-
-
Save wildkatz2004/c9637e1be5b70a41ea8ec36c97dcc47f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
##################################################### | |
#Script to confiruge Server, WebServer and WordPress# | |
##################################################### | |
#Colors settings | |
BLUE='\033[0;34m' | |
GREEN='\033[0;32m' | |
RED='\033[0;31m' | |
YELLOW='\033[0;33m' | |
NC='\033[0m' # No Color | |
Cyan='\033[0;36m' # Cyan | |
Color_Off='\033[0m' # Text Reset | |
#Welcome message | |
clear | |
echo "============================================" | |
echo "WordPress & LAMP stack installation" | |
echo "and configuration wizard!" | |
echo "============================================" | |
echo "Would you like to begin? (y/n)" | |
read -e beginconfig | |
if [ "$beginconfig" == y ] ; then | |
echo -e "$Cyan \n Updating and installing LAMP config $Color_Off" | |
sudo apt update && sudo apt install lamp-server^ | |
fi | |
#Checking packages | |
echo -e "List of required packeges: nano, zip, unzip, mc, htop, fail2ban, apache2 & php, mysql, php curl, phpmyadmin, wget, curl" | |
read -r -p "Do you want to check packeges? [y/N] " response | |
case $response in | |
[yY][eE][sS]|[yY]) | |
NANO=$(dpkg-query -W -f='${Status}' nano 2>/dev/null | grep -c "ok installed") | |
if [ $(dpkg-query -W -f='${Status}' nano 2>/dev/null | grep -c "ok installed") -eq 0 ]; | |
then | |
echo -e "${YELLOW}Installing nano${NC}" | |
apt-get install nano --yes; | |
elif [ $(dpkg-query -W -f='${Status}' nano 2>/dev/null | grep -c "ok installed") -eq 1 ]; | |
then | |
echo -e "${GREEN}nano is installed!${NC}" | |
fi | |
ZIP=$(dpkg-query -W -f='${Status}' zip 2>/dev/null | grep -c "ok installed") | |
if [ $(dpkg-query -W -f='${Status}' zip 2>/dev/null | grep -c "ok installed") -eq 0 ]; | |
then | |
echo -e "${YELLOW}Installing zip${NC}" | |
apt-get install zip --yes; | |
elif [ $(dpkg-query -W -f='${Status}' zip 2>/dev/null | grep -c "ok installed") -eq 1 ]; | |
then | |
echo -e "${GREEN}zip is installed!${NC}" | |
fi | |
MC=$(dpkg-query -W -f='${Status}' mc 2>/dev/null | grep -c "ok installed") | |
if [ $(dpkg-query -W -f='${Status}' mc 2>/dev/null | grep -c "ok installed") -eq 0 ]; | |
then | |
echo -e "${YELLOW}Installing mc${NC}" | |
apt-get install mc --yes; | |
elif [ $(dpkg-query -W -f='${Status}' mc 2>/dev/null | grep -c "ok installed") -eq 1 ]; | |
then | |
echo -e "${GREEN}mc is installed!${NC}" | |
fi | |
HTOP=$(dpkg-query -W -f='${Status}' htop 2>/dev/null | grep -c "ok installed") | |
if [ $(dpkg-query -W -f='${Status}' htop 2>/dev/null | grep -c "ok installed") -eq 0 ]; | |
then | |
echo -e "${YELLOW}Installing htop${NC}" | |
apt-get install htop --yes; | |
elif [ $(dpkg-query -W -f='${Status}' htop 2>/dev/null | grep -c "ok installed") -eq 1 ]; | |
then | |
echo -e "${GREEN}htop is installed!${NC}" | |
fi | |
FAIL2BAN=$(dpkg-query -W -f='${Status}' fail2ban 2>/dev/null | grep -c "ok installed") | |
if [ $(dpkg-query -W -f='${Status}' fail2ban 2>/dev/null | grep -c "ok installed") -eq 0 ]; | |
then | |
echo -e "${YELLOW}Installing fail2ban${NC}" | |
apt-get install fail2ban --yes; | |
elif [ $(dpkg-query -W -f='${Status}' fail2ban 2>/dev/null | grep -c "ok installed") -eq 1 ]; | |
then | |
echo -e "${GREEN}fail2ban is installed!${NC}" | |
fi | |
PHPMYADMIN=$(dpkg-query -W -f='${Status}' phpmyadmin 2>/dev/null | grep -c "ok installed") | |
if [ $(dpkg-query -W -f='${Status}' phpmyadmin 2>/dev/null | grep -c "ok installed") -eq 0 ]; | |
then | |
echo -e "${YELLOW}Installing phpmyadmin${NC}" | |
apt-get install phpmyadmin --yes; | |
elif [ $(dpkg-query -W -f='${Status}' phpmyadmin 2>/dev/null | grep -c "ok installed") -eq 1 ]; | |
then | |
echo -e "${GREEN}phpmyadmin is installed!${NC}" | |
fi | |
WGET=$(dpkg-query -W -f='${Status}' wget 2>/dev/null | grep -c "ok installed") | |
if [ $(dpkg-query -W -f='${Status}' wget 2>/dev/null | grep -c "ok installed") -eq 0 ]; | |
then | |
echo -e "${YELLOW}Installing wget${NC}" | |
apt-get install wget --yes; | |
elif [ $(dpkg-query -W -f='${Status}' wget 2>/dev/null | grep -c "ok installed") -eq 1 ]; | |
then | |
echo -e "${GREEN}wget is installed!${NC}" | |
fi | |
CURL=$(dpkg-query -W -f='${Status}' curl 2>/dev/null | grep -c "ok installed") | |
if [ $(dpkg-query -W -f='${Status}' curl 2>/dev/null | grep -c "ok installed") -eq 0 ]; | |
then | |
echo -e "${YELLOW}Installing curl${NC}" | |
apt-get install curl --yes; | |
elif [ $(dpkg-query -W -f='${Status}' curl 2>/dev/null | grep -c "ok installed") -eq 1 ]; | |
then | |
echo -e "${GREEN}curl is installed!${NC}" | |
fi | |
;; | |
*) | |
echo -e "${RED} | |
Packeges check is ignored! | |
Please be aware, that apache2, mysql, phpmyadmin and other software may not be installed! | |
${NC}" | |
;; | |
esac | |
# Installing additional features | |
echo -e "$Cyan \n Installing additional features...$Color_Off" | |
sudo apt-get install -y debconf-utils | |
sudo apt-get -y install expect | |
# Download wp-cli.phar to be able to install Wordpress | |
echo "============================================" | |
echo "Install wp-cli" | |
echo "============================================" | |
curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar | |
php wp-cli.phar --info | |
chmod +x wp-cli.phar | |
sudo mv wp-cli.phar /usr/local/bin/wp | |
# Show info about wp-cli | |
wp --info --allow-root | |
#phpmyadmin default path change | |
echo -e "${YELLOW}Changing phpMyAdmin default path from /phpMyAdmin to /myadminphp...${NC}" | |
read -r -p "Do you want to change default phpMyAdmin path to /myadminphp? [y/N] " response | |
case $response in | |
[yY][eE][sS]|[yY]) | |
cat >/etc/phpmyadmin/apache.conf <<EOL | |
# phpMyAdmin default Apache configuration | |
Alias /myadminphp /usr/share/phpmyadmin | |
<Directory /usr/share/phpmyadmin> | |
Options FollowSymLinks | |
DirectoryIndex index.php | |
<IfModule mod_php5.c> | |
<IfModule mod_mime.c> | |
AddType application/x-httpd-php .php | |
</IfModule> | |
<FilesMatch ".+\.php$"> | |
SetHandler application/x-httpd-php | |
</FilesMatch> | |
php_flag magic_quotes_gpc Off | |
php_flag track_vars On | |
php_flag register_globals Off | |
php_admin_flag allow_url_fopen Off | |
php_value include_path . | |
php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp | |
php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext/:/usr/share/javascript/:/usr/share/php/tcpdf/ | |
</IfModule> | |
</Directory> | |
# Authorize for setup | |
<Directory /usr/share/phpmyadmin/setup> | |
<IfModule mod_authz_core.c> | |
<IfModule mod_authn_file.c> | |
AuthType Basic | |
AuthName "phpMyAdmin Setup" | |
AuthUserFile /etc/phpmyadmin/htpasswd.setup | |
</IfModule> | |
Require valid-user | |
</IfModule> | |
</Directory> | |
# Disallow web access to directories that don't need it | |
<Directory /usr/share/phpmyadmin/libraries> | |
Require all denied | |
</Directory> | |
<Directory /usr/share/phpmyadmin/setup/lib> | |
Require all denied | |
</Directory> | |
EOL | |
echo -e "${GREEN}Path was succesfully changed! | |
New phpMyAdmin path is: /myadminphp (i.e.: yourwebsite.com/myadminphp)${NC}" | |
;; | |
*) | |
echo -e "${RED}Path was not changed!${NC}" | |
;; | |
esac | |
#creating user | |
echo -e "${YELLOW}Adding separate user & creating website home folder for secure running of your website...${NC}" | |
echo -e "${YELLOW}Please, enter new username: ${NC}" | |
read username | |
echo -e "${YELLOW}Please enter website name: ${NC}" | |
read websitename | |
groupadd $username | |
adduser --home /var/www/$websitename --ingroup $username $username | |
mkdir /var/www/$websitename/www | |
chown -R $username:$username /var/www/$websitename | |
echo -e "${GREEN}User, group and home folder were succesfully created! | |
Username: $username | |
Group: $username | |
Home folder: /