All Recipes
140 recipes available
Optimize SSL
Enable SSL Session Cache, add Optimized SSL Cyphers, enable SSL Stapling. This is part of a larger SSL optimization process described here: https://laravel-news.com/2016/01/optimizing-ssl-laravel-f...
cat > /etc/nginx/conf.d/ssl_optimizations.conf <<EOT
# Session Cache Settings
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 180m;
Install Front-End Build Tools
Install some default Front-End build tools including Bower, Grunt and Compass
echo "Installing Bower..."
npm install -g bower
echo "Installing Grunt..."
Persistent 1GB SWAP ( fast, will only run once )
This is a combination of masterbee and simensen's swap recipes into one script. Basically the same thing as simensen's, but it provides a cleaner output and uses /var/swap.img instead of a file at ...
if [ -f /var/swap.img ]; then
echo "/var/swap.img already exists. Nothing to do."
exit 1
fi
New Relic Install
Installs new relic monitoring on your droplet. You must have a new relic account and replace the indicated text with your new relic key & run as root.
echo deb http://apt.newrelic.com/debian/ newrelic non-free >> /etc/apt/sources.list.d/newrelic.list
wget -O- https://download.newrelic.com/548C16BF.gpg | apt-key add -
apt-get update
apt-get install newrelic-sysmond
Enable HTTP2 on Nginx
If the version of Nginx is higher than 1.9.5, it enable the HTTP2 protocol for sites with ssl.
if [[ $(nginx -v 2>&1 | grep -E '[0-9]+\.[0-9]+(\.[0-9]+)?' -o) > 1.9.5 ]]; then
for I in `grep -l 'listen 443 ssl;' /etc/nginx/sites-available/*`; do
sed -i 's/listen 443 ssl;/listen 443 ssl http2;/g' $I
sed -i "s/ssl_protocols TLSv1 TLSv1.1 TLSv1.2;/ssl_protocols TLSv1 TLSv1.1 TLSv1.2;\\n ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 kEECDH+AES256 kEDH+AES128 kEDH+AES256 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW !kECDH !DSS !MD5 !EXP !PSK !SRP !CAMELLIA !SEED';/g" $I
phpiredis for php5
Install the dependencies of phpiredis, then install the phpiredis and enable it.
sudo apt-get update
sudo apt-get install libhiredis0.10 libhiredis-dev -y
git clone https://github.com/nrk/phpiredis.git
Remove MySQL
service mysql stop
killall -9 mysql
killall -9 mysqld
apt-get -y remove --purge mysql-server mysql-client mysql-common
Remove PostgreSQL
Removing PostgreSQL
apt-get --purge remove postgresql\*
rm -r /etc/postgresql/
rm -r /etc/postgresql-common/
Install NTP Server
sudo apt-get install ntp
sudo service ntp restartPatch LOGJAM Vulnerability
Patches the LOGJAM SSL vulnerability. This recipe may take several minutes to complete.
openssl dhparam -out /etc/nginx/dhparams.pem 2048
cat > /etc/nginx/logjam_fix << 'EOF'
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
Install WP-CLI
Installing WP-CLI and moving it to path and giving it execute permissions.
cd ~/
curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
php wp-cli.phar --info
chmod +x wp-cli.phar
Use php.ini-production
We download php.ini-production from the php repo
cd /etc/php5/fpm
mv php.ini php.ini.orig
wget -O php.ini https://raw.githubusercontent.com/php/php-src/master/php.ini-production
service php5-fpm restart