--- title: How to setup webserver tags: how-to, system administration --- How to Setup a Webserver === Currently at this time the following are version used: - CentOS 7 - MySQL 8 - Laravel 7.* - nodejs 12.16.3 Installing Mysql --- 1. Select appropriate binary, in the following address: `https://dev.mysql.com/downloads/repo/yum/` 2. Download selected binary by `wget https://dev.mysql.com/get/mysql80-community-release-el7-3.noarch.rpm` 3. Check md5sum if download is not corrupted `sudo md5sum mysql80-community-release-el7-3.noarch.rpm` 4. Add rpm package `sudo rpm –ivh mysql80-community-release-el7-3.noarch.rpm` 5. Install MySQL Server `sudo yum install mysql-server` 6. Check temporary password `sudo grep 'temporary password' /var/log/mysqld.log` 7. Run Mysql Secure Installation `mysql_secure_installation` #### Below are optional setup for MySQL security - Disabling Password Validation -To uninstall password validation** `mysql> UNINSTALL COMPONENT 'file://component_validate_password';` To install it back again, the command is: `mysql> INSTALL COMPONENT 'file://component_validate_password';` **To change policy strictness** ``` SET GLOBAL validate_password.policy = 0; // For LOW SET GLOBAL validate_password.policy = 1; // For MEDIUM SET GLOBAL validate_password.policy = 2; // For HIGH ``` - Creating specific user for database management 1. `mysql> CREATE USER 'user_name'@'%' IDENTIFIED WITH mysql_native_password BY 'user_password';` 2. `mysql> CREATE GRANT ALL PRIVILEGES ON `database`.* TO 'user_name'@'%';` ---- Installing system requirements for laravel --- **Installation steps based on Amazon Linux 2 AMI** 1. Install amazon-linux-extras if not yet already installed ``` sudo yum install -y amazon-linux-extras ``` 2. Check for versions available ``` sudo amazon-linux-extras | grep php ``` 3. Enable selected version ``` sudo amazon-linux-extras enable php7.4 ``` 4. Install php ``` sudo yum clean metadata sudo yum install php php-{pear,cgi,common,curl,mbstring,gd,mysqlnd,gettext,bcmath,json,xml,fpm,intl,zip,imap} ``` **Installation steps based on RHEL variant Distro** By default CentOs is shipped with php 5.4.16 which we dont want. 1. Install system development tools and allow centos to install latest packages ``` sudo yum -y install epel-release sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm sudo yum update sudo yum install yum-utils ``` 2. Set yum to install php73 ```sudo yum-config-manager --enable remi-php73 ``` 3. Install php ``` sudo yum install php php-cli php-gd php-json php-mysqlnd php-pdo php-perl-mcrypt php-mbstring php-xml php-opcache php-zip ``` Installing Nodejs --- 1. Download latest nodejs binary `wget https://nodejs.org/dist/v14.15.4/node-v14.15.4-linux-x64.tar.xz` 2. Unzip the binary archive to any directory you wanna install Node, I use /usr/local/lib/nodejs ``` sudo mkdir -p /usr/local/lib/nodejs sudo tar -xJvf node-v14.15.4-linux-x64.tar.xz -C /usr/local/lib/nodejs ``` 3. Set the environment variable ~/.profile, add below to the end ``` export PATH=/usr/local/lib/nodejs/node-v14.15.4-linux-x64/bin:$PATH ``` 4. Source shell profile ``` source ~/.bash_profile ``` --- Installing Composer --- 1. Download composer and install ```curl -sS https://getcomposer.org/installer |php``` 2. Move composer.phar to bin directory for global call ```sudo mv composer.phar /usr/local/bin/composer``` --- Setup correct user-group permission for web server --- 1. Create user group `sudo groupadd laravel` 2. Add ssh-user to group `sudo gpasswd -a ssh-user laravel` 3. Add web server user to group - for nginx `sudo gpasswd -a nginx laravel` - for apache either of the following command `sudo gpasswd -a apache laravel` `sudo gpasswd -a httpd laravel` 4. Navigate to your Application directory `sudo cd /path/to/your/beautiful/laravel-application` 5. This is an optional steps for resetting file and directory permissions to default ``` sudo find ./ -type d -exec chmod 755 {} \; sudo find ./ -type f -exec chmod 644 {} \; ``` 6. Give users part of the group the standard RW and RWX ``` sudo chown -R :laravel ./storage sudo chown -R :laravel ./bootstrap/cache sudo chgrp laravel /path/to/your/beautiful/laravel-application sudo chmod g+s /path/to/your/beautiful/laravel-application sudo find ./storage -type d -exec chmod 775 {} \; sudo find ./bootstrap/cache -type d -exec chmod 775 {} \; sudo find ./storage -type f -exec chmod 664 {} \; sudo find ./bootstrap/cache -type f -exec chmod 664 {} \; ``` 7. Give the newly created files/directories the group of the parent directory ``` sudo find ./bootstrap/cache -type d -exec chmod g+s {} \; sudo find ./storage -type d -exec chmod g+s {} \; ``` 8. Let newly created files/directories inherit the default owner This set permissions up to maximum permission of rwx e.g. new files get 664 and olders get 775 ``` sudo setfacl -R -d -m g::rwx ./storage sudo setfacl -R -d -m g::rwx ./bootstrap/cache ``` 9. Set File permission for .ht files ``` sudo chmod 0755 .htaccess ``` 10. Update the web server config to use the appropriate user and group - For Apache: update config commonly at `/etc/httpd` - For Nginx: update nginx config commonly at `/etc/nginx` - For PHP-FPM: update pool config commonly at `/etc/php/fpm/pool.d` OR /etc/php-fpm.d/www.conf 11. Test your application #### NOTE For laravel projects manually create the data folder for cache on ./storage/framework/cache/ to avoid cache permission issue