Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
LEMP provider scripts
#!/bin/bash -ex
GITLABUSER=oanhnn
SSHUSER=oanhnn
addgroup dev
adduser --disabled-password --ingroup dev $SSHUSER
usermod -aG sudo $SSHUSER
mkdir -p /home/$SSHUSER/.ssh
wget -q -O /home/$SSHUSER/.ssh/authorized_keys https://gitlab.com/$GITLABUSER.keys
chown -R $SSHUSER:dev /home/$SSHUSER/.ssh
chmod 755 /home/$SSHUSER/.ssh
find /home/$SSHUSER/.ssh -type d -exec chmod 755 {} \;
find /home/$SSHUSER/.ssh -type f -exec chmod 600 {} \;
# update
yum update -y
yum install -y git wget curl gcc gcc-cc++ make
# install NGINX
amazon-linux-extras install -y nginx1.12
yum install -y nginx
systemctl enable nginx
systemctl start nginx
# install Redis
amazon-linux-extras install -y redis4.0
yum install -y redis
systemctl enable redis
systemctl start redis
# install MySQL server 5.7.x
yum localinstall -y https://dev.mysql.com/get/mysql80-community-release-el7-1.noarch.rpm
yum-config-manager --disable mysql80-community
yum-config-manager --enable mysql57-community
yum install -y mysql-community-server
systemctl enable mysqld
systemctl start mysqld
# install NodeJS
curl -sL https://rpm.nodesource.com/setup_10.x | bash -
yum install -y nodejs
npm install -y -g laravel-echo-server
# install PHP7.2
amazon-linux-extras install -y php7.2
yum install -y php-bcmath php-cli php-fpm php-gd php-intl php-json php-mbstring php-mysqlnd php-opcache php-pdo php-pecl-zip php-xml
sed -i 's|;*expose_php=.*|expose_php=0|g' /etc/php.ini
sed -i 's|;*memory_limit = 128M|memory_limit = 512M|g' /etc/php.ini
sed -i 's|;*post_max_size = 8M|post_max_size = 50M|g' /etc/php.ini
sed -i 's|;*upload_max_filesize = 2M|upload_max_filesize = 10M|g' /etc/php.ini
sed -i 's|;*max_file_uploads = 20|max_file_uploads = 20|g' /etc/php.ini
sed -i 's|;*opcache.memory_consumption=128|opcache.memory_consumption=256|g' /etc/php.d/10-opcache.ini
sed -i 's|;*opcache.interned_strings_buffer=8|opcache.interned_strings_buffer=16|g' /etc/php.d/10-opcache.ini
sed -i 's|;*opcache.max_accelerated_files=4000|opcache.max_accelerated_files=10000|g' /etc/php.d/10-opcache.ini
sed -i 's|;*opcache.max_wasted_percentage=5|opcache.max_wasted_percentage=10|g' /etc/php.d/10-opcache.ini
sed -i 's|;*opcache.validate_timestamps=1|opcache.validate_timestamps=1|g' /etc/php.d/10-opcache.ini
sed -i 's|;*opcache.revalidate_freq=2|opcache.revalidate_freq=60|g' /etc/php.d/10-opcache.ini
sed -i 's|;*opcache.fast_shutdown=0|opcache.fast_shutdown=0|g' /etc/php.d/10-opcache.ini
# install Composer
if [[ "$HOME" == "" ]]; then
export COMPOSER_HOME=/root
fi
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php composer-setup.php --quiet --install-dir=/usr/local/bin/ --filename=composer
rm -f composer-setup.php
# install some PECL packages
yum install -y php-devel php-pear ImageMagick-devel ImageMagick
pecl channel-update pecl.php.net
pecl install imagick redis xdebug
echo 'extension=imagick.so' > /etc/php.d/20-imagick.ini
echo 'extension=redis.so' > /etc/php.d/20-redis.ini
yum remove -y php-devel php-pear ImageMagick-devel
systemctl start php-fpm
systemctl enable php-fpm
# install wkhtmltopdf
yum localinstall -y https://github.com/wkhtmltopdf/wkhtmltopdf/releases/download/0.12.5/wkhtmltox-0.12.5-1.centos7.x86_64.rpm
mkdir -p /var/www/html
usermod -a -G apache $SSHUSER
chown -R $SSHUSER:apache /var/www
chmod 2775 /var/www
find /var/www -type d -exec chmod 2775 {} \;
find /var/www -type f -exec chmod 0664 {} \;
#!/bin/bash -ex
DEBIAN_FRONTEND=noninteractive
GITLABUSER=oanhnn
SSHUSER=oanhnn
# update
apt update -y
apt upgrade -y
apt autoremove -y
apt install -y git wget curl gcc g++ make
# add user
addgroup dev
adduser --disabled-password --ingroup dev $SSHUSER
usermod -aG sudo $SSHUSER
usermod -aG www-data $SSHUSER
mkdir -p /home/$SSHUSER/.ssh
wget -q -O /home/$SSHUSER/.ssh/authorized_keys https://gitlab.com/$GITLABUSER.keys
chown -R $SSHUSER:dev /home/$SSHUSER/.ssh
chmod 755 /home/$SSHUSER/.ssh
find /home/$SSHUSER/.ssh -type d -exec chmod 755 {} \;
find /home/$SSHUSER/.ssh -type f -exec chmod 600 {} \;
# install NGINX
apt install -y nginx
systemctl enable nginx
systemctl start nginx
# install Redis
apt install -y redis
systemctl enable redis-server
systemctl start redis-server
# install mariadb server 5.7.x
apt install -y mysql-server
systemctl enable mysql
systemctl start mysql
# install NodeJS
curl -sL https://deb.nodesource.com/setup_10.x | bash -
apt install -y nodejs
npm install -y -g laravel-echo-server
# install PHP
apt install -y php7.2-bcmath php7.2-cli php7.2-fpm php7.2-gd php7.2-intl php7.2-json php7.2-mbstring php7.2-mysql php7.2-opcache php7.2-zip php7.2-xml php7.2-redis php7.2-imagick
sed -i 's|;cgi.fix_pathinfo=1|cgi.fix_pathinfo=0|g' /etc/php/7.2/fpm/php.ini
sed -i 's|;*expose_php=.*|expose_php=0|g' /etc/php/7.2/fpm/php.ini
#sed -i 's|;*memory_limit = 128M|memory_limit = 512M|g' /etc/php/7.2/fpm/php.ini
sed -i 's|;*post_max_size = 8M|post_max_size = 50M|g' /etc/php/7.2/fpm/php.ini
sed -i 's|;*upload_max_filesize = 2M|upload_max_filesize = 10M|g' /etc/php/7.2/fpm/php.ini
sed -i 's|;*max_file_uploads = 20|max_file_uploads = 20|g' /etc/php/7.2/fpm/php.ini
systemctl enable php7.2-fpm
systemctl start php7.2-fpm
# install Composer
if [[ "$HOME" == "" ]]; then
export COMPOSER_HOME=/root
fi
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php composer-setup.php --quiet --install-dir=/usr/local/bin/ --filename=composer
rm -f composer-setup.php
# firewall
ufw allow ssh
ufw allow http
ufw allow https
#ufw enable
# www dir
mkdir -p /var/www/html
chown -R $SSHUSER:www-data /var/www
chmod 2775 /var/www
#!/bin/bash -ex
ES_VERSION="6.7.0"
# Get Elastic Search package
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-oss-${ES_VERSION}.deb
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-oss-${ES_VERSION}.deb.sha512
# checksum
shasum -a 512 -c elasticsearch-oss-${ES_VERSION}.deb.sha512
# Install Elastic Search
dpkg -i elasticsearch-oss-${ES_VERSION}.deb
rum elasticsearch-oss-${ES_VERSION}.deb
# Enable and start Elastic Search service
systemctl daemon-reload
systemctl enable elasticsearch.service
systemctl start elasticsearch.service
# Enable Firewall
ufw allow elasticsearch
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment