In this post, the most common Nginx commands that I use are listed. This is not really interesting but I'm bored of asking google for it every week!

source

sudo apt-get install -y nginx

sudo apt-get install -y php7.0-fpm

sudo apt-get install -y php7.0-gd php7.0-mysql php7.0-cli php7.0-common php7.0-curl php7.0-opcache php7.0-json php7.0-imap php7.0-mbstring php7.0-xml php7-pgsql php7.0-sqlite

Vagrant tips for dev env

In the following files change www-data to vagrant:

• /etc/php/7.0/fpm/php-fpm.conf
• /etc/php/7.0/fpm/pool.d/www.conf

Restart services

sudo service nginx restart && sudo service php7.0-fpm restart

Vhost

Create a vhost file

In /etc/nginx/sites-available/default file:

server {
    listen 80;
    listen [::]:80;
    server_name www.massonweb.fr;
    # enforce https
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name massonweb.fr;

    ssl_certificate /etc/letsencrypt/live/massonweb.fr/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/massonweb.fr/privkey.pem;

    root /var/www/html;

    index index.php index.html;

    access_log /var/log/nginx/default-access_log;
    error_log /var/log/nginx/default-error_log;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_index index.php;
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include /etc/nginx/fastcgi_params;
    }
}

Enable vhost

sudo ln -s /etc/nginx/sites-available/default  /etc/nginx/sites-enabled/default    
sudo service nginx restart

Virtual hosts

Virtual hosts allow to run several sites on the same server.

Several sites on the same machine

Make use of the ServerName directive to match the right site.

In /etc/apache2/sites-enabled/foo.conf:

    <VirtualHost *:80> 
            ServerName foo.local
            ServerAdmin webmaster@localhost
            DocumentRoot /home/pi/projects/foo/
            ErrorLog /foo.log
            CustomLog /access-foo.log combined
    </VirtualHost>

In /etc/apache2/sites-enabled/bar.conf:

    <VirtualHost *:80> 
            ServerName bar.local
            ServerAdmin webmaster@localhost
            DocumentRoot /home/pi/projects/bar/
            ErrorLog /bar.log
            CustomLog /access-bar.log combined
    </VirtualHost> 

When an http request corresponding to the ServerName value is received, the right answer is served according to the vhost.conf.

Enable a vhost

a2ensite video-app

Disable a vhost

a2dissite video-app

Modules

List enables/loaded modules

apache2ctl -M

Enable a module

sudo a2enmod rewrite

Server status

apache2ctl status

Security

Hide server version

In /etc/apache2/conf-available/security.conf:

ServerTokens Prod
ServerSignature Off

Prevent site encapsulation in an external iframe

In /etc/apache2/conf-available/security.conf:

Leader set X-Frame-Options: "sameorigin" 

Secure a vhost with a basic authentication

install utils:

apt-get install apache2 apache2-utils

Generate password for user ben:

htpasswd -c /etc/apache2/.htpasswd ben

cat /etc/apache2/.htpasswd

output:

 ben:$apr1$ULdWsbYp$eawlgBJZvKhr7L8V1NWGD/

Secure your vhost:

    LISTEN 10000 
    <VirtualHost *:10000> 
            ServerAdmin webmaster@localhost
            DocumentRoot /home/pi/projects/videoapp/web/
             <Directory /home/pi/projects/videoapp>
                    Options Indexes FollowSymLinks
                    AllowOverride All
                    AuthType Basic
                    AuthName "Restricted Content"
                    AuthUserFile /etc/apache2/.htpasswd
                    Require valid-user
            </Directory>
            ErrorLog /error-videoapp.log
            CustomLog /access-videoapp.log combined
    </VirtualHost>

In this post, the most common pgsql commands that I use are listed. This is not really interesting but I'm bored of asking google for it every week!

Start psql command line utility

Using the postgres superuser:

sudo -u postgres psql

Exit

postgres=# \q

List databases

postgres=# \l+

output:

                                                                    List of databases
    Name    |  Owner   | Encoding |   Collate   |    Ctype    |   Access privileges   |  Size   | Tablespace |                Description                 
------------+----------+----------+-------------+-------------+-----------------------+---------+------------+--------------------------------------------
 clipbucket | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 |                       | 6532 kB | pg_default | 
 moodle     | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 |                       | 6532 kB | pg_default | 
 postgres   | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 |                       | 6532 kB | pg_default | default administrative connection database
 template0  | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =c/postgres          +| 6409 kB | pg_default | unmodifiable empty database
            |          |          |             |             | postgres=CTc/postgres |         |            | 
 template1  | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =c/postgres          +| 6532 kB | pg_default | default template for new databases
            |          |          |             |             | postgres=CTc/postgres |         |            | 
 testdb     | testdb   | UTF8     | en_US.UTF-8 | en_US.UTF-8 |                       | 6724 kB | pg_default | 
 videoapp   | videoapp | UTF8     | en_US.UTF-8 | en_US.UTF-8 |                       | 6724 kB | pg_default | 
(7 rows)

Drop database

postgres=# DROP DATABASE testdeploy;

output:

postgres=# DROP DATABASE

List users

postgres=# \du+

output :

                                   List of roles
   Role name    |                   Attributes                   | Member of | Description 
----------------+------------------------------------------------+-----------+-------------
 clipbucket     |                                                | {}        | 
 manuel         | Create DB                                      | {}        | 
 moodle         |                                                | {}        | 
 postgres       | Superuser, Create role, Create DB, Replication | {}        | 
 testdb         | Create DB                                      | {}        | 
 testdeploy     | Create DB                                      | {}        | 
 testdeploytest | Create DB                                      | {}        | 
 videoapp       | Create DB                                      | {}        | 

Drop user

postgres=# DROP USER testdeploy;

output:

DROP ROLE

Create user

postgres=# CREATE USER videoapp WITH PASSWORD 'videoapp' CREATEDB ;

Note : This user has privilege to create a db.

output:

CREATE ROLE

List DB tables

Switch database

postgres=# \c videoapp

output:

You are now connected to database "videoapp" as user "postgres".

List tables

videoapp=# \dt+

output:

                         List of relations
 Schema |    Name     | Type  |  Owner   |    Size    | Description 
--------+-------------+-------+----------+------------+-------------
 public | fos_user    | table | videoapp | 8192 bytes | 
 public | tag         | table | videoapp | 0 bytes    | 
 public | video       | table | videoapp | 8192 bytes | 
 public | videos_tags | table | videoapp | 0 bytes    | 
(4 rows)

Privileges

Connect as postgres superuser

PGPASSWORD="P@ss0rd" psql -U postgres -h 10.11.12.13 -p 5432

Grant Privileges

GRANT CONNECT ON DATABASE app_database TO app_user;
\c app_database
GRANT USAGE ON SCHEMA public TO app_user;
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO app_user;
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO app_user;

Config files

Determine which config file is in use

SHOW config_file ;

Determine which hba file is in use

SHOW hba_file;

Connection

Remote connection

In postgresql.conf:

listen_addresses = '*'

In pg_hba.conf:

host  all  all 0.0.0.0/0 md5