1. sudo apt-get update
2. sudo apt-get install -y apt-transport-https ca-certificates
1. curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
2. sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
3. sudo apt-get update
4. apt-cache policy docker-ce
===========================================
docker-ce:
Installed: (none)
Candidate: 17.03.1~ce-0~ubuntu-xenial
Version table:
17.03.1~ce-0~ubuntu-xenial 500
500 https://download.docker.com/linux/ubuntu xenial/stable amd64 Packages
17.03.0~ce-0~ubuntu-xenial 500
500 https://download.docker.com/linux/ubuntu xenial/stable amd64 Packages
===========================================
5. sudo apt-get install -y docker-ce
6. sudo systemctl status docker
===========================================
docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2016-05-01 06:53:52 CDT; 1 weeks 3 days ago
Docs: https://docs.docker.com
Main PID: 749 (docker)
===========================================
1. sudo usermod -aG docker ${USER}
2. su - ${USER}
3. id -nG
4. sudo usermod -aG docker ubuntu
1. sudo apt-get install gcc libffi-dev python-dev git
2. cd /usr/share
3. sudo git clone https://github.com/letsencrypt/letsencrypt letsencrypt
4. cd /usr/share/letsencrypt
5. sudo ./letsencrypt-auto certonly -a webroot --webroot-path=/var/www/html -d example.com -d www.example.com
6. sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
30 2 * * 1 sudo /usr/share/letsencrypt/letsencrypt-auto renew >> /var/log/letsencrypt-renew.log
35 2 * * 1 sudo systemctl reload nginx
1. sudo apt-get install nginx
2. sudo apt-get install curl
3. sudo ufw app list
===========================================
Available applications:
Nginx Full
Nginx HTTP
Nginx HTTPS
OpenSSH
===========================================
4. Manage Nginx
sudo systemctl stop nginx
sudo systemctl start nginx
sudo systemctl restart nginx
sudo systemctl reload nginx
sudo systemctl disable nginx
sudo systemctl enable nginx
5. systemctl status nginx
===========================================
nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2016-04-18 16:14:00 EDT; 4min 2s ago
Main PID: 12857 (nginx)
CGroup: /system.slice/nginx.service
├─12857 nginx: master process /usr/sbin/nginx -g daemon on; master_process on
└─12858 nginx: worker process
===========================================
6. sudo vi /etc/nginx/sites-available/default
============================================
server {
listen 80;
server_name socialwifihub.com www.socialwifihub.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name example.com www.example.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
location / {
try_files $uri $uri/ =404;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ /.well-known {
allow all;
}
}
===========================================
1. sudo apt-get install supervisor
2. sudo systemctl status supervisor.service
3. sudo supervisorctl reread
4. sudo supervisorctl update
5. sudo vi /etc/supervisor/conf.d/example_gunicorn.conf
===========================================
[program:example_gunicorn]
command = /home/ubuntu/example/venv/bin/gunicorn -w 2 --bind 0.0.0.0:5000 --reload app:app {'X-FORWARDED-PROTOCOL': 'ssl', 'X-FORWARDED-PROTO': 'https', 'X-FORWARDED-SSL': 'on'} --log-file /tmp/gunicorn.log
directory = /home/ubuntu/example/venv/web
user = ubuntu
===========================================
6. sudo supervisorctl
7. sudo supervisorctl stop example_gunicorn
8. sudo supervisorctl start example_gunicorn
1. ab -n 10000 -c 100 https://example.com/
===========================================
This is ApacheBench, Version 2.3 <$Revision: 1757674 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking example.com (be patient)
Completed 1000 requests
Completed 2000 requests
Completed 3000 requests
Completed 4000 requests
Completed 5000 requests
Completed 6000 requests
Completed 7000 requests
Completed 8000 requests
SSL handshake failed (5).
Completed 9000 requests
SSL handshake failed (5).
Completed 10000 requests
Finished 10000 requests
Server Software: nginx/1.10.3
Server Hostname: example.com
Server Port: 443
SSL/TLS Protocol: TLSv1.2,ECDHE-RSA-AES128-GCM-SHA256,2048,128
TLS Server Name: example.com
Document Path: /
Document Length: 428 bytes
Concurrency Level: 100
Time taken for tests: 78.212 seconds
Complete requests: 10000
Failed requests: 2
(Connect: 0, Receive: 0, Length: 2, Exceptions: 0)
Total transferred: 6400000 bytes
HTML transferred: 4280000 bytes
Requests per second: 127.86 [#/sec] (mean)
Time per request: 782.120 [ms] (mean)
Time per request: 7.821 [ms] (mean, across all concurrent requests)
Transfer rate: 79.91 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 546 323.8 532 23312
Processing: 55 223 914.8 189 66957
Waiting: 55 169 80.8 156 1132
Total: 402 769 959.4 729 66957
Percentage of the requests served within a certain time (ms)
50% 729
66% 756
75% 788
80% 814
90% 896
95% 976
98% 1199
99% 1643
100% 66957 (longest request)
===========================================