The setup installs the following software:
- Git
- Composer
- Nginx
- PHP
- MariaDB
- Redis
apt update && apt dist-upgrade -y && apt autoremove -y
export LANGUAGE=en_US.UTF-8
export LANG=en_US.UTF-8
export LC_ALL=en_US.UTF-8
locale-gen en_US.UTF-8
dpkg-reconfigure locales
apt install -y git
apt install -y composer
apt install -y nginx
Check core limit for number of connections.
ulimit -n
Configure Nginx accordingly.
vim /etc/nginx/nginx.conf
user www-data;
worker_processes auto;
events {
worker_connections <core-limit>;
multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 30;
types_hash_max_size 2048;
server_tokens off;
server_names_hash_bucket_size 64;
server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log off;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_static on;
gzip_min_length 1024;
gzip_comp_level 1;
gzip_vary on;
gzip_disable msie6;
gzip_proxied expired no-cache no-store private auth;
gzip_types
# text/html is always compressed by HttpGzipModule
text/css
text/javascript
text/xml
text/plain
text/x-component
application/javascript
application/x-javascript
application/json
application/xml
application/rss+xml
application/atom+xml
font/truetype
font/opentype
application/vnd.ms-fontobject
image/svg+xml;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
Restart Nginx.
service nginx restart
Create config file for virtual host.
vim /etc/nginx/sites-available/<domain-name>.conf
server {
listen 80;
listen [::]:80;
root /var/www/<domain-name>/public/;
index index.php index.html;
server_name <domain-name>;
charset utf-8;
error_log /var/www/<domain-name>/error.log;
location ~* \.(?:manifest|appcache|html?|xml|json)$ {
expires -1;
}
location ~* \.(?:rss|atom)$ {
expires 1h;
add_header Cache-Control "public";
}
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
expires 1y;
add_header Cache-Control "public";
}
location ~* \.(?:css|js)$ {
expires 1y;
add_header Cache-Control "public";
}
location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ {
expires 1y;
add_header Cache-Control "public";
}
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_intercept_errors on;
}
}
Create public directory in site folder.
mkdir -p /var/www/<domain-name>/public
Fix correct owner.
chown -R <username>:<username> /var/www/<domain-name>
Enable vhost.
ln -s /etc/nginx/sites-available/<domain-name>.conf /etc/nginx/sites-enabled/<domain-name>.conf
Restart Nginx.
service nginx restart
apt install -y \
php7.4-fpm \
php7.4-bcmath \
php7.4-curl \
php7.4-gd \
php7.4-json \
php7.4-mbstring \
php7.4-mysql \
php7.4-xml \
php7.4-zip \
php-imagick \
php-pear \
php-tokenizer
Adjustments for php-fpm is based on the 2GB Digital Ocean setup.
vim /etc/php/7.4/fpm/pool.d/www.conf
listen.owner = www-data
listen.group = www-data
pm.max_children = 16
pm.start_servers = 4
pm.min_spare_servers = 2
pm.max_spare_servers = 6
vim /etc/php/7.4/fpm/php.ini
cgi.fix_pathinfo=0
post_max_size = 64M
upload_max_filesize = 64M
Restart PHP.
service php7.4-fpm restart
apt install -y \
mariadb-server \
mariadb-client
Securing mysql
mysql_secure_installation
Create new mysql user
mysql -u root
CREATE USER 'username'@'localhost' IDENTIFIED BY 'userpwd';
GRANT ALL PRIVILEGES on *.* to 'username'@'localhost';
FLUSH PRIVILEGES;
apt install -y redis