Adam.birds: Created page with "'''Here is the script to run for the Magento 1 Stack:'''

 #! /bin/bash #### ##   INITIAL.SH #### # ToDo #   tcp window size # cherokee and stuff #   at job mail support..."

2016-04-28T10:44:39Z

Created page with "'''Here is the script to run for the Magento 1 Stack:''' <pre> #! /bin/bash #### ## INITIAL.SH #### # ToDo # tcp window size # cherokee and stuff # at job mail support..."

New page

'''Here is the script to run for the Magento 1 Stack:'''

<pre>
#! /bin/bash
####
## INITIAL.SH
####
# ToDo
# tcp window size
# cherokee and stuff
# at job mail support for tuning checkup
# this stuff:
# echo deadline > /sys/block/sda/queue/scheduler
# echo noop > /sys/block/sda/queue/scheduler
# cat /proc/sys/vm/swappiness
# echo 0 > cat /proc/sys/vm/swappiness
# sysctl -p
# ktune
# compcache
# Dane tmpfs init
# chef?!?
# disable repos
# gzip_vary on; https://developers.google.com/speed/docs/best-practices/caching?hl=sv#LeverageProxyCaching
# sed '-' out of dbname
###

#### ####
## Edit stuff below this point if you don't want defaults ##
#### ####

#Write your own domain in, just leave out the www
#Can be left blank to use example.com as a standin
DOMAIN=""
#IP can be ext, int or write it in yourself
IP="ext"
#Change SSL to "yes" if you want the nginx SSL section including
SSL="yes"

#### ####
## Don't edit stuff below here if you want the script to work ##
#### ####

unset HISTFILE

###
# Quick bc install for some of the vars
###

yum install bc at -y
service atd start
chkconfig atd on

# Other utils that don't come as default
yum install tcpdump lsof wget telnet -y

####
# Also pwgen
####
yum install epel-release -y
yum install pwgen --enablerepo=epel -y

###
# Variables 'n' shit
###

if [ -z ${DOMAIN} ]
then
DOMAIN="example.com"
fi

if [ "$IP" = "int" ]
then
# '-m1' to return first match only
IP=`ip a|egrep -m1 '(172\.|192.168\.|10\.0\.)'|awk '{print $2}'|sed -e 's_/.*__'`
elif [ "$IP" = "ext" ]
then
IP=`curl -s icanhazip.com`
fi

ARCH=`arch`
THREADCON=$(echo 2*$(grep -c "processor" /proc/cpuinfo)+2|bc)
NGINXWORKER=$(grep -c "processor" /proc/cpuinfo)
POOLSIZE=$(echo $(echo $(grep MemTot /proc/meminfo |awk '{print $2}')/2|bc)k)
DOMNODOT=`echo $DOMAIN| sed 's/\.//g'`
BACKEND=$(echo $(echo $DOMNODOT)backend)
USERPASS=`pwgen -cn1`
MYSQL=`echo $DOMNODOT|sed -n 's/^$......$.*/\1/p'`
MYSQL="${MYSQL}$(cat /dev/urandom | tr -dc '0-9a-zA-Z' | head -c 4)"
MYSQLPASS=`pwgen -cn1`
MYSQLROOTPASS=`pwgen -cn1`
USERNAME=$(echo $DOMNODOT|cut -c 1-15)
USERNAME="${USERNAME}$(cat /dev/urandom|tr -dc '0-9a-z'| head -c 6)"
DBNAME=`echo $DOMNODOT|sed 's/-//g'`

#install atomic
wget -q -O - http://www.atomicorp.com/installers/atomic | sed -e '/check_input "Enable repo/d' -e 's/query=$INPUTTEXT/query="yes"/g'|NON_INT=1 sh
sed -i 's/gpgcheck = 1/gpgcheck = 0/g' /etc/yum.repos.d/atomic.repo

if [[ "`grep "release 7" /etc/redhat-release`" =~ "release 7" ]]; then
yum -y --disablerepo=atomic install php-fpm php-xml php-ldap php-mcrypt php-pdo php-gd php-pear php-soap php-common php-cli php php-pgsql php-mysql php-devel php-odbc php-mbstring
else
yum -y install php-fpm php-xml php-ldap php-mcrypt php-pdo php-gd php-pear php-soap php-common php-cli php php-pgsql php-mysql php-devel php-odbc php-mbstring
fi

