CentOS Server Config

From Colettapedia
Jump to navigation Jump to search

References

Components

Important files

  • TBD: set up a tmux that opens up all of these automatically

Config files

  • /etc/nginx/nginx.conf
  • /etc/php-fpm.d/www.conf
  • /etc/php.ini

Log files

  • /var/log/nginx/*.log
  • var/log/audit/audit.log - SELinux denials (AVC messages) go in here
  • /var/log/messages - messages go in here ONLY if setroubleshootd is running
    • If it's not running use sedispatch command

Steps

  • Change the listen variables in /etc/php-fpm.d/www.conf to match with the nginx child processes users
    • systemctl restart php-fpm
  • Make sure /var/lib/php/session directory is group is nginx

SELinux

  • ss -x -a -Z - Get a list of all unix sockets and their contexts

firewalld

  • Setting up firewall d on centos 7
  • zones, from least trusted to most trusted
    1. drop
    2. block
    3. public
    4. external
    5. internal
    6. dmz
    7. work
    8. home
    9. trusted
  • firewall-cmd --state
  • firewall-cmd --get-default-zone
  • firewall-cmd --list-ports
  • firewall-cmd --permanent --zone=public --add-port=8001/tcp

Vue.js

  • npm install -g npm
  • npm install -g @vue/cli

Troubleshooting

  • systemctl status php-fpm
  • Remember there are weird rules about the /tmp directory. Check the PrivateTmp=true opton in the config.
  • Remember that No such file or directory is different than Permission denied, which is different from Connection refused