Skip to content

Instantly share code, notes, and snippets.

@caiofrota

caiofrota/cf_https_create_p12

Last active September 5, 2019 20:15
Show Gist options
  • Save caiofrota/a3fc6b861d3679deac1052930b79043d to your computer and use it in GitHub Desktop.
Save caiofrota/a3fc6b861d3679deac1052930b79043d to your computer and use it in GitHub Desktop.
Download ZIP
Setup Ubuntu server machine (with Apache2, PHP, MySQL, Java and Postfix) and useful scripts.
Raw
cf_https_create_p12
#!/bin/bash
if [[ $(/usr/bin/id -u) -ne 0 ]]; then
echo "Not running as root"
exit
fi
if [[ -z "$1" ]]; then
echo "Site must be informed"
exit
fi
echo "Creating file"
openssl pkcs12 -export -in /etc/letsencrypt/live/$1/fullchain.pem -inkey /etc/letsencrypt/live/$1/privkey.pem -out /etc/letsencrypt/live/$1/keystore.p12 -name tomcat -CAfile /etc/letsencrypt/live/$1/chain.pem -caname root
Raw
cf_https_install_cert
#!/bin/bash
if [[ $(/usr/bin/id -u) -ne 0 ]]; then
echo "Not running as root"
exit
fi
if [[ -z "$1" ]]; then
echo "Site must be informed"
exit
fi
#sudo certbot --apache --preferred-challenges dns -d $1 -d www.$1
echo "Installing cert"
echo "2" | certbot --apache -d $1 -d www.$1
Raw
cf_https_refresh_cert
#!/bin/bash
if [[ $(/usr/bin/id -u) -ne 0 ]]; then
echo "Not running as root"
exit
fi
echo "Refreshing certs"
certbot renew --dry-run
Raw
cf_https_uninstall_cert
#!/bin/bash
if [[ $(/usr/bin/id -u) -ne 0 ]]; then
echo "Not running as root"
exit
fi
if [[ -z "$1" ]]; then
echo "Site must be informed"
exit
fi
echo "Unnstalling cert"
echo "2" | certbot delete --cert-name $1
Raw
cf_mysql_create_user
#!/bin/bash
if [[ $(/usr/bin/id -u) -ne 0 ]]; then
echo "Not running as root"
exit
fi
if [[ -z "$1" ]]; then
echo "User must be informed"
exit
fi
if [[ -z "$2" ]]; then
echo "Password must be informed"
exit
fi
echo "Creating database"
sudo -i mysql -e "create database $1"
echo "Creating user"
sudo -i mysql -e "create user '$1'@'localhost' identified by '$2'"
echo "Granting privileges"
sudo -i mysql -e "grant all privileges on $1.* to '$1'@'localhost'"
sudo -i mysql -e "flush privileges"
Raw
cf_site_create
#!/bin/bash
if [[ $(/usr/bin/id -u) -ne 0 ]]; then
echo "Not running as root"
exit
fi
if [[ -z "$1" ]]; then
echo "Site must be informed"
exit
fi
echo "Creating dir /var/www/$1."
mkdir /var/www/$1
chown www-data:www-data /var/www/$1
mkdir /var/www/$1/public_html
echo "Creating virtual server."
cat >/etc/apache2/sites-available/$1.conf <<EOL
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName $1
ServerAlias www.$1
DocumentRoot /var/www/$1/public_html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
EOL
a2ensite $1
echo "Restarting apache."
service apache2 restart
echo "Done."
Raw
server-setup.sh
#!/bin/bash
# Install (Do NOT remove the comment from the lines below, just copy the commands without simbol)
#
# wget https://gist.githubusercontent.com/caiofrota/a3fc6b861d3679deac1052930b79043d/raw/server-setup.sh
# chmod +x server-setup.sh
# ./server-setup.sh
# Variables
CF_TIMEZONE="America/Fortaleza"
CF_INSTALL_APACHE2=true
CF_INSTALL_CERTBOT=true
CF_INSTALL_PHP=true
CF_INSTALL_MYSQL=true
CF_INSTALL_NODE=true
CF_INSTALL_JAVA=true
CF_INSTALL_POSTFIX=true
# End variables
# List Zones: ls /usr/share/zoneinfo/
# List Areas: ls /usr/share/zoneinfo/America
ROOTUSER=$1
ROOTPASS=$2
if [[ -z "$1" ]]; then
echo "Root user must be informed"
exit
fi
if [ "$1" = "root" ]; then
echo "Root user must be different from \"root\""
exit
fi
if [[ -z "$2" ]]; then
echo "Root password be informed"
exit
fi
MYSQL_ROOTPASS=$ROOTPASS
echo " _____ ______ _______ _ _____ _ _ _ "
echo " / ____| ____| |__ __| | | / ____| | | | | (_) "
echo " | | | |__ | | ___ ___| |__ | (___ ___ | |_ _| |_ _ ___ _ __ ___ "
echo " | | | __| | |/ _ \/ __| '_ \ \___ \ / _ \| | | | | __| |/ _ \| '_ \/ __| "
echo " | |____| | | | __/ (__| | | | ____) | (_) | | |_| | |_| | (_) | | | \__ \ "
echo " \_____|_| |_|\___|\___|_| |_| |_____/ \___/|_|\__,_|\__|_|\___/|_| |_|___/ "
echo ""
echo "CF Technology Solutions -- Starting server setup"
echo ""
echo ""
echo "CF Technology Solutions -- Updating packages"
echo ""
add-apt-repository ppa:certbot/certbot -y
add-apt-repository ppa:webupd8team/java -y
apt-get update
echo ""
echo "CF Technology Solutions -- Updating packages - Done"
echo ""
echo ""
echo "CF Technology Solutions -- Initial configurations"
echo ""
# Configure swap
sudo fallocate -l 2G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
echo "/swapfile none swap sw 0 0" >> sudo /etc/fstab
sudo sysctl vm.swappiness=10
echo "vm.swappiness=10" >> sudo /etc/sysctl.conf
sudo sysctl vm.vfs_cache_pressure=50
echo "vm.vfs_cache_pressure=50" >> sudo /etc/sysctl.conf
# Configure Timezone
echo "$CF_TIMEZONE" > /etc/timezone
cp /usr/share/zoneinfo/${CF_TIMEZONE} /etc/localtime
dpkg-reconfigure -f noninteractive tzdata
# Install curl
apt-get install curl --assume-yes --force-yes
# Configure Digital Ocean Graphs
curl -sSL https://agent.digitalocean.com/install.sh | sh
# Create root user
useradd -m -p $(openssl passwd -1 $ROOTPASS) $ROOTUSER -s /bin/bash
usermod -aG sudo $ROOTUSER
echo "$ROOTUSER ALL=(ALL) ALL" >> /etc/sudoers
# Disable root login
sed -i 's/PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
# Restart SSH
systemctl reload sshd
# Enable SSH
ufw allow OpenSSH
echo "y" | ufw enable
# Zip and Unzip
apt-get install zip unzip --assume-yes --force-yes
# Download CF Scripts
wget --output-document="/bin/cf_site_create" https://gist.githubusercontent.com/caiofrota/a3fc6b861d3679deac1052930b79043d/raw/cf_site_create
wget --output-document="/bin/cf_mysql_create_user" https://gist.githubusercontent.com/caiofrota/a3fc6b861d3679deac1052930b79043d/raw/cf_mysql_create_user
wget --output-document="/bin/cf_https_refresh_cert" https://gist.githubusercontent.com/caiofrota/a3fc6b861d3679deac1052930b79043d/raw/cf_https_refresh_cert
wget --output-document="/bin/cf_https_install_cert" https://gist.githubusercontent.com/caiofrota/a3fc6b861d3679deac1052930b79043d/raw/cf_https_install_cert
wget --output-document="/bin/cf_https_uninstall_cert" https://gist.githubusercontent.com/caiofrota/a3fc6b861d3679deac1052930b79043d/raw/cf_https_uninstall_cert
wget --output-document="/bin/cf_https_create_p12" https://gist.githubusercontent.com/caiofrota/a3fc6b861d3679deac1052930b79043d/raw/cf_https_create_p12
chmod +x /bin/cf_*
echo ""
echo "CF Technology Solutions -- Initial configurations - Done"
echo ""
echo ""
if [ $CF_INSTALL_APACHE2 = true ]; then
echo "CF Technology Solutions -- Installing Apache2"
echo ""
# Install apache
apt-get install apache2 --assume-yes --force-yes
# Config proxy
ufw allow in "Apache Full"
a2enmod proxy
a2enmod http_proxy
echo ""
echo "CF Technology Solutions -- Installing Apache2 - Done"
echo ""
echo ""
fi;
if [ $CF_INSTALL_CERTBOT = true ]; then
echo "CF Technology Solutions -- Installing Certbot"
echo ""
# Install certbot
apt-get install python-certbot-apache --assume-yes --force-yes
echo ""
echo "CF Technology Solutions -- Installing Certbot - Done"
echo ""
echo ""
fi;
if [ $CF_INSTALL_PHP = true ]; then
echo "CF Technology Solutions -- Installing PHP"
echo ""
# Install PHP
apt-get install php php-cli libapache2-mod-php php-mcrypt php-mysql --assume-yes --force-yes
# Config PHP
sed -i 's/DirectoryIndex.*/DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm/' /etc/apache2/mods-enabled/dir.conf
# Restart PHP
systemctl restart apache2
echo ""
echo "CF Technology Solutions -- Installing PHP - Done"
echo ""
echo ""
fi;
if [ $CF_INSTALL_MYSQL = true ]; then
echo "CF Technology Solutions -- Installing MySQL"
echo ""
# Pre-config MySQL options
debconf-set-selections <<EOF
mysql-server mysql-server/root_password password $MYSQL_ROOTPASS
mysql-server mysql-server/root_password_again password $MYSQL_ROOTPASS
dbconfig-common dbconfig-common/mysql/app-pass password $MYSQL_ROOTPASS
dbconfig-common dbconfig-common/mysql/admin-pass password $MYSQL_ROOTPASS
dbconfig-common dbconfig-common/password-confirm password $MYSQL_ROOTPASS
dbconfig-common dbconfig-common/app-password-confirm password $MYSQL_ROOTPASS
phpmyadmin phpmyadmin/reconfigure-webserver multiselect apache2
phpmyadmin phpmyadmin/dbconfig-install boolean true
phpmyadmin phpmyadmin/app-password-confirm password $MYSQL_ROOTPASS
phpmyadmin phpmyadmin/mysql/admin-pass password $MYSQL_ROOTPASS
phpmyadmin phpmyadmin/password-confirm password $MYSQL_ROOTPASS
phpmyadmin phpmyadmin/setup-password password $MYSQL_ROOTPASS
phpmyadmin phpmyadmin/mysql/app-pass password $MYSQL_ROOTPASS
EOF
# Install MySQL and PHPMyAdmin
apt-get install mysql-server-5.7 mysql-client phpmyadmin php-mbstring php-gettext apache2-utils --assume-yes --force-yes
# Config MySQL
phpenmod mcrypt
phpenmod mbstring
mysql -u root --password=$DEFAULTPASS -e "grant all privileges on *.* to 'root'@'%' identified by '$DEFAULTPASS' with grant option;flush privileges;"
# Secure PHPMyAdmin
sed -i 's/DirectoryIndex.*/DirectoryIndex index.php\n AllowOverride All/' /etc/apache2/conf-available/phpmyadmin.conf
cat > /usr/share/phpmyadmin/.htaccess <<EOF
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /etc/phpmyadmin/.htpasswd
Require valid-user
EOF
htpasswd -b -c /etc/phpmyadmin/.htpasswd $ROOTUSER $ROOTPASS
# Restart MySQL
systemctl restart mysql
# Restart Apache
systemctl restart apache2
echo ""
echo "CF Technology Solutions -- Installing MySQL - Done"
echo ""
echo ""
fi;
if [ $CF_INSTALL_JAVA = true ]; then
echo "CF Technology Solutions -- Installing Java"
echo ""
# Install Java
#apt-get install default-jdk --assume-yes --force-yes
apt-get install openjdk-8-jdk --assume-yes --force-yes
apt-get install maven --assume-yes --force-yes
# Config Java
echo "JAVA_HOME=\"/usr/lib/jvm/java-1.8.0-openjdk-amd64\"" >> /etc/environment
# Restart environment
source /etc/environment
echo ""
echo "CF Technology Solutions -- Installing Java - Done"
echo ""
echo ""
fi;
if [ $CF_INSTALL_NODE = true ]; then
echo "CF Technology Solutions -- Installing NodeJS"
echo ""
# Install certbot
apt-get install nodejs --assume-yes --force-yes
apt-get install npm --assume-yes --force-yes
apt purge ng-common ng-latin --assume-yes --force-yes
npm install -g @angular/cli@1.7.4 --assume-yes --force-yes
echo ""
echo "CF Technology Solutions -- Installing NodeJS - Done"
echo ""
echo ""
fi;
if [ $CF_INSTALL_POSTFIX = true ]; then
echo "CF Technology Solutions -- Installing Postfix"
echo ""
# Pre-config Postfix options
debconf-set-selections <<< "postfix postfix/mailname string domain.com"
debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"
# Install Postfix
apt-get install postfix --assume-yes --force-yes
# Config proxy
ufw allow Postfix
# Config Postfix
mkdir /etc/postfix/virtual
cat > /etc/postfix/virtual/addresses <<EOF
# <from@domain.com> <to@domain.com>
#
# CF Technology Solutions (cftechsol.com)
# admin@cftechsol.com cftechsol@gmail.com
EOF
cat > /etc/postfix/virtual/domains <<EOF
# domain.com
#
# cftechsol.com
EOF
sed -i 's/alias_database = hash:\/etc\/aliases/alias_database = hash:\/etc\/aliases\nvirtual_alias_domains = \/etc\/postfix\/virtual\/domains\nvirtual_alias_maps = hash:\/etc\/postfix\/virtual\/addresses/' /etc/postfix/main.cf
# Generate Postfix postmap
postmap /etc/postfix/virtual/addresses
# Restart Postfix
systemctl restart postfix
echo ""
echo "CF Technology Solutions -- Installing Postfix - Done"
echo ""
echo ""
fi;
echo "CF Technology Solutions -- Setup completed"
echo ""
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment