neovintage/wordpress_slice.sh

## wordpress_slice.sh
#!/bin/bash

echo "SliceHost Automated Setup for Ubuntu 9.10"
echo "Start from a fresh Ubuntu Slice Rebuild"
echo "Installing Nginx, PHP, php-fpm, MySQL & Wordpress"

INTERACTIVE_SETUP=1

ROOT_PASS="root123"
USER_NAME="webadmin"
USER_PASS="user123"
SQL_ROOT_PASS="db123"
DOMAIN="domain.com"
PHP_VERSION="5.3.1"
SSH_PORT="30000"

if [ "$INTERACTIVE_SETUP" ]; then

	ROOT_PASS_CONFIRM="-----"
	until [ "$ROOT_PASS" = "$ROOT_PASS_CONFIRM" ]; do
		echo "Enter Root password:"
		read ROOT_PASS
		echo "Confirm Root password:"
		read ROOT_PASS_CONFIRM
		if [ "$ROOT_PASS" != "$ROOT_PASS_CONFIRM" ]; then
			echo "Root passwords entered don't match!"
		fi
	done

	USER_NAME_CONFIRM="n"
	until [ "$USER_NAME_CONFIRM" = "Y" ]; do
		echo "Enter username for new user:"
		read USER_NAME
		echo "Username is $USER_NAME (Y/n):"
		read USER_NAME_CONFIRM
	done

	USER_PASS_CONFIRM="-----"
	until [ "$USER_PASS" = "$USER_PASS_CONFIRM" ]; do
		echo "Enter password for user $USER_NAME:"
		read USER_PASS
		echo "Confirm password for user $USER_NAME:"
		read USER_PASS_CONFIRM
		if [ "$USER_PASS" != "$USER_PASS_CONFIRM" ]; then
		echo "User passwords entered don't match!"
		fi
	done

	SQL_ROOT_PASS_CONFIRM="-----"
	until [ "$SQL_ROOT_PASS" = "$SQL_ROOT_PASS_CONFIRM" ]; do
		echo "Enter SQL Root password:"
		read SQL_ROOT_PASS
		echo "Confirm SQL Root password:"
		read SQL_ROOT_PASS_CONFIRM
		if [ "$SQL_ROOT_PASS" != "$SQL_ROOT_PASS_CONFIRM" ]; then
			echo "SQL Root passwords entered don't match!"
		fi
	done

	APACHE_VHOST_CONFIRM="n"
	until [ "$APACHE_VHOST_CONFIRM" = "Y" ]; do
		echo "Enter domain name for new virtual host:"
		read DOMAIN
		echo "Virtual host is $APACHE_VHOST (Y/n):"
		read APACHE_VHOST_CONFIRM
	done

fi

echo "Root password is $ROOT_PASS"
echo "New user is $USER_NAME"
echo "User password for $USER_NAME is $USER_PASS"
echo "SQL Root password is $SQL_ROOT_PASS"

# Reset the root password
echo -e "$ROOT_PASS\n$ROOT_PASS\n" | passwd

# Create the new user and add all appropriate stuff
useradd -m -s /bin/bash $USER_NAME
echo -e "$USER_PASS\n$USER_PASS\n" | passwd $USER_NAME
cat >> /home/$USER_NAME/.bashrc <<ENDOFFILE

export PS1='\[\033[0;35m\]\h\[\033[0;33m\] \w\[\033[00m\]: '
alias free="free -m"
alias update="sudo aptitude update"
alias install="sudo aptitude install"
alias upgrade="sudo aptitude safe-upgrade"
alias remove="sudo aptitude remove"

ENDOFFILE
cp /etc/sudoers /etc/newsudoers
echo -e "\n$USER_NAME ALL=(ALL) ALL\n" >> /etc/newsudoers
mv -f /etc/newsudoers /etc/sudoers
chmod 440 /etc/sudoers

cat > /etc/ssh/new_sshd_config <<ENDOFFILE

# Package generated configuration file
# See the sshd(8) manpage for details

# What ports, IPs and protocols we listen for
Port $SSH_PORT
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile	%h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding no
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
KeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM no
UseDNS no
AllowUsers $USER_NAME

ENDOFFILE
mv -f /etc/ssh/new_sshd_config /etc/ssh/sshd_config
chmod 644 /etc/ssh/sshd_config

cat > /etc/iptables.test.rules <<ENDOFFILE
*filter


# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT


# Accepts all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT


# Allows all outbound traffic
# You can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT


# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT


# Allows SSH connections
#
# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
#
-A INPUT -p tcp -m state --state NEW --dport $SSH_PORT -j ACCEPT


# Allow ping
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT


# log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7


# Reject all other inbound - default deny unless explicitly allowed policy
-A INPUT -j REJECT
-A FORWARD -j REJECT

COMMIT
ENDOFFILE

iptables-restore < /etc/iptables.test.rules
iptables-save > /etc/iptables.up.rules

sed -e 's|iface lo inet loopback|iface lo inet loopback\npre-up iptables-restore < /etc/iptables.up.rules|' /etc/network/interfaces > /etc/network/new_interfaces
mv -f /etc/network/new_interfaces /etc/network/interfaces
chmod 644 /etc/network/interfaces

/etc/init.d/ssh reload

apt-get -y update

# # Set the locale
# locale-gen en_US.UTF-8
#
# # Sometimes it fails, try again
# locale-gen en_US.UTF-8
#
# /usr/sbin/update-locale LANG=en_US.UTF-8

aptitude -y safe-upgrade

aptitude -y full-upgrade

# install build tools
aptitude -y install build-essential

# install git nginx and other needed libraries
aptitude install -y libxml2-dev libevent-dev
aptitude install -y git-core subversion nginx bison flex patch autoconf213 locate gitosis screen
aptitude install -y libxml2-dev libbz2-dev libpcre3-dev libssl-dev zlib1g-dev libmcrypt-dev libmhash-dev libmhash2 libcurl4-openssl-dev libpq-dev libpq5 libsyck0-dev libpng-dev libjpeg-dev libxslt-dev libmysqlclient-dev

# install MySQL non-interactively
export DEBIAN_FRONTEND=noninteractive; aptitude -q -y install mysql-server mysql-client libmysqlclient16-dev

# install PHP 5 with PHP-FPM included
# Old way:
# aptitude -y install libapache2-mod-php5 php5 php5-common php5-curl php5-dev php5-gd php5-imagick php5-mcrypt php5-memcache php5-mhash php5-mysql php5-pspell php5-snmp php5-sqlite php5-xmlrpc php5-xsl
# New way:
# first compile libevent
# patch php with php-fpm
# compile php and install
cd /usr/local/src
wget http://us3.php.net/get/php-$PHP_VERSION.tar.gz/from/us2.php.net/mirror
wget http://launchpad.net/php-fpm/master/0.6/+download/php-fpm-0.6~$PHP_VERSION.tar.gz
wget http://www.monkey.org/~provos/libevent-1.4.13-stable.tar.gz
tar zxf php-$PHP_VERSION.tar.gz
tar zxf php-fpm-0.6~$PHP_VERSION.tar.gz
tar zxf libevent-1.4.13-stable.tar.gz

# compile & install libevent
cd libevent-1.4.13-stable
./configure && make
make install
cd ..

# create patch and apply
php-fpm-0.6-$PHP_VERSION/generate-fpm-patch
cd php-$PHP_VERSION
patch -p1 < ../fpm-patch

# rebuild config then compile and install php
./buildconf --force
mkdir fpm-build && cd fpm-build
../configure --with-fpm --with-libevent=shared,/usr/local --enable-fastcgi --enable-fpm --with-mcrypt --with-zlib --enable-mbstring --with-openssl --with-mysql --with-mysql-sock --with-gd --without-sqlite --disable-pdo --disable-reflection --with-xsl --with-curl --with-jpeg --with-jpeg-dir=/usr/lib && make
make install

# now add php-fpm to init.d startup
cd /etc/init.d
update-rc.d -f php-fpm defaults

# change all instances of www-data to user_name in php-fpm config
sed -e "s/www-data/$USER_NAME/g" /etc/php-fpm.config.default > /etc/php-fpm.config.new
rm /etc/php-fpm.config
ln -s /etc/php-fpm.config.new /etc/php-fpm.config

mysqladmin -u root password $SQL_ROOT_PASS

# create user directors for Apache
mkdir -p /home/$USER_NAME/public_html/$DOMAIN/{www,private,logs,backup}

cat > /home/$USER_NAME/public_html/$DOMAIN/www/index.html <<ENDOFFILE
<html>
<head>
<title>$DOMAIN</title>
</head>
<body>
<h1>$DOMAIN</h1>
</body>
</html>
ENDOFFILE

# Setup NGINX for virtual hosts
cat > /etc/nginx/sites-available/$DOMAIN <<ENDOFFILE
server {
		listen 80;
		server_name www.$DOMAIN;
		rewrite ^/(.*) http://$DOMAIN/$1 permanent;
}

server {
    listen   80;
    server_name $DOMAIN;
    access_log /home/$USER_NAME/public_html/$DOMAIN/logs/access.log;
    error_log /home/$USER_NAME/public_html/$DOMAIN/logs/error.log;

    location / {
        root   /home/$USER_NAME/public_html/$DOMAIN/www;
        index  index.html index.htm index.php;

		# this serves static files that exist without running other rewrite tests
		if (-f $request_filename) {
			expires 30d;
			break;
		}

		# this sends all non-existing file or directory requests to index.php
		if (!-e $request_filename) {
			rewrite ^(.+)$ /index.php?q=$1 last;
		}
    }

    location ~ \.php$ {
        include /etc/nginx/fastcgi_params;
        fastcgi_pass  127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param  SCRIPT_FILENAME  /home/$USER_NAME/public_html/$DOMAIN/www$fastcgi_script_name;
    }
}

ENDOFFILE
ln -s /etc/nginx/sites-available/$DOMAIN /etc/nginx/sites-enabled/$DOMAIN

# Install Wordpress
cd /home/$USER_NAME/public_html/$DOMAIN
wget http://wordpress.org/latest.tar.gz
tar zxf latest.tar.gz
mv wordpress/* www/
rm -rf wordpress latest.tar.gz

chown -R $USER_NAME:$USER_NAME /home/$USER_NAME/public_html

echo "SliceHost Setup Complete"
echo "TODO:  Create a database in MySQL for Wordpress"
echo -e "\texample:"
echo -e "\tcreate user 'wp_user'@'localhost' identified by 'password';"
echo -e "\tcreate database wp_dbase;"
echo -e "\tgrant select,insert,update,delete,create,drop on wp_dbase.* to 'wp_user'@'localhost';"
echo "TODO:  Upload your SSH key"
echo "TODO:  Skip innodb in my.cnf"
	#!/bin/bash

	echo "SliceHost Automated Setup for Ubuntu 9.10"
	echo "Start from a fresh Ubuntu Slice Rebuild"
	echo "Installing Nginx, PHP, php-fpm, MySQL & Wordpress"

	INTERACTIVE_SETUP=1

	ROOT_PASS="root123"
	USER_NAME="webadmin"
	USER_PASS="user123"
	SQL_ROOT_PASS="db123"
	DOMAIN="domain.com"
	PHP_VERSION="5.3.1"
	SSH_PORT="30000"

	if [ "$INTERACTIVE_SETUP" ]; then

	ROOT_PASS_CONFIRM="-----"
	until [ "$ROOT_PASS" = "$ROOT_PASS_CONFIRM" ]; do
	echo "Enter Root password:"
	read ROOT_PASS
	echo "Confirm Root password:"
	read ROOT_PASS_CONFIRM
	if [ "$ROOT_PASS" != "$ROOT_PASS_CONFIRM" ]; then
	echo "Root passwords entered don't match!"
	fi
	done

	USER_NAME_CONFIRM="n"
	until [ "$USER_NAME_CONFIRM" = "Y" ]; do
	echo "Enter username for new user:"
	read USER_NAME
	echo "Username is $USER_NAME (Y/n):"
	read USER_NAME_CONFIRM
	done

	USER_PASS_CONFIRM="-----"
	until [ "$USER_PASS" = "$USER_PASS_CONFIRM" ]; do
	echo "Enter password for user $USER_NAME:"
	read USER_PASS
	echo "Confirm password for user $USER_NAME:"
	read USER_PASS_CONFIRM
	if [ "$USER_PASS" != "$USER_PASS_CONFIRM" ]; then
	echo "User passwords entered don't match!"
	fi
	done

	SQL_ROOT_PASS_CONFIRM="-----"
	until [ "$SQL_ROOT_PASS" = "$SQL_ROOT_PASS_CONFIRM" ]; do
	echo "Enter SQL Root password:"
	read SQL_ROOT_PASS
	echo "Confirm SQL Root password:"
	read SQL_ROOT_PASS_CONFIRM
	if [ "$SQL_ROOT_PASS" != "$SQL_ROOT_PASS_CONFIRM" ]; then
	echo "SQL Root passwords entered don't match!"
	fi
	done

	APACHE_VHOST_CONFIRM="n"
	until [ "$APACHE_VHOST_CONFIRM" = "Y" ]; do
	echo "Enter domain name for new virtual host:"
	read DOMAIN
	echo "Virtual host is $APACHE_VHOST (Y/n):"
	read APACHE_VHOST_CONFIRM
	done

	fi

	echo "Root password is $ROOT_PASS"
	echo "New user is $USER_NAME"
	echo "User password for $USER_NAME is $USER_PASS"
	echo "SQL Root password is $SQL_ROOT_PASS"

	# Reset the root password
	echo -e "$ROOT_PASS\n$ROOT_PASS\n" \| passwd

	# Create the new user and add all appropriate stuff
	useradd -m -s /bin/bash $USER_NAME
	echo -e "$USER_PASS\n$USER_PASS\n" \| passwd $USER_NAME
	cat >> /home/$USER_NAME/.bashrc <<ENDOFFILE

	export PS1='\[\033[0;35m\]\h\[\033[0;33m\] \w\[\033[00m\]: '
	alias free="free -m"
	alias update="sudo aptitude update"
	alias install="sudo aptitude install"
	alias upgrade="sudo aptitude safe-upgrade"
	alias remove="sudo aptitude remove"

	ENDOFFILE
	cp /etc/sudoers /etc/newsudoers
	echo -e "\n$USER_NAME ALL=(ALL) ALL\n" >> /etc/newsudoers
	mv -f /etc/newsudoers /etc/sudoers
	chmod 440 /etc/sudoers

	cat > /etc/ssh/new_sshd_config <<ENDOFFILE

	# Package generated configuration file
	# See the sshd(8) manpage for details

	# What ports, IPs and protocols we listen for
	Port $SSH_PORT
	# Use these options to restrict which interfaces/protocols sshd will bind to
	#ListenAddress ::
	#ListenAddress 0.0.0.0
	Protocol 2
	# HostKeys for protocol version 2
	HostKey /etc/ssh/ssh_host_rsa_key
	HostKey /etc/ssh/ssh_host_dsa_key
	#Privilege Separation is turned on for security
	UsePrivilegeSeparation yes

	# Lifetime and size of ephemeral version 1 server key
	KeyRegenerationInterval 3600
	ServerKeyBits 768

	# Logging
	SyslogFacility AUTH
	LogLevel INFO

	# Authentication:
	LoginGraceTime 120
	PermitRootLogin no
	StrictModes yes

	RSAAuthentication yes
	PubkeyAuthentication yes
	#AuthorizedKeysFile %h/.ssh/authorized_keys

	# Don't read the user's ~/.rhosts and ~/.shosts files
	IgnoreRhosts yes
	# For this to work you will also need host keys in /etc/ssh_known_hosts
	RhostsRSAAuthentication no
	# similar for protocol version 2
	HostbasedAuthentication no
	# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
	#IgnoreUserKnownHosts yes

	# To enable empty passwords, change to yes (NOT RECOMMENDED)
	PermitEmptyPasswords no

	# Change to yes to enable challenge-response passwords (beware issues with
	# some PAM modules and threads)
	ChallengeResponseAuthentication no

	# Change to no to disable tunnelled clear text passwords
	PasswordAuthentication no

	# Kerberos options
	#KerberosAuthentication no
	#KerberosGetAFSToken no
	#KerberosOrLocalPasswd yes
	#KerberosTicketCleanup yes

	# GSSAPI options
	GSSAPIAuthentication no
	#GSSAPICleanupCredentials yes

	X11Forwarding no
	X11DisplayOffset 10
	PrintMotd no
	PrintLastLog yes
	KeepAlive yes
	#UseLogin no

	#MaxStartups 10:30:60
	#Banner /etc/issue.net

	# Allow client to pass locale environment variables
	AcceptEnv LANG LC_*

	Subsystem sftp /usr/lib/openssh/sftp-server

	UsePAM no
	UseDNS no
	AllowUsers $USER_NAME

	ENDOFFILE
	mv -f /etc/ssh/new_sshd_config /etc/ssh/sshd_config
	chmod 644 /etc/ssh/sshd_config

	cat > /etc/iptables.test.rules <<ENDOFFILE
	*filter


	# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
	-A INPUT -i lo -j ACCEPT
	-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT


	# Accepts all established inbound connections
	-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT


	# Allows all outbound traffic
	# You can modify this to only allow certain traffic
	-A OUTPUT -j ACCEPT


	# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
	-A INPUT -p tcp --dport 80 -j ACCEPT
	-A INPUT -p tcp --dport 443 -j ACCEPT


	# Allows SSH connections
	#
	# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
	#
	-A INPUT -p tcp -m state --state NEW --dport $SSH_PORT -j ACCEPT


	# Allow ping
	-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT


	# log iptables denied calls
	-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7


	# Reject all other inbound - default deny unless explicitly allowed policy
	-A INPUT -j REJECT
	-A FORWARD -j REJECT

	COMMIT
	ENDOFFILE

	iptables-restore < /etc/iptables.test.rules
	iptables-save > /etc/iptables.up.rules

	sed -e 's\|iface lo inet loopback\|iface lo inet loopback\npre-up iptables-restore < /etc/iptables.up.rules\|' /etc/network/interfaces > /etc/network/new_interfaces
	mv -f /etc/network/new_interfaces /etc/network/interfaces
	chmod 644 /etc/network/interfaces

	/etc/init.d/ssh reload

	apt-get -y update

	# # Set the locale
	# locale-gen en_US.UTF-8
	#
	# # Sometimes it fails, try again
	# locale-gen en_US.UTF-8
	#
	# /usr/sbin/update-locale LANG=en_US.UTF-8

	aptitude -y safe-upgrade

	aptitude -y full-upgrade

	# install build tools
	aptitude -y install build-essential

	# install git nginx and other needed libraries
	aptitude install -y libxml2-dev libevent-dev
	aptitude install -y git-core subversion nginx bison flex patch autoconf213 locate gitosis screen
	aptitude install -y libxml2-dev libbz2-dev libpcre3-dev libssl-dev zlib1g-dev libmcrypt-dev libmhash-dev libmhash2 libcurl4-openssl-dev libpq-dev libpq5 libsyck0-dev libpng-dev libjpeg-dev libxslt-dev libmysqlclient-dev

	# install MySQL non-interactively
	export DEBIAN_FRONTEND=noninteractive; aptitude -q -y install mysql-server mysql-client libmysqlclient16-dev

	# install PHP 5 with PHP-FPM included
	# Old way:
	# aptitude -y install libapache2-mod-php5 php5 php5-common php5-curl php5-dev php5-gd php5-imagick php5-mcrypt php5-memcache php5-mhash php5-mysql php5-pspell php5-snmp php5-sqlite php5-xmlrpc php5-xsl
	# New way:
	# first compile libevent
	# patch php with php-fpm
	# compile php and install
	cd /usr/local/src
	wget http://us3.php.net/get/php-$PHP_VERSION.tar.gz/from/us2.php.net/mirror
	wget http://launchpad.net/php-fpm/master/0.6/+download/php-fpm-0.6~$PHP_VERSION.tar.gz
	wget http://www.monkey.org/~provos/libevent-1.4.13-stable.tar.gz
	tar zxf php-$PHP_VERSION.tar.gz
	tar zxf php-fpm-0.6~$PHP_VERSION.tar.gz
	tar zxf libevent-1.4.13-stable.tar.gz

	# compile & install libevent
	cd libevent-1.4.13-stable
	./configure && make
	make install
	cd ..

	# create patch and apply
	php-fpm-0.6-$PHP_VERSION/generate-fpm-patch
	cd php-$PHP_VERSION
	patch -p1 < ../fpm-patch

	# rebuild config then compile and install php
	./buildconf --force
	mkdir fpm-build && cd fpm-build
	../configure --with-fpm --with-libevent=shared,/usr/local --enable-fastcgi --enable-fpm --with-mcrypt --with-zlib --enable-mbstring --with-openssl --with-mysql --with-mysql-sock --with-gd --without-sqlite --disable-pdo --disable-reflection --with-xsl --with-curl --with-jpeg --with-jpeg-dir=/usr/lib && make
	make install

	# now add php-fpm to init.d startup
	cd /etc/init.d
	update-rc.d -f php-fpm defaults

	# change all instances of www-data to user_name in php-fpm config
	sed -e "s/www-data/$USER_NAME/g" /etc/php-fpm.config.default > /etc/php-fpm.config.new
	rm /etc/php-fpm.config
	ln -s /etc/php-fpm.config.new /etc/php-fpm.config

	mysqladmin -u root password $SQL_ROOT_PASS

	# create user directors for Apache
	mkdir -p /home/$USER_NAME/public_html/$DOMAIN/{www,private,logs,backup}

	cat > /home/$USER_NAME/public_html/$DOMAIN/www/index.html <<ENDOFFILE
	<html>
	<head>
	<title>$DOMAIN</title>
	</head>
	<body>
	<h1>$DOMAIN</h1>
	</body>
	</html>
	ENDOFFILE

	# Setup NGINX for virtual hosts
	cat > /etc/nginx/sites-available/$DOMAIN <<ENDOFFILE
	server {
	listen 80;
	server_name www.$DOMAIN;
	rewrite ^/(.*) http://$DOMAIN/$1 permanent;
	}

	server {
	listen 80;
	server_name $DOMAIN;
	access_log /home/$USER_NAME/public_html/$DOMAIN/logs/access.log;
	error_log /home/$USER_NAME/public_html/$DOMAIN/logs/error.log;

	location / {
	root /home/$USER_NAME/public_html/$DOMAIN/www;
	index index.html index.htm index.php;

	# this serves static files that exist without running other rewrite tests
	if (-f $request_filename) {
	expires 30d;
	break;
	}

	# this sends all non-existing file or directory requests to index.php
	if (!-e $request_filename) {
	rewrite ^(.+)$ /index.php?q=$1 last;
	}
	}

	location ~ \.php$ {
	include /etc/nginx/fastcgi_params;
	fastcgi_pass 127.0.0.1:9000;
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME /home/$USER_NAME/public_html/$DOMAIN/www$fastcgi_script_name;
	}
	}

	ENDOFFILE
	ln -s /etc/nginx/sites-available/$DOMAIN /etc/nginx/sites-enabled/$DOMAIN

	# Install Wordpress
	cd /home/$USER_NAME/public_html/$DOMAIN
	wget http://wordpress.org/latest.tar.gz
	tar zxf latest.tar.gz
	mv wordpress/* www/
	rm -rf wordpress latest.tar.gz

	chown -R $USER_NAME:$USER_NAME /home/$USER_NAME/public_html

	echo "SliceHost Setup Complete"
	echo "TODO: Create a database in MySQL for Wordpress"
	echo -e "\texample:"
	echo -e "\tcreate user 'wp_user'@'localhost' identified by 'password';"
	echo -e "\tcreate database wp_dbase;"
	echo -e "\tgrant select,insert,update,delete,create,drop on wp_dbase.* to 'wp_user'@'localhost';"
	echo "TODO: Upload your SSH key"
	echo "TODO: Skip innodb in my.cnf"