Difference between revisions of "CentOS Server Config"
Jump to navigation
Jump to search
(→Steps) |
|||
| (8 intermediate revisions by 2 users not shown) | |||
| Line 5: | Line 5: | ||
==Components== | ==Components== | ||
* CentOS 7 | * CentOS 7 | ||
| + | * [[SELinux]] | ||
| + | * [[firewalld]] | ||
* [[nginx]] | * [[nginx]] | ||
* [[node]], npm | * [[node]], npm | ||
| Line 19: | Line 21: | ||
===Log files=== | ===Log files=== | ||
* /var/log/nginx/*.log | * /var/log/nginx/*.log | ||
| − | * var/log/audit/audit.log - SELinux | + | * var/log/audit/audit.log - SELinux denials (AVC messages) go in here |
| + | * /var/log/messages - messages go in here ONLY if setroubleshootd is running | ||
| + | ** If it's not running use <code>sedispatch</code> command | ||
==Steps== | ==Steps== | ||
| Line 25: | Line 29: | ||
** systemctl restart php-fpm | ** systemctl restart php-fpm | ||
* Make sure /var/lib/php/session directory is group is nginx | * Make sure /var/lib/php/session directory is group is nginx | ||
| − | ===Vue.js== | + | |
| + | ==SELinux== | ||
| + | * <code>ss -x -a -Z</code> - Get a list of all unix sockets and their contexts | ||
| + | |||
| + | ===firewalld=== | ||
| + | * [https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-7 Setting up firewall d on centos 7] | ||
| + | * zones, from least trusted to most trusted | ||
| + | *# drop | ||
| + | *# block | ||
| + | *# public | ||
| + | *# external | ||
| + | *# internal | ||
| + | *# dmz | ||
| + | *# work | ||
| + | *# home | ||
| + | *# trusted | ||
| + | * firewall-cmd --state | ||
| + | * firewall-cmd --get-default-zone | ||
| + | * firewall-cmd --list-ports | ||
| + | * firewall-cmd --permanent --zone=public --add-port=8001/tcp | ||
| + | ===Vue.js=== | ||
* npm install -g npm | * npm install -g npm | ||
* npm install -g @vue/cli | * npm install -g @vue/cli | ||
| Line 31: | Line 55: | ||
==Troubleshooting== | ==Troubleshooting== | ||
* systemctl status php-fpm | * systemctl status php-fpm | ||
| + | * Remember there are weird rules about the /tmp directory. Check the <code>PrivateTmp=true</code> opton in the config. | ||
| + | * Remember that <code>No such file or directory</code> is different than <code>Permission denied</code>, which is different from <code>Connection refused</code> | ||
Latest revision as of 14:43, 10 October 2019
Contents
References
Components
Important files
- TBD: set up a tmux that opens up all of these automatically
Config files
- /etc/nginx/nginx.conf
- /etc/php-fpm.d/www.conf
- /etc/php.ini
Log files
- /var/log/nginx/*.log
- var/log/audit/audit.log - SELinux denials (AVC messages) go in here
- /var/log/messages - messages go in here ONLY if setroubleshootd is running
- If it's not running use
sedispatchcommand
- If it's not running use
Steps
- Change the listen variables in /etc/php-fpm.d/www.conf to match with the nginx child processes users
- systemctl restart php-fpm
- Make sure /var/lib/php/session directory is group is nginx
SELinux
ss -x -a -Z- Get a list of all unix sockets and their contexts
firewalld
- Setting up firewall d on centos 7
- zones, from least trusted to most trusted
- drop
- block
- public
- external
- internal
- dmz
- work
- home
- trusted
- firewall-cmd --state
- firewall-cmd --get-default-zone
- firewall-cmd --list-ports
- firewall-cmd --permanent --zone=public --add-port=8001/tcp
Vue.js
- npm install -g npm
- npm install -g @vue/cli
Troubleshooting
- systemctl status php-fpm
- Remember there are weird rules about the /tmp directory. Check the
PrivateTmp=trueopton in the config. - Remember that
No such file or directoryis different thanPermission denied, which is different fromConnection refused
