Skip to content

Instantly share code, notes, and snippets.

@kookxiang

kookxiang/centos7_init.sh

Last active December 14, 2016 21:46
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save kookxiang/2fb6d9e3f811f59f0b3c2c4353161f64 to your computer and use it in GitHub Desktop.
Save kookxiang/2fb6d9e3f811f59f0b3c2c4353161f64 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
centos7_init.sh
#!/usr/bin/env bash
# Usage:
# $(curl -sSL https://gist.githubusercontent.com/kookxiang/2fb6d9e3f811f59f0b3c2c4353161f64/raw/centos7_init.sh | bash)
if [[ -e /etc/redhat-release ]]; then
RELEASE_RPM=$(rpm -qf /etc/centos-release)
RELEASE=$(rpm -q --qf '%{VERSION}' ${RELEASE_RPM})
if [ ${RELEASE} != "7" ]; then
echo "CentOS release is not 7."
exit 1
fi
else
echo "Not a CentOS system."
exit 1
fi
importSSHKey(){
echo Importing ssh keys from github...
if ! [ -d ~/.ssh ]; then
mkdir ~/.ssh
chmod 0700 ~/.ssh
fi
if ! [ -f ~/.ssh/authorized_keys ]; then
touch ~/.ssh/authorized_keys
chmod 0600 ~/.ssh/authorized_keys
fi
curl -sS https://api.github.com/users/kookxiang/keys | grep -Po '"key": ".+?"' | sed -e 's/\"key\": \"//' -e 's/"$//' >> ~/.ssh/authorized_keys
if [ $? != 0 ]; then exit 1; fi
}
changeSSHPort(){
echo Changing your ssh port from 22 to 12450...
echo >> /etc/ssh/sshd_config
echo "# Generate by kookxiang" >> /etc/ssh/sshd_config
echo Port 12450 >> /etc/ssh/sshd_config
echo PubkeyAuthentication yes >> /etc/ssh/sshd_config
echo PasswordAuthentication no >> /etc/ssh/sshd_config
echo UseDNS no >> /etc/ssh/sshd_config
# Keep ssh connection alive
echo ClientAliveInterval 150 >> /etc/ssh/sshd_config
echo ClientAliveCountMax 3 >> /etc/ssh/sshd_config
echo Restarting ssh services...
systemctl restart sshd
echo Writing new firewalld rule...
cat > /etc/firewalld/services/ssh.xml <<EOF
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>SSH</short>
<description>Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful.</description>
<port protocol="tcp" port="12450" />
</service>
EOF
echo Trying to enable firewalld...
yum install -y firewalld
if [ $? != 0 ]; then exit 1; fi
systemctl stop iptables ip6tables
systemctl disable iptables ip6tables > /dev/null
systemctl start firewalld
systemctl enable firewalld > /dev/null
firewall-cmd --permanent --add-service=ssh > /dev/null
firewall-cmd --permanent --add-service=http > /dev/null
firewall-cmd --permanent --add-service=https > /dev/null
firewall-cmd --reload > /dev/null
echo Don\'t forget to start a new ssh session and check whether firewall is working correctly!
}
installDeltaRpm(){
echo Installing delta-rpm...
yum install -y deltarpm > /dev/null
if [ $? != 0 ]; then exit 1; fi
}
installRepos(){
echo Installing epel repositories...
yum -y install epel-release > /dev/null
if [ $? != 0 ]; then exit 1; fi
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 > /dev/null
echo Installing ius repositories...
curl -sS https://setup.ius.io/ | bash > /dev/null
if [ $? != 0 ]; then exit 1; fi
rpm --import /etc/pki/rpm-gpg/IUS-COMMUNITY-GPG-KEY > /dev/null
echo Installing MariaDB official repositories...
cat > /etc/yum.repos.d/MariaDB.repo <<EOF
[mariadb]
name=MariaDB
#baseurl=http://yum.mariadb.org/10.1/centos/7/$basearch/
mirrorlist=https://static.ikk.me/mariadb/centos/7/x86_64/mirrorlist
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
EOF
echo Installing Nginx official repositories...
cat > /etc/yum.repos.d/nginx.repo <<EOF
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/mainline/centos/7/\$basearch/
gpgcheck=0
enabled=1
EOF
echo Installing Shadowsocks repositories...
cat > /etc/yum.repos.d/shadowsocks.repo <<EOF
[shadowsocks]
name=Copr repo for shadowsocks owned by librehat
baseurl=https://copr-be.cloud.fedoraproject.org/results/librehat/shadowsocks/epel-7-\$basearch/
skip_if_unavailable=True
gpgcheck=1
gpgkey=https://copr-be.cloud.fedoraproject.org/results/librehat/shadowsocks/pubkey.gpg
enabled=1
enabled_metadata=1
EOF
}
installOhMyZsh(){
echo Installing Oh My Zsh...
yum install -y zsh git > /dev/null
if [ ! -n "$ZSH" ]; then
ZSH=~/.oh-my-zsh
fi
if ! [ -d "$ZSH" ]; then
umask g-w,o-w
git clone --depth=1 https://github.com/robbyrussell/oh-my-zsh.git $ZSH
cp $ZSH/templates/zshrc.zsh-template ~/.zshrc
sed "/^export ZSH=/ c\\
export ZSH=$ZSH
" ~/.zshrc > ~/.zshrc-omztemp
mv -f ~/.zshrc-omztemp ~/.zshrc
TEST_CURRENT_SHELL=$(expr "$SHELL" : '.*/\(.*\)')
if [ "$TEST_CURRENT_SHELL" != "zsh" ]; then
chsh -s $(grep /zsh$ /etc/shells | tail -1)
fi
fi
pushd $ZSH > /dev/null
local HOSTNAME=`/usr/bin/hostname -s`
echo >> themes/robbyrussell.zsh-theme
echo "PROMPT='\${ret_status} %{\$fg[cyan]%}%c%{\$reset_color%} %{\$fg[yellow]%}[${HOSTNAME}]%{\$reset_color%} \$(git_prompt_info)'" >> themes/robbyrussell.zsh-theme
git config user.name kookxiang
git config user.email r18@ikk.me
git add themes/robbyrussell.zsh-theme > /dev/null
git commit -am "Add hostname to prompt" > /dev/null
popd > /dev/null
}
initCentOS7(){
installRepos
installDeltaRpm
echo Upgrading packages, this may take a long time...
yum update -y
if [ $? != 0 ]; then exit 1; fi
importSSHKey
changeSSHPort
echo Creating /data folder for better management...
if ! [ -d /data ]; then mkdir /data; fi
echo Installing nginx...
yum install -y nginx > /dev/null
if [ $? != 0 ]; then exit 1; fi
if ! [ -d /data/nginx ]; then mkdir /data/nginx; fi
if ! [ -d /data/nginx/conf.d ]; then mkdir /data/nginx/conf.d; fi
cat > /data/nginx/default.conf <<EOF
user nginx;
worker_processes 8;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
resolver 8.8.4.4;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
client_max_body_size 16m;
client_body_buffer_size 1024k;
server_names_hash_bucket_size 128;
gzip on;
gzip_vary on;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_min_length 1000;
gzip_proxied any;
gzip_http_version 1.0;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml;
fastcgi_intercept_errors on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
server_tokens off;
server {
listen 80 default;
server_name _;
location / {
root /data/web/default;
index index.html index.htm;
}
include /data/nginx/error.conf;
}
include /data/nginx/conf.d/*.conf;
}
EOF
cat > /data/nginx/error.conf <<EOF
error_page 403 /ErrorPages/403.html;
error_page 404 /ErrorPages/404.html;
error_page 502 /ErrorPages/502.html;
error_page 503 504 /ErrorPages/500.html;
location /ErrorPages {
root /data/web/default;
allow all;
}
EOF
echo Installing nginx error pages...
yum install -y zip unzip > /dev/null
if [ $? != 0 ]; then exit 1; fi
if ! [ -d /data/web ]; then mkdir /data/web; fi
if ! [ -d /data/web/default ]; then mkdir /data/web/default; fi
pushd /data/web/default > /dev/null
wget -q https://crystal.ikk.me/defaults.zip
if [ $? != 0 ]; then exit 1; fi
unzip defaults.zip > /dev/null
popd > /dev/null
echo -n "Please enter a new hostname: "
read NewHostName
echo $NewHostName > /etc/hostname
/usr/bin/hostname $NewHostName
installOhMyZsh
}
initCentOS7
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment