Last active
April 11, 2022 14:38
-
-
Save cnicodeme/97cfe71d8af243f4f86ee767149107ce to your computer and use it in GitHub Desktop.
server-nginx-flask.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# First of all, we check if the user is root | |
if [[ $EUID -ne 0 ]]; then | |
echo "This script must be run as root" | |
exit 1 | |
fi | |
# Changing the password of the root user | |
read -e -p "Do you want to change the root password? [Y/n] : " change_password | |
if [[ ("$change_password" == "y" || "$change_password" == "Y" || "$change_password" == "") ]]; then | |
passwd | |
fi | |
read -e -p "Admin contact email : " root_email | |
if [[ "$root_email" != "" ]]; then | |
echo $root_email > ~/.email | |
echo $root_email > ~/.forward | |
fi | |
echo "Updating Server name" | |
read -e -p "New server name (like srv.company.tld) : " server_name | |
if [[ "$server_name" != "" ]]; then | |
echo $server_name > /etc/hostname | |
hostname $server_name | |
fi | |
adduser cx42 | |
mkdir /home/cx42/.ssh && chown cx42:cx42 /home/cx42/.ssh | |
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAlAKoEB/321gXVJdKQ4lZmSvkLec5Wsz75gF+eZY1CLcM+ytpyQrSkSTppdhmBG/BewipfCa5Hk32Un9AGSyk0CoVpm1NExeLuo2PvKW0ReL3u1SfvsUYqq6jEKbaUCPlaDk6JD1w+8RNboUHUTfUY1ZmkxmK8SPjLvakt4I4qF+BTNBm35twu9lk6KkZLpMnVTZt0YBKRilCBQNFFiiQnfc0Wk9Msn6YU2YcIER3ADY0hdYWxZ5ae/D7O6cGxV7ErBC9pTg+R+Y8mxKBgxYRXHDIsGc4NwB/rIRQ5Ru2DP9Qezqwqd7lmYf9jtpNj+pdSWi1Oe8nCo/1d43R9LKX/w== cx42@cx42-laptop" > /home/cx42/.ssh/authorized_keys | |
echo "Adding cx42 into the sudoers" | |
echo 'cx42 ALL=(ALL:ALL) NOPASSWD:ALL' >> /etc/sudoers | |
# SSH Server | |
echo "Improving security on SSH" | |
sed -i "s/#AuthorizedKeysFile/AuthorizedKeysFile/" /etc/ssh/sshd_config | |
sed -i "s/X11Forwarding yes/X11Forwarding no/" /etc/ssh/sshd_config | |
sed -i "s/PermitRootLogin yes/PermitRootLogin no/" /etc/ssh/sshd_config | |
echo "" >> /etc/ssh/sshd_config | |
echo "AllowUsers cx42" >> /etc/ssh/sshd_config | |
/etc/init.d/ssh restart | |
echo "Force update the server ..." | |
apt-get --yes update && apt-get --yes upgrade && apt-get dist-upgrade | |
echo "Automate installation of new upgrades ..." | |
apt-get --yes install unattended-upgrades | |
echo "Installing Fail2ban ..." | |
apt-get --yes install fail2ban | |
echo "Installing MySQL..." | |
apt-get --yes install mariadb-server | |
mysql_secure_installation | |
echo "Installing various items": | |
apt-get install git python3-pip python3-dev python3-venv python-setuptools gcc libmariadbclient-dev default-libmysqlclient-dev | |
echo "Installing CaddyServer:" | |
apt install -y debian-keyring debian-archive-keyring apt-transport-https | |
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | apt-key add - | |
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee -a /etc/apt/sources.list.d/caddy-stable.list | |
apt update | |
apt -y install caddy | |
# Installing supervisor | |
apt-get install supervisor | |
rm -rf /var/www && mkdir /var/www && cd /var/www/ | |
read -e -p "Project Name:\n" project_name | |
mkdir "$project_name" && cd "$project_name" | |
mkdir repository.git && cd repository.git | |
git init --bare | |
echo "#!/bin/bash" > hooks/post-receive | |
echo "" >> hooks/post-receive | |
echo "unset \$(git rev-parse --local-env-vars)" >> hooks/post-receive | |
echo "cd /var/www/$project_name/www/" >> hooks/post-receive | |
echo "git pull" >> hooks/post-receive | |
echo "" >> hooks/post-receive | |
echo "/var/www/$project_name/env/bin/pip -q install -r requirements.txt --exists-action s" >> hooks/post-receive | |
echo "/var/www/$project_name/env/bin/python manage.py db upgrade" >> hooks/post-receive | |
echo "" >> hooks/post-receive | |
echo "touch /var/www/$project_name/reloaded" >> hooks/post-receive | |
chmod +x hooks/post-receive | |
cd .. | |
# Loading the latest changes | |
read -e -p "Project current repository:\n" project_repository | |
git clone $project_repository tmp | |
cd tmp | |
git push "file:///var/www/$project_name/repository.git" master | |
cd .. | |
rm -rf tmp | |
# Cloning the code into place | |
git clone /var/www/$project_name/repository.git /var/www/$project_name/www | |
touch /var/www/$project_name/reloaded | |
cd /var/www/$project_name/ | |
# Install VirtualEnv and installing required packages. | |
python3 -m venv env | |
./env/bin/pip install -r ./www/requirements.txt | |
./env/bin/pip install uwsgi | |
# Setting UWSGI | |
touch "/var/www/${project_name}/uwsgi.sock" && chown cx42:cx42 "/var/www/${project_name}/uwsgi.sock" | |
# Now configuring Supervisor | |
ln -s /var/www/$project_name/www/config/supervisor/* /etc/supervisor/conf.d/ | |
echo "" > /etc/caddy/Caddyfile | |
echo "${server_name} {" >> /etc/caddy/Caddyfile | |
echo " reverse_proxy * unix//var/www/${project_name}/uwsgi.sock" >> /etc/caddy/Caddyfile | |
echo " log {" >> /etc/caddy/Caddyfile | |
echo " output file /var/log/caddy/${project_name}.log" >> /etc/caddy/Caddyfile | |
echo " }" >> /etc/caddy/Caddyfile | |
echo "}" >> /etc/caddy/Caddyfile | |
echo "" >> /etc/caddy/Caddyfile | |
# Done ! | |
echo "" | |
echo "Done!" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment