I hereby claim:
- I am jonathantittle on github.
- I am jtittle (https://keybase.io/jtittle) on keybase.
- I have a public key ASCbGhUZm91_Mier9K9zoOESnQ-7EhEtaMk0tI221RN7jAo
To claim this, I am signing this object:
Jonathan Tittle jonathantittle
jonathantittle
/ keybase.md
Created
May 24, 2017 04:15
jonathantittle
/ letsencrypt.md
Created
January 29, 2017 04:28
— forked from xrstf/letsencrypt.md
Let's Encrypt on Ubuntu 14.04, nginx with webroot auth
This document details how I setup LE on my server. Firstly, install the client as described on http://letsencrypt.readthedocs.org/en/latest/using.html and make sure you can execute it. I put it in /root/letsencrypt.
As it is not possible to change the ports used for the standalone authenticator and I already have a nginx running on port 80/443, I opted to use the webroot method for each of my domains (note that LE does not issue wildcard certificates by design, so you probably want to get a cert for www.example.com and example.com).
For this, I placed config files into etc/letsencrypt/configs, named after <domain>.conf. The files are simple:
jonathantittle
/ nginx.conf
Created
January 26, 2017 09:45
— forked from plentz/nginx.conf
Best nginx configuration for improved security(and performance). Complete blog post here http://tautt.com/best-nginx-configuration-for-security/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # to generate your dhparam.pem file, run in the terminal | |
| openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| location ~ [^/]\.php(/|$) { | |
| fastcgi_split_path_info ^(.+?\.php)(/.*)$; | |
| fastcgi_pass 127.0.0.1:9000; | |
| fastcgi_index index.php; | |
| fastcgi_param SCRIPT_FILENAME $request_filename; | |
| fastcgi_connect_timeout 60; | |
| fastcgi_send_timeout 180; | |
| fastcgi_read_timeout 180; | |
| fastcgi_buffer_size 512k; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| user nginx nginx; | |
| worker_processes 1; | |
| worker_priority -10; | |
| worker_rlimit_nofile 260000; | |
| timer_resolution 100ms; | |
| pcre_jit on; | |
| events { |
jonathantittle
/ setup.sh
Last active
January 13, 2017 22:55
Install PHP 7.1.x + PHP-FPM, Compile NGINX from Source, Install MariaDB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo apt-get update \ | |
| && sudo apt-get upgrade -y \ | |
| && sudo apt-get install -y autoconf automake bc bison build-essential certbot cmake curl flex gcc g++ letsencrypt libcap-ng-dev libcap-ng-utils libcurl4-openssl-dev libevent-dev libgd-dev libgeoip-dev libjpeg-dev libnspr4-dev libpam0g-dev libpcre3 libpcre3-dev libpng-dev libpng-tools libselinux1-dev libssl-dev libunbound-dev libxslt1-dev make nano software-properties-common unzip wget zip zlib1g-dev zlibc \ | |
| && sudo add-apt-repository -y ppa:ondrej/php \ | |
| && sudo apt-get update \ | |
| && sudo apt-get install -y php7.1-cli php7.1-dev php7.1-fpm php7.1-bcmath php7.1-bz2 php7.1-common php7.1-curl php7.1-gd php7.1-gmp php7.1-imap php7.1-intl php7.1-json php7.1-mbstring php7.1-mysql php7.1-readline php7.1-recode php7.1-soap php7.1-sqlite3 php7.1-xml php7.1-xmlrpc php7.1-zip php7.1-opcache php7.1-xsl \ | |
| && sudo apt-get autoremove -y \ | |
| && sudo mkdir -p /usr/local/src/cannoli/{modules,nginx,packages/{openssl,pcre,zlib}} \ | |
| && sudo mkdir -p /etc/nginx/{cache/{client,proxy,fast |