This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Linux | |
1. Disable root ssh login in sshd_config | |
2. Create a new user and don't use a standard user e.g. the 'pi' user on Raspbian. | |
3. Follow these steps: https://www.cyberciti.biz/tips/linux-security.html | |
- for me the following sections were helpful (mostly because of my special software and hardware configuration): #1, #5, #8, #12, #13, #16, #17, #20, #23, #24, #25, #26, #27 already using keepass, #29 already done but plz check major tools whether all information is logged, #30, #32, #33, #36, #37, #39 | |
4. Start nginx and php-fpm as simple user e.g. 'nginx' instead of root. (You could use systemd for that, you can find example service files in my gists) | |
Nginx | |
1. Use SSL CSR with 2048 bit and sha512 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Unit] | |
Description=Phpenv created Php-Fpm fastcgi | |
Documentation=man:php-fpm(8) | |
After=nginx.target | |
[Service] | |
Type=forking | |
RuntimeDirectory=php-fpm | |
ExecStart=/home/nginx/.phpenv/shims/php-fpm | |
ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /var/run/php-fpm/php-fpm.pid |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Stop dance for nginx | |
# ======================= | |
# | |
# ExecStop sends SIGSTOP (graceful stop) to the nginx process. | |
# If, after 5s (--retry QUIT/5) nginx is still running, systemd takes control | |
# and sends SIGTERM (fast shutdown) to the main process. | |
# After another 5s (TimeoutStopSec=5), and if nginx is alive, systemd sends | |
# SIGKILL to all the remaining processes in the process group (KillMode=mixed). | |
# | |
# nginx signals reference doc: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /bin/sh | |
# | |
# run as current user | |
# > mkdir ~/.phpenv/init | |
# > vim 5.3.19 | |
# | |
# before, you should edit php-fpm.conf | |
# and comment out [www] user and group. | |
PHP_VERSION=$(phpenv version | sed 's/ (.*//') |