Configuration files

Here’s a quick run-through the conf files available in this AMIs.

  • autorun.sh - This script will be executed at every boot, using the admin user. Keep in mind that the AMI will make read-only the file on every boot, and it will chown it to admin. You’ll find this script useful if you want to execute some extra tasks after booting, such as collecting static files or maybe running migrations.

  • cron/* - This folder contains the usual /etc/cron.* folders structure you’d expect to have. Scripts inside these folders (d, daily, hourly, monthly, weekly) will be copied to the corresponding folder in /etc/cron.*. Note that file names should be LANANA-assigned namespace, aka run-parts(8) compliant, aka only upper- and lower-case letters, digits, underscores and hyphens. They also must end with a new empty line.

  • global/hostname - Sets the hostname. Use any of the available variables:

    • KERNEL_NAME

    • NODENAME

    • KERNEL_RELEASE

    • KERNEL_VERSION

    • MACHINE

    • PROCESSOR

    • HARDWARE_PLATFORM

    • OS

    • IP_ADDR

      Keep in mind that the value of the resulting string will be slugified according to **RFC 1123**, which means that only letters, digits and hyphens are allowed.
  • global/timezone - Sets the timezone. Use whatever you’d normally put in your /etc/timezone file. Check /usr/share/zoneinfo/.

  • mail/msmtprc - You can configure an SMTP server which will be used to send alerts from Auditd, RKHunter, Fail2ban, etc…​

  • mail/notifications - Write a single line containing a valid email address to which the alerts should be sent.

  • netdata/password - This is the file you’ll want to edit in order to change Netdata’s basic auth user/password. Use the usual command to generate a valid NGINX username and hash: openssl passwd -apr1 netdata. The user/password in the demo AMI is netdata/netdata

  • nginx/web.conf - This is the NGINX’s website configuration. It will listen by default on port 80, but there is a commented section in the configuration that will enable HTTPS using your certificates (nginx/helloworld.crt and nginx/helloworld.key).

  • php/wwwXY.conf - Those are the PHP-FPM pools configuration files. There is one configuration file per PHP version (www56.conf belongs to the PHP-FPM 5.6 server, www70.conf belongs to the PHP-FPM 7.0 server, and so on…​). Each server is listening on port 30xy, meaning, PHP-FPM 5.6 is listening on port 3056, PHP-FPM 7.0 is listening on port 3070, and so on…​ This is important as this is how you switch the PHP version in your application. You point NGINX’s fastcgi_pass option to the port of the PHP-FPM localhost server you want to use (localhost:3056 for PHP-FPM 5.6, localhost:3070 for PHP-FPM 7.0, and so on…​).