Skip to content

Instantly share code, notes, and snippets.

@faffyman
Created October 1, 2014 20:47
Show Gist options
  • Save faffyman/2de92857e6ff11f07280 to your computer and use it in GitHub Desktop.
Save faffyman/2de92857e6ff11f07280 to your computer and use it in GitHub Desktop.
Server Provisioning Recipe
# Update packages
apt-get update
apt-get upgrade -y
# Add A Few PPAs To Stay Current
apt-get install -y software-properties-common
apt-add-repository ppa:nginx/stable -y
apt-add-repository ppa:rwky/redis -y
apt-add-repository ppa:chris-lea/node.js -y
apt-add-repository ppa:ondrej/php5-5.6 -y
apt-get update
# Add some common packages
apt-get install -y build-essential curl fail2ban gcc git libmcrypt4 libpcre3-dev \
make python-pip supervisor ufw unattended-upgrades unzip whois zsh
# Set the server timezone
ln -sf /usr/share/zoneinfo/Europe/London /etc/localtime
# Set the server's SSH key
ssh-keygen -f ~/.ssh/id_rsa -t rsa -N ''
# Now Add Github And Bitbucket Public Keys to known_hosts
ssh-keyscan -H github.com >> ~/.ssh/known_hosts
ssh-keyscan -H bitbucket.org >> ~/.ssh/known_hosts
# Allow Unattended Upgrades
# Security Upgrades
cat > /etc/apt/apt.conf.d/50unattended-upgrades << EOF
Unattended-Upgrade::Allowed-Origins {
"Ubuntu trusty-security";
};
Unattended-Upgrade::Package-Blacklist {
//
};
EOF
# Periodic Package Upgrades
cat > /etc/apt/apt.conf.d/10periodic << EOF
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
EOF
# Setup UFW Firewall
ufw allow 22
ufw allow 80
ufw allow 443
ufw --force enable
# Install PHP with FPM, MySQL support, Curl, Caching, mcrypt and JSON
apt-get install -y php5-cli php5-dev php-pear \
php5-mysqlnd php5-pgsql php5-sqlite \
php5-apcu php5-json php5-curl php5-dev php5-gd \
php5-gmp php5-imap php5-mcrypt php5-memcached php5-xdebug
# include the mcrypt module
ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt
# Restart NGINX
sudo service nginx restart
# Install Composer and make it globally accessible
curl -sS https://getcomposer.org/installer | php
mv composer.phar /usr/local/bin/composer
# Modify php.ini file to change error reporting settings, memory limits and timezone
sudo sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php5/cli/php.ini
sudo sed -i "s/display_errors = .*/display_errors = On/" /etc/php5/cli/php.ini
sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php5/cli/php.ini
sudo sed -i "s/;date.timezone.*/date.timezone = Europe\/Dublin/" /etc/php5/cli/php.ini
# Install Nginx & PHP-FPM
apt-get install -y nginx php5-fpm
# Disable The Default Nginx Site
rm /etc/nginx/sites-enabled/default
rm /etc/nginx/sites-available/default
service nginx restart
# Modify FPM php.ini
sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php5/fpm/php.ini
sed -i "s/display_errors = .*/display_errors = On/" /etc/php5/fpm/php.ini
sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/" /etc/php5/fpm/php.ini
sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php5/fpm/php.ini
sed -i "s/;date.timezone.*/date.timezone = Europe\/Dublin/" /etc/php5/fpm/php.ini
sed -i "s/\;session.save_path = .*/session.save_path = \"\/var\/lib\/php5\/sessions\"/" /etc/php5/fpm/php.ini
# Set a Catch-All VHOST to always return 404
cat > /etc/nginx/sites-available/catch-all << EOF
server {
return 404;
}
EOF
ln -s /etc/nginx/sites-available/catch-all /etc/nginx/sites-enabled/catch-all
# Restart Nginx & PHP-FPM Services
service php5-fpm restart
service nginx restart
# Set MySQL root password
debconf-set-selections <<< "mysql-server mysql-server/root_password password root"
debconf-set-selections <<< "mysql-server mysql-server/root_password_again password root"
# Install MySQL server
apt-get install -y mysql-server
# Install & Configure Memcached
apt-get install -y memcached
sed -i 's/-l 127.0.0.1/-l 0.0.0.0/' /etc/memcached.conf
service memcached restart
# Add Actual vhost and enable it
cat > /etc/nginx/sites-available/MYSITE << EOF
server {
listen 80 default_server;
root /var/www/home/MYSITE/public;
index index.php app.php ;
# Make site accessible from http://localhost/
server_name localhost www.MYSITE.com;
# set expiration of assets to MAX for caching
location ~* \.(ico|css|js|gif|jpe?g|png)(\?[0-9]+)?$ {
expires max;
log_not_found off;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
root /var/www/home/MYSITE/public;
try_files $uri =404;
# NOTE: You should have "cgi.fix_pathinfo = 1;" in php.ini
# With php5-fpm:
include fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param REMOTE_ADDR $http_x_forwarded_for;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# send bad requests to 404
fastcgi_intercept_errors on;
# see http://wiki.nginx.org/HttpFastcgiModule#.24fastcgi_script_name
fastcgi_param SCRIPT_FILENAME /var/www/home/MYSITE/public$fastcgi_script_name;
}
}
EOF
ln -s /etc/nginx/sites-available/MYSITE /etc/nginx/sites-enabled/MYSITE
# Restart Nginx & PHP-FPM Services
service php5-fpm restart
service nginx restart
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment