sl-digital/CentOS_7_LAMP_Install.txt

## CentOS_7_LAMP_Install.txt
# SWITCH TO ROOT
sudo su

# CREATE A NEW USER
adduser devops
passwd whatevs

# GRANT SUDO
gpasswd -a devops wheel

# SSH KEYGEN (LOCAL)
ssh-keygen <follow prompts and save>
cat ~/.ssh/yourkey_rsa.pub <copy contents>

# SSH KEYGEN (SERVER)
su - devops
mkdir .ssh
chmod 700 .ssh
nano .ssh/authorized_keys <paste key data>
chmod 600 .ssh/authorized_keys

# DISABLE PASSWORD AUTH
nano /etc/ssh/sshd_config
- PermitRootLogin no
systemctl reload sshd

# ADD BETTER REPOS
cd ~
curl 'https://setup.ius.io/' -o setup-ius.sh
sudo bash setup-ius.sh

# INSTALL APACHE (HTTPD)
sudo yum install httpd
sudo systemctl start httpd.service
sudo systemctl enable httpd.service

# INSTALL MYSQL (MARIA)
sudo yum install mariadb-server mariadb
sudo systemctl start mariadb
sudo mysql_secure_installation
sudo systemctl enable mariadb.service

# INSTALL PHP
sudo yum install php php-mysql
sudo systemctl restart httpd.service

# FIND MORE PHP MODULES
yum search php-
sudo yum install php-whatevs1 php-whatevs1

# ADJUST THE FIREWALL - IF NEEDED
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload

# CHECK FILE PERMISSIONS
getfacl /var/www/html

# SET DEFAULT ACL FOR APACHE (HTTPD)
setfacl -Rd -m u:devops:rwx /var/www/html
setfacl -Rd -m g:apache:rwx /var/www/html

# Set ACL for admin user and www-data group
setfacl -R -m u:devops:rwx /var/www/html
setfacl -R -m g:apache:rwx /var/www/html

# Set default group for new content
chmod -R g+s /var/www/html

# Change folder permissions to rwxr-xr-x
find . -type d -exec chmod 755 {} \;

# Change file permissions to rw-r--r--
find . -type f -exec chmod 644 {} \;
	# SWITCH TO ROOT
	sudo su

	# CREATE A NEW USER
	adduser devops
	passwd whatevs

	# GRANT SUDO
	gpasswd -a devops wheel

	# SSH KEYGEN (LOCAL)
	ssh-keygen <follow prompts and save>
	cat ~/.ssh/yourkey_rsa.pub <copy contents>

	# SSH KEYGEN (SERVER)
	su - devops
	mkdir .ssh
	chmod 700 .ssh
	nano .ssh/authorized_keys <paste key data>
	chmod 600 .ssh/authorized_keys

	# DISABLE PASSWORD AUTH
	nano /etc/ssh/sshd_config
	- PermitRootLogin no
	systemctl reload sshd

	# ADD BETTER REPOS
	cd ~
	curl 'https://setup.ius.io/' -o setup-ius.sh
	sudo bash setup-ius.sh

	# INSTALL APACHE (HTTPD)
	sudo yum install httpd
	sudo systemctl start httpd.service
	sudo systemctl enable httpd.service

	# INSTALL MYSQL (MARIA)
	sudo yum install mariadb-server mariadb
	sudo systemctl start mariadb
	sudo mysql_secure_installation
	sudo systemctl enable mariadb.service

	# INSTALL PHP
	sudo yum install php php-mysql
	sudo systemctl restart httpd.service

	# FIND MORE PHP MODULES
	yum search php-
	sudo yum install php-whatevs1 php-whatevs1

	# ADJUST THE FIREWALL - IF NEEDED
	sudo firewall-cmd --permanent --zone=public --add-service=http
	sudo firewall-cmd --permanent --zone=public --add-service=https
	sudo firewall-cmd --reload

	# CHECK FILE PERMISSIONS
	getfacl /var/www/html

	# SET DEFAULT ACL FOR APACHE (HTTPD)
	setfacl -Rd -m u:devops:rwx /var/www/html
	setfacl -Rd -m g:apache:rwx /var/www/html

	# Set ACL for admin user and www-data group
	setfacl -R -m u:devops:rwx /var/www/html
	setfacl -R -m g:apache:rwx /var/www/html

	# Set default group for new content
	chmod -R g+s /var/www/html

	# Change folder permissions to rwxr-xr-x
	find . -type d -exec chmod 755 {} \;

	# Change file permissions to rw-r--r--
	find . -type f -exec chmod 644 {} \;