From 5707c8a500aa0c0211ddc2ee1481ec04c4e39867 Mon Sep 17 00:00:00 2001 From: Emerson Rocha Luiz Date: Wed, 29 May 2019 19:10:17 -0300 Subject: [PATCH] aguia-pescadora-bravo (#16), dreamfactory (#52): pagina padrao do PHP exibindo para o https://dreamfactory.apb.etica.ai/ --- logbook/aguia-pescadora-bravo.sh | 21 ++++++++- .../EXEMPLO-PROXY.abp.etica.ai.conf | 2 + .../dreamfactory.apb.etica.ai.conf | 46 +++++++++++++++++++ .../etc/php/7.2/fpm/pool.d/dreamfactory.conf | 2 +- 4 files changed, 69 insertions(+), 2 deletions(-) create mode 100644 logbook/aguia-pescadora-bravo/etc/nginx/sites-available/dreamfactory.apb.etica.ai.conf diff --git a/logbook/aguia-pescadora-bravo.sh b/logbook/aguia-pescadora-bravo.sh index 2ef59d0..b26ac3d 100644 --- a/logbook/aguia-pescadora-bravo.sh +++ b/logbook/aguia-pescadora-bravo.sh @@ -517,13 +517,32 @@ sudo useradd -r -s /bin/false dreamfactory sudo mkdir -p /home2/dreamfactory/web/dreamfactory sudo mkdir /home2/dreamfactory/log -sudo cp /etc/php/7.2/fpm/pool.d/www.conf /etc/php/7.2/fpm/pool.d/dreamfactory.conf +# Adiciona o usuario ao grupo www-data. Isso pode ser necessario em alguns casos +sudo usermod -a -G www-data dreamfactory +# Cria worker PHP-FPM exclusivo baseado no www.conf +sudo cp /etc/php/7.2/fpm/pool.d/www.conf /etc/php/7.2/fpm/pool.d/dreamfactory.conf sudo vim /etc/php/7.2/fpm/pool.d/dreamfactory.conf +sudo systemctl reload php7.2-fpm + +# Prepara o NGinx +sudo cp /etc/nginx/sites-available/EXEMPLO-PROXY.abp.etica.ai.conf /etc/nginx/sites-available/dreamfactory.apb.etica.ai.conf +sudo vim/etc/nginx/sites-available/dreamfactory.apb.etica.ai.conf + +sudo ln -s /etc/nginx/sites-available/dreamfactory.apb.etica.ai.conf /etc/nginx/sites-enabled/ +sudo nginx -t +sudo systemctl reload nginx + +# Cria uma página de teste +## sudo -u dreamfactory echo "dreamfactory
Servidor comunitario: http://aguia-pescadora-bravo.etica.ai
Arquivo: /home2/dreamfactory/web/dreamfactory/index.php
" > /home2/dreamfactory/web/dreamfactory/index.php +echo "dreamfactory
Servidor comunitario: http://aguia-pescadora-bravo.etica.ai
Arquivo: /home2/dreamfactory/web/dreamfactory/index.php
" | sudo -u dreamfactory tee /home2/dreamfactory/web/dreamfactory/index.php + +sudo certbot --nginx -d dreamfactory.apb.etica.ai # Error logs tail -f /home2/dreamfactory/log/fpm-php.dreamfactory.log +# Corrige as permissões para serem exclusivas deste usuário sudo chown dreamfactory:dreamfactory -R /home2/dreamfactory ### compilebot (Usuario não humano) -------------------------------------------- diff --git a/logbook/aguia-pescadora-bravo/etc/nginx/sites-available/EXEMPLO-PROXY.abp.etica.ai.conf b/logbook/aguia-pescadora-bravo/etc/nginx/sites-available/EXEMPLO-PROXY.abp.etica.ai.conf index 99f60c0..1ddc753 100644 --- a/logbook/aguia-pescadora-bravo/etc/nginx/sites-available/EXEMPLO-PROXY.abp.etica.ai.conf +++ b/logbook/aguia-pescadora-bravo/etc/nginx/sites-available/EXEMPLO-PROXY.abp.etica.ai.conf @@ -6,6 +6,8 @@ server { listen [::]:80; server_name EXEMPLO-PROXY.apb.etica.ai; + # root /home2/EXEMPLO-PROXY/web/php; + # index index.html index.htm index.php; location / { proxy_ignore_client_abort on; diff --git a/logbook/aguia-pescadora-bravo/etc/nginx/sites-available/dreamfactory.apb.etica.ai.conf b/logbook/aguia-pescadora-bravo/etc/nginx/sites-available/dreamfactory.apb.etica.ai.conf new file mode 100644 index 0000000..a5c94f5 --- /dev/null +++ b/logbook/aguia-pescadora-bravo/etc/nginx/sites-available/dreamfactory.apb.etica.ai.conf @@ -0,0 +1,46 @@ +# FILE: /etc/nginx/sites-available/dreamfactory.apb.etica.ai.conf +# SERVER: aguia-pescadora-bravo.etica.ai + +server { + + server_name dreamfactory.apb.etica.ai; + + root /home2/dreamfactory/web/dreamfactory; + index index.html index.htm index.php; + + location / { + try_files $uri $uri/ =404; + } + + location = /favicon.ico { access_log off; log_not_found off; } + location = /robots.txt { access_log off; log_not_found off; } + + location ~ \.php$ { + include snippets/fastcgi-php.conf; + fastcgi_pass unix:/var/run/php/php7.2-fpm-dreamfactory.sock; + } + + listen [::]:443 ssl; # managed by Certbot + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/dreamfactory.apb.etica.ai/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/dreamfactory.apb.etica.ai/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} + +server { + if ($host = dreamfactory.apb.etica.ai) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + + listen 80; + listen [::]:80; + + server_name dreamfactory.apb.etica.ai; + return 404; # managed by Certbot + + +} \ No newline at end of file diff --git a/logbook/aguia-pescadora-bravo/etc/php/7.2/fpm/pool.d/dreamfactory.conf b/logbook/aguia-pescadora-bravo/etc/php/7.2/fpm/pool.d/dreamfactory.conf index 231f3f2..a79a979 100644 --- a/logbook/aguia-pescadora-bravo/etc/php/7.2/fpm/pool.d/dreamfactory.conf +++ b/logbook/aguia-pescadora-bravo/etc/php/7.2/fpm/pool.d/dreamfactory.conf @@ -45,7 +45,7 @@ listen = /run/php/php7.2-fpm-dreamfactory.sock ; Default Values: user and group are set as the running user ; mode is set to 0660 listen.owner = dreamfactory -listen.group = dreamfactory +listen.group = www-data ;listen.mode = 0660 ; When POSIX Access Control Lists are supported you can set them using ; these options, value is a comma separated list of user/group names.