aguia-pescadora-bravo (#16), dreamfactory (#52): pagina padrao do PHP…

… exibindo para o https://dreamfactory.apb.etica.ai/
fititnt · May 29, 2019 · 5707c8a · 5707c8a
1 parent be22c1a
commit 5707c8a
Show file tree

Hide file tree

Showing 4 changed files with 69 additions and 2 deletions.
diff --git a/logbook/aguia-pescadora-bravo.sh b/logbook/aguia-pescadora-bravo.sh
@@ -517,13 +517,32 @@ sudo useradd -r -s /bin/false dreamfactory
 sudo mkdir -p /home2/dreamfactory/web/dreamfactory
 sudo mkdir /home2/dreamfactory/log
 
-sudo cp /etc/php/7.2/fpm/pool.d/www.conf /etc/php/7.2/fpm/pool.d/dreamfactory.conf
+# Adiciona o usuario ao grupo www-data. Isso pode ser necessario em alguns casos
+sudo usermod -a -G www-data dreamfactory
 
+# Cria worker PHP-FPM exclusivo baseado no www.conf
+sudo cp /etc/php/7.2/fpm/pool.d/www.conf /etc/php/7.2/fpm/pool.d/dreamfactory.conf
 sudo vim /etc/php/7.2/fpm/pool.d/dreamfactory.conf
+sudo systemctl reload php7.2-fpm
+
+# Prepara o NGinx
+sudo cp /etc/nginx/sites-available/EXEMPLO-PROXY.abp.etica.ai.conf /etc/nginx/sites-available/dreamfactory.apb.etica.ai.conf
+sudo vim/etc/nginx/sites-available/dreamfactory.apb.etica.ai.conf
+
+sudo ln -s /etc/nginx/sites-available/dreamfactory.apb.etica.ai.conf /etc/nginx/sites-enabled/
+sudo nginx -t
+sudo systemctl reload nginx
+
+# Cria uma página de teste
+## sudo -u dreamfactory echo "dreamfactory <br>Servidor comunitario: http://aguia-pescadora-bravo.etica.ai <br>Arquivo: /home2/dreamfactory/web/dreamfactory/index.php <br><?php phpinfo(); ?>" > /home2/dreamfactory/web/dreamfactory/index.php
+echo "dreamfactory <br>Servidor comunitario: http://aguia-pescadora-bravo.etica.ai <br>Arquivo: /home2/dreamfactory/web/dreamfactory/index.php <br><?php phpinfo(); ?>" | sudo -u dreamfactory tee /home2/dreamfactory/web/dreamfactory/index.php
+
+sudo certbot --nginx -d dreamfactory.apb.etica.ai
 
 # Error logs
 tail -f /home2/dreamfactory/log/fpm-php.dreamfactory.log
 
+# Corrige as permissões para serem exclusivas deste usuário
 sudo chown dreamfactory:dreamfactory -R /home2/dreamfactory
 
 ### compilebot (Usuario não humano) --------------------------------------------

diff --git a/logbook/aguia-pescadora-bravo/etc/nginx/sites-available/EXEMPLO-PROXY.abp.etica.ai.conf b/logbook/aguia-pescadora-bravo/etc/nginx/sites-available/EXEMPLO-PROXY.abp.etica.ai.conf
@@ -6,6 +6,8 @@ server {
     listen [::]:80;
 
     server_name EXEMPLO-PROXY.apb.etica.ai;
+    # root /home2/EXEMPLO-PROXY/web/php;
+    # index index.html index.htm index.php;
 
     location / {
         proxy_ignore_client_abort on;

diff --git a/logbook/aguia-pescadora-bravo/etc/nginx/sites-available/dreamfactory.apb.etica.ai.conf b/logbook/aguia-pescadora-bravo/etc/nginx/sites-available/dreamfactory.apb.etica.ai.conf
@@ -0,0 +1,46 @@
+# FILE:         /etc/nginx/sites-available/dreamfactory.apb.etica.ai.conf
+# SERVER:       aguia-pescadora-bravo.etica.ai
+
+server {
+
+    server_name dreamfactory.apb.etica.ai;
+
+    root /home2/dreamfactory/web/dreamfactory;
+    index index.html index.htm index.php;
+
+    location / {
+        try_files $uri $uri/ =404;
+    }
+
+    location = /favicon.ico { access_log off; log_not_found off; }
+    location = /robots.txt  { access_log off; log_not_found off; }
+
+    location ~ \.php$ {
+        include snippets/fastcgi-php.conf;
+        fastcgi_pass unix:/var/run/php/php7.2-fpm-dreamfactory.sock;
+    }
+
+    listen [::]:443 ssl; # managed by Certbot
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/dreamfactory.apb.etica.ai/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/dreamfactory.apb.etica.ai/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+
+server {
+    if ($host = dreamfactory.apb.etica.ai) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+
+    listen 80;
+    listen [::]:80;
+
+    server_name dreamfactory.apb.etica.ai;
+    return 404; # managed by Certbot
+
+
+}
diff --git a/logbook/aguia-pescadora-bravo/etc/php/7.2/fpm/pool.d/dreamfactory.conf b/logbook/aguia-pescadora-bravo/etc/php/7.2/fpm/pool.d/dreamfactory.conf
@@ -45,7 +45,7 @@ listen = /run/php/php7.2-fpm-dreamfactory.sock
 ; Default Values: user and group are set as the running user
 ;                 mode is set to 0660
 listen.owner = dreamfactory
-listen.group = dreamfactory
+listen.group = www-data
 ;listen.mode = 0660
 ; When POSIX Access Control Lists are supported you can set them using
 ; these options, value is a comma separated list of user/group names.