La página personal de Juan Gabriel Covas

Herramientas de usuario

Herramientas del sitio


Juanga's Setup scripts for Enterprise Rocky Linux 9

  • Disable SELINUX
    • Permissive mode is OK, but disabling SElinux can boost performance by 5%
  • Setup datetime sync
  • Setup nano text editor
  • Setup SSH login hardening
  • Setup banner for SSH login
  • Setup CSF firewall (with iptables instead of firewalld)
    • Features LFD (Login Failure Daemon)
  • Setup lighttpd web server
    • Build from sources
    • With unix-sockets for HAProxy (localhost only)
    • With HTTP/2 and gzip/brotli compression
    • With maxminddb, a module for fast ip/location lookups,
  • Setup PHP 8
    • with PHP-FPM
    • with unix-sockets for lighttpd (localhost only)
    • with redis session handler
    • with APCu cache
    • with igbinary
  • Setup Redis
    • With unix-sockets (localhost only)
  • Setup MariaDB 11.x
    • Install mysqltuner.pl
    • Setup a replication server (multi-source)
  • Setup HAProxy 2.8
    • Build from sources
    • for SSL offloading
    • for micro-cache
    • With unix-sockets for lighttpd
    • As envelope for Basic auth
    • with TLS v1.3 (faster and more secure than 1.2)
    • with QUIC (HTTP/3)
  • Setup certbot for getting SSL through Let's Encrypt
  • Tweak sysctl configuration
  • Tweak server limits
  • Setup BEANSTALKD jobqueue
  • Setup ReaR (Relax and Recover) for non-vm physical backups
  • Setup rsnapshot for backups
  • Setup lsyncd for mirroring (almost real-time)
    • Build from sources the latest lsyncd version
linux/enterprise-linux-rocky-9.txt · Última modificación: 19/11/2023 08:20 por Juanga Covas