dmilojkovic76/ubuntu_init_setup.sh

## ubuntu_init_setup.sh
#! /bin/bash

# Update and install the latest software
sudo apt update
sudo apt upgrade -y

# may need to reboot, look for the message *** System restart required *** after the login @ MOTD
# sudo reboot

# Set the machine hostname
sudo hostnamectl set-hostname <something-cool>

# Install and configure oh-my-bash (needs curl or wget and git)
curl -fsSL https://raw.githubusercontent.com/ohmybash/oh-my-bash/master/tools/install.sh | bash
# bash -c "$(wget https://raw.githubusercontent.com/ohmybash/oh-my-bash/master/tools/install.sh -O -)"
# Set agnoster theme for example https://github.com/ohmybash/oh-my-bash/wiki/Themes#agnoster
# sed -i -e 's/OSH_THEME="font"/OSH_THEME="agnoster"/g' ~/.bashrc
# agnoster theme for example needs powerline patched fonts
sudo apt install fonts-powerline -y
sed -i -e 's/OSH_THEME="font"/OSH_THEME="brainy"/g' ~/.bashrc
source ~/.bashrc

# Install NodeJS systemwide:
# curl -sL https://deb.nodesource.com/setup_14.x | sudo -E bash -
# sudo apt install -y nodejs

# OR

# Install NVM to manage node.js versions and installations
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.34.0/install.sh | bash

# To properly mount NTFS drives and to be able to run scripts (ie. 'npm run start'...)
# Option 1:
# sudo mkdir /media/<your_username>/<the_partition_name>
# sudo mount -t ntfs -o rw,auto,defaults,exec /dev/disk/by-label/<the_partition_name> /media/<your_username>/<the_partition_name>
# or
# Option2:
#  edit /etc/fstab to make it permanenet by adding:
# UUID=<UUID_OF_A_PARTITION_TO_MOUNT> </full_path/to/mountpoint> ntfs rw,auto,defaults,users,exec 0 0

# Setup linux netfilter firewall
# YOU MUST RUN THE NEXT 2 commands together before exiting or you will not be able to SSH back in!
sudo ufw enable && sudo ufw allow ssh

# for example to allow traffic from 192.168.1.215 on udp port 88:
# sudo ufw allow from 192.168.1.215 proto udp to any port 88
# To delete this rule, preface the command with delete:
# sudo ufw delete allow from 192.168.1.215 proto udp to any port 88
# OR to allow trafic from ANYWHERE to a port 5000:
# sudo ufw allow to any port 5000

# Create custom service for startiong customized scripts/apps
# cd /etc/systemd/system && sudo vim custom.service

# Paste somthing like this inside that file
#[Unit]
#Description = making network connection up # EDit this
#After = network.target
#
#[Service]
#ExecStart = /home/$USERNAME/script.sh # Edit for a real path
#
#[Install]
#WantedBy = multi-user.target

# then
#cd ~
#echo "#!/bin/bash" > script.sh
#echo "run some program" >> script.sh
#chmod +x script.sh

# reboot or strt the service manually
#sudo systemctl start custom.service

# Configure Amazon EC2 instances to work with AWS CodeDeploy
# Deplyment type allowd at the moment is: Blue/green deployment
# sudo apt install ruby
# sudo apt install wget
#  cd /home/es2-user
# wget https://aws-codedeploy-$REGION.s3.amazonaws.com/latest/install
# chmod +x ./install
# sudo ./install auto

# NGINX setup
sudo apt install nginx -y
sudo ufw allow 'Nginx HTTP'
sudo ufw allow 'Nginx HTTPS'

# NGINX Configuration

# Optimizing NGINX config: https://www.digitalocean.com/community/tutorials/how-to-optimize-nginx-configuration

#####
# Settings for Let's Encrypt - Site HTTPS/TLS certificates for free
###### READ: https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04
###### READ: https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/
# Domain name needs to be registered and both A records (ie. example.com and www.example.com) have to point to server's public IP
# the following steps are for ubuntu 16.04 and example.com, digitalocean link has steps for ubuntu 20.04
# 1. Download the Let’s Encrypt Client
#sudo add-apt-repository ppa:certbot/certbot
#sudo apt update
#sudo apt install python-certbot-nginx -y
# 2. NGINX configuration
# certbot looks for and modifies server block in Nginx config file that has server_name variable set to a domain for requested cert
# so in: etc/nginx/conf.d directory named domain‑name.conf shoulh have for example, www.example.com.conf with
#server {
#    listen 80 default_server;
#    listen [::]:80 default_server;
#    root /var/www/html;
#    server_name example.com www.example.com;
#}
#
# 3. Check the config and rstart NGINX
# sudo nginx -t && sudo nginx -s reload

# The NGINX plug‑in for certbot takes care of reconfiguring NGINX and reloading its configuration whenever necessary.
# sudo certbot --nginx -d example.com -d www.example.com
# Respond to prompts from certbot to configure your HTTPS settings, which involves entering your email address and agreeing to the Let’s Encrypt terms of service.
# When done, certbot has modified domain‑name.conf addind ssl, rsa and other needed config params.

# 4. Let’s Encrypt certificates expire after 90 days. so to renew certificates automatically:
# open crontab -e and add
# 0 12 * * * /usr/bin/certbot renew --quiet

#####
# Settings for mkcert - Site HTTPS/TLS certificates for development server
# 1. Install Certutil - a command-line utility that can create and modify certificate and key databases
# sudo apt install libnss3-tools -y
# 2. install mkcert from github
# cd ~
# wget https://github.com/FiloSottile/mkcert/releases/download/v1.1.2/mkcert-v1.1.2-linux-amd64
# mv mkcert-v1.1.2-linux-amd64 mkcert
# chmod +x mkcert
# sudo cp mkcert /usr/local/bin/
# 3. Generate Local CA
# sudo mkcert -install
# To find the root CA path
# sudo mkcert -CAROOT
# 4. Generate Local SSL Certificates (files will be in home folder)
# sudo mkcert example.com '*.example.com' localhost 127.0.0.1 ::1

# 5. Enable the Certificates for Nginx Web Server
# Create web page configuration or use existing one
# For exmple in /etc/nginx/sites-available/example.com
# server {
#  listen 80;
#  listen 443 ssl;
#
#  ssl_certificate /home/<USERNAME>/example.com+4.pem;
#  ssl_certificate_key /home/<USERNAME>/example.com+4-key.pem;
#
#  server_name example.com;
#
#  location / {
#    root /var/www/html/example;
#    index index.html;
#  }
#}
# 6. Verify that the configuration has no error and restart nginx
# sudo nginx -t && sudo systemctl restart nginx

# Docker setup
# sudo apt install apt-transport-https ca-certificates curl software-properties-common -y
# curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
# sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable"
# sudo apt update
# apt-cache policy docker-ce
# sudo apt install docker-ce -y
# sudo usermod -aG docker ${USER}

# logout and log back in

# Update docker-compose version: https://github.com/docker/compose/releases
# sudo curl -L https://github.com/docker/compose/releases/download/1.25.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
# sudo chmod +x /usr/local/bin/docker-compose

# Check for web safety of the configuration of NGINX and deployed backend server
# https://observatory.mozilla.org/

# Setup CloudFlare infront the website to help with CDN, DDoS attacks, Securoty and more....
	#! /bin/bash

	# Update and install the latest software
	sudo apt update
	sudo apt upgrade -y

	# may need to reboot, look for the message * System restart required * after the login @ MOTD
	# sudo reboot

	# Set the machine hostname
	sudo hostnamectl set-hostname <something-cool>

	# Install and configure oh-my-bash (needs curl or wget and git)
	curl -fsSL https://raw.githubusercontent.com/ohmybash/oh-my-bash/master/tools/install.sh \| bash
	# bash -c "$(wget https://raw.githubusercontent.com/ohmybash/oh-my-bash/master/tools/install.sh -O -)"
	# Set agnoster theme for example https://github.com/ohmybash/oh-my-bash/wiki/Themes#agnoster
	# sed -i -e 's/OSH_THEME="font"/OSH_THEME="agnoster"/g' ~/.bashrc
	# agnoster theme for example needs powerline patched fonts
	sudo apt install fonts-powerline -y
	sed -i -e 's/OSH_THEME="font"/OSH_THEME="brainy"/g' ~/.bashrc
	source ~/.bashrc

	# Install NodeJS systemwide:
	# curl -sL https://deb.nodesource.com/setup_14.x \| sudo -E bash -
	# sudo apt install -y nodejs

	# OR

	# Install NVM to manage node.js versions and installations
	curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.34.0/install.sh \| bash

	# To properly mount NTFS drives and to be able to run scripts (ie. 'npm run start'...)
	# Option 1:
	# sudo mkdir /media/<your_username>/<the_partition_name>
	# sudo mount -t ntfs -o rw,auto,defaults,exec /dev/disk/by-label/<the_partition_name> /media/<your_username>/<the_partition_name>
	# or
	# Option2:
	# edit /etc/fstab to make it permanenet by adding:
	# UUID=<UUID_OF_A_PARTITION_TO_MOUNT> </full_path/to/mountpoint> ntfs rw,auto,defaults,users,exec 0 0

	# Setup linux netfilter firewall
	# YOU MUST RUN THE NEXT 2 commands together before exiting or you will not be able to SSH back in!
	sudo ufw enable && sudo ufw allow ssh

	# for example to allow traffic from 192.168.1.215 on udp port 88:
	# sudo ufw allow from 192.168.1.215 proto udp to any port 88
	# To delete this rule, preface the command with delete:
	# sudo ufw delete allow from 192.168.1.215 proto udp to any port 88
	# OR to allow trafic from ANYWHERE to a port 5000:
	# sudo ufw allow to any port 5000

	# Create custom service for startiong customized scripts/apps
	# cd /etc/systemd/system && sudo vim custom.service

	# Paste somthing like this inside that file
	#[Unit]
	#Description = making network connection up # EDit this
	#After = network.target
	#
	#[Service]
	#ExecStart = /home/$USERNAME/script.sh # Edit for a real path
	#
	#[Install]
	#WantedBy = multi-user.target

	# then
	#cd ~
	#echo "#!/bin/bash" > script.sh
	#echo "run some program" >> script.sh
	#chmod +x script.sh

	# reboot or strt the service manually
	#sudo systemctl start custom.service

	# Configure Amazon EC2 instances to work with AWS CodeDeploy
	# Deplyment type allowd at the moment is: Blue/green deployment
	# sudo apt install ruby
	# sudo apt install wget
	# cd /home/es2-user
	# wget https://aws-codedeploy-$REGION.s3.amazonaws.com/latest/install
	# chmod +x ./install
	# sudo ./install auto

	# NGINX setup
	sudo apt install nginx -y
	sudo ufw allow 'Nginx HTTP'
	sudo ufw allow 'Nginx HTTPS'

	# NGINX Configuration

	# Optimizing NGINX config: https://www.digitalocean.com/community/tutorials/how-to-optimize-nginx-configuration

	#####
	# Settings for Let's Encrypt - Site HTTPS/TLS certificates for free
	###### READ: https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04
	###### READ: https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/
	# Domain name needs to be registered and both A records (ie. example.com and www.example.com) have to point to server's public IP
	# the following steps are for ubuntu 16.04 and example.com, digitalocean link has steps for ubuntu 20.04
	# 1. Download the Let’s Encrypt Client
	#sudo add-apt-repository ppa:certbot/certbot
	#sudo apt update
	#sudo apt install python-certbot-nginx -y
	# 2. NGINX configuration
	# certbot looks for and modifies server block in Nginx config file that has server_name variable set to a domain for requested cert
	# so in: etc/nginx/conf.d directory named domain‑name.conf shoulh have for example, www.example.com.conf with
	#server {
	# listen 80 default_server;
	# listen [::]:80 default_server;
	# root /var/www/html;
	# server_name example.com www.example.com;
	#}
	#
	# 3. Check the config and rstart NGINX
	# sudo nginx -t && sudo nginx -s reload

	# The NGINX plug‑in for certbot takes care of reconfiguring NGINX and reloading its configuration whenever necessary.
	# sudo certbot --nginx -d example.com -d www.example.com
	# Respond to prompts from certbot to configure your HTTPS settings, which involves entering your email address and agreeing to the Let’s Encrypt terms of service.
	# When done, certbot has modified domain‑name.conf addind ssl, rsa and other needed config params.

	# 4. Let’s Encrypt certificates expire after 90 days. so to renew certificates automatically:
	# open crontab -e and add
	# 0 12 * * * /usr/bin/certbot renew --quiet

	#####
	# Settings for mkcert - Site HTTPS/TLS certificates for development server
	# 1. Install Certutil - a command-line utility that can create and modify certificate and key databases
	# sudo apt install libnss3-tools -y
	# 2. install mkcert from github
	# cd ~
	# wget https://github.com/FiloSottile/mkcert/releases/download/v1.1.2/mkcert-v1.1.2-linux-amd64
	# mv mkcert-v1.1.2-linux-amd64 mkcert
	# chmod +x mkcert
	# sudo cp mkcert /usr/local/bin/
	# 3. Generate Local CA
	# sudo mkcert -install
	# To find the root CA path
	# sudo mkcert -CAROOT
	# 4. Generate Local SSL Certificates (files will be in home folder)
	# sudo mkcert example.com '*.example.com' localhost 127.0.0.1 ::1

	# 5. Enable the Certificates for Nginx Web Server
	# Create web page configuration or use existing one
	# For exmple in /etc/nginx/sites-available/example.com
	# server {
	# listen 80;
	# listen 443 ssl;
	#
	# ssl_certificate /home/<USERNAME>/example.com+4.pem;
	# ssl_certificate_key /home/<USERNAME>/example.com+4-key.pem;
	#
	# server_name example.com;
	#
	# location / {
	# root /var/www/html/example;
	# index index.html;
	# }
	#}
	# 6. Verify that the configuration has no error and restart nginx
	# sudo nginx -t && sudo systemctl restart nginx

	# Docker setup
	# sudo apt install apt-transport-https ca-certificates curl software-properties-common -y
	# curl -fsSL https://download.docker.com/linux/ubuntu/gpg \| sudo apt-key add -
	# sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable"
	# sudo apt update
	# apt-cache policy docker-ce
	# sudo apt install docker-ce -y
	# sudo usermod -aG docker ${USER}

	# logout and log back in

	# Update docker-compose version: https://github.com/docker/compose/releases
	# sudo curl -L https://github.com/docker/compose/releases/download/1.25.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
	# sudo chmod +x /usr/local/bin/docker-compose

	# Check for web safety of the configuration of NGINX and deployed backend server
	# https://observatory.mozilla.org/

	# Setup CloudFlare infront the website to help with CDN, DDoS attacks, Securoty and more....