Created
October 10, 2012 22:53
-
-
Save dnozay/3869050 to your computer and use it in GitHub Desktop.
Prepare CentOS - for webserver / django / nginx / gunicorn use.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # please run this as root. script provided "AS IS". | |
| #.-------------------------------------------------------------------------------- | |
| #. install python 2.7.x | |
| #. https://github.com/scalp42/python-2.7.x-on-Centos-5.x - Apache License | |
| #.-------------------------------------------------------------------------------- | |
| pushd /tmp | |
| https_proxy=$http_proxy wget https://raw.github.com/scalp42/python-2.7.x-on-Centos-5.x/master/install_python27.sh | |
| bash ./install_python27.sh | |
| rm ./install_python27.sh | |
| popd | |
| #.-------------------------------------------------------------------------------- | |
| #. fix SELinux for webserver usage | |
| #.-------------------------------------------------------------------------------- | |
| yum -y install setroubleshoot | |
| setsebool -P httpd_can_network_connect=1 | |
| setsebool -P httpd_can_network_connect_db=1 | |
| setsebool -P httpd_can_network_relay=1 | |
| setsebool -P user_tcp_server=1 | |
| #.-------------------------------------------------------------------------------- | |
| #. adjust system settings | |
| #.-------------------------------------------------------------------------------- | |
| cp -f /etc/sysctl.conf /root/sysctl.conf.bak | |
| echo >> /root/sysctl.conf.bak "# defaults" | |
| sysctl >> /root/sysctl.conf.bak \ | |
| net.core.somaxconn \ | |
| net.ipv4.tcp_fin_timeout \ | |
| net.ipv4.tcp_tw_reuse \ | |
| net.ipv4.tcp_max_tw_buckets \ | |
| net.ipv4.tcp_max_syn_backlog \ | |
| net.ipv4.tcp_synack_retries \ | |
| net.ipv4.ip_local_port_range | |
| cat >> /etc/sysctl.conf << EOFSYSCTL | |
| # bump number of maximum connections | |
| net.core.somaxconn = 10000 | |
| # make time-wait sockets close faster | |
| net.ipv4.tcp_fin_timeout = 10 | |
| # increase available port range | |
| net.ipv4.ip_local_port_range = 1024 65000 | |
| EOFSYSCTL | |
| sysctl -p /etc/sysctl.conf | |
| #.-------------------------------------------------------------------------------- | |
| #. install the EPEL package for extra repos | |
| #.-------------------------------------------------------------------------------- | |
| rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm | |
| #.-------------------------------------------------------------------------------- | |
| #. install libs for virtual environment | |
| #.-------------------------------------------------------------------------------- | |
| yum -y install openldap-devel # python-ldap | |
| yum -y install libxml2-devel libxslt-devel # lxml | |
| yum -y install mysql-devel # for pip install mysql-python | |
| #.-------------------------------------------------------------------------------- | |
| #. install NGINX from EPEL | |
| #.-------------------------------------------------------------------------------- | |
| yum -y install nginx | |
| #.-------------------------------------------------------------------------------- | |
| #. open hole in firewall for http, https and ssh | |
| #. http://www.thegeekstuff.com/2011/06/iptables-rules-examples/ | |
| #.-------------------------------------------------------------------------------- | |
| iptables -I INPUT 1 -i eth0 -p tcp -m multiport --dports 22,80,443 -m state --state NEW,ESTABLISHED -j ACCEPT | |
| iptables -A OUTPUT -o eth0 -p tcp -m multiport --sports 22,80,443 -m state --state ESTABLISHED -j ACCEPT | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment