Divers/mkdocs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Mint

Browse Source
This commit is contained in:
Bruno 21
2019-06-14 17:22:29 +02:00
parent 5c46f09737
commit f6448395e5
7 changed files with 962 additions and 627 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
docs/Divers/Changer_shell.md Normal file
View File

@@ -0,0 +1,53 @@
# Changer de shell
On utilise la commande **chsh**.
Mais il faut que le nouveau shell soit déclaré dans <u>/etc/shells</u>.
```bash
# List of acceptable shells for chpass(1).
# Ftpd will not allow users to connect who are not using
# one of these shells.
/bin/bash
/bin/csh
/bin/ksh
/bin/sh
/bin/tcsh
/bin/zsh
```
Sinon, on l'ajoute:
```bash
$ grep -q -f $(which zsh) /etc/shells || echo $(which zsh) | sudo tee -a /etc/shells
```
Pour changer de shell et mettre zsh par défaut:
```bash
$ chsh -s $(which zsh)
```
**En mode GUI:**
*ubuntu:*
In your terminal window, Open Edit/Profile Preferences, negative to command tab.
Check Run a custom command instead of my shell.
Custom command: zsh
*macOS:*
1. Préférences Système
2. Utilisateurs et groupes
3. Choisir l'utilisateur
4. Cliquer sur le cadenas pour modifier
5. Clic droit sur l'utilisateur puis Options avancées
6. Choisir le shell d'accès

88
docs/Divers/zsh/antibody.md Normal file
View File

@@ -0,0 +1,88 @@
# Antibody
http://getantibody.github.io
Installer Antibody:
```bash
$ brew install getantibody/tap/antibody
$ curl -sL git.io/antibody | sh -s
```
Fichier plugins:
```bash
~/.zsh_plugins.txt
```
Chargement static:
```bash
$ antibody bundle < ~/.zsh_plugins.txt > ~/.zsh_plugins.sh
```
Supprimer un plugin:
```bash
[bruno@SilverBook/~] $ antibody purge denysdovhan/spaceship-prompt
Removing denysdovhan/spaceship-prompt...
removed!
```
Tout mettre à jour:
```bash
[bruno@SilverBook/~] $ antibody update
Updating all bundles in /Users/bruno/Library/Caches/antibody...
updating: https://github.com/marzocchi/zsh-notify
updating: https://github.com/zsh-users/zsh-completions
updating: https://github.com/zsh-users/zsh-history-substring-search
updating: https://github.com/zdharma/fast-syntax-highlighting
updating: https://github.com/zsh-users/zsh-autosuggestions
```
Liste des plugins/thèmes installés:
```bash
[bruno@SilverBook/~] $ antibody list
https://github.com/marzocchi/zsh-notify /Users/bruno/Library/Caches/antibody/https-COLON--SLASH--SLASH-github.com-SLASH-marzocchi-SLASH-zsh-notify
https://github.com/zdharma/fast-syntax-highlighting /Users/bruno/Library/Caches/antibody/https-COLON--SLASH--SLASH-github.com-SLASH-zdharma-SLASH-fast-syntax-highlighting
https://github.com/zsh-users/zsh-autosuggestions /Users/bruno/Library/Caches/antibody/https-COLON--SLASH--SLASH-github.com-SLASH-zsh-users-SLASH-zsh-autosuggestions
https://github.com/zsh-users/zsh-completions /Users/bruno/Library/Caches/antibody/https-COLON--SLASH--SLASH-github.com-SLASH-zsh-users-SLASH-zsh-completions
https://github.com/zsh-users/zsh-history-substring-search /Users/bruno/Library/Caches/antibody/https-COLON--SLASH--SLASH-github.com-SLASH-zsh-users-SLASH-zsh-history-substring-search
```
```bash
[bruno@SilverBook/~] $ antibody home
/Users/bruno/Library/Caches/antibody
```
```bash
[bruno@SilverBook/~] $ cd /Users/bruno/Library/Caches/antibody
[bruno@SilverBook/antibody] $ l
total 0
drwxr-xr-x 7 bruno staff 224 8 jui 08:08 .
drwx------+ 282 bruno staff 9024 8 jui 06:38 ..
drwxr-xr-x 9 bruno staff 288 7 jui 18:08 https-COLON--SLASH--SLASH-github.com-SLASH-marzocchi-SLASH-zsh-notify
drwxr-xr-x 24 bruno staff 768 7 jui 17:58 https-COLON--SLASH--SLASH-github.com-SLASH-zdharma-SLASH-fast-syntax-highlighting
drwxr-xr-x 25 bruno staff 800 7 jui 18:01 https-COLON--SLASH--SLASH-github.com-SLASH-zsh-users-SLASH-zsh-autosuggestions
drwxr-xr-x 12 bruno staff 384 7 jui 18:08 https-COLON--SLASH--SLASH-github.com-SLASH-zsh-users-SLASH-zsh-completions
drwxr-xr-x 7 bruno staff 224 7 jui 18:01 https-COLON--SLASH--SLASH-github.com-SLASH-zsh-users-SLASH-zsh-history-substring-search
```

18
docs/Linux/conditions.md
View File

@@ -283,7 +283,11 @@ test=$(find $dir -name "$name" -mmin -5 -maxdepth 1)
Si les chaines sont <u>*identiques*</u> [ STRING1 == STRING2 ] Si les chaines sont <u>*identiques*</u> [ STRING1 == STRING2 ]
```bash ```bash
if [$1== “moo” ]; then if [$1= “moo” ]; then
```
```bash
if [[$1== “moo” ]]; then
``` ```
Si les chaines sont <u>*différentes*</u> [ STRING1 != STRING2 ] Si les chaines sont <u>*différentes*</u> [ STRING1 != STRING2 ]
@@ -292,6 +296,18 @@ Si les chaines sont <u>*différentes*</u> [ STRING1 != STRING2 ]
if [$userinput” !=$password]; then if [$userinput” !=$password]; then
``` ```
Si la chaine 1 *<u>contient la sous-chaine</u>* chaine 2 [ STRING1 != STRING2 ]
```bash
if [$userinput== *“$password”* ]; then
if [$userinput==$password”* ]; then
if [$userinput== *“$password]; then
```
```bash
if [$userinput=~ .*$password.* ]; then
```
Si la chaine 1 <u>*est triée après*</u> la chaine 2 [ STRING1 > STRING2 ] Si la chaine 1 <u>*est triée après*</u> la chaine 2 [ STRING1 > STRING2 ]
```bash ```bash

657
docs/Mint/Mint.md
View File

@@ -26,631 +26,6 @@ Machine:
#### Installer Nginx:
```bash
$ sudo apt-get install nginx
```
**Version de Nginx:**
```bash
$ nginx -v
nginx version: nginx/1.14.0 (Ubuntu)
```
**Démarrer,activer et vérifier l'étât du service Nginx.**
```bash
$ sudo systemctl start nginx.service
$ sudo systemctl enable nginx.service
$ sudo systemctl status nginx.service
```
https://www.nginx.com/resources/wiki/start/
https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
https://wiki.debian.org/Nginx/DirectoryStructure
**Arborescence:**
```bash
bruno@MintBook:/etc/nginx$ tree
.
├── conf.d
├── fastcgi.conf
├── fastcgi_params
├── koi-utf
├── koi-win
├── mime.types
├── modules-available
├── modules-enabled
│   ├── 50-mod-http-geoip.conf -> /usr/share/nginx/modules-available/mod-http-geoip.conf
│   ├── 50-mod-http-image-filter.conf -> /usr/share/nginx/modules-available/mod-http-image-filter.conf
│   ├── 50-mod-http-xslt-filter.conf -> /usr/share/nginx/modules-available/mod-http-xslt-filter.conf
│   ├── 50-mod-mail.conf -> /usr/share/nginx/modules-available/mod-mail.conf
│   └── 50-mod-stream.conf -> /usr/share/nginx/modules-available/mod-stream.conf
├── nginx.conf
├── proxy_params
├── scgi_params
├── sites-available
│   └── default
├── sites-enabled
│   └── default -> /etc/nginx/sites-available/default
├── snippets
│   ├── fastcgi-php.conf
│   └── snakeoil.conf
├── uwsgi_params
└── win-utf
```
**Configuration:**
Le fichier `/etc/nginx/nginx.conf` contient la configuration générale de nginx.
```nginx
user www-data;
```
Créer un fichier qui contiendra les configurations du site dans le répertoire `/etc/nginx/sites-available/`.
Le dossier contient déjà un fichier par défaut: `/etc/nginx/sites-available/default`
```bash
$ cd /etc/nginx/sites-available/
$ sudo cp default mint
$ sudo gedit mint
```
Modifier les lignes:
- root: le dossier root du site
- index: ajouter index.php
- server_name
Dé-commenter les lignes:
- include snippets/fastcgi-php.conf;
- fastcgi_pass unix:/run/php/php7.2-fpm.sock;
```nginx
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /home/bruno/Sites;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm;
server_name mintbook.local;
access_log /var/log/nginx/access_log;
error_log /var/log/nginx/error_log;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
#
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
```
Donner les droits à Nginx pour le dossuier root:
```bash
$ sudo chown -R www-data:www-data /home/bruno/Sites
```
Déclarer le socket Unix de PHP-FPM au niveau de Nginx: il faut modifier ou créer le fichier `/etc/nginx/conf.d/php7-fpm.conf`
```nginx
upstream php7.2-fpm-sock {
server unix:/run/php/php7.2-fpm.sock;
}
```
Créer ensuite un lien symbolique de ce fichier dans le répertoire `/etc/nginx/sites-enabled/` afin dactiver le site.
Il est à noter que pour désactiver le site temporairement il suffit de supprimer le lien symbolique qui est dans `sites-enabled` et pour le réactiver, il faut refaire un lien symbolique avec le fichier qui se trouve dans `site-available`.
```bash
$ cd /etc/nginx/sites-enabled/
$ ln -s /etc/nginx/sites-available/mint mint
$ ls -la
total 8
drwxr-xr-x 2 root root 4096 mai 30 12:56 .
drwxr-xr-x 8 root root 4096 mai 30 10:40 ..
lrwxrwxrwx 1 root root 34 mai 30 10:40 default -> /etc/nginx/sites-available/default
lrwxrwxrwx 1 root root 31 mai 30 12:56 mint -> /etc/nginx/sites-available/mint
$ sudo rm default
```
**Tester la configuration Nginx:**
```bash
$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
```
**Relancer Nginx:**
```bash
$ sudo service nginx reload
```
**Commandes Nginx:**
Démarrer nginx: `$ sudo systemctl start nginx`
Arrêter nginx: `$ sudo systemctl stop nginx`
Redémarrer nginx: `$ sudo systemctl restart nginx`
Recharger nginx après une modification de configuration: `$ sudo systemctl reload nginx`
Désactiver le démarrage auto de nginx avec le système: `$ sudo systemctl disable nginx`
Activer le démarrage auto de nginx avec le système: `$ sudo systemctl enable nginx`
**Vérifier l'étât de Nginx:**
```bash
$ systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2019-05-30 10:40:04 CEST; 21h ago
Docs: man:nginx(8)
Main PID: 19485 (nginx)
Tasks: 9 (limit: 4915)
CGroup: /system.slice/nginx.service
├─19485 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
├─30594 nginx: worker process
├─30595 nginx: worker process
├─30596 nginx: worker process
├─30597 nginx: worker process
├─30598 nginx: worker process
├─30599 nginx: worker process
├─30600 nginx: worker process
└─30601 nginx: worker process
```
#### HTTPS:
https://linoxide.com/linux-how-to/create-self-signed-ssl-certificate-nginx-ubuntu/
https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-nginx-in-ubuntu-18-04
**Créer une clé et un certificat. auto-signé:**
```bash
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/mintbook.local.key -out /etc/ssl/certs/mintbook.local.crt
[sudo] password for bruno:
Generating a 2048 bit RSA private key
...........+++
.................+++
## writing new private key to '/etc/ssl/private/mintbook.local.key'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
## If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:FR
State or Province Name (full name) [Some-State]:Bourgogne
Locality Name (eg, city) []:Dijon
Organization Name (eg, company) [Internet Widgits Pty Ltd]:clicclac.info
Organizational Unit Name (eg, section) []:Web
Common Name (e.g. server FQDN or YOUR name) []:mintbook.local
Email Address []:enzo@clicclac.info
```
**Paramètres Diffie-Hellman (DH):**
```
$ sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
..........................................+.....+..
