sudo dnf install httpd
sudo systemctl start httpd.service
In Rocky Linux/RHEL default group in Apache is user: apache and group apache
On Debian/Ubuntu distro www-data is the user that web servers on Ubuntu (Apache, nginx, for example) use by default for normal operation. The web server process can access any file that www-data can access. It has no other importance.
egrep -i '^user|^group' /etc/httpd/conf/httpd.conf
User apache
Group apache
Add your user spokane to apache group:
usermod -a -G apache spokane`
Set permissions in recursive mode
sudo chown -R apache:apache /var/www
Optionally you can add group named www (or www-data, whatever works for you). To this group I add php daemons, nginx workers etc. It makes life easier with writing to files
Add a user (spokane) to a group
sudo usermod -g www-data spokane
Remove a user (spokane) from a group
sudo gpasswd -d spokane www-data
sudo groupdel www-data
groupdel: cannot remove the primary group of user 'spokane'
Change the primary group of user "spokane" from apache
sudo usermod -g apache spokane
sudo groupdel foobar
You can visit the server DocRoot http://your-ip-here
You should add your website content to the directory /var/www/html/.
To prevent this welcome page from ever being used, follow the instructions in the file /etc/httpd/conf.d/welcome.conf.
In order that any folder created inside should be reachable
chown apache:apache -R /var/www/html
All Apache configuration files are located in the /etc/httpd directory.
The main Apache configuration file is /etc/httpd/conf/httpd.conf.
Configuration files ending with .conf located in the /etc/httpd/conf.d directory are included in main Apache configuration file.
Configuration files that are responsible for loading various Apache modules are located
in the /etc/httpd/conf.modules.d directory.
Apache vhost files must end with .conf and be stored in /etc/httpd/conf.d directory. You can have as many vhosts as you need. Creating a separate configuration file (vhost) for each domain makes the server easier to maintain.
It is a good practice to follow a standard naming convention. For example, if the domain name is mydomain.com then the configuration file should be named mydomain.com.conf
Apache log files (access_log and error_log) are located in the /var/log/httpd/
sudo tail -f /var/log/httpd/error_log
sudo dnf install httpd-tools mod_ssl
Check the available modules
httpd -M
If httpd does not execute php add these lines to httpd.conf
<IfModule dir_module>
DirectoryIndex index.html index.php index.htm
</IfModule>
<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>
https://docs.rockylinux.org/guides/web/apache-sites-enabled/
mkdir -p /etc/httpd/sites-available /etc/httpd/sites-enabled
Add extra configuration files. Add their folder in main conf file: httpd.conf
Load config files in the /etc/httpd/conf.d directory, if any.
IncludeOptional conf.d/*.conf
IncludeOptional sites-enabled/*.conf
Configure mysite.eu.conf
<VirtualHost *:80>
ServerName www.mysite.eu
ServerAlias mysite.eu
DocumentRoot /var/www/html/mysite.eu
<Directory /var/www/html/mysite.eu>
Options -Indexes +FollowSymLinks
AllowOverride All
</Directory>
#ErrorLog /var/www/html/mysite.eu/log/error.log
#CustomLog /var/www/html/mysite.eu/log/requests.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.mysite.eu [OR]
RewriteCond %{SERVER_NAME} =mysite.eu
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.mysite.eu
ServerAlias mysite.eu
DocumentRoot /var/www/html/mysite.eu
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/mysite.eu/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mysite.eu/privkey.pem
</VirtualHost>
</IfModule>
Note!! Before https certificate installation I had to comment out the following lines in mysite.conf:
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.mysite.eu [OR]
RewriteCond %{SERVER_NAME} =mysite.eu
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
In order that https to work you need to generate the https certificate with certbot (Let's Encrypt). Refer below on how to generate it.
Create the symlink
ln -s /etc/httpd/sites-available/mysite.conf /etc/httpd/sites-enabled/
Reload configuration
sudo systemctl reload httpd.service
Use start, stop, reload, restart, status as needed.
Check httpd errors
sudo tail -f /var/log/httpd/error.log
sudo tail -f /var/log/httpd/access.log
sudo dnf install mariadb-server mariadb
sudo systemctl start mariadb
Remove unsecure configuration
sudo mysql_secure_installation
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y
Make a perpetual run
sudo systemctl enable mariadb.service
Reinstall mariadb
sudo apt reinstall mariadb-server
Note:
Could not increase number of max_open_files to more than 1024
Aug 23 19:01:11 steve mysql-prepare-db-dir[1942]: If this is not the case, make sure the /var/lib/mysql is empty before running mysql-prepare-db->
Aug 23 19:01:11 steve mysqld[1980]: 2022-08-23 19:01:11 0 [Note] /usr/libexec/mysqld (mysqld 10.3.28-MariaDB) starting as process 1980 ...
Aug 23 19:01:11 steve mysqld[1980]: 2022-08-23 19:01:11 0 [Warning] Could not increase number of max_open_files to more than 1024 (request: 32183)
Aug 23 19:01:11 steve mysqld[1980]: 2022-08-23 19:01:11 0 [Warning] Changed limits: max_open_files: 1024 max_connections: 151 (was 151) table_c>
Aug 23 19:01:13 steve systemd[1]: mariadb.service: Main process exited, code=exited, status=1/FAILURE
[Warning] Could not increase number of max_open_files to more than 1024 (request: 4183)
Aug 24 16:58:06 steve mysqld[2398]: 2022-08-24 16:58:06 0 [Warning] Changed limits: max_open_files: 1024 max_connections: 151 (was 151)
Disabled
https://dba.stackexchange.com/questions/160099/mariadb-disable-the-gssapi-plugin File /etc/my.cnf.d/auth_gssapi.cnf contains the line
plugin-load-add=auth_gssapi.so Comment it out and restart the service. The server should stop loading the plugin, it will make the errors go away.
EPEL (Extra Packages for Enterprise Linux) is a volunteer-based community effort from the Fedora project to create a repository of high-quality add-on packages that complement the Fedora-based Red Hat Enterprise Linux (RHEL) and its compatible spinoffs, such as CentOS. sudo dnf install epel-release dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm OnCentOS 8 it is recommended to also enable the PowerTools repository since EPEL packages may depend on its packages. dnf config-manager --set-enabled PowerTools
sudo dnf install -y https://rpms.remirepo.net/enterprise/remi-release-8.rpm
dnf module list php
sudo dnf module enable php:remi-7.4 -y
sudo dnf install -y php php-cli php-common
sudo dnf install php php-opcache php-gd php-curl php-mysqlnd
Note for nginx users (LEMP) If you are setting up LEMP stack on RHEL 8, you might want to install php-fpm. https://linuxize.com/post/how-to-install-php-on-centos-8/ dnf install -y php-fpm
FPM is installed as a dependency and used as FastCGI server. Start the FPM service and enable it to automatically start on boot: sudo systemctl enable --now php-fpm FPM (FastCGI Process Manager) is an alternative PHP FastCGI implementation with some additional features (mostly) useful for heavy-loaded sites. Drupal support dnf install -y php-date php-dom php-filter php-gd php-hash php-json php-pcre php-pdo php-session php-simplexml php-spl php-tokenizer php-xml
If installed you can switch the php version sudo dnf module reset php sudo dnf module enable php:remi-7.3
##CHECKPOINT 15': Upgrade php (7.4 to 8.1) Read https://rpms.remirepo.net/wizard/
dnf module reset php dnf module install php:remi-7.4 dnf update
https://computingforgeeks.com/install-and-configure-phpmyadmin-on-rhel-8/
DATA="$(wget https://www.phpmyadmin.net/home_page/version.txt -q -O-)"
URL="$(echo
Configuration
sudo mkdir /etc/phpmyadmin/
mkdir -p /var/lib/phpmyadmin/upload
mkdir -p /var/lib/phpmyadmin/save
mkdir -p /var/lib/phpmyadmin/tmp
chmod a+w /var/lib/phpmyadmin/upload
chmod a+w /var/lib/phpmyadmin/save
chmod a+w /var/lib/phpmyadmin/tmp
sudo cp /usr/share/phpmyadmin/config.sample.inc.php /usr/share/phpmyadmin/config.inc.php
sudo vim /usr/share/phpmyadmin/config.inc.php
$cfg['blowfish_secret'] = 'H2OxcGXxflSd8JwrwVlh6KW6s2rER63i';
Finally add absolute path for both 'upload' and 'save' directories:
$cfg['UploadDir'] = '/var/lib/phpmyadmin/upload';
$cfg['SaveDir'] = '/var/lib/phpmyadmin/save';
$cfg['TempDir'] = '/var/lib/phpmyadmin/tmp';
sudo vim /etc/httpd/conf.d/phpmyadmin.conf
then paste this in it
Apache configuration for phpMyAdmin
Alias /phpMyAdmin /usr/share/phpmyadmin/
Alias /phpmyadmin /usr/share/phpmyadmin/
<Directory /usr/share/phpmyadmin/>
AddDefaultCharset UTF-8
<IfModule mod_authz_core.c>
Apache 2.4
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
Secure it to be accessed only from a speciic IP Currently, this setup is configured to deny access to any connection not being made from the server itself. Since we are working on our server remotely, we need to modify some lines to specify the IP address of your home connection.
Change any lines that read Require ip 127.0.0.1 or Allow from 127.0.0.1 to refer to your home connection’s IP address.
Require ip 127.0.0.1 192.168.0.0/24
sudo apachectl configtest
Syntax OK
Restart httpd service to load new configuration,
sudo systemctl restart httpd
Configure SELinux and Firewall
sudo semanage fcontext -a -t httpd_sys_content_t "/usr/share/phpmyadmin(/.*)?"
sudo restorecon -Rv /usr/share/phpmyadmin
sudo firewall-cmd --add-service=http --permanent
sudo firewall-cmd --reload
http://[ServerIP|Hostname]/phpmyadmin Login with your database credentials.
How to import cp /var/www/html/flowera.sql /var/lib/phpmyadmin/upload/ Now go in phpmyadmin and select Select from the web server upload directory /var/lib/phpmyadmin/upload/:
scp /file/to/send username@remote:/where/to/put
scp username@remote:/file/to/send /where/to/put
scp -R username@remote_1:/file/to/send username@remote_2:/where/to/put
scp -r /path/to/local/files root@<destination_droplet_ip>:/path/on/remote/droplet
Note: you need a registered domain in order to benefit of a self signed certificate
If you don't have get a free one from https://my.freenom.com It is valid for maximum 2 years.
If you don't allow it you'll get an error:
SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty
Allow https in the firewall.
sudo firewall-cmd --zone=public --permanent --add-service=https
sudo firewall-cmd --reload
sudo systemctl restart httpd
Run this command to get a certificate and have Certbot edit your apache configuration automatically to serve it, turning on HTTPS access in a single step.
sudo certbot --apache
If you're feeling more conservative and would like to make the changes to your apache configuration by hand, run this command
sudo certbot certonly --apache
Confirm it by running https://yourwebsite.com/
Upgrading certbot-auto 1.11.0 to 1.18.0...
Replacing certbot-auto...
Your system is not supported by certbot-auto anymore.
certbot-auto and its Certbot installation will no longer receive updates.
You will not receive any bug fixes including those fixing server compatibility
or security problems.
Please visit https://certbot.eff.org/ to check for other alternatives.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: cloudizza.tk
2: www.cloudizza.tk
3: jazio.eu
4: www.jazio.eu
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/jazio.eu.conf)
It contains these names: jazio.eu, www.jazio.eu
You requested these names for the new certificate: cloudizza.tk,
www.cloudizza.tk, jazio.eu, www.jazio.eu.
Do you want to expand and replace this existing certificate with the new
certificate?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(E)xpand/(C)ancel: E
The Certbot packages on your system come with a cron job or systemd timer that will renew your certificates automatically before they expire. You will not need to run Certbot again, unless you change your configuration. You can test automatic renewal for your certificates by running this command:
sudo certbot renew --dry-run
The command to renew certbot is installed in one of the following locations:
/etc/crontab/
/etc/cron.*/*
systemctl list-timers
The default certbot stores all the client certificates under the below-mentioned directories. We are not recommending you delete files manually. In this tutorial, we will discuss deleting unused SSL certificates using the Certbot command line.
sudo certbot delete
sudo certbot delete --cert-name your-site.com
ls /etc/letsencrypt
/etc/letsencrypt/live
/etc/letsencrypt/renewal
/etc/letsencrypt/archive
echo "0 0,12 * * * root python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew -q" | sudo tee -a /etc/crontab > /dev/null
Redirect all http requests to https Create .htaccess in the nextcloud root and paste:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Alternatively you can create a redirect from Virtual Hosts (tough I prefer the solution above)
<VirtualHost *:80>
ServerName www.example.com
Redirect / https://www.example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName www.example.com
... SSL configuration goes here
</VirtualHost>
sudo dnf update
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload
Check VirtualHost Configuration
sudo apachectl -S
VirtualHost configuration:
*:443 is a NameVirtualHost
default server localhost (/etc/httpd/conf.d/ssl.conf:40)
port 443 namevhost localhost (/etc/httpd/conf.d/ssl.conf:40)
port 443 namevhost azio.eu (/etc/httpd/sites-available/jazio.eu-le-ssl.conf:2)
alias www.azio.eu
port 443 namevhost aurafarcas.com (/etc/httpd/sites-available/laurafarcas.com-le-ssl.conf:2)
alias www.aurafarcas.com
port 443 namevhost icroscopiedentara.ro (/etc/httpd/sites-available/microscopiedentara.ro-le-ssl.conf:2)
port 443 namevhost olaramaris.com (/etc/httpd/sites-available/solaramaris.com-le-ssl.conf:2)
alias www.olaramaris.com
port 443 namevhost kerygma.org (/etc/httpd/sites-available/openkerygma.org-le-ssl.conf:2)
alias www.kerygma.org
*:80 is a NameVirtualHost
default server 134.209.192.148 (/etc/httpd/conf/httpd.conf:369)
port 80 namevhost 134.209.192.148 (/etc/httpd/conf/httpd.conf:369)
port 80 namevhost azio.eu (/etc/httpd/sites-enabled/jazio.eu.conf:1)
alias www.azio.eu
port 80 namevhost icroscopiedentara.ro (/etc/httpd/sites-enabled/microscopiedentara.ro.conf:1)
port 80 namevhost kerygma.org (/etc/httpd/sites-enabled/openkerygma.org.conf:1)
alias www.kerygma.org
port 80 namevhost olaramaris.com (/etc/httpd/sites-enabled/solarmaris.com.conf:1)
alias www.olaramaris.com
port 80 namevhost kerygma.org (/etc/httpd/sites-available/openkerygma.org-le-ssl.conf:22)
alias www.kerygma.org
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex authdigest-client: using_defaults
Mutex lua-ivm-shm: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/etc/httpd/run/" mechanism=default
Mutex cache-socache: using_defaults
Mutex authdigest-opaque: using_defaults
PidFile: "/etc/httpd/run/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48
If you have troubles logging in check if you didn't reach the maximum space df-h Delete things then in command line you empty the trashbin sudo -u apache php ./occ trashbin:cleanup --all-users
The website encountered an unexpected error. Please try again later.
Add $config['system.logging']['error_level'] = 'verbose'; right after <?php opening tag.
Failed to start MariaDB 10.3 database server.
Options to search:
(1) {NOTHELP} Try to restart [jazio@steve log]$ sudo systemctl enable mysql Failed to enable unit: Refusing to operate on linked unit file mysql.service
(2) Search for socket
[jazio@steve log]$ sudo find / -type s | grep mysql /var/lib/mysql/mysql.sock
(3) whereis my.cnf my: /etc/my.cnf
ln -s [path to mysqld.sock] /var/run/mysqld/mysqld.sock
No process is using /var/lib/mysql/mysql.sock, which means it is a garbage, so it will be remove
Location of mysqld.service
sudo find / | grep mysqld
/etc/systemd/system/mysqld.service
Create a new file
sudo systemctl edit mariadb.service
Then append the following
[Service]
LimitNOFILE=102400
Save and close the file.
Step 2 - Reload the systemd manager configuration Then reload disk file:
sudo systemctl daemon-reload
Finally restart the mysql service:
sudo systemctl restart mysql
Start MySQL/MariaDB in recovery mode due to InnoDB corruption https://bobbyiliev.com/blog/start-mysql-mariadb-recovery-mode-due-to-innodb-coruption-on-cpanel
You should know this recovery mode makes your databases read only.
vi /etc/my.cnf
innodb_force_recovery=1
The MariaDB/MySQL tools read configuration files in the following order:
- "/etc/mysql/mariadb.cnf" to set global defaults,
- "/etc/mysql/conf.d/*.cnf" to set global options.
- "/etc/mysql/mariadb.conf.d/*.cnf" to set MariaDB-only options.
- "~/.my.cnf" to set user-specific options.
If the same option is defined multiple times, the last one will apply.
log_error = /var/log/mariadb/mariadb.log
[Note] Recovering after a crash using tc.log [ERROR] Can't init tc log [ERROR] Aborting
Description
The error typically indicates the transaction coordinator log is empty, which may be caused by the server not having enough disk space available for writes to complete or MySQL shutting down improperly.
Workaround
Rename the /var/lib/mysql/tc.log file or remove the /var/lib/mysql/tc.log by running the following command in SSH or WHM >> Terminal as root:
mv -vi /var/lib/mysql/tc.log /root
Once complete, run the following script to start MySQL/MariaDB:
/scripts/restartsrv_mysql