Skip to content

Instantly share code, notes, and snippets.

@1Conan

1Conan/ngx_php-fpm-mdb-co6.sh

Last active October 13, 2016 20:28
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save 1Conan/119a023f62eefe216ede to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save 1Conan/119a023f62eefe216ede to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ngx_php-fpm-mdb-co6.sh
#!/bin/bash
#
# nginx + php-FPM 7 + MariaDB 10.1 Installer
# by 1Conan
#
# Supports CentOS 6 or other RHEL-based OS (Untested)
#
# Version variables (Updated 3/24/16)
NPS_VERSION=1.9.32.10
NGINX_VERSION=1.9.12
# Install some repos
wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
rpm -Uvh rpmforge-release-*.rpm
# Update things first
yum -y update
cd /tmp
mkdir ngxtmp
cd ngxtmp
# Nginx Pagespeed
wget https://github.com/pagespeed/ngx_pagespeed/archive/release-${NPS_VERSION}-beta.zip
unzip release-${NPS_VERSION}-beta.zip
rm -rf release-${NPS_VERSION}-beta.zip
cd ngx_pagespeed-release-${NPS_VERSION}-beta/
wget https://dl.google.com/dl/page-speed/psol/${NPS_VERSION}.tar.gz
tar -xzvf ${NPS_VERSION}.tar.gz
rm -rf ${NPS_VERSION}.tar.gz
cd /tmp/ngxtmp
# PCRE
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.38.tar.gz
tar -xvzf pcre-8.38.tar.gz
# ZLIB
wget http://zlib.net/zlib-1.2.8.tar.gz
tar -xvzf zlib-1.2.8.tar.gz
# OpenSSL
wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
tar -xvzf openssl-1.0.2-latest.tar.gz
# Remove archives
rm -rf pcre-8.38.tar.gz zlib-1.2.8.tar.gz openssl-1.0.2-latest.tar.gz
# Compile OpenSSL
cd openssl-1.0.2g
./config threads shared enable-ec_nistp_64_gcc_128 -Wl,-rpath=/usr/local/ssl/lib -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -g -O2 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
make depend
cd /tmp/ngxtmp
# Download and compile nginx
wget http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz
tar -xvzf nginx-${NGINX_VERSION}.tar.gz
rm -rf nginx-${NGINX_VERSION}.tar.gz
cd nginx-${NGINX_VERSION}/
./configure --with-http_v2_module \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_stub_status_module \
--with-http_auth_request_module \
--with-file-aio \
--with-ipv6 \
--with-pcre-jit \
--with-pcre \
--with-pcre=/tmp/ngxtmp/pcre-8.38 \
--with-zlib=/tmp/ngxtmp/zlib-1.2.8 \
--with-openssl=/tmp/ngxtmp/openssl-1.0.2g \
--with-openssl-opt=enable-ec_nistp_64_gcc_128 \
--with-cc-opt='-O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' \
--add-module=/tmp/ngxtmp/ngx_pagespeed-release-1.9.32.10-beta
make
make install
ln -s /usr/local/nginx/sbin/nginx /usr/bin/nginx
cat <<EOF > /etc/init.d/nginx
# The name of this service
NAME=nginx
# The PID file
PIDFILE=$(printf -- '%s/run/%s.pid' "$([ -d /run ] || printf -- /var)" "\${NAME}")
DAEMON=\$(command -v "\${NAME}")
if [ "\${DAEMON}" = '' ]
then
fail 'not found!'
exit \${EC_DAEMON_NOT_FOUND}
fi
### End Configuration Options ###
. /etc/init.d/functions
start() {
echo -n \$"Starting $NAME: "
daemon --check \$NAME --pidfile \$PIDFILE $DAEMON
RETVAL=\$?
if [ \$RETVAL -ne 0 ]; then
echo_failure
echo
else
PID=\$(pgrep $NAME)
echo -n \$PID > $PIDFILE
echo_success
echo
fi
return \$RETVAL
}
stop () {
echo -n \$"Stopping $NAME: "
killproc -p \$PIDFILE $NAME
RETVAL=\$?
echo
return \$RETVAL
}
restart () {
stop
start
}
case "\$1" in
start)
start
;;
stop)
stop
;;
status)
status -p \$PIDFILE $NAME
;;
restart)
restart
;;
*)
echo "Usage: \$0 {start|stop|status}"
exit 2
;;
esac
EOF
chmod +x /etc/init.d/nginx
mkdir /usr/local/nginx/conf.d/
cat <<EOF > /usr/local/nginx/conf/nginx.conf
user nginx;
worker_processes auto;
worker_rlimit_nofile 100000;
events {
use epoll;
worker_connections 1024;
multi_accept on;
}
http {
include mime.types;
default_type application/octet-stream;
access_log off;
open_file_cache max=10000 inactive=30s;
open_file_cache_valid 60s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
sendfile on;
tcp_nopush on;
client_body_buffer_size 10K;
client_header_buffer_size 1k;
client_max_body_size 8m;
large_client_header_buffers 2 1k;
client_body_timeout 12;
client_header_timeout 12;
send_timeout 10;
keepalive_timeout 65;
keepalive_requests 100000;
reset_timedout_connection on;
#GZIP Compression
gzip on;
gzip_comp_level 4;
gzip_vary on;
gzip_min_length 256;
gzip_buffers 4 32k;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
gzip_disable "MSIE [1-6]\.";
include /usr/local/nginx/conf.d/*.conf;
}
EOF
cat <<EOF > /usr/local/nginx/conf.d/default.conf
#www to root redirect
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.example.com; #Edit
rewrite ^(.*) https://example.com$1 permanent; #Edit
add_header Strict-Transport-Security max-age=15768000; #6Months of HSTS
add_header Public-Key-Pins 'pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000;'; #2Months of HPKP
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
ssl_buffer_size 8k;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 30m;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; #Edit
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; #Edit
ssl_dhparam /usr/local/nginx/ssl/dhparams.pem; #Edit
ssl_stapling on;
resolver 8.8.8.8;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem; #Edit
}
#http to https
server {
listen 80;
listen [::]:80;
server_name example.com; #Edit
rewrite ^(.*) https://example.com$1 permanent; #Edit
}
#Main
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com; #Edit
#------SSL Start------#
add_header Strict-Transport-Security max-age=15768000; #6Months of HSTS
add_header Public-Key-Pins 'pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000;'; #2Months of HPKP
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
ssl_buffer_size 8k;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 30m;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; #Edit
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; #Edit
ssl_dhparam /usr/local/nginx/ssl/dhparams.pem; #Edit
ssl_stapling on;
resolver 8.8.8.8;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem; #Edit
#------SSL End------#
#------GZIP Start------#
#GZIP Compression
gzip on;
gzip_comp_level 6;
gzip_vary on;
gzip_min_length 256;
gzip_buffers 4 32k;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
gzip_disable "MSIE [1-6]\.";
#------GZIP End------#
#Root Folder
root html;
location / {
index index.php index.html;
}
#Static Files Caching
location ~ \.(css|htc|less|js|js2|js3|js4)$ {
expires 31536000s;
add_header Pragma "public";
add_header Cache-Control "max-age=31536000, public";
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /usr/local/nginx/conf/fastcgi_param; #Edit
}
}
EOF
# MariaDB 10.1
if $(uname -m | grep '64'); then
cat <<EOF > /etc/yum.repos.d/MariaDB.repo
# http://mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos6-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
EOF
else
cat <<EOF > /etc/yum.repos.d/MariaDB.repo
# http://mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos6-x86
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
EOF
fi
yum -y update
yum -y remove mysql*
yum -y install MariaDB MariaDB-server MariaDB-client
# php-FPM 7.0
cat <<EOF > /etc/yum.repos.d/remi.repo
# Repository: http://rpms.remirepo.net/
# Blog: http://blog.remirepo.net/
# Forum: http://forum.remirepo.net/
[remi]
name=Remi's RPM repository for Enterprise Linux 6 - $basearch
#baseurl=http://rpms.remirepo.net/enterprise/6/remi/$basearch/
mirrorlist=http://rpms.remirepo.net/enterprise/6/remi/mirror
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi
EOF
cat <<EOF > /etc/yum.repos.d/remi-php70.repo
# This repository only provides PHP 7.0 and its extensions
# NOTICE: common dependencies are in "remi-safe"
[remi-php70]
name=Remi's PHP 7.0 RPM repository for Enterprise Linux 6 - $basearch
#baseurl=http://rpms.remirepo.net/enterprise/6/php70/$basearch/
mirrorlist=http://rpms.remirepo.net/enterprise/6/php70/mirror
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi
EOF
yum -y install php-fpm
service nginx start
service php-fpm start
service mysql start
mysql_secure_installation
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment