README rewrite in progress

This commit is contained in:
VirtuBox 2019-02-20 15:10:44 +01:00
parent e7c9a78a00
commit 13abb54e38
1 changed files with 30 additions and 21 deletions

View File

@ -14,6 +14,8 @@
* * * * * *
![](https://img.shields.io/github/license/virtubox/ubuntu-nginx-web-server.svg?style=flat) ![last-commit](https://img.shields.io/github/last-commit/virtubox/ubuntu-nginx-web-server.svg?style=flat)
### Info ### Info
**As EasyEngine v3 will no longer receive any updates, configurations available in this repository are going to be updated for [WordOps](https://wordops.org/) (EEv3 fork).** **As EasyEngine v3 will no longer receive any updates, configurations available in this repository are going to be updated for [WordOps](https://wordops.org/) (EEv3 fork).**
@ -58,11 +60,11 @@ Ubuntu 16.04 LTS do not support the new tcp congestion control algorithm bbr, we
```bash ```bash
# On ubuntu 18.04 LTS # On ubuntu 18.04 LTS
modprobe tcp_bbr modprobe tcp_bbr && echo 'tcp_bbr' >> /etc/modules-load.d/bbr.conf
echo -e '\nnet.ipv4.tcp_congestion_control = bbr\nnet.ipv4.tcp_notsent_lowat = 16384' >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf echo -e '\nnet.ipv4.tcp_congestion_control = bbr\nnet.ipv4.tcp_notsent_lowat = 16384' >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
# On ubuntu 16.04 LTS # On ubuntu 16.04 LTS
modprobe tcp_htcp modprobe tcp_bbr && echo 'tcp_htcp' >> /etc/modules-load.d/htcp.conf
echo 'net.ipv4.tcp_congestion_control = htcp' >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf echo 'net.ipv4.tcp_congestion_control = htcp' >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
``` ```
@ -131,6 +133,20 @@ sudo systemctl daemon-reload
sudo systemctl restart mariadb sudo systemctl restart mariadb
``` ```
### Setup cronjob to optimize your MySQL databases and repair them if needed
Open the crontab editor
```bash
sudo crontab -e
```
Then add the following cronjob
```cronjob
@weekly /usr/bin/mysqlcheck -Aos --auto-repair > /dev/null 2>&1
```
## Install EasyEngine ## Install EasyEngine
```bash ```bash
@ -188,6 +204,7 @@ php7.1-gd php7.1-curl php7.1-bz2 php7.1-xml php7.1-tidy php7.1-soap php7.1-bcmat
# copy php-fpm pools & php.ini configuration # copy php-fpm pools & php.ini configuration
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.1/fpm/* /etc/php/7.1/fpm/ cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.1/fpm/* /etc/php/7.1/fpm/
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.1/cli/* /etc/php/7.1/cli/
service php7.1-fpm restart service php7.1-fpm restart
git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.1 configuration" git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.1 configuration"
@ -202,6 +219,7 @@ apt update && apt install php7.2-fpm php7.2-xml php7.2-bz2 php7.2-zip php7.2-mys
# copy php-fpm pools & php.ini configuration # copy php-fpm pools & php.ini configuration
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.2/fpm/* /etc/php/7.2/fpm/ cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.2/fpm/* /etc/php/7.2/fpm/
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.2/cli/* /etc/php/7.2/cli/
service php7.2-fpm restart service php7.2-fpm restart
git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.2 configuration" git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.2 configuration"
@ -216,6 +234,7 @@ apt update && apt install php7.3-fpm php7.3-xml php7.3-bz2 php7.3-zip php7.3-mys
# copy php-fpm pools & php.ini configuration # copy php-fpm pools & php.ini configuration
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.3/fpm/* /etc/php/7.3/fpm/ cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.3/fpm/* /etc/php/7.3/fpm/
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.3/cli/* /etc/php/7.3/cli/
service php7.3-fpm restart service php7.3-fpm restart
git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.3 configuration" git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.3 configuration"
@ -249,7 +268,7 @@ Then you can check php version with command `php -v`
### Additional Nginx configuration (/etc/nginx/conf.d) ### Additional Nginx configuration (/etc/nginx/conf.d)
- New upstreams (php7.1, php7.2, php7.3 netdata and php socket) : upstream.conf - New upstreams (php7.1, php7.2, php7.3, netdata and php via unix socket) : upstream.conf
- webp image mapping : webp.conf - webp image mapping : webp.conf
- new fastcgi_cache_bypass mapping for wordpress : map-wp-fastcgi-cache.conf - new fastcgi_cache_bypass mapping for wordpress : map-wp-fastcgi-cache.conf
- stub_status configuration on 127.0.0.1:80 : stub_status.conf - stub_status configuration on 127.0.0.1:80 : stub_status.conf
@ -279,27 +298,17 @@ git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update commo
### Compile last Nginx mainline release with [nginx-ee script](https://github.com/VirtuBox/nginx-ee) ### Compile last Nginx mainline release with [nginx-ee script](https://github.com/VirtuBox/nginx-ee)
```bash ```bash
bash <(wget -O - https://raw.githubusercontent.com/VirtuBox/nginx-ee/master/nginx-build.sh) bash <(wget -O - virtubox.net/nginx-ee || curl -sL virtubox.net/nginx-ee)
``` ```
* * * * * *
## Custom configurations ## Custom configurations
### clean php-fpm php.ini configuration
```bash
# PHP 7.0
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.0/* /etc/php/7.0/
service php7.0-fpm restart
git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.2 configuration"
```
### Nginx optimized configurations ### Nginx optimized configurations
```bash ```bash
# TLSv1.2 TLSv1.3 only # TLSv1.2 TLSv1.3 only (recommended)
cp -f $HOME/ubuntu-nginx-web-server/etc/nginx/nginx.conf /etc/nginx/nginx.conf cp -f $HOME/ubuntu-nginx-web-server/etc/nginx/nginx.conf /etc/nginx/nginx.conf
# TLS intermediate - TLS v1.0 v1.1 v1.2 v1.3 # TLS intermediate - TLS v1.0 v1.1 v1.2 v1.3
@ -394,7 +403,7 @@ echo '-U 0' >> /etc/memcached.conf
sudo systemctl restart memcached sudo systemctl restart memcached
``` ```
If you do not use memcached, you can safely stop and disable it : If you do not use memcached, you can safely stop it and disable it :
```bash ```bash
sudo systemctl stop memcached sudo systemctl stop memcached
@ -445,7 +454,7 @@ echo -e '\n[proftpd]\nenabled = true\n' >> /etc/fail2ban/jail.d/custom.conf
fail2ban-client reload fail2ban-client reload
``` ```
#### Adding users #### Adding FTP users
```bash ```bash
# create user without shell access in group www-data # create user without shell access in group www-data
@ -482,12 +491,13 @@ source .bashrc
```bash ```bash
bash <(curl -Ss https://my-netdata.io/kickstart.sh) all
# save 40-60% of netdata memory # save 40-60% of netdata memory
echo 1 >/sys/kernel/mm/ksm/run echo 1 >/sys/kernel/mm/ksm/run
echo 1000 >/sys/kernel/mm/ksm/sleep_millisecs echo 1000 >/sys/kernel/mm/ksm/sleep_millisecs
# install netdata
bash <(curl -Ss https://my-netdata.io/kickstart.sh) all --dont-wait
# increase open files limits for netdata # increase open files limits for netdata
sudo mkdir -p /etc/systemd/system/netdata.service.d sudo mkdir -p /etc/systemd/system/netdata.service.d
echo -e '[Service]\nLimitNOFILE=500000' > /etc/systemd/system/netdata.service.d/limits.conf echo -e '[Service]\nLimitNOFILE=500000' > /etc/systemd/system/netdata.service.d/limits.conf
@ -558,8 +568,7 @@ wget -qO /etc/bash_completion.d/wp-completion.bash https://raw.githubusercontent
chown www-data:www-data /var/www chown www-data:www-data /var/www
# download .profile & .bashrc for www-data # download .profile & .bashrc for www-data
cp -f $HOME/ubuntu-nginx-web-server/var/www/.profile /var/www/.profile cp -f $HOME/ubuntu-nginx-web-server/var/www/.* /var/www/
cp -f $HOME/ubuntu-nginx-web-server/var/www/.bashrc /var/www/.bashrc
# set owner # set owner
chown www-data:www-data /var/www/{.profile,.bashrc} chown www-data:www-data /var/www/{.profile,.bashrc}