#!/bin/bash

# ssh disable password authentication
sed -i 's/^PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
systemctl restart sshd.service

# Time zone
/bin/cp -p /usr/share/zoneinfo/Japan /etc/localtime
echo 'ZONE="Asia/Tokyo"' > /etc/sysconfig/clock
echo 'UTC=false' >> /etc/sysconfig/clock

# Yum
## Utility
yum install -y \
    bash-completion \
    bind-utils \
    lsof \
    net-tools \
    screen \
    sos \
    sysstat \
    tree
## Editor
yum install -y \
    vim-enhanced

## Nginx Repository
cat << EOF | tee /etc/yum.repos.d/nginx-mainline.repo > /dev/null
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/7/x86_64/
gpgcheck=0
enabled=1
EOF

## Hack for Nginx
echo 'net.ipv4.tcp_tw_recycle = 1' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_tw_reuse = 1' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_max_syn_backlog = 100000' >> /etc/sysctl.conf
echo 'net.netfilter.nf_conntrack_max = 100000' >> /etc/sysctl.conf
echo 'net.nf_conntrack_max = 100000' >> /etc/sysctl.conf
echo 'fs.file-max = 320000'
sysctl -p

## Install Nginx and AB tools
yum install -y nginx httpd-tools

## nginx settings
sed -i 's/worker_processes  1;/worker_processes  auto;/' /etc/nginx/nginx.conf
mv /etc/nginx/conf.d/default.conf /tmp/default.conf
curl -OL https://raw.githubusercontent.com/kazuhisya/SL-Scripts/master/conf/nginx-lb-default.conf
mv nginx-lb-default.conf /etc/nginx/conf.d/default.conf

## nginx proxy cache settings
mkdir /var/cache/nginx/cache
chown nginx:nginx /var/cache/nginx/cache
curl -OL https://raw.githubusercontent.com/kazuhisya/SL-Scripts/master/conf/nginx-lb-cache-default.conf
mv nginx-lb-cache-default.conf /etc/nginx/conf.d/default.cache.example

## Service Enable and Start
systemctl enable nginx.service
systemctl start nginx.service