fabioneves/nginx-box.sh

## nginx-box.sh
#!/bin/bash
# config
NGINX_USER=nginx
NGINX_VERSION=1.9.0
NGINX_PAGESPEED=1.9.32.3
NGINX_UPLOAD_PROGRESS=0.9.1

PHP_TIMEZONE="Europe\/Lisbon"
PHP_POST_MAX_SIZE=2048M
PHP_UPLOAD_FILESIZE=2048M
PHP_MAX_INPUT_VARS=3000
PHP_MEMORY_LIMIT=256M
PHP_MAX_INPUT_TIME=300
PHP_MAX_EXEC_TIME=300

MYSQL_ROOT_PASSWORD=abcd1234
MYSQL_DRUPAL_DB=drupal
MYSQL_DRUPAL_DB_USER=drupal
MYSQL_DRUPAL_DB_PASS=123

# add epel repo
wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
rpm -Uvh epel-release-7*.rpm

# add remi repo
wget http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
rpm -Uvh remi-release-7*.rpm
remi=`ex /etc/yum.repos.d/remi.repo <<-EOF
	   /^\[remi\]
	   /^enabled=
	   s/=0/=1/
	   /^\[remi-php56\]
	   /^enabled=
	   s/=0/=1/
	   wq
EOF`

# remove rpm's
rm -Rf epel-release-7*.rpm remi-release-7*.rpm

# perform system update after adding these repos
yum update -y

##
# compile nginx from source with SPDY and ngx_pagespeed
##

# install required packages
yum install -y mlocate htop gcc-c++ pcre-devel zlib-devel make unzip openssl-devel git libxml2-devel libxslt-devel gd-devel perl-ExtUtils-Embed GeoIP-devel libatomic_ops-devel

# download and prepare ngx_pagespeed
wget https://github.com/pagespeed/ngx_pagespeed/archive/release-${NGINX_PAGESPEED}-beta.zip
unzip release-${NGINX_PAGESPEED}-beta.zip
cd ngx_pagespeed-release-${NGINX_PAGESPEED}-beta/
wget https://dl.google.com/dl/page-speed/psol/${NGINX_PAGESPEED}.tar.gz
tar -xzvf ${NGINX_PAGESPEED}.tar.gz
cd ..

# download upload progress module
wget https://github.com/masterzen/nginx-upload-progress-module/archive/v${NGINX_UPLOAD_PROGRESS}.tar.gz
tar zxvf v${NGINX_UPLOAD_PROGRESS}.tar.gz

# nginx user
useradd ${NGINX_USER}
usermod -s /sbin/nologin ${NGINX_USER}

# download nginx source
wget http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz
tar zxvf nginx-${NGINX_VERSION}.tar.gz
cd nginx-${NGINX_VERSION}

# enable almost all the modules for nginx
./configure --user=${NGINX_USER} --group=${NGINX_USER} --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --with-http_spdy_module --with-select_module --with-poll_module --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_spdy_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_image_filter_module --with-http_geoip_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module --with-http_perl_module --with-mail --with-mail_ssl_module --with-cpp_test_module --with-cpu-opt=CPU --with-pcre --with-pcre-jit --with-md5-asm --with-sha1-asm --with-zlib-asm=CPU --with-libatomic --with-debug --with-ld-opt="-Wl,-E" --add-module=../ngx_pagespeed-release-${NGINX_PAGESPEED}-beta --add-module=../nginx-upload-progress-module-${NGINX_UPLOAD_PROGRESS}
make && make install

# cleanup
rm -Rf ../nginx-${NGINX_VERSION}* ../nginx-upload-progress-module-${NGINX_UPLOAD_PROGRESS} ../ngx_pagespeed ../v${NGINX_UPLOAD_PROGRESS}.tar.gz

# create systemd service file for nginx
cat >> /usr/lib/systemd/system/nginx.service << NGINX_SERVICE
[Unit]
Description=The nginx HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true

[Install]
WantedBy=multi-user.target
NGINX_SERVICE

# nginx config
cat <<EOF > /etc/nginx/nginx.conf
user  nginx;
worker_processes 1;
pid /run/nginx.pid;

events {
    worker_connections 1024;
    multi_accept on;
    use epoll;
}


http {

    include       mime.types;
    default_type  application/octet-stream;

    # configuration files
    include /etc/nginx/conf.d/*.conf;

    # vhosts
    include /etc/nginx/sites-enabled/*;

}
EOF

cat <<EOF > /etc/nginx/fastcgi_params
fastcgi_param   QUERY_STRING            \$query_string;
fastcgi_param   REQUEST_METHOD          \$request_method;
fastcgi_param   CONTENT_TYPE            \$content_type;
fastcgi_param   CONTENT_LENGTH          \$content_length;

fastcgi_param   SCRIPT_FILENAME         \$request_filename;
fastcgi_param   SCRIPT_NAME             \$fastcgi_script_name;
fastcgi_param   REQUEST_URI             \$request_uri;
fastcgi_param   DOCUMENT_URI            \$document_uri;
fastcgi_param   DOCUMENT_ROOT           \$document_root;
fastcgi_param   SERVER_PROTOCOL         \$server_protocol;
fastcgi_param   HTTPS                   \$https if_not_empty;

fastcgi_param   GATEWAY_INTERFACE       CGI/1.1;
fastcgi_param   SERVER_SOFTWARE         nginx/\$nginx_version;

fastcgi_param   REMOTE_ADDR             \$remote_addr;
fastcgi_param   REMOTE_PORT             \$remote_port;
fastcgi_param   SERVER_ADDR             \$server_addr;
fastcgi_param   SERVER_PORT             \$server_port;
fastcgi_param   SERVER_NAME             \$server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param   REDIRECT_STATUS         200;
EOF

mkdir /etc/nginx/conf.d
cat <<EOF > /etc/nginx/conf.d/core.conf
## sendfile and tcp_nopush
## - Ensures that the packets are full before sending to the client.
sendfile on;
tcp_nopush on;

## tcp_nodelay
## - Forces the socket to send the data (saving up to 0.2 seconds per file (nagle's algorithm)).
tcp_nodelay on;

## server_tokens
## - Enables or disables emitting nginx version in error messages and in the 'Server' response header field.
server_tokens off;

## client_max_body_size
## - Sets the maximum allowed size of the client request body, specified in the 'Content-Length' request header field.
##   If the size in a request exceeds the configured value, the 413 (Request Entity Too Large) error is returned to the client.
client_max_body_size 256m;

## keepalive_timeout
## - Sets a timeout during which a keep-alive client connection will stay open on the server side (default 75s).
keepalive_timeout 30;

## client_header_timeout
## - Defines a timeout for reading client request header.
client_header_timeout 10;

## client_body_timeout
## - Defines a timeout for reading client request body.
client_body_timeout 10;

## send_timeout
## - Sets a timeout for transmitting a response to the client.
send_timeout 10;
EOF
cat <<EOF > /etc/nginx/conf.d/gzip.conf
gzip on;
gzip_disable "msie6";
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 6;
gzip_min_length 0;
gzip_proxied any;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript text/x-js ;
EOF
cat <<EOF > /etc/nginx/conf.d/pagespeed.conf
pagespeed on;

pagespeed FileCachePath /var/cache/ngx_pagespeed_cache;
pagespeed FileCacheSizeKb            102400;
pagespeed FileCacheCleanIntervalMs   3600000;
pagespeed FileCacheInodeLimit        500000;

pagespeed LRUCacheKbPerProcess     8192;
pagespeed LRUCacheByteLimit        16384;

pagespeed MemcachedServers "127.0.0.1:11211";

pagespeed RewriteLevel PassThrough;
pagespeed EnableFilters remove_comments,collapse_whitespace,rewrite_images,resize_images,resize_rendered_image_dimensions,prioritize_critical_css,insert_dns_prefetch,combine_css,rewrite_css,combine_javascript,rewrite_javascript;

pagespeed RespectVary on;
pagespeed CriticalImagesBeaconEnabled false;

pagespeed StatisticsPath /ngx_pagespeed_statistics;
pagespeed GlobalStatisticsPath /ngx_pagespeed_global_statistics;
pagespeed MessagesPath /ngx_pagespeed_message;
pagespeed ConsolePath /pagespeed_console;
pagespeed AdminPath /pagespeed_admin;
pagespeed GlobalAdminPath /pagespeed_global_admin;

pagespeed MessageBufferSize 200000;
pagespeed Statistics on;
pagespeed StatisticsLogging on;
pagespeed LogDir /var/log/pagespeed;
pagespeed StatisticsLoggingIntervalMs 60000;
pagespeed StatisticsLoggingMaxFileSizeKb 1024;
EOF
mkdir /etc/nginx/sites-available /etc/nginx/sites-enabled

##
# install php and php-fpm
##
yum install -y php php-gd php-pdo php-fpm php-pecl-zendopcache php-mbstring php-mysql php-pecl-uploadprogress memcached

# create global socket for php-fpm
rm -Rf /etc/php-fpm.d/www.conf
cat <<EOF > /etc/php-fpm.d/global-pool.conf
[global-pool]
user = nginx
group = nginx
listen = /var/run/php-fpm/php-fpm-global.sock
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
pm = dynamic
pm.start_servers = 1
pm.max_children = 5
pm.min_spare_servers = 1
pm.max_spare_servers = 5
EOF

# change php settings
php_config=`ex /etc/php.ini <<-EOF
/^post_max_size
s/= 8M/= $PHP_POST_MAX_SIZE/
/^upload_max_filesize
s/= 2M/= $PHP_UPLOAD_FILESIZE/
/^; max_input_vars
s/= 1000/= 1000\rmax_input_vars = $PHP_MAX_INPUT_VARS/
/^memory_limit
s/= 128M/= $PHP_MEMORY_LIMIT/
/^max_input_time
s/= 60/= $PHP_MAX_INPUT_TIME/
/^max_execution_time
s/= 30/= $PHP_MAX_EXEC_TIME/
/^\[Date\]
/^;date.timezone
s/=/=\rdate.timezone = $PHP_TIMEZONE/
wq
EOF`

##
# install mariadb 10
##

# add repo
cat >> /etc/yum.repos.d/mariadb.repo << MARIADB
# MariaDB 10.0 CentOS repository list - created 2015-04-15 11:21 UTC
# http://mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.0/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
MARIADB

# install
yum install -y MariaDB-server MariaDB-client

# secure mariadb install
service mysql start

# secure mysql installation
mysql -u root <<-EOF
UPDATE mysql.user SET Password=PASSWORD('$MYSQL_ROOT_PASSWORD') WHERE User='root';
DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
DELETE FROM mysql.user WHERE User='';
DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%';
FLUSH PRIVILEGES;
EOF

##
# create self-signed ssl certificate
##
mkdir /etc/nginx/ssl
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" -keyout /etc/nginx/ssl/localhost.key -out /etc/nginx/ssl/localhost.crt

##
# create drupal vhost
##
cat <<EOF > /etc/nginx/sites-available/drupal.conf
server {

    client_max_body_size 64M;

    listen 80;
    server_name localhost;
    root /home/nginx/drupal;

    index index.php;

    charset utf-8;

    location / {
        try_files \$uri \$uri/ /index.php?\$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log /var/log/nginx/drupal-access.log;
    error_log /var/log/nginx/drupal-error.log;

    location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
        expires 30d;
        add_header Pragma public;
        add_header Cache-Control "public";
        try_files \$uri =404;
    }

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm-global.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }

    location ~ /\.ht {
        deny all;
    }

}

server {

    client_max_body_size 64M;

    listen 443 ssl spdy;
    server_name localhost;
    root /home/nginx/drupal;

    ssl_certificate /etc/nginx/ssl/localhost.crt;
    ssl_certificate_key /etc/nginx/ssl/localhost.key;

    index index.php;

    charset utf-8;

    location / {
        try_files \$uri \$uri/ /index.php?\$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log /var/log/nginx/drupal-access.log;
    error_log /var/log/nginx/drupal-error.log;

    location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
        expires 30d;
        add_header Pragma public;
        add_header Cache-Control "public";
        try_files \$uri =404;
    }

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm-global.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }

    location ~ /\.ht {
        deny all;
    }

}
EOF

ln -s /etc/nginx/sites-available/drupal.conf /etc/nginx/sites-enabled/drupal.conf

# install drush
pear channel-discover pear.drush.org
pear install drush/drush

# install drupal
mysql -uroot -p$MYSQL_ROOT_PASSWORD -e "create database $MYSQL_DRUPAL_DB"
mysql -uroot -p$MYSQL_ROOT_PASSWORD -e "GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES ON $MYSQL_DRUPAL_DB.* TO '$MYSQL_DRUPAL_DB_USER'@'localhost' IDENTIFIED BY '$MYSQL_DRUPAL_DB_PASS'"
cd /home/nginx
drush dl drupal --drupal-project-rename=drupal
cd drupal
drush site-install standard --db-url="mysql://$MYSQL_DRUPAL_DB_USER:$MYSQL_DRUPAL_DB_PASS@localhost/$MYSQL_DRUPAL_DB" --site-name=Drupal -y
drush dis overlay -y
chown -R nginx:nginx /home/nginx/drupal

# enable and restart services
systemctl disable httpd
systemctl enable nginx
systemctl enable php-fpm
systemctl enable memcached
service nginx restart
service php-fpm restart
service memcached restart
	#!/bin/bash
	# config
	NGINX_USER=nginx
	NGINX_VERSION=1.9.0
	NGINX_PAGESPEED=1.9.32.3
	NGINX_UPLOAD_PROGRESS=0.9.1

	PHP_TIMEZONE="Europe\/Lisbon"
	PHP_POST_MAX_SIZE=2048M
	PHP_UPLOAD_FILESIZE=2048M
	PHP_MAX_INPUT_VARS=3000
	PHP_MEMORY_LIMIT=256M
	PHP_MAX_INPUT_TIME=300
	PHP_MAX_EXEC_TIME=300

	MYSQL_ROOT_PASSWORD=abcd1234
	MYSQL_DRUPAL_DB=drupal
	MYSQL_DRUPAL_DB_USER=drupal
	MYSQL_DRUPAL_DB_PASS=123

	# add epel repo
	wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
	rpm -Uvh epel-release-7*.rpm

	# add remi repo
	wget http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
	rpm -Uvh remi-release-7*.rpm
	remi=`ex /etc/yum.repos.d/remi.repo <<-EOF
	/^\[remi\]
	/^enabled=
	s/=0/=1/
	/^\[remi-php56\]
	/^enabled=
	s/=0/=1/
	wq
	EOF`

	# remove rpm's
	rm -Rf epel-release-7.rpm remi-release-7.rpm

	# perform system update after adding these repos
	yum update -y

	##
	# compile nginx from source with SPDY and ngx_pagespeed
	##

	# install required packages
	yum install -y mlocate htop gcc-c++ pcre-devel zlib-devel make unzip openssl-devel git libxml2-devel libxslt-devel gd-devel perl-ExtUtils-Embed GeoIP-devel libatomic_ops-devel

	# download and prepare ngx_pagespeed
	wget https://github.com/pagespeed/ngx_pagespeed/archive/release-${NGINX_PAGESPEED}-beta.zip
	unzip release-${NGINX_PAGESPEED}-beta.zip
	cd ngx_pagespeed-release-${NGINX_PAGESPEED}-beta/
	wget https://dl.google.com/dl/page-speed/psol/${NGINX_PAGESPEED}.tar.gz
	tar -xzvf ${NGINX_PAGESPEED}.tar.gz
	cd ..

	# download upload progress module
	wget https://github.com/masterzen/nginx-upload-progress-module/archive/v${NGINX_UPLOAD_PROGRESS}.tar.gz
	tar zxvf v${NGINX_UPLOAD_PROGRESS}.tar.gz

	# nginx user
	useradd ${NGINX_USER}
	usermod -s /sbin/nologin ${NGINX_USER}

	# download nginx source
	wget http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz
	tar zxvf nginx-${NGINX_VERSION}.tar.gz
	cd nginx-${NGINX_VERSION}

	# enable almost all the modules for nginx
	./configure --user=${NGINX_USER} --group=${NGINX_USER} --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --with-http_spdy_module --with-select_module --with-poll_module --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_spdy_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_image_filter_module --with-http_geoip_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module --with-http_perl_module --with-mail --with-mail_ssl_module --with-cpp_test_module --with-cpu-opt=CPU --with-pcre --with-pcre-jit --with-md5-asm --with-sha1-asm --with-zlib-asm=CPU --with-libatomic --with-debug --with-ld-opt="-Wl,-E" --add-module=../ngx_pagespeed-release-${NGINX_PAGESPEED}-beta --add-module=../nginx-upload-progress-module-${NGINX_UPLOAD_PROGRESS}
	make && make install

	# cleanup
	rm -Rf ../nginx-${NGINX_VERSION}* ../nginx-upload-progress-module-${NGINX_UPLOAD_PROGRESS} ../ngx_pagespeed ../v${NGINX_UPLOAD_PROGRESS}.tar.gz

	# create systemd service file for nginx
	cat >> /usr/lib/systemd/system/nginx.service << NGINX_SERVICE
	[Unit]
	Description=The nginx HTTP and reverse proxy server
	After=syslog.target network.target remote-fs.target nss-lookup.target

	[Service]
	Type=forking
	PIDFile=/run/nginx.pid
	ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf
	ExecReload=/bin/kill -s HUP $MAINPID
	ExecStop=/bin/kill -s QUIT $MAINPID
	PrivateTmp=true

	[Install]
	WantedBy=multi-user.target
	NGINX_SERVICE

	# nginx config
	cat <<EOF > /etc/nginx/nginx.conf
	user nginx;
	worker_processes 1;
	pid /run/nginx.pid;

	events {
	worker_connections 1024;
	multi_accept on;
	use epoll;
	}


	http {

	include mime.types;
	default_type application/octet-stream;

	# configuration files
	include /etc/nginx/conf.d/*.conf;

	# vhosts
	include /etc/nginx/sites-enabled/*;

	}
	EOF

	cat <<EOF > /etc/nginx/fastcgi_params
	fastcgi_param QUERY_STRING \$query_string;
	fastcgi_param REQUEST_METHOD \$request_method;
	fastcgi_param CONTENT_TYPE \$content_type;
	fastcgi_param CONTENT_LENGTH \$content_length;

	fastcgi_param SCRIPT_FILENAME \$request_filename;
	fastcgi_param SCRIPT_NAME \$fastcgi_script_name;
	fastcgi_param REQUEST_URI \$request_uri;
	fastcgi_param DOCUMENT_URI \$document_uri;
	fastcgi_param DOCUMENT_ROOT \$document_root;
	fastcgi_param SERVER_PROTOCOL \$server_protocol;
	fastcgi_param HTTPS \$https if_not_empty;

	fastcgi_param GATEWAY_INTERFACE CGI/1.1;
	fastcgi_param SERVER_SOFTWARE nginx/\$nginx_version;

	fastcgi_param REMOTE_ADDR \$remote_addr;
	fastcgi_param REMOTE_PORT \$remote_port;
	fastcgi_param SERVER_ADDR \$server_addr;
	fastcgi_param SERVER_PORT \$server_port;
	fastcgi_param SERVER_NAME \$server_name;

	# PHP only, required if PHP was built with --enable-force-cgi-redirect
	fastcgi_param REDIRECT_STATUS 200;
	EOF

	mkdir /etc/nginx/conf.d
	cat <<EOF > /etc/nginx/conf.d/core.conf
	## sendfile and tcp_nopush
	## - Ensures that the packets are full before sending to the client.
	sendfile on;
	tcp_nopush on;

	## tcp_nodelay
	## - Forces the socket to send the data (saving up to 0.2 seconds per file (nagle's algorithm)).
	tcp_nodelay on;

	## server_tokens
	## - Enables or disables emitting nginx version in error messages and in the 'Server' response header field.
	server_tokens off;

	## client_max_body_size
	## - Sets the maximum allowed size of the client request body, specified in the 'Content-Length' request header field.
	## If the size in a request exceeds the configured value, the 413 (Request Entity Too Large) error is returned to the client.
	client_max_body_size 256m;

	## keepalive_timeout
	## - Sets a timeout during which a keep-alive client connection will stay open on the server side (default 75s).
	keepalive_timeout 30;

	## client_header_timeout
	## - Defines a timeout for reading client request header.
	client_header_timeout 10;

	## client_body_timeout
	## - Defines a timeout for reading client request body.
	client_body_timeout 10;

	## send_timeout
	## - Sets a timeout for transmitting a response to the client.
	send_timeout 10;
	EOF
	cat <<EOF > /etc/nginx/conf.d/gzip.conf
	gzip on;
	gzip_disable "msie6";
	gzip_http_version 1.1;
	gzip_vary on;
	gzip_comp_level 6;
	gzip_min_length 0;
	gzip_proxied any;
	gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript text/x-js ;
	EOF
	cat <<EOF > /etc/nginx/conf.d/pagespeed.conf
	pagespeed on;

	pagespeed FileCachePath /var/cache/ngx_pagespeed_cache;
	pagespeed FileCacheSizeKb 102400;
	pagespeed FileCacheCleanIntervalMs 3600000;
	pagespeed FileCacheInodeLimit 500000;

	pagespeed LRUCacheKbPerProcess 8192;
	pagespeed LRUCacheByteLimit 16384;

	pagespeed MemcachedServers "127.0.0.1:11211";

	pagespeed RewriteLevel PassThrough;
	pagespeed EnableFilters remove_comments,collapse_whitespace,rewrite_images,resize_images,resize_rendered_image_dimensions,prioritize_critical_css,insert_dns_prefetch,combine_css,rewrite_css,combine_javascript,rewrite_javascript;

	pagespeed RespectVary on;
	pagespeed CriticalImagesBeaconEnabled false;

	pagespeed StatisticsPath /ngx_pagespeed_statistics;
	pagespeed GlobalStatisticsPath /ngx_pagespeed_global_statistics;
	pagespeed MessagesPath /ngx_pagespeed_message;
	pagespeed ConsolePath /pagespeed_console;
	pagespeed AdminPath /pagespeed_admin;
	pagespeed GlobalAdminPath /pagespeed_global_admin;

	pagespeed MessageBufferSize 200000;
	pagespeed Statistics on;
	pagespeed StatisticsLogging on;
	pagespeed LogDir /var/log/pagespeed;
	pagespeed StatisticsLoggingIntervalMs 60000;
	pagespeed StatisticsLoggingMaxFileSizeKb 1024;
	EOF
	mkdir /etc/nginx/sites-available /etc/nginx/sites-enabled

	##
	# install php and php-fpm
	##
	yum install -y php php-gd php-pdo php-fpm php-pecl-zendopcache php-mbstring php-mysql php-pecl-uploadprogress memcached

	# create global socket for php-fpm
	rm -Rf /etc/php-fpm.d/www.conf
	cat <<EOF > /etc/php-fpm.d/global-pool.conf
	[global-pool]
	user = nginx
	group = nginx
	listen = /var/run/php-fpm/php-fpm-global.sock
	listen.owner = nginx
	listen.group = nginx
	listen.mode = 0660
	pm = dynamic
	pm.start_servers = 1
	pm.max_children = 5
	pm.min_spare_servers = 1
	pm.max_spare_servers = 5
	EOF

	# change php settings
	php_config=`ex /etc/php.ini <<-EOF
	/^post_max_size
	s/= 8M/= $PHP_POST_MAX_SIZE/
	/^upload_max_filesize
	s/= 2M/= $PHP_UPLOAD_FILESIZE/
	/^; max_input_vars
	s/= 1000/= 1000\rmax_input_vars = $PHP_MAX_INPUT_VARS/
	/^memory_limit
	s/= 128M/= $PHP_MEMORY_LIMIT/
	/^max_input_time
	s/= 60/= $PHP_MAX_INPUT_TIME/
	/^max_execution_time
	s/= 30/= $PHP_MAX_EXEC_TIME/
	/^\[Date\]
	/^;date.timezone
	s/=/=\rdate.timezone = $PHP_TIMEZONE/
	wq
	EOF`

	##
	# install mariadb 10
	##

	# add repo
	cat >> /etc/yum.repos.d/mariadb.repo << MARIADB
	# MariaDB 10.0 CentOS repository list - created 2015-04-15 11:21 UTC
	# http://mariadb.org/mariadb/repositories/
	[mariadb]
	name = MariaDB
	baseurl = http://yum.mariadb.org/10.0/centos7-amd64
	gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
	gpgcheck=1
	MARIADB

	# install
	yum install -y MariaDB-server MariaDB-client

	# secure mariadb install
	service mysql start

	# secure mysql installation
	mysql -u root <<-EOF
	UPDATE mysql.user SET Password=PASSWORD('$MYSQL_ROOT_PASSWORD') WHERE User='root';
	DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
	DELETE FROM mysql.user WHERE User='';
	DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%';
	FLUSH PRIVILEGES;
	EOF

	##
	# create self-signed ssl certificate
	##
	mkdir /etc/nginx/ssl
	openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" -keyout /etc/nginx/ssl/localhost.key -out /etc/nginx/ssl/localhost.crt

	##
	# create drupal vhost
	##
	cat <<EOF > /etc/nginx/sites-available/drupal.conf
	server {

	client_max_body_size 64M;

	listen 80;
	server_name localhost;
	root /home/nginx/drupal;

	index index.php;

	charset utf-8;

	location / {
	try_files \$uri \$uri/ /index.php?\$query_string;
	}

	location = /favicon.ico { access_log off; log_not_found off; }
	location = /robots.txt { access_log off; log_not_found off; }

	access_log /var/log/nginx/drupal-access.log;
	error_log /var/log/nginx/drupal-error.log;

	location ~* \.(jpg\|jpeg\|png\|gif\|ico\|css\|js)$ {
	expires 30d;
	add_header Pragma public;
	add_header Cache-Control "public";
	try_files \$uri =404;
	}

	location ~ \.php$ {
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	fastcgi_pass unix:/var/run/php-fpm/php-fpm-global.sock;
	fastcgi_index index.php;
	include fastcgi_params;
	}

	location ~ /\.ht {
	deny all;
	}

	}

	server {

	client_max_body_size 64M;

	listen 443 ssl spdy;
	server_name localhost;
	root /home/nginx/drupal;

	ssl_certificate /etc/nginx/ssl/localhost.crt;
	ssl_certificate_key /etc/nginx/ssl/localhost.key;

	index index.php;

	charset utf-8;

	location / {
	try_files \$uri \$uri/ /index.php?\$query_string;
	}

	location = /favicon.ico { access_log off; log_not_found off; }
	location = /robots.txt { access_log off; log_not_found off; }

	access_log /var/log/nginx/drupal-access.log;
	error_log /var/log/nginx/drupal-error.log;

	location ~* \.(jpg\|jpeg\|png\|gif\|ico\|css\|js)$ {
	expires 30d;
	add_header Pragma public;
	add_header Cache-Control "public";
	try_files \$uri =404;
	}

	location ~ \.php$ {
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	fastcgi_pass unix:/var/run/php-fpm/php-fpm-global.sock;
	fastcgi_index index.php;
	include fastcgi_params;
	}

	location ~ /\.ht {
	deny all;
	}

	}
	EOF

	ln -s /etc/nginx/sites-available/drupal.conf /etc/nginx/sites-enabled/drupal.conf

	# install drush
	pear channel-discover pear.drush.org
	pear install drush/drush

	# install drupal
	mysql -uroot -p$MYSQL_ROOT_PASSWORD -e "create database $MYSQL_DRUPAL_DB"
	mysql -uroot -p$MYSQL_ROOT_PASSWORD -e "GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES ON $MYSQL_DRUPAL_DB.* TO '$MYSQL_DRUPAL_DB_USER'@'localhost' IDENTIFIED BY '$MYSQL_DRUPAL_DB_PASS'"
	cd /home/nginx
	drush dl drupal --drupal-project-rename=drupal
	cd drupal
	drush site-install standard --db-url="mysql://$MYSQL_DRUPAL_DB_USER:$MYSQL_DRUPAL_DB_PASS@localhost/$MYSQL_DRUPAL_DB" --site-name=Drupal -y
	drush dis overlay -y
	chown -R nginx:nginx /home/nginx/drupal

	# enable and restart services
	systemctl disable httpd
	systemctl enable nginx
	systemctl enable php-fpm
	systemctl enable memcached
	service nginx restart
	service php-fpm restart
	service memcached restart