RHEL: Difference between revisions

Jump to navigation Jump to search
450 bytes added ,  31 August 2023
m
no edit summary
→‎Useful commands: List all services
Tag: visualeditor
mNo edit summary
 
Line 5: Line 5:
=== Create a new group ===
=== Create a new group ===


<source lang="console">
<syntaxhighlight lang="console">
$ sudo groupadd dev
$ sudo groupadd dev
$ sudo usermod -a -G dev mhan1
$ sudo usermod -a -G dev mhan1
</source>
</syntaxhighlight>


== Folder set up for web services ==
== Folder set up for web services ==


<source lang="console">
<syntaxhighlight lang="console">
$ sudo mkdir /srv/www
$ sudo mkdir /srv/www
$ sudo chown -R mhan1:dev /srv/www
$ sudo chown -R mhan1:dev /srv/www
$ sudo chmod g+s /srv/www
$ sudo chmod g+s /srv/www
</source>
</syntaxhighlight>


== Web services ==
== Web services ==
Line 24: Line 24:
Disable apache
Disable apache


<source lang="sh">
<syntaxhighlight lang="sh">
# systemctl stop httpd
# systemctl stop httpd
# systemctl disable httpd
# systemctl disable httpd
</source>
</syntaxhighlight>


<source lang="sh">
<syntaxhighlight lang="sh">
$ sudo yum install yum-utils
$ sudo yum install yum-utils
</source>
</syntaxhighlight>


Create <code>/etc/yum.repos.d/nginx.repo</code>
Create <code>/etc/yum.repos.d/nginx.repo</code>


<source lang="cfg">
<syntaxhighlight lang="cfg">
[nginx-stable]
[nginx-stable]
name=nginx stable repo
name=nginx stable repo
Line 51: Line 51:
gpgkey=https://nginx.org/keys/nginx_signing.key
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
module_hotfixes=true
</source>
</syntaxhighlight>


Install nginx
Install nginx


<source lang="sh">
<syntaxhighlight lang="sh">
$ sudo yum install nginx
$ sudo yum install nginx
</source>
</syntaxhighlight>


Set up folders
Set up folders


<source lang="console">
<syntaxhighlight lang="console">
# cd /etc/nginx
# cd /etc/nginx
# mkdir sites-available
# mkdir sites-available
# mkdir sites-enabled
# mkdir sites-enabled
</source>
</syntaxhighlight>


Create a file named <code>sites-available/unm.edu.conf</code>
Create a file named <code>sites-available/unm.edu.conf</code>


<source lang="nginx">
<syntaxhighlight lang="nginx">
server {
server {
         listen 80;
         listen 80;
Line 109: Line 109:
         include ssl_params.conf;
         include ssl_params.conf;
}
}
</source>
</syntaxhighlight>




Line 115: Line 115:
Create a file named <code>/etc/nginx/php_81_params.conf</code>
Create a file named <code>/etc/nginx/php_81_params.conf</code>


<source lang="nginx">
<syntaxhighlight lang="nginx">
location ~ \.php$ {
location ~ \.php$ {
         fastcgi_split_path_info ^(.+\.php)(/.+)$;
         fastcgi_split_path_info ^(.+\.php)(/.+)$;
Line 131: Line 131:
         fastcgi_pass 127.0.0.1:9000;
         fastcgi_pass 127.0.0.1:9000;
}
}
</source>
</syntaxhighlight>


Add <code>include /etc/nginx/sites-enabled/*.conf;</code> at the end of the first block before the closing brace. Then add a link inside the /etc/nginx/sites-enabled/ folder
Add <code>include /etc/nginx/sites-enabled/*.conf;</code> at the end of the first block before the closing brace. Then add a link inside the /etc/nginx/sites-enabled/ folder


<source lang="console">
<syntaxhighlight lang="console">
# ln -s /etc/nginx/sites-available/unm.edu.conf ./
# ln -s /etc/nginx/sites-available/unm.edu.conf ./
</source>
</syntaxhighlight>


Create <code>/etc/ssl/certs/dhparam.pem</code>
Create <code>/etc/ssl/certs/dhparam.pem</code>


<source lang="console">
<syntaxhighlight lang="console">
# openssl dhparam -out dhparam.pem 4096
# openssl dhparam -out dhparam.pem 4096
</source>
</syntaxhighlight>


Create a file named <code>/etc/nginx/ssl_params.conf</code>
Create a file named <code>/etc/nginx/ssl_params.conf</code>


<source lang="nginx">
<syntaxhighlight lang="nginx">
ssl_session_timeout 1d;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_cache shared:SSL:50m;
Line 161: Line 161:
ssl_prefer_server_ciphers on;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=15768000;
add_header Strict-Transport-Security max-age=15768000;
</source>
</syntaxhighlight>


=== Install SSL certificates ===
=== Install SSL certificates ===
Line 167: Line 167:
Certificates should have been created by something like mkcert for development environment.  The certificate should be in <code>/etc/pki/tls/certs/</code> and the private key should be stored in <code>/etc/pki/tls/private/</code>. Then secure the private key with:
Certificates should have been created by something like mkcert for development environment.  The certificate should be in <code>/etc/pki/tls/certs/</code> and the private key should be stored in <code>/etc/pki/tls/private/</code>. Then secure the private key with:


<source lang="console">
<syntaxhighlight lang="console">
# chmod 600 /etc/pki/tls/private/_wildcard.unm.edu-key.pem
# chmod 600 /etc/pki/tls/private/_wildcard.unm.edu-key.pem
</source>
</syntaxhighlight>


=== Install EPEL & REMI repo ===
=== Install EPEL & REMI repo ===


<source lang="console">
<syntaxhighlight lang="console">
$ sudo subscription-manager repos --enable rhel-7-server-optional-rpms --enable rhel-7-server-extras-rpms
$ sudo subscription-manager repos --enable rhel-7-server-optional-rpms --enable rhel-7-server-extras-rpms
$ cd /tmp
$ cd /tmp
Line 180: Line 180:


$ sudo yum install -y https://rpms.remirepo.net/enterprise/remi-release-7.rpm
$ sudo yum install -y https://rpms.remirepo.net/enterprise/remi-release-7.rpm
</source>
</syntaxhighlight>


=== Install PHP 8.1 ===
=== Install PHP 8.1 ===
Line 186: Line 186:
Install Oracle Instant Client (at least the basic package). They're dependencies for oci-related PHP packages.
Install Oracle Instant Client (at least the basic package). They're dependencies for oci-related PHP packages.


<source lang="console">
<syntaxhighlight lang="console">
# yum-config-manager --enable remi-php81
# yum-config-manager --enable remi-php81
# yum -y autoremove rh-php72
# yum -y autoremove rh-php72
# yum install -y php php-cli php-bcmath php-devel php-fpm php-gd imap php-intl php-mbstring php-mysqlnd php-oci8 php-odbc php-pdo php-tidy php-xml
# yum install -y php php-cli php-bcmath php-devel php-fpm php-gd imap php-intl php-mbstring php-mysqlnd php-oci8 php-odbc php-pdo php-tidy php-xml
</source>
</syntaxhighlight>




Line 197: Line 197:
Install byobu and choose screen as a multiplexer. Tmux doesn't allow for multiple ssh sessions to show different screens.
Install byobu and choose screen as a multiplexer. Tmux doesn't allow for multiple ssh sessions to show different screens.


<source lang="console">
<syntaxhighlight lang="console">
# yum -y install byobu
# yum -y install byobu
# byobu-select-backend screen
# byobu-select-backend screen
</source>
</syntaxhighlight>


=== Copy secret key from primary gpg ===
=== Copy secret key from primary gpg ===
Line 206: Line 206:
On the base machine:
On the base machine:


<source lang="console">
<syntaxhighlight lang="console">
$ gpg --export-secret-key -a > secretkey.asc
$ gpg --export-secret-key -a > secretkey.asc
</source>
</syntaxhighlight>


Copy the secretkey.asc from the base machine to the new box. Then delete it using shred.
Copy the secretkey.asc from the base machine to the new box. Then delete it using shred.


<source lang="console">
<syntaxhighlight lang="console">
$ gpg --import secretkey.asc
$ gpg --import secretkey.asc
$ shred --remove secretkey.asc
$ shred --remove secretkey.asc
</source>
</syntaxhighlight>


=== Install NodeJS ===
=== Install NodeJS ===


<source lang="console">
<syntaxhighlight lang="console">
$ sudo curl -sL https://rpm.nodesource.com/setup_14.x | sudo -E bash -
$ sudo curl -sL https://rpm.nodesource.com/setup_14.x | sudo -E bash -
$ sudo yum -y install nodejs
$ sudo yum -y install nodejs
</source>
</syntaxhighlight>


=== Install vim-plug ===
=== Install vim-plug ===


<source lang="console">
<syntaxhighlight lang="console">
curl -fLo ~/.vim/autoload/plug.vim --create-dirs https://raw.githubusercontent.com/junegunn/vim-plug/master/plug.vim
curl -fLo ~/.vim/autoload/plug.vim --create-dirs https://raw.githubusercontent.com/junegunn/vim-plug/master/plug.vim
</source>
</syntaxhighlight>


=== Rest of the set up detail ===
=== Rest of the set up detail ===


<source lang="console">
<syntaxhighlight lang="console">
$ sudo yum install ncurses-devel
$ sudo yum install ncurses-devel
</source>
</syntaxhighlight>


* ~/.gitconfig
* ~/.gitconfig
Line 255: Line 255:
=== Clean up cache for yum PM ===
=== Clean up cache for yum PM ===


<source lang="console">
<syntaxhighlight lang="console">
$ sudo service rhsmcertd restart
$ sudo service rhsmcertd restart
$ sudo subscription-manager refresh
$ sudo subscription-manager refresh
$ sudo yum clean all && sudo rm -rf /var/cache/yum && sudo yum makecache
$ sudo yum clean all && sudo rm -rf /var/cache/yum && sudo yum makecache
</source>
</syntaxhighlight>


=== List all subscriptions ===
=== List all subscriptions ===


<source lang="console">
<syntaxhighlight lang="console">
$ sudo subscription-manager list --all --available | more
$ sudo subscription-manager list --all --available | more
</source>
</syntaxhighlight>


=== Install downloaded RPM package ===
=== Install downloaded RPM package ===


<source lang="console">
<syntaxhighlight lang="console">
$ sudo yum -y localinstall ~/Downloads/screen
$ sudo yum -y localinstall ~/Downloads/screen
</source>
</syntaxhighlight>


=== Check if there are any disabled repositories ===
=== Check if there are any disabled repositories ===


<source lang="console">
<syntaxhighlight lang="console">
$ egrep -Hi '(^\[|^enabled)' /etc/yum.repos.d/*
$ egrep -Hi '(^\[|^enabled)' /etc/yum.repos.d/*
/etc/yum.repos.d/epel.repo.rpmsave:[epel]
/etc/yum.repos.d/epel.repo.rpmsave:[epel]
Line 288: Line 288:
/etc/yum.repos.d/nginx.repo:enabled=1
/etc/yum.repos.d/nginx.repo:enabled=1
...
...
</source>
</syntaxhighlight>

Navigation menu