Go to Qiita Advent Calendar 2024 Top
LoginSignup
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

@taroshin(taro shin)in株式会社フルスピード

VPS設定したのでメモ

Last updated at Posted at 2018-12-21

VPS設定したのでメモ

Basic Setting

vim /etc/sysconfig/selinux
-----------------------
SELINUX=disabled
-----------------------
reboot

yum update
yum -y install epel-release
rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm

localectl set-locale LANG=ja_JP.utf8
localectl set-locale LC_CTYPE=ja_JP.utf8
cat /etc/locale.conf
System User Setting
useradd admin
passwd

visudo
----------------------------------
admin  ALL=(ALL) ALL
----------------------------------

# Create SSH key
su - admin
ssh-keygen -t rsa -b 4096
mv .ssh/id_rsa.pub .ssh/authorized_keys
chmod 600 .ssh/authorized_keys

SSH Setting

# Allow only private key auth
vim /etc/ssh/sshd_config
--------------------------------------
PermitRootLogin no
PasswordAuthentication no
--------------------------------------

systemctl restart sshd

Apache Setting

yum install httpd mod_ssl open_ssl
systemctl start httpd
systemctl enable httpd

vim /etc/httpd/conf/httpd.conf
--------------------------------------------
ServerName [hostname]

# DocumentRoot "/var/www/html" -> Comment out
--------------------------------------------

vim /etc/httpd/conf.d/ssl.conf
--------------------------------------------
SSLCertificateFile {path/to/crt}
SSLCertificateKeyFile {path/to/key}
--------------------------------------------

vim /etc/httpd/conf.d/example.com.conf
--------------------------------------------
<VirtualHost *:80>
    ServerName example.com
    ServerAlias *.example.com
    DocumentRoot /var/www/html
    <Directory "/var/www/html">
        AllowOverride All
    </Directory>
</VirtualHost>

<VirtualHost *:443>
    ServerName example.com
    ServerAlias *.example.com
    DocumentRoot /var/www/html
    SSLEngine on
    SSLCertificateFile /etc/httpd/conf/ssl/example.com.crt
    SSLCertificateKeyFile /etc/httpd/conf/ssl/example.com.key
    <Directory "/var/www/html">
        AllowOverride All
    </Directory>
</VirtualHost>
--------------------------------------------

PHP Setting

yum install --enablerepo=remi,remi-php70 php php-devel php-mbstring php-pdo php-gd php-mysqlnd php-mysql


vim /etc/php.ini
--------------------------------------------
display_errors = On
date.timezone = "Asia/Tokyo"
mbstring.language = Japanese
--------------------------------------------

MySQL Setting

yum -y install http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm

# Enable mysql57
vim /etc/yum.repos.d/mysql-community.repo
-------------------------------------------
[mysql57-community-dmr]
enabled=1
-------------------------------------------

yum info mysql-community-server
yum install mysql-community-server

systemctl start mysqld
systemctl enable mysqld

# Find initial password of root user
cat /var/log/mysqld.log | grep 'temporary password'

# Security setting
mysql_secure_installation

# Must change root password first, and create user for the project
mysql -u root -p
mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('password string');
mysql> CREATE DATABASE {db-name};
mysql> GRANT ALL ON {db-name}.* TO {db-user}@'%' IDENTIFIED BY '9%aG9SmE$(FS';

SMTP Setting

In this server, doesn’t receive mail, only sending.
have checked postfix is already working.

# Check mta
ps x | grep postfix
----------------------------------------------------------------------
 3664 ?        Ss     0:00 /usr/libexec/postfix/master -w
 4648 pts/1    S+     0:00 grep --color=auto postfix
----------------------------------------------------------------------

# Check sending mail with mail command
mail test@example.com
Subject: test
test 
.
EOT

Firewall Setting

# Check if it is working
systemctl is-enabled firewalld
enabled
systemctl start firewalld

# Check zone info and NIC info
firewall-cmd --list-all
ip a

# Check current setting in the zone “public”
firewall-cmd --list-services --zone=public --permanent
ssh dhcpv6-client

# Check services which is able to be add into the firewall
firewall-cmd --get-services

# Check service file of firewall.
cat /usr/lib/firewalld/services/http.xml

# Add services to the zone “public”
firewall-cmd --add-service=http --zone=public --permanent
firewall-cmd --add-service=https --zone=public --permanent

# Check current setting
firewall-cmd --list-services --zone=public --permanent
ssh dhcpv6-client http https
0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?