ブログ

投稿一覧

Mauticのインストール

2017年04月02日 15時04分
masonic.jp でのサービス展開にあたり、Mauticをインストール。

OS


# yum update
# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)


Apache


# yum install httpd httpd-devel openssl mod_ssl
# httpd -v
Server version: Apache/2.4.6 (CentOS)
Server built:   Nov 14 2016 18:04:44
# systemctl enable httpd
# sed -i 's|#ServerName www.example.com:80|ServerName masonic.jp|' /etc/httpd/conf/httpd.conf
# cat << _EOF_ > /etc/httpd/conf.d/masonic.conf
<VirtualHost *:80>
    DocumentRoot "/var/www/masonic"
    ServerName masonic.jp
    <Directory "/var/www/masonic">
        Options FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>
_EOF_

# mkdir -p /var/www/masonic

# apachectl configtest
# systemctl start httpd


Let's Encrypt


# cd
# yum install git
# git clone https://github.com/letsencrypt/letsencrypt.git
# cd letsencrypt
# ./letsencrypt-auto certonly --webroot --webroot-path /var/www/masonic -d masonic.jp

Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): info@example.com
(A)gree/(C)ancel: A
(Y)es/(N)o: Y

# cat << _EOF_ > /etc/httpd/conf.d/masonic.conf
<VirtualHost *:80>
    DocumentRoot "/var/www/masonic"
    ServerName masonic.jp
    Redirect permanent / https://masonic.jp/
</VirtualHost>
<VirtualHost *:443>
    DocumentRoot "/var/www/masonic"
    ServerName masonic.jp
    <Directory "/var/www/masonic">
        Options FollowSymLinks
        AllowOverride All
        Require all granted
        Header set Access-Control-Allow-Origin "*"
        Header set Access-Control-Allow-Headers "*"
        Header set Access-Control-Allow-Credentials "true"
        Header set Strict-Transport-Security "max-age=31536000"
    </Directory>
    SSLEngine on
    SSLProtocol all -SSLv2 -SSLv3
    SSLHonorCipherOrder on
    SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4
    SSLCertificateFile "/etc/letsencrypt/live/masonic.jp/cert.pem"
    SSLCertificateKeyFile "/etc/letsencrypt/live/masonic.jp/privkey.pem"
    SSLCertificateChainFile "/etc/letsencrypt/live/masonic.jp/fullchain.pem"
</VirtualHost>
_EOF_

# systemctl start httpd

https://www.ssllabs.com/ssltest/analyze.html?d=masonic.jp&latest
にて「A」であることを確認
# crontab -e
----
###
### Let'sEncrypt
###
# 毎月24日の朝4時に一括更新
00 04 24 * * /root/letsencrypt/letsencrypt-auto renew --force-renew && systemctl restart httpd


MariaDB


# yum install mariadb-server
# systemctl enable mariadb
# systemctl start mariadb

# mysql_secure_installation

Enter current password for root (enter for none): Enter
Set root password? [Y/n] Y
New password: *********
Re-enter new password: *********
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

# vi /etc/my.cnf
----
[mysqld]
character-set-server=utf8
log_bin = /var/lib/mysql/mysql-bin.log

# systemctl restart mariadb

# cat << "_EOQ_" | mysql -u root -p
CREATE DATABASE `masonic` CHARACTER SET 'utf8';
GRANT ALL ON `masonic`.* TO `masonic`@`%` IDENTIFIED BY '********';
_EOQ_

# mysql --version
mysql  Ver 15.1 Distrib 5.5.52-MariaDB, for Linux (x86_64) using readline 5.1


PHP


# rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm

# yum install --enablerepo=remi,remi-php70 php php-devel php-mbstring php-pdo php-gd php-zip php-pecl-zip php-process php-opcache php-pecl-apcu php-mysql php-mysqlnd php-xml php-dom php-mcrypt php-imap php-posix php-intl

# php -v
PHP 7.0.17 (cli) (built: Mar 14 2017 15:14:30) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
    with Zend OPcache v7.0.17, Copyright (c) 1999-2017, by Zend Technologies

# sed -i 's|;date.timezone =|date.timezone = Asia/Tokyo|' /etc/php.ini
# sed -i '/memory_limit =/s/128M/256M/' /etc/php.ini
# sed -i '/post_max_size =/s/8M/256M/' /etc/php.ini
# sed -i '/upload_max_filesize =/s/2M/256M/' /etc/php.ini

# cd /usr/local/src
# wget https://getcomposer.org/installer
# php installer
# rm installer
# mv composer.phar /usr/local/bin/composer


Postfix


# yum install postfix
# vi /etc/postfix/main.cf
----
myhostname = masonic.jp
mydomain = masonic.jp
myorigin = $mydomain
inet_protocols = ipv4

# systemctl enable postfix
# systemctl start postfix


Firewalld


# yum install firewalld

# systemctl start firewalld
# firewall-cmd --add-service=http --zone=public --permanent
# firewall-cmd --add-service=https --zone=public --permanent
# firewall-cmd --remove-service=dhcpv6-client --zone=public
# systemctl enable firewalld
# systemctl restart firewalld

# firewall-cmd --list-service --zone=public
dhcpv6-client http ssh https


fail2ban


# yum install fail2ban fail2ban-systemd

# vi /etc/fail2ban/jail.conf
----
[sshd]
enabled = true
#banaction = iptables-multiport
banaction = firewallcmd-ipset

# systemctl enable fail2ban
# systemctl start fail2ban

ステータス確認
# systemctl status fail2ban

banIPの確認
# fail2ban-client status sshd


Mautic


# cd /usr/local/src
# wget https://github.com/mautic/mautic/archive/master.zip
# unzip master.zip
# cd mautic-master
# mkdir -p ./.git/hooks
# composer install

# cd /var/www/masonic
# cp -prR /usr/local/src/mautic-master/. ./

# chmod -R 777 media/ translations/

# cd app
# chmod -R 777 cache/ logs/ config/
# mkdir spool
# chmod -R 777 spool/

https://masonic.jp
にアクセスするとインストーラが起動するので、画面に沿ってインストール作業

# cd /var/www/masonic
# php app/console mautic:iplookup:download

# crontab -e
----
###
### masonic
###
0-45/15 * * * * cd /var/www/masonic && /usr/bin/php app/console mautic:segments:update
1-46/15 * * * * cd /var/www/masonic && /usr/bin/php app/console mautic:campaigns:rebuild
2-47/15 * * * * cd /var/www/masonic && /usr/bin/php app/console mautic:campaigns:trigger
3-48/15 * * * * cd /var/www/masonic && /usr/bin/php app/console mautic:emails:send
4-49/15 * * * * cd /var/www/masonic && /usr/bin/php app/console mautic:emails:send
5-50/15 * * * * cd /var/www/masonic && /usr/bin/php app/console mautic:webhooks:process
0 1 * * *       cd /var/www/masonic && /usr/bin/php app/console mautic:iplookup:download

PAGE TOP