-
-
Save Hadryan/e78e8d79816129b0f10d3872467f2f76 to your computer and use it in GitHub Desktop.
Basic Ubuntu VPS Webserver configuration script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo su | |
| #Install various tools | |
| apt-get update | |
| apt-get upgrade -y | |
| apt-get install -y imagemagick build-essential htop git fail2ban sendmail libreadline-dev libncurses5-dev libpcre3 libpcre3-dev libssl-dev perl make ffmpeg libfaac-dev libfdk-aac-dev openssl libxml2 libc6 libc6-dev libaio1 libaio-dev libxslt1-dev zlib1g zlib1g-dev libgd-dev libgeoip-dev libpcre++-dev ffmpeg | |
| #Compile | |
| #https://www.digitalocean.com/community/tutorials/how-to-use-the-openresty-web-framework-for-nginx-on-ubuntu-16-04 | |
| ./configure -j4 --prefix=/opt/nginx --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-cc-opt="-O3" --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module --with-file-aio --add-dynamic-module=/root/woorking/openresty-1.13.6.2/bundle/nginx-hmac-secure-link --add-dynamic-module=/root/woorking/openresty-1.13.6.2/bundle/nginx-secure-token-module --add-dynamic-module=/root/woorking/openresty-1.13.6.2/bundle/encrypted-session-nginx-module --add-dynamic-module=/root/woorking/openresty-1.13.6.2/bundle/nginx-vod-module | |
| make -j4 | |
| make -j4 install | |
| #Configure iptables | |
| iptables -F | |
| iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP | |
| iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP | |
| iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP | |
| iptables -A INPUT -i lo -j ACCEPT | |
| iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT | |
| iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT | |
| ### OVH SLA | |
| iptables -A INPUT -i eth0 -p icmp --source 92.222.184.0/24 -j ACCEPT | |
| iptables -A INPUT -i eth0 -p icmp --source 92.222.185.0/24 -j ACCEPT | |
| iptables -A INPUT -i eth0 -p icmp --source 92.222.186.0/24 -j ACCEPT | |
| iptables -A INPUT -i eth0 -p icmp --source 167.114.37.0/24 -j ACCEPT | |
| iptables -A INPUT -i eth0 -p icmp --source 151.80.118.90/32 -j ACCEPT | |
| ### [end] OVH SLA | |
| iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |
| iptables -P OUTPUT ACCEPT | |
| iptables -P INPUT DROP | |
| #Install iptables persistence | |
| apt-get install -y iptables-persistent | |
| #Configure fail2ban | |
| cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local | |
| service fail2ban restart | |
| #Install NGINX | |
| nginx=stable # use nginx=development for latest development version | |
| add-apt-repository ppa:nginx/$nginx | |
| apt-get update | |
| apt-get install -y nginx | |
| #Install Node.js (v6.x LTS) | |
| curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash - | |
| sudo apt-get install -y nodejs | |
| npm install pm2 -d -g |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment