Skip to content

Instantly share code, notes, and snippets.

@FredNandrin
Last active July 17, 2021 20:21
Show Gist options
  • Save FredNandrin/db80de47f62c6c88f9780a5c89f0183f to your computer and use it in GitHub Desktop.
Save FredNandrin/db80de47f62c6c88f9780a5c89f0183f to your computer and use it in GitHub Desktop.
sh install_mysql.sh
sh install_apache_php7.sh
sh install_wordpress.sh
apt install vsftpd fail2ban
echo "listen_address=127.0.0.1" >> /etc/vsftpd.conf
echo "listen_address6=::1" >> /etc/vsftpd.conf
service vsftpd restart
{ \
echo 'Package: php*'; \
echo 'Pin: release *'; \
echo 'Pin-Priority: -1'; \
} > /etc/apt/preferences.d/no-debian-php
PHPIZE_DEPS="autoconf dpkg-dev file g++ gcc libc-dev make pkg-config re2c"
# persistent / runtime deps
apt-get update
apt-get install -y $PHPIZE_DEPS ca-certificates curl xz-utils --no-install-recommends apache2
rm -r /var/lib/apt/lists/*
PHP_INI_DIR="/usr/local/etc/php"
mkdir -p $PHP_INI_DIR/conf.d
APACHE_CONFDIR="/etc/apache2"
APACHE_ENVVARS="$APACHE_CONFDIR/envvars"
# Apache + PHP requires preforking Apache for best results
a2dismod mpm_event
a2enmod mpm_prefork
# logs should go to stdout / stderr
#set -ex \
# && . "$APACHE_ENVVARS" \
# && ln -sfT /dev/stderr "$APACHE_LOG_DIR/error.log" \
# && ln -sfT /dev/stdout "$APACHE_LOG_DIR/access.log" \
# && ln -sfT /dev/stdout "$APACHE_LOG_DIR/other_vhosts_access.log"
# PHP files should be handled by PHP, and should be preferred over any other file type
{ \
echo '<FilesMatch \.php$>'; \
echo '\tSetHandler application/x-httpd-php'; \
echo '</FilesMatch>'; \
echo; \
echo 'DirectoryIndex disabled'; \
echo 'DirectoryIndex index.php index.html'; \
echo; \
echo '<Directory /var/www/>'; \
echo '\tOptions -Indexes'; \
echo '\tAllowOverride All'; \
echo '</Directory>'; \
} | tee "$APACHE_CONFDIR/conf-available/docker-php.conf" \
&& a2enconf docker-php
PHP_EXTRA_BUILD_DEPS="apache2-dev"
PHP_EXTRA_CONFIGURE_ARGS="--with-apxs2=/usr/bin/apxs2 --disable-cgi"
##</autogenerated>##
# Apply stack smash protection to functions using local buffers and alloca()
# Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64)
# Enable optimization (-O2)
# Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default)
# Adds GNU HASH segments to generated executables (this is used if present, and is much faster than sysv hash; in this configuration, sysv hash is also generated)
# https://github.com/docker-library/php/issues/272
PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2"
PHP_CPPFLAGS="$PHP_CFLAGS"
PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie"
GPG_KEYS="1729F83938DA44E27BA0F4D3DBDB397470D12172 B1B44D8F021E4E2D6021E995DC9FF8D3EE5AF27F"
PHP_VERSION="7.2.7"
PHP_URL="https://secure.php.net/get/php-7.2.7.tar.xz/from/this/mirror"
PHP_ASC_URL="https://secure.php.net/get/php-7.2.7.tar.xz.asc/from/this/mirror"
PHP_SHA256="eb01c0153b3baf1f64b8b044013ce414b52fede222df3f509e8ff209478f31f0"
PHP_MD5=""
set -xe; \
\
fetchDeps=' wget '; \
if ! command -v gpg > /dev/null; then \
fetchDeps="$fetchDeps \
dirmngr \
gnupg \
"; \
fi; \
apt-get update; \
apt-get install -y --no-install-recommends $fetchDeps; \
rm -rf /var/lib/apt/lists/*; \
\
mkdir -p /usr/src; \
cd /usr/src; \
\
wget -O php.tar.xz "$PHP_URL"; \
\
if [ -n "$PHP_SHA256" ]; then \
echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \
fi; \
if [ -n "$PHP_MD5" ]; then \
echo "$PHP_MD5 *php.tar.xz" | md5sum -c -; \
fi; \
\
if [ -n "$PHP_ASC_URL" ]; then \
wget -O php.tar.xz.asc "$PHP_ASC_URL"; \
export GNUPGHOME="$(mktemp -d)"; \
# for key in $GPG_KEYS; do \
# gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
# done; \
# gpg --batch --verify php.tar.xz.asc php.tar.xz; \
command -v gpgconf > /dev/null && gpgconf --kill all; \
rm -rf "$GNUPGHOME"; \
fi;
#COPY docker-php-source /usr/local/bin/
set -eux;
savedAptMark="$(apt-mark showmanual)";
apt-get update;
apt-get install -y --no-install-recommends libargon2-0-dev libfreetype6-dev libpq-dev libxslt1-dev libbz2-dev libmcrypt-dev libxpm-dev libbz2-dev libcurl4-openssl-dev pkg-config libedit-dev libsodium-dev libsqlite3-dev libssl-dev libxml2-dev zlib1g-dev ${PHP_EXTRA_BUILD_DEPS:-} openssl libssl-dev libpng-dev libpng16-16 libjpeg-dev freetype* ;
# rm -rf /var/lib/apt/lists/*;
export CFLAGS="$PHP_CFLAGS" CPPFLAGS="$PHP_CPPFLAGS" LDFLAGS="$PHP_LDFLAGS" ;
mkdir -p "/usr/src/php"
tar -xf /usr/src/php.tar.xz -C "/usr/src/php" --strip-components=1
touch "/usr/src/php/.docker-extracted"
cd /usr/src/php;
gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)";
debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)";
# https://bugs.php.net/bug.php?id=74125
if [ ! -d /usr/local/include/curl ]; then ln -sT "/usr/include/$debMultiarch/curl" /usr/local/include/curl; fi;
./configure --build="$gnuArch" --with-config-file-path="$PHP_INI_DIR" --with-config-file-scan-dir="$PHP_INI_DIR/conf.d" --enable-option-checking=fatal --with-mhash --enable-ftp --enable-zip --enable-bcmath --enable-pcntl --enable-ftp --enable-exif --enable-calendar --enable-sysvmsg --enable-sysvsem --enable-sysvshm --enable-wddx --enable-intl --enable-mbstring --with-pdo-mysql=mysqlnd --with-mysqli=mysqlnd --enable-mysqlnd --enable-session '--with-gettext' '--with-xmlrpc' '--with-xsl' --with-password-argon2 --with-sodium=shared --with-curl --with-libedit --with-openssl --with-zlib ${PHP_EXTRA_CONFIGURE_ARGS:-} --with-gd --with-jpeg-dir --with-freetype-dir --with-zlib=/usr --with-bz2 --with-pdo-pgsql=shared --with-pgsql=shared
make -j "$(nproc)";
make install;
find /usr/local/bin /usr/local/sbin -type f -executable -exec strip --strip-all '{}' + || true;
make clean;
cd /;
apt-get install certbot -y
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false;
php --version;
pecl update-channels;
rm -rf /tmp/pear ~/.pearrc
# sodium was built as a shared module (so that it can be replaced later if so desired), so let's enable it too (https://github.com/docker-library/php/issues/598)
#RUN docker-php-ext-enable sodium
# MySQL
export MYSQL_MAJOR="5.7"
export MYSQL_VERSION="5.7.22-1debian9"
groupadd -r mysql
useradd -r -g mysql mysql
export GOSU_VERSION="1.7"
apt-get update
apt-get install -y --no-install-recommends gnupg dirmngr ca-certificates wget
wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)"
wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc"
export GNUPGHOME="$(mktemp -d)"
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu
rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc
chmod +x /usr/local/bin/gosu
gosu nobody true
#apt-get purge -y --auto-remove ca-certificates wget
apt-get update
apt-get install -y --no-install-recommends pwgen openssl perl
#rm -rf /var/lib/apt/lists/*
echo "deb http://repo.mysql.com/apt/debian/ stretch mysql-${MYSQL_MAJOR}" > /etc/apt/sources.list.d/mysql.list
key='A4A9406876FCBD3C456770C88C718D3B5072E1F5';
export GNUPGHOME="$(mktemp -d)";
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key";
gpg --export "$key" > /etc/apt/trusted.gpg.d/mysql.gpg;
rm -rf "$GNUPGHOME";
apt-key list > /dev/null
debconf-set-selections <<< "mysql-community-server mysql-community-server/data-dir select ''"
debconf-set-selections <<< "mysql-community-server mysql-community-server/root-pass password $MYSQL_PASS"
debconf-set-selections <<< "mysql-community-server mysql-community-server/re-root-pass password $MYSQL_PASS"
sudo apt-get update
sudo apt-get install -y mysql-server="${MYSQL_VERSION}" --allow-unauthenticated
#rm -rf /var/lib/apt/lists/*
rm -rf /var/lib/mysql
mkdir -p /var/lib/mysql /var/run/mysqld
chown -R mysql:mysql /var/lib/mysql /var/run/mysqld
chmod 777 /var/run/mysqld
find /etc/mysql/ -name '*.cnf' -print0 | xargs -0 grep -lZE '^(bind-address|log)' | xargs -rt -0 sed -Ei 's/^(bind-address|log)/#&/'
echo '[mysqld]\nskip-host-cache\nskip-name-resolve' > /etc/mysql/conf.d/docker.cnf
apt update
apt install curl unzip less -y
curl -O https://wordpress.org/latest.zip
unzip latest.zip
mv wordpress/* /var/www/html
chown www-data:www-data /var/www/html/wp-content/ -R
curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
chmod +x wp-cli.phar
sudo mv wp-cli.phar /usr/local/bin/wp
touch ~/.bash_profile
curl -O https://raw.githubusercontent.com/wp-cli/wp-cli/master/utils/wp-completion.bash
sudo mv wp-completion.bash /usr/local/bin/
echo "source /usr/local/bin/wp-completion.bash" >> ~/.bash_profile
sudo find . -type f -exec chmod 640 {} +
sudo find . -type d -exec chmod 750 {} +
chown debian:www-data /var/www/html -R
chmod g+w /var/www/html/wp-config.php
chmod g+w /var/www/html/wp-content -R
sudo -u www-data wp config create --dbname=wordpress --dbuser=root --dbpass=$MYSQL_PASS
@FredNandrin
Copy link
Author

FredNandrin commented Jun 28, 2018

MYSQL_PASS="secret"
export MYSQL_PASS;
sudo apt update
sudo apt install git  ca-certificates wget -y
git clone https://gist.github.com/db80de47f62c6c88f9780a5c89f0183f.git installer
cd installer/
sudo MYSQL_PASS=$MYSQL_PASS sh install_mysql.sh
sudo MYSQL_PASS=$MYSQL_PASS sh install_apache_php7.sh
sudo MYSQL_PASS=$MYSQL_PASS sh install_wordpress.sh

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment