virtubox
/
ubuntu-nginx-web-server
miroir de https://github.com/VirtuBox/ubuntu-nginx-web-server
1
0
Bifurcation 0
Code Tickets Publications Wiki Activité

remove useless section after wordops update

Cette révision appartient à :
VirtuBox 2019-03-19 13:47:45 +01:00
Parent 6cf34f6946
révision c0e6a456ce
20 fichiers modifiés avec 260 ajouts et 525 suppressions
Voir les Statistiques Télécharger le Fichier Patch Télécharger le Fichier des Différences Développer tous les fichiers Réduire tous les fichiers

203
README.md
Voir le fichier

@ -1,4 +1,4 @@
# Optimized configuration for Ubuntu server with WordOps
# Optimized configuration for WordOps running on Ubuntu server
## Server Stack
@ -12,19 +12,82 @@
- Netdata
- UFW
* * *
--------------------------------------------------------------------------------
![](https://img.shields.io/github/license/virtubox/ubuntu-nginx-web-server.svg?style=flat) ![last-commit](https://img.shields.io/github/last-commit/virtubox/ubuntu-nginx-web-server.svg?style=flat) ![stars](https://img.shields.io/github/stars/VirtuBox/ubuntu-nginx-web-server.svg?style=flat)
### Info
**As EasyEngine v3 will no longer receive any updates, configurations available in this repository are going to be updated for [WordOps](https://wordops.org/) (EEv3 fork).**
**As EasyEngine v3 will no longer receive any updates, configurations available in this repository are being updated for [WordOps](https://wordops.org/) (EEv3 fork).**
We are currently contributing to WordOps project to include the most part of custom configurations available in this repository
All previous configurations are still available in the branch [easyengine-v3](https://github.com/VirtuBox/ubuntu-nginx-web-server/tree/easyengine-v3).
To automate WordOps deployement, we have published a bash script [wo-nginx-setup](https://github.com/VirtuBox/wo-nginx-setup).
--------------------------------------------------------------------------------
* * *
- [Initial configuration](#initial-configuration)
- [System update and packages cleanup](#system-update-and-packages-cleanup)
- [Install useful packages](#install-useful-packages)
- [Clone the repository](#clone-the-repository)
- [Updating the repository](#updating-the-repository)
- [Tweak Kernel & Increase open files limits](#tweak-kernel--increase-open-files-limits)
- [disable transparent hugepage for redis](#disable-transparent-hugepage-for-redis)
- [WordOps Setup](#wordops-setup)
- [Install MariaDB 10.3](#install-mariadb-103)
- [MySQL Tuning](#mysql-tuning)
- [Increase MariaDB open files limits](#increase-mariadb-open-files-limits)
- [Setup cronjob to optimize your MySQL databases and repair them if needed](#setup-cronjob-to-optimize-your-mysql-databases-and-repair-them-if-needed)
- [Install WordOps](#install-wordops)
- [enable wo bash_completion](#enable-wo-bash_completion)
- [Install Nginx, php7.2, and configure WO backend](#install-nginx-php72-and-configure-wo-backend)
- [Set your email instead of root@localhost](#set-your-email-instead-of-rootlocalhost)
- [Install Composer - Fix phpmyadmin install issue](#install-composer---fix-phpmyadmin-install-issue)
- [Allow shell for www-data for SFTP usage](#allow-shell-for-www-data-for-sftp-usage)
- [Set the proper alternative for /usr/bin/php](#set-the-proper-alternative-for-usrbinphp)
- [NGINX Configuration](#nginx-configuration)
- [Additional Nginx configuration (/etc/nginx/conf.d)](#additional-nginx-configuration-etcnginxconfd)
- [WO common configuration](#wo-common-configuration)
- [Compile last Nginx mainline release with nginx-ee](#compile-last-nginx-mainline-release-with-nginx-ee-scripthttpsgithubcomvirtuboxnginx-ee)
- [Custom configurations](#custom-configurations)
- [Nginx optimized configurations](#nginx-optimized-configurations-choose-one-of-them)
- [Increase Nginx open files limits](#increase-nginx-open-files-limits)
- [Security](#security)
- [Harden SSH Security](#harden-ssh-security)
- [UFW](#ufw)
- [Custom jails for fail2ban](#custom-jails-for-fail2ban)
- [Secure Memcached server](#secure-memcached-server)
- [Optional](#optional)
- [proftpd](#proftpd)
- [Install proftpd](#install-proftpd)
- [Adding FTP users](#adding-ftp-users)
- [ee-acme-sh](#ee-acme-sh)
- [netdata](#netdata)
- [cht.sh (cheat)](#chtsh-cheat)
- [nanorc - Improved Nano Syntax Highlighting Files](#nanorc---improved-nano-syntax-highlighting-files)
- [Add WP-CLI & bash-completion for user www-data](#add-wp-cli--bash-completion-for-user-www-data)
- [Cleanup previous EasyEngine v3](#cleanup-previous-easyengine-v3)
- [Backup EEv3 configurations and files](#backup-eev3-configurations-and-files)
- [Remove EEv3 configurations and data](#remove-eev3-configurations-and-data)
- [Removing previous php versions](#removing-previous-php-versions)
--------------------------------------------------------------------------------
Configuration files with comments available by following the link **source**
@ -33,7 +96,7 @@ Configuration files with comments available by following the link **source**
### System update and packages cleanup
```bash
apt-get update && apt-get upgrade -y && apt-get autoremove --purge -y && apt-get clean
apt-get update && apt-get dist-upgrade -y && apt-get autoremove --purge -y && apt-get clean
```
### Install useful packages
@ -48,6 +111,12 @@ sudo apt-get install haveged curl git unzip zip fail2ban htop nload nmon ntp gnu
git clone https://github.com/VirtuBox/ubuntu-nginx-web-server.git $HOME/ubuntu-nginx-web-server
```
### Updating the repository
```bash
git -C $HOME/ubuntu-nginx-web-server pull origin master
```
### Tweak Kernel & Increase open files limits
[source sysctl.conf](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/sysctl.conf) - [limits.conf source](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/security/limits.conf)
@ -86,12 +155,14 @@ sudo bash -c 'echo -e "* hard nofile 500000\n* soft n
echo never > /sys/kernel/mm/transparent_hugepage/enabled
```
* * *
--------------------------------------------------------------------------------
## EasyEngine Setup
## WordOps Setup
### Install MariaDB 10.3
**WordOps already install MariaDB 10.3 by default, so this section isn't needed anymore**
Instructions available in [VirtuBox Knowledgebase](https://kb.virtubox.net/knowledgebase/install-latest-mariadb-release-easyengine/)
```bash
@ -153,7 +224,7 @@ Then add the following cronjob
# noninteractive install - you can replace $USER with your username & root@$HOSTNAME by your email
sudo bash -c 'echo -e "[user]\n\tname = $USER\n\temail = root@$HOSTNAME" > $HOME/.gitconfig'
wget -qO wo https://raw.githubusercontent.com/WordOps/WordOps/master/install && sudo bash wo
wget -qO wo wordops.se/tup && sudo bash wo
```
### enable wo bash_completion
@ -162,10 +233,11 @@ wget -qO wo https://raw.githubusercontent.com/WordOps/WordOps/master/install &&
source /etc/bash_completion.d/wo_auto.rc
```
### Install Nginx, php7.2, and configure WO backend
### Install Nginx, php7.2, php7.3, and configure WO backend
```bash
wo stack install
wo stack install --php73 --admin
```
### Set your email instead of root@localhost
@ -192,53 +264,9 @@ sudo -u www-data -H composer update -d /var/www/22222/htdocs/db/pma/
usermod -s /bin/bash www-data
```
## PHP 7.1 - 7.2 - 7.3 Setup
## Install PHP
### Install php7.1-fpm
```bash
# php7.1-fpm
apt update && apt install php7.1-fpm php7.1-cli php7.1-zip php7.1-opcache php7.1-mysql php7.1-mcrypt php7.1-mbstring php7.1-json php7.1-intl \
php7.1-gd php7.1-curl php7.1-bz2 php7.1-xml php7.1-tidy php7.1-soap php7.1-bcmath -y php7.1-xsl
# copy php-fpm pools & php.ini configuration
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.1/fpm/* /etc/php/7.1/fpm/
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.1/cli/* /etc/php/7.1/cli/
service php7.1-fpm restart
git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.1 configuration"
```
### Install php7.2-fpm
```bash
# php7.2-fpm
apt update && apt install php7.2-fpm php7.2-xml php7.2-bz2 php7.2-zip php7.2-mysql php7.2-intl php7.2-gd php7.2-curl php7.2-soap php7.2-mbstring php7.2-bcmath -y
# copy php-fpm pools & php.ini configuration
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.2/fpm/* /etc/php/7.2/fpm/
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.2/cli/* /etc/php/7.2/cli/
service php7.2-fpm restart
git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.2 configuration"
```
### Install php7.3-fpm
```bash
# php7.3-fpm
apt update && apt install php7.3-fpm php7.3-xml php7.3-bz2 php7.3-zip php7.3-mysql php7.3-intl php7.3-gd php7.3-curl php7.3-soap php7.3-mbstring php7.3-bcmath -y
# copy php-fpm pools & php.ini configuration
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.3/fpm/* /etc/php/7.3/fpm/
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.3/cli/* /etc/php/7.3/cli/
service php7.3-fpm restart
git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.3 configuration"
```
This section has been removed because WordOps already install PHP 7.2 & PHP 7.3 by default
### Set the proper alternative for /usr/bin/php
@ -267,9 +295,6 @@ Then you can check php version with command `php -v`
### Additional Nginx configuration (/etc/nginx/conf.d)
- New upstreams (php7.1, php7.2, php7.3, netdata and php via unix socket) : upstream.conf
- webp image mapping : webp.conf
- new fastcgi_cache_bypass mapping for wordpress : map-wp-fastcgi-cache.conf
- stub_status configuration on 127.0.0.1:80 : stub_status.conf
- restore visitor real IP under Cloudflare : cloudflare.conf
@ -283,8 +308,6 @@ git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update conf.
### WO common configuration
- mitigate WordPress DoS attack (wpcommon-phpX.conf)
- webp image conditional rewrite (wpcommon-phpX.conf)
- additional directives to prevent hack (locations-phpX.conf)
```bash
@ -294,17 +317,19 @@ cp -rf $HOME/ubuntu-nginx-web-server/etc/nginx/common/* /etc/nginx/common/
git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update common configurations"
```
### Compile last Nginx mainline release with [nginx-ee script](https://github.com/VirtuBox/nginx-ee)
### Compile the latest Nginx release with [nginx-ee](https://github.com/VirtuBox/nginx-ee)
```bash
bash <(wget -O - virtubox.net/nginx-ee || curl -sL virtubox.net/nginx-ee)
```
* * *
--------------------------------------------------------------------------------
## Custom configurations
### Nginx optimized configurations (choose one of them)
### Nginx optimized configurations
Choose one of them
```bash
# TLSv1.2 TLSv1.3 only (recommended)
@ -315,7 +340,9 @@ cp -f $HOME/ubuntu-nginx-web-server/etc/nginx/nginx.conf /etc/nginx/nginx-interm
# TLSv1.2 only
cp -f $HOME/ubuntu-nginx-web-server/etc/nginx/nginx.conf /etc/nginx/nginx-tlsv12.conf
```
```bash
# commit change with git
git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update nginx.conf configurations"
```
@ -340,15 +367,17 @@ sudo systemctl daemon-reload
sudo systemctl restart nginx.service
```
* * *
--------------------------------------------------------------------------------
## Security
### Harden SSH Security
WARNING : SSH Configuration with root login allowed using SSH keys only [source](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/ssh/sshd_config)
WARNING : SSH Configuration with root login allowed using SSH keys only [source](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/ssh/sshd_config)
cp -f $HOME/ubuntu-nginx-web-server/etc/ssh/sshd_config /etc/ssh/sshd_config
```
cp -f $HOME/ubuntu-nginx-web-server/etc/ssh/sshd_config /etc/ssh/sshd_config
```
### UFW
@ -409,7 +438,7 @@ sudo systemctl stop memcached
sudo systemctl disable memcached.service
```
* * *
--------------------------------------------------------------------------------
## Optional
@ -463,7 +492,7 @@ adduser --home /var/www/yourdomain.tld/ --shell /bin/false --ingroup www-data yo
chmod -R g+rw /var/www/yourdomain.tld
```
* * *
--------------------------------------------------------------------------------
### ee-acme-sh
@ -482,14 +511,13 @@ chmod +x install-ee-acme.sh
source .bashrc
```
* * *
--------------------------------------------------------------------------------
### netdata
[Github repository](https://github.com/firehol/netdata)
```bash
# save 40-60% of netdata memory
echo 1 >/sys/kernel/mm/ksm/run
echo 1000 >/sys/kernel/mm/ksm/sleep_millisecs
@ -509,7 +537,7 @@ sudo sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/' /usr/lib/netdata/conf.d/health
service netdata restart
```
* * *
--------------------------------------------------------------------------------
### cht.sh (cheat)
@ -545,7 +573,7 @@ root@vps:~ cheat cat
cat -n file
```
* * *
--------------------------------------------------------------------------------
### nanorc - Improved Nano Syntax Highlighting Files
@ -555,7 +583,7 @@ root@vps:~ cheat cat
wget https://raw.githubusercontent.com/scopatz/nanorc/master/install.sh -qO- | sh
```
* * *
--------------------------------------------------------------------------------
### Add WP-CLI & bash-completion for user www-data
@ -573,21 +601,32 @@ cp -f $HOME/ubuntu-nginx-web-server/var/www/.* /var/www/
chown www-data:www-data /var/www/{.profile,.bashrc}
```
### Custom Nginx error pages
## Cleanup previous EasyEngine v3
[Github Repository](https://github.com/alexphelps/server-error-pages)
Installation
### Backup EEv3 configurations and files
```bash
# clone the github repository
sudo -u www-data -H git clone https://github.com/alexphelps/server-error-pages.git /var/www/error
tar -I pigz -cvf $HOME/ee-backup.tar.gz /etc/ee /var/lib/ee /usr/lib/ee/templates
```
Then include this configuration in your nginx vhost by adding the following line
### Remove EEv3 configurations and data
```bash
include common/error_pages.conf;
# main ee directories
rm -rf /etc/ee /var/lib/ee /usr/lib/ee /usr/local/bin/ee /etc/bash_completion.d/ee_auto.rc
# python package
rm -rf /usr/local/lib/python3.6/dist-packages/ee-3.*
```
### Removing previous php versions
```bash
# php5.6
apt-get -y autoremove php5.6-fpm php5.6-common --purge
# php7.0
apt-get -y autoremove php7.0-fpm php7.0-common --purge
```
Published & maintained by [VirtuBox](https://virtubox.net)

202
docs/README.md
Voir le fichier

@ -1,4 +1,4 @@
# Optimized configuration for Ubuntu server with WordOps
# Optimized configuration for WordOps running on Ubuntu server
## Server Stack
@ -12,19 +12,81 @@
- Netdata
- UFW
* * *
--------------------------------------------------------------------------------
![](https://img.shields.io/github/license/virtubox/ubuntu-nginx-web-server.svg?style=flat) ![last-commit](https://img.shields.io/github/last-commit/virtubox/ubuntu-nginx-web-server.svg?style=flat) ![stars](https://img.shields.io/github/stars/VirtuBox/ubuntu-nginx-web-server.svg?style=flat)
### Info
**As EasyEngine v3 will no longer receive any updates, configurations available in this repository are going to be updated for [WordOps](https://wordops.org/) (EEv3 fork).**
**As EasyEngine v3 will no longer receive any updates, configurations available in this repository are being updated for [WordOps](https://wordops.org/) (EEv3 fork).**
We are currently contributing to WordOps project to include the most part of custom configurations available in this repository
All previous configurations are still available in the branch [easyengine-v3](https://github.com/VirtuBox/ubuntu-nginx-web-server/tree/easyengine-v3).
To automate WordOps deployement, we have published a bash script [wo-nginx-setup](https://github.com/VirtuBox/wo-nginx-setup).
--------------------------------------------------------------------------------
* * *
- [Initial configuration](#initial-configuration)
- [System update and packages cleanup](#system-update-and-packages-cleanup)
- [Install useful packages](#install-useful-packages)
- [Clone the repository](#clone-the-repository)
- [Updating the repository](#updating-the-repository)
- [Tweak Kernel & Increase open files limits](#tweak-kernel--increase-open-files-limits)
- [disable transparent hugepage for redis](#disable-transparent-hugepage-for-redis)
- [WordOps Setup](#wordops-setup)
- [Install MariaDB 10.3](#install-mariadb-103)
- [MySQL Tuning](#mysql-tuning)
- [Increase MariaDB open files limits](#increase-mariadb-open-files-limits)
- [Setup cronjob to optimize your MySQL databases and repair them if needed](#setup-cronjob-to-optimize-your-mysql-databases-and-repair-them-if-needed)
- [Install WordOps](#install-wordops)
- [enable wo bash_completion](#enable-wo-bash_completion)
- [Install Nginx, php7.2, and configure WO backend](#install-nginx-php72-and-configure-wo-backend)
- [Set your email instead of root@localhost](#set-your-email-instead-of-rootlocalhost)
- [Install Composer - Fix phpmyadmin install issue](#install-composer---fix-phpmyadmin-install-issue)
- [Allow shell for www-data for SFTP usage](#allow-shell-for-www-data-for-sftp-usage)
- [Set the proper alternative for /usr/bin/php](#set-the-proper-alternative-for-usrbinphp)
- [NGINX Configuration](#nginx-configuration)
- [Additional Nginx configuration (/etc/nginx/conf.d)](#additional-nginx-configuration-etcnginxconfd)
- [WO common configuration](#wo-common-configuration)
- [Compile last Nginx mainline release with nginx-ee](#compile-last-nginx-mainline-release-with-nginx-ee-scripthttpsgithubcomvirtuboxnginx-ee)
- [Custom configurations](#custom-configurations)
- [Nginx optimized configurations](#nginx-optimized-configurations-choose-one-of-them)
- [Increase Nginx open files limits](#increase-nginx-open-files-limits)
- [Security](#security)
- [Harden SSH Security](#harden-ssh-security)
- [UFW](#ufw)
- [Custom jails for fail2ban](#custom-jails-for-fail2ban)
- [Secure Memcached server](#secure-memcached-server)
- [Optional](#optional)
- [proftpd](#proftpd)
- [Install proftpd](#install-proftpd)
- [Adding FTP users](#adding-ftp-users)
- [ee-acme-sh](#ee-acme-sh)
- [netdata](#netdata)
- [cht.sh (cheat)](#chtsh-cheat)
- [nanorc - Improved Nano Syntax Highlighting Files](#nanorc---improved-nano-syntax-highlighting-files)
- [Add WP-CLI & bash-completion for user www-data](#add-wp-cli--bash-completion-for-user-www-data)
- [Cleanup previous EasyEngine v3](#cleanup-previous-easyengine-v3)
- [Backup EEv3 configurations and files](#backup-eev3-configurations-and-files)
- [Remove EEv3 configurations and data](#remove-eev3-configurations-and-data)
- [Removing previous php versions](#removing-previous-php-versions)
--------------------------------------------------------------------------------
Configuration files with comments available by following the link **source**
@ -33,7 +95,7 @@ Configuration files with comments available by following the link **source**
### System update and packages cleanup
```bash
apt-get update && apt-get upgrade -y && apt-get autoremove --purge -y && apt-get clean
apt-get update && apt-get dist-upgrade -y && apt-get autoremove --purge -y && apt-get clean
```
### Install useful packages
@ -48,6 +110,12 @@ sudo apt-get install haveged curl git unzip zip fail2ban htop nload nmon ntp gnu
git clone https://github.com/VirtuBox/ubuntu-nginx-web-server.git $HOME/ubuntu-nginx-web-server
```
### Updating the repository
```bash
git -C $HOME/ubuntu-nginx-web-server pull origin master
```
### Tweak Kernel & Increase open files limits
[source sysctl.conf](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/sysctl.conf) - [limits.conf source](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/security/limits.conf)
@ -86,12 +154,14 @@ sudo bash -c 'echo -e "* hard nofile 500000\n* soft n
echo never > /sys/kernel/mm/transparent_hugepage/enabled
```
* * *
--------------------------------------------------------------------------------
## EasyEngine Setup
## WordOps Setup
### Install MariaDB 10.3
**WordOps already install MariaDB 10.3 by default, so this section isn't needed anymore**
Instructions available in [VirtuBox Knowledgebase](https://kb.virtubox.net/knowledgebase/install-latest-mariadb-release-easyengine/)
```bash
@ -153,7 +223,7 @@ Then add the following cronjob
# noninteractive install - you can replace $USER with your username & root@$HOSTNAME by your email
sudo bash -c 'echo -e "[user]\n\tname = $USER\n\temail = root@$HOSTNAME" > $HOME/.gitconfig'
wget -qO wo https://raw.githubusercontent.com/WordOps/WordOps/master/install && sudo bash wo
wget -qO wo wordops.se/tup && sudo bash wo
```
### enable wo bash_completion
@ -162,10 +232,11 @@ wget -qO wo https://raw.githubusercontent.com/WordOps/WordOps/master/install &&
source /etc/bash_completion.d/wo_auto.rc
```
### Install Nginx, php7.2, and configure WO backend
### Install Nginx, php7.2, php7.3, and configure WO backend
```bash
wo stack install
wo stack install --php73 --admin
```
### Set your email instead of root@localhost
@ -192,53 +263,9 @@ sudo -u www-data -H composer update -d /var/www/22222/htdocs/db/pma/
usermod -s /bin/bash www-data
```
## PHP 7.1 - 7.2 - 7.3 Setup
## Install PHP
### Install php7.1-fpm
```bash
# php7.1-fpm
apt update && apt install php7.1-fpm php7.1-cli php7.1-zip php7.1-opcache php7.1-mysql php7.1-mcrypt php7.1-mbstring php7.1-json php7.1-intl \
php7.1-gd php7.1-curl php7.1-bz2 php7.1-xml php7.1-tidy php7.1-soap php7.1-bcmath -y php7.1-xsl
# copy php-fpm pools & php.ini configuration
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.1/fpm/* /etc/php/7.1/fpm/
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.1/cli/* /etc/php/7.1/cli/
service php7.1-fpm restart
git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.1 configuration"
```
### Install php7.2-fpm
```bash
# php7.2-fpm
apt update && apt install php7.2-fpm php7.2-xml php7.2-bz2 php7.2-zip php7.2-mysql php7.2-intl php7.2-gd php7.2-curl php7.2-soap php7.2-mbstring php7.2-bcmath -y
# copy php-fpm pools & php.ini configuration
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.2/fpm/* /etc/php/7.2/fpm/
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.2/cli/* /etc/php/7.2/cli/
service php7.2-fpm restart
git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.2 configuration"
```
### Install php7.3-fpm
```bash
# php7.3-fpm
apt update && apt install php7.3-fpm php7.3-xml php7.3-bz2 php7.3-zip php7.3-mysql php7.3-intl php7.3-gd php7.3-curl php7.3-soap php7.3-mbstring php7.3-bcmath -y
# copy php-fpm pools & php.ini configuration
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.3/fpm/* /etc/php/7.3/fpm/
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.3/cli/* /etc/php/7.3/cli/
service php7.3-fpm restart
git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.3 configuration"
```
This section has been removed because WordOps already install PHP 7.2 & PHP 7.3 by default
### Set the proper alternative for /usr/bin/php
@ -267,9 +294,6 @@ Then you can check php version with command `php -v`
### Additional Nginx configuration (/etc/nginx/conf.d)
- New upstreams (php7.1, php7.2, php7.3, netdata and php via unix socket) : upstream.conf
- webp image mapping : webp.conf
- new fastcgi_cache_bypass mapping for wordpress : map-wp-fastcgi-cache.conf
- stub_status configuration on 127.0.0.1:80 : stub_status.conf
- restore visitor real IP under Cloudflare : cloudflare.conf
@ -283,8 +307,6 @@ git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update conf.
### WO common configuration
- mitigate WordPress DoS attack (wpcommon-phpX.conf)
- webp image conditional rewrite (wpcommon-phpX.conf)
- additional directives to prevent hack (locations-phpX.conf)
```bash
@ -294,17 +316,19 @@ cp -rf $HOME/ubuntu-nginx-web-server/etc/nginx/common/* /etc/nginx/common/
git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update common configurations"
```
### Compile last Nginx mainline release with [nginx-ee script](https://github.com/VirtuBox/nginx-ee)
### Compile the latest Nginx release with [nginx-ee](https://github.com/VirtuBox/nginx-ee)
```bash
bash <(wget -O - virtubox.net/nginx-ee || curl -sL virtubox.net/nginx-ee)
```
* * *
--------------------------------------------------------------------------------
## Custom configurations
### Nginx optimized configurations (choose one of them)
### Nginx optimized configurations
Choose one of them
```bash
# TLSv1.2 TLSv1.3 only (recommended)
@ -315,7 +339,9 @@ cp -f $HOME/ubuntu-nginx-web-server/etc/nginx/nginx.conf /etc/nginx/nginx-interm
# TLSv1.2 only
cp -f $HOME/ubuntu-nginx-web-server/etc/nginx/nginx.conf /etc/nginx/nginx-tlsv12.conf
```
```bash
# commit change with git
git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update nginx.conf configurations"
```
@ -340,15 +366,17 @@ sudo systemctl daemon-reload
sudo systemctl restart nginx.service
```
* * *
--------------------------------------------------------------------------------
## Security
### Harden SSH Security
WARNING : SSH Configuration with root login allowed using SSH keys only [source](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/ssh/sshd_config)
WARNING : SSH Configuration with root login allowed using SSH keys only [source](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/ssh/sshd_config)
cp -f $HOME/ubuntu-nginx-web-server/etc/ssh/sshd_config /etc/ssh/sshd_config
```
cp -f $HOME/ubuntu-nginx-web-server/etc/ssh/sshd_config /etc/ssh/sshd_config
```
### UFW
@ -409,7 +437,7 @@ sudo systemctl stop memcached
sudo systemctl disable memcached.service
```
* * *
--------------------------------------------------------------------------------
## Optional
@ -463,7 +491,7 @@ adduser --home /var/www/yourdomain.tld/ --shell /bin/false --ingroup www-data yo
chmod -R g+rw /var/www/yourdomain.tld
```
* * *
--------------------------------------------------------------------------------
### ee-acme-sh
@ -482,14 +510,13 @@ chmod +x install-ee-acme.sh
source .bashrc
```
* * *
--------------------------------------------------------------------------------
### netdata
[Github repository](https://github.com/firehol/netdata)
```bash
# save 40-60% of netdata memory
echo 1 >/sys/kernel/mm/ksm/run
echo 1000 >/sys/kernel/mm/ksm/sleep_millisecs
@ -509,7 +536,7 @@ sudo sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/' /usr/lib/netdata/conf.d/health
service netdata restart
```
* * *
--------------------------------------------------------------------------------
### cht.sh (cheat)
@ -545,7 +572,7 @@ root@vps:~ cheat cat
cat -n file
```
* * *
--------------------------------------------------------------------------------
### nanorc - Improved Nano Syntax Highlighting Files
@ -555,7 +582,7 @@ root@vps:~ cheat cat
wget https://raw.githubusercontent.com/scopatz/nanorc/master/install.sh -qO- | sh
```
* * *
--------------------------------------------------------------------------------
### Add WP-CLI & bash-completion for user www-data
@ -573,21 +600,32 @@ cp -f $HOME/ubuntu-nginx-web-server/var/www/.* /var/www/
chown www-data:www-data /var/www/{.profile,.bashrc}
```
### Custom Nginx error pages
## Cleanup previous EasyEngine v3
[Github Repository](https://github.com/alexphelps/server-error-pages)
Installation
### Backup EEv3 configurations and files
```bash
# clone the github repository
sudo -u www-data -H git clone https://github.com/alexphelps/server-error-pages.git /var/www/error
tar -I pigz -cvf $HOME/ee-backup.tar.gz /etc/ee /var/lib/ee /usr/lib/ee/templates
```
Then include this configuration in your nginx vhost by adding the following line
### Remove EEv3 configurations and data
```bash
include common/error_pages.conf;
# main ee directories
rm -rf /etc/ee /var/lib/ee /usr/lib/ee /usr/local/bin/ee /etc/bash_completion.d/ee_auto.rc
# python package
rm -rf /usr/local/lib/python3.6/dist-packages/ee-3.*
```
### Removing previous php versions
```bash
# php5.6
apt-get -y autoremove php5.6-fpm php5.6-common --purge
# php7.0
apt-get -y autoremove php7.0-fpm php7.0-common --purge
```
Published & maintained by [VirtuBox](https://virtubox.net)

12
etc/cron.weekly/wo-maintenance Fichier normal
Voir le fichier

@ -0,0 +1,12 @@
#!/bin/sh
# update wp-cli
[ -x /usr/bin/wp ] && {
/usr/bin/wp cli update --yes --allow-root
} > /dev/null 2>&1
# optimize mysql databases
if [ -x /usr/bin/mysqlcheck ] && [ -f /root/.my.cnf ]; then
/usr/bin/mysqlcheck -Aos --auto-repair > /dev/null 2>&1
fi

16
etc/nginx/common/error_pages.conf
Voir le fichier

@ -1,16 +0,0 @@
error_page 400 /400-error.html;
error_page 401 /401-error.html;
error_page 403 /403-error.html;
error_page 404 /404-error.html;
error_page 500 /500-error.html;
error_page 503 /503-error.html;
error_page 504 /504-error.html;
location ~ /(.*)-error.html {
try_files $1-error.html @error;
internal;
}
location @error {
root /var/www/error/_site;
}

1
etc/nginx/common/ocsp.conf
Voir le fichier

@ -1,4 +1,3 @@
##OCSP settings
ssl_stapling on;
ssl_stapling_verify on;
#ssl_trusted_certificate /etc/ssl/private/ocsp-certs.pem; # <- Add signing certs here

10
etc/nginx/common/php72-tcp.conf
Voir le fichier

@ -1,10 +0,0 @@
# PHP NGINX CONFIGURATION
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass php72-tcp;
}

10
etc/nginx/common/php73.conf
Voir le fichier

@ -1,10 +0,0 @@
# PHP NGINX CONFIGURATION
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass php73;
}

56
etc/nginx/common/redis-php72.conf
Voir le fichier

@ -1,56 +0,0 @@
# Redis NGINX CONFIGURATION
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
set $skip_cache 0;
# POST requests and URL with a query string should always go to php
if ($request_method = POST) {
set $skip_cache 1;
}
if ($query_string != "") {
set $skip_cache 1;
}
# Don't cache URL containing the following segments
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") {
set $skip_cache 1;
}
# Don't use the cache for logged in users or recent commenter or customer with items in cart
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") {
set $skip_cache 1;
}
# Use cached or actual file if they exists, Otherwise pass request to WordPress
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location /redis-fetch {
internal ;
set $redis_key $args;
redis_pass redis;
}
location /redis-store {
internal ;
set_unescape_uri $key $arg_key ;
redis2_query set $key $echo_request_body;
redis2_query expire $key 14400;
redis2_pass redis;
}
location ~ \.php$ {
set $key "nginx-cache:$scheme$request_method$host$request_uri";
try_files $uri =404;
srcache_fetch_skip $skip_cache;
srcache_store_skip $skip_cache;
srcache_response_cache_control off;
set_escape_uri $escaped_key $key;
srcache_fetch GET /redis-fetch $key;
srcache_store PUT /redis-store key=$escaped_key;
more_set_headers 'X-SRCache-Fetch-Status $srcache_fetch_status';
more_set_headers 'X-SRCache-Store-Status $srcache_store_status';
include fastcgi_params;
fastcgi_pass php72;
}

31
etc/nginx/common/w3tc-php72.conf
Voir le fichier

@ -1,31 +0,0 @@
# W3TC NGINX CONFIGURATION
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
set $cache_uri $request_uri;
# POST requests and URL with a query string should always go to php
if ($request_method = POST) {
set $cache_uri 'null cache';
}
if ($query_string != "") {
set $cache_uri 'null cache';
}
# Don't cache URL containing the following segments
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") {
set $cache_uri 'null cache';
}
# Don't use the cache for logged in users or recent commenter or customer with items in cart
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") {
set $cache_uri 'null cache';
}
# Use cached or actual file if they exists, Otherwise pass request to WordPress
location / {
try_files /wp-content/cache/page_enhanced/${host}${cache_uri}_index.html $uri $uri/ /index.php$is_args$args;
}
location ~ ^/wp-content/cache/minify/(.+\.(css|js))$ {
try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1;
}
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass php72;
}

25
etc/nginx/common/wp-fcgi-cache-php72.conf
Voir le fichier

@ -1,25 +0,0 @@
# wordpress fastcgi cache configuration
add_header X-fastcgi-cache $upstream_cache_status;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass php72;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache WORDPRESS;
fastcgi_cache_valid 200 60m;
}
location ~ /purge(/.*) {
fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1";
access_log off;
}

37
etc/nginx/common/wpfc-php72.conf
Voir le fichier

@ -1,37 +0,0 @@
# WPFC NGINX CONFIGURATION
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
set $skip_cache 0;
# POST requests and URL with a query string should always go to php
if ($request_method = POST) {
set $skip_cache 1;
}
if ($query_string != "") {
set $skip_cache 1;
}
# Don't cache URL containing the following segments
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") {
set $skip_cache 1;
}
# Don't use the cache for logged in users or recent commenter or customer with items in cart
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") {
set $skip_cache 1;
}
# Use cached or actual file if they exists, Otherwise pass request to WordPress
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ ^/wp-content/cache/minify/(.+\.(css|js))$ {
try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1;
}
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass php72;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache WORDPRESS;
}
location ~ /purge(/.*) {
fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1";
access_log off;
}

31
etc/nginx/common/wpsc-php72.conf
Voir le fichier

@ -1,31 +0,0 @@
# WPSC NGINX CONFIGURATION
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
set $cache_uri $request_uri;
# POST requests and URL with a query string should always go to php
if ($request_method = POST) {
set $cache_uri 'null cache';
}
if ($query_string != "") {
set $cache_uri 'null cache';
}
# Don't cache URL containing the following segments
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") {
set $cache_uri 'null cache';
}
# Don't use the cache for logged in users or recent commenter or customer with items in cart
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") {
set $cache_uri 'null cache';
}
# Use cached or actual file if they exists, Otherwise pass request to WordPress
location / {
# If we add index.php?$args its break WooCommerce like plugins
# Ref: #330
try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php;
}
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass php72;
# Following line is needed by WP Super Cache plugin
fastcgi_param SERVER_NAME $http_host;
}

4
etc/nginx/conf.d/fastcgi.conf
Voir le fichier

@ -19,5 +19,5 @@ fastcgi_cache_lock on;
fastcgi_cache_lock_age 1s;
fastcgi_cache_lock_timeout 3s;
# comment the following line if you run nginx < 1.15.6
fastcgi_socket_keepalive on;
# uncomment the following line if you run nginx 1.15.6 or earlier
# fastcgi_socket_keepalive on;

36
etc/nginx/conf.d/map-wp-fastcgi-cache.conf
Voir le fichier

@ -1,36 +0,0 @@
map $http_x_requested_with $http_request_no_cache {
default 0;
XMLHttpRequest 1;
}
map $http_cookie $cookie_no_cache {
default 0;
"~*wordpress_[a-f0-9]+" 1;
"~*wp-postpass" 1;
"~*wordpress_logged_in" 1;
"~*wordpress_no_cache" 1;
"~*comment_author" 1;
"~*woocommerce_items_in_cart" 1;
"~*woocommerce_cart_hash" 1;
"~*wptouch_switch_toogle" 1;
"~*comment_author_email_" 1;
}
map $request_uri $uri_no_cache {
default 0;
"~*/wp-admin/" 1;
"~*/wp-[a-zA-Z0-9-]+.php" 1;
"~*/feed/" 1;
"~*/index.php" 1;
"~*/[a-z0-9_-]+-sitemap([0-9]+)?.xml" 1;
"~*/sitemap(_index)?.xml" 1;
"~*/wp-comments-popup.php" 1;
"~*/wp-links-opml.php" 1;
"~*/xmlrpc.php" 1;
}
map $is_args $query_no_cache {
default 1;
"" 0;
}
map $http_request_no_cache$cookie_no_cache$uri_no_cache$query_no_cache $skip_cache {
default 1;
0000 0;
}

3
etc/nginx/conf.d/stub_status.conf
Voir le fichier

@ -1,8 +1,5 @@
upstream phpstatus {
server 127.0.0.1:9000;
server unix:/run/php/php7.2-fpm.sock;
server 127.0.0.1:9090;
server unix:/run/php72-fpm.sock;
}
server {

91
etc/nginx/conf.d/upstream.conf
Voir le fichier

@ -1,91 +0,0 @@
# Common upstream settings
# php5.6 & php7.0 are replaced by php7.2
##################
# php5.6-fpm
##################
upstream php {
least_conn;
server unix:/var/run/php/php72-fpm.sock;
server unix:/var/run/php/php72-sock-two-fpm.sock;
keepalive 5;
}
upstream debug {
# Debug Pool
server 127.0.0.1:9001;
}
##################
# php7.0-fpm
##################
# load-balancing on unix socket
upstream php7 {
least_conn;
server unix:/var/run/php/php72-fpm.sock;
server unix:/var/run/php/php72-sock-two-fpm.sock;
keepalive 5;
}
##################
# php7.2-fpm
##################
# load-balancing on unix socket
upstream php72 {
least_conn;
server unix:/var/run/php/php72-sock-fpm.sock;
server unix:/var/run/php/php72-sock-two-fpm.sock;
keepalive 5;
}
# PHP 7.2 debug
upstream debug72 {
# Debug Pool
server 127.0.0.1:9172;
}
##################
# php7.3-fpm
##################
# load-balancing on unix socket
upstream php73 {
least_conn;
server unix:/var/run/php/php73-sock-fpm.sock;
server unix:/var/run/php/php73-sock-two-fpm.sock;
keepalive 5;
}
upstream debug73 {
# Debug Pool
server 127.0.0.1:9173;
}
##################
# redis
##################
upstream redis {
server 127.0.0.1:6379;
keepalive 10;
}
##################
# netdata
##################
upstream netdata {
server 127.0.0.1:19999;
keepalive 64;
}

4
etc/nginx/conf.d/webp.conf
Voir le fichier

@ -1,4 +0,0 @@
map $http_accept $webp_suffix {
default "";
"~*webp" ".webp";
}

4
etc/nginx/nginx-intermediate.conf
Voir le fichier

@ -33,7 +33,7 @@ http
server_tokens off;
reset_timedout_connection on;
add_header X-Powered-By "EasyEngine v3.8.1 - Optimized by VirtuBox";
add_header X-Powered-By "WordOps v3.9.4 - Optimized by VirtuBox";
add_header rt-Fastcgi-Cache $upstream_cache_status;
# Limit Request
@ -99,7 +99,6 @@ http
more_set_headers "X-Content-Type-Options : nosniff";
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
more_set_headers "X-Download-Options : noopen";
add_header Feature-Policy "geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;";
##
# Basic Settings
@ -150,4 +149,3 @@ http
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}

4
etc/nginx/nginx-tlsv12.conf
Voir le fichier

@ -34,7 +34,7 @@ http
server_tokens off;
reset_timedout_connection on;
add_header X-Powered-By "EasyEngine v3.8.1 - Optimized by VirtuBox";
add_header X-Powered-By "WordOps v3.9.4 - Optimized by VirtuBox";
add_header rt-Fastcgi-Cache $upstream_cache_status;
# Limit Request
@ -97,7 +97,7 @@ http
more_set_headers "X-Content-Type-Options : nosniff";
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
more_set_headers "X-Download-Options : noopen";
add_header Feature-Policy "geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;";
##
# Basic Settings
##

5
etc/nginx/nginx.conf
Voir le fichier

@ -35,7 +35,7 @@ http
server_tokens off;
reset_timedout_connection on;
add_header X-Powered-By "EasyEngine v3.8.1 - Optimized by VirtuBox";
add_header X-Powered-By "WordOps v3.9.4 - Optimized by VirtuBox";
add_header rt-Fastcgi-Cache $upstream_cache_status;
# Limit Request
@ -106,8 +106,7 @@ http
more_set_headers "X-Content-Type-Options : nosniff";
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
more_set_headers "X-Download-Options : noopen";
add_header Feature-Policy "geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;";
##
# Basic Settings
##