RHEL: Difference between revisions

=== Create a new group ===

$ sudo groupadd dev

$ sudo usermod -a -G dev mhan1

== Folder set up for web services ==

$ sudo mkdir /srv/www

$ sudo chown -R mhan1:dev /srv/www

$ sudo chmod g+s /srv/www

== Web services ==

Disable apache

# systemctl stop httpd

# systemctl disable httpd

$ sudo yum install yum-utils

Create <code>/etc/yum.repos.d/nginx.repo</code>

[nginx-stable]

name=nginx stable repo

gpgkey=https://nginx.org/keys/nginx_signing.key

module_hotfixes=true

Install nginx

$ sudo yum install nginx

Set up folders

# cd /etc/nginx

# mkdir sites-available

# mkdir sites-enabled

Create a file named <code>sites-available/unm.edu.conf</code>

server {

         listen 80;

         include ssl_params.conf;

}

Create a file named <code>/etc/nginx/php_81_params.conf</code>

location ~ \.php$ {

         fastcgi_split_path_info ^(.+\.php)(/.+)$;

         fastcgi_pass 127.0.0.1:9000;

}

Add <code>include /etc/nginx/sites-enabled/*.conf;</code> at the end of the first block before the closing brace. Then add a link inside the /etc/nginx/sites-enabled/ folder

# ln -s /etc/nginx/sites-available/unm.edu.conf ./

Create <code>/etc/ssl/certs/dhparam.pem</code>

# openssl dhparam -out dhparam.pem 4096

Create a file named <code>/etc/nginx/ssl_params.conf</code>

ssl_session_timeout 1d;

ssl_session_cache shared:SSL:50m;

ssl_prefer_server_ciphers on;

add_header Strict-Transport-Security max-age=15768000;

=== Install SSL certificates ===

Certificates should have been created by something like mkcert for development environment.  The certificate should be in <code>/etc/pki/tls/certs/</code> and the private key should be stored in <code>/etc/pki/tls/private/</code>. Then secure the private key with:

# chmod 600 /etc/pki/tls/private/_wildcard.unm.edu-key.pem

=== Install EPEL & REMI repo ===

$ sudo subscription-manager repos --enable rhel-7-server-optional-rpms --enable rhel-7-server-extras-rpms

$ cd /tmp

$ sudo yum install -y https://rpms.remirepo.net/enterprise/remi-release-7.rpm

=== Install PHP 8.1 ===

Install Oracle Instant Client (at least the basic package). They're dependencies for oci-related PHP packages.

# yum-config-manager --enable remi-php81

# yum -y autoremove rh-php72

# yum install -y php php-cli php-bcmath php-devel php-fpm php-gd imap php-intl php-mbstring php-mysqlnd php-oci8 php-odbc php-pdo php-tidy php-xml

Install byobu and choose screen as a multiplexer. Tmux doesn't allow for multiple ssh sessions to show different screens.

# yum -y install byobu

# byobu-select-backend screen

=== Copy secret key from primary gpg ===

On the base machine:

$ gpg --export-secret-key -a > secretkey.asc

Copy the secretkey.asc from the base machine to the new box. Then delete it using shred.

$ gpg --import secretkey.asc

$ shred --remove secretkey.asc

=== Install NodeJS ===

$ sudo curl -sL https://rpm.nodesource.com/setup_14.x | sudo -E bash -

$ sudo yum -y install nodejs

=== Install vim-plug ===

curl -fLo ~/.vim/autoload/plug.vim --create-dirs https://raw.githubusercontent.com/junegunn/vim-plug/master/plug.vim

=== Rest of the set up detail ===

$ sudo yum install ncurses-devel

* ~/.gitconfig

= Useful commands =

== Package management ==

=== Clean up cache for yum PM ===

$ sudo service rhsmcertd restart

$ sudo subscription-manager refresh

$ sudo yum clean all && sudo rm -rf /var/cache/yum && sudo yum makecache

=== List all subscriptions ===

$ sudo subscription-manager list --all --available | more

=== Install downloaded RPM package ===

$ sudo yum -y localinstall ~/Downloads/screen

=== Check if there are any disabled repositories ===

$ egrep -Hi '(^\[|^enabled)' /etc/yum.repos.d/*

/etc/yum.repos.d/epel.repo.rpmsave:[epel]

/etc/yum.repos.d/nginx.repo:enabled=1

...