WWW.EMRAH.COM ============= Debian Stretch box... SYSTEM ====== ### swap file dd if=/dev/zero of=/swapfile bs=1M count=1024 chmod 600 /swapfile mkswap /swapfile echo "/swapfile none swap sw 0 0" >> /etc/fstab reboot ### hostname self-signed SSL sertifika oluşmadan (ssl-cert paketi yüklenmeden) önce hostname değişsin. /etc/hostname myhost /etc/hosts 127.0.1.1 myhost.mydomain.loc myhost reboot ### packages echo 'APT::Install-Recommends "0";' >/etc/apt/apt.conf.d/80recommends echo 'APT::Install-Suggests "0";' >>/etc/apt/apt.conf.d/80recommends apt update && apt autoclean && apt dist-upgrade && apt autoremove --purge apt purge tasksel tasksel-data nano apt install tmux zsh vim autojump apt install git rsync apt install htop iotop curl dnsutils whois ack-grep apt install python3 ipython3 bpython3 apt install pyflakes apt install sslh # standalone, yeni kurulumda iptal edildi. apt install nginx-extras ssl-cert apt install certbot --install-recommends apt install goaccess --install-recommends ### /etc/ssh/sshd_config PermitRootLogin without-password PasswordAuthentication no ### sslh sslh yeni kurulumda kullanılmadı. Web sunucu loglarında IP görünmüyor. /etc/default/sslh run=yes DAEMON_OPTS="--user sslh --listen 0.0.0.0:443 --ssh 127.0.0.1:XXX --ssl 127.0.0.1:10443 --pidfile /var/run/sslh/sslh.pid" ### certbot certbot certonly --webroot -w /var/www/html -d emrah.com -d www.emrah.com chmod 755 /etc/letsencrypt/{archive,live} ### user usermod -l emrah debian usermod -d /home/emrah emrah usermod -s /bin/zsh emrah mv /home/debian /home/emrah groupmod -n emrah debian ### zsh su -l emrah (2 for zsh) ### /home/emrah/.zshrc bindkey -v HISTSIZE=5000 SAVEHIST=5000 alias ls='ls --color=auto' alias ..="cd .." alias ...="cd ../.." alias ....="cd ../../.." alias .....="cd ../../../.." alias ......="cd ../../../../.." . /usr/share/autojump/autojump.sh export TMOUT=1800 setopt hist_ignore_space ### /root/.zshrc cp /home/emrah/.zshrc ~/ ### passwd passwd passwd emrah # vim See vim notes # scripts mkdir ~/scripts echo '#!/bin/bash' > ~/scripts/apt.sh echo 'apt update && apt -dy dist-upgrade' >> ~/scripts/apt.sh chmod u+x /root/scripts/apt.sh vim /etc/crontab 19 05 * * * root /root/scripts/apt.sh >/dev/null 2>&1 WEB CONTENTS ============ ### Git repos su -l emrah mkdir ~/git-repo cd ~/git-repo mkdir www_emrah_com.git cd www_emrah_com.git git init --bare ### Local git repo su -l emrah mkdir ~/web cd ~/web git clone --no-hardlinks ~/git-repo/www_emrah_com.git ### Local git repo (on my desktop) mkdir ~/git-repo cd ~/git-repo git clone ssh://emrah@emrah.com:22/~/git-repo/www_emrah_com.git ### Web contents (on my desktop) mkdir -p ~/git-repo/www_emrah_com/public_html cd ~/git-repo/www_emrah_com/public_html (install the contents here) mkdir -p ~/git-repo/www_emrah_com/emrah_com_updates cd ~/git-repo/www_emrah_com/emrah_com_updates (install the web related scripts here) cd ~/git-repo/www_emrah_com git add -A git commit -m "initial web contents" git push origin master ### Update web site cd ~/web/www_emrah_com git stash git pull git stash clear UPDATE SCRIPTS ============== ### /etc/crontab 19 05 * * * root /root/scripts/apt.sh >/dev/null 2>&1 07 01 * * * emrah /home/emrah/web/www_emrah_com/emrah_com_updates/txt2html.py # ----------------------------------------------------------------------------- # /etc/nginx/sites-available/emrah.com.conf # ----------------------------------------------------------------------------- # HTTP emrah.com server { listen 80; server_name emrah.com www.emrah.com; rewrite ^/(.*)$ https://$host/$1; } # HTTPS emrah.com server { listen 443; ssl_certificate /etc/letsencrypt/live/emrah.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/emrah.com/privkey.pem; ssl on; server_name emrah.com www.emrah.com; root /home/emrah/web/www_emrah_com/public_html; index index.html; charset utf-8; access_log /var/log/nginx/access.emrah.com.log; # lets encrypt location /.well-known/ { root /var/www/html/; } # robots.txt icin log olusturma. location = /robots.txt { access_log off; log_not_found off; } # favicon.ico icin log olusturma. location = /favicon.ico { access_log off; log_not_found off; } # static location ~* \.(?:ico|gif|jpe?g|png)$ { expires max; } location ~* \.(?:db|deb|gz|pdf)$ { expires max; } # markdown location ~* \.(?:md|markdown)$ { default_type "text/plain; charset=utf-8"; expires 30d; } # txt / html location ~* \.(?:txt| html)$ { expires 30d; } location = / { ssi on; expires 30d; } location = /index.html { ssi on; expires 30d; } } # ----------------------------------------------------------------------------- # /etc/nginx/sites-available/default # ----------------------------------------------------------------------------- SSL ayarları açılacak. HTTPS ile IP adresine gelen varsa boş sayfa görsün. "ssl on;" eklemek gerekiyor. 80 portundan gelen 443 portuna yönlendirilsin. server { listen 80 default_server; listen [::]:80 default_server; server_name _; rewrite ^/(.*)$ https://$host/$1; } server { listen 443 ssl default_server; listen [::]:443 ssl default_server; include snippets/snakeoil.conf; ssl on; root /var/www/html; ... ... }