{"id":19423264,"url":"https://github.com/atomjoy/fedora","last_synced_at":"2026-03-02T12:04:12.639Z","repository":{"id":209267017,"uuid":"723615272","full_name":"atomjoy/fedora","owner":"atomjoy","description":"Fedora after install","archived":false,"fork":false,"pushed_at":"2024-01-08T18:39:58.000Z","size":59,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-07T18:53:37.562Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/atomjoy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-11-26T08:23:36.000Z","updated_at":"2023-11-26T08:23:36.000Z","dependencies_parsed_at":"2024-11-10T17:41:09.708Z","dependency_job_id":null,"html_url":"https://github.com/atomjoy/fedora","commit_stats":null,"previous_names":["atomjoy/fedora"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atomjoy%2Ffedora","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atomjoy%2Ffedora/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atomjoy%2Ffedora/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atomjoy%2Ffedora/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/atomjoy","download_url":"https://codeload.github.com/atomjoy/fedora/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240603056,"owners_count":19827635,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-10T13:37:38.969Z","updated_at":"2026-03-02T12:04:07.606Z","avatar_url":"https://github.com/atomjoy.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Fedora 39 Desktop\n\nInstalling and configuring Fedora 39 Workstation with Windows 10.\n\n## Install Workstation Live\n\nYou need to add Efi Partition with mount point /boot/efi or the system will not install (disk errors)\n\n```sh\nEfi (required partition) at least 1GB mount point: /boot/efi\nRoot (required partition) at least 20GB mount point: / \nSwap (optional) at least 2GB (2 x RAM) /swap\n```\n\n## Boot grub\n\nBoot iso with Windows\n\n### Set grub auto save\n\n```sh\nsudo nano /etc/default/grub\n\n# Add\nGRUB_DEFAULT=saved\nGRUB_SAVEDEFAULT=true\n```\n\n### Refresh grub repos\n\n```sh\nsudo grub2-mkconfig -o /boot/grub2/grub.cfg\nsudo grub-mkconfig -o /boot/grub/grub.cfg\n```\n\n## User and groups\n\n```sh\n# Show\nid  \u003cusername\u003e\ngroups \u003cusername\u003e\n\n# Create system user no-login\nsudo useradd -r -s /bin/false \u003cusername\u003e\n\n# Create user with home dir\nsudo useradd -m \u003cusername\u003e\n\n# Set password\nsudo passwd \u003cusername\u003e\n\n# Add user to group\nsudo usermod -aG \u003cgroup\u003e \u003cusername\u003e\nsudo usermod -aG \u003cgroup\u003e,\u003cgroup1\u003e,\u003cgroup2\u003e \u003cusername\u003e\n\n# Remove user from group\nsudo gpasswd -d \u003cusername\u003e \u003cgroup\u003e\n\n# Remove user\nsudo userdel -r \u003cusername\u003e\n```\n\n## LEMP\n\n### Install Nginx, Php\n\n```sh\nsudo dnf install nginx\nsudo dnf install php-fpm php-cli\nsudo dnf install mariadb-server\nsudo systemctl enable mariadb\n\n# Secure mysql server or set firewall ban on port 3306\n# sudo mysql_secure_installation\n\n# Login to mysql with pass\nsudo mysql -u root -p\n```\n\n### Add user and group for the application\n\nCreate user and group with no-login and no-home dir\n\n```sh\n# System user\nsudo useradd -r -s /bin/false \u003cappname\u003e_app\n\n# Normal user\nsudo groupadd \u003cappname\u003e_app\nsudo useradd -s /bin/false -g \u003cappname\u003e_app \u003cappname\u003e_app\n\n# Change bash\nsudo chsh -s /bin/nologin \u003cappname\u003e_app\n```\n\n### Backup old PHP-FPM pool config and copy to new app config\n\n```sh\nsudo mv /etc/php-fpm.d/www.conf /etc/php-fpm.d/www.conf.back\nsudo cp -v /etc/php-fpm.d/www.conf.back /etc/php-fpm.d/\u003cappname\u003e.conf\n```\n\n### Edit a custom pool config\n\nAn appname.conf file unique for each application\n\n```sh\nsudo nano /etc/php-fpm.d/\u003cappname\u003e.conf\n```\n\n### Edit config file\n\nCreate first linux user and group \u003cappname\u003e_app if not exists\n\n```sh\n[\u003cappname\u003e_pool]\n; General settings\nuser = \u003cappname\u003e_app\ngroup = \u003cappname\u003e_app\nlisten = /var/run/php-fpm/\u003cappname\u003e_pool.sock\n# listen = 127.0.0.1:9000\nlisten.owner = nginx\nlisten.group = nginx\nlisten.mode = 0660\n; FPM process manager configuration\npm = dynamic\npm.max_children = 50\npm.start_servers = 3\npm.min_spare_servers = 3\npm.max_spare_servers = 10\n; Php memory limit, upload\nphp_admin_value[memory_limit] = 100M\nphp_admin_value[post_max_size] = 50M\nphp_admin_value[upload_max_filesize] = 10M\n; FPM log config\nslowlog = /var/log/php-fpm/\u003cappname\u003e_pool-slow.log\nrequest_slowlog_timeout = 10s\nphp_admin_value[error_log] = /var/log/php-fpm/\u003cappname\u003e_pool-error.log\nphp_admin_flag[log_errors] = on\n; FPM php config php_value[session.save_handler] = files\nphp_value[session.save_path] = /var/lib/php/session\nphp_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache\n; Show php errors set to off in production\nphp_flag[display_errors] = on\n; FPM php config goes below\nphp_value session.cookie_lifetime=0\nphp_value session.use_cookies=1\nphp_value session.use_only_cookies=1\nphp_value session.use_strict_mode=1\nphp_value session.cookie_httponly=1\n; Allow with http set 0\nphp_value session.cookie_secure=1\nphp_value session.use_trans_sid=0\n; Or allow more with \"Lax\"\nphp_value session.cookie_samesite=\"Strict\"\n; Allow caching only when the content is not private.\n; php_value session.cache_limiter=\"private_no_expire\"\n; php_value session.hash_function=\"sha256\"\n; Limit session time\nphp_value session.gc_maxlifetime=\"3660\"\n```\n\n### Nginx server conf\n\n```sh\nlocation ~ \\.php$ {\n  include snippets/fastcgi-php.conf;  \n  fastcgi_pass unix:/var/run/php-fpm/\u003cappname\u003e_pool.sock\n  # fastcgi_pass unix:/var/run/php-fpm/\u003cappname\u003e_pool.php8.1-fpm.sock\n  # fastcgi_pass unix:/run/php-fpm/php8.2-fpm.sock;\n  # fastcgi_pass unix:/run/php-fpm/php8.1-fpm.sock;\n  # fastcgi_pass 127.0.0.1:9000;\n}\n\nupstream php-fpm {\n  server unix:/var/run/php-fpm/\u003cappname\u003e_pool.sock\n  # server unix:/var/run/php-fpm/\u003cappname\u003e_pool.php8.1-fpm.sock\n  # server unix:/run/php-fpm/php8.1-fpm.sock;\n  # server unix:/run/php-fpm/php8.2-fpm.sock;\n}\n```\n\n### Show logs\n\n```sh\ntail -f /var/log/php-fpm/*.log\n```\n\n### Create app dir\n\n```sh\n# Add app dir\nsudo mkdir /app/web/\u003cappname\u003e_app\n\n# Set group and permissions\nsudo chmod -hR 2755 /app/web/\u003cappname\u003e_app\nsudo chown -hR nginx:\u003cappname\u003e_app /app/web/\u003cappname\u003e_app\n\n# Add user to app group\nsudo usermod -aG \u003cappname\u003e_app \u003cusername\u003e\n\n# Show\nls -ld /app/web/\u003cappname\u003e_app\n\n# At this point, all members of the \u003cappname\u003e_app group can create and edit files in the /app/web/\u003cappname\u003e_app/\n# directory without the administrator having to change file permissions every time users write new files.\n```\n\n### Create app virtualhost file\n\n```sh\nnano /etc/nginx/conf.d/\u003cappname\u003e_app.conf\n```\n\n### Edit virtualhost file\n\n```sh\nserver {\n    disable_symlinks off;\n    client_max_body_size 100M;\n    source_charset utf-8;\n    charset utf-8;\n\n    listen 80;\n    listen [::]:80;\n\n    server_name \u003cappname_app.example.com\u003e;\n    root /app/web/\u003cappname\u003e_app;\n    index index.php index.html;\n\n    location / {\n      # try_files $uri $uri/ =404;\n      try_files $uri $uri/ /index.php$is_args$args;\n    }\n\n    location ~ \\.php$ {        \n        try_files $uri =404;\n        fastcgi_pass unix:/var/run/php-fpm/\u003cappname\u003e_pool.sock;\n        fastcgi_index index.php;\n        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;\n        include fastcgi_params;\n    }\n\n    # Short\n    # location ~ \\.php$ {\n    #  include snippets/fastcgi-php.conf;\n    #  fastcgi_pass unix:/var/run/php-fpm/\u003cappname\u003e_pool.sock;\n    #  # fastcgi_pass 127.0.0.1:9000;\n    # }\n\n    location ~* \\.(js|css|png|jpg|jpeg|gif|ico|svg)$ {\n        # expires -1;\n        expires max;\n        log_not_found off;\n    }\n\n    access_log /var/log/nginx/\u003cappname\u003e_app.access.log;\n    error_log /var/log/nginx/\u003cappname\u003e_app.error.log;    \n}\n```\n\n### Test config and restart nginx\n\n```sh\nsudo nginx -t\nsudo systemctl restart nginx\n```\n\n## Firewall desktop\n\nYou can remove **firewall-cmd** and install **ufw** or use **iptables-services**\n\n### Firewalld\n\n```sh\n# Disable and remove\nsudo systemctl stop firewalld\nsudo systemctl disable firewalld\nsudo dnf remove firewalld\n\n# Run\nsudo dnf install firewalld\nsudo systemctl status firewalld\nsudo systemctl enable firewalld\nsudo firewall-cmd --state\n\n# Install GUI\nsudo dnf install firewall-config\n\n# List\nsudo firewall-cmd --get-zones\nsudo firewall-cmd --get-default-zone\nsudo firewall-cmd --list-all\nsudo firewall-cmd --list-all --zone=drop\nsudo firewall-cmd --list-ports --zone=drop\n\n# Set drop for all incoming\nsudo firewall-cmd --set-default-zone drop\nsudo firewall-cmd --runtime-to-permanent\n# Or\nsudo firewall-cmd --permanent --set-default-zone drop\n\n# ICMP\nsudo firewall-cmd --get-icmptypes\n# Is blocked\nsudo firewall-cmd --query-icmp-block=\u003cicmptype\u003e\n# Block\nsudo firewall-cmd --add-icmp-block=\u003cicmptype\u003e\nsudo firewall-cmd --add-icmp-block=echo-reply\n# Remove\nsudo firewall-cmd --remove-icmp-block=\u003cicmptype\u003e\nsudo firewall-cmd --remove-icmp-block=echo-reply\n# Block all (nie działa dla echo-reply chyba że no to yes)\nsudo firewall-cmd --add-icmp-block-inversion\nsudo firewall-cmd --runtime-to-permanent\n\n# Open port mysql\nsudo firewall-cmd --permanent --add-port=3306/tcp\nsudo firewall-cmd --permanent --remove-port=3306/tcp\nsudo firewall-cmd --runtime-to-permanent\n```\n\n### Iptables\n\n```sh\nsudo echo \"Stopping firewall and allowing everyone\"\nsudo iptables -P INPUT ACCEPT\nsudo iptables -P FORWARD ACCEPT\nsudo iptables -P OUTPUT ACCEPT\nsudo iptables -F\nsudo iptables -X\nsudo iptables -t nat -F\nsudo iptables -t nat -X\nsudo iptables -t mangle -F\nsudo iptables -t mangle -X\nsudo echo \"Runing firewall and droping all incoming\"\nsudo iptables -I INPUT 1 -i lo -j ACCEPT\nsudo iptables -I INPUT 2 -m state --state ESTABLISHED,RELATED -j ACCEPT\n# sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT\n# sudo iptables -A INPUT -p tcp --dport 25 -j ACCEPT\n# sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT\n# sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT\n# sudo iptables -A INPUT -p tcp --dport 3306 -j ACCEPT\nsudo iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix \"iptables denied: \" --log-level 7\nsudo iptables -A INPUT -j DROP\nsudo iptables -A FORWARD -j DROP\nsudo iptables -A OUTPUT -j ACCEPT\nsudo iptables -P INPUT DROP\nsudo iptables -P FORWARD DROP\nsudo iptables -P OUTPUT ACCEPT\n```\n\n### Firewall list rules\n\n```sh\nsudo iptables -L -n -v | more\nsudo iptables -t filter -L -n -v --line-numbers\nsudo iptables -t nat -L -n -v --line-numbers\nsudo iptables -t raw -L -n -v --line-numbers\n```\n\n### Firewall remove rules\n\n```sh\n# Remove all\nsudo rm -rf /etc/firewalld/zones\nsudo rm -rf /etc/firewalld/direct.xml\nsudo iptables -X\nsudo iptables -F\nsudo iptables -Z\nsudo systemctl restart firewalld\n\n# Remove zone\nsudo firewall-cmd --zone=CUSTOM --remove-service=CUSTOM\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fatomjoy%2Ffedora","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fatomjoy%2Ffedora","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fatomjoy%2Ffedora/lists"}