Tags:
create new tag
, view all tags
  • Add user boch
    • useradd -m boch
    • passwd boch

  • Install sudo and add boch to sudoers list
    • yum install sudo
    • gpasswd -a boch wheel

  • Install script watchclim and add it to crontab
  • Install htop
    • sudo yum -y install epel-release
    • sudo yum install htop
  • Install JAVA
    • Download Java server JRE from Oracle web site
    • sudo mkdir /opt/java
    • cd /opt/java
    • sudo mv $HOME/server-jre-8u91-linux-x64.tar.gz .
    • sudo tar zxvf server-jre-*.tar.gz
    • sudo alternatives --install /usr/bin/java java /opt/java/jdk1.8.0_91/bin/java 2
    • sudo update-alternatives --config java
    • sudo alternatives --install /usr/bin/javac javac /opt/java/jdk1.8.0_91/bin/javac 2
    • sudo update-alternatives --config javac
    • sudo alternatives --install /usr/bin/jar jar /opt/java/jdk1.8.0_91/bin/jar 2
    • sudo update-alternatives --config jar
    • sudo vim /etc/environement
      • # Add lines
      • export JAVA_HOME=/opt/java/jdk1.8.0_91
      • export JRE_HOME=/opti/java/jdk1.8.0_91/jre
      • export PATH=$PATH:/opt/java/jdk1.8.0_91/bin:/opt/jdk1.8.0_91/jre/bin
  • Install and configure HTTPD and Tomcat
    • sudo yum install httpd
    • sudo yum install tomcat
    • sudo yum install tomcat-admin-webapps.noarch tomcat-docs-webapp.noarch
    • #See tomcat status:
      • sudo systemctl status tomcat
  • # Enable httpd to automatically start after restart
    • sudo systemctl enable tomcat.service
  • #Open port 80 and 8080.
    • # First ensures firewall-cmd service is running
    • sudo systemctl status firewalld
    • # Then do open the port permanently (so it will still be open after reboot)
    • sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
    • sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent
    • sudo firewall-cmd --reload

  • # Enable httpd to automatically start after restart
    • sudo systemctl enable httpd.service
  • # Put my email adress at line 86 of conf file: ServerAdmin thomas.boch@astro.unistra.fr
    • sudo vim /etc/httpd/conf/httpd.conf
  • # Add the following lines (WARNING: replace XXX by the choosen passwd!!)
    • <role rolename="manager-gui"/>
    • <role rolename="manager-script"/>
    • <role rolename="manager-jmx"/>
    • <role rolename="manager-status"/>
    • <role rolename="admin"/>
    • <user username="admin" password="XXX" roles="admin,manager-gui,manager-script,manager-jmx,manager-status"/>
  • # In
    • sudo vim /usr/share/tomcat/conf/tomcat-users.xml
  • # You must restart tomcat so the changes are taken into account
    • sudo systemctl restart tomcat
  • # Now you can connect to http://ncdsportal.u-strasbg.fr:8080/manager with login=admin and passwd= XXX
  • # Install mod_jk so httpd and tomcat can communicate following: http://www.diegoacuna.me/installing-mod_jk-on-apache-httpd-in-centos-6-x7-x/
    • sudo yum install httpd-devel apr apr-devel apr-util apr-util-devel gcc gcc-c++ make autoconf libtool
    • sudo mkdir -p /opt/mod_jk
    • cd /opt/mod_jk
    • # Go to http://tomcat.apache.org/download-connectors.cgi and download the most recent version
    • sudo wget 'http://apache.mindstudios.com/tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.41-src.tar.gz'
    • sudo wget 'https://www.apache.org/dist/tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.41-src.tar.gz.md5'
    • md5sum -c tomcat-connectors-1.2.41-src.tar.gz.md5
    • sudo tar -xvzf tomcat-connectors-1.2.41-src.tar.gz
    • cd tomcat-connectors-1.2.41-src/native
    • sudo ./configure --with-apxs=/usr/bin/apxs
    • sudo make
    • sudo libtool --finish /usr/lib64/httpd/modules
    • sudo make install
  • # Configure mod_jk
    • sudo vim /usr/share/tomcat/conf/server.xml

    • Add line: <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
    • sudo vim /etc/httpd/conf.d/mod_jk.conf
    • # Copy this:
      LoadModule jk_module "/etc/httpd/modules/mod_jk.so"
      JkWorkersFile /etc/httpd/conf/workers.properties
      # Where to put jk shared memory
      JkShmFile /var/run/httpd/mod_jk.shm
      # Where to put jk logs
      JkLogFile /var/log/httpd/mod_jk.log
      # Set the jk log level [debug/error/info]
      JkLogLevel info
      # Select the timestamp log format
      JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
      #JkRequestLogFormat "%w %V %T"
      #JkEnvVar SSL_CLIENT_V_START worker1

    • sudo mkdir -p /var/run/mod_jk
    • sudo chown apache:apache /var/run/mod_jk
    • sudo vim /etc/httpd/conf/worker.properties
      Y copier ceci :
    • ps=/
  • Install Shindig (pour widgets)

Configuration HTTPS

letencrypt

- install :

yum install certbot

- dry run :

certbot certonly  --domain ncdsportal.u-strasbg.fr --webroot --webroot-path /var/www/html

- récupération d'un certificat :

 certbot certonly  --domain ncdsportal.u-strasbg.fr --webroot --webroot-path /var/www/html --email thomas.boch@astro.unistra.fr

--> le certificat a été créé dans /etc/letsencrypt/live/ncdsportal.u-strasbg.fr/ (un répertoire par domaine)

- renouvellement :

certbot renew

--> lance la procédure uniquement si certificat expire dans moins de 30 jours

Config Apache

- install mod_ssl :

yum install mod_ssl

- ouvrir port 443 :

firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --reload

Tester

Ouvrir https://ncdsportal.u-strasbg.fr/ dans un navigateur

Installation ntpd

systemctl stop chronyd
systemctl disable chronyd

yum install ntp
systemctl start ntpd
systemctl enable ntpd

firewall-cmd --add-service=ntp --permanent
firewall-cmd --reload

Vérification :

ntpq -p

Installation fail2ban

yum install fail2ban
systemctl start fail2ban
systemctl enable fail2ban

Installation PHP (pour piwik)

sudo yum install php-pdo php-gd php-xml php-mysql php-mbstring php

Installation MariaDB

Suivre instructions depuis https://downloads.mariadb.org/mariadb/repositories/#mirror=cnrs&distro=CentOS&distro_release=centos7-amd64--centos7&version=10.1

sudo systemctl enable mariadb

sudo systemctl start mariadb

sudo mysql_secure_installation

Installation Tomcat8

Installation cdsclient

wget http://cdsarc.u-strasbg.fr/ftp/pub/sw/cdsclient.tar.gz

tar zxvf ...

cd ...

./configure

make

make install

-- Main.ThomasBoch - 2016-06-14

Topic revision: r7 - 2017-02-07 - ThomasBoch
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback