Install Nginx for Centos 6

Overview

Nginx is designed for high performance and efficient system resource usage. These may not seem important when you first start out, but as your application scales to thousands of concurrent users, every millisecond of response time and every megabyte of memory starts to count. If your server software isn’t using resources efficiently, you may severely limit the amount of users your server can handle before your app starts feeling slugish.

Another benefit of Nginx is its ease of configuration and use. The configuration files are easy to understand and use plain english. This means less time is used up refining and optimizing the configuration, and more time deploying applications.

Most sites use Nginx as a proxy, serving up static content and then forwarding requests to dynamic content hosted Apache servers. However, recent versions of Nginx are now capable of FastCGI processing, allowing it to host dynamic content powered by PHP, Python, and many others.

Install Nginx

As of the date of this articile, Nginx is not in CentOS’s default repositories. This leaves us with two choices: build it from source or add the Nginx repository to install it using YUM.

Install From Repository

  1. Navigate to /etc/yum.repos.d
  2. Create a repo configuration file for Nginx
    vi nginx.repo
  3. Add the following lines to nginx.conf
    [nginx]
       name=nginx repo
       baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
       gpgcheck=0
       enabled=1
  4. Save changes and exit the text editor.
  5. Install Nginx
    yum install nginx

Install Nginx From Source

  1. Ensure you have the required development packages installed on your system. They will be need to compile the source files.
    yum groupinstall "development tools"
  2. Download the latest version from Nginx’s website uring wget. The latest version at the time of this tutorial is 1.5.8.
    wget http://nginx.org/download/nginx-1.5.8.tar.gz
  3. Untar the downloaded file.
    tar -xvf nginx-1.5.8.tar.gz
  4. Navigate into the new nginx directory
    cd nginx-1.5.8
  5. To enable the rewrite module, install the PCRE development package.
    yum install pcre-devel
  6. To enabled GZip capabilities, install the zlib developement package.
    yum install zlib-devel
  7. Prepare the source files to be compiled on your server.
    ./configure
  8. Compile Nginx from the source files
    make install
  9. Copy the new Nginx binary to /usr/sbin
    cp /usr/local/nginx/sbin/nginx /usr/sbin/nginx
  10. Make the Nginx directory in /etc
    mkdir -p /etc/nginx
  11. Copy the nginx.conf template into /etc/nginx
    cp /usr/local/nginx/conf/nginx.conf /etc/nginx/nginx.conf
  12. Copy the mime.types template into /etc/nginx
    cp /usr/local/gninx/conf/mime.types /etc/nginx
  13. Create the Nginx service account
    useradd --shell /sbin/nologin nginx
  14. Create the Nginx log directory
    mkdir -p /var/log/nginx
  15. Create an Nginx startup script file.
    touch /etc/init.d/nginx
  16. Open the startup script into a text editor and add the following lines
    #!/bin/sh
    #
    # nginx        Startup script for nginx
    #
    # chkconfig: - 85 15
    # processname: nginx
    # config: /etc/nginx/nginx.conf
    # config: /etc/sysconfig/nginx
    # pidfile: /var/run/nginx.pid
    # description: nginx is an HTTP and reverse proxy server
    #
    ### BEGIN INIT INFO
    # Provides: nginx
    # Required-Start: $local_fs $remote_fs $network
    # Required-Stop: $local_fs $remote_fs $network
    # Default-Start: 2 3 4 5
    # Default-Stop: 0 1 6
    # Short-Description: start and stop nginx
    ### END INIT INFO
    
    # Source function library.
    . /etc/rc.d/init.d/functions
    
    if [ -f /etc/sysconfig/nginx ]; then
        . /etc/sysconfig/nginx
    fi
    
    prog=nginx
    nginx=${NGINX-/usr/sbin/nginx}
    conffile=${CONFFILE-/etc/nginx/nginx.conf}
    lockfile=${LOCKFILE-/var/lock/subsys/nginx}
    pidfile=${PIDFILE-/var/run/nginx.pid}
    SLEEPMSEC=100000
    RETVAL=0
    
    start() {
        echo -n $"Starting $prog: "
    
        daemon --pidfile=${pidfile} ${nginx} -c ${conffile}
        RETVAL=$?
        echo
        [ $RETVAL = 0 ] && touch ${lockfile}
        return $RETVAL
    }
    
    stop() {
        echo -n $"Stopping $prog: "
        killproc -p ${pidfile} ${prog}
        RETVAL=$?
        echo
        [ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile}
    }
    
    reload() {
        echo -n $"Reloading $prog: "
        killproc -p ${pidfile} ${prog} -HUP
        RETVAL=$?
        echo
    }
    
    upgrade() {
        oldbinpidfile=${pidfile}.oldbin
    
        configtest -q || return 6
        echo -n $"Staring new master $prog: "
        killproc -p ${pidfile} ${prog} -USR2
        RETVAL=$?
        echo
        /bin/usleep $SLEEPMSEC
        if [ -f ${oldbinpidfile} -a -f ${pidfile} ]; then
            echo -n $"Graceful shutdown of old $prog: "
            killproc -p ${oldbinpidfile} ${prog} -QUIT
            RETVAL=$?
            echo
        else
            echo $"Upgrade failed!"
            return 1
        fi
    }
    
    configtest() {
        if [ "$#" -ne 0 ] ; then
            case "$1" in
                -q)
                    FLAG=$1
                    ;;
                *)
                    ;;
            esac
            shift
        fi
        ${nginx} -t -c ${conffile} $FLAG
        RETVAL=$?
        return $RETVAL
    }
    
    rh_status() {
        status -p ${pidfile} ${nginx}
    }
    
    # See how we were called.
    case "$1" in
        start)
            rh_status >/dev/null 2>&1 && exit 0
            start
            ;;
        stop)
            stop
            ;;
        status)
            rh_status
            RETVAL=$?
            ;;
        restart)
            configtest -q || exit $RETVAL
            stop
            start
            ;;
        upgrade)
            upgrade
            ;;
        condrestart|try-restart)
            if rh_status >/dev/null 2>&1; then
                stop
                start
            fi
            ;;
        force-reload|reload)
            reload
            ;;
        configtest)
            configtest
            ;;
        *)
            echo $"Usage: $prog {start|stop|restart|condrestart|try-restart|force-reload|upgrade|reload|status|help|configtest}"
            RETVAL=2
    esac
    
    exit $RETVAL
  17. Open the Nginx configuration file into a text editor and modify the highlighted areas to match your system..
    user  nginx;
    
    # Set value to number of process cores
    worker_processes  2;
    
    error_log  /var/log/nginx/error.log warn;
    pid        /var/run/nginx.pid;
    
    events {
        worker_connections  1024;
    }
    
    http {
        include       /etc/nginx/mime.types;
        default_type  application/octet-stream;
    
        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for"';
    
        access_log  /var/log/nginx/access.log  main;
    
        sendfile        on;
        #tcp_nopush     on;
    
        keepalive_timeout  65;
    
        gzip  on;
    
        include /etc/nginx/conf.d/*.conf;
    }
  18. Test your install by starting the Nginx daemon
    service nginx start

Configure Nginx

  1. Open the Nginx configuration file
    vi /etc/nginx/nginx.conf
  2. Modify the worker_process value to reflect the number of processor cores installed in the server.
    worker_processes 2
  3. To enable gzip compression, find the following line:
    #gzip on

    And uncomment it

    gzip on
  4. Save changes and exit the text editor.
  5. Restart the Nginx daemon to apply your changes.
    service nginx restart
  6. Configure Nginx to automatically start after reboot.
    chkconfig nginx on

Configure The Default Website

  1. Open the default website configuration file.
    vi /etc/nginx/conf.d/default.conf
  2. To set the listening port, find the following line and modify it’s value:
    listen 80;
  3. Set the DNS hostname of your website by finding the following line and replacing localhost with the name of your server.
    server_name localhost;
  4. The default website root directory is /usr/share/nginx/html. To change it, find the following lines and replace the highlighted value with the desired file path.
    location / { 
         root /usr/share/nginx/html; 
         index index.html index.htm; 
    }
  5. To modify the default index file, add to or replace the values listed next to index.
  6. Save changes and exit the text editor.

Configure Firewall To Allow HTTP Access

  1. Run the following command to allow HTTP access through IPTables.
    iptables -A INPUT -m state --state NEW -P tcp --dport 80 -j ACCEPT
  2. To permanently save the firewall rule, run the following command.
    /sbin/service iptables save

Conclusion

You now have a web server capable of server content very quickly. However, this deployment will only be capable of serving static files, like HTML, Javascript, and CSS. In a future tutorial, I will walk you through configuring Nginx for PHP.

Source: https://www.serverlab.ca/tutorials/linux/web-servers-linux/deploy-nginx-on-centos-6/

Advertisements

,

Leave a comment

Create a service for Python application

Script dosyanızı /home klasörden alıp herkesin ulaşilebileceği /opt klasörüne koymanız faydalı olacaktır.

mkdir /opt/ratinglogger

 

Aşağıdaki gibi service dosyası oluşturun

sudo vi /opt/ratinglogger/ratinglogger.service

 

[Unit]
Description=Rating Logger
After=network.target
[Service]
WorkingDirectory=/opt/ratinglogger
ExecStart=/usr/bin/python /opt/ratinglogger/ratinglogger.py
Type=idle
PIDFile=/var/run/ratinglogger
[Install]
WantedBy=multi-user.target

 

type=idle demek bütün OS servisleri çalıştıktan sonra bizim servis çalışacak demektir.

scriptiniz lokal directory den dosya veya kütüphane okuyorsa WorkingDirectory ile scriptin bulunduğu dizini verin.

servis dosyamızı sisteme tanıtalım.

sudo ln -s /opt/ratinglogger/ratinglogger.service /usr/lib/systemd/system

systemctl nin görmesini sağlayalım

sudo systemctl daemon-reload

servisi enable edelim.

sudo systemctl enable ratinglogger

#servisi başlatalım

sudo systemctl start ratinglogger

#servisi kontrol edelim

sudo systemctl start ratinglogger

â— ratinglogger.service – Rating Logger
Loaded: loaded (/opt/ratinglogger/ratinglogger.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2018-08-10 15:39:47 +03; 13min ago
Main PID: 22375 (python)
CGroup: /system.slice/ratinglogger.service
└─22375 /usr/bin/python /opt/ratinglogger/ratinglogger.py

Aug 10 15:39:47 ppv-app-01 systemd[1]: Started Rating Logger.
Aug 10 15:39:47 ppv-app-01 systemd[1]: Starting Rating Logger…

#Servisi durduralım

sudo systemctl stop ratinglogger

#Logları kontrol edellim

tail -f /var/log/ratinglogger

, ,

Leave a comment

Deploying Python Flask app to AWS Elastic Beans

install eb cli

pip install awsebcli --upgrade --user

eb --version

eb.exe is located c:\users\USER\Appdata\Roaming\Python\Scripts. Make sure you have added this DIR to your PATH

~$ mkdir eb-flask
~$ cd eb-flask
~/eb-flask$ virtualenv virt
~$ source virt/bin/activate
(virt) ~/eb-flask$

(virt)~/eb-flask$ pip install flask==1.0.2

(virt)~/eb-flask$ pip freeze > requirements.txt

create ~/eb-flask/.ebignore

add virt into this file. virt folder will be excluded from bundle.

~/eb-flask$ eb init -p python-3.6 flask-tutorial --region eu-west-1
Application flask-tutorial has been created.

~/eb-flask$ eb init
~/eb-flask$ eb create flask-env

finally. To see what is deployed.
~/eb-flask$ eb open

 

Full Tutorial is available at:

https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create-deploy-python-flask.html

 

, , , ,

Leave a comment

Bluetooth HM-10 module

Connect FTTI cable.

VCC: Red
GND: Black
TXD : White
RXD: Green

Open Arduino IDE->Tools->Serial Monitor

 

hm10terminal

Leave a comment

Bluetooth Hc-06 module

Serial Mode: 9600 8-N-1

AT command works when the module is not paired

hc06terminal

Command list is very limited.

For HC06: On arduino serial monitor type “AT” (without the quotes) and press enter, “OK” will confirm AT mode. Unlike HC05, you can’t see the default name or baud rate. You can only change them. To change name type AT+NAMEDESIRED NAME, notice that there should be no space between the command and name. The module will reply OKyour set name. For example, AT+NAMEPROTOTYPE will set the name to PROTOTYPE. To change baud rate, type AT+BAUDX, where X=1 to 9.

1 set to 1200bps
2 set to 2400bps
3 set to 4800bps
4 set to 9600bps (Default)
5 set to 19200bps
6 set to 38400bps
7 set to 57600bps
8 set to 115200bps
so sending AT+BAUD4 will set the baud rate to 9600.

For Tera Term write down the commands somewhere else and paste it on the console by right clicking. No need of pressing enter. The command will be executed immediately and confirmed.

HC 06 AT commands are limited, all I could find are given here.

AT : check the connection
AT+NAME: Change name. No space between name and command.
AT+BAUD: change baud rate, x is baud rate code, no space between command and code.
AT+PIN: change pin, xxxx is the pin, again, no space.
AT+VERSION

 

 

 

 

 

 

 

 

 

Leave a comment

Selinux config for PHP-FPM on Centos 7

if your nginx on Centos or Redhat gives error like:

“No input files specified”

try first disabling selinux

sudo setenforce 0

$ ls -Z /apps/ppvapp/
drwxr-xr-x. nginx nginx unconfined_u:object_r:default_t:s0 ws

$sudo semanage fcontext -a -t httpd_sys_content_t "/apps/ppvapp(/.*)?"
$sudo restorecon -r /apps/ppvapp

$ls -Z /apps/ppvapp/

drwxr-xr-x. nginx nginx unconfined_u:object_r:httpd_sys_content_t:s0 ws

$sudo setsebool -P httpd_read_user_content 1


$sudo setsebool -P httpd_can_network_connect 1

if you want to connect to mysqldb or another use below setting:
$sudo setsebool -P httpd_can_network_connect_db on


Original Article is here

SELinux context

First I’d recommend installing this handy package for managing SELinux filesystem path contexts and port lists:

yum install policycoreutils-python

Php-fpm process runs as httpd_t (same label as Apache and Nginx) so I’ll use the following labels for filesystem:

  • httpd_sys_content_t for read-only
  • httpd_log_t for append only
  • httpd_sys_rw_content_t for read-write

As SELinux matches rules in order they created the most generic has to be created first. Making the whole application directory read-only:

semanage fcontext -a -t httpd_sys_content_t "/opt/dbut(/.*)?"

Log directory gets httpd_log_t. Functions like fopen() must use mode ‘a’ or file_put_contents() must be flagged with FILE_APPEND.

semanage fcontext -a -t httpd_log_t "/opt/dbut/log(/.*)?"

Session and user_content directories will be read-write.

semanage fcontext -a -t httpd_sys_rw_content_t "/opt/dbut/session(/.*)?"    
semanage fcontext -a -t httpd_sys_rw_content_t "/opt/dbut/document_root/user_content(/.*)?"

In case of oooops. To remove a rule

semanage fcontext -d "/opt/dbut/document_root/user_content(/.*)?"

Finally restore context restorecon the whole directory recursively

restorecon -r /opt/dbut

and ls -Z should say something like this:

[root@burp]# ls -Z /opt/dbut
drwxr-x---. dbut dbut unconfined_u:object_r:httpd_sys_content_t:s0 application
drwxr-xr-x. dbut dbut unconfined_u:object_r:httpd_sys_content_t:s0 document_root
drwxrwx---. dbut dbut unconfined_u:object_r:httpd_log_t:s0 log
drwxrwx---. dbut dbut unconfined_u:object_r:httpd_sys_rw_content_t:s0 session

, ,

Leave a comment

Mysql server installation on Centos 7.4

wget https://dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm
sudo rpm -ivh mysql57-community-release-el7-11.noarch.rpm
sudo yum update
sudo yum install mysql-server
sudo systemctl start mysqld
sudo systemctl enable mysqld

#check root password below:
grep 'temporary password' /var/log/mysqld.log

#change root password and disable remote root login via:

sudo mysql_secure_installation

,

Leave a comment