# todo install epel nicer? from their epel-release rpm?
sed -i 's/enabled=1/enabled=0/' /etc/yum.repos.d/epel.repo

#yum -y install php-mcrypt-5.3* --enablerepo=epel

###
# Check httpd isn't going to mess stuff up
###

service httpd stop
chkconfig httpd off

###
# Same with cherokee
###

rpm -e --nodeps cherokee

###
# misc atop vim screen install
###

yum install atop vim-enhanced screen -y
chkconfig atop on
service atop start

###
# Time to get memcached on
###
yum install memcached -y
service memcached start
chkconfig memcached on

###
# And then redis...
###
yum -y install redis
service redis start
chkconfig redis on

###
# Now for nginx
###

echo "
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/\$releasever/\$basearch/
gpgcheck=0
enabled=1
" >> /etc/yum.repos.d/nginx.repo
yum install nginx -y
chkconfig nginx on

###
# Install apc/memcache
# Also zlib-devel for memcache
###

yum install gcc make zlib-devel pcre-devel -y
printf "\n" |pecl install apc
# need to install memcache-beta to make sure its v3.0.6 for memcache
printf "\n" |pecl install memcache-beta
# redis module, just in case
printf "\n" |pecl install redis

echo "
extension=memcache.so
" > /etc/php.d/memcache.ini

echo "
extension=redis.so
" >> /etc/php.d/redis.ini

echo "
extension=apc.so
[APC]
apc.enabled = 1
apc.shm_segments = 1
apc.shm_size = 256M
apc.ttl = 7200
apc.user_ttl = 7200
apc.num_files_hint = 1024
apc.mmap_file_mask = /tmp/apc.XXXXXXX
apc.enable_cli = 1
apc.cache_by_default = 1
apc.max_file_size = 10M
apc.stat = 1 ### 1 for dev, 0 for production
" > /etc/php.d/apc.ini

###
# PHP tweaks
###

sed -e "s_;date.timezone =_date.timezone = \"Europe/London\"_g" \
-e "s/memory_limit = 128M/memory_limit = 512M/" \
-e "s/max_execution_time = 30/max_execution_time = 600/" \
-e "s/session.save_handler = files/session.save_handler = memcache/" \
-e '/session.save_path = "\//c\session.save_path = "tcp:\/\/127.0.0.1:11211"' \
-e "s/short_open_tag = Off/short_open_tag = On/"\
/etc/php.ini > /etc/php.ini.new && mv -f /etc/php.ini.new /etc/php.ini

###
# For testing purposes, installing mysql first
# Believe UKFast image already has it
###

#yum install mysql mysql-server -y
#service mysqld start

###
# Percona Swap-out
###

yum -y remove mysql*

yum -y install http://www.percona.com/downloads/percona-release/redhat/0.1-3/percona-release-0.1-3.noarch.rpm
service mysqld stop
rpm -e --nodeps mysql mysql-server
cp -rp /var/lib/mysql /var/lib/mysql.copy
rm -rf /var/lib/mysql
yum install Percona-Server-client-56 Percona-Server-server-56 Percona-Server-shared-compat -y --enablerepo=percona-release-x86_64
service mysql start
chkconfig mysql on
mysql_upgrade
service mysql stop

sed -i 's/enabled = 1/enabled = 0/' /etc/yum.repos.d/percona-release.repo
yum install crontabs sysstat -y
service crond start
chkconfig crond on
service postfix start
chkconfig postfix on

###
# MySQL optimisations
###

cat /dev/null > /etc/my.cnf

echo "
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql

# Start of Base Magento Optimisation
skip-name-resolve
innodb_file_per_table
innodb_thread_concurrency = $THREADCON
query_cache_size = 128M
query_cache_limit = 8M
thread_cache_size = 64
key_buffer_size = 512M
max_allowed_packet = 64M
table_open_cache = 512
sort_buffer_size = 4M
read_buffer_size = 4M
read_rnd_buffer_size = 2M
myisam_sort_buffer_size = 64M
max_heap_table_size = 128M
tmp_table_size = 128M
query_cache_type = 1
wait_timeout = 300
max_connections = 200
innodb_buffer_pool_size = $POOLSIZE
# End of Base Magento Optimisation

[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

[client]
socket=/var/lib/mysql/mysql.sock
" >> /etc/my.cnf

service mysql start

###
# nginx shit
###

cat /dev/null > /etc/nginx/nginx.conf

echo "
user nginx;
worker_processes $NGINXWORKER;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

events {
worker_connections 1024;
multi_accept on;
use epoll;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
server_tokens off;

log_format main '\$remote_addr - \$remote_user [\$time_local] \"\$request \"'
'\$status \$body_bytes_sent \"\$http_referer\" '
'\"\$http_user_agent\" \"\$http_x_forwarded_for\"'
'[RT:\$request_time] [C:\$connection]';
access_log /var/log/nginx/access.log main buffer=32k flush=300;

sendfile on;
tcp_nopush on;
tcp_nodelay on;
autoindex off;
map \$scheme \$fastcgi_https { ## Detect when HTTPS is used
default off;
https on;
}

# Dirty fix as some Magento scripts (admin) take up-to 10 minutes!
fastcgi_read_timeout 600;
fastcgi_send_timeout 600;

#big header fixes
proxy_buffers 8 16k;
proxy_buffer_size 32k;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;

client_body_buffer_size 16K;
client_header_buffer_size 1k;
client_max_body_size 15m;
large_client_header_buffers 4 8k;

keepalive_timeout 60;

gzip on;
gzip_comp_level 9;
gzip_proxied any;
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;
gzip_min_length 20;

open_file_cache max=10000 inactive=5m;
open_file_cache_valid 2m;
open_file_cache_min_uses 1;
open_file_cache_errors on;

# Load config files from the /etc/nginx/conf.d directory
include /etc/nginx/conf.d/*.conf;
}
" >> /etc/nginx/nginx.conf

###
# SSL Offloading fix
###

echo "
if (\$http_x_forwarded_proto = \"https\") { ## Safety net to catch SSL-Offloading
set \$fastcgi_https \"on\";
}
" >> /etc/nginx/ssl_offloading.inc

###
# Adding first domain
###
if [ "$SSL" = "no" ]; then
echo "
# Uncomment the server definition below should you wish to
# redirect from $DOMAIN to www.$DOMAIN
#server {
# listen $IP;
# server_name $DOMAIN;
# #rewrite / \$scheme://www.\$host\$request_uri permanent;
#}

#
# Change this backend name (and the socket pointer)
# as additional virtual hosts are added. This should
# point to the spawn-fcgi wrapper running as the
# appropriate user.
#
upstream $BACKEND {
server unix:/var/run/php-fcgi-$DOMNODOT.sock;
}

server {
listen $IP:80;
server_name $DOMAIN *.$DOMAIN;
root /var/www/vhosts/$DOMAIN/htdocs;

location / {
index index.html index.php;
try_files \$uri \$uri/ @handler;
expires 30d;
}

location /app/ { deny all; }
location /includes/ { deny all; }
location /lib/ { deny all; }
location /media/downloadable/ { deny all; }
location /pkginfo/ { deny all; }
location /report/config.xml { deny all; }
location /var/ { deny all; }

location /. {
return 404;
}

location @handler {
rewrite / /index.php;
}

location ~ .php/ {
rewrite ^(.*.php)/ \$1 last;
}

include \"ssl_offloading.inc\";
location ~ .php$ {
if (!-e \$request_filename) { rewrite / /index.php last; }

expires off;
fastcgi_pass $BACKEND;
fastcgi_param HTTPS \$fastcgi_https;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
# fastcgi_param MAGE_RUN_CODE default;
# fastcgi_param MAGE_RUN_TYPE store;
include fastcgi_params;
}
}
" >> /etc/nginx/conf.d/$DOMAIN.conf
else
echo "
# Uncomment the server definition below should you wish to
# redirect from $DOMAIN to www.$DOMAIN
#server {
# listen $IP;
# server_name $DOMAIN;
# #rewrite / \$scheme://www.\$host\$request_uri permanent;
#}

#
# Change this backend name (and the socket pointer)
# as additional virtual hosts are added. This should
# point to the spawn-fcgi wrapper running as the
# appropriate user.
#
upstream $BACKEND {
server unix:/var/run/php-fcgi-$DOMNODOT.sock;
}

server {
listen $IP:80;
listen $IP:443 ssl;
server_name $DOMAIN *.$DOMAIN;
root /var/www/vhosts/$DOMAIN/htdocs;

ssl_certificate /etc/nginx/ssl/$DOMAIN.crt;
ssl_certificate_key /etc/nginx/ssl/$DOMAIN.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers RC4-SHA:!HIGH:!ADH;

location / {
index index.html index.php;
try_files \$uri \$uri/ @handler;
expires 30d;
}

location /app/ { deny all; }
location /includes/ { deny all; }
location /lib/ { deny all; }
location /media/downloadable/ { deny all; }
location /pkginfo/ { deny all; }
location /report/config.xml { deny all; }
location /var/ { deny all; }

location /. {
return 404;
}

location @handler {
rewrite / /index.php;
}

location ~ .php/ {
rewrite ^(.*.php)/ \$1 last;
}

include \"ssl_offloading.inc\";
location ~ .php$ {
if (!-e \$request_filename) { rewrite / /index.php last; }

expires off;
fastcgi_pass $BACKEND;
fastcgi_param HTTPS \$fastcgi_https;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
# fastcgi_param MAGE_RUN_CODE default;
# fastcgi_param MAGE_RUN_TYPE store;
include fastcgi_params;
}
}
" >> /etc/nginx/conf.d/$DOMAIN.conf

mkdir -p /etc/nginx/ssl

#generate self signed for placeholder
openssl genrsa 2048 > /etc/nginx/ssl/$DOMAIN.key
openssl req -new -key /etc/nginx/ssl/$DOMAIN.key -x509 -days 365 -out /etc/nginx/ssl/$DOMAIN.crt -batch
fi

mkdir -p /var/www/vhosts/$DOMAIN/htdocs
useradd -d /var/www/vhosts/$DOMAIN -s /sbin/nologin $USERNAME
echo $USERPASS|passwd --stdin $USERNAME
touch /var/www/vhosts/$DOMAIN/phpfpm-slow.log
touch /var/www/vhosts/$DOMAIN/phpfpm-error.log
chown -R $USERNAME:$USERNAME /var/www/vhosts/$DOMAIN

###
# Clean up nginx
###

rm -f /etc/nginx/conf.d/default.conf
rm -f /etc/nginx/conf.d/example_ssl.conf

###
# PHP time
###

rm -f /etc/php-fpm.d/*
chkconfig php-fpm on

echo "
[$DOMNODOT]

listen = '/var/run/php-fcgi-$DOMNODOT.sock'
;listen.backlog = -1
listen.allowed_clients = 127.0.0.1
listen.owner = nginx
listen.group = nginx
;listen.mode = 0666

user = $USERNAME
group = $USERNAME

pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 20
pm.max_requests = 2000
;pm.status_path = /status

;ping.path = /ping
;ping.response = pong

;request_terminate_timeout = 0
;request_slowlog_timeout = 0
slowlog = /var/www/vhosts/$DOMAIN/phpfpm-slow.log

;rlimit_files = 1024
;rlimit_core = 0

;chroot =

;chdir = /var/www

;catch_workers_output = yes

;env[HOSTNAME] = \$HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp

php_admin_value[error_log] = /var/www/vhosts/$DOMAIN/phpfpm-error.log
php_admin_flag[log_errors] = on
" >> /etc/php-fpm.d/$DOMNODOT.conf

# Segfault fix
sed -i '/RETVAL=0/ i\export ZEND_DONT_UNLOAD_MODULES=1' /etc/init.d/php-fpm

###
# Create a default DB
###

echo "CREATE DATABASE $DBNAME;" | mysql
echo "GRANT ALL PRIVILEGES ON $DBNAME.* TO '$MYSQL'@'localhost' IDENTIFIED BY '$MYSQLPASS';" | mysql
echo "FLUSH PRIVILEGES;" | mysql

###
# Set the root password for the database
###

echo "SET PASSWORD FOR root@'localhost' = PASSWORD('$MYSQLROOTPASS');" | mysql
echo "FLUSH PRIVILEGES;" | mysql

#Set .my.cnf for default login

touch /root/.my.cnf
cat /dev/null > /root/.my.cnf
echo "
[client]
host = localhost
user = root
password = $MYSQLROOTPASS
" > /root/.my.cnf
mysql_upgrade

###
# FTP stuff
###

yum install vsftpd -y
chkconfig vsftpd on
sed -i 's/#chroot_local_user=YES/chroot_local_user=YES/' /etc/vsftpd/vsftpd.conf
sed -i 's/anonymous_enable=YES/anonymous_enable=NO/g' /etc/vsftpd/vsftpd.conf
service vsftpd start

#disable atomic
sed -i 's/enabled = 1/enabled = 0/' /etc/yum.repos.d/atomic.repo

###
# Start it all up
###

service nginx start
service php-fpm start

echo "
# $DOMAIN now set up
# Their username is $USERNAME
# Their password is $USERPASS
#
# Their database name is $DBNAME
# Their DB username is $MYSQL
# Their DB password is $MYSQLPASS
#
# Note: MySQL root password set to $MYSQLROOTPASS
" >> /root/finished$DOMAIN

cat /root/finished$DOMAIN
echo "rm -f /root/finished$DOMAIN" | at now + 24 hours

if [ "$SSL" = "yes" ]
then
echo "
# Self signed SSL certificates generated in the following location:
# /etc/nginx/ssl/$DOMNODOT.key
# /etc/nginx/ssl/$DOMNODOT.crt
# So don't forget to replace them with legit ones
" >> /root/finished$DOMAIN
fi

#Delete self
history -c
rm -f $0
</pre>

'''Magento 2 requires you to update PHP, change the Nginx Config File for it to work.'''

[[Category:Magento]]
[[Category:Nginx]]
[[Category:PHP]]
[[Category:Bash Scripts]]
[[Category:Scripts]]
[[Category:Linux]]
[[Category:Contents]]

Magento 1 Initial Script - Revision history

Adam.birds: Created page with "'''Here is the script to run for the Magento 1 Stack:'''
#! /bin/bash #### ## INITIAL.SH #### # ToDo # tcp window size # cherokee and stuff # at job mail support..."