Last active
September 5, 2019 20:15
-
-
Save caiofrota/a3fc6b861d3679deac1052930b79043d to your computer and use it in GitHub Desktop.
Setup Ubuntu server machine (with Apache2, PHP, MySQL, Java and Postfix) and useful scripts.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
if [[ $(/usr/bin/id -u) -ne 0 ]]; then | |
echo "Not running as root" | |
exit | |
fi | |
if [[ -z "$1" ]]; then | |
echo "Site must be informed" | |
exit | |
fi | |
echo "Creating file" | |
openssl pkcs12 -export -in /etc/letsencrypt/live/$1/fullchain.pem -inkey /etc/letsencrypt/live/$1/privkey.pem -out /etc/letsencrypt/live/$1/keystore.p12 -name tomcat -CAfile /etc/letsencrypt/live/$1/chain.pem -caname root |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
if [[ $(/usr/bin/id -u) -ne 0 ]]; then | |
echo "Not running as root" | |
exit | |
fi | |
if [[ -z "$1" ]]; then | |
echo "Site must be informed" | |
exit | |
fi | |
#sudo certbot --apache --preferred-challenges dns -d $1 -d www.$1 | |
echo "Installing cert" | |
echo "2" | certbot --apache -d $1 -d www.$1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
if [[ $(/usr/bin/id -u) -ne 0 ]]; then | |
echo "Not running as root" | |
exit | |
fi | |
echo "Refreshing certs" | |
certbot renew --dry-run |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
if [[ $(/usr/bin/id -u) -ne 0 ]]; then | |
echo "Not running as root" | |
exit | |
fi | |
if [[ -z "$1" ]]; then | |
echo "Site must be informed" | |
exit | |
fi | |
echo "Unnstalling cert" | |
echo "2" | certbot delete --cert-name $1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
if [[ $(/usr/bin/id -u) -ne 0 ]]; then | |
echo "Not running as root" | |
exit | |
fi | |
if [[ -z "$1" ]]; then | |
echo "User must be informed" | |
exit | |
fi | |
if [[ -z "$2" ]]; then | |
echo "Password must be informed" | |
exit | |
fi | |
echo "Creating database" | |
sudo -i mysql -e "create database $1" | |
echo "Creating user" | |
sudo -i mysql -e "create user '$1'@'localhost' identified by '$2'" | |
echo "Granting privileges" | |
sudo -i mysql -e "grant all privileges on $1.* to '$1'@'localhost'" | |
sudo -i mysql -e "flush privileges" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
if [[ $(/usr/bin/id -u) -ne 0 ]]; then | |
echo "Not running as root" | |
exit | |
fi | |
if [[ -z "$1" ]]; then | |
echo "Site must be informed" | |
exit | |
fi | |
echo "Creating dir /var/www/$1." | |
mkdir /var/www/$1 | |
chown www-data:www-data /var/www/$1 | |
mkdir /var/www/$1/public_html | |
echo "Creating virtual server." | |
cat >/etc/apache2/sites-available/$1.conf <<EOL | |
<VirtualHost *:80> | |
ServerAdmin webmaster@localhost | |
ServerName $1 | |
ServerAlias www.$1 | |
DocumentRoot /var/www/$1/public_html | |
ErrorLog ${APACHE_LOG_DIR}/error.log | |
CustomLog ${APACHE_LOG_DIR}/access.log combined | |
</VirtualHost> | |
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet | |
EOL | |
a2ensite $1 | |
echo "Restarting apache." | |
service apache2 restart | |
echo "Done." |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Install (Do NOT remove the comment from the lines below, just copy the commands without simbol) | |
# | |
# wget https://gist.githubusercontent.com/caiofrota/a3fc6b861d3679deac1052930b79043d/raw/server-setup.sh | |
# chmod +x server-setup.sh | |
# ./server-setup.sh | |
# Variables | |
CF_TIMEZONE="America/Fortaleza" | |
CF_INSTALL_APACHE2=true | |
CF_INSTALL_CERTBOT=true | |
CF_INSTALL_PHP=true | |
CF_INSTALL_MYSQL=true | |
CF_INSTALL_NODE=true | |
CF_INSTALL_JAVA=true | |
CF_INSTALL_POSTFIX=true | |
# End variables | |
# List Zones: ls /usr/share/zoneinfo/ | |
# List Areas: ls /usr/share/zoneinfo/America | |
ROOTUSER=$1 | |
ROOTPASS=$2 | |
if [[ -z "$1" ]]; then | |
echo "Root user must be informed" | |
exit | |
fi | |
if [ "$1" = "root" ]; then | |
echo "Root user must be different from \"root\"" | |
exit | |
fi | |
if [[ -z "$2" ]]; then | |
echo "Root password be informed" | |
exit | |
fi | |
MYSQL_ROOTPASS=$ROOTPASS | |
echo " _____ ______ _______ _ _____ _ _ _ " | |
echo " / ____| ____| |__ __| | | / ____| | | | | (_) " | |
echo " | | | |__ | | ___ ___| |__ | (___ ___ | |_ _| |_ _ ___ _ __ ___ " | |
echo " | | | __| | |/ _ \/ __| '_ \ \___ \ / _ \| | | | | __| |/ _ \| '_ \/ __| " | |
echo " | |____| | | | __/ (__| | | | ____) | (_) | | |_| | |_| | (_) | | | \__ \ " | |
echo " \_____|_| |_|\___|\___|_| |_| |_____/ \___/|_|\__,_|\__|_|\___/|_| |_|___/ " | |
echo "" | |
echo "CF Technology Solutions -- Starting server setup" | |
echo "" | |
echo "" | |
echo "CF Technology Solutions -- Updating packages" | |
echo "" | |
add-apt-repository ppa:certbot/certbot -y | |
add-apt-repository ppa:webupd8team/java -y | |
apt-get update | |
echo "" | |
echo "CF Technology Solutions -- Updating packages - Done" | |
echo "" | |
echo "" | |
echo "CF Technology Solutions -- Initial configurations" | |
echo "" | |
# Configure swap | |
sudo fallocate -l 2G /swapfile | |
sudo chmod 600 /swapfile | |
sudo mkswap /swapfile | |
sudo swapon /swapfile | |
echo "/swapfile none swap sw 0 0" >> sudo /etc/fstab | |
sudo sysctl vm.swappiness=10 | |
echo "vm.swappiness=10" >> sudo /etc/sysctl.conf | |
sudo sysctl vm.vfs_cache_pressure=50 | |
echo "vm.vfs_cache_pressure=50" >> sudo /etc/sysctl.conf | |
# Configure Timezone | |
echo "$CF_TIMEZONE" > /etc/timezone | |
cp /usr/share/zoneinfo/${CF_TIMEZONE} /etc/localtime | |
dpkg-reconfigure -f noninteractive tzdata | |
# Install curl | |
apt-get install curl --assume-yes --force-yes | |
# Configure Digital Ocean Graphs | |
curl -sSL https://agent.digitalocean.com/install.sh | sh | |
# Create root user | |
useradd -m -p $(openssl passwd -1 $ROOTPASS) $ROOTUSER -s /bin/bash | |
usermod -aG sudo $ROOTUSER | |
echo "$ROOTUSER ALL=(ALL) ALL" >> /etc/sudoers | |
# Disable root login | |
sed -i 's/PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config | |
# Restart SSH | |
systemctl reload sshd | |
# Enable SSH | |
ufw allow OpenSSH | |
echo "y" | ufw enable | |
# Zip and Unzip | |
apt-get install zip unzip --assume-yes --force-yes | |
# Download CF Scripts | |
wget --output-document="/bin/cf_site_create" https://gist.githubusercontent.com/caiofrota/a3fc6b861d3679deac1052930b79043d/raw/cf_site_create | |
wget --output-document="/bin/cf_mysql_create_user" https://gist.githubusercontent.com/caiofrota/a3fc6b861d3679deac1052930b79043d/raw/cf_mysql_create_user | |
wget --output-document="/bin/cf_https_refresh_cert" https://gist.githubusercontent.com/caiofrota/a3fc6b861d3679deac1052930b79043d/raw/cf_https_refresh_cert | |
wget --output-document="/bin/cf_https_install_cert" https://gist.githubusercontent.com/caiofrota/a3fc6b861d3679deac1052930b79043d/raw/cf_https_install_cert | |
wget --output-document="/bin/cf_https_uninstall_cert" https://gist.githubusercontent.com/caiofrota/a3fc6b861d3679deac1052930b79043d/raw/cf_https_uninstall_cert | |
wget --output-document="/bin/cf_https_create_p12" https://gist.githubusercontent.com/caiofrota/a3fc6b861d3679deac1052930b79043d/raw/cf_https_create_p12 | |
chmod +x /bin/cf_* | |
echo "" | |
echo "CF Technology Solutions -- Initial configurations - Done" | |
echo "" | |
echo "" | |
if [ $CF_INSTALL_APACHE2 = true ]; then | |
echo "CF Technology Solutions -- Installing Apache2" | |
echo "" | |
# Install apache | |
apt-get install apache2 --assume-yes --force-yes | |
# Config proxy | |
ufw allow in "Apache Full" | |
a2enmod proxy | |
a2enmod http_proxy | |
echo "" | |
echo "CF Technology Solutions -- Installing Apache2 - Done" | |
echo "" | |
echo "" | |
fi; | |
if [ $CF_INSTALL_CERTBOT = true ]; then | |
echo "CF Technology Solutions -- Installing Certbot" | |
echo "" | |
# Install certbot | |
apt-get install python-certbot-apache --assume-yes --force-yes | |
echo "" | |
echo "CF Technology Solutions -- Installing Certbot - Done" | |
echo "" | |
echo "" | |
fi; | |
if [ $CF_INSTALL_PHP = true ]; then | |
echo "CF Technology Solutions -- Installing PHP" | |
echo "" | |
# Install PHP | |
apt-get install php php-cli libapache2-mod-php php-mcrypt php-mysql --assume-yes --force-yes | |
# Config PHP | |
sed -i 's/DirectoryIndex.*/DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm/' /etc/apache2/mods-enabled/dir.conf | |
# Restart PHP | |
systemctl restart apache2 | |
echo "" | |
echo "CF Technology Solutions -- Installing PHP - Done" | |
echo "" | |
echo "" | |
fi; | |
if [ $CF_INSTALL_MYSQL = true ]; then | |
echo "CF Technology Solutions -- Installing MySQL" | |
echo "" | |
# Pre-config MySQL options | |
debconf-set-selections <<EOF | |
mysql-server mysql-server/root_password password $MYSQL_ROOTPASS | |
mysql-server mysql-server/root_password_again password $MYSQL_ROOTPASS | |
dbconfig-common dbconfig-common/mysql/app-pass password $MYSQL_ROOTPASS | |
dbconfig-common dbconfig-common/mysql/admin-pass password $MYSQL_ROOTPASS | |
dbconfig-common dbconfig-common/password-confirm password $MYSQL_ROOTPASS | |
dbconfig-common dbconfig-common/app-password-confirm password $MYSQL_ROOTPASS | |
phpmyadmin phpmyadmin/reconfigure-webserver multiselect apache2 | |
phpmyadmin phpmyadmin/dbconfig-install boolean true | |
phpmyadmin phpmyadmin/app-password-confirm password $MYSQL_ROOTPASS | |
phpmyadmin phpmyadmin/mysql/admin-pass password $MYSQL_ROOTPASS | |
phpmyadmin phpmyadmin/password-confirm password $MYSQL_ROOTPASS | |
phpmyadmin phpmyadmin/setup-password password $MYSQL_ROOTPASS | |
phpmyadmin phpmyadmin/mysql/app-pass password $MYSQL_ROOTPASS | |
EOF | |
# Install MySQL and PHPMyAdmin | |
apt-get install mysql-server-5.7 mysql-client phpmyadmin php-mbstring php-gettext apache2-utils --assume-yes --force-yes | |
# Config MySQL | |
phpenmod mcrypt | |
phpenmod mbstring | |
mysql -u root --password=$DEFAULTPASS -e "grant all privileges on *.* to 'root'@'%' identified by '$DEFAULTPASS' with grant option;flush privileges;" | |
# Secure PHPMyAdmin | |
sed -i 's/DirectoryIndex.*/DirectoryIndex index.php\n AllowOverride All/' /etc/apache2/conf-available/phpmyadmin.conf | |
cat > /usr/share/phpmyadmin/.htaccess <<EOF | |
AuthType Basic | |
AuthName "Restricted Files" | |
AuthUserFile /etc/phpmyadmin/.htpasswd | |
Require valid-user | |
EOF | |
htpasswd -b -c /etc/phpmyadmin/.htpasswd $ROOTUSER $ROOTPASS | |
# Restart MySQL | |
systemctl restart mysql | |
# Restart Apache | |
systemctl restart apache2 | |
echo "" | |
echo "CF Technology Solutions -- Installing MySQL - Done" | |
echo "" | |
echo "" | |
fi; | |
if [ $CF_INSTALL_JAVA = true ]; then | |
echo "CF Technology Solutions -- Installing Java" | |
echo "" | |
# Install Java | |
#apt-get install default-jdk --assume-yes --force-yes | |
apt-get install openjdk-8-jdk --assume-yes --force-yes | |
apt-get install maven --assume-yes --force-yes | |
# Config Java | |
echo "JAVA_HOME=\"/usr/lib/jvm/java-1.8.0-openjdk-amd64\"" >> /etc/environment | |
# Restart environment | |
source /etc/environment | |
echo "" | |
echo "CF Technology Solutions -- Installing Java - Done" | |
echo "" | |
echo "" | |
fi; | |
if [ $CF_INSTALL_NODE = true ]; then | |
echo "CF Technology Solutions -- Installing NodeJS" | |
echo "" | |
# Install certbot | |
apt-get install nodejs --assume-yes --force-yes | |
apt-get install npm --assume-yes --force-yes | |
apt purge ng-common ng-latin --assume-yes --force-yes | |
npm install -g @angular/cli@1.7.4 --assume-yes --force-yes | |
echo "" | |
echo "CF Technology Solutions -- Installing NodeJS - Done" | |
echo "" | |
echo "" | |
fi; | |
if [ $CF_INSTALL_POSTFIX = true ]; then | |
echo "CF Technology Solutions -- Installing Postfix" | |
echo "" | |
# Pre-config Postfix options | |
debconf-set-selections <<< "postfix postfix/mailname string domain.com" | |
debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'" | |
# Install Postfix | |
apt-get install postfix --assume-yes --force-yes | |
# Config proxy | |
ufw allow Postfix | |
# Config Postfix | |
mkdir /etc/postfix/virtual | |
cat > /etc/postfix/virtual/addresses <<EOF | |
# <from@domain.com> <to@domain.com> | |
# | |
# CF Technology Solutions (cftechsol.com) | |
# admin@cftechsol.com cftechsol@gmail.com | |
EOF | |
cat > /etc/postfix/virtual/domains <<EOF | |
# domain.com | |
# | |
# cftechsol.com | |
EOF | |
sed -i 's/alias_database = hash:\/etc\/aliases/alias_database = hash:\/etc\/aliases\nvirtual_alias_domains = \/etc\/postfix\/virtual\/domains\nvirtual_alias_maps = hash:\/etc\/postfix\/virtual\/addresses/' /etc/postfix/main.cf | |
# Generate Postfix postmap | |
postmap /etc/postfix/virtual/addresses | |
# Restart Postfix | |
systemctl restart postfix | |
echo "" | |
echo "CF Technology Solutions -- Installing Postfix - Done" | |
echo "" | |
echo "" | |
fi; | |
echo "CF Technology Solutions -- Setup completed" | |
echo "" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment