Delmar/bikinibottom
3
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Hosts specific configs

Browse Source
This commit is contained in:
Julieñ
2025-04-24 15:55:10 +02:00
parent 116480f93e
commit 2abf8e30cf
13 changed files with 1903 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

430
On host/LAMP Stack.md Normal file
View File

@@ -0,0 +1,430 @@
# L.A.M.P
## 1. Apache
> ssh into server
```bash
sudo apt -y install apache2 apache2-utils
```
```bash
sudo vim /etc/apache2/conf-enabled/security.conf
# line 12 : change
ServerTokens Prod
sudo vim /etc/apache2/mods-enabled/dir.conf
# add file name that it can access only with directory's name
DirectoryIndex index.html index.htm
sudo vim /etc/apache2/apache2.conf
# line 70 : add to specify server name
ServerName www.srv.world
sudo vim /etc/apache2/sites-enabled/000-default.conf
# line 11 : change to webmaster's email
ServerAdmin webmaster@srv.world
sudo systemctl reload apache2
```
```bash
sudo vim /etc/apache2/ports.conf
```
```
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 80
Listen 81
Listen 82
Listen 83
Listen 84
Listen 85
Listen 86
Listen 87
Listen 88
Listen 89
<IfModule ssl_module>
       Listen 443
</IfModule>
<IfModule mod_gnutls.c>
       Listen 443
</IfModule>
```
## 2. PHP
```bash
sudo apt update && apt full-upgrade -y
sudo apt install -y apache2 wget git zip unzip
# systemctl enable apache2 && systemctl start apache2# systemctl status apache2
sudo apt install -y php php-cli libapache2-mod-php php-common php-gd php-bcmath php-xml php-json php-zip php-mysql php-imap php-curl php-mbstring php-intl php-pear php-opcache php-soap php-apcu php-redis php-memcache
php -v
```
> http://<span class="keep-md">\[</span>ServerIP<span class="keep-md">\]</span>
```bash
echo "<?php phpinfo(); ?>" > /var/www/html/test.php
```
## 3. Database
```bash
sudo apt install mariadb-server mariadb-client -y
# systemctl start mariadb && systemctl enable mariadb
# systemctl status mariadb
mysql_secure_installation
mysql -u root -p (transatlantique)
```
```sql
CREATE DATABASE [database_name];
# CREATE DATABASE [database_name] COLLATE utf8mb4_general_ci;
CREATE USER "admin"@"localhost" IDENTIFIED BY "camera-wand-stubborn";
GRANT ALL PRIVILEGES ON [database_name].* TO "admin"@"localhost";
FLUSH PRIVILEGES;
EXIT;
```
<div class="table-wrapper" id="bkmrk-database-user-passwo"><table><tbody><tr><th colspan="1" rowspan="1">database</th><th colspan="1" rowspan="1">user</th><th colspan="1" rowspan="1">password</th><th colspan="1" rowspan="1">host</th><th colspan="1" rowspan="1">prefix</th></tr><tr><td colspan="1" rowspan="1"><span class="keep-md">\[</span>database\_name<span class="keep-md">\]</span></td><td colspan="1" rowspan="1">admin</td><td colspan="1" rowspan="1">camera-wand-stubborn</td><td colspan="1" rowspan="1">localhost</td><td colspan="1" rowspan="1">db\_</td></tr></tbody></table>
</div>## 4. PhpMyAdmin
```bash
DATA="$(wget https://www.phpmyadmin.net/home_page/version.txt -q -O-)"
URL="$(echo $DATA | cut -d ' ' -f 3)"
VERSION="$(echo $DATA | cut -d ' ' -f 1)"
wget https://files.phpmyadmin.net/phpMyAdmin/${VERSION}/phpMyAdmin-${VERSION}-all-languages.tar.gz
tar xvf phpMyAdmin-${VERSION}-all-languages.tar.gz
mv phpMyAdmin-*/ /usr/share/phpmyadmin
mkdir -p /var/lib/phpmyadmin/tmp
chown -R www-data:www-data /var/lib/phpmyadmin
mkdir /etc/phpmyadmin/
cp /usr/share/phpmyadmin/config.sample.inc.php /usr/share/phpmyadmin/config.inc.php
```
```
vim /usr/share/phpmyadmin/config.inc.php
```
> (16gg) &gt; 32 characters
> `$cfg['blowfish_secret'] = 'WBqsYQwj5EotFPu58WGSFNT4b7PMJoBt';`
>
> (73gg)
> `$cfg['TempDir'] = '/var/lib/phpmyadmin/tmp';`
```bash
vim /etc/apache2/conf-enabled/phpmyadmin.conf
```
> Alias /phpmyadmin /usr/share/phpmyadmin
```conf
<Directory /usr/share/phpmyadmin>
Options SymLinksIfOwnerMatch
DirectoryIndex index.php
<IfModule mod_php5.c>
<IfModule mod_mime.c>
AddType application/x-httpd-php .php
</IfModule>
<FilesMatch ".+\.php$">
SetHandler application/x-httpd-php
</FilesMatch>
php_value include_path .
php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext/:/usr/share/php/php-php-gettext/:/usr/share/javascript/:/usr/share/php/tcpdf/:/usr/share/doc/phpmyadmin/:/usr/share/php/phpseclib/
php_admin_value mbstring.func_overload 0
</IfModule>
<IfModule mod_php.c>
<IfModule mod_mime.c>
AddType application/x-httpd-php .php
</IfModule>
<FilesMatch ".+\.php$">
SetHandler application/x-httpd-php
</FilesMatch>
```
#### Authorize for setup
```conf
<Directory /usr/share/phpmyadmin/setup>
<IfModule mod_authz_core.c>
<IfModule mod_authn_file.c>
AuthType Basic
AuthName "phpMyAdmin Setup"
AuthUserFile /etc/phpmyadmin/htpasswd.setup
</IfModule>
Require valid-user
</IfModule>
</Directory>
```
#### Disallow web access to directories that don't need it
```conf
<Directory /usr/share/phpmyadmin/templates>
Require all denied
</Directory>
<Directory /usr/share/phpmyadmin/libraries>
Require all denied
</Directory>
<Directory /usr/share/phpmyadmin/setup/lib>
Require all denied
</Directory>
```
```bash
a2enmod rewrite
systemctl restart apache2
```
> http://<span class="keep-md">\[</span>ServerIP<span class="keep-md">\]</span>/phpmyadmin
> First login as <span class="keep-md">\[</span> root | transatlantique <span class="keep-md">\]</span> to save phpmyadmin config
#### Alternative
> [WebDB](https://gitlab.com/web-db/app)
## 5. <span class="keep-md">\[</span>instance\_name<span class="keep-md">\]</span>
```bash
wget https://github.com/[sourcefile].zip
unzip [sourcefile].zip -d /var/www/[instance_name]
chown -R www-data: /var/www/[instance_name]
```
```bash
sudo vim /etc/apache2/sites-available/delmar.bzh.conf
```
```nginx
<VirtualHost *:80>
ServerName www.delmar.bzh
ServerAdmin admin@delmar.bzh
DocumentRoot /var/www/hugo
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:81>
ServerName nsns.delmar.bzh
ServerAdmin admin@delmar.bzh
DocumentRoot /var/www/nsns
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:82>
ServerName ugo.delmar.bzh
ServerAdmin ugo@delmar.bzh
DocumentRoot /var/www/wpugo
<Directory /var/www/wpugo>
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
allow from all
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
DavLockDB /usr/local/apache/var/DavLock
<VirtualHost *:83>
ServerAdmin admin@delmar.bzh
DocumentRoot /var/www/baikal/html
ServerName dav.delmar.bzh
RewriteEngine on
RewriteRule /.well-known/carddav /dav.php [R=308,L]
RewriteRule /.well-known/caldav /dav.php [R=308,L]
<Directory "/var/www/baikal/html">
Options None
# If you install cloning git repository, you may need the following
# Options +FollowSymlinks
AllowOverride None
# Configuration for apache-2.4:
Require all granted
# Configuration for apache-2.2:
# Order allow,deny
# Allow from all
</Directory>
Alias /webdav /var/www/webdav
<Directory /var/www/webdav>
DAV On
AuthType Basic
AuthName "webdav"
AuthUserFile /usr/local/apache/var/users.password
Require user admin
</Directory>
<Directory /var/www/webdav/shared>
Options Indexes
AllowOverride none
Order allow,deny
allow from all
DAV On
AuthType Basic
AuthName "webdav"
AuthUserFile /usr/local/apache/var/users.password
<Limit GET POST PROPFIND PUT DELETE PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
Require valid-user
</Limit>
</Directory>
<Directory /var/www/webdav/julien>
Options Indexes
AllowOverride none
Order allow,deny
allow from all
DAV on
AuthType Basic
AuthName "webdav"
AuthUserFile /usr/local/apache/var/users.password
<Limit GET POST PROPFIND PUT DELETE PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
Require user julien
</Limit>
</Directory>
<Directory /var/www/webdav/eliot>
Options Indexes
AllowOverride none
Order allow,deny
allow from all
DAV on
AuthType Basic
AuthName "webdav"
AuthUserFile /usr/local/apache/var/users.password
<Limit GET POST PROPFIND PUT DELETE PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
Require user eliot
</Limit>
</Directory>
<IfModule mod_expires.c>
ExpiresActive Off
</IfModule>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:84>
ServerName julien.delmar.bzh
ServerAdmin admin@delmar.bzh
DocumentRoot /var/www/resumes/julien
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:85>
ServerName nds.delmar.bzh
ServerAdmin admin@delmar.bzh
DocumentRoot /var/www/nds
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:86>
ServerName shop.delmar.bzh
ServerAdmin admin@delmar.bzh
DocumentRoot /var/www/shop
<Directory /var/www/shop>
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
allow from all
RewriteEngine on
#Domain: shop.delmar.bzh
RewriteRule . - [E=REWRITEBASE:/]
RewriteRule ^api(?:/(.*))?$ %{ENV:REWRITEBASE}webservice/dispatcher.php?url=$1 [QSA,L]
RewriteRule ^upload/.+$ %{ENV:REWRITEBASE}index.php [QSA,L]
# Images
RewriteCond %{HTTP_HOST} ^shop.delmar.bzh$
RewriteRule ^(([\d])(?:\-[\w-]*)?)/.+(\.(?:jpe?g|webp|png|avif))$ %{ENV:REWRITEBASE}img/p/$2/$1$3 [L]
RewriteCond %{HTTP_HOST} ^shop.delmar.bzh$
RewriteRule ^(([\d])([\d])(?:\-[\w-]*)?)/.+(\.(?:jpe?g|webp|png|avif))$ %{ENV:REWRITEBASE}img/p/$2/$3/$1$4 [L]
RewriteCond %{HTTP_HOST} ^shop.delmar.bzh$
RewriteRule ^(([\d])([\d])([\d])(?:\-[\w-]*)?)/.+(\.(?:jpe?g|webp|png|avif))$ %{ENV:REWRITEBASE}img/p/$2/$3/$4/$1$5 [L]
RewriteCond %{HTTP_HOST} ^shop.delmar.bzh$
RewriteRule ^(([\d])([\d])([\d])([\d])(?:\-[\w-]*)?)/.+(\.(?:jpe?g|webp|png|avif))$ %{ENV:REWRITEBASE}img/p/$2/$3/$4/$5/$1$6 [L]
RewriteCond %{HTTP_HOST} ^shop.delmar.bzh$
RewriteRule ^(([\d])([\d])([\d])([\d])([\d])(?:\-[\w-]*)?)/.+(\.(?:jpe?g|webp|png|avif))$ %{ENV:REWRITEBASE}img/p/$2/$3/$4/$5/$6/$1$7 [L]
RewriteCond %{HTTP_HOST} ^shop.delmar.bzh$
RewriteRule ^(([\d])([\d])([\d])([\d])([\d])([\d])(?:\-[\w-]*)?)/.+(\.(?:jpe?g|webp|png|avif))$ %{ENV:REWRITEBASE}img/p/$2/$3/$4/$5/$6/$7/$1$8 [L]
RewriteCond %{HTTP_HOST} ^shop.delmar.bzh$
RewriteRule ^(([\d])([\d])([\d])([\d])([\d])([\d])([\d])(?:\-[\w-]*)?)/.+(\.(?:jpe?g|webp|png|avif))$ %{ENV:REWRITEBASE}img/p/$2/$3/$4/$5/$6/$7/$8/$1$9 [L]
RewriteCond %{HTTP_HOST} ^shop.delmar.bzh$
RewriteRule ^c/([\d]+)(\-[\.*\w-]*)/.+(\.(?:jpe?g|webp|png|avif))$ %{ENV:REWRITEBASE}img/c/$1$2$3 [L]
RewriteCond %{HTTP_HOST} ^shop.delmar.bzh$
RewriteRule ^c/([a-zA-Z_-]+)(-[\d]+)?/.+(\.(?:jpe?g|webp|png|avif))$ %{ENV:REWRITEBASE}img/c/$1$2$3 [L]
# AlphaImageLoader for IE and fancybox
RewriteRule ^images_ie/?([^/]+)\.(jpe?g|png|gif)$ %{ENV:REWRITEBASE}js/jquery/plugins/fancybox/images/$1.$2 [L]
# Dispatcher
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ %{ENV:REWRITEBASE}index.php [NC,L]
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
```
```bash
a2enmod rewrite
a2ensite [instance_name].conf
systemctl restart apache2
# touch /var/www/[instance_name]/.htaccess
```