2019-01-12 18:33:33 +01:00
# Optimized configuration for Ubuntu server with WordOps
2018-06-03 16:03:36 +02:00
2018-06-03 16:39:21 +02:00
## Server Stack
- Ubuntu 16.04/18.04 LTS
2018-07-28 23:59:45 +02:00
- Nginx 1.15.x / 1.14.x
2019-01-12 18:33:33 +01:00
- PHP-FPM 7.2/7.3
2018-06-03 16:39:21 +02:00
- MariaDB 10.3
2018-12-19 13:39:09 +01:00
- REDIS 5.0
2018-06-03 16:39:21 +02:00
- Memcached
- Fail2ban
- Netdata
- UFW
2018-06-03 16:03:36 +02:00
* * *
2017-12-13 09:21:40 +01:00
2019-02-20 15:10:44 +01:00
![](https://img.shields.io/github/license/virtubox/ubuntu-nginx-web-server.svg?style=flat) ![last-commit ](https://img.shields.io/github/last-commit/virtubox/ubuntu-nginx-web-server.svg?style=flat )
2019-01-12 18:33:33 +01:00
### Info
**As EasyEngine v3 will no longer receive any updates, configurations available in this repository are going to be updated for [WordOps ](https://wordops.org/ ) (EEv3 fork).**
All previous configurations are still available in the branch [easyengine-v3 ](https://github.com/VirtuBox/ubuntu-nginx-web-server/tree/easyengine-v3 ).
We are already working on a bash script [wo-nginx-setup ](https://github.com/VirtuBox/wo-nginx-setup ) to handle the migration from EEv3 to WordOps with all custom configurations of this repository. We will update the README with all informations about the migration as soon as the script is ready.
2018-10-26 19:32:47 +02:00
* * *
2018-10-23 14:41:50 +02:00
Configuration files with comments available by following the link **source**
2018-04-17 18:47:33 +02:00
2018-10-13 15:04:41 +02:00
## Initial configuration
2018-02-21 04:06:04 +01:00
2018-10-13 15:04:41 +02:00
### System update and packages cleanup
2017-12-13 09:21:40 +01:00
2018-06-03 16:39:21 +02:00
```bash
2018-07-28 23:59:45 +02:00
apt-get update & & apt-get upgrade -y & & apt-get autoremove --purge -y & & apt-get clean
2018-06-03 16:39:21 +02:00
```
2018-10-13 15:04:41 +02:00
### Install useful packages
2017-12-13 09:21:40 +01:00
2018-06-03 16:39:21 +02:00
```bash
2018-11-04 13:51:37 +01:00
sudo apt-get install haveged curl git unzip zip fail2ban htop nload nmon ntp gnupg gnupg2 wget pigz tree ccze mycli -y
2018-06-03 16:39:21 +02:00
```
2018-06-03 16:03:36 +02:00
2018-10-13 15:04:41 +02:00
### Clone the repository
```bash
git clone https://github.com/VirtuBox/ubuntu-nginx-web-server.git $HOME/ubuntu-nginx-web-server
```
### Tweak Kernel & Increase open files limits
2018-06-03 16:03:36 +02:00
2018-06-03 16:39:21 +02:00
[source sysctl.conf ](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/sysctl.conf ) - [limits.conf source ](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/security/limits.conf )
2018-06-03 16:03:36 +02:00
2018-06-03 16:39:21 +02:00
```bash
2018-10-13 15:04:41 +02:00
cp $HOME/ubuntu-nginx-web-server/etc/sysctl.d/60-ubuntu-nginx-web-server.conf /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
2018-10-23 14:41:50 +02:00
```
Ubuntu 16.04 LTS do not support the new tcp congestion control algorithm bbr, we will use htcp instead.
```bash
# On ubuntu 18.04 LTS
2019-02-20 15:10:44 +01:00
modprobe tcp_bbr & & echo 'tcp_bbr' >> /etc/modules-load.d/bbr.conf
2018-10-23 14:41:50 +02:00
echo -e '\nnet.ipv4.tcp_congestion_control = bbr\nnet.ipv4.tcp_notsent_lowat = 16384' >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
# On ubuntu 16.04 LTS
2019-02-20 15:10:44 +01:00
modprobe tcp_bbr & & echo 'tcp_htcp' >> /etc/modules-load.d/htcp.conf
2018-10-23 14:41:50 +02:00
echo 'net.ipv4.tcp_congestion_control = htcp' >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
```
Then to apply the configuration :
```bash
2018-09-17 02:16:23 +02:00
sysctl -e -p /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
2018-10-23 14:41:50 +02:00
```
Increase openfiles limits
```bash
sudo bash -c 'echo -e "* hard nofile 500000\n* soft nofile 500000\nroot hard nofile 500000\nroot soft nofile 500000\n" >> /etc/security/limits.conf'
2018-06-03 16:39:21 +02:00
```
2018-06-03 16:03:36 +02:00
2018-10-13 15:04:41 +02:00
### disable transparent hugepage for redis
2018-04-17 18:47:33 +02:00
2018-06-03 16:39:21 +02:00
```bash
echo never > /sys/kernel/mm/transparent_hugepage/enabled
```
2018-04-17 18:47:33 +02:00
2018-06-03 16:03:36 +02:00
* * *
2018-04-03 10:42:28 +02:00
2018-10-13 15:04:41 +02:00
## EasyEngine Setup
2018-04-17 19:05:02 +02:00
2018-10-13 15:04:41 +02:00
### Install MariaDB 10.3
2017-12-13 09:21:40 +01:00
2018-06-03 16:39:21 +02:00
Instructions available in [VirtuBox Knowledgebase ](https://kb.virtubox.net/knowledgebase/install-latest-mariadb-release-easyengine/ )
2018-04-17 18:47:33 +02:00
2018-06-03 16:39:21 +02:00
```bash
2018-09-19 14:57:34 +02:00
bash < (wget -qO - https://downloads.mariadb.com/MariaDB/mariadb_repo_setup) --mariadb-server-version=10.3 --skip-maxscale -y
sudo apt update & & sudo apt install mariadb-server -y
2018-06-03 16:39:21 +02:00
```
2018-02-02 23:45:00 +01:00
2018-10-23 14:41:50 +02:00
Secure MariaDB after install by running the command :
```bash
mysql_secure_installation
```
2018-10-13 15:04:41 +02:00
### MySQL Tuning
2018-06-05 00:08:10 +02:00
You can download my example of my.cnf, optimized for VPS with 4GB RAM. [my.cnf source ](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/mysql/my.cnf )
```bash
2018-10-13 15:04:41 +02:00
cp -f $HOME/ubuntu-nginx-web-server/etc/mysql/my.cnf /etc/mysql/my.cnf
2018-06-05 00:08:10 +02:00
```
It include modification of innodb_log_file_size variable, so you need to use the following commands to apply the new configuration :
```bash
sudo service mysql stop
sudo mv /var/lib/mysql/ib_logfile0 /var/lib/mysql/ib_logfile0.bak
sudo mv /var/lib/mysql/ib_logfile1 /var/lib/mysql/ib_logfile1.bak
sudo service mysql start
```
2018-10-13 15:04:41 +02:00
### Increase MariaDB open files limits
2018-09-15 15:04:26 +02:00
2018-07-07 14:36:53 +02:00
```bash
2018-10-23 14:41:50 +02:00
echo -e '[Service]\nLimitNOFILE=500000' > /etc/systemd/system/mariadb.service.d/limits.conf
2018-07-07 14:36:53 +02:00
sudo systemctl daemon-reload
sudo systemctl restart mariadb
```
2019-02-20 15:10:44 +01:00
### Setup cronjob to optimize your MySQL databases and repair them if needed
Open the crontab editor
```bash
sudo crontab -e
```
Then add the following cronjob
```cronjob
@weekly /usr/bin/mysqlcheck -Aos --auto-repair > /dev/null 2>& 1
```
2018-10-13 15:04:41 +02:00
## Install EasyEngine
2018-02-02 23:45:00 +01:00
2018-06-03 16:39:21 +02:00
```bash
2018-07-05 13:29:38 +02:00
# noninteractive install - you can replace $USER with your username & root@$HOSTNAME by your email
sudo bash -c 'echo -e "[user]\n\tname = $USER\n\temail = root@$HOSTNAME" > $HOME/.gitconfig'
2018-06-03 16:39:21 +02:00
wget -qO ee rt.cx/ee & & bash ee
```
2017-12-13 09:21:40 +01:00
2018-10-13 15:04:41 +02:00
### enable ee bash_completion
2017-12-13 09:21:40 +01:00
2018-06-03 16:39:21 +02:00
```bash
source /etc/bash_completion.d/ee_auto.rc
```
2018-02-21 04:06:04 +01:00
2018-10-13 15:04:41 +02:00
### Install Nginx, php5.6, php7.0, postfix, redis and configure EE backend
2018-03-07 21:20:07 +01:00
2018-06-03 16:39:21 +02:00
```bash
ee stack install
ee stack install --php7 --redis --admin --phpredisadmin
```
2018-02-21 04:06:04 +01:00
2018-10-13 15:04:41 +02:00
### Set your email instead of root@localhost
2018-04-17 18:47:33 +02:00
2018-06-03 16:39:21 +02:00
```bash
echo 'root: my.email@address.com' >> /etc/aliases
newaliases
```
2018-04-20 17:12:37 +02:00
2018-10-13 15:04:41 +02:00
### Install Composer - Fix phpmyadmin install issue
2018-04-20 17:12:37 +02:00
2018-06-03 16:39:21 +02:00
```bash
2018-07-13 04:21:12 +02:00
cd ~/ ||exit
2018-06-03 16:39:21 +02:00
curl -sS https://getcomposer.org/installer | php
mv composer.phar /usr/bin/composer
2018-07-13 04:21:12 +02:00
chown www-data:www-data /var/www
sudo -u www-data -H composer update -d /var/www/22222/htdocs/db/pma/
2018-06-03 16:39:21 +02:00
```
2018-04-20 17:12:37 +02:00
2018-10-13 15:04:41 +02:00
### Allow shell for www-data for SFTP usage
2018-06-03 16:39:21 +02:00
```bash
usermod -s /bin/bash www-data
```
2018-04-20 17:12:37 +02:00
2018-12-19 13:39:09 +01:00
## PHP 7.1 - 7.2 - 7.3 Setup
2018-04-17 18:47:33 +02:00
2018-10-13 15:04:41 +02:00
### Install php7.1-fpm
2018-04-17 19:05:02 +02:00
2018-04-12 18:26:13 +02:00
```bash
2018-04-17 19:05:02 +02:00
# php7.1-fpm
2018-04-12 18:26:13 +02:00
apt update & & apt install php7.1-fpm php7.1-cli php7.1-zip php7.1-opcache php7.1-mysql php7.1-mcrypt php7.1-mbstring php7.1-json php7.1-intl \
2018-04-17 18:47:33 +02:00
php7.1-gd php7.1-curl php7.1-bz2 php7.1-xml php7.1-tidy php7.1-soap php7.1-bcmath -y php7.1-xsl
2018-04-12 18:26:13 +02:00
2018-10-13 15:04:41 +02:00
# copy php-fpm pools & php.ini configuration
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.1/fpm/* /etc/php/7.1/fpm/
2019-02-20 15:10:44 +01:00
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.1/cli/* /etc/php/7.1/cli/
2018-04-12 18:26:13 +02:00
service php7.1-fpm restart
2018-10-13 15:04:41 +02:00
git -C /etc/php/ add /etc/php/ & & git -C /etc/php/ commit -m "add php7.1 configuration"
2018-06-03 16:03:36 +02:00
```
2018-04-17 19:05:02 +02:00
2018-10-13 15:04:41 +02:00
### Install php7.2-fpm
2018-06-03 16:39:21 +02:00
```bash
2018-04-17 19:05:02 +02:00
# php7.2-fpm
2018-10-13 15:04:41 +02:00
apt update & & apt install php7.2-fpm php7.2-xml php7.2-bz2 php7.2-zip php7.2-mysql php7.2-intl php7.2-gd php7.2-curl php7.2-soap php7.2-mbstring php7.2-bcmath -y
2018-06-03 16:03:36 +02:00
2018-10-13 15:04:41 +02:00
# copy php-fpm pools & php.ini configuration
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.2/fpm/* /etc/php/7.2/fpm/
2019-02-20 15:10:44 +01:00
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.2/cli/* /etc/php/7.2/cli/
2018-04-12 18:26:13 +02:00
service php7.2-fpm restart
2018-10-13 15:04:41 +02:00
git -C /etc/php/ add /etc/php/ & & git -C /etc/php/ commit -m "add php7.2 configuration"
2018-04-12 18:26:13 +02:00
```
2018-06-03 16:03:36 +02:00
2018-12-19 13:39:09 +01:00
### Install php7.3-fpm
```bash
# php7.3-fpm
apt update & & apt install php7.3-fpm php7.3-xml php7.3-bz2 php7.3-zip php7.3-mysql php7.3-intl php7.3-gd php7.3-curl php7.3-soap php7.3-mbstring php7.3-bcmath -y
# copy php-fpm pools & php.ini configuration
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.3/fpm/* /etc/php/7.3/fpm/
2019-02-20 15:10:44 +01:00
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.3/cli/* /etc/php/7.3/cli/
2018-12-19 13:39:09 +01:00
service php7.3-fpm restart
git -C /etc/php/ add /etc/php/ & & git -C /etc/php/ commit -m "add php7.3 configuration"
```
2018-10-23 14:41:50 +02:00
### Set the proper alternative for /usr/bin/php
If you want to choose which version of php to use with the command `php` , you can use the command `update-alternatives`
```bash
# php5.6
sudo update-alternatives --install /usr/bin/php php /usr/bin/php5.6 80
# php7.0
sudo update-alternatives --install /usr/bin/php php /usr/bin/php7.0 80
# php7.1
sudo update-alternatives --install /usr/bin/php php /usr/bin/php7.1 80
# php7.2
sudo update-alternatives --install /usr/bin/php php /usr/bin/php7.2 80
2018-12-19 13:39:09 +01:00
# php7.3
sudo update-alternatives --install /usr/bin/php php /usr/bin/php7.3 80
2018-10-23 14:41:50 +02:00
```
Then you can check php version with command `php -v`
2018-10-13 15:04:41 +02:00
## NGINX Configuration
### Additional Nginx configuration (/etc/nginx/conf.d)
2019-02-20 15:10:44 +01:00
- New upstreams (php7.1, php7.2, php7.3, netdata and php via unix socket) : upstream.conf
2018-10-13 15:04:41 +02:00
- webp image mapping : webp.conf
- new fastcgi_cache_bypass mapping for wordpress : map-wp-fastcgi-cache.conf
- stub_status configuration on 127.0.0.1:80 : stub_status.conf
2018-10-23 14:41:50 +02:00
- restore visitor real IP under Cloudflare : cloudflare.conf
2018-06-03 16:03:36 +02:00
2018-07-07 14:31:13 +02:00
```bash
2018-10-13 15:04:41 +02:00
# copy all common nginx configurations
cp -rf $HOME/ubuntu-nginx-web-server/etc/nginx/conf.d/* /etc/nginx/conf.d/
# commit change with git
git -C /etc/nginx/ add /etc/nginx/ & & git -C /etc/nginx/ commit -m "update conf.d configurations"
2018-07-07 14:31:13 +02:00
```
2018-06-03 16:03:36 +02:00
2018-10-13 15:04:41 +02:00
### EE common configuration
2018-02-21 04:06:04 +01:00
2018-11-09 08:03:24 +01:00
- mitigate WordPress DoS attack (wpcommon-phpX.conf)
- webp image conditional rewrite (wpcommon-phpX.conf)
- additional directives to prevent hack (locations-phpX.conf)
2018-07-07 14:31:13 +02:00
```bash
2018-10-13 15:04:41 +02:00
cp -rf $HOME/ubuntu-nginx-web-server/etc/nginx/common/* /etc/nginx/common/
# commit change with git
git -C /etc/nginx/ add /etc/nginx/ & & git -C /etc/nginx/ commit -m "update common configurations"
2018-07-07 14:31:13 +02:00
```
2018-02-21 04:06:04 +01:00
2018-06-03 16:39:21 +02:00
### Compile last Nginx mainline release with [nginx-ee script](https://github.com/VirtuBox/nginx-ee)
2018-02-21 04:06:04 +01:00
2018-07-07 14:31:13 +02:00
```bash
2019-02-20 15:10:44 +01:00
bash < (wget -O - virtubox.net/nginx-ee || curl -sL virtubox.net/nginx-ee)
2018-07-07 14:31:13 +02:00
```
2018-04-13 16:06:26 +02:00
2018-06-03 16:03:36 +02:00
* * *
2018-04-13 16:06:26 +02:00
2018-10-13 15:04:41 +02:00
## Custom configurations
2018-06-03 16:03:36 +02:00
2018-10-13 15:04:41 +02:00
### Nginx optimized configurations
2018-02-06 23:35:28 +01:00
2018-07-07 14:31:13 +02:00
```bash
2019-02-20 15:10:44 +01:00
# TLSv1.2 TLSv1.3 only (recommended)
2018-10-13 15:04:41 +02:00
cp -f $HOME/ubuntu-nginx-web-server/etc/nginx/nginx.conf /etc/nginx/nginx.conf
2018-02-06 23:35:28 +01:00
2018-07-07 14:31:13 +02:00
# TLS intermediate - TLS v1.0 v1.1 v1.2 v1.3
2018-10-13 15:04:41 +02:00
cp -f $HOME/ubuntu-nginx-web-server/etc/nginx/nginx.conf /etc/nginx/nginx-intermediate.conf
2018-03-12 10:51:52 +01:00
2018-07-07 14:31:13 +02:00
# TLSv1.2 only
2018-10-13 15:04:41 +02:00
cp -f $HOME/ubuntu-nginx-web-server/etc/nginx/nginx.conf /etc/nginx/nginx-tlsv12.conf
# commit change with git
git -C /etc/nginx/ add /etc/nginx/ & & git -C /etc/nginx/ commit -m "update nginx.conf configurations"
2018-07-07 14:31:13 +02:00
```
2018-02-06 23:35:28 +01:00
2018-10-13 15:04:41 +02:00
### Nginx configuration for netdata
2018-02-06 23:35:28 +01:00
2018-07-07 14:29:05 +02:00
```bash
# add nginx reverse-proxy for netdata on https://yourserver.hostname:22222/netdata/
2018-10-13 15:04:41 +02:00
cp -f $HOME/ubuntu-nginx-web-server/etc/nginx/sites-available/22222 /etc/nginx/sites-available/22222
# commit change with git
git -C /etc/nginx/ add /etc/nginx/ & & git -C /etc/nginx/ commit -m "update 22222 configuration"
2018-07-07 14:29:05 +02:00
```
#### Increase Nginx open files limits
```bash
sudo mkdir -p /etc/systemd/system/nginx.service.d
2018-10-23 14:41:50 +02:00
echo -e '[Service]\nLimitNOFILE=500000' > /etc/systemd/system/nginx.service.d/limits.conf
2018-06-03 16:03:36 +02:00
2018-07-07 14:29:05 +02:00
sudo systemctl daemon-reload
sudo systemctl restart nginx.service
2018-09-15 15:04:26 +02:00
```
2018-04-03 10:42:28 +02:00
2018-06-03 16:03:36 +02:00
* * *
2018-10-13 15:04:41 +02:00
## Security
2018-06-03 16:03:36 +02:00
2018-10-13 15:04:41 +02:00
### Harden SSH Security
2018-06-03 16:03:36 +02:00
2018-10-23 14:41:50 +02:00
WARNING : SSH Configuration with root login allowed using SSH keys only [source ](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/ssh/sshd_config )
2018-06-03 16:03:36 +02:00
2018-10-13 15:04:41 +02:00
cp -f $HOME/ubuntu-nginx-web-server/etc/ssh/sshd_config /etc/ssh/sshd_config
2018-06-03 16:03:36 +02:00
2018-10-13 15:04:41 +02:00
### UFW
2018-06-03 16:03:36 +02:00
2018-06-03 16:39:21 +02:00
Instructions available in [VirtuBox Knowledgebase ](https://kb.virtubox.net/knowledgebase/ufw-iptables-firewall-configuration-made-easier/ )
2018-07-28 23:59:45 +02:00
2018-06-03 16:39:21 +02:00
```bash
2018-07-28 23:59:45 +02:00
# enable ufw log - allow outgoing - deny incoming
2018-06-06 00:10:58 +02:00
ufw logging low
2018-06-03 16:39:21 +02:00
ufw default allow outgoing
ufw default deny incoming
2018-10-13 15:04:41 +02:00
# allow incoming traffic on SSH port
CURRENT_SSH_PORT=$(grep "Port" /etc/ssh/sshd_config | awk -F " " '{print $2}')
ufw allow $CURRENT_SSH_PORT
2018-10-23 14:41:50 +02:00
# DNS - HTTP/S - FTP - NTP - RSYNC - DHCP - EE Backend
2018-06-03 16:39:21 +02:00
ufw allow 53
ufw allow http
ufw allow https
ufw allow 21
ufw allow 123
2018-10-13 15:04:41 +02:00
ufw allow 68
ufw allow 546
ufw allow 873
2018-06-03 16:39:21 +02:00
ufw allow 22222
2018-10-13 15:04:41 +02:00
2018-06-03 16:39:21 +02:00
# enable UFW
2018-10-23 14:41:50 +02:00
echo "y" | ufw enable
2018-06-03 16:39:21 +02:00
```
2018-06-03 16:03:36 +02:00
2018-10-13 15:04:41 +02:00
### Custom jails for fail2ban
2018-06-03 16:03:36 +02:00
2018-06-03 16:39:21 +02:00
- wordpress bruteforce
- ssh
- recidive (after 3 bans)
- backend http auth
- nginx bad bots
2018-06-03 16:03:36 +02:00
2018-06-03 16:39:21 +02:00
```bash
2018-10-13 15:04:41 +02:00
cp -rf $HOME/ubuntu-nginx-web-server/etc/fail2ban/filter.d/* /etc/fail2ban/filter.d/
cp -rf $HOME/ubuntu-nginx-web-server/etc/fail2ban/jail.d/* /etc/fail2ban/jail.d/
2018-06-03 16:39:21 +02:00
fail2ban-client reload
```
2018-06-03 16:03:36 +02:00
2018-10-13 15:04:41 +02:00
### Secure Memcached server
2018-06-03 16:03:36 +02:00
2018-06-03 16:39:21 +02:00
```bash
2018-07-28 23:59:45 +02:00
echo '-U 0' >> /etc/memcached.conf
2018-06-03 16:39:21 +02:00
sudo systemctl restart memcached
```
2018-06-03 16:03:36 +02:00
2019-02-20 15:10:44 +01:00
If you do not use memcached, you can safely stop it and disable it :
2018-10-13 15:04:41 +02:00
```bash
sudo systemctl stop memcached
sudo systemctl disable memcached.service
```
2018-11-09 08:03:24 +01:00
* * *
2018-10-13 15:04:41 +02:00
## Optional
2018-06-03 16:03:36 +02:00
2018-11-09 08:03:24 +01:00
### proftpd
#### Install proftpd
```bash
apt-get install proftpd -y
```
secure proftpd and enable passive ports
```bash
sed -i 's/# DefaultRoot/DefaultRoot/' /etc/proftpd/proftpd.conf
sed -i 's/# RequireValidShell/RequireValidShell/' /etc/proftpd/proftpd.conf
sed -i 's/# PassivePorts 49152 65534/PassivePorts 49000 50000/' /etc/proftpd/proftpd.conf
```
restart proftpd
```bash
sudo service proftpd restart
```
Allow FTP ports with UFW
```bash
# ftp active port
sudo ufw allow 21
# ftp passive ports
sudo ufw allow 49000:50000/tcp
```
Enable fail2ban proftpd jail
```bash
echo -e '\n[proftpd]\nenabled = true\n' >> /etc/fail2ban/jail.d/custom.conf
fail2ban-client reload
```
2019-02-20 15:10:44 +01:00
#### Adding FTP users
2018-11-09 08:03:24 +01:00
```bash
# create user without shell access in group www-data
adduser --home /var/www/yourdomain.tld/ --shell /bin/false --ingroup www-data youruser
# allow group read/write on website folder
chmod -R g+rw /var/www/yourdomain.tld
```
* * *
2018-10-13 15:04:41 +02:00
### ee-acme-sh
2018-06-03 16:03:36 +02:00
2018-06-03 16:39:21 +02:00
[Github repository ](https://virtubox.github.io/ee-acme-sh/ ) - Script to setup letsencrypt certificates using acme.sh on EasyEngine servers
2018-06-03 16:03:36 +02:00
2018-10-13 15:04:41 +02:00
- subdomain support
- ivp6 support
- wildcards certificates support
2018-06-03 16:03:36 +02:00
2018-06-03 16:39:21 +02:00
```bash
2018-10-13 15:04:41 +02:00
wget-qO install-ee-acme.sh https://raw.githubusercontent.com/VirtuBox/ee-acme-sh/master/install.sh
2018-07-28 23:59:45 +02:00
chmod +x install-ee-acme.sh
./install-ee-acme.sh
2018-06-03 16:03:36 +02:00
2018-06-03 16:39:21 +02:00
# enable acme.sh & ee-acme-sh
source .bashrc
```
2018-06-03 16:03:36 +02:00
2018-11-09 08:03:24 +01:00
* * *
2018-10-13 15:04:41 +02:00
### netdata
2017-12-13 09:21:40 +01:00
2018-04-12 18:21:44 +02:00
[Github repository ](https://github.com/firehol/netdata )
2018-02-21 04:06:04 +01:00
2018-06-03 16:39:21 +02:00
```bash
2018-02-21 04:06:04 +01:00
2018-06-03 16:39:21 +02:00
# save 40-60% of netdata memory
echo 1 >/sys/kernel/mm/ksm/run
echo 1000 >/sys/kernel/mm/ksm/sleep_millisecs
2018-02-21 04:06:04 +01:00
2019-02-20 15:10:44 +01:00
# install netdata
bash < (curl -Ss https://my-netdata.io/kickstart.sh) all --dont-wait
2018-10-23 14:41:50 +02:00
# increase open files limits for netdata
sudo mkdir -p /etc/systemd/system/netdata.service.d
echo -e '[Service]\nLimitNOFILE=500000' > /etc/systemd/system/netdata.service.d/limits.conf
sudo systemctl daemon-reload
sudo systemctl restart netdata.service
2018-06-03 16:39:21 +02:00
# disable email notifications
2018-10-13 15:04:41 +02:00
sudo sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/' /usr/lib/netdata/conf.d/health_alarm_notify.conf
2018-06-03 16:39:21 +02:00
service netdata restart
```
2018-11-09 08:03:24 +01:00
* * *
2018-10-13 15:04:41 +02:00
### cht.sh (cheat)
2018-06-03 16:03:36 +02:00
2018-09-15 15:04:26 +02:00
[Github repository ](https://github.com/chubin/cheat.sh )
2018-06-03 16:03:36 +02:00
```bash
2018-09-15 15:04:26 +02:00
curl https://cht.sh/:cht.sh > /usr/bin/cht.sh
chmod +x /usr/bin/cht.sh
echo "alias cheat='cht.sh'" >> $HOME/.bashrc
source $HOME/.bashrc
2018-02-21 04:06:04 +01:00
```
2018-06-03 16:03:36 +02:00
2018-09-15 15:04:26 +02:00
usage : `cheat <command>`
2018-02-21 04:06:04 +01:00
2018-04-12 18:21:44 +02:00
```bash
root@vps:~ cheat cat
# cat
# Print and concatenate files.
# Print the contents of a file to the standard output:
cat file
# Concatenate several files into the target file:
cat file1 file2 > target_file
# Append several files into the target file:
cat file1 file2 >> target_file
2018-02-21 04:06:04 +01:00
2018-04-12 18:21:44 +02:00
# Number all output lines:
cat -n file
2018-02-21 04:06:04 +01:00
```
2018-07-28 23:59:45 +02:00
2018-11-09 08:03:24 +01:00
* * *
2018-10-13 15:04:41 +02:00
### nanorc - Improved Nano Syntax Highlighting Files
2018-06-03 16:03:36 +02:00
2018-04-26 13:53:53 +02:00
[Github repository ](https://github.com/scopatz/nanorc )
2018-06-12 17:32:56 +02:00
```bash
2018-10-23 14:41:50 +02:00
wget https://raw.githubusercontent.com/scopatz/nanorc/master/install.sh -qO- | sh
2018-06-12 17:32:56 +02:00
```
2018-11-09 08:03:24 +01:00
* * *
2018-10-13 15:04:41 +02:00
### Add WP-CLI & bash-completion for user www-data
2018-07-06 13:48:34 +02:00
```bashrc
2018-07-06 13:53:29 +02:00
# download wp-cli bash_completion
2018-10-23 14:41:50 +02:00
wget -qO /etc/bash_completion.d/wp-completion.bash https://raw.githubusercontent.com/wp-cli/wp-cli/master/utils/wp-completion.bash
2018-07-06 13:53:29 +02:00
# change /var/www owner
chown www-data:www-data /var/www
# download .profile & .bashrc for www-data
2019-02-20 15:10:44 +01:00
cp -f $HOME/ubuntu-nginx-web-server/var/www/.* /var/www/
2018-07-06 13:53:29 +02:00
# set owner
2018-10-23 14:41:50 +02:00
chown www-data:www-data /var/www/{.profile,.bashrc}
2018-07-06 13:48:34 +02:00
```
2018-07-28 23:59:45 +02:00
### Custom Nginx error pages
[Github Repository ](https://github.com/alexphelps/server-error-pages )
Installation
```bash
# clone the github repository
sudo -u www-data -H git clone https://github.com/alexphelps/server-error-pages.git /var/www/error
```
Then include this configuration in your nginx vhost by adding the following line
2018-07-06 13:48:34 +02:00
2018-07-28 23:59:45 +02:00
```bash
include common/error_pages.conf;
```
2018-07-06 13:48:34 +02:00
2018-06-03 16:03:36 +02:00
Published & maintained by [VirtuBox ](https://virtubox.net )