Skip to content

Instantly share code, notes, and snippets.

@spencerbeggs

spencerbeggs/template.txt

Created August 7, 2014 18:49
Show Gist options
  • Save spencerbeggs/08770ae7912b2e12ab8a to your computer and use it in GitHub Desktop.
Save spencerbeggs/08770ae7912b2e12ab8a to your computer and use it in GitHub Desktop.
Download ZIP
Bootstrap Template
Raw
template.txt
{IP} = xx.xx.xxx.xx
domain = {domain}
rootpass = {root.pass}
newrootpass = {root.pass.new}
admin username = {admin.un}
admin password = {admin.pw}
ssh port: {port}
sql root password: {sql.root.paw}
sql admin username: {sql.admin.un}
sql admin password: {sql.admin.pw}
wordpress db name {sql.db}
wordpress version = {wp.version}
ssh root@{IP}
passwd
{root.pass}
/usr/sbin/groupadd wheel
export EDITOR=/usr/bin/nano
/usr/sbin/visudo
Paste:
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
Remote:
/usr/sbin/adduser {admin.un}
/usr/sbin/usermod -a -G wheel {admin.un}
local
ssh-keygen -t rsa -f ~/.ssh/{domain}
cat ~/.ssh/{domain}.pub > ~/.ssh/authorized_keys_{domain}
scp ~/.ssh/authorized_keys_{domain} {admin.un}@{IP}:
remote:
mkdir ~{admin.un}/.ssh
mv ~{admin.un}/authorized_keys_{domain} ~{admin.un}/.ssh/authorized_keys
chown -R {admin.un}:{admin.un} ~{admin.un}/.ssh
chmod 700 ~{admin.un}/.ssh
chmod 600 ~{admin.un}/.ssh/authorized_keys
nano /etc/ssh/sshd_config
Paste:
Port {port}
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
PasswordAuthentication yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
UseDNS no
AllowUsers {admin.un}
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
/sbin/iptables -F
nano /etc/iptables.up.rules
Paste:
*filter
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT -j ACCEPT
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport {port} -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A INPUT -j REJECT
-A FORWARD -j REJECT
-I INPUT -p tcp --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT
-I OUTPUT -p tcp --sport 3306 -m state --state ESTABLISHED -j ACCEPT
COMMIT
Remote:
/sbin/iptables-restore < /etc/iptables.up.rules
nano /etc/network/if-pre-up.d/iptables
Paste:
#!/bin/sh
/sbin/iptables-restore < /etc/iptables.up.rules
Remote:
service ssh reload
Host {domain}
Hostname {IP}
Port {port}
User {admin.un}
IdentityFile ~/.ssh/{domain}
as newadmin user:
nano ~/.bashrc
PASTE at end:
PS1='\[\033[0;35m\]\h\[\033[0;33m\] \w\[\033[00m\]: '
alias free="free -m"
alias update="sudo aptitude update"
alias install="sudo aptitude install"
alias upgrade="sudo aptitude safe-upgrade"
alias remove="sudo aptitude remove"
remote:
source ~/.bashrc
update
upgrade
install build-essential apache2 postfix php5 php5-mysql php5-dev php5-curl php5-gd php5-imagick php5-mcrypt php5-json php5-tidy php-pear php5-memcache php5-mhash php5-pspell php5-snmp php5-sqlite php5-xmlrpc php5-xsl
sudo nano /etc/apache2/conf.d/{domain}.conf
paste:
ServerName {domain}
remote:
sudo service apache2 graceful
sudo pecl install apc
sudo nano /etc/php5/apache2/conf.d/apc.ini
paste:
extension=apc.so
remote:
sudo /usr/sbin/a2enmod rewrite deflate expires
sudo service apache2 graceful
cd ~
mkdir sites
mkdir -p sites/{domain}/{public,private,log,cgi-bin,backup}
nano sites/{domain}/public/index.html
paste:
<html>
<head>
<title>{domain}</title>
</head>
<body>
<h1>{domain}</h1>
</body>
</html>
remote:
sudo chmod -R a+rX ~/sites
sudo chmod a+rx ~
sudo nano /etc/apache2/sites-available/{domain}
paste:
# domain: {domain}
# public: /home/{admin.un}/sites/{domain}/
<VirtualHost *:80>
# Admin email, Server Name (domain name) and any aliases
ServerAdmin {client.email}
ServerName www.{domain}
ServerAlias {domain}
# Index file and Document Root (where the public files are located)
DirectoryIndex index.php index.html
DocumentRoot /home/{admin.un}/sites/{domain}/public
# Custom log file locations
LogLevel warn
ErrorLog /home/{admin.un}/sites/{domain}/log/error.log
CustomLog /home/{admin.un}/sites/{domain}/log/access.log combined
</VirtualHost>
remote:
sudo /usr/sbin/a2ensite {domain}.conf
sudo service apache2 reload
install subversion libapache2-svncd
svn co http://core.svn.wordpress.org/tags/{wp.version} /home/{admin.un}/sites/{domain}/public
sudo chown {admin.un}:{admin.un} /home/{admin.un}/sites/{domain}/public/.htaccess
sudo nano /home/{admin.un}/sites/{domain}/public/.htaccess
paste:
RewriteEngine On
RewriteRule ^(.*/)?\.svn/ - [F,L]
ErrorDocument 403 "Access Forbidden"
remote:
install mysql-server mysql-client libmysqlclient15-dev
password:
{sql.root.paw}
mysql -u root -p
CREATE DATABASE {sql.db};
GRANT ALL PRIVILEGES ON {sql.db}.* TO "{sql.admin.un}"@"localhost" IDENTIFIED BY "{sql.admin.pw}";
FLUSH PRIVILEGES;
EXIT;
sudo nano /etc/apache2/httpd.conf
paste:
DirectoryIndex index.html index.php
User {admin.un}
Group {admin.un}
sudo nano /etc/apache2/apache2.conf
<Directory /home/{admin.un}/sites/{domain}/public/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
Remote:
sudo /usr/sbin/a2dissite default
sudo service apache2 graceful
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment