Skip to content

Instantly share code, notes, and snippets.

@phsacramento

phsacramento/1 - Setup.sh

Created July 24, 2013 18:35
Show Gist options
  • Save phsacramento/6073201 to your computer and use it in GitHub Desktop.
Save phsacramento/6073201 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
1 - Setup.sh
##
# Ubuntu Server 12.04 64bits
# Automatiza o acesso SSH
# Oh my ZSH
# Shorewall
# PostFix (Enviar e-mails)
# Memcached
# Redis
# Varnish
##
#### 1 - Automatiza o acesso SSH?
# Checa se tem a pasta .ssh
ssh $USER@$IPSERVER
mkdir ~/.ssh
exit
# Adiciona o acesso ao servidor remoto
cat ~/.ssh/id_rsa.pub | ssh [email protected] 'cat >> ~/.ssh/authorized_keys'
# Previne Broken Pipe no SSH
echo "ServerAliveInterval 60" >> ~/.ssh/config
ssh $USER@$IPSERVER
vim /etc/ssh/sshd_config
# ALTERAR
# TCPKeepAlive yes
#
# ADICIONAR
# ClientAliveInterval 60
#### 2 - Atualização do Sistema
sudo su
aptitude update
aptitude upgrade
aptitude dist-upgrade
# Fixa problemas com linguagens
export LANGUAGE=pt_BR.UTF-8
export LANG=pt_BR.UTF-8
export LC_ALL=pt_BR.UTF-8
locale-gen en_US.UTF-8
locale-gen pt_BR.UTF-8
apt-get install locales
dpkg-reconfigure locales
# O básico de cada dia
aptitude install build-essential wget curl ssh zsh git git-core -y openssl libssl-dev g++ pkg-config zip
##### 3 - Oh my ZSH
wget --no-check-certificate https://github.com/robbyrussell/oh-my-zsh/raw/master/tools/install.sh -O - | sh
# Seta zsh como default
chsh -s /bin/zsh
zsh
# Arquivo de configuração
# ~/.zshrc
##### 4 - Shorewall
aptitude install shorewall
vim /etc/default/shorewall
# ALTERAR
# startup=1
sudo cp /usr/share/doc/shorewall/examples/one-interface/* /etc/shorewall/
vim /etc/shorewall/rules
# ADICIONAR
# HTTP/ACCEPT net $FW
# HTTPS/ACCEPT net $FW
# SSH/ACCEPT net $FW
# ACCEPT net $FW tcp 8080
# Comentar
# ACCEPT $FW net icmp
service shorewall start
##### 5 - PostFix
aptitude install postfix
##### 6 - Memcached
aptitude install memcached
##### 7 - Redis
aptitude install redis-server
##### 8 - Varnish
aptitude install varnish
pkill varnish
vim /etc/varnish/default.vcl
# ALTERAR TODO O CONTEÚDO POR VARNISH CONFIG
vim /etc/default/varnish
# ALTERAR
# DAEMON_OPTS="-a :80 \
# -T localhost:6082 \
# -f /etc/varnish/default.vcl \
# -S /etc/varnish/secret \
# -s malloc,64m"
service varnish start
# Prossiga com a instalação do webserver
# Agora me ajude a melhorar esse setup!
Raw
1.1 - Varnish Config.sh
# This is a basic VCL configuration file for varnish. See the vcl(7)
# man page for details on VCL syntax and semantics.
#
# Default backend definition. Set this to point to your content
# server.
#
backend default {
.host = "127.0.0.1";
.port = "8080";
.connect_timeout = 600s;
.first_byte_timeout = 600s;
.between_bytes_timeout = 600s;
.max_connections = 800;
}
acl purge {
"localhost";
}
sub vcl_recv {
set req.grace = 2m;
# Set X-Forwarded-For header for logging in nginx
remove req.http.X-Forwarded-For;
set req.http.X-Forwarded-For = client.ip;
# Normalize Accept-Encoding to prevent duplicates in the cache
# https:#www.varnish-cache.org/trac/wiki/VCLExampleNormalizeAcceptEncoding
if (req.http.Accept-Encoding) {
if (req.http.Accept-Encoding ~ "gzip") {
set req.http.Accept-Encoding = "gzip";
} elsif (req.http.Accept-Encoding ~ "deflate") {
set req.http.Accept-Encoding = "deflate";
} else {
# unkown algorithm
remove req.http.Accept-Encoding;
}
}
# Don't cache POST, PUT, or DELETE requests
if (req.request == "POST" || req.request == "PUT" || req.request == "DELETE") {
return(pass);
