Skip to content

Instantly share code, notes, and snippets.

@camaleaun

camaleaun/devopsopening.md

Last active April 26, 2020 01:52
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save camaleaun/adbd691f2ea9373b43bd59963754dcfb to your computer and use it in GitHub Desktop.
Save camaleaun/adbd691f2ea9373b43bd59963754dcfb to your computer and use it in GitHub Desktop.
Download ZIP
Setup Nginx web server with PHP and WordPres environment
Raw
devopsopening.md
  1. Connect to server

Only first connection to create username and SSH configure:

$ ssh root@domain

Recomended (most secure):

$ ssh username@domain

TIP: Login with root privileges:

$ sudo -i
  1. Basic security settings

Create user.

# adduser username

NOTE: Replace username to your choice value.

TIP: Change default editor from Nano to Vim:

# update-alternatives --set editor /usr/bin/vim.basic --quiet

Or interactive:

# update-alternatives --config editor

Turn user a sudoer adding username ALL=(ALL) NOPASSWD:ALL:

# visudo

Block SSH root login.

# sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
# sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config
# systemctl restart ssh

Switch to username:

# su - username

Create SSH directory.

$ mkdir ~/.ssh && chmod 700 ~/.ssh

Paste your local key cat ~/.ssh/id_rsa.pub in:

$ editor ~/.ssh/authorized_keys
$ chmod 600 ~/.ssh/authorized_keys

TIP: If your key not generate yet:

$ ssh-keygen -t rsa

TIP: In MacOS you can paste to clipoard:

$ cat ~/.ssh/id_rsa.pub | pbcopy

TIP: In Linux you can paste to clipoard:

$ sudo apt install xclip
$ cat ~/.ssh/id_rsa.pub | xclip -sel clip

TIP: Remove host from know:

$ ssh-keygen -R domain
  1. Set timezone and upgrade
# timedatectl set-timezone America/Sao_Paulo

Or interactive:

# dpkg-reconfigure tzdata
# apt update && export DEBIAN_FRONTEND=noninteractive && apt -y dist-upgrade
  1. Install all need packages
# apt update && apt install -y nginx php php-fpm php-mysql php-curl php-dom php-gd php-imagick php-mbstring php-ssh2 mysql-server zip unzip certbot python3-certbot-nginx && apt -y upgrade
  1. Define hostname

Insert server domain.

# editor /etc/hostname
  1. Configure Nginx

TIP: See webserver header output:

# curl -I http://localhost

Uncomment server_tokens off; and change user www-data to username:

# sed -i 's/# server_tokens off;/server_tokens off;/' /etc/nginx/nginx.conf
# sed -i 's/www-data/username/' /etc/nginx/nginx.conf
# systemctl stop apache2 && systemctl start nginx

NOTE: Replace username to correct value.

  1. Setup site

Create a server root directory:

$ mkdir ~/www && chmod 755 ~/www

Create a index test phpinfo file:

$ echo -e "<?php\nphpinfo();" > ~/www/index.php

Create domain configuration:

# editor /etc/nginx/sites-available/domain

NOTE: Replace domain to correct value.

server {
        listen 80;
        listen [::]:80;
        server_name domain;
        return 301 https://domain$request_uri;
}
server {
        listen 443 ssl;
        listen [::]:443 ssl;

        ssl_certificate /etc/letsencrypt/live/domain/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/domain/privkey.pem;

        server_name domain;

        root /home/username/www;
        index index.php index.html;

        location / {
               try_files $uri $uri/ /index.php?$args;
        }
        location ~ \.php$ {
               include snippets/fastcgi-php.conf;
               include fastcgi_params;
               fastcgi_pass unix:/run/php/php7.4-fpm.sock;
               fastcgi_param SCRIPT_FILENAME /home/username/www$fastcgi_script_name;
        }
}

OR copy from default and edit:

# tail /etc/nginx/sites-available/default -n 13 | cut -c 2- | sudo tee /etc/nginx/sites-available/domain 1> /dev/null

Change all www-data user and group to username:

# sed -i 's/www-data/username/' /etc/php/7.4/fpm/pool.d/www.conf

Enable site.

# ln -s /etc/nginx/sites-available/domain /etc/nginx/sites-enabled/
# rm /etc/nginx/sites-enabled/default
# systemctl restart nginx php7.4-fpm

Create a MySQL user:

# mysql_secure_installation
# mysql -u root -p
mysql> CREATE USER 'username'@'localhost' IDENTIFIED BY 'SECUREPASSWORD';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'username'@'localhost';
mysql> FLUSH PRIVILEGES;

NOTE: Replace SECUREPASSWORD to your choice value.

  1. Change to HTTPS

Remove TLSSNI01 attribute.

# sed -i 's/, challenges.TLSSNI01//' /usr/lib/python3/dist-packages/certbot_nginx/configurator.py

Create certificate.

# certbot certonly --nginx

NOTE: Replace domain to correct value.

  1. Install WP-CLI and WordPress
# curl -O -# https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar && chmod +x wp-cli.phar && sudo mv wp-cli.phar /usr/local/bin/wp

Check requirements:

# wp package install git@github.com:johnbillion/ext.git --allow-root
# wp ext check --allow-root

Create wp-cli.local.yml:

$ editor ~/wp-cli.local.yml
path: www
url: domain

core download:
  locale: en_US
  skip-content: true

config create:
  dbname: username
  dbuser: username
  dbpass: SECUREPASSWORD
  extra-php: |
    define( 'WP_DEBUG', true );

:~$ wp core download && wp config create && wp db create && wp core install --prompt
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment