Skip to content

Instantly share code, notes, and snippets.

@eapdob
Last active May 9, 2021 11:01
Show Gist options
  • Save eapdob/b61bbe0a99cbf1a21ea95d578ac9a003 to your computer and use it in GitHub Desktop.
Save eapdob/b61bbe0a99cbf1a21ea95d578ac9a003 to your computer and use it in GitHub Desktop.
nginx-bash
#!/bin/bash
# ssh
sudo apt-get update;
sudo apt-get install openssh-server;
sudo service ssh start;
sudo update-rc.d ssh defaults;
# nginx
sudo apt-get install nginx;
sudo nginx -v;
# mysql
sudo wget https://repo.percona.com/apt/percona-release_latest.generic_all.deb;
sudo dpkg -i percona-release_latest.generic_all.deb;
sudo apt-get update;
sudo apt-get install percona-server-server-5.7;
# php-fpm
sudo apt-get install php-fpm php-cli php-mysqli php-gd;
sudo php -v;
sudo update-rc.d php7.2-fpm defaults;
# myproject root
sudo mkdir /data/myproject.com;
sudo mkdir /data/myproject.com/docs;
sudo mkdir /data/myproject.com/logs;
sudo chown -R www-data:www-data /data/myproject.com;
sudo chmod -R 0755 /data/myproject.com;
# nginx config
cd /etc/nginx;
# cat /proc/cpuinfo | grep processor | wc -l
# nginx worker_processes - value
sudo sh;
cat > nginx.conf;
cat << EOF >> nginx.conf
user www-data;
worker_processes 4;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
EOF;
exit;
cd sites-available;
sudo sh;
touch myproject.com;
cat << EOF >> myproject.com
server {
# слушаем стандартный порт HTTP
listen 80;
# здесь нужно указать наш домен
server_name myproject.com www.myproject.com;
# кодировка по умолчанию
charset utf-8;
# для разработки потребуются логи
access_log /data/myproject.com/logs/access.log combined;
error_log /data/myproject.com/logs/error.log;
# корневая директория логики
root /data/myproject.com/docs;
# установим сжатие данных
gzip on;
gzip_disable "msie6";
gzip_comp_level 6;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_proxied any;
gzip_types text/plain application/xml
application/javascript
text/css
text/js
text/xml
application/x-javascript
text/javascript
application/json
application/xml+rss;
# настройки размеров и таймаутов
client_max_body_size 100m;
client_body_buffer_size 128k;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
client_header_buffer_size 1k;
large_client_header_buffers 4 16k;
# правила обработки запросов к домену
location / {
# корневая директория
root /data/myproject.com/docs;
# стартовый скрипт
index index.php;
# правило автозагрузки в порядке следования: файл, папка, скрипт
try_files $uri $uri/ @fallback;
}
# правило для того, чтобы отдавать статические файлы
location ~* \.(jpeg|ico|jpg|gif|png|css|js|pdf|txt|tar|gz|wof|csv|zip|xml|yml) {
access_log off;
try_files $uri @statics;
expires 14d;
add_header Access-Control-Allow-Origin *;
add_header Cache-Control public;
root /data/myproject.com/docs;
}
location @statics {
rewrite ^/(\w+)/(.*)$ /$2 break;
access_log off;
rewrite_log off;
expires 14d;
add_header Cache-Control public;
add_header Access-Control-Allow-Origin *;
root /data/myproject.com/docs;
}
# правила обработки PHP-скриптов
location ~ \.php$ {
root /data/myproject.com/docs;
proxy_read_timeout 120;
fastcgi_read_timeout 120;
try_files $uri $uri/ =404;
# внимательно смотрите на то, какое имя задано у сокета
# это можно узнать в настройках php-fpm
#fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
EOF;
exit;
sudo ln -s /etc/nginx/sites-available/myproject.com /etc/nginx/sites-enabled/;
# if user nginx exists
#sudo usermod -a -G www-data nginx;
sudo systemctl restart nginx;
# mysql config
cd /etc;
sudo sh;
touch my.cnf;
cat << EOL >> my.cnf
[client]
# порт и сокет для клиента
port = 3306
socket = /var/run/mysqld/mysqld.sock
[mysqld]
user = mysql
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
port = 3306
datadir = /var/lib/mysql
# Отдадим под innodb четверть памяти. Настройка эта зависит от объёма данных в формате innodb
# Но в идеале нужно всегда устанавливать значение больше, чем полный объём данных в innodb
innodb_buffer_pool_size = 512M
# У нас один процессор, поэтому будет только 1 поток кэша
innodb_buffer_pool_instances = 1
# Чтобы innodb работал быстрее, отключаем запись резервных данных на жёсткий диск
innodb_flush_log_at_trx_commit = 2
innodb_flush_method = 'O_DIRECT'
EOL;
exit;
#mypassword - this actual password
sudo mysql -uroot -pmypassword;
USE mysql;
SELECT * FROM user;
DROP user 'root'@'ubuntudev';
DROP user 'root'@'127.0.0.1';
DROP user 'root'@'::1';
DROP user ''@'localhost';
DROP user ''@'ubuntudev';
FLUSH PRIVILEGES;
CREATE DATABASE application_db;
CREATE USER 'connect'@'localhost' IDENTIFIED BY 'mydefinedpassword';
GRANT SELECT, INSERT, UPDATE, DELETE on application_db.* to 'connect'@'localhost';
FLUSH PRIVILEGES;
sudo systemctl restart mysql;
# php config
cd /etc/php/7.2/fpm;
sudo cp /etc/php/7.2/fpm/php.ini /etc/php/7.2/fpm/php.ini.bak;
sudo mv /etc/php/7.2/fpm/php.ini ../;
sudo cp /etc/php/7.2/cli/php.ini /etc/php/7.2/cli/php.ini.bak;
sudo rm /etc/php/7.2/cli/php.ini;
cd /etc/php/7.2/fpm;
sudo ln -s /etc/php/7.2/php.ini;
sudo cd /etc/php/7.2/cli;
sudo ln -s /etc/php/7.2/php.ini;
cd /etc/php/7.2;
sudo sed -i 's/short_open_tag = Off/short_open_tag = On/g' php.ini;
sudo sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' php.ini;
sudo sed -i 's/;date.timezone =/;date.timezone = Europe/Kiev/g' php.ini;
cd /etc/php/7.2/fpm/pool.d;
sudo sed -i 's/listen = /run/php/php7.2-fpm.sock/;listen = /run/php/php7.2-fpm.sock\nlisten = 127.0.0.1:9000;/g' www.conf;
sudo systemctl restart php7.2-fpm;
# myproject
cd /data/myproject.com/docs;
sudo sh;
touch index.php;
cat << EOF >> index.php
<?php
echo "Hello, World!";
?>
EOF;
touch index.php;
cat << EOF >> phpinfo.php
<?php
phpinfo();
?>
EOF;
exit;
cd /data/myproject/docs;
sudo find . -type f -exec chown www-data:www-data {} \;
sudo find . -type f -exec chmod 0644 {} \;
# hosts
#cd /etc;
#sudo echo '127.0.0.1 myproject.com' >> hosts;
# samba
#sudo apt-get install samba;
#cd ~;
#cd ../../;
#cd /etc/samba;
#sudo echo '[my-projects]
#comment = My projects
#path = /data/
#valid users = developer
#create mask = 0775
#force create mode = 0775
#directory mask = 0775
#writable = yes
#force group = www-data' >> smb.conf;
#sudo smbpasswd -a developer;
#sudo service smbd restart;
#sudo service nmbd restart;
sudo apt-get upgrade -y;
sudo apt-get autoremove;
sudo apt-get autoclean;
exit 0;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment