Magento 1 Initial Script

From Tech Wiki
Revision as of 10:44, 28 April 2016 by Adam.birds (talk | contribs) (Created page with "'''Here is the script to run for the Magento 1 Stack:''' <pre> #! /bin/bash #### ## INITIAL.SH #### # ToDo # tcp window size # cherokee and stuff # at job mail support...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Here is the script to run for the Magento 1 Stack:

#! /bin/bash
####
##   INITIAL.SH
####
# ToDo
#   tcp window size
# cherokee and stuff
#   at job mail support for tuning checkup
#   this stuff:
#       echo deadline > /sys/block/sda/queue/scheduler
#       echo noop > /sys/block/sda/queue/scheduler
#       cat /proc/sys/vm/swappiness
#       echo 0 > cat /proc/sys/vm/swappiness
#       sysctl -p
#   ktune
#   compcache
#   Dane tmpfs init
#   chef?!?
#   disable repos
#   gzip_vary on; https://developers.google.com/speed/docs/best-practices/caching?hl=sv#LeverageProxyCaching
#   sed '-' out of dbname
###

####                                                    ####
## Edit stuff below this point if you don't want defaults ##
####                                                    ####

#Write your own domain in, just leave out the www
#Can be left blank to use example.com as a standin
DOMAIN=""
#IP can be ext, int or write it in yourself
IP="ext"
#Change SSL to "yes" if you want the nginx SSL section including
SSL="yes"

####                                                        ####
## Don't edit stuff below here if you want the script to work ##
####                                                        ####

unset HISTFILE

###
# Quick bc install for some of the vars
###

yum install bc at -y
service atd start
chkconfig atd on

# Other utils that don't come as default
yum install tcpdump lsof wget telnet -y

####
# Also pwgen
####
yum install epel-release -y
yum install pwgen --enablerepo=epel -y

###
# Variables 'n' shit
###

if [ -z ${DOMAIN} ]
   then
        DOMAIN="example.com"
fi

if [ "$IP" = "int" ]
    then
# '-m1' to return first match only
        IP=`ip a|egrep -m1 '(172\.|192.168\.|10\.0\.)'|awk '{print $2}'|sed -e 's_/.*__'`
elif [ "$IP" = "ext" ]
    then
        IP=`curl -s icanhazip.com`
fi

ARCH=`arch`
THREADCON=$(echo 2*$(grep -c "processor" /proc/cpuinfo)+2|bc)
NGINXWORKER=$(grep -c "processor" /proc/cpuinfo)
POOLSIZE=$(echo $(echo $(grep MemTot /proc/meminfo |awk '{print $2}')/2|bc)k)
DOMNODOT=`echo $DOMAIN| sed 's/\.//g'`
BACKEND=$(echo $(echo $DOMNODOT)backend)
USERPASS=`pwgen -cn1`
MYSQL=`echo $DOMNODOT|sed -n 's/^\(......\).*/\1/p'`
MYSQL="${MYSQL}$(cat /dev/urandom | tr -dc '0-9a-zA-Z' | head -c 4)"
MYSQLPASS=`pwgen -cn1`
MYSQLROOTPASS=`pwgen -cn1`
USERNAME=$(echo $DOMNODOT|cut -c 1-15)
USERNAME="${USERNAME}$(cat /dev/urandom|tr -dc '0-9a-z'| head -c 6)"
DBNAME=`echo $DOMNODOT|sed 's/-//g'`

#install atomic
wget -q -O - http://www.atomicorp.com/installers/atomic | sed -e '/check_input "Enable repo/d' -e 's/query=$INPUTTEXT/query="yes"/g'|NON_INT=1 sh
sed -i 's/gpgcheck = 1/gpgcheck = 0/g' /etc/yum.repos.d/atomic.repo

if [[ "`grep "release 7" /etc/redhat-release`" =~ "release 7" ]]; then
	yum -y --disablerepo=atomic install php-fpm php-xml php-ldap php-mcrypt php-pdo php-gd php-pear php-soap php-common php-cli php php-pgsql php-mysql php-devel php-odbc php-mbstring
else
        yum -y install php-fpm php-xml php-ldap php-mcrypt php-pdo php-gd php-pear php-soap php-common php-cli php php-pgsql php-mysql php-devel php-odbc php-mbstring
fi


