Browse Source

remove useless section after wordops update

master
VirtuBox 1 year ago
parent
commit
c0e6a456ce
20 changed files with 258 additions and 523 deletions
  1. +120
    -81
      README.md
  2. +119
    -81
      docs/README.md
  3. +12
    -0
      etc/cron.weekly/wo-maintenance
  4. +0
    -16
      etc/nginx/common/error_pages.conf
  5. +0
    -1
      etc/nginx/common/ocsp.conf
  6. +0
    -10
      etc/nginx/common/php72-tcp.conf
  7. +0
    -10
      etc/nginx/common/php73.conf
  8. +0
    -56
      etc/nginx/common/redis-php72.conf
  9. +0
    -31
      etc/nginx/common/w3tc-php72.conf
  10. +0
    -25
      etc/nginx/common/wp-fcgi-cache-php72.conf
  11. +0
    -37
      etc/nginx/common/wpfc-php72.conf
  12. +0
    -31
      etc/nginx/common/wpsc-php72.conf
  13. +2
    -2
      etc/nginx/conf.d/fastcgi.conf
  14. +0
    -36
      etc/nginx/conf.d/map-wp-fastcgi-cache.conf
  15. +0
    -3
      etc/nginx/conf.d/stub_status.conf
  16. +0
    -91
      etc/nginx/conf.d/upstream.conf
  17. +0
    -4
      etc/nginx/conf.d/webp.conf
  18. +1
    -3
      etc/nginx/nginx-intermediate.conf
  19. +2
    -2
      etc/nginx/nginx-tlsv12.conf
  20. +2
    -3
      etc/nginx/nginx.conf

+ 120
- 81
README.md View File

@@ -1,4 +1,4 @@
# Optimized configuration for Ubuntu server with WordOps
# Optimized configuration for WordOps running on Ubuntu server

## Server Stack

@@ -12,19 +12,82 @@
- Netdata
- UFW

* * *
--------------------------------------------------------------------------------

![](https://img.shields.io/github/license/virtubox/ubuntu-nginx-web-server.svg?style=flat) ![last-commit](https://img.shields.io/github/last-commit/virtubox/ubuntu-nginx-web-server.svg?style=flat) ![stars](https://img.shields.io/github/stars/VirtuBox/ubuntu-nginx-web-server.svg?style=flat)

### Info

**As EasyEngine v3 will no longer receive any updates, configurations available in this repository are going to be updated for [WordOps](https://wordops.org/) (EEv3 fork).**
**As EasyEngine v3 will no longer receive any updates, configurations available in this repository are being updated for [WordOps](https://wordops.org/) (EEv3 fork).**

We are currently contributing to WordOps project to include the most part of custom configurations available in this repository

All previous configurations are still available in the branch [easyengine-v3](https://github.com/VirtuBox/ubuntu-nginx-web-server/tree/easyengine-v3).

To automate WordOps deployement, we have published a bash script [wo-nginx-setup](https://github.com/VirtuBox/wo-nginx-setup).
--------------------------------------------------------------------------------

- [Initial configuration](#initial-configuration)

- [System update and packages cleanup](#system-update-and-packages-cleanup)
- [Install useful packages](#install-useful-packages)
- [Clone the repository](#clone-the-repository)
- [Updating the repository](#updating-the-repository)
- [Tweak Kernel & Increase open files limits](#tweak-kernel--increase-open-files-limits)
- [disable transparent hugepage for redis](#disable-transparent-hugepage-for-redis)

- [WordOps Setup](#wordops-setup)

- [Install MariaDB 10.3](#install-mariadb-103)
- [MySQL Tuning](#mysql-tuning)
- [Increase MariaDB open files limits](#increase-mariadb-open-files-limits)
- [Setup cronjob to optimize your MySQL databases and repair them if needed](#setup-cronjob-to-optimize-your-mysql-databases-and-repair-them-if-needed)

- [Install WordOps](#install-wordops)

- [enable wo bash_completion](#enable-wo-bash_completion)
- [Install Nginx, php7.2, and configure WO backend](#install-nginx-php72-and-configure-wo-backend)
- [Set your email instead of root@localhost](#set-your-email-instead-of-rootlocalhost)
- [Install Composer - Fix phpmyadmin install issue](#install-composer---fix-phpmyadmin-install-issue)
- [Allow shell for www-data for SFTP usage](#allow-shell-for-www-data-for-sftp-usage)
- [Set the proper alternative for /usr/bin/php](#set-the-proper-alternative-for-usrbinphp)

- [NGINX Configuration](#nginx-configuration)

- [Additional Nginx configuration (/etc/nginx/conf.d)](#additional-nginx-configuration-etcnginxconfd)
- [WO common configuration](#wo-common-configuration)
- [Compile last Nginx mainline release with nginx-ee](#compile-last-nginx-mainline-release-with-nginx-ee-scripthttpsgithubcomvirtuboxnginx-ee)
- [Custom configurations](#custom-configurations)
- [Nginx optimized configurations](#nginx-optimized-configurations-choose-one-of-them)
- [Increase Nginx open files limits](#increase-nginx-open-files-limits)

- [Security](#security)

- [Harden SSH Security](#harden-ssh-security)
- [UFW](#ufw)
- [Custom jails for fail2ban](#custom-jails-for-fail2ban)
- [Secure Memcached server](#secure-memcached-server)

- [Optional](#optional)

- [proftpd](#proftpd)

- [Install proftpd](#install-proftpd)
- [Adding FTP users](#adding-ftp-users)

* * *
- [ee-acme-sh](#ee-acme-sh)

- [netdata](#netdata)
- [cht.sh (cheat)](#chtsh-cheat)
- [nanorc - Improved Nano Syntax Highlighting Files](#nanorc---improved-nano-syntax-highlighting-files)
- [Add WP-CLI & bash-completion for user www-data](#add-wp-cli--bash-completion-for-user-www-data)

- [Cleanup previous EasyEngine v3](#cleanup-previous-easyengine-v3)

- [Backup EEv3 configurations and files](#backup-eev3-configurations-and-files)
- [Remove EEv3 configurations and data](#remove-eev3-configurations-and-data)
- [Removing previous php versions](#removing-previous-php-versions)

--------------------------------------------------------------------------------

Configuration files with comments available by following the link **source**

@@ -33,7 +96,7 @@ Configuration files with comments available by following the link **source**
### System update and packages cleanup

```bash
apt-get update && apt-get upgrade -y && apt-get autoremove --purge -y && apt-get clean
apt-get update && apt-get dist-upgrade -y && apt-get autoremove --purge -y && apt-get clean
```

### Install useful packages
@@ -48,6 +111,12 @@ sudo apt-get install haveged curl git unzip zip fail2ban htop nload nmon ntp gnu
git clone https://github.com/VirtuBox/ubuntu-nginx-web-server.git $HOME/ubuntu-nginx-web-server
```

### Updating the repository

```bash
git -C $HOME/ubuntu-nginx-web-server pull origin master
```

### Tweak Kernel & Increase open files limits

[source sysctl.conf](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/sysctl.conf) - [limits.conf source](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/security/limits.conf)
@@ -86,12 +155,14 @@ sudo bash -c 'echo -e "* hard nofile 500000\n* soft n
echo never > /sys/kernel/mm/transparent_hugepage/enabled
```

* * *
--------------------------------------------------------------------------------

## EasyEngine Setup
## WordOps Setup

### Install MariaDB 10.3

**WordOps already install MariaDB 10.3 by default, so this section isn't needed anymore**

Instructions available in [VirtuBox Knowledgebase](https://kb.virtubox.net/knowledgebase/install-latest-mariadb-release-easyengine/)

```bash
@@ -153,7 +224,7 @@ Then add the following cronjob
# noninteractive install - you can replace $USER with your username & root@$HOSTNAME by your email
sudo bash -c 'echo -e "[user]\n\tname = $USER\n\temail = root@$HOSTNAME" > $HOME/.gitconfig'

wget -qO wo https://raw.githubusercontent.com/WordOps/WordOps/master/install && sudo bash wo
wget -qO wo wordops.se/tup && sudo bash wo
```

### enable wo bash_completion
@@ -162,10 +233,11 @@ wget -qO wo https://raw.githubusercontent.com/WordOps/WordOps/master/install &&
source /etc/bash_completion.d/wo_auto.rc
```

### Install Nginx, php7.2, and configure WO backend
### Install Nginx, php7.2, php7.3, and configure WO backend

```bash
wo stack install
wo stack install --php73 --admin
```

### Set your email instead of root@localhost
@@ -192,53 +264,9 @@ sudo -u www-data -H composer update -d /var/www/22222/htdocs/db/pma/
usermod -s /bin/bash www-data
```

## PHP 7.1 - 7.2 - 7.3 Setup

### Install php7.1-fpm

```bash
# php7.1-fpm
apt update && apt install php7.1-fpm php7.1-cli php7.1-zip php7.1-opcache php7.1-mysql php7.1-mcrypt php7.1-mbstring php7.1-json php7.1-intl \
php7.1-gd php7.1-curl php7.1-bz2 php7.1-xml php7.1-tidy php7.1-soap php7.1-bcmath -y php7.1-xsl

# copy php-fpm pools & php.ini configuration
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.1/fpm/* /etc/php/7.1/fpm/
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.1/cli/* /etc/php/7.1/cli/
service php7.1-fpm restart

git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.1 configuration"

```

### Install php7.2-fpm

```bash
# php7.2-fpm
apt update && apt install php7.2-fpm php7.2-xml php7.2-bz2 php7.2-zip php7.2-mysql php7.2-intl php7.2-gd php7.2-curl php7.2-soap php7.2-mbstring php7.2-bcmath -y

# copy php-fpm pools & php.ini configuration
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.2/fpm/* /etc/php/7.2/fpm/
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.2/cli/* /etc/php/7.2/cli/
service php7.2-fpm restart

git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.2 configuration"

```

### Install php7.3-fpm

```bash
# php7.3-fpm
apt update && apt install php7.3-fpm php7.3-xml php7.3-bz2 php7.3-zip php7.3-mysql php7.3-intl php7.3-gd php7.3-curl php7.3-soap php7.3-mbstring php7.3-bcmath -y

# copy php-fpm pools & php.ini configuration
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.3/fpm/* /etc/php/7.3/fpm/
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.3/cli/* /etc/php/7.3/cli/
service php7.3-fpm restart

git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.3 configuration"
## Install PHP

```
This section has been removed because WordOps already install PHP 7.2 & PHP 7.3 by default

### Set the proper alternative for /usr/bin/php

@@ -267,9 +295,6 @@ Then you can check php version with command `php -v`

### Additional Nginx configuration (/etc/nginx/conf.d)

- New upstreams (php7.1, php7.2, php7.3, netdata and php via unix socket) : upstream.conf
- webp image mapping : webp.conf
- new fastcgi_cache_bypass mapping for wordpress : map-wp-fastcgi-cache.conf
- stub_status configuration on 127.0.0.1:80 : stub_status.conf
- restore visitor real IP under Cloudflare : cloudflare.conf

@@ -283,8 +308,6 @@ git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update conf.

### WO common configuration

- mitigate WordPress DoS attack (wpcommon-phpX.conf)
- webp image conditional rewrite (wpcommon-phpX.conf)
- additional directives to prevent hack (locations-phpX.conf)

```bash
@@ -294,17 +317,19 @@ cp -rf $HOME/ubuntu-nginx-web-server/etc/nginx/common/* /etc/nginx/common/
git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update common configurations"
```

### Compile last Nginx mainline release with [nginx-ee script](https://github.com/VirtuBox/nginx-ee)
### Compile the latest Nginx release with [nginx-ee](https://github.com/VirtuBox/nginx-ee)

```bash
bash <(wget -O - virtubox.net/nginx-ee || curl -sL virtubox.net/nginx-ee)
```

* * *
--------------------------------------------------------------------------------

## Custom configurations

### Nginx optimized configurations (choose one of them)
### Nginx optimized configurations

Choose one of them

```bash
# TLSv1.2 TLSv1.3 only (recommended)
@@ -315,7 +340,9 @@ cp -f $HOME/ubuntu-nginx-web-server/etc/nginx/nginx.conf /etc/nginx/nginx-interm

# TLSv1.2 only
cp -f $HOME/ubuntu-nginx-web-server/etc/nginx/nginx.conf /etc/nginx/nginx-tlsv12.conf
```

```bash
# commit change with git
git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update nginx.conf configurations"
```
@@ -340,15 +367,17 @@ sudo systemctl daemon-reload
sudo systemctl restart nginx.service
```

* * *
--------------------------------------------------------------------------------

## Security

### Harden SSH Security

WARNING : SSH Configuration with root login allowed using SSH keys only [source](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/ssh/sshd_config)
WARNING : SSH Configuration with root login allowed using SSH keys only [source](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/ssh/sshd_config)

cp -f $HOME/ubuntu-nginx-web-server/etc/ssh/sshd_config /etc/ssh/sshd_config
```
cp -f $HOME/ubuntu-nginx-web-server/etc/ssh/sshd_config /etc/ssh/sshd_config
```

### UFW

@@ -409,7 +438,7 @@ sudo systemctl stop memcached
sudo systemctl disable memcached.service
```

* * *
--------------------------------------------------------------------------------

## Optional

@@ -463,7 +492,7 @@ adduser --home /var/www/yourdomain.tld/ --shell /bin/false --ingroup www-data yo
chmod -R g+rw /var/www/yourdomain.tld
```

* * *
--------------------------------------------------------------------------------

### ee-acme-sh

@@ -482,14 +511,13 @@ chmod +x install-ee-acme.sh
source .bashrc
```

* * *
--------------------------------------------------------------------------------

### netdata

[Github repository](https://github.com/firehol/netdata)

```bash

# save 40-60% of netdata memory
echo 1 >/sys/kernel/mm/ksm/run
echo 1000 >/sys/kernel/mm/ksm/sleep_millisecs
@@ -509,7 +537,7 @@ sudo sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/' /usr/lib/netdata/conf.d/health
service netdata restart
```

* * *
--------------------------------------------------------------------------------

### cht.sh (cheat)

@@ -545,7 +573,7 @@ root@vps:~ cheat cat
cat -n file
```

* * *
--------------------------------------------------------------------------------

### nanorc - Improved Nano Syntax Highlighting Files

@@ -555,7 +583,7 @@ root@vps:~ cheat cat
wget https://raw.githubusercontent.com/scopatz/nanorc/master/install.sh -qO- | sh
```

* * *
--------------------------------------------------------------------------------

### Add WP-CLI & bash-completion for user www-data

@@ -573,21 +601,32 @@ cp -f $HOME/ubuntu-nginx-web-server/var/www/.* /var/www/
chown www-data:www-data /var/www/{.profile,.bashrc}
```

### Custom Nginx error pages
## Cleanup previous EasyEngine v3

[Github Repository](https://github.com/alexphelps/server-error-pages)
### Backup EEv3 configurations and files

Installation
```bash
tar -I pigz -cvf $HOME/ee-backup.tar.gz /etc/ee /var/lib/ee /usr/lib/ee/templates
```

### Remove EEv3 configurations and data

```bash
# clone the github repository
sudo -u www-data -H git clone https://github.com/alexphelps/server-error-pages.git /var/www/error
# main ee directories
rm -rf /etc/ee /var/lib/ee /usr/lib/ee /usr/local/bin/ee /etc/bash_completion.d/ee_auto.rc

# python package
rm -rf /usr/local/lib/python3.6/dist-packages/ee-3.*
```

Then include this configuration in your nginx vhost by adding the following line
### Removing previous php versions

```bash
include common/error_pages.conf;
# php5.6
apt-get -y autoremove php5.6-fpm php5.6-common --purge

# php7.0
apt-get -y autoremove php7.0-fpm php7.0-common --purge
```

Published & maintained by [VirtuBox](https://virtubox.net)

+ 119
- 81
docs/README.md View File

@@ -1,4 +1,4 @@
# Optimized configuration for Ubuntu server with WordOps
# Optimized configuration for WordOps running on Ubuntu server

## Server Stack

@@ -12,19 +12,81 @@
- Netdata
- UFW

* * *
--------------------------------------------------------------------------------

![](https://img.shields.io/github/license/virtubox/ubuntu-nginx-web-server.svg?style=flat) ![last-commit](https://img.shields.io/github/last-commit/virtubox/ubuntu-nginx-web-server.svg?style=flat) ![stars](https://img.shields.io/github/stars/VirtuBox/ubuntu-nginx-web-server.svg?style=flat)

### Info

**As EasyEngine v3 will no longer receive any updates, configurations available in this repository are going to be updated for [WordOps](https://wordops.org/) (EEv3 fork).**
**As EasyEngine v3 will no longer receive any updates, configurations available in this repository are being updated for [WordOps](https://wordops.org/) (EEv3 fork).**

We are currently contributing to WordOps project to include the most part of custom configurations available in this repository

All previous configurations are still available in the branch [easyengine-v3](https://github.com/VirtuBox/ubuntu-nginx-web-server/tree/easyengine-v3).

To automate WordOps deployement, we have published a bash script [wo-nginx-setup](https://github.com/VirtuBox/wo-nginx-setup).
--------------------------------------------------------------------------------

- [Initial configuration](#initial-configuration)

- [System update and packages cleanup](#system-update-and-packages-cleanup)
- [Install useful packages](#install-useful-packages)
- [Clone the repository](#clone-the-repository)
- [Updating the repository](#updating-the-repository)
- [Tweak Kernel & Increase open files limits](#tweak-kernel--increase-open-files-limits)
- [disable transparent hugepage for redis](#disable-transparent-hugepage-for-redis)

- [WordOps Setup](#wordops-setup)

- [Install MariaDB 10.3](#install-mariadb-103)
- [MySQL Tuning](#mysql-tuning)
- [Increase MariaDB open files limits](#increase-mariadb-open-files-limits)
- [Setup cronjob to optimize your MySQL databases and repair them if needed](#setup-cronjob-to-optimize-your-mysql-databases-and-repair-them-if-needed)

- [Install WordOps](#install-wordops)

- [enable wo bash_completion](#enable-wo-bash_completion)
- [Install Nginx, php7.2, and configure WO backend](#install-nginx-php72-and-configure-wo-backend)
- [Set your email instead of root@localhost](#set-your-email-instead-of-rootlocalhost)
- [Install Composer - Fix phpmyadmin install issue](#install-composer---fix-phpmyadmin-install-issue)
- [Allow shell for www-data for SFTP usage](#allow-shell-for-www-data-for-sftp-usage)
- [Set the proper alternative for /usr/bin/php](#set-the-proper-alternative-for-usrbinphp)

- [NGINX Configuration](#nginx-configuration)

- [Additional Nginx configuration (/etc/nginx/conf.d)](#additional-nginx-configuration-etcnginxconfd)
- [WO common configuration](#wo-common-configuration)
- [Compile last Nginx mainline release with nginx-ee](#compile-last-nginx-mainline-release-with-nginx-ee-scripthttpsgithubcomvirtuboxnginx-ee)
- [Custom configurations](#custom-configurations)
- [Nginx optimized configurations](#nginx-optimized-configurations-choose-one-of-them)
- [Increase Nginx open files limits](#increase-nginx-open-files-limits)

- [Security](#security)

- [Harden SSH Security](#harden-ssh-security)
- [UFW](#ufw)
- [Custom jails for fail2ban](#custom-jails-for-fail2ban)
- [Secure Memcached server](#secure-memcached-server)

- [Optional](#optional)

- [proftpd](#proftpd)

- [Install proftpd](#install-proftpd)
- [Adding FTP users](#adding-ftp-users)

* * *
- [ee-acme-sh](#ee-acme-sh)
- [netdata](#netdata)
- [cht.sh (cheat)](#chtsh-cheat)
- [nanorc - Improved Nano Syntax Highlighting Files](#nanorc---improved-nano-syntax-highlighting-files)
- [Add WP-CLI & bash-completion for user www-data](#add-wp-cli--bash-completion-for-user-www-data)

- [Cleanup previous EasyEngine v3](#cleanup-previous-easyengine-v3)

- [Backup EEv3 configurations and files](#backup-eev3-configurations-and-files)
- [Remove EEv3 configurations and data](#remove-eev3-configurations-and-data)
- [Removing previous php versions](#removing-previous-php-versions)

--------------------------------------------------------------------------------

Configuration files with comments available by following the link **source**

@@ -33,7 +95,7 @@ Configuration files with comments available by following the link **source**
### System update and packages cleanup

```bash
apt-get update && apt-get upgrade -y && apt-get autoremove --purge -y && apt-get clean
apt-get update && apt-get dist-upgrade -y && apt-get autoremove --purge -y && apt-get clean
```

### Install useful packages
@@ -48,6 +110,12 @@ sudo apt-get install haveged curl git unzip zip fail2ban htop nload nmon ntp gnu
git clone https://github.com/VirtuBox/ubuntu-nginx-web-server.git $HOME/ubuntu-nginx-web-server
```

### Updating the repository

```bash
git -C $HOME/ubuntu-nginx-web-server pull origin master
```

### Tweak Kernel & Increase open files limits

[source sysctl.conf](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/sysctl.conf) - [limits.conf source](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/security/limits.conf)
@@ -86,12 +154,14 @@ sudo bash -c 'echo -e "* hard nofile 500000\n* soft n
echo never > /sys/kernel/mm/transparent_hugepage/enabled
```

* * *
--------------------------------------------------------------------------------

## EasyEngine Setup
## WordOps Setup

### Install MariaDB 10.3

**WordOps already install MariaDB 10.3 by default, so this section isn't needed anymore**

Instructions available in [VirtuBox Knowledgebase](https://kb.virtubox.net/knowledgebase/install-latest-mariadb-release-easyengine/)

```bash
@@ -153,7 +223,7 @@ Then add the following cronjob
# noninteractive install - you can replace $USER with your username & root@$HOSTNAME by your email
sudo bash -c 'echo -e "[user]\n\tname = $USER\n\temail = root@$HOSTNAME" > $HOME/.gitconfig'

wget -qO wo https://raw.githubusercontent.com/WordOps/WordOps/master/install && sudo bash wo
wget -qO wo wordops.se/tup && sudo bash wo
```

### enable wo bash_completion
@@ -162,10 +232,11 @@ wget -qO wo https://raw.githubusercontent.com/WordOps/WordOps/master/install &&
source /etc/bash_completion.d/wo_auto.rc
```

### Install Nginx, php7.2, and configure WO backend
### Install Nginx, php7.2, php7.3, and configure WO backend

```bash
wo stack install
wo stack install --php73 --admin
```

### Set your email instead of root@localhost
@@ -192,53 +263,9 @@ sudo -u www-data -H composer update -d /var/www/22222/htdocs/db/pma/
usermod -s /bin/bash www-data
```

## PHP 7.1 - 7.2 - 7.3 Setup

### Install php7.1-fpm

```bash
# php7.1-fpm
apt update && apt install php7.1-fpm php7.1-cli php7.1-zip php7.1-opcache php7.1-mysql php7.1-mcrypt php7.1-mbstring php7.1-json php7.1-intl \
php7.1-gd php7.1-curl php7.1-bz2 php7.1-xml php7.1-tidy php7.1-soap php7.1-bcmath -y php7.1-xsl
## Install PHP

# copy php-fpm pools & php.ini configuration
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.1/fpm/* /etc/php/7.1/fpm/
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.1/cli/* /etc/php/7.1/cli/
service php7.1-fpm restart

git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.1 configuration"

```

### Install php7.2-fpm

```bash
# php7.2-fpm
apt update && apt install php7.2-fpm php7.2-xml php7.2-bz2 php7.2-zip php7.2-mysql php7.2-intl php7.2-gd php7.2-curl php7.2-soap php7.2-mbstring php7.2-bcmath -y

# copy php-fpm pools & php.ini configuration
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.2/fpm/* /etc/php/7.2/fpm/
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.2/cli/* /etc/php/7.2/cli/
service php7.2-fpm restart

git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.2 configuration"

```

### Install php7.3-fpm

```bash
# php7.3-fpm
apt update && apt install php7.3-fpm php7.3-xml php7.3-bz2 php7.3-zip php7.3-mysql php7.3-intl php7.3-gd php7.3-curl php7.3-soap php7.3-mbstring php7.3-bcmath -y

# copy php-fpm pools & php.ini configuration
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.3/fpm/* /etc/php/7.3/fpm/
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.3/cli/* /etc/php/7.3/cli/
service php7.3-fpm restart

git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.3 configuration"

```
This section has been removed because WordOps already install PHP 7.2 & PHP 7.3 by default

### Set the proper alternative for /usr/bin/php

@@ -267,9 +294,6 @@ Then you can check php version with command `php -v`

### Additional Nginx configuration (/etc/nginx/conf.d)

- New upstreams (php7.1, php7.2, php7.3, netdata and php via unix socket) : upstream.conf
- webp image mapping : webp.conf
- new fastcgi_cache_bypass mapping for wordpress : map-wp-fastcgi-cache.conf
- stub_status configuration on 127.0.0.1:80 : stub_status.conf
- restore visitor real IP under Cloudflare : cloudflare.conf

@@ -283,8 +307,6 @@ git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update conf.

### WO common configuration

- mitigate WordPress DoS attack (wpcommon-phpX.conf)
- webp image conditional rewrite (wpcommon-phpX.conf)
- additional directives to prevent hack (locations-phpX.conf)

```bash
@@ -294,17 +316,19 @@ cp -rf $HOME/ubuntu-nginx-web-server/etc/nginx/common/* /etc/nginx/common/
git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update common configurations"
```

### Compile last Nginx mainline release with [nginx-ee script](https://github.com/VirtuBox/nginx-ee)
### Compile the latest Nginx release with [nginx-ee](https://github.com/VirtuBox/nginx-ee)

```bash
bash <(wget -O - virtubox.net/nginx-ee || curl -sL virtubox.net/nginx-ee)
```

* * *
--------------------------------------------------------------------------------

## Custom configurations

### Nginx optimized configurations (choose one of them)
### Nginx optimized configurations

Choose one of them

```bash
# TLSv1.2 TLSv1.3 only (recommended)
@@ -315,7 +339,9 @@ cp -f $HOME/ubuntu-nginx-web-server/etc/nginx/nginx.conf /etc/nginx/nginx-interm

# TLSv1.2 only
cp -f $HOME/ubuntu-nginx-web-server/etc/nginx/nginx.conf /etc/nginx/nginx-tlsv12.conf
```

```bash
# commit change with git
git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update nginx.conf configurations"
```
@@ -340,15 +366,17 @@ sudo systemctl daemon-reload
sudo systemctl restart nginx.service
```

* * *
--------------------------------------------------------------------------------

## Security

### Harden SSH Security

WARNING : SSH Configuration with root login allowed using SSH keys only [source](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/ssh/sshd_config)
WARNING : SSH Configuration with root login allowed using SSH keys only [source](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/ssh/sshd_config)

cp -f $HOME/ubuntu-nginx-web-server/etc/ssh/sshd_config /etc/ssh/sshd_config
```
cp -f $HOME/ubuntu-nginx-web-server/etc/ssh/sshd_config /etc/ssh/sshd_config
```

### UFW

@@ -409,7 +437,7 @@ sudo systemctl stop memcached
sudo systemctl disable memcached.service
```

* * *
--------------------------------------------------------------------------------

## Optional

@@ -463,7 +491,7 @@ adduser --home /var/www/yourdomain.tld/ --shell /bin/false --ingroup www-data yo
chmod -R g+rw /var/www/yourdomain.tld
```

* * *
--------------------------------------------------------------------------------

### ee-acme-sh

@@ -482,14 +510,13 @@ chmod +x install-ee-acme.sh
source .bashrc
```

* * *
--------------------------------------------------------------------------------

### netdata

[Github repository](https://github.com/firehol/netdata)

```bash

# save 40-60% of netdata memory
echo 1 >/sys/kernel/mm/ksm/run
echo 1000 >/sys/kernel/mm/ksm/sleep_millisecs
@@ -509,7 +536,7 @@ sudo sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/' /usr/lib/netdata/conf.d/health
service netdata restart
```

* * *
--------------------------------------------------------------------------------

### cht.sh (cheat)

@@ -545,7 +572,7 @@ root@vps:~ cheat cat
cat -n file
```

* * *
--------------------------------------------------------------------------------

### nanorc - Improved Nano Syntax Highlighting Files

@@ -555,7 +582,7 @@ root@vps:~ cheat cat
wget https://raw.githubusercontent.com/scopatz/nanorc/master/install.sh -qO- | sh
```

* * *
--------------------------------------------------------------------------------

### Add WP-CLI & bash-completion for user www-data

@@ -573,21 +600,32 @@ cp -f $HOME/ubuntu-nginx-web-server/var/www/.* /var/www/
chown www-data:www-data /var/www/{.profile,.bashrc}
```

### Custom Nginx error pages
## Cleanup previous EasyEngine v3

[Github Repository](https://github.com/alexphelps/server-error-pages)
### Backup EEv3 configurations and files

Installation
```bash
tar -I pigz -cvf $HOME/ee-backup.tar.gz /etc/ee /var/lib/ee /usr/lib/ee/templates
```

### Remove EEv3 configurations and data

```bash
# clone the github repository
sudo -u www-data -H git clone https://github.com/alexphelps/server-error-pages.git /var/www/error
# main ee directories
rm -rf /etc/ee /var/lib/ee /usr/lib/ee /usr/local/bin/ee /etc/bash_completion.d/ee_auto.rc

# python package
rm -rf /usr/local/lib/python3.6/dist-packages/ee-3.*
```

Then include this configuration in your nginx vhost by adding the following line
### Removing previous php versions

```bash
include common/error_pages.conf;
# php5.6
apt-get -y autoremove php5.6-fpm php5.6-common --purge

# php7.0
apt-get -y autoremove php7.0-fpm php7.0-common --purge
```

Published & maintained by [VirtuBox](https://virtubox.net)

+ 12
- 0
etc/cron.weekly/wo-maintenance View File

@@ -0,0 +1,12 @@
#!/bin/sh

# update wp-cli
[ -x /usr/bin/wp ] && {
/usr/bin/wp cli update --yes --allow-root
} > /dev/null 2>&1

# optimize mysql databases
if [ -x /usr/bin/mysqlcheck ] && [ -f /root/.my.cnf ]; then
/usr/bin/mysqlcheck -Aos --auto-repair > /dev/null 2>&1
fi


+ 0
- 16
etc/nginx/common/error_pages.conf View File

@@ -1,16 +0,0 @@
error_page 400 /400-error.html;
error_page 401 /401-error.html;
error_page 403 /403-error.html;
error_page 404 /404-error.html;
error_page 500 /500-error.html;
error_page 503 /503-error.html;
error_page 504 /504-error.html;

location ~ /(.*)-error.html {
try_files $1-error.html @error;
internal;
}

location @error {
root /var/www/error/_site;
}

+ 0
- 1
etc/nginx/common/ocsp.conf View File

@@ -1,4 +1,3 @@
##OCSP settings
ssl_stapling on;
ssl_stapling_verify on;
#ssl_trusted_certificate /etc/ssl/private/ocsp-certs.pem; # <- Add signing certs here

+ 0
- 10
etc/nginx/common/php72-tcp.conf View File

@@ -1,10 +0,0 @@
# PHP NGINX CONFIGURATION
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass php72-tcp;
}

+ 0
- 10
etc/nginx/common/php73.conf View File

@@ -1,10 +0,0 @@
# PHP NGINX CONFIGURATION
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass php73;
}

