This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
user_name = node['user']['name'] | |
ssh_key = node['user']['ssh_key'] | |
home = "/home/#{user_name}" | |
user username do | |
shell "/bin/zsh" | |
home home | |
password nil | |
supports :manage_home => true | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
// ... | |
"authorization" : { | |
"sudo" : { | |
"groups" : ["wheel"], | |
"passwordless" : true | |
} | |
}, | |
"run_list":[ | |
"sudo", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
service "sshd" do | |
supports :status => true, :restart => true, :reload => true | |
action [ :enable, :start ] | |
end | |
template "/etc/ssh/sshd_config" do | |
source "sshd_config.erb" | |
owner "root" | |
group "root" | |
notifies :reload, "service[sshd]" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
service "iptables" do | |
supports :status => true, :restart => true, :reload => true | |
action [ :enable, :start ] | |
end | |
template "/etc/sysconfig/iptables" do | |
source "iptables.erb" | |
owner "root" | |
group "root" | |
notifies :reload, "service[iptables]" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
*filter | |
:INPUT DROP [0:0] | |
:FORWARD DROP [0:0] | |
:OUTPUT ACCEPT [0:0] | |
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |
-A INPUT -p icmp -j ACCEPT | |
-A INPUT -i lo -j ACCEPT | |
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT | |
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT | |
COMMIT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 80 default; | |
server_name _; | |
root /var/www/vhosts/default; | |
index index.html index.htm; | |
charset utf-8; | |
access_log /var/log/nginx/default.access.log main; | |
error_log /var/log/nginx/default.error.log; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
location = /favicon.ico { access_log /dev/null; log_not_found off; } | |
#location = /robots.txt { access_log /dev/null; log_not_found off; } | |
location = /apple-touch-icon.png { access_log /dev/null; log_not_found off; } | |
location = /apple-touch-icon-precomposed.png { access_log /dev/null; log_not_found off; } | |
location ~ /\. { deny all; access_log /dev/null; log_not_found off; } | |
location ~* /wp-(config|blog-header)\.php$ { access_log /dev/null; log_not_found off; return 404; } | |
location ~* (readme|readme-[^\.]+)\.(txt|html?)$ { access_log /dev/null; log_not_found off; return 404; } | |
location ~* .*\.(cache|sql|log)$ { access_log /dev/null; log_not_found off; return 404; } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen unix:/var/run/nginx-backend.sock default; | |
server_name _; | |
root /var/www/vhosts/default; | |
index index.php index.html index.htm; | |
access_log /var/log/nginx/default.backend.access.log backend; | |
keepalive_timeout 25; | |
port_in_redirect off; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
include /etc/nginx/drop; | |
##fastcgi_cache start | |
#set $no_cache 0; | |
# | |
## POST requests and urls with a query string should always go to PHP | |
#if ($request_method = POST) { | |
# set $no_cache 1; | |
#} | |
#if ($query_string != "") { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
fastcgi_param QUERY_STRING $query_string; | |
fastcgi_param REQUEST_METHOD $request_method; | |
fastcgi_param CONTENT_TYPE $content_type; | |
fastcgi_param CONTENT_LENGTH $content_length; | |
fastcgi_param SCRIPT_NAME $fastcgi_script_name; | |
fastcgi_param REQUEST_URI $request_uri; | |
fastcgi_param DOCUMENT_URI $document_uri; | |
fastcgi_param DOCUMENT_ROOT $document_root; | |
fastcgi_param SERVER_PROTOCOL $server_protocol; |
OlderNewer