# todo install epel nicer? from their epel-release rpm?
sed -i 's/enabled=1/enabled=0/' /etc/yum.repos.d/epel.repo

#yum -y install php-mcrypt-5.3* --enablerepo=epel


###
# Check httpd isn't going to mess stuff up
###

service httpd stop
chkconfig httpd off

###
# Same with cherokee
###

rpm -e --nodeps cherokee

###
# misc atop vim screen install
###

yum install atop vim-enhanced screen -y
chkconfig atop on
service atop start

###
# Time to get memcached on
###
yum install memcached -y
service memcached start
chkconfig memcached on

###
# And then redis...
###
yum -y install redis
service redis start
chkconfig redis on

###
# Now for nginx
###

echo "
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/\$releasever/\$basearch/
gpgcheck=0
enabled=1
" >> /etc/yum.repos.d/nginx.repo
yum install nginx -y
chkconfig nginx on

###
# Install apc/memcache
# Also zlib-devel for memcache
###

yum install gcc make zlib-devel pcre-devel -y
printf "\n" |pecl install apc
# need to install memcache-beta to make sure its v3.0.6 for memcache
printf "\n" |pecl install memcache-beta
# redis module, just in case
printf "\n" |pecl install redis

echo "
extension=memcache.so
" > /etc/php.d/memcache.ini

echo "
extension=redis.so
" >> /etc/php.d/redis.ini

echo "
extension=apc.so
[APC]
apc.enabled          = 1
apc.shm_segments     = 1
apc.shm_size         = 256M
apc.ttl              = 7200
apc.user_ttl         = 7200
apc.num_files_hint   = 1024
apc.mmap_file_mask   = /tmp/apc.XXXXXXX
apc.enable_cli       = 1
apc.cache_by_default = 1
apc.max_file_size    = 10M
apc.stat             = 1  ### 1 for dev, 0 for production
" > /etc/php.d/apc.ini

###
# PHP tweaks
###

sed -e "s_;date.timezone =_date.timezone = \"Europe/London\"_g" \
-e "s/memory_limit = 128M/memory_limit = 512M/" \
-e "s/max_execution_time = 30/max_execution_time = 600/" \
-e "s/session.save_handler = files/session.save_handler = memcache/" \
-e '/session.save_path = "\//c\session.save_path = "tcp:\/\/127.0.0.1:11211"'  \
-e "s/short_open_tag = Off/short_open_tag = On/"\
 /etc/php.ini  > /etc/php.ini.new && mv -f /etc/php.ini.new /etc/php.ini

###
# For testing purposes, installing mysql first
# Believe UKFast image already has it
###

#yum install mysql mysql-server -y
#service mysqld start

###
# Percona Swap-out
###
 
yum -y remove mysql*
 
yum -y install http://www.percona.com/downloads/percona-release/redhat/0.1-3/percona-release-0.1-3.noarch.rpm
service mysqld stop
rpm -e --nodeps mysql mysql-server
cp -rp /var/lib/mysql /var/lib/mysql.copy
rm -rf /var/lib/mysql
yum install Percona-Server-client-56 Percona-Server-server-56 Percona-Server-shared-compat -y --enablerepo=percona-release-x86_64
service mysql start
chkconfig mysql on
mysql_upgrade
service mysql stop
 
sed -i 's/enabled = 1/enabled = 0/' /etc/yum.repos.d/percona-release.repo
yum install crontabs sysstat -y
service crond start
chkconfig crond on
service postfix start
chkconfig postfix on

###
# MySQL optimisations
###

cat /dev/null > /etc/my.cnf

echo "
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql

# Start of Base Magento Optimisation
skip-name-resolve 
innodb_file_per_table
innodb_thread_concurrency = $THREADCON
query_cache_size = 128M
query_cache_limit = 8M
thread_cache_size = 64
key_buffer_size = 512M
max_allowed_packet = 64M
table_open_cache = 512
sort_buffer_size = 4M
read_buffer_size = 4M
read_rnd_buffer_size = 2M
myisam_sort_buffer_size = 64M
max_heap_table_size = 128M
tmp_table_size = 128M
query_cache_type = 1
wait_timeout = 300
max_connections = 200
innodb_buffer_pool_size = $POOLSIZE
# End of Base Magento Optimisation

[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

[client]
socket=/var/lib/mysql/mysql.sock
" >> /etc/my.cnf

service mysql start

###
# nginx shit
###

cat /dev/null > /etc/nginx/nginx.conf

echo "
user              nginx;
worker_processes  $NGINXWORKER;
error_log         /var/log/nginx/error.log;
pid               /var/run/nginx.pid;

events {
    worker_connections  1024;
    multi_accept        on;
    use                 epoll;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    server_tokens off;

    log_format  main  '\$remote_addr - \$remote_user [\$time_local] \"\$request \"'
                      '\$status \$body_bytes_sent \"\$http_referer\" '
                      '\"\$http_user_agent\" \"\$http_x_forwarded_for\"'
                      '[RT:\$request_time] [C:\$connection]';
    access_log  /var/log/nginx/access.log main buffer=32k flush=300;

    sendfile        on;
    tcp_nopush      on;
    tcp_nodelay     on;
    autoindex off;
    map \$scheme \$fastcgi_https { ## Detect when HTTPS is used
        default off;
        https on;
    }

    # Dirty fix as some Magento scripts (admin) take up-to 10 minutes!
    fastcgi_read_timeout 600;
    fastcgi_send_timeout 600;

    #big header fixes
    proxy_buffers 8 16k;
    proxy_buffer_size 32k;
    fastcgi_buffers 16 16k;
    fastcgi_buffer_size 32k;

    client_body_buffer_size 16K;
    client_header_buffer_size 1k;
    client_max_body_size 15m;
    large_client_header_buffers 4 8k;

    keepalive_timeout  60;

    gzip  on;
    gzip_comp_level 9;
    gzip_proxied any;
    gzip_types      text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;
    gzip_min_length 20;
    
    open_file_cache          max=10000 inactive=5m;
    open_file_cache_valid    2m;
    open_file_cache_min_uses 1;
    open_file_cache_errors   on;

    # Load config files from the /etc/nginx/conf.d directory
    include /etc/nginx/conf.d/*.conf;
}
" >> /etc/nginx/nginx.conf

###
# SSL Offloading fix
###

echo "
if (\$http_x_forwarded_proto = \"https\") { ## Safety net to catch SSL-Offloading
    set \$fastcgi_https \"on\";
}
" >> /etc/nginx/ssl_offloading.inc


###
# Adding first domain
###
if [ "$SSL" = "no" ]; then
	echo "
	# Uncomment the server definition below should you wish to
	# redirect from $DOMAIN to www.$DOMAIN
	#server {
	#    listen $IP;
	#    server_name $DOMAIN;
	#    #rewrite / \$scheme://www.\$host\$request_uri permanent;
	#}

	#
	# Change this backend name (and the socket pointer)
	# as additional virtual hosts are added. This should
	# point to the spawn-fcgi wrapper running as the
	# appropriate user.
	#
	upstream $BACKEND {
		server unix:/var/run/php-fcgi-$DOMNODOT.sock;
	}

	server {
	    listen $IP:80;
	    server_name $DOMAIN *.$DOMAIN;
	    root /var/www/vhosts/$DOMAIN/htdocs;

	    location / {
		index index.html index.php;
		try_files \$uri \$uri/ @handler;
		expires 30d;
	    }

	    location /app/                { deny all; }
	    location /includes/           { deny all; }
	    location /lib/                { deny all; }
	    location /media/downloadable/ { deny all; }
	    location /pkginfo/            { deny all; }
	    location /report/config.xml   { deny all; }
	    location /var/                { deny all; }

	    location  /. {
		return 404;
	    }

	    location @handler {
		rewrite / /index.php;
	    }

	    location ~ .php/ {
		rewrite ^(.*.php)/ \$1 last;
	    }

	    include \"ssl_offloading.inc\";
	    location ~ .php$ {
		if (!-e \$request_filename) { rewrite / /index.php last; }

		expires        off;
		fastcgi_pass   $BACKEND;
		fastcgi_param  HTTPS \$fastcgi_https;
		fastcgi_param  SCRIPT_FILENAME  \$document_root\$fastcgi_script_name;
	#       fastcgi_param  MAGE_RUN_CODE default;
	#       fastcgi_param  MAGE_RUN_TYPE store;
		include        fastcgi_params;
	    }
	}
	" >> /etc/nginx/conf.d/$DOMAIN.conf
else
	echo "
	# Uncomment the server definition below should you wish to
	# redirect from $DOMAIN to www.$DOMAIN
	#server {
	#    listen $IP;
	#    server_name $DOMAIN;
	#    #rewrite / \$scheme://www.\$host\$request_uri permanent;
	#}

	#
	# Change this backend name (and the socket pointer)
	# as additional virtual hosts are added. This should
	# point to the spawn-fcgi wrapper running as the
	# appropriate user.
	#
	upstream $BACKEND {
		server unix:/var/run/php-fcgi-$DOMNODOT.sock;
	}

	server {
	    listen $IP:80;
	    listen $IP:443 ssl;
	    server_name $DOMAIN *.$DOMAIN;
	    root /var/www/vhosts/$DOMAIN/htdocs;

            ssl_certificate      /etc/nginx/ssl/$DOMAIN.crt;
            ssl_certificate_key  /etc/nginx/ssl/$DOMAIN.key;
            ssl_protocols        TLSv1 TLSv1.1 TLSv1.2;
            ssl_ciphers          RC4-SHA:!HIGH:!ADH;

	    location / {
		index index.html index.php;
		try_files \$uri \$uri/ @handler;
		expires 30d;
	    }

	    location /app/                { deny all; }
	    location /includes/           { deny all; }
	    location /lib/                { deny all; }
	    location /media/downloadable/ { deny all; }
	    location /pkginfo/            { deny all; }
	    location /report/config.xml   { deny all; }
	    location /var/                { deny all; }

	    location  /. {
		return 404;
	    }

	    location @handler {
		rewrite / /index.php;
	    }

	    location ~ .php/ {
		rewrite ^(.*.php)/ \$1 last;
	    }

	    include \"ssl_offloading.inc\";
	    location ~ .php$ {
		if (!-e \$request_filename) { rewrite / /index.php last; }

		expires        off;
		fastcgi_pass   $BACKEND;
		fastcgi_param  HTTPS \$fastcgi_https;
		fastcgi_param  SCRIPT_FILENAME  \$document_root\$fastcgi_script_name;
	#       fastcgi_param  MAGE_RUN_CODE default;
	#       fastcgi_param  MAGE_RUN_TYPE store;
		include        fastcgi_params;
	    }
	}
	" >> /etc/nginx/conf.d/$DOMAIN.conf

        mkdir -p /etc/nginx/ssl

        #generate self signed for placeholder
        openssl genrsa 2048 > /etc/nginx/ssl/$DOMAIN.key
        openssl req -new -key /etc/nginx/ssl/$DOMAIN.key -x509 -days 365 -out /etc/nginx/ssl/$DOMAIN.crt -batch
fi

mkdir -p /var/www/vhosts/$DOMAIN/htdocs
useradd -d /var/www/vhosts/$DOMAIN -s /sbin/nologin $USERNAME
echo $USERPASS|passwd --stdin $USERNAME
touch /var/www/vhosts/$DOMAIN/phpfpm-slow.log
touch /var/www/vhosts/$DOMAIN/phpfpm-error.log
chown -R $USERNAME:$USERNAME /var/www/vhosts/$DOMAIN

###
# Clean up nginx
###

rm -f /etc/nginx/conf.d/default.conf
rm -f /etc/nginx/conf.d/example_ssl.conf

###
# PHP time
###

rm -f /etc/php-fpm.d/*
chkconfig php-fpm on

echo "
[$DOMNODOT]

listen = '/var/run/php-fcgi-$DOMNODOT.sock'
;listen.backlog = -1
listen.allowed_clients = 127.0.0.1
listen.owner = nginx
listen.group = nginx
;listen.mode = 0666

user = $USERNAME
group = $USERNAME

pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 20
pm.max_requests = 2000
;pm.status_path = /status

;ping.path = /ping
;ping.response = pong

;request_terminate_timeout = 0
;request_slowlog_timeout = 0
slowlog = /var/www/vhosts/$DOMAIN/phpfpm-slow.log

;rlimit_files = 1024
;rlimit_core = 0

;chroot =

;chdir = /var/www

;catch_workers_output = yes

;env[HOSTNAME] = \$HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp

php_admin_value[error_log] =  /var/www/vhosts/$DOMAIN/phpfpm-error.log
php_admin_flag[log_errors] = on
" >> /etc/php-fpm.d/$DOMNODOT.conf

# Segfault fix
sed -i '/RETVAL=0/ i\export ZEND_DONT_UNLOAD_MODULES=1' /etc/init.d/php-fpm

###
# Create a default DB
###

echo "CREATE DATABASE $DBNAME;" | mysql
echo "GRANT ALL PRIVILEGES ON $DBNAME.* TO '$MYSQL'@'localhost' IDENTIFIED BY '$MYSQLPASS';" | mysql
echo "FLUSH PRIVILEGES;" | mysql

###
# Set the root password for the database
###

echo "SET PASSWORD FOR root@'localhost' = PASSWORD('$MYSQLROOTPASS');" | mysql
echo "FLUSH PRIVILEGES;" | mysql

#Set .my.cnf for default login

touch /root/.my.cnf
cat /dev/null > /root/.my.cnf
echo "
[client]
host = localhost
user = root
password = $MYSQLROOTPASS
" > /root/.my.cnf
mysql_upgrade

###
# FTP stuff
###

yum install vsftpd -y
chkconfig vsftpd on
sed -i 's/#chroot_local_user=YES/chroot_local_user=YES/' /etc/vsftpd/vsftpd.conf
sed -i 's/anonymous_enable=YES/anonymous_enable=NO/g' /etc/vsftpd/vsftpd.conf
service vsftpd start

#disable atomic
sed -i 's/enabled = 1/enabled = 0/' /etc/yum.repos.d/atomic.repo

###
# Start it all up
###

service nginx start
service php-fpm start

echo "
#  $DOMAIN now set up
#  Their username is $USERNAME
#  Their password is $USERPASS
#
#  Their database name is $DBNAME
#  Their DB username is $MYSQL
#  Their DB password is $MYSQLPASS
#
#  Note: MySQL root password set to $MYSQLROOTPASS
" >> /root/finished$DOMAIN

cat /root/finished$DOMAIN
echo "rm -f /root/finished$DOMAIN" | at now + 24 hours

if [ "$SSL" = "yes" ]
    then
        echo "
        # Self signed SSL certificates generated in the following location:
        # /etc/nginx/ssl/$DOMNODOT.key
        # /etc/nginx/ssl/$DOMNODOT.crt
        # So don't forget to replace them with legit ones
        " >> /root/finished$DOMAIN
fi

#Delete self
history -c
rm -f $0

Magento 2 requires you to update PHP, change the Nginx Config File for it to work.