alexandervantrijffel/unix server setup

## unix server setup
Server security
http://www.codelitt.com/blog/my-first-10-minutes-on-a-server-primer-for-securing-ubuntu/
https://www.inversoft.com/guides/2016-guide-to-user-data-security


echo todo https://www.magentocommerce.com/wiki/1_-_installation_and_configuration/configuring_nginx_for_magento
echo todo http://blog.nexcess.net/2010/12/06/securing-magento-file-directory-permissions/

read -p "Press any key to continue..." -n1 -s

#sudo -s
#!/bin/bash
if [[ $(/usr/bin/id -u) -ne 0 ]]; then
    echo "Not running as root"
    exit
fi

apt-get update -y
apt-get upgrade -y

apt-get install curl build-essential linux-headers-`uname -r` -y

#firewall
open port 80
ufw allow 2108
ufw allow http
ufw logging off
ufw enable

#install ssh
apt-get install openssh-server
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original
chmod a-w /etc/ssh/sshd_config.original
echo -e "\n\nPubkeyAuthentication yes" >> /etc/ssh/sshd_config
echo -e "\n\nAllowGroups sshusers" >> /etc/ssh/sshd_config
echo change port to 2108
read -p "Press any key to continue... " -n1 -s
nano /etc/ssh/sshd_config
ssh-keygen -t dsa
/etc/init.d/ssh restart
echo Now copy the file ~/.ssh/id_dsa.pub to the client and put it in  ~/.ssh/authorized_keys
read -p "Press any key to continue... " -n1 -s
groupadd -r sshusers
useradd -G sshusers latuser
passwd latuser

# add this to .bash_profile of the ssh user to source the .bashrc file
if [ -f ~/.bashrc ]; then
  . ~/.bashrc
fi

# add aliases to .bashrc
alias ll='ls -alFh'
alias ls='ls --color=auto'

#install mysql
apt-get install mysql-server mysql-client
/usr/bin/mysql_secure_installation
mysql_install_db
service mysql restart

read -s -p "Please provide password for user magento_user:" passwordmagentouser

read -d '' SQLCMD <<EOF
CREATE DATABASE magento;
GRANT ALL PRIVILEGES ON magento.* TO
"magento_user"@"localhost" IDENTIFIED BY
"$passwordmagentouser";
FLUSH PRIVILEGES;
ALTER DATABASE magento DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
EXIT
EOF

mysql -u root -p -e "${SQLCMD}"

# install nginx
nginx=stable # use nginx=development for latest development version
add-apt-repository ppa:nginx/$nginx
apt-get update
apt-get install nginx
useradd --no-create-home nginx
service nginx start
echo todo use magento configuration for site https://www.magentocommerce.com/wiki/1_-_installation_and_configuration/configuring_nginx_for_magento

#todo configure nginx.conf http://www.rackspace.com/knowledge_center/article/installing-nginx-and-php-fpm-setup-for-nginx

cd /etc/nginx
tar -czf NGINX_Config_Backup.tar.gz nginx.conf fastcgi_params

echo configure nginx.conf
echo see http://www.howtoforge.com/installing-nginx-with-php5-and-php-fpm-and-mysql-support-lemp-on-ubuntu-12.04-lts
echo change worker_processes to the number of CPU cores
echo worker_processes 4;
echo You should now edit the worker_connections variable. It's the number of simultaneous requests
echo nginx can handle per worker. So a 1024 value allows me to handle 4096 requests.
read -p "Press any key to continue..." -n1 -s
nano /etc/nginx/nginx.conf

# install php
gpg --keyserver keys.gnupg.net --recv-key 89DF5277
gpg -a --export 89DF5277 | sudo apt-key add -
apt-get update -y
apt-get upgrade -y
apt-get install build-essential php5-cli php5-common -y
apt-get install php5-fpm php5-cgi php-pear php5-mysql php5-gd php5-curl php5-mcrypt -y
php5enmod mcrypt

# development
# apt-get install php5-dev php5-user-cache

echo -e "\n\n[apc]\napc.write_lock = 1\napc.slam_defence = 0" >> /etc/php5/fpm/php.ini
echo -e "\n\nlisten.owner = nginx\nlisten.group = nginx\nlisten.mode = 0660" >> /etc/php5/fpm/pool.d/www.conf
echo replace listen=127.0.0.1:9000 with listen=/var/run/php5-fpm.sock
echo replace user = www-date and group = www-date with user = nginx and group = nginx
read -p "Press any key to continue..." -n1 -s
nano /etc/php5/fpm/pool.d/www.conf

nano /etc/php.ini
      Add `extension=pdo.so`
      Add `extension=pdo_mysql.so`

# When you open up php.ini, find cgi.fix_pathinfo and set the value to ``
# set date.timezone and cgi.fix_pathinfo = 0
# change memory_limit to memory_limit = 512M

cd /opt/local/etc/php5
cp php-fpm.conf.default php-fpm.conf
cp php.ini-development php.ini

nano /etc/php5/fpm/pool.d/www.conf

# ... and make the listen line look as follows:

# [...]
# ;listen = 127.0.0.1:9000
# listen = /var/run/php5-fpm.sock
# ..]

sed -i -e '1i#mkdir /var/run/php5-fpm.sock\' /etc/rc.local
sed -i -e '1i#chown nginx /var/run/php5-fpm.sock\' /etc/rc.local

#mv /etc/php5/fpm/pool.d/www.conf /etc/php5/fpm/pool.d/www.conf.bak

echo todo: config file php-fpm pool.d sockets file http://www.rackspace.com/knowledge_center/article/installing-nginx-and-php-fpm-setup-for-php-fpm
read -p "Press any key to continue..." -n1 -s

# magento
useradd -m magento_user
passwd magento_user
mkdir /var/www/devmagento
chown -R magento_user /var/www/devmagento
echo todo, dit is nog niet correct!
echo zie file and dir ownership op http://www.magentocommerce.com/knowledge-base/entry/ce18-and-ee113-installing#install-sample
read -p "Press any key to continue..." -n1 -s
find /var/www/devmagento -type d -exec chmod 700 {} \;
find /var/www/devmagento -type f -exec chmod 600 {} \;

# chmod uo+w /var/www/devmagento/app/etc
# chmod uo+w -R /var/www/devmagento/media

curl -O http://www.magentocommerce.com/downloads/assets/1.9.0.1/magento-1.9.0.1.tar.gz
tar xzvf /tmp/magento-1.9.0.1.tar.gz -C /var/www/devmagento
#for apache
echo "AcceptPathInfo On" >> /var/www/magento/magento/.htaccess

#phpmyadmin
apt-get install phpmyadmin -y
# host phpmyadmin on http:://DOMAIN/dbmgr
ln -s /usr/share/phpmyadmin /var/www/devmagento/dbmgr

service nginx restart
service php5-fpm restart

echo open http://YOURDOMAIN/index.php/install to configure magento
	Server security
	http://www.codelitt.com/blog/my-first-10-minutes-on-a-server-primer-for-securing-ubuntu/
	https://www.inversoft.com/guides/2016-guide-to-user-data-security


	echo todo https://www.magentocommerce.com/wiki/1_-_installation_and_configuration/configuring_nginx_for_magento
	echo todo http://blog.nexcess.net/2010/12/06/securing-magento-file-directory-permissions/

	read -p "Press any key to continue..." -n1 -s

	#sudo -s
	#!/bin/bash
	if [[ $(/usr/bin/id -u) -ne 0 ]]; then
	echo "Not running as root"
	exit
	fi

	apt-get update -y
	apt-get upgrade -y

	apt-get install curl build-essential linux-headers-`uname -r` -y

	#firewall
	open port 80
	ufw allow 2108
	ufw allow http
	ufw logging off
	ufw enable

	#install ssh
	apt-get install openssh-server
	cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original
	chmod a-w /etc/ssh/sshd_config.original
	echo -e "\n\nPubkeyAuthentication yes" >> /etc/ssh/sshd_config
	echo -e "\n\nAllowGroups sshusers" >> /etc/ssh/sshd_config
	echo change port to 2108
	read -p "Press any key to continue... " -n1 -s
	nano /etc/ssh/sshd_config
	ssh-keygen -t dsa
	/etc/init.d/ssh restart
	echo Now copy the file ~/.ssh/id_dsa.pub to the client and put it in ~/.ssh/authorized_keys
	read -p "Press any key to continue... " -n1 -s
	groupadd -r sshusers
	useradd -G sshusers latuser
	passwd latuser

	# add this to .bash_profile of the ssh user to source the .bashrc file
	if [ -f ~/.bashrc ]; then
	. ~/.bashrc
	fi

	# add aliases to .bashrc
	alias ll='ls -alFh'
	alias ls='ls --color=auto'

	#install mysql
	apt-get install mysql-server mysql-client
	/usr/bin/mysql_secure_installation
	mysql_install_db
	service mysql restart

	read -s -p "Please provide password for user magento_user:" passwordmagentouser

	read -d '' SQLCMD <<EOF
	CREATE DATABASE magento;
	GRANT ALL PRIVILEGES ON magento.* TO
	"magento_user"@"localhost" IDENTIFIED BY
	"$passwordmagentouser";
	FLUSH PRIVILEGES;
	ALTER DATABASE magento DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
	EXIT
	EOF

	mysql -u root -p -e "${SQLCMD}"

	# install nginx
	nginx=stable # use nginx=development for latest development version
	add-apt-repository ppa:nginx/$nginx
	apt-get update
	apt-get install nginx
	useradd --no-create-home nginx
	service nginx start
	echo todo use magento configuration for site https://www.magentocommerce.com/wiki/1_-_installation_and_configuration/configuring_nginx_for_magento

	#todo configure nginx.conf http://www.rackspace.com/knowledge_center/article/installing-nginx-and-php-fpm-setup-for-nginx

	cd /etc/nginx
	tar -czf NGINX_Config_Backup.tar.gz nginx.conf fastcgi_params

	echo configure nginx.conf
	echo see http://www.howtoforge.com/installing-nginx-with-php5-and-php-fpm-and-mysql-support-lemp-on-ubuntu-12.04-lts
	echo change worker_processes to the number of CPU cores
	echo worker_processes 4;
	echo You should now edit the worker_connections variable. It's the number of simultaneous requests
	echo nginx can handle per worker. So a 1024 value allows me to handle 4096 requests.
	read -p "Press any key to continue..." -n1 -s
	nano /etc/nginx/nginx.conf

	# install php
	gpg --keyserver keys.gnupg.net --recv-key 89DF5277
	gpg -a --export 89DF5277 \| sudo apt-key add -
	apt-get update -y
	apt-get upgrade -y
	apt-get install build-essential php5-cli php5-common -y
	apt-get install php5-fpm php5-cgi php-pear php5-mysql php5-gd php5-curl php5-mcrypt -y
	php5enmod mcrypt

	# development
	# apt-get install php5-dev php5-user-cache

	echo -e "\n\n[apc]\napc.write_lock = 1\napc.slam_defence = 0" >> /etc/php5/fpm/php.ini
	echo -e "\n\nlisten.owner = nginx\nlisten.group = nginx\nlisten.mode = 0660" >> /etc/php5/fpm/pool.d/www.conf
	echo replace listen=127.0.0.1:9000 with listen=/var/run/php5-fpm.sock
	echo replace user = www-date and group = www-date with user = nginx and group = nginx
	read -p "Press any key to continue..." -n1 -s
	nano /etc/php5/fpm/pool.d/www.conf

	nano /etc/php.ini
	Add `extension=pdo.so`
	Add `extension=pdo_mysql.so`

	# When you open up php.ini, find cgi.fix_pathinfo and set the value to ``
	# set date.timezone and cgi.fix_pathinfo = 0
	# change memory_limit to memory_limit = 512M

	cd /opt/local/etc/php5
	cp php-fpm.conf.default php-fpm.conf
	cp php.ini-development php.ini

	nano /etc/php5/fpm/pool.d/www.conf

	# ... and make the listen line look as follows:

	# [...]
	# ;listen = 127.0.0.1:9000
	# listen = /var/run/php5-fpm.sock
	# ..]

	sed -i -e '1i#mkdir /var/run/php5-fpm.sock\' /etc/rc.local
	sed -i -e '1i#chown nginx /var/run/php5-fpm.sock\' /etc/rc.local

	#mv /etc/php5/fpm/pool.d/www.conf /etc/php5/fpm/pool.d/www.conf.bak

	echo todo: config file php-fpm pool.d sockets file http://www.rackspace.com/knowledge_center/article/installing-nginx-and-php-fpm-setup-for-php-fpm
	read -p "Press any key to continue..." -n1 -s

	# magento
	useradd -m magento_user
	passwd magento_user
	mkdir /var/www/devmagento
	chown -R magento_user /var/www/devmagento
	echo todo, dit is nog niet correct!
	echo zie file and dir ownership op http://www.magentocommerce.com/knowledge-base/entry/ce18-and-ee113-installing#install-sample
	read -p "Press any key to continue..." -n1 -s
	find /var/www/devmagento -type d -exec chmod 700 {} \;
	find /var/www/devmagento -type f -exec chmod 600 {} \;

	# chmod uo+w /var/www/devmagento/app/etc
	# chmod uo+w -R /var/www/devmagento/media

	curl -O http://www.magentocommerce.com/downloads/assets/1.9.0.1/magento-1.9.0.1.tar.gz
	tar xzvf /tmp/magento-1.9.0.1.tar.gz -C /var/www/devmagento
	#for apache
	echo "AcceptPathInfo On" >> /var/www/magento/magento/.htaccess

	#phpmyadmin
	apt-get install phpmyadmin -y
	# host phpmyadmin on http:://DOMAIN/dbmgr
	ln -s /usr/share/phpmyadmin /var/www/devmagento/dbmgr

	service nginx restart
	service php5-fpm restart

	echo open http://YOURDOMAIN/index.php/install to configure magento