Magento 1 Initial Script
Jump to navigation
Jump to search
Here is the script to run for the Magento 1 Stack:
#! /bin/bash #### ## INITIAL.SH #### # ToDo # tcp window size # cherokee and stuff # at job mail support for tuning checkup # this stuff: # echo deadline > /sys/block/sda/queue/scheduler # echo noop > /sys/block/sda/queue/scheduler # cat /proc/sys/vm/swappiness # echo 0 > cat /proc/sys/vm/swappiness # sysctl -p # ktune # compcache # Dane tmpfs init # chef?!? # disable repos # gzip_vary on; https://developers.google.com/speed/docs/best-practices/caching?hl=sv#LeverageProxyCaching # sed '-' out of dbname ### #### #### ## Edit stuff below this point if you don't want defaults ## #### #### #Write your own domain in, just leave out the www #Can be left blank to use example.com as a standin DOMAIN="" #IP can be ext, int or write it in yourself IP="ext" #Change SSL to "yes" if you want the nginx SSL section including SSL="yes" #### #### ## Don't edit stuff below here if you want the script to work ## #### #### unset HISTFILE ### # Quick bc install for some of the vars ### yum install bc at -y service atd start chkconfig atd on # Other utils that don't come as default yum install tcpdump lsof wget telnet -y #### # Also pwgen #### yum install epel-release -y yum install pwgen --enablerepo=epel -y ### # Variables 'n' shit ### if [ -z ${DOMAIN} ] then DOMAIN="example.com" fi if [ "$IP" = "int" ] then # '-m1' to return first match only IP=`ip a|egrep -m1 '(172\.|192.168\.|10\.0\.)'|awk '{print $2}'|sed -e 's_/.*__'` elif [ "$IP" = "ext" ] then IP=`curl -s icanhazip.com` fi ARCH=`arch` THREADCON=$(echo 2*$(grep -c "processor" /proc/cpuinfo)+2|bc) NGINXWORKER=$(grep -c "processor" /proc/cpuinfo) POOLSIZE=$(echo $(echo $(grep MemTot /proc/meminfo |awk '{print $2}')/2|bc)k) DOMNODOT=`echo $DOMAIN| sed 's/\.//g'` BACKEND=$(echo $(echo $DOMNODOT)backend) USERPASS=`pwgen -cn1` MYSQL=`echo $DOMNODOT|sed -n 's/^\(......\).*/\1/p'` MYSQL="${MYSQL}$(cat /dev/urandom | tr -dc '0-9a-zA-Z' | head -c 4)" MYSQLPASS=`pwgen -cn1` MYSQLROOTPASS=`pwgen -cn1` USERNAME=$(echo $DOMNODOT|cut -c 1-15) USERNAME="${USERNAME}$(cat /dev/urandom|tr -dc '0-9a-z'| head -c 6)" DBNAME=`echo $DOMNODOT|sed 's/-//g'` #install atomic wget -q -O - http://www.atomicorp.com/installers/atomic | sed -e '/check_input "Enable repo/d' -e 's/query=$INPUTTEXT/query="yes"/g'|NON_INT=1 sh sed -i 's/gpgcheck = 1/gpgcheck = 0/g' /etc/yum.repos.d/atomic.repo if [[ "`grep "release 7" /etc/redhat-release`" =~ "release 7" ]]; then yum -y --disablerepo=atomic install php-fpm php-xml php-ldap php-mcrypt php-pdo php-gd php-pear php-soap php-common php-cli php php-pgsql php-mysql php-devel php-odbc php-mbstring else yum -y install php-fpm php-xml php-ldap php-mcrypt php-pdo php-gd php-pear php-soap php-common php-cli php php-pgsql php-mysql php-devel php-odbc php-mbstring fi # todo install epel nicer? from their epel-release rpm? sed -i 's/enabled=1/enabled=0/' /etc/yum.repos.d/epel.repo #yum -y install php-mcrypt-5.3* --enablerepo=epel ### # Check httpd isn't going to mess stuff up ### service httpd stop chkconfig httpd off ### # Same with cherokee ### rpm -e --nodeps cherokee ### # misc atop vim screen install ### yum install atop vim-enhanced screen -y chkconfig atop on service atop start ### # Time to get memcached on ### yum install memcached -y service memcached start chkconfig memcached on ### # And then redis... ### yum -y install redis service redis start chkconfig redis on ### # Now for nginx ### echo " [nginx] name=nginx repo baseurl=http://nginx.org/packages/centos/\$releasever/\$basearch/ gpgcheck=0 enabled=1 " >> /etc/yum.repos.d/nginx.repo yum install nginx -y chkconfig nginx on ### # Install apc/memcache # Also zlib-devel for memcache ### yum install gcc make zlib-devel pcre-devel -y printf "\n" |pecl install apc # need to install memcache-beta to make sure its v3.0.6 for memcache printf "\n" |pecl install memcache-beta # redis module, just in case printf "\n" |pecl install redis echo " extension=memcache.so " > /etc/php.d/memcache.ini echo " extension=redis.so " >> /etc/php.d/redis.ini echo " extension=apc.so [APC] apc.enabled = 1 apc.shm_segments = 1 apc.shm_size = 256M apc.ttl = 7200 apc.user_ttl = 7200 apc.num_files_hint = 1024 apc.mmap_file_mask = /tmp/apc.XXXXXXX apc.enable_cli = 1 apc.cache_by_default = 1 apc.max_file_size = 10M apc.stat = 1 ### 1 for dev, 0 for production " > /etc/php.d/apc.ini ### # PHP tweaks ### sed -e "s_;date.timezone =_date.timezone = \"Europe/London\"_g" \ -e "s/memory_limit = 128M/memory_limit = 512M/" \ -e "s/max_execution_time = 30/max_execution_time = 600/" \ -e "s/session.save_handler = files/session.save_handler = memcache/" \ -e '/session.save_path = "\//c\session.save_path = "tcp:\/\/127.0.0.1:11211"' \ -e "s/short_open_tag = Off/short_open_tag = On/"\ /etc/php.ini > /etc/php.ini.new && mv -f /etc/php.ini.new /etc/php.ini ### # For testing purposes, installing mysql first # Believe UKFast image already has it ### #yum install mysql mysql-server -y #service mysqld start ### # Percona Swap-out ### yum -y remove mysql* yum -y install http://www.percona.com/downloads/percona-release/redhat/0.1-3/percona-release-0.1-3.noarch.rpm service mysqld stop rpm -e --nodeps mysql mysql-server cp -rp /var/lib/mysql /var/lib/mysql.copy rm -rf /var/lib/mysql yum install Percona-Server-client-56 Percona-Server-server-56 Percona-Server-shared-compat -y --enablerepo=percona-release-x86_64 service mysql start chkconfig mysql on mysql_upgrade service mysql stop sed -i 's/enabled = 1/enabled = 0/' /etc/yum.repos.d/percona-release.repo yum install crontabs sysstat -y service crond start chkconfig crond on service postfix start chkconfig postfix on ### # MySQL optimisations ### cat /dev/null > /etc/my.cnf echo " [mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock user=mysql # Start of Base Magento Optimisation skip-name-resolve innodb_file_per_table innodb_thread_concurrency = $THREADCON query_cache_size = 128M query_cache_limit = 8M thread_cache_size = 64 key_buffer_size = 512M max_allowed_packet = 64M table_open_cache = 512 sort_buffer_size = 4M read_buffer_size = 4M read_rnd_buffer_size = 2M myisam_sort_buffer_size = 64M max_heap_table_size = 128M tmp_table_size = 128M query_cache_type = 1 wait_timeout = 300 max_connections = 200 innodb_buffer_pool_size = $POOLSIZE # End of Base Magento Optimisation [mysqld_safe] log-error=/var/log/mysqld.log pid-file=/var/run/mysqld/mysqld.pid [client] socket=/var/lib/mysql/mysql.sock " >> /etc/my.cnf service mysql start ### # nginx shit ### cat /dev/null > /etc/nginx/nginx.conf echo " user nginx; worker_processes $NGINXWORKER; error_log /var/log/nginx/error.log; pid /var/run/nginx.pid; events { worker_connections 1024; multi_accept on; use epoll; } http { include /etc/nginx/mime.types; default_type application/octet-stream; server_tokens off; log_format main '\$remote_addr - \$remote_user [\$time_local] \"\$request \"' '\$status \$body_bytes_sent \"\$http_referer\" ' '\"\$http_user_agent\" \"\$http_x_forwarded_for\"' '[RT:\$request_time] [C:\$connection]'; access_log /var/log/nginx/access.log main buffer=32k flush=300; sendfile on; tcp_nopush on; tcp_nodelay on; autoindex off; map \$scheme \$fastcgi_https { ## Detect when HTTPS is used default off; https on; } # Dirty fix as some Magento scripts (admin) take up-to 10 minutes! fastcgi_read_timeout 600; fastcgi_send_timeout 600; #big header fixes proxy_buffers 8 16k; proxy_buffer_size 32k; fastcgi_buffers 16 16k; fastcgi_buffer_size 32k; client_body_buffer_size 16K; client_header_buffer_size 1k; client_max_body_size 15m; large_client_header_buffers 4 8k; keepalive_timeout 60; gzip on; gzip_comp_level 9; gzip_proxied any; gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript; gzip_min_length 20; open_file_cache max=10000 inactive=5m; open_file_cache_valid 2m; open_file_cache_min_uses 1; open_file_cache_errors on; # Load config files from the /etc/nginx/conf.d directory include /etc/nginx/conf.d/*.conf; } " >> /etc/nginx/nginx.conf ### # SSL Offloading fix ### echo " if (\$http_x_forwarded_proto = \"https\") { ## Safety net to catch SSL-Offloading set \$fastcgi_https \"on\"; } " >> /etc/nginx/ssl_offloading.inc ### # Adding first domain ### if [ "$SSL" = "no" ]; then echo " # Uncomment the server definition below should you wish to # redirect from $DOMAIN to www.$DOMAIN #server { # listen $IP; # server_name $DOMAIN; # #rewrite / \$scheme://www.\$host\$request_uri permanent; #} # # Change this backend name (and the socket pointer) # as additional virtual hosts are added. This should # point to the spawn-fcgi wrapper running as the # appropriate user. # upstream $BACKEND { server unix:/var/run/php-fcgi-$DOMNODOT.sock; } server { listen $IP:80; server_name $DOMAIN *.$DOMAIN; root /var/www/vhosts/$DOMAIN/htdocs; location / { index index.html index.php; try_files \$uri \$uri/ @handler; expires 30d; } location /app/ { deny all; } location /includes/ { deny all; } location /lib/ { deny all; } location /media/downloadable/ { deny all; } location /pkginfo/ { deny all; } location /report/config.xml { deny all; } location /var/ { deny all; } location /. { return 404; } location @handler { rewrite / /index.php; } location ~ .php/ { rewrite ^(.*.php)/ \$1 last; } include \"ssl_offloading.inc\"; location ~ .php$ { if (!-e \$request_filename) { rewrite / /index.php last; } expires off; fastcgi_pass $BACKEND; fastcgi_param HTTPS \$fastcgi_https; fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; # fastcgi_param MAGE_RUN_CODE default; # fastcgi_param MAGE_RUN_TYPE store; include fastcgi_params; } } " >> /etc/nginx/conf.d/$DOMAIN.conf else echo " # Uncomment the server definition below should you wish to # redirect from $DOMAIN to www.$DOMAIN #server { # listen $IP; # server_name $DOMAIN; # #rewrite / \$scheme://www.\$host\$request_uri permanent; #} # # Change this backend name (and the socket pointer) # as additional virtual hosts are added. This should # point to the spawn-fcgi wrapper running as the # appropriate user. # upstream $BACKEND { server unix:/var/run/php-fcgi-$DOMNODOT.sock; } server { listen $IP:80; listen $IP:443 ssl; server_name $DOMAIN *.$DOMAIN; root /var/www/vhosts/$DOMAIN/htdocs; ssl_certificate /etc/nginx/ssl/$DOMAIN.crt; ssl_certificate_key /etc/nginx/ssl/$DOMAIN.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers RC4-SHA:!HIGH:!ADH; location / { index index.html index.php; try_files \$uri \$uri/ @handler; expires 30d; } location /app/ { deny all; } location /includes/ { deny all; } location /lib/ { deny all; } location /media/downloadable/ { deny all; } location /pkginfo/ { deny all; } location /report/config.xml { deny all; } location /var/ { deny all; } location /. { return 404; } location @handler { rewrite / /index.php; } location ~ .php/ { rewrite ^(.*.php)/ \$1 last; } include \"ssl_offloading.inc\"; location ~ .php$ { if (!-e \$request_filename) { rewrite / /index.php last; } expires off; fastcgi_pass $BACKEND; fastcgi_param HTTPS \$fastcgi_https; fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; # fastcgi_param MAGE_RUN_CODE default; # fastcgi_param MAGE_RUN_TYPE store; include fastcgi_params; } } " >> /etc/nginx/conf.d/$DOMAIN.conf mkdir -p /etc/nginx/ssl #generate self signed for placeholder openssl genrsa 2048 > /etc/nginx/ssl/$DOMAIN.key openssl req -new -key /etc/nginx/ssl/$DOMAIN.key -x509 -days 365 -out /etc/nginx/ssl/$DOMAIN.crt -batch fi mkdir -p /var/www/vhosts/$DOMAIN/htdocs useradd -d /var/www/vhosts/$DOMAIN -s /sbin/nologin $USERNAME echo $USERPASS|passwd --stdin $USERNAME touch /var/www/vhosts/$DOMAIN/phpfpm-slow.log touch /var/www/vhosts/$DOMAIN/phpfpm-error.log chown -R $USERNAME:$USERNAME /var/www/vhosts/$DOMAIN ### # Clean up nginx ### rm -f /etc/nginx/conf.d/default.conf rm -f /etc/nginx/conf.d/example_ssl.conf ### # PHP time ### rm -f /etc/php-fpm.d/* chkconfig php-fpm on echo " [$DOMNODOT] listen = '/var/run/php-fcgi-$DOMNODOT.sock' ;listen.backlog = -1 listen.allowed_clients = 127.0.0.1 listen.owner = nginx listen.group = nginx ;listen.mode = 0666 user = $USERNAME group = $USERNAME pm = dynamic pm.max_children = 50 pm.start_servers = 5 pm.min_spare_servers = 5 pm.max_spare_servers = 20 pm.max_requests = 2000 ;pm.status_path = /status ;ping.path = /ping ;ping.response = pong ;request_terminate_timeout = 0 ;request_slowlog_timeout = 0 slowlog = /var/www/vhosts/$DOMAIN/phpfpm-slow.log ;rlimit_files = 1024 ;rlimit_core = 0 ;chroot = ;chdir = /var/www ;catch_workers_output = yes ;env[HOSTNAME] = \$HOSTNAME ;env[PATH] = /usr/local/bin:/usr/bin:/bin ;env[TMP] = /tmp ;env[TMPDIR] = /tmp ;env[TEMP] = /tmp php_admin_value[error_log] = /var/www/vhosts/$DOMAIN/phpfpm-error.log php_admin_flag[log_errors] = on " >> /etc/php-fpm.d/$DOMNODOT.conf # Segfault fix sed -i '/RETVAL=0/ i\export ZEND_DONT_UNLOAD_MODULES=1' /etc/init.d/php-fpm ### # Create a default DB ### echo "CREATE DATABASE $DBNAME;" | mysql echo "GRANT ALL PRIVILEGES ON $DBNAME.* TO '$MYSQL'@'localhost' IDENTIFIED BY '$MYSQLPASS';" | mysql echo "FLUSH PRIVILEGES;" | mysql ### # Set the root password for the database ### echo "SET PASSWORD FOR root@'localhost' = PASSWORD('$MYSQLROOTPASS');" | mysql echo "FLUSH PRIVILEGES;" | mysql #Set .my.cnf for default login touch /root/.my.cnf cat /dev/null > /root/.my.cnf echo " [client] host = localhost user = root password = $MYSQLROOTPASS " > /root/.my.cnf mysql_upgrade ### # FTP stuff ### yum install vsftpd -y chkconfig vsftpd on sed -i 's/#chroot_local_user=YES/chroot_local_user=YES/' /etc/vsftpd/vsftpd.conf sed -i 's/anonymous_enable=YES/anonymous_enable=NO/g' /etc/vsftpd/vsftpd.conf service vsftpd start #disable atomic sed -i 's/enabled = 1/enabled = 0/' /etc/yum.repos.d/atomic.repo ### # Start it all up ### service nginx start service php-fpm start echo " # $DOMAIN now set up # Their username is $USERNAME # Their password is $USERPASS # # Their database name is $DBNAME # Their DB username is $MYSQL # Their DB password is $MYSQLPASS # # Note: MySQL root password set to $MYSQLROOTPASS " >> /root/finished$DOMAIN cat /root/finished$DOMAIN echo "rm -f /root/finished$DOMAIN" | at now + 24 hours if [ "$SSL" = "yes" ] then echo " # Self signed SSL certificates generated in the following location: # /etc/nginx/ssl/$DOMNODOT.key # /etc/nginx/ssl/$DOMNODOT.crt # So don't forget to replace them with legit ones " >> /root/finished$DOMAIN fi #Delete self history -c rm -f $0
Magento 2 requires you to update PHP, change the Nginx Config File for it to work.