Divers/mkdocs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Section Linut Mint

Browse Source
This commit is contained in:
Bruno 21
2019-06-03 10:39:38 +02:00
parent 3a829a5cea
commit 92506212ac
2 changed files with 683 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

681
docs/Mint/Mint.md Normal file
View File

@@ -0,0 +1,681 @@
# Linux Mint
#### Configuration matérielle:
```bash
System:
Host: MintBook
Kernel: 4.15.0-50-generic x86_64 bits: 64 compiler: gcc v: 7.3.0
Desktop: Cinnamon 4.0.10 wm: muffin dm: LightDM
Distro: Linux Mint 19.1 Tessa base: Ubuntu 18.04 bionic
```
```bash
Machine:
Type: Laptop System: Apple product: MacBookPro11,3
```
#### Firefox (et Thunderbird) en français:
-gestionnaire de paquets Synaptic. Chercher Firefox et installer le paquet de langue Fr
-dans `about:config` mettre `'fr'` à l'option `'general.useragent.locale'`
#### Installer Nginx:
```bash
$ sudo apt-get install nginx
```
**Version de Nginx:**
```bash
$ nginx -v
nginx version: nginx/1.14.0 (Ubuntu)
```
**Démarrer,activer et vérifier l'étât du service Nginx.**
```bash
$ sudo systemctl start nginx.service
$ sudo systemctl enable nginx.service
$ sudo systemctl status nginx.service
```
https://www.nginx.com/resources/wiki/start/
https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
https://wiki.debian.org/Nginx/DirectoryStructure
**Arborescence:**
```bash
bruno@MintBook:/etc/nginx$ tree
.
├── conf.d
├── fastcgi.conf
├── fastcgi_params
├── koi-utf
├── koi-win
├── mime.types
├── modules-available
├── modules-enabled
│   ├── 50-mod-http-geoip.conf -> /usr/share/nginx/modules-available/mod-http-geoip.conf
│   ├── 50-mod-http-image-filter.conf -> /usr/share/nginx/modules-available/mod-http-image-filter.conf
│   ├── 50-mod-http-xslt-filter.conf -> /usr/share/nginx/modules-available/mod-http-xslt-filter.conf
│   ├── 50-mod-mail.conf -> /usr/share/nginx/modules-available/mod-mail.conf
│   └── 50-mod-stream.conf -> /usr/share/nginx/modules-available/mod-stream.conf
├── nginx.conf
├── proxy_params
├── scgi_params
├── sites-available
│   └── default
├── sites-enabled
│   └── default -> /etc/nginx/sites-available/default
├── snippets
│   ├── fastcgi-php.conf
│   └── snakeoil.conf
├── uwsgi_params
└── win-utf
```
**Configuration:**
Créer un fichier qui contiendra les configurations du site dans le répertoire `/etc/nginx/sites-available/`.
Le dossier contient déjà un fichier par défaut: `/etc/nginx/sites-available/default`
```bash
$ cd /etc/nginx/sites-available/
$ sudo cp default mint
$ sudo gedit mint
```
Modifier les lignes:
- root: le dossier root du site
- index: ajouter index.php
- server_name
Dé-commenter les lignes:
- include snippets/fastcgi-php.conf;
- fastcgi_pass unix:/run/php/php7.2-fpm.sock;
```nginx
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /home/bruno/Sites;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm;
server_name mintbook.local;
access_log /var/log/nginx/access_log;
error_log /var/log/nginx/error_log;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
#
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
```
Déclarer le socket Unix de PHP-FPM au niveau de Nginx: il faut modifier ou créer le fichier `/etc/nginx/conf.d/php7-fpm.conf`
```nginx
upstream php7.2-fpm-sock {
server unix:/run/php/php7.2-fpm.sock;
}
```
Créer ensuite un lien symbolique de ce fichier dans le répertoire `/etc/nginx/sites-enabled/` afin dactiver le site.
Il est à noter que pour désactiver le site temporairement il suffit de supprimer le lien symbolique qui est dans `sites-enabled` et pour le réactiver, il faut refaire un lien symbolique avec le fichier qui se trouve dans `site-available`.
```bash
$ cd /etc/nginx/sites-enabled/
$ ln -s /etc/nginx/sites-available/mint mint
$ ls -la
total 8
drwxr-xr-x 2 root root 4096 mai 30 12:56 .
drwxr-xr-x 8 root root 4096 mai 30 10:40 ..
lrwxrwxrwx 1 root root 34 mai 30 10:40 default -> /etc/nginx/sites-available/default
lrwxrwxrwx 1 root root 31 mai 30 12:56 mint -> /etc/nginx/sites-available/mint
$ sudo rm default
```
**Tester la configuration Nginx:**
```bash
