Removed Note tech/set up debian droplet basics + nginx.txt

1 files changed, 0 insertions, 248 deletions

diff --git a/tech/set up debian droplet basics + nginx.txt b/tech/set up debian droplet basics + nginx.txt
deleted file mode 100644
index 727a90f..0000000
--- a/tech/set up debian droplet basics + nginx.txt
+++ /dev/null
@@ -1,248 +0,0 @@
-Set Up Debian Droplet - Basics + Nginx
-
-[refernces:
-<http://www.howtoforge.com/building-nginx-from-source-on-debian-squeeze>
-<http://www.rosehosting.com/blog/how-to-compile-and-install-nginx-from-source-in-debian-7-wheezy/>
-<https://www.digitalocean.com/community/articles/how-to-setup-a-firewall-with-ufw-on-an-ubuntu-and-debian-cloud-server>
-<https://www.digitalocean.com/community/articles/initial-server-setup-with-debian-7>
-<https://www.digitalocean.com/community/articles/how-to-protect-ssh-with-fail2ban-on-debian-7>]
-
-First login as root and set new root password:
-
-    passwd
-
-Then create new user:
-
-    adduser whatever
-
-Then add user to suders list:
-
-    visudo
-    whatever    ALL=(ALL:ALL) ALL
-    
-test by sshing as new user.
-
-vultr specific:
-
-sudo vi /etc/hosts
-sudo vi /etc/hostname
-
-##Secure the server
-
-    vi /etc/ssh/sshd_config
-     
-Add these lines:
-
-Port 25009
-Protocol 2
-PermitRootLogin no
-UseDNS no
-
-Add this line to the bottom of the document, replacing demo with your username:
-    
-    AllowUsers whatever
-    
-reload ssh:
-
-    sudo systemctl restart sshd
-    
-test before you log out:
-
-    ssh -p 25009 whatever@123.45.67.890
-   
-Add ssh keys
-
-    cat ~/.ssh/id_rsa4096.pub | ssh -p 25034 lxf@63.135.175.3 "mkdir -p ~/.ssh && cat >>  ~/.ssh/authorized_keys"
-
----
-
-###Install Zsh/Tmux
-
-(because doing only one thing at a time sucks)
-
-    sudo apt-get update
-    sudo apt-get install tmux zsh
-    curl -L https://raw.github.com/robbyrussell/oh-my-zsh/master/tools/install.sh | sh
-    chsh -s /bin/zsh whatever
-    
-###Set up fail2ban and UFW 
-
-    sudo apt-get install fail2ban
-    sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
-    sudo vi /etc/fail2ban/jail.local #(add IP to exclusions, up ban time)
-    sudo systemctl restart fail2ban 
-
-    apt-get install ufw
-    sudo ufw default deny incoming
-    sudo ufw default deny outgoing
-    sudo ufw allow 25978/tcp
-    sudo ufw allow 80/tcp
-    sudo ufw allow 443/tcp
-    sudo ufw allow out http
-    sudo ufw allow out https
-    sudo ufw allow out 53 
-    sudo ufw enable
-    sudo ufw status verbose
-    
----
-
-###Vim
-    
-    apt-get install vim
-    #I point to these in my vimrc, skip if you don't need them
-    mkdir -p ~/.vim/bundle/
-    git clone https://github.com/VundleVim/Vundle.vim.git ~/.vim/bundle/Vundle.vim
-
-##Setup Nginx
-
-    # check http://nginx.org/en/download.html for the latest version of nginx
-    # check https://developers.google.com/speed/pagespeed/module/build_ngx_pagespeed_from_source for latest version of ngx_pagespeed and psol
-    # latest headers more https://github.com/openresty/headers-more-nginx-module/tags
-    # naxsi: https://github.com/nbs-system/naxsi/releases
-
-prereqs for building stuff:
-
-    apt-get -y install build-essential zlib1g-dev libpcre3 libpcre3-dev libbz2-dev libssl-dev tar unzip
-
-prereqs for geo and ssl: 
-
-    apt-get install libgeoip1 libgeoip-dev  openssl libssl-dev
-    # then grab the libraries:
-    sudo mkdir -p /etc/nginx/geoip
-    cd /etc/nginx/geoip
-    sudo wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
-    sudo gunzip GeoIP.dat.gz
-    sudo wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
-    sudo gunzip GeoLiteCity.dat.gz
-
-    #install the GeoIP C library. 
-    cd /tmp
-    wget geolite.maxmind.com/download/geoip/api/c/GeoIP.tar.gz
-    tar -zxvf GeoIP.tar.gz
-    cd GeoIP-*
-    ./configure
-    make
-    sudo make install
-
-    # That's all the pre-reqs, now cd in to nginx and compile:
-    cd nginx-*
-    
-    
-config script for nginx source (debian paths):
-
-    ./configure \
-        --prefix=/usr/share/nginx \
-        --sbin-path=/usr/sbin/nginx \
-        --conf-path=/etc/nginx/nginx.conf \
-        --pid-path=/var/run/nginx.pid \
-        --lock-path=/var/lock/nginx.lock \
-        --error-log-path=/var/log/nginx/error.log \
-        --http-log-path=/var/log/access.log \
-        --user=www-data \
-        --group=www-data \
-        --without-mail_pop3_module \
-        --without-mail_imap_module \
-        --without-mail_smtp_module \
-        --with-http_stub_status_module \
-        --with-http_ssl_module \
-        --with-http_v2_module \
-        --with-http_gzip_static_module \
-        --with-pcre \
-        --with-file-aio \
-
-
-./configure \
---user=http \
---group=http \
---prefix=/etc/nginx                   \
---sbin-path=/usr/sbin/nginx           \
---conf-path=/etc/nginx/nginx.conf     \
---pid-path=/var/run/nginx.pid         \
---lock-path=/var/run/nginx.lock       \
---error-log-path=/var/log/nginx/error.log \
---http-log-path=/var/log/nginx/access.log \
---with-http_gzip_static_module        \
---with-http_stub_status_module        \
---with-http_ssl_module                \
---with-pcre                           \
---with-file-aio                       \
---with-http_v2_module \
---with-http_realip_module             \
---without-http_scgi_module            \
---without-mail_pop3_module \
---without-mail_imap_module \
---without-mail_smtp_module \
---add-module=$HOME/ngx_pagespeed-${NPS_VERSION} ${PS_NGX_EXTRA_FLAGS}
-
-    make
-    sudo make install
-    
-The next thing is to enable autostart:
-
-    sudo vim /lib/systemd/system/nginx.service
-
-# Stop dance for nginx
-# =======================
-#
-# ExecStop sends SIGSTOP (graceful stop) to the nginx process.
-# If, after 5s (--retry QUIT/5) nginx is still running, systemd takes control
-# and sends SIGTERM (fast shutdown) to the main process.
-# After another 5s (TimeoutStopSec=5), and if nginx is alive, systemd sends
-# SIGKILL to all the remaining processes in the process group (KillMode=mixed).
-#
-# nginx signals reference doc:
-# http://nginx.org/en/docs/control.html
-#
-[Unit]
-Description=A high performance web server and a reverse proxy server
-After=network.target
-
-[Service]
-Type=forking
-PIDFile=/run/nginx.pid
-ExecStartPre=/usr/sbin/nginx -t -q -g 'daemon on; master_process on;'
-ExecStart=/usr/sbin/nginx -g 'daemon on; master_process on;'
-ExecReload=/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload
-ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid
-TimeoutStopSec=5
-KillMode=mixed
-
-[Install]
-WantedBy=multi-user.target
-
-
-sudo systemctl enable nginx.service
-sudo systemctl start nginx.service
-sudo systemctl status nginx.service
-
-sudo vim /etc/nginx/nginx.conf
-
-
-user  www-data;
-events {
-    worker_connections  1024;
-}
-http {
-    include mime.types;
-    include /etc/nginx/naxsi_core.rules;
-    default_type  application/octet-stream;
-    types_hash_bucket_size 64;
-    server_names_hash_bucket_size 128;
-    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                      '$status $body_bytes_sent "$http_referer" '
-                      '"$http_user_agent" "$http_x_forwarded_for"';
-
-    #access_log  logs/access.log  main;
-    more_set_headers    "Server: Graf Industries Custom Server";
-    sendfile        on;
-    keepalive_timeout  65;
-    gzip  on;
-    pagespeed on;
-    pagespeed FileCachePath /var/ngx_pagespeed_cache;
-    limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
-    include /etc/nginx/sites-enabled/*.conf;
-}
-
-
-    sudo cp naxsi-0.53-2/naxci_config/naxsi_core.rule /etc/nginx
-