Last active
July 6, 2017 15:22
-
-
Save sl-digital/33c214c2ce9a1b8f081cc507fa46f23b to your computer and use it in GitHub Desktop.
Ubuntu 16.04 LEMP Install
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # CREATE USERS | |
| sudo su <enter root password> | |
| adduser devops | |
| usermod -aG sudo devops | |
| # SSH KEYGEN (LOCAL) | |
| ssh-keygen <follow prompts and save> | |
| cat ~/.ssh/yourkey_rsa.pub <copy contents> | |
| # SSH KEYGEN (SERVER) | |
| su - devops | |
| mkdir ~/.ssh | |
| chmod 700 ~/.ssh | |
| nano ~/.ssh/authorized_keys <paste key data> | |
| chmod 600 ~/.ssh/authorized_keys | |
| # DISABLE PASSWORD AUTH | |
| sudo nano /etc/ssh/sshd_config | |
| - PasswordAuthentication no | |
| - PubkeyAuthentication yes | |
| - ChallengeResponseAuthentication no | |
| sudo systemctl reload sshd | |
| # INSTALL FIREWALL | |
| sudo ufw app list | |
| sudo ufw allow OpenSSH | |
| sudo ufw enable | |
| sudo ufw status | |
| # INSTALL NGINX | |
| sudo apt update | |
| sudo apt install nginx | |
| # ADJUST FIREWALL | |
| sudo ufw allow 'Nginx Full' | |
| # INSTALL MYSQL | |
| sudo apt install mysql-server | |
| sudo mysql_secure_installation | |
| # INSTALL PHP REPO | |
| sudo apt-get install -y python-software-properties | |
| sudo add-apt-repository -y ppa:ondrej/php | |
| sudo apt-get update -y | |
| # INSTALL PHP AND FPM | |
| sudo apt-cache search php7.1 | |
| sudo apt-get install php-fpm php-mysql | |
| # ADJUST CGI FIX_PATHINFO | |
| sudo nano /etc/php/7.0/fpm/php.ini | |
| cgi.fix_pathinfo=0 | |
| sudo systemctl restart php7.0-fpm | |
| # ADJUST NGINX FOR PHP | |
| sudo nano /etc/nginx/sites-available/default | |
| server { | |
| listen 80 default_server; | |
| listen [::]:80 default_server; | |
| root /var/www/html; | |
| index index.php index.html index.htm index.nginx-debian.html; | |
| server_name server_domain_or_IP; | |
| location / { | |
| try_files $uri $uri/ =404; | |
| } | |
| location ~ \.php$ { | |
| include snippets/fastcgi-php.conf; | |
| fastcgi_pass unix:/run/php/php7.0-fpm.sock; | |
| } | |
| location ~ /\.ht { | |
| deny all; | |
| } | |
| } | |
| # REBOOT AND TEST | |
| sudo nginx -t | |
| sudo systemctl reload nginx | |
| # FIND MORE PHP MODULES | |
| sudo apt-cache search php7 | |
| sudo apt install php-whatevs1 php-whatevs2 | |
| # SET WEBROOT PERMISSIONS | |
| chown -R www-data:www-data /var/www/html | |
| # ADD USER TO WWW-DATA | |
| usermod -a -G www-data devops | |
| # SET DEFAULT ACL RULES | |
| getfacl /var/www/html | |
| setfacl -Rd -m u:devops:rwx /var/www/html | |
| setfacl -Rd -m g:www-data:rwx /var/www/html | |
| # SET ACL RULES | |
| setfacl -R -m u:devops:rwx /var/www/html | |
| setfacl -R -m g:www-data:rwx /var/www/html | |
| # SET CONTENT DEFAULT | |
| chmod -R g+s /var/www/html | |
| # CHANGE CONTENT PERMISSIONS | |
| find . -type d -exec chmod 755 {} \; | |
| find . -type f -exec chmod 644 {} \; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment