IS VM User Manual 2024

# IS VM User Manual 2024 # 00-Access & Desktop Env ## access: - SSH, RDP ## Desktop輸入法 ### 新增: - 右上角 EN(or鍵盤)點右鍵, Reference, Input Method, Add, Chinese - 輸入法中英對照: - 注音Zhuyin - 行列Array - 倉頡Cangjie - 大易dayi3 - 嘸蝦米liu - 切換輸入法: Windows + Space - 切換中英文: Shift ## bypass Vscode keep asking for creating keyring - Ctrl + Shift + P: References: Configure Runtime Arguments - Add: "password-store": "basic" # 01-Environment ## OS: - Rocky Linux 9 ## php & php-fpm config root - /etc - php.ini - php.d/* - php-fpm.conf - php-fpm.d/* ## nginx config root - /etc/nginx ## firewall => nftables - /etc/sysconfig/nftables.conf # 02-Project Permssion ## 專案目錄 - /IS_ShareSpace/ncu_app ## 專案權限需求 - nginx 要寫入的檔案&目錄, 群組必需是, nginx, 群組權限必需是 rws - 除了 nginx 要寫入的檔案&目錄之外, 其它檔案的權限是 664, 目錄的權限是 775 - 其它檔案&目錄的 group 是 cis - nginx 要寫入的檔案&目錄, selinux 的 type 為 httpd_sys_rw_content_t - nginx 要讀取的檔案&目錄, selinux 的 type 為 httpd_sys_content_t - nginx 要寫入的檔案&目錄, eg: - PROJECT/storage/* - PROJECT/bootstrap/cache - PROJECT/logs ## 修正權限 ``` cd /IS_ShareSpace/ncu_app sudo chgrp -R 'domain users' ./* sudo find ./PROJECT -type f -exec chmod g+w {} \; sudo find ./PROJECT -type d -exec chmod g+ws {} \; cd PROJECT sudo chgrp -R nginx ./storage/* ./bootstrap/cache sudo chcon -Rh -t httpd_sys_rw_content_t ./storage/* ./bootstrap/cache composer install cp .env.example .env php artisan key:generate ``` # 03-nginx config in project ## 注意事項 - 專案不應該同時有兩個 nginx 設定檔 ( PROJECT/config/nginx.???(?).conf ) - nginx 設定檔在變更後, 需要重啟 nginx ; 重啟指令如下 - systemctl restart nginx - 我們將專案專屬的 nginx 設定檔放在專案目錄內, nginx 設定檔就會跟隨專案上 git , 如此一來可以: - 減少重建時的困擾 - 增加設定檔一致性 # 04-php(8) project for dev/test/prod ## Basic - doc root directory: - /var/www/html - url: - http://{{ IP }}/PROJECT ## expose project ln -s /IS_ShareSpace/ncu_app/PROJECT/public/ /var/www/html/PROJECT ## 專案 nginx 設定檔 - /IS_ShareSpace/ncu_app/PROJECT/config/nginx.php.conf ``` location /PROJECT { try_files $uri $uri/ /PROJECT/index.php?$query_string; } ``` ## 重啟 nginx: systemctl restart nginx # 11-設定 root 通知轉寄, 包含安全性更新通知 - edit: /etc/aliases - add this ``` root: YOUR@EMAILADDRESS ``` - execute ``` sudo newaliases ``` # 31-FAQ ## 遠端桌面當了 => 重開機 - 1. login via ssh - 2. execute command below ``` sudo reboot ``` ## 遠端桌面剪貼失效 - a. 關閉 mstsc, 重新啟動 mstsc # **⟱⟱⟱ PHP5 ⟱⟱⟱** # 50-Environment for php56 ## php56 & php56-php-fpm config root - /etc/opt/remi/php56 - php.ini - php.d/* - php-fpm.conf - php-fpm.d/* # ==⍗⍗⍗ For Development VM ONLY ⍗⍗⍗== # 51-php5 project FOR DEV ## Basic - doc root dir: - /var/www/htdocs - url: - http(s)://{{ IP }}:805/PROJECT ## enable php56-php-fpm & add nginx config for php5 ``` systemctl unmask php56-php-fpm systemctl enable php56-php-fpm --now cp /etc/nginx/conf.d/php5.conf.sample /etc/nginx/conf.d/php5.conf systemctl restart nginx ``` ## enable firewall(nftables) - vi /etc/sysconfig/nftables.conf - uncomment the line contained port 805 - 重啟 nftables ## expose Project ln -s /IS_ShareSpace/ncu_app/PROJECT/html/ /IS_ShareSpace/htdocs/PROJECT_html ## 建立專案進入點檔案 - /IS_ShareSpace/htdocs/PROJECT - 雖然它是 php 檔，但請不要加副檔名 .php ``` <?php ini_set('display_errors', 'On'); $enable_db="1"; //1:第一組(測試機) 2:第二組(正式機) include ('/IS_ShareSpace/ncu_app/PROJECT/main.php'); ?> ``` ## 專案 nginx 設定檔 - /IS_ShareSpace/ncu_app/PROJECT/config/nginx.php5.conf ``` location ^~ /PROJECT_html/ {} location ~ /PROJECT { fastcgi_split_path_info ^(.+?)(/.*)$; if (!-f $document_root$fastcgi_script_name) { return 404; } fastcgi_pass 127.0.0.1:9005; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; fastcgi_read_timeout 600; } ``` ## 重啟 nginx # ==⍐⍐⍐ For Development VM ONLY ⍐⍐⍐== # **↧↧↧↧↧↧ For Test & Production VM ↧↧↧↧↧↧** # 52-php5 project FOR TEST & PROD ## Basic - nginx root dir: - /var/www/htdocs - url: - http(s)://{{ IP }}/PROJECT ## disable php8 ``` systemctl disable php-fpm --now ``` ## enable php56-php-fpm & add nginx config for php5 ``` systemctl unmask php56-php-fpm systemctl enable php56-php-fpm --now mv /etc/nginx/conf.d/php.conf /etc/nginx/conf.d/php.conf.bak cp /etc/nginx/conf.d/php5.conf.sample /etc/nginx/conf.d/php5.conf systemctl restart nginx ``` ## expose Project ln -s /IS_ShareSpace/ncu_app/PROJECT/html/ /IS_ShareSpace/htdocs/PROJECT_html ## 建立專案進入點檔案 - /IS_ShareSpace/htdocs/PROJECT - 雖然它是 php 檔，但請不要加副檔名 .php ``` <?php ini_set('display_errors', 'On'); $enable_db="1"; //1:第一組(測試機) 2:第二組(正式機) include ('/IS_ShareSpace/ncu_app/PROJECT/main.php'); ?> ``` - 專案 nginx 設定檔 - /IS_ShareSpace/ncu_app/PROJECT/config/nginx.php5.conf ``` location ^~ /PROJECT_html/ {} location ~ /PROJECT { fastcgi_split_path_info ^(.+?)(/.*)$; if (!-f $document_root$fastcgi_script_name) { return 404; } fastcgi_pass 127.0.0.1:9005; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; fastcgi_read_timeout 600; } ``` - 重啟 nginx # **↥↥↥↥↥↥ For Test & Production VM ↥↥↥↥↥↥**