We have a site running on CentOS/PHP/Apache stack. We want to migrate the whole site to Docker/PHP-FPM/Nginx using docker-compose.
So far we've set up plans for migrating pretty much everything except the domain and the existing ssl certificate .
How do we go about this ?
Nginx is up and running on port 80
ports:
- '9007:80'
How can we redirect the existing domain to the docker container and also use the existing ssl certificate ?
No need for the hassle, someone already did the work for you:
https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion
Its a fully configured auto-ssl docker, which does basically exactly what you need. Start your Website-Container with the following additional parameters (from the git-repo):
docker run -d -e VIRTUAL_HOST=your.domain.com \
-e LETSENCRYPT_HOST=your.domain.com \
-e LETSENCRYPT_EMAIL=your.email#your.domain.com \
--network=webproxy \
--name my_app \
httpd:alpine
I can only recommend it, its a great solution for hosting multiple projects on one server.
So, I have installed nginx in an EC2 instance that is running a RHEL OS. Everything is fine, except that I can't remotely edit the nginix conf file using SFTP client Cyberduck.
The problem is AWS EC2 seems to have a restriction on SFTP using root user. I installed nginx with sudo, guess it is saving the conf files with root priviledges. So when I sftp using ec2-user (since root is not allowed), Cyberduck simply complains that you can not save the file because conf file is owned by root.
So nginx developers out there, how do you handle this situation? For me it is really tedious to edit the conf file via ssh and vi editor in EC2 instance. That is why I prefer to edit it locally and sync. But I am not sure how to achieve this. I tried giving access to the conf folder to the ec2-user as per this post too. But invain!. Any help is appreciated.
PS: I installed the nginx using sources and here is the configure command with options I used:
./configure --sbin-path=/usr/bin/nginx --conf-path=/home/ec2-user/conf/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path==/var/log/nginx/access.log --with-pcre --pid-path=/var/run/nginx.pid --with-http_ssl_module --with-http_v2_module
I finally figured out that we can change the permissions of the root folder from where nginx is serving its contents, in this case /var/share/nginx/html to 777. Also ensure the permissions for files inside this folder have 666 permission.
sudo chmod 777 /var/share/nginx/html
sudo chmod 666 /var/share/nginx/html/*
Also enabled read/write permissions for all users for the configuration files as well. This enabled me remote editing the configs as well as html contents.
I'm setting up our Gitlab server and it works well when I disabled the seLinux.
How to fix the configuration of the seLinux to allow the gitlab work?
Environmnt:
CentOS 7.4.1708 and update all packages.
Gitlab 10.5.2
nginx 1.13.10
I've installed Gitlab and nginx and followed this link to configure to make the Gitlab work with installed nginx:
https://docs.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server
When I clicked the link to the Gitlab, I could not reach there and I found error message in /var/log/nginx/error.log:
2018/04/05 11:39:27 [crit] 4092#4092: *3 connect() to unix:/var/opt/gitlab/gitlab-workhorse/socket failed (13: Permission denied) while connecting to upstream, client: xx.xx.xx.xx, server: localhost, request: "POST /gitlab/api/v4/jobs/request HTTP/1.1", upstream: "http://unix:/var/opt/gitlab/gitlab-workhorse/socket:/gitlab/api/v4/jobs/request", host: "xx.xx.xx.xx"
After I changed the seLinux to 'permissive' mode, it worked well as expected.
And in the /var/log/audit/audit.log file, I found the message:
type=AVC msg=audit(1522905628.444:872): avc: denied { write } for pid=12407 comm="nginx" name="socket" dev="dm-2" ino=8871 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=sock_file
Then I tryed to follow the instruction below:
https://gitlab.com/gitlab-org/gitlab-recipes/tree/master/web-server/apache#selinux-modifications
but I cannot see the files/directories in it.
setsebool -P httpd_can_network_connect on
setsebool -P httpd_can_network_relay on
setsebool -P httpd_read_user_content on
semanage -i - <<EOF
fcontext -a -t user_home_dir_t '/home/git(/.*)?'
fcontext -a -t ssh_home_t '/home/git/.ssh(/.*)?'
fcontext -a -t httpd_sys_content_t '/home/git/gitlab/public(/.*)?'
fcontext -a -t httpd_sys_content_t '/home/git/repositories(/.*)?'
EOF
restorecon -R /home/git
git user's home directory is /var/opt/gitlab instead of /home/git
/var/opt/gitlab directory has no gitlab directori or repositories directory.
How can I configure the seLinux to work with my environment?
I'm currently figuring this out. The documentation is a mix of old and new info and lacks distinction between the standard and "Omnibus" install. The problem is they don't label their socket file properly to allow access by Nginx. I've had success running this after every time I run gitlab-ctl reconfigure:
chcon -t httpd_var_run_t /var/opt/gitlab/gitlab-workhorse/socket
And also don't forget these bits of setup:
usermod -aG git,gitlab-www nginx
chmod g+rx /var/opt/gitlab/
chown git:git /var/opt/gitlab
As well, I couldn't get Nginx to start with the provided config; I had to create a proxy cache directory:
mkdir /usr/share/nginx/proxy_cache
restorecon -vFR /usr/share/nginx
chown nginx /usr/share/nginx/proxy_cache/
Just had this issue myself (I'm even also using a CentOS server) and was able to solve it using the command posted by miken32
chcon -t httpd_var_run_t /var/opt/gitlab/gitlab-workhorse/socket
In my case I installed the Omnibus gitlab-ce package using the docs provided by Gitlab
Afterwards I followed the instructions for Using a non-bundled web-server. If you read carefully you'll notice the 5. Download the right web server configs paragraph that contains a link GitLab recipes repository.
Follow this link and you will find the configs for multiple different web server including the ones for nginx. Be careful since within the nginx web server directory you will be redirected to the GitLab official repository again...
Download the required config (with or without SSL etc.) into the /etc/nginx/conf.d/ directory (this is special for at least CentOS). Carefully inspect the downloaded file since you will need to modify it with correct paths for the Omnibus package.
Also don't forget to give nginx access to git group as mentioned in the documentation. I'm not sure if really necessary but my nginx user is also member of the gitlab-www group.
After all this I was still unable to launch the gitlab site. The browser just showed up with the 502 error page.
The /var/log/nginx/gitlab-error.log showed a permission denied error for the workhorse socket which lead me to this page and can be solved (at least in my case) with the command provided by miken32.
I've created and launched my WordPress site on AWS using EC2. I followed this tutorial to create the site. Its currently mapped to a domain using Route 53. All development on the site is done online in my instance.
I would now like to install an SSL Certificate on my site. How would I do so?
If you created WordPress on AWS using "Bitnami",
you may ssh to your instance and run:
sudo /opt/bitnami/bncert-tool
See bitnami docs for details
If you're looking for easy and free solution, try https://letsencrypt.org/. They have a easy to follow doc for anyone.
TLDR; Head to https://certbot.eff.org/, choose your OS and server type and they will give you 4-5 line installation to install certificate automatically.
Before attempting, make sure your domain name is correctly pointed to your EC2 using Route53 or Elastic IP.
For example, here's all you need to run to automatically get and install SSL on a Ubuntu EC2 running nginx
$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx
Best of luck!
This tutorial provides a simple 3 step guide to setting up your Wordpress on AWS using LetsEncrypt / Certbot:
https://blog.brainycheetah.com/index.php/2018/11/02/wordpress-switching-to-https-ssl-hosted-on-aws/
Step 1: Get SSl certificate
Step 2: Configure redirects
Step 3: Update firewall
At each stage replace 'example.com' with your own site address.
Install certbot:
$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache
Create certificates:
$ sudo certbot --apache -m admin#example.com -d example.com -d www.example.com
To configure redirects, first open the wp-config file:
$ sudo vim /var/www/html/example.com/wp-config.php
Insert the following above the "stop editing" comment line:
// HTTPS configuration
define('WP_HOME','https://example.com');
define('WP_SITEURL','https://example.com');
define('FORCE_SSL_ADMIN', true);
And finally, update firewall via the AWS console:
Login to your AWS control panel for your EC2 / Lightsail instance
Select the Networking tab Within the Firewall section, just below
the table
Select Add another
Custom and TCP should be pre-populated within the first two fields by default, leave these as they are
Within the Port range field enter 443 Select Save
Then just reload your apache config:
sudo service apache2 reload
And you should be good to go.
According to the Tutorial, since you have configured only an EC2 instance, direct approach is to purchase a SSL certificate and install it into apache server. For detailed steps follow the tutorial
HOW TO ADD SSL AND HTTPS IN WORDPRESS
How to Add SSL and HTTPS in WordPress.
If you plan to use AWS Certificate Manager issued free SSL certificates, then it requires either to configure a Elastic Load Balancer or the CDN CloudFront. This can get complicated if you are new to AWS. If you plan to give it a try with AWS Cloudfront, follow the steps in How To Use Your Own Secure Domain with CloudFront.
Using Cloudfront also provides a boost in performance since it caches your content and reduces the load from your EC2 instance. However one of the challenges you will face is to avoid mixcontent issues. There are WordPress plugins that are capable of resolving mixcontent issues, so do try them out.
This is how I enabled SSL on my WordPress website.
I have used the Lets Encyprpt X.509 Certificates. Lets Encrypt is a certificate authority that provides x.509 Certificates in an automated fashion for free. You can find more information about lets encrypt [here][2]
Steps to follow:
SSH into the instance and switch to root.
Download Certbot
wget https://dl.eff.org/certbot-auto
Chmod a+x certbot-auto
Run certbot to fetch the certificates
sudo ./certbot-auto --debug -v --server https://acme-v01.api.letsencrypt.org/directory certonly -d "your-domain-name"
A wizard would be launched asking you select options for Apache, WebRoot, and Standalone. Select the WebRoot option and continue.Note the directory of your domain
Usually /var/www/html will be your directory for your domain. After success you will have three certificates in the following paths
Certificate: /etc/letsencrypt/live/<<<"Domain-Name">>>/cert.pem
Full Chain: /etc/letsencrypt/live/<<<"Domain-Name">>>/fullchain.pem
Private Key: /etc/letsencrypt/live/<<<"Domain-Name">>>/privkey.pem
Copy the pem file paths to /etc/httpd/conf.d/ssl.conf. Then restart the apache
Service httpd restart
And Finally, I have enabled the Really Simple SSL Plugin in wordpress. Thats it!
I installed it by running sudo apt-get install phpymyadmin and then running
sudo ln -s /usr/share/phpmyadmin/ /usr/share/nginx/html and sudo service nginx restart
but it's not working.
Note: I didn't select any of the apache2 or lighttpd options when installing.
Option 1:
This will install the latest version of PhpMyAdmin from a shell script I've written. You are welcome to check it out on Github.
Run the following command from your code/projects directory:
curl -sS https://raw.githubusercontent.com/grrnikos/pma/master/pma.sh | bash
Option 2:
This will install PhpMyAdmin (not the latest version) from Ubuntu's repositories. Assuming that your projects live in /home/vagrant/Code :
sudo apt-get install phpmyadmin Do not select apache2 nor lighttpd when prompted. Just hit tab and enter.
sudo ln -s /usr/share/phpmyadmin/ /home/vagrant/code/phpmyadmin
cd ~/Code && serve phpmyadmin.test /home/vagrant/code/phpmyadmin
Note: If you encounter issues creating the symbolic link on step 2, try the first option or see Lyndon Watkins' answer below.
Final steps:
Open the /etc/hosts file on your main machine and add:
127.0.0.1 phpmyadmin.test
Go to http://phpmyadmin.test:8000
Step 1:
Go to the phpMyAdmin website, download the latest version and unzip it into your code directory
Step 2:
Open up homestead.yaml file and add these lines
folders:
- map: /Users/{yourName}/Code/phpMyAdmin
to: /home/vagrant/Code/phpMyAdmin
sites:
- map: phpmyadmin.test
to: /home/vagrant/Code/phpMyAdmin
Step 3:
Open your hosts file and add this line:
127.0.0.1 phpmyadmin.test
Step 4:
You may need to run vagrant provision to load the new configuration if vagrant is already running.
Thats it
Go to http://phpmyadmin.test:8000. It should work from there. Great thing about this method is that if you ever need to destroy your box, you won't ever have to set up phpMyAdmin again so long as you keep your homestead.yaml file and phpMyAdmin in your code directory.
===========
Important update from DaneSoul:
I tried this instruction on Homestead 5.3 and have met a problem "No input file specified" when trying open http://phpmyadmin.test.
And finnaly I found solution:
You need unpack phpmyadmin to
/home/vagrant/Code/phpMyAdmin/public
And write in homestead.yaml
- map: phpmyadmin.test
to: /home/vagrant/Code/phpMyAdmin/public
So almost all the same, but this /public directory in paths makes it working!
Also, in my configuration I use http://phpmyadmin.test, not http://phpmyadmin.test:8000.
Update Note: Follow this article to change your domain extension.
The answer from Nikos Gr worked for me; however I needed to amend steps 2 and 3 as my host system has issues creating the symlink.
I changed:
sudo ln -s /usr/share/phpmyadmin/ /home/vagrant/Code/phpmyadmin
cd ~/Code && serve phpmyadmin.app /home/vagrant/Code/phpmyadmin
To:
cd ~/Code && serve phpmyadmin.app /usr/share/phpmyadmin/
(Couldn't comment on the original solution as my rep isn't high enough!)
A simplified version of Jyeon's Answer. You don't need to share the ~/Code folder in the Homestead.yaml file:
folders:
- map: /Users/{yourName}/Code/phpMyAdmin
to: /home/vagrant/Code/phpMyAdmin
Just download the latest version of PhpMyAdmin from PhpMyAdmin and put the unzipped file in the ~/Code/phpMyAdmin folder and just follow the 2 step here:
Step 1:
Open up homestead.yaml file and add these lines
sites:
- map: phpmyadmin.app
to: /home/vagrant/Code/phpMyAdmin
Step 3:
Open up your hosts file and add this line:
192.168.10.10 phpmyadmin.app
Now run the vagrant reload --provision command and you're good to go.
Open up the phpmyadmin.app address in your browser and you'll see the phpmyadmin interface.
Install phpMyAdmin
SSH into Homestead vagrant box with vagrant ssh and type the following command:
sudo apt-get install phpmyadmin
When prompted to select the Web server, select apache2 and press Enter, just to get pass it.
When prompted to config database for phpmyadmin with dbconfig-common, select Yes and press Enter.
When prompted for Password of the database's administrative user, enter secret and press Enter.
When prompted for MySQL application password for phpmyadmin, enter secret and press Enter.
When prompted for Password confirmation, enter secret again and press Enter.
Then Create and config site for Nginx
sudo ln -s /usr/share/phpmyadmin/ /usr/share/nginx/html/phpmyadmin
cd /etc/nginx/sites-available
sudo cp homestead.app phpmyadmin.app
sudo sed -i 's/homestead.app/phpmyadmin.app/g' /etc/nginx/sites-available/phpmyadmin.app
sudo sed -i 's/home\/vagrant\/Code\/Laravel\/public/usr\/share\/nginx\/html\/phpmyadmin/g' /etc/nginx/sites-available/phpmyadmin.app
sudo ln -s /etc/nginx/sites-available/phpmyadmin.app /etc/nginx/sites-enabled/phpmyadmin.app
sudo service nginx restart
sudo service php5-fpm retart
Adding phpMyAdmin.app to your hosts file
127.0.0.1 phpmyadmin.app
Navigate to http://phpmyadmin.app:8000 and you should now see phpMyAdmin login page.
More info available here if you need it
A variation on Nikos Gr's answer that seemed a bit simpler (in that it doesn't require a new symbolic link for each project on your Homestead box) and worked for me.
Inside the Homestead box, run sudo apt-get install phpmyadmin. Don't select any of the options during install.
On your host machine, add the following lines to your Homestead.yaml file:
- map: phpmyadmin.dev
to: /usr/share/phpmyadmin
On your host machine, add the following line to your hosts file:
192.168.10.10 phpmyadmin.dev
...and Homestead's phpMyAdmin will be available at phpmyadmin.dev
You can install phpmyadmin automatically when you vagrant up or provision your homestead by adding the following snippet to your Homestead\scripts\homestead.rb file after # Update Composer On Every Provision
# Install phpMyAdmin on every provision
config.vm.provision "shell" do |s|
s.inline = "curl -sS https://raw.githubusercontent.com/grrnikos/pma/master/pma.sh | sh"
end
Your hoomestead.rb file should now look somehow like this
class Homestead
def Homestead.configure(config, settings)
# Configure The Box
config.vm.box = "laravel/homestead"
config.vm.hostname = "homestead"
# Configure A Private Network IP
config.vm.network :private_network, ip: settings["ip"] ||= "192.168.10.10"
some other entries are truncated to keep this short
# Update Composer On Every Provision
config.vm.provision "shell" do |s|
s.inline = "/usr/local/bin/composer self-update"
end
# Install phpMyAdmin on every provision
config.vm.provision "shell" do |s|
s.inline = "curl -sS https://raw.githubusercontent.com/grrnikos/pma/master/pma.sh | sh"
end
# Configure Blackfire.io
if settings.has_key?("blackfire")
config.vm.provision "shell" do |s|
s.path = "./scripts/blackfire.sh"
s.args = [settings["blackfire"][0]["id"], settings["blackfire"][0]["token"]]
end
end
end
end
Save file and run vagrant destroy then vagrant up or just vagrant reload
NB: This uses Nikos Gr script located here https://raw.githubusercontent.com/grrnikos/pma/master/pma.sh
Finally it worked for me, few things I had to fix:
Homestead.yaml file:
- map: phpmyadmin.test
to: /home/vagrant/code/phpmyadmin/
I had to delete /public from the end. I installed phpmyadmin (after vagrant ssh command from Homestead directory) into the 'code' folder where the other projects are. When 'code' is with lowercase, it has to be everywhere so (or other way around): folder name, yaml file or even after installation performing these commands:
sudo ln -s /usr/share/phpmyadmin/ /home/vagrant/code/phpmyadmin
cd ~/code && serve phpmyadmin.test /home/vagrant/code/phpmyadmin
This is the most simple solution. No mapping and all needed.
Download latest phpmyadmin version from here https://www.phpmyadmin.net/downloads
Make a folder named phpmyadmin inside your main root/public folder and unzip phpmyadmin here.
Run yourwebsite.com/phpmyadmin
I am writing here the way I followed to make my local vagrant environment work-friendly.
Step 1 - Start the vagrant and login
vagrant up
vagrant ssh
Step 2 - Go to your correct directory. (Depends on your file tree)
cd <VagrantDirectory>
Step 3 - Install phpmyadmin.
curl -sS https://raw.githubusercontent.com/grrnikos/pma/master/pma.sh | bash
Step 4 - Configure the Homestead.yaml
map: phpmyadmin.test
to: /home/vagrant/<VagrantDirectory>/phpmyadmin
Step 5 - Reload the vagrant.
vagrant reload
Step 6 - Configure phpmyadmin
Go to your phpmyadmin directory. Copy config.sample.inc.php to config.inc.php
cp config.sample.inc.php config.inc.php
Step 7 - Edit config.inc.php with your text editor and place your new configuration there.
//Comment out the old configuration that was already here.
$cfg['Servers'][$i]['auth_type'] = 'config';
$cfg['Servers'][$i]['host'] = 'localhost'; // Also works with the IP address.
$cfg['Servers'][$i]['user'] = 'homestead'; // Username of MySQL, Default is homestead.
$cfg['Servers'][$i]['password'] = 'secret'; // Password. Default password is secret
$cfg['Servers'][$i]['extension'] = 'mysqli';
$cfg['Servers'][$i]['compress'] = false;
$cfg['Servers'][$i]['AllowNoPassword'] = false;
$cfg['CheckConfigurationPermissions'] = false; // Since you are on local, Leave this false.
Step 8 - Now browse your fresh PHPMyAdmin on your favorite browser.
http://phpmyadmin.test
For another alternative that I found super simple and that worked right out of the box I set up a new Nginx site from inside the Homestead box using the serve.sh script:
serve adminer.app /home/vagrant/Code/adminer/
And then in there I dropped the one page successor to phpmyadmin, Adminer. I also renamed it to "index.php" to make it just work. Then after adding the adminer.app entry to my hosts file I was good to go.
Had not used a web based MySQL interface in years since I just didn't like maintaining phpMyAdmin but this one is sweet. One file (plus an optional CSS file if you want a nicer theme) and that is all. Easy to maintain and update.
As I couldn't comment on the Jyeon solution as my rep isn't high enough, I contribute with this answer; worked for me in Linux (openSUSE Leap) with Vagrant 1.8.1 and laravel/homestead (virtualbox, 0.4.0):
Step 1:
Go to phpMyAdmin website, download the latest version and unzip it into your project directory.
Step 2:
Add to your Homestead.yaml file the following lines:
folders:
- map: ~/Code/phpMyAdmin
to: /home/vagrant/Code/phpMyAdmin
Sites:
- map: phpmyadmin.app
to: /home/vagrant/Code/phpMyAdmin
Step 3:
Add to your hosts file the following line:
192.168.10.10 phpmyadmin.app
Step 4:
After start your vagrant environment and connects to machine via SSH, set your virtual host to work with phpMyAdmin with the command serve:
cd ~/Code
serve phpmyadmin.app /home/vagrant/Code/phpMyAdmin/
Thats it!
Go to http://phpmyadmin.app it should work, and you can login with your user and password homestead default. The great thing about this method is that you can set up your phpmyadmin so long as you keep it in your Homestead.yaml file and phpMyAdmin in your Code directory.
In my case accepted solution works ok except:
$ cd ~/Code && serve phpmyadmin.app /home/vagrant/Code/phpmyadmin
dos2unix: converting file /vagrant/scripts/serve.sh to Unix format ...
* Restarting nginx nginx [fail]
php5-fpm stop/waiting
php5-fpm start/running, process 4112
For an unknown reason serve command files creating configuration file as seen in:
$ sudo tail -f /var/log/nginx/error.log
2015/03/18 11:54:16 [emerg] 3671#0: invalid number of arguments in "listen" directive in /etc/nginx/sites-enabled/phpmyadmin.app:2
Edit config:
$ editor /etc/nginx/sites-enabled/phpmyadmin.app
and add 80 to Listen directive at line 2. Apply changes with:
$ sudo service nginx reload
adminer index file is located in adminer/adminer so try :
serve adminer.app /home/vagrant/Code/adminer/adminer
I installed phpMyAdmin from here
then put these settings in config.inc.php:
/* Server parameters */
$cfg['Servers'][$i]['host'] = '127.0.0.1';
$cfg['Servers'][$i]['port'] = '33060';
$cfg['Servers'][$i]['compress'] = false;
$cfg['Servers'][$i]['AllowNoPassword'] = false;
and opened via Apache (I had a xampp). In my case i placed phpMyAdmin in D:\xampp\htdocs\pma which allowed me to open at localhost/pma url.
Everything worked!