Skip to content

Instantly share code, notes, and snippets.

@eheikes

eheikes/apache.sh

Last active April 25, 2017 01:33
Show Gist options
  • Save eheikes/5351193 to your computer and use it in GitHub Desktop.
Save eheikes/5351193 to your computer and use it in GitHub Desktop.
Download ZIP
Installs the latest Apache package and configures it.
Raw
apache.sh
#!/bin/bash -x
# Dependency: UFW should be installed before this script is executed.
# <UDF name="new_hostname" Label="Computer Hostname" example="BasicShared1" />
# Include http://www.linode.com/stackscripts/view/?StackScriptID=1
source <ssinclude StackScriptID="1">
#
# Install Apache.
#
aptitude -y install apache2 apache2-mpm-itk
# Add AQ-specific configuration
echo "#" >> /etc/apache2/httpd.conf
echo "# ArrowQuick-specific configuration" >> /etc/apache2/httpd.conf
echo "#" >> /etc/apache2/httpd.conf
echo "ServerAdmin support@arrowquick.com" >> /etc/apache2/httpd.conf
echo "<Files ~ \"^\.user\.ini\">" >> /etc/apache2/httpd.conf
echo " Order allow,deny" >> /etc/apache2/httpd.conf
echo " Deny from all" >> /etc/apache2/httpd.conf
echo " Satisfy all" >> /etc/apache2/httpd.conf
echo "</Files>" >> /etc/apache2/httpd.conf
echo "" >> /etc/apache2/httpd.conf
echo "# Tweak performance limits." >> /etc/apache2/httpd.conf
echo "<IfModule mpm_itk_module>" >> /etc/apache2/httpd.conf
echo " # Defaults (see apache2.conf)" >> /etc/apache2/httpd.conf
echo " StartServers 5" >> /etc/apache2/httpd.conf
echo " MinSpareServers 5" >> /etc/apache2/httpd.conf
echo " MaxSpareServers 10" >> /etc/apache2/httpd.conf
echo " # (512MB server - 64MB overhead) / 11MB per Apache process" >> /etc/apache2/httpd.conf
echo " MaxClients 40" >> /etc/apache2/httpd.conf
echo " # Limit number of requests in a process lifetime, in case of memory leaks." >> /etc/apache2/httpd.conf
echo " MaxRequestsPerChild 3000" >> /etc/apache2/httpd.conf
echo "</IfModule>" >> /etc/apache2/httpd.conf
# Change some basic settings.
sed -i 's/#<Directory \/>/<Directory \/>/' /etc/apache2/conf.d/security
sed -i 's/#\tAllowOverride None/\tAllowOverride None/' /etc/apache2/conf.d/security
sed -i 's/#\tOrder Deny,Allow/\tOrder Deny,Allow/' /etc/apache2/conf.d/security
sed -i 's/#\tDeny from all/\tDeny from all/' /etc/apache2/conf.d/security
sed -i 's/#<\/Directory>/<\/Directory>/' /etc/apache2/conf.d/security
sed -i 's/ServerTokens OS/ServerTokens Prod/' /etc/apache2/conf.d/security
sed -i 's/#ServerSignature Off/ServerSignature Off/' /etc/apache2/conf.d/security
sed -i 's/ServerSignature On/#ServerSignature On/' /etc/apache2/conf.d/security
sed -i 's/ AddOutputFilterByType DEFLATE text\/css/ #AddOutputFilterByType DEFLATE text\/css/' /etc/apache2/mods-available/deflate.conf
sed -i 's/ AddOutputFilterByType DEFLATE application\/x-javascript application\/javascript application\/ecmascript/ #AddOutputFilterByType DEFLATE application\/x-javascript application\/javascript application\/ecmascript/' /etc/apache2/mods-available/deflate.conf
sed -i 's/ AddOutputFilterByType DEFLATE application\/rss+xml/ #AddOutputFilterByType DEFLATE application\/rss+xml/' /etc/apache2/mods-available/deflate.conf
sed -i 's/ DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm/ DirectoryIndex index.php index.html index.xhtml index.htm/' /etc/apache2/mods-available/dir.conf
# Add sample VirtualHost configuration.
echo -e "\n\
<VirtualHost *:80>\n\
ServerName www.domain.tld\n\
ServerAlias domain.tld\n\
\n\
<IfModule mpm_itk_module>\n\
AssignUserId USERNAME users\n\
</IfModule>\n\
\n\
DocumentRoot /var/www/domain-tld/html\n\
<Directory \"/var/www/domain-tld/html\">\n\
Options All\n\
AllowOverride All\n\
Order allow,deny\n\
Allow from all\n\
</Directory>\n\
\n\
ScriptAlias /cgi-bin/ \"/var/www/domain-tld/cgi-bin/\"\n\
<Directory \"/var/www/domain-tld/cgi-bin\">\n\
AllowOverride None\n\
Options +ExecCGI -MultiViews +IncludesNoExec\n\
Order allow,deny\n\
Allow from all\n\
</Directory>\n\
<Location \"/cgi-bin/awstats.pl\">\n\
RewriteEngine on\n\
RewriteRule ^(.*)$ \$1?config=domain-tld [QSA]\n\
AuthUserFile /var/www/domain-tld/.stats_passwd\n\
AuthName \"Website Stats\"\n\
AuthType Basic\n\
Require valid-user\n\
</Location>\n\
Alias /awstats-icon/ \"/usr/share/awstats/icon/\"\n\
<Directory \"/usr/share/awstats/icon\">\n\
Order allow,deny\n\
Allow from all\n\
</Directory>\n\
\n\
CustomLog \"| /usr/sbin/rotatelogs /var/www/domain-tld/logfiles/access_log 86400\" combined\n\
ErrorLog \"| /usr/sbin/rotatelogs /var/www/domain-tld/logfiles/error_log 86400\"\n\
</VirtualHost>\n\
" > /etc/apache2/sites-available/sample
# Return 403 when accessing the server without a valid hostname.
sed -i '2i \\tRewriteEngine on\n\tRewriteRule .* - [R=403,L]\n' /etc/apache2/sites-available/default
# Activate/deactivate modules.
a2enmod actions
a2enmod deflate
a2enmod env
a2enmod expires
a2enmod rewrite
a2enmod setenvif
a2enmod ssl
a2dismod mime_magic
a2dismod negotiation
a2dismod speling
a2dismod status
a2dismod unique_id
a2dismod vhost_alias
touch /tmp/restart-apache2
#
# Install mod_pagespeed
#
cd
# Install
#wget https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-beta_current_i386.deb
#dpkg -i mod-pagespeed-*.deb
#rm mod-pagespeed-beta_current_i386.deb
# Add configuration.
echo "" >> /etc/apache2/httpd.conf
echo "# Configure mod_pagespeed." >> /etc/apache2/httpd.conf
echo "<IfModule pagespeed_module>" >> /etc/apache2/httpd.conf
echo " ModPagespeed off" >> /etc/apache2/httpd.conf
echo " <Location /mod_pagespeed_statistics>" >> /etc/apache2/httpd.conf
echo " Allow from 207.199.231.178" >> /etc/apache2/httpd.conf
echo " </Location>" >> /etc/apache2/httpd.conf
echo "</IfModule>" >> /etc/apache2/httpd.conf
# Module cache files must be writable.
#chgrp users /var/mod_pagespeed/cache /var/mod_pagespeed/files
#chmod g+w /var/mod_pagespeed/cache /var/mod_pagespeed/files
touch /tmp/restart-apache2
#
# Install TFmail
#
cd
# download the files
#wget http://nms-cgi.sourceforge.net/tfmail.tar.gz
#tar -xzf tfmail.tar.gz
#rm tfmail.tar.gz
# install the script
#cd tfmail
#cp TFmail.pl /usr/lib/cgi-bin/
#chmod a+rx /usr/lib/cgi-bin/TFmail.pl
# install supporting libraries
#mkdir -p /usr/lib/cgi-bin/tfmail
#cp *.pm /usr/lib/cgi-bin/tfmail/
#chmod a+r /usr/lib/cgi-bin/tfmail/*.pm
# install default configuration files
#cp *.tr? /usr/lib/cgi-bin/tfmail/
#sed -i 's/Web site information request {= by_submitter =}on {= date =}./requested by {= by_submitter =} on {= date =}./' /usr/lib/cgi-bin/tfmail/email.trt
#echo "remote address: {= env.REMOTE_ADDR =}" >> /usr/lib/cgi-bin/tfmail/email.trt
#echo "user agent: {= env.HTTP_USER_AGENT =}" >> /usr/lib/cgi-bin/tfmail/email.trt
#echo "referred by: {= env.HTTP_REFERER =}" >> /usr/lib/cgi-bin/tfmail/email.trt
#sed -i 's/Missing Fields/Missing or Invalid Fields/g' /usr/lib/cgi-bin/tfmail/missing.trt
#sed -i 's/The following fields were left blank in your submission form/The following fields were left blank or had errors/' /usr/lib/cgi-bin/tfmail/missing.trt
#sed -i '29i <script type="text\/javascript">' /usr/lib/cgi-bin/tfmail/missing.trt
#sed -i '30i document.write('\''<input type="button" value="Return to the form" onclick="history.go(-1);" \/>'\'');' /usr/lib/cgi-bin/tfmail/missing.trt
#sed -i '31i <\/script>' /usr/lib/cgi-bin/tfmail/missing.trt
#sed -i '32i <noscript>' /usr/lib/cgi-bin/tfmail/missing.trt
#sed -i '/<p align="center">/{N;N;N;N;N;d}' /usr/lib/cgi-bin/tfmail/missing.trt
#sed -i '37i <\/noscript>' /usr/lib/cgi-bin/tfmail/missing.trt
#sed -i '/<p align="center">/{N;N;N;N;N;d}' /usr/lib/cgi-bin/tfmail/spage.trt
#sed -i '23i <p><a href="{= env.HTTP_REFERER =}">Return to {= env.HTTP_REFERER =}</a></p>' /usr/lib/cgi-bin/tfmail/spage.trt
# configure TFmail
#sed -i "s/use constant DEBUGGING => 1;/use constant DEBUGGING => 0;/" /usr/lib/cgi-bin/TFmail.pl
#sed -i "s/use constant LIBDIR => '.';/use constant LIBDIR => '\/usr\/lib\/cgi-bin\/tfmail';/" /usr/lib/cgi-bin/TFmail.pl
#sed -i "s/use constant MAILPROG => '\/usr\/lib\/sendmail/use constant MAILPROG => '\/usr\/sbin\/sendmail/" /usr/lib/cgi-bin/TFmail.pl
#sed -i "s/use constant POSTMASTER => 'me@my.domain';/use constant POSTMASTER => 'no-do-reply@arrowquick.com';/" /usr/lib/cgi-bin/TFmail.pl
#sed -i "s/use constant CONFIG_ROOT => '.';/use constant CONFIG_ROOT => '..\/config';/" /usr/lib/cgi-bin/TFmail.pl
#sed -i "s/use constant SESSION_DIR => '.';/use constant SESSION_DIR => '..\/temp';/" /usr/lib/cgi-bin/TFmail.pl
#sed -i "s/use constant ENABLE_UPLOADS => 0;/use constant ENABLE_UPLOADS => 1;/" /usr/lib/cgi-bin/TFmail.pl
#sed -i "s/use constant CHARSET => 'iso-8859-1';/use constant CHARSET => 'utf-8';/" /usr/lib/cgi-bin/TFmail.pl
#sed -i 's/if ( check_required_fields($treq) )/if ( check_required_fields($treq) \&\& check_excluded_fields($treq) )/' /usr/lib/cgi-bin/TFmail.pl
#sed -i '532i\
#=item check_excluded_fields ( TREQ )\
#\
#Created by AQ --Eric@AQ\
#\
#Returns false if any fields configured as "excluded" have\
#NOT been left blank, true otherwise.\
#\
#=cut\
#\
#sub check_excluded_fields\
#{\
# my ($treq) = @_;\
#\
# my @exclude = split /\\s*,\\s*/, $treq->config('\''excluded'\'', '\'''\'');\
#\
# my @filled = ();\
# foreach my $r (@exclude)\
# {\
# push @filled, $r if $treq->param($r) !~ /^\\s*$/;\
# }\
#\
# if (scalar @filled)\
# {\
# $treq->install_foreach('\''missing_field'\'', [map {{name=>$_}} @filled]);\
# return 0;\
# }\
# else\
# {\
# return 1;\
# }\
#}\
#' /usr/lib/cgi-bin/TFmail.pl
#
# Install AWstats
#
aptitude -y install awstats libnet-dns-perl libnet-ip-perl
# setup local config
echo '#' > /etc/awstats/awstats.conf.local
echo '# Applies to all websites.' >> /etc/awstats/awstats.conf.local
echo '#' >> /etc/awstats/awstats.conf.local
echo 'LogFormat=1' >> /etc/awstats/awstats.conf.local
echo 'AllowFullYearView=1' >> /etc/awstats/awstats.conf.local
echo 'AllowAccessFromWebToAuthenticatedUsersOnly=1' >> /etc/awstats/awstats.conf.local
echo 'KeepBackupOfHistoricFiles=1' >> /etc/awstats/awstats.conf.local
echo 'DefaultFile="index.php index.html index.xhtml index.htm"' >> /etc/awstats/awstats.conf.local
echo 'URLWithAnchor=1' >> /etc/awstats/awstats.conf.local
echo 'URLWithQuery=1' >> /etc/awstats/awstats.conf.local
echo 'URLWithQueryWithoutFollowingParameters="PHPSESSID phpsessid jsessionid"' >> /etc/awstats/awstats.conf.local
echo 'URLReferrerWithQuery=1' >> /etc/awstats/awstats.conf.local
echo 'LevelForRefererAnalyze=1' >> /etc/awstats/awstats.conf.local
echo 'LevelForSearchEnginesDetection=1' >> /etc/awstats/awstats.conf.local
echo 'DirIcons="/awstats-icon"' >> /etc/awstats/awstats.conf.local
echo 'LoadPlugin="ipv6"' >> /etc/awstats/awstats.conf.local
# copy common Perl scripts
cd /usr/lib/cgi-bin
ln -s /usr/share/awstats/tools/logresolvemerge.pl
ln -s /usr/share/doc/awstats/examples/awstats_updateall.pl
cd
# replace default cronjob
echo 'MAILTO=root' > /etc/cron.d/awstats
echo '' >> /etc/cron.d/awstats
echo '0 0 * * * www-data [ -x /usr/share/awstats/tools/update.sh ] && /usr/share/awstats/tools/update.sh >/dev/null 2>&1' > /etc/cron.d/awstats
echo '' >> /etc/cron.d/awstats
echo '# Generate static reports:' >> /etc/cron.d/awstats
echo '#10 03 * * * www-data [ -x /usr/share/awstats/tools/buildstatic.sh ] && /usr/share/awstats/tools/buildstatic.sh' >> /etc/cron.d/awstats
#
# Add firewall rules
#
ufw allow http/tcp
ufw allow https/tcp
touch /tmp/restart-ufw
#
# Add cronjob to prune old logs.
#
echo '# Prune Apache logs more than 6 months old.' >> /etc/cron.d/prune-logs
echo '0 23 * * * root find /var/www/*/logfiles/ -mtime +180 -exec rm {} \; >/dev/null 2>&1' >> /etc/cron.d/prune-logs
#
# Restart changed services.
#
restartServices
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment