Created
August 7, 2014 18:49
-
-
Save spencerbeggs/08770ae7912b2e12ab8a to your computer and use it in GitHub Desktop.
Bootstrap Template
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{IP} = xx.xx.xxx.xx | |
domain = {domain} | |
rootpass = {root.pass} | |
newrootpass = {root.pass.new} | |
admin username = {admin.un} | |
admin password = {admin.pw} | |
ssh port: {port} | |
sql root password: {sql.root.paw} | |
sql admin username: {sql.admin.un} | |
sql admin password: {sql.admin.pw} | |
wordpress db name {sql.db} | |
wordpress version = {wp.version} | |
ssh root@{IP} | |
passwd | |
{root.pass} | |
/usr/sbin/groupadd wheel | |
export EDITOR=/usr/bin/nano | |
/usr/sbin/visudo | |
Paste: | |
## Allows people in group wheel to run all commands | |
%wheel ALL=(ALL) ALL | |
Remote: | |
/usr/sbin/adduser {admin.un} | |
/usr/sbin/usermod -a -G wheel {admin.un} | |
local | |
ssh-keygen -t rsa -f ~/.ssh/{domain} | |
cat ~/.ssh/{domain}.pub > ~/.ssh/authorized_keys_{domain} | |
scp ~/.ssh/authorized_keys_{domain} {admin.un}@{IP}: | |
remote: | |
mkdir ~{admin.un}/.ssh | |
mv ~{admin.un}/authorized_keys_{domain} ~{admin.un}/.ssh/authorized_keys | |
chown -R {admin.un}:{admin.un} ~{admin.un}/.ssh | |
chmod 700 ~{admin.un}/.ssh | |
chmod 600 ~{admin.un}/.ssh/authorized_keys | |
nano /etc/ssh/sshd_config | |
Paste: | |
Port {port} | |
Protocol 2 | |
HostKey /etc/ssh/ssh_host_rsa_key | |
HostKey /etc/ssh/ssh_host_dsa_key | |
HostKey /etc/ssh/ssh_host_ecdsa_key | |
UsePrivilegeSeparation yes | |
KeyRegenerationInterval 3600 | |
ServerKeyBits 768 | |
SyslogFacility AUTH | |
LogLevel INFO | |
LoginGraceTime 120 | |
PermitRootLogin no | |
StrictModes yes | |
RSAAuthentication yes | |
PubkeyAuthentication yes | |
IgnoreRhosts yes | |
RhostsRSAAuthentication no | |
HostbasedAuthentication no | |
PermitEmptyPasswords no | |
ChallengeResponseAuthentication no | |
PasswordAuthentication yes | |
X11Forwarding yes | |
X11DisplayOffset 10 | |
PrintMotd no | |
PrintLastLog yes | |
TCPKeepAlive yes | |
UseDNS no | |
AllowUsers {admin.un} | |
AcceptEnv LANG LC_* | |
Subsystem sftp /usr/lib/openssh/sftp-server | |
UsePAM yes | |
/sbin/iptables -F | |
nano /etc/iptables.up.rules | |
Paste: | |
*filter | |
-A INPUT -i lo -j ACCEPT | |
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT | |
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |
-A OUTPUT -j ACCEPT | |
-A INPUT -p tcp --dport 80 -j ACCEPT | |
-A INPUT -p tcp --dport 443 -j ACCEPT | |
-A INPUT -p tcp -m state --state NEW --dport {port} -j ACCEPT | |
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT | |
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 | |
-A INPUT -j REJECT | |
-A FORWARD -j REJECT | |
-I INPUT -p tcp --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT | |
-I OUTPUT -p tcp --sport 3306 -m state --state ESTABLISHED -j ACCEPT | |
COMMIT | |
Remote: | |
/sbin/iptables-restore < /etc/iptables.up.rules | |
nano /etc/network/if-pre-up.d/iptables | |
Paste: | |
#!/bin/sh | |
/sbin/iptables-restore < /etc/iptables.up.rules | |
Remote: | |
service ssh reload | |
Host {domain} | |
Hostname {IP} | |
Port {port} | |
User {admin.un} | |
IdentityFile ~/.ssh/{domain} | |
as newadmin user: | |
nano ~/.bashrc | |
PASTE at end: | |
PS1='\[\033[0;35m\]\h\[\033[0;33m\] \w\[\033[00m\]: ' | |
alias free="free -m" | |
alias update="sudo aptitude update" | |
alias install="sudo aptitude install" | |
alias upgrade="sudo aptitude safe-upgrade" | |
alias remove="sudo aptitude remove" | |
remote: | |
source ~/.bashrc | |
update | |
upgrade | |
install build-essential apache2 postfix php5 php5-mysql php5-dev php5-curl php5-gd php5-imagick php5-mcrypt php5-json php5-tidy php-pear php5-memcache php5-mhash php5-pspell php5-snmp php5-sqlite php5-xmlrpc php5-xsl | |
sudo nano /etc/apache2/conf.d/{domain}.conf | |
paste: | |
ServerName {domain} | |
remote: | |
sudo service apache2 graceful | |
sudo pecl install apc | |
sudo nano /etc/php5/apache2/conf.d/apc.ini | |
paste: | |
extension=apc.so | |
remote: | |
sudo /usr/sbin/a2enmod rewrite deflate expires | |
sudo service apache2 graceful | |
cd ~ | |
mkdir sites | |
mkdir -p sites/{domain}/{public,private,log,cgi-bin,backup} | |
nano sites/{domain}/public/index.html | |
paste: | |
<html> | |
<head> | |
<title>{domain}</title> | |
</head> | |
<body> | |
<h1>{domain}</h1> | |
</body> | |
</html> | |
remote: | |
sudo chmod -R a+rX ~/sites | |
sudo chmod a+rx ~ | |
sudo nano /etc/apache2/sites-available/{domain} | |
paste: | |
# domain: {domain} | |
# public: /home/{admin.un}/sites/{domain}/ | |
<VirtualHost *:80> | |
# Admin email, Server Name (domain name) and any aliases | |
ServerAdmin {client.email} | |
ServerName www.{domain} | |
ServerAlias {domain} | |
# Index file and Document Root (where the public files are located) | |
DirectoryIndex index.php index.html | |
DocumentRoot /home/{admin.un}/sites/{domain}/public | |
# Custom log file locations | |
LogLevel warn | |
ErrorLog /home/{admin.un}/sites/{domain}/log/error.log | |
CustomLog /home/{admin.un}/sites/{domain}/log/access.log combined | |
</VirtualHost> | |
remote: | |
sudo /usr/sbin/a2ensite {domain}.conf | |
sudo service apache2 reload | |
install subversion libapache2-svncd | |
svn co http://core.svn.wordpress.org/tags/{wp.version} /home/{admin.un}/sites/{domain}/public | |
sudo chown {admin.un}:{admin.un} /home/{admin.un}/sites/{domain}/public/.htaccess | |
sudo nano /home/{admin.un}/sites/{domain}/public/.htaccess | |
paste: | |
RewriteEngine On | |
RewriteRule ^(.*/)?\.svn/ - [F,L] | |
ErrorDocument 403 "Access Forbidden" | |
remote: | |
install mysql-server mysql-client libmysqlclient15-dev | |
password: | |
{sql.root.paw} | |
mysql -u root -p | |
CREATE DATABASE {sql.db}; | |
GRANT ALL PRIVILEGES ON {sql.db}.* TO "{sql.admin.un}"@"localhost" IDENTIFIED BY "{sql.admin.pw}"; | |
FLUSH PRIVILEGES; | |
EXIT; | |
sudo nano /etc/apache2/httpd.conf | |
paste: | |
DirectoryIndex index.html index.php | |
User {admin.un} | |
Group {admin.un} | |
sudo nano /etc/apache2/apache2.conf | |
<Directory /home/{admin.un}/sites/{domain}/public/> | |
Options Indexes FollowSymLinks | |
AllowOverride All | |
Require all granted | |
</Directory> | |
Remote: | |
sudo /usr/sbin/a2dissite default | |
sudo service apache2 graceful |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment