Skip to content

Instantly share code, notes, and snippets.

View kokuyouwind's full-sized avatar

kokuyouwind kokuyouwind

20 followers · 2 following
View GitHub Profile
@kokuyouwind
kokuyouwind / 01_create_user.rb
Last active August 29, 2015 14:02
ConoHa VPS Setup Recipes 01
user_name = node['user']['name']
ssh_key = node['user']['ssh_key']
home = "/home/#{user_name}"
user username do
shell "/bin/zsh"
home home
password nil
supports :manage_home => true
end
@kokuyouwind
kokuyouwind / 02_wheel_nopassword.json
Last active August 29, 2015 14:02
{
// ...
"authorization" : {
"sudo" : {
"groups" : ["wheel"],
"passwordless" : true
}
},
"run_list":[
"sudo",
@kokuyouwind
kokuyouwind / 03_sshd.rb
Created June 7, 2014 05:04
service "sshd" do
supports :status => true, :restart => true, :reload => true
action [ :enable, :start ]
end
template "/etc/ssh/sshd_config" do
source "sshd_config.erb"
owner "root"
group "root"
notifies :reload, "service[sshd]"
@kokuyouwind
kokuyouwind / 04_iptables.rb
Last active August 29, 2015 14:02
service "iptables" do
supports :status => true, :restart => true, :reload => true
action [ :enable, :start ]
end
template "/etc/sysconfig/iptables" do
source "iptables.erb"
owner "root"
group "root"
notifies :reload, "service[iptables]"
@kokuyouwind
kokuyouwind / 04_iptables.erb
Created June 7, 2014 05:18
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
COMMIT
@kokuyouwind
kokuyouwind / default.conf
Created June 8, 2014 10:19
server {
listen 80 default;
server_name _;
root /var/www/vhosts/default;
index index.html index.htm;
charset utf-8;
access_log /var/log/nginx/default.access.log main;
error_log /var/log/nginx/default.error.log;
@kokuyouwind
kokuyouwind / drop
Created June 8, 2014 11:06
location = /favicon.ico { access_log /dev/null; log_not_found off; }
#location = /robots.txt { access_log /dev/null; log_not_found off; }
location = /apple-touch-icon.png { access_log /dev/null; log_not_found off; }
location = /apple-touch-icon-precomposed.png { access_log /dev/null; log_not_found off; }
location ~ /\. { deny all; access_log /dev/null; log_not_found off; }
location ~* /wp-(config|blog-header)\.php$ { access_log /dev/null; log_not_found off; return 404; }
location ~* (readme|readme-[^\.]+)\.(txt|html?)$ { access_log /dev/null; log_not_found off; return 404; }
location ~* .*\.(cache|sql|log)$ { access_log /dev/null; log_not_found off; return 404; }
@kokuyouwind
kokuyouwind / default.backend.conf
Created June 21, 2014 06:27
server {
listen unix:/var/run/nginx-backend.sock default;
server_name _;
root /var/www/vhosts/default;
index index.php index.html index.htm;
access_log /var/log/nginx/default.backend.access.log backend;
keepalive_timeout 25;
port_in_redirect off;
@kokuyouwind
kokuyouwind / wp-singlesite
Created June 21, 2014 06:44
include /etc/nginx/drop;
##fastcgi_cache start
#set $no_cache 0;
#
## POST requests and urls with a query string should always go to PHP
#if ($request_method = POST) {
# set $no_cache 1;
#}
#if ($query_string != "") {
@kokuyouwind
kokuyouwind / fastcgi_params
Created June 21, 2014 07:12
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;