janetruluck/app_and_db_server.sh

## app_and_db_server.sh
#!/bin/bash

## Please modify and use at your leisure!
## This script installs:
##
## -RVM
## -Ruby 1.9.3
## -Postgresql 9.2
## -Nginx
## -Postfix
## -Redis 2.4.16
##
## This will also setup basic security for the system including:
## -add deploy user
## -setup SSH key pair
## -disable ssh password auth and root login
## -create firewall settings
## -install fail2ban
##
## Due to the nature of the script and some of the commands it is minimally
## interactive, although some commands (i.e. adding users) require user
## user interaction.
##
## Since it is assumed that git will not be available before this script
## is used you need to copy the script using your favorite text editor
## then mark it executable and run it I.E:
## vim setup.sh
## paste script
## chmod +x setup.sh && ./setup.sh
## Enjoy!

# DEFAULTS
LOGFILE="/var/log/server-install.log"
PUBLIC_IP=`curl ifconfig.me 2>/dev/null | egrep -o "[0-9\.]*"`
FIREWALL_RULES_GIST="https://gist.github.com/jasontruluck/02eb2fcd40a088bf8cce/download"
REDIS_URL="http://redis.googlecode.com/files/redis-2.4.16.tar.gz"
declare -a rubyVersions=('1.9.3')
RUBY_DEFAULT="1.9.3"
# Colors
ESC_SEQ="\x1b["
RESET=$ESC_SEQ"39;49;00m"
RED=$ESC_SEQ"31;01m"
GREEN=$ESC_SEQ"32;01m"
YELLOW=$ESC_SEQ"33;01m"
BLUE=$ESC_SEQ"34;01m"
MAGENTA=$ESC_SEQ"35;01m"
CYAN=$ESC_SEQ"36;01m"

# Create Log
echo -en "$YELLOW Creating Log: $LOGFILE$RESET"
touch $LOGFILE
echo -e "\r$GREEN Creating Log: $LOGFILE$RESET"

# Update apt-get
echo -en "$YELLOW Updating apt-get$RESET"
sudo apt-get update -y >> $LOGFILE
echo -e "\r$GREEN Updating apt-get$RESET"

# Install dependencies
echo -en "$YELLOW Install dependencies$RESET"
sudo apt-get install curl -y >> $LOGFILE
sudo apt-get install build-essential -y >> $LOGFILE
sudo apt-get install openssl -y >> $LOGFILE
sudo apt-get install libreadline6 -y >> $LOGFILE
sudo apt-get install libreadline6-dev -y >> $LOGFILE
sudo apt-get install git-core -y >> $LOGFILE
sudo apt-get install zlib1g -y >> $LOGFILE
sudo apt-get install zlib1g-dev -y >> $LOGFILE
sudo apt-get install libssl-dev -y >> $LOGFILE
sudo apt-get install libyaml-dev -y >> $LOGFILE
sudo apt-get install libsqlite3-dev -y >> $LOGFILE
sudo apt-get install libxml2-dev -y >> $LOGFILE
sudo apt-get install libxslt-dev -y >> $LOGFILE
sudo apt-get install autoconf -y >> $LOGFILE
sudo apt-get install libc6-dev -y >> $LOGFILE
sudo apt-get install ncurses-dev -y >> $LOGFILE
sudo apt-get install automake -y >> $LOGFILE
sudo apt-get install libtool -y >> $LOGFILE
sudo apt-get install bison -y >> $LOGFILE
sudo apt-get install pkg-config -y >> $LOGFILE
sudo apt-get install python-software-properties -y >> $LOGFILE
sudo apt-get install tcl8.5 -y >> $LOGFILE
echo -e "\r$GREEN Install dependencies$RESET"

echo -en "$YELLOW Add PPAs: $LOGFILE$RESET"
sudo add-apt-repository ppa:nginx/stable
sudo add-apt-repository ppa:pitti/postgresql
sudo add-apt-repository ppa:chris-lea/node.js
echo -e "\r$GREEN Add PPas: $LOGFILE$RESET"

# Update apt-get
echo -en "$YELLOW Updating apt-get$RESET"
sudo apt-get update -y >> $LOGFILE
echo -e "\r$GREEN Updating apt-get$RESET"

echo -en "$YELLOW Install Node$RESET"
sudo apt-get install nodejs -y >> $LOGFILE
echo -e "\r$GREEN Install Node$RESET"

echo -e "$YELLOW Setting up deploy user$RESET"
adduser deploy
usermod -a -G sudo deploy
echo -e "\r$GREEN Setting up deploy user$RESET"

# Get RVM
echo -en "$YELLOW Installing RVM$RESET"
curl --silent -L get.rvm.io | bash -s stable --auto >> $LOGFILE
echo -e "\r$GREEN Installing RVM$RESET"

# Source Bash
echo -en "$YELLOW Sourcing Bash$RESET"
# Load RVM into a shell session *as a function*
if [[ -s "$HOME/.rvm/scripts/rvm" ]] ; then
  # First try to load from a user install
  . "$HOME/.rvm/scripts/rvm"
elif [[ -s "/usr/local/rvm/scripts/rvm" ]] ; then
  # Then try to load from a root install
  . "/usr/local/rvm/scripts/rvm"
else
  printf "ERROR: An RVM installation was not found.\n"
fi
echo -e "\r$GREEN Sourcing Bash$RESET"
# install Ruby
for item in ${rubyVersions[@]}
do
  echo -en "$YELLOW Installing Ruby $item $RESET"
  rvm install $item >> $LOGFILE
  echo -e "\r$GREEN Installing Ruby $item $RESET"
done
# Set default ruby
echo -en "$YELLOW Using Default Ruby: $RUBY_DEFAULT$RESET"
rvm --default use $RUBY_DEFAULT >> $LOGFILE
echo -e "\r$GREEN Using Default Ruby: $RUBY_DEFAULT$RESET"

# Install Nginx
echo -en "$YELLOW Installing Nginx$RESET"
sudo apt-get install nginx -y >> $LOGFILE
sudo service nginx start
echo -e "\r$GREEN Installing Nginx$RESET"

# Install Postgresql
echo -en "$YELLOW Installing Postgres$RESET"
sudo apt-get install postgresql-9.2 -y >> $LOGFILE
sudo apt-get install postgresql-client-9.2 -y >> $LOGFILE
sudo apt-get install postgresql-contrib-9.2 -y >> $LOGFILE
sudo apt-get install postgresql-server-dev-9.2 -y >> $LOGFILE
sudo apt-get install libpq-dev -y >> $LOGFILE
echo -e "\r$GREEN Installing Postgres$RESET"

# Setting Up Postgres
echo -e "$YELLOW Setting Up Postgres$RESET"
# Add a user named "deploy" with super user priveleges
echo "Enter Password to use for deploy User [This should be very strong AND you will use this in your database.yml]"
read deployPass
sudo -u postgres psql -d template1 -U postgres -c "CREATE USER deploy;" >> $LOGFILE
sudo -u postgres psql -d template1 -U postgres -c "ALTER USER deploy WITH SUPERUSER;" >> $LOGFILE
sudo -u postgres psql -d template1 -U postgres -c "ALTER USER deploy with password '$deployPass';" >> $LOGFILE
# Change Postgres User Password
echo "Enter Password to use for Postgres User [This should be very strong]"
read pgPass
sudo -u postgres psql -d template1 -U postgres -c "ALTER USER postgres with password '$pgPass'"
echo -e "\r$GREEN Setting Up Postgres$RESET"

# Setting Up Postfix
echo -en "$YELLOW Installing Postfix$RESET"
sudo apt-get install telnet -y  >> $LOGFILE
sudo apt-get install postfix -y >> $LOGFILE
echo -e "\r$GREEN Installing Postfix$RESET"

# Setting Up Redis
echo -en "$YELLOW Installing Redis (this may take a minute)$RESET"
wget -q $REDIS_URL >> $LOGFILE
tar xzf redis-2.4.16.tar.gz >> $LOGFILE
cd redis-2.4.16
make >> $LOGFILE
make test >> $LOGFILE
sudo make install >> $LOGFILE
cd utils && sudo ./install_server.sh && sudo update-rc.d redis_6379 defaults
echo -e "\r$GREEN Installing Redis (this may take a minute)$RESET"

#Configure Git
echo -e "$CYAN Enter a email address to associate with git$RESET"
read gitEmail
echo -e "$CYAN Enter a name to associate with git$RESET"
read gitName
git config --global user.email $gitEmail
git config --global user.name $gitName
echo -e "$GREEN Git Configured$RESET"

# Setup Bash
echo -e "$YELLOW Setup bash for deploy user$RESET"
cp /root/.bashrc /home/deploy/
chown deploy:deploy /home/deploy/.bashrc
echo -e "\r$GREEN Setup bash for deploy user$RESET"

# Setup SSH Keys
echo -e "$GREEN Setting up SSH keys$RESET"
mkdir /home/deploy/.ssh
chown -R deploy:deploy /home/deploy/.ssh
echo -e "$CYAN Please transfer your local SSH key from your computer using the following command:$RESET"
echo -e "$CYAN scp ~/.ssh/id_rsa.pub deploy@$PUBLIC_IP:/home/deploy/.ssh/authorized_keys$RESET"
echo -e "$CYAN Press [Enter] when complete$RESET"
read
chown -R deploy:deploy /home/deploy/.ssh
chmod 700 /home/deploy/.ssh
chmod 600 /home/deploy/.ssh/authorized_keys

# Update SSH Config
echo -en "$YELLOW Updating SSH config$RESET"
sudo sed -i -e 's/.*PasswordAuthentication.*/PasswordAuthentication no/g' /etc/ssh/sshd_config
sudo sed -i -e 's/.*PermitRootLogin.*/PermitRootLogin no/g' /etc/ssh/sshd_config
sudo service ssh restart >> $LOGFILE
echo -e "\r$GREEN Updating SSH config$RESET"

# Add github to knownhosts
echo -en "$YELLOW Add Github to knownhosts$RESET"
su deploy -c "ssh -T -oStrictHostKeyChecking=no git@github.com" >> $LOGFILE
echo -e "\r$GREEN Add Github to knownhosts$RESET"

# Setup Firewall
echo -en "$YELLOW Settiing up Iptables Firewall$RESET"
wget -q -O firewall $FIREWALL_RULES_GIST >> $LOGFILE
tar --strip-components=1 -xvzf  firewall >> $LOGFILE
mv iptables.firewall.rules /etc/
mv firewall /etc/network/if-pre-up.d/
sudo iptables-restore < /etc/iptables.firewall.rules
sudo chmod +x /etc/network/if-pre-up.d/firewall
echo -e "\r$GREEN Settiing up Iptables Firewall$RESET"

# Setup fail2ban
echo -en "$YELLOW Installing fail2ban$RESET"
sudo apt-get install fail2ban -y >> $LOGFILE
echo -e "\r$GREEN Installing fail2ban$RESET"

echo -e "$CYAN ---Result--------------------------------$RESET"
echo -e "$CYAN --Rvm$RESET"
rvm -v
echo -e "$CYAN --Ruby$RESET"
ruby -v
echo -e "$CYAN --Nginx$RESET"
nginx -v
echo -e "$CYAN --Postgresql$RESET"
psql -V
echo -e "$CYAN --Postfix$RESET"
postfix -v
echo -e "$CYAN --Redis Server$RESET"
redis-server -v
echo -e "$CYAN --Users$RESET"
awk -F":" '{ print "username: " $1 "\t\tuid:" $3 }' /etc/passwd
echo -e "$CYAN --Firewall Settings$RESET"
sudo iptables -L
	#!/bin/bash

	## Please modify and use at your leisure!
	## This script installs:
	##
	## -RVM
	## -Ruby 1.9.3
	## -Postgresql 9.2
	## -Nginx
	## -Postfix
	## -Redis 2.4.16
	##
	## This will also setup basic security for the system including:
	## -add deploy user
	## -setup SSH key pair
	## -disable ssh password auth and root login
	## -create firewall settings
	## -install fail2ban
	##
	## Due to the nature of the script and some of the commands it is minimally
	## interactive, although some commands (i.e. adding users) require user
	## user interaction.
	##
	## Since it is assumed that git will not be available before this script
	## is used you need to copy the script using your favorite text editor
	## then mark it executable and run it I.E:
	## vim setup.sh
	## paste script
	## chmod +x setup.sh && ./setup.sh
	## Enjoy!

	# DEFAULTS
	LOGFILE="/var/log/server-install.log"
	PUBLIC_IP=`curl ifconfig.me 2>/dev/null \| egrep -o "[0-9\.]*"`
	FIREWALL_RULES_GIST="https://gist.github.com/jasontruluck/02eb2fcd40a088bf8cce/download"
	REDIS_URL="http://redis.googlecode.com/files/redis-2.4.16.tar.gz"
	declare -a rubyVersions=('1.9.3')
	RUBY_DEFAULT="1.9.3"
	# Colors
	ESC_SEQ="\x1b["
	RESET=$ESC_SEQ"39;49;00m"
	RED=$ESC_SEQ"31;01m"
	GREEN=$ESC_SEQ"32;01m"
	YELLOW=$ESC_SEQ"33;01m"
	BLUE=$ESC_SEQ"34;01m"
	MAGENTA=$ESC_SEQ"35;01m"
	CYAN=$ESC_SEQ"36;01m"

	# Create Log
	echo -en "$YELLOW Creating Log: $LOGFILE$RESET"
	touch $LOGFILE
	echo -e "\r$GREEN Creating Log: $LOGFILE$RESET"

	# Update apt-get
	echo -en "$YELLOW Updating apt-get$RESET"
	sudo apt-get update -y >> $LOGFILE
	echo -e "\r$GREEN Updating apt-get$RESET"

	# Install dependencies
	echo -en "$YELLOW Install dependencies$RESET"
	sudo apt-get install curl -y >> $LOGFILE
	sudo apt-get install build-essential -y >> $LOGFILE
	sudo apt-get install openssl -y >> $LOGFILE
	sudo apt-get install libreadline6 -y >> $LOGFILE
	sudo apt-get install libreadline6-dev -y >> $LOGFILE
	sudo apt-get install git-core -y >> $LOGFILE
	sudo apt-get install zlib1g -y >> $LOGFILE
	sudo apt-get install zlib1g-dev -y >> $LOGFILE
	sudo apt-get install libssl-dev -y >> $LOGFILE
	sudo apt-get install libyaml-dev -y >> $LOGFILE
	sudo apt-get install libsqlite3-dev -y >> $LOGFILE
	sudo apt-get install libxml2-dev -y >> $LOGFILE
	sudo apt-get install libxslt-dev -y >> $LOGFILE
	sudo apt-get install autoconf -y >> $LOGFILE
	sudo apt-get install libc6-dev -y >> $LOGFILE
	sudo apt-get install ncurses-dev -y >> $LOGFILE
	sudo apt-get install automake -y >> $LOGFILE
	sudo apt-get install libtool -y >> $LOGFILE
	sudo apt-get install bison -y >> $LOGFILE
	sudo apt-get install pkg-config -y >> $LOGFILE
	sudo apt-get install python-software-properties -y >> $LOGFILE
	sudo apt-get install tcl8.5 -y >> $LOGFILE
	echo -e "\r$GREEN Install dependencies$RESET"

	echo -en "$YELLOW Add PPAs: $LOGFILE$RESET"
	sudo add-apt-repository ppa:nginx/stable
	sudo add-apt-repository ppa:pitti/postgresql
	sudo add-apt-repository ppa:chris-lea/node.js
	echo -e "\r$GREEN Add PPas: $LOGFILE$RESET"

	# Update apt-get
	echo -en "$YELLOW Updating apt-get$RESET"
	sudo apt-get update -y >> $LOGFILE
	echo -e "\r$GREEN Updating apt-get$RESET"

	echo -en "$YELLOW Install Node$RESET"
	sudo apt-get install nodejs -y >> $LOGFILE
	echo -e "\r$GREEN Install Node$RESET"

	echo -e "$YELLOW Setting up deploy user$RESET"
	adduser deploy
	usermod -a -G sudo deploy
	echo -e "\r$GREEN Setting up deploy user$RESET"

	# Get RVM
	echo -en "$YELLOW Installing RVM$RESET"
	curl --silent -L get.rvm.io \| bash -s stable --auto >> $LOGFILE
	echo -e "\r$GREEN Installing RVM$RESET"

	# Source Bash
	echo -en "$YELLOW Sourcing Bash$RESET"
	# Load RVM into a shell session as a function
	if [[ -s "$HOME/.rvm/scripts/rvm" ]] ; then
	# First try to load from a user install
	. "$HOME/.rvm/scripts/rvm"
	elif [[ -s "/usr/local/rvm/scripts/rvm" ]] ; then
	# Then try to load from a root install
	. "/usr/local/rvm/scripts/rvm"
	else
	printf "ERROR: An RVM installation was not found.\n"
	fi
	echo -e "\r$GREEN Sourcing Bash$RESET"
	# install Ruby
	for item in ${rubyVersions[@]}
	do
	echo -en "$YELLOW Installing Ruby $item $RESET"
	rvm install $item >> $LOGFILE
	echo -e "\r$GREEN Installing Ruby $item $RESET"
	done
	# Set default ruby
	echo -en "$YELLOW Using Default Ruby: $RUBY_DEFAULT$RESET"
	rvm --default use $RUBY_DEFAULT >> $LOGFILE
	echo -e "\r$GREEN Using Default Ruby: $RUBY_DEFAULT$RESET"

	# Install Nginx
	echo -en "$YELLOW Installing Nginx$RESET"
	sudo apt-get install nginx -y >> $LOGFILE
	sudo service nginx start
	echo -e "\r$GREEN Installing Nginx$RESET"

	# Install Postgresql
	echo -en "$YELLOW Installing Postgres$RESET"
	sudo apt-get install postgresql-9.2 -y >> $LOGFILE
	sudo apt-get install postgresql-client-9.2 -y >> $LOGFILE
	sudo apt-get install postgresql-contrib-9.2 -y >> $LOGFILE
	sudo apt-get install postgresql-server-dev-9.2 -y >> $LOGFILE
	sudo apt-get install libpq-dev -y >> $LOGFILE
	echo -e "\r$GREEN Installing Postgres$RESET"

	# Setting Up Postgres
	echo -e "$YELLOW Setting Up Postgres$RESET"
	# Add a user named "deploy" with super user priveleges
	echo "Enter Password to use for deploy User [This should be very strong AND you will use this in your database.yml]"
	read deployPass
	sudo -u postgres psql -d template1 -U postgres -c "CREATE USER deploy;" >> $LOGFILE
	sudo -u postgres psql -d template1 -U postgres -c "ALTER USER deploy WITH SUPERUSER;" >> $LOGFILE
	sudo -u postgres psql -d template1 -U postgres -c "ALTER USER deploy with password '$deployPass';" >> $LOGFILE
	# Change Postgres User Password
	echo "Enter Password to use for Postgres User [This should be very strong]"
	read pgPass
	sudo -u postgres psql -d template1 -U postgres -c "ALTER USER postgres with password '$pgPass'"
	echo -e "\r$GREEN Setting Up Postgres$RESET"

	# Setting Up Postfix
	echo -en "$YELLOW Installing Postfix$RESET"
	sudo apt-get install telnet -y >> $LOGFILE
	sudo apt-get install postfix -y >> $LOGFILE
	echo -e "\r$GREEN Installing Postfix$RESET"

	# Setting Up Redis
	echo -en "$YELLOW Installing Redis (this may take a minute)$RESET"
	wget -q $REDIS_URL >> $LOGFILE
	tar xzf redis-2.4.16.tar.gz >> $LOGFILE
	cd redis-2.4.16
	make >> $LOGFILE
	make test >> $LOGFILE
	sudo make install >> $LOGFILE
	cd utils && sudo ./install_server.sh && sudo update-rc.d redis_6379 defaults
	echo -e "\r$GREEN Installing Redis (this may take a minute)$RESET"

	#Configure Git
	echo -e "$CYAN Enter a email address to associate with git$RESET"
	read gitEmail
	echo -e "$CYAN Enter a name to associate with git$RESET"
	read gitName
	git config --global user.email $gitEmail
	git config --global user.name $gitName
	echo -e "$GREEN Git Configured$RESET"

	# Setup Bash
	echo -e "$YELLOW Setup bash for deploy user$RESET"
	cp /root/.bashrc /home/deploy/
	chown deploy:deploy /home/deploy/.bashrc
	echo -e "\r$GREEN Setup bash for deploy user$RESET"

	# Setup SSH Keys
	echo -e "$GREEN Setting up SSH keys$RESET"
	mkdir /home/deploy/.ssh
	chown -R deploy:deploy /home/deploy/.ssh
	echo -e "$CYAN Please transfer your local SSH key from your computer using the following command:$RESET"
	echo -e "$CYAN scp ~/.ssh/id_rsa.pub deploy@$PUBLIC_IP:/home/deploy/.ssh/authorized_keys$RESET"
	echo -e "$CYAN Press [Enter] when complete$RESET"
	read
	chown -R deploy:deploy /home/deploy/.ssh
	chmod 700 /home/deploy/.ssh
	chmod 600 /home/deploy/.ssh/authorized_keys

	# Update SSH Config
	echo -en "$YELLOW Updating SSH config$RESET"
	sudo sed -i -e 's/.PasswordAuthentication./PasswordAuthentication no/g' /etc/ssh/sshd_config
	sudo sed -i -e 's/.PermitRootLogin./PermitRootLogin no/g' /etc/ssh/sshd_config
	sudo service ssh restart >> $LOGFILE
	echo -e "\r$GREEN Updating SSH config$RESET"

	# Add github to knownhosts
	echo -en "$YELLOW Add Github to knownhosts$RESET"
	su deploy -c "ssh -T -oStrictHostKeyChecking=no git@github.com" >> $LOGFILE
	echo -e "\r$GREEN Add Github to knownhosts$RESET"

	# Setup Firewall
	echo -en "$YELLOW Settiing up Iptables Firewall$RESET"
	wget -q -O firewall $FIREWALL_RULES_GIST >> $LOGFILE
	tar --strip-components=1 -xvzf firewall >> $LOGFILE
	mv iptables.firewall.rules /etc/
	mv firewall /etc/network/if-pre-up.d/
	sudo iptables-restore < /etc/iptables.firewall.rules
	sudo chmod +x /etc/network/if-pre-up.d/firewall
	echo -e "\r$GREEN Settiing up Iptables Firewall$RESET"

	# Setup fail2ban
	echo -en "$YELLOW Installing fail2ban$RESET"
	sudo apt-get install fail2ban -y >> $LOGFILE
	echo -e "\r$GREEN Installing fail2ban$RESET"

	echo -e "$CYAN ---Result--------------------------------$RESET"
	echo -e "$CYAN --Rvm$RESET"
	rvm -v
	echo -e "$CYAN --Ruby$RESET"
	ruby -v
	echo -e "$CYAN --Nginx$RESET"
	nginx -v
	echo -e "$CYAN --Postgresql$RESET"
	psql -V
	echo -e "$CYAN --Postfix$RESET"
	postfix -v
	echo -e "$CYAN --Redis Server$RESET"
	redis-server -v
	echo -e "$CYAN --Users$RESET"
	awk -F":" '{ print "username: " $1 "\t\tuid:" $3 }' /etc/passwd
	echo -e "$CYAN --Firewall Settings$RESET"
	sudo iptables -L