AWS Amazon Cloud Red Hat 9 WEB Server Build and Configure LNMP Environment Tutorial

After applying for Amazon Cloud, you need to create an EC2 server instance and build a WEB server.

AWS AmazonCloud WEB serverbuild . existAmazon cloudAfter the platform applies for a server, it still needs to configure the Amazon cloud server before it can be put into use.linuxVirtual machine instance, the following takes Red Hat 9 as an example to build a WEB server. Red Hat Red Hat Enterprise Linux 9 supports free plans in AWS Amazon Cloud. There is no additional charge for configuring Red Hat 9 on Amazon Cloud.

AWS Amazon Cloud Linux Red Hat 9 System Initial Configuration

After the Red Hat Enterprise Linux 9 virtual machine instance is enabled, it is still a blank system and all environments need to be configured.

The following is a tutorial on the initial configuration of the Amazon Cloud Linux Red Hat 9 system on January 30, 2023.

Modify server root password and remote login

After the aws ec2 cloud server is created, the default is to use ec2-user The account is logged in, and there is no permission for many folders. needs to be changed to root Super administrator login.

Note: When creating the Linux Red Hat 9 operating system, you need to create a key pair for SSH remote control. When creating the "private key file format", the system defaults to ".PPK". If you use PuTTY for SSH connection, do not use it here. Changed, if you choose the commonly used ".pem" format, you will not be able to SSH to connect to the server.

Reference reading:How to use root account SSH to log in to AWS Amazon Cloud

Install automatic updates with DNF command enabled

Install dnf-automatic

dnf install dnf-automatic

Set dnf-automatic to start at boot.

systemctl start dnf-automatic.timer

If you do not have Red Hat subscription rights, you cannot update the dnf repository in this step.

Install the development tools package group

The development tool software package group contains most of the commonly used commands and tool software under Linux.

dnf group install 'Development Tools' -y

DNF update system package

Update the software packages in the system to the latest version on dnf.

dnf -y update

Configure system virtual memory

The operating system is installed by default without allocating swap space, which needs to be added manually. If the operating system does not configure swapfile (allocate swap space), it will cause an error after memory load.

use free -m Command to view the memory configuration, if the Swap is followed by 0, you need to add swap space.

Swap is followed by all 0, let鈥檚 start to create Swap virtual memory!

Create a file with pre-allocated space of a specified size. Next, set about 8G of hard disk space to use as system virtual memory.

sudo dd if=/dev/zero of=/swapfile bs=1024 count=8388608

The server will be a little slow when it is designated as Swap space, please wait patiently.

After dividing, use the ls command to check the file size.

ls -lh /swapfile

After checking the size, you need to change the permissions of the swap file.

sudo chmod 600 /swapfile

After the operation, format the swapfile.

sudo mkswap /swapfile

Ok, now that the swapfile has been created, let's enable the swapfile.

sudo swapon /swapfile

Finally, modify the fstab file to enable swap to take effect automatically after reboot.

sudo vi /etc/fstab

Use VI to edit /etc/fstab and add the following content at the end of the file.

/swapfile swap swap sw 0 0

Or use the echo command to add.

echo '/swapfile swap swap sw 0 0' | sudo tee -a /etc/fstab

After the settings are completed, reboot the server.

If you want to stop swap, you can use swapoff /swapfile , the command to delete the swap file is rm -ir /swapfile.

Modify server time zone

Change the server time zone to Asia/Shanghai, which can be used later timedatectl command to query the time zone.

sudo timedatectl set-timezone Asia/Shanghai

Disable SELinux

To permanently disable SELinux, modify the SELinux properties to Disabled Then restart the server.

vi /etc/selinux/config

AWS installs Red Hat Chinese language pack

Install the Chinese language pack on Red Hat, and use the dnf command to search for the Chinese language pack.

dnf search langpacks

We can find that the Simplified Chinese installation package on Red Hat is: langpacks-zh_CN.noarch

Install directly through the dnf command:

dnf install langpacks-zh_CN.noarch

Press Y to agree to the installation, and then the installation package will be automatically downloaded for installation.

After the Chinese fonts are installed, modify the system language:

vi /etc/locale.conf

Replace the original content with the following content
LANG="zh_CN.UTF-8"
Finally pass the command:locale -a Command to check zh_CN Has the installation been successful? After that,reboot聽command to restart the server.

Installing the RPM repository on Red Hat 9

Remi's RPM repository. Run the following command to enableepeland the Remi repository:

Enable Remi repository

sudo dnf install epel-release yum-utils
sudo dnf -y install https://rpms.remirepo.net/enterprise/remi-release-9.rpm

聽

Enable EPEL repository

EPEL 9 has officially been released to the public. The installation of the EPEL repository is very simple and can be done by simply running the following command.

sudo dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm

Set up security group firewall

Turn on the firewall:service iptables start

Turn off the firewall:service iptables stop

Default firewall:chkconfig iptables off

The default firewall of RedHat9 is turned off, and there is no need to set it on the server. Next, you need to set up a transparent firewall on the AWS cloud platform. Of course, you can also open the ports you need separately. The transparent firewall is just for testing convenience.

In the security group options of the AWS cloud platform, click to access the corresponding security group where you configured the EC2 server.

We can see that the default open ports are only 22, 80, and 443. The transparent firewall opens all inbound ports.

Click Edit Inbound Rules in the upper right corner, then click Add Rule in Edit Inbound Rules, select the type as all traffic, select any location ipv4 for the source information, and then enter 0.0.0.0/0 for the subsequent IP address.

After clicking Save Rules, the firewall has been set to a transparent firewall and all ports of the server have been opened.

How to register a Red Hat subscription on RHEL 9

After installing the above RPM repository of Remi and EPEL, you can ignore the official repository, here you can choose to register or not.

if you areRHEL 9 If the system has not been registered during installation, you can do so immediately by applying the following command as the root user.

If you are not a Red Hat user, please go firstRed Hat official website registration:https://www.redhat.com/wapps/ugc/register.html

For user registration, please fill in your real email address. After registration, there will be a link to the verification email in your email.activationThen the account will take effect. After the Red Hat user registration is successful, return to Xshell and log in.

subscription-manager register

Amazon cloud configuration LNMP environment

Install LNMP (Nginx/MySQL/PHP)

We don't need to say more about the advantages of using Linux, PHP, and MySQL.

Nginx is a small and efficient web server software under Linux. It was developed by Igor Sysoev for the second most visited site in Russia, Rambler.ru. It has been running on some large Russian websites for many years. At present, many portal websites at home and abroad , Industry websites are also using Nginx, which is quite stable.

Nginx is quite stable, rich in functions, simple to install and configure, and low in system resources

If you are too lazy to manually install the LNMP environment, you can choose to useLNMP one-click installation package, the following content is for learning reference only.

AWS Install PHP

PHP is essential when configuring the cloud server. Most websites are written in PHP language. If PHP is not installed, the server will not be able to perform PHP parsing of the website.

In the remi software repository, the minimum version of PHP is 7.4 and the highest version is 8.2. In the official source of Red Hat, only the stable version of PHP8.1 is provided. If you want to install a lower version of PHP, you can switch to the Remi source for installation.

First check the metadata of AppStream from RHUI (RPMs) on your system.

dnf module list php

Enable the php module in the repository:

dnf module enable php:remi-7.4

After entering Y, the module flow of php7.4 is enabled.

if you wantreset php module flow, you can use the following command:

dnf module reset php

Next, you can install php directly, and start installing PHP7.4 and related dependencies below.

dnf install php php-mysqlnd php-gd

After entering Y, start installing php7.4 and related dependent packages.

php -v

Check whether php is installed correctly.

Missing mb_strlen function, how to install mbstring (mb_strlen)

The mb_strlen function is not installed by default in version php7.2, and you need to use dnf to install it. First search for php-mbstring

dnf search php-mbstring

Install after searching.

dnf install php-mbstring.x86_64

PHP install zip extension

Some web programs require php's ZIP extension. Need to install php-pecl-zip

dnf install php-pecl-zip

After the extension is installed, restart the php service

systemctl restart php-fpm

Configure PHP

After php7.4 is installed, some general configurations are required.

Modify php access permissions. The default access user for php is Apache.APACHEUser, we need to change apache to nginx because we need to use nginx as the web server.

vi /etc/php-fpm.d/www.conf

user = nginx
group = nginx

Both user and group should be changed to nginx. After modification, press esc key, :wq to save and exit the file.

If you cannot create a directory when installing WordPress, make sure that the user group of the directory where the wp file is stored, the user group of nginx and the user group of PHP must be under the same user.

Modify the user access rights of the web file storage directory.

chown -R nginx:nginx /var/www

Modify PHP鈥檚 main program configuration file:

vi /etc/php.ini

cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's previous behavior was to set PATH_TRANSLATED to SCRIPT_FILENAME, rather than grok what PATH_INFO was. For more information on PATH_INFO,See the cgi specification. An environment this of 1 will cause PHP CGI to fix its paths to comply with the specification. A setting of zero causes PHP to behave as before. The default value is 1. You should fix your script to use SCRIPT_FILENAME instead of PATH_TRANSLATED.http://php.net/cgi.fix-pathinfo

cgi.fix_pathinfo = 1 modified to 0

The maximum allowed size for uploaded files.
http://php.net/upload-max-filesize

upload_max_filesize = 2M file upload size, the default value is too small, it is recommended to change it to 1024M

This directive controls whether PHP outputs errors, as well as notes and warnings. Error output is very useful during development, but can be very dangerous in a production environment. Depending on the code which triggers the error, sensitive information may be leaked beyond your application such as database usernames and passwords or worse.
For production environments, we recommend logging errors instead of sending them to stdout.
Possible values:
off = don't show any errors
stderr = show errors to STDERR (only affects CGI/CLI binaries!)
On or stdout = show errors to STDOUT
Default value: on
Development value: up
Production Values: Close
http://php.net/display-errors

display_errors = Off print errors, change to On

The maximum size of POST data that PHP will accept.
Its value may be 0 to disable throttling. POST data reading will be ignored if disabled via enable_post_data_reading.
http://php.net/post-max-size

post_max_size = 8M The maximum value of the form, it is recommended to modify it to 32M

Maximum execution time of each script in seconds
http://php.net/max-execution-time
NOTE: For CLI SAPI, this directive is hardcoded to 0

max_execution_time=30 php script maximum execution time, modified to 300 or higher

Modify session permissions:

For example, modify the user group and permissions of /var/lib/php/session.

cd /var/lib/php chown nginx:nginx ./session chmod -R 777 ./session

PHP has been configured, and the last step is to set up the startup and running services.

systemctl enable php-fpm

systemctl start php-fpm

Commonly used operating commands:

Restart PHP:
systemctl restart php-fpm

Start PHP:
systemctl start php-fpm

Close PHP:
systemctl stop php-fpm

PHP status:
systemctl status php-fpm

PHP version downgrade and upgrade

Some web website programs lack maintenance and have poor compatibility, and only support lower versions of PHP. To meet such web requirements and meet mutual compatibility, the PHP version needs to be downgraded. For example, some PHP programs use SG11 for encryption.

SG11 is the abbreviation of SourceGuardian 11, currently SourceGuardian officialThe version has been updated to SourceGuardian 13. The most important thing is that the files of the two versions are not universal, and the highest version of SG11 for PHP encryption is PHP 7.3. Therefore, when you need to install the SG11 web program, the PHP version cannot be higher than 7.3.

Note: If you want to install a lower version of PHP, such as PHP7.3, you first need to downgrade your software source at the same time. Downgrade remi-release-9.rpm to remi-release-8.rpm because there is no version below PHP7.4 in remi-release-9.rpm.

Remi repository downgrade

sudo dnf install epel-release yum-utils
sudo dnf -y install https://rpms.remirepo.net/enterprise/remi-release-8.rpm

First, you need to stop the PHP-FPM and Nginx services.

systemctl stop php-fpm

systemctl stop nginx

After the service stops, download the /etc/php.ini file and save it locally, otherwise you need to re-modify the php.ini file after downgrading.

If you do not have yum-utils installed, you need to install yum-utils.

yum-utils is a collection of utilities integrated with yum that can extend yum's built-in functions in various ways, making yum more powerful and easier to use.

dnf install yum-utils -y

Uninstall removes PHP installed on the server

dnf remove php*

Install PHP7.3

View the PHP modules that exist in the PHP repository

dnf module list php

Because the module flow was previously enabled with php7.4, if you want to install php7.3, you need to reset the PHP module.

dnf module reset php

Enable php7.3 module stream.

dnf module enable php:7.3

After PHP7.3 module flow is enabled, install PHP7.3 below.

dnf install php php-mysqlnd php-gd

Then use php -v name to check the php version. Has become php7.3.

