remove useless section after wordops update
This commit is contained in:
parent
6cf34f6946
commit
c0e6a456ce
203
README.md
203
README.md
|
@ -1,4 +1,4 @@
|
||||||
# Optimized configuration for Ubuntu server with WordOps
|
# Optimized configuration for WordOps running on Ubuntu server
|
||||||
|
|
||||||
## Server Stack
|
## Server Stack
|
||||||
|
|
||||||
|
@ -12,19 +12,82 @@
|
||||||
- Netdata
|
- Netdata
|
||||||
- UFW
|
- UFW
|
||||||
|
|
||||||
* * *
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
![](https://img.shields.io/github/license/virtubox/ubuntu-nginx-web-server.svg?style=flat) ![last-commit](https://img.shields.io/github/last-commit/virtubox/ubuntu-nginx-web-server.svg?style=flat) ![stars](https://img.shields.io/github/stars/VirtuBox/ubuntu-nginx-web-server.svg?style=flat)
|
![](https://img.shields.io/github/license/virtubox/ubuntu-nginx-web-server.svg?style=flat) ![last-commit](https://img.shields.io/github/last-commit/virtubox/ubuntu-nginx-web-server.svg?style=flat) ![stars](https://img.shields.io/github/stars/VirtuBox/ubuntu-nginx-web-server.svg?style=flat)
|
||||||
|
|
||||||
### Info
|
### Info
|
||||||
|
|
||||||
**As EasyEngine v3 will no longer receive any updates, configurations available in this repository are going to be updated for [WordOps](https://wordops.org/) (EEv3 fork).**
|
**As EasyEngine v3 will no longer receive any updates, configurations available in this repository are being updated for [WordOps](https://wordops.org/) (EEv3 fork).**
|
||||||
|
|
||||||
|
We are currently contributing to WordOps project to include the most part of custom configurations available in this repository
|
||||||
|
|
||||||
All previous configurations are still available in the branch [easyengine-v3](https://github.com/VirtuBox/ubuntu-nginx-web-server/tree/easyengine-v3).
|
All previous configurations are still available in the branch [easyengine-v3](https://github.com/VirtuBox/ubuntu-nginx-web-server/tree/easyengine-v3).
|
||||||
|
|
||||||
To automate WordOps deployement, we have published a bash script [wo-nginx-setup](https://github.com/VirtuBox/wo-nginx-setup).
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
* * *
|
- [Initial configuration](#initial-configuration)
|
||||||
|
|
||||||
|
- [System update and packages cleanup](#system-update-and-packages-cleanup)
|
||||||
|
- [Install useful packages](#install-useful-packages)
|
||||||
|
- [Clone the repository](#clone-the-repository)
|
||||||
|
- [Updating the repository](#updating-the-repository)
|
||||||
|
- [Tweak Kernel & Increase open files limits](#tweak-kernel--increase-open-files-limits)
|
||||||
|
- [disable transparent hugepage for redis](#disable-transparent-hugepage-for-redis)
|
||||||
|
|
||||||
|
- [WordOps Setup](#wordops-setup)
|
||||||
|
|
||||||
|
- [Install MariaDB 10.3](#install-mariadb-103)
|
||||||
|
- [MySQL Tuning](#mysql-tuning)
|
||||||
|
- [Increase MariaDB open files limits](#increase-mariadb-open-files-limits)
|
||||||
|
- [Setup cronjob to optimize your MySQL databases and repair them if needed](#setup-cronjob-to-optimize-your-mysql-databases-and-repair-them-if-needed)
|
||||||
|
|
||||||
|
- [Install WordOps](#install-wordops)
|
||||||
|
|
||||||
|
- [enable wo bash_completion](#enable-wo-bash_completion)
|
||||||
|
- [Install Nginx, php7.2, and configure WO backend](#install-nginx-php72-and-configure-wo-backend)
|
||||||
|
- [Set your email instead of root@localhost](#set-your-email-instead-of-rootlocalhost)
|
||||||
|
- [Install Composer - Fix phpmyadmin install issue](#install-composer---fix-phpmyadmin-install-issue)
|
||||||
|
- [Allow shell for www-data for SFTP usage](#allow-shell-for-www-data-for-sftp-usage)
|
||||||
|
- [Set the proper alternative for /usr/bin/php](#set-the-proper-alternative-for-usrbinphp)
|
||||||
|
|
||||||
|
- [NGINX Configuration](#nginx-configuration)
|
||||||
|
|
||||||
|
- [Additional Nginx configuration (/etc/nginx/conf.d)](#additional-nginx-configuration-etcnginxconfd)
|
||||||
|
- [WO common configuration](#wo-common-configuration)
|
||||||
|
- [Compile last Nginx mainline release with nginx-ee](#compile-last-nginx-mainline-release-with-nginx-ee-scripthttpsgithubcomvirtuboxnginx-ee)
|
||||||
|
- [Custom configurations](#custom-configurations)
|
||||||
|
- [Nginx optimized configurations](#nginx-optimized-configurations-choose-one-of-them)
|
||||||
|
- [Increase Nginx open files limits](#increase-nginx-open-files-limits)
|
||||||
|
|
||||||
|
- [Security](#security)
|
||||||
|
|
||||||
|
- [Harden SSH Security](#harden-ssh-security)
|
||||||
|
- [UFW](#ufw)
|
||||||
|
- [Custom jails for fail2ban](#custom-jails-for-fail2ban)
|
||||||
|
- [Secure Memcached server](#secure-memcached-server)
|
||||||
|
|
||||||
|
- [Optional](#optional)
|
||||||
|
|
||||||
|
- [proftpd](#proftpd)
|
||||||
|
|
||||||
|
- [Install proftpd](#install-proftpd)
|
||||||
|
- [Adding FTP users](#adding-ftp-users)
|
||||||
|
|
||||||
|
- [ee-acme-sh](#ee-acme-sh)
|
||||||
|
|
||||||
|
- [netdata](#netdata)
|
||||||
|
- [cht.sh (cheat)](#chtsh-cheat)
|
||||||
|
- [nanorc - Improved Nano Syntax Highlighting Files](#nanorc---improved-nano-syntax-highlighting-files)
|
||||||
|
- [Add WP-CLI & bash-completion for user www-data](#add-wp-cli--bash-completion-for-user-www-data)
|
||||||
|
|
||||||
|
- [Cleanup previous EasyEngine v3](#cleanup-previous-easyengine-v3)
|
||||||
|
|
||||||
|
- [Backup EEv3 configurations and files](#backup-eev3-configurations-and-files)
|
||||||
|
- [Remove EEv3 configurations and data](#remove-eev3-configurations-and-data)
|
||||||
|
- [Removing previous php versions](#removing-previous-php-versions)
|
||||||
|
|
||||||
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
Configuration files with comments available by following the link **source**
|
Configuration files with comments available by following the link **source**
|
||||||
|
|
||||||
|
@ -33,7 +96,7 @@ Configuration files with comments available by following the link **source**
|
||||||
### System update and packages cleanup
|
### System update and packages cleanup
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
apt-get update && apt-get upgrade -y && apt-get autoremove --purge -y && apt-get clean
|
apt-get update && apt-get dist-upgrade -y && apt-get autoremove --purge -y && apt-get clean
|
||||||
```
|
```
|
||||||
|
|
||||||
### Install useful packages
|
### Install useful packages
|
||||||
|
@ -48,6 +111,12 @@ sudo apt-get install haveged curl git unzip zip fail2ban htop nload nmon ntp gnu
|
||||||
git clone https://github.com/VirtuBox/ubuntu-nginx-web-server.git $HOME/ubuntu-nginx-web-server
|
git clone https://github.com/VirtuBox/ubuntu-nginx-web-server.git $HOME/ubuntu-nginx-web-server
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Updating the repository
|
||||||
|
|
||||||
|
```bash
|
||||||
|
git -C $HOME/ubuntu-nginx-web-server pull origin master
|
||||||
|
```
|
||||||
|
|
||||||
### Tweak Kernel & Increase open files limits
|
### Tweak Kernel & Increase open files limits
|
||||||
|
|
||||||
[source sysctl.conf](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/sysctl.conf) - [limits.conf source](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/security/limits.conf)
|
[source sysctl.conf](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/sysctl.conf) - [limits.conf source](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/security/limits.conf)
|
||||||
|
@ -86,12 +155,14 @@ sudo bash -c 'echo -e "* hard nofile 500000\n* soft n
|
||||||
echo never > /sys/kernel/mm/transparent_hugepage/enabled
|
echo never > /sys/kernel/mm/transparent_hugepage/enabled
|
||||||
```
|
```
|
||||||
|
|
||||||
* * *
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
## EasyEngine Setup
|
## WordOps Setup
|
||||||
|
|
||||||
### Install MariaDB 10.3
|
### Install MariaDB 10.3
|
||||||
|
|
||||||
|
**WordOps already install MariaDB 10.3 by default, so this section isn't needed anymore**
|
||||||
|
|
||||||
Instructions available in [VirtuBox Knowledgebase](https://kb.virtubox.net/knowledgebase/install-latest-mariadb-release-easyengine/)
|
Instructions available in [VirtuBox Knowledgebase](https://kb.virtubox.net/knowledgebase/install-latest-mariadb-release-easyengine/)
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
|
@ -153,7 +224,7 @@ Then add the following cronjob
|
||||||
# noninteractive install - you can replace $USER with your username & root@$HOSTNAME by your email
|
# noninteractive install - you can replace $USER with your username & root@$HOSTNAME by your email
|
||||||
sudo bash -c 'echo -e "[user]\n\tname = $USER\n\temail = root@$HOSTNAME" > $HOME/.gitconfig'
|
sudo bash -c 'echo -e "[user]\n\tname = $USER\n\temail = root@$HOSTNAME" > $HOME/.gitconfig'
|
||||||
|
|
||||||
wget -qO wo https://raw.githubusercontent.com/WordOps/WordOps/master/install && sudo bash wo
|
wget -qO wo wordops.se/tup && sudo bash wo
|
||||||
```
|
```
|
||||||
|
|
||||||
### enable wo bash_completion
|
### enable wo bash_completion
|
||||||
|
@ -162,10 +233,11 @@ wget -qO wo https://raw.githubusercontent.com/WordOps/WordOps/master/install &&
|
||||||
source /etc/bash_completion.d/wo_auto.rc
|
source /etc/bash_completion.d/wo_auto.rc
|
||||||
```
|
```
|
||||||
|
|
||||||
### Install Nginx, php7.2, and configure WO backend
|
### Install Nginx, php7.2, php7.3, and configure WO backend
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
wo stack install
|
wo stack install
|
||||||
|
wo stack install --php73 --admin
|
||||||
```
|
```
|
||||||
|
|
||||||
### Set your email instead of root@localhost
|
### Set your email instead of root@localhost
|
||||||
|
@ -192,53 +264,9 @@ sudo -u www-data -H composer update -d /var/www/22222/htdocs/db/pma/
|
||||||
usermod -s /bin/bash www-data
|
usermod -s /bin/bash www-data
|
||||||
```
|
```
|
||||||
|
|
||||||
## PHP 7.1 - 7.2 - 7.3 Setup
|
## Install PHP
|
||||||
|
|
||||||
### Install php7.1-fpm
|
This section has been removed because WordOps already install PHP 7.2 & PHP 7.3 by default
|
||||||
|
|
||||||
```bash
|
|
||||||
# php7.1-fpm
|
|
||||||
apt update && apt install php7.1-fpm php7.1-cli php7.1-zip php7.1-opcache php7.1-mysql php7.1-mcrypt php7.1-mbstring php7.1-json php7.1-intl \
|
|
||||||
php7.1-gd php7.1-curl php7.1-bz2 php7.1-xml php7.1-tidy php7.1-soap php7.1-bcmath -y php7.1-xsl
|
|
||||||
|
|
||||||
# copy php-fpm pools & php.ini configuration
|
|
||||||
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.1/fpm/* /etc/php/7.1/fpm/
|
|
||||||
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.1/cli/* /etc/php/7.1/cli/
|
|
||||||
service php7.1-fpm restart
|
|
||||||
|
|
||||||
git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.1 configuration"
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
### Install php7.2-fpm
|
|
||||||
|
|
||||||
```bash
|
|
||||||
# php7.2-fpm
|
|
||||||
apt update && apt install php7.2-fpm php7.2-xml php7.2-bz2 php7.2-zip php7.2-mysql php7.2-intl php7.2-gd php7.2-curl php7.2-soap php7.2-mbstring php7.2-bcmath -y
|
|
||||||
|
|
||||||
# copy php-fpm pools & php.ini configuration
|
|
||||||
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.2/fpm/* /etc/php/7.2/fpm/
|
|
||||||
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.2/cli/* /etc/php/7.2/cli/
|
|
||||||
service php7.2-fpm restart
|
|
||||||
|
|
||||||
git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.2 configuration"
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
### Install php7.3-fpm
|
|
||||||
|
|
||||||
```bash
|
|
||||||
# php7.3-fpm
|
|
||||||
apt update && apt install php7.3-fpm php7.3-xml php7.3-bz2 php7.3-zip php7.3-mysql php7.3-intl php7.3-gd php7.3-curl php7.3-soap php7.3-mbstring php7.3-bcmath -y
|
|
||||||
|
|
||||||
# copy php-fpm pools & php.ini configuration
|
|
||||||
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.3/fpm/* /etc/php/7.3/fpm/
|
|
||||||
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.3/cli/* /etc/php/7.3/cli/
|
|
||||||
service php7.3-fpm restart
|
|
||||||
|
|
||||||
git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.3 configuration"
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
### Set the proper alternative for /usr/bin/php
|
### Set the proper alternative for /usr/bin/php
|
||||||
|
|
||||||
|
@ -267,9 +295,6 @@ Then you can check php version with command `php -v`
|
||||||
|
|
||||||
### Additional Nginx configuration (/etc/nginx/conf.d)
|
### Additional Nginx configuration (/etc/nginx/conf.d)
|
||||||
|
|
||||||
- New upstreams (php7.1, php7.2, php7.3, netdata and php via unix socket) : upstream.conf
|
|
||||||
- webp image mapping : webp.conf
|
|
||||||
- new fastcgi_cache_bypass mapping for wordpress : map-wp-fastcgi-cache.conf
|
|
||||||
- stub_status configuration on 127.0.0.1:80 : stub_status.conf
|
- stub_status configuration on 127.0.0.1:80 : stub_status.conf
|
||||||
- restore visitor real IP under Cloudflare : cloudflare.conf
|
- restore visitor real IP under Cloudflare : cloudflare.conf
|
||||||
|
|
||||||
|
@ -283,8 +308,6 @@ git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update conf.
|
||||||
|
|
||||||
### WO common configuration
|
### WO common configuration
|
||||||
|
|
||||||
- mitigate WordPress DoS attack (wpcommon-phpX.conf)
|
|
||||||
- webp image conditional rewrite (wpcommon-phpX.conf)
|
|
||||||
- additional directives to prevent hack (locations-phpX.conf)
|
- additional directives to prevent hack (locations-phpX.conf)
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
|
@ -294,17 +317,19 @@ cp -rf $HOME/ubuntu-nginx-web-server/etc/nginx/common/* /etc/nginx/common/
|
||||||
git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update common configurations"
|
git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update common configurations"
|
||||||
```
|
```
|
||||||
|
|
||||||
### Compile last Nginx mainline release with [nginx-ee script](https://github.com/VirtuBox/nginx-ee)
|
### Compile the latest Nginx release with [nginx-ee](https://github.com/VirtuBox/nginx-ee)
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
bash <(wget -O - virtubox.net/nginx-ee || curl -sL virtubox.net/nginx-ee)
|
bash <(wget -O - virtubox.net/nginx-ee || curl -sL virtubox.net/nginx-ee)
|
||||||
```
|
```
|
||||||
|
|
||||||
* * *
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
## Custom configurations
|
## Custom configurations
|
||||||
|
|
||||||
### Nginx optimized configurations (choose one of them)
|
### Nginx optimized configurations
|
||||||
|
|
||||||
|
Choose one of them
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# TLSv1.2 TLSv1.3 only (recommended)
|
# TLSv1.2 TLSv1.3 only (recommended)
|
||||||
|
@ -315,7 +340,9 @@ cp -f $HOME/ubuntu-nginx-web-server/etc/nginx/nginx.conf /etc/nginx/nginx-interm
|
||||||
|
|
||||||
# TLSv1.2 only
|
# TLSv1.2 only
|
||||||
cp -f $HOME/ubuntu-nginx-web-server/etc/nginx/nginx.conf /etc/nginx/nginx-tlsv12.conf
|
cp -f $HOME/ubuntu-nginx-web-server/etc/nginx/nginx.conf /etc/nginx/nginx-tlsv12.conf
|
||||||
|
```
|
||||||
|
|
||||||
|
```bash
|
||||||
# commit change with git
|
# commit change with git
|
||||||
git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update nginx.conf configurations"
|
git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update nginx.conf configurations"
|
||||||
```
|
```
|
||||||
|
@ -340,15 +367,17 @@ sudo systemctl daemon-reload
|
||||||
sudo systemctl restart nginx.service
|
sudo systemctl restart nginx.service
|
||||||
```
|
```
|
||||||
|
|
||||||
* * *
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
## Security
|
## Security
|
||||||
|
|
||||||
### Harden SSH Security
|
### Harden SSH Security
|
||||||
|
|
||||||
WARNING : SSH Configuration with root login allowed using SSH keys only [source](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/ssh/sshd_config)
|
WARNING : SSH Configuration with root login allowed using SSH keys only [source](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/ssh/sshd_config)
|
||||||
|
|
||||||
cp -f $HOME/ubuntu-nginx-web-server/etc/ssh/sshd_config /etc/ssh/sshd_config
|
```
|
||||||
|
cp -f $HOME/ubuntu-nginx-web-server/etc/ssh/sshd_config /etc/ssh/sshd_config
|
||||||
|
```
|
||||||
|
|
||||||
### UFW
|
### UFW
|
||||||
|
|
||||||
|
@ -409,7 +438,7 @@ sudo systemctl stop memcached
|
||||||
sudo systemctl disable memcached.service
|
sudo systemctl disable memcached.service
|
||||||
```
|
```
|
||||||
|
|
||||||
* * *
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
## Optional
|
## Optional
|
||||||
|
|
||||||
|
@ -463,7 +492,7 @@ adduser --home /var/www/yourdomain.tld/ --shell /bin/false --ingroup www-data yo
|
||||||
chmod -R g+rw /var/www/yourdomain.tld
|
chmod -R g+rw /var/www/yourdomain.tld
|
||||||
```
|
```
|
||||||
|
|
||||||
* * *
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
### ee-acme-sh
|
### ee-acme-sh
|
||||||
|
|
||||||
|
@ -482,14 +511,13 @@ chmod +x install-ee-acme.sh
|
||||||
source .bashrc
|
source .bashrc
|
||||||
```
|
```
|
||||||
|
|
||||||
* * *
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
### netdata
|
### netdata
|
||||||
|
|
||||||
[Github repository](https://github.com/firehol/netdata)
|
[Github repository](https://github.com/firehol/netdata)
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
|
|
||||||
# save 40-60% of netdata memory
|
# save 40-60% of netdata memory
|
||||||
echo 1 >/sys/kernel/mm/ksm/run
|
echo 1 >/sys/kernel/mm/ksm/run
|
||||||
echo 1000 >/sys/kernel/mm/ksm/sleep_millisecs
|
echo 1000 >/sys/kernel/mm/ksm/sleep_millisecs
|
||||||
|
@ -509,7 +537,7 @@ sudo sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/' /usr/lib/netdata/conf.d/health
|
||||||
service netdata restart
|
service netdata restart
|
||||||
```
|
```
|
||||||
|
|
||||||
* * *
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
### cht.sh (cheat)
|
### cht.sh (cheat)
|
||||||
|
|
||||||
|
@ -545,7 +573,7 @@ root@vps:~ cheat cat
|
||||||
cat -n file
|
cat -n file
|
||||||
```
|
```
|
||||||
|
|
||||||
* * *
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
### nanorc - Improved Nano Syntax Highlighting Files
|
### nanorc - Improved Nano Syntax Highlighting Files
|
||||||
|
|
||||||
|
@ -555,7 +583,7 @@ root@vps:~ cheat cat
|
||||||
wget https://raw.githubusercontent.com/scopatz/nanorc/master/install.sh -qO- | sh
|
wget https://raw.githubusercontent.com/scopatz/nanorc/master/install.sh -qO- | sh
|
||||||
```
|
```
|
||||||
|
|
||||||
* * *
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
### Add WP-CLI & bash-completion for user www-data
|
### Add WP-CLI & bash-completion for user www-data
|
||||||
|
|
||||||
|
@ -573,21 +601,32 @@ cp -f $HOME/ubuntu-nginx-web-server/var/www/.* /var/www/
|
||||||
chown www-data:www-data /var/www/{.profile,.bashrc}
|
chown www-data:www-data /var/www/{.profile,.bashrc}
|
||||||
```
|
```
|
||||||
|
|
||||||
### Custom Nginx error pages
|
## Cleanup previous EasyEngine v3
|
||||||
|
|
||||||
[Github Repository](https://github.com/alexphelps/server-error-pages)
|
### Backup EEv3 configurations and files
|
||||||
|
|
||||||
Installation
|
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# clone the github repository
|
tar -I pigz -cvf $HOME/ee-backup.tar.gz /etc/ee /var/lib/ee /usr/lib/ee/templates
|
||||||
sudo -u www-data -H git clone https://github.com/alexphelps/server-error-pages.git /var/www/error
|
|
||||||
```
|
```
|
||||||
|
|
||||||
Then include this configuration in your nginx vhost by adding the following line
|
### Remove EEv3 configurations and data
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
include common/error_pages.conf;
|
# main ee directories
|
||||||
|
rm -rf /etc/ee /var/lib/ee /usr/lib/ee /usr/local/bin/ee /etc/bash_completion.d/ee_auto.rc
|
||||||
|
|
||||||
|
# python package
|
||||||
|
rm -rf /usr/local/lib/python3.6/dist-packages/ee-3.*
|
||||||
|
```
|
||||||
|
|
||||||
|
### Removing previous php versions
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# php5.6
|
||||||
|
apt-get -y autoremove php5.6-fpm php5.6-common --purge
|
||||||
|
|
||||||
|
# php7.0
|
||||||
|
apt-get -y autoremove php7.0-fpm php7.0-common --purge
|
||||||
```
|
```
|
||||||
|
|
||||||
Published & maintained by [VirtuBox](https://virtubox.net)
|
Published & maintained by [VirtuBox](https://virtubox.net)
|
||||||
|
|
202
docs/README.md
202
docs/README.md
|
@ -1,4 +1,4 @@
|
||||||
# Optimized configuration for Ubuntu server with WordOps
|
# Optimized configuration for WordOps running on Ubuntu server
|
||||||
|
|
||||||
## Server Stack
|
## Server Stack
|
||||||
|
|
||||||
|
@ -12,19 +12,81 @@
|
||||||
- Netdata
|
- Netdata
|
||||||
- UFW
|
- UFW
|
||||||
|
|
||||||
* * *
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
![](https://img.shields.io/github/license/virtubox/ubuntu-nginx-web-server.svg?style=flat) ![last-commit](https://img.shields.io/github/last-commit/virtubox/ubuntu-nginx-web-server.svg?style=flat) ![stars](https://img.shields.io/github/stars/VirtuBox/ubuntu-nginx-web-server.svg?style=flat)
|
![](https://img.shields.io/github/license/virtubox/ubuntu-nginx-web-server.svg?style=flat) ![last-commit](https://img.shields.io/github/last-commit/virtubox/ubuntu-nginx-web-server.svg?style=flat) ![stars](https://img.shields.io/github/stars/VirtuBox/ubuntu-nginx-web-server.svg?style=flat)
|
||||||
|
|
||||||
### Info
|
### Info
|
||||||
|
|
||||||
**As EasyEngine v3 will no longer receive any updates, configurations available in this repository are going to be updated for [WordOps](https://wordops.org/) (EEv3 fork).**
|
**As EasyEngine v3 will no longer receive any updates, configurations available in this repository are being updated for [WordOps](https://wordops.org/) (EEv3 fork).**
|
||||||
|
|
||||||
|
We are currently contributing to WordOps project to include the most part of custom configurations available in this repository
|
||||||
|
|
||||||
All previous configurations are still available in the branch [easyengine-v3](https://github.com/VirtuBox/ubuntu-nginx-web-server/tree/easyengine-v3).
|
All previous configurations are still available in the branch [easyengine-v3](https://github.com/VirtuBox/ubuntu-nginx-web-server/tree/easyengine-v3).
|
||||||
|
|
||||||
To automate WordOps deployement, we have published a bash script [wo-nginx-setup](https://github.com/VirtuBox/wo-nginx-setup).
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
* * *
|
- [Initial configuration](#initial-configuration)
|
||||||
|
|
||||||
|
- [System update and packages cleanup](#system-update-and-packages-cleanup)
|
||||||
|
- [Install useful packages](#install-useful-packages)
|
||||||
|
- [Clone the repository](#clone-the-repository)
|
||||||
|
- [Updating the repository](#updating-the-repository)
|
||||||
|
- [Tweak Kernel & Increase open files limits](#tweak-kernel--increase-open-files-limits)
|
||||||
|
- [disable transparent hugepage for redis](#disable-transparent-hugepage-for-redis)
|
||||||
|
|
||||||
|
- [WordOps Setup](#wordops-setup)
|
||||||
|
|
||||||
|
- [Install MariaDB 10.3](#install-mariadb-103)
|
||||||
|
- [MySQL Tuning](#mysql-tuning)
|
||||||
|
- [Increase MariaDB open files limits](#increase-mariadb-open-files-limits)
|
||||||
|
- [Setup cronjob to optimize your MySQL databases and repair them if needed](#setup-cronjob-to-optimize-your-mysql-databases-and-repair-them-if-needed)
|
||||||
|
|
||||||
|
- [Install WordOps](#install-wordops)
|
||||||
|
|
||||||
|
- [enable wo bash_completion](#enable-wo-bash_completion)
|
||||||
|
- [Install Nginx, php7.2, and configure WO backend](#install-nginx-php72-and-configure-wo-backend)
|
||||||
|
- [Set your email instead of root@localhost](#set-your-email-instead-of-rootlocalhost)
|
||||||
|
- [Install Composer - Fix phpmyadmin install issue](#install-composer---fix-phpmyadmin-install-issue)
|
||||||
|
- [Allow shell for www-data for SFTP usage](#allow-shell-for-www-data-for-sftp-usage)
|
||||||
|
- [Set the proper alternative for /usr/bin/php](#set-the-proper-alternative-for-usrbinphp)
|
||||||
|
|
||||||
|
- [NGINX Configuration](#nginx-configuration)
|
||||||
|
|
||||||
|
- [Additional Nginx configuration (/etc/nginx/conf.d)](#additional-nginx-configuration-etcnginxconfd)
|
||||||
|
- [WO common configuration](#wo-common-configuration)
|
||||||
|
- [Compile last Nginx mainline release with nginx-ee](#compile-last-nginx-mainline-release-with-nginx-ee-scripthttpsgithubcomvirtuboxnginx-ee)
|
||||||
|
- [Custom configurations](#custom-configurations)
|
||||||
|
- [Nginx optimized configurations](#nginx-optimized-configurations-choose-one-of-them)
|
||||||
|
- [Increase Nginx open files limits](#increase-nginx-open-files-limits)
|
||||||
|
|
||||||
|
- [Security](#security)
|
||||||
|
|
||||||
|
- [Harden SSH Security](#harden-ssh-security)
|
||||||
|
- [UFW](#ufw)
|
||||||
|
- [Custom jails for fail2ban](#custom-jails-for-fail2ban)
|
||||||
|
- [Secure Memcached server](#secure-memcached-server)
|
||||||
|
|
||||||
|
- [Optional](#optional)
|
||||||
|
|
||||||
|
- [proftpd](#proftpd)
|
||||||
|
|
||||||
|
- [Install proftpd](#install-proftpd)
|
||||||
|
- [Adding FTP users](#adding-ftp-users)
|
||||||
|
|
||||||
|
- [ee-acme-sh](#ee-acme-sh)
|
||||||
|
- [netdata](#netdata)
|
||||||
|
- [cht.sh (cheat)](#chtsh-cheat)
|
||||||
|
- [nanorc - Improved Nano Syntax Highlighting Files](#nanorc---improved-nano-syntax-highlighting-files)
|
||||||
|
- [Add WP-CLI & bash-completion for user www-data](#add-wp-cli--bash-completion-for-user-www-data)
|
||||||
|
|
||||||
|
- [Cleanup previous EasyEngine v3](#cleanup-previous-easyengine-v3)
|
||||||
|
|
||||||
|
- [Backup EEv3 configurations and files](#backup-eev3-configurations-and-files)
|
||||||
|
- [Remove EEv3 configurations and data](#remove-eev3-configurations-and-data)
|
||||||
|
- [Removing previous php versions](#removing-previous-php-versions)
|
||||||
|
|
||||||
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
Configuration files with comments available by following the link **source**
|
Configuration files with comments available by following the link **source**
|
||||||
|
|
||||||
|
@ -33,7 +95,7 @@ Configuration files with comments available by following the link **source**
|
||||||
### System update and packages cleanup
|
### System update and packages cleanup
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
apt-get update && apt-get upgrade -y && apt-get autoremove --purge -y && apt-get clean
|
apt-get update && apt-get dist-upgrade -y && apt-get autoremove --purge -y && apt-get clean
|
||||||
```
|
```
|
||||||
|
|
||||||
### Install useful packages
|
### Install useful packages
|
||||||
|
@ -48,6 +110,12 @@ sudo apt-get install haveged curl git unzip zip fail2ban htop nload nmon ntp gnu
|
||||||
git clone https://github.com/VirtuBox/ubuntu-nginx-web-server.git $HOME/ubuntu-nginx-web-server
|
git clone https://github.com/VirtuBox/ubuntu-nginx-web-server.git $HOME/ubuntu-nginx-web-server
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Updating the repository
|
||||||
|
|
||||||
|
```bash
|
||||||
|
git -C $HOME/ubuntu-nginx-web-server pull origin master
|
||||||
|
```
|
||||||
|
|
||||||
### Tweak Kernel & Increase open files limits
|
### Tweak Kernel & Increase open files limits
|
||||||
|
|
||||||
[source sysctl.conf](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/sysctl.conf) - [limits.conf source](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/security/limits.conf)
|
[source sysctl.conf](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/sysctl.conf) - [limits.conf source](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/security/limits.conf)
|
||||||
|
@ -86,12 +154,14 @@ sudo bash -c 'echo -e "* hard nofile 500000\n* soft n
|
||||||
echo never > /sys/kernel/mm/transparent_hugepage/enabled
|
echo never > /sys/kernel/mm/transparent_hugepage/enabled
|
||||||
```
|
```
|
||||||
|
|
||||||
* * *
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
## EasyEngine Setup
|
## WordOps Setup
|
||||||
|
|
||||||
### Install MariaDB 10.3
|
### Install MariaDB 10.3
|
||||||
|
|
||||||
|
**WordOps already install MariaDB 10.3 by default, so this section isn't needed anymore**
|
||||||
|
|
||||||
Instructions available in [VirtuBox Knowledgebase](https://kb.virtubox.net/knowledgebase/install-latest-mariadb-release-easyengine/)
|
Instructions available in [VirtuBox Knowledgebase](https://kb.virtubox.net/knowledgebase/install-latest-mariadb-release-easyengine/)
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
|
@ -153,7 +223,7 @@ Then add the following cronjob
|
||||||
# noninteractive install - you can replace $USER with your username & root@$HOSTNAME by your email
|
# noninteractive install - you can replace $USER with your username & root@$HOSTNAME by your email
|
||||||
sudo bash -c 'echo -e "[user]\n\tname = $USER\n\temail = root@$HOSTNAME" > $HOME/.gitconfig'
|
sudo bash -c 'echo -e "[user]\n\tname = $USER\n\temail = root@$HOSTNAME" > $HOME/.gitconfig'
|
||||||
|
|
||||||
wget -qO wo https://raw.githubusercontent.com/WordOps/WordOps/master/install && sudo bash wo
|
wget -qO wo wordops.se/tup && sudo bash wo
|
||||||
```
|
```
|
||||||
|
|
||||||
### enable wo bash_completion
|
### enable wo bash_completion
|
||||||
|
@ -162,10 +232,11 @@ wget -qO wo https://raw.githubusercontent.com/WordOps/WordOps/master/install &&
|
||||||
source /etc/bash_completion.d/wo_auto.rc
|
source /etc/bash_completion.d/wo_auto.rc
|
||||||
```
|
```
|
||||||
|
|
||||||
### Install Nginx, php7.2, and configure WO backend
|
### Install Nginx, php7.2, php7.3, and configure WO backend
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
wo stack install
|
wo stack install
|
||||||
|
wo stack install --php73 --admin
|
||||||
```
|
```
|
||||||
|
|
||||||
### Set your email instead of root@localhost
|
### Set your email instead of root@localhost
|
||||||
|
@ -192,53 +263,9 @@ sudo -u www-data -H composer update -d /var/www/22222/htdocs/db/pma/
|
||||||
usermod -s /bin/bash www-data
|
usermod -s /bin/bash www-data
|
||||||
```
|
```
|
||||||
|
|
||||||
## PHP 7.1 - 7.2 - 7.3 Setup
|
## Install PHP
|
||||||
|
|
||||||
### Install php7.1-fpm
|
This section has been removed because WordOps already install PHP 7.2 & PHP 7.3 by default
|
||||||
|
|
||||||
```bash
|
|
||||||
# php7.1-fpm
|
|
||||||
apt update && apt install php7.1-fpm php7.1-cli php7.1-zip php7.1-opcache php7.1-mysql php7.1-mcrypt php7.1-mbstring php7.1-json php7.1-intl \
|
|
||||||
php7.1-gd php7.1-curl php7.1-bz2 php7.1-xml php7.1-tidy php7.1-soap php7.1-bcmath -y php7.1-xsl
|
|
||||||
|
|
||||||
# copy php-fpm pools & php.ini configuration
|
|
||||||
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.1/fpm/* /etc/php/7.1/fpm/
|
|
||||||
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.1/cli/* /etc/php/7.1/cli/
|
|
||||||
service php7.1-fpm restart
|
|
||||||
|
|
||||||
git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.1 configuration"
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
### Install php7.2-fpm
|
|
||||||
|
|
||||||
```bash
|
|
||||||
# php7.2-fpm
|
|
||||||
apt update && apt install php7.2-fpm php7.2-xml php7.2-bz2 php7.2-zip php7.2-mysql php7.2-intl php7.2-gd php7.2-curl php7.2-soap php7.2-mbstring php7.2-bcmath -y
|
|
||||||
|
|
||||||
# copy php-fpm pools & php.ini configuration
|
|
||||||
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.2/fpm/* /etc/php/7.2/fpm/
|
|
||||||
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.2/cli/* /etc/php/7.2/cli/
|
|
||||||
service php7.2-fpm restart
|
|
||||||
|
|
||||||
git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.2 configuration"
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
### Install php7.3-fpm
|
|
||||||
|
|
||||||
```bash
|
|
||||||
# php7.3-fpm
|
|
||||||
apt update && apt install php7.3-fpm php7.3-xml php7.3-bz2 php7.3-zip php7.3-mysql php7.3-intl php7.3-gd php7.3-curl php7.3-soap php7.3-mbstring php7.3-bcmath -y
|
|
||||||
|
|
||||||
# copy php-fpm pools & php.ini configuration
|
|
||||||
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.3/fpm/* /etc/php/7.3/fpm/
|
|
||||||
cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.3/cli/* /etc/php/7.3/cli/
|
|
||||||
service php7.3-fpm restart
|
|
||||||
|
|
||||||
git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.3 configuration"
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
### Set the proper alternative for /usr/bin/php
|
### Set the proper alternative for /usr/bin/php
|
||||||
|
|
||||||
|
@ -267,9 +294,6 @@ Then you can check php version with command `php -v`
|
||||||
|
|
||||||
### Additional Nginx configuration (/etc/nginx/conf.d)
|
### Additional Nginx configuration (/etc/nginx/conf.d)
|
||||||
|
|
||||||
- New upstreams (php7.1, php7.2, php7.3, netdata and php via unix socket) : upstream.conf
|
|
||||||
- webp image mapping : webp.conf
|
|
||||||
- new fastcgi_cache_bypass mapping for wordpress : map-wp-fastcgi-cache.conf
|
|
||||||
- stub_status configuration on 127.0.0.1:80 : stub_status.conf
|
- stub_status configuration on 127.0.0.1:80 : stub_status.conf
|
||||||
- restore visitor real IP under Cloudflare : cloudflare.conf
|
- restore visitor real IP under Cloudflare : cloudflare.conf
|
||||||
|
|
||||||
|
@ -283,8 +307,6 @@ git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update conf.
|
||||||
|
|
||||||
### WO common configuration
|
### WO common configuration
|
||||||
|
|
||||||
- mitigate WordPress DoS attack (wpcommon-phpX.conf)
|
|
||||||
- webp image conditional rewrite (wpcommon-phpX.conf)
|
|
||||||
- additional directives to prevent hack (locations-phpX.conf)
|
- additional directives to prevent hack (locations-phpX.conf)
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
|
@ -294,17 +316,19 @@ cp -rf $HOME/ubuntu-nginx-web-server/etc/nginx/common/* /etc/nginx/common/
|
||||||
git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update common configurations"
|
git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update common configurations"
|
||||||
```
|
```
|
||||||
|
|
||||||
### Compile last Nginx mainline release with [nginx-ee script](https://github.com/VirtuBox/nginx-ee)
|
### Compile the latest Nginx release with [nginx-ee](https://github.com/VirtuBox/nginx-ee)
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
bash <(wget -O - virtubox.net/nginx-ee || curl -sL virtubox.net/nginx-ee)
|
bash <(wget -O - virtubox.net/nginx-ee || curl -sL virtubox.net/nginx-ee)
|
||||||
```
|
```
|
||||||
|
|
||||||
* * *
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
## Custom configurations
|
## Custom configurations
|
||||||
|
|
||||||
### Nginx optimized configurations (choose one of them)
|
### Nginx optimized configurations
|
||||||
|
|
||||||
|
Choose one of them
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# TLSv1.2 TLSv1.3 only (recommended)
|
# TLSv1.2 TLSv1.3 only (recommended)
|
||||||
|
@ -315,7 +339,9 @@ cp -f $HOME/ubuntu-nginx-web-server/etc/nginx/nginx.conf /etc/nginx/nginx-interm
|
||||||
|
|
||||||
# TLSv1.2 only
|
# TLSv1.2 only
|
||||||
cp -f $HOME/ubuntu-nginx-web-server/etc/nginx/nginx.conf /etc/nginx/nginx-tlsv12.conf
|
cp -f $HOME/ubuntu-nginx-web-server/etc/nginx/nginx.conf /etc/nginx/nginx-tlsv12.conf
|
||||||
|
```
|
||||||
|
|
||||||
|
```bash
|
||||||
# commit change with git
|
# commit change with git
|
||||||
git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update nginx.conf configurations"
|
git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update nginx.conf configurations"
|
||||||
```
|
```
|
||||||
|
@ -340,15 +366,17 @@ sudo systemctl daemon-reload
|
||||||
sudo systemctl restart nginx.service
|
sudo systemctl restart nginx.service
|
||||||
```
|
```
|
||||||
|
|
||||||
* * *
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
## Security
|
## Security
|
||||||
|
|
||||||
### Harden SSH Security
|
### Harden SSH Security
|
||||||
|
|
||||||
WARNING : SSH Configuration with root login allowed using SSH keys only [source](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/ssh/sshd_config)
|
WARNING : SSH Configuration with root login allowed using SSH keys only [source](https://github.com/VirtuBox/ubuntu-nginx-web-server/blob/master/etc/ssh/sshd_config)
|
||||||
|
|
||||||
cp -f $HOME/ubuntu-nginx-web-server/etc/ssh/sshd_config /etc/ssh/sshd_config
|
```
|
||||||
|
cp -f $HOME/ubuntu-nginx-web-server/etc/ssh/sshd_config /etc/ssh/sshd_config
|
||||||
|
```
|
||||||
|
|
||||||
### UFW
|
### UFW
|
||||||
|
|
||||||
|
@ -409,7 +437,7 @@ sudo systemctl stop memcached
|
||||||
sudo systemctl disable memcached.service
|
sudo systemctl disable memcached.service
|
||||||
```
|
```
|
||||||
|
|
||||||
* * *
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
## Optional
|
## Optional
|
||||||
|
|
||||||
|
@ -463,7 +491,7 @@ adduser --home /var/www/yourdomain.tld/ --shell /bin/false --ingroup www-data yo
|
||||||
chmod -R g+rw /var/www/yourdomain.tld
|
chmod -R g+rw /var/www/yourdomain.tld
|
||||||
```
|
```
|
||||||
|
|
||||||
* * *
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
### ee-acme-sh
|
### ee-acme-sh
|
||||||
|
|
||||||
|
@ -482,14 +510,13 @@ chmod +x install-ee-acme.sh
|
||||||
source .bashrc
|
source .bashrc
|
||||||
```
|
```
|
||||||
|
|
||||||
* * *
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
### netdata
|
### netdata
|
||||||
|
|
||||||
[Github repository](https://github.com/firehol/netdata)
|
[Github repository](https://github.com/firehol/netdata)
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
|
|
||||||
# save 40-60% of netdata memory
|
# save 40-60% of netdata memory
|
||||||
echo 1 >/sys/kernel/mm/ksm/run
|
echo 1 >/sys/kernel/mm/ksm/run
|
||||||
echo 1000 >/sys/kernel/mm/ksm/sleep_millisecs
|
echo 1000 >/sys/kernel/mm/ksm/sleep_millisecs
|
||||||
|
@ -509,7 +536,7 @@ sudo sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/' /usr/lib/netdata/conf.d/health
|
||||||
service netdata restart
|
service netdata restart
|
||||||
```
|
```
|
||||||
|
|
||||||
* * *
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
### cht.sh (cheat)
|
### cht.sh (cheat)
|
||||||
|
|
||||||
|
@ -545,7 +572,7 @@ root@vps:~ cheat cat
|
||||||
cat -n file
|
cat -n file
|
||||||
```
|
```
|
||||||
|
|
||||||
* * *
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
### nanorc - Improved Nano Syntax Highlighting Files
|
### nanorc - Improved Nano Syntax Highlighting Files
|
||||||
|
|
||||||
|
@ -555,7 +582,7 @@ root@vps:~ cheat cat
|
||||||
wget https://raw.githubusercontent.com/scopatz/nanorc/master/install.sh -qO- | sh
|
wget https://raw.githubusercontent.com/scopatz/nanorc/master/install.sh -qO- | sh
|
||||||
```
|
```
|
||||||
|
|
||||||
* * *
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
### Add WP-CLI & bash-completion for user www-data
|
### Add WP-CLI & bash-completion for user www-data
|
||||||
|
|
||||||
|
@ -573,21 +600,32 @@ cp -f $HOME/ubuntu-nginx-web-server/var/www/.* /var/www/
|
||||||
chown www-data:www-data /var/www/{.profile,.bashrc}
|
chown www-data:www-data /var/www/{.profile,.bashrc}
|
||||||
```
|
```
|
||||||
|
|
||||||
### Custom Nginx error pages
|
## Cleanup previous EasyEngine v3
|
||||||
|
|
||||||
[Github Repository](https://github.com/alexphelps/server-error-pages)
|
### Backup EEv3 configurations and files
|
||||||
|
|
||||||
Installation
|
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# clone the github repository
|
tar -I pigz -cvf $HOME/ee-backup.tar.gz /etc/ee /var/lib/ee /usr/lib/ee/templates
|
||||||
sudo -u www-data -H git clone https://github.com/alexphelps/server-error-pages.git /var/www/error
|
|
||||||
```
|
```
|
||||||
|
|
||||||
Then include this configuration in your nginx vhost by adding the following line
|
### Remove EEv3 configurations and data
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
include common/error_pages.conf;
|
# main ee directories
|
||||||
|
rm -rf /etc/ee /var/lib/ee /usr/lib/ee /usr/local/bin/ee /etc/bash_completion.d/ee_auto.rc
|
||||||
|
|
||||||
|
# python package
|
||||||
|
rm -rf /usr/local/lib/python3.6/dist-packages/ee-3.*
|
||||||
|
```
|
||||||
|
|
||||||
|
### Removing previous php versions
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# php5.6
|
||||||
|
apt-get -y autoremove php5.6-fpm php5.6-common --purge
|
||||||
|
|
||||||
|
# php7.0
|
||||||
|
apt-get -y autoremove php7.0-fpm php7.0-common --purge
|
||||||
```
|
```
|
||||||
|
|
||||||
Published & maintained by [VirtuBox](https://virtubox.net)
|
Published & maintained by [VirtuBox](https://virtubox.net)
|
||||||
|
|
|
@ -0,0 +1,12 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# update wp-cli
|
||||||
|
[ -x /usr/bin/wp ] && {
|
||||||
|
/usr/bin/wp cli update --yes --allow-root
|
||||||
|
} > /dev/null 2>&1
|
||||||
|
|
||||||
|
# optimize mysql databases
|
||||||
|
if [ -x /usr/bin/mysqlcheck ] && [ -f /root/.my.cnf ]; then
|
||||||
|
/usr/bin/mysqlcheck -Aos --auto-repair > /dev/null 2>&1
|
||||||
|
fi
|
||||||
|
|
|
@ -1,16 +0,0 @@
|
||||||
error_page 400 /400-error.html;
|
|
||||||
error_page 401 /401-error.html;
|
|
||||||
error_page 403 /403-error.html;
|
|
||||||
error_page 404 /404-error.html;
|
|
||||||
error_page 500 /500-error.html;
|
|
||||||
error_page 503 /503-error.html;
|
|
||||||
error_page 504 /504-error.html;
|
|
||||||
|
|
||||||
location ~ /(.*)-error.html {
|
|
||||||
try_files $1-error.html @error;
|
|
||||||
internal;
|
|
||||||
}
|
|
||||||
|
|
||||||
location @error {
|
|
||||||
root /var/www/error/_site;
|
|
||||||
}
|
|
|
@ -1,4 +1,3 @@
|
||||||
##OCSP settings
|
##OCSP settings
|
||||||
ssl_stapling on;
|
|
||||||
ssl_stapling_verify on;
|
ssl_stapling_verify on;
|
||||||
#ssl_trusted_certificate /etc/ssl/private/ocsp-certs.pem; # <- Add signing certs here
|
#ssl_trusted_certificate /etc/ssl/private/ocsp-certs.pem; # <- Add signing certs here
|
||||||
|
|
|
@ -1,10 +0,0 @@
|
||||||
# PHP NGINX CONFIGURATION
|
|
||||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
|
||||||
location / {
|
|
||||||
try_files $uri $uri/ /index.php?$args;
|
|
||||||
}
|
|
||||||
location ~ \.php$ {
|
|
||||||
try_files $uri =404;
|
|
||||||
include fastcgi_params;
|
|
||||||
fastcgi_pass php72-tcp;
|
|
||||||
}
|
|
|
@ -1,10 +0,0 @@
|
||||||
# PHP NGINX CONFIGURATION
|
|
||||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
|
||||||
location / {
|
|
||||||
try_files $uri $uri/ /index.php$is_args$args;
|
|
||||||
}
|
|
||||||
location ~ \.php$ {
|
|
||||||
try_files $uri =404;
|
|
||||||
include fastcgi_params;
|
|
||||||
fastcgi_pass php73;
|
|
||||||
}
|
|
|
@ -1,56 +0,0 @@
|
||||||
# Redis NGINX CONFIGURATION
|
|
||||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
|
||||||
set $skip_cache 0;
|
|
||||||
# POST requests and URL with a query string should always go to php
|
|
||||||
if ($request_method = POST) {
|
|
||||||
set $skip_cache 1;
|
|
||||||
}
|
|
||||||
if ($query_string != "") {
|
|
||||||
set $skip_cache 1;
|
|
||||||
}
|
|
||||||
# Don't cache URL containing the following segments
|
|
||||||
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") {
|
|
||||||
set $skip_cache 1;
|
|
||||||
}
|
|
||||||
# Don't use the cache for logged in users or recent commenter or customer with items in cart
|
|
||||||
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") {
|
|
||||||
set $skip_cache 1;
|
|
||||||
}
|
|
||||||
# Use cached or actual file if they exists, Otherwise pass request to WordPress
|
|
||||||
location / {
|
|
||||||
try_files $uri $uri/ /index.php$is_args$args;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /redis-fetch {
|
|
||||||
internal ;
|
|
||||||
set $redis_key $args;
|
|
||||||
redis_pass redis;
|
|
||||||
}
|
|
||||||
location /redis-store {
|
|
||||||
internal ;
|
|
||||||
set_unescape_uri $key $arg_key ;
|
|
||||||
redis2_query set $key $echo_request_body;
|
|
||||||
redis2_query expire $key 14400;
|
|
||||||
redis2_pass redis;
|
|
||||||
}
|
|
||||||
|
|
||||||
location ~ \.php$ {
|
|
||||||
set $key "nginx-cache:$scheme$request_method$host$request_uri";
|
|
||||||
try_files $uri =404;
|
|
||||||
|
|
||||||
srcache_fetch_skip $skip_cache;
|
|
||||||
srcache_store_skip $skip_cache;
|
|
||||||
|
|
||||||
srcache_response_cache_control off;
|
|
||||||
|
|
||||||
set_escape_uri $escaped_key $key;
|
|
||||||
|
|
||||||
srcache_fetch GET /redis-fetch $key;
|
|
||||||
srcache_store PUT /redis-store key=$escaped_key;
|
|
||||||
|
|
||||||
more_set_headers 'X-SRCache-Fetch-Status $srcache_fetch_status';
|
|
||||||
more_set_headers 'X-SRCache-Store-Status $srcache_store_status';
|
|
||||||
|
|
||||||
include fastcgi_params;
|
|
||||||
fastcgi_pass php72;
|
|
||||||
}
|
|
|
@ -1,31 +0,0 @@
|
||||||
|
|
||||||
# W3TC NGINX CONFIGURATION
|
|
||||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
|
||||||
set $cache_uri $request_uri;
|
|
||||||
# POST requests and URL with a query string should always go to php
|
|
||||||
if ($request_method = POST) {
|
|
||||||
set $cache_uri 'null cache';
|
|
||||||
}
|
|
||||||
if ($query_string != "") {
|
|
||||||
set $cache_uri 'null cache';
|
|
||||||
}
|
|
||||||
# Don't cache URL containing the following segments
|
|
||||||
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") {
|
|
||||||
set $cache_uri 'null cache';
|
|
||||||
}
|
|
||||||
# Don't use the cache for logged in users or recent commenter or customer with items in cart
|
|
||||||
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") {
|
|
||||||
set $cache_uri 'null cache';
|
|
||||||
}
|
|
||||||
# Use cached or actual file if they exists, Otherwise pass request to WordPress
|
|
||||||
location / {
|
|
||||||
try_files /wp-content/cache/page_enhanced/${host}${cache_uri}_index.html $uri $uri/ /index.php$is_args$args;
|
|
||||||
}
|
|
||||||
location ~ ^/wp-content/cache/minify/(.+\.(css|js))$ {
|
|
||||||
try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1;
|
|
||||||
}
|
|
||||||
location ~ \.php$ {
|
|
||||||
try_files $uri =404;
|
|
||||||
include fastcgi_params;
|
|
||||||
fastcgi_pass php72;
|
|
||||||
}
|
|
|
@ -1,25 +0,0 @@
|
||||||
# wordpress fastcgi cache configuration
|
|
||||||
|
|
||||||
add_header X-fastcgi-cache $upstream_cache_status;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
try_files $uri $uri/ /index.php$is_args$args;
|
|
||||||
}
|
|
||||||
|
|
||||||
location ~ \.php$ {
|
|
||||||
try_files $uri =404;
|
|
||||||
include fastcgi_params;
|
|
||||||
fastcgi_pass php72;
|
|
||||||
|
|
||||||
fastcgi_cache_bypass $skip_cache;
|
|
||||||
fastcgi_no_cache $skip_cache;
|
|
||||||
|
|
||||||
fastcgi_cache WORDPRESS;
|
|
||||||
fastcgi_cache_valid 200 60m;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
location ~ /purge(/.*) {
|
|
||||||
fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1";
|
|
||||||
access_log off;
|
|
||||||
}
|
|
|
@ -1,37 +0,0 @@
|
||||||
# WPFC NGINX CONFIGURATION
|
|
||||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
|
||||||
set $skip_cache 0;
|
|
||||||
# POST requests and URL with a query string should always go to php
|
|
||||||
if ($request_method = POST) {
|
|
||||||
set $skip_cache 1;
|
|
||||||
}
|
|
||||||
if ($query_string != "") {
|
|
||||||
set $skip_cache 1;
|
|
||||||
}
|
|
||||||
# Don't cache URL containing the following segments
|
|
||||||
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") {
|
|
||||||
set $skip_cache 1;
|
|
||||||
}
|
|
||||||
# Don't use the cache for logged in users or recent commenter or customer with items in cart
|
|
||||||
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") {
|
|
||||||
set $skip_cache 1;
|
|
||||||
}
|
|
||||||
# Use cached or actual file if they exists, Otherwise pass request to WordPress
|
|
||||||
location / {
|
|
||||||
try_files $uri $uri/ /index.php$is_args$args;
|
|
||||||
}
|
|
||||||
location ~ ^/wp-content/cache/minify/(.+\.(css|js))$ {
|
|
||||||
try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1;
|
|
||||||
}
|
|
||||||
location ~ \.php$ {
|
|
||||||
try_files $uri =404;
|
|
||||||
include fastcgi_params;
|
|
||||||
fastcgi_pass php72;
|
|
||||||
fastcgi_cache_bypass $skip_cache;
|
|
||||||
fastcgi_no_cache $skip_cache;
|
|
||||||
fastcgi_cache WORDPRESS;
|
|
||||||
}
|
|
||||||
location ~ /purge(/.*) {
|
|
||||||
fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1";
|
|
||||||
access_log off;
|
|
||||||
}
|
|
|
@ -1,31 +0,0 @@
|
||||||
# WPSC NGINX CONFIGURATION
|
|
||||||
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
|
|
||||||
set $cache_uri $request_uri;
|
|
||||||
# POST requests and URL with a query string should always go to php
|
|
||||||
if ($request_method = POST) {
|
|
||||||
set $cache_uri 'null cache';
|
|
||||||
}
|
|
||||||
if ($query_string != "") {
|
|
||||||
set $cache_uri 'null cache';
|
|
||||||
}
|
|
||||||
# Don't cache URL containing the following segments
|
|
||||||
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|wp-.*\.php|index.php|/feed/|.*sitemap.*\.xml)") {
|
|
||||||
set $cache_uri 'null cache';
|
|
||||||
}
|
|
||||||
# Don't use the cache for logged in users or recent commenter or customer with items in cart
|
|
||||||
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart") {
|
|
||||||
set $cache_uri 'null cache';
|
|
||||||
}
|
|
||||||
# Use cached or actual file if they exists, Otherwise pass request to WordPress
|
|
||||||
location / {
|
|
||||||
# If we add index.php?$args its break WooCommerce like plugins
|
|
||||||
# Ref: #330
|
|
||||||
try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php;
|
|
||||||
}
|
|
||||||
location ~ \.php$ {
|
|
||||||
try_files $uri =404;
|
|
||||||
include fastcgi_params;
|
|
||||||
fastcgi_pass php72;
|
|
||||||
# Following line is needed by WP Super Cache plugin
|
|
||||||
fastcgi_param SERVER_NAME $http_host;
|
|
||||||
}
|
|
|
@ -19,5 +19,5 @@ fastcgi_cache_lock on;
|
||||||
fastcgi_cache_lock_age 1s;
|
fastcgi_cache_lock_age 1s;
|
||||||
fastcgi_cache_lock_timeout 3s;
|
fastcgi_cache_lock_timeout 3s;
|
||||||
|
|
||||||
# comment the following line if you run nginx < 1.15.6
|
# uncomment the following line if you run nginx 1.15.6 or earlier
|
||||||
fastcgi_socket_keepalive on;
|
# fastcgi_socket_keepalive on;
|
||||||
|
|
|
@ -1,36 +0,0 @@
|
||||||
map $http_x_requested_with $http_request_no_cache {
|
|
||||||
default 0;
|
|
||||||
XMLHttpRequest 1;
|
|
||||||
}
|
|
||||||
map $http_cookie $cookie_no_cache {
|
|
||||||
default 0;
|
|
||||||
"~*wordpress_[a-f0-9]+" 1;
|
|
||||||
"~*wp-postpass" 1;
|
|
||||||
"~*wordpress_logged_in" 1;
|
|
||||||
"~*wordpress_no_cache" 1;
|
|
||||||
"~*comment_author" 1;
|
|
||||||
"~*woocommerce_items_in_cart" 1;
|
|
||||||
"~*woocommerce_cart_hash" 1;
|
|
||||||
"~*wptouch_switch_toogle" 1;
|
|
||||||
"~*comment_author_email_" 1;
|
|
||||||
}
|
|
||||||
map $request_uri $uri_no_cache {
|
|
||||||
default 0;
|
|
||||||
"~*/wp-admin/" 1;
|
|
||||||
"~*/wp-[a-zA-Z0-9-]+.php" 1;
|
|
||||||
"~*/feed/" 1;
|
|
||||||
"~*/index.php" 1;
|
|
||||||
"~*/[a-z0-9_-]+-sitemap([0-9]+)?.xml" 1;
|
|
||||||
"~*/sitemap(_index)?.xml" 1;
|
|
||||||
"~*/wp-comments-popup.php" 1;
|
|
||||||
"~*/wp-links-opml.php" 1;
|
|
||||||
"~*/xmlrpc.php" 1;
|
|
||||||
}
|
|
||||||
map $is_args $query_no_cache {
|
|
||||||
default 1;
|
|
||||||
"" 0;
|
|
||||||
}
|
|
||||||
map $http_request_no_cache$cookie_no_cache$uri_no_cache$query_no_cache $skip_cache {
|
|
||||||
default 1;
|
|
||||||
0000 0;
|
|
||||||
}
|
|
|
@ -1,8 +1,5 @@
|
||||||
upstream phpstatus {
|
upstream phpstatus {
|
||||||
server 127.0.0.1:9000;
|
|
||||||
server unix:/run/php/php7.2-fpm.sock;
|
server unix:/run/php/php7.2-fpm.sock;
|
||||||
server 127.0.0.1:9090;
|
|
||||||
server unix:/run/php72-fpm.sock;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
|
|
|
@ -1,91 +0,0 @@
|
||||||
# Common upstream settings
|
|
||||||
# php5.6 & php7.0 are replaced by php7.2
|
|
||||||
|
|
||||||
##################
|
|
||||||
# php5.6-fpm
|
|
||||||
##################
|
|
||||||
|
|
||||||
upstream php {
|
|
||||||
least_conn;
|
|
||||||
|
|
||||||
server unix:/var/run/php/php72-fpm.sock;
|
|
||||||
server unix:/var/run/php/php72-sock-two-fpm.sock;
|
|
||||||
|
|
||||||
keepalive 5;
|
|
||||||
}
|
|
||||||
|
|
||||||
upstream debug {
|
|
||||||
# Debug Pool
|
|
||||||
server 127.0.0.1:9001;
|
|
||||||
}
|
|
||||||
|
|
||||||
##################
|
|
||||||
# php7.0-fpm
|
|
||||||
##################
|
|
||||||
|
|
||||||
# load-balancing on unix socket
|
|
||||||
upstream php7 {
|
|
||||||
least_conn;
|
|
||||||
|
|
||||||
server unix:/var/run/php/php72-fpm.sock;
|
|
||||||
server unix:/var/run/php/php72-sock-two-fpm.sock;
|
|
||||||
|
|
||||||
keepalive 5;
|
|
||||||
}
|
|
||||||
|
|
||||||
##################
|
|
||||||
# php7.2-fpm
|
|
||||||
##################
|
|
||||||
|
|
||||||
# load-balancing on unix socket
|
|
||||||
upstream php72 {
|
|
||||||
least_conn;
|
|
||||||
|
|
||||||
server unix:/var/run/php/php72-sock-fpm.sock;
|
|
||||||
server unix:/var/run/php/php72-sock-two-fpm.sock;
|
|
||||||
|
|
||||||
keepalive 5;
|
|
||||||
}
|
|
||||||
|
|
||||||
# PHP 7.2 debug
|
|
||||||
upstream debug72 {
|
|
||||||
# Debug Pool
|
|
||||||
server 127.0.0.1:9172;
|
|
||||||
}
|
|
||||||
|
|
||||||
##################
|
|
||||||
# php7.3-fpm
|
|
||||||
##################
|
|
||||||
|
|
||||||
# load-balancing on unix socket
|
|
||||||
upstream php73 {
|
|
||||||
least_conn;
|
|
||||||
|
|
||||||
server unix:/var/run/php/php73-sock-fpm.sock;
|
|
||||||
server unix:/var/run/php/php73-sock-two-fpm.sock;
|
|
||||||
|
|
||||||
keepalive 5;
|
|
||||||
}
|
|
||||||
|
|
||||||
upstream debug73 {
|
|
||||||
# Debug Pool
|
|
||||||
server 127.0.0.1:9173;
|
|
||||||
}
|
|
||||||
|
|
||||||
##################
|
|
||||||
# redis
|
|
||||||
##################
|
|
||||||
|
|
||||||
upstream redis {
|
|
||||||
server 127.0.0.1:6379;
|
|
||||||
keepalive 10;
|
|
||||||
}
|
|
||||||
|
|
||||||
##################
|
|
||||||
# netdata
|
|
||||||
##################
|
|
||||||
|
|
||||||
upstream netdata {
|
|
||||||
server 127.0.0.1:19999;
|
|
||||||
keepalive 64;
|
|
||||||
}
|
|
|
@ -1,4 +0,0 @@
|
||||||
map $http_accept $webp_suffix {
|
|
||||||
default "";
|
|
||||||
"~*webp" ".webp";
|
|
||||||
}
|
|
|
@ -33,7 +33,7 @@ http
|
||||||
|
|
||||||
server_tokens off;
|
server_tokens off;
|
||||||
reset_timedout_connection on;
|
reset_timedout_connection on;
|
||||||
add_header X-Powered-By "EasyEngine v3.8.1 - Optimized by VirtuBox";
|
add_header X-Powered-By "WordOps v3.9.4 - Optimized by VirtuBox";
|
||||||
add_header rt-Fastcgi-Cache $upstream_cache_status;
|
add_header rt-Fastcgi-Cache $upstream_cache_status;
|
||||||
|
|
||||||
# Limit Request
|
# Limit Request
|
||||||
|
@ -99,7 +99,6 @@ http
|
||||||
more_set_headers "X-Content-Type-Options : nosniff";
|
more_set_headers "X-Content-Type-Options : nosniff";
|
||||||
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
|
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
|
||||||
more_set_headers "X-Download-Options : noopen";
|
more_set_headers "X-Download-Options : noopen";
|
||||||
add_header Feature-Policy "geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;";
|
|
||||||
|
|
||||||
##
|
##
|
||||||
# Basic Settings
|
# Basic Settings
|
||||||
|
@ -150,4 +149,3 @@ http
|
||||||
include /etc/nginx/conf.d/*.conf;
|
include /etc/nginx/conf.d/*.conf;
|
||||||
include /etc/nginx/sites-enabled/*;
|
include /etc/nginx/sites-enabled/*;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -34,7 +34,7 @@ http
|
||||||
|
|
||||||
server_tokens off;
|
server_tokens off;
|
||||||
reset_timedout_connection on;
|
reset_timedout_connection on;
|
||||||
add_header X-Powered-By "EasyEngine v3.8.1 - Optimized by VirtuBox";
|
add_header X-Powered-By "WordOps v3.9.4 - Optimized by VirtuBox";
|
||||||
add_header rt-Fastcgi-Cache $upstream_cache_status;
|
add_header rt-Fastcgi-Cache $upstream_cache_status;
|
||||||
|
|
||||||
# Limit Request
|
# Limit Request
|
||||||
|
@ -97,7 +97,7 @@ http
|
||||||
more_set_headers "X-Content-Type-Options : nosniff";
|
more_set_headers "X-Content-Type-Options : nosniff";
|
||||||
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
|
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
|
||||||
more_set_headers "X-Download-Options : noopen";
|
more_set_headers "X-Download-Options : noopen";
|
||||||
add_header Feature-Policy "geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;";
|
|
||||||
##
|
##
|
||||||
# Basic Settings
|
# Basic Settings
|
||||||
##
|
##
|
||||||
|
|
|
@ -35,7 +35,7 @@ http
|
||||||
|
|
||||||
server_tokens off;
|
server_tokens off;
|
||||||
reset_timedout_connection on;
|
reset_timedout_connection on;
|
||||||
add_header X-Powered-By "EasyEngine v3.8.1 - Optimized by VirtuBox";
|
add_header X-Powered-By "WordOps v3.9.4 - Optimized by VirtuBox";
|
||||||
add_header rt-Fastcgi-Cache $upstream_cache_status;
|
add_header rt-Fastcgi-Cache $upstream_cache_status;
|
||||||
|
|
||||||
# Limit Request
|
# Limit Request
|
||||||
|
@ -106,8 +106,7 @@ http
|
||||||
more_set_headers "X-Content-Type-Options : nosniff";
|
more_set_headers "X-Content-Type-Options : nosniff";
|
||||||
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
|
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
|
||||||
more_set_headers "X-Download-Options : noopen";
|
more_set_headers "X-Download-Options : noopen";
|
||||||
add_header Feature-Policy "geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;";
|
|
||||||
|
|
||||||
##
|
##
|
||||||
# Basic Settings
|
# Basic Settings
|
||||||
##
|
##
|
||||||
|
|
Loading…
Reference in New Issue