Forked from alkavan/CentOS_7.x_(PHP_7.3_Postgres_10.x).md
Created
April 29, 2018 14:32
-
-
Save myself379/36ec3520fd981eb2d5c462652872e0b1 to your computer and use it in GitHub Desktop.
CentOS 7.4 - New Web Server Configuration (DigitalOcean) + EPEL + IUS + PHP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# [General/Initial Section] | |
# Update system | |
yum update | |
# Set your timezone | |
timedatectl set-timezone UTC | |
# Check date is set correct | |
date | |
# If you want yum to update datebase auto | |
# no packges will be installed in any case | |
yum install yum-cron | |
# Reboot system, login back to server (as root) | |
reboot | |
# [Adding Users/Groups Section] | |
# Create yourself a user (super important) | |
adduser josh | |
# Set user password | |
passwd josh | |
# Copy root key to user (you can remove itfrom the root user later) | |
cp -r -p /root/.ssh/ /home/josh/ | |
chown -R josh:josh /home/josh/.ssh | |
# Add your user to 'wheel' group (as supplementary group (-G), primary group still 'josh') | |
usermod -a -G wheel josh | |
# Logout server, and login again as your user | |
exit | |
# Check sudo access is working, now you should be 'root' again | |
sudo su | |
# [SWAP Space Section] | |
# Check if server has swap, if it does, you can skip this step | |
swapon -s | |
# Check how much memory the machine has, and how much disk space | |
free -m && df -h | |
# Create swap file on disk, and confirm it's size | |
dd if=/dev/zero of=/swapfile count=4096 bs=1MiB && ls -lh /swapfile | |
# Enable swap | |
chmod 600 /swapfile && ls -lh /swapfile | |
mkswap /swapfile | |
swapon /swapfile | |
swapon -s | |
# Make the swap file permanent | |
nano /etc/fstab | |
/swapfile swap swap sw 0 0 | |
# Add this line ^^^ to fstab file | |
# [Swap Install and Optimization Section] | |
# CentOS 7 defaults to a swappiness setting of 30, which is a fair middle ground for most desktops and local servers. | |
# For a VPS system, we'd probably want to move it closer to 0. | |
sysctl vm.swappiness=10 | |
# This setting will persist until the next reboot. | |
# To make the setting persist between reboots, we can add the outputted line to our sysctl configuration file: | |
nano /etc/sysctl.conf | |
# Cache Pressure | |
# Another related value that you might want to modify is the vfs_cache_pressure. | |
# This setting affects the storage of special filesystem metadata entries. | |
# Constantly reading and refreshing this information is generally very costly, | |
# so storing it on the cache for longer is excellent for your system's performance. | |
cat /proc/sys/vm/vfs_cache_pressure | |
# To make cache inode information from the cache more slowly: | |
sysctl vm.vfs_cache_pressure=50 | |
# This setting will persist until the next reboot. | |
# To make the setting persist between reboots, we can add the outputted line to our sysctl configuration file: | |
nano /etc/sysctl.conf | |
# [Extra Repositories Section] | |
# EPEL | |
yum install epel-release | |
# Install IUS Repository | |
rpm -ivh https://centos7.iuscommunity.org/ius-release.rpm | |
# [HTTP/Apache Web Server Section] | |
# Install Apache HTTP Server (2.4 IUS) | |
yum install httpd24u httpd24u-filesystem httpd24u-manual httpd24u-tools httpd24u-mod_ssl | |
# Start server, check it's working, enable during boot | |
systemctl start httpd | |
systemctl status httpd | |
systemctl enable httpd | |
# [Firewall Section] | |
# You might need to install the service | |
yum install firewalld | |
# Check firewall status (should be off in most cases) | |
firewall-cmd --state | |
# If not running, execute: | |
systemctl start firewalld.service | |
# Some firewall info | |
firewall-cmd --get-active-zones | |
firewall-cmd --list-all | |
# Add HTTP/HTTPS rule to public zone | |
firewall-cmd --zone=public --add-service=http | |
firewall-cmd --zone=public --add-service=https | |
# Add HTTP/HTTPS rule *permanently* to public zone | |
firewall-cmd --zone=public --add-service=http --permanent | |
firewall-cmd --zone=public --add-service=https --permanent | |
# Or ... | |
firewall-cmd --zone=public --add-port=80/tcp --permanent | |
firewall-cmd --zone=public --add-port=443/tcp --permanent | |
# For more info @ DigitalOcean: | |
# https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-7 | |
# [PHP Section] | |
# Install PHP 7.2 + FPM (Apache) (IUS) | |
yum install \ | |
php72u-fpm \ | |
php72u-fpm-httpd \ | |
php72u-common \ | |
php72u-bcmath \ | |
php72u-mbstring \ | |
php72u-cli \ | |
php72u-dba \ | |
php72u-gd \ | |
php72u-mcrypt \ | |
php72u-opcache \ | |
php72u-intl \ | |
php72u-pdo \ | |
php72u-pdo-dblib \ | |
php72u-mysqlnd \ | |
php72u-pgsql \ | |
php72u-process \ | |
php72u-tidy \ | |
php72u-xml \ | |
php72u-xmlrpc \ | |
php72u-json \ | |
php72u-pecl-memcached \ | |
php72u-pecl-igbinary | |
# Restart the web server | |
systemctl restart php-fpm httpd | |
systemctl status php-fpm httpd | |
# Create PHP test page | |
cd /var/www/html/ | |
echo "<?php phpinfo(); ?>" > index.php | |
# Open browser, goto: http://<server_ip>/ | |
# You should see PHP info page | |
rm index.php | |
# [PHP-FPM + MPM_EVENT + pthreads + Apache] | |
nano /etc/php-fpm.d/www.conf | |
# uncomment this line (so both apache and nginx would be able to use): | |
listen.acl_users = apache | |
# (optional) Comment this line: | |
;listen = 127.0.0.1:9000 | |
# (optional) Uncomment following line: | |
listen = /run/php-fpm/www.sock | |
nano /etc/httpd/conf.modules.d/00-mpm.conf | |
# Comment: | |
#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so | |
# Uncomment: | |
LoadModule mpm_event_module modules/mod_mpm_event.so | |
# (if optional ?) | |
nano /etc/httpd/conf.d/php-fpm.conf | |
# Change end of file to: | |
<FilesMatch \.php$> | |
#SetHandler "proxy:fcgi://127.0.0.1:9000" | |
SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost" | |
</FilesMatch> | |
# Add to apache <VirtualHost> directive: | |
<IfModule mpm_event_module> | |
#ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/var/www/moo/public/$1 | |
ProxyPassMatch ^/(.*\.php(/.*)?)$ "unix:/run/php-fpm/www.sock|fcgi://127.0.0.1:9000/var/www/moo/public/$1" | |
</IfModule> | |
# Now you can enable multi-threading in PHP ... | |
yum install php56u-pecl-pthreads.x86_64 | |
# Restart web services | |
systemctl restart php-fpm httpd | |
[node.js] | |
# Install basic components | |
yum install nodejs npm | |
# [MariaDB Section (IUS)] | |
# Install IUS Repository | |
rpm -ivh https://centos7.iuscommunity.org/ius-release.rpm | |
yum -y remove mariadb-libs | |
yum -y install mariadb101u-server mariadb101u | |
systemctl start mariadb.service | |
systemctl status mariadb.service | |
systemctl enable mariadb.service | |
# if removed because removal of old mariadb-libs package | |
yum -y install postfix | |
# Secure databse | |
mysql_secure_installation | |
# try connecting database | |
mysql -uroot -p | |
# Create new databse | |
> CREATE DATABASE `joshdb` CHARACTER SET utf8 COLLATE utf8_general_ci; | |
# Create new user | |
> CREATE USER 'josh'@'%' IDENTIFIED BY 'YouSecurePassword!'; | |