+ 0
- 56
etc/nginx/common/redis-php72.conf View File

@@ -1,56 +0,0 @@
# Redis NGINX CONFIGURATION
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
set $skip_cache 0;
# POST requests and URL with a query string should always go to php
if ($request_method = POST) {
set $skip_cache 1;
}
if ($query_string != "") {
set $skip_cache 1;
}
# Don't cache URL containing the following segments
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") {
set $skip_cache 1;
}
# Don't use the cache for logged in users or recent commenter or customer with items in cart
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") {
set $skip_cache 1;
}
# Use cached or actual file if they exists, Otherwise pass request to WordPress
location / {
try_files $uri $uri/ /index.php$is_args$args;
}

location /redis-fetch {
internal ;
set $redis_key $args;
redis_pass redis;
}
location /redis-store {
internal ;
set_unescape_uri $key $arg_key ;
redis2_query set $key $echo_request_body;
redis2_query expire $key 14400;
redis2_pass redis;
}

location ~ \.php$ {
set $key "nginx-cache:$scheme$request_method$host$request_uri";
try_files $uri =404;

srcache_fetch_skip $skip_cache;
srcache_store_skip $skip_cache;

srcache_response_cache_control off;

set_escape_uri $escaped_key $key;

srcache_fetch GET /redis-fetch $key;
srcache_store PUT /redis-store key=$escaped_key;

more_set_headers 'X-SRCache-Fetch-Status $srcache_fetch_status';
more_set_headers 'X-SRCache-Store-Status $srcache_store_status';

include fastcgi_params;
fastcgi_pass php72;
}

+ 0
- 31
etc/nginx/common/w3tc-php72.conf View File

@@ -1,31 +0,0 @@

# W3TC NGINX CONFIGURATION
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
set $cache_uri $request_uri;
# POST requests and URL with a query string should always go to php
if ($request_method = POST) {
set $cache_uri 'null cache';
}
if ($query_string != "") {
set $cache_uri 'null cache';
}
# Don't cache URL containing the following segments
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") {
set $cache_uri 'null cache';
}
# Don't use the cache for logged in users or recent commenter or customer with items in cart
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") {
set $cache_uri 'null cache';
}
# Use cached or actual file if they exists, Otherwise pass request to WordPress
location / {
try_files /wp-content/cache/page_enhanced/${host}${cache_uri}_index.html $uri $uri/ /index.php$is_args$args;
}
location ~ ^/wp-content/cache/minify/(.+\.(css|js))$ {
try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1;
}
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass php72;
}

+ 0
- 25
etc/nginx/common/wp-fcgi-cache-php72.conf View File

@@ -1,25 +0,0 @@
# wordpress fastcgi cache configuration

add_header X-fastcgi-cache $upstream_cache_status;

location / {
try_files $uri $uri/ /index.php$is_args$args;
}

location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass php72;

fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;

fastcgi_cache WORDPRESS;
fastcgi_cache_valid 200 60m;

}

location ~ /purge(/.*) {
fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1";
access_log off;
}

+ 0
- 37
etc/nginx/common/wpfc-php72.conf View File

@@ -1,37 +0,0 @@
# WPFC NGINX CONFIGURATION
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
set $skip_cache 0;
# POST requests and URL with a query string should always go to php
if ($request_method = POST) {
set $skip_cache 1;
}
if ($query_string != "") {
set $skip_cache 1;
}
# Don't cache URL containing the following segments
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") {
set $skip_cache 1;
}
# Don't use the cache for logged in users or recent commenter or customer with items in cart
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") {
set $skip_cache 1;
}
# Use cached or actual file if they exists, Otherwise pass request to WordPress
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ ^/wp-content/cache/minify/(.+\.(css|js))$ {
try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1;
}
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass php72;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache WORDPRESS;
}
location ~ /purge(/.*) {
fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1";
access_log off;
}

+ 0
- 31
etc/nginx/common/wpsc-php72.conf View File

@@ -1,31 +0,0 @@
# WPSC NGINX CONFIGURATION
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
set $cache_uri $request_uri;
# POST requests and URL with a query string should always go to php
if ($request_method = POST) {
set $cache_uri 'null cache';
}
if ($query_string != "") {
set $cache_uri 'null cache';
}
# Don't cache URL containing the following segments
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") {
set $cache_uri 'null cache';
}
# Don't use the cache for logged in users or recent commenter or customer with items in cart
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") {
set $cache_uri 'null cache';
}
# Use cached or actual file if they exists, Otherwise pass request to WordPress
location / {
# If we add index.php?$args its break WooCommerce like plugins
# Ref: #330
try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php;
}
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass php72;
# Following line is needed by WP Super Cache plugin
fastcgi_param SERVER_NAME $http_host;
}

+ 2
- 2
etc/nginx/conf.d/fastcgi.conf View File

@@ -19,5 +19,5 @@ fastcgi_cache_lock on;
fastcgi_cache_lock_age 1s;
fastcgi_cache_lock_timeout 3s;

# comment the following line if you run nginx < 1.15.6
fastcgi_socket_keepalive on;
# uncomment the following line if you run nginx 1.15.6 or earlier
# fastcgi_socket_keepalive on;

