Last active
April 25, 2017 01:33
-
-
Save eheikes/5351193 to your computer and use it in GitHub Desktop.
Installs the latest Apache package and configures it.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash -x | |
# Dependency: UFW should be installed before this script is executed. | |
# <UDF name="new_hostname" Label="Computer Hostname" example="BasicShared1" /> | |
# Include http://www.linode.com/stackscripts/view/?StackScriptID=1 | |
source <ssinclude StackScriptID="1"> | |
# | |
# Install Apache. | |
# | |
aptitude -y install apache2 apache2-mpm-itk | |
# Add AQ-specific configuration | |
echo "#" >> /etc/apache2/httpd.conf | |
echo "# ArrowQuick-specific configuration" >> /etc/apache2/httpd.conf | |
echo "#" >> /etc/apache2/httpd.conf | |
echo "ServerAdmin support@arrowquick.com" >> /etc/apache2/httpd.conf | |
echo "<Files ~ \"^\.user\.ini\">" >> /etc/apache2/httpd.conf | |
echo " Order allow,deny" >> /etc/apache2/httpd.conf | |
echo " Deny from all" >> /etc/apache2/httpd.conf | |
echo " Satisfy all" >> /etc/apache2/httpd.conf | |
echo "</Files>" >> /etc/apache2/httpd.conf | |
echo "" >> /etc/apache2/httpd.conf | |
echo "# Tweak performance limits." >> /etc/apache2/httpd.conf | |
echo "<IfModule mpm_itk_module>" >> /etc/apache2/httpd.conf | |
echo " # Defaults (see apache2.conf)" >> /etc/apache2/httpd.conf | |
echo " StartServers 5" >> /etc/apache2/httpd.conf | |
echo " MinSpareServers 5" >> /etc/apache2/httpd.conf | |
echo " MaxSpareServers 10" >> /etc/apache2/httpd.conf | |
echo " # (512MB server - 64MB overhead) / 11MB per Apache process" >> /etc/apache2/httpd.conf | |
echo " MaxClients 40" >> /etc/apache2/httpd.conf | |
echo " # Limit number of requests in a process lifetime, in case of memory leaks." >> /etc/apache2/httpd.conf | |
echo " MaxRequestsPerChild 3000" >> /etc/apache2/httpd.conf | |
echo "</IfModule>" >> /etc/apache2/httpd.conf | |
# Change some basic settings. | |
sed -i 's/#<Directory \/>/<Directory \/>/' /etc/apache2/conf.d/security | |
sed -i 's/#\tAllowOverride None/\tAllowOverride None/' /etc/apache2/conf.d/security | |
sed -i 's/#\tOrder Deny,Allow/\tOrder Deny,Allow/' /etc/apache2/conf.d/security | |
sed -i 's/#\tDeny from all/\tDeny from all/' /etc/apache2/conf.d/security | |
sed -i 's/#<\/Directory>/<\/Directory>/' /etc/apache2/conf.d/security | |
sed -i 's/ServerTokens OS/ServerTokens Prod/' /etc/apache2/conf.d/security | |
sed -i 's/#ServerSignature Off/ServerSignature Off/' /etc/apache2/conf.d/security | |
sed -i 's/ServerSignature On/#ServerSignature On/' /etc/apache2/conf.d/security | |
sed -i 's/ AddOutputFilterByType DEFLATE text\/css/ #AddOutputFilterByType DEFLATE text\/css/' /etc/apache2/mods-available/deflate.conf | |
sed -i 's/ AddOutputFilterByType DEFLATE application\/x-javascript application\/javascript application\/ecmascript/ #AddOutputFilterByType DEFLATE application\/x-javascript application\/javascript application\/ecmascript/' /etc/apache2/mods-available/deflate.conf | |
sed -i 's/ AddOutputFilterByType DEFLATE application\/rss+xml/ #AddOutputFilterByType DEFLATE application\/rss+xml/' /etc/apache2/mods-available/deflate.conf | |
