meigwilym/example.conf

## example.conf
server {

  # certbot uses this to verify the SSL request
  location ^~ /.well-known/acme-challenge/ {
    default_type "text/plain";
    root /var/www/letsencrypt;
  }
}

## log.md

      
    Raw
  

              log.md
            
          
    Here are commands I picked out from history after installing Wordpress on two CentOS7 DigitalOcean droplet.
nginx-php-fpm.sh installs NginX, PHP7.2 (running as a PHP-FPM process) and Memcached.
I find Memcached an absolute requirement for modern WP installs. I had the admin pages taking 15 - 25 seconds to load before installing the Memcached server with the Memcached Redux plugin.
mysql-57.sh installs MySQL5.7 on a separate database server.
To configure the MySQL server to listen to outside requests, add
bind-address = X.X.X.X

to /etc/my.cnf, substituting the MySQL server's IP address.
Files


nginx-php-fpm.sh
mysql-57.sh


## mysql-57.sh
# recommend to set up with this tutorial first
# https://www.digitalocean.com/community/tutorials/initial-server-setup-with-centos-7
# then https://serverfault.com/a/160587
# https://www.digitalocean.com/community/tutorials/additional-recommended-steps-for-new-centos-7-servers

yum update -y
yum install wget unzip -y

# install mysql5.7.
# get the latest version from https://dev.mysql.com/downloads/repo/yum/
wget https://dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm
rpm -ivh mysql57-community-release-el7-11.noarch.rpm
yum install mysql-server -y
systemctl start mysqld
systemctl enable mysqld
echo "Here's the temporary password needed to run mysql_secure_installation: "
grep 'temporary password' /var/log/mysqld.log
echo ""

# automysqlbackup
wget https://github.com/meigwilym/AutoMySQLBackup/archive/master.zip
unzip master.zip
cd AutoMySQLBackup-master/
./install.sh

# finished
echo "Now run mysql_secure_installation,"
echo "configure your /etc/automysqlbackup/myserver.conf file,"
echo "then add automysqlbackup to crontab."
echo "E.g. to run every day at 2am"
echo "0 2 * * * /usr/local/bin/automysqlbackup \"/etc/automysqlbackup/myserver.conf\""

## nginx-php-fpm.sh
# Centos 7
# install nginx, php 7.2 and memcached
# install certbot for ssl

# recommend to set up with this tutorial first
# https://www.digitalocean.com/community/tutorials/initial-server-setup-with-centos-7
# then https://serverfault.com/a/160587
# https://www.digitalocean.com/community/tutorials/additional-recommended-steps-for-new-centos-7-servers

yum update -y
yum install -y epel-release vim yum-utils htop sed

yum install nginx -y
systemctl start nginx
systemctl enable nginx

yum install memcached -y
systemctl start memcached
systemctl enable memcached

yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum install php php-mcrypt php-cli php-gd php-curl php-pdo php-mysql php-ldap php-zip php-fileinfo php-mbstring php-memcached php-fpm php-soap php-pear php-xml -y

# PHP config
sed -i -e "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g" /etc/php.ini
sed -i -e "s/upload_max_filesize\s*=\s*2M/upload_max_filesize = 20M/g" /etc/php.ini
sed -i -e "s/post_max_size\s*=\s*8M/post_max_size = 20M/g" /etc/php.ini

# PHP-FPM config
sed -i -e "s/listen = 127.0.0.1:9000/listen = \/var\/run\/php-fpm\/php-fpm.sock/g" /etc/php-fpm.d/www.conf
sed -i -e "s/listen.owner = www-data/listen.owner = nginx/g" /etc/php-fpm.d/www.conf
sed -i -e "s/listen.group = www-data/listen.group = nginx/g" /etc/php-fpm.d/www.conf
sed -i -e "s/user = www-data/user = nginx/g" /etc/php-fpm.d/www.conf
sed -i -e "s/group = www-data/group = nginx/g" /etc/php-fpm.d/www.conf

systemctl start php-fpm
systemctl enable php-fpm

yum install certbot-nginx
mkdir -p /var/www/letsencrypt/.well-known/acme-challenge        # this will need an entry in the nginx conf file for the domain
# certbot -d example.com

# SELinux settings
setsebool -P httpd_can_network_connect 1
setsebool -P httpd_can_network_connect_db 1                     # let nginx connect to remote db

chcon -Rt httpd_sys_rw_content_t /var/www/example.com/htdocs   # nginx can write to all files. Suggest to keep to wp-content/uploads only
	server {

	# certbot uses this to verify the SSL request
	location ^~ /.well-known/acme-challenge/ {
	default_type "text/plain";
	root /var/www/letsencrypt;
	}
	}
	# recommend to set up with this tutorial first
	# https://www.digitalocean.com/community/tutorials/initial-server-setup-with-centos-7
	# then https://serverfault.com/a/160587
	# https://www.digitalocean.com/community/tutorials/additional-recommended-steps-for-new-centos-7-servers

	yum update -y
	yum install wget unzip -y

	# install mysql5.7.
	# get the latest version from https://dev.mysql.com/downloads/repo/yum/
	wget https://dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm
	rpm -ivh mysql57-community-release-el7-11.noarch.rpm
	yum install mysql-server -y
	systemctl start mysqld
	systemctl enable mysqld
	echo "Here's the temporary password needed to run mysql_secure_installation: "
	grep 'temporary password' /var/log/mysqld.log
	echo ""

	# automysqlbackup
	wget https://github.com/meigwilym/AutoMySQLBackup/archive/master.zip
	unzip master.zip
	cd AutoMySQLBackup-master/
	./install.sh

	# finished
	echo "Now run mysql_secure_installation,"
	echo "configure your /etc/automysqlbackup/myserver.conf file,"
	echo "then add automysqlbackup to crontab."
	echo "E.g. to run every day at 2am"
	echo "0 2 * * * /usr/local/bin/automysqlbackup \"/etc/automysqlbackup/myserver.conf\""
	# Centos 7
	# install nginx, php 7.2 and memcached
	# install certbot for ssl

	# recommend to set up with this tutorial first
	# https://www.digitalocean.com/community/tutorials/initial-server-setup-with-centos-7
	# then https://serverfault.com/a/160587
	# https://www.digitalocean.com/community/tutorials/additional-recommended-steps-for-new-centos-7-servers

	yum update -y
	yum install -y epel-release vim yum-utils htop sed

	yum install nginx -y
	systemctl start nginx
	systemctl enable nginx

	yum install memcached -y
	systemctl start memcached
	systemctl enable memcached

	yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
	yum install php php-mcrypt php-cli php-gd php-curl php-pdo php-mysql php-ldap php-zip php-fileinfo php-mbstring php-memcached php-fpm php-soap php-pear php-xml -y

	# PHP config
	sed -i -e "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g" /etc/php.ini
	sed -i -e "s/upload_max_filesize\s=\s2M/upload_max_filesize = 20M/g" /etc/php.ini
	sed -i -e "s/post_max_size\s=\s8M/post_max_size = 20M/g" /etc/php.ini

	# PHP-FPM config
	sed -i -e "s/listen = 127.0.0.1:9000/listen = \/var\/run\/php-fpm\/php-fpm.sock/g" /etc/php-fpm.d/www.conf
	sed -i -e "s/listen.owner = www-data/listen.owner = nginx/g" /etc/php-fpm.d/www.conf
	sed -i -e "s/listen.group = www-data/listen.group = nginx/g" /etc/php-fpm.d/www.conf
	sed -i -e "s/user = www-data/user = nginx/g" /etc/php-fpm.d/www.conf
	sed -i -e "s/group = www-data/group = nginx/g" /etc/php-fpm.d/www.conf

	systemctl start php-fpm
	systemctl enable php-fpm

	yum install certbot-nginx
	mkdir -p /var/www/letsencrypt/.well-known/acme-challenge # this will need an entry in the nginx conf file for the domain
	# certbot -d example.com

	# SELinux settings
	setsebool -P httpd_can_network_connect 1
	setsebool -P httpd_can_network_connect_db 1 # let nginx connect to remote db

	chcon -Rt httpd_sys_rw_content_t /var/www/example.com/htdocs # nginx can write to all files. Suggest to keep to wp-content/uploads only