{"id":5705,"date":"2023-05-19T09:53:08","date_gmt":"2023-05-19T09:53:08","guid":{"rendered":"https:\/\/tst-amo.net.ua\/blog\/?p=5705"},"modified":"2023-07-12T16:04:48","modified_gmt":"2023-07-12T16:04:48","slug":"lamp-centos-7","status":"publish","type":"post","link":"https:\/\/tst-amo.net.ua\/blog\/?p=5705","title":{"rendered":"LAMP Centos 7 \u043d\u0430 AWS Lightsail"},"content":{"rendered":"<pre># yum install update<\/pre>\n<ul>\n<li><a href=\"https:\/\/tst-amo.net.ua\/blog\/?p=5713\">Timezone Centos 7<\/a><\/li>\n<\/ul>\n<pre># yum -y install https:\/\/dl.fedoraproject.org\/pub\/epel\/epel-release-latest-7.noarch.rpm\r\n# yum -y install https:\/\/rpms.remirepo.net\/enterprise\/remi-release-7.rpm\r\n\r\n# yum -y install yum-utils\r\n# yum-config-manager --enable remi-php72\r\n# yum update\r\n# yum install wget zip unzip\r\n# yum install httpd<\/pre>\n<h4>MariaDB<\/h4>\n<pre># yum install mariadb-server mariadb\r\n# mysql_secure_installation<\/pre>\n<p>And answer to questions in wizard:<\/p>\n<ul>\n<li>Switch to unix_socket authentication [Y\/n]\u00a0<strong>Y<\/strong><\/li>\n<li>Change the root password? [Y\/n]\u00a0<strong>Y<\/strong><\/li>\n<li>New password:\u00a0<strong>******<\/strong><\/li>\n<li>Re-enter new password: <strong>******<\/strong><\/li>\n<li>Remove anonymous users? [Y\/n]\u00a0<strong>Y<\/strong><\/li>\n<li>Disallow root login remotely? [Y\/n]\u00a0<strong>Y<\/strong><\/li>\n<li>Remove test database and access to it? [Y\/n]\u00a0<strong>Y<\/strong><\/li>\n<li>Reload privilege tables now? [Y\/n]\u00a0<strong>Y<\/strong><\/li>\n<\/ul>\n<h4>PhP<\/h4>\n<pre># yum install php php-common php-mcrypt php-cli php-gd php-curl php-mysql \r\nphp-xml php-mbstring php-sodium php-pecl-mysql<\/pre>\n<pre># yum install gcc php-devel php-pear\r\n# yum install ImageMagick ImageMagick-devel\r\n# pecl install imagick\r\n\r\nYou should add \"extension=imagick.so\" to php.ini \u0438\u043b\u0438 \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u0444\u0430\u0439\u043b\u0438\u043a \u0432 \r\n# vi \/etc\/php.d\/imagick.so\r\nextension=imagick.so<\/pre>\n<h4>ProFTP<\/h4>\n<pre>https:\/\/tst-amo.net.ua\/blog\/?p=2937\r\n# yum install proftpd\r\n<\/pre>\n<pre>mount -o bind \/var\/www\/html \/home\/aws\/html<\/pre>\n<h4>Apache<\/h4>\n<pre># httpd -M\r\n# yum install mod_ssl openssh \r\n# apachectl restart \r\n# httpd -t \r\n# systemctl status httpd<\/pre>\n<pre># cat httpd.conf | egrep \"^[^#]\"\r\nServerRoot \"\/etc\/httpd\"\r\nServerTokens ProductOnly\r\n  ServerSignature Off\r\n  Listen 0.0.0.0:80\r\n  Include conf.modules.d\/*.conf\r\n  User <span style=\"color: #ff0000;\">apache<\/span>\r\n  Group <span style=\"color: #ff0000;\">apache<\/span>\r\n  ServerAdmin root@localhost\r\n  ServerName <span style=\"color: #ff0000;\">aws.tst-amo.net.ua:80<\/span>\r\n&lt;Directory \/&gt;\r\n  AllowOverride none\r\n  Require all denied\r\n&lt;\/Directory&gt;\r\n  DocumentRoot \"\/var\/www\/\"\r\n\r\n# Relax access to content within \/var\/www\r\n&lt;Directory \"\/var\/www\"&gt;\r\n  AllowOverride All\r\n  #Allow open access:\r\n  Require all granted\r\n  #Require all denied\r\n&lt;\/Directory&gt;\r\n\r\n# Further relax access to the default document root\r\n&lt;Directory \"\/var\/www\/html\"&gt;\r\n  Options <span style=\"color: #ff0000;\">-Indexes<\/span> <span style=\"color: #ff0000;\">+FollowSymLinks<\/span> \r\n  AllowOverride All\r\n  Require all granted \r\n&lt;\/Directory&gt;\r\n\r\n&lt;Directory \"\/var\/www\/cgi-bin\"&gt;\r\n  AllowOverride None\r\n  Options None\r\n  Require all granted\r\n&lt;\/Directory&gt;\r\n\r\n&lt;IfModule mime_module&gt;\r\n  TypesConfig \/etc\/mime.types\r\n  AddType application\/x-compress .Z\r\n  AddType application\/x-gzip .gz .tgz\r\n  AddType text\/html .shtml\r\n  AddOutputFilter INCLUDES .shtml\r\n&lt;\/IfModule&gt;\r\n\r\n&lt;IfModule dir_module&gt;\r\n  DirectoryIndex <span style=\"color: #ff0000;\">index.php index.html index.htm index.shtml<\/span>\r\n&lt;\/IfModule&gt;\r\n\r\n&lt;Files \".ht*\"&gt;\r\n  Require all denied\r\n&lt;\/Files&gt;\r\n\r\nErrorLog \"logs\/error_log\"\r\nLogLevel warn\r\n\r\n&lt;IfModule log_config_module&gt;\r\n  LogFormat \"%h %l %u %t \\\"%r\\\" %&gt;s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\"\" combined\r\n  LogFormat \"%h %l %u %t \\\"%r\\\" %&gt;s %b\" common\r\n\r\n  &lt;IfModule logio_module&gt;\r\n  # You need to enable mod_logio.c to use %I and %O\r\n  LogFormat \"%h %l %u %t \\\"%r\\\" %&gt;s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\" %I %O\" combinedio\r\n  &lt;\/IfModule&gt;\r\n\r\n  CustomLog \"logs\/access_log\" combined\r\n&lt;\/IfModule&gt;\r\n\r\n&lt;IfModule alias_module&gt; \r\n  ScriptAlias \/cgi-bin\/ \"\/var\/www\/cgi-bin\/\" \r\n&lt;\/IfModule&gt;<\/pre>\n<pre>&lt;IfModule mime_magic_module&gt;\r\n  MIMEMagicFile conf\/magic\r\n&lt;\/IfModule&gt;\r\n\r\nEnableSendfile on\r\nIncludeOptional conf.d\/*.conf<\/pre>\n<p>\u0417\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u043c \u0441\u0430\u0439\u0442 \u043d\u0430 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0435 http<\/p>\n<pre># vi \/etc\/httpd\/conf.d\/aws.conf\r\n\r\n&lt;VirtualHost 0.0.0.0:80&gt;\r\n  ServerName <span style=\"color: #ff0000;\">aws.tst-amo.net.ua<\/span>\r\n  ServerAlias <span style=\"color: #ff0000;\">www.aws.tst-amo.net.ua<\/span>\r\n  ServerAdmin webmaster@localhost\r\n  DocumentRoot \/var\/www\/html\r\n  ErrorLog \/var\/log\/httpd\/error.log\r\n  CustomLog \/var\/log\/httpd\/access.log combined\r\n  <span style=\"color: #ff0000;\">Redirect permanent \/ https:\/\/aws.tst-amo.net.ua\/<\/span>\r\n&lt;\/VirtualHost&gt;<\/pre>\n<h4>PhpMyAdmin<\/h4>\n<pre># wget https:\/\/files.phpmyadmin.net\/phpMyAdmin\/4.9.11\/phpMyAdmin-4.9.11-all-languages.zip<\/pre>\n<p>\u041f\u0440\u0430\u0432\u0438\u043c \u043a\u043e\u043d\u0444\u0438\u0433:<\/p>\n<pre># cp config.sample.inc.php config.inc.php\r\n# vi config.inc.php\r\n$cfg['blowfish_secret'] = '<span style=\"color: #ff0000;\">12345678901234273190123456789012<\/span>'\r\n\/**\r\n* Directories for saving\/loading files from server\r\n*\/\r\n$cfg['TempDir'] = '<span style=\"color: #ff0000;\">\/tmp<\/span>';<\/pre>\n<h4>Certbot<\/h4>\n<pre># yum install certbot \r\n# certbot certonly -n --standalone -m <span style=\"color: #ff0000;\">user@gmail.com<\/span> --agree-tos -d <span style=\"color: #ff0000;\">aws.tst-amo.net.ua<\/span> \r\n# ss -tlpn | grep -E \":(80|443)\" \r\n# systemctl stop httpd \r\n# certbot certonly -n --standalone -m <span style=\"color: #ff0000;\">user@gmail.com<\/span> --agree-tos -d <span style=\"color: #ff0000;\">aws.tst-amo.net.ua<\/span> \r\n# systemctl start httpd<\/pre>\n<p>\u041f\u0440\u043e\u0434\u043b\u0435\u043d\u0438\u0435 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0432:<\/p>\n<pre># vi \/etc\/cron.daily\/certbot-renew\r\n\r\n#!