sed -i 's/ DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm/ DirectoryIndex index.php index.html index.xhtml index.htm/' /etc/apache2/mods-available/dir.conf | |
# Add sample VirtualHost configuration. | |
echo -e "\n\ | |
<VirtualHost *:80>\n\ | |
ServerName www.domain.tld\n\ | |
ServerAlias domain.tld\n\ | |
\n\ | |
<IfModule mpm_itk_module>\n\ | |
AssignUserId USERNAME users\n\ | |
</IfModule>\n\ | |
\n\ | |
DocumentRoot /var/www/domain-tld/html\n\ | |
<Directory \"/var/www/domain-tld/html\">\n\ | |
Options All\n\ | |
AllowOverride All\n\ | |
Order allow,deny\n\ | |
Allow from all\n\ | |
</Directory>\n\ | |
\n\ | |
ScriptAlias /cgi-bin/ \"/var/www/domain-tld/cgi-bin/\"\n\ | |
<Directory \"/var/www/domain-tld/cgi-bin\">\n\ | |
AllowOverride None\n\ | |
Options +ExecCGI -MultiViews +IncludesNoExec\n\ | |
Order allow,deny\n\ | |
Allow from all\n\ | |
</Directory>\n\ | |
<Location \"/cgi-bin/awstats.pl\">\n\ | |
RewriteEngine on\n\ | |
RewriteRule ^(.*)$ \$1?config=domain-tld [QSA]\n\ | |
AuthUserFile /var/www/domain-tld/.stats_passwd\n\ | |
AuthName \"Website Stats\"\n\ | |
AuthType Basic\n\ | |
Require valid-user\n\ | |
</Location>\n\ | |
Alias /awstats-icon/ \"/usr/share/awstats/icon/\"\n\ | |
<Directory \"/usr/share/awstats/icon\">\n\ | |
Order allow,deny\n\ | |
Allow from all\n\ | |
</Directory>\n\ | |
\n\ | |
CustomLog \"| /usr/sbin/rotatelogs /var/www/domain-tld/logfiles/access_log 86400\" combined\n\ | |
ErrorLog \"| /usr/sbin/rotatelogs /var/www/domain-tld/logfiles/error_log 86400\"\n\ | |
</VirtualHost>\n\ | |
" > /etc/apache2/sites-available/sample | |
# Return 403 when accessing the server without a valid hostname. | |
sed -i '2i \\tRewriteEngine on\n\tRewriteRule .* - [R=403,L]\n' /etc/apache2/sites-available/default | |
# Activate/deactivate modules. | |
a2enmod actions | |
a2enmod deflate | |
a2enmod env | |
a2enmod expires | |
a2enmod rewrite | |
a2enmod setenvif | |
a2enmod ssl | |
a2dismod mime_magic | |
a2dismod negotiation | |
a2dismod speling | |
a2dismod status | |
a2dismod unique_id | |
a2dismod vhost_alias | |
touch /tmp/restart-apache2 | |
# | |
# Install mod_pagespeed | |
# | |
cd | |
# Install | |
#wget https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-beta_current_i386.deb | |
#dpkg -i mod-pagespeed-*.deb | |
#rm mod-pagespeed-beta_current_i386.deb | |
# Add configuration. | |
echo "" >> /etc/apache2/httpd.conf | |
echo "# Configure mod_pagespeed." >> /etc/apache2/httpd.conf | |
echo "<IfModule pagespeed_module>" >> /etc/apache2/httpd.conf | |
echo " ModPagespeed off" >> /etc/apache2/httpd.conf | |
echo " <Location /mod_pagespeed_statistics>" >> /etc/apache2/httpd.conf | |
echo " Allow from 207.199.231.178" >> /etc/apache2/httpd.conf | |
echo " </Location>" >> /etc/apache2/httpd.conf | |
echo "</IfModule>" >> /etc/apache2/httpd.conf | |
# Module cache files must be writable. | |
#chgrp users /var/mod_pagespeed/cache /var/mod_pagespeed/files | |
#chmod g+w /var/mod_pagespeed/cache /var/mod_pagespeed/files | |
touch /tmp/restart-apache2 | |
# | |
# Install TFmail | |
# | |
cd | |
# download the files | |
#wget http://nms-cgi.sourceforge.net/tfmail.tar.gz | |
#tar -xzf tfmail.tar.gz | |
#rm tfmail.tar.gz | |
# install the script | |
#cd tfmail | |
#cp TFmail.pl /usr/lib/cgi-bin/ | |
#chmod a+rx /usr/lib/cgi-bin/TFmail.pl | |
# install supporting libraries | |
#mkdir -p /usr/lib/cgi-bin/tfmail | |
#cp *.pm /usr/lib/cgi-bin/tfmail/ | |
#chmod a+r /usr/lib/cgi-bin/tfmail/*.pm | |
# install default configuration files | |
#cp *.tr? /usr/lib/cgi-bin/tfmail/ | |
#sed -i 's/Web site information request {= by_submitter =}on {= date =}./requested by {= by_submitter =} on {= date =}./' /usr/lib/cgi-bin/tfmail/email.trt | |
#echo "remote address: {= env.REMOTE_ADDR =}" >> /usr/lib/cgi-bin/tfmail/email.trt | |
#echo "user agent: {= env.HTTP_USER_AGENT =}" >> /usr/lib/cgi-bin/tfmail/email.trt | |
#echo "referred by: {= env.HTTP_REFERER =}" >> /usr/lib/cgi-bin/tfmail/email.trt | |
#sed -i 's/Missing Fields/Missing or Invalid Fields/g' /usr/lib/cgi-bin/tfmail/missing.trt | |
#sed -i 's/The following fields were left blank in your submission form/The following fields were left blank or had errors/' /usr/lib/cgi-bin/tfmail/missing.trt | |
#sed -i '29i <script type="text\/javascript">' /usr/lib/cgi-bin/tfmail/missing.trt | |
#sed -i '30i document.write('\''<input type="button" value="Return to the form" onclick="history.go(-1);" \/>'\'');' /usr/lib/cgi-bin/tfmail/missing.trt | |
#sed -i '31i <\/script>' /usr/lib/cgi-bin/tfmail/missing.trt | |
#sed -i '32i <noscript>' /usr/lib/cgi-bin/tfmail/missing.trt | |
#sed -i '/<p align="center">/{N;N;N;N;N;d}' /usr/lib/cgi-bin/tfmail/missing.trt | |
#sed -i '37i <\/noscript>' /usr/lib/cgi-bin/tfmail/missing.trt | |
#sed -i '/<p align="center">/{N;N;N;N;N;d}' /usr/lib/cgi-bin/tfmail/spage.trt | |
#sed -i '23i <p><a href="{= env.HTTP_REFERER =}">Return to {= env.HTTP_REFERER =}</a></p>' /usr/lib/cgi-bin/tfmail/spage.trt | |
# configure TFmail | |
#sed -i "s/use constant DEBUGGING => 1;/use constant DEBUGGING => 0;/" /usr/lib/cgi-bin/TFmail.pl | |
#sed -i "s/use constant LIBDIR => '.';/use constant LIBDIR => '\/usr\/lib\/cgi-bin\/tfmail';/" /usr/lib/cgi-bin/TFmail.pl | |
#sed -i "s/use constant MAILPROG => '\/usr\/lib\/sendmail/use constant MAILPROG => '\/usr\/sbin\/sendmail/" /usr/lib/cgi-bin/TFmail.pl | |
#sed -i "s/use constant POSTMASTER => 'me@my.domain';/use constant POSTMASTER => 'no-do-reply@arrowquick.com';/" /usr/lib/cgi-bin/TFmail.pl | |
#sed -i "s/use constant CONFIG_ROOT => '.';/use constant CONFIG_ROOT => '..\/config';/" /usr/lib/cgi-bin/TFmail.pl | |
#sed -i "s/use constant SESSION_DIR => '.';/use constant SESSION_DIR => '..\/temp';/" /usr/lib/cgi-bin/TFmail.pl | |
#sed -i "s/use constant ENABLE_UPLOADS => 0;/use constant ENABLE_UPLOADS => 1;/" /usr/lib/cgi-bin/TFmail.pl | |
#sed -i "s/use constant CHARSET => 'iso-8859-1';/use constant CHARSET => 'utf-8';/" /usr/lib/cgi-bin/TFmail.pl | |
#sed -i 's/if ( check_required_fields($treq) )/if ( check_required_fields($treq) \&\& check_excluded_fields($treq) )/' /usr/lib/cgi-bin/TFmail.pl | |
#sed -i '532i\ | |
#=item check_excluded_fields ( TREQ )\ | |
#\ | |
#Created by AQ --Eric@AQ\ | |
#\ | |
#Returns false if any fields configured as "excluded" have\ | |
#NOT been left blank, true otherwise.\ | |
#\ | |
#=cut\ | |
#\ | |
#sub check_excluded_fields\ | |
#{\ | |
# my ($treq) = @_;\ | |
#\ | |
# my @exclude = split /\\s*,\\s*/, $treq->config('\''excluded'\'', '\'''\'');\ | |
#\ | |
# my @filled = ();\ | |
# foreach my $r (@exclude)\ | |
# {\ | |
# push @filled, $r if $treq->param($r) !~ /^\\s*$/;\ | |
# }\ | |
#\ | |
# if (scalar @filled)\ | |
# {\ | |
# $treq->install_foreach('\''missing_field'\'', [map {{name=>$_}} @filled]);\ | |
# return 0;\ | |
# }\ | |
# else\ | |
# {\ | |
# return 1;\ | |
# }\ | |
#}\ | |
#' /usr/lib/cgi-bin/TFmail.pl | |
# | |
# Install AWstats | |
# | |
aptitude -y install awstats libnet-dns-perl libnet-ip-perl | |
# setup local config | |
echo '#' > /etc/awstats/awstats.conf.local | |
echo '# Applies to all websites.' >> /etc/awstats/awstats.conf.local | |
echo '#' >> /etc/awstats/awstats.conf.local | |
echo 'LogFormat=1' >> /etc/awstats/awstats.conf.local | |
echo 'AllowFullYearView=1' >> /etc/awstats/awstats.conf.local | |
echo 'AllowAccessFromWebToAuthenticatedUsersOnly=1' >> /etc/awstats/awstats.conf.local | |
echo 'KeepBackupOfHistoricFiles=1' >> /etc/awstats/awstats.conf.local | |
echo 'DefaultFile="index.php index.html index.xhtml index.htm"' >> /etc/awstats/awstats.conf.local | |
echo 'URLWithAnchor=1' >> /etc/awstats/awstats.conf.local | |
echo 'URLWithQuery=1' >> /etc/awstats/awstats.conf.local | |
echo 'URLWithQueryWithoutFollowingParameters="PHPSESSID phpsessid jsessionid"' >> /etc/awstats/awstats.conf.local | |
echo 'URLReferrerWithQuery=1' >> /etc/awstats/awstats.conf.local | |
echo 'LevelForRefererAnalyze=1' >> /etc/awstats/awstats.conf.local | |
echo 'LevelForSearchEnginesDetection=1' >> /etc/awstats/awstats.conf.local | |
echo 'DirIcons="/awstats-icon"' >> /etc/awstats/awstats.conf.local | |
echo 'LoadPlugin="ipv6"' >> /etc/awstats/awstats.conf.local | |
# copy common Perl scripts | |
cd /usr/lib/cgi-bin | |
ln -s /usr/share/awstats/tools/logresolvemerge.pl | |
ln -s /usr/share/doc/awstats/examples/awstats_updateall.pl | |
cd | |
# replace default cronjob | |
echo 'MAILTO=root' > /etc/cron.d/awstats | |
echo '' >> /etc/cron.d/awstats | |
echo '0 0 * * * www-data [ -x /usr/share/awstats/tools/update.sh ] && /usr/share/awstats/tools/update.sh >/dev/null 2>&1' > /etc/cron.d/awstats | |
echo '' >> /etc/cron.d/awstats | |
echo '# Generate static reports:' >> /etc/cron.d/awstats | |
echo '#10 03 * * * www-data [ -x /usr/share/awstats/tools/buildstatic.sh ] && /usr/share/awstats/tools/buildstatic.sh' >> /etc/cron.d/awstats | |
# | |
# Add firewall rules | |
# | |
ufw allow http/tcp | |
ufw allow https/tcp | |
touch /tmp/restart-ufw | |
# | |
# Add cronjob to prune old logs. | |
# | |
echo '# Prune Apache logs more than 6 months old.' >> /etc/cron.d/prune-logs | |
echo '0 23 * * * root find /var/www/*/logfiles/ -mtime +180 -exec rm {} \; >/dev/null 2>&1' >> /etc/cron.d/prune-logs | |
# | |
# Restart changed services. | |
# | |
restartServices |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment