Skip to content

Instantly share code, notes, and snippets.

@qRoC
Last active August 13, 2016 07:31
Show Gist options
  • Save qRoC/6ed8f96fba87b3f93bdd to your computer and use it in GitHub Desktop.
Save qRoC/6ed8f96fba87b3f93bdd to your computer and use it in GitHub Desktop.
DEBIAN 8 Настройка сервера
==========================
Генерация ключей доступа
------------------------
$ cd ~/.ssh
$ ssh-keygen -t rsa
> KEY_NAME
> PASSPHRASE
$ ssh-keygen -R [SERVER_IP]
$ ssh-add -K [KEY_NAME]
cat ~/.ssh/[KEY_NAME].pub | ssh root@[SERVER_IP] "cat >> ~/.ssh/authorized_keys"
Базовые утилиты
---------------
$ ssh root@[SERVER_IP]
$ apt-get update
$ apt-get install -y vim
Отключить удалённый доступ по паролю
------------------------------------
$ ssh root@[SERVER_IP]
$ vim /etc/ssh/sshd_config
/PasswordA
[Enter]
X
$ciwno
[Esc]
:wq
$ service sshd restart
Время на сервере
----------------
$ ssh root@[SERVER_IP]
$ apt-get install -y ntp
$ dpkg-reconfigure tzdata
> Europe
[Enter]
> Kiev
[Enter]
Локализация на сервере
----------------------
$ ssh root@[SERVER_IP]
$ dpkg-reconfigure locales
> en_US.utf8
> ru_RU.utf8
[Enter]
> en_US.utf8
[Enter]
$ localedef en_US.UTF-8 -i en_US -f UTF-8
настройка хоста
---------------
$ ssh root@[SERVER_IP]
$ vim /etc/hostname
d$
srv[01].[domain.com] // [01] - номер сервера, [domain.com] - хост
$ vim /etc/hosts
Указываем имя сервера srv[01].[domain.com]
Отчёты на почту
---------------
$ ssh root@[SERVER_IP]
$ apt-get -y install postfix mailutils apticron logwatch
> Internet Site
> Ok
$ vim /etc/aliases
> root: EmailForSysLogs@site.com
$ newaliases
$ vim /etc/postfix/main.cf
/inet_interfaces
[Enter]
$ciw127.0.0.1
$ service postfix restart
$ echo test | mail -s "test message" root
Сервер
------
$ vim /etc/apt/sources.list
> deb http://packages.dotdeb.org jessie all
> deb-src http://packages.dotdeb.org jessie all
$ wget https://www.dotdeb.org/dotdeb.gpg
$ apt-key add dotdeb.gpg
$ apt-get update
$ apt-get install -y nginx php7.0 php7.0-cli php7.0-fpm php7.0-common php7.0-json php7.0-opcache php7.0-readline php7.0-apcu php7.0-apcu-bc php7.0-gd php7.0-imagick php7.0-intl php7.0-mcrypt php7.0-pgsql php7.0-redis
/etc/nginx/nginx.conf
---------------------
user www-data;
worker_processes 1;
pid /run/nginx.pid;
events {
worker_connections 768;
multi_accept on;
}
http {
server_tokens off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
client_body_buffer_size 1M;
client_header_buffer_size 1M;
client_max_body_size 1M;
large_client_header_buffers 2 1M;
client_body_timeout 10;
client_header_timeout 10;
keepalive_timeout 60;
send_timeout 10;
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn perip 100;
limit_req_zone $binary_remote_addr zone=dynamic:10m rate=2r/s;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
open_file_cache max=100;
}
/etc/nginx/sites-available/default
----------------------------------
server {
listen 80 default_server;
server_name _;
root /var/www/site/current/public;
error_log /var/log/nginx/site_error.log;
access_log /var/log/nginx/site_access.log;
charset utf-8;
location ~* \.(js|css|png|jpg|jpeg|gif|ico)(\?v[0-9]+)?$ {
expires 1y;
add_header Vary Accept-Encoding;
access_log off;
log_not_found off;
}
location / {
try_files $uri @rewriteapp;
}
location @rewriteapp {
limit_req zone=dynamic burst=5 nodelay;
rewrite ^(.*)$ /app.php/$1 last;
}
location ~ ^/app\.php(/|$) {
fastcgi_pass unix:/var/run/php-fpm-site.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS off;
client_max_body_size 20m;
client_body_buffer_size 128k;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
}
}
/etc/php/7.0/fpm/pool.d/www.conf
--------------------------------
[www]
user = www-data
group = www-data
listen = /var/run/php-fpm-site.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
pm = dynamic
pm.max_children = 10
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
catch_workers_output = yes
PostgreSQL
----------
$ vim /etc/apt/sources.list.d/pgdg.list
> deb http://apt.postgresql.org/pub/repos/apt/ jessie-pgdg main
$ wget http://apt.postgresql.org/pub/repos/apt/ACCC4CF8.asc
$ apt-key add ACCC4CF8.asc
$ apt-get update
$ apt-get install -y postgresql
$ su - postgres
$ createuser --interactive
> USERNAME
> n
> n
> n
$ createdb DBNAME -O USERNAME
$ psql
$ ALTER USER "user_name" WITH PASSWORD 'new_password';
$ \q
Резервное копирование БД
------------------------
$ apt-get -y install autopostgresqlbackup
Обновления
----------
$ apt-get -y install unattended-upgrades
$ dpkg-reconfigure unattended-upgrades
Межсетевой экран
----------------
$ apt-get -y install fail2ban iptables-persistent
$ iptables-apply /etc/iptables/rules.v4
$ ip6tables-apply /etc/iptables/rules.v6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment