quebec

Owned by Team Baas256 (Unlicensed), created
Last updated: May 19, 2022 by Mike Tango Bravo

Hardware

System: Rocky Linux RockyLinux 8.5 x64

  • Specs

    • 8 GB Memory

    • 4 AMD vCPUs

    • 160 GB Disk

  • Location

    • NYC

Server (hardware bound)

Host Name: rockylinux-s-4vcpu-8gb-amd-nyc3-01

  • IP(s):

    • ipv4: 159.xxx.xxx.184

  • Hardware link

  • Hardware provisioned (100%)

Service: Front-End

  • Name: openvinoapp

  • Static Front-end on Nginx server

    • Install Nginx on Rocky Linux 8

 

How to Install Nginx:

Step 1: Install Nginx on Rocky Linux 8

First, update all the available packages on Rocky Linux.

$ sudo dnf upgrade

Note: dnf update is a deprecated alias.

Now, install Nginx on Rocky Linux.

$ sudo dnf install nginx

Once Nginx is installed, start the Nginx service.

$ sudo systemctl start nginx

If any issues it will display an error message or else no output.

To verify the status of the Nginx service, type:

Now make sure to enable Nginx at the start at boot time.

To check the Nginx version which is installed, type:

Output:

The output shows we have installed Nginx 1.14.1 version. The main configuration file is stored under the directory /etc/nginx and the main config file is /etc/nginx/nginx.conf. The Nginx log files are stored at /var/log/nginx.

Step 2: Setup Firewall

To allow HTTP and HTTPS traffic (when using SSL) on the firewall.

To make the changes effective, reload the firewall service:

You can verify by listing the current firewall settings:

Step 3: Verify the installation

Open a browse and enter server IP or domain name to see the Nginx default page on Rocky Linux.

On Rocky Linux, the default Nginx webpage is located in /usr/share/nginx/html.

Uninstall Nginx

To completely uninstall Nginx on Rocky Linux, type

Then manually delete the Nginx log files.

 

  • Configuration Location

    • /usr/share/nginx/html

  • Default TCP port: 80

 

Encrypt SSL for NGINX on Rocky Linux 8:

Step 1)  Install Certbot

The only step left is to install Let’s Encrypt and secure the Nginx webserver. However, to accomplish this, we need to install certbot. Written in Python and developed by the Electronic Frontier Foundation, Certbot is a fully featured client for the Let’s Encrypt CA. It is run on the webserver and allows you to automatically set up an SSL certificate for your webserver in a single command.

First, install the EPEL repository which provides additional and high-quality packages for RHEL-based distros.

Once installed, install certbot and certbot module for Nginx.

This installs certbot, certbot module for Nginx host of other packages and dependencies.

Step 2)  Install Let’s Encrypt SSL/TLS certificate

Finally, run the certbot client to install the SSL certificate

This takes you through a series of prompts. First, provide the email address that will be used by EFF to send you renewal and security updates. Then accept the Terms of service by pressing ‘Y’. If you desire, you can press ‘Y’ to allows EFF to send you regular updates concerning their efforts in securing the web, news, and campaigns.  Finally, select the domain names to encrypt. In our case, we pressed the ‘ENTER’ button to select all the domain names.

Certbot will fetch the SSL/TLS certificate and deploy it for the domain names specified. This enables HTTPS protocol for your domain, in effect encrypting traffic exchanged with the webserver.

To confirm that HTTPS has been enabled, head back to your browser and reload it. This time around, you will notice a padlock icon at the URL bar – an indication that the site is encrypted.

Click on the icon and then select ‘Certificate’.

This displays the certificate details as provided

 

Step 3) Managing the SSL certificate renewal

Let’s Encrypt certificate is valid for 90 days, however, Let’s encrypt recommends that you renew the certificate every 60 days. Email notifications will be sent to you the last 20 days to expiry with the frequency going up the last 10 days.

You can manually renew the certificate as follows.

Thankfully, you can automate the renewal, by adding a new cron job. So, open the crontab file.

And add the line shown. Save the changes and exit.

That’s all. Thank you for coming this far. We have demonstrated how you can install the Let’s Encrypt SSL certificate for Nginx on Rocky Linux 8.

Server Back-End

  • Name: ydiyoi-api

  • Backend API

  • Setting:

    • pm2 process

 

Install pm2:

Start:

Monitoring:

Microservice:

Act on them:

 

  • Default TCP port: 3000

  • Requires an active DB with the credentials

 

Server Database

  • Database system: Postgresql

Install PostgreSQL 14 on Rocky Linux 8

Step 1: System Update

Before you begin installing PostgreSQL 14 on Rocky Linux 8 | AlmaLinux 8 | CentOS 8, make the following updates to your system:

Reboot your system after the update:

Step 2: Add PostgreSQL Repository on Rocky Linux 8

PostgreSQL server 9.6, 10, 12 and 13 are included in the AppStream components.

We’ll need to add the following official repositories to install PostgreSQL 14 on Rocky Linux 8 | AlmaLinux 8:

Installation output sample:

Step 3: Install PostgreSQL 14 on Rocky Linux 8

Disable the default PostgreSQL module once the repository has been added:

Then install PostgreSQL 14 Server and Client:

Step 4: Initialize and Start PostgreSQL 14 Database Service

Before running the service, you must first initialize the database instance after installing PostgreSQL 14:

This will create the initial data as well as the main configuration file, which will be written to /var/lib/pgsql/14/data/postgresql.conf.

The PostgreSQL 14 database service is enabled and started as follows:

Verify that the PostgreSQL 14 service is up and running:

Step 5: Connect to PostgreSQL 14 Database Locally

here are two methods to connect to a PostgreSQL 14 instance.

Method 1

Using sudo to run the Postgresql command directly.

Method 2

To use this method, you must first switch to the Postgresql user created after installing PostgreSQL 14.

Connect to the instance while you’re here using psql command.

Secure Postgres User

Now that you’re logged in as the postgres user, execute the following command to set a strong password for the default postgres user:

Create Database in PostgreSQL

Connect to PostgreSQL to create a database. When PostgreSQL is installed, a default user named ‘postgres‘ is created. Make a connection with this user first. Create database called testdb.

Create Tables in PostgreSQL

We’ll make a new table called Employees with the columns listed below:

  1. user_id – primary key

  2. username – unique and not null

  3. password – not null

  4. email – unique and not null

  5. created_on – not null

  6. last_login – null

List PostgreSQL Tables:

Delete PostgreSQL Tables:

Step 6: Enable PostgreSQL Remote Access

You can update the configuration and set Listen address to your server IP address or “*” for all interfaces if you have applications that will connect to the server via the network.

PostgreSQL should also be configured to accept remote connections:

You must restart database service after performing the changes:

If you have an active firewalld service, allow port 5432/tcp:

Pass the IP address of your server to the psql command to test database remote connections:

 

  • Setting:

    • DB Scripts

  • Default TCP port: 5432