New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Also, check out this: http://www.lowendtalk.com/discussion/2394/vps-setup-script-minimal
It's dirty code with no error checking but works for me. You can remove the line where it installs fail2ban. More info on github. I first run the above, then TigersWay's script to install the goodies.
My only real issue is the dropbear thing. I can't find ANY information on how to use it on the net.
By the way, aside from the dropbear thing, my entire VPS was set up using your script, and its running just fine
then why not switch to openssh?
It's dirty code with no error checking but works for me. You can remove the line where it installs fail2ban. More info on github. I first run the above, then TigersWay's script to install the goodies.
"Add new user" & "iptables" functions are on my roadmap, but still provoke disagreements among users I know.
dropbear page
Why use dropbear? Because it's smaller in memory than openssh and because it works well behind xinetd.
Why remove fail2ban?
It uses a lot of memory. Also all the ports are blocked with my script except the custom port you setup for openssh (also port 80 and 443 is open), in addition, only public key authentication enabled and root login is disabled.
Edit: clarified on open ports
I've been trying to combine the php optimised parts from Simplyfast's script with maxexcloo 's minstall script. What is your opinion about including the following configuration options:
cat > /etc/php5/conf.d/apc.ini <<END [APC] extension=apc.so apc.enabled=1 apc.shm_segments=1 apc.shm_size=16 apc.ttl=7200 apc.user_ttl=7200 apc.num_files_hint=1024 apc.mmap_file_mask=/tmp/apc.XXXXXX apc.max_file_size = 1M apc.post_max_size = 1000M apc.upload_max_filesize = 1000M apc.enable_cli=0 apc.rfc1867=0 ENDcat > /etc/php5/conf.d/suhosin.ini <<END ; configuration for php suhosin module extension=suhosin.so suhosin.executor.include.whitelist="phar" suhosin.request.max_vars = 2048 suhosin.post.max_vars = 2048 suhosin.request.max_array_index_length = 256 suhosin.post.max_array_index_length = 256 suhosin.request.max_totalname_length = 8192 suhosin.post.max_totalname_length = 8192 suhosin.sql.bailout_on_error = Off ENDif [ -f /etc/php5/fpm/php.ini ] then sed -i \ "s/upload_max_filesize = 2M/upload_max_filesize = 200M/" \ /etc/php5/fpm/php.ini sed -i \ "s/post_max_size = 8M/post_max_size = 200M/" \ /etc/php5/fpm/php.ini sed -i \ "s/memory_limit = 128M/memory_limit = 96M/" \ /etc/php5/fpm/php.ini fiAlso,
php5-suhosin, php5-intl, php-gettext are not in Simplyfast's install while "siege", is not in maxexcloo's. Should I include all of them?
1. Just a recommendation: can you make install-ssh to ask if I would like to install OpenSSH or Dropbear, and then starts install-openssh or install-dropbox, to avoid situations like I've experienced?
2. Do you know any Wordpress install script, what is compatible with your host structure?
3. What do I need to modify to redirect to non-www instead of www?
I'm doing some work on Minstall and these suggestions have been taken onboard!
Hi,
I'm comparing Minstall and tuxlite (kind of line by line), and although most of the differences are easy to understand, I have a few questions I don't understand:
Tuxlite has the following line, what is not in Minstall for php-fpm:
sed -i 's/^listen =.*/listen = \/var\/run\/php5-fpm-www-data.sock/' $php_fpm_conf
Is this needed? I thought nginx only works on sockets! Also, for me the file var/run/php5-fpm-www-data.sock doesn't exists. Is it something for Apache?
OK, next one, also not present in Minstall:
Isn't this a bit too strong? Do you recommend setting this?
Also, php5-suhosin is installed once Minstall completes, but there is no reference for that. Is it included in dotdeb repro as a dependency?
It can use both
It depends. Maybe for shared hosting is recommended, otherwise you will allow to use shell commands and so.
For 5.3 it is.
OK, but is it needed? What is the default? Also, isn't it a problem that I don't see the file/link in /var/run?
Tbh I can't remember what one is the default.
Also, are you sure that is running with the socket? The file must be there in that case.
No I'm not sure, I just remember reading that nginx is fast because it uses sockets, but it seems I was wrong.
OK, I understand it now. It's dependent on the configuration, I thought it's something "global" where all the socket's are kept in a /var folder or something.
Also, it's included in Minstall too:
and
Dunno, probably you must try both to see how it goes.
You can check how is running in the PHP configuration.
Or you can dump the whole network stuff with netstat -na and see what is running.
EDIT: Oh you solved it xD
Thanks for this, I didn't know this. Yes, the same sockets are listening there!
I used sockets for Minstall as it allows cordoning off specific PHP processes to specific users (AFAIK ports would be accessible system wide and thus a security flaw).
@maxexcloo, is there any way to contact you by PM or email? I've collected all things missing from minstall and wrote a host-manager in Python, and a phpMyAdmin install script, I would be happy to contribute it to the project!