diff --git a/docs/Mint/Mint.md b/docs/Mint/Mint.md new file mode 100644 index 0000000..a7a6ff3 --- /dev/null +++ b/docs/Mint/Mint.md @@ -0,0 +1,681 @@ +# Linux Mint + + + +#### Configuration matérielle: + +```bash +System: + Host: MintBook + Kernel: 4.15.0-50-generic x86_64 bits: 64 compiler: gcc v: 7.3.0 + Desktop: Cinnamon 4.0.10 wm: muffin dm: LightDM + Distro: Linux Mint 19.1 Tessa base: Ubuntu 18.04 bionic +``` + +```bash +Machine: + Type: Laptop System: Apple product: MacBookPro11,3 +``` + + + +#### Firefox (et Thunderbird) en français: + +-gestionnaire de paquets Synaptic. Chercher Firefox et installer le paquet de langue Fr +-dans `about:config` mettre `'fr'` à l'option `'general.useragent.locale'` + + + +#### Installer Nginx: + +```bash +$ sudo apt-get install nginx +``` + +**Version de Nginx:** + +```bash +$ nginx -v +nginx version: nginx/1.14.0 (Ubuntu) +``` + +**Démarrer,activer et vérifier l'étât du service Nginx.** + +```bash +$ sudo systemctl start nginx.service +$ sudo systemctl enable nginx.service +$ sudo systemctl status nginx.service +``` + + + +https://www.nginx.com/resources/wiki/start/ + +https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ + +https://wiki.debian.org/Nginx/DirectoryStructure + +**Arborescence:** + +```bash +bruno@MintBook:/etc/nginx$ tree +. +├── conf.d +├── fastcgi.conf +├── fastcgi_params +├── koi-utf +├── koi-win +├── mime.types +├── modules-available +├── modules-enabled +│   ├── 50-mod-http-geoip.conf -> /usr/share/nginx/modules-available/mod-http-geoip.conf +│   ├── 50-mod-http-image-filter.conf -> /usr/share/nginx/modules-available/mod-http-image-filter.conf +│   ├── 50-mod-http-xslt-filter.conf -> /usr/share/nginx/modules-available/mod-http-xslt-filter.conf +│   ├── 50-mod-mail.conf -> /usr/share/nginx/modules-available/mod-mail.conf +│   └── 50-mod-stream.conf -> /usr/share/nginx/modules-available/mod-stream.conf +├── nginx.conf +├── proxy_params +├── scgi_params +├── sites-available +│   └── default +├── sites-enabled +│   └── default -> /etc/nginx/sites-available/default +├── snippets +│   ├── fastcgi-php.conf +│   └── snakeoil.conf +├── uwsgi_params +└── win-utf +``` + +**Configuration:** + +Créer un fichier qui contiendra les configurations du site dans le répertoire `/etc/nginx/sites-available/`. +Le dossier contient déjà un fichier par défaut: `/etc/nginx/sites-available/default` + +```bash +$ cd /etc/nginx/sites-available/ +$ sudo cp default mint +$ sudo gedit mint +``` + +Modifier les lignes: + +- root: le dossier root du site +- index: ajouter index.php +- server_name + +Dé-commenter les lignes: + +- include snippets/fastcgi-php.conf; +- fastcgi_pass unix:/run/php/php7.2-fpm.sock; + +```nginx +server { + listen 80 default_server; + listen [::]:80 default_server; + + # SSL configuration + # + # listen 443 ssl default_server; + # listen [::]:443 ssl default_server; + # + # Note: You should disable gzip for SSL traffic. + # See: https://bugs.debian.org/773332 + # + # Read up on ssl_ciphers to ensure a secure configuration. + # See: https://bugs.debian.org/765782 + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + # include snippets/snakeoil.conf; + + root /home/bruno/Sites; + + # Add index.php to the list if you are using PHP + index index.php index.html index.htm; + + server_name mintbook.local; + + access_log /var/log/nginx/access_log; + error_log /var/log/nginx/error_log; + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; + } + + # pass PHP scripts to FastCGI server + # + location ~ \.php$ { + include snippets/fastcgi-php.conf; + # + # # With php-fpm (or other unix sockets): + fastcgi_pass unix:/run/php/php7.2-fpm.sock; + # + # # With php-cgi (or other tcp sockets): + # fastcgi_pass 127.0.0.1:9000; + } + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} +``` + + + +Déclarer le socket Unix de PHP-FPM au niveau de Nginx: il faut modifier ou créer le fichier `/etc/nginx/conf.d/php7-fpm.conf` + +```nginx +upstream php7.2-fpm-sock { + server unix:/run/php/php7.2-fpm.sock; +} +``` + + + +Créer ensuite un lien symbolique de ce fichier dans le répertoire `/etc/nginx/sites-enabled/` afin d’activer le site. + + Il est à noter que pour désactiver le site temporairement il suffit de supprimer le lien symbolique qui est dans `sites-enabled` et pour le réactiver, il faut refaire un lien symbolique avec le fichier qui se trouve dans `site-available`. + +```bash +$ cd /etc/nginx/sites-enabled/ +$ ln -s /etc/nginx/sites-available/mint mint + +$ ls -la +total 8 +drwxr-xr-x 2 root root 4096 mai 30 12:56 . +drwxr-xr-x 8 root root 4096 mai 30 10:40 .. +lrwxrwxrwx 1 root root 34 mai 30 10:40 default -> /etc/nginx/sites-available/default +lrwxrwxrwx 1 root root 31 mai 30 12:56 mint -> /etc/nginx/sites-available/mint + +$ sudo rm default +``` + + + +**Tester la configuration Nginx:** + +```bash +$ sudo nginx -t +nginx: the configuration file /etc/nginx/nginx.conf syntax is ok +nginx: configuration file /etc/nginx/nginx.conf test is successful +``` + +**Relancer Nginx:** + +```bash +$ sudo service nginx reload +``` + + + +**Commandes Nginx:** + +Démarrer nginx: `$ sudo systemctl start nginx` + +Arrêter nginx: `$ sudo systemctl stop nginx` + +Redémarrer nginx: `$ sudo systemctl restart nginx` + +Recharger nginx après une modification de configuration: `$ sudo systemctl reload nginx` + +Désactiver le démarrage auto de nginx avec le système: `$ sudo systemctl disable nginx` + +Activer le démarrage auto de nginx avec le système: `$ sudo systemctl enable nginx` + + + +**Vérifier l'étât de Nginx:** + +```bash +$ systemctl status nginx +● nginx.service - A high performance web server and a reverse proxy server + Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled) + Active: active (running) since Thu 2019-05-30 10:40:04 CEST; 21h ago + Docs: man:nginx(8) + Main PID: 19485 (nginx) + Tasks: 9 (limit: 4915) + CGroup: /system.slice/nginx.service + ├─19485 nginx: master process /usr/sbin/nginx -g daemon on; master_process on; + ├─30594 nginx: worker process + ├─30595 nginx: worker process + ├─30596 nginx: worker process + ├─30597 nginx: worker process + ├─30598 nginx: worker process + ├─30599 nginx: worker process + ├─30600 nginx: worker process + └─30601 nginx: worker process +``` + + + +#### HTTPS: + +**Créer une clé et un certificat. auto-signé:** + +```bash +$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/mintbook.local.key -out /etc/ssl/certs/mintbook.local.crt +[sudo] password for bruno: +Generating a 2048 bit RSA private key +...........+++ +.................+++ + +## writing new private key to '/etc/ssl/private/mintbook.local.key' + +You are about to be asked to enter information that will be incorporated +into your certificate request. +What you are about to enter is what is called a Distinguished Name or a DN. +There are quite a few fields but you can leave some blank +For some fields there will be a default value, + +## If you enter '.', the field will be left blank. + +Country Name (2 letter code) [AU]:FR +State or Province Name (full name) [Some-State]:Bourgogne +Locality Name (eg, city) []:Dijon +Organization Name (eg, company) [Internet Widgits Pty Ltd]:clicclac.info +Organizational Unit Name (eg, section) []:Web +Common Name (e.g. server FQDN or YOUR name) []:mintbook.local +Email Address []:enzo@clicclac.info +``` + +**Paramètres Diffie-Hellman (DH):** + +``` +$ sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 +Generating DH parameters, 2048 bit long safe prime, generator 2 +This is going to take a long time +..........................................+.....+.. +``` + + + +```bash +$ sudo nano /etc/nginx/snippets/self-signed.conf +``` + +```ini +ssl_certificate /etc/ssl/certs/mintbook.local.crt; +ssl_certificate_key /etc/ssl/private/mintbook.local.key; +``` + + + +```bash +$ sudo nano /etc/nginx/snippets/ssl-params.conf +``` + +```ini +ssl_protocols TLSv1.2; +ssl_prefer_server_ciphers on; +ssl_dhparam /etc/ssl/certs/dhparam.pem; +ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; +ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 +ssl_session_timeout 10m; +ssl_session_cache shared:SSL:10m; +ssl_session_tickets off; # Requires nginx >= 1.5.9 +ssl_stapling on; # Requires nginx >= 1.3.7 +ssl_stapling_verify on; # Requires nginx => 1.3.7 +resolver 8.8.8.8 8.8.4.4 valid=300s; +resolver_timeout 5s; + +# Disable strict transport security for now. You can uncomment the following + +# line if you understand the implications. + +# add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; + +add_header X-Frame-Options DENY; +add_header X-Content-Type-Options nosniff; +add_header X-XSS-Protection "1; mode=block"; +``` + + + +```bash +$ cd /etc/nginx/sites-available +$ sudo cp mint mint-ssl +$ sudo gedit mint-ssl +``` + +```ini +# SSL configuration +# +listen 443 ssl default_server; +listen [::]:443 ssl default_server; +# +# Note: You should disable gzip for SSL traffic. +# See: https://bugs.debian.org/773332 +# +# Read up on ssl_ciphers to ensure a secure configuration. +# See: https://bugs.debian.org/765782 +# +# Self signed certs generated by the ssl-cert package +# Don't use them in a production server! +# +# include snippets/snakeoil.conf; +include snippets/self-signed.conf; +include snippets/ssl-param.conf; +``` + + +#### Installer PHP: + +```bash +$ sudo apt-get install php-fpm +``` + +```bash +$ which php +/usr/bin/php + +$ php -v +PHP 7.2.17-0ubuntu0.18.04.1 (cli) (built: Apr 18 2019 14:12:38) ( NTS ) +Copyright (c) 1997-2018 The PHP Group +Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies + with Zend OPcache v7.2.17-0ubuntu0.18.04.1, Copyright (c) 1999-2018, by Zend Technologies +``` + + + +**Configurer PHP-FPM:** + +- PHP et Nginx sur la même machine => socket Unix +- PHP et Nginx sur la même machine => socket TCP + + + +```bash +$ sudo gedit /etc/php/7.2/fpm/pool.d/www.conf +``` + +Vérifier que PHP-Fpm utilise le Socket Unix (NGINX et PHP sur la même machine): + +```bash +;listen = 127.0.0.1:9000 +listen = /run/php/php7.2-fpm.sock +``` + + + +**Configurer PHP.ini:** + +```bash +$ nano /etc/php/7.2/fpm/php.ini +``` + +```ini +file_uploads = On +allow_url_fopen = On +memory_limit = 256M +upload_max_filesize = 64M +cgi.fix_pathinfo = 0 +upload_max_filesize = 100M +max_execution_time = 360 +date.timezone = Europe/Paris +``` + +*cgi.fix_pathinfo : l’activation de ce paramètre permet à PHP de n’accepter que les URI qui existent réellement sur le serveur.* + + + +**Configurer Nginx:** + +```bash +$ sudo gedit /etc/nginx/sites-availables +``` + +Activer php: + +```nginx +location ~ \.php$ { + include snippets/fastcgi-php.conf; +# +# # With php-fpm (or other unix sockets): + fastcgi_pass unix:/run/php/php7.2-fpm.sock; +# +# # With php-cgi (or other tcp sockets): +# fastcgi_pass 127.0.0.1:9000; +} +``` + +Redémarrer le service php-fpm: + +```bash +$ sudo service php7.2-fpm restart +``` + + + +**Installer les modules PHP manquants:** + +Dans le Gestionnaire de paquets Synaptic, installer les modules GD, MySQL... + +Manque: apcu, gmp, odbc, yaml + +ou + +```bash +$ sudo apt-cachesearch php- | less +$ sudo apt-get install "module name" +$ sudo apt-cache show "module name" +``` + + + +#### Installer MySQL (MariaDB): + +```bash +$ sudo apt-get -y install mariadb-server mariadb-client +``` + +**Démarrer, activer et vérifier l'étât du service MariaDB:** + +```bash +$ sudo systemctl start mysql.service +$ sudo systemctl enable mysql.service +$ sudo systemctl status mysql.service +``` + + + +**Securiser l'installation de MariaDB:** + +```bash +$ sudo mysql_secure_installation + +Enter current password for root (enter for none): Enter Your Current Password +OK, successfully used password, moving on... + +Set root password? [Y/n] n + ... skipping. + +Remove anonymous users? [Y/n] y + ... Success! + +Disallow root login remotely? [Y/n] y + ... Success! + +Remove test database and access to it? [Y/n] y + +- Dropping test database... + ... Success! +- Removing privileges on test database... + ... Success! + +Reload privilege tables now? [Y/n] y + ... Success! + +Cleaning up... + +All done! If you've completed all of the above steps, your MariaDB +installation should now be secure. + +Thanks for using MariaDB! +``` + +~~l/p: root/sncfp1p2~~ + + + +Desinstaller mysql:** + +```bash + $ sudo service mysql stop + $ sudo apt-get remove --purge mysql* + $ sudo apt-get autoremove + $ sudo apt-get autoclean + $ sudo rm -rf /var/lib/mysql + $ sudo rm -rf /etc/mysql +``` + + + +**Se connecter à MySQL:** + +```bash +$ sudo mysql -u root -p +Enter password: +Welcome to the MariaDB monitor. Commands end with ; or \g. +Your MariaDB connection id is 49 +Server version: 10.1.38-MariaDB-0ubuntu0.18.04.2 Ubuntu 18.04 + +Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. + +Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. + +MariaDB [(none)]> +``` + + + +**Depuis ubuntu 18.04** + +Se logguer dans mysql en root. + +Créer un utilisateur et lui donner tous les droits: + +```mysql +CREATE USER 'username'@'localhost' IDENTIFIED BY 'the_password'; +GRANT ALL PRIVILEGES ON *.* TO 'username'@'localhost' WITH GRANT OPTION; +``` + +Créer un utilisateur avec le même nom et lui donner tous les droits: + +```mysql +CREATE USER 'username'@'%' IDENTIFIED BY 'the_password'; +GRANT ALL PRIVILEGES ON *.* TO 'username'@'%' WITH GRANT OPTION; +``` + +Le compte 'username'@‘localhost' est utilisé quand on se connecte depuis la machine locale. +Le compte 'username'@'%' est utilisé pour se connecter depuis n'importe quelle machine. + +```mysql +SHOW GRANTS FOR username; +FLUSH PRIVILEGES; +``` + + + +#### Configurer le firewall ubuntu: + +```bash +$ sudo ufw app list +[sudo] password for bruno: +Available applications: + CUPS + Nginx Full + Nginx HTTP + Nginx HTTPS + syncthing + syncthing-gui +``` + +Liste les profils disponibles: + +Profile Nginx Full: ouvre les ports 80 (http) et 443 (https) +Profile Nginx HTTP: ouvre les ports 80 (http) +Profile Nginx HTTPS: ouvre les ports 443 (https) + + + +**Active le profile Nginx Full:** + +```bash +$ sudo ufw allow 'Nginx Full' +Rule added +Rule added (v6) +``` + +**Status du firewall:** + +```bash +$ sudo ufw status +Status: active + +To Action From + +------ + +Nginx Full ALLOW Anywhere +Nginx Full (v6) ALLOW Anywhere (v6) +``` + + + +#### SSH: + +**Créer une clé SSH:** + +```bash +$ ssh-keygen -t rsa -b 4096 -C "Clé sur MintBook" +Generating public/private rsa key pair. +Enter file in which to save the key (/home/bruno/.ssh/id_rsa): +Created directory '/home/bruno/.ssh'. +Enter passphrase (empty for no passphrase): +Enter same passphrase again: +Your identification has been saved in /home/bruno/.ssh/id_rsa. +Your public key has been saved in /home/bruno/.ssh/id_rsa.pub. +The key fingerprint is: +SHA256:DvdgIfk9VTr4jQHW2/ehbu/1tX8iMkRAlcpfEwbud+M Clé sur MintBook +The key's randomart image is: ++---[RSA 4096]----+ +| ...=+ . | +| ..o.o+o | +| o..oo.=+ | +| oo+.o+=...| +| . So+.+.=.o| +| = ooo + ..| +| ... . E o| +| o .o. *| +| o..o==| ++----[SHA256]-----+ +``` + + + +**Installer Typora:** + +```bash +wget -qO - https://typora.io/linux/public-key.asc | sudo apt-key add - + +# or use +# sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys BA300B7755AFCFAE + + +# add Typora's repository + +echo -e "\ndeb https://typora.io/linux ./" | sudo tee -a /etc/apt/sources.list +sudo apt-get update + +# install typora + +sudo apt-get install typora +``` + diff --git a/mkdocs.yml b/mkdocs.yml index 6e56d9f..083f45a 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -41,6 +41,8 @@ nav: - Tail / Head: Linux/tail-head.md - Variables: Linux/variables.md - Divers: Linux/divers.md + - Linux Mint: + - Index: Mint/Mint.md - macos: - Index: macos/index.md - Bash (exemples): macos/bash_exemples.md