+ 0
- 36
etc/nginx/conf.d/map-wp-fastcgi-cache.conf View File

@@ -1,36 +0,0 @@
map $http_x_requested_with $http_request_no_cache {
default 0;
XMLHttpRequest 1;
}
map $http_cookie $cookie_no_cache {
default 0;
"~*wordpress_[a-f0-9]+" 1;
"~*wp-postpass" 1;
"~*wordpress_logged_in" 1;
"~*wordpress_no_cache" 1;
"~*comment_author" 1;
"~*woocommerce_items_in_cart" 1;
"~*woocommerce_cart_hash" 1;
"~*wptouch_switch_toogle" 1;
"~*comment_author_email_" 1;
}
map $request_uri $uri_no_cache {
default 0;
"~*/wp-admin/" 1;
"~*/wp-[a-zA-Z0-9-]+.php" 1;
"~*/feed/" 1;
"~*/index.php" 1;
"~*/[a-z0-9_-]+-sitemap([0-9]+)?.xml" 1;
"~*/sitemap(_index)?.xml" 1;
"~*/wp-comments-popup.php" 1;
"~*/wp-links-opml.php" 1;
"~*/xmlrpc.php" 1;
}
map $is_args $query_no_cache {
default 1;
"" 0;
}
map $http_request_no_cache$cookie_no_cache$uri_no_cache$query_no_cache $skip_cache {
default 1;
0000 0;
}

+ 0
- 3
etc/nginx/conf.d/stub_status.conf View File

@@ -1,8 +1,5 @@
upstream phpstatus {
server 127.0.0.1:9000;
server unix:/run/php/php7.2-fpm.sock;
server 127.0.0.1:9090;
server unix:/run/php72-fpm.sock;
}

server {


+ 0
- 91
etc/nginx/conf.d/upstream.conf View File

@@ -1,91 +0,0 @@
# Common upstream settings
# php5.6 & php7.0 are replaced by php7.2

##################
# php5.6-fpm
##################

upstream php {
least_conn;

server unix:/var/run/php/php72-fpm.sock;
server unix:/var/run/php/php72-sock-two-fpm.sock;

keepalive 5;
}

upstream debug {
# Debug Pool
server 127.0.0.1:9001;
}

##################
# php7.0-fpm
##################

# load-balancing on unix socket
upstream php7 {
least_conn;

server unix:/var/run/php/php72-fpm.sock;
server unix:/var/run/php/php72-sock-two-fpm.sock;

keepalive 5;
}

##################
# php7.2-fpm
##################

# load-balancing on unix socket
upstream php72 {
least_conn;

server unix:/var/run/php/php72-sock-fpm.sock;
server unix:/var/run/php/php72-sock-two-fpm.sock;

keepalive 5;
}

# PHP 7.2 debug
upstream debug72 {
# Debug Pool
server 127.0.0.1:9172;
}

##################
# php7.3-fpm
##################

# load-balancing on unix socket
upstream php73 {
least_conn;

server unix:/var/run/php/php73-sock-fpm.sock;
server unix:/var/run/php/php73-sock-two-fpm.sock;

keepalive 5;
}

upstream debug73 {
# Debug Pool
server 127.0.0.1:9173;
}

##################
# redis
##################

upstream redis {
server 127.0.0.1:6379;
keepalive 10;
}

##################
# netdata
##################

upstream netdata {
server 127.0.0.1:19999;
keepalive 64;
}

+ 0
- 4
etc/nginx/conf.d/webp.conf View File

@@ -1,4 +0,0 @@
map $http_accept $webp_suffix {
default "";
"~*webp" ".webp";
}

+ 1
- 3
etc/nginx/nginx-intermediate.conf View File

@@ -33,7 +33,7 @@ http

server_tokens off;
reset_timedout_connection on;
add_header X-Powered-By "EasyEngine v3.8.1 - Optimized by VirtuBox";
add_header X-Powered-By "WordOps v3.9.4 - Optimized by VirtuBox";
add_header rt-Fastcgi-Cache $upstream_cache_status;

# Limit Request
@@ -99,7 +99,6 @@ http
more_set_headers "X-Content-Type-Options : nosniff";
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
more_set_headers "X-Download-Options : noopen";
add_header Feature-Policy "geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;";

##
# Basic Settings
@@ -150,4 +149,3 @@ http
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}


+ 2
- 2
etc/nginx/nginx-tlsv12.conf View File

@@ -34,7 +34,7 @@ http

server_tokens off;
reset_timedout_connection on;
add_header X-Powered-By "EasyEngine v3.8.1 - Optimized by VirtuBox";
add_header X-Powered-By "WordOps v3.9.4 - Optimized by VirtuBox";
add_header rt-Fastcgi-Cache $upstream_cache_status;

# Limit Request
@@ -97,7 +97,7 @@ http
more_set_headers "X-Content-Type-Options : nosniff";
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
more_set_headers "X-Download-Options : noopen";
add_header Feature-Policy "geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;";
##
# Basic Settings
##


+ 2
- 3
etc/nginx/nginx.conf View File

@@ -35,7 +35,7 @@ http

server_tokens off;
reset_timedout_connection on;
add_header X-Powered-By "EasyEngine v3.8.1 - Optimized by VirtuBox";
add_header X-Powered-By "WordOps v3.9.4 - Optimized by VirtuBox";
add_header rt-Fastcgi-Cache $upstream_cache_status;

# Limit Request
@@ -106,8 +106,7 @@ http
more_set_headers "X-Content-Type-Options : nosniff";
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
more_set_headers "X-Download-Options : noopen";
add_header Feature-Policy "geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;";

##
# Basic Settings
##


Loading…
Cancel
Save