# VARIABLES:
# my_ip_address: 23.253.55.25
# my_first_not_root_user: admin
# my_ssh_port: 4972
# my_bitbucket_project_1_owner_username: abovemarket
# my_bitbucket_project_1_name: logs.abovemarket.com
# my_bitbucket_project_2_owner_username: abovemarket
# my_bitbucket_project_2_name: new.abovemarket.com
# my_server_admin_email_address: john.erck@abovemarket.com
# my_local_path_to_wildcard_crt: ~/Business/Above\ Market/SSL/STAR_abovemarket_com/STAR_abovemarket_com.crt
# my_local_path_to_wildcard_ca_bundle: ~/Business/Above\ Market/SSL/STAR_abovemarket_com/STAR_abovemarket_com.ca-bundle
# my_local_path_to_wildcard_pem: ~/Business/Above\ Market/SSL/STAR_abovemarket_com.pem
# my_local_path_to_wildcard_key: ~/Business/Above\ Market/SSL/STAR_abovemarket_com.key
# my_remote_filename_for_wildcard_crt: STAR_abovemarket_com.crt
# my_remote_filename_for_ca_bundle: STAR_abovemarket_com.ca-bundle
# my_remote_filename_for_pem: STAR_abovemarket_com.pem
# my_remote_filename_for_key: STAR_abovemarket_com.key
# Create new CentOS 7 box, then:
ssh root@my_ip_address
passwd
useradd my_first_not_root_user
passwd my_first_not_root_user
visudo # Add "my_first_not_root_user ALL=(ALL) ALL" after "root"
nano /etc/ssh/sshd_config # Update "Port" to my_ssh_port
systemctl restart sshd.service
vim myfirewall
# myfirewall TEMPLATE TEXT OPEN
#!/bin/bash
#
# iptables example configuration script
#
# Flush all current rules from iptables
#
iptables -F
#
# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
#
#
# Accepts all established inbound connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#
#
# Allows all outbound traffic
# You can modify this to only allow certain traffic
iptables -A OUTPUT -j ACCEPT
#
#
# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
#
#
# Allows SSH connections
#
# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
#
iptables -A INPUT -p tcp -m state --state NEW --dport my_ssh_port -j ACCEPT
#
#
# Allow ping
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
#
#
# log iptables denied calls
iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
#
#
# Reject all other inbound - default deny unless explicitly allowed policy
iptables -A INPUT -j REJECT
iptables -A FORWARD -j REJECT
#
#
# Save settings
#
/sbin/service iptables save
#
# List rules
#
iptables -L -v
#
# myfirewall TEMPLATE TEXT CLOSE
chmod +x myfirewall
./myfirewall
yum update
yum install httpd # Apache
yum install mysql # For release purposes needed on app server
yum install php php-mysql # The mother ship
yum install php-gd # Needed for app server image processing functions to work
yum install git
yum install mod_ssl openssl
systemctl enable httpd.service # So that it will automatically start after a reboot
exit
scp -P my_ssh_port ~/.ssh/id_rsa.pub root@my_ip_address:my_machine_id_rsa.pub
ssh -p my_ssh_port root@my_ip_address
cat my_machine_id_rsa.pub >> ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
restorecon -Rv ~/.ssh # Ensure the correct SELinux contexts are set
exit
scp -P my_ssh_port ~/.ssh/id_rsa.pub admin@my_ip_address:my_machine_id_rsa.pub
ssh -p my_ssh_port admin@my_ip_address
cat my_machine_id_rsa.pub >> ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
restorecon -Rv ~/.ssh # Ensure the correct SELinux contexts are set
ssh-keygen -t rsa -C "my_server_admin_email_address"
cat /home/my_first_not_root_user/.ssh/id_rsa.pub
# Then, go to: https://bitbucket.org/my_bitbucket_project_1_owner_username/my_bitbucket_project_1_name/admin/deploy-keys
# and add the key as "my_first_not_root_user@my_ip_address"
# Then, go to: https://bitbucket.org/my_bitbucket_project_2_owner_username/my_bitbucket_project_2_name/admin/deploy-keys
# and add the key as "my_first_not_root_user@my_ip_address"
exit
# Copy your SSL certificate file and the certificate bundle file to your Apache server.
# You should already have a key file on the server from when you generated your certificate
# request. If not, transfer that too.
scp -P my_ssh_port my_local_path_to_wildcard_crt root@my_ip_address:my_remote_filename_for_wildcard_crt
scp -P my_ssh_port my_local_path_to_wildcard_ca_bundle root@my_ip_address:my_remote_filename_for_ca_bundle
scp -P my_ssh_port my_local_path_to_wildcard_pem root@my_ip_address:my_remote_filename_for_pem
scp -P my_ssh_port my_local_path_to_wildcard_key root@my_ip_address:my_remote_filename_for_key
ssh -p my_ssh_port root@my_ip_address
mv my_remote_filename_for_wildcard_crt /etc/pki/tls/certs/my_remote_filename_for_wildcard_crt
mv my_remote_filename_for_ca_bundle /etc/pki/tls/certs/my_remote_filename_for_ca_bundle
mv my_remote_filename_for_pem /etc/pki/tls/private/my_remote_filename_for_pem
mv my_remote_filename_for_key /etc/pki/tls/private/my_remote_filename_for_key
vim +/SSLCertificateFile /etc/httpd/conf.d/ssl.conf
# Update file like so:
SSLCertificateFile /etc/pki/tls/certs/my_remote_filename_for_wildcard_crt
SSLCertificateKeyFile /etc/pki/tls/private/my_remote_filename_for_key
SSLCACertificateFile /etc/pki/tls/certs/my_remote_filename_for_ca_bundle
systemctl restart httpd.service
mkdir -p /home/admin/my_bitbucket_project_1_name
mkdir -p /home/admin/my_bitbucket_project_2_name
chown -R my_first_not_root_user:my_first_not_root_user /home/admin/my_bitbucket_project_1_name
chown -R my_first_not_root_user:my_first_not_root_user /home/admin/my_bitbucket_project_2_name
su my_first_not_root_user
cd /home/admin/my_bitbucket_project_1_name
git clone git@bitbucket.org:my_bitbucket_project_1_owner_username/my_bitbucket_project_1_name.git .
cd /home/admin/my_bitbucket_project_2_name
git clone git@bitbucket.org:my_bitbucket_project_2_owner_username/my_bitbucket_project_2_name.git .
exit
mkdir /etc/httpd/sites-available
mkdir /etc/httpd/sites-enabled
vim /etc/httpd/conf/httpd.conf
# Add the following line to the end of the file:
IncludeOptional sites-enabled/*.conf
vim /etc/httpd/sites-available/my_bitbucket_project_1_name.conf
# Add the following text:
<VirtualHost *:80>
ServerName www.my_bitbucket_project_1_name
ServerAlias my_bitbucket_project_1_name
DocumentRoot /home/admin/my_bitbucket_project_1_name/www
ErrorLog /home/admin/my_bitbucket_project_1_name_error.log
CustomLog /home/admin/my_bitbucket_project_1_name_requests.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName www.my_bitbucket_project_1_name
ServerAlias my_bitbucket_project_1_name
DocumentRoot /home/admin/my_bitbucket_project_1_name/www
ErrorLog /home/admin/my_bitbucket_project_1_name_error.log
CustomLog /home/admin/my_bitbucket_project_1_name_requests.log combined
</VirtualHost>
vim /etc/httpd/sites-available/my_bitbucket_project_2_name.conf
# Add the following text:
<VirtualHost *:80>
ServerName www.my_bitbucket_project_2_name
ServerAlias my_bitbucket_project_2_name
DocumentRoot /home/admin/my_bitbucket_project_2_name/www
ErrorLog /home/admin/my_bitbucket_project_2_name_error.log
CustomLog /home/admin/my_bitbucket_project_2_name_requests.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName www.my_bitbucket_project_2_name
ServerAlias my_bitbucket_project_2_name
DocumentRoot /home/admin/my_bitbucket_project_2_name/www
ErrorLog /home/admin/my_bitbucket_project_2_name_error.log
CustomLog /home/admin/my_bitbucket_project_2_name_requests.log combined
</VirtualHost>
ln -s /etc/httpd/sites-available/my_bitbucket_project_1_name.conf /etc/httpd/sites-enabled/my_bitbucket_project_1_name.conf
ln -s /etc/httpd/sites-available/my_bitbucket_project_2_name.conf /etc/httpd/sites-enabled/my_bitbucket_project_2_name.conf
apachectl restart
# Make sure you've mapped your DNS records to point to my_ip_address for each of
# the project names/domains you setup.
# Boom, you're done.
Monday, December 15, 2014
Thoughts on setting up a CentOS 7 box
Subscribe to:
Post Comments (Atom)
About Me
- John Erck
- I code. I figured I should start a blog that keeps track of the many questions and answers that are asked and answered along the way. The name of my blog is "One Q, One A". The name describes the format. When searching for an answer to a problem, I typically have to visit more than one site to get enough information to solve the issue at hand. I always end up on stackoverflow.com, quora.com, random blogs, etc before the answer is obtained. In my blog, each post will consist of one question and one answer. All the noise encountered along the way will be omitted.
Sun Country Airlines Reservations
ReplyDeleteCopa Airlines Reservations
American Airlines Reservations
Air Canada Reservations
Air Canada Customer Service
Air Canada Booking
Southwest Airlines Official Site
Southwest Airlines Manage Booking
ReplyDeleteSouthwest Airlines Booking
southwest airlines book a flight
southwest airlines telefono
Southwest Telefono
spirit airlines telefono
copa airlines telefono USA
ReplyDeletecopa airlines telefono USA
united airlines telefono
united airlines en espaƱol telefono
Jetblue airlines reservations
westjet airlines official site
Copa Airlines Reservations
Aeromexico Reservations
ReplyDeleteAlaska Airlines Reservations Flights
Alaska Airlines Reservations Number
Allegiant Airlines Reservations Flights
Allegiant Airlines Reservations Flights
Delta Airlines Reservations Number
Delta Airlines Reservations Phone Number
United Airlines Flight
ReplyDeleteAmerican Airlines Reservations
Southwest Airlines Reservations
Singapore Airlines Reservations
Air Canada Reservations
American Airlines Booking
United Airlines Booking
Jetblue Airlines Reservations
ReplyDeleteAir France Reservations
Ethiopian Airlines booking
Alaska Airlines Cancellation Number
ReplyDeleteAlaska Airlines Reservation number
Alaska Airlines Booking number
Alaska Airlines Customer Service Number
Alaska Airlines Contact Number
Delta Airlines Cancellation Number
Delta Airlines Customer Service Number
Delta Airlines Booking Number
Delta airlines reservation number
Delta Airlines Phone Number
American Airlines Customer Service Phone Number
Spirit Airlines Customer Service Number
Spirit Airlines Reservation Number
Spirit Airlines Booking Number
Spirit Airlines Cancellation Number
Spirit Airlines Support Number
Southwest Airlines Reservations Thanks for the information provided by you it’s really great to help from your side but I got the complete solution from the mentioned site
ReplyDeleteI enjoyed over read your blog post. Your blog have nice information, Thanks for sharing. If you are looking for flight cancellation than visit Frontier Airlines Cancellation Policy for cancel flights
ReplyDeleteInformation you provide in this blog is very interesting and effective, I am happy to find such a nice blog. I have complete information about Frontier Airlines Refund policy
ReplyDeleteA good blog gives a lot more knowledge about this. I will continue to support your work Thank you. for information regarding flight-related issues visit us at United Airlines Reservations
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteInformation you provide in this blog is very interesting and effective, I am happy to find such a nice blog. I have complete information about American Airlines Vacations
ReplyDelete
ReplyDeleteI enjoyed over read your blog post. Your blog have nice information, Thanks for sharing. If you are looking for flight cancellation than visit American Airlines Cancellation Policy for cancel flights
Information you provide in this blog is very interesting and effective, I am happy to find such a nice blog. I have complete information about American Airlines Refund Policy
ReplyDeleteAlaska Airlines Cancellation Number
ReplyDeleteAlaska Airlines Reservation number
Alaska Airlines Booking number
Alaska Airlines Customer Service Number
Alaska Airlines Support Number
Alaska Airlines Manage Booking
Get 50% discount on all destinations with Alaska Airlines. For any Query Contact on Alaska Airlines Support Number +1-888-826-0067.
Spirit Airlines Customer Service Number
ReplyDeleteSpirit Airlines Reservation Number
Spirit Airlines Booking Number
Spirit Airlines Cancellation Number
Spirit Airlines Support Number
Airlines-gethuman.org is a platform where you can Find Contact Information for all the airlines, Assistance with booking your flights, and vacation packages easily. It helps you to save both, your money and your time.
ReplyDeleteSouthwest Airlines Reservations
Southwest Airlines Reservations
Southwest Airlines Flights
Delta Airlines Reservations Thanks for the nice blog. It was very useful for me. I’m happy I found this blog. Thank you for sharing with us,I too always learn something new from your post.
ReplyDeleteDelta Airlines cancellation policy Thanks for the nice blog. It was very useful for me. I’m happy I found this blog. Thank you for sharing with us, I too always learn something new from your post.
ReplyDeleteAlaska Airlines Booking Number Alaska Airlines Reservation Number Alaska Airlines Cancellation Number
ReplyDeleteSpirit Airlines Support Number,
Spirit Airlines Booking Number,
Spirit Airlines Reservation Number,
Spirit Airlines Manage Booking Number
Etihad Airways Cancellation Number, Etihad Airways Cancellation Policy, Etihad Airways Customer Care Number, Etihad Airways Manage Booking Number
Etihad Airways Cancellation Number, Etihad Airways Cancellation Policy, Etihad Airways Customer Care Number, Etihad Airways Manage Booking Number
singapore Airlines Manage Booking. Get lowest fares on Domestic and
ReplyDeleteInternational Singapore Airlines flight Booking with best discount & offers. Book your
Singapore Airlines Manage Booking Number manage booking Number
Singapore Airlines Manage Booking
Singapore Airlines Phone Number
Thank you for sharing your article and I hope you will share some more information about this..keep sharing!! and please visit our website.
ReplyDeleteIndia Broadcasting World brings you a complete package of the latest happenings Aoccuring in the Media & Entertainment Industry, Telecom Sector, Broadcasting & Cable TV Services in form of news, articles, guest articles.
trai
ibf
The carriers permit minor name amendment on approved tickets. Under the Qatar airlines name change, minor changes are permitted for the client’s name on the ticket coordinates precisely as it shows up on the officially sanctioned personal ID. Change name on the ticket is precluded as it’s anything but permitted to change the proprietorship starting with one traveler then onto the next. According to Qatar Airways name correction policy, no progressions would be allowed in the event of flight date, time. Minor adjustments would be permitted to the date of birth simply because of mistakes submitted at the hour of making a booking.
ReplyDeleteThe my device tab allows users to manage their HP devices. All registered devices can be accessed easily by users. www.hp com/123 you can create a new ID by simply signing in with your existing credentials. It is easy to track messages and updates the printer and PC of family members and friends. You can add their device information to the list and be notified automatically. My Services tab also provides information about subscribed and view services.
ReplyDeleteNorton.com Login this allows you to use and manage your subscription via a user-friendly interface (Norton Account). First, create your Norton Account before you begin the Norton.com login. After you have completed the Norton.com login process, you can download and install security updates. Not only that but you will also be notified every time Norton launches a new product.
Enjoy free video interviewing with the updated version of Jobma and connect to worldwide candidates to discover, engage and hire start talent for the position remotely. Jobma an online video interview platform that helps you structure recruitment interviews using live video, screen sharing, and analyzing the recordings.
ReplyDeleteFREE TRAIL
video interview platform
video interview software
Are you looking for the most affordable and amazing airfare deals on the Cheap Delta Flights Booking? This is the right place for you to grab the Cheapest Flights offers with Fares Match. Cheap air tickets are always available on Faresmatch - Find the best Low cost airline tickets and flight discount around the world.
ReplyDeleteFare Compare
Southwest Airlines Sale 69$
Alaska Airlines Booking
Delta Airlines Booking
Allegiant Airlines Booking
Southwest Airlines Flights
Spirit Airlines Booking
Cheap Flights Southwest Airlines
Hi, I'm cooper a passionate travel blogger. I have 2+ experience in travel blogging. I love adventures and hiking. With a passion for exploring the planet and bringing new lives into the world. Follow my blogs to know all my travel experiences and get amazing tips & tricks to make your travel experience amazing.
ReplyDeletehttps://airlines-gethuman.org/
Thanks for providing all the details and saving our time this blog definitely helped me a lot also if you want to book tickets for Delta Airlines Flights then visit airlines-gethuman.org. Also check out Delta Airlines Reservation before booking a ticket. https://airlines-gethuman.org/
ReplyDeleteIt was well written content provided by you. I would also like to add that airlines-gethuman.org is a platform where you can find contact information for all the airlines assistance for booking your flight and vacation package easily. Know everything about Delta Airlines Flights today effortlessly and save both your money and time. https://airlines-gethuman.org/
ReplyDeleteAre you having trouble with "Blerk Error 1" in AOL Mail? Our guide will help you diagnose and fix the issue so you can get back to using your email.
ReplyDeleteThanks for providing all the details and saving our time this blog definitely helped me a lot also if you want to book tickets for Delta Airlines Flights then visit airlines-gethuman.
ReplyDeleteVisit Panorama Exports
ReplyDeleteMany thanks for the efforts you have put into writing this site.
Seaborne Airlines