remove useless section after wordops update
Cette révision appartient à :
Parent
6cf34f6946
révision
c0e6a456ce
203
README.md
203
README.md
|
@ -1,4 +1,4 @@
|
|||
# Optimized configuration for Ubuntu server with WordOps
|
||||
# Optimized configuration for WordOps running on Ubuntu server
|
||||
|
||||
## Server Stack
|
||||
|
||||
|
@ -12,19 +12,82 @@
|
|||
- Netdata
|
||||
- UFW
|
||||
|
||||
* * *
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
![](https://img.shields.io/github/license/virtubox/ubuntu-nginx-web-server.svg?style=flat) ![last-commit](https://img.shields.io/github/last-commit/virtubox/ubuntu-nginx-web-server.svg?style=flat) ![stars](https://img.shields.io/github/stars/VirtuBox/ubuntu-nginx-web-server.svg?style=flat)
|
||||
|
||||
### Info
|
||||
|
||||
**As EasyEngine v3 will no longer receive any updates, configurations available in this repository are going to be updated for [WordOps](https://wordops.org/) (EEv3 fork).**
|
||||
**As EasyEngine v3 will no longer receive any updates, configurations available in this repository are being updated for [WordOps](https://wordops.org/) (EEv3 fork).**
|
||||
|
||||
We are currently contributing to WordOps project to include the most part of custom configurations available in this repository
|
||||
|
||||
All previous configurations are still available in the branch [easyengine-v3](https://github.com/VirtuBox/ubuntu-nginx-web-server/tree/easyengine-v3).
|
||||
|
||||
To automate WordOps deployement, we have published a bash script [wo-nginx-setup](https://github.com/VirtuBox/wo-nginx-setup).
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
* * *
|
||||
- [Initial configuration](#initial-configuration)
|
||||
|
||||
- [System update and packages cleanup](#system-update-and-packages-cleanup)
|
||||
- [Install useful packages](#install-useful-packages)
|
||||
- [Clone the repository](#clone-the-repository)
|
||||
- [Updating the repository](#updating-the-repository)
|
||||
- [Tweak Kernel & Increase open files limits](#tweak-kernel--increase-open-files-limits)
|
||||
- [disable transparent hugepage for redis](#disable-transparent-hugepage-for-redis)
|
||||
|
||||
- [WordOps Setup](#wordops-setup)
|
||||
|
||||
- [Install MariaDB 10.3](#install-mariadb-103)
|
||||
- [MySQL Tuning](#mysql-tuning)
|
||||
- [Increase MariaDB open files limits](#increase-mariadb-open-files-limits)
|
||||
- [Setup cronjob to optimize your MySQL databases and repair them if needed](#setup-cronjob-to-optimize-your-mysql-databases-and-repair-them-if-needed)
|
||||
|
||||
- [Install WordOps](#install-wordops)
|
||||
|
||||
- [enable wo bash_completion](#enable-wo-bash_completion)
|
||||
- [Install Nginx, php7.2, and configure WO backend](#install-nginx-php72-and-configure-wo-backend)
|
||||
- [Set your email instead of root@localhost](#set-your-email-instead-of-rootlocalhost)
|
||||
- [Install Composer - Fix phpmyadmin install issue](#install-composer---fix-phpmyadmin-install-issue)
|
||||
- [Allow shell for www-data for SFTP usage](#allow-shell-for-www-data-for-sftp-usage)
|
||||
- [Set the proper alternative for /usr/bin/php](#set-the-proper-alternative-for-usrbinphp)
|
||||
|
||||
- [NGINX Configuration](#nginx-configuration)
|
||||
|
||||
- [Additional Nginx configuration (/etc/nginx/conf.d)](#additional-nginx-configuration-etcnginxconfd)
|
||||
- [WO common configuration](#wo-common-configuration)
|
||||
- [Compile last Nginx mainline release with nginx-ee](#compile-last-nginx-mainline-release-with-nginx-ee-scripthttpsgithubcomvirtuboxnginx-ee)
|
||||
- [Custom configurations](#custom-configurations)
|
||||
- [Nginx optimized configurations](#nginx-optimized-configurations-choose-one-of-them)
|
||||
- [Increase Nginx open files limits](#increase-nginx-open-files-limits)
|
||||
|
||||
- [Security](#security)
|
||||
|
||||
- [Harden SSH Security](#harden-ssh-security)
|
||||
- [UFW](#ufw)
|
||||
- [Custom jails for fail2ban](#custom-jails-for-fail2ban)
|
||||
- [Secure Memcached server](#secure-memcached-server)
|
||||
|
||||
- [Optional](#optional)
|
||||
|
||||
- [proftpd](#proftpd)
|
||||
|
||||
- [Install proftpd](#install-proftpd)
|
||||
- [Adding FTP users](#adding-ftp-users)
|
||||
|
||||
- [ee-acme-sh](#ee-acme-sh)
|
||||
|
||||
- [netdata](#netdata)
|
||||
- [cht.sh (cheat)](#chtsh-cheat)
|
||||
- [nanorc - Improved Nano Syntax Highlighting Files](#nanorc---improved-nano-syntax-highlighting-files)
|
||||
- [Add WP-CLI & bash-completion for user www-data](#add-wp-cli--bash-completion-for-user-www-data)
|
||||
|
||||
- [Cleanup previous EasyEngine v3](#cleanup-previous-easyengine-v3)
|
||||
|
||||
- [Backup EEv3 configurations and files](#backup-eev3-configurations-and-files)
|
||||
- [Remove EEv3 configurations and data](#remove-eev3-configurations-and-data)
|
||||
- [Removing previous php versions](#removing-previous-php-versions)
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
Configuration files with comments available by following the link **source**
|
||||
|
||||
|
@ -33,7 +96,7 @@ Configuration files with comments available by following the link **source**
|
|||
### System update and packages cleanup
|
||||
|
||||
```bash
|
||||
apt-get update && apt-get upgrade -y && apt-get autoremove --purge -y && apt-get clean
|
||||
apt-get update && apt-get dist-upgrade -y && apt-get autoremove --purge -y && apt-get clean
|
||||
```
|
||||
|
||||
### Install useful packages
|
||||
|
@ -48,6 +111,12 @@ sudo apt-get install haveged curl git unzip zip fail2ban htop nload nmon ntp gnu
|
|||
git clone https://github.com/VirtuBox/ubuntu-nginx-web-server.git $HOME/ubuntu-nginx-web-server
|
||||
```
|
||||
|
||||
### Updating the repository
|
||||
|
||||
```bash
|
||||
git -C $HOME/ubuntu-nginx-web-server pull origin master
|
||||
```
|
||||
|
||||
### Tweak Kernel & Increase open files limits
|
||||
|
||||
[source sysctl.conf](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/sysctl.conf) - [limits.conf source](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/security/limits.conf)
|
||||
|
@ -86,12 +155,14 @@ sudo bash -c 'echo -e "* hard nofile 500000\n* soft n
|
|||
echo never > /sys/kernel/mm/transparent_hugepage/enabled
|
||||
```
|
||||
|
||||
* * *
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
## EasyEngine Setup
|
||||
## WordOps Setup
|
||||
|
||||
### Install MariaDB 10.3
|
||||
|
||||
**WordOps already install MariaDB 10.3 by default, so this section isn't needed anymore**
|
||||
|
||||
Instructions available in [VirtuBox Knowledgebase](https://kb.virtubox.net/knowledgebase/install-latest-mariadb-release-easyengine/)
|
||||
|
||||
```bash
|
||||
|
@ -153,7 +224,7 @@ Then add the following cronjob
|
|||
# noninteractive install - you can replace $USER with your username & root@$HOSTNAME by your email
|
||||
sudo bash -c 'echo -e "[user]\n\tname = $USER\n\temail = root@$HOSTNAME" > $HOME/.gitconfig'
|
||||
|
||||
wget -qO wo https://raw.githubusercontent.com/WordOps/WordOps/master/install && sudo bash wo
|
||||
wget -qO wo wordops.se/tup && sudo bash wo
|
||||
```
|
||||
|
||||
### enable wo bash_completion
|
||||
|
@ -162,10 +233,11 @@ wget -qO wo https://raw.githubusercontent.com/WordOps/WordOps/master/install &&
|
|||
source /etc/bash_completion.d/wo_auto.rc
|
||||
```
|
||||
|
||||
### Install Nginx, php7.2, and configure WO backend
|
||||
### Install Nginx, php7.2, php7.3, and configure WO backend
|
||||
|
||||
```bash
|
||||
wo stack install
|
||||
wo stack install --php73 --admin
|
||||
```
|
||||
|
||||
### Set your email instead of root@localhost
|
||||
|
@ -192,53 +264,9 @@ sudo -u www-data -H composer update -d /var/www/22222/htdocs/db/pma/
|
|||
usermod -s /bin/bash www-data
|
||||
```
|
||||
|
||||
## PHP 7.1 - 7.2 - 7.3 Setup
|
||||
## Install PHP
|
||||
|
||||
### Install php7.1-fpm
|
||||
|
||||
```bash
|
||||
# php7.1-fpm
|
||||
apt update && apt install php7.1-fpm php7.1-cli php7.1-zip php7.1-opcache php7.1-mysql php7.1-mcrypt php7.1-mbstring php7.1-json php7.1-intl \
|
||||
php7.1-gd php7.1-curl php7.1-bz2 php7.1-xml php7.1-tidy php7.1-soap php7.1-bcmath -y php7.1-xsl
|
||||
|
||||
# copy php-fpm pools & php.ini configuration
|
||||
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.1/fpm/* /etc/php/7.1/fpm/
|
||||
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.1/cli/* /etc/php/7.1/cli/
|
||||
service php7.1-fpm restart
|
||||
|
||||
git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.1 configuration"
|
||||
|
||||
```
|
||||
|
||||
### Install php7.2-fpm
|
||||
|
||||
```bash
|
||||
# php7.2-fpm
|
||||
apt update && apt install php7.2-fpm php7.2-xml php7.2-bz2 php7.2-zip php7.2-mysql php7.2-intl php7.2-gd php7.2-curl php7.2-soap php7.2-mbstring php7.2-bcmath -y
|
||||
|
||||
# copy php-fpm pools & php.ini configuration
|
||||
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.2/fpm/* /etc/php/7.2/fpm/
|
||||
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.2/cli/* /etc/php/7.2/cli/
|
||||
service php7.2-fpm restart
|
||||
|
||||
git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.2 configuration"
|
||||
|
||||
```
|
||||
|
||||
### Install php7.3-fpm
|
||||
|
||||
```bash
|
||||
# php7.3-fpm
|
||||
apt update && apt install php7.3-fpm php7.3-xml php7.3-bz2 php7.3-zip php7.3-mysql php7.3-intl php7.3-gd php7.3-curl php7.3-soap php7.3-mbstring php7.3-bcmath -y
|
||||
|
||||
# copy php-fpm pools & php.ini configuration
|
||||
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.3/fpm/* /etc/php/7.3/fpm/
|
||||
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.3/cli/* /etc/php/7.3/cli/
|
||||
service php7.3-fpm restart
|
||||
|
||||
git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.3 configuration"
|
||||
|
||||
```
|
||||
This section has been removed because WordOps already install PHP 7.2 & PHP 7.3 by default
|
||||
|
||||
### Set the proper alternative for /usr/bin/php
|
||||
|
||||
|
@ -267,9 +295,6 @@ Then you can check php version with command `php -v`
|
|||
|
||||
### Additional Nginx configuration (/etc/nginx/conf.d)
|
||||
|
||||
- New upstreams (php7.1, php7.2, php7.3, netdata and php via unix socket) : upstream.conf
|
||||
- webp image mapping : webp.conf
|
||||
- new fastcgi_cache_bypass mapping for wordpress : map-wp-fastcgi-cache.conf
|
||||
- stub_status configuration on 127.0.0.1:80 : stub_status.conf
|
||||
- restore visitor real IP under Cloudflare : cloudflare.conf
|
||||
|
||||
|
@ -283,8 +308,6 @@ git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update conf.
|
|||
|
||||
### WO common configuration
|
||||
|
||||
- mitigate WordPress DoS attack (wpcommon-phpX.conf)
|
||||
- webp image conditional rewrite (wpcommon-phpX.conf)
|
||||
- additional directives to prevent hack (locations-phpX.conf)
|
||||
|
||||
```bash
|
||||
|
@ -294,17 +317,19 @@ cp -rf $HOME/ubuntu-nginx-web-server/etc/nginx/common/* /etc/nginx/common/
|
|||
git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update common configurations"
|
||||
```
|
||||
|
||||
### Compile last Nginx mainline release with [nginx-ee script](https://github.com/VirtuBox/nginx-ee)
|
||||
### Compile the latest Nginx release with [nginx-ee](https://github.com/VirtuBox/nginx-ee)
|
||||
|
||||
```bash
|
||||
bash <(wget -O - virtubox.net/nginx-ee || curl -sL virtubox.net/nginx-ee)
|
||||
```
|
||||
|
||||
* * *
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
## Custom configurations
|
||||
|
||||
### Nginx optimized configurations (choose one of them)
|
||||
### Nginx optimized configurations
|
||||
|
||||
Choose one of them
|
||||
|
||||
```bash
|
||||
# TLSv1.2 TLSv1.3 only (recommended)
|
||||
|
@ -315,7 +340,9 @@ cp -f $HOME/ubuntu-nginx-web-server/etc/nginx/nginx.conf /etc/nginx/nginx-interm
|
|||
|
||||
# TLSv1.2 only
|
||||
cp -f $HOME/ubuntu-nginx-web-server/etc/nginx/nginx.conf /etc/nginx/nginx-tlsv12.conf
|
||||
```
|
||||
|
||||
```bash
|
||||
# commit change with git
|
||||
git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update nginx.conf configurations"
|
||||
```
|
||||
|
@ -340,15 +367,17 @@ sudo systemctl daemon-reload
|
|||
sudo systemctl restart nginx.service
|
||||
```
|
||||
|
||||
* * *
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
## Security
|
||||
|
||||
### Harden SSH Security
|
||||
|
||||
WARNING : SSH Configuration with root login allowed using SSH keys only [source](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/ssh/sshd_config)
|
||||
WARNING : SSH Configuration with root login allowed using SSH keys only [source](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/ssh/sshd_config)
|
||||
|
||||
cp -f $HOME/ubuntu-nginx-web-server/etc/ssh/sshd_config /etc/ssh/sshd_config
|
||||
```
|
||||
cp -f $HOME/ubuntu-nginx-web-server/etc/ssh/sshd_config /etc/ssh/sshd_config
|
||||
```
|
||||
|
||||
### UFW
|
||||
|
||||
|
@ -409,7 +438,7 @@ sudo systemctl stop memcached
|
|||
sudo systemctl disable memcached.service
|
||||
```
|
||||
|
||||
* * *
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
## Optional
|
||||
|
||||
|
@ -463,7 +492,7 @@ adduser --home /var/www/yourdomain.tld/ --shell /bin/false --ingroup www-data yo
|
|||
chmod -R g+rw /var/www/yourdomain.tld
|
||||
```
|
||||
|
||||
* * *
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
### ee-acme-sh
|
||||
|
||||
|
@ -482,14 +511,13 @@ chmod +x install-ee-acme.sh
|
|||
source .bashrc
|
||||
```
|
||||
|
||||
* * *
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
### netdata
|
||||
|
||||
[Github repository](https://github.com/firehol/netdata)
|
||||
|
||||
```bash
|
||||
|
||||
# save 40-60% of netdata memory
|
||||
echo 1 >/sys/kernel/mm/ksm/run
|
||||
echo 1000 >/sys/kernel/mm/ksm/sleep_millisecs
|
||||
|
@ -509,7 +537,7 @@ sudo sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/' /usr/lib/netdata/conf.d/health
|
|||
service netdata restart
|
||||
```
|
||||
|
||||
* * *
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
### cht.sh (cheat)
|
||||
|
||||
|
@ -545,7 +573,7 @@ root@vps:~ cheat cat
|
|||
cat -n file
|
||||
```
|
||||
|
||||
* * *
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
### nanorc - Improved Nano Syntax Highlighting Files
|
||||
|
||||
|
@ -555,7 +583,7 @@ root@vps:~ cheat cat
|
|||
wget https://raw.githubusercontent.com/scopatz/nanorc/master/install.sh -qO- | sh
|
||||
```
|
||||
|
||||
* * *
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
### Add WP-CLI & bash-completion for user www-data
|
||||
|
||||
|
@ -573,21 +601,32 @@ cp -f $HOME/ubuntu-nginx-web-server/var/www/.* /var/www/
|
|||
chown www-data:www-data /var/www/{.profile,.bashrc}
|
||||
```
|
||||
|
||||
### Custom Nginx error pages
|
||||
## Cleanup previous EasyEngine v3
|
||||
|
||||
[Github Repository](https://github.com/alexphelps/server-error-pages)
|
||||
|
||||
Installation
|
||||
### Backup EEv3 configurations and files
|
||||
|
||||
```bash
|
||||
# clone the github repository
|
||||
sudo -u www-data -H git clone https://github.com/alexphelps/server-error-pages.git /var/www/error
|
||||
tar -I pigz -cvf $HOME/ee-backup.tar.gz /etc/ee /var/lib/ee /usr/lib/ee/templates
|
||||
```
|
||||
|
||||
Then include this configuration in your nginx vhost by adding the following line
|
||||
### Remove EEv3 configurations and data
|
||||
|
||||
```bash
|
||||
include common/error_pages.conf;
|
||||
# main ee directories
|
||||
rm -rf /etc/ee /var/lib/ee /usr/lib/ee /usr/local/bin/ee /etc/bash_completion.d/ee_auto.rc
|
||||
|
||||
# python package
|
||||
rm -rf /usr/local/lib/python3.6/dist-packages/ee-3.*
|
||||
```
|
||||
|
||||
### Removing previous php versions
|
||||
|
||||
```bash
|
||||
# php5.6
|
||||
apt-get -y autoremove php5.6-fpm php5.6-common --purge
|
||||
|
||||
# php7.0
|
||||
apt-get -y autoremove php7.0-fpm php7.0-common --purge
|
||||
```
|
||||
|
||||
Published & maintained by [VirtuBox](https://virtubox.net)
|
||||
|
|
202
docs/README.md
202
docs/README.md
|
@ -1,4 +1,4 @@
|
|||
# Optimized configuration for Ubuntu server with WordOps
|
||||
# Optimized configuration for WordOps running on Ubuntu server
|
||||
|
||||
## Server Stack
|
||||
|
||||
|
@ -12,19 +12,81 @@
|
|||
- Netdata
|
||||
- UFW
|
||||
|
||||
* * *
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
![](https://img.shields.io/github/license/virtubox/ubuntu-nginx-web-server.svg?style=flat) ![last-commit](https://img.shields.io/github/last-commit/virtubox/ubuntu-nginx-web-server.svg?style=flat) ![stars](https://img.shields.io/github/stars/VirtuBox/ubuntu-nginx-web-server.svg?style=flat)
|
||||
|
||||
### Info
|
||||
|
||||
**As EasyEngine v3 will no longer receive any updates, configurations available in this repository are going to be updated for [WordOps](https://wordops.org/) (EEv3 fork).**
|
||||
**As EasyEngine v3 will no longer receive any updates, configurations available in this repository are being updated for [WordOps](https://wordops.org/) (EEv3 fork).**
|
||||
|
||||
We are currently contributing to WordOps project to include the most part of custom configurations available in this repository
|
||||
|
||||
All previous configurations are still available in the branch [easyengine-v3](https://github.com/VirtuBox/ubuntu-nginx-web-server/tree/easyengine-v3).
|
||||
|
||||
To automate WordOps deployement, we have published a bash script [wo-nginx-setup](https://github.com/VirtuBox/wo-nginx-setup).
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
* * *
|
||||
- [Initial configuration](#initial-configuration)
|
||||
|
||||
- [System update and packages cleanup](#system-update-and-packages-cleanup)
|
||||
- [Install useful packages](#install-useful-packages)
|
||||
- [Clone the repository](#clone-the-repository)
|
||||
- [Updating the repository](#updating-the-repository)
|
||||
- [Tweak Kernel & Increase open files limits](#tweak-kernel--increase-open-files-limits)
|
||||
- [disable transparent hugepage for redis](#disable-transparent-hugepage-for-redis)
|
||||
|
||||
- [WordOps Setup](#wordops-setup)
|
||||
|
||||
- [Install MariaDB 10.3](#install-mariadb-103)
|
||||
- [MySQL Tuning](#mysql-tuning)
|
||||
- [Increase MariaDB open files limits](#increase-mariadb-open-files-limits)
|
||||
- [Setup cronjob to optimize your MySQL databases and repair them if needed](#setup-cronjob-to-optimize-your-mysql-databases-and-repair-them-if-needed)
|
||||
|
||||
- [Install WordOps](#install-wordops)
|
||||
|
||||
- [enable wo bash_completion](#enable-wo-bash_completion)
|
||||
- [Install Nginx, php7.2, and configure WO backend](#install-nginx-php72-and-configure-wo-backend)
|
||||
- [Set your email instead of root@localhost](#set-your-email-instead-of-rootlocalhost)
|
||||
- [Install Composer - Fix phpmyadmin install issue](#install-composer---fix-phpmyadmin-install-issue)
|
||||
- [Allow shell for www-data for SFTP usage](#allow-shell-for-www-data-for-sftp-usage)
|
||||
- [Set the proper alternative for /usr/bin/php](#set-the-proper-alternative-for-usrbinphp)
|
||||
|
||||
- [NGINX Configuration](#nginx-configuration)
|
||||
|
||||
- [Additional Nginx configuration (/etc/nginx/conf.d)](#additional-nginx-configuration-etcnginxconfd)
|
||||
- [WO common configuration](#wo-common-configuration)
|
||||
- [Compile last Nginx mainline release with nginx-ee](#compile-last-nginx-mainline-release-with-nginx-ee-scripthttpsgithubcomvirtuboxnginx-ee)
|
||||
- [Custom configurations](#custom-configurations)
|
||||
- [Nginx optimized configurations](#nginx-optimized-configurations-choose-one-of-them)
|
||||
- [Increase Nginx open files limits](#increase-nginx-open-files-limits)
|
||||
|
||||
- [Security](#security)
|
||||
|
||||
- [Harden SSH Security](#harden-ssh-security)
|
||||
- [UFW](#ufw)
|
||||
- [Custom jails for fail2ban](#custom-jails-for-fail2ban)
|
||||
- [Secure Memcached server](#secure-memcached-server)
|
||||
|
||||
- [Optional](#optional)
|
||||
|
||||
- [proftpd](#proftpd)
|
||||
|
||||
- [Install proftpd](#install-proftpd)
|
||||
- [Adding FTP users](#adding-ftp-users)
|
||||
|
||||
- [ee-acme-sh](#ee-acme-sh)
|
||||
- [netdata](#netdata)
|
||||
- [cht.sh (cheat)](#chtsh-cheat)
|
||||
- [nanorc - Improved Nano Syntax Highlighting Files](#nanorc---improved-nano-syntax-highlighting-files)
|
||||
- [Add WP-CLI & bash-completion for user www-data](#add-wp-cli--bash-completion-for-user-www-data)
|
||||
|
||||
- [Cleanup previous EasyEngine v3](#cleanup-previous-easyengine-v3)
|
||||
|
||||
- [Backup EEv3 configurations and files](#backup-eev3-configurations-and-files)
|
||||
- [Remove EEv3 configurations and data](#remove-eev3-configurations-and-data)
|
||||
- [Removing previous php versions](#removing-previous-php-versions)
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
Configuration files with comments available by following the link **source**
|
||||
|
||||
|
@ -33,7 +95,7 @@ Configuration files with comments available by following the link **source**
|
|||
### System update and packages cleanup
|
||||
|
||||
```bash
|
||||
apt-get update && apt-get upgrade -y && apt-get autoremove --purge -y && apt-get clean
|
||||
apt-get update && apt-get dist-upgrade -y && apt-get autoremove --purge -y && apt-get clean
|
||||
```
|
||||
|
||||
### Install useful packages
|
||||
|
@ -48,6 +110,12 @@ sudo apt-get install haveged curl git unzip zip fail2ban htop nload nmon ntp gnu
|
|||
git clone https://github.com/VirtuBox/ubuntu-nginx-web-server.git $HOME/ubuntu-nginx-web-server
|
||||
```
|
||||
|
||||
### Updating the repository
|
||||
|
||||
```bash
|
||||
git -C $HOME/ubuntu-nginx-web-server pull origin master
|
||||
```
|
||||
|
||||
### Tweak Kernel & Increase open files limits
|
||||
|
||||
[source sysctl.conf](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/sysctl.conf) - [limits.conf source](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/security/limits.conf)
|
||||
|
@ -86,12 +154,14 @@ sudo bash -c 'echo -e "* hard nofile 500000\n* soft n
|
|||
echo never > /sys/kernel/mm/transparent_hugepage/enabled
|
||||
```
|
||||
|
||||
* * *
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
## EasyEngine Setup
|
||||
## WordOps Setup
|
||||
|
||||
### Install MariaDB 10.3
|
||||
|
||||
**WordOps already install MariaDB 10.3 by default, so this section isn't needed anymore**
|
||||
|
||||
Instructions available in [VirtuBox Knowledgebase](https://kb.virtubox.net/knowledgebase/install-latest-mariadb-release-easyengine/)
|
||||
|
||||
```bash
|
||||
|
@ -153,7 +223,7 @@ Then add the following cronjob
|
|||
# noninteractive install - you can replace $USER with your username & root@$HOSTNAME by your email
|
||||
sudo bash -c 'echo -e "[user]\n\tname = $USER\n\temail = root@$HOSTNAME" > $HOME/.gitconfig'
|
||||
|
||||
wget -qO wo https://raw.githubusercontent.com/WordOps/WordOps/master/install && sudo bash wo
|
||||
wget -qO wo wordops.se/tup && sudo bash wo
|
||||
```
|
||||
|
||||
### enable wo bash_completion
|
||||
|
