Skip to content

GitLab

Vous avez reçu un message "Your GitLab account has been locked ..." ? Pas d'inquiétude : lisez cet article https://docs.gricad-pages.univ-grenoble-alpes.fr/help/unlock/

Last edited by Mohamed Saouli
Page history

page6 serveur site web

L'installation du serveur web appelé aussi LAMP ( Linux Apache MySQL PHP) se fera sous une Vm ovh.

Conseil avant de débuter l'installation :

  • Bien désactiver le compte root pour les connexions à distance
  • Mettre en place un Fail to ban afin d'éviter les tentatives de connexion en brut force

Configuration FIREWALL

  • firewall-cmd --zone=public --permanent --add-service=http
  • firewall-cmd --zone=public --permanent --add-service=https
  • firewall-cmd --reload

Installation APACHE

  • Première étape est de mettre à jour notre Os : yum -y update
  • Installation Apache HTTP : yum install httpd
  • On démarre le service : systemctl start httpd.service
  • Afin de vérifier que le service tourne, voici la commande : systemctl status httpd.service
  • Résultat : `● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) Active: active (running) since Fri 2018-10-12 16:17:01 CEST; 2 days ago Docs: man:httpd(8) man:apachectl(8) Process: 12089 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS) Process: 25544 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS) Main PID: 12093 (httpd) Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec" CGroup: /system.slice/httpd.service ├─12093 /usr/sbin/httpd -DFOREGROUND ├─25559 /usr/sbin/httpd -DFOREGROUND ├─25560 /usr/sbin/httpd -DFOREGROUND ├─25561 /usr/sbin/httpd -DFOREGROUND ├─25563 /usr/sbin/httpd -DFOREGROUND ├─25570 /usr/sbin/httpd -DFOREGROUND ├─25714 /usr/sbin/httpd -DFOREGROUND ├─25875 /usr/sbin/httpd -DFOREGROUND ├─25876 /usr/sbin/httpd -DFOREGROUND ├─26196 /usr/sbin/httpd -DFOREGROUND └─26197 /usr/sbin/httpd -DFOREGROUND

Oct 12 16:17:01 vps584938.ovh.net systemd[1]: Starting The Apache HTTP Server... Oct 12 16:17:01 vps584938.ovh.net systemd[1]: Started The Apache HTTP Server. Oct 12 16:56:38 vps584938.ovh.net systemd[1]: Reloaded The Apache HTTP Server. Oct 14 03:14:02 vps584938.ovh.net systemd[1]: Reloaded The Apache HTTP Server. `

  • Activation du service à chaque démarrage : systemctl enable httpd.service

Installation de la Base de donnée Pour la base de donnée nous avons choisie MariaDB dont les fondateurs sont ceux de MySQL.

  • yum install mariadb-server mariadb
  • systemctl start mariadb.service
  • systemctl enable mariadb.service
  • Afin de vérifier que le service tourne, voici la commande : systemctl status mariadb
  • Resultat : `● mariadb.service - MariaDB database server Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled) Active: active (running) since Fri 2018-10-12 14:04:55 CEST; 3 days ago Process: 885 ExecStartPost=/usr/libexec/mariadb-wait-ready $MAINPID (code=exited, status=0/SUCCESS) Process: 842 ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n (code=exited, status=0/SUCCESS) Main PID: 884 (mysqld_safe) CGroup: /system.slice/mariadb.service ├─ 884 /bin/sh /usr/bin/mysqld_safe --basedir=/usr └─1100 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plug...

Oct 12 14:04:53 vps584938.ovh.net systemd[1]: Starting MariaDB database server... Oct 12 14:04:53 vps584938.ovh.net mariadb-prepare-db-dir[842]: Database MariaDB is probably initialized in /v...ne. Oct 12 14:04:53 vps584938.ovh.net mysqld_safe[884]: 181012 14:04:53 mysqld_safe Logging to '/var/log/mariadb...og'. Oct 12 14:04:54 vps584938.ovh.net mysqld_safe[884]: 181012 14:04:54 mysqld_safe Starting mysqld daemon with ...ysql Oct 12 14:04:55 vps584938.ovh.net systemd[1]: Started MariaDB database server. Hint: Some lines were ellipsized, use -l to show in full.`

Sécuriser MySQL

MySQL/MariaDB dispose de l’utilitaire mysql_secure_installation pour assurer la sécurité d’une installation fraîche sur une machine de production. Ce programme permet d’effectuer quelques démarches de sécurisation essentielles.

  • Définir un mot de passe root MySQL (ne pas confondre avec le compte root linux)
  • Supprimer les comptes root MySQL accessibles de l’extérieur.
  • Supprimer les connexions anonymes.
  • Supprimer la base de données de test.

Voici les commandes :

  • mysql_secure_installation

  • `NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

  • In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here.

  • Enter current password for root (enter for none): [Entrée] OK, successfully used password, moving on...

  • Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation.

  • Set root password? [Y/n] y

  • New password: **********

  • Re-enter new password: ********** Password updated successfully! Reloading privilege tables.. ... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment.

  • Remove anonymous users? [Y/n] y ... Success!

Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network.

  • Disallow root login remotely? [Y/n] y ... Success!

By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment.

  • Remove test database and access to it? [Y/n] y
    • Dropping test database... ... Success!
    • Removing privileges on test database... ... Success!

Reloading the privilege tables will ensure that all changes made so far will take effect immediately.

  • Reload privilege tables now? [Y/n] y ... Success!

  • Cleaning up...

All done! If you've completed all of the above steps, your MariaDB installation should now be secure.

Thanks for using MariaDB!`

Connection à MariaDB Dorénavant, il faut se connecter au moniteur MySQL/MariaDB avec le mot de passe que l’on vient de définir un peu plus haut.

  • mysql -u root -p

Installaion PHP

  • yum install epel-release yum-utils -y
  • yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
  • yum-config-manager --enable remi-php72

Installation PHP 7.2 avec les dépendances :

  • yum install php php-common php-opcache php-mcrypt php-cli php-gd php-curl php-mysql -y

Vérification de la version installée :

  • php -v
  • Résultat :
  • php -v PHP 7.2.11 (cli) (built: Oct 10 2018 10:00:29) ( NTS ) Copyright (c) 1997-2018 The PHP Group Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies with Zend OPcache v7.2.11, Copyright (c) 1999-2018, by Zend Technologies

Test à effectuer pour PHP

  • Création du fichier info.php sous /var/www/html

  • Insertion du code suivant :<?php phpinfo(); ?>

  • Afficher la page web de votre site : https://*******/info.php

Attention : Après le test SUPPRIMER le fichier info.php

PhpMyAdmin

Cette installation va nous servir afin de faciliter l'administration de notre base de donnée. Pour commencer installons le repository EPEL

  • rpm -iUvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm Mettre à jour le system
  • yum -y update
  • yum install phpmyadmin

Autoriser notre ip dans le fichier suivant :

  • vi /etc/httpd/conf.d/phpMyAdmin.conf

  • Require ip 127.0.0.1 par Require ip votreadresse

  • Allow from 127.0.0.1 par Allow from votreadresse

Après toute cette installation on redémarre le service httpd : systemctl restart httpd.service

**** Bonne installation !!!****