Last active
March 21, 2016 16:56
-
-
Save gondo/5424949 to your computer and use it in GitHub Desktop.
installing magento on AWS with php54, nginx, varnish
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# file /etc/varnish/default.vcl | |
# This is a basic VCL configuration file for varnish. See the vcl(7) | |
# man page for details on VCL syntax and semantics. | |
# | |
# Default backend definition. Set this to point to your content | |
# server. | |
# | |
#backend default { | |
# .host = "127.0.0.1"; | |
# .port = "80"; | |
#} | |
# | |
# Below is a commented-out copy of the default VCL logic. If you | |
# redefine any of these subroutines, the built-in logic will be | |
# appended to your code. | |
# sub vcl_recv { | |
# if (req.restarts == 0) { | |
# if (req.http.x-forwarded-for) { | |
# set req.http.X-Forwarded-For = | |
# req.http.X-Forwarded-For + ", " + client.ip; | |
# } else { | |
# set req.http.X-Forwarded-For = client.ip; | |
# } | |
# } | |
# if (req.request != "GET" && | |
# req.request != "HEAD" && | |
# req.request != "PUT" && | |
# req.request != "POST" && | |
# req.request != "TRACE" && | |
# req.request != "OPTIONS" && | |
# req.request != "DELETE") { | |
# /* Non-RFC2616 or CONNECT which is weird. */ | |
# return (pipe); | |
# } | |
# if (req.request != "GET" && req.request != "HEAD") { | |
# /* We only deal with GET and HEAD by default */ | |
# return (pass); | |
# } | |
# if (req.http.Authorization || req.http.Cookie) { | |
# /* Not cacheable by default */ | |
# return (pass); | |
# } | |
# return (lookup); | |
# } | |
# | |
# sub vcl_pipe { | |
# # Note that only the first request to the backend will have | |
# # X-Forwarded-For set. If you use X-Forwarded-For and want to | |
# # have it set for all requests, make sure to have: | |
# # set bereq.http.connection = "close"; | |
# # here. It is not set by default as it might break some broken web | |
# # applications, like IIS with NTLM authentication. | |
# return (pipe); | |
# } | |
# | |
# sub vcl_pass { | |
# return (pass); | |
# } | |
# | |
# sub vcl_hash { | |
# hash_data(req.url); | |
# if (req.http.host) { | |
# hash_data(req.http.host); | |
# } else { | |
# hash_data(server.ip); | |
# } | |
# return (hash); | |
# } | |
# | |
# sub vcl_hit { | |
# return (deliver); | |
# } | |
# | |
# sub vcl_miss { | |
# return (fetch); | |
# } | |
# | |
# sub vcl_fetch { | |
# if (beresp.ttl <= 0s || | |
# beresp.http.Set-Cookie || | |
# beresp.http.Vary == "*") { | |
# /* | |
# * Mark as "Hit-For-Pass" for the next 2 minutes | |
# */ | |
# set beresp.ttl = 120 s; | |
# return (hit_for_pass); | |
# } | |
# return (deliver); | |
# } | |
# | |
# sub vcl_deliver { | |
# return (deliver); | |
# } | |
# | |
# sub vcl_error { | |
# set obj.http.Content-Type = "text/html; charset=utf-8"; | |
# set obj.http.Retry-After = "5"; | |
# synthetic {" | |
# <?xml version="1.0" encoding="utf-8"?> | |
# <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" | |
# "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> | |
# <html> | |
# <head> | |
# <title>"} + obj.status + " " + obj.response + {"</title> | |
# </head> | |
# <body> | |
# <h1>Error "} + obj.status + " " + obj.response + {"</h1> | |
# <p>"} + obj.response + {"</p> | |
# <h3>Guru Meditation:</h3> | |
# <p>XID: "} + req.xid + {"</p> | |
# <hr> | |
# <p>Varnish cache server</p> | |
# </body> | |
# </html> | |
# "}; | |
# return (deliver); | |
# } | |
# | |
# sub vcl_init { | |
# return (ok); | |
# } | |
# | |
# sub vcl_fini { | |
# return (ok); | |
# } | |
# Varnish lowbalancing | |
#backend myshop1 { | |
# .host = "127.0.0.1"; | |
# .port = "8080"; | |
#} | |
#backend myshop2 { | |
# .host = "192.168.178.29"; | |
# .port = "8080"; | |
#} | |
#director myshop round-robin { | |
# { | |
# .backend = myshop1; | |
# } | |
# { | |
# .backend = myshop2; | |
# } | |
#} | |
backend default { | |
.host = "127.0.0.1"; | |
.port = "8080"; | |
} | |
backend admin { | |
.host = "127.0.0.1"; | |
.port = "8080"; | |
.first_byte_timeout = 18000s; | |
.between_bytes_timeout = 18000s; | |
} | |
acl purge { | |
"localhost"; | |
"127.0.0.1"; | |
} | |
sub vcl_recv { | |
if (req.restarts == 0) { | |
if (req.http.x-forwarded-for) { | |
set req.http.X-Forwarded-For = | |
req.http.X-Forwarded-For + ", " + client.ip; | |
} else { | |
set req.http.X-Forwarded-For = client.ip; | |
} | |
} | |
if (req.request != "GET" && | |
req.request != "HEAD" && | |
req.request != "PUT" && | |
req.request != "POST" && | |
req.request != "TRACE" && | |
req.request != "OPTIONS" && | |
req.request != "DELETE" && | |
req.request != "PURGE") | |
{ | |
/* Non-RFC2616 or CONNECT which is weird. */ | |
return (pipe); | |
} | |
# purge request | |
if (req.request == "PURGE") { | |
if (!client.ip ~ purge) { | |
error 405 "Not allowed."; | |
} | |
ban("obj.http.X-Purge-Host ~ " + req.http.X-Purge-Host + " && obj.http.X-Purge-URL ~ " + req.http.X-Purge-Regex + " && obj.http.Content-Type ~ " + req.http.X-Purge-Content-Type); | |
#purge; | |
error 200 "Purged."; | |
} | |
# switch to admin backend configuration | |
if (req.http.cookie ~ "adminhtml=") { | |
set req.backend = admin; | |
} | |
# we only deal with GET and HEAD by default | |
if (req.request != "GET" && req.request != "HEAD") { | |
return (pass); | |
} | |
# normalize url in case of leading HTTP scheme and domain | |
set req.url = regsub(req.url, "^http[s]?://[^/]+", ""); | |
# static files are always cacheable. remove SSL flag and cookie | |
if (req.url ~ "^/(media|js|skin)/.*\.(png|jpg|jpeg|gif|css|js|swf|ico)$") { | |
unset req.http.Https; | |
unset req.http.Cookie; | |
} | |
# not cacheable by default | |
if (req.http.Authorization || req.http.Https) { | |
return (pass); | |
} | |
# do not cache any page from | |
# - index files | |
# - ... | |
if (req.url ~ "^/(index)") { | |
return (pass); | |
} | |
# as soon as we have a NO_CACHE cookie pass request | |
if (req.http.cookie ~ "NO_CACHE=") { | |
return (pass); | |
} | |
# normalize Aceept-Encoding header | |
# http://varnish.projects.linpro.no/wiki/FAQ/Compression | |
if (req.http.Accept-Encoding) { | |
if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|swf|flv)$") { | |
# No point in compressing these | |
remove req.http.Accept-Encoding; | |
} elsif (req.http.Accept-Encoding ~ "gzip") { | |
set req.http.Accept-Encoding = "gzip"; | |
} elsif (req.http.Accept-Encoding ~ "deflate" && req.http.user-agent !~ "MSIE") { | |
set req.http.Accept-Encoding = "deflate"; | |
} else { | |
# unkown algorithm | |
remove req.http.Accept-Encoding; | |
} | |
} | |
# remove Google gclid parameters | |
set req.url = regsuball(req.url,"\?gclid=[^&]+$",""); # strips when QS = "?gclid=AAA" | |
set req.url = regsuball(req.url,"\?gclid=[^&]+&","?"); # strips when QS = "?gclid=AAA&foo=bar" | |
set req.url = regsuball(req.url,"&gclid=[^&]+",""); # strips when QS = "?foo=bar&gclid=AAA" or QS = "?foo=bar&gclid=AAA&bar=baz" | |
return (lookup); | |
} | |
# sub vcl_pipe { | |
# # Note that only the first request to the backend will have | |
# # X-Forwarded-For set. If you use X-Forwarded-For and want to | |
# # have it set for all requests, make sure to have: | |
# # set bereq.http.connection = "close"; | |
# # here. It is not set by default as it might break some broken web | |
# # applications, like IIS with NTLM authentication. | |
# return (pipe); | |
# } | |
# | |
# sub vcl_pass { | |
# return (pass); | |
# } | |
# | |
sub vcl_hash { | |
hash_data(req.url); | |
if (req.http.host) { | |
hash_data(req.http.host); | |
} else { | |
hash_data(server.ip); | |
} | |
if (!(req.url ~ "^/(media|js|skin)/.*\.(png|jpg|jpeg|gif|css|js|swf|ico)$")) { | |
call design_exception; | |
} | |
return (hash); | |
} | |
# | |
# sub vcl_hit { | |
# if (!obj.cacheable) { | |
# return (pass); | |
# } | |
# return (deliver); | |
# } | |
# | |
# sub vcl_miss { | |
# return (fetch); | |
# } | |
sub vcl_fetch { | |
if (beresp.status == 500) { | |
set beresp.saintmode = 10s; | |
return (restart); | |
} | |
set beresp.grace = 5m; | |
# add ban-lurker tags to object | |
set beresp.http.X-Purge-URL = req.url; | |
set beresp.http.X-Purge-Host = req.http.host; | |
if (beresp.status == 200 || beresp.status == 301 || beresp.status == 404) { | |
if (beresp.http.Content-Type ~ "text/html" || beresp.http.Content-Type ~ "text/xml") { | |
if ((beresp.http.Set-Cookie ~ "NO_CACHE=") || (beresp.ttl < 1s)) { | |
set beresp.ttl = 0s; | |
return (hit_for_pass); | |
} | |
# marker for vcl_deliver to reset Age: | |
set beresp.http.magicmarker = "1"; | |
# Don't cache cookies | |
unset beresp.http.set-cookie; | |
} else { | |
# set default TTL value for static content | |
set beresp.ttl = 4h; | |
} | |
return (deliver); | |
} | |
return (hit_for_pass); | |
} | |
sub vcl_deliver { | |
# debug info | |
if (resp.http.X-Cache-Debug) { | |
if (obj.hits > 0) { | |
set resp.http.X-Cache = "HIT"; | |
set resp.http.X-Cache-Hits = obj.hits; | |
} else { | |
set resp.http.X-Cache = "MISS"; | |
} | |
set resp.http.X-Cache-Expires = resp.http.Expires; | |
} else { | |
# remove Varnish/proxy header | |
remove resp.http.X-Varnish; | |
remove resp.http.Via; | |
remove resp.http.Age; | |
remove resp.http.X-Purge-URL; | |
remove resp.http.X-Purge-Host; | |
} | |
if (resp.http.magicmarker) { | |
# Remove the magic marker | |
unset resp.http.magicmarker; | |
set resp.http.Cache-Control = "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"; | |
set resp.http.Pragma = "no-cache"; | |
set resp.http.Expires = "Mon, 31 Mar 2008 10:00:00 GMT"; | |
set resp.http.Age = "0"; | |
} | |
} | |
sub design_exception { | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# file /etc/nginx/sites-enabled/domain.tld | |
# Default server block blacklisting all unconfigured access | |
server { | |
listen 8080 default_server; | |
server_name _; | |
return 444; | |
} | |
server { | |
listen 8080; | |
server_name www.domain.tld; | |
root /var/www/domain.tld/public_html/; | |
index index.html index.php; | |
access_log /var/www/domain.tld/logs/access_log; | |
error_log /var/www/domain.tld/logs/error_log; | |
location / { | |
try_files $uri $uri/ @handler; | |
expires 30d; | |
} | |
location /app/ { deny all; } | |
location /includes/ { deny all; } | |
location /lib/ { deny all; } | |
location /media/downloadable/ { deny all; } | |
location /pkginfo/ { deny all; } | |
location /report/config.xml { deny all; } | |
location /var/ { deny all; } | |
location /var/export/ { | |
auth_basic "Restricted"; | |
auth_basic_user_file htpasswd; | |
autoindex on; | |
} | |
location /. { | |
return 404; | |
} | |
location @handler { | |
rewrite / /index.php; | |
} | |
location ~ .php/ { | |
rewrite ^(.*.php)/ $1 last; | |
} | |
location ~ \.php$ { | |
try_files $uri =404; | |
expires off; | |
fastcgi_index index.php; | |
fastcgi_pass 127.0.0.1:9000; | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
include /etc/nginx/fastcgi_params; | |
fastcgi_intercept_errors on; | |
fastcgi_ignore_client_abort off; | |
fastcgi_connect_timeout 60; | |
fastcgi_send_timeout 180; | |
fastcgi_read_timeout 180; | |
} | |
rewrite ^/minify/([0-9]+)(/.*.(js|css))$ /lib/minify/m.php?f=$2&d=$1 last; | |
rewrite ^/skin/m/([0-9]+)(/.*.(js|css))$ /lib/minify/m.php?f=$2&d=$1 last; | |
location /lib/minify/ { | |
allow all; | |
} | |
# Don't log robots.txt requests | |
location = /robots.txt { | |
allow all; | |
access_log off; | |
log_not_found off; | |
} | |
# Deny access to hidden files | |
location ~ /\. { | |
deny all; | |
access_log off; | |
log_not_found off; | |
} | |
} | |
# Redirect all non-www. queries to www. | |
server { | |
listen 8080; | |
server_name domain.tld; | |
rewrite ^ $scheme://www.domain.tld$request_uri? permanent; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# file: /etc/nginx/nginx.conf | |
user nginx; | |
worker_processes 1; | |
error_log /var/log/nginx/error.log; | |
#error_log /var/log/nginx/error.log notice; | |
#error_log /var/log/nginx/error.log info; | |
pid /var/run/nginx.pid; | |
events { | |
worker_connections 1024; | |
multi_accept on; | |
use epoll; | |
} | |
http { | |
include /etc/nginx/mime.types; | |
default_type application/octet-stream; | |
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | |
'$status $body_bytes_sent "$http_referer" ' | |
'"$http_user_agent" "$http_x_forwarded_for"'; | |
access_log /var/log/nginx/access.log main; | |
server_tokens off; | |
sendfile on; | |
tcp_nopush on; | |
keepalive_timeout 65; | |
gzip on; | |
gzip_static on; | |
gzip_disable "msie6"; | |
gzip_vary on; | |
gzip_proxied any; | |
gzip_comp_level 6; | |
gzip_min_length 512; | |
gzip_buffers 16 8k; | |
gzip_http_version 1.1; | |
gzip_types text/css text/javascript text/xml text/plain text/x-component | |
application/javascript application/x-javascript application/json | |
application/xml application/rss+xml font/truetype application/x-font-ttf | |
font/opentype application/vnd.ms-fontobject image/svg+xml; | |
include /etc/nginx/conf.d/*.conf; | |
include /etc/nginx/sites-enabled/*; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
yum remove java-1.6.0-openjdk -y | |
yum install java-1.7.0-openjdk -y | |
#downloading master from github fails installation. we have to download specific version | |
wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-0.20.6.tar.gz -O elasticsearch.tar.gz | |
tar -xf elasticsearch.tar.gz | |
rm -f elasticsearch.tar.gz | |
mv elasticsearch-* elasticsearch | |
sudo mv elasticsearch /usr/local/share | |
curl -L http://github.com/elasticsearch/elasticsearch-servicewrapper/tarball/master | tar -xz | |
mv *servicewrapper*/service /usr/local/share/elasticsearch/bin/ | |
rm -rf *servicewrapper* | |
sudo /usr/local/share/elasticsearch/bin/service/elasticsearch install | |
#ES plugins | |
cd /usr/local/share/elasticsearch/ | |
bin/plugin -install lukas-vlcek/bigdesk | |
bin/plugin -install mobz/elasticsearch-head | |
bin/plugin -install elasticsearch/elasticsearch-cloud-aws/1.11.0 | |
bin/plugin -install de.spinscale/elasticsearch-plugin-suggest/0.20.5-0.5 | |
sudo service elasticsearch start | |
sudo chkconfig elasticsearch on | |
#test. give it a while to start | |
#curl http://localhost:9200 | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
yum update | |
yum install php54-fpm php54-mysql php54-pdo php54-mcrypt php54-gd php54-soap php54-xml | |
# currently php54-pecl-apc depends on php5.3-common even though php54-common is installed (above) | |
yum install php54-pecl-apc --skip-broken | |
yum install mysql | |
yum install varnish | |
yum install nginx | |
yum install git |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment