# Notes for web server configuration These notes capture actions taken to build the www vm around 9/15 to 10/1 2020. ## packages to install * php stuff and other packages needed : sudo apt install memcached php7.4 php7.4-mysqli php7.4-fpm php7.4-mbstring php7.4-xml php7.4-imap php7.4-json php7.4-zip php7.4-gd php7.4-curl php7.4-ldap php7.4-gd php7.4-gmp php-par php-apcu jq unzip python3-pip —no-install-recommends * Modules for languages from upstream: Python: pip3 install certbot-dns-ovh ## php modications ### memcache root@www:/etc/php/7.4/fpm/conf.d# grep -v ^# 20-memcache.ini extension=memcache.so [memcache] memcache.allow_failover="1" memcache.max_failover_attempts="20" memcache.default_port="11211" memcache.hash_strategy="consistent" session.save_handler="memcache" session.save_path = 'tcp://10.251.51.1:11211,tcp://10.251.51.2:11211,tcp://10.251.51.3:11211' memcache.redundancy=1 memcache.session_redundancy=4 ### fpm (pool) ### php config Timezone ## apache ### apache configuration mods needed -- alter site config for fpm socket to php7.4-fpm (from 7.3) (socket path) ### apache modules needed headers,deflate,rewrite,proxy,proxy_http,ssl,proxy_fcgi,cache_disk ### apache tweaks performed 1153 sudo a2dismod mpm_prefork 1154 sudo a2enmod mpm_event 1155 sudo apt install libapache2-mod-fcgid 1156 sudo a2enconf php7.2-fpm 1157 sudo a2enconf php7.-fpm 1158 sudo a2enconf php7.4-fpm ## scripts to load newcert.sh # !/bin/bash certbot certonly \ --dns-cloudflare \ --dns-cloudflare-credentials /root/cfapi.ini \ -d $1 sandstorm-cert.sh certbot certonly --manual --preferred-challenges dns --server --manual-public-ip-logging-ok -d '*.sandstorm.turnsys.com' -d sandstorm.turnsys.com ## TSYS root ca and UCS DC root cert root@www:/usr/local/share/ca-certificates# ls -l total 12 drwxr-xr-x 2 root root 4096 Sep 28 20:43 extra lrwxrwxrwx 1 root root 13 Sep 28 20:44 tsys-root.crt -> tsys-root.pem -r--r--r-- 1 root root 822 Sep 28 20:43 tsys-root.pem lrwxrwxrwx 1 root root 12 Sep 28 20:44 ucs-root.crt -> ucs-root.pem -rw-r--r-- 1 root root 2094 Sep 28 20:43 ucs-root.pem root@www:/usr/local/share/ca-certificates#