Difference between revisions of "CentOS Server Config"
Jump to navigation
Jump to search
(11 intermediate revisions by 2 users not shown) | |||
Line 5: | Line 5: | ||
==Components== | ==Components== | ||
* CentOS 7 | * CentOS 7 | ||
+ | * [[SELinux]] | ||
+ | * [[firewalld]] | ||
* [[nginx]] | * [[nginx]] | ||
+ | * [[node]], npm | ||
==Important files== | ==Important files== | ||
Line 17: | Line 20: | ||
===Log files=== | ===Log files=== | ||
− | * /var/log/ | + | * /var/log/nginx/*.log |
+ | * var/log/audit/audit.log - SELinux denials (AVC messages) go in here | ||
+ | * /var/log/messages - messages go in here ONLY if setroubleshootd is running | ||
+ | ** If it's not running use <code>sedispatch</code> command | ||
==Steps== | ==Steps== | ||
Line 24: | Line 30: | ||
* Make sure /var/lib/php/session directory is group is nginx | * Make sure /var/lib/php/session directory is group is nginx | ||
+ | ==SELinux== | ||
+ | * <code>ss -x -a -Z</code> - Get a list of all unix sockets and their contexts | ||
+ | |||
+ | ===firewalld=== | ||
+ | * [https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-7 Setting up firewall d on centos 7] | ||
+ | * zones, from least trusted to most trusted | ||
+ | *# drop | ||
+ | *# block | ||
+ | *# public | ||
+ | *# external | ||
+ | *# internal | ||
+ | *# dmz | ||
+ | *# work | ||
+ | *# home | ||
+ | *# trusted | ||
+ | * firewall-cmd --state | ||
+ | * firewall-cmd --get-default-zone | ||
+ | * firewall-cmd --list-ports | ||
+ | * firewall-cmd --permanent --zone=public --add-port=8001/tcp | ||
+ | ===Vue.js=== | ||
+ | * npm install -g npm | ||
+ | * npm install -g @vue/cli | ||
==Troubleshooting== | ==Troubleshooting== | ||
* systemctl status php-fpm | * systemctl status php-fpm | ||
+ | * Remember there are weird rules about the /tmp directory. Check the <code>PrivateTmp=true</code> opton in the config. | ||
+ | * Remember that <code>No such file or directory</code> is different than <code>Permission denied</code>, which is different from <code>Connection refused</code> |
Latest revision as of 14:43, 10 October 2019
Contents
References
Components
Important files
- TBD: set up a tmux that opens up all of these automatically
Config files
- /etc/nginx/nginx.conf
- /etc/php-fpm.d/www.conf
- /etc/php.ini
Log files
- /var/log/nginx/*.log
- var/log/audit/audit.log - SELinux denials (AVC messages) go in here
- /var/log/messages - messages go in here ONLY if setroubleshootd is running
- If it's not running use
sedispatch
command
- If it's not running use
Steps
- Change the listen variables in /etc/php-fpm.d/www.conf to match with the nginx child processes users
- systemctl restart php-fpm
- Make sure /var/lib/php/session directory is group is nginx
SELinux
ss -x -a -Z
- Get a list of all unix sockets and their contexts
firewalld
- Setting up firewall d on centos 7
- zones, from least trusted to most trusted
- drop
- block
- public
- external
- internal
- dmz
- work
- home
- trusted
- firewall-cmd --state
- firewall-cmd --get-default-zone
- firewall-cmd --list-ports
- firewall-cmd --permanent --zone=public --add-port=8001/tcp
Vue.js
- npm install -g npm
- npm install -g @vue/cli
Troubleshooting
- systemctl status php-fpm
- Remember there are weird rules about the /tmp directory. Check the
PrivateTmp=true
opton in the config. - Remember that
No such file or directory
is different thanPermission denied
, which is different fromConnection refused