Last active
April 13, 2022 15:33
-
-
Save mawillcockson/5e40402009b4be69b52015f5a8f0fdc8 to your computer and use it in GitHub Desktop.
Super-basic wordpress installation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
set -eu | |
HOME=/home/ubuntu | |
MYSQL_ROOT_USERNAME="${MYSQL_ROOT_USERNAME:-"root"}" | |
MYSQL_ROOT_PASSWORD="${MYSQL_ROOT_PASSWORD:-"root_password"}" | |
WORDPRESS_DATABASE_NAME="${WORDPRESS_DATABASE_NAME:-"wordpress"}" | |
WORDPRESS_DB_USERNAME="${WORDPRESS_DB_USERNAME:-"wordpress_user"}" | |
WORDPRESS_DB_PASSWORD="${WORDPRESS_DB_PASSWORD:-"wordpress_password"}" | |
log() { | |
printf '%sLOG-- %s\n' "--" "$@" | |
} | |
error() { | |
printf '%sERROR-- %s\n' "--" "$@" | |
exit 1 | |
} | |
leave() { | |
trap - EXIT | |
return 0 | |
} | |
trap leave EXIT | |
cd "${HOME}" | |
log "waiting for network to be happy, so mysql_install_db doesn't return an error" | |
while ! host -W 1 elementor; do | |
sleep 1 | |
done | |
install_system_packages() { | |
sudo apt install --no-install-recommends --assume-yes \ | |
curl \ | |
expect \ | |
mariadb-client \ | |
mariadb-server \ | |
php \ | |
php-fpm \ | |
php-mysql \ | |
nginx | |
} | |
# if ! install_system_packages ; then | |
# sudo apt update | |
# sudo apt upgrade --assume-yes | |
# install_system_packages | |
# sudo apt autoremove --assume-yes | |
# sudo apt clean | |
# fi | |
# log "checking for wordpress database" | |
# if ! sudo mysql \ | |
# --user="${MYSQL_ROOT_USERNAME}" \ | |
# --password="${MYSQL_ROOT_PASSWORD}" \ | |
# --protocol=SOCKET \ | |
# --execute=EXIT \ | |
# "${WORDPRESS_DATABASE_NAME}" | |
# then | |
# set +eu # needed because the mysql_install_db shell script somehow runs with the current environment settings | |
# sudo mysql_install_db \ | |
# --user=mysql \ | |
# --auth-root-authentication-method=socket | |
# | |
# expect - << EOF | |
# spawn sudo mysql_secure_installation | |
# expect { | |
# "Enter current password for root (enter for none):" { | |
# sleep 1 | |
# send "\\r" | |
# exp_continue | |
# } | |
# "Set root password?" { | |
# send "y\\r" | |
# } | |
# } | |
# expect { | |
# "New password:" { | |
# send "${MYSQL_ROOT_PASSWORD}\\r" | |
# exp_continue | |
# } | |
# "Re-enter new password:" { | |
# send "${MYSQL_ROOT_PASSWORD}\\r" | |
# exp_continue | |
# } | |
# "Remove anonymous users?" { | |
# send "y\\r" | |
# } | |
# } | |
# expect { | |
# "Disallow root login remotely?" { | |
# send "y\\r" | |
# } | |
# } | |
# expect { | |
# "Remove test database and access to it?" { | |
# send "y\\r" | |
# } | |
# } | |
# expect { | |
# "Reload privilege tables now?" { | |
# sleep 0.5 | |
# send "y\\r" | |
# send_user "\\r" | |
# } | |
# } | |
# wait | |
# send_user "expect done\\r" | |
# exit | |
# EOF | |
# | |
# log "making a database for wordpress" | |
# sudo mysql \ | |
# --user="${MYSQL_ROOT_USERNAME}" \ | |
# --password="${MYSQL_ROOT_PASSWORD}" \ | |
# --protocol=SOCKET << EOF | |
# CREATE DATABASE ${WORDPRESS_DATABASE_NAME}; | |
# GRANT ALL PRIVILEGES ON ${WORDPRESS_DATABASE_NAME}.* TO "${WORDPRESS_DB_USERNAME}"@"localhost" IDENTIFIED BY "${WORDPRESS_DB_PASSWORD}"; | |
# FLUSH PRIVILEGES; | |
# EXIT | |
# EOF | |
# | |
# fi | |
log "downloading wordpress" | |
if ! [ -d wordpress ]; then | |
if ! [ -f wordpress.tar.gz ]; then | |
log "downloading wordpress tarball" | |
curl -L "https://wordpress.org/latest.tar.gz" --output wordpress.tar.gz | |
fi | |
mkdir -p wordpress | |
log "unpacking wordpress install files" | |
tar -xf wordpress.tar.gz -C wordpress --strip-components=1 | |
find wordpress -type d -exec chmod a=rwx \{\} \+ | |
find wordpress -type f -exec chmod a=rw \{\} \+ | |
fi | |
log "checking for wp-config.php" | |
if ! [ -f /var/www/html/wp-config.php ]; then | |
log "copying wordpress install files" | |
sudo rm /var/www/html/index.nginx-debian.html || true | |
sudo chown www-data:www-data /var/www/html | |
sudo -u www-data cp -r wordpress/* /var/www/html | |
log "making wp-config.php" | |
sudo -u www-data tee /var/www/html/wp-config.php > /dev/null << EOF | |
<?php | |
/** | |
* The base configuration for WordPress | |
* | |
* The wp-config.php creation script uses this file during the installation. | |
* You don't have to use the web site, you can copy this file to "wp-config.php" | |
* and fill in the values. | |
* | |
* This file contains the following configurations: | |
* | |
* * Database settings | |
* * Secret keys | |
* * Database table prefix | |
* * ABSPATH | |
* | |
* @link https://wordpress.org/support/article/editing-wp-config-php/ | |
* | |
* @package WordPress | |
*/ | |
// ** Database settings - You can get this info from your web host ** // | |
/** The name of the database for WordPress */ | |
define( 'DB_NAME', '${WORDPRESS_DATABASE_NAME}' ); | |
/** Database username */ | |
define( 'DB_USER', '${WORDPRESS_DB_USERNAME}' ); | |
/** Database password */ | |
define( 'DB_PASSWORD', '${WORDPRESS_DB_PASSWORD}' ); | |
/** Database hostname */ | |
define( 'DB_HOST', '/var/run/mysqld/mysqld.sock' ); | |
/** Database charset to use in creating database tables. */ | |
define( 'DB_CHARSET', 'utf8' ); | |
/** The database collate type. Don't change this if in doubt. */ | |
define( 'DB_COLLATE', '' ); | |
/**#@+ | |
* Authentication unique keys and salts. | |
* | |
* Change these to different unique phrases! You can generate these using | |
* the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}. | |
* | |
* You can change these at any point in time to invalidate all existing cookies. | |
* This will force all users to have to log in again. | |
* | |
* @since 2.6.0 | |
*/ | |
define( 'AUTH_KEY', 'AUTH_KEY' ); | |
define( 'SECURE_AUTH_KEY', 'SECURE_AUTH_KEY' ); | |
define( 'LOGGED_IN_KEY', 'LOGGED_IN_KEY' ); | |
define( 'NONCE_KEY', 'NONCE_KEY' ); | |
define( 'AUTH_SALT', '' ); | |
define( 'SECURE_AUTH_SALT', '' ); | |
define( 'LOGGED_IN_SALT', '' ); | |
define( 'NONCE_SALT', '' ); | |
/**#@-*/ | |
/** | |
* WordPress database table prefix. | |
* | |
* You can have multiple installations in one database if you give each | |
* a unique prefix. Only numbers, letters, and underscores please! | |
*/ | |
\$table_prefix = 'wp_'; | |
/** | |
* For developers: WordPress debugging mode. | |
* | |
* Change this to true to enable the display of notices during development. | |
* It is strongly recommended that plugin and theme developers use WP_DEBUG | |
* in their development environments. | |
* | |
* For information on other constants that can be used for debugging, | |
* visit the documentation. | |
* | |
* @link https://wordpress.org/support/article/debugging-in-wordpress/ | |
*/ | |
define( 'WP_DISABLE_FATAL_ERROR_HANDLER', true ); // 5.2 and later | |
define( 'WP_DEBUG', true ); | |
/* Add any custom values between this line and the "stop editing" line. */ | |
/* That's all, stop editing! Happy publishing. */ | |
/** Absolute path to the WordPress directory. */ | |
if ( ! defined( 'ABSPATH' ) ) { | |
define( 'ABSPATH', __DIR__ . '/' ); | |
} | |
/** Sets up WordPress vars and included files. */ | |
require_once ABSPATH . 'wp-settings.php'; | |
EOF | |
fi | |
log "configuring nginx" | |
sudo mkdir -p /etc/nginx/global | |
sudo tee /etc/nginx/sites-available/default > /dev/null <<'EOF' | |
## | |
# You should look at the following URL's in order to grasp a solid understanding | |
# of Nginx configuration files in order to fully unleash the power of Nginx. | |
# https://www.nginx.com/resources/wiki/start/ | |
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ | |
# https://wiki.debian.org/Nginx/DirectoryStructure | |
# | |
# In most cases, administrators will remove this file from sites-enabled/ and | |
# leave it as reference inside of sites-available where it will continue to be | |
# updated by the nginx packaging team. | |
# | |
# This file will automatically load configuration files provided by other | |
# applications, such as Drupal or Wordpress. These applications will be made | |
# available underneath a path with that package name, such as /drupal8. | |
# | |
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. | |
## | |
upstream php { | |
server unix:/var/run/php/php7.4-fpm.sock; | |
server 127.0.0.1:9000; | |
} | |
# Default server configuration | |
# | |
server { | |
listen 80 default_server; | |
listen [::]:80 default_server; | |
# SSL configuration | |
# | |
# listen 443 ssl default_server; | |
# listen [::]:443 ssl default_server; | |
# | |
# Note: You should disable gzip for SSL traffic. | |
# See: https://bugs.debian.org/773332 | |
# | |
# Read up on ssl_ciphers to ensure a secure configuration. | |
# See: https://bugs.debian.org/765782 | |
# | |
# Self signed certs generated by the ssl-cert package | |
# Don't use them in a production server! | |
# | |
# include snippets/snakeoil.conf; | |
server_name _; | |
root /var/www/html; | |
# Add index.php to the list if you are using PHP | |
index index.php; | |
include global/restrictions.conf; | |
include global/wordpress.conf; | |
} | |
EOF | |
sudo tee /etc/nginx/global/restrictions.conf > /dev/null <<'EOF' | |
location = /favicon.ico { | |
log_not_found off; | |
access_log off; | |
} | |
location = /robots.txt { | |
allow all; | |
log_not_found off; | |
access_log off; | |
} | |
location ~ /\. { | |
deny all; | |
} | |
location ~* /(?:uploads|files)/.*\.php$ { | |
deny all; | |
} | |
EOF | |
sudo tee /etc/nginx/global/wordpress.conf > /dev/null <<'EOF' | |
location / { | |
try_files $uri $uri/ /index.php?$args; | |
} | |
location ~ \.php$ { | |
include fastcgi_params; | |
fastcgi_intercept_errors on; | |
fastcgi_pass php; | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
} | |
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { | |
expires max; | |
log_not_found off; | |
} | |
EOF | |
sudo nginx -t | |
sudo systemctl reload nginx || sudo systemctl restart nginx | |
log "now visit /wp-admin/install.php" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
set -eu | |
# lxc profile create less-safe | |
# lxc profile edit less-safe <<'EOF' | |
# config: | |
# limits.cpu: 1-1 | |
# limits.memory: 500MB | |
# limits.memory.enforce: hard | |
# limits.memory.swap: "false" | |
# limits.processes: "500" | |
# description: prevents instance from hogging all the host's resources | |
# devices: {} | |
# name: less-safe | |
# used_by: | |
# - /1.0/instances/elementor | |
# EOF | |
# lxc profile create web-server | |
# lxc profile edit web-server <<'EOF' | |
# config: {} | |
# description: "" | |
# devices: | |
# tcp-proxy: | |
# connect: tcp:0.0.0.0:80,443,8000,8080 | |
# listen: tcp:0.0.0.0:80,443,8000,8080 | |
# type: proxy | |
# udp-proxy: | |
# connect: udp:0.0.0.0:80,443,8000,8080 | |
# listen: udp:0.0.0.0:80,443,8000,8080 | |
# type: proxy | |
# name: web-server | |
# used_by: | |
# - /1.0/instances/elementor | |
# EOF | |
# lxc launch "ubuntu:20.04" wordpress \ | |
# -p default \ | |
# -p less-safe \ | |
# -p web-server | |
# lxc exec wordpress -- chpasswd -c NONE << EOF | |
# root: | |
# ubuntu: | |
# EOF | |
# lxc exec wordpress -- apt update -y | |
# lxc exec wordpress -- apt upgrade -y | |
# lxc stop wordpress | |
# lxc snapshot wordpress fresh --reuse | |
# lxc start wordpress | |
lxc file push \ | |
~/projects/elementor/install.sh \ | |
elementor/home/ubuntu/install.sh \ | |
--uid 1000 \ | |
--gid 1000 \ | |
--mode 0755 | |
lxc exec elementor -- sudo -i -u ubuntu /home/ubuntu/install.sh |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment