script
Amazon linux 2
Note: create folder in user in user role
sudo -i
timedatectl list-timezones | grep Asia
timedatectl set-timezone Asia/Ho_Chi_Minh
useradd www
usermod -aG wheel www
passwd www
vi /etc/ssh/sshd_config
PasswordAuthentication yes
service sshd restart
#Note: change to account www, login agian all command run with a user account
su www
cd /home/www
mkdir app
mkdir cms
mkdir cert
mkdir setup
cd setup
sudo yum -y install htop
sudo yum -y install git
#dock#docker optional
sudo yum -y install docker
sudo systemctl start docker
sudo systemctl enable docker
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
docker-compose --version
sudo yum install -y java-1.8.0-openjdk-devel
alternatives --config java
export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.272.b10-1.amzn2.0.1.x86_64/jre/
wget https://downloads.apache.org/maven/maven-3/3.2.5/binaries/apache-maven-3.2.5-bin.zip
unzip apache-maven-3.2.5-bin.zip
export M2_HOME=/home/www/setup/apache-maven-3.2.5
export M2=$M2_HOME/bin
export MAVEN_OPTS=-Xmx512m
export PATH=$M2:$PATH
vi ~/.bashrc
export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.272.b10-1.amzn2.0.1.x86_64/jre/
export M2_HOME=/home/www/setup/apache-maven-3.2.5
export M2=$M2_HOME/bin
export MAVEN_OPTS=-Xmx512m
export PATH=$M2:$PATH
#https://www.jenkins.io/download/
wget https://get.jenkins.io/war/2.283/jenkins.war
vi jenkins.sh
nohup java -jar -Xmx1G jenkins.war &
sh jenkins.sh
cat nohup.out
#https://docs.mongodb.com/manual/tutorial/install-mongodb-on-red-hat/
vi /etc/yum.repos.d/mongodb-org-4.4.repo
[mongodb-org-4.4]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/amazon/2/mongodb-org/4.4/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.4.asc
yum install -y mongodb-org
systemctl start mongod
systemctl enable mongod
#gõ đúng lệnh để có tk admin nhé
# typing correct to get admin account
mongo
use admin
db.createUser(
{
user: "sysadmin",
pwd: "123456",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
use mydb
db.createUser(
{
user: "myusername",
pwd: "123456",
roles: [ { role: "readWrite", db: "mydb" } ]
}
)
#optional create vpn
use vpn
db.createUser(
{
user: "vpn",
pwd: "123456",
roles: [ { role: "readWrite", db: "vpn" } ]
}
)
vi /etc/mongod.conf
#change 127.0.0.1 => 0.0.0.0
security:
authorization: enabled
systemctl restart mongod
#TESTING AGAIN: db.products.insert( { item: "card", qty: 15 } )
#TESTING AGAIN: mongo --port 27017 -u "vpn" -p "123456" --authenticationDatabase "vpn"
sudo amazon-linux-extras install -y nginx1
systemctl start nginx.service
systemctl enable nginx.service
yum install docker
sudo docker run \
--detach \
--privileged \
-e PRITUNL_MONGODB_URI="mongodb://vpn:123456@ip:27017/vpn?authSource=vpn" \
--name vpn \
--restart=always \
-p 8090:80/tcp \
-p 8091:443/tcp \
-p 1194:1194/udp \
-p 1194:1194/tcp \
jippi/pritunl
pritun/pritunl
hoặc sử dụng:
https://github.com/angristan/openvpn-install/tree/master
Fix error: 13 nginx : chmod o+x /home/www/
upstream gateway {
server 127.0.0.1:9090;
}
limit_req_zone $binary_remote_addr zone=basic_zone:50m rate=30r/s;
server {
listen 80;
listen [::]:80;
server_name my.api.com www.my.api.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Proto $scheme;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name my.api.com www.my.api.com;
#root /usr/share/nginx/html;
gzip on;
gzip_min_length 1000;
gzip_types text/plain application/xml text/html text/javascript text/css application/javascript application/json image/svg;
location / {
limit_req zone=basic_zone burst=30 nodelay;
expires 0;
add_header Cache-Control public;
add_header Cache-Control no-store;
add_header Cache-Control no-cache;
deny 37.120.154.86;
proxy_pass http://gateway;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js|woff2|svg)$ {
expires 365d;
proxy_pass http://gateway;
}
#index index.html index.htm;
#location / {
# try_files $uri /index.html;
#}
ssl_certificate "/home/www/cert/server.pem";
ssl_certificate_key "/home/www/cert/server.key";
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 20m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
#ssl_ciphers HIGH:!aNULL:!MD5;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
#ssl_ciphers PROFILE=SYSTEM;
ssl_prefer_server_ciphers on;
underscores_in_headers on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 100M;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}Elastic Search
vi /etc/yum.repos.d/elasticsearch.repo
[elasticsearch]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=0
autorefresh=1
type=rpm-md
sudo yum install --enablerepo=elasticsearch -y elasticsearch
vi /etc/elasticsearch/elasticsearch.yml
xpack.security.enabled: true
vi /etc/sysconfig/elasticsearch
ES_JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.272.b10-1.amzn2.0.1.x86_64/jre/
systemctl restart elasticsearch
systemctl enable elasticsearch
cd /usr/share/elasticsearch/bin
./elasticsearch-setup-passwords interactive
#adduser
./elasticsearch-users useradd username -p password -r watcher_admin,apm_system,viewer,rollup_user,logstash_system,kibana_user,beats_admin,remote_monitoring_agent,rollup_admin,data_frame_transforms_admin,snapshot_user,monitoring_user,enrich_user,kibana_admin,logstash_admin,editor,machine_learning_user,data_frame_transforms_user,machine_learning_admin,watcher_user,apm_user,beats_system,transform_user,reporting_user,kibana_system,transform_admin,remote_monitoring_collector,transport_client,superuser,ingest_admin
Kibana
vi /etc/yum.repos.d/kibana.repo
[kibana-7.x]
name=Kibana repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
sudo yum install -y kibana
vi /etc/kibana/kibana.yml
server.host: "0.0.0.0"
elasticsearch.username: "xxxxx"
elasticsearch.password: "xxxxxxxx"
elasticsearch.ssl.certificateAuthorities: [ "/etc/kibana/certs/http_ca.crt" ]
systemctl restart kibana.service
systemctl enable kibana.service
APM
curl -L -O https://artifacts.elastic.co/downloads/apm-server/apm-server-7.11.1-x86_64.rpm
sudo rpm -vi apm-server-7.11.1-x86_64.rpm
vi /etc/apm-server/apm-server.yml
out.elasticsearch
add pass
systemctl restart apm-server.service
systemctl enable apm-server.service
Last updated