After php7.3 is installed, overwrite the previously backed up php.ini file to /etc/php.ini, and then modify the user and user group names in the /etc/php-fpm.d/www.conf file to nginx.

vi /etc/php-fpm.d/www.conf

user = nginx
group = nginx

After all the above operations are completed, finally start the php and nginx services.

systemctl start php-fpm

systemctl start nginx

Install PHP7.2

PHP 7.x packages are available in several different repositories. we will use Remi repository, which provides newer versions of various software packages, including PHP.

Check for enabled repositories on the system

sudo yum repolist

Then check out the php modules in the repository.

dnf module list php

To install remi-7.2, you need to reset the php module.

dnf module reset php

After resetting the module, select the module stream for remi-7.2.

dnf module enable php:remi-7.2

Let's start installing php remi-7.2

dnf install php php-common php-opcache php-mcrypt php-cli php-gd php-curl php-mysqlnd

AWS install nginx

Execute the following command to get a list of available nginx module streams.

dnf module list nginx

The system default is nginx version 1.14. If you want to install a higher version, you need to reset the nginx module.

dnf module reset nginx

After resetting the module, we can choose the version we want to install, for example, we want to install version 1.20. You just need to enable version 1.20 of module streaming.

dnf module enable nginx:1.20

Only if module flow is enabled, use the dnf install command to install nginx version 1.20.

dnf install nginx -y

Set up the start of nginx, and the nginx service will run.

systemctl enable nginx

systemctl start nginx

After the installation is complete, use netstat to check the current port occupancy

netstat -lntup

If the command is not found, "-bash: netstat: command not found" also needs to install the network component tool net-tools

dnf install net-tools -y

Through the port view, we can see that port 80 is already occupied by nginx, and the nginx service is installed successfully.

Common commands:
Restart:

systemctl restart nginx

start up:

systemctl start nginx

closure:

systemctl stop nginx

state:

systemctl status nginx

Configure Nginx

Edit the Nginx configuration file nginx.conf. If you want the web website to be accessible normally, you need to edit and modify the Nginx configuration file nginx.conf. nginx.conf is the core configuration file of Nginx. Use VI commands to edit /etc/nginx/nginx.conf.

vi /etc/nginx/nginx.conf

# Configure the user or group user nginx; # The number of processes allowed to be generated, the default is 1 worker_processes auto; # Specify the error log path and level. This setting can be placed in the global block, http block, server block, and the levels are: debug|info|notice|warn|error|crit|alert|emerg. The higher the level, the fewer records. Generally, set error error_log /var/log /nginx/error.log error; # Specifies the nginx process running file storage address pid /var/run/nginx.pid; # loads dynamic modules include /usr/share/nginx/modules/*.conf; # working mode and number of connections Upper limit - events global settings events { # The maximum number of connections allowed by a single work process, the default is 512 worker_connections 1024; } #http server configuration file block http { # file extension and file type mapping table. Set the mime type (email support type), the type is defined by the mime.types file. include /etc/nginx/mime.types; # default file type, default is text/plain default_type application/octet-stream; # custom log format log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_refer er " ' '"$http_user_agent" "$http_x_forwarded_for"'; # sets the access log path and format. combined is the default value of the log format. access_log /var/log/nginx/access.log main; # allows file transfer in sendfile mode, the default is off, and can be in the http block, server block, and location block. sendfile on; #tcp_nopush on; # connection timeout, the default is 75s, can be in http, server, location blocks. keepalive_timeout 65; #gzip compression switch, on turns on Gzip compression, default off turns off gzip on; # enables gzip compression on the smallest file, files smaller than the set value will not be compressed gzip_min_length 10k; #gzip compression level, 1-9, the larger the number, the greater the compression The better, the more CPU time it takes up. gzip_comp_level 6; # Set the buffer size required for compression gzip_buffers 32 4k; # Set the HTTP protocol version for gzip compression. If there is no load, you can not use gzip_http_version 1.1; # The file type for compression . JavaScript comes in many forms. The values can be found in the mime.types file. gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png application/vnd.ms-fontobject font/ttf font/opentype font/x-woff image/svg+xml; # Whether to add Vary: Accept-Encoding in the http header, it is recommended to turn on gzip_vary on; # loads the modular configuration file from the /etc/nginx/conf.d directory. include /etc/nginx/conf.d/*.conf; }

The above is a relatively simple basic configuration of Nginx, and the server website configuration is stored in the /etc/nginx/conf.d/ directory.

Edit the Server website configuration below, which is used for the Server website configuration in the production environment.

# domain name port 301 redirect https server { server_name www.uzvod.com; # The domain name of the website can be multiple, separated by spaces return 301 http://uzvod.com$request_uri; } # early configuration nginx does not yet have an SSL certificate. 301 redirect to the root domain name. # website configuration core block server { server_name uzvod.com; root /var/www/uzvod; index index.php index.html index.htm; location ~* ^/(upload|vendor|thinkphp|extend|addons|application)/ .*.(php|php5)$ { deny all; } include /etc/nginx/default.d/*.conf; # Load the configuration file of the default server block from /etc/nginx/default.d. # pseudo-static page location / { if (!-e $request_filename) { rewrite ^/index.php(.*)$ /index.php?s=$1 last; rewrite ^/admin.php(.*)$ /admin. php?s=$1 last; rewrite ^/api.php(.*)$ /api.php?s=$1 last; rewrite ^(.*)$ /index.php?s=$1 last; break; } } }

After adding the configuration, restart the nginx service

systemctl restart nginx

Create a new test page index.php, copy the following content in the file, this is a PHP probe file.

Reconfigure permissions for the directory

chown -R nginx:nginx /var/www

After accessing the domain name, the website can be successfully opened, and you need to apply for an ssl domain name certificate online. Then configure the domain name certificate in nginx.

Through the following certificate robot, you have successfully applied for the ssl domain name certificate. Next, modify the configuration file of the Server in Nginx.

# domain name port 301 redirect https server { listen 80; listen [::]:80; server_name www.uzvod.com uzvod.com; # The domain name of the website can be multiple, separated by spaces return 301 https://uzvod .com$request_uri; ssl_certificate /etc/letsencrypt/live/uzvod.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/uzvod.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options -ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } # website configuration core block server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name uzvod.com; root /var/www/uzvod; index index.php index.html index.htm; http2_push_preload on; # Enable HTTP/2 Server Push ssl_certificate /etc/letsencrypt/live/uzvod.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/uzvod.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl- dhparams.pem; # managed by Certbot # Enable TLS versions (TLSv1.3 is required upcoming HTTP/3 QUIC). # Enable TLSv1.3's 0-RTT. Use $ssl_early_data when reverse proxying to # prevent replay attacks. # # @see: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data ssl_early_data on; ssl_session_cache shared:SSL:50m; # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) add_header Sstrict-Transport-Security max-age =31536000; # OCSP Stapling --- # fetch OCSP records from URL in ssl_certificate and cache them ssl_stapling on; ssl_stapling_verify on; include /etc/nginx/default.d/*.conf; # fetch OCSP records from /etc/nginx/default.d Loads the configuration file for the default server block. location ~* ^/(upload|vendor|thinkphp|extend|addons|application)/.*.(php|php5)$ { deny all; } # pseudo-static page location / { if (!-e $request_filename) { rewrite ^/index.php(.*)$ /index.php?s=$1 last; rewrite ^/admin.php(.*)$ /admin.php?s=$1 last; rewrite ^/api.php(.* )$ /api.php?s=$1 last; rewrite ^(.*)$ /index.php?s=$1 last; break; } } # reverse proxy location /chat886 { proxy_redirect off; proxy_pass http://127.0 .0.1:12345; proxy_http_version 1.1; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # Config for 0-RTT in TLSv1.3 proxy_set_header Early -Data $ssl_early_data; } }

After adding the configuration, restart the nginx service

systemctl restart nginx

Note: After Nginx is configured successfully, use the following Certbot to generate an ssl domain name certificate, and do not configure SSL access rules in Nginx.

Nginx generates SSL domain name certificate through Certbot

Certbot is a free, open-source software tool for automatically using Let's Encrypt certificates to enable HTTPS on manually managed websites.
Certbot was developed by the Electronic Frontier Foundation (EFF), a 501(c)3 nonprofit organization based in San Francisco, CA that defends digital privacy, free speech, and innovation.

After Nginx is configured, you can use the ssl domain name certificate robot Certbot Growth City ssl domain name certificate. Please refer to the specific installation method:

Reference reading:Free SSL certificate robot: Certbot quickly applies for automatic renewal of https domain name certificates

AWS install MySQL

Get the mysql module

dnf module list mysql

MySQL8.0 is the only version on the server, install MySQL8.0 below

dnf install @mysql

The installation using dnf install mysql and dnf install @mysql is different, and there will be more @mysql installation packages.

After the installation is complete, set MySQL to start

systemctl enable --now mysqld

Then check to see if MySQL is running properly.

systemctl status mysqld

The green light is normal, the red light is faulty, and MySQL is running normally.

Add password and security settings

run mysql_secure_installation script that performs some security-related operations and sets the MySQL root password.

sudo mysql_secure_installation

After the script runs, you will be asked whether to configure the VALIDATE PASSWORD component (verify password component), select Y for this step.

Select the password verification policy level and select 0 (low).
Set the MySQL password. Enter the password you need to set here twice.
Are you sure you want to continue using the password provided? Enter Y.
Remove anonymous user? Enter Y.
Allow root remote login? Enter N.
Remove test database? Enter Y.
Reload permission table? Enter Y.

Configure Mysql remote login. If you need to set up remote login with the root account, repeat the above steps and set to Y in the step of allowing root remote login. If you do not need to configure Mysql remote login for the time being, this paragraph can be ignored.

After MySQL is initialized, you need to log in to MySQL for verification.
Log in using the following command and enter your password:

mysql -u root -p

If there are no exceptions when logging in and the mysql> console can be displayed, the configuration and installation have been successful.

You can create a new user on the MySQL console, or use the MySQL management tool to create a new user or database.

How to Create a New User in the MySQL Console

Create a new user for remote login
Fill in your user name in the UserName field, fill in the IP in the Host field, such as 8.8.8.8, which means that the user can only log in on the IP 8.8.8.8. If there is no restriction on IP login, fill in % in the Host field, and fill in your password in the Password field.

create user 'UserName'@'Host' identified by 'Password';

Grant permissions to the newly created user, where the UserName and Host are the same as the user created in the previous step.

grant all privileges on *.* to 'UserName'@'Host' with grant option;

Just test whether remote login is available, just in case, here is the MySQL statement to change the password:

alter user 'root'@'localhost' identified by 'Password';

At this point, MySQL has been installed. If you have additional requirements for the configuration file, please change it. /etc/my.cnf configuration file in .

After the above settings are completed, restart the MySQL service.

systemctl restart mysqld

MySQL common commands

StartMySQL

systemctl start mysqld

Restart MySQL

systemctl restart mysqld

Stop MySQL

systemctl stop mysqld

View MySQL status

systemctl status mysqld

AWS Install phpMyAdmin

phpMyAdmin is aPHPFree software tool written to process over the webMySQL management.phpMyAdmin supports extensive operations on MySQL and MariaDB. Common operations (managing databases, tables, columns, relationships, indexes, users, permissions, etc.) can be performed through the user interface, while you can still execute any SQL statement directly.

phpMyAdmin is a MySQL management tool, phpMyAdmin website:https://www.phpmyadmin.net/

Install wget download command.

dnf install wget

Download the latest version of phpMyAdmin-5.1.3, and pay attention to downloading the compressed package in tar.gz format.

wget https://files.phpmyadmin.net/phpMyAdmin/5.2.0/phpMyAdmin-5.2.0-all-languages.tar.gz

Unzip the phpMyAdmin-5.1.3 file.

tar -zxvf phpMyAdmin-5.2.0-all-languages.tar.gz

Rename the folder to a name you can define later. The default here is changed to phpMyAdmin.

mv phpMyAdmin-5.2.0-all-languages phpMyAdmin

Move the files to the web storage directory.

mv phpMyAdmin /home/www

Note that if you have not installed the php-mysqlnd extension before, you also need to install the php-mysqlnd extension.

dnf install php-mysqlnd

Configure phpMyAdmin

Enter the libraries directory under the phpMyAdmin directory and edit the config.default.php file with VI

cd /var/www/phpMyAdmin/libraries

viconfig.default.php

Change the localhost after host to 127.0.0.1. Be careful not to use the small keyboard to enter numbers.

Will$cfg['Servers'][$i]['host'] = 'localhost';Change to$cfg['Servers'][$i]['host'] = '127.0.0.1';
$cfg['Servers'][$i]['user'] = 'root';
$cfg['Servers'][$i]['password'] = 'mysql password';
Will$cfg['blowfish_secret'] = "; Change to $cfg['blowfish_secret'] = '123456********';

Note: '123456*******' is an arbitrary password longer than 32 characters.
Save and exit after modification, :qw
back to

In the main directory of phpMyAdmin, place the configuration file config.sample.inc.php Change name.

cd /var/www/phpMyAdmin/

mv config.sample.inc.php config.inc.php

VI edit the configuration file config.inc.php.

viconfig.inc.php

Change the short password used by phpMyAdmin for cookies.
$cfg['blowfish_secret'] = "; Change to $cfg['blowfish_secret'] = '123456********';

Note: '123456*******' is any password character greater than 32 characters.
This password is used to encrypt cookies to avoid confusion when cookies are shared by multiple PhpMyAdmin or other programs.

After the short password is repaired, modify the host option and change $cfg['Servers'][$i]['host'] = 'localhost'; Change to $cfg['Servers'][$i]['host'] = '127.0.0.1';

Modify the user group and permissions of the session path (such as /var/lib/php/session), and then go to the corresponding session path.

cd /var/lib/php

chown nginx:nginx ./session

chmod -R 777 ./session

Create a new tmp folder in the phpmyadmin directory with permissions set to 777

mkdir /var/www/phpMyAdmin/tmp

chmod -R 777 /var/www/phpMyAdmin/tmp

Finally, modify the user access permissions of the directory where the phpMyAdmin file is stored.

chown -R nginx:nginx /var/www

Solve the problem that advanced functions in phpMyAdmin have not been fully set up and some functions are not activated.
This can be solved by clicking to create an empty database of phpmyadmin in phpMyAdmin. Finally, after configuring the access path of phpMyAdmin in Nginx, you can access it normally.

mysqli::real_connect(): (HY000/1045): Access denied for user 'root'@'localhost' (using password: YES)

MySQL password entered incorrectly

Amazon Cloud Installation WordPress

Start by downloading the latest version of WordPress.

wget https://cn.wordpress.org/latest-zh_CN.tar.gz

Unzip the file after downloading.
tar -xzvf latest-zh_CN.tar.gz

Move the folder to the website directory
mv wordpress /var/www

cd /var/wwwroot

Rename the wp-config-sample.php file
cp wp-config-sample.php wp-config.php

Modify website configuration file:
vi wp-config.php

The name of the WordPress database: define( 'DB_NAME', 'WordPress' );
MySQL database user name: define('DB_USER', 'root');
MySQL database password: define( 'DB_PASSWORD', 'mysql password' );
MySQL host: define('DB_HOST', '127.0.0.1');
Default text encoding when creating a data table: define('DB_CHARSET', 'utf8');
Add the following code at the end of the file:
if(is_admin()) {add_filter('filesystem_method', create_function('$a', 'return "direct";' ));define( 'FS_CHMOD_DIR', 0751 );}

After modifying the configuration file, add user permissions again!

chown -R nginx:nginx /var/www

In the nginx configuration file, add the following code for pseudo-staticplug-inInstall:

server { listen 80; listen [::]:80; listen 443 ssl http2; server_name www.uzbox.tk; # Your domain name return 301 https://uzbox.tk$request_uri; # Redirect www domain name 301 to uzbox.tk } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name uzbox.tk; root /home/wwwroot; ssl_certificate "/home/ssl/fullchain.cer"; ssl_certificate_key "/home/ssl/uzbox. tk.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256 :TLS13-AES-128 -GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA +AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5; ssl_prefer_server_ciphers on; # Config for 0-RTT in TLSv1. 3 ssl_early_data on; ssl_stapling on; ssl_stapling_verify on; add_header Strict-Transport-Security "max-age=31536000"; location / { index index.php index.html index.htm; try_files $uri $uri/ /index.php?$args; # Used to support pseudo-static settings in wordpress. } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } }

After adding the configuration, restart the nginx service

systemctl restart nginx

Finally, create a wordpress database in MySQL.

For example: the name of the WordPress database: define( 'DB_NAME', 'WordPress123' );

You need to use the command in MySQL or phpmyadmin to create a file namedWordPress123database, if you open the site, it will prompt a database connection error.

After configuring the database, logging in to the WordPress page, entering your site name, user account password and other related content, the site is successfully created. After logging in to the site backend, you must first modify the WordPress fixed link, enter the backend, and open the setting fixed link.
Fill in tegory%/%post_id% after the custom structure
Install the "No Category Base" plugin to remove the category directory /category/

Please refer to the remaining detailed configurationhigh quality boxSite content.