\/bin\/sh\r\nif certbot renew &gt; \/var\/log\/letsencrypt\/renew.log 2&gt;&amp;1 ; then\r\n  \/usr\/sbin\/service httpd reload &gt;&gt; \/var\/log\/letsencrypt\/renew.log\r\nfi\r\n\r\nexit<\/pre>\n<pre># crontab -e\r\n07 02,18 * * * \/etc\/cron.daily\/certbot-renew<\/pre>\n<h4>Apache HTTPS<\/h4>\n<p>\u041f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u043c SSL \u0432 apache, \u0441\u043e\u0437\u0434\u0430\u0435\u043c \u043a\u043e\u043d\u0444 \u0444\u0430\u0439\u043b<\/p>\n<pre># vi \/etc\/httpd\/conf.d\/aws-ssl.conf<\/pre>\n<pre>&lt;VirtualHost 0.0.0.0:443&gt;\r\n  ServerName <span style=\"color: #ff0000;\">aws.tst-amo.net.ua<\/span>\r\n  ServerAlias <span style=\"color: #ff0000;\">www.aws.tst-amo.net.ua<\/span>\r\n  ServerAdmin webmaster@localhost\r\n  DocumentRoot \/var\/www\/html\r\n  ErrorLog \/var\/log\/httpd\/error.log\r\n  CustomLog \/var\/log\/httpd\/access.log combined\r\n  SSLEngine on\r\n  SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1\r\n  SSLCipherSuite \"EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL\r\n  SSLHonorCipherOrder on\r\n  SSLCompression off\r\n  Header always set Strict-Transport-Security \"max-age=15552000; includeSubDomains; preload\"\r\n\r\n  SSLCertificateFile \/etc\/letsencrypt\/live\/aws.tst-amo.net.ua\/cert.pem\r\n  SSLCertificateChainFile \/etc\/letsencrypt\/live\/aws.tst-amo.net.ua\/chain.pem\r\n  SSLCertificateKeyFile \/etc\/letsencrypt\/live\/aws.tst-amo.net.ua\/privkey.pem\r\n&lt;\/VirtualHost&gt;<\/pre>\n<p>\u041f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c \u043d\u0430 \u0441\u0430\u0439\u0442\u0435 <a href=\"https:\/\/www.ssllabs.com\/ssltest\/\">ssllabs.com<\/a> \u0438 \u0440\u0430\u0434\u0443\u0435\u043c\u0441\u044f \u0440\u0435\u0439\u0442\u0438\u043d\u0433\u0443 A+.<\/p>\n<h4>Postfix<\/h4>\n<p>\u0414\u043e\u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u043c \u043d\u0435\u043c\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b\u0439 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c \u0438 \u043a\u043e\u043d\u0441\u043e\u043b\u044c\u043d\u044b\u0439 \u043f\u043e\u0447\u0442\u043e\u0432\u0438\u043a \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438:<\/p>\n<pre># yum install cyrus-sasl-plain \r\n# yum install mailx<\/pre>\n<p>Postfix \u0431\u0443\u0434\u0435\u0442 \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d \u043a\u0430\u043a \u0440\u0435\u043b\u0435\u0439, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f google \u0443\u0447\u0435\u0442\u043a\u0443:<\/p>\n<pre># vi \/etc\/postfix\/<strong>main.cf<\/strong>\r\n\r\nrelayhost = [<span style=\"color: #ff0000;\">smtp.gmail.com<\/span>]:<span style=\"color: #ff0000;\">587<\/span>\r\n\r\n# Enables SASL authentication for postfix\r\nsmtp_sasl_auth_enable = yes\r\n# Disallow methods that allow anonymous authentication smtp_sasl_security_options\r\n= noanonymous\r\n# Location of sasl_passwd we saved\r\nsmtp_sasl_password_maps = hash:\/etc\/postfix\/sasl\/sasl_passwd\r\n# Enable STARTTLS encryption for SMTP\r\nsmtp_tls_security_level = encrypt\r\n# Location of CA certificates for TLS\r\nsmtp_tls_CAfile = \/etc\/ssl\/certs\/ca-bundle.crt\r\nsmtp_sasl_security_options = noanonymous\r\n\r\n# TLS parameters\r\nsmtpd_tls_cert_file=\/etc\/letsencrypt\/live\/<span style=\"color: #ff0000;\">aws.tst-amo.net.ua<\/span>\/fullchain.pem\r\nsmtpd_tls_key_file=\/etc\/letsencrypt\/live\/<span style=\"color: #ff0000;\">aws.tst-amo.net.ua<\/span>\/privkey.pem\r\nsmtp_use_tls=yes\r\n#smtpd_tls_mandatory_protocols=!SSLv2, !SSLv3\r\nsmtpd_tls_session_cache_database = btree:${data_directory}\/smtpd_scache\r\nsmtp_tls_session_cache_database = btree:${data_directory}\/smtp_scache\r\n<\/pre>\n<pre># vi \/etc\/postfix\/<strong>master.cf<\/strong>\r\nsubmission inet n - n - - smtpd<\/pre>\n<pre># vi \/etc\/postfix\/<strong>aliases<\/strong>\r\npostmaster: postmaster@<span style=\"color: #ff0000;\">aws.tst-amo.net.ua<\/span>\r\nroot: no_reply_dataverse@<span style=\"color: #ff0000;\">aws.tst-amo.net.ua<\/span><\/pre>\n<pre># postmap aliases<\/pre>\n<pre># vi \/etc\/<strong>aliases<\/strong>\r\n# Basic system aliases -- these MUST be present.\r\nmailer-daemon: postmaster\r\npostmaster: root\r\nroot: <span style=\"color: #ff0000;\">user@gmail.com<\/span><\/pre>\n<pre># newaliases<\/pre>\n<pre># vi \/etc\/postfix\/sasl\/<strong>sasl_passwd<\/strong>\r\n[<span style=\"color: #ff0000;\">smtp.gmail.com<\/span>]:<span style=\"color: #ff0000;\">587<\/span> <span style=\"color: #ff0000;\">user@mail.com<\/span>:<span style=\"color: #ff0000;\">your_password<\/span><\/pre>\n<pre># postmap \/etc\/postfix\/sasl\/sasl_passwd\r\n# chown root:root \/etc\/postfix\/sasl\/sasl_passwd \/etc\/postfix\/sasl\/sasl_passwd.db\r\n# chmod 600 \/etc\/postfix\/sasl\/sasl_passwd \/etc\/postfix\/sasl\/sasl_passwd.db<\/pre>\n<pre># yum install ca-certificates\r\n# systemctl restart postfix<\/pre>\n<p>\u041f\u0440\u043e\u0432\u0435\u0440\u043a\u0430:<\/p>\n<pre># echo \"Test Postfix Gmail https:\/\/example.com\" | mail -s \"Postfix Gmail\" <span style=\"color: #ff0000;\">to_user@domen.ua<\/span><\/pre>\n<div class=\"pdfprnt-buttons pdfprnt-buttons-post pdfprnt-bottom-right\"><a href=\"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=wpv2posts5705&print=pdf\" class=\"pdfprnt-button pdfprnt-button-pdf\" target=\"_blank\"><img decoding=\"async\" src=\"https:\/\/tst-amo.net.ua\/blog\/wp-content\/plugins\/pdf-print\/images\/pdf.png\" alt=\"image_pdf\" title=\"View PDF\" \/><\/a><a href=\"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=wpv2posts5705&print=print\" class=\"pdfprnt-button pdfprnt-button-print\" target=\"_blank\"><img decoding=\"async\" src=\"https:\/\/tst-amo.net.ua\/blog\/wp-content\/plugins\/pdf-print\/images\/print.png\" alt=\"image_print\" title=\"Print Content\" \/><\/a><\/div>","protected":false},"excerpt":{"rendered":"<p># yum install update Timezone Centos 7 # yum -y install https:\/\/dl.fedoraproject.org\/pub\/epel\/epel-release-latest-7.noarch.rpm # yum -y install https:\/\/rpms.remirepo.net\/enterprise\/remi-release-7.rpm # yum -y install yum-utils # yum-config-manager &#8211;enable remi-php72 # yum update # yum install wget zip unzip # yum install httpd MariaDB # yum install mariadb-server mariadb # mysql_secure_installation And answer to questions in wizard: Switch to &#8230;<\/p>\n<p><a href=\"https:\/\/tst-amo.net.ua\/blog\/?p=5705\" class=\"more-link\">Continue reading &lsquo;LAMP Centos 7 \u043d\u0430 AWS Lightsail&rsquo; &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9,382,48,113,383,47,126,14,100,82,42],"tags":[],"class_list":["post-5705","post","type-post","status-publish","format-standard","hentry","category-apache","category-aws","category-centos","category-letsencrypt","category-lightsail","category-linux","category-mariadb","category-php","category-php-fpm","category-phpmyadmin","category-ssl"],"_links":{"self":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/5705"}],"collection":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5705"}],"version-history":[{"count":37,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/5705\/revisions"}],"predecessor-version":[{"id":5830,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/5705\/revisions\/5830"}],"wp:attachment":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5705"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5705"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5705"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}