Last active
August 2, 2018 07:17
-
-
Save ansulev/9ecf2092888522aa98bab8a6a826633c to your computer and use it in GitHub Desktop.
Install LEMP + HHVM on AWS and GCP with Ubuntu 16.04 (Xenial)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# update system | |
apt update -y && apt upgrade -y && apt autoremove -y && apt autoclean | |
# reboot | |
reboot | |
# remove dash | |
dpkg-reconfigure dash | |
# stop and disable sendmail if enabled | |
#service sendmail stop; update-rc.d -f sendmail remove | |
# remove apparmor if enabled | |
#service apparmor stop update-rc.d -f apparmor remove | |
#apt -y remove apparmor apparmor-utils | |
# ntp if needed | |
#apt -y install ntp ntpdate | |
# install mariadb client or/and server if needed | |
#apt -y install mariadb-client mariadb-server | |
# stop and disable apache2 if exist | |
#service apache2 stop | |
#update-rc.d -f apache2 remove | |
# create ssl certificate if needed | |
#mkdir /etc/ssl/private | |
#chmod 700 /etc/ssl/private | |
#sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt | |
#openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 | |
# install nginx fcgiwrap | |
apt -y install nginx fcgiwrap | |
service nginx start | |
# install php-fpm and some common modules - PHP 7.0 | |
apt -y install php7.0-opcache php7.0-fpm php7.0 php7.0-common php7.0-gd php7.0-mysql php7.0-imap php7.0-cli php7.0-cgi php-pear php-auth php7.0-mcrypt mcrypt imagemagick libruby php7.0-curl php7.0-intl php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy php7.0-xmlrpc php7.0-xsl memcached php-memcache php-imagick php-gettext php7.0-zip php7.0-mbstring php-apcu | |
# install php-fpm and some common modules - PHP 7.1 | |
apt -y install software-properties-common | |
add-apt-repository -y ppa:ondrej/php | |
apt-get -y update | |
# all modules | |
apt -y install php7.1 php7.1-apc php7.1-bz2 php7.1-cgi php7.1-cli php7.1-common php7.1-curl php7.1-dev php7.1-enchant php7.1-fpm php7.1-gd php7.1-gmp php7.1-imap php7.1-interbase php7.1-intl php7.1-json php7.1-ldap php7.1-mbstring php7.1-mcrypt php7.1-mysql php7.1-odbc php7.1-opcache php7.1-pgsql php7.1-phpdbg php7.1-pspell php7.1-readline php7.1-recode php7.1-snmp php7.1-sqlite3 php7.1-sybase php7.1-tidy php7.1-xmlrpc php7.1-xsl php7.1-zip | |
# most common | |
apt -y install php7.1 php7.1-cli php7.1-common php7.1-json php7.1-opcache php7.1-mysql php7.1-mbstring php7.1-mcrypt php7.1-zip php7.1-fpm | |
# PHP 7.2 - TODO | |
# enable needed modules | |
phpenmod mcrypt && phpenmod mbstring | |
# install apache2 if needed and module (correct php version) | |
apt install -y install apache2 libapache2-mod-php7.0 | |
# for nginx - fix pathinfo (replace correct php version) | |
vim /etc/php/7.0/fpm/php.ini | |
[...] | |
cgi.fix_pathinfo=0 | |
[...] | |
date.timezone=UTC | |
[...] | |
service php7.0-fpm reload | |
#???? | |
vim /etc/nginx/nginx.conf | |
[...] | |
http { | |
[...] | |
## Detect when HTTPS is used | |
map $scheme $fastcgi_https { | |
default off; | |
https on; | |
} | |
[...] | |
} | |
[...] | |
#???? | |
service nginx reload | |
apt -y install software-properties-common | |
# Key rotation is in progress as of November 2017; this is the old key: | |
apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0x5a16e7281be7a449 | |
# And this is the new key: | |
apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xB4112585D386EB94 | |
add-apt-repository "deb http://dl.hhvm.com/ubuntu xenial main" | |
apt update -y && apt -y install hhvm | |
add-apt-repository -y ppa:certbot/certbot | |
apt update -y && apt -y install certbot | |
certbot certonly --standalone --renew-by-default -d domain.xxx -d www.domain.xxx | |
#apt install ufw | |
vim /etc/nginx/sites-available/default | |
service nginx reload | |
vim /var/www/html/info.php | |
# install some useful tools | |
apt -y install htop iotop iftop nethogs elinks fail2ban | |
# and some dev tools | |
apt install -y git nodejs npm composer nano tree vim curl ftp -y | |
# clean up and reboot | |
apt -y autoremove && apt -y autoclean && apt -y clean | |
reboot | |
# list netstat | |
netstat -tlpn | |
# list running services | |
systemctl list-units --state=running | grep -v systemd | awk '{print $1}' | grep service |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment