Skip to content

Instantly share code, notes, and snippets.

@djrobby
Forked from KaiserKatze/deploy.sh
Created April 12, 2021 12:25
Show Gist options
  • Save djrobby/531c3e57b82f769ef1450449d869c5e8 to your computer and use it in GitHub Desktop.
Save djrobby/531c3e57b82f769ef1450449d869c5e8 to your computer and use it in GitHub Desktop.
Server initialization script for newly created Vultr VPS instances
#!/bin/bash
cat << EOF
#=============================================================================#
# Startup Boot Script #
# --------------------------------------------------------------------------- #
# Platform : Vultr VPS (Debian 9) #
# Author : KaiserKatze <donizyo@gmail.com> #
# --------------------------------------------------------------------------- #
# This startup script is saved to `/tmp/firstboot.exec` after execution. #
# Output produced can be found in `/tmp/firstboot.log`. #
# Scripts are executed using `/bin/bash` (Linux), `/bin/sh` (FreeBSD), etc. #
#=============================================================================#
EOF
#=============================================================================#
# Variables
#=============================================================================#
NEW_USER_NAME=
NEW_SSH_PORT=
SHADOWSOCKS_PORT=
SHADOWSOCKS_PASSWORD=
SHADOWSOCKS_METHOD="xchacha20-ietf-poly1305"
#=============================================================================#
# Install apt packages
#=============================================================================#
# shadowsocks-libev
sh -c 'printf "deb http://deb.debian.org/debian stretch-backports main" > /etc/apt/sources.list.d/stretch-backports.list'
apt update
apt -t stretch-backports install shadowsocks-libev
# User permission management
apt install -y sudo
# Network analysis - nmap
apt install -y nmap
# DNS analysis - dig
apt install -y dnsutils
# Fire wall - ufw
apt install -y ufw
# Build essentials - gcc
apt install -y build-essential
#=============================================================================#
# Routines
#=============================================================================#
# Create new user
PATH_ROOT_DIR="/root"
PATH_HOME_DIR="/home/$NEW_USER_NAME"
# Add yourself as new user
useradd -m -d "$PATH_HOME_DIR" -s /bin/bash "$NEW_USER_NAME"
# Grant youself admin priviledges
usermod -aG sudo "$NEW_USER_NAME"
# Verify priviledges
groups "$NEW_USER_NAME"
# Setup SSH authorization
PATH_SSH_DIR="$PATH_HOME_DIR/.ssh"
PATH_SSH_AKEYS="$PATH_SSH_DIR/authorized_keys"
mkdir -p "$PATH_SSH_DIR"
chmod 600 "$PATH_SSH_DIR"
touch "$PATH_SSH_AKEYS"
# !!! TODO: Please fill in your public key !!!
cat > "$PATH_SSH_AKEYS" << EOF
EOF
chmod 700 "$PATH_SSH_AKEYS"
PATH_ROOT_APP_DIR="$PATH_ROOT_DIR/App"
mkdir -p "$PATH_ROOT_APP_DIR"
# Setup DenyHosts
# @see https://github.com/denyhosts/denyhosts
# @see http://denyhosts.sourceforge.net/
cd "$PATH_ROOT_APP_DIR"
git clone https://github.com/denyhosts/denyhosts.git
cd denyhosts
# WARNING:
# module `ipaddr` & `denyhosts` must be installed with root/sudo permission;
# in addition, they must be installed under python 2.x environment.
python -m pip install ipaddr
python setup.py install
FILE_DENYHOST_CONFIG="denyhosts.conf"
cp -t /etc "$FILE_DENYHOST_CONFIG"
cp daemon-control-dist daemon-control
# On my VPS instance (Debian 9), `denyhosts.py` is found in `/usr/local/bin/`
ln -s "/usr/local/bin/denyhosts.py" "/usr/sbin/denyhosts"
chown root daemon-control
chmod 700 daemon-control
python daemon-control start
# Setup `~/.bashrc`
# !!! TODO: Please fill in your .bashrc script !!!
cat > "$PATH_HOME_DIR/.bashrc" << EOF
EOF
# Ban root user
passwd -l root
# Configure sshd
PATH_SSHD_CONFIG="/etc/ssh/sshd_config"
# !!! TODO: Please fill in your sshd config !!!
cat > "$PATH_SSHD_CONFIG" << EOF
EOF
# Restart sshd
systemctl reload sshd
# Setup firewall
ufw limit "$NEW_SSH_PORT/tcp"
ufw allow "WWW Secure" # allows HTTPS, vital for nginx
ufw allow "$SHADOWSOCKS_PORT" # allows both tcp and udp traffic
ufw logging off
ufw enable
ufw status numbered
# Setup shadowsocks-libev service
PATH_SHADOWSOCKS_CONFIG="/etc/shadowsocks-libev/config.json"
cat > "$PATH_SHADOWSOCKS_CONFIG" << EOF
{
"server":"0.0.0.0",
"server_port":$SHADOWSOCKS_PORT,
"local_port":1080,
"password":"$SHADOWSOCKS_PASSWORD",
"timeout":300,
"method":"$SHADOWSOCKS_METHOD"
}
EOF
service shadowsocks-libev start
systemctl status shadowsocks-libev
# Web server
apt install -y nginx-full
# HTTPS certification
apt install -y certbot
# Setup Django server
python3 -m pip install django
python3 -m pip install uwsgi
# Setup Nodejs server
curl -sL https://deb.nodesource.com/setup_11.x | bash -
apt install -y nodejs
# FTP server
apt install -y vsftpd
# DNS server
apt install -y bind9
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment