Last active
December 26, 2023 03:23
-
-
Save rameerez/758d21e2a2e0c4ecfb6131570788eebb to your computer and use it in GitHub Desktop.
Script to set up a new LAMP instance from a base Ubuntu 22.04 LTS EC2 instance on AWS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Ensure the script is run as root | |
if [[ $EUID -ne 0 ]]; then | |
echo "This script must be run as root" | |
exit 1 | |
fi | |
# Define aesthetics | |
GREEN='\033[0;32m' | |
NC='\033[0m' # No Color | |
# Update & Upgrade Packages | |
echo -e "${GREEN}Updating package lists and upgrading existing packages...${NC}" | |
apt-get update -y | |
apt-get upgrade -y | |
# --- Apache Installation --- | |
echo -e "${GREEN}Installing Apache 2.4...${NC}" | |
apt-get install -y apache2 | |
# Enable mod_rewrite for WordPress permalinks | |
a2enmod rewrite | |
# Enable SSL module in Apache | |
echo -e "${GREEN}${ALIEN} Enabling SSL module in Apache...${NC}" | |
a2enmod ssl | |
# --- MySQL Installation --- | |
echo -e "${GREEN}Installing MySQL 8.x...${NC}" | |
apt-get install -y mysql-server | |
# Run the MySQL secure installation | |
echo -e "${GREEN}Running MySQL secure installation...${NC}" | |
mysql_secure_installation | |
# --- PHP Installation --- | |
echo -e "${GREEN}Installing PHP 8.x and common extensions...${NC}" | |
apt-get install -y php libapache2-mod-php php-mysql php-gd php-cli php-xml php-mbstring php-zip php-curl | |
# --- Certbot Installation --- | |
echo -e "${GREEN}Installing Certbot for Let's Encrypt SSL certificates...${NC}" | |
sudo snap install --classic certbot | |
# --- SSL Configuration for Apache --- | |
# Define the path for the SSL options file | |
SSL_CONFIG_FILE="/etc/letsencrypt/options-ssl-apache.conf" | |
# Check if the SSL options file exists | |
if [ ! -f "$SSL_CONFIG_FILE" ]; then | |
echo -e "${GREEN}${ALIEN} Creating SSL configuration file...${NC}" | |
# Create the SSL configuration file with the recommended settings | |
cat > "$SSL_CONFIG_FILE" << EOF | |
# SSL Configuration - sourced from Mozilla's recommended settings | |
SSLEngine on | |
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 | |
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 | |
SSLHonorCipherOrder off | |
SSLSessionTickets off | |
SSLOptions +StrictRequire | |
# Add vhost name to log entries | |
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined | |
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common | |
EOF | |
echo -e "${GREEN}${ALIEN} SSL configuration file created.${NC}" | |
else | |
echo -e "${GREEN}${ALIEN} SSL configuration file already exists.${NC}" | |
fi | |
# --- Additional Security Configurations --- | |
echo -e "${GREEN}Creating 'server' user and group for Apache...${NC}" | |
groupadd -f server | |
useradd -g server -d /var/www -s /bin/false server || true | |
# Configuring UFW Firewall | |
echo -e "${GREEN}Setting up UFW Firewall...${NC}" | |
ufw allow 'Apache Full' | |
ufw allow ssh | |
ufw enable | |
# Disable directory listing | |
echo -e "${GREEN}Disabling directory listing in Apache...${NC}" | |
sed -i '/<Directory \/var\/www\/>/,/<\/Directory>/ s/Options Indexes FollowSymLinks/Options FollowSymLinks/' /etc/apache2/apache2.conf | |
# Enable Apache mod_security and mod_evasive for security | |
echo -e "${GREEN}Enabling Apache security modules...${NC}" | |
apt-get install -y libapache2-mod-security2 libapache2-mod-evasive | |
a2enmod security2 | |
a2enmod evasive | |
# Hide Apache version information | |
echo -e "${GREEN}Configuring Apache to hide version information...${NC}" | |
sed -i 's/ServerTokens OS/ServerTokens Prod/' /etc/apache2/conf-available/security.conf | |
sed -i 's/ServerSignature On/ServerSignature Off/' /etc/apache2/conf-available/security.conf | |
# Hide PHP version information | |
echo -e "${GREEN}Configuring PHP to hide version information...${NC}" | |
for version in /etc/php/*/apache2/php.ini; do | |
sed -i 's/expose_php = On/expose_php = Off/' "$version" | |
done | |
# --- PHP Configuration for WordPress --- | |
# Increase memory limit and execution time for PHP | |
echo -e "${GREEN}Configuring PHP settings for WordPress...${NC}" | |
sed -i 's/memory_limit = .*/memory_limit = 256M/' /etc/php/*/apache2/php.ini | |
sed -i 's/max_execution_time = .*/max_execution_time = 300/' /etc/php/*/apache2/php.ini | |
# Restart Apache to apply all changes | |
systemctl restart apache2 | |
# --- Finish Up --- | |
# Clean up | |
apt-get autoremove -y | |
apt-get autoclean -y | |
echo -e "${GREEN}LAMP stack setup on Ubuntu 22.04 LTS completed successfully.${NC}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment