Bulk commands to install PHP and MySQL on CentOS 7

From .bash_history, based on tutorial @ https://www.howtoforge.com/tutorial/centos-lamp-server-apache-mysql-php/

sudo rpm –import /etc/pki/rpm-gpg/RPM-GPG-KEY*
sudo yum -y install epel-release
sudo yum -y install mariadb-server mariadb
sudo systemctl start mariadb.service
sudo systemctl enable mariadb.service
sudo mysql_secure_installation

sudo yum -y install httpd
sudo systemctl start httpd.service
sudo systemctl enable httpd.service

sudo systemctl enable firewalld
sudo systemctl start firewalld
sudo systemctl status firewalld
sudo firewall-cmd –permanent –zone=public –add-service=http
sudo firewall-cmd –permanent –zone=public –add-service=https
sudo firewall-cmd –reload

sudo rpm -Uvh http://rpms.remirepo.net/enterprise/remi-release-7.rpm
sudo yum -y install yum-utils
sudo yum update
sudo yum-config-manager –enable remi-php72
sudo yum -y install php php-opcache
sudo systemctl restart httpd.service
sudo yum -y install php-mysqlnd php-pdo
sudo yum -y install php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-soap curl curl-devel
sudo systemctl restart httpd.service

Advertisement

Four year gap? No, had just been self-hosting for a while

I had been self-hosting this site at code.circayou.com for a number of years, and actually forgot about this (free) WordPress.com version until recently. I stopped self-hosting because I wasn’t doing much with the site, and had started saving code-snippets to private gists so didn’t really need to use this format going forward. However, since I’ve re-discovered this site, I’ll probably start bringing in some “classic” posts from the self-hosting days and use this concept to provide exposition to my gists as needed.

(because you care, I can tell)

winhttpcertcfg.exe Example

Tags

cert, windows

Once a client certificate is added to the Local Machine account’s Certificates –> Personal –> Certificates through the MMC Certificates snap-in, you can set permissions for service accounts (like Network Service or IIS AppPool\AppPoolIdentityName) with winhttpcertcfg.exe

winhttpcertcfg.exe -g -c LOCAL_MACHINE\My -s “SomeTextFromTheCertSubject” -a “userAccount”

 

Configure Tomcat 7 to use HTTPS

Tags

Java, Linux Java, tomcat

The following steps were used to configure a Tomcat 7 server listening on port 8081 to use https and forward regular http connections on port 80 to the standard https port 443.

Port forwarding:

sudo iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8081
sudo iptables -t nat -I PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
sudo service iptables save
sudo service iptables restart

Standard port 80 connections will be forwarded to Tomcat at port 8081 and it will decide what to do (Tomcat is told to forward that to port 443 later). Standard port 443 connections are forwarded to port 8443, which is a new connector we will configure in Tomcat’s server.xml file.

Create a keystore and CSR to get an SSL certificate:

Note: ran this in the home directory of the tomcat user

keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore server_name.jks -dname "CN=fqdn-of-server.domain.com,OU=department-value, O=company-name, L=city, ST=state, C=US" && keytool -certreq -alias server -file server_name.csr -keystore server_name.jks && echo Your certificate signing request is in server_name.csr. Your keystore file is server_name.jks. Thanks for using the DigiCert keytool CSR helper.
sudo chown tomcat: server_name.jk

Be sure to update the ownership of the file so that the tomcat user has access.

Once you have your cert…

Import the certificate:

sudo keytool -import -trustcacerts -alias server -file cert-from-CA.p7b -keystore server_name.jks

Update the Tomcat server.xml file:

Updated the existing connector from:
<Connector port=”8081″ protocol=”HTTP/1.1″
connectionTimeout=”20000″
redirectPort=”8444″ />

to:

<Connector port=”8081″ protocol=”HTTP/1.1″
connectionTimeout=”20000″
redirectPort=”443″ />

Created a new connector for the ssl connection:

<Connector port=”8443″ protocol=”HTTP/1.1″ SSLEnabled=”true”
maxThreads=”150″ scheme=”https” secure=”true”
clientAuth=”false” sslProtocol=”TLS”
keystoreFile=”/usr/share/tomcat/servername.jks”
keystorePass=”password-value” />

Update the Tomcat web.xml file:

Add the following before the closing </web-app> tag:

<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Context</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<!– auth-constraint goes here if you requre authentication –>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

Restart Tomcat and hope for the best 🙂

Last, but not least, here’s the site I used to help generate the CSR: https://www.digicert.com/csr-creation.htm

SCP on Mac (and a tool for Windows)

Tags

linux, tools

From http://web.presby.edu/support/Terminal/scp.html :

Downloading a file:

scp username@hostname:pathname/filename .

For example:

$ scp jtbell@web.presby.edu:/Library/WebServer/Documents/support/FireFTP/PopupMenu.jpg .

Don’t forget the space before the final “.”.

Continue reading →

org.apache.jk.common.ChannelSocket processConnection WARNING: processCallbacks status 2

Tags

tomcat

When you run the following error through Google…

org.apache.jk.common.ChannelSocket processConnection
WARNING: processCallbacks status 2

The first result is totally useless, but does point you to the third result, which states…

When using AJP, this problem is caused by a request coming from the httpd (apache) server
to tomcat, but the apache server is stopped from listening for the response from the tomcat
server. Usually this is caused by a user clicking on a new link before tomcat has a chance
to respond (fully), so apache has moved on - but tomcat doesn't know about it.

It can be safely ignored.

Rotating Apache HTTPD log files

Tags

apache, Linux Java

On CentOS and RHEL, take advantage of an automatic, daily cron job that runs logrotate.  This example rotates the default logs and my custom logs using a wildcard in the directory for random vhosts.

In /etc/logrotate.d/httpd:

/var/log/httpd/*log /var/www/html/public/*/*log {
missingok
notifempty
sharedscripts
daily
rotate 7
delaycompress
postrotate
/sbin/service httpd reload > /dev/null 2>/dev/null || true
endscript
}

 

Get Oracle database version

Tags

Oracle

SELECT * FROM V$VERSION

Returns something like this…

Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 – 64bit Production
PL/SQL Release 11.1.0.6.0 – Production
CORE 11.1.0.6.0 Production
TNS for Linux: Version 11.1.0.6.0 – Production
NLSRTL Version 11.1.0.6.0 – Production

Unity3d Editor…things to remember

Tags

Unity3d

• To snap to grid, select the items you’re trying to snap, then Edit > Snap Settings
• For top-down 2d camera, don’t forget to set the camera rotation to X: 90 and Projection: Orthographic (when using the default 3d settings)
• CreatePlane script: http://wiki.unity3d.com/index.php?title=CreatePlane

…because so far I keep forgetting these two things when trying to set up my project…

Battleborn: Best Game Trailer Ever?

Tags

games

Not 100% sure why…maybe the song (My Tears Are Becoming A Sea by M83), certainly the editing with the song, maybe the awesome gentleman robot dude, the cool other character designs, the pull back to shattered space…but this is the best game trailer I’ve seen in ages: