From c409589eabdf5b4303174411e0265d021ac0f079 Mon Sep 17 00:00:00 2001 From: bach Date: Sun, 19 Nov 2023 11:04:50 +0100 Subject: [PATCH] misc fixes --- assets/deploy-drupal.sh | 1 + assets/drupal-ssl.nginxconf | 2 +- bin/nfs.sh | 44 +++++++++++++++++++++++++++++++++++++ bin/webhook.sh | 2 ++ readme.md | 17 ++++++++++++++ 5 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 bin/nfs.sh diff --git a/assets/deploy-drupal.sh b/assets/deploy-drupal.sh index 4252a03..fd845c3 100755 --- a/assets/deploy-drupal.sh +++ b/assets/deploy-drupal.sh @@ -6,6 +6,7 @@ cd ./public_html echo "" echo "Pulling down latest code." git pull --ff-only origin prod +git submodule update --remote --recursive echo "" echo "Clearing drush caches." drush cache-clear drush diff --git a/assets/drupal-ssl.nginxconf b/assets/drupal-ssl.nginxconf index 0295e57..d8d67ba 100644 --- a/assets/drupal-ssl.nginxconf +++ b/assets/drupal-ssl.nginxconf @@ -116,7 +116,7 @@ server { fastcgi_intercept_errors on; # fastcgi_buffer_size 16k; # fastcgi_buffers 4 16k; - fastcgi_pass unix:/run/php/php8.2-fpm.sock; + fastcgi_pass unix:/run/php/php8.1-fpm.sock; } # Fighting with Styles? This little gem is amazing. # location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6 diff --git a/bin/nfs.sh b/bin/nfs.sh new file mode 100644 index 0000000..75bb2a2 --- /dev/null +++ b/bin/nfs.sh @@ -0,0 +1,44 @@ +#!/bin/sh + +echo -e '\033[35m + __ + _ __ / _|___ +| _ \| |_/ __| +| | | | _\__ \ +|_| |_|_| |___/ + +\033[0m' +echo -e "\033[35;1mLEMP server (Nginx Mysql Php-fpm) \033[0m" + + +apt install nfs-kernel-server +vim /etc/exports +mkdir /home/proxmox-backup +mkdir /home/urbackup + +ufw allow from 37.187.134.71 to any port nfs +ufw allow from 37.187.134.71 to any port 111 +ufw allow proto udp from 37.187.134.71 to any port 32764:32769 +ufw allow proto tcp from 37.187.134.71 to any port 32764:32769 + +ufw allow from 37.187.93.155 to any port nfs +ufw allow from 37.187.93.155 to any port 111 +ufw allow proto udp from 37.187.93.155 to any port 32764:32769 +ufw allow proto tcp from 37.187.93.155 to any port 32764:32769 + +ufw allow from 37.187.128.147 to any port nfs +ufw allow from 37.187.128.147 to any port 111 +ufw allow proto udp from 37.187.128.147 to any port 32764:32769 +ufw allow proto tcp from 37.187.128.147 to any port 32764:32769 + + +ufw allow from 94.23.8.104 to any port nfs +ufw allow from 94.23.8.104 to any port 111 +ufw allow proto udp from 94.23.8.104 to any port 32764:32769 +ufw allow proto tcp from 94.23.8.104 to any port 32764:32769 + +systemctl restart nfs-server +systemctl enable nfs-server + +vim /etc/ufw/user.rules + diff --git a/bin/webhook.sh b/bin/webhook.sh index a05371e..24b3dd0 100755 --- a/bin/webhook.sh +++ b/bin/webhook.sh @@ -116,4 +116,6 @@ systemctl restart webhook ufw allow 9000 +echo "webhook done" +echo "you can configure your webhook trigger with the following url :" echo "http://$_domain:9000/hooks/deploy_app_$_id" diff --git a/readme.md b/readme.md index 371ffc5..4e06e71 100644 --- a/readme.md +++ b/readme.md @@ -32,6 +32,23 @@ chmod a+x install.sh ``` +5 steps + +* misc.sh +* dotfliles.sh +* user.sh +* ssh.sh +* firewall.sh +* fail2ban.sh +* email.sh +* lemp.sh +* mysqlbackup.sh +* vhost.sh +* gitbarrerepos.sh +* webhook.sh +* urbackup.sh +* zabbix.sh +* ## ref http://www.debian.org/doc/manuals/securing-debian-howto/