kosenka/ubuntu.22.04
1
0
Fork 0
Code Actions Wiki
ubuntu.22.04/hestiacp_install
kosenka f7b86d0af1 Обновить hestiacp_install
2025-04-17 12:54:44 +03:00

187 lines
6.4 KiB
Plaintext
Raw Blame History

# sudo -s
### ? gpg --no-default-keyring --keyring /usr/share/keyrings/hestia-keyring.gpg --keyserver hkp://185.125.188.26 --recv-keys A189E93654F0B0E5
# gpg --keyring /usr/share/keyrings/hestia-keyring.gpg --keyserver hkp://185.125.188.26 --recv-keys A189E93654F0B0E5
# wget https://raw.githubusercontent.com/hestiacp/hestiacp/release/install/hst-install.sh
# bash hst-install.sh --lang 'ru' --hostname '$HOSTNAME' --username '$USERNAME' --email '$EMAIL' --password '$PASSWORD' --multiphp '8.2' --postgresql yes --dovecot no --clamav no --spamassassin no
# reboot
# sudo -s
# apt-get install -y memcached php-memcached php8.2-memcached php8.2-intl php8.2-sqlite3 sqlite3 freetds-dev freetds-bin freetds-common tdsodbc odbcinst unixodbc php8.2-odbc smbclient cifs-utils php8.2-smbclient
# echo "[FreeTDS]
Description=FreeTDS driver
Driver=/usr/lib/x86_64-linux-gnu/odbc/libtdsodbc.so
Setup=/usr/lib/x86_64-linux-gnu/odbc/libtdsodbc.so
UsageCount=4
Threading=2" >> /etc/odbcinst.ini
# usermod -aG sudo $USERNAME
# v-change-user-package $USERNAME default
# v-change-user-shell $USERNAME bash
# v-add-database $USERNAME rfclass_pg rfclass_pg $DBPASSWORD pgsql localhost
# v-add-database $USERNAME eis_pg eis_pg $DBPASSWORD pgsql localhost
# v-add-web-domain $USERNAME $DOMAIN $IP-DOMAIN yes www.$DOMAIN
https://manik.me/fixing-sftp-not-working-after-installing-hestiacp/
# find / -name "sftp-server" 2>/dev/null
# mcedit /etc/ssh/sshd_config
find: Subsystem sftp internal-sftp-server
replace: Subsystem sftp /usr/lib/openssh/sftp-server
save file and exit
# systemctl restart ssh
# mkdir /mnt/FOTOSVID && chown admin:admin /mnt/FOTOSVID
# echo "[Unit]
Description=Mount SMB share
After=network.target
Wants=network.target
[Service]
Type=oneshot
ExecStartPre=sleep 15
ExecStart=/bin/mount -t cifs //10.77.1.250/FOTOSVID /mnt/FOTOSVID -o username=fotosvid,password=$PASSWORD,rw,file_mode=0666,dir_mode=0777
[Install]
WantedBy=multi-user.target
" > /etc/systemd/system/mnt-fotosvid.service
# systemctl daemon-reload
# systemctl enable mnt-fotosvid.service && systemctl start mnt-fotosvid.service
adding hestia template for RFCLASS.RU and EIS.RFCLASS.RU:
# touch /usr/local/hestia/data/templates/web/php-fpm/rfclass_default.tpl
# mcedit /usr/local/hestia/data/templates/web/php-fpm/rfclass_default.tpl
[%backend%]
listen = /run/php/php%backend_version%-fpm-%domain%.sock
listen.owner = %user%
listen.group = www-data
listen.mode = 0660
user = %user%
group = %user%
pm = ondemand
pm.max_children = 8
pm.max_requests = 4000
pm.process_idle_timeout = 10s
pm.status_path = /status
php_admin_value[upload_tmp_dir] = /home/%user%/tmp
php_admin_value[session.save_path] = /home/%user%/tmp
php_admin_value[open_basedir] = /mnt/FOTOSVID:/home/%user%/.composer:/home/%user%/web/%domain%/public_html:/home/%user%/web/%domain%/private:/home/%user%/web/%domain%/public_shtml:/home/%user%/tmp:/tmp:/bin:/usr/bin:/usr/local/bin:/usr/share:/opt
php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f admin@%domain%
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /home/%user%/tmp
env[TMPDIR] = /home/%user%/tmp
env[TEMP] = /home/%user%/tmp
save and exit
# v-change-web-domain-backend-tpl $USERNAME $DOMAIN $TEMPLATE
get password for Postgres
# grep -Eo "PASSWORD='[a-zA-Z0-9]+'" /usr/local/hestia/conf/pgsql.conf | awk -F "PASSWORD=" '{print $2}' | awk -F "'" '{print $2}'
*** relogin as $USERNAME
# cd /home/$USERNAME/web/$DOMAIN/public_html/
# rm /home/$USERNAME/web/$DOMAIN/public_html/index.html
# rm /home/$USERNAME/web/$DOMAIN/public_html/robots.txt
# git clone https://git.kosenka.ru/kosenka/$DOMAIN.git .
# php composer.phar install
# touch /home/$USERNAME/web/$DOMAIN/public_html/config/params-local.php
# touch /home/$USERNAME/web/$DOMAIN/public_html/config/dbEIS.php
<?php
use yii\db\Connection;
use yii\db\pgsql\Schema;
return [
'class' => Connection::class,
'dsn' => 'pgsql:host=localhost;dbname=$DB_NAME',
'username' => '$DB_USER',
'password' => '$DB_PASSWORD',
'schemaMap' => [
'pgsql' => [
'class' => Schema::class,
'defaultSchema' => 'public', //specify your schema here, public is the default schema
],
],
// Schema cache options (for production environment)
'enableSchemaCache' => !YII_DEBUG,
'schemaCacheDuration' => 3600,
'schemaCache' => 'cache',
'enableQueryCache' => true,
'queryCacheDuration' => 3600,
];
# touch /home/$USERNAME/web/$DOMAIN/public_html/config/dbPG.php
<?php
use yii\db\Connection;
use yii\db\pgsql\Schema;
return [
'class' => Connection::class,
'dsn' => 'pgsql:host=localhost;dbname=$DB_NAME',
'username' => '$DB_USER',
'password' => '$DB_PASSWORD',
'schemaMap' => [
'pgsql' => [
'class' => Schema::class,
'defaultSchema' => 'public', //specify your schema here, public is the default schema
],
],
// Schema cache options (for production environment)
'enableSchemaCache' => !YII_DEBUG,
'schemaCacheDuration' => 3600,
'schemaCache' => 'cache',
'enableQueryCache' => true,
'queryCacheDuration' => 3600,
];
# sudo su -
# v-change-web-domain-docroot $USERNAME $DOMAIN $DOMAIN web
# touch /home/admin/conf/web/$DOMAIN/nginx.ssl.conf_my
# mcedit /home/admin/conf/web/$DOMAIN/nginx.ssl.conf_my
location ~* ^.+\.(odt|pdf|doc|docx|xls|xlsx|ppt|pptx)$ {
proxy_pass https://$IP_ADDRESS:8443;
add_header Last-Modified "";
add_header Cache-Control 'no-store, no-cache';
if_modified_since off;
expires off;
etag off;
try_files $uri @fallback;
}
add_header X-Frame-Options SAMEORIGIN;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
add_header X-Content-Type-Options nosniff;
add_header Referrer-Policy "no-referrer-when-downgrade";
add_header X-XSS-Protection "1; mode=block";
add_header Permissions-Policy "geolocation=(),midi=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=*,payment=()";
add_header Content-Secutiry-Policy "upgrade-insecure-requests";
save and exit
# apt-get install -y libreoffice-core --no-install-recommends libreoffice-writer default-jre libreoffice-java-common
# route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.77.1.6 dev enp6s19
на впн-сервере в файле server.conf: push "route 10.77.1.245 255.255.255.255"
# exit
View Git Blame Copy Permalink