CNWHUD/notesToIngestIntoDendron/ChiefOperationsComplianceFinanceOfficer/ChiefInformationTechnologyOfficer/WebServerSetupNotes.md

# Notes for web server configuration

These notes capture actions taken to build the www vm around 9/15 to 10/1 2020.

## packages to install

* php stuff and other packages needed :

sudo apt install memcached php7.4 php7.4-mysqli php7.4-fpm php7.4-mbstring php7.4-xml php7.4-imap php7.4-json php7.4-zip php7.4-gd php7.4-curl php7.4-ldap php7.4-gd php7.4-gmp php-par php-apcu jq unzip python3-pip —no-install-recommends

* Modules for languages from upstream:

Python: pip3 install certbot-dns-ovh

## php modications

### memcache

root@www:/etc/php/7.4/fpm/conf.d# grep -v ^# 20-memcache.ini

extension=memcache.so

[memcache]

memcache.allow_failover="1"

memcache.max_failover_attempts="20"

memcache.default_port="11211"

memcache.hash_strategy="consistent"

session.save_handler="memcache"

session.save_path = 'tcp://10.251.51.1:11211,tcp://10.251.51.2:11211,tcp://10.251.51.3:11211'

memcache.redundancy=1

memcache.session_redundancy=4

### fpm (pool)

### php config

Timezone

## apache

### apache configuration mods needed

-- alter site config for fpm socket to php7.4-fpm (from 7.3) (socket path)

### apache modules needed

headers,deflate,rewrite,proxy,proxy_http,ssl,proxy_fcgi,cache_disk

### apache tweaks performed

1153 sudo a2dismod mpm_prefork

1154 sudo a2enmod mpm_event

1155 sudo apt install libapache2-mod-fcgid

1156 sudo a2enconf php7.2-fpm

1157 sudo a2enconf php7.-fpm

1158 sudo a2enconf php7.4-fpm

## scripts to load

newcert.sh

# !/bin/bash

certbot certonly \

--dns-cloudflare \

--dns-cloudflare-credentials /root/cfapi.ini \

-d $1

sandstorm-cert.sh

certbot certonly --manual --preferred-challenges dns --server <https://acme-v02.api.letsencrypt.org/directory> --manual-public-ip-logging-ok -d '*.sandstorm.turnsys.com' -d sandstorm.turnsys.com

## TSYS root ca and UCS DC root cert

root@www:/usr/local/share/ca-certificates# ls -l

total 12

drwxr-xr-x 2 root root 4096 Sep 28 20:43 extra

lrwxrwxrwx 1 root root 13 Sep 28 20:44 tsys-root.crt -> tsys-root.pem

-r--r--r-- 1 root root 822 Sep 28 20:43 tsys-root.pem

lrwxrwxrwx 1 root root 12 Sep 28 20:44 ucs-root.crt -> ucs-root.pem

-rw-r--r-- 1 root root 2094 Sep 28 20:43 ucs-root.pem

root@www:/usr/local/share/ca-certificates#
Nov 30, 2023, 12:03 PM 2023-11-30 18:03:56 +00:00			`# Notes for web server configuration`

			`These notes capture actions taken to build the www vm around 9/15 to 10/1 2020.`

			`## packages to install`

			`* php stuff and other packages needed :`

			`sudo apt install memcached php7.4 php7.4-mysqli php7.4-fpm php7.4-mbstring php7.4-xml php7.4-imap php7.4-json php7.4-zip php7.4-gd php7.4-curl php7.4-ldap php7.4-gd php7.4-gmp php-par php-apcu jq unzip python3-pip —no-install-recommends`

			`* Modules for languages from upstream:`

			`Python: pip3 install certbot-dns-ovh`

			`## php modications`

			`### memcache`

			`root@www:/etc/php/7.4/fpm/conf.d# grep -v ^# 20-memcache.ini`

			`extension=memcache.so`

			`[memcache]`

			`memcache.allow_failover="1"`

			`memcache.max_failover_attempts="20"`

			`memcache.default_port="11211"`

			`memcache.hash_strategy="consistent"`

			`session.save_handler="memcache"`

			`session.save_path = 'tcp://10.251.51.1:11211,tcp://10.251.51.2:11211,tcp://10.251.51.3:11211'`

			`memcache.redundancy=1`

			`memcache.session_redundancy=4`

			`### fpm (pool)`

			`### php config`

			`Timezone`

			`## apache`

			`### apache configuration mods needed`

			`-- alter site config for fpm socket to php7.4-fpm (from 7.3) (socket path)`

			`### apache modules needed`

			`headers,deflate,rewrite,proxy,proxy_http,ssl,proxy_fcgi,cache_disk`

			`### apache tweaks performed`

			`1153 sudo a2dismod mpm_prefork`

			`1154 sudo a2enmod mpm_event`

			`1155 sudo apt install libapache2-mod-fcgid`

			`1156 sudo a2enconf php7.2-fpm`

			`1157 sudo a2enconf php7.-fpm`

			`1158 sudo a2enconf php7.4-fpm`

			`## scripts to load`

			`newcert.sh`

			`# !/bin/bash`

			`certbot certonly \`

			`--dns-cloudflare \`

			`--dns-cloudflare-credentials /root/cfapi.ini \`

			`-d $1`

			`sandstorm-cert.sh`

			`certbot certonly --manual --preferred-challenges dns --server <https://acme-v02.api.letsencrypt.org/directory> --manual-public-ip-logging-ok -d '*.sandstorm.turnsys.com' -d sandstorm.turnsys.com`

			`## TSYS root ca and UCS DC root cert`

			`root@www:/usr/local/share/ca-certificates# ls -l`

			`total 12`

			`drwxr-xr-x 2 root root 4096 Sep 28 20:43 extra`

			`lrwxrwxrwx 1 root root 13 Sep 28 20:44 tsys-root.crt -> tsys-root.pem`

			`-r--r--r-- 1 root root 822 Sep 28 20:43 tsys-root.pem`

			`lrwxrwxrwx 1 root root 12 Sep 28 20:44 ucs-root.crt -> ucs-root.pem`

			`-rw-r--r-- 1 root root 2094 Sep 28 20:43 ucs-root.pem`

			`root@www:/usr/local/share/ca-certificates#`