#!/bin/sh # Install the packages we need to set up our gliders website + backend. # This file doubles up as notes/instructions. # Installed on a VirtualBox VM with 2gb RAM, 1 CPU, 8gb storage # Based on a clean CentOS 7 minimal x64 installation # (CentOS-7-x86_64-Minimal-1503-01) # All configuration during CentOS install process was left as defaults # Base installation chosen. # One user added: gliders, pw: gliders9876 # As root: yum check-update yum install epel-release # enables 'enterprise' software repo yum update # Install needed tools yum install git rsync wget vim ansible tmux htop iotop dstat lsof telnet # And inotify tools yum install inotify-tools incron # And development tools (needed to compile python libs from pip) yum groupinstall "Development Tools" # Install python libraries yum install python-inotify numpy python-matplotlib python-virtualenv python-pip python-pandas libffi-devel pip install css-html-js-minify pip install bcrypt # Install (& configure) sendmail # This isn't needed yet! But eventually we'd like to have theystem # email people alerts for things (e.go velogs an alarm) yum install sendmail sendmail-cf m4 systemctl enable sendmail # Install & config MariaDB (MySQL) yum install mariadb mariadb-server mariadb-devel mysql_secure_installation # ^ mariadb root pw was set to gliders9876, anon users + test db removed, # remote root login disabled systemctl enable mariadb # Install ElasticSearch # (Used for full-text searching of glider log files) yum install java-1.8.0-openjdk rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch cp elasticsearch.repo /etc/yum/repos.d/ yum check-update yum install elasticsearch systemctl enable elasticsearch # Install SQLAlchemy yum install MySQL-python python-sqlalchemy # Install PHP yum install php php-fpm php-apc php-pdo php-mcrypt php-mbstring php-pecl-runkit cp php.ini /etc/php.ini cp php-d-fpm.ini /etc/php.d/fpm.ini cp php-fpm-www.conf /etc/php-fpm.d/www.conf systemctl enable php-fpm # Install NodeJS, NPM, Bower and some tools for shrinking down # javascript and CSS yum install nodejs npm npm install -g bower npm install -g uglifyjs npm install -g uglifycss # As for the webserver -- either apache or nginx... # nginx is nice and fast, apache gets better support from # CentOS etc. # Haven't tested apache *at all* and have added stuff # to the nginx config that makes the site work correctly # FOR NGINX # Based on https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-centos-7 yum check-update yum install nginx useradd -m gliders gpasswd -a nginx gliders gpasswd -a apache gliders gpasswd -a wheel gliders # let gliders user do sudo? mkdir -p /var/gliders/logs /var/gliders/www/ /var/gliders/www_dev/ chmod -R g+x /home/gliders chown -R gliders:nginx /var/gliders cp nginx.conf /etc/nginx/ cp gliders.nginx.conf /etc/nginx/conf.d/ chown gliders:nginx /etc/nginx/conf.d/gliders.nginx.conf # allow gliders user to edit their nginx config? systemctl enable nginx # Install fail2ban: This is some intrusion detection software # that can help to block people trying to do brute-force # logins etc. yum install fail2ban systemctl enable fail2ban # Allow web through the firewall systemctl enable firewalld systemctl start firewalld firewall-cmd --permanent --zone=public --add-service=ssh firewall-cmd --permanent --zone=public --add-service=http firewall-cmd --permanent --zone=public --add-service=https firewall-cmd --permanent --zone=public --add-service=8080/tcp # port 8080 for dev branch of site firewall-cmd --reload # Set the system timezone to UTC timedatectl set-timezone UTC # And enable NTP, since for some reason it's not on by default.. timedatectl set-ntp true # Install haveged to stop crypto stuff from hanging so much # when it depletes /dev/random..! (The bcrypt library on PHP # has a tendency to do this, which causes the occasional # gateway timeout when registering / changing user passwords # on the website. yum install haveged systemctl enable haveged