Last active
March 29, 2020 21:08
-
-
Save adam1010/4d9631d177c7bd0f7ccff31405d7b0c0 to your computer and use it in GitHub Desktop.
Web Server Setup on Amazon Linux 2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Amazon Linux 2 ## | |
| sudo yum update -y | |
| sudo amazon-linux-extras install lamp-mariadb10.2-php7.2 nginx1.12 | |
| sudo yum install -y mariadb-server | |
| sudo systemctl enable php-fpm | |
| sudo systemctl enable nginx | |
| sudo systemctl enable mariadb | |
| sudo yum install -y php-xml php-pdo php-mbstring | |
| sudo mkdir /var/www/ | |
| sudo usermod -a -G apache ec2-user | |
| sudo usermod -a -G apache nginx | |
| sudo chown -R ec2-user:apache /var/www | |
| sudo chmod 2775 /var/www && find /var/www -type d -exec sudo chmod 2775 {} \; | |
| sudo find /var/www -type f -exec sudo chmod 0664 {} \; | |
| nano /var/www/index.php | |
| ----- nginx config ----- | |
| sudo nano /etc/nginx/nginx.conf | |
| == > change root to /var/www | |
| location / { | |
| try_files $uri $uri/ /index.php?$query_string; | |
| } | |
| sudo nano /etc/nginx/default.d/php.conf | |
| ==> Disable "intercept errors" feature | |
| location ~ \.php$ { | |
| fastcgi_intercept_errors off; | |
| } | |
| --- Enable Services (or reboot) --- | |
| sudo systemctl start php-fpm | |
| sudo systemctl start nginx | |
| sudo systemctl start mariadb | |
| ---- Secure the DB ------ | |
| sudo mysql_secure_installation | |
| ----- SSL/TLS Certificate ----- | |
| sudo su | |
| curl https://get.acme.sh | sh | |
| acme.sh --issue -d example.com -w /var/www | |
| server { | |
| listen 443 ssl default_server; | |
| ssl_certificate /root/.acme.sh/example.cer; | |
| ssl_certificate_key /root/.acme.sh/example.key; | |
| } | |
| ----- PHP Composer ----- | |
| php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" | |
| php composer-setup.php | |
| sudo mv composer.phar /usr/bin/composer | |
| ----- Cloning from existing repo ----- | |
| sudo yum intall git | |
| composer install | |
| ----- Laravel ----- | |
| cd /var/www/ | |
| composer create-project --prefer-dist laravel/laravel test | |
| mkdir /var/www/test/storage/cache | |
| sudo chown -R ec2-user:apache /var/www/test/storage/cache | |
| sudo nano /etc/nginx/nginx.conf ===> change root | |
| sudo systemctl reload nginx | |
| php artisan make:auth | |
| mysql -uroot | |
| create database test2; | |
| nano .env | |
| php artisan migrate | |
| # New pages | |
| nano routes/web.php | |
| ----- Anti-Virus ------- | |
| wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm | |
| sudo yum install epel-release-latest-7.noarch.rpm | |
| sudo yum install clamav freshclam clamav-update rkhunter | |
| sudo clamscan -i -r --bell | |
| sudo rkhunter -c | |
Hey @williamsdb -- These instructions are from 18 months ago so I wouldn't be surprised if they need tweaking (although they did work at the time). I've since switched to using Docker and Trend Micro Cloud One (it adds like a penny per hour to the instance cost). It took a big time investment up front to switch but it has paid for itself many times over, especially as our team grew. Good luck!
Trend Micro Cloud sounds interesting so I’ll take a look at that, thanks!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The instruction for clamav don't work on AL2. freshclam doesn't exist as a package in epel but seems to be installed as part of clamav. If you run clamscan without running freshclam first then it fails as there are no databases. If you run freshclam that also fails with an error "Database load killed by signal 9". Have you actually got this to work and if so how?