}
# Remove has_js and CloudFlare/Google Analytics __* cookies.
set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");
# Remove a ";" prefix, if present.
set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");
# Either the admin pages or the login
if (req.url ~ "/wp-(login|admin|cron)") {
# Don't cache, pass to backend
return (pass);
}
# Remove the wp-settings-1 cookie
set req.http.Cookie = regsuball(req.http.Cookie, "wp-settings-1=[^;]+(; )?", "");
# Remove the wp-settings-time-1 cookie
set req.http.Cookie = regsuball(req.http.Cookie, "wp-settings-time-1=[^;]+(; )?", "");
# Remove the wp test cookie
set req.http.Cookie = regsuball(req.http.Cookie, "wordpress_test_cookie=[^;]+(; )?", "");
# Static content unique to the theme can be cached (so no user uploaded images)
# The reason I don't take the wp-content/uploads is because of cache size on bigger blogs
# that would fill up with all those files getting pushed into cache
if (req.url ~ "wp-content/themes/" && req.url ~ "\.(css|js|png|gif|jp(e)?g)") {
unset req.http.cookie;
}
# Even if no cookies are present, I don't want my "uploads" to be cached due to their potential size
if (req.url ~ "/wp-content/uploads/") {
return (pass);
}
# Strip cookies from static content
if (req.request == "GET" && req.url ~ "\.(png|gif|jpg|swf|css|js)$") {
unset req.http.cookie;
}
# Check the cookies for wordpress-specific items
if (req.http.Cookie ~ "wordpress_" || req.http.Cookie ~ "comment_") {
# A wordpress specific cookie has been set
return (pass);
}
# allow PURGE from localhost
if (req.request == "PURGE") {
if (!client.ip ~ purge) {
error 405 "Not allowed.";
}
return (lookup);
}
# Force lookup if the request is a no-cache request from the client
if (req.http.Cache-Control ~ "no-cache") {
return (pass);
}
# Try a cache-lookup
return (lookup);
}
sub vcl_fetch {
#set obj.grace = 5m;
set beresp.grace = 2m;
}
sub vcl_hit {
if (req.request == "PURGE") {
purge;
error 200 "Purged.";
}
}
sub vcl_miss {
if (req.request == "PURGE") {
purge;
error 200 "Purged.";
}
}
sub vcl_deliver {
# The below provides custom headers to indicate whether the response came from
# varnish cache or directly from the app.
if (obj.hits > 0) {
set resp.http.X-Varnish-Cache = "HIT";
} else {
set resp.http.X-Varnish-Cache = "MISS";
}
}
Raw
2 - Nginx.sh
##
# Nginx 1.3.5
# PHP 5.4.6
# APC
##
##### 1 - NGinx
aptitude install nginx
vim /etc/nginx/nginx.conf
# ALTERAR:
# user web;
## worker_connections 1024;
# ADICONAR em http{ }
# charset utf-8;
# source_charset utf-8;
# DESCOMENTAR
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
# ALTERAR
# gzip_types text/plain text/css application/json application/x-javascript application/xml application/xml+rss text/javascript text/x-component text/richtext image/svg+xml text/xsd text/xsl text/xml image/x-icon font/ttf font/otf;
vim /etc/nginx/mime.types
# ADICIONAR em types{ }
# application/x-font-ttf ttf;
# application/font-otf otf;
# application/font-woff woff;
# Ajusta o usuário para as operações
useradd web
passwd web
usermod -a -G web web
usermod -a -G web root
sudo chgrp -R web /usr/share/nginx
chmod -R 775 /usr/share/nginx
# Remove config default
rm /etc/nginx/sites-enabled/default
rm -f -R /usr/share/nginx/www/
##
# #### Executar Processo 2 - Add Website ####
# Não se esquecer de alterar as referências dos locais e domínios...
##
# Inicia nginx
/etc/init.d/nginx start
# Diretório root
# /usr/share/nginx
# Arquivo de configuração
# /etc/nginx/sites-enabled/
# /etc/nginx/nginx.conf
##### 2 - PHP 5.4 (FPM)
aptitude install php5-fpm php-pear
vim /etc/php5/fpm/php.ini
# ALTERAR
# cgi.fix_pathinfo = 0
# Pacotes básicos do PHP
aptitude install php5-mcrypt php5-curl php5-gd php5-memcache
vim /etc/php5/fpm/pool.d/www.conf
# ALTERAR
# user = web
# group = web
#
# ;listen = 127.0.0.1:9000
# listen = /var/run/php5-fpm.sock
#
# listen.owner = web
# listen.group = web
# listen.mode = 0666
service php5-fpm restart
# Arquivo de configuração
# /etc/php5/fpm/php.ini
##### 7 - APC
aptitude install php-apc
service php5-fpm restart
# Reinicie o OS
# Agora me ajude a melhorar esse setup!
Raw
2.1 - Nginx Add Website.sh
SITE="site.com"
# Cria o primeiro domínio no servidor
touch /etc/nginx/sites-available/$SITE
# Copia o domínio para o diretório de sites ativos
ln -s /etc/nginx/sites-available/$SITE /etc/nginx/sites-enabled/$SITE
vim /etc/nginx/sites-available/$SITE
##
# ALTERAR TUDO PELO NGINX SITE CONFIG ESPECÍFICO
# Não se esquecer de alterar as referências dos locais e domínios...
##
mkdir /usr/share/nginx/$SITE && cd /usr/share/nginx/$SITE
mkdir logs www
# Fixa permissões de grupo no diretório
sudo chgrp -R web /usr/share/nginx
chown -R web:web /usr/share/nginx
chmod -R 775 /usr/share/nginx
# Reinicia nginx
service nginx restart
Raw
2.1.1 - Nginx Site Config - Default.sh
server {
# Port 80 is varnish
listen 8080;
# listen 80; ## listen for ipv4; this line is default and implied
# listen [::]:80 default ipv6only=on; ## listen for ipv6
root /usr/share/nginx/site.com/www;
access_log /usr/share/nginx/site.com/logs/access.log;
error_log /usr/share/nginx/site.com/logs/error.log;
index index.html index.php index.py index.rb;
server_name www.site.com site.com;
charset utf-8;
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
# try_files $uri $uri/ /index.php?$args;
}
# Images and static content is treated different
location ~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off;
expires 30d;
}
# Fix for @font-face
location ~* \.(eot|ttf|woff)$ {
add_header Access-Control-Allow-Origin *;
}
# Parse all .php files
location ~ .php$ {
if (!-f $request_filename) {
return 404;
}
fastcgi_split_path_info ^(.+\.php)(.*)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
location ~ /\.ht {
deny all;
}
}
Raw
2.1.2 - Nginx Site Config - Wordpress.sh
server {
# Port 80 is varnish
listen 8080;
# listen 80; ## listen for ipv4; this line is default and implied
# listen [::]:80 default ipv6only=on; ## listen for ipv6
root /usr/share/nginx/site.com/www;
access_log /usr/share/nginx/site.com/logs/access.log;
error_log /usr/share/nginx/site.com/logs/error.log;
index index.html index.php index.py index.rb;
server_name www.site.com site.com;
charset utf-8;
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
# No caso do wordpress estar em um subdiretório
# Wordpress - Blog
# location /blog/ {
# if (!-e $request_filename){
# rewrite ^/(.*)$ /blog/index.php?q=$1;
# }
# }
# Images and static content is treated different
location ~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off;
expires 30d;
}
# Fix for @font-face
location ~* \.(eot|ttf|woff|svg|otf)$ {
add_header Access-Control-Allow-Origin *;
}
# Parse all .php files
location ~ .php$ {
if (!-f $request_filename) {
return 404;
}
fastcgi_split_path_info ^(.+\.php)(.*)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
location ~ /\.ht {
deny all;
}
# Wordpress SEO - Rewrite to sitemap
rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;
rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
}
Raw
3 - Apache.sh
##
# Apache 2.2.22
# PHP 5.4.6
# APC
##
##### 1 - Apache 2
aptitude install apache2 libapache2-mod-vhost-ldap libapache2-mod-upload-progress
vim /etc/apache2/envvars
# ALTERAR:
# export APACHE_RUN_USER=web;
# export APACHE_RUN_GROUP=web
vim /etc/apache2/ports.conf
# ALTERAR:
# NameVirtualHost *:8080
# Listen 8080
# Ajusta o usuário para as operações
useradd web
passwd web
usermod -a -G web web
usermod -a -G web root
sudo chgrp -R web /var/www
chmod -R 775 /var/www
# Remove config default
rm /etc/apache2/sites-enabled/000-default
rm -f /var/www/index.html
# Habilita módulos do apache
sudo a2enmod rewrite
##
# #### Executar Processo 2 - Add Website ####
# Não se esquecer de alterar as referências dos locais e domínios...
##
# Inicia apache
service apache2 restart
# Diretório root
# /var/www
# Arquivo de configuração
# /etc/apache2/sites-enabled/
# /etc/apache2/mods-enabled/
# /etc/apache2/
##### 2 - PHP 5.4
aptitude install php5 php-pear
# Pacotes básicos do PHP
aptitude install php5-mcrypt php5-curl php5-gd
##### 3 - APC
aptitude install php-apc
# Reinicie o OS
# Agora me ajude a melhorar esse setup!
Raw
3.1 - Apache Adicionar Website.sh
SITE="site.com"
# Cria o primeiro domínio no servidor
touch /etc/apache2/sites-available/$SITE
# Copia o domínio para o diretório de sites ativos
ln -s /etc/apache2/sites-available/$SITE /etc/apache2/sites-enabled/$SITE
vim /etc/apache2/sites-available/$SITE
##
# ALTERAR TUDO PELO APACHE SITE CONFIG ESPECÍFICO
# Não se esquecer de alterar as referências dos locais e domínios...
##
mkdir /var/www/$SITE && cd /var/www/$SITE
mkdir logs www
# Fixa permissões de grupo no diretório
sudo chgrp -R web /var/www
chown -R web:web /var/www
chmod -R 775 /var/www
# Reinicia nginx
service apache2 restart
Raw
3.1.1 - Apache Site Config - Default.sh
<VirtualHost *:8080>
ServerName site.com
ServerAlias www.site.com
ServerAdmin [email protected]
DocumentRoot /var/www/site.com/www
<Directory /var/www/site.com/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
ErrorLog /var/www/site.com/logs/error.log
CustomLog /var/www/site.com/logs/access.log combined
</VirtualHost>
Raw
4 - NodeJs.sh
##### 1 - Nodejs
cd /etc
git clone git://github.com/joyent/node.git
cd node
./configure
make
make install
export PATH=$PATH:/opt/node/bin
##### 2 - NPM
curl http://npmjs.org/install.sh | sh
# Vhosts com Express
# https://github.com/visionmedia/express/blob/master/examples/vhost/index.js
Raw
5 - MongoDB.sh
##### 1 - MongoDB
aptitude install mongodb
# Diretório root
# /var/lib/mongodb
# Arquivo de configuração
# /etc/mongodb.conf
##### 2 - MongoDB & PHP FPM
pecl install mongo
vim /etc/php5/fpm/php.ini
# ADICIONAR
# extension=mongo.so
service php5-fpm restart
Raw
6 - MySQL.sh
##### 1 - MySQL, ou
aptitude install mysql-server php5-mysql
#### 2 - Percona Server - O MySQL melhorado
gpg --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A
gpg -a --export CD2EFD2A | apt-key add -
vim /etc/apt/sources.list
## ADICIONAR
# deb http://repo.percona.com/apt quantal main
# deb-src http://repo.percona.com/apt quantal main
vim /etc/apt/preferences.d/00percona.pref
## ADICIONAR
# Package: *
# Pin: release o=Percona Development Team
# Pin-Priority: 1001
apt-get update
apt-get install percona-server-server-5.5 percona-server-client-5.5 php5-mysql
@eduardojmatos
Copy link

Vou nem comentar. Vai que é doença.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment