rbrisita/azure_article_install.sh

## azure_article_install.sh
#!/usr/bin/env bash
#
# Author: Robert Brisita <[first-initial][last name] at gmail dot com>
#
# A non-interactive installation script for a Nginx Laravel application using MySQL.
#
# Tested on Ubuntu 16.04 LTS

#####
# Project details
# Used in creating project and MySQL schema and credentials.
# The database credentials mirror the DotEnv file (.env) Laravel uses.
#####
PROJECT_NAME=my_project

DB_SCHEMA=homestead
DB_USERNAME=homestead
DB_PASSWORD=secret
DB_ROOT_PASSWORD=secret


# Turn off interactive prompt on server installs.
DF_NI="DEBIAN_FRONTEND=noninteractive"

#####
# Update and Upgrade
#####
echo -e "\n*****\n* Updating Apt Package List.\n*****\n"
sudo apt-get update

echo -e "\n*****\n* Upgrade System Packages.\n*****\n"
sudo "${DF_NI}" apt-get -y upgrade

# Add the ability to add Personal Package Archive (PPA) (add-apt-repository) for more current software.
sudo "${DF_NI}" apt-get -y install software-properties-common


#####
# NGINX
#####
echo -e "\n*****\n* Install Nginx.\n*****\n"
sudo "${DF_NI}" apt-get -y install nginx


#####
# PHP
#####
echo -e "\n*****\n* Install PHP 7.1 and required packages.\n*****\n"
# Add PPA to get PHP 7.1.
sudo add-apt-repository -y ppa:ondrej/php
sudo apt-get update

# Install PHP
# fpm - Installed first to satisfy PHP dependency request.
# curl - This script and Composer needs curl to get some packages.
# unzip/zip - Allows composer and Laravel to download and extract packages.
# xml - Manipulate the dom.
# mbstring - Handle multi-byte strings.
sudo "${DF_NI}" apt-get -y install unzip php7.1-fpm php7.1 php7.1-curl php7.1-zip php7.1-xml php7.1-mbstring

# Install Composer
curl --silent --show-error https://getcomposer.org/installer | php
sudo mv composer.phar /usr/local/bin/composer


#####
# NGINX and PHP
#####
# Modify Nginx default server block to use PHP for dynamic processing.
# Copy file and create a new one.
NGINX_PATH="/etc/nginx/sites-available/"
DEFAULT_FILE="default"
DATE=$(date +%Y-%m-%d:%H:%M:%S)
sudo cp "${NGINX_PATH}${DEFAULT_FILE}" "${NGINX_PATH}backup_${DEFAULT_FILE}_${DATE}"

# https://www.nginx.com/resources/wiki/start/topics/examples/phpfcgi/
HOST_NAME=$(hostname)
sudo bash -c "cat > ${NGINX_PATH}${DEFAULT_FILE}" << EOF
server {
    listen 80 default_server;
    listen [::]:80 default_server;

    root /var/www/html;
    index index.php index.html index.htm index.nginx-debian.html;

    server_name ${HOST_NAME}.eastus.cloudapp.azure.com;

    location / {
	try_files \$uri \$uri/ /index.php?\$query_string;
    }

    location ~ [^/]\.php(/|$) {
	# Secure path parsing.
        include snippets/fastcgi-php.conf;

	# Mitigate https://httpoxy.org/ vulnerabilities.
	fastcgi_param HTTP_PROXY "";

        fastcgi_pass unix:/run/php/php7.1-fpm.sock;
    }

    location ~ /\.ht {
        deny all;
    }
}
EOF

echo -e "\n*****\n* Restarting Nginx.\n*****\n"
sudo systemctl restart nginx


#####
# MYSQL
#####
# Cleanly get script directory.
# -f, --canonicalize - Follow every symlink, all but the last component must exist.
SCRIPT_DIR=$(readlink --canonicalize "${BASH_SOURCE[0]}")
SCRIPT_DIR=$(dirname "${SCRIPT_DIR}")

echo -e "\n*****\n* Installing MySQL and PHP driver.\n*****\n"
sudo "${DF_NI}" apt-get -y install mysql-server php7.1-mysql

echo -e "\n*****\n* Setting Password Lifetime to forever.\n*****\n"
MYSQL_CNF=/etc/mysql/mysql.conf.d/mysqld.cnf
PASSWORD_LIFETIME='default_password_lifetime = 0'

# Look for the above line in it's own line.
# -F, --fixed-strings - Interpret patterns as a set of fixed strings.
# -q, --quiet, --silent - Suppress normal output; search until a match is found.
# -x, --line-regexp - Only input lines selected against an entire fixed string.
grep --fixed-strings --silent --line-regexp "${PASSWORD_LIFETIME}" "${MYSQL_CNF}"
if [ "$?" -eq "0" ]
then
	echo -e "\n*****\n* Password Lifetime to forever already set.\n*****\n"
else
	# Configure MySQL Password Lifetime to forever.
sudo bash -c "cat >> ${MYSQL_CNF}" << EOF
${PASSWORD_LIFETIME}
EOF
fi

# Securely setup MySQL.
echo -e "\n*****\n* Securing MySQL.\n*****\n"
sudo "${SCRIPT_DIR}/./ni-msi.sh" "${DB_ROOT_PASSWORD}"

# Setup up database the Homestead way and mirror Laravel's .env file.
echo -e "\n*****\n* Creating user and database schema.\n*****\n"
sudo mysql --defaults-extra-file="${SCRIPT_DIR}/mysql_credentials.cnf" -e "CREATE USER IF NOT EXISTS '${DB_USERNAME}'@'0.0.0.0' IDENTIFIED BY '${DB_PASSWORD}';"
sudo mysql --defaults-extra-file="${SCRIPT_DIR}/mysql_credentials.cnf" -e "GRANT ALL ON *.* TO '${DB_USERNAME}'@'0.0.0.0' IDENTIFIED BY '${DB_PASSWORD}' WITH GRANT OPTION;"
sudo mysql --defaults-extra-file="${SCRIPT_DIR}/mysql_credentials.cnf" -e "GRANT ALL ON *.* TO '${DB_USERNAME}'@'%' IDENTIFIED BY '${DB_PASSWORD}' WITH GRANT OPTION;"
sudo mysql --defaults-extra-file="${SCRIPT_DIR}/mysql_credentials.cnf" -e "FLUSH PRIVILEGES;"
sudo mysql --defaults-extra-file="${SCRIPT_DIR}/mysql_credentials.cnf" -e "CREATE DATABASE IF NOT EXISTS ${DB_SCHEMA} character set UTF8mb4 collate utf8mb4_bin;"

echo -e "\n*****\n* Restarting MySQL.\n*****\n"
sudo systemctl restart mysql


#####
# NODEJS
#####
echo -e "\n*****\n* Install Node JS.\n*****\n"

# Add PPA for NodeJS 6.x.
curl --silent --location https://deb.nodesource.com/setup_6.x | sudo -E bash -

# Install Node.
sudo "${DF_NI}" apt-get -y install nodejs


#####
# LARAVEL PROJECT SPECIFIC
# At this point one can inject there own project here.
# This script creates a new one for simplicity.
#####
echo -e "\n*****\n* Creating Laravel Project.\n*****\n"
composer create-project --prefer-dist laravel/laravel ${PROJECT_NAME}

PROJECT_PATH="${HOME}/${PROJECT_NAME}"

# Install PHP project dependencies.
echo -e "\n*****\n* Install PHP Project Dependencies.\n*****\n"
composer install --working-dir="${PROJECT_PATH}"

# Install Node dependencies.
echo -e "\n*****\n* Install Node Dependencies.\n*****\n"
npm install --prefix "${PROJECT_PATH}/"

# Create authentication tables and views.
# Migrate tables.
# Using --force to skip production warning
echo -e "\n*****\n* Create MySQL Tables.\n*****\n"
sudo php "${PROJECT_PATH}"/artisan make:auth --force
sudo php "${PROJECT_PATH}"/artisan migrate --force

# Change access permissions to Laravel's framework and log directories.
STORAGE_PATH="${PROJECT_PATH}/storage"

sudo chown -R www-data "${STORAGE_PATH}/framework"
sudo chgrp -R www-data "${STORAGE_PATH}/framework"
sudo chmod -R 0775 "${STORAGE_PATH}/framework"

sudo chown -R www-data "${STORAGE_PATH}/logs"
sudo chgrp -R www-data "${STORAGE_PATH}/logs"
sudo chmod -R 0775 "${STORAGE_PATH}/logs"

# Symlink project's public folder to /var/www/html.
sudo rm -rf /var/www/html
sudo ln -s "${HOME}/${PROJECT_NAME}/public" /var/www/html

# You should see Laravel rendering on port 80.
echo -e "\n*****\n* Open: http://${HOST_NAME}.eastus.cloudapp.azure.com in a broswer!\n*****\n"
# EOF
	#!/usr/bin/env bash
	#
	# Author: Robert Brisita <[first-initial][last name] at gmail dot com>
	#
	# A non-interactive installation script for a Nginx Laravel application using MySQL.
	#
	# Tested on Ubuntu 16.04 LTS

	#####
	# Project details
	# Used in creating project and MySQL schema and credentials.
	# The database credentials mirror the DotEnv file (.env) Laravel uses.
	#####
	PROJECT_NAME=my_project

	DB_SCHEMA=homestead
	DB_USERNAME=homestead
	DB_PASSWORD=secret
	DB_ROOT_PASSWORD=secret


	# Turn off interactive prompt on server installs.
	DF_NI="DEBIAN_FRONTEND=noninteractive"

	#####
	# Update and Upgrade
	#####
	echo -e "\n****\n Updating Apt Package List.\n*****\n"
	sudo apt-get update

	echo -e "\n****\n Upgrade System Packages.\n*****\n"
	sudo "${DF_NI}" apt-get -y upgrade

	# Add the ability to add Personal Package Archive (PPA) (add-apt-repository) for more current software.
	sudo "${DF_NI}" apt-get -y install software-properties-common


	#####
	# NGINX
	#####
	echo -e "\n****\n Install Nginx.\n*****\n"
	sudo "${DF_NI}" apt-get -y install nginx


	#####
	# PHP
	#####
	echo -e "\n****\n Install PHP 7.1 and required packages.\n*****\n"
	# Add PPA to get PHP 7.1.
	sudo add-apt-repository -y ppa:ondrej/php
	sudo apt-get update

	# Install PHP
	# fpm - Installed first to satisfy PHP dependency request.
	# curl - This script and Composer needs curl to get some packages.
	# unzip/zip - Allows composer and Laravel to download and extract packages.
	# xml - Manipulate the dom.
	# mbstring - Handle multi-byte strings.
	sudo "${DF_NI}" apt-get -y install unzip php7.1-fpm php7.1 php7.1-curl php7.1-zip php7.1-xml php7.1-mbstring

	# Install Composer
	curl --silent --show-error https://getcomposer.org/installer \| php
	sudo mv composer.phar /usr/local/bin/composer


	#####
	# NGINX and PHP
	#####
	# Modify Nginx default server block to use PHP for dynamic processing.
	# Copy file and create a new one.
	NGINX_PATH="/etc/nginx/sites-available/"
	DEFAULT_FILE="default"
	DATE=$(date +%Y-%m-%d:%H:%M:%S)
	sudo cp "${NGINX_PATH}${DEFAULT_FILE}" "${NGINX_PATH}backup_${DEFAULT_FILE}_${DATE}"

	# https://www.nginx.com/resources/wiki/start/topics/examples/phpfcgi/
	HOST_NAME=$(hostname)
	sudo bash -c "cat > ${NGINX_PATH}${DEFAULT_FILE}" << EOF
	server {
	listen 80 default_server;
	listen [::]:80 default_server;

	root /var/www/html;
	index index.php index.html index.htm index.nginx-debian.html;

	server_name ${HOST_NAME}.eastus.cloudapp.azure.com;

	location / {
	try_files \$uri \$uri/ /index.php?\$query_string;
	}

	location ~ [^/]\.php(/\|$) {
	# Secure path parsing.
	include snippets/fastcgi-php.conf;

	# Mitigate https://httpoxy.org/ vulnerabilities.
	fastcgi_param HTTP_PROXY "";

	fastcgi_pass unix:/run/php/php7.1-fpm.sock;
	}

	location ~ /\.ht {
	deny all;
	}
	}
	EOF

	echo -e "\n****\n Restarting Nginx.\n*****\n"
	sudo systemctl restart nginx


	#####
	# MYSQL
	#####
	# Cleanly get script directory.
	# -f, --canonicalize - Follow every symlink, all but the last component must exist.
	SCRIPT_DIR=$(readlink --canonicalize "${BASH_SOURCE[0]}")
	SCRIPT_DIR=$(dirname "${SCRIPT_DIR}")

	echo -e "\n****\n Installing MySQL and PHP driver.\n*****\n"
	sudo "${DF_NI}" apt-get -y install mysql-server php7.1-mysql

	echo -e "\n****\n Setting Password Lifetime to forever.\n*****\n"
	MYSQL_CNF=/etc/mysql/mysql.conf.d/mysqld.cnf
	PASSWORD_LIFETIME='default_password_lifetime = 0'

	# Look for the above line in it's own line.
	# -F, --fixed-strings - Interpret patterns as a set of fixed strings.
	# -q, --quiet, --silent - Suppress normal output; search until a match is found.
	# -x, --line-regexp - Only input lines selected against an entire fixed string.
	grep --fixed-strings --silent --line-regexp "${PASSWORD_LIFETIME}" "${MYSQL_CNF}"
	if [ "$?" -eq "0" ]
	then
	echo -e "\n****\n Password Lifetime to forever already set.\n*****\n"
	else
	# Configure MySQL Password Lifetime to forever.
	sudo bash -c "cat >> ${MYSQL_CNF}" << EOF
	${PASSWORD_LIFETIME}
	EOF
	fi

	# Securely setup MySQL.
	echo -e "\n****\n Securing MySQL.\n*****\n"
	sudo "${SCRIPT_DIR}/./ni-msi.sh" "${DB_ROOT_PASSWORD}"

	# Setup up database the Homestead way and mirror Laravel's .env file.
	echo -e "\n****\n Creating user and database schema.\n*****\n"
	sudo mysql --defaults-extra-file="${SCRIPT_DIR}/mysql_credentials.cnf" -e "CREATE USER IF NOT EXISTS '${DB_USERNAME}'@'0.0.0.0' IDENTIFIED BY '${DB_PASSWORD}';"
	sudo mysql --defaults-extra-file="${SCRIPT_DIR}/mysql_credentials.cnf" -e "GRANT ALL ON . TO '${DB_USERNAME}'@'0.0.0.0' IDENTIFIED BY '${DB_PASSWORD}' WITH GRANT OPTION;"
	sudo mysql --defaults-extra-file="${SCRIPT_DIR}/mysql_credentials.cnf" -e "GRANT ALL ON . TO '${DB_USERNAME}'@'%' IDENTIFIED BY '${DB_PASSWORD}' WITH GRANT OPTION;"
	sudo mysql --defaults-extra-file="${SCRIPT_DIR}/mysql_credentials.cnf" -e "FLUSH PRIVILEGES;"
	sudo mysql --defaults-extra-file="${SCRIPT_DIR}/mysql_credentials.cnf" -e "CREATE DATABASE IF NOT EXISTS ${DB_SCHEMA} character set UTF8mb4 collate utf8mb4_bin;"

	echo -e "\n****\n Restarting MySQL.\n*****\n"
	sudo systemctl restart mysql


	#####
	# NODEJS
	#####
	echo -e "\n****\n Install Node JS.\n*****\n"

	# Add PPA for NodeJS 6.x.
	curl --silent --location https://deb.nodesource.com/setup_6.x \| sudo -E bash -

	# Install Node.
	sudo "${DF_NI}" apt-get -y install nodejs


	#####
	# LARAVEL PROJECT SPECIFIC
	# At this point one can inject there own project here.
	# This script creates a new one for simplicity.
	#####
	echo -e "\n****\n Creating Laravel Project.\n*****\n"
	composer create-project --prefer-dist laravel/laravel ${PROJECT_NAME}

	PROJECT_PATH="${HOME}/${PROJECT_NAME}"

	# Install PHP project dependencies.
	echo -e "\n****\n Install PHP Project Dependencies.\n*****\n"
	composer install --working-dir="${PROJECT_PATH}"

	# Install Node dependencies.
	echo -e "\n****\n Install Node Dependencies.\n*****\n"
	npm install --prefix "${PROJECT_PATH}/"

	# Create authentication tables and views.
	# Migrate tables.
	# Using --force to skip production warning
	echo -e "\n****\n Create MySQL Tables.\n*****\n"
	sudo php "${PROJECT_PATH}"/artisan make:auth --force
	sudo php "${PROJECT_PATH}"/artisan migrate --force

	# Change access permissions to Laravel's framework and log directories.
	STORAGE_PATH="${PROJECT_PATH}/storage"

	sudo chown -R www-data "${STORAGE_PATH}/framework"
	sudo chgrp -R www-data "${STORAGE_PATH}/framework"
	sudo chmod -R 0775 "${STORAGE_PATH}/framework"

	sudo chown -R www-data "${STORAGE_PATH}/logs"
	sudo chgrp -R www-data "${STORAGE_PATH}/logs"
	sudo chmod -R 0775 "${STORAGE_PATH}/logs"

	# Symlink project's public folder to /var/www/html.
	sudo rm -rf /var/www/html
	sudo ln -s "${HOME}/${PROJECT_NAME}/public" /var/www/html

	# You should see Laravel rendering on port 80.
	echo -e "\n****\n Open: http://${HOST_NAME}.eastus.cloudapp.azure.com in a broswer!\n*****\n"
	# EOF