aguia-pescadora-bravo (#16), phpmyadmin (#53), php-web (#41): criado …

…exemplo de configuração PHP-FPM

logbook/aguia-pescadora-bravo.sh

@@ -533,6 +533,7 @@ sudo -u dreamfactory  mkdir /home2/dreamfactory/log
 # Cria worker PHP-FPM exclusivo baseado no www.conf
 sudo cp /etc/php/7.2/fpm/pool.d/www.conf /etc/php/7.2/fpm/pool.d/dreamfactory.conf
 sudo vim /etc/php/7.2/fpm/pool.d/dreamfactory.conf
+sudo php-fpm7.2 --test # Valide se configurações são validas (sim, esse nome)
 sudo systemctl reload php7.2-fpm
 
 # Prepara o NGinx
@@ -621,8 +622,8 @@ sudo mkdir /home2/compilebot/log
 cp /etc/php/7.2/fpm/pool.d/www.conf /etc/php/7.2/fpm/pool.d/compilebot.conf
 
 sudo vim /etc/php/7.2/fpm/pool.d/compilebot.conf
-#...
-# compilebot.api.apb.etica.ai
+
+sudo php-fpm7.2 --test # Valide se configurações são validas (sim, esse nome)
 sudo systemctl reload php7.2-fpm
 
 sudo vim /etc/nginx/sites-available/compilebot.api.apb.etica.ai.conf
@@ -1262,6 +1263,8 @@ mysql -h elefante-borneu-yul-01.etica.ai -u haproxy
 # SEÇÃO 5.5: FERRAMENTAS PARA GERENCIAMENTO ADMINISTRATIVO DE DADOS            #
 #                                                                              #
 # TL;DR: PHPMyAdmin, etc                                                       #
+#                                                                              #
+# URLS: - https://phpmyadmin.apb.etica.ai/                                     #
 #------------------------------------------------------------------------------#
 
 #### PHPMyAdmin ________________________________________________________________
@@ -1273,17 +1276,25 @@ mysql -h elefante-borneu-yul-01.etica.ai -u haproxy
 
 sudo apt install phpmyadmin
 
-sudo cp /etc/nginx/sites-available/EXEMPLO-PROXY.abp.etica.ai.conf /etc/nginx/sites-available/phpmyadmin.apb.etica.ai.conf
+sudo cp /etc/php/7.2/fpm/pool.d/USUARIO.conf.EXEMPLO /etc/php/7.2/fpm/pool.d/phpmyadmin.conf
+sudo vim /etc/php/7.2/fpm/pool.d/phpmyadmin.conf
+# Adicione todas as customizacoes deste usuario no arquivo acima...
 
+sudo php-fpm7.2 --test # Valide se configurações são validas (sim, esse nome)
+sudo systemctl reload php7.2-fpm
+
+sudo cp /etc/nginx/sites-available/EXEMPLO-PROXY.abp.etica.ai.conf /etc/nginx/sites-available/phpmyadmin.apb.etica.ai.conf
 sudo vim /etc/nginx/sites-available/phpmyadmin.apb.etica.ai.conf
 # Adicione todas as customizacoes deste usuario no arquivo acima...
 
 sudo ln -s /etc/nginx/sites-available/phpmyadmin.apb.etica.ai.conf /etc/nginx/sites-enabled/
-#sudo nginx -t
-#sudo systemctl reload nginx
+sudo nginx -t  # Valide se configurações NGinx são validas (sim, esse nome)
+sudo systemctl reload nginx
 
-#sudo certbot --nginx -d phpmyadmin.apb.etica.ai
+sudo certbot --nginx -d phpmyadmin.apb.etica.ai
 
+# TODO: por alguma proteção, mesmo que simples, para evitar bruteforce de bots
+#       em https://phpmyadmin.apb.etica.ai/ (fititnt, 2019-05-21 00:23 BRT)
 
 #------------------------------------------------------------------------------#
 # SEÇÃO 6.0: GERENCIAMENTO DE PROCESSOS                                        #

logbook/aguia-pescadora-bravo/etc/nginx/sites-available/EXEMPLO-PROXY.abp.etica.ai.conf

@@ -1,4 +1,5 @@
 # FILE:         /etc/nginx/sites-available/EXEMPLO-PROXY.abp.etica.ai.conf
+# SERVER:       aguia-pescadora-bravo.etica.ai
 
 server {
 
@@ -9,8 +10,26 @@ server {
     # root /home2/EXEMPLO-PROXY/web/php;
     # index index.html index.htm index.php;
 
+    # NOTA: use isto caso queira que o NGinx sirva arquivo estáticos antes de
+    #       repassar para o proxy. A maioria das aplicações PHP, NodeJS,
+    #       serão muito menos eficientes do que usar o NGinx
     location / {
-        proxy_ignore_client_abort on;
-        proxy_pass   http://127.0.0.1:9999;
+        try_files $uri $uri/ =404;
+    }
+
+    location = /favicon.ico { access_log off; log_not_found off; }
+    location = /robots.txt  { access_log off; log_not_found off; }
+
+    # ESTRATEGIA DE PROXY: via porta (menos eficiente do que via Socket,
+    #                      porém mais fácil suporte a ela)
+    #location / {
+    #    proxy_ignore_client_abort on;
+    #    proxy_pass   http://127.0.0.1:9999;
+    #}
+
+    # ESTRATEGIA DE PROXY: via socket (exemplo usado: PHP-FPM)
+    location ~ \.php$ {
+        include snippets/fastcgi-php.conf;
+        fastcgi_pass unix:/var/run/php/php7.2-fpm-EXEMPLO-PROXY.sock;
     }
 }

logbook/aguia-pescadora-bravo/etc/nginx/sites-available/default

@@ -1,6 +1,3 @@
-# FILE:    /etc/nginx/sites-available/default
-# SERVER:  aguia-pescadora-bravo.etica.ai
-
 ##
 # You should look at the following URL's in order to grasp a solid understanding
 # of Nginx configuration files in order to fully unleash the power of Nginx.

logbook/aguia-pescadora-bravo/etc/nginx/sites-available/grafana.apb.etica.ai.conf

@@ -1,14 +1,35 @@
-# FILE:         /etc/nginx/sites-available/grafana.abp.etica.ai.conf
+# FILE:         /etc/nginx/sites-available/grafana.apb.etica.ai.conf
 
 server {
 
-    listen 80;
-    listen [::]:80;
-
-    server_name grafana.abp.etica.ai;
+    server_name grafana.apb.etica.ai;
 
     location / {
         proxy_ignore_client_abort on;
         proxy_pass   http://127.0.0.1:20200;
     }
+
+    listen [::]:443 ssl; # managed by Certbot
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/grafana.apb.etica.ai/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/grafana.apb.etica.ai/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+
+server {
+    if ($host = grafana.apb.etica.ai) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+
+    listen 80;
+    listen [::]:80;
+
+    server_name grafana.apb.etica.ai;
+    return 404; # managed by Certbot
+
+
 }

logbook/aguia-pescadora-bravo/etc/nginx/sites-available/phpmyadmin.apb.etica.ai.conf

@@ -1,4 +1,5 @@
 # FILE:         /etc/nginx/sites-available/phpmyadmin.abp.etica.ai.conf
+# SERVER:       aguia-pescadora-bravo.etica.ai
 
 server {
 
@@ -10,7 +11,22 @@ server {
     index index.html index.htm index.php;
 
     location / {
-        proxy_ignore_client_abort on;
-        proxy_pass   http://127.0.0.1:9999;
+        try_files $uri $uri/ =404;
     }
+
+    location = /favicon.ico { access_log off; log_not_found off; }
+    location = /robots.txt  { access_log off; log_not_found off; }
+
+    location ~ \.php$ {
+        include snippets/fastcgi-php.conf;
+        fastcgi_pass unix:/var/run/php/php7.2-fpm-phpmyadmin.sock;
+    }
+
+    listen [::]:443 ssl; # managed by Certbot
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/phpmyadmin.apb.etica.ai/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/phpmyadmin.apb.etica.ai/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
 }

logbook/aguia-pescadora-bravo/etc/php/7.2/fpm/pool.d/USUARIO.conf.EXEMPLO

@@ -0,0 +1,21 @@
+[USUARIO]
+
+; Use ";" para comentarios
+; Se usar "#" causa erro de sintaxe
+
+user = USUARIO
+group = USUARIO
+
+listen = /run/php/php7.2-fpm-USUARIO.sock
+
+listen.owner = USUARIO
+listen.group = www-data
+
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 1
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+
+php_flag[display_errors] = on
+php_admin_value[error_log] = /home2/USUARIO/log/fpm-php.USUARIO.log

logbook/aguia-pescadora-bravo/etc/php/7.2/fpm/pool.d/phpmyadmin.conf

@@ -0,0 +1,18 @@
+[phpmyadmin]
+
+user = www-data
+group = www-data
+
+listen = /run/php/php7.2-fpm-phpmyadmin.sock
+
+listen.owner = www-data
+listen.group = www-data
+
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 1
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+
+;php_flag[display_errors] = on
+;php_admin_value[error_log] = /home2/USUARIO/log/fpm-php.USUARIO.log

logbook/aguia-pescadora-bravo/usr/share/phpmyadmin/config.inc.php

@@ -0,0 +1,3 @@
+<?php
+
+$cfg['Servers'][$i]['host'] = '127.0.0.1';