Edited at

VPS設定したのでメモ

VPS設定したのでメモ


Basic Setting

vim /etc/sysconfig/selinux

-----------------------
SELINUX=disabled
-----------------------
reboot

yum update
yum -y install epel-release
rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm

localectl set-locale LANG=ja_JP.utf8
localectl set-locale LC_CTYPE=ja_JP.utf8
cat /etc/locale.conf
System User Setting
useradd admin
passwd

visudo
----------------------------------
admin ALL=(ALL) ALL
----------------------------------

# Create SSH key
su - admin
ssh-keygen -t rsa -b 4096
mv .ssh/id_rsa.pub .ssh/authorized_keys
chmod 600 .ssh/authorized_keys


SSH Setting

# Allow only private key auth

vim /etc/ssh/sshd_config
--------------------------------------
PermitRootLogin no
PasswordAuthentication no
--------------------------------------

systemctl restart sshd


Apache Setting

yum install httpd mod_ssl open_ssl

systemctl start httpd
systemctl enable httpd

vim /etc/httpd/conf/httpd.conf
--------------------------------------------
ServerName [hostname]

# DocumentRoot "/var/www/html" -> Comment out
--------------------------------------------

vim /etc/httpd/conf.d/ssl.conf
--------------------------------------------
SSLCertificateFile {path/to/crt}
SSLCertificateKeyFile {path/to/key}
--------------------------------------------

vim /etc/httpd/conf.d/example.com.conf
--------------------------------------------
<VirtualHost *:80>
ServerName example.com
ServerAlias *.example.com
DocumentRoot /var/www/html
<Directory "/var/www/html">
AllowOverride All
</Directory>
</VirtualHost>

<VirtualHost *:443>
ServerName example.com
ServerAlias *.example.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl/example.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl/example.com.key
<Directory "/var/www/html">
AllowOverride All
</Directory>
</VirtualHost>
--------------------------------------------


PHP Setting

yum install --enablerepo=remi,remi-php70 php php-devel php-mbstring php-pdo php-gd php-mysqlnd php-mysql

vim /etc/php.ini
--------------------------------------------
display_errors = On
date.timezone = "Asia/Tokyo"
mbstring.language = Japanese
--------------------------------------------


MySQL Setting

yum -y install http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm

# Enable mysql57
vim /etc/yum.repos.d/mysql-community.repo
-------------------------------------------
[mysql57-community-dmr]
enabled=1
-------------------------------------------

yum info mysql-community-server
yum install mysql-community-server

systemctl start mysqld
systemctl enable mysqld

# Find initial password of root user
cat /var/log/mysqld.log | grep 'temporary password'

# Security setting
mysql_secure_installation

# Must change root password first, and create user for the project
mysql -u root -p
mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('password string');
mysql> CREATE DATABASE {db-name};
mysql> GRANT ALL ON {db-name}.* TO {db-user}@'%' IDENTIFIED BY '9%aG9SmE$(FS';


SMTP Setting

In this server, doesn’t receive mail, only sending.

have checked postfix is already working.

# Check mta
ps x | grep postfix
----------------------------------------------------------------------
3664 ? Ss 0:00 /usr/libexec/postfix/master -w
4648 pts/1 S+ 0:00 grep --color=auto postfix
----------------------------------------------------------------------

# Check sending mail with mail command
mail test@example.com
Subject: test
test
.
EOT


Firewall Setting

# Check if it is working

systemctl is-enabled firewalld
enabled
systemctl start firewalld

# Check zone info and NIC info
firewall-cmd --list-all
ip a

# Check current setting in the zone “public”
firewall-cmd --list-services --zone=public --permanent
ssh dhcpv6-client

# Check services which is able to be add into the firewall
firewall-cmd --get-services

# Check service file of firewall.
cat /usr/lib/firewalld/services/http.xml

# Add services to the zone “public”
firewall-cmd --add-service=http --zone=public --permanent
firewall-cmd --add-service=https --zone=public --permanent

# Check current setting
firewall-cmd --list-services --zone=public --permanent
ssh dhcpv6-client http https