Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Hiawatha web server install script (Hiawatha,PHP-FPM,MariaDB)
#!/bin/bash
# This script will help you to set Hiawatha Server.
# Tested on Devuan 8 32/64bit. Debian Jessie supported as well.
# Script author ZEROF <zerof at backbox dot org>
# If you like Linux and security join http://backbox.org
# Script version 0.6c
# This script is distributed under a DO WHAT THE F*** YOU WANT TO PUBLIC LICENSE.
# http://www.wtfpl.net/txt/copying/
clear
function banner ()
{
echo ""
echo -e "╦ ╦┬┌─┐┬ ┬┌─┐┌┬┐┬ ┬┌─┐ ╔═╗╦ ╦╔═╗ ╔═╗╔═╗╔╦╗ ╔╦╗┌─┐┬─┐┬┌─┐╔╦╗╔╗ "
echo -e "╠═╣│├─┤│││├─┤ │ ├─┤├─┤───╠═╝╠═╣╠═╝───╠╣ ╠═╝║║║───║║║├─┤├┬┘│├─┤ ║║╠╩╗"
echo -e "╩ ╩┴┴ ┴└┴┘┴ ┴ ┴ ┴ ┴┴ ┴ ╩ ╩ ╩╩ ╚ ╩ ╩ ╩ ╩ ╩┴ ┴┴└─┴┴ ┴═╩╝╚═╝"
}
# Vars
config="/etc/hiawatha/hiawatha.conf"
connect1="ConnectTo = /var/lib/hiawatha/php-fcgi.sock"
connect2="ConnectTo = /var/run/php5-fpm.sock"
info="[!]This is only for fresh installed servers, script don't check if you made changes on your system.\n[!]If something goes wrong, you can find hiawatha.conf.backup in /etc/hiawatha/."
up="\033[1;33m[!]\e[0m"
#User check. Must be r00t
if [ $USER != 'root' ]; then
echo "[!]Are you root? NO. Then try again."
exit
fi
# End function
function enter ()
{
echo ""
read -sn 1 -p "Press any key to continue..."
clear
}
#Check for system versin and egrep last package from tuxhelp
download_deb() {
wget "https://files.tuxhelp.org/hiawatha/$(wget -O- https://files.tuxhelp.org/hiawatha | egrep -o "hiawatha_[0-9\.]+_$1.deb" | sort -V | sort -V | tail -1)"
}
#Download
down() {
if [ "$(getconf LONG_BIT)" = "64" ]; then
download_deb amd64
else
download_deb i386
fi
}
# Just to be sure that menu will work around
$selection
# Restart Hiawatha
function restart ()
{
service hiawatha restart
}
# Install MariaDB
function mariadb ()
{
apt install mariadb-server -y
}
function mariadb_secure ()
{
mysql_secure_installation
}
# Setting wordpress vhost [s]
function wordpress_vhost()
{
echo -e "\e[31m\n$up This script will remove any directory with name wordpress, take care about that.\nControl + C if you want to check then start script again.\e[0m"
sleep 5
echo -e -n "\n$up Set site/vhost order/remove number(example 1-10): "
read number
echo -e -n "\n$up Enter domain name or your server IP: "
read domain
echo -e -n "\n$up Enter site folder (example /var/www/hiawatha/wordpress): "
read root
echo -e -n "\n$up Enter site default page (index.php or index.html): "
read index
echo -e "\n#${number}\nVirtualHost {\n\tHostname = ${domain} \n\tWebsiteRoot = ${root}\n\tStartFile = ${index} #Use index.php or index.html\n\t#AccessLogfile = ${root}/access.log\n\t#ErrorLogfile = ${root}/error.log\n\tTimeForCGI = 5\n\tUseFastCGI = PHP5\n\tUseToolKit = wordpress\n}\n
#${number}\nUrlToolkit {\nToolkitID = wordpress\nRequestURI exists Return\nMatch .*\?(.*) Rewrite /index.php?$1\nMatch .* Rewrite /index.php\n}" >> $config
mkdir -p $root
}
# wget last version from WP site
function wordpress ()
{
if [ -d "$wordpress)" ]; then
rm -rf wordpress
else
echo -e "\n$up We are going to install your Wordpress site.\n"
enter
fi
wget http://wordpress.org/latest.tar.gz
tar -xzf latest.tar.gz
echo -e -n "$up Your wordpress vhost directory (ex./var/www/hiawatha/wordpress): "
read path
cp -r wordpress ${path}
chown -R www-data:www-data ${path}
rm latest.tar.gz
rm -rf wordpress
}
# Removing wordpress installation
function rem_wordpress()
{
echo -n "\n\t$up Type Wordpress path directory (ex./var/www/hiawatha/wordpress):"
read word_path
rm -rf $word_path
echo -e -n "\n\t$up Enter your mysql user name: "
read user
echo -e -n "\n\t$up Type mysql password(you can't see your password): "
stty_orig=`stty -g`
stty -echo
read pass
stty $stty_orig
echo ""
echo -e -n "\n\t$up Type wordpress database name: "
read db_name
mysql -u $user -p$pass -e "drop database $db_name"
service mysql restart
}
# Setting MySql server details
function set_mysql ()
{
echo -e -n "\n\t$up Enter your mysql user name: "
read user
echo -e -n "\n\t$up Type mysql password(you can't see your password): "
stty_orig=`stty -g`
stty -echo
read pass
stty $stty_orig
echo ""
echo -e -n "\n\t$up Type database name: "
read db_name
mysql -u $user -p$pass -e "create database $db_name"
service mysql remove
}
# Simple function yes and no when user start installation of phpmyadmin
function yes_no ()
{
echo -e "\n$up \e[40;38;5;82mPHPMYADMIN INSTALLATION \e[0m\n"
read -p "Install phpMyAdmin (y/n)? " choice
case "$choice" in
y|Y ) phpmyadmin;admin_hiawatha;where_phpmyadmin;;
n|N ) selection;;
* ) echo -e "$up Wrong answer. Don't worry you can start phpMyadmin installation when you are ready";;
esac
}
# Need to be set for vhost needs
function where_phpmyadmin ()
{
echo -e -n "\n$up Type your main site path directory (ex./var/www/hiawatha/wordpress): "
read phpadmin
ln -s /usr/share/phpmyadmin $phpadmin
}
# Get last version from server and install
function phpmyadmin ()
{
apt install phpmyadmin -y
}
function admin_hiawatha ()
{
sed -i '/#Use index.php or index.html/s/$/\n\tAlias = \/phpmyadmin:\/usr\/share\/phpmyadmin/' $config
restart
enter
}
# Hiawatha function to protect folders and file
function protect ()
{
echo -e -n "\n$up Enter order number for removing rules in the future(ex 1,2): "
read number
echo -e -n "\n$up Enter path directory you want to protect (example /var/www/hiawatha/): "
read directory
echo -e "\n#${number}0\nDirectory {\nPath = $directory\nAccessList = Deny All\n}" >> /etc/hiawatha/hiawatha.conf
restart
}
# Removing protection rule
function protect_remove ()
{
echo -e -n "\n$up Enter remove number: "
read n
for i in "${n[@]}"
do sed -i "/#${n}\0/,/} /d" $config
done
sed -i 's/ $//' $config
restart
}
function fail2 ()
{
apt install fail2ban -y
service fail2ban restart
cd /etc/fail2ban
echo ""
echo -e "\e[30;48;5;82m We are going to protect your server SSH and SFTP with fail2ban. \e[0m \n"
sleep 2
echo -e "\e[30;48;5;82m For that we will need information about port your are using for SSH. \e[0m \n"
sleep 2
echo -ne "\e[30;48;5;82m You SSH port is: \e[0m"
read port
cat <<EOF > "/etc/fail2ban/jail.local"
[ssh]
enabled = true
port = sftp,$port
filter = sshd
logpath = /var/log/auth.log
findtime = 300
maxretry = 3
bantime = 86400
EOF
echo""
service fail2ban restart
}
function fail2_remove()
{
rm /etc/fail2ban/jail.local
apt --purge remove fail2ban -y
}
# Menu
function print_menu()
{
banner
echo ""
echo "[1] - system update, upgrade and dist-upgrade."
echo "[2] - install required dependencies for Hiawatha."
echo "[3] - install PHP5 and PHP5 modules."
echo "[4] - installation of MariaDB 10.0."
echo "[5] - secure MariaDB installation."
echo "[6] - install Hiawatha Webserver."
echo "[7] - set VPS/SERVER time zone."
echo -e "\n\e[40;38;5;82m SETTING HIAWATHA \e[30;48;5;82m WEB SERVER \e[0m \n"
echo "[8] - setting PHP-FPM (FastCGI)."
echo "[9] - add new VHOST (ex. site order number, yoursite.com, /var/www, index.php)"
echo "[10] - install Wordpress (don't run option 9 if you want to do this)."
echo "[11] - remove VHOST."
echo "[12] - install phpMyadmin (run only after setting first vhost)."
echo "[13] - remove phpMyadmin."
echo "[14] - remove Wordpress installation."
echo -e "\n\e[40;38;5;82m HIAWATHA \e[30;48;5;82m SECURITY \e[0m \n"
echo "[15] - protect site directory."
echo "[16] - remove directory protection."
echo "[17] - ban clients who misbehave (basic DDOS protection)."
echo "[18] - install fail2ban and protect SSH and SFTP."
echo "[19] - remove fail2ban and settings."
echo ""
echo "[0] - exit program."
echo ""
echo -e -n "$up Enter selection: "
}
selection=
until [ "$selection" = "0" ]; do
print_menu
read selection
echo ""
case $selection in
1 ) apt update -y;apt upgrade -y;apt dist-upgrade -y; apt install python-pip -y; apt install asciinema;clear;;
2 ) apt install libc6-dev libssl-dev dpkg-dev debhelper curl fakeroot libxml2-dev libxslt1-dev -y;clear;;
3 ) apt install php5-cgi php5 php5-cli php5-mysql php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl php5-xcache apache2-utils php5-fpm -y;enter;;
4 ) apt install python-software-properties -y;mariadb;clear;;
5 ) mariadb_secure;enter;clear ;;
6 ) down; dpkg -i hiawatha_*.deb; rm hiawatha_*;enter ;;
7 ) dpkg-reconfigure tzdata; enter; echo "We are done.It was cool? NO :)";enter ;;
8 ) echo -e $info;sleep 3;cp $config $config\.backup;x=( 57 58 59 60 61 );for i in "${x[@]}";do sed -i "${i}s/^#//" $config;done;sed -i s'/\#CGIhandler\ =\ \/usr\/bin\/php\-cgi\:php/CGIhandler\ = \/usr\/bin\/php\-cgi\:php/' $config;sed -i s#"$connect1"#"$connect2"#g $config;service php5-fpm restart; enter ;;
9 ) echo -e -n "\n$up Set site/vhost remove number(example 1-10): ";read number; echo -e -n "\n$up Enter domain name or your server IP: ";read domain;echo -e -n "\n$up Enter site folder (example /var/www/hiawatha): ";read root;echo -e -n "\n$up Enter site default page (index.php or index.html): ";read index;echo -e "\n#${number}\nVirtualHost {\n\tHostname = ${domain} \n\tWebsiteRoot = ${root}\n\tStartFile = ${index} #Use index.php or index.html\n\t#AccessLogfile = ${root}/access.log\n\t#ErrorLogfile = ${root}/error.log\n\tTimeForCGI = 20\n\tUseFastCGI = PHP5\n}" >> $config;enter ;;
10 ) wordpress_vhost;wordpress;set_mysql;echo "";restart;echo "";service php5-fpm restart;echo -e "\e[31m\n$up Open your browser with your domain or ip and start wordpress installation.\nIf something goes wrong check your settings (/etc/hiawatha/hiawatha.conf)\e[0m";sleep 3;yes_no ;;
11 ) echo -e -n "\n$up Enter site/vhost remove number: " ;read n; for i in "${n[@]}";do sed -i "/#${n}/,/} /d" $config;done;sed -i '$d' $config;enter ;;
12 ) phpmyadmin;admin_hiawatha;where_phpmyadmin; ;;
13 ) apt remove phpmyadmin;rem=$(find / -type d -name phpmyadmin); rm -rf $rem;enter;;
14 ) rem_wordpress;enter ;;
15 ) echo -e "\n$up\e[31m If you want to protect directory from public access use this option\e[0m";protect ;;
16 ) protect_remove ;;
17 ) x=( 40 41 42 43 44 );for i in "${x[@]}";do sed -i "${i}s/^#//" $config;done; clear;;
18 ) fail2; enter ;;
19 ) fail2_remove;clear ;;
0 ) exit ;;
* ) echo -e "$up Please enter 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, ,13, 14, 15, 16, 17, 18, 19 or 0"
esac
done
@ghost

This comment has been minimized.

Copy link

commented Apr 15, 2014

E: Unable to locate package pip

using debian 7 32bit

edit: now working with python-pip
thanks

@ZEROF

This comment has been minimized.

Copy link
Owner Author

commented Apr 16, 2014

Thanks, i sow that "bug" and fixed two min after :). Working on add/remove vhosts. You can see beta demo:

https://asciinema.org/a/8919

@cwadge

This comment has been minimized.

Copy link

commented Oct 11, 2014

Hey there. Looks like a nice script. :) Deb 7 + Hiawatha + PHP-FPM + MariaDB (XtraDB) is my favored stack as well. BTW, I'm the guy who does the Debian Hiawatha builds (tuxhelp.org); just thought I'd point out a few things:

  • There's a persistent Debian repository for Hiawatha now, which hosts both the 64-bit and 32-bit packages from files.tuxhelp.org (same packages - checksums match, etc.), apt.sparkz.no, which has the advantage of providing package updates to the target host system. Plus, it'll make your script less brittle as versions change -- I only host a single stable version of Hiawatha at any given time, due to limited storage capacity on that webhead (SSD).
  • I wrote a similar script to fully prep a 64-bit Debian 7 OpenVZ container on RamNode for production use. This includes major cleanup, setting up an OpenVZ-friendly firewall, installing GPG keys and apt settings for MariaDB, Percona, DotDeb and apt.sparks.no (Hiawatha) repositories, hardening SSH, adding an admin user, and a lot more. Feel free to steal whatever functions you might find useful: RamNode Debian 7 64-bit Bootstrap Script
  • Folks might also find the MySQL Tuning Primer script handy, but it doesn't work on newer MySQL variations like MariaDB. I've patched it to work once again, in case you want to pull it as part of deployment (makes tuning that much less painless for us non-DBA types). [direct link]
  • PhpMyAdmin is a bit of a security catastrophe, which is ironic when paired with Hiawatha. If you're installing PhpMyAdmin, you might consider hardening it somewhat by either automatically making its path/alias a random hash, wrapping it with digest auth via Hiawatha, or both. Just a friendly pointer. ;-)

Thanks again for the nice work here.

All the best,
-Chris

@ZEROF

This comment has been minimized.

Copy link
Owner Author

commented Nov 6, 2014

Nice to see you around @cwadge.

  1. I didn't know about apt source, this will save my time editing this script after every Hiawatha update.
  2. I will look to your script. Maybe I can pull some nice idea and I will try your work soon.
  3. I tested MySql Tunning script not so long time ago, and it's true not working with newest MySql versions. Thanks for that great fix.
  4. And about phpmyadmin ...Man what to say about that. People asked for. What i do is maybe some kind of solution. I add always "up to date" version, that helps +- with sec issues.

I made almost all of scripts in my spare time, I guess you too. A lot of people use this one, but they don't share/give ideas about next steps. Most of them just take and go, but I do this to support Hiawatha project in first place, and we have clients using Hiawatha last 12 months i think so, and I wrote this to save my time setting server after server.

Keep up the good work and thank you for stepping by.

@cwadge

This comment has been minimized.

Copy link

commented Nov 9, 2014

Likewise, @ZEROF. And yeah, agreed about PhpMyAdmin. Lots of people use it, but I always recommend handling it like one would an angry cobra... very carefully.

My time for stuff like this is limited also, so I understand not being able to work on your side-project scripts every day. I thought that not that many people were actually using my scripts and such, until I changed the directory structure on tuxhelp.org. The moral of the story is this: don't feel like your time is wasted. Lots of people use this stuff, it's just that most folks don't think to give any feedback until something breaks or goes missing. Ce'st la vie.

@cwadge

This comment has been minimized.

Copy link

commented Jan 19, 2015

Latest Hiawatha build for Debian is now 9.11-1. Also, there's a new apt repository on the west coast of the US, http://mirror.tuxhelp.org/debian/

@ZEROF

This comment has been minimized.

Copy link
Owner Author

commented Jan 21, 2015

Thanks for update ;)

@newreality

This comment has been minimized.

Copy link

commented May 5, 2015

Running script on new Debian 7.1 vps install pulls dist-upgrade packages post-Jessie update which creates errors in FPM install. Could you update this wonderful script? Thanks!

@ghost

This comment has been minimized.

Copy link

commented May 6, 2015

Instead of updating the script for every Hiawatha release, maybe you can use the version number of the latest release as published via https://www.hiawatha-webserver.org/latest

@ZEROF

This comment has been minimized.

Copy link
Owner Author

commented Aug 10, 2015

Hi all. I will start to work on few updates starting from tonight :). Hope to fix all until next weekend.

To do:

  1. Auto-update from repository
  2. Fixing php-fpm issue (new issue pop-up after last Debian 8 updates, need to work on that this week).
  3. Moving to Debian 8
  4. Updating phpmyadmin version (this need to be be done every time on my side, because i host edited version of phpmyadmin to work out of box)
  5. Removing old and not supported php packages for Debian 8, php5-ming, php5-ps, php5-ffmpeg
  6. Default version of MariaDB now is 10.* (from Jessie)

** I just made small update and set script to egrep last hiawatha Debian packages.

P.S. Debian 8 made a lot of updates from last script update (new php version is one of them) and i will need to boot up new test machine and see how things goes on, small updates need to be worked on. I got one free VPS today to test all this and I hope to bring new version soon. 27/01/2016 (Happy New Year folks). I just got new SSD as well and that will speed up my work. Test i was running on my local machine are not same as running them on servers from providers (in most case they are VPS running on openvz).

About MariaDB ... Before new versions 10.1 and 10.0 i was 100% for using Mariadb, but as don't see direction of Mariadb I'm not sure that i will stick with it. Some issues on clients servers etc. made me think that i need stable data system, and I'm not sure that I can trust Mariadb on that. Friend of mine lost some data on Zimbra server (using MariaDB 10.0-15) and we did spend few days to fix issues but without luck fro now.

Hope to bring full update script soon. Cheers!

@ZEROF

This comment has been minimized.

Copy link
Owner Author

commented Jan 29, 2016

Hi all,

I'm happy to share new version with you (0.6). I will not remove old version from internet, but you will need to fix issues if you find some, i wanted to keep with Debian 7 support, but it's not logic anymore. This version was tested on Devuan (Debian without systemd). I will need testers, run it and see how things will go on your side. About updates:

  1. Full Debian 8+ support
  2. MariaDB 10.0+
  3. Removed dns servers installation, this will stay Hiawatha install and administration script, no time for more
  4. Fixed fast PHP (php-fpm)
  5. New security option (ban abusive users)
  6. Code clean up

TO DO

  1. Better PHP security
  2. XSS protection and other security options

And more ...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.