| Install&Setting |
| LEMP-Nextcloud16 |
| LAMP-Nextcloud16 |
| Owncloud 10 |
| MariaDB |
| OpenWebMail |
| Crontab |
| No-IP |
| LetsEncrypt |
| Samba |
| Virtual Box |
| NetInstall |
| trouble |
|
check for latest version: RHEL7
64 bit
$ rpm -Uvh https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-<new verions>.noarch.rpm
$ rpm -Uvh https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-7-12.noarch.rpm
or
$ rpm -ivh http://fedora.mirrors.pair.com/epel/7/x86_64/Packages/e/epel-release-<new verions>.noarch.rpm
$ rpm -ivh http://fedora.mirrors.pair.com/epel/7/x86_64/Packages/e/epel-release-7.12.noarch.rpm
$ yum -y update yum
YUM update
$ yum install epel-release
$ yum -y install wget ntp unzip openssh-clients rsync net-tools lsof curl telnet
$
systemctl start ntpd.service
$
systemctl enable ntpd.service
$ ntpdate pool.ntp.org //update the time:
$ yum install -y fuse ntfs-3g # mount ntfs windows partition
** mount exfat partition
$ yum -y install http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm
$ yum -y install exfat-utils fuse-exfat
$ yum install
-y ibus-table-quick* ibus-table-cangjie ibus-table-sci
go to "System" --> "Reference" --> "Input
Method" --> enable "input method" & select "Use Ibus .... " --> "input method Reference" --> select "Input Method" --> add method
$ yum -y update; reboot
install FileZilla
$ yum --enablerepo=epel -y install filezilla
Change hostname
# hostnamectl set-hostname WKmail
# vim /etc/hosts
reboot
Set selinux disabled
NetInstall URL refer
https://www.if-not-true-then-false.com/2014/centos-7-netinstall-guide/
https://tw.saowen.com/a/30df5928bf1b5c3d9e7e69face4e28bf4cafc6785eab63073f17a9c6337dda5c
|
NAT
/etc/sysconfig/network-script/ifcfg-enp2s0 , ifcfg-enp2s0 CentOS 7
# dhcp NAT settting
HWADDR=00:1D:60:A6:9E:B4
TYPE=Ethernet
BOOTPROTO=dhcp
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=enp2s0
UUID=781daf14-89c4-4ba1-915c-35548d3583f1
ONBOOT=yes
|
# other setting
ONBOOT=yes
BOOTPROTO=dhcp
HWADDR=00:50:fc:2b:38:16
PEERDNS=yes # automatically obtain DNS from ISP provider
TYPE=Ethernet
;
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=enp0s17
UUID=7f1aff2d-b154-4436-9497-e3a4dedddcef
ONBOOT=no
HWADDR=00:0C:29:A1:B5:D6
PEERDNS=yes
PEERROUTES=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPADDR=172.27.0.32
NETMASK=255.255.255.0
GATEWAY=172.27.0.1
DNS1=172.27.0.5
|
SSHD
/etc/ssh/sshd_conf
Port=<port#> ;change port number
PermitRootLogin no ;not allow root login
AllowUsers <username> ;allow user login not root
systemctl restart sshd
systemctl enable sshd
sudo firewall-cmd --add-port=22/tcp --permanent
Authorized Keys
Gen key in remote PC
#ssh-keygen -t rsa -b 4096 ; Gen keys
:) id_rsa and id_rsa.pub created and save <user_home path>/.ssh/ e.g. /home/jame/.ssh/,
:) rename id_rsa.pub to authorized_keys
:) transfer authorized_keys to SSH server
SSH server
copy authorized_keys to <user_home path>/.ssh/ e.g. /home/jame/.ssh/authorized_keys
If your SSH folder does not yet exist, create it manually:
$ mkdir ~/.ssh
$ chmod 0700 ~/.ssh
$ touch ~/.ssh/authorized_keys
$ chmod 0644 ~/.ssh/authorized_keys
edit sshd_config file #vim /etc/ssh/sshd.conf , change
PubkeyAuthentication yes
PasswordAuthentication no
UsePAM no |
systemctl restart sshd
Gen public key by puttygen for putty
1) "number of bits in a generated key" : 2048 or 4096 , mark "RSA: option , click "Gen"
2) save Private Key into local PC
3)on top puttygen , “Public key for pasting into OpenSSH authorized_keys file" , below box : “ssh-rsa …" codes, directly Copy and paste to a text file
4) edit this text file , remove new line character ,change whole coding into a one line.
5) move this text file to
SSH server /home/~/.ssh/ , cat id_dsa >> authorized_keys。
putty setting :
- In the Host Name field, enter the IP address of your VPS or its fully qualified domain name
- Enter the port number in the Port field (for added security, consider changing your server's SSH port to a non-standard port.)
- Select SSH under Protocol;
- Along the left-hand side of the window, select the Data sub-category, under Connection;
- Specify the username that you plan on using, when logging in to the SSH server, and whose profile you're saving, in the Auto-login username field;
- Expand the SSH sub-category, under Connection;
- Highlight the Auth sub-category and click the Browse button, on the right-hand side of the PuTTY window;
- Browse your file system and select your previously-created private key;
- Return to the Session Category and enter a name for this profile in the Saved Sessions field, e.g. user@123.456.78.9 or user@host.yourdomain.tld;
|
VISUDO
#cd /etc/
#visudo
/*** find User Aliases ***/ , add line
User_Alias ADMINS = <login_usen_name1> , <login_user_name2>, ....
/*** find Allow root to run any commands anywhere***/ , add line
ADMINS ALL=(ALL) NOPASSWD:ALL
/*** find Allows people in group wheel to run all commands***/ , add line
%ADMINS ALL=(ALL) NOPASSWD:ALL |
Firewall ( firewall-cmd )
Firewalld
/etc/firewalld: /* path */
/usr/bin/:firewall-cmd /* command */
$ firewall-cmd --list-all /*list all port , service , .... setting */
/* 暫時開啟 DNS port 53 */
$ sudo systemctl start named
$ sudo systemctl enable named
$ sudo firewall-cmd --add-service=dns
$ sudo firewall-cmd --reload
$ firewall-cmd --list-all
/* 永久開啟 DNS port 53 */
$ sudo firewall-cmd --add-service=dns --permanent
$ sudo firewall-cmd --reload
/* 加入自行指定的連接埠 */
$ sudo firewall-cmd --add-port=8080/tcp --permanent
success
$ sudo firewall-cmd --remove-port=8080/tcp --permanent
success
$ sudo firewall-cmd --reload
success
$ sudo firewall-cmd --list-all
public (default, active)
interfaces: ens160
sources:
services: dhcpv6-client dns ssh
ports: 8080/tcp
masquerade: no
refer link
https://blog.gtwang.org/linux/centos-7-firewalld-command-setup-tutorial/
http://note.drx.tw/2017/09/the-firewalld-on-centos-7.html
edit hosts vim /etc/hosts // add domain |
Remote CentOS 7 Desltop
refer link
https://draculaservers.com/tutorials/install-xrdp-centos/ |
Network Install CentOS 7
1) Download CentOS 7.5 Net Install (NetInstall) image
Select mirror here: CentOS 7.5 x86_64 version
2) Burn CentOS 7 Image to CD and Boot Computer or Create Bootable USB Stick
3) CentOS 7.5 NetInstall URL (Installation Source)
http://mirror.centos.org/centos/7/os/x86_64/
http://mirror.centos.org/centos/7.7.1908/os/x86_64/
http://mirrors.sonic.net/centos/7/os/x86_64//
http://mirrors.sonic.net/centos/7.7.1908/os/x86_64/ |
LEMP (LNMP) Ngnix MariaDB PHP 7
Ngnix
$ yum -y install nginx
$ systemctl start httpd.service
$ systemctl enable httpd.service
/* Apache testing at local server web brower , type below */
http://your_server_IP_address/
config file /etc/httpd/conf/httpd.conf
ServerName www.xibase.net:80
ServerAdmin webmaster@xibase.net
ServerTokens PROD
KeepAliveTimeout 45
AddDefaultCharset auto
chkconfig --leve 345 httpd on
/*server-status setting */
LoadModule status_module modules/mod_status.so /* default setting*/
ExtendedStatus On /* default setting*/
<Location /server-status> # 確定底下這幾行是存在的,約在 924 行左右!
SetHandler server-status
Order deny,allow
Deny from all
Allow from 192.168.1.0/24
Allow from 127.0.0.1
</Location>
/* http://hostname/server-status */
/* for Virtual Hosts setting */
/*at httpd.conf bottom */
NameVirtualHost *:80
NameVirtualHost *:443
Options -Indexes
Include conf/vhosts/vhosts.conf /*virtusl hosts conf file */
|
Maria DB
$ yum -y install mariadb-server mariadb
$ systemctl start mariadb //MariaDB database is running
$ mysql_secure_installation //Start the interactive script by running:
/* Then the prompt will ask you if you want to set a root password. Go ahead and enter Y, and follow the instructions: */
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorization.
New password: password
Re-enter new password: password
Password updated successfully!
Reloading privilege tables.. ... Success! |
$ systemctl enable mariadb.service
PHP
$ yum -y install php php-mysql
$ systemctl restart httpd.service
/*Install PHP modules, to see the available options for PHP modules and libraries, */
$ yum search php-
Test PHP Processing on your Web Server
vim /var/www/html/info.php
type : <?php phpinfo(); ?>
web brower input : http://your_server_IP_address/info.php
Firewall setting port 80 443 http & https , port 3306 mysql
$ firewall-cmd --permanent --zone=public --add-service=http
$ firewall-cmd --permanent --zone=public --add-service=https
$ firewall-cmd --reload
$ firewall-cmd --permanent --zone=public --add-service=mysql
/* Note** 查看目前支援的 service*/
$ firewall-cmd --get-services
/* 若要限定哪個IP才能連 */
$ firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" source address="$your_IP_or_class" service name="mysql" accept'
/* install some common PHP modules that are required by CMS Systems like Wordpress, Joomla and Drupal: */
$ yum -y install php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-soap curl curl-devel php-zip php-intl
config file /etc/php.ini
/*Display error and log , find "Error handling and loggin" */
error_reporting = E_All & ~E_DEPRECATED & ~E_NOTICE
display_errors = On
/* <?php to <? */
short_open_tag = On
#File Upload
file_uploads =On
upload_max_filesize = 40M
post_max_size = 40M
safe_mode off
;;;;; Resource Limits ;;;;
max_execution_time = 480 ; Maximum execution time of each script, in seconds
max_input_time = 120 ; Maximum amount of time each script may spend parsing request data
memory_limit = 16M ; Maximum amount of memory a script may consume
;;;;; Date TimeZone;;;;
date.timezone = "Asia/Hong_Kong"
|
Upgrade from PHP5 tp PHP7
/* Add the Remi CentOS repository.*/
$ rpm -Uvh http://rpms.remirepo.net/enterprise/remi-release-7.rpm
$ yum -y install yum-utils
$ yum update
$ yum-config-manager --enable remi-php72
$ yum -y install php php-opcache
/* restart httpd 與 mysql */
$ systemctl start httpd
$ systemctl enable httpd
$ systemctl start mariadb
$ systemctl enable mariadb
refer URL
https://www.howtoforge.com/tutorial/how-to-install-nextcloud-with-nginx-and-php-fpm-on-centos-7/#step-configure-selinux-and-firewalld-for-nextcloud
|
|
|