Published by: 0

Je partage à chaud un petit tuto codé à chaud étape par étape pour la mise en place d'un serveur de prod sur debian 8, il est brut et n'est pas accompagné d'explications très détaillées, libre à vous d'approfondir, de poser des question ou de m'aider à étayer l'article car je n'ai pas trops le temps de m'y consacrer à fond...

Server setup for Debian 8 Jessie

#add our sudo/admin users
adduser jo sudo
adduser jeff sudo

#add our www manager user
adduser enterprise

#add mariadb-repo
sudo apt-get install software-properties-common
sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db
sudo add-apt-repository 'deb [arch=amd64,i386,ppc64el] http://fr.mirror.babylon.network/mariadb/repo/10.1/debian jessie main'

#add php7 repo
echo "deb http://packages.dotdeb.org jessie all" > /etc/apt/sources.list.d/dotdeb.list
wget -O- https://www.dotdeb.org/dotdeb.gpg | apt-key add -
apt update

#install libs
apt-get install sudo apache2 php mariadb-server redis-server php7.0-redis php-simplexml php-mysql php-mbstring php-zip php-intl php-gd php-curl curl git vsftpd libpam-pwdfile glances aptitude locate

#install PHPUnit
wget https://phar.phpunit.de/phpunit.phar
chmod +x phpunit.phar
sudo mv phpunit.phar /usr/local/bin/phpunit

#install wkhtml2pdf
wget http://download.gna.org/wkhtmltopdf/0.12/0.12.2.1/wkhtmltox-0.12.2.1_linux-wheezy-amd64.deb
sudo dpkg -i wkhtmltox-0.12.2.1_linux-wheezy-amd64.deb
sudo apt-get install -f

#enable modules
sudo phpenmod pdo
sudo a2enmod rewrite include headers deflate alias auth_digest

#set permissive umask
echo umask 000 >> /etc/apache2/envvars

#enable .htaccess
/etc/apache2/apache2.conf
<Directory /var/www/>
Options Indexes FollowSymLinks
#AllowOverride None
AllowOverride All
Require all granted
</Directory>

#add .htpasswd file
cd /var/www
htdigest -c .htpasswd "Who are you ?" enterprise
sudo chmod 644 .htpasswd

#add admin tools
mkdir /var/www/adminer
mkdir /var/www/redis-adminer
chmod a+rwX /var/www/adminer
chmod a+rwX /var/www/redis-adminer

#in /var/www/adminer/.htaccess and /var/www/redis-adminer/.htaccess
AuthType Digest
AuthName "Who are you ?"
AuthUserFile /var/www/.htpasswd
Require valid-user

#install our admin tools
cd /var/www/adminer
wget https://github.com/vrana/adminer/releases/download/v4.2.5/adminer-4.2.5.php
mv adminer-4.2.5.php index.php
cd /var/www/redis-adminer
composer create-project erik-dubbelboer/php-redis-admin .

#add our alias to admin tools
/etc/apache2/site-available/000-default.conf
<VirtualHost *:80>
#...
Alias /adminer /var/www/adminer
Alias /redis-adminer /var/www/redis-adminer
#...
</VirtualHost>

#give full access to our www manager to www folder
sudo chown enterprise:enterprise /var/www

#install composer
curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer

#FTP
#config pam

#backup origin
sudo mv /etc/pam.d/vsftpd /etc/pam.d/vsftpd.bak

#enable ftpd.passwd file
/etc/pam.d/vsftpd
auth required pam_pwdfile.so pwdfile /etc/vsftpd/ftpd.passwd
account required pam_permit.so

#add vsftpd user
sudo useradd --home /home/vsftpd --gid nogroup -m --shell /bin/false vsftpd

#create ftp ssl certificate
sudo openssl req -new -x509 -days 365 -nodes -out /etc/ssl/private/vsftpd.cert.pem -keyout /etc/ssl/private/vsftpd.key.pem
sudo chown root:root /etc/ssl/private/vsftpd.cert.pem
sudo chown root:root /etc/ssl/private/vsftpd.key.pem
sudo chmod 600 /etc/ssl/private/vsftpd.cert.pem
sudo chmod 600 /etc/ssl/private/vsftpd.key.pem

#in /etc/vsftpd.conf
https://gist.githubusercontent.com/surikat/de2986504f8165fba212e1e2655e2760/raw/a7fc0251345e7da6e88fb8e402ccc5cd7e6c799e/vsftpd.conf

#in /usr/bin/vsftpd-user
https://gist.githubusercontent.com/surikat/de2986504f8165fba212e1e2655e2760/raw/a7fc0251345e7da6e88fb8e402ccc5cd7e6c799e/vsftpd-user

#config mariadb/mysql
#in /etc/mysql/my.cnf (if file is about mariadb else) /etc/my.cnf
innodb_flush_log_at_trx_commit=2
max_allowed_packet=512M

#in /etc/ssh/sshd_config
#...
Port 25565
AuthorizedKeysFile      %h/.ssh/authorized_keys
PermitRootLogin no
#...

ssh -p 25565 enterprise@myproject.com
ssh-keygen -t rsa -b 4096 -C "myproject@surikat.pro"
#you have to copy ~/.ssh/id_rsa.pub in github ssh key
cd /var/www/html
git clone git@github.com:surikat/enterprise-myproject .

#in /etc/php/7.0/apache2/php.ini
#...
memory_limit = 512M
post_max_size = 128M
upload_max_filesize = 120M
opcache.enable=1
#...

#restart apache2
sudo /etc/init.d/apache2 restart

#restart our ftp server
sudo /etc/init.d/vsftpd restart

#restart our mysql server
sudo /etc/init.d/mysql restart

#restart our ssh server
sudo /etc/init.d/sshd restart

Partagez moi !

Laisser un commentaire