-
-
Save malkitsingh/9aecc1b2c2ebce6158547cfcd47d156c to your computer and use it in GitHub Desktop.
**Install Node.js** | |
cd ~ | |
curl -sL https://deb.nodesource.com/setup_8.x -o nodesource_setup.sh | |
sudo bash nodesource_setup.sh | |
sudo apt-get install nodejs | |
sudo apt-get install build-essential | |
**Install Nginx** | |
sudo apt-get update | |
sudo apt-get install nginx | |
**Adjust the Firewall** | |
sudo ufw app list -- to list all available apps | |
Nginx Full: This profile opens both port 80 (normal, unencrypted web traffic) and port 443 (TLS/SSL encrypted traffic) | |
Nginx HTTP: This profile opens only port 80 (normal, unencrypted web traffic) | |
Nginx HTTPS: This profile opens only port 443 (TLS/SSL encrypted traffic) | |
sudo ufw allow 'Nginx Full' | |
**Manage the Nginx Process** | |
sudo systemctl stop nginx | |
sudo systemctl start nginx | |
sudo systemctl restart nginx | |
sudo systemctl reload nginx | |
**Set Up Nginx as a Reverse Proxy Server** | |
sudo nano /etc/nginx/sites-available/default | |
. . . | |
location / { | |
proxy_pass http://localhost:8080; | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection 'upgrade'; | |
proxy_set_header Host $host; | |
proxy_cache_bypass $http_upgrade; | |
} | |
} | |
**Check Nginx syntax** | |
sudo nginx -t | |
sudo systemctl restart nginx | |
Installing PhpMyAdmin with Nginx on Ubuntu
Create a directory for PHPMyAdmin and change its ownership to the www-data user.
mkdir /usr/share/phpmyadmin
chown www-data:www-data /usr/share/phpmyadmin
Clone the “STABLE” branch of the PHPMyAdmin GitHub repository into this directory.
cd /usr/share/phpmyadmin
sudo -u www-data -H git clone --depth=1 --branch=STABLE git://github.com/phpmyadmin/phpmyadmin.git .
Do not miss the dot at the end of the Git command.
Edit the desired virtual host file and add the following to it:
location /phpmyadmin {
alias /usr/share/phpmyadmin;
}
location ~ ^/phpmyadmin(.+\.php)$ {
alias /usr/share/phpmyadmin;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/phpmyadmin$1;
include fastcgi_params;
}
location ~ ^/phpmyadmin/(.*\.(eot|otf|woff|ttf|css|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|xls|tar|bmp))$ {
alias /usr/share/phpmyadmin/$1;
expires 30d;
log_not_found off;
access_log off;
}
Make sure these blocks are placed above the other location blocks.
Create a database and grant the necessary privileges to utilize the extra features of PHPMyAdmin like bookmarking and history.
mysql -u root -p
create database phpmyadmin;
CREATE USER 'phpmyadminuser'@'localhost' IDENTIFIED BY 'PhpTough@123';
GRANT ALL PRIVILEGES ON phpmyadmin . * TO 'phpmyadminuser'@'localhost';
FLUSH PRIVILEGES;
Create a config.inc.php file for PHPMyAdmin:
nano /usr/share/phpmyadmin/config.inc.php
Place the following code:
<?php
$i = 0;
$i++;
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['connect_type'] = 'socket';
$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['user'] = '';
$cfg['Servers'][$i]['password'] = '';
$cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
$cfg['Servers'][$i]['controluser'] = 'pmauser';
$cfg['Servers'][$i]['controlpass'] = 'pmapass';
$cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
$cfg['Servers'][$i]['relation'] = 'pma__relation';
$cfg['Servers'][$i]['table_info'] = 'pma__table_info';
$cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
$cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
$cfg['Servers'][$i]['column_info'] = 'pma__column_info';
$cfg['Servers'][$i]['history'] = 'pma__history';
$cfg['Servers'][$i]['recent'] = 'pma__recent';
$cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
$cfg['Servers'][$i]['users'] = 'pma__users';
$cfg['Servers'][$i]['usergroups'] = 'pma__usergroups';
$cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';
$cfg['Servers'][$i]['tracking'] = 'pma__tracking';
$cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
$cfg['Servers'][$i]['designer_coords'] = 'pma__designer_coords';
$cfg['Servers'][$i]['favorite'] = 'pma__favorite';
$cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches';
$cfg['Servers'][$i]['central_columns'] = 'pma__central_columns';
$cfg['DefaultLang'] = 'en';
$cfg['ServerDefault'] = 1;
$cfg['blowfish_secret'] = 'random-secret';
$cfg['ForceSSL'] = false;
?>
Set ForceSSL to true if you have an SSL certificate installed.
Obtain a randomly generated blowfish secret from this website and add it to the blowfish_secret line.
