-
Notifications
You must be signed in to change notification settings - Fork 0
/
reference-script-for-building-website-opensuse_leap_15.txt
318 lines (256 loc) · 8.48 KB
/
reference-script-for-building-website-opensuse_leap_15.txt
1
#!/bin/bash####################### Separator ########################webdomain="eternalcenter.com"webtar="eternalcenter-backup-*.tar.gz"webcrt="eternalcenter.com.crt"webkey="eternalcenter.com.key"sqlbackup="eternalcenter-backup-*.sql"db="ec"dbuser="ec"dbuserpw="eternalcenter"dbrootpw="eternalcenter"####################### Separator #########################判断所需文件是否存在ls $webtarif [ $? -ne 0 ];then echo "没有网页数据备份,无法继续" exit 2fils $webcrtif [ $? -ne 0 ];then echo "没有网站公钥,无法继续" exit 2fils $webkeyif [ $? -ne 0 ];then echo "没有网站私钥,无法继续" exit 2fi#更新系统zypper refzypper -n update#确保必需软件已经安装zypper -n in tarzypper -n in firewalld#部署 Nginxzypper -n in nginxecho 'worker_processes 1;events { worker_connections 1024;}http { limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 60; client_body_timeout 20s; client_header_timeout 10s; send_timeout 30s; server { listen 80; limit_req zone=one burst=5; server_name www.eternalcenter.com eternalcenter.com; rewrite ^/(.*)$ https://eternalcenter.com/$1 permanent; error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } server { listen 443 ssl; server_name www.eternalcenter.com eternalcenter.com; if ($request_method !~ ^(GET|POST)$){ return 444; } ssl_certificate /etc/nginx/ssl/eternalcenter.com.crt; ssl_certificate_key /etc/nginx/ssl/eternalcenter.com.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; root /srv/www/htdocs; location / { index index.php; try_files $uri $uri/ /index.php$is_args$args; if (-f $request_filename/index.html){rewrite (.) $1/index.html break;} if (-f $request_filename/index.php){rewrite (.) $1/index.php;} if (!-f $request_filename){rewrite (.) /index.php;} } location ~ \.php$ { include fastcgi_params; include fastcgi.conf; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /srv/www/htdocs/$fastcgi_script_name; } location ~ ^/\.user\.ini { deny all; } location ~*\.(jpd|jpeg|gif|png|css|js|ico|xml)$ { expires 30d; } error_page 404 /404.html; } gzip on; gzip_min_length 1000; gzip_comp_level 4; gzip_types text/plain test/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascripts; client_header_buffer_size 1k; open_file_cache_valid 60s; open_file_cache_min_uses 5; open_file_cache_errors off;}' > /etc/nginx/nginx.confsed -i "s/server_name www.eternalcenter.com eternalcenter.com;/server_name www.$webdomain $webdomain;/" /etc/nginx/nginx.confsed -i "s@rewrite ^/(.*)$ https://eternalcenter.com/\$1 permanent@rewrite ^/(.*)$ https://$webdomain/\$1 permanent@" /etc/nginx/nginx.conf;sed -i "s/eternalcenter.com.crt/$webcrt/" /etc/nginx/nginx.confsed -i "s/eternalcenter.com.key/$webkey/" /etc/nginx/nginx.confmkdir /etc/nginx/sslmv $webcrt /etc/nginx/sslmv $webkey /etc/nginx/sslrm -rf /srv/www/htdocs/*tar -xvf $webtar -C /srv/www/htdocs/ && rm -rf $webtarzypper -n in policycoreutilssystemctl start nginxsystemctl enable nginx#部署 MariaDBzypper -n in mariadb mariadb-servergrep "^log_bin=" /etc/my.cnfif [ $? -ne 0 ];then sed -i '/^datadir/a log_bin=ec' /etc/my.cnffigrep "^binlog_format=" /etc/my.cnfif [ $? -ne 0 ];then sed -i '/^datadir/a binlog_format=\"mixed\"' /etc/my.cnffigrep "^server_id=" /etc/my.cnfif [ $? -ne 0 ];then sed -i '/^datadir/a server_id=51' /etc/my.cnffised -i 's/^plugin-load-add=auth_gssapi.so/#plugin-load-add=auth_gssapi.so/' /etc/my.cnfsed -i '/^user=.*/d' /etc/my.cnfsed -i "/\[mysqld\]/a user=mysql" /etc/my.cnfsed -i '/^bind-address=.*/d' /etc/my.cnfsed -i "/\[mysqld\]/a bind-address=127.0.0.1" /etc/my.cnfsystemctl start mariadbsystemctl enable mariadbchown -R mysql:mysql /var/lib/mysqlls $sqlbackupif [ $? -ne 0 ];then mysql -uroot -e "create database $db;" mysql -uroot -e "create user \"$dbuser\"@\"localhost\" identified by \"$dbuserpw\";" mysql -uroot -e "grant all privileges on $db.* to \"$dbuser\"@\"localhost\" identified by \"$dbuserpw\";" mysql -uroot -e "set password for 'root'@'localhost'=password(\"$dbrootpw\")"else mysql -uroot -e "create database $db;" mysql -uroot $db < $sqlbackup mysql -uroot -e "create user \"$dbuser\"@\"localhost\" identified by \"$dbuserpw\";" mysql -uroot -e "grant all privileges on $db.* to \"$dbuser\"@\"localhost\" identified by \"$dbuserpw\";" mysql -uroot -e "set password for 'root'@'localhost'=password(\"$dbrootpw\")" rm -rf $sqlbackupfi systemctl restart mariadb#部署 PHPzypper -n in php7 php7-fpm php7-mysql php7-gd php7-mbstring php7-opcache php7-json php7-xmlrpc php7-zlibuseradd php-fpm -s /sbin/nologingroupadd php-fpmchown -R php-fpm:php-fpm /srv/www/htdocs/*cp /etc/php7/fpm/php-fpm.conf.default /etc/php7/fpm/php-fpm.confsed -i /"^user =.*"/d /etc/php7/fpm/php-fpm.confsed -i /"^group =.*"/d /etc/php7/fpm/php-fpm.confsed -i /"^listen =.*"/d /etc/php7/fpm/php-fpm.confsed -i /"^[www]"/d /etc/php7/fpm/php-fpm.confsed -i /"^pm = .*"/d /etc/php7/fpm/php-fpm.confsed -i /"^pm.start_servers = .*"/d /etc/php7/fpm/php-fpm.confsed -i /"^pm.min_spare_servers = .*"/d /etc/php7/fpm/php-fpm.confsed -i /"^pm.max_spare_servers = .*"/d /etc/php7/fpm/php-fpm.confsed -i /"^pm.max_children = .*"/d /etc/php7/fpm/php-fpm.confsed -i /"^pm.max_requests = .*"/d /etc/php7/fpm/php-fpm.confsed -i /"^request_terminate_timeout = .*"/d /etc/php7/fpm/php-fpm.confecho '[www]' >> /etc/php7/fpm/php-fpm.confecho 'user = php-fpm' >> /etc/php7/fpm/php-fpm.confecho 'group = php-fpm' >> /etc/php7/fpm/php-fpm.confecho 'listen = 127.0.0.1:9000' >> /etc/php7/fpm/php-fpm.confecho 'pm = dynamic' >> /etc/php7/fpm/php-fpm.confecho 'pm.start_servers = 2' >> /etc/php7/fpm/php-fpm.confecho 'pm.min_spare_servers = 2' >> /etc/php7/fpm/php-fpm.confecho 'pm.max_spare_servers = 4' >> /etc/php7/fpm/php-fpm.confecho 'pm.max_children = 4' >> /etc/php7/fpm/php-fpm.confecho 'pm.max_requests = 1024' >> /etc/php7/fpm/php-fpm.confecho 'request_terminate_timeout = 300' >> /etc/php7/fpm/php-fpm.confsystemctl start php-fpmsystemctl enable php-fpm#提高系统性能grep "^* soft nofile" /etc/security/limits.confif [ $? -ne 0 ];then echo '* soft nofile 1024' >> /etc/security/limits.conffigrep "^* hard nofile" /etc/security/limits.confif [ $? -ne 0 ];then echo '* hard nofile 1024' >> /etc/security/limits.conffi#打开防火墙systemctl start firewalldsystemctl enable firewalldfirewall-cmd --add-port=80/tcp --permanentfirewall-cmd --add-port=443/tcp --permanentfirewall-cmd --reload#限制日志占用空间echo "/var/log/mariadb/mariadb.log { create 600 mysql mysql notifempty daily rotate 3 missingok compress postrotate # just if mysqld is really running if [ -e /run/mariadb/mariadb.pid ] then kill -1 $(</run/mariadb/mariadb.pid) fi endscript}" > /etc/logrotate.d/mariadbecho "/var/log/nginx/*log { create 0664 nginx root size 1024M rotate 1 missingok notifempty compress sharedscripts postrotate /bin/kill -USR1 `cat /run/nginx.pid 2>/dev/null` 2>/dev/null || true endscript}" > /etc/logrotate.d/nginxecho "/var/log/php-fpm/*log { size 100M rotate 1 missingok notifempty sharedscripts delaycompress postrotate /bin/kill -SIGUSR1 `cat /run/php-fpm/php-fpm.pid 2>/dev/null` 2>/dev/null || true endscript}" > /etc/logrotate.d/php-fpmecho "/var/log/cron/var/log/maillog/var/log/messages/var/log/secure/var/log/spooler{ size 100M rotate 1 missingok sharedscripts postrotate /usr/bin/systemctl kill -s HUP rsyslog.service >/dev/null 2>&1 || true endscript}" > /etc/logrotate.d/syslog#删除此脚本scriptwhere=`readlink -f "$0"`rm -rf $scriptwhere#重启系统reboot