Skip to content

Instantly share code, notes, and snippets.

@bradchesney79
Created July 20, 2015 02:17
Show Gist options
  • Save bradchesney79/a365cb2dbd7ec2f5053d to your computer and use it in GitHub Desktop.
Save bradchesney79/a365cb2dbd7ec2f5053d to your computer and use it in GitHub Desktop.
Debian Jessie Multi-Virtual Host Setup
#!/bin/bash
HOSTNAME="www"
DOMAIN="rustbeltrebellion.com"
IPV4="45.33.112.226"
IPV6="2600:3c00::f03c:91ff:fe26:42cf"
##### #####
##### CONFIGURE THE HOSTNAME #####
printf "\n" >> /var/log/auto-install.log
printf "Set the hostname\n\n" >> /var/log/auto-install.log
hostnamectl set-hostname $HOSTNAME
##### UPDATE THE HOSTS FILE #####
printf "\n" >> /var/log/auto-install.log
printf "Fully populate hosts file\n\n" >> /var/log/auto-install.log
printf "127.0.0.1\t\t\tlocalhost.localdomain localhost\n" > /etc/hosts
printf "127.0.1.1\t\t\tdebian\n" >> /etc/hosts
printf "$IPV4\t\t$HOSTNAME.$DOMAIN $HOSTNAME\n" >> /etc/hosts
printf "\n" >> /etc/hosts
printf "# The following lines are desirable for IPv6 capable hosts\n" >> /etc/hosts
printf "::1\t\t\t\tlocalhost ip6-localhost ip6-loopback\n" >> /etc/hosts
printf "ff02::1\t\t\t\tip6-allnodes\n" >> /etc/hosts
printf "ff02::2\t\t\t\tip6-allrouters\n" >> /etc/hosts
printf "$IPV6\t$HOSTNAME.$DOMAIN $HOSTNAME" >> /etc/hosts
##### SET THE TIMEZONE & TIME #####
printf "\n" >> /var/log/apt/auto-install.log
printf "Set the timezone to UTC \n\n" >> /var/log/apt/auto-install.log
TIMEZONE="Etc/UTC" # This is a server, UTC is the only appropriate timezone
echo $TIMEZONE > /etc/timezone
cp /usr/share/zoneinfo/${TIMEZONE} /etc/localtime # This sets the time
##### UPDATE APT SOURCES #####
printf "\n" >> /var/log/apt/auto-install.log
printf "Update apt sources\n\n" >> /var/log/apt/auto-install.log
echo "deb http://ftp.us.debian.org/debian testing main contrib non-free" > /etc/apt/sources.list
printf "\n" >> /etc/apt/sources.list
echo "deb http://ftp.debian.org/debian/ jessie-updates main contrib non-free" >> /etc/apt/sources.list
printf "\n" >> /etc/apt/sources.list
echo "deb http://security.debian.org/ jessie/updates main contrib non-free" >> /etc/apt/sources.list
printf "\n" >> /etc/apt/sources.list
echo "deb http://backports.debian.org/debian-backports squeeze-backports main" >> /etc/apt/sources.list
##### UPDATE THE SYSTEM #####
printf "\n" >> /var/log/apt/auto-install.log
printf "Update the system\n\n" >> /var/log/apt/auto-install.log
apt-get -qy update > /dev/null
printf "\n" >> /var/log/apt/auto-install.log
printf "Upgrade the system\n\n" >> /var/log/apt/auto-install.log
apt-get -qy dist-upgrade >> /var/log/auto-install.log
##### INSTALL THE FIRST BATCHES OF PACKAGES #####
printf "\n" >> /var/log/auto-install.log
printf "Install the first batch of packages for Apache & PHP\n\n" >> /var/log/auto-install.log
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
apt-get -qy install sudo tcl perl python3 apache2 tmux iptables-persistent ssh openssl openssl-blacklist libnet-ssleay-perl fail2ban libapache2-mod-fastcgi php5-fpm php5 libapache2-mod-php5 php-pear php5-curl >> /var/log/auto-install.log
##### CLEAN UP #####
printf "\n" >> /var/log/auto-install.log
printf "First autoremove of packages\n\n" >> /var/log/auto-install.log
apt-get -qy autoremove >> /var/log/auto-install.log
##### UPDATE THE IPTABLES RULES #####
printf "\n" >> /var/log/apt/auto-install.log
printf "Update the IP tables rules\n\n" >> /var/log/apt/auto-install.log
echo "*filter" > /etc/iptables/rules.v4
printf "\n" >> /etc/iptables/rules.v4
echo "# Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0" >> /etc/iptables/rules.v4
echo "-A INPUT -i lo -j ACCEPT" >> /etc/iptables/rules.v4
echo "-A INPUT -d 127.0.0.0/8 -j REJECT" >> /etc/iptables/rules.v4
printf "\n" >> /etc/iptables/rules.v4
echo "# Accept all established inbound connections" >> /etc/iptables/rules.v4
echo "-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT" >> /etc/iptables/rules.v4
printf "\n" >> /etc/iptables/rules.v4
echo "# Allow all outbound traffic - you can modify this to only allow certain traffic" >> /etc/iptables/rules.v4
echo "-A OUTPUT -j ACCEPT" >> /etc/iptables/rules.v4
printf "\n" >> /etc/iptables/rules.v4
echo "# Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL)." >> /etc/iptables/rules.v4
echo "-A INPUT -p tcp --dport 80 -j ACCEPT" >> /etc/iptables/rules.v4
echo "-A INPUT -p tcp --dport 443 -j ACCEPT" >> /etc/iptables/rules.v4
printf "\n" >> /etc/iptables/rules.v4
echo "# Allow SSH connections" >> /etc/iptables/rules.v4
echo "#" >> /etc/iptables/rules.v4
echo "# The -dport number should be the same port number you set in sshd_config" >> /etc/iptables/rules.v4
echo "#" >> /etc/iptables/rules.v4
echo "-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT" >> /etc/iptables/rules.v4
printf "\n" >> /etc/iptables/rules.v4
echo "# Allow ping" >> /etc/iptables/rules.v4
echo "-A INPUT -p icmp --icmp-type echo-request -j ACCEPT" >> /etc/iptables/rules.v4
printf "\n" >> /etc/iptables/rules.v4
echo "# Log iptables denied calls" >> /etc/iptables/rules.v4
echo "#-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7" >> /etc/iptables/rules.v4
printf "\n" >> /etc/iptables/rules.v4
echo "# Drop all other inbound - default deny unless explicitly allowed policy" >> /etc/iptables/rules.v4
echo "-A INPUT -j DROP" >> /etc/iptables/rules.v4
echo "-A FORWARD -j DROP" >> /etc/iptables/rules.v4
printf "\n" >> /etc/iptables/rules.v4
echo "COMMIT" >> /etc/iptables/rules.v4
##### APPLY THE IPTABLES RULES #####
printf "\n" >> /var/log/apt/auto-install.log
printf "Aplly the IP tables rules\n\n" >> /var/log/apt/auto-install.log
iptables-restore < /etc/iptables/rules.v4
##### USING fail2ban DEFAULT CONFIG #####
# See /etc/fail2ban/jail.conf for additional options
##### CONFIGURE APACHE #####
printf "\n" >> /var/log/apt/auto-install.log
printf "Configure Apache\n\n" >> /var/log/apt/auto-install.log
a2enmod actions
printf "<IfModule mod_fastcgi.c>\n" > /etc/apache2/mods-available/fastcgi.conf
printf "\tAddType application/x-httpd-fastphp5 .php\n" >> /etc/apache2/mods-available/fastcgi.conf
printf "\tAction application/x-httpd-fastphp5 /php5-fcgi\n" >> /etc/apache2/mods-available/fastcgi.conf
printf "\tAlias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi\n" >> /etc/apache2/mods-available/fastcgi.conf
printf "\tFastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /var/run/php5-fpm.sock -pass-header Authorization\n" >> /etc/apache2/mods-available/fastcgi.conf
printf "\t<Directory /usr/lib/cgi-bin>\n" >> /etc/apache2/mods-available/fastcgi.conf
printf "\t\tRequire all granted\n" >> /etc/apache2/mods-available/fastcgi.conf
printf "\t</Directory>\n" >> /etc/apache2/mods-available/fastcgi.conf
printf "</IfModule>" >> /etc/apache2/mods-available/fastcgi.conf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment