | <syntaxhighlight lang="nginx"> | ||
ssl_session_timeout 1d; | ssl_session_timeout 1d; | ||
ssl_session_cache shared:SSL:50m; | ssl_session_cache shared:SSL:50m; | ||
| Line 161: | Line 161: | ||
ssl_prefer_server_ciphers on; | ssl_prefer_server_ciphers on; | ||
add_header Strict-Transport-Security max-age=15768000; | add_header Strict-Transport-Security max-age=15768000; | ||
</ | </syntaxhighlight> | ||
=== Install SSL certificates === | === Install SSL certificates === | ||
| Line 167: | Line 167: | ||
Certificates should have been created by something like mkcert for development environment. The certificate should be in <code>/etc/pki/tls/certs/</code> and the private key should be stored in <code>/etc/pki/tls/private/</code>. Then secure the private key with: | Certificates should have been created by something like mkcert for development environment. The certificate should be in <code>/etc/pki/tls/certs/</code> and the private key should be stored in <code>/etc/pki/tls/private/</code>. Then secure the private key with: | ||
< | <syntaxhighlight lang="console"> | ||
# chmod 600 /etc/pki/tls/private/_wildcard.unm.edu-key.pem | # chmod 600 /etc/pki/tls/private/_wildcard.unm.edu-key.pem | ||
</ | </syntaxhighlight> | ||
=== Install EPEL & REMI repo === | === Install EPEL & REMI repo === | ||
< | <syntaxhighlight lang="console"> | ||
$ sudo subscription-manager repos --enable rhel-7-server-optional-rpms --enable rhel-7-server-extras-rpms | $ sudo subscription-manager repos --enable rhel-7-server-optional-rpms --enable rhel-7-server-extras-rpms | ||
$ cd /tmp | $ cd /tmp | ||
| Line 180: | Line 180: | ||
$ sudo yum install -y https://rpms.remirepo.net/enterprise/remi-release-7.rpm | $ sudo yum install -y https://rpms.remirepo.net/enterprise/remi-release-7.rpm | ||
</ | </syntaxhighlight> | ||
=== Install PHP 8.1 === | === Install PHP 8.1 === | ||
| Line 186: | Line 186: | ||
Install Oracle Instant Client (at least the basic package). They're dependencies for oci-related PHP packages. | Install Oracle Instant Client (at least the basic package). They're dependencies for oci-related PHP packages. | ||
< | <syntaxhighlight lang="console"> | ||
# yum-config-manager --enable remi-php81 | # yum-config-manager --enable remi-php81 | ||
# yum -y autoremove rh-php72 | # yum -y autoremove rh-php72 | ||
# yum install -y php php-cli php-bcmath php-devel php-fpm php-gd imap php-intl php-mbstring php-mysqlnd php-oci8 php-odbc php-pdo php-tidy php-xml | # yum install -y php php-cli php-bcmath php-devel php-fpm php-gd imap php-intl php-mbstring php-mysqlnd php-oci8 php-odbc php-pdo php-tidy php-xml | ||
</ | </syntaxhighlight> | ||
| Line 197: | Line 197: | ||
Install byobu and choose screen as a multiplexer. Tmux doesn't allow for multiple ssh sessions to show different screens. | Install byobu and choose screen as a multiplexer. Tmux doesn't allow for multiple ssh sessions to show different screens. | ||
< | <syntaxhighlight lang="console"> | ||
# yum -y install byobu | # yum -y install byobu | ||
# byobu-select-backend screen | # byobu-select-backend screen | ||
</ | </syntaxhighlight> | ||
=== Copy secret key from primary gpg === | === Copy secret key from primary gpg === | ||
| Line 206: | Line 206: | ||
On the base machine: | On the base machine: | ||
< | <syntaxhighlight lang="console"> | ||
$ gpg --export-secret-key -a > secretkey.asc | $ gpg --export-secret-key -a > secretkey.asc | ||
</ | </syntaxhighlight> | ||
Copy the secretkey.asc from the base machine to the new box. Then delete it using shred. | Copy the secretkey.asc from the base machine to the new box. Then delete it using shred. | ||
< | <syntaxhighlight lang="console"> | ||
$ gpg --import secretkey.asc | $ gpg --import secretkey.asc | ||
$ shred --remove secretkey.asc | $ shred --remove secretkey.asc | ||
</ | </syntaxhighlight> | ||
=== Install NodeJS === | === Install NodeJS === | ||
< | <syntaxhighlight lang="console"> | ||
$ sudo curl -sL https://rpm.nodesource.com/setup_14.x | sudo -E bash - | $ sudo curl -sL https://rpm.nodesource.com/setup_14.x | sudo -E bash - | ||
$ sudo yum -y install nodejs | $ sudo yum -y install nodejs | ||
</ | </syntaxhighlight> | ||
=== Install vim-plug === | === Install vim-plug === | ||
< | <syntaxhighlight lang="console"> | ||
curl -fLo ~/.vim/autoload/plug.vim --create-dirs https://raw.githubusercontent.com/junegunn/vim-plug/master/plug.vim | curl -fLo ~/.vim/autoload/plug.vim --create-dirs https://raw.githubusercontent.com/junegunn/vim-plug/master/plug.vim | ||
</ | </syntaxhighlight> | ||
=== Rest of the set up detail === | === Rest of the set up detail === | ||
< | <syntaxhighlight lang="console"> | ||
$ sudo yum install ncurses-devel | $ sudo yum install ncurses-devel | ||
</ | </syntaxhighlight> | ||
* ~/.gitconfig | * ~/.gitconfig | ||
| Line 255: | Line 255: | ||
=== Clean up cache for yum PM === | === Clean up cache for yum PM === | ||
< | <syntaxhighlight lang="console"> | ||
$ sudo service rhsmcertd restart | $ sudo service rhsmcertd restart | ||
$ sudo subscription-manager refresh | $ sudo subscription-manager refresh | ||
$ sudo yum clean all && sudo rm -rf /var/cache/yum && sudo yum makecache | $ sudo yum clean all && sudo rm -rf /var/cache/yum && sudo yum makecache | ||
</ | </syntaxhighlight> | ||
=== List all subscriptions === | === List all subscriptions === | ||
< | <syntaxhighlight lang="console"> | ||
$ sudo subscription-manager list --all --available | more | $ sudo subscription-manager list --all --available | more | ||
</ | </syntaxhighlight> | ||
=== Install downloaded RPM package === | === Install downloaded RPM package === | ||
< | <syntaxhighlight lang="console"> | ||
$ sudo yum -y localinstall ~/Downloads/screen | $ sudo yum -y localinstall ~/Downloads/screen | ||
</ | </syntaxhighlight> | ||
=== Check if there are any disabled repositories === | === Check if there are any disabled repositories === | ||
< | <syntaxhighlight lang="console"> | ||
$ egrep -Hi '(^\[|^enabled)' /etc/yum.repos.d/* | $ egrep -Hi '(^\[|^enabled)' /etc/yum.repos.d/* | ||
/etc/yum.repos.d/epel.repo.rpmsave:[epel] | /etc/yum.repos.d/epel.repo.rpmsave:[epel] | ||
| Line 288: | Line 288: | ||
/etc/yum.repos.d/nginx.repo:enabled=1 | /etc/yum.repos.d/nginx.repo:enabled=1 | ||
... | ... | ||
</ | </syntaxhighlight> | ||