Last active
November 26, 2018 03:25
-
-
Save oddevan/209c689ad2909088f564dce965ff3618 to your computer and use it in GitHub Desktop.
An interactive script to set up an Ubuntu 18.04 LTS image with LEMP, store web page files in user's home directory, and install/run certbot
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # | |
| # THIS IS AN INTERACTIVE SCRIPT | |
| # | |
| # Installs a LEMP stack onto an Ubuntu 18.04 LTS image: | |
| # | |
| # - Creates sudo user with given username and password | |
| # - Updates all packages | |
| # - Installs Nginx, MySQL, and PHP | |
| # - Runs mysql_secure_installation | |
| # - Sets up ~/config and ~/logs in user's home directory for easy access | |
| # - Sets up test server on given domain with basic PHP info | |
| # - Installs and runs certbot | |
| # | |
| # Uses commands from | |
| # https://www.digitalocean.com/community/tutorials/how-to-install-linux-nginx-mysql-php-lemp-stack-ubuntu-18-04 | |
| # https://www.linode.com/stackscripts/view/1 | |
| # https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04 | |
| USERNAME='changeme' | |
| USERPASS='changeme' | |
| TEST_SERVER_FQDN='www.something.com' | |
| apt update | |
| apt -y full-upgrade | |
| apt -y install sudo | |
| adduser $USERNAME --disabled-password --gecos "" | |
| echo "$USERNAME:$USERPASS" | chpasswd | |
| usermod -aG sudo $USERNAME | |
| #disable root ssh | |
| sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config | |
| touch /tmp/restart-ssh | |
| apt -y install nginx | |
| ufw allow 'Nginx Full' | |
| apt -y install mysql-server-5.7 | |
| mysql_secure_installation | |
| apt -y install php-fpm php-mysql | |
| #now set up config and webroots in the user's home directory | |
| confdir="/home/$USERNAME/conf" | |
| conffile="/etc/nginx/conf.d/$USERNAME.conf" | |
| serverfile="$confdir/$TEST_SERVER_FQDN" | |
| serverroot="/home/$USERNAME/$TEST_SERVER_FQDN" | |
| servertest="$serverroot/index.php" | |
| logfolder="/home/$USERNAME/logs" | |
| echo "include /home/$USERNAME/conf/*;" > $conffile | |
| mkdir $confdir | |
| chown $USERNAME $confdir | |
| mkdir $serverroot | |
| chown $USERNAME $serverroot | |
| mkdir $logfolder | |
| chmod 666 $logfolder | |
| cat >$serverfile <<EOF | |
| server { | |
| listen 80; | |
| root /home/$USERNAME/$TEST_SERVER_FQDN; | |
| index index.php index.html index.htm index.nginx-debian.html; | |
| server_name $TEST_SERVER_FQDN; | |
| access_log /home/$USERNAME/logs/$TEST_SERVER_FQDN.log; | |
| location / { | |
| try_files $uri $uri/ =404; | |
| } | |
| location ~ \.php$ { | |
| include snippets/fastcgi-php.conf; | |
| fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; | |
| } | |
| location ~ /\.ht { | |
| deny all; | |
| } | |
| } | |
| EOF | |
| cat >$servertest <<EOF | |
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <title>Test page</title> | |
| </head> | |
| <body> | |
| <h1>Server test</h1> | |
| <?php /* ?><p><strong>PHP is not enabled!</strong></p><?php */ ?> | |
| <dl> | |
| <dt>PHP Version</dt><dd><?php echo phpversion(); ?></dd> | |
| <dt>Time Zone:</dt><dd><?php echo date_default_timezone_get(); ?></dd> | |
| <dt>Current time:</dt><dd><?php echo date("Y-m-d h:i:sa"); ?></dd> | |
| </dl> | |
| </body> | |
| </html> | |
| EOF | |
| systemctl reload nginx | |
| #Certbot time! | |
| add-apt-repository ppa:certbot/certbot | |
| apt -y install python-certbot-nginx | |
| certbot --nginx |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment