Difference between revisions of "CentOS Server Config"

References

• Serve PHP with PHP-FPM and NGINX

Components

• CentOS 7
• SELinux
• firewalld
• nginx
• node, npm

Important files

• TBD: set up a tmux that opens up all of these automatically

Config files

• /etc/nginx/nginx.conf
• /etc/php-fpm.d/www.conf
• /etc/php.ini

Log files

• /var/log/nginx/*.log
• var/log/audit/audit.log - SELinux denials (AVC messages) go in here
• /var/log/messages - messages go in here ONLY if setroubleshootd is running
  • If it's not running use sedispatch command

Steps

• Change the listen variables in /etc/php-fpm.d/www.conf to match with the nginx child processes users
  • systemctl restart php-fpm
• Make sure /var/lib/php/session directory is group is nginx

SELinux

• ss -x -a -Z - Get a list of all unix sockets and their contexts

firewalld

• Setting up firewall d on centos 7
• zones, from least trusted to most trusted
  1. drop
  2. block
  3. public
  4. external
  5. internal
  6. dmz
  7. work
  8. home
  9. trusted
• firewall-cmd --state
• firewall-cmd --get-default-zone
• firewall-cmd --list-ports
• firewall-cmd --permanent --zone=public --add-port=8001/tcp

Vue.js

• npm install -g npm
• npm install -g @vue/cli

Troubleshooting

• systemctl status php-fpm
• Remember there are weird rules about the /tmp directory. Check the PrivateTmp=true opton in the config.
• Remember that No such file or directory is different than Permission denied, which is different from Connection refused