> GRANT ALL PRIVILEGES ON joshdb.* TO 'josh'@'localhost'; | |
# Or admin access to all databases | |
> GRANT ALL PRIVILEGES ON *.* TO 'josh'@'localhost' WITH GRANT OPTION; | |
# Refresh server privileges | |
> FLUSH PRIVILEGES; | |
# [Memcached Section] | |
yum -y install memcached | |
# Change configuration | |
nano /etc/sysconfig/memcached | |
# Enable service | |
systemctl start memcached | |
systemctl enable memcached | |
# [PostgreSQL Section] | |
# Install PosgreSQL 9.4 official RHEL7 repository | |
wget https://download.postgresql.org/pub/repos/yum/9.5/redhat/rhel-7-x86_64/pgdg-centos95-9.5-2.noarch.rpm | |
yum localinstall -y pgdg-centos95-9.5-2.noarch.rpm | |
# Install PostgreSQL packages | |
yum install postgresql95 \ | |
postgresql95-libs \ | |
postgresql95-server \ | |
postgresql95-contrib \ | |
postgresql95-docs \ | |
postgresql95-devel \ | |
postgresql95-plperl \ | |
postgresql95-plpython \ | |
postgresql95-pltcl | |
# Init initial database | |
/usr/pgsql-9.5/bin/postgresql95-setup initdb | |
# Start service and enable on boot | |
systemctl start postgresql-9.5 | |
systemctl enable postgresql-9.5 | |
# Add server port to firewall and restart firewall | |
firewall-cmd --permanent --zone=public --add-service=postgresql | |
## OR ## | |
firewall-cmd --permanent --zone=public --add-port=5432/tcp | |
# Restart firewall | |
systemctl restart firewalld.service | |
# Change to postgres user, check server is running | |
su - postgres | |
psql | |
# Create remote admin user, with db creation access | |
createuser -W -d -s pgadmin | |
# Create dtabase for user (UTF8) | |
createdb -T template0 -l en_US.UTF-8 -E UTF8 -O pgadmin pgadmin | |
# Allow remote user to connect, edit hosts file: | |
nano /var/lib/pgsql/9.5/data/pg_hba.conf | |
# Add following entry: | |
host all pgadmin <user_ip_address>/32 trust | |
# Remote user test | |
psql -h dbserver_name_or_ip_address -U pgsql -W <password> | |
# [MongoDB Section] | |
# Add MongoDB repository to yum | |
nano /etc/yum.repos.d/mongodb.repo | |
# Paste inside the following: | |
[mongodb] | |
name=MongoDB Repository | |
baseurl=http://downloads-distro.mongodb.org/repo/redhat/os/x86_64/ | |
gpgcheck=0 | |
enabled=1 | |
# Install MongoDB server, client and tools | |
yum install -y mongodb-org | |
# Start MongoDB server | |
systemctl start mongod | |
# Enable MongoDB on system boot (this done without systemctl!) | |
chkconfig mongod on | |
# Install MongoDB PHP extension | |
yum install php56u-pecl-mongo.x86_64 | |
# Restart web server again, check the phpinfo page | |
systemctl restart httpd | |
# [Sentry (7.4)] | |
yum install python-devel.x86_64 | |
yum install libxml2-python.x86_64 | |
yum install libxml2-devel.x86_64 | |
yum install libxml2-python.x86_64 | |
yum install libxslt-devel.x86_64 | |
yum install python-cffi.x86_64 | |
yum install python-pycparser.noarch | |
yum install libffi-devel.x86_64 | |
$ After installing deps, you can install sentry | |
pip install sentry | |
# Sentry SQL Extentions | |
pip install sentry[mysql] | |
pip install sentry[pgsql] | |
# Postgres only | |
yum install libpqxx-devel.x86_64 | |
pip install psycopg2 | |
# Create user for sentry | |
adduser sentry ; su - sentry | |
# Init sentry system | |
sentry init | |
# Install Redis | |
yum install redis | |
# Migrations | |
sentry upgrade | |
# Create admin user | |
sentry createsuperuser | |
# We are ready to start Sentry. | |
sentry start |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment