VPS設定したのでメモ
Basic Setting
vim /etc/sysconfig/selinux
-----------------------
SELINUX=disabled
-----------------------
reboot
yum update
yum -y install epel-release
rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
localectl set-locale LANG=ja_JP.utf8
localectl set-locale LC_CTYPE=ja_JP.utf8
cat /etc/locale.conf
System User Setting
useradd admin
passwd
visudo
----------------------------------
admin ALL=(ALL) ALL
----------------------------------
# Create SSH key
su - admin
ssh-keygen -t rsa -b 4096
mv .ssh/id_rsa.pub .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
SSH Setting
# Allow only private key auth
vim /etc/ssh/sshd_config
--------------------------------------
PermitRootLogin no
PasswordAuthentication no
--------------------------------------
systemctl restart sshd
Apache Setting
yum install httpd mod_ssl open_ssl
systemctl start httpd
systemctl enable httpd
vim /etc/httpd/conf/httpd.conf
--------------------------------------------
ServerName [hostname]
# DocumentRoot "/var/www/html" -> Comment out
--------------------------------------------
vim /etc/httpd/conf.d/ssl.conf
--------------------------------------------
SSLCertificateFile {path/to/crt}
SSLCertificateKeyFile {path/to/key}
--------------------------------------------
vim /etc/httpd/conf.d/example.com.conf
--------------------------------------------
<VirtualHost *:80>
ServerName example.com
ServerAlias *.example.com
DocumentRoot /var/www/html
<Directory "/var/www/html">
AllowOverride All
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
ServerAlias *.example.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl/example.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl/example.com.key
<Directory "/var/www/html">
AllowOverride All
</Directory>
</VirtualHost>
--------------------------------------------
PHP Setting
yum install --enablerepo=remi,remi-php70 php php-devel php-mbstring php-pdo php-gd php-mysqlnd php-mysql
vim /etc/php.ini
--------------------------------------------
display_errors = On
date.timezone = "Asia/Tokyo"
mbstring.language = Japanese
--------------------------------------------
MySQL Setting
yum -y install http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm
# Enable mysql57
vim /etc/yum.repos.d/mysql-community.repo
-------------------------------------------
[mysql57-community-dmr]
enabled=1
-------------------------------------------
yum info mysql-community-server
yum install mysql-community-server
systemctl start mysqld
systemctl enable mysqld
# Find initial password of root user
cat /var/log/mysqld.log | grep 'temporary password'
# Security setting
mysql_secure_installation
# Must change root password first, and create user for the project
mysql -u root -p
mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('password string');
mysql> CREATE DATABASE {db-name};
mysql> GRANT ALL ON {db-name}.* TO {db-user}@'%' IDENTIFIED BY '9%aG9SmE$(FS';
SMTP Setting
In this server, doesn’t receive mail, only sending.
have checked postfix is already working.
# Check mta
ps x | grep postfix
----------------------------------------------------------------------
3664 ? Ss 0:00 /usr/libexec/postfix/master -w
4648 pts/1 S+ 0:00 grep --color=auto postfix
----------------------------------------------------------------------
# Check sending mail with mail command
mail test@example.com
Subject: test
test
.
EOT
Firewall Setting
# Check if it is working
systemctl is-enabled firewalld
enabled
systemctl start firewalld
# Check zone info and NIC info
firewall-cmd --list-all
ip a
# Check current setting in the zone “public”
firewall-cmd --list-services --zone=public --permanent
ssh dhcpv6-client
# Check services which is able to be add into the firewall
firewall-cmd --get-services
# Check service file of firewall.
cat /usr/lib/firewalld/services/http.xml
# Add services to the zone “public”
firewall-cmd --add-service=http --zone=public --permanent
firewall-cmd --add-service=https --zone=public --permanent
# Check current setting
firewall-cmd --list-services --zone=public --permanent
ssh dhcpv6-client http https