$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
```
**Relancer Nginx:**
```bash
$ sudo service nginx reload
```
**Commandes Nginx:**
Démarrer nginx: `$ sudo systemctl start nginx`
Arrêter nginx: `$ sudo systemctl stop nginx`
Redémarrer nginx: `$ sudo systemctl restart nginx`
Recharger nginx après une modification de configuration: `$ sudo systemctl reload nginx`
Désactiver le démarrage auto de nginx avec le système: `$ sudo systemctl disable nginx`
Activer le démarrage auto de nginx avec le système: `$ sudo systemctl enable nginx`
**Vérifier l'étât de Nginx:**
```bash
$ systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2019-05-30 10:40:04 CEST; 21h ago
Docs: man:nginx(8)
Main PID: 19485 (nginx)
Tasks: 9 (limit: 4915)
CGroup: /system.slice/nginx.service
├─19485 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
├─30594 nginx: worker process
├─30595 nginx: worker process
├─30596 nginx: worker process
├─30597 nginx: worker process
├─30598 nginx: worker process
├─30599 nginx: worker process
├─30600 nginx: worker process
└─30601 nginx: worker process
```
#### HTTPS:
**Créer une clé et un certificat. auto-signé:**
```bash
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/mintbook.local.key -out /etc/ssl/certs/mintbook.local.crt
[sudo] password for bruno:
Generating a 2048 bit RSA private key
...........+++
.................+++
## writing new private key to '/etc/ssl/private/mintbook.local.key'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
## If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:FR
State or Province Name (full name) [Some-State]:Bourgogne
Locality Name (eg, city) []:Dijon
Organization Name (eg, company) [Internet Widgits Pty Ltd]:clicclac.info
Organizational Unit Name (eg, section) []:Web
Common Name (e.g. server FQDN or YOUR name) []:mintbook.local
Email Address []:enzo@clicclac.info
```
**Paramètres Diffie-Hellman (DH):**
```
$ sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
..........................................+.....+..
```
```bash
$ sudo nano /etc/nginx/snippets/self-signed.conf
```
```ini
ssl_certificate /etc/ssl/certs/mintbook.local.crt;
ssl_certificate_key /etc/ssl/private/mintbook.local.key;
```
```bash
$ sudo nano /etc/nginx/snippets/ssl-params.conf
```
```ini
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Disable strict transport security for now. You can uncomment the following
# line if you understand the implications.
# add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
```
```bash
$ cd /etc/nginx/sites-available
$ sudo cp mint mint-ssl
$ sudo gedit mint-ssl
```
```ini
# SSL configuration
#
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
include snippets/self-signed.conf;
include snippets/ssl-param.conf;
```
#### Installer PHP:
```bash
$ sudo apt-get install php-fpm
```
```bash
$ which php
/usr/bin/php
$ php -v
PHP 7.2.17-0ubuntu0.18.04.1 (cli) (built: Apr 18 2019 14:12:38) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
with Zend OPcache v7.2.17-0ubuntu0.18.04.1, Copyright (c) 1999-2018, by Zend Technologies
```
**Configurer PHP-FPM:**
- PHP et Nginx sur la même machine => socket Unix
- PHP et Nginx sur la même machine => socket TCP
```bash
$ sudo gedit /etc/php/7.2/fpm/pool.d/www.conf
```
Vérifier que PHP-Fpm utilise le Socket Unix (NGINX et PHP sur la même machine):
```bash
;listen = 127.0.0.1:9000
listen = /run/php/php7.2-fpm.sock
```
**Configurer PHP.ini:**
```bash
$ nano /etc/php/7.2/fpm/php.ini
```
```ini
file_uploads = On
allow_url_fopen = On
memory_limit = 256M
upload_max_filesize = 64M
cgi.fix_pathinfo = 0
upload_max_filesize = 100M
max_execution_time = 360
date.timezone = Europe/Paris
```
*cgi.fix_pathinfo : lactivation de ce paramètre permet à PHP de naccepter que les URI qui existent réellement sur le serveur.*
**Configurer Nginx:**
```bash
$ sudo gedit /etc/nginx/sites-availables
```
Activer php:
```nginx
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
#
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
```
Redémarrer le service php-fpm:
```bash
$ sudo service php7.2-fpm restart
```
**Installer les modules PHP manquants:**
Dans le Gestionnaire de paquets Synaptic, installer les modules GD, MySQL...
Manque: apcu, gmp, odbc, yaml
ou
```bash
$ sudo apt-cachesearch php- | less
$ sudo apt-get install "module name"
$ sudo apt-cache show "module name"
```
#### Installer MySQL (MariaDB):
```bash
$ sudo apt-get -y install mariadb-server mariadb-client
```
**Démarrer, activer et vérifier l'étât du service MariaDB:**
```bash
$ sudo systemctl start mysql.service
$ sudo systemctl enable mysql.service
$ sudo systemctl status mysql.service
```
**Securiser l'installation de MariaDB:**
```bash
$ sudo mysql_secure_installation
Enter current password for root (enter for none): Enter Your Current Password
OK, successfully used password, moving on...
Set root password? [Y/n] n
... skipping.
Remove anonymous users? [Y/n] y
... Success!
Disallow root login remotely? [Y/n] y
... Success!
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
```
~~l/p: root/sncfp1p2~~
Desinstaller mysql:**
```bash
$ sudo service mysql stop
$ sudo apt-get remove --purge mysql*
$ sudo apt-get autoremove
$ sudo apt-get autoclean
$ sudo rm -rf /var/lib/mysql
$ sudo rm -rf /etc/mysql
```
**Se connecter à MySQL:**
```bash
$ sudo mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 49
Server version: 10.1.38-MariaDB-0ubuntu0.18.04.2 Ubuntu 18.04
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
```
**Depuis ubuntu 18.04**
Se logguer dans mysql en root.
Créer un utilisateur et lui donner tous les droits:
```mysql
CREATE USER 'username'@'localhost' IDENTIFIED BY 'the_password';
GRANT ALL PRIVILEGES ON *.* TO 'username'@'localhost' WITH GRANT OPTION;
```
Créer un utilisateur avec le même nom et lui donner tous les droits:
```mysql
CREATE USER 'username'@'%' IDENTIFIED BY 'the_password';
GRANT ALL PRIVILEGES ON *.* TO 'username'@'%' WITH GRANT OPTION;
```
Le compte 'username'@localhost' est utilisé quand on se connecte depuis la machine locale.
Le compte 'username'@'%' est utilisé pour se connecter depuis n'importe quelle machine.
```mysql
SHOW GRANTS FOR username;
FLUSH PRIVILEGES;
```
#### Configurer le firewall ubuntu:
```bash
$ sudo ufw app list
[sudo] password for bruno:
Available applications:
CUPS
Nginx Full
Nginx HTTP
Nginx HTTPS
syncthing
syncthing-gui
```
<u>Liste les profils disponibles:</u>
Profile Nginx Full: ouvre les ports 80 (http) et 443 (https)
Profile Nginx HTTP: ouvre les ports 80 (http)
Profile Nginx HTTPS: ouvre les ports 443 (https)
**Active le profile Nginx Full:**
```bash
$ sudo ufw allow 'Nginx Full'
Rule added
Rule added (v6)
```
**Status du firewall:**
```bash
$ sudo ufw status
Status: active
To Action From
------
Nginx Full ALLOW Anywhere
Nginx Full (v6) ALLOW Anywhere (v6)
```
#### SSH:
**Créer une clé SSH:**
```bash
$ ssh-keygen -t rsa -b 4096 -C "Clé sur MintBook"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/bruno/.ssh/id_rsa):
Created directory '/home/bruno/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/bruno/.ssh/id_rsa.
Your public key has been saved in /home/bruno/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:DvdgIfk9VTr4jQHW2/ehbu/1tX8iMkRAlcpfEwbud+M Clé sur MintBook
The key's randomart image is:
+---[RSA 4096]----+
| ...=+ . |
| ..o.o+o |
| o..oo.=+ |
| oo+.o+=...|
| . So+.+.=.o|
| = ooo + ..|
| ... . E o|
| o .o. *|
| o..o==|
+----[SHA256]-----+
```
**Installer Typora:**
```bash
wget -qO - https://typora.io/linux/public-key.asc | sudo apt-key add -
# or use
# sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys BA300B7755AFCFAE
# add Typora's repository
echo -e "\ndeb https://typora.io/linux ./" | sudo tee -a /etc/apt/sources.list
sudo apt-get update
# install typora
sudo apt-get install typora
```

2
mkdocs.yml
View File

@@ -41,6 +41,8 @@ nav:
- Tail / Head: Linux/tail-head.md - Tail / Head: Linux/tail-head.md
- Variables: Linux/variables.md - Variables: Linux/variables.md
- Divers: Linux/divers.md - Divers: Linux/divers.md
- Linux Mint:
- Index: Mint/Mint.md
- macos: - macos:
- Index: macos/index.md - Index: macos/index.md
- Bash (exemples): macos/bash_exemples.md - Bash (exemples): macos/bash_exemples.md