Redis on PHP7 for Centos 7

Add Redis

yum install redis


Install PHP 7

yum install php72w-pecl-redis


Configure Redis

vi /etc/redis.conf

maxmemory 128mb
maxmemory-policy allkeys-lru


Enabling Redis modules

systemctl enable redis
systemctl start redis

SE module

setsebool -P httpd_can_network_connect 1

Configure WordPress for Redis

Next, edit the wp-config.php file to add a cache key salt with the name of your site (or any string you would like).

define('WP_CACHE_KEY_SALT', '');


Installing the Redis Object Cache plugin


Notice the “Connected” status as well as your accurate Host, Port, Database and Password.

MariaDB 10.3 on Centos 7

Add MariaDB Repositories

To install MariaDB mainline repository in CentOS 7, run commands below to create a MariaDB repository on your system

curl -sS | sudo bash

To install MariaDB CentOS 7 after adding the new repository, run the commands below.

yum update
yum install MariaDB-server MariaDB-client

Starting Database

systemctl start mysql.service
systemctl enable mariadb.service


By default, MariaDB wont have root password and its security issue. So, run the below command to secure MariaDB installation, this will set root password for MariaDB also set other permission and remove test databases tool



Nginx on Centos 7

Download Latest Nginx

To install Nginx’s mainline repository in CentOS 7, run commands below to create a Nginx’s repository on your system

vi /etc/yum.repos.d/nginx.repo

Then copy and paste the lines below into the file and save it.

name=nginx repo

To install Nginx CentOS 7 after adding the new repository, run the commands below.

yum update
yum install nginx


Nginx does not start on its own. To get Nginx running, type:

systemctl start nginx
systemctl enable nginx


If you are running a firewall, run the following commands to allow HTTP and HTTPS traffic:

firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload

Create some users

Its safer to create another user to own the directories which is not the owner of the Nginx process.

groupadd www-data
useradd -g www-data -s /sbin/nologin -M www-data


If the port or top level directory is changed then the following lines need to be added.

setsebool httpd_can_network_connect on –P
chcon -Rt httpd_sys_content_t /var/www/wordpress
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/wordpress(/.*)?"
restorecon –R –v /var/www/wordpress

Basic Setup


server {
  listen       80;
  server_name  localhost;

  access_log  /var/log/nginx/access.log  main;

        root /var/www/;
        index index.html index.htm index.php;

        location / {
                try_files $uri $uri/ /index.html index.php;

  fastcgi_buffers 16 16k;
  fastcgi_buffer_size 32k;

        # pass the PHP scripts to FastCGI server listening on the php-fpm socket
        location ~ \.php$ {
                try_files $uri =404;
                fastcgi_pass unix:/var/run/php-fpm/php7.0-fpm.sock;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;



Automatic updates on Centos 7

Install yum cron

vi /etc/yum/yum-cron.conf

Change to automatically download updates :

download-updates = yes 
apply_updates = yes
emit_via  = email

Run the following commands to enable and start

systemctl start yum-cron
systemctl enable yum-cron



Centos 7 Base Build

Here are some basic build notes for Centos 7

Get Latest Updates

yum update


timedatectl set-timezone Europe/London


sudo yum install ntp

Next, you need to start the service for this session. We will also enable the service so that it is automatically started each time the server boots:

sudo systemctl start ntpd
sudo systemctl enable ntpd


dd if=/dev/zero of=/mnt/swapfile bs=1M count=1024
mkswap /mnt/swapfile
chmod 600 /mnt/swapfile
sh -c 'echo "/mnt/swapfile none swap sw 0 0" >> /etc/fstab'

swapon /mnt/swapfile

free -m


yum install epel-release
yum install wget htop sysstat net-tools zip unzip mailx


Add / Change SSH Port 2222
#Check Firewall port is added – Firewall maybe running by default
firewall-cmd --zone=public --add-port=2222/tcp --permanent
firewall-cmd --reload

Add SElinux check

semanage port -a -t ssh_port_t -p tcp 2222
service sshd restart

Enable SElinux

yum install policycoreutils-python
vi /etc/selinux/config

Create user (with sudo)

adduser user
usermod -aG wheel user
passwd user

Enable SysStat

systemctl enable sysstat
systemctl start sysstat

Using SSH Public Keys

vi /etc/ssh/sshd_config
PermitRootLogin no
PubkeyAuthentication yes
AuthorizedKeyFile .ssh/authorized_keys
PasswordAuthentication no
ChallengeResponseAuthentication no
systemctl restart sshd
su - user
mkdir .ssh
chmod 700 .ssh
cd .ssh
touch authorized_keys
chmod 600 authorized_keys