```
```bash
$ sudo nano /etc/nginx/snippets/self-signed.conf
```
```ini
ssl_certificate /etc/ssl/certs/mintbook.local.crt;
ssl_certificate_key /etc/ssl/private/mintbook.local.key;
```
```bash
$ sudo nano /etc/nginx/snippets/ssl-params.conf
```
```ini
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Disable strict transport security for now. You can uncomment the following
# line if you understand the implications.
# add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
```
```bash
$ cd /etc/nginx/sites-available
$ sudo cp mint mint-ssl
$ sudo gedit mint-ssl
```
```ini
# SSL configuration
#
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
include snippets/self-signed.conf;
include snippets/ssl-param.conf;
```
#### Installer PHP:
```bash
$ sudo apt-get install php-fpm
```
```bash
$ which php
/usr/bin/php
$ php -v
PHP 7.2.17-0ubuntu0.18.04.1 (cli) (built: Apr 18 2019 14:12:38) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
with Zend OPcache v7.2.17-0ubuntu0.18.04.1, Copyright (c) 1999-2018, by Zend Technologies
```
**Configurer PHP-FPM:**
- PHP et Nginx sur la même machine => socket Unix
- PHP et Nginx sur la même machine => socket TCP
```bash
$ sudo gedit /etc/php/7.2/fpm/pool.d/www.conf
```
Vérifier que PHP-Fpm utilise le Socket Unix (NGINX et PHP sur la même machine):
```bash
;listen = 127.0.0.1:9000
listen = /run/php/php7.2-fpm.sock
```
**Configurer PHP.ini:**
```bash
$ nano /etc/php/7.2/fpm/php.ini
```
```ini
file_uploads = On
allow_url_fopen = On
memory_limit = 256M
upload_max_filesize = 64M
cgi.fix_pathinfo = 0
upload_max_filesize = 100M
max_execution_time = 360
date.timezone = Europe/Paris
```
*cgi.fix_pathinfo : lactivation de ce paramètre permet à PHP de naccepter que les URI qui existent réellement sur le serveur.*
**Configurer Nginx:**
```bash
$ sudo gedit /etc/nginx/sites-availables
```
Activer php:
```nginx
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
#
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
```
Redémarrer le service php-fpm:
```bash
$ sudo service php7.2-fpm restart
```
**Installer les modules PHP manquants:**
Dans le Gestionnaire de paquets Synaptic, installer les modules GD, MySQL...
Manque: apcu, gmp, odbc, yaml
ou
```bash
$ sudo apt-cachesearch php- | less
$ sudo apt-get install "module name"
$ sudo apt-cache show "module name"
```
#### Installer MySQL (MariaDB):
```bash
$ sudo apt-get -y install mariadb-server mariadb-client
```
**Démarrer, activer et vérifier l'étât du service MariaDB:**
```bash
$ sudo systemctl start mysql.service
$ sudo systemctl enable mysql.service
$ sudo systemctl status mysql.service
```
**Securiser l'installation de MariaDB:**
```bash
$ sudo mysql_secure_installation
Enter current password for root (enter for none): Enter Your Current Password
OK, successfully used password, moving on...
Set root password? [Y/n] n
... skipping.
Remove anonymous users? [Y/n] y
... Success!
Disallow root login remotely? [Y/n] y
... Success!
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
```
~~l/p: root/sncfp1p2~~
Desinstaller mysql:**
```bash
$ sudo service mysql stop
$ sudo apt-get remove --purge mysql*
$ sudo apt-get autoremove
$ sudo apt-get autoclean
$ sudo rm -rf /var/lib/mysql
$ sudo rm -rf /etc/mysql
```
**Se connecter à MySQL:**
```bash
$ sudo mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 49
Server version: 10.1.38-MariaDB-0ubuntu0.18.04.2 Ubuntu 18.04
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
```
**Depuis ubuntu 18.04**
Se logguer dans mysql en root.
Créer un utilisateur et lui donner tous les droits:
```mysql
CREATE USER 'username'@'localhost' IDENTIFIED BY 'the_password';
GRANT ALL PRIVILEGES ON *.* TO 'username'@'localhost' WITH GRANT OPTION;
```
Créer un utilisateur avec le même nom et lui donner tous les droits:
```mysql
CREATE USER 'username'@'%' IDENTIFIED BY 'the_password';
GRANT ALL PRIVILEGES ON *.* TO 'username'@'%' WITH GRANT OPTION;
```
Le compte 'username'@localhost' est utilisé quand on se connecte depuis la machine locale.
Le compte 'username'@'%' est utilisé pour se connecter depuis n'importe quelle machine.
```mysql
SHOW GRANTS FOR username;
FLUSH PRIVILEGES;
```
#### Configurer le firewall ubuntu:
```bash
$ sudo ufw app list
[sudo] password for bruno:
Available applications:
CUPS
Nginx Full
Nginx HTTP
Nginx HTTPS
syncthing
syncthing-gui
```
<u>Liste les profils disponibles:</u>
Profile Nginx Full: ouvre les ports 80 (http) et 443 (https)
Profile Nginx HTTP: ouvre les ports 80 (http)
Profile Nginx HTTPS: ouvre les ports 443 (https)
**Active le profile Nginx Full:**
```bash
$ sudo ufw allow 'Nginx Full'
Rule added
Rule added (v6)
```
**Status du firewall:**
```bash
$ sudo ufw status
Status: active
To Action From
------
Nginx Full ALLOW Anywhere
Nginx Full (v6) ALLOW Anywhere (v6)
```
#### SSH: #### SSH:
**Créer une clé SSH:** **Créer une clé SSH:**
@@ -682,7 +57,7 @@ The key's randomart image is:
**Installer Typora:** #### Installer Typora:
```bash ```bash
wget -qO - https://typora.io/linux/public-key.asc | sudo apt-key add - wget -qO - https://typora.io/linux/public-key.asc | sudo apt-key add -
@@ -701,3 +76,33 @@ sudo apt-get update
sudo apt-get install typora sudo apt-get install typora
``` ```
#### gksu est déprécié:
Depuis ubuntu 18.04, **gksu** est déprécié et n'est plus disponible.
Au lieu de la commande **gksu**:
```bash
$ gksu gedit /etc/nginx/sites-available/mint
```
il faut utiliser la commande **gedit admin://**:
```bash
$ gedit admin:///etc/nginx/sites-available/mint
```
#### Ouvrir gedit (en arrière-plan) depuis le terminal:
```bash
$ nohup gedit .dircolors >/dev/null &
```
```bash
$ gedit .dircolors &
```

38
docs/Mint/systemctl.md Normal file
View File

@@ -0,0 +1,38 @@
# systemctl
```bash
To list systemd services we will use systemctl command as below
# systemctl list-unit-files
To list active systemd services run
# systemctl | more
# systemctl list-units --type service
You can pipe the output to grep to search a more specific service as shown below
# systemctl | grep "apache2"
To check the services alongside the ports they are listening.
# netstat -pnltu
For example, to check if OpenSSH is running on your system, run
# systemctl status sshd
Alternatively, you can use the syntax below to check if the service is active
# systemctl is-active sshd
o check if OpenSSH is enabled, run
# systemctl is-enabled sshd
Ancien system:
check the status of OpenSSH, run
# service sshd status
You can also check all services by running
# chkconfig --list
```

61
docs/Mint/vsftpd.md Normal file
View File

@@ -0,0 +1,61 @@
# Installer un serveur ftp (vsftpd)
Installer vsftpd:
```bash
$ sudo apt install vsftpd
```
Configurer vsftpd:
```bash
$ sudo mv -v /etc/vsftpd.conf /etc/vsftpd.conf.bk
$ sudo touch /etc/vsftpd.conf
$ sudo nano /etc/vsftpd.conf
```
```nginx
listen=YES
listen_ipv6=NO
connect_from_port_20=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
chroot_local_user=YES
allow_writeable_chroot=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
pasv_enable=YES
pasv_min_port=40000
pasv_max_port=45000
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
## userlist_deny=NO
```
Liste des utilisateurs:
```bash
$ sudo nano /etc/vsftpd.userlist
```
Redémarrer vsftpd:
```bash
$ sudo systemctl restart vsftpd
$ sudo systemctl status vsftpd
```
https://linuxhint.com/setup_ftp_server_vsftpd_ubuntu/
https://doc.ubuntu-fr.org/vsftpd
https://vitux.com/install-vsftpd-ftp-server-tls-ubuntu/

674
docs/Mint/webserver.md Normal file
View File

@@ -0,0 +1,674 @@
# Nginx / PHP / MySQL
## Installer un serveur web
#### Installer Nginx:
```bash
$ sudo apt-get install nginx
```
**Version de Nginx:**
```bash
$ nginx -v
nginx version: nginx/1.14.0 (Ubuntu)
```
**Démarrer,activer et vérifier l'étât du service Nginx.**
```bash
$ sudo systemctl start nginx.service
$ sudo systemctl enable nginx.service
$ sudo systemctl status nginx.service
```
```bash
# ps -ef | grep -i nginx
root 18596 13:16 nginx: master process ./nginx
nobody 18597 13:16 nginx: worker process
```
https://www.nginx.com/resources/wiki/start/
https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
https://wiki.debian.org/Nginx/DirectoryStructure
**Arborescence:**
```bash
bruno@MintBook:/etc/nginx$ tree
.
├── conf.d
├── fastcgi.conf
├── fastcgi_params
├── koi-utf
├── koi-win
├── mime.types
├── modules-available
├── modules-enabled
│   ├── 50-mod-http-geoip.conf -> /usr/share/nginx/modules-available/mod-http-geoip.conf
│   ├── 50-mod-http-image-filter.conf -> /usr/share/nginx/modules-available/mod-http-image-filter.conf
│   ├── 50-mod-http-xslt-filter.conf -> /usr/share/nginx/modules-available/mod-http-xslt-filter.conf
│   ├── 50-mod-mail.conf -> /usr/share/nginx/modules-available/mod-mail.conf
│   └── 50-mod-stream.conf -> /usr/share/nginx/modules-available/mod-stream.conf
├── nginx.conf
├── proxy_params
├── scgi_params
├── sites-available
│   └── default
├── sites-enabled
│   └── default -> /etc/nginx/sites-available/default
├── snippets
│   ├── fastcgi-php.conf
│   └── snakeoil.conf
├── uwsgi_params
└── win-utf
```
**Configuration:**
Le fichier `/etc/nginx/nginx.conf` contient la configuration générale de nginx.
```nginx
user www-data;
```
Créer un fichier qui contiendra les configurations du site dans le répertoire `/etc/nginx/sites-available/`.
Le dossier contient déjà un fichier par défaut: `/etc/nginx/sites-available/default`
```bash
$ cd /etc/nginx/sites-available/
$ sudo cp default mint
$ sudo gedit mint
```
Modifier les lignes:
- root: le dossier root du site
- index: ajouter index.php
- server_name
Dé-commenter les lignes:
- include snippets/fastcgi-php.conf;
- fastcgi_pass unix:/run/php/php7.2-fpm.sock;
```nginx
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /home/bruno/Sites;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm;
server_name mintbook.local;
access_log /var/log/nginx/access_log;
error_log /var/log/nginx/error_log;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
#
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
```
Donner les droits à Nginx pour le dossuier root:
```bash
$ sudo chown -R www-data:www-data /home/bruno/Sites
```
Déclarer le socket Unix de PHP-FPM au niveau de Nginx: il faut modifier ou créer le fichier `/etc/nginx/conf.d/php7-fpm.conf`
```nginx
upstream php7.2-fpm-sock {
server unix:/run/php/php7.2-fpm.sock;
}
```
Créer ensuite un lien symbolique de ce fichier dans le répertoire `/etc/nginx/sites-enabled/` afin dactiver le site.
Il est à noter que pour désactiver le site temporairement il suffit de supprimer le lien symbolique qui est dans `sites-enabled` et pour le réactiver, il faut refaire un lien symbolique avec le fichier qui se trouve dans `site-available`.
```bash
$ cd /etc/nginx/sites-enabled/
$ ln -s /etc/nginx/sites-available/mint mint
$ ls -la
total 8
drwxr-xr-x 2 root root 4096 mai 30 12:56 .
drwxr-xr-x 8 root root 4096 mai 30 10:40 ..
lrwxrwxrwx 1 root root 34 mai 30 10:40 default -> /etc/nginx/sites-available/default
lrwxrwxrwx 1 root root 31 mai 30 12:56 mint -> /etc/nginx/sites-available/mint
$ sudo rm default
```
**Tester la configuration Nginx:**
```bash
$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
```
**Relancer Nginx:**
```bash
$ sudo service nginx reload
```
**Commandes Nginx:**
Démarrer nginx: `$ sudo systemctl start nginx`
Arrêter nginx: `$ sudo systemctl stop nginx`
Redémarrer nginx: `$ sudo systemctl restart nginx`
Recharger nginx après une modification de configuration: `$ sudo systemctl reload nginx`
Désactiver le démarrage auto de nginx avec le système: `$ sudo systemctl disable nginx`
Activer le démarrage auto de nginx avec le système: `$ sudo systemctl enable nginx`
**Vérifier l'étât de Nginx:**
```bash
$ systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2019-05-30 10:40:04 CEST; 21h ago
Docs: man:nginx(8)
Main PID: 19485 (nginx)
Tasks: 9 (limit: 4915)
CGroup: /system.slice/nginx.service
├─19485 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
├─30594 nginx: worker process
├─30595 nginx: worker process
├─30596 nginx: worker process
├─30597 nginx: worker process
├─30598 nginx: worker process
├─30599 nginx: worker process
├─30600 nginx: worker process
└─30601 nginx: worker process
```
#### HTTPS:
https://linoxide.com/linux-how-to/create-self-signed-ssl-certificate-nginx-ubuntu/
https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-nginx-in-ubuntu-18-04
**Créer une clé et un certificat. auto-signé:**
```bash
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/mintbook.local.key -out /etc/ssl/certs/mintbook.local.crt
[sudo] password for bruno:
Generating a 2048 bit RSA private key
...........+++
.................+++
## writing new private key to '/etc/ssl/private/mintbook.local.key'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
## If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:FR
State or Province Name (full name) [Some-State]:Bourgogne
Locality Name (eg, city) []:Dijon
Organization Name (eg, company) [Internet Widgits Pty Ltd]:clicclac.info
Organizational Unit Name (eg, section) []:Web
Common Name (e.g. server FQDN or YOUR name) []:mintbook.local
Email Address []:enzo@clicclac.info
```
**Paramètres Diffie-Hellman (DH):**
```
$ sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
..........................................+.....+..
```
```bash
$ sudo nano /etc/nginx/snippets/self-signed.conf
```
```ini
ssl_certificate /etc/ssl/certs/mintbook.local.crt;
ssl_certificate_key /etc/ssl/private/mintbook.local.key;
```
```bash
$ sudo nano /etc/nginx/snippets/ssl-params.conf
```
```ini
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Disable strict transport security for now. You can uncomment the following
# line if you understand the implications.
# add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
```
```bash
$ cd /etc/nginx/sites-available
$ sudo cp mint mint-ssl
$ sudo gedit mint-ssl
```
```ini
# SSL configuration
#
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
include snippets/self-signed.conf;
include snippets/ssl-param.conf;
```
#### Installer PHP:
```bash
$ sudo apt-get install php-fpm
```
```bash
$ which php
/usr/bin/php
$ php -v
PHP 7.2.17-0ubuntu0.18.04.1 (cli) (built: Apr 18 2019 14:12:38) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
with Zend OPcache v7.2.17-0ubuntu0.18.04.1, Copyright (c) 1999-2018, by Zend Technologies
```
**Configurer PHP-FPM:**
- PHP et Nginx sur la même machine => socket Unix
- PHP et Nginx sur la même machine => socket TCP
```bash
$ sudo gedit /etc/php/7.2/fpm/pool.d/www.conf
```
Vérifier que PHP-Fpm utilise le Socket Unix (NGINX et PHP sur la même machine):
```bash
;listen = 127.0.0.1:9000
listen = /run/php/php7.2-fpm.sock
```
**Configurer PHP.ini:**
```bash
$ nano /etc/php/7.2/fpm/php.ini
```
```ini
file_uploads = On
allow_url_fopen = On
memory_limit = 256M
upload_max_filesize = 64M
cgi.fix_pathinfo = 0
upload_max_filesize = 100M
max_execution_time = 360
date.timezone = Europe/Paris
```
*cgi.fix_pathinfo : lactivation de ce paramètre permet à PHP de naccepter que les URI qui existent réellement sur le serveur.*
**Configurer Nginx:**
```bash
$ sudo gedit /etc/nginx/sites-availables
```
Activer php:
```nginx
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
#
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
```
Redémarrer le service php-fpm:
```bash
$ sudo service php7.2-fpm restart
```
**Installer les modules PHP manquants:**
Dans le Gestionnaire de paquets Synaptic, installer les modules GD, MySQL...
Manque: apcu, gmp, odbc, yaml
ou
```bash
$ sudo apt-cachesearch php- | less
$ sudo apt-get install "module name"
$ sudo apt-cache show "module name"
```
#### Installer MySQL (MariaDB):
```bash
$ sudo apt-get -y install mariadb-server mariadb-client
```
**Démarrer, activer et vérifier l'étât du service MariaDB:**
```bash
$ sudo systemctl start mysql.service
$ sudo systemctl enable mysql.service
$ sudo systemctl status mysql.service
```
**Securiser l'installation de MariaDB:**
```bash
$ sudo mysql_secure_installation
Enter current password for root (enter for none): Enter Your Current Password
OK, successfully used password, moving on...
Set root password? [Y/n] n
... skipping.
Remove anonymous users? [Y/n] y
... Success!
Disallow root login remotely? [Y/n] y
... Success!
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
```
~~l/p: root/sncfp1p2~~
Desinstaller mysql:**
```bash
$ sudo service mysql stop
$ sudo apt-get remove --purge mysql*
$ sudo apt-get autoremove
$ sudo apt-get autoclean
$ sudo rm -rf /var/lib/mysql
$ sudo rm -rf /etc/mysql
```
**Se connecter à MySQL:**
```bash
$ sudo mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 49
Server version: 10.1.38-MariaDB-0ubuntu0.18.04.2 Ubuntu 18.04
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
```
**Depuis ubuntu 18.04**
Se logguer dans mysql en root.
Créer un utilisateur et lui donner tous les droits:
```mysql
CREATE USER 'username'@'localhost' IDENTIFIED BY 'the_password';
GRANT ALL PRIVILEGES ON *.* TO 'username'@'localhost' WITH GRANT OPTION;
```
Créer un utilisateur avec le même nom et lui donner tous les droits:
```mysql
CREATE USER 'username'@'%' IDENTIFIED BY 'the_password';
GRANT ALL PRIVILEGES ON *.* TO 'username'@'%' WITH GRANT OPTION;
```
Le compte 'username'@localhost' est utilisé quand on se connecte depuis la machine locale.
Le compte 'username'@'%' est utilisé pour se connecter depuis n'importe quelle machine.
```mysql
SHOW GRANTS FOR username;
FLUSH PRIVILEGES;
```
#### Configurer le firewall ubuntu:
```bash
$ sudo ufw app list
[sudo] password for bruno:
Available applications:
CUPS
Nginx Full
Nginx HTTP
Nginx HTTPS
syncthing
syncthing-gui
```
<u>Liste les profils disponibles:</u>
Profile Nginx Full: ouvre les ports 80 (http) et 443 (https)
Profile Nginx HTTP: ouvre les ports 80 (http)
Profile Nginx HTTPS: ouvre les ports 443 (https)
**Active le profile Nginx Full:**
```bash
$ sudo ufw allow 'Nginx Full'
Rule added
Rule added (v6)
```
**Status du firewall:**
```bash
$ sudo ufw status
Status: active
To Action From
------
Nginx Full ALLOW Anywhere
Nginx Full (v6) ALLOW Anywhere (v6)
```
####