HykilpikonnaHyDEV Server Setup
Notes about how to setup a Fedora 32 server for HyDEV
1. Wifi Connection for Potato Laptop Servers
Connect to ethernet first, and then:
nmcli
nmcli d connect <device>
Setting up wifi:
(If wpa_supplicant isn't installed, it would say "unavailable")
dnf install NetworkManager-tui wpa_supplicant
systemctl enable wpa_supplicant
reboot
And then select the wifi and connect:
nmtui
If you are using 811AC usb wifi adapter too, install the driver:
dnf install make automake gcc gcc-c++ kernel-devel dkms
mkdir drivers
cd drivers
git clone https://github.com/brektrou/rtl8821CU
cd rt18821CU
./dkms-install.sh
Toggle USB wifi adapter mode: (Find the coresponding device ID eg. 0bda:c811)
lsusb
sudo usb_modeswitch -KW -v 0bda -p c811
reboot
nmtui
Laptop Close Lid
nano /etc/systemd/logind.conf
# Add HandleLidSwitch=ignore
systemctl restart systemd-logind
2. Mariadb
Files: None
Steps:
dnf install mariadb mariadb-server
sctl enable mariadb
sctl start mariadb
mysql_secure_installation
mysql -p
GRANT ALL PRIVILEGES ON *.* TO 'root'@'...ip...' IDENTIFIED BY '...password...' WITH GRANT OPTION;
3. Nginx
Files:
- /etc/nginx/nginx.conf
- /etc/nginx/html/*
- /etc/letsencrypt/*
- /app/hres/*
Steps:
dnf install nginx certbot certbot-nginx
# And then you copy the config files
chron -Rt httpd_sys_content_t /app/
4. Shadowsocks
Files:
/etc/shadowsocks-libev/hydev.json:
{
"server": "0.0.0.0",
"server_port": <Port>,
"password": "<Password>",
"method": "aes-256-cfb",
"mode": "tcp_and_udp"
}
Steps:
dnf copr enable librehat/shadowsocks
dnf update
dnf install shadowsocks-libev
# And then you copy the config files
sctl enable shadowsocks-libev-server@hydev
sctl start shadowsocks-libev-server@hydev
5. Java Application Servers
Files:
- /app/depl/<application>
- /etc/systemd/system/<application>.service
[Unit]
Description=<name>
[Service]
WorkingDirectory=/app/depl/<application>/
ExecStart=/bin/bash launch.sh
User=jvmapps
Type=simple
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
- /app/depl/<application>/launch.sh
/usr/bin/java -cp <application>.jar:./lib/* -Xms1024M -Xmx2048M org.hydev.Main
Steps:
groupadd -r appmgr
useradd -r -s /bin/false -g appmgr jvmapps
chown -R jvmapps:appmgr /app/depl/<application>/
sctl start <application>
sctl enable <application>
6. LAN File Servers (SMB)
https://www.jianshu.com/p/cc9da3a154a0
Files:
- /etc/samba/smb.conf
[global]
workgroup = HYDEV
security = user
passdb backend = tdbsam
[data]
comment = Shared data
path = /mnt/data
public = no
admin users = admin
valid users = @admin smb-user
browseable = yes
writable = yes
create mask = 0777
directory mask = 0777
force directory mode = 0777
force create mode = 0777
Steps:
dnf install samba
nano /etc/samba/smb.conf
groupadd -r samba
useradd -r -s /bin/false -g samba smb-user
smbpasswd -a smb-user
sctl enable smb nmb
sctl start smb nmb
Allow smb access with SELinux enabled
https://www.lisenet.com/2016/samba-server-on-rhel-7/
setsebool -P samba_export_all_ro=1 samba_export_all_rw=1
semanage fcontext –at samba_share_t "/mnt/data(/.*)?"
restorecon -Rv /mnt/data
If you are still using an NTFS drive:
dnf install ntfs-3g fuse
modprobe fuse
mount -t ntfs-3g /dev/sdb1 /mnt/data
nano /etc/fstab
# Add line: /dev/sdb1 /mnt/data ntfs-3g defaults 0 0
7. Firewall (UFW)
sctl disable firewalld
sctl stop firewalld
dnf install ufw
sctl enable ufw
sctl start ufw
ufw status
Allow all traffic from LAN:
ufw allow from 192.168.0.0/16