about summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorSilvino Silva <silvino@bk.ru>2016-09-27 23:12:55 +0100
committerSilvino Silva <silvino@bk.ru>2016-09-28 00:16:21 +0100
commit98ae91447d2f29640094398068cca1a884f46d9b (patch)
tree5eaa04cb0719157284de67e20d5e9a990387ace7
parent7514d8a93d6c494b58af629f15f688c46de4926c (diff)
downloaddoc-98ae91447d2f29640094398068cca1a884f46d9b.tar.gz
tool ningx revision, added install scripts
-rw-r--r--tools/conf/etc/nginx/nginx.conf150
-rw-r--r--tools/conf/etc/nginx/sites/default.conf82
-rw-r--r--tools/conf/etc/nginx/sites/drupal.conf129
-rw-r--r--tools/conf/etc/nginx/sites/laravel.conf28
-rw-r--r--tools/nginx.html175
-rw-r--r--tools/scripts/config-install.sh4
-rw-r--r--tools/scripts/install-nginx.sh17
-rw-r--r--tools/scripts/install-php.sh7
-rw-r--r--tools/scripts/iptables.sh (renamed from tools/scipts/iptables.sh)0
-rw-r--r--tools/scripts/replace.sh7
10 files changed, 507 insertions, 92 deletions
diff --git a/tools/conf/etc/nginx/nginx.conf b/tools/conf/etc/nginx/nginx.conf
new file mode 100644
index 0000000..088a798
--- /dev/null
+++ b/tools/conf/etc/nginx/nginx.conf
@@ -0,0 +1,150 @@
+#
+# /etc/nginx/nginx.conf - nginx server configuration
+#
+
+
+user nginx;
+worker_processes auto;
+
+error_log /var/log/nginx/error.log;
+
+pid /var/run/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    ##
+    # SSL Settings
+    ##
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+    ssl_prefer_server_ciphers on;
+
+    # ssl on;
+    ssl_certificate /etc/ssl/certs/nginx.crt;
+    ssl_certificate_key /etc/ssl/keys/nginx.key;
+
+    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+    #                  '$status $body_bytes_sent "$http_referer" '
+    #                  '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log /var/log/nginx/access.log;
+    error_log  /var/log/nginx/error.log
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+    client_body_timeout 12;
+    client_header_timeout 12;
+    send_timeout 65;
+
+
+    gzip  on;
+    gzip_vary on;
+    #gzip_proxied any;
+    gzip_comp_level 9;
+    # gzip_buffers 16 8k;
+    # gzip_http_version 1.1;
+    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+
+    ##
+    # Virtual Host Configs
+    ##
+    server {
+        listen         80 default_server;
+	server_name _;
+        return         301 https://$host$request_uri;
+    }
+
+    include /etc/nginx/conf.d/*.conf;
+    include /etc/nginx/sites-enabled/*.conf;
+
+    #server {
+    #    listen       80;
+    #    server_name  localhost;
+    #
+    #    #charset koi8-r;
+    #
+    #    location / {
+    #        root   html;
+    #        index  index.html index.htm;
+    #    }
+    #
+    #    error_page  404              /404.html;
+    #
+    #    # redirect server error pages to the static page /50x.html
+    #    #
+    #    error_page   500 502 503 504  /50x.html;
+    #    location = /50x.html {
+    #        root   html;
+    #    }
+    #
+    #    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
+    #    #
+    #    #location ~ \.php$ {
+    #    #    proxy_pass   http://127.0.0.1;
+    #    #}
+    #
+    #    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+    #    #
+    #    #location ~ \.php$ {
+    #    #    root           html;
+    #    #    fastcgi_pass   127.0.0.1:9000;
+    #    #    fastcgi_index  index.php;
+    #    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
+    #    #    include        fastcgi_params;
+    #    #}
+    #
+    #    # deny access to .htaccess files, if Apache's document root
+    #    # concurs with nginx's one
+    #    #
+    #    #location ~ /\.ht {
+    #    #    deny  all;
+    #    #}
+    #}
+
+
+    # another virtual host using mix of IP-, name-, and port-based configuration
+    #
+    #server {
+    #    listen       8000;
+    #    listen       somename:8080;
+    #    server_name  somename  alias  another.alias;
+
+    #    location / {
+    #        root   html;
+    #        index  index.html index.htm;
+    #    }
+    #}
+
+
+    # HTTPS server
+    #
+    #server {
+    #    listen       443 ssl;
+    #    server_name  localhost;
+
+    #    ssl_certificate      cert.pem;
+    #    ssl_certificate_key  cert.key;
+
+    #    ssl_session_cache    shared:SSL:1m;
+    #    ssl_session_timeout  5m;
+
+    #    ssl_ciphers  HIGH:!aNULL:!MD5;
+    #    ssl_prefer_server_ciphers  on;
+
+    #    location / {
+    #        root   html;
+    #        index  index.html index.htm;
+    #    }
+    #}
+
+}
diff --git a/tools/conf/etc/nginx/sites/default.conf b/tools/conf/etc/nginx/sites/default.conf
new file mode 100644
index 0000000..95be0b7
--- /dev/null
+++ b/tools/conf/etc/nginx/sites/default.conf
@@ -0,0 +1,82 @@
+
+server {
+	listen       80;
+	server_name  localhost;
+
+#charset koi8-r;
+
+	location / {
+		root   html;
+		index  index.html index.htm;
+	}
+
+	error_page  404              /404.html;
+
+	# redirect server error pages to the static page /50x.html
+	#
+	error_page   500 502 503 504  /50x.html;
+	location = /50x.html {
+		root   html;
+	}
+
+# proxy the PHP scripts to Apache listening on 127.0.0.1:80
+#
+#location ~ \.php$ {
+#    proxy_pass   http://127.0.0.1;
+#}
+
+# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+#
+#location ~ \.php$ {
+#    root           html;
+#    fastcgi_pass   127.0.0.1:9000;
+#    fastcgi_index  index.php;
+#    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
+#    include        fastcgi_params;
+#}
+
+# deny access to .htaccess files, if Apache's document root
+# concurs with nginx's one
+#
+#location ~ /\.ht {
+#    deny  all;
+#}
+}
+
+
+# another virtual host using mix of IP-, name-, and port-based configuration
+#
+#server {
+#    listen       8000;
+#    listen       somename:8080;
+#    server_name  somename  alias  another.alias;
+
+#    location / {
+#        root   html;
+#        index  index.html index.htm;
+#    }
+#}
+
+
+# HTTPS server
+#
+#server {
+#    listen       443 ssl;
+#    server_name  localhost;
+
+#    ssl_certificate      cert.pem;
+#    ssl_certificate_key  cert.key;
+
+#    ssl_session_cache    shared:SSL:1m;
+#    ssl_session_timeout  5m;
+
+#    ssl_ciphers  HIGH:!aNULL:!MD5;
+#    ssl_prefer_server_ciphers  on;
+
+#    location / {
+#        root   html;
+#        index  index.html index.htm;
+#    }
+#}
+
+
diff --git a/tools/conf/etc/nginx/sites/drupal.conf b/tools/conf/etc/nginx/sites/drupal.conf
new file mode 100644
index 0000000..39b096a
--- /dev/null
+++ b/tools/conf/etc/nginx/sites/drupal.conf
@@ -0,0 +1,129 @@
+server {
+
+        listen 192.168.1.254:443 ssl;
+        listen 10.0.0.254:443 ssl;
+
+        server_name core.privat-network.net;
+
+        root /srv/www/drupal; ## &lt;-- Your only path reference.
+
+        # Enable compression, this will help if you have for instance advagg¿? module
+        # by serving Gzip versions of the files.
+        gzip_static on;
+
+        location ~ ^/stats/(.*)$ {
+            alias /srv/www/stats/$1;
+            autoindex on;
+        }
+
+        location /sysdoc {
+            alias /srv/www/sysdoc;
+            autoindex on;
+        }
+
+        location /ports {
+            alias /var/ports/ports;
+            autoindex on;
+        }
+
+        location /distfiles {
+            alias /var/ports/distfiles;
+            autoindex on;
+        }
+
+
+        location /packages {
+            root /var/ports/packages;
+            autoindex off;
+        }
+
+
+        location = /favicon.ico {
+            log_not_found off;
+            access_log off;
+        }
+
+        location = /robots.txt {
+                allow all;
+                log_not_found off;
+        }
+
+        # This matters if you use drush prior to 5.x
+        # After 5.x backups are stored outside the Drupal install.
+        #location = /backup {
+        #        deny all;
+        #}
+
+        # Very rarely should these ever be accessed outside of your lan
+        location ~* \.(txt|log)$ {
+                allow 192.168.0.0/16;
+                deny all;
+        }
+
+        location ~ \..*/.*\.php$ {
+                return 403;
+        }
+
+        # No no for private
+        location ~ ^/sites/.*/private/ {
+                return 403;
+        }
+
+        # Block access to "hidden" files and directories whose names begin with a
+        # period. This includes directories used by version control systems such
+        # as Subversion or Git to store control files.
+        location ~ (^|/)\. {
+                return 403;
+        }
+
+        location / {
+                # This is cool because no php is touched for static content
+                try_files $uri @rewrite;
+        }
+
+        location ~* /update.php*/.*$ {
+                # You have 2 options here
+                # For D7 and above:
+                # Clean URLs are handled in drupal_environment_initialize().
+                rewrite ^ /update.php;
+                # For Drupal 6 and bwlow:
+                # Some modules enforce no slash (/) at the end of the URL
+                # Else this rewrite block wouldn't be needed (GlobalRedirect)
+                #rewrite ^/(.*)$ /index.php?q=$1;
+        }
+
+        location @rewrite {
+                # You have 2 options here
+                # For D7 and above:
+                # Clean URLs are handled in drupal_environment_initialize().
+                rewrite ^ /index.php;
+                # For Drupal 6 and bwlow:
+                # Some modules enforce no slash (/) at the end of the URL
+                # Else this rewrite block wouldn't be needed (GlobalRedirect)
+                #rewrite ^/(.*)$ /index.php?q=$1;
+        }
+
+        location ~ \.php$ {
+                fastcgi_split_path_info ^(.+\.php)(/.+)$;
+                #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
+                include fastcgi_params;
+                fastcgi_param SCRIPT_FILENAME $request_filename;
+                fastcgi_intercept_errors on;
+                #fastcgi_pass unix:/tmp/phpfpm.sock;
+                fastcgi_pass 127.0.0.1:9000;
+        }
+
+        # Fighting with Styles? This little gem is amazing.
+        # This is for D6
+        #location ~ ^/sites/.*/files/imagecache/ {
+        # This is for D7 and D8
+        location ~ ^/sites/.*/files/styles/ {
+                try_files $uri @rewrite;
+        }
+
+        location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
+                expires max;
+                #log_not_found off;
+        }
+
+}
diff --git a/tools/conf/etc/nginx/sites/laravel.conf b/tools/conf/etc/nginx/sites/laravel.conf
new file mode 100644
index 0000000..f648f17
--- /dev/null
+++ b/tools/conf/etc/nginx/sites/laravel.conf
@@ -0,0 +1,28 @@
+server {
+    listen 443 ssl;
+    # listen [::]:443 ssl;
+
+    root /srv/www/atom/public;
+    server_name core.privat-network.net;
+
+    location /sysdoc {
+        alias /srv/www/sysdoc;
+        index index.html;
+        autoindex on;
+    }
+
+    index index.php;
+    location / {
+        try_files $uri $uri/ /index.php$is_args$args;
+    }
+
+    location ~ \.php$ {
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_index index.php;
+        # try_files $uri /index.php =404;
+        include /etc/nginx/fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        # fastcgi_pass unix:/var/run/php5-fpm.sock;
+        fastcgi_pass 127.0.0.1:9000;
+    }
+}
diff --git a/tools/nginx.html b/tools/nginx.html
index 8fe632e..01c5515 100644
--- a/tools/nginx.html
+++ b/tools/nginx.html
@@ -7,9 +7,9 @@
     <body>
         <a href="index.html">Tools Index</a>
 
-        <h1>1. Nginx</h1>
+        <h1>Nginx</h1>
 
-        <h2 id="install">1.1. Install Nginx</h2>
+        <h2 id="install">1. Install Nginx</h2>
 
         <pre>
         $  prt-get depinst nginx
@@ -21,17 +21,16 @@
         UID=xxxxx-xxx-xxx-xxx-xxxxxxxx  /srv/www                ext4 defaults,nosuid,noexec,nodev,noatime       1 2
         </pre>
 
-        <p>Remove nginx user or group, system defines www user and group;</p>
+        <p>Add user nginx to www group;</p>
 
         <pre>
-        # userdel nginx
-        # groupdel nginx
+        # usermod -a -G www nginx
         </pre>
 
-        <p>Change default home directory of www user;</p>
+        <p>Change default home directory of nginx user;</p>
 
         <pre>
-        # usermod -m -d /srv/www www
+        # usermod -m -d /srv/www nginx
         </pre>
 
         <p>Create configuration directory's for better organization;</p>
@@ -42,44 +41,11 @@
         $ sudo mkdir /etc/nginx/sites
         </pre>
 
-        <h2 id="logs">1.2. Logs</h2>
-
-        <pre>
-        $ sudo grep "login" /var/log/nginx/access.log
-        $ sudo grep "etc/passwd" /var/log/nginx/access.log
-        $ sudo egrep -i "denied|error|warn" /var/log/nginx/error.log
-        </pre>
-
-        <h2 id="userdir">1.3. User Directory</h2>
-
-        <p><a href="http://wiki.nginx.org/UserDir">Nginx Wiki UserDir</a></p>
-
-        <pre>
-         location ~ ^/~(.+?)(/.*)?$ {
-            alias /home/$1/public_html$2;
-            index  index.html index.htm;
-            autoindex on;
-         }
-        </pre>
-
-        <p>Directories should have 644 or 664 and
-        files chmod 755 or 775;</p>
-
-        <pre>
-        $ sudo find . -type f -print0 | xargs -0 chmod 644
-        $ sudo find . -type d -print0 | xargs -0 chmod 755
-        </pre>
-
-        <h2 id="certs">1.4. Certificates</h2>
+        <h2 id="certs">2. Certificates</h2>
 
         <p>Certificates allow a more secure connection. Lets create
         self-signed certificate;</p>
 
-        <pre>
-        $ sudo mkdir /etc/nginx/ssl
-        $ sudo cd /etc/nginx/ssl
-        </pre>
-
         <p>Create private key;</p>
 
         <pre>
@@ -112,7 +78,7 @@
         Locality Name (eg, city) []:
         Organization Name (eg, company) [Internet Widgits Pty Ltd]:
         Organizational Unit Name (eg, section) []:
-        Common Name (e.g. server FQDN or YOUR name) []:c13.nark.biz.tm
+        Common Name (e.g. server FQDN or YOUR name) []:core.privat-network.net
         Email Address []:
 
         Please enter the following 'extra' attributes
@@ -127,33 +93,31 @@
         <pre>
         $ sudo openssl x509 -req -days 365 -in /etc/ssl/certs/nginx.csr -signkey /etc/ssl/keys/nginx.key -out /etc/ssl/certs/nginx.crt
         Signature ok
-        subject=/C=PT/ST=Porto/O=Internet Widgits Pty Ltd/CN=c13.nark.biz.tm
+        subject=/C=PT/ST=Porto/O=Internet Widgits Pty Ltd/CN=core.privat-network.net
         Getting Private key
         Enter pass phrase for /etc/ssl/keys/nginx.key:
         $
         </pre>
 
-        <h3>Remove Password</h3>
-
         <p>Having password is a good idea, but requires it every
         time nginx is restarted. To remove;</p>
 
         <pre>
-        $ sudo cp /etc/ssl/keys/nginx.key /etc/ssl/keys/nginx.key.org
-        $ sudo openssl rsa -in /etc/ssl/keys/nginx.key.org -out /etc/ssl/keys/nginx.key
+        $ sudo cp /etc/ssl/keys/nginx.key /etc/ssl/keys/nginx.key.pass
+        $ sudo openssl rsa -in /etc/ssl/keys/nginx.key.pass -out /etc/ssl/keys/nginx.key
         Enter pass phrase for /etc/ssl/keys/nginx.key.org:
         writing RSA key
         $
         </pre>
 
-        <h2 id="nginxconf">1.5. Nginx Configuration</h2>
+        <h2 id="nginxconf">3. Nginx Configuration</h2>
 
-        <p><a href="http://wiki.nginx.org/Pitfalls">READ NGINX PITFALLS</a>,
+        <p>Read <a href="http://wiki.nginx.org/Pitfalls">nginx pitfalls</a>,
         for more information about optimization
         <a href="https://www.digitalocean.com/community/tutorials/how-to-optimize-nginx-configuration">digitalocean</a>,
 
         <p>Number of worker_processes must be equal or less than
-        the number of available cpu cores</p>
+       the number of available cpu cores. This is set to auto.</p>
 
         <pre>
         $ nproc
@@ -172,32 +136,26 @@
 
         <pre>
         #
-        # /etc/nginx/nginx.conf
+        # /etc/nginx/nginx.conf - nginx server configuration
         #
 
-        user www;
-        worker_processes  2;
 
-        error_log  /var/log/nginx/error.log  info;
+        user nginx;
+        worker_processes auto;
+
+        error_log /var/log/nginx/error.log;
+
+        pid /var/run/nginx.pid;
+
 
         events {
             worker_connections  1024;
         }
 
-        http {
-
-            include             /etc/nginx/mime.types;
-            default_type	application/octet-stream;
-
-            sendfile        on;
-            #tcp_nopush     on;
 
-            #keepalive_timeout 620;
-            keepalive_timeout  65;
-            client_body_timeout 12;
-            client_header_timeout 12;
-            # send_timeout 620;
-            send_timeout 65;
+        http {
+            include       mime.types;
+            default_type  application/octet-stream;
 
             ##
             # SSL Settings
@@ -209,25 +167,25 @@
             ssl_certificate /etc/ssl/certs/nginx.crt;
             ssl_certificate_key /etc/ssl/keys/nginx.key;
 
-            ##
-            # Logging Settings
-            ##
             #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
             #                  '$status $body_bytes_sent "$http_referer" '
             #                  '"$http_user_agent" "$http_x_forwarded_for"';
 
-            access_log		/var/log/nginx/access.log  combined;
-            error_log		/var/log/nginx/error.log;
+            access_log /var/log/nginx/access.log;
+            error_log  /var/log/nginx/error.log
 
-            ##
-            # Gzip Settings
-            ##
+            sendfile        on;
+            #tcp_nopush     on;
+
+            keepalive_timeout  65;
+            client_body_timeout 12;
+            client_header_timeout 12;
+            send_timeout 65;
 
-            gzip on;
-            gzip_disable "msie6";
 
+            gzip  on;
             gzip_vary on;
-            gzip_proxied any;
+            #gzip_proxied any;
             gzip_comp_level 9;
             # gzip_buffers 16 8k;
             # gzip_http_version 1.1;
@@ -245,40 +203,44 @@
 
             include /etc/nginx/conf.d/*.conf;
             include /etc/nginx/sites-enabled/*.conf;
+
         }
-        # End of file        </pre>
+        # End of file
+        </pre>
 
 
-        <h2 id="server">1.6. Server with PHP</h2>
+        <h2 id="server">4. Server with PHP</h2>
 
-        check <a href "../conf/etc/nginx/">configuration directory</a>
-        for more examples. Install php and composer that is required
-        by Laravel;</p>
+        <p>Check <a href="conf/etc/nginx/sites/">/etc/nginx/sites</a>
+        for more examples.</p>
 
-        <h3>1.6.1. Setup PHP</h3>
+        <h3>4.1. Setup PHP</h3>
+
+        <p> Install php and setup php.ini as development mode;</p>
 
         <pre>
-        $ prt-get depinst php php-fpm php-gd php-pdo-pgsql composer
+        $ prt-get depinst php php-fpm php-gd
         </pre>
 
         <p>Setup php ini in development mode;<p/>
 
         <pre>
-        $ sudo cp /etc/php/php.ini-development php.ini
+        $ sudo cp /etc/php/php.ini-development /etc/php/php.ini
+        </pre>
+
+        <pre>
         $ php --ini
         Configuration File (php.ini) Path: /etc/php
         Loaded Configuration File:         /etc/php/php.ini
         Scan for additional .ini files in: /etc/php/conf.d
         Additional .ini files parsed:      /etc/php/conf.d/extensions.ini,
         /etc/php/conf.d/pdo_pgsql.ini
-
-        $
         </pre>
 
-        <h3>1.6.2. Setup Virtual Host</h3>
+        <h3>4.2. Setup Virtual Host</h3>
 
         <p>Server (virtual host) with Laravel,
-                /etc/nginx/sites/<a href="../conf/etc/nginx/sites/laravel.conf">laravel.conf</a>;</p>
+        <a href="conf/etc/nginx/sites/laravel.conf">/etc/nginx/sites/laravel.conf</a>;</p>
 
         <pre>
         server {
@@ -286,7 +248,7 @@
             listen [::]:443 ssl;
 
             root /srv/www/atom/public;
-            server_name c13.nark.biz.tm;
+            server_name core.privat-network.net;
             index index.html index.htm index.php;
 
             charset utf-8;
@@ -299,7 +261,7 @@
             location = /robots.txt  { access_log off; log_not_found off; }
 
             access_log off;
-            error_log  /var/log/nginx/c13-nark-biz-tm-error.log error;
+            error_log  /var/log/nginx/core.privat-network.net-error.log error;
 
             sendfile off;
 
@@ -322,6 +284,35 @@
         }
         </pre>
 
+        <h2 id="userdir">5. User Directory</h2>
+
+        <p><a href="http://wiki.nginx.org/UserDir">Nginx Wiki UserDir</a></p>
+
+        <pre>
+         location ~ ^/~(.+?)(/.*)?$ {
+            alias /home/$1/public_html$2;
+            index  index.html index.htm;
+            autoindex on;
+         }
+        </pre>
+
+        <p>Directories should have 644 or 664 and
+        files chmod 755 or 775;</p>
+
+        <pre>
+        $ sudo find . -type f -print0 | xargs -0 chmod 644
+        $ sudo find . -type d -print0 | xargs -0 chmod 755
+        </pre>
+
+        <h2 id="logs">6. Logs</h2>
+
+        <pre>
+        $ sudo grep "login" /var/log/nginx/access.log
+        $ sudo grep "etc/passwd" /var/log/nginx/access.log
+        $ sudo egrep -i "denied|error|warn" /var/log/nginx/error.log
+        </pre>
+
+
         <a href="index.html">Tools Index</a>
 
         <p>This is part of the c9-doc Manual.
diff --git a/tools/scripts/config-install.sh b/tools/scripts/config-install.sh
new file mode 100644
index 0000000..061081f
--- /dev/null
+++ b/tools/scripts/config-install.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+CONF_DIR="$(dirname `dirname $0`)/conf"
+echo "CONF_DIR=$CONF_DIR\n"
diff --git a/tools/scripts/install-nginx.sh b/tools/scripts/install-nginx.sh
new file mode 100644
index 0000000..5553692
--- /dev/null
+++ b/tools/scripts/install-nginx.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+. `dirname $0`/config-install.sh
+
+prt-get depinst nginx
+
+cp -R $CONF_DIR/etc/nginx/* /etc/nginx/
+
+usermod -a -G www nginx
+usermod -m -d /srv/www nginx
+
+openssl genrsa -des3 -out /etc/ssl/keys/nginx.key 2048
+openssl req -new -key /etc/ssl/keys/nginx.key -out /etc/ssl/certs/nginx.csr
+openssl x509 -req -days 365 -in /etc/ssl/certs/nginx.csr -signkey /etc/ssl/keys/nginx.key
+
+cp /etc/ssl/keys/nginx.key /etc/ssl/keys/nginx.key.pass
+openssl rsa -in /etc/ssl/keys/nginx.key.pass -out /etc/ssl/keys/nginx.key
diff --git a/tools/scripts/install-php.sh b/tools/scripts/install-php.sh
new file mode 100644
index 0000000..9d47ada
--- /dev/null
+++ b/tools/scripts/install-php.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+. `dirname $0`/config-install.sh
+
+prt-get depinst php php-fpm php-gd php-pdo-pgsql
+
+cp /etc/php/php.ini-development /etc/php/php.ini
diff --git a/tools/scipts/iptables.sh b/tools/scripts/iptables.sh
index 3215633..3215633 100644
--- a/tools/scipts/iptables.sh
+++ b/tools/scripts/iptables.sh
diff --git a/tools/scripts/replace.sh b/tools/scripts/replace.sh
new file mode 100644
index 0000000..8e393f0
--- /dev/null
+++ b/tools/scripts/replace.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+folder=$1
+oldstring=$2
+newstring=$3
+
+grep -rl $oldstring $folder | xargs sed -i s@$oldstring@$newstring@g