@ -162,10 +232,11 @@ wget -qO wo https://raw.githubusercontent.com/WordOps/WordOps/master/install &&
|
|||
source /etc/bash_completion.d/wo_auto.rc
|
||||
```
|
||||
|
||||
### Install Nginx, php7.2, and configure WO backend
|
||||
### Install Nginx, php7.2, php7.3, and configure WO backend
|
||||
|
||||
```bash
|
||||
wo stack install
|
||||
wo stack install --php73 --admin
|
||||
```
|
||||
|
||||
### Set your email instead of root@localhost
|
||||
|
@ -192,53 +263,9 @@ sudo -u www-data -H composer update -d /var/www/22222/htdocs/db/pma/
|
|||
usermod -s /bin/bash www-data
|
||||
```
|
||||
|
||||
## PHP 7.1 - 7.2 - 7.3 Setup
|
||||
## Install PHP
|
||||
|
||||
### Install php7.1-fpm
|
||||
|
||||
```bash
|
||||
# php7.1-fpm
|
||||
apt update && apt install php7.1-fpm php7.1-cli php7.1-zip php7.1-opcache php7.1-mysql php7.1-mcrypt php7.1-mbstring php7.1-json php7.1-intl \
|
||||
php7.1-gd php7.1-curl php7.1-bz2 php7.1-xml php7.1-tidy php7.1-soap php7.1-bcmath -y php7.1-xsl
|
||||
|
||||
# copy php-fpm pools & php.ini configuration
|
||||
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.1/fpm/* /etc/php/7.1/fpm/
|
||||
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.1/cli/* /etc/php/7.1/cli/
|
||||
service php7.1-fpm restart
|
||||
|
||||
git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.1 configuration"
|
||||
|
||||
```
|
||||
|
||||
### Install php7.2-fpm
|
||||
|
||||
```bash
|
||||
# php7.2-fpm
|
||||
apt update && apt install php7.2-fpm php7.2-xml php7.2-bz2 php7.2-zip php7.2-mysql php7.2-intl php7.2-gd php7.2-curl php7.2-soap php7.2-mbstring php7.2-bcmath -y
|
||||
|
||||
# copy php-fpm pools & php.ini configuration
|
||||
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.2/fpm/* /etc/php/7.2/fpm/
|
||||
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.2/cli/* /etc/php/7.2/cli/
|
||||
service php7.2-fpm restart
|
||||
|
||||
git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.2 configuration"
|
||||
|
||||
```
|
||||
|
||||
### Install php7.3-fpm
|
||||
|
||||
```bash
|
||||
# php7.3-fpm
|
||||
apt update && apt install php7.3-fpm php7.3-xml php7.3-bz2 php7.3-zip php7.3-mysql php7.3-intl php7.3-gd php7.3-curl php7.3-soap php7.3-mbstring php7.3-bcmath -y
|
||||
|
||||
# copy php-fpm pools & php.ini configuration
|
||||
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.3/fpm/* /etc/php/7.3/fpm/
|
||||
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.3/cli/* /etc/php/7.3/cli/
|
||||
service php7.3-fpm restart
|
||||
|
||||
git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.3 configuration"
|
||||
|
||||
```
|
||||
This section has been removed because WordOps already install PHP 7.2 & PHP 7.3 by default
|
||||
|
||||
### Set the proper alternative for /usr/bin/php
|
||||
|
||||
|
@ -267,9 +294,6 @@ Then you can check php version with command `php -v`
|
|||
|
||||
### Additional Nginx configuration (/etc/nginx/conf.d)
|
||||
|
||||
- New upstreams (php7.1, php7.2, php7.3, netdata and php via unix socket) : upstream.conf
|
||||
- webp image mapping : webp.conf
|
||||
- new fastcgi_cache_bypass mapping for wordpress : map-wp-fastcgi-cache.conf
|
||||
- stub_status configuration on 127.0.0.1:80 : stub_status.conf
|
||||
- restore visitor real IP under Cloudflare : cloudflare.conf
|
||||
|
||||
|
@ -283,8 +307,6 @@ git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update conf.
|
|||
|
||||
### WO common configuration
|
||||
|
||||
- mitigate WordPress DoS attack (wpcommon-phpX.conf)
|
||||
- webp image conditional rewrite (wpcommon-phpX.conf)
|
||||
- additional directives to prevent hack (locations-phpX.conf)
|
||||
|
||||
```bash
|
||||
|
@ -294,17 +316,19 @@ cp -rf $HOME/ubuntu-nginx-web-server/etc/nginx/common/* /etc/nginx/common/
|
|||
git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update common configurations"
|
||||
```
|
||||
|
||||
### Compile last Nginx mainline release with [nginx-ee script](https://github.com/VirtuBox/nginx-ee)
|
||||
### Compile the latest Nginx release with [nginx-ee](https://github.com/VirtuBox/nginx-ee)
|
||||
|
||||
```bash
|
||||
bash <(wget -O - virtubox.net/nginx-ee || curl -sL virtubox.net/nginx-ee)
|
||||
```
|
||||
|
||||
* * *
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
## Custom configurations
|
||||
|
||||
### Nginx optimized configurations (choose one of them)
|
||||
### Nginx optimized configurations
|
||||
|
||||
Choose one of them
|
||||
|
||||
```bash
|
||||
# TLSv1.2 TLSv1.3 only (recommended)
|
||||
|
@ -315,7 +339,9 @@ cp -f $HOME/ubuntu-nginx-web-server/etc/nginx/nginx.conf /etc/nginx/nginx-interm
|
|||
|
||||
# TLSv1.2 only
|
||||
cp -f $HOME/ubuntu-nginx-web-server/etc/nginx/nginx.conf /etc/nginx/nginx-tlsv12.conf
|
||||
```
|
||||
|
||||
```bash
|
||||
# commit change with git
|
||||
git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update nginx.conf configurations"
|
||||
```
|
||||
|
@ -340,15 +366,17 @@ sudo systemctl daemon-reload
|
|||
sudo systemctl restart nginx.service
|
||||
```
|
||||
|
||||
* * *
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
## Security
|
||||
|
||||
### Harden SSH Security
|
||||
|
||||
WARNING : SSH Configuration with root login allowed using SSH keys only [source](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/ssh/sshd_config)
|
||||
WARNING : SSH Configuration with root login allowed using SSH keys only [source](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/ssh/sshd_config)
|
||||
|
||||
cp -f $HOME/ubuntu-nginx-web-server/etc/ssh/sshd_config /etc/ssh/sshd_config
|
||||
```
|
||||
cp -f $HOME/ubuntu-nginx-web-server/etc/ssh/sshd_config /etc/ssh/sshd_config
|
||||
```
|
||||
|
||||
### UFW
|
||||
|
||||
|
@ -409,7 +437,7 @@ sudo systemctl stop memcached
|
|||
sudo systemctl disable memcached.service
|
||||
```
|
||||
|
||||
* * *
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
## Optional
|
||||
|
||||
|
@ -463,7 +491,7 @@ adduser --home /var/www/yourdomain.tld/ --shell /bin/false --ingroup www-data yo
|
|||
chmod -R g+rw /var/www/yourdomain.tld
|
||||
```
|
||||
|
||||
* * *
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
### ee-acme-sh
|
||||
|
||||
|
@ -482,14 +510,13 @@ chmod +x install-ee-acme.sh
|
|||
source .bashrc
|
||||
```
|
||||
|
||||
* * *
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
### netdata
|
||||
|
||||
[Github repository](https://github.com/firehol/netdata)
|
||||
|
||||
```bash
|
||||
|
||||
# save 40-60% of netdata memory
|
||||
echo 1 >/sys/kernel/mm/ksm/run
|
||||
echo 1000 >/sys/kernel/mm/ksm/sleep_millisecs
|
||||
|
@ -509,7 +536,7 @@ sudo sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/' /usr/lib/netdata/conf.d/health
|
|||
service netdata restart
|
||||
```
|
||||
|
||||
* * *
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
### cht.sh (cheat)
|
||||
|
||||
|
@ -545,7 +572,7 @@ root@vps:~ cheat cat
|
|||
cat -n file
|
||||
```
|
||||
|
||||
* * *
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
### nanorc - Improved Nano Syntax Highlighting Files
|
||||
|
||||
|
@ -555,7 +582,7 @@ root@vps:~ cheat cat
|
|||
wget https://raw.githubusercontent.com/scopatz/nanorc/master/install.sh -qO- | sh
|
||||
```
|
||||
|
||||
* * *
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
### Add WP-CLI & bash-completion for user www-data
|
||||
|
||||
|
@ -573,21 +600,32 @@ cp -f $HOME/ubuntu-nginx-web-server/var/www/.* /var/www/
|
|||
chown www-data:www-data /var/www/{.profile,.bashrc}
|
||||
```
|
||||
|
||||
### Custom Nginx error pages
|
||||
## Cleanup previous EasyEngine v3
|
||||
|
||||
[Github Repository](https://github.com/alexphelps/server-error-pages)
|
||||
|
||||
Installation
|
||||
### Backup EEv3 configurations and files
|
||||
|
||||
```bash
|
||||
# clone the github repository
|
||||
sudo -u www-data -H git clone https://github.com/alexphelps/server-error-pages.git /var/www/error
|
||||
tar -I pigz -cvf $HOME/ee-backup.tar.gz /etc/ee /var/lib/ee /usr/lib/ee/templates
|
||||
```
|
||||
|
||||
Then include this configuration in your nginx vhost by adding the following line
|
||||
### Remove EEv3 configurations and data
|
||||
|
||||
```bash
|
||||
include common/error_pages.conf;
|
||||
# main ee directories
|
||||
rm -rf /etc/ee /var/lib/ee /usr/lib/ee /usr/local/bin/ee /etc/bash_completion.d/ee_auto.rc
|
||||
|
||||
# python package
|
||||
rm -rf /usr/local/lib/python3.6/dist-packages/ee-3.*
|
||||
```
|
||||
|
||||
### Removing previous php versions
|
||||
|
||||
```bash
|
||||
# php5.6
|
||||
apt-get -y autoremove php5.6-fpm php5.6-common --purge
|
||||
|
||||
# php7.0
|
||||
apt-get -y autoremove php7.0-fpm php7.0-common --purge
|
||||
```
|
||||
|
||||
Published & maintained by [VirtuBox](https://virtubox.net)
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
#!/bin/sh
|
||||
|
||||
# update wp-cli
|
||||
[ -x /usr/bin/wp ] && {
|
||||
/usr/bin/wp cli update --yes --allow-root
|
||||
} > /dev/null 2>&1
|
||||
|
||||
# optimize mysql databases
|
||||
if [ -x /usr/bin/mysqlcheck ] && [ -f /root/.my.cnf ]; then
|
||||
/usr/bin/mysqlcheck -Aos --auto-repair > /dev/null 2>&1
|
||||
fi
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
error_page 400 /400-error.html;
|
||||
error_page 401 /401-error.html;
|
||||
error_page 403 /403-error.html;
|
||||
error_page 404 /404-error.html;
|
||||
error_page 500 /500-error.html;
|
||||
error_page 503 /503-error.html;
|
||||
error_page 504 /504-error.html;
|
||||
|
||||
location ~ /(.*)-error.html {
|
||||
try_files $1-error.html @error;
|
||||
internal;
|
||||
}
|
||||
|
||||
location @error {
|
||||
root /var/www/error/_site;
|
||||
}
|
|
@ -1,4 +1,3 @@
|
|||
##OCSP settings
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
#ssl_trusted_certificate /etc/ssl/private/ocsp-certs.pem; # <- Add signing certs here
|
||||
|
|
|
@ -1,10 +0,0 @@
|
|||
# PHP NGINX CONFIGURATION
|
||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
}
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php72-tcp;
|
||||
}
|
|
@ -1,10 +0,0 @@
|
|||
# PHP NGINX CONFIGURATION
|
||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php$is_args$args;
|
||||
}
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php73;
|
||||
}
|
|
@ -1,56 +0,0 @@
|
|||
# Redis NGINX CONFIGURATION
|
||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||
set $skip_cache 0;
|
||||
# POST requests and URL with a query string should always go to php
|
||||
if ($request_method = POST) {
|
||||
set $skip_cache 1;
|
||||
}
|
||||
if ($query_string != "") {
|
||||
set $skip_cache 1;
|
||||
}
|
||||
# Don't cache URL containing the following segments
|
||||
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") {
|
||||
set $skip_cache 1;
|
||||
}
|
||||
# Don't use the cache for logged in users or recent commenter or customer with items in cart
|
||||
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") {
|
||||
set $skip_cache 1;
|
||||
}
|
||||
# Use cached or actual file if they exists, Otherwise pass request to WordPress
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php$is_args$args;
|
||||
}
|
||||
|
||||
location /redis-fetch {
|
||||
internal ;
|
||||
set $redis_key $args;
|
||||
redis_pass redis;
|
||||
}
|
||||
location /redis-store {
|
||||
internal ;
|
||||
set_unescape_uri $key $arg_key ;
|
||||
redis2_query set $key $echo_request_body;
|
||||
redis2_query expire $key 14400;
|
||||
redis2_pass redis;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
set $key "nginx-cache:$scheme$request_method$host$request_uri";
|
||||
try_files $uri =404;
|
||||
|
||||
srcache_fetch_skip $skip_cache;
|
||||
srcache_store_skip $skip_cache;
|
||||
|
||||
srcache_response_cache_control off;
|
||||
|
||||
set_escape_uri $escaped_key $key;
|
||||
|
||||
srcache_fetch GET /redis-fetch $key;
|
||||
srcache_store PUT /redis-store key=$escaped_key;
|
||||
|
||||
more_set_headers 'X-SRCache-Fetch-Status $srcache_fetch_status';
|
||||
more_set_headers 'X-SRCache-Store-Status $srcache_store_status';
|
||||
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php72;
|
||||
}
|
|
@ -1,31 +0,0 @@
|
|||
|
||||
# W3TC NGINX CONFIGURATION
|
||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||
set $cache_uri $request_uri;
|
||||
# POST requests and URL with a query string should always go to php
|
||||
if ($request_method = POST) {
|
||||
set $cache_uri 'null cache';
|
||||
}
|
||||
if ($query_string != "") {
|
||||
set $cache_uri 'null cache';
|
||||
}
|
||||
# Don't cache URL containing the following segments
|
||||
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") {
|
||||
set $cache_uri 'null cache';
|
||||
}
|
||||
# Don't use the cache for logged in users or recent commenter or customer with items in cart
|
||||
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") {
|
||||
set $cache_uri 'null cache';
|
||||
}
|
||||
# Use cached or actual file if they exists, Otherwise pass request to WordPress
|
||||
location / {
|
||||
try_files /wp-content/cache/page_enhanced/${host}${cache_uri}_index.html $uri $uri/ /index.php$is_args$args;
|
||||
}
|
||||
location ~ ^/wp-content/cache/minify/(.+\.(css|js))$ {
|
||||
try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1;
|
||||
}
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php72;
|
||||
}
|
|
@ -1,25 +0,0 @@
|
|||
# wordpress fastcgi cache configuration
|
||||
|
||||
add_header X-fastcgi-cache $upstream_cache_status;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php$is_args$args;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php72;
|
||||
|
||||
fastcgi_cache_bypass $skip_cache;
|
||||
fastcgi_no_cache $skip_cache;
|
||||
|
||||
fastcgi_cache WORDPRESS;
|
||||
fastcgi_cache_valid 200 60m;
|
||||
|
||||
}
|
||||
|
||||
location ~ /purge(/.*) {
|
||||
fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1";
|
||||
access_log off;
|
||||
}
|
|
@ -1,37 +0,0 @@
|
|||
# WPFC NGINX CONFIGURATION
|
||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||
set $skip_cache 0;
|
||||
# POST requests and URL with a query string should always go to php
|
||||
if ($request_method = POST) {
|
||||
set $skip_cache 1;
|
||||
}
|
||||
if ($query_string != "") {
|
||||
set $skip_cache 1;
|
||||
}
|
||||
# Don't cache URL containing the following segments
|
||||
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") {
|
||||
set $skip_cache 1;
|
||||
}
|
||||
# Don't use the cache for logged in users or recent commenter or customer with items in cart
|
||||
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") {
|
||||
set $skip_cache 1;
|
||||
}
|
||||
# Use cached or actual file if they exists, Otherwise pass request to WordPress
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php$is_args$args;
|
||||
}
|
||||
location ~ ^/wp-content/cache/minify/(.+\.(css|js))$ {
|
||||
try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1;
|
||||
}
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php72;
|
||||
fastcgi_cache_bypass $skip_cache;
|
||||
fastcgi_no_cache $skip_cache;
|
||||
fastcgi_cache WORDPRESS;
|
||||
}
|
||||
location ~ /purge(/.*) {
|
||||
fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1";
|
||||
access_log off;
|
||||
}
|
|
@ -1,31 +0,0 @@
|
|||
# WPSC NGINX CONFIGURATION
|
||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
||||
set $cache_uri $request_uri;
|
||||
# POST requests and URL with a query string should always go to php
|
||||
if ($request_method = POST) {
|
||||
set $cache_uri 'null cache';
|
||||
}
|
||||
if ($query_string != "") {
|
||||
set $cache_uri 'null cache';
|
||||
}
|
||||
# Don't cache URL containing the following segments
|
||||
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") {
|
||||
set $cache_uri 'null cache';
|
||||
}
|
||||
# Don't use the cache for logged in users or recent commenter or customer with items in cart
|
||||
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") {
|
||||
set $cache_uri 'null cache';
|
||||
}
|
||||
# Use cached or actual file if they exists, Otherwise pass request to WordPress
|
||||
location / {
|
||||
# If we add index.php?$args its break WooCommerce like plugins
|
||||
# Ref: #330
|
||||
try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php;
|
||||
}
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
include fastcgi_params;
|
||||
fastcgi_pass php72;
|
||||
# Following line is needed by WP Super Cache plugin
|
||||
fastcgi_param SERVER_NAME $http_host;
|
||||
}
|
|
@ -19,5 +19,5 @@ fastcgi_cache_lock on;
|
|||
fastcgi_cache_lock_age 1s;
|
||||
fastcgi_cache_lock_timeout 3s;
|
||||
|
||||
# comment the following line if you run nginx < 1.15.6
|
||||
fastcgi_socket_keepalive on;
|
||||
# uncomment the following line if you run nginx 1.15.6 or earlier
|
||||
# fastcgi_socket_keepalive on;
|
||||
|
|
|
@ -1,36 +0,0 @@
|
|||
map $http_x_requested_with $http_request_no_cache {
|
||||
default 0;
|
||||
XMLHttpRequest 1;
|
||||
}
|
||||
map $http_cookie $cookie_no_cache {
|
||||
default 0;
|
||||
"~*wordpress_[a-f0-9]+" 1;
|
||||
"~*wp-postpass" 1;
|
||||
"~*wordpress_logged_in" 1;
|
||||
"~*wordpress_no_cache" 1;
|
||||
"~*comment_author" 1;
|
||||
"~*woocommerce_items_in_cart" 1;
|
||||
"~*woocommerce_cart_hash" 1;
|
||||
"~*wptouch_switch_toogle" 1;
|
||||
"~*comment_author_email_" 1;
|
||||
}
|
||||
map $request_uri $uri_no_cache {
|
||||
default 0;
|
||||
"~*/wp-admin/" 1;
|
||||
"~*/wp-[a-zA-Z0-9-]+.php" 1;
|
||||
"~*/feed/" 1;
|
||||
"~*/index.php" 1;
|
||||
"~*/[a-z0-9_-]+-sitemap([0-9]+)?.xml" 1;
|
||||
"~*/sitemap(_index)?.xml" 1;
|
||||
"~*/wp-comments-popup.php" 1;
|
||||
"~*/wp-links-opml.php" 1;
|
||||
"~*/xmlrpc.php" 1;
|
||||
}
|
||||
map $is_args $query_no_cache {
|
||||
default 1;
|
||||
"" 0;
|
||||
}
|
||||
map $http_request_no_cache$cookie_no_cache$uri_no_cache$query_no_cache $skip_cache {
|
||||
default 1;
|
||||
0000 0;
|
||||
}
|
|
@ -1,8 +1,5 @@
|
|||
upstream phpstatus {
|
||||
server 127.0.0.1:9000;
|
||||
server unix:/run/php/php7.2-fpm.sock;
|
||||
server 127.0.0.1:9090;
|
||||
server unix:/run/php72-fpm.sock;
|
||||
}
|
||||
|
||||
server {
|
||||
|
|
|
@ -1,91 +0,0 @@
|
|||
# Common upstream settings
|
||||
# php5.6 & php7.0 are replaced by php7.2
|
||||
|
||||
##################
|
||||
# php5.6-fpm
|
||||
##################
|
||||
|
||||
upstream php {
|
||||
least_conn;
|
||||
|
||||
server unix:/var/run/php/php72-fpm.sock;
|
||||
server unix:/var/run/php/php72-sock-two-fpm.sock;
|
||||
|
||||
keepalive 5;
|
||||
}
|
||||
|
||||
upstream debug {
|
||||
# Debug Pool
|
||||
server 127.0.0.1:9001;
|
||||
}
|
||||
|
||||
##################
|
||||
# php7.0-fpm
|
||||
##################
|
||||
|
||||
# load-balancing on unix socket
|
||||
upstream php7 {
|
||||
least_conn;
|
||||
|
||||
server unix:/var/run/php/php72-fpm.sock;
|
||||
server unix:/var/run/php/php72-sock-two-fpm.sock;
|
||||
|
||||
keepalive 5;
|
||||
}
|
||||
|
||||
##################
|
||||
# php7.2-fpm
|
||||
##################
|
||||
|
||||
# load-balancing on unix socket
|
||||
upstream php72 {
|
||||
least_conn;
|
||||
|
||||
server unix:/var/run/php/php72-sock-fpm.sock;
|
||||
server unix:/var/run/php/php72-sock-two-fpm.sock;
|
||||
|
||||
keepalive 5;
|
||||
}
|
||||
|
||||
# PHP 7.2 debug
|
||||
upstream debug72 {
|
||||
# Debug Pool
|
||||
server 127.0.0.1:9172;
|
||||
}
|
||||
|
||||
##################
|
||||
# php7.3-fpm
|
||||
##################
|
||||
|
||||
# load-balancing on unix socket
|
||||
upstream php73 {
|
||||
least_conn;
|
||||
|
||||
server unix:/var/run/php/php73-sock-fpm.sock;
|
||||
server unix:/var/run/php/php73-sock-two-fpm.sock;
|
||||
|
||||
keepalive 5;
|
||||
}
|
||||
|
||||
upstream debug73 {
|
||||
# Debug Pool
|
||||
server 127.0.0.1:9173;
|
||||
}
|
||||
|
||||
##################
|
||||
# redis
|
||||
##################
|
||||
|
||||
upstream redis {
|
||||
server 127.0.0.1:6379;
|
||||
keepalive 10;
|
||||
}
|
||||
|
||||
##################
|
||||
# netdata
|
||||
##################
|
||||
|
||||
upstream netdata {
|
||||
server 127.0.0.1:19999;
|
||||
keepalive 64;
|
||||
}
|
|
@ -1,4 +0,0 @@
|
|||
map $http_accept $webp_suffix {
|
||||
default "";
|
||||
"~*webp" ".webp";
|
||||
}
|
|
@ -33,7 +33,7 @@ http
|
|||
|
||||
server_tokens off;
|
||||
reset_timedout_connection on;
|
||||
add_header X-Powered-By "EasyEngine v3.8.1 - Optimized by VirtuBox";
|
||||
add_header X-Powered-By "WordOps v3.9.4 - Optimized by VirtuBox";
|
||||
add_header rt-Fastcgi-Cache $upstream_cache_status;
|
||||
|
||||
# Limit Request
|
||||
|
@ -99,7 +99,6 @@ http
|
|||
more_set_headers "X-Content-Type-Options : nosniff";
|
||||
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
|
||||
more_set_headers "X-Download-Options : noopen";
|
||||
add_header Feature-Policy "geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;";
|
||||
|
||||
##
|
||||
# Basic Settings
|
||||
|
@ -150,4 +149,3 @@ http
|
|||
include /etc/nginx/conf.d/*.conf;
|
||||
include /etc/nginx/sites-enabled/*;
|
||||
}
|
||||
|
||||
|
|
|
@ -34,7 +34,7 @@ http
|
|||
|
||||
server_tokens off;
|
||||
reset_timedout_connection on;
|
||||
add_header X-Powered-By "EasyEngine v3.8.1 - Optimized by VirtuBox";
|
||||
add_header X-Powered-By "WordOps v3.9.4 - Optimized by VirtuBox";
|
||||
add_header rt-Fastcgi-Cache $upstream_cache_status;
|
||||
|
||||
# Limit Request
|
||||
|
@ -97,7 +97,7 @@ http
|
|||
more_set_headers "X-Content-Type-Options : nosniff";
|
||||
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
|
||||
more_set_headers "X-Download-Options : noopen";
|
||||
add_header Feature-Policy "geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;";
|
||||
|
||||
##
|
||||
# Basic Settings
|
||||
##
|
||||
|
|
|
@ -35,7 +35,7 @@ http
|
|||
|
||||
server_tokens off;
|
||||
reset_timedout_connection on;
|
||||
add_header X-Powered-By "EasyEngine v3.8.1 - Optimized by VirtuBox";
|
||||
add_header X-Powered-By "WordOps v3.9.4 - Optimized by VirtuBox";
|
||||
add_header rt-Fastcgi-Cache $upstream_cache_status;
|
||||
|
||||
# Limit Request
|
||||
|
@ -106,8 +106,7 @@ http
|
|||
more_set_headers "X-Content-Type-Options : nosniff";
|
||||
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
|
||||
more_set_headers "X-Download-Options : noopen";
|
||||
add_header Feature-Policy "geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;";
|
||||
|
||||
|
||||
##
|
||||
# Basic Settings
|
||||
##
|
||||
|
|
Chargement…
Référencer dans un nouveau ticket