Last active
July 19, 2016 12:54
-
-
Save pparidans/9deb5502911e3890817b5c2343dc5e0a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
timedatectl set-timezone 'Europe/Brussels' | |
hostnamectl set-hostname <hostname> | |
vi /etc/hosts | |
<public_ip> <fqdn> <hostname> | |
vi /etc/cloud/cloud.cfg | |
preserve_hostname: 1 | |
yum update | |
yum install yum-cron | |
vi /etc/yum/yum-cron.conf | |
apply_updates = yes | |
useradd <username> | |
passwd <username> | |
usermod -aG wheel <username> | |
vi /etc/ssh/sshd_config | |
PermitRootLogin no | |
AllowUsers <username> | |
PasswordAuthentication yes | |
systemctl restart sshd | |
yum install epel-release | |
yum update | |
yum install fail2ban | |
systemctl start fail2ban | |
systemctl enable fail2ban | |
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local | |
vi /etc/fail2ban/jail.local | |
backend = systemd | |
maxretry = 3 | |
systemctl reload fail2ban | |
systemctl start firewalld | |
systemctl enable firewalld | |
firewall-cmd --zone=public --add-service=http --permanent | |
firewall-cmd --reload | |
yum groupinstall 'Development Tools' | |
yum install vim | |
yum install mariadb mariadb-server | |
vi /etc/my.cnf.d/server.cnf | |
max_connections = 75 | |
max_allowed_packet = 1M | |
thread_stack = 128K | |
table_open_cache = 32M | |
key_buffer_size = 32M | |
systemctl start mariadb | |
systemctl enable mariadb | |
mysql_secure_installation | |
yum install nginx | |
systemctl start nginx | |
systemctl enable nginx | |
mkdir /var/www | |
chcon -Rt httpd_sys_content_t /var/www | |
yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm | |
yum install yum-utils | |
yum-config-manager --enable remi-php70 | |
yum update | |
yum install php-fpm php-mysql php-gd php-xml php-pecl-mysql | |
vi /etc/php-fpm.conf.d/www.conf | |
listen = /var/run/php-fpm.sock | |
listen.owner = nginx | |
listen.group = nginx | |
listen.mode = 0660 | |
pm.max_children = 5 | |
pm.start_servers = 1 | |
pm.min_spare_servers = 1 | |
pm.max_spare_servers = 5 | |
php_admin_value[memory_limit] = 48M | |
systemctl start php-fpm | |
systemctl enable php-fpm | |
dd if=/dev/zero of=/swapfile bs=1M count=1024 | |
chmod 0600 /swapfile | |
mkswap /swapfile | |
swapon /swapfile | |
vi /etc/fstab | |
/swapfile swap swap defaults 0 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apt update | |
apt upgrade | |
adduser <your_username> | |
usermod -aG sudo <your_username> | |
/etc/ssh/sshd_config | |
PermitRootLogin no | |
systemctl restart ssh | |
ufw limit OpenSSH | |
ufw enable | |
fallocate -l 2G /swapfile | |
chmod 600 /swapfile | |
mkswap /swapfile | |
swapon /swapfile | |
sysctl vm.swappiness=10 | |
sysctl vm.vfs_cache_pressure=50 | |
/etc/fstab | |
/swapfile none swap sw 0 0 | |
/etc/sysctl.conf | |
vm.swappiness=10 | |
vm.vfs_cache_pressure=50 | |
apt install apache2 | |
ufw allow Apache | |
a2enmod headers | |
/etc/apache2/conf-available/security.conf | |
ServerTokens Prod | |
ServerSignature Off | |
apt install python-letsencrypt-apache | |
ufw allow "Apache Secure" | |
letsencrypt --domains `hostname -f` | |
crontab -e | |
30 0,13 * * * letsencrypt renew >> /var/log/le-renew.log | |
apt install git curl vim build-essential htop | |
apt install php7.0-fpm | |
a2enmod proxy_fcgi | |
a2enconf php7.0-fpm | |
/etc/php/7.0/fpm/pool.d/www.conf | |
pm.max_children = 3 | |
pm.start_servers = 1 | |
pm.min_spare_servers = 1 | |
pm.max_spare_servers = 2 | |
pm.max_requests = 500 | |
php_admin_value[memory_limit] = 32M | |
apt install mariadb-server | |
mysql_secure_installation | |
/etc/mysql/mariadb.conf.d/50-server.cnf | |
# | |
# * Fine Tuning | |
# | |
key_buffer = 16K | |
max_allowed_packet = 1M | |
thread_stack = 64K | |
thread_cache_size = 8 | |
sort_buffer_size = 64K | |
read_buffer_size = 256K | |
read_rnd_buffer_size = 256K | |
net_buffer_length = 2K | |
# This replaces the startup script and checks MyISAM tables if needed | |
# the first time they are touched | |
myisam-recover = BACKUP | |
max_connections = 50 | |
table_cache = 32 | |
thread_concurrency = 5 | |
# | |
# * Query Cache Configuration | |
# | |
query_cache_limit = 1M | |
query_cache_size = 16K |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment