90b11d71f992ca7bd6cdfc69d97a8045658b361c
wiki/info/landscape/creating-ec2-image-for-webserver-from-scratch.md
| ... | ... | @@ -38,6 +38,17 @@ Successfully uninstalled rack-2.0.3 |
| 38 | 38 | * ensure there are users and groups for `wiki`, `scores`, `wordpress`, `trac` that match up with their /home directory owners / groups |
| 39 | 39 | * ensure the Wiki startup script `serve.sh` configured for port 4567 and `config.ru` as well as the entire Gollum installation under /home/wiki are present, as well as the `users.yml` file |
| 40 | 40 | * ensure there is a reasonable `/root/.goaccess` file |
| 41 | +* Configure goaccess by adjusting `/etc/goaccess.conf` such that it contains the following lines: |
|
| 42 | +``` |
|
| 43 | +... |
|
| 44 | +time-format %H:%M:%S |
|
| 45 | +... |
|
| 46 | +date-format %d/%b/%Y |
|
| 47 | +... |
|
| 48 | +# NCSA Combined with virtual host name as prefix: |
|
| 49 | +log-format %v %h %^[%d:%t %^] "%r" %s %b "%R" "%u" |
|
| 50 | +``` |
|
| 51 | +Note that the `log-format` piece is slightly different from the regular NCSA Combined Log Format in so far as it adds `%v` at the beginning which is capturing the virtual host name that our Apache servers are configured to log as the first field in each line. |
|
| 41 | 52 | * ensure there is the `/etc/tmux.conf` file that maps your hotkeys (Ctrl-a vs. Ctrl-b, for example) |
| 42 | 53 | * rename the `welcome.conf` file of the Apache configuration because it harms directory index presentation: |
| 43 | 54 | ``` |
| ... | ... | @@ -131,7 +142,6 @@ HOME=/ |
| 131 | 142 | * Establish the Apache web server configuration, in particular ensure that the SSL certificates are in place (see [here](https://wiki.sapsailing.com/wiki/info/security/ssl-support)) and the following files are set up: `/etc/httpd/conf/httpd.conf`, `/etc/httpd/conf/passwd.awstats`, `/etc/httpd/conf/passwd.git`, and `/etc/httpd/conf/conf.d/*.conf`. |
| 132 | 143 | * Update the hostname in `/etc/sysconfig/network`: `HOSTNAME=analytics-webserver` |
| 133 | 144 | * Run `chkconfig sendmail off; chkconfig postfix on` to make sure that the postfix mail server is the one that will be launched during boot |
| 134 | -* activate |
|
| 135 | 145 | * Reboot the system, among other things for the hostname change to take effect, and in addition to see whether all services start properly |
| 136 | 146 | * configure fail2ban by editing `/etc/fail2ban/jail.conf`, entering reasonable e-mail configuration for the `ssh-iptables` filter as follows: |
| 137 | 147 | ``` |