Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

Hardware

System: Rocky Linux RockyLinux 8.5 x64

  • Specs

    • 8 GB Memory

    • 4 AMD vCPUs

    • 160 GB Disk

  • Location

    • NYC

Server (hardware bound)

Host Name: rockylinux-s-4vcpu-8gb-amd-nyc3-01

  • IP(s):

    • ipv4: 159.xxx.xxx.184

  • Hardware link

  • Hardware provisioned (100%)

Service: Front-End

  • Name: openvinoapp

  • Static Front-end on Nginx server

    • Install Nginx on Rocky Linux 8

How to Install Nginx:

Step 1: Install Nginx on Rocky Linux 8

First, update all the available packages on Rocky Linux.

$ sudo dnf upgrade

Note: dnf update is a deprecated alias.

Now, install Nginx on Rocky Linux.

$ sudo dnf install nginx

Once Nginx is installed, start the Nginx service.

$ sudo systemctl start nginx

If any issues it will display an error message or else no output.

To verify the status of the Nginx service, type:

$ sudo systemctl status nginx

Now make sure to enable Nginx at the start at boot time.

$ sudo systemctl enable nginx

To check the Nginx version which is installed, type:

$ nginx -v

Output:

nginx version: nginx/1.14.1

The output shows we have installed Nginx 1.14.1 version. The main configuration file is stored under the directory /etc/nginx and the main config file is /etc/nginx/nginx.conf. The Nginx log files are stored at /var/log/nginx.

Step 2: Setup Firewall

To allow HTTP and HTTPS traffic (when using SSL) on the firewall.

$ sudo firewall-cmd --permanent --zone=public --add-service=http
$ sudo firewall-cmd --permanent --zone=public --add-service=https

To make the changes effective, reload the firewall service:

$ sudo firewall-cmd --reload

You can verify by listing the current firewall settings:

$ sudo firewall-cmd --permanent --list-all

Step 3: Verify the installation

Open a browse and enter server IP or domain name to see the Nginx default page on Rocky Linux.

On Rocky Linux, the default Nginx webpage is located in /usr/share/nginx/html.

Uninstall Nginx

To completely uninstall Nginx on Rocky Linux, type

$ sudo dnf remove nginx

Then manually delete the Nginx log files.

$ sudo rm -rf /var/log/nginx

  • Configuration Location

    • /usr/share/nginx/html

  • Default TCP port: 80

Encrypt SSL for NGINX on Rocky Linux 8:

Step 1)  Install Certbot

The only step left is to install Let’s Encrypt and secure the Nginx webserver. However, to accomplish this, we need to install certbot. Written in Python and developed by the Electronic Frontier Foundation, Certbot is a fully featured client for the Let’s Encrypt CA. It is run on the webserver and allows you to automatically set up an SSL certificate for your webserver in a single command.

First, install the EPEL repository which provides additional and high-quality packages for RHEL-based distros.

$ sudo dnf install -y epel-release

Once installed, install certbot and certbot module for Nginx.

$ sudo dnf install certbot python3-certbot-nginx

This installs certbot, certbot module for Nginx host of other packages and dependencies.

Step 2)  Install Let’s Encrypt SSL/TLS certificate

Finally, run the certbot client to install the SSL certificate

$ sudo certbot --nginx

This takes you through a series of prompts. First, provide the email address that will be used by EFF to send you renewal and security updates. Then accept the Terms of service by pressing ‘Y’. If you desire, you can press ‘Y’ to allows EFF to send you regular updates concerning their efforts in securing the web, news, and campaigns.  Finally, select the domain names to encrypt. In our case, we pressed the ‘ENTER’ button to select all the domain names.

Certbot will fetch the SSL/TLS certificate and deploy it for the domain names specified. This enables HTTPS protocol for your domain, in effect encrypting traffic exchanged with the webserver.

To confirm that HTTPS has been enabled, head back to your browser and reload it. This time around, you will notice a padlock icon at the URL bar – an indication that the site is encrypted.

Click on the icon and then select ‘Certificate’.

This displays the certificate details as provided

Step 3) Managing the SSL certificate renewal

Let’s Encrypt certificate is valid for 90 days, however, Let’s encrypt recommends that you renew the certificate every 60 days. Email notifications will be sent to you the last 20 days to expiry with the frequency going up the last 10 days.

You can manually renew the certificate as follows.

$ sudo certbot renew

Thankfully, you can automate the renewal, by adding a new cron job. So, open the crontab file.

$ crontab -e

And add the line shown. Save the changes and exit.

0 0 * * * /usr/bin/certbot renew > /dev/null 2>&1

That’s all. Thank you for coming this far. We have demonstrated how you can install the Let’s Encrypt SSL certificate for Nginx on Rocky Linux 8.

Server Back-End

  • Name: ydiyoi-api

  • Backend API

  • Setting:

    • pm2 process

Install pm2:

$ npm install pm2 -g

Start:

$ pm2 start API

Monitoring:

pm2 monit

Microservice:

pm2 list

Act on them:

pm2 stop
pm2 restart
pm2 delete

  • Default TCP port: 3000

  • Requires an active DB with the credentials

Server Database

  • Database system: Postgresql

Install PostgreSQL 14 on Rocky Linux 8

Step 1: System Update

Before you begin installing PostgreSQL 14 on Rocky Linux 8 | AlmaLinux 8 | CentOS 8, make the following updates to your system:

sudo dnf update

Reboot your system after the update:

sudo reboot

Step 2: Add PostgreSQL Repository on Rocky Linux 8

PostgreSQL server 9.6, 10, 12 and 13 are included in the AppStream components.

$ dnf module list postgresql
Last metadata expiration check: 1 day, 2:59:37 ago on Tue 26 Oct 2021 08:31:04 AM EDT.
Rocky Linux 8 - AppStream
Name                                     Stream                               Profiles                                         Summary                                                         
postgresql                               9.6                                  client, server [d]                               PostgreSQL server and client module                             
postgresql                               10 [d]                               client, server [d]                               PostgreSQL server and client module                             
postgresql                               12                                   client, server [d]                               PostgreSQL server and client module                             
postgresql                               13                                   client, server [d]                               PostgreSQL server and client module                             

Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled

We’ll need to add the following official repositories to install PostgreSQL 14 on Rocky Linux 8 | AlmaLinux 8:

sudo dnf install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm

Installation output sample:

....
pgdg-redhat-repo-latest.noarch.rpm                                                                                                                             3.1 kB/s |  12 kB     00:03    
Dependencies resolved.
===============================================================================================================================================================================================
 Package                                            Architecture                             Version                                      Repository                                      Size
===============================================================================================================================================================================================
Installing:
 pgdg-redhat-repo                                   noarch                                   42.0-20                                      @commandline                                    12 k

Transaction Summary
===============================================================================================================================================================================================
Install  1 Package

Total size: 12 k
Installed size: 12 k
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                                       1/1 
  Installing       : pgdg-redhat-repo-42.0-20.noarch                                                                                                                                       1/1 
  Verifying        : pgdg-redhat-repo-42.0-20.noarch                                                                                                                                       1/1 
Installed products updated.

Installed:
  pgdg-redhat-repo-42.0-20.noarch                                                                                                                                                              

Complete!

Step 3: Install PostgreSQL 14 on Rocky Linux 8

Disable the default PostgreSQL module once the repository has been added:

sudo dnf -qy module disable postgresql

Then install PostgreSQL 14 Server and Client:

$ sudo dnf install -y postgresql14-server
Last metadata expiration check: 0:05:42 ago on Wed 27 Oct 2021 11:39:42 AM EDT.
Dependencies resolved.
===============================================================================================================================================================================================
 Package                                              Architecture                            Version                                            Repository                               Size
===============================================================================================================================================================================================
Installing:
 postgresql14-server                                  x86_64                                  14.0-1PGDG.rhel8                                   pgdg14                                  5.7 M
Installing dependencies:
 postgresql14                                         x86_64                                  14.0-1PGDG.rhel8                                   pgdg14                                  1.5 M
 postgresql14-libs                                    x86_64                                  14.0-1PGDG.rhel8                                   pgdg14                                  274 k

Transaction Summary
===============================================================================================================================================================================================
Install  3 Packages

Total download size: 7.5 M
Installed size: 31 M

Step 4: Initialize and Start PostgreSQL 14 Database Service

Before running the service, you must first initialize the database instance after installing PostgreSQL 14:

$ sudo /usr/pgsql-14/bin/postgresql-14-setup initdb
Initializing database ... OK

This will create the initial data as well as the main configuration file, which will be written to /var/lib/pgsql/14/data/postgresql.conf.

The PostgreSQL 14 database service is enabled and started as follows:

sudo systemctl enable postgresql-14
sudo systemctl start postgresql-14

Verify that the PostgreSQL 14 service is up and running:

$ systemctl status postgresql-14
● postgresql-14.service - PostgreSQL 14 database server
   Loaded: loaded (/usr/lib/systemd/system/postgresql-14.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2021-10-27 13:06:30 EDT; 1min 11s ago
     Docs: https://www.postgresql.org/docs/14/static/
  Process: 7547 ExecStartPre=/usr/pgsql-14/bin/postgresql-14-check-db-dir ${PGDATA} (code=exited, status=0/SUCCESS)
 Main PID: 7552 (postmaster)
    Tasks: 8 (limit: 23547)
   Memory: 16.7M
   CGroup: /system.slice/postgresql-14.service
           ├─7552 /usr/pgsql-14/bin/postmaster -D /var/lib/pgsql/14/data/
           ├─7554 postgres: logger 
           ├─7556 postgres: checkpointer 
           ├─7557 postgres: background writer 
           ├─7558 postgres: walwriter 
           ├─7559 postgres: autovacuum launcher 
           ├─7560 postgres: stats collector 
           └─7561 postgres: logical replication launcher 

Oct 27 13:06:30 localhost.localdomain systemd[1]: Starting PostgreSQL 14 database server...
Oct 27 13:06:30 localhost.localdomain postmaster[7552]: 2021-10-27 13:06:30.638 EDT [7552] LOG:  redirecting log output to logging collector process
Oct 27 13:06:30 localhost.localdomain postmaster[7552]: 2021-10-27 13:06:30.638 EDT [7552] HINT:  Future log output will appear in directory "log".
Oct 27 13:06:30 localhost.localdomain systemd[1]: Started PostgreSQL 14 database server.

Step 5: Connect to PostgreSQL 14 Database Locally

here are two methods to connect to a PostgreSQL 14 instance.

Method 1

Using sudo to run the Postgresql command directly.

$ sudo -u postgres psql
psql (14.0)
Type "help" for help.

postgres=#

Method 2

To use this method, you must first switch to the Postgresql user created after installing PostgreSQL 14.

$ sudo -i -u postgres
[postgres@localhost ~]$ 

Connect to the instance while you’re here using psql command.

$ psql
psql (14.0)
Type "help" for help.

postgres=#

Secure Postgres User

Now that you’re logged in as the postgres user, execute the following command to set a strong password for the default postgres user:

$ psql -c "alter user postgres with password 'StrongPassword'"
ALTER ROLE

Create Database in PostgreSQL

Connect to PostgreSQL to create a database. When PostgreSQL is installed, a default user named ‘postgres‘ is created. Make a connection with this user first. Create database called testdb.

# CREATE DATABASE testdb;
CREATE DATABASE

Create Tables in PostgreSQL

We’ll make a new table called Employees with the columns listed below:

  1. user_id – primary key

  2. username – unique and not null

  3. password – not null

  4. email – unique and not null

  5. created_on – not null

  6. last_login – null

# CREATE TABLE Employees (
postgres(# user_id serial PRIMARY KEY,
postgres(# username VARCHAR ( 50 ) UNIQUE NOT NULL,
postgres(# password VARCHAR ( 50 ) NOT NULL,
postgres(# email VARCHAR ( 255 ) UNIQUE NOT NULL,
postgres(# created_on TIMESTAMP NOT NULL,
postgres(#         last_login TIMESTAMP 
postgres(# );
CREATE TABLE

List PostgreSQL Tables:

# \dt
           List of relations
 Schema |   Name    | Type  |  Owner   
--------+-----------+-------+----------
 public | employees | table | postgres
(1 row)

Delete PostgreSQL Tables:

# DROP TABLE employees;
DROP TABLE

Step 6: Enable PostgreSQL Remote Access

You can update the configuration and set Listen address to your server IP address or “*” for all interfaces if you have applications that will connect to the server via the network.

$ sudo vim /var/lib/pgsql/14/data/postgresql.conf 
listen_addresses = '192.168.156.53'

PostgreSQL should also be configured to accept remote connections:

$ sudo vim /var/lib/pgsql/14/data/pg_hba.conf
# Accept from anywhere
#host all all 0.0.0.0/0 md5

# Accept from trusted subnet
host all all 192.168.156.0/24 md5

You must restart database service after performing the changes:

sudo systemctl restart postgresql-14

If you have an active firewalld service, allow port 5432/tcp:

sudo firewall-cmd –zone=public –add-port=5432/tcp –permanent
sudo firewall-cmd –reload

Pass the IP address of your server to the psql command to test database remote connections:

$ psql -U <dbuser> -h <serverip> -p 5432 <dbname>

  • Setting:

    • DB Scripts

  • Default TCP port: 5432

  • No labels