[M] Rename old readme to server-setup.md
This commit is contained in:
Hykilpikonna
+228
@@ -0,0 +1,228 @@
|
||||
# HyDEV Server Setup
|
||||
Notes about how to setup a Fedora 32 server for HyDEV
|
||||
|
||||
## 1. Wifi Connection for Potato Laptop Servers
|
||||
|
||||
Connect to ethernet first, and then:
|
||||
|
||||
```bash
|
||||
nmcli
|
||||
nmcli d connect <device>
|
||||
```
|
||||
|
||||
Setting up wifi:
|
||||
(If `wpa_supplicant` isn't installed, it would say "unavailable")
|
||||
|
||||
```bash
|
||||
dnf install NetworkManager-tui wpa_supplicant
|
||||
systemctl enable wpa_supplicant
|
||||
reboot
|
||||
```
|
||||
|
||||
And then select the wifi and connect:
|
||||
|
||||
```bash
|
||||
nmtui
|
||||
```
|
||||
|
||||
If you are using 811AC usb wifi adapter too, install the driver:
|
||||
|
||||
```bash
|
||||
dnf install make automake gcc gcc-c++ kernel-devel dkms
|
||||
mkdir drivers
|
||||
cd drivers
|
||||
git clone https://github.com/brektrou/rtl8821CU
|
||||
cd rt18821CU
|
||||
./dkms-install.sh
|
||||
```
|
||||
|
||||
Toggle USB wifi adapter mode: (Find the coresponding device ID eg. `0bda:c811`)
|
||||
|
||||
```bash
|
||||
lsusb
|
||||
sudo usb_modeswitch -KW -v 0bda -p c811
|
||||
reboot
|
||||
nmtui
|
||||
```
|
||||
|
||||
### Laptop Close Lid
|
||||
|
||||
```bash
|
||||
nano /etc/systemd/logind.conf
|
||||
# Add HandleLidSwitch=ignore
|
||||
systemctl restart systemd-logind
|
||||
```
|
||||
|
||||
## 2. Mariadb
|
||||
|
||||
Files: None
|
||||
|
||||
Steps:
|
||||
|
||||
```bash
|
||||
dnf install mariadb mariadb-server
|
||||
sctl enable mariadb
|
||||
sctl start mariadb
|
||||
mysql_secure_installation
|
||||
mysql -p
|
||||
GRANT ALL PRIVILEGES ON *.* TO 'root'@'...ip...' IDENTIFIED BY '...password...' WITH GRANT OPTION;
|
||||
```
|
||||
|
||||
## 3. Nginx
|
||||
|
||||
Files:
|
||||
|
||||
* /etc/nginx/nginx.conf
|
||||
* /etc/nginx/html/*
|
||||
* /etc/letsencrypt/*
|
||||
* /app/hres/*
|
||||
|
||||
Steps:
|
||||
|
||||
```bash
|
||||
dnf install nginx certbot certbot-nginx
|
||||
# And then you copy the config files
|
||||
chron -Rt httpd_sys_content_t /app/
|
||||
```
|
||||
|
||||
## 4. Shadowsocks
|
||||
|
||||
Files:
|
||||
|
||||
`/etc/shadowsocks-libev/hydev.json`:
|
||||
|
||||
```json
|
||||
{
|
||||
"server": "0.0.0.0",
|
||||
"server_port": <Port>,
|
||||
"password": "<Password>",
|
||||
"method": "aes-256-cfb",
|
||||
"mode": "tcp_and_udp"
|
||||
}
|
||||
```
|
||||
|
||||
Steps:
|
||||
|
||||
```bash
|
||||
dnf copr enable librehat/shadowsocks
|
||||
dnf update
|
||||
dnf install shadowsocks-libev
|
||||
# And then you copy the config files
|
||||
sctl enable shadowsocks-libev-server@hydev
|
||||
sctl start shadowsocks-libev-server@hydev
|
||||
```
|
||||
|
||||
## 5. Java Application Servers
|
||||
|
||||
Files:
|
||||
|
||||
* /app/depl/\<application\>
|
||||
* /etc/systemd/system/\<application\>.service
|
||||
|
||||
```ini
|
||||
[Unit]
|
||||
Description=<name>
|
||||
|
||||
[Service]
|
||||
WorkingDirectory=/app/depl/<application>/
|
||||
ExecStart=/bin/bash launch.sh
|
||||
User=jvmapps
|
||||
Type=simple
|
||||
Restart=on-failure
|
||||
RestartSec=5
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
```
|
||||
|
||||
* /app/depl/\<application\>/launch.sh
|
||||
|
||||
```sh
|
||||
/usr/bin/java -cp <application>.jar:./lib/* -Xms1024M -Xmx2048M org.hydev.Main
|
||||
```
|
||||
|
||||
Steps:
|
||||
|
||||
```bash
|
||||
groupadd -r appmgr
|
||||
useradd -r -s /bin/false -g appmgr jvmapps
|
||||
chown -R jvmapps:appmgr /app/depl/<application>/
|
||||
sctl start <application>
|
||||
sctl enable <application>
|
||||
```
|
||||
|
||||
## 6. LAN File Servers (SMB)
|
||||
|
||||
https://www.jianshu.com/p/cc9da3a154a0
|
||||
|
||||
Files:
|
||||
|
||||
* /etc/samba/smb.conf
|
||||
|
||||
```ini
|
||||
[global]
|
||||
workgroup = HYDEV
|
||||
security = user
|
||||
passdb backend = tdbsam
|
||||
|
||||
[data]
|
||||
comment = Shared data
|
||||
path = /mnt/data
|
||||
public = no
|
||||
admin users = admin
|
||||
valid users = @admin smb-user
|
||||
browseable = yes
|
||||
writable = yes
|
||||
create mask = 0777
|
||||
directory mask = 0777
|
||||
force directory mode = 0777
|
||||
force create mode = 0777
|
||||
```
|
||||
|
||||
Steps:
|
||||
|
||||
```bash
|
||||
dnf install samba
|
||||
nano /etc/samba/smb.conf
|
||||
groupadd -r samba
|
||||
useradd -r -s /bin/false -g samba smb-user
|
||||
smbpasswd -a smb-user
|
||||
sctl enable smb nmb
|
||||
sctl start smb nmb
|
||||
```
|
||||
|
||||
Allow smb access with SELinux enabled
|
||||
https://www.lisenet.com/2016/samba-server-on-rhel-7/
|
||||
|
||||
```bash
|
||||
setsebool -P samba_export_all_ro=1 samba_export_all_rw=1
|
||||
semanage fcontext –at samba_share_t "/mnt/data(/.*)?"
|
||||
restorecon -Rv /mnt/data
|
||||
```
|
||||
|
||||
If you are still using an NTFS drive:
|
||||
|
||||
```bash
|
||||
dnf install ntfs-3g fuse
|
||||
modprobe fuse
|
||||
mount -t ntfs-3g /dev/sdb1 /mnt/data
|
||||
nano /etc/fstab
|
||||
# Add line: /dev/sdb1 /mnt/data ntfs-3g defaults 0 0
|
||||
```
|
||||
|
||||
## 7. Firewall (UFW)
|
||||
|
||||
```bash
|
||||
sctl disable firewalld
|
||||
sctl stop firewalld
|
||||
dnf install ufw
|
||||
sctl enable ufw
|
||||
sctl start ufw
|
||||
ufw status
|
||||
```
|
||||
|
||||
Allow all traffic from LAN:
|
||||
|
||||
```bash
|
||||
ufw allow from 192.168.0.0/16
|
||||
```
|
||||
Reference in New Issue
Block a user