Skip to content

Instantly share code, notes, and snippets.

@peter279k

peter279k/nginx-default

Last active December 15, 2020 11:38
Show Gist options
  • Save peter279k/cab67ba6207ec291747cc3cc6071a519 to your computer and use it in GitHub Desktop.
Save peter279k/cab67ba6207ec291747cc3cc6071a519 to your computer and use it in GitHub Desktop.
Download ZIP
The customized Packaggist mirror installer
Raw
nginx-default
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html/public;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
gzip_static on;
gunzip on;
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.git {
deny all;
}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
Raw
nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 4096;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_static on;
gunzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
Raw
packagist_mirror_installer.sh
#!/bin/bash
green_color='\e[0;32m'
red_color='\e[0;31m'
rest_color='\e[0m'
echo -e "${green_color}Install Packagist Mirror has been started...${rest_color}"
echo -e "${green_color}Note: This Bash Script is avaialble for Ubuntu 18.04 and Ubuntu 20.04 on 'host' at this moment...${rest_color}"
echo -e "${green_color}To install the mirror as well, It recommends using clean Linux Ubuntu distributions...${rest_color}"
sudo_prefix="sudo "
if [[ ${USER} == "root" ]]; then
sudo_prefix=""
else
echo -e "${red_color}Don't forget to setup ${USER} having the sudo privilege...${rest_color}"
fi;
${sudo_prefix} apt-get update
${sudo_prefix} apt-get install -y software-properties-common locales wget gzip curl git cron tzdata ufw
echo "deb http://ppa.launchpad.net/ondrej/php/ubuntu $(lsb_release -sc) main" | ${sudo_prefix}tee /etc/apt/sources.list.d/ondrej.list
echo "deb-src http://ppa.launchpad.net/ondrej/php/ubuntu $(lsb_release -sc) main" | ${sudo_prefix}tee -a /etc/apt/sources.list.d/ondrej.list
${sudo_prefix}apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 14AA40EC0831756756D7F66C4F4EA0AAE5267A6C
${sudo_prefix}apt-get update
${sudo_prefix}apt-get install -y apt-transport-https git apt-utils php7.3-cli php7.3-curl php7.3-zip zip unzip php7.3-json php7.3-mbstring
${sudo_prefix}apt-get install -y php7.3-xml php7.3-dom php7.3-xsl php7.3-fpm nginx
echo -e "${green_color}Enabling Nginx service on background...${rest_color}"
${sudo_prefix}systemctl enable --now nginx
${sudo_prefix}systemctl start nginx
echo -e "${green_color}Enabling Cron service on background...${rest_color}"
${sudo_prefix}systemctl enable --now cron
${sudo_prefix}systemctl start cron
${sudo_prefix}ufw status | grep inactive
if [[ $? != 0 ]]; then
${sudo_prefix}ufw allow http
else
echo -e "${red_color}I strong recommend enabling ufw to protect your Server...${rest_color}"
fi;
echo -e "${green_color}Setup system locale setting...${rest_color}"
${sudo_prefix}locale-gen "en_US.UTF-8"
echo 'LC_ALL="en_US.UTF-8"' | ${sudo_prefix}tee /etc/default/locale
echo 'LANG="en_US.UTF-8"' | ${sudo_prefix}tee /etc/default/locale
echo -e "${green_color}Setup system timezone with interactive...${rest_color}"
${sudo_prefix}dpkg-reconfigure tzdata
read -p "Please inpput current hostname: " host_name
if [[ ${host_name} == "" ]]; then
echo -e "${red_color}The hostname is not set...${rest_color}"
read -p "Do you want to set this $(hostname)? [Y/n] " answer
if [[ ${answer} == "Y" || ${answer} == "y" ]]; then
host_name=$(hostname)
else
echo -e "${red_color}Stopped.${rest_color}"
exit 1;
fi;
fi;
echo -e "${green_color}Copy nginx.conf file to /etc/nginx/nginx.conf and nginx-default file to /etc/nginx/sites-available/default${rest_color}"
if [[ ! -f "${HOME}/nginx.conf" ]]; then
echo "${HOME}/nginx.conf file is not existed..."
read -p "Do you want to skip this copy? [Y/n] " skip_answer
if [[ ${skip_answer} == "Y" || ${skip_answer} == "y" ]]; then
echo -e "${red_color}Skipped...${rest_color}"
else
exit 1;
fi;
fi;
if [[ ${skip_answer} != "Y" && ${skip_answer} != "y" ]]; then
${sudo_prefix}cp "${HOME}/nginx.conf" /etc/nginx/nginx.conf
fi;
if [[ ! -f "${HOME}/nginx-default" ]]; then
echo -e "${red_color}${HOME}/nginx-default file is not existed...${rest_color}"
read -p "Do you want to skip this copy? [Y/n] " skip_answer
if [[ ${skip_answer} == "Y" || ${skip_answer} == "y" ]]; then
echo "Skipped..."
else
exit 1;
fi;
fi;
if [[ ${skip_answer} != "Y" && ${skip_answer} != "y" ]]; then
${sudo_ptrfix}cp "${HOME}/nginx-default" /etc/nginx/sites-available/default
fi;
read -p "Do you want to remove all files and folders on /var/www/html/ folder? [Y/n] " remove_answer
if [[ ${remove_answer} == "Y" || ${remove_answer} == "y" ]]; then
${sudo_prefix}rm -rf /var/www/html/*
${sudo_prefix}rm -rf /var/www/html/.* 2> /dev/null
else
read -p "Do you want to update packagist-mirror repository? [Y/n] " update_answer
fi;
echo -e "${green_color}Check Nginx configuration syntax...${rest_color}"
${sudo_prefix}nginx -t
if [[ $? != 0 ]]; then
echo -e "${red_color}Check Nginx configuration is failed... Stopped.${rest_color}"
exit 1;
fi;
${sudo_prefix}systemctl restart nginx
cd /var/www/html
if [[ ${remove_answer} == "Y" || ${remove_answer} == "y" ]]; then
git clone https://github.com/webysther/packagist-mirror .
${sudo_prefix}chown -R www-data:www-data /var/www/html/
${sudo_prefix}chmod -R ug+rwx /var/www/html/public/
fi;
curl -sS https://getcomposer.org/installer | php
php ./composer.phar install -n
read -p "Do you want to update dependencies with \"composer update -n\" ? [Y/n] " update_package_answer
if [[ ${update_answer} == "Y" || ${update_answer} == "y" ]]; then
git pull origin master
fi;
if [[ ${update_package_answer} == "Y" || ${update_package_answer} == "y" ]]; then
php ./composer.phar update -n
fi;
if [[ ! -f "${HOME}/.env" ]]; then
echo -e "${red_color}Please setup ${HOME}/.env file and refer ${PWD}/.env.example file to create...${rest_color}"
exit 1;
fi;
if [[ -f "${HOME}/.env" ]]; then
cp "${HOME}/.env" /var/www/html/.env
fi;
read -p "Do you want to sync mirror now? [Y/n] " sync_mirror_ans
if [[ ${sync_mirror_ans} == "Y" || ${sync_mirror_ans} == "y" ]]; then
echo -e "${green_color}Sync the mirror firstly...${rest_color}"
php bin/mirror create -vvv
fi;
echo -e "${green_color}Setup the Cronjob file to /var/spool/cron/crontabs/root file...${rest_color}"
echo -e "${green_color}The original Cronjob file is copied to /var/spool/cron/crontabs/root.back...${rest_color}"
${sudo_prefix}cp /var/spool/cron/crontabs/root /var/spool/cron/crontabs/root.back
${sudo_prefix}rm -f /var/spool/cron/crontabs/root
echo "*/5 * * * * cd /var/www/html/ && php bin/mirror create -vvv" | ${sudo_prefix}tee -a /var/spool/cron/crontabs/root
echo "*/10 * * * * cd /var/www/html/ && git pull origin master --no-edit" | ${sudo_prefix}tee -a /var/spool/cron/crontabs/root
${sudo_prefix}chmod 0600 /var/spool/cron/crontabs/root
${sudo_prefix}systemctl restart cron
echo -e "${green_color}Update and clean packages...${rest_color}"
${sudo_prefix}apt-get dist-upgrade -y
${sudo_prefix}apt-get autoremove -y
${sudo_prefix}apt-get clean
echo -e "${green_color}The Packagist Mirror has been installed successfully.${rest_color}"
read -p "Do you want to install and configure Let's encrypt x3 SSL with Certbot? [Y/n] " install_answer
if [[ ${install_answer} == "Y" || ${install_answer} == "y" ]]; then
echo -e "${green_color}Install required packages...${rest_color}"
if [[ $(lsb_release -sc) == "bionic" ]]; then
${sudo_prefix}apt-get update
${sudo_prefix}apt-get install -y software-properties-common
${sudo_prefix}add-apt-repository universe
${sudo_ptrfix}add-apt-repository -y ppa:certbot/certbot
${sudo_prefix}apt-get update
fi;
${sudo_prefix}apt-get install -y certbot python3-certbot-nginx
echo -e "${green_color}Start generating and configuring cert automatically...${rest_color}"
${sudo_prefix}certbot --nginx
if [[ $? != 0 ]]; then
echo -e "${red_color}Something error happen during certbot running... Stopped.${rest_color}"
exit 1;
fi;
echo "00 23 * * * certbot renew --dry-run" | ${sudo_prefix}tee -a /var/spool/cron/crontabs/root
${sudo_prefix}chmod 0600 /var/spool/cron/crontabs/root
${sudo_prefix}systemctl restart cron
${sudo_prefix}ufw status | grep inactive
if [[ $? != 0 ]]; then
${sudo_prefix}ufw allow https
fi;
fi;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment