vsnai/prov.sh

## prov.sh
#!/bin/bash

if [ $# -ne 5 ]; then
    echo ". prov.sh username password appname your_domain.com your_email@gmail.com"
    exit 1
fi

username="$1"
password="$2"
app="$3"
domain="$4"
email="$5"

echo "Adding repos, updating, and installing packages"
add-apt-repository -y ppa:nginx/development
add-apt-repository -y ppa:ondrej/php
add-apt-repository -y ppa:certbot/certbot
add-apt-repository -y ppa:chris-lea/redis-server

apt update

apt -y install git vim curl wget zip unzip htop
apt -y install nginx
apt -y install python-certbot-nginx
apt -y install mysql-server
apt -y install php7.4-{fpm,mysql,mbstring,xml,bcmath,fpm,zip}
apt -y install redis-server php-redis


echo "Setting up Firewall"
ufw allow ssh
ufw allow http
ufw allow https
ufw --force enable


echo "Configuring nginx"
cat > default << EOL
server {
    listen 80;
    listen [::]:80;
    root /var/www/html;
    index index.html index.htm index.nginx-debian.html;
    server_name $domain www.$domain;

    location / {
        try_files \$uri \$uri/ =404;
    }
}
EOL

mv default /etc/nginx/sites-available/
service nginx restart


echo "Enabling HTTPS w/ Let's Encrypt"
certbot --nginx -n -d $domain -d www.$domain -m $email --agree-tos --redirect --no-eff-email


# echo "Creating a new user"
# useradd -m -p $(openssl passwd -1 $password) $username && usermod -aG sudo $username
# touch /home/$username/.hushlogin
# rsync --archive --chown=$username:$username ~/.ssh /home/$username


echo "Configuring nginx"
cat > default << EOL
server {
    listen 80;
    listen [::]:80;

    server_name $domain;
    return 301 https://\$server_name\$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name $domain;
    root /var/www/current;

    ssl_certificate /etc/letsencrypt/live/$domain/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/$domain/privkey.pem;

    ssl_protocols TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
    ssl_prefer_server_ciphers on;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    index index.html index.php;
    charset utf-8;

    location / {
        try_files \$uri \$uri/ /index.php?\$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    error_page 404 /index.php;

    location ~ \.php\$ {
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME \$realpath_root\$fastcgi_script_name;
        include fastcgi_params;
    }

    location ~ /\.(?!well-known).* {
        deny all;
    }
}
EOL

mv default /etc/nginx/sites-available/
service nginx restart

rm -rf /var/www/html
mkdir -p /var/www/releases/1
ln -s /var/www/releases/1 /var/www/current
# ln -sfn /var/www/releases/2 /var/www/current
cat > /var/www/releases/1/index.html << EOL
<h1>Success</h1>
<p>Provisioned by wdv.io</p>
EOL

# mkdir -p /home/$username/$app/current/public
# cat > /home/$username/$app/current/public/index.html << EOL
# <h1>Success</h1>
# <p>Provisioned by wdv.io</p>
# EOL

echo "Setting up MySQL"
mysql --user=root <<_EOF_
    DELETE FROM mysql.user WHERE User='';
    DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
    DROP DATABASE IF EXISTS test;
    DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
    CREATE DATABASE $app DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
    CREATE USER $username@'localhost' IDENTIFIED BY '$password';
    GRANT ALL PRIVILEGES ON $app.* TO $username@'localhost';
    FLUSH PRIVILEGES;
_EOF_


echo "Setting up Redis"


echo "Setting up Composer"
expected_signature="$(wget -q -O - https://composer.github.io/installer.sig)"
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
actual_signature="$(php -r "echo hash_file('sha384', 'composer-setup.php');")"

if [ "$expected_signature" != "$actual_signature" ]
then
    >&2 echo 'ERROR: Invalid installer signature'
    rm composer-setup.php
    exit 1
fi

php composer-setup.php --quiet
RESULT=$?
rm composer-setup.php
mv composer.phar /usr/local/bin/composer


echo "Optimizing '/etc/php/7.4/fpm/pool.d/www.conf'"
sed -i 's/pm.max_children = 5/pm.max_children = 10/g' /etc/php/7.4/fpm/pool.d/www.conf
sed -i 's/pm.start_servers = 2/pm.start_servers = 4/g' /etc/php/7.4/fpm/pool.d/www.conf
sed -i 's/pm.min_spare_servers = 1/pm.min_spare_servers = 2/g' /etc/php/7.4/fpm/pool.d/www.conf
sed -i 's/pm.max_spare_servers = 3/pm.max_spare_servers = 4/g' /etc/php/7.4/fpm/pool.d/www.conf
sed -i 's/;pm.max_requests = 500/pm.max_requests = 1000/g' /etc/php/7.4/fpm/pool.d/www.conf
service php7.4-fpm restart


echo "Setup Node.js"
curl -sL https://deb.nodesource.com/setup_13.x | sudo bash -
apt install -y nodejs
	#!/bin/bash

	if [ $# -ne 5 ]; then
	echo ". prov.sh username password appname your_domain.com your_email@gmail.com"
	exit 1
	fi

	username="$1"
	password="$2"
	app="$3"
	domain="$4"
	email="$5"

	echo "Adding repos, updating, and installing packages"
	add-apt-repository -y ppa:nginx/development
	add-apt-repository -y ppa:ondrej/php
	add-apt-repository -y ppa:certbot/certbot
	add-apt-repository -y ppa:chris-lea/redis-server

	apt update

	apt -y install git vim curl wget zip unzip htop
	apt -y install nginx
	apt -y install python-certbot-nginx
	apt -y install mysql-server
	apt -y install php7.4-{fpm,mysql,mbstring,xml,bcmath,fpm,zip}
	apt -y install redis-server php-redis


	echo "Setting up Firewall"
	ufw allow ssh
	ufw allow http
	ufw allow https
	ufw --force enable


	echo "Configuring nginx"
	cat > default << EOL
	server {
	listen 80;
	listen [::]:80;
	root /var/www/html;
	index index.html index.htm index.nginx-debian.html;
	server_name $domain www.$domain;

	location / {
	try_files \$uri \$uri/ =404;
	}
	}
	EOL

	mv default /etc/nginx/sites-available/
	service nginx restart


	echo "Enabling HTTPS w/ Let's Encrypt"
	certbot --nginx -n -d $domain -d www.$domain -m $email --agree-tos --redirect --no-eff-email


	# echo "Creating a new user"
	# useradd -m -p $(openssl passwd -1 $password) $username && usermod -aG sudo $username
	# touch /home/$username/.hushlogin
	# rsync --archive --chown=$username:$username ~/.ssh /home/$username


	echo "Configuring nginx"
	cat > default << EOL
	server {
	listen 80;
	listen [::]:80;

	server_name $domain;
	return 301 https://\$server_name\$request_uri;
	}

	server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;
	server_name $domain;
	root /var/www/current;

	ssl_certificate /etc/letsencrypt/live/$domain/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/$domain/privkey.pem;

	ssl_protocols TLSv1.2;
	ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
	ssl_prefer_server_ciphers on;
	add_header X-Frame-Options "SAMEORIGIN";
	add_header X-XSS-Protection "1; mode=block";
	add_header X-Content-Type-Options "nosniff";

	index index.html index.php;
	charset utf-8;

	location / {
	try_files \$uri \$uri/ /index.php?\$query_string;
	}

	location = /favicon.ico { access_log off; log_not_found off; }
	location = /robots.txt { access_log off; log_not_found off; }

	error_page 404 /index.php;

	location ~ \.php\$ {
	fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME \$realpath_root\$fastcgi_script_name;
	include fastcgi_params;
	}

	location ~ /\.(?!well-known).* {
	deny all;
	}
	}
	EOL

	mv default /etc/nginx/sites-available/
	service nginx restart

	rm -rf /var/www/html
	mkdir -p /var/www/releases/1
	ln -s /var/www/releases/1 /var/www/current
	# ln -sfn /var/www/releases/2 /var/www/current
	cat > /var/www/releases/1/index.html << EOL
	<h1>Success</h1>
	<p>Provisioned by wdv.io</p>
	EOL

	# mkdir -p /home/$username/$app/current/public
	# cat > /home/$username/$app/current/public/index.html << EOL
	# <h1>Success</h1>
	# <p>Provisioned by wdv.io</p>
	# EOL

	echo "Setting up MySQL"
	mysql --user=root <<_EOF_
	DELETE FROM mysql.user WHERE User='';
	DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
	DROP DATABASE IF EXISTS test;
	DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
	CREATE DATABASE $app DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
	CREATE USER $username@'localhost' IDENTIFIED BY '$password';
	GRANT ALL PRIVILEGES ON $app.* TO $username@'localhost';
	FLUSH PRIVILEGES;
	_EOF_


	echo "Setting up Redis"


	echo "Setting up Composer"
	expected_signature="$(wget -q -O - https://composer.github.io/installer.sig)"
	php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
	actual_signature="$(php -r "echo hash_file('sha384', 'composer-setup.php');")"

	if [ "$expected_signature" != "$actual_signature" ]
	then
	>&2 echo 'ERROR: Invalid installer signature'
	rm composer-setup.php
	exit 1
	fi

	php composer-setup.php --quiet
	RESULT=$?
	rm composer-setup.php
	mv composer.phar /usr/local/bin/composer


	echo "Optimizing '/etc/php/7.4/fpm/pool.d/www.conf'"
	sed -i 's/pm.max_children = 5/pm.max_children = 10/g' /etc/php/7.4/fpm/pool.d/www.conf
	sed -i 's/pm.start_servers = 2/pm.start_servers = 4/g' /etc/php/7.4/fpm/pool.d/www.conf
	sed -i 's/pm.min_spare_servers = 1/pm.min_spare_servers = 2/g' /etc/php/7.4/fpm/pool.d/www.conf
	sed -i 's/pm.max_spare_servers = 3/pm.max_spare_servers = 4/g' /etc/php/7.4/fpm/pool.d/www.conf
	sed -i 's/;pm.max_requests = 500/pm.max_requests = 1000/g' /etc/php/7.4/fpm/pool.d/www.conf
	service php7.4-fpm restart


	echo "Setup Node.js"
	curl -sL https://deb.nodesource.com/setup_13.x \| sudo bash -
	apt install -y nodejs