Do an Nginx configuration test and reload if successful:
sudo service nginx configtest
sudo service nginx reload
Access PHPMyAdmin from the web browser:
Configure Cron to periodically check for updates and pull them from GitHub. Edit the cron file of the www-data user.
crontab -u www-data -e
Add the following line:
@daily cd /usr/share/phpmyadmin/ && git pull -q origin STABLE
That’s it, we have installed the latest version of PHPMyAdmin on Nginx and also configured it.
How to fix connect() to php5-fpm.sock failed (13: Permission denied) while connecting to upstream Nginx error
I encountered this problem after updating PHP to 5.5.12. I use Nginx with PHP5 FPM and after the updating PHP I was seeing 502 Gateway Error pages. Nginx’s error log file (/var/log/nginx/error.log) had the following in it:
2014/05/08 06:22:24 [crit] 24538#0: *292759 connect() to unix:/var/run/php5-fpm.sock failed (13: Permission denied) while connecting to upstream, client: 1.1.1.1, server: websistent.com, request: "GET /wordpress-custom-403-401-error-page/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "websistent.com"
The default value of the listen.mode was 0666 prior 5.5.12. To fix the CVE-2014-0185 vulnerability this was changed to 0660. This is evident from the permissions:
$ ls -l /var/run/php5-fpm.sock
srw-rw---- 1 root root 0 May 1 19:40 /var/run/php5-fpm.sock
Notice the first column of the output srw-rw----, it means users/groups other than root do not have any permissions on this file.
We have two options now:
- Explicitly set the “listen.mode” to 0666 which make it insecure, or
- Change the owner and group of the socket file so that Nginx can read/write to it.
Option 2 is highly recommended, find out username used by the Nginx worker processes:
grep 'user' /etc/nginx/nginx.conf
The most common ones are either www-data or nginx. Edit PHP FPM pool configuration file:
/etc/php5/fpm/pool.d/www.conf
Find the following lines:
listen.owner = bob
listen.group = bob
Add the user www-data as a member of secondary group bob
usermod -G bob www-data
Restart the PHP FPM daemon
service php5-fpm restart
Check if the ownership of the socket file has changed
$ ls -l /var/run/php5-fpm.sock
srw-rw---- 1 www-data www-data 0 May 1 22:13 /var/run/php5-fpm.sock
checking which process is running on given port Linux
lsof -i :8000
to kill process running in given port
kill process-id
Some useful Linux commands
To change owner and gropup of file/directory
changes all sub folders too
sudo chown -R username:group directory
changes given folder only
sudo chown username:group directory
The Linux 'unzip' Command
Decompress Single ZIP Files
unzip filename
Decompress Multiple ZIP Files
unzip filename1 filename2 filename3
Exclude Some ZIP Files
unzip filename.zip -x filetoexclude.zip
Extract a ZIP File to a Different Directory
unzip filename.zip -d path/to/extract/to
How to Show the Contents of a Compressed Zip File
unzip -l filename.zip
How to Test If a ZIP File Is Valid
unzip -t filename.zip
Decompress a ZIP File Without Prompting to Overwrite
unzip -n filename.zip
Extract Password-Protected ZIP Files
unzip -P password filename.zip
To compress:
To compress:
zip squash.zip file1 file2 file3
or to zip a directory
zip -r squash.zip dir1
To uncompress:
unzip squash.zip
remove/delete all from directory
rm -rf directoryName
How To Secure Nginx with Let's Encrypt on Ubuntu
Step 1 — Installing Certbot
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
And finally, install Certbot's Nginx package with apt-get
sudo apt-get install python-certbot-nginx
Step 2 — Obtaining an SSL Certificate
sudo certbot --nginx -d example.com -d www.example.com
Step 3 — Verifying Certbot Auto-Renewal
sudo certbot renew --dry-run
How to Change MYSQL Root PASSWORD Ubuntu
mysqladmin -u root -p'oldPassword' password 'newPassword'
installing SuiteCRM
cd /tmp && git clone https://github.com/salesagility/SuiteCRM.git suitecrm
sudo mv suitecrm /var/www/suitecrm/
sudo chown -R www-data:www-data /var/www/suitecrm/
sudo chmod -R 755 /var/www/suitecrm/
composer install
To Setup Crontab
In order to run SuiteCRM Schedulers, edit your web server user's crontab file with this command:
sudo crontab -e -u www-data
... and add the following line to the crontab file:
* * * * * cd /var/www/suitecrm; php -f cron.php > /dev/null 2>&1
You should do this only after the installation is concluded.
Read more about this
https://websiteforstudents.com/install-suitecrm-on-ubuntu-16-04-lts-with-nginx-mariadb-php-7-1-and-lets-encrypt-free-ssl-tls/
Detect web traffic source device
http://detectmobilebrowsers.com/mobile
update system timezone
dpkg-reconfigure tzdata