Last active
March 11, 2019 16:49
-
-
Save h3nr1ke/11c7fc572a6c725d159aab2c0e954f57 to your computer and use it in GitHub Desktop.
Command to setup a new NGINX PHP server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#== Criacao de servidor NGINX + PHP == | |
apt-get update | |
apt-get install nginx | |
apt-get install unzip | |
sudo ufw allow 'Nginx HTTP' | |
sudo nano /etc/nginx/nginx.conf | |
### add | |
# server_tokens off; | |
apt-get install php-fpm php-mysql php-gd | |
nano /etc/php/7.0/fpm/php.ini | |
# change | |
;cgi.fix_pathinfo=1 | |
#to | |
cgi.fix_pathinfo=0 | |
# add | |
expose_php = Off | |
mkdir /var/www/yoursite.com | |
# copy all files to the new folder | |
chown -R www-data:www-data /var/www/yoursite.com | |
# create the new configuration files inside nginx | |
## | |
# You should look at the following URL's in order to grasp a solid understanding | |
# of Nginx configuration files in order to fully unleash the power of Nginx. | |
# http://wiki.nginx.org/Pitfalls | |
# http://wiki.nginx.org/QuickStart | |
# http://wiki.nginx.org/Configuration | |
# | |
# Generally, you will want to move this file somewhere, and start with a clean | |
# file but keep this around for reference. Or just disable in sites-enabled. | |
# | |
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. | |
## | |
# Upstream to abstract backend connection(s) for php | |
upstream php { | |
server unix:/run/php/php7.0-fpm.sock; | |
#server 127.0.0.1:9000; | |
} | |
# Default server configuration | |
# | |
------------------------------------------------------------------------- | |
# Upstream to abstract backend connection(s) for php | |
upstream php { | |
server unix:/run/php/php7.0-fpm.sock; | |
#server 127.0.0.1:9000; | |
} | |
# Default server configuration | |
server { | |
listen 80 ; # you may add default_server | |
listen [::]:80 ; # you may add default_server | |
root /var/www/yoursite.com; | |
# Add index.php to the list if you are using PHP | |
index index.php index.html index.htm index.nginx-debian.html; | |
server_name yoursite.com www.yoursite.com; | |
location = /robots.txt { | |
allow all; | |
log_not_found off; | |
access_log off; | |
} | |
location / { | |
# This is cool because no php is touched for static content. | |
# include the "?$args" part so non-default permalinks doesn't break when using query string | |
try_files $uri $uri/ /index.php?$args; | |
} | |
location ~ \.php$ { | |
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini | |
include fastcgi.conf; | |
fastcgi_intercept_errors on; | |
fastcgi_pass php; | |
} | |
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { | |
expires max; | |
log_not_found off; | |
} | |
} | |
------------------------------------------------------------------------- | |
# install certbot to manage the ssl certs | |
sudo apt-get update | |
sudo apt-get install software-properties-common | |
sudo add-apt-repository universe | |
sudo add-apt-repository ppa:certbot/certbot | |
sudo apt-get update | |
sudo apt-get install python-certbot-nginx | |
sudo certbot --nginx | |
# add cron to renew | |
crontab -e | |
# renew every month | |
30 2 28 * * certbot renew --dry-run >> /var/log/le-renew.log | |
# pactoes php | |
sudo apt-get install php-dom | |
# restart just in case | |
service php7.0-fpm restart | |
service nginx restart | |
#https://www.techbrown.com/hide-server-signature-nginx-php-version-linux/ | |
#https://www.techrepublic.com/article/how-to-harden-ubuntu-server-16-04-security-in-five-steps/ | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment