Pinch
Intelligent Stack Scripts for CentOS Linux
Pinch installs, secures and configures your very own Nginx, PHP-FPM, APC and MariaDB web-server in a matter of minutes. It’s so easy to install and streamlines your production environment.
Installation
Pinch is a pinch to install, simply execute the following commands to get started:
yum install -y git; git clone git://github.com/drewsymo/Pinch.git; cd Pinch/vanilla-lemp; bash install.sh;
If you’re on Linode, you can simply rebuild your instance with the Pinch-installer
stackscript.
Features
- Installs a LEMP stack (PHP-FPM, MariaDB, APC, Nginx and Varnish Cache) via Yum
- Configures Varnish Cache with Nginx out-of-the-box
- Sets your hostname, timezone and installs essential tools
- Uses GoogleDNS with Level3 tertiary resolver
- Intelligently configures Nginx based on CPU cores
- Sets Varnish memory allocation percentage based on total memory
- Retrieves MariaDB server.cnf based on total memory
- Sets MariaDB root password and removes testing user / tables
- Creates a daily cron with email notifications for available Yum updates
- Secures your system via the following methods:
- Creates privileged sudo user
- Disable SSH root logins
- Disables UseDNS
- Change default SSH port
- Enables SElinux
- Firewall via iptables
- Sets common network security parameters
- Disables IPv6
- Creates unprivileged www-data user for lemp components
Documentation
What are the PHP-FPM, Nginx, MariaDB and Varnish Locations?
The locations for each of the Pinch components are as follows:
- Nginx:
/etc/nginx
- PHP-FPM:
/etc/php-fpm.d/
- MariaDB:
/etc/my.cnf.d/
- Varnish:
/etc/varnish/
&/etc/sysconfig/varnish/
What is the Username and Password of my system?
Pinch creates a new privileged user for your system and disables root SSH logins for security. Additionally, it will set a root password for your MariaDB server.
- Hostname Option:
host.domain.com
- Timezone Option:
Australia/NSW
- New SSH Port:
3636
- New Root Username:
sudoninja
- New Root Password:
sudoninjapassword
- MariaDB Root Password:
mariadbpassword
For example, you can now login using ssh -p 3636 sudoninja@x.x.x.x
with the passwordsudoninjapassword
.
You can adjust the defaults by modifying the parameters in the install.sh
script, located in thevanilla-lemp
folder. Alternatively, if you are using the Linode stack-script, you will be prompted to enter these options on rebuild.
Don’t forgot to change your password by typing in your console
pwd sudoninja
Debugging
To debug Pinch, simply cat or grep the Pinch installer log (/var/log/stackscript.log) for error messages, e.g.
grep "error" /var/log/stackscript.log
To jump to more specific sections, you can grep the individual functions, e.g.
grep "pinch_nginx" /var/log/stackscript.log