osm-search/Nominatim
1
1
Fork 0
mirror of https://github.com/osm-search/Nominatim.git synced 2024-11-22 21:28:10 +03:00
Code Issues Packages Projects Releases Wiki Activity

CentOS: move SELinux setup step so it can install in /srv

Browse Source
This commit is contained in:
marc tobias 2018-02-27 17:02:37 +01:00
parent c3e5654113
commit b303c785e9
2 changed files with 20 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Vagrantfile vendored
View File

@ -37,7 +37,8 @@ Vagrant.configure("2") do |config|
sub.vm.provision :shell do |s|
s.path = "vagrant/Install-on-Centos-7.sh"
s.privileged = false
s.args = [checkout]
s.args = "yes"
sub.vm.synced_folder ".", "/vagrant", disabled: true
end
end

32
vagrant/Install-on-Centos-7.sh
View File

@ -52,8 +52,8 @@
# we assume this user is called nominatim and the installation will be in
# /srv/nominatim. To create the user and directory run:
#
sudo mkdir -p /opt/nominatim #DOCS: sudo useradd -d /srv/nominatim -s /bin/bash -m nominatim
sudo chown vagrant /opt/nominatim #DOCS:
sudo mkdir -p /srv/nominatim #DOCS: sudo useradd -d /srv/nominatim -s /bin/bash -m nominatim
sudo chown vagrant /srv/nominatim #DOCS:
#
# You may find a more suitable location if you wish.
#
@ -61,7 +61,7 @@ sudo chown vagrant /opt/nominatim #DOCS:
# user name and home directory now like this:
#
export USERNAME=vagrant #DOCS: export USERNAME=nominatim
export USERHOME=/opt/nominatim #DOCS: export USERHOME=/srv/nominatim
export USERHOME=/srv/nominatim
#
# **Never, ever run the installation as a root user.** You have been warned.
#
@ -126,17 +126,6 @@ sudo sed -i 's:#.*::' /etc/httpd/conf.d/nominatim.conf #DOCS:
sudo systemctl enable httpd
sudo systemctl restart httpd
#
# Adding SELinux Security Settings
# --------------------------------
#
# It is a good idea to leave SELinux enabled and enforcing, particularly
# with a web server accessible from the Internet. At a minimum the
# following SELinux labeling should be done for Nominatim:
sudo semanage fcontext -a -t httpd_sys_content_t "$USERHOME/Nominatim/(website|lib|settings)(/.*)?"
sudo semanage fcontext -a -t lib_t "$USERHOME/build/module/nominatim.so"
sudo restorecon -R -v $USERHOME/Nominatim
#
# Installing Nominatim
@ -171,6 +160,21 @@ fi #DOCS:
cmake $USERHOME/Nominatim
make
#
# Adding SELinux Security Settings
# --------------------------------
#
# It is a good idea to leave SELinux enabled and enforcing, particularly
# with a web server accessible from the Internet. At a minimum the
# following SELinux labeling should be done for Nominatim:
sudo semanage fcontext -a -t httpd_sys_content_t "$USERHOME/Nominatim/(website|lib|settings)(/.*)?"
sudo semanage fcontext -a -t httpd_sys_content_t "$USERHOME/build/(website|lib|settings)(/.*)?"
sudo semanage fcontext -a -t lib_t "$USERHOME/build/module/nominatim.so"
sudo restorecon -R -v $USERHOME/Nominatim
sudo restorecon -R -v $USERHOME/build
# You need to create a minimal configuration file that tells nominatim
# the name of your webserver user and the URL of the website: