https://github.com/iamntz/nginx-toolbox

just some scripts to create sites
https://github.com/iamntz/nginx-toolbox

nginx nginx-configuration nginx-php-fpm playground

Last synced: 4 months ago
JSON representation

just some scripts to create sites

• Host: GitHub
• URL: https://github.com/iamntz/nginx-toolbox
• Owner: iamntz
• Created: 2017-02-22T15:28:20.000Z (over 9 years ago)
• Default Branch: master
• Last Pushed: 2021-12-28T09:07:33.000Z (over 4 years ago)
• Last Synced: 2025-10-07T22:51:56.690Z (9 months ago)
• Topics: nginx, nginx-configuration, nginx-php-fpm, playground
• Language: Shell
• Size: 48.8 KB
• Stars: 7
• Watchers: 2
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Usage

```

certbot certonly --dns-digitalocean --dns-digitalocean-credentials ~/.secrets/certbot/digitalocean.ini -d site.com -d *.site.com

./create-site.sh site_user site_url

```

# To delete a site:

```

rm -rf /var/www/site_name/

rm /etc/nginx/sites-available/site_name

rm /etc/php/7.4/fpm/pool.d/user.conf

rm -rf /etc/letsencrypt/live/site_name

userdel site_user

groupdel site_user

```

# First time Setup

### Install requirements:

```bash

add-apt-repository ppa:ondrej/php

add-apt-repository ppa:certbot/certbot

apt install sendmail imagemagick nginx composer phpunit mariadb-server redis-server

apt install php7.4-fpm php7.4-{bcmath,bz2,intl,gd,mbstring,mysql,zip,dom,curl,redis}

snap install core

snap refresh core

apt-get remove certbot

snap install --classic certbot

snap install certbot-dns-digitalocean

ln -s /snap/bin/certbot /usr/bin/certbot

```

### Make SSH allow connection from site_user

```bash

echo "AllowGroups sshusers" >> /etc/ssh/sshd_config

addgroup sshusers && adduser root sshusers

```

### Install WP-CLI

```bash

curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar && chmod +x wp-cli.phar && mv wp-cli.phar /usr/local/bin/wp

```

### PHP tweaks

Set CLI php version

```

update-alternatives --set php /usr/bin/php7.4

```

Securing:

```bash

echo "cgi.fix_pathinfo=0" >> /etc/php/7.4/fpm/php.ini

```

Fix compat with large requests (e.g. ACF plugin): edit `/etc/php/7.4/fpm/php.ini` and change:

```

upload_max_filesize = 100M

post_max_size = 100M

```

https://www.digitalocean.com/community/tutorials/how-to-install-linux-nginx-mysql-php-lemp-stack-in-ubuntu-16-04#configure-the-php-processor

### Nginx tweaks

on `/etc/nginx/nginx.conf`  (http block)

```

client_max_body_size 100m;

```

### Install Redis

Change `supervised systemd` on /etc/redis/redis.conf

```

systemctl restart redis.service

```

https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-redis-on-ubuntu-18-04

### Certbot setup:

Create  `~/.secrets/certbot/digitalocean.ini`

```

dns_digitalocean_token = INSERT_TOKEN_HERE

```

You find your token in DO sidebar -> API -> Personal Access Tokens

Cron job for certbot:

```

0 0 * * 1 certbot renew -q --dns-digitalocean --dns-digitalocean-credentials ~/.secrets/certbot/digitalocean.ini

```

`vim /etc/letsencrypt/renewal-hooks/deploy/01-reload-nginx` and add:

```

#! /bin/sh

set -e

/etc/init.d/nginx configtest

/etc/init.d/nginx reload

```

`chmod +x /etc/letsencrypt/renewal-hooks/deploy/01-reload-nginx`

### Logrotate:

On `/etc/logrotate.d/nginx`

```

/var/www/*/logs/*.log {

    daily

    missingok

    rotate 14

    compress

    delaycompress

    notifempty

    create 0640 www-data adm

    sharedscripts

    prerotate

        if [ -d /etc/logrotate.d/httpd-prerotate ]; then \

            run-parts /etc/logrotate.d/httpd-prerotate; \

        fi \

    endscript

    postrotate

        invoke-rc.d nginx rotate >/dev/null 2>&1

    endscript

}

```