Article Title: Server Setup Series Article Year: 2019 Article Status: Dynamic Author: Robert Walliczek Author E-mail Contact: galaxyverge+how2@pm.me -------- Foreword -------- These are instructions for setting up a web server using nginx on CentOS 7. This document may contain terminology that is unfamiliar to you. Using a computer does not necessitate knowledge of how the computer functions, but terminology used here will require some practical knowledge of computers, because you will at least be configuring computer software. You should be familiar with using your computer, such as how to perform a right-click or control-click, and what CPU, GPU, and GUI mean. You should know what hexadecimal, byte, and router mean; I recommend having some fun with a C programming language tutorial on your personal computer if you are not yet familiar with elementary computing concepts related to data formats and memory. You could use a dictionary web site or your local computer's dictionary. The Internet, also called Worldwide Web, consists of computers that send and receive information. The computers are designed with hardware to transmit information as quickly-contrasting patterns, using mediums such as light, electrical currents, and radio waves. Computers are used to perform calculations according to stored numbers, and The Internet is an interconnection of single computers by using hardware and software that is used to carry signals between computer identities specified using a dynamic or static registered IP address. An Internet Protocol address is a number that is assigned to a computer as that computer's identity among other computer identities in the network and is used to deliver transmitted signals to it. Formatting the number into text that is easier for people to use resulted in two versions of Internet Protocol addresses: IPv4 and IPv6. Version 4 states the number as a 32-bit integer shown as four groupings of decimal digits, each ranging from 0 to 255. As an example, the IPv4 address used to identify each computer to itself is "127.0.0.1". This particular IP address is called the computer's loopback address, and also called "localhost". IPv6 increases the quantity of identities representable by different numbers and states the number as eight groupings of four hexadecimal characters, each grouping separated by a colon instead of a decimal point. There are other reserved IP addresses such as 0.0.0.0 matching every, or any, IP address. Whereas 127.0.0.1 is reserved to be a private IP address, local to every computer without needing to connect to The Internet to find where it leads, public IP addresses are limited-availability Internet-facing computer device identity numbers. Your computer might use hardware such as a network router that receives and transmits using the dynamic or static public IP address assigned to it by your Internet Service Provider who owns a range of IP address numbers to dynamically shift around among its customers or statically dedicate to only one computer. Your ISP might change your dynamic public IP address every few months for security and privacy purposes. But when you are configuring a server, you want the server to have a dedicated static IP address so that its identity is not needlessly altered or compromised on the network, and so that you do not need to constantly reconfigure it. Your ISP probably also has a rational requirement in its terms of use prohibiting you from running a high-traffic web site off of your personal computer. This instructional document is intended to help you set up and manage a more appropriate computer on a better network tier than what your ISP would typically provide, so you will have no reason to entertain thoughts of violating your ISP's contract. Each ISP and datacenter owner has a range of IP addresses accessible to them, to delegate to their networked devices. The range of a group of sequential IP address numbers is represented using a bit mask filter, which is a number following a forward-slash character. An IPv4 address is a 32-bit integer, and the bit mask specifies how many bits of that integer are exact. Each number in an IPv4 address represents 8 bits of the 32-bit integer. For example, localhost is not only the exact address 127.0.0.1, but can be represented by any address within range 127.0.0.0/24, where the "/24" indicates a mask representing 24 bits of specified number precision read left-to-right, which in this case represents all IP addresses from 127.0.0.0 to 127.0.0.255. IPv4 bit masks are typically 8, 16, or 24. 32 would make precise the entire IPv4 address, so 127.0.0.1/32 equals 127.0.0.1 only, the same as not even specifying the bit mask. When you enter an IP address or domain name as the URL in a web browser, this is what happens: 1) The web browser parses (interprets) the text string you entered. If you entered a protocol such as HTTP or HTTPS or FTP or SFTP, it will use that protocol or refer the unsupported protocol to the operating system which would then pass the string to whichever application is registered to handle that protocol. Any application on your computer can register with the operating system any arbitrary protocol to essentially do anything its software developer wants it to do with the string specified by the user, of course within the limitations of the hardware and operating system. Your web browser probably only handles http:// and https:// protocols. 2) Your computer's network settings or router settings are configured to query one or more Domain Name Server IP addresses in order to resolve domain names into IP addresses and thus into an endpoint for your communication request. An example popular DNS is Google's at 8.8.8.8 and 8.8.4.4. Whether the text string you entered is an IP address or domain name, it will pass as a query through several hops (servers) on The Internet, most of which are responsible for increasingly specific registered IP address and domain name ranges, and each hop takes your request closer to the computer endpoint, which then supposedly is configured to interpret the string and shake hands with your computer in a TCP/IP two-way communication before sending your computer the result, which might include some HTML text file data of a web site for your web browser to interpret and display. The HTTP protocol sends more information than merely the query; for example, the web browser might also send to the destination server your web browser and operating system version information. In any case, the destination server is probably listening for queries sent to it at the default TCP port number for HTTP, port 80, or for HTTPS, port 443. Unless you specify a different port number in the URL string, your web browser will presume to use those standard port numbers to connect to the server. Once your web browser establishes a TCP/IP two-way connection to it, the server will know to which public IP address and port number your local network device (maybe a router) is using to pass the information back to (the router, which forwards the connection information to) your computer where your web browser has registered with the operating system an open socket listening to that server's IP address of port TCP 80 or 443 using its IP maybe of localhost (or local IP) listening on a random port (supplied to it by the router). Essentially, it is only the server's operating system and its web server software that need to be configured to expect connection requests to the standard TCP port numbers. The client computer can use whatever local IP address and port number their router assigns their computer for any given connection. All the server sees is the public IP address and port number, not the user's local IP address assigned to their computer by their router. If an inbound connection does not work on a user's computer, the user's local operating system firewall settings and router port mapping firewall settings might be the cause. 3) When the transmitted data is eventually concluded, the TCP connection between your computer and the remote server is typically immediately closed. Note that each connection on your computer uses a socket. A socket is merely a file on disk that matches a pair of IP addresses and ports that are thus bound to that socket connection state. There can only be one simultaneous socket for a given protocol using a source IP address and port, and a destination IP address and port. TCP maintains the connection whereas UDP is a one-way unconfirmed packet transmission. TCP is for challenge-response communications such as with SSH and SFTP and HTTPS, which are encrypted streams. With the well-designed software we use, we don't need to worry about sockets: unexpectedly terminating a TCP connection, without each side "gracefully" sending the destination a FIN and receiving an ACK, results in a "broken pipe" error message which simply ends the connection and deletes the particular socket connection file as normal anyway. UDP does not open a stream, but merely sends a signal to a destination without waiting for confirmation of receipt by the destination computer. UDP is faster, but less reliable, and one use of UDP is with low-latency online games. Only one process (application) on your computer can bind to a particular socket protocol and port number, inbound or outbound, at a time. I won't clarify with examples, but suffice it to say that your server will have only the main web server software listening to, receiving, interpreting, and possibly responding to, traffic sent to its TCP port 80 and TCP port 443. You would only want a maximum of about a thousand sockets per network switch (basically about 1000 active connections at a time to your server), and the web server software we use includes load balancing -- forwarding requests to other servers -- if ever that is needed. Each electronic device along the network has some role in handling the transmitted signals sent to it. What you will be doing is setting up the endpoint server where your files will be remotely stored, and configuring its web site hosting software to respond to expected URL strings. This can be done rather simply by following the instructions here, but because software changes, you should be aware of what you are trying to do and be able to read the software documentation or perform a search query on The Internet for contemporary instructions. Before you set up a server, you should remember that everything requires maintenance. A server is a computer that is essentially designed to remain on and network-accessible constantly. Minimize maintenance requirements, but introduce brief moments of network downtime, by automating updates and reboots. Develop and test all software on your own computer before spending any money on a web server. This is important: design and develop the web sites and everything you want to use with a server before you spend a penny on having it run on that other computer. There are probably free IDEs and web design applications for your operating system, where you can type some HTML and PHP text, for example, and see the result right away on your own computer. There might even be web sites designed to preview your code, but they usually only work with a single body of text rather than with multiple files. Use free file hosting services until you are comfortable with spending money on more expensive options. Then store all assets on your own server, not hot-linking to other web sites like imgur, if possible. You should have an income that can support whatever networking expenses you initiate. You can get a cheap Virtual Private Server (VPS) for $2.50 per month, and buy a .com domain name for under $10 per year. You will need to store all your usernames and passwords in one location, such as writing by hand into a notebook, or a Notepad++ text file on your computer. You will be using various programs and terminal commands, so you might be downloading and installing software to your computer and keeping a text file of server commands. You might be working with Linux, Windows, and Mac operating systems, each with different software. In this tutorial, I initially planned to demonstrate basic techniques of server use with Linux CentOS 7, Windows 7, and Mac OS X, each in server and locally, mentioning third-party software like VMWare Workstation and software services like Let's Encrypt, and focusing on one particular server setup: LEMP -- that is, Linux CentOS 7 running Nginx, MariaDB, and PHP using the EPEL and IUS repositories. Other configurations and software exist, of course. However, for simplicity, this tutorial will present only a generic local setup for Mac and Windows, and instructions for setting up a LEMP web site on a cheap VPS server using a single registered domain name. I hope my tutorial concisely shows you an effective method for setting up and maintaining your server. Good luck and e-mail me if you need help. -------------------------------------- Recommended Internet Service Companies -------------------------------------- I recommend four internet service companies for their security, ease of use, features, customer service, and price. E-mail: [https://protonmail.com] Protonmail.com has free encrypted e-mail. Sign up, log in, and configure settings as you like. You may use any number of virtual inbound e-mail addresses by simply appending a plus sign and arbitrary string to your username before the @protonmail.com. For example, if your ProtonMail username is sarah, your ProtonMail e-mail address is sarah@protonmail.com, but you could supply your e-mail address in your Apple iTunes account as sarah+itunes@protonmail.com. You can also activate the shorter inbound e-mail domain pm.me. Deleting old and irrelevant messages conserves disk space on your free 500 MB e-mail account. VPS Servers: [https://www.vultr.com] When you are finally ready to put files and software online and want an affordable Virtual Private Server requiring under 100 GB of disk space and 5 TB of monthly outbound traffic bandwidth, use vultr.com. Their cheapest option is $2.50 per month, with 10 GB of disk space, 1 virtual CPU, 512 MB of RAM, and 500 GB of outbound traffic bandwidth. This is probably plenty. Sign up for free and deploy an instance whenever you like. Dedicated Servers: [https://www.100tb.com] When you require substantially more resources such as 100 TB of monthly bandwidth and several hundred gigabytes or terabytes of files on your server, get a cheap dedicated server with 100TB.com. Their sales team can offer a server for a little over $1000 per year. Domain Names: [https://www.namesilo.com] For domain name registration and renewal, use namesilo.com. I recommend getting only one main dot-com domain name and using subdomains as desired. ------------------ Local Applications ------------------ Files on the server can be transferred to your local computer, modified, then uploaded back to the server. There are user-friendly applications for this purpose that run on Windows and Mac operating systems. One application lets you browse the server files, then downloads the file into a local temporary directory while you edit it with another application, then when the temporary file has changed by the document being saved by that application, the file browser client uploads the file to the server, overwriting the existing file on the server. There are also applications that let you work with virtual server desktops on your local computer. We pipe those connections through SSH. SFTP Server Storage Browsers: Cyberduck [https://cyberduck.io], FileZilla [https://filezilla-project.org] Use Cyberduck or FileZilla to browse directories and transfer files. Text Editors: TextWrangler [https://itunes.apple.com/us/app/textwrangler/id404010395] [https://www.barebones.com/products/textwrangler/], BBEdit [https://www.barebones.com/products/bbedit/], Notepad++ [https://notepad-plus-plus.org] Use TextWrangler, BBEdit, or Notepad++ to modify text files. Hex Editors: 0xED [https://www.suavetech.com/0xed/0xed.html], Hex Fiend [https://ridiculousfish.com/hexfiend/], HxD [https://mh-nexus.de/en/hxd/] To view and edit files that do not have an available editing application, use 0xED, Hex Fiend, or HxD. SSH Piping and VNC for Windows: Cygwin [https://www.cygwin.com], TurboVNC [https://turbovnc.org] For server desktops like Gnome using X11, we'll be using Cygwin on Windows for its SSH piping and TurboVNC locally to see the vncserver virtual desktop on the server. On Mac, we'll use Terminal [/Applications/Utilities/Terminal.app] and Screen Sharing [/System/Library/CoreServices/Applications/Screen Sharing.app]. Remember that your bash shell history is stored locally in a dot-prefixed file in your user folder [~/.bash_history] with Mac and Cygwin and CentOS. In the consoles, press up and down arrow keys to browse each former line entry. We will install and configure on the server only the programs desired for our use. ------------------------ Domain Name Registration ------------------------ [https://www.namesilo.com] A domain name is essentially text that is matched to an IP address. Domain names are unique and registered. Go to namesilo.com. Devise a generic domain name to use with your server, then search for it in the domain search field, which queries a WHOIS database to see if that domain name has already been registered. I recommend using a dot-com top level domain because this domain name is to provide a public memory convenience for your relatively static server IP address. When you have carefully determined the domain name to use, purchase it. The fee is annual. Domain names register in about three days. If you already have a domain name and want to transfer it to namesilo for cheaper renewal, free WHOIS privacy protection, and their other features, its transfer process might require about a week to complete. You will need to know the domain names for configuring the zone file. ----------------------------------- Deploy a Vultr Server Node Instance ----------------------------------- [https://my.vultr.com] To deploy a server node instance with Vultr: 1) Obtain, prepare, and upload the desired operating system ISO: - To use CentOS 7, go to [https://www.centos.org/download/], click "DVD ISO", and copy the featured CentOS download link. - To use Windows, follow the instructions in this tutorial: [https://www.vultr.com/docs/how-to-create-a-windows-custom-iso-with-updates-using-ntlite]. Copy the resulting ISO file link. 2) Log in. Click "ISO" at the top, click "Add ISO", and paste the ISO file link. The status will update occasionally, and it should be available to use in about 10 minutes. 3) Click the blue circled plus sign at the top right. 4) For "Server Location", select the desired server geographical location. This might alter the available server size options down in step 3 on the web page. Amsterdam is my choice for average worldwide network latency (ping). 5) For "Server Type", choose an operating system. Click "Upload ISO" and choose under "My ISOs" the ISO you earlier uploaded. 6) Choose the server size. Choose the cheapest option. You can later snapshot the configured server to install it into a more expensive node. Options displaying "IPv6 ONLY" have "Enable IPv6" as mandatory in the additional features section. 7) Select optional additional features. 8) Devise a hostname related to the domain name you registered. The hostname for a New Jersey Vultr VPS could be nj.example.com. 9) Enter an optional arbitrary label. 10) Specify quantity of 1. 11) Click "Deploy Now". As long as the server instance is allocated, you will be spending money on its resource use. You will need to know your servers' IP addresses for configuring the zone file. -------------------------------------- Configure Domain Name Server Zone File -------------------------------------- When you enter a URL or IP address in a web browser, you are trying to send a specific computer server the text string as a request, for example communicating in a two-way connection to its port number TCP 80 using the HTTP protocol or port TCP 443 using the HTTPS protocol. Other protocols such as FTP and SFTP and SSH have other port numbers by default. Each connection type has its own ports 1 to 65535: TCP connections receive a response over the same connection, whereas UDP connections are sent as one-way unconfirmed packets with a preference for network speed. the domain name or IP address of the desired server computer on the network is found by searching among the various zone files in networked domain name servers, eventually to its own exact zone file entry which matches it to the specific IP address, and the server with that IP address is forwarded through that chain of sent the typed URLrequest. Once your domain name is ready to use, specify its domain name servers (DNS). At that DNS, make a new zone file for your domain. In the zone file, you can define subdomains, each resolving to a different IP address if you like. Namesilo, Vultr, and 100TB each have their own name servers. Which should you use? You would only use a DNS at a location where either your domain is registered or the server is located to which IP the domain resolves. There shouldn't be a performance difference between using the domain registrar's (Namesilo's) DNS and using the datacenter's (Vultr's or 100TB's) DNS. If you are only going to be using one server host at all, it might be convenient to manage both the server and all your domains on the same web site. If you are going to resolve subdomains to more than one datacenter IP address, it would save you some network hops to use the domain registrar's DNS rather than send traffic to an otherwise unrelated datacenter. If your domains are managed at namesilo.com, go there to specify different name servers or use the default Namesilo DNS with each registered domain. Namesilo name servers: ns1.dnsowl.com ns2.dnsowl.com ns3.dnsowl.com Vultr name servers: ns1.vultr.com ns2.vultr.com 100TB name servers: ns1.extns.net ns2.extns.net 100TB lists ns2 before ns1 in its eNom domain configurations. Perhaps altering their listed orders could improve network traffic load performance. Wherever your domain's name servers are, configure its zone file as follows. For example, in the example.com zone file: 1) Give a CNAME (common name) entry for www with 3600 seconds (1 hour) time to live, with the address as your registered domain name suffixed by a period: CNAME Host: www TTL: 3600 Address: example.com. 2) Give an A (alias) entry for @ (default) with 1 hour TTL and using its primary server's IP address: A Host: @ TTL: 3600 Address: 203.0.113.0 Your Vultr server's public IP is displayed in its row to the left beneath its hostname. 3) Specify additional subdomains and matching server IP addresses in more A records as desired: A Host: files TTL: 3600 Address: 198.51.100.3 In this example, you would later configure the web server software (nginx) on the 198.51.100.3 server to handle requests for "files.example.com". This would be done in an nginx configuration file. You would also register the domain "files.example.com" through certbot so it uses HTTPS instead of HTTP. You would repeat this procedure with each subdomain you want: an A record, a server configuration text block in an nginx configuration file, and registration through certbot for HTTPS use. You can typically copy and paste and modify your working configurations along the way to make the process simpler. ------------------------ Windows 7 Server Caveats ------------------------ You can use Windows 7 as your server's operating system, but note the following. With Vultr, you first need to have a Windows 7 installer ISO, which you must modify according to the instructions on the Vultr tutorials web site as already mentioned in this tutorial. Once activated, remember to deactivate your Windows installation before you delete your server instance, or else you will need to purchase another copy of Windows 7 for a new serial number, which is very expensive, wasting hundreds of dollars. Deactivate Windows before snapshotting the Vultr node. Installing multiple nodes using the same snapshot with same Windows activation will break use of that serial number. ------------------- Installing CentOS 7 ------------------- After you clicked "Deploy Now" with your new Vultr server node, the server entry row will show that it is installing. It should eventually show "Manage" on the right side. Click "Manage" then click the monitor icon at the top right, which says "View Console", to open the server's noVNC / IPMI / KVM virtual screen. In the console screen, you should see some kind of menu options. Use your mouse and keyboard to interact with the installer displayed within the console screen. With CentOS, you specify language, and then you see an "Installation Summary" screen. Check that the listed timezone matches your server's timezone location. Click "Software Selection" and choose the kind of installation you want on the server. For beginners, I recommend selecting "GNOME Desktop" on the left, and on the right, "GNOME Applications", "Security Tools", and "System Administration Tools". Then click "Done" at the top left. Click "Installation Destination" and deselect and reselect the Virtio Block Device. Click "Done". Click "Network & Host Name". On the top right, switch the Ethernet (eth0) from OFF to ON. Specify a host name, then click Apply. The host name does not need to be the exact same host name specified in the Vultr server settings, but it should not remain the default "localhost.localdomain". Click "Done". Click "Begin Installation" at the bottom right. Before it finishes installing, click on "Root Password" and specify the secret password for the highest-privileged account, root, then click "Done". Passwords should contain a variety of at least 14 printable characters. Keep a private record of all your username and password combinations. When CentOS is finished installing, click the button on the bottom right to reboot. On the Vultr server information web page, click on "Settings" at the top, click on "Custom ISO" on the left, then click to remove the ISO, which will also reboot the server. Close the server's console window and open a new server console window. You will see an "Initial Setup" screen, where you click to accept the license, review network and host name settings, and can create more user accounts if you want. Remember to record all usernames and passwords in your notes. Review the information then click "Finish Configuration" at the bottom right. If you installed GNOME Desktop, you will be welcomed as a new non-root user. Proceed with the configuration screens. Again, remember to record all usernames and passwords in your notes. You can delete this user later if you want, although you may find in the future that certain applications like Google Chrome require being run by a non-root user. You can then log out through the top-right menu's lock icon, click-and-drag the waiting screensaver screen (which by default shows the time and date on a blue screen) upwards to show the login screen if necessary, and log into a "not listed" user account like root so you won't need to use commands like sudo while you configure the server. By default, the /home directory has the majority of available disk space, so we will be configuring all our installed software to use that directory to store files. ------------------------------------- Firewall Settings and Software Update ------------------------------------- A computer firewall is a filter of inbound and outbound communication. [...] --------------------------------------- Install CentOS LEMP Web Server Programs --------------------------------------- Install the EPEL repository with: yum install -y epel-release This downloads epel.repo and epel-testing.repo to /etc/yum.repos.d/ . You can uninstall EPEL with: rpm -e epel-release Display list of enabled repositories with: yum repolist vi /etc/yum.repos.d/epel.repo also shows that epel is enabled by default, so yum-config-manager --enable epel is unnecessary. Query all installed software packages with: rpm -qa ...only showing results that have "epel" with: rpm -qa | grep epel Confirm that wget is installed with: which wget If this does not display the location of wget on a new line, install wget with: yum install -y wget Make and change to a directory called downloads inside the home folder with: mkdir /home/downloads && cd /home/downloads Download the IUS repository and show the resulting file(s) with: wget -q -nd -r -l1 -np "https://dl.iuscommunity.org/pub/ius/stable/CentOS/7/x86_64" -A "ius-release-*.ius.centos7.noarch.rpm" && ls | grep ius-release If it downloads more than one file, use the file with the highest version number in the next step. Install the downloaded IUS repository with: yum install -y [filename] Where [filename] is the file name of the ius-release rpm package with the highest version number that you downloaded in the previous step. While typing in the console, pressing tab once will auto-complete entering file names from the current directory up to the first variable character, and pressing tab twice will list all auto-completion options available. This downloads ius.repo, ius-archive.repo, ius-dev.repo and ius-testing.repo to /etc/yum.repos.d/ . You can uninstall IUS with: rpm -e ius-release Display list of enabled repositories with: yum repolist vi /etc/yum.repos.d/ius.repo also shows that ius is enabled by default, so yum-config-manager --enable ius is unnecessary. Query all installed software packages with: rpm -qa ...only showing results that have "ius" with: rpm -qa | grep ius Download and check the IUS GPG key with: wget -q "https://dl.iuscommunity.org/pub/ius/IUS-COMMUNITY-GPG-KEY" && gpg --quiet --with-fingerprint IUS-COMMUNITY-GPG-KEY It should say something like: pub 1024D/9CD4953F 2009-09-01 IUS Community Project Key fingerprint = 8B84 6E3A B3FE 6462 74E8 670F DA22 1CDF 9CD4 953F sub 1024g/F0C7E3D6 2009-09-01 The first time you install a package using the IUS repository, which is during the next step, it will say something like: Retrieving key from file:///etc/pki/rpm-gpg/IUS-COMMUNITY-GPG-KEY Importing GPG key 0x9CD4953F: Userid : "IUS Community Project " Fingerprint: 8b84 6e3a b3fe 6462 74e8 670f da22 1cdf 9cd4 953f Package : ius-release-1.0-15.ius.centos7.noarch (installed) From : /etc/pki/rpm-gpg/IUS-COMMUNITY-GPG-KEY Is this ok [y/N]: Compare the fingerprint it shows you with the fingerprint of the downloaded GPG key. If they do not match, press ctrl-c to cancel, uninstall the IUS repo and delete the downloaded rpm file, re-download IUS from the IUS web site, and try again... If they match, enter y for "yes" to continue the installation process. Also compare the EPEL repository fingerprint to that shown at https://getfedora.org/keys/ . Install PHP 7.2 for nginx with: yum install -y php72u-fpm-nginx If php.net reports that PHP is substantially newer than version 7.2, search for the most recent version of this package with: yum search php | grep fpm-nginx and install that package instead. This installs nginx and php72u-common among its dependencies. Install some additional useful PHP 7.2 modules with: yum install -y php72u-bcmath php72u-cli php72u-gd php72u-json php72u-mbstring php72u-mysqlnd php72u-opcache php72u-pdo php72u-pecl-apcu php72u-pecl-igbinary php72u-pecl-imagick php72u-pecl-memcached php72u-xml Again, use the appropriate version of PHP. This installs ImageMagick among its dependencies. Search for other PHP 7.2 packages with: yum search php72u View the installed PHP version with: php --version View the installed PHP modules with: php --modules Install mariadb ("a community-developed branch of mysql") with: yum install -y mariadb If you find that you need the mysql community edition later, export your databases, uninstall mariadb, and download and install mysql using the mysql repo. Install certbot with: yum install -y certbot Nginx, MariaDB, and PHP-FPM services are now installed. The next step is to configure them, start them, and test and configure them to our satisfaction, before enabling them to launch at system boot. View the available services with: systemctl list-unit-files [...]