- Add user boch
- useradd -m boch
- passwd boch
- Install sudo and add boch to sudoers list
- yum install sudo
- gpasswd -a boch wheel
- Install script watchclim and add it to crontab
- Install htop
- sudo yum -y install epel-release
- sudo yum install htop
- Install JAVA
- Download Java server JRE from Oracle web site
- sudo mkdir /opt/java
- cd /opt/java
- sudo mv $HOME/server-jre-8u91-linux-x64.tar.gz .
- sudo tar zxvf server-jre-*.tar.gz
- sudo alternatives --install /usr/bin/java java /opt/java/jdk1.8.0_91/bin/java 2
- sudo update-alternatives --config java
- sudo alternatives --install /usr/bin/javac javac /opt/java/jdk1.8.0_91/bin/javac 2
- sudo update-alternatives --config javac
- sudo alternatives --install /usr/bin/jar jar /opt/java/jdk1.8.0_91/bin/jar 2
- sudo update-alternatives --config jar
- sudo vim /etc/environement
- # Add lines
- export JAVA_HOME=/opt/java/jdk1.8.0_91
- export JRE_HOME=/opti/java/jdk1.8.0_91/jre
- export PATH=$PATH:/opt/java/jdk1.8.0_91/bin:/opt/jdk1.8.0_91/jre/bin
- Install and configure HTTPD and Tomcat
- sudo yum install httpd
- sudo yum install tomcat
- sudo yum install tomcat-admin-webapps.noarch tomcat-docs-webapp.noarch
- #See tomcat status:
- sudo systemctl status tomcat
- # Enable httpd to automatically start after restart
- sudo systemctl enable tomcat.service
- #Open port 80 and 8080.
- # First ensures firewall-cmd service is running
- sudo systemctl status firewalld
- # Then do open the port permanently (so it will still be open after reboot)
- sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
- sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent
- sudo firewall-cmd --reload
-
# Enable httpd to automatically start after restart
-
sudo systemctl enable httpd.service
-
- # Put my email adress at line 86 of conf file: ServerAdmin thomas.boch@astro.unistra.fr
- sudo vim /etc/httpd/conf/httpd.conf
- # Add the following lines (WARNING: replace XXX by the choosen passwd!!)
- <role rolename="manager-gui"/>
- <role rolename="manager-script"/>
- <role rolename="manager-jmx"/>
- <role rolename="manager-status"/>
- <role rolename="admin"/>
- <user username="admin" password="XXX" roles="admin,manager-gui,manager-script,manager-jmx,manager-status"/>
- # In
- sudo vim /usr/share/tomcat/conf/tomcat-users.xml
- # You must restart tomcat so the changes are taken into account
- sudo systemctl restart tomcat
- # Now you can connect to http://ncdsportal.u-strasbg.fr:8080/manager with login=admin and passwd= XXX
- # Install mod_jk so httpd and tomcat can communicate following: http://www.diegoacuna.me/installing-mod_jk-on-apache-httpd-in-centos-6-x7-x/
- sudo yum install httpd-devel apr apr-devel apr-util apr-util-devel gcc gcc-c++ make autoconf libtool
- sudo mkdir -p /opt/mod_jk
- cd /opt/mod_jk
- # Go to http://tomcat.apache.org/download-connectors.cgi and download the most recent version
- sudo wget 'http://apache.mindstudios.com/tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.41-src.tar.gz'
- sudo wget 'https://www.apache.org/dist/tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.41-src.tar.gz.md5'
- md5sum -c tomcat-connectors-1.2.41-src.tar.gz.md5
- sudo tar -xvzf tomcat-connectors-1.2.41-src.tar.gz
- cd tomcat-connectors-1.2.41-src/native
- sudo ./configure --with-apxs=/usr/bin/apxs
- sudo make
- sudo libtool --finish /usr/lib64/httpd/modules
- sudo make install
- # Configure mod_jk
-
sudo vim /usr/share/tomcat/conf/server.xml
- Add line: <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
- sudo vim /etc/httpd/conf.d/mod_jk.conf
-
# Copy this:
LoadModule jk_module "/etc/httpd/modules/mod_jk.so"
JkWorkersFile /etc/httpd/conf/workers.properties
# Where to put jk shared memory
JkShmFile /var/run/httpd/mod_jk.shm
# Where to put jk logs
JkLogFile /var/log/httpd/mod_jk.log
# Set the jk log level [debug/error/info]
JkLogLevel info
# Select the timestamp log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
#JkRequestLogFormat "%w %V %T"
#JkEnvVar SSL_CLIENT_V_START worker1
- sudo mkdir -p /var/run/mod_jk
-
sudo chown apache:apache /var/run/mod_jk
- sudo vim /etc/httpd/conf/worker.properties
Y copier ceci :
- ps=/
- Install Shindig (pour widgets)
Configuration HTTPS
letencrypt
- install :
yum install certbot
- dry run :
certbot certonly --domain ncdsportal.u-strasbg.fr --webroot --webroot-path /var/www/html
- récupération d'un certificat :
certbot certonly --domain ncdsportal.u-strasbg.fr --webroot --webroot-path /var/www/html --email thomas.boch@astro.unistra.fr
--> le certificat a été créé dans
/etc/letsencrypt/live/ncdsportal.u-strasbg.fr/ (un répertoire par domaine)
- renouvellement :
certbot renew
--> lance la procédure uniquement si certificat expire dans moins de 30 jours
Config Apache
- install mod_ssl :
yum install mod_ssl
- ouvrir port 443 :
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --reload
Tester
Ouvrir
https://ncdsportal.u-strasbg.fr/ dans un navigateur
Installation ntpd
systemctl stop chronyd
systemctl disable chronyd
yum install ntp
systemctl start ntpd
systemctl enable ntpd
firewall-cmd --add-service=ntp --permanent
firewall-cmd --reload
Vérification :
ntpq -p
Installation fail2ban
yum install fail2ban
systemctl start fail2ban
systemctl enable fail2ban
Installation PHP (pour piwik)
sudo yum install php-pdo php-gd php-xml php-mysql php-mbstring php
Installation MariaDB
Suivre instructions depuis
https://downloads.mariadb.org/mariadb/repositories/#mirror=cnrs&distro=CentOS&distro_release=centos7-amd64--centos7&version=10.1
sudo systemctl enable mariadb
sudo systemctl start mariadb
sudo mysql_secure_installation
Installation Tomcat8
Installation cdsclient
wget
http://cdsarc.u-strasbg.fr/ftp/pub/sw/cdsclient.tar.gz
tar zxvf ...
cd ...
./configure
make
make install
-- Main.ThomasBoch - 2016-06-14