Redis on PHP7 for Centos 7

Add Redis

yum install redis

 

Install PHP 7

yum install php72w-pecl-redis

 

Configure Redis

vi /etc/redis.conf

maxmemory 128mb
maxmemory-policy allkeys-lru

 

Enabling Redis modules

systemctl enable redis
systemctl start redis

SE module

setsebool -P httpd_can_network_connect 1

Configure WordPress for Redis

Next, edit the wp-config.php file to add a cache key salt with the name of your site (or any string you would like).

define('WP_CACHE_KEY_SALT', 'sitename.com');

 

Installing the Redis Object Cache plugin

 

Notice the “Connected” status as well as your accurate Host, Port, Database and Password.

MariaDB 10.3 on Centos 7

Add MariaDB Repositories

To install MariaDB mainline repository in CentOS 7, run commands below to create a MariaDB repository on your system

curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash

To install MariaDB CentOS 7 after adding the new repository, run the commands below.

yum update
yum install MariaDB-server MariaDB-client

Starting Database

systemctl start mysql.service
systemctl enable mariadb.service

Securing

By default, MariaDB wont have root password and its security issue. So, run the below command to secure MariaDB installation, this will set root password for MariaDB also set other permission and remove test databases tool

mysql_secure_installation

 

Nginx on Centos 7

Download Latest Nginx


To install Nginx’s mainline repository in CentOS 7, run commands below to create a Nginx’s repository on your system

vi /etc/yum.repos.d/nginx.repo

Then copy and paste the lines below into the file and save it.

name=nginx repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

To install Nginx CentOS 7 after adding the new repository, run the commands below.

yum update
yum install nginx

Enabling

Nginx does not start on its own. To get Nginx running, type:

systemctl start nginx
systemctl enable nginx

Firewall

If you are running a firewall, run the following commands to allow HTTP and HTTPS traffic:

firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload

Create some users

Its safer to create another user to own the directories which is not the owner of the Nginx process.

groupadd www-data
useradd -g www-data -s /sbin/nologin -M www-data

SELinix

If the port or top level directory is changed then the following lines need to be added.

setsebool httpd_can_network_connect on –P
chcon -Rt httpd_sys_content_t /var/www/wordpress
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/wordpress(/.*)?"
restorecon –R –v /var/www/wordpress

Basic Setup

/etc/nginx/conf.d/default.conf

server {
  listen       80;
  server_name  localhost;

  access_log  /var/log/nginx/access.log  main;

        root /var/www/;
        index index.html index.htm index.php;

        location / {
                try_files $uri $uri/ /index.html index.php;
        }

  fastcgi_buffers 16 16k;
  fastcgi_buffer_size 32k;

        # pass the PHP scripts to FastCGI server listening on the php-fpm socket
        location ~ \.php$ {
                try_files $uri =404;
                fastcgi_pass unix:/var/run/php-fpm/php7.0-fpm.sock;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;

        }
}

 

Automatic updates on Centos 7

Install yum cron

vi /etc/yum/yum-cron.conf

Change to automatically download updates :

download-updates = yes 
apply_updates = yes
emit_via  = email

Run the following commands to enable and start

systemctl start yum-cron
systemctl enable yum-cron

 

 

Centos 7 Base Build

Here are some basic build notes for Centos 7

Get Latest Updates

yum update

Timezone

timedatectl set-timezone Europe/London

NTP

sudo yum install ntp

Next, you need to start the service for this session. We will also enable the service so that it is automatically started each time the server boots:

sudo systemctl start ntpd
sudo systemctl enable ntpd

Swapfile

dd if=/dev/zero of=/mnt/swapfile bs=1M count=1024
mkswap /mnt/swapfile
chmod 600 /mnt/swapfile
sh -c 'echo "/mnt/swapfile none swap sw 0 0" >> /etc/fstab'

swapon /mnt/swapfile

free -m

Essentials

yum install epel-release
yum install wget htop sysstat net-tools zip unzip mailx

SSH

/etc/ssh/sshd_config
Add / Change SSH Port 2222
#Check Firewall port is added – Firewall maybe running by default
firewall-cmd --zone=public --add-port=2222/tcp --permanent
firewall-cmd --reload

Add SElinux check

semanage port -a -t ssh_port_t -p tcp 2222
service sshd restart

Enable SElinux

yum install policycoreutils-python
vi /etc/selinux/config

Create user (with sudo)

adduser user
usermod -aG wheel user
passwd user

Enable SysStat

systemctl enable sysstat
systemctl start sysstat

Using SSH Public Keys

vi /etc/ssh/sshd_config
PermitRootLogin no
PubkeyAuthentication yes
AuthorizedKeyFile .ssh/authorized_keys
PasswordAuthentication no
ChallengeResponseAuthentication no
systemctl restart sshd
su - user
mkdir .ssh
chmod 700 .ssh
cd .ssh
touch authorized_keys
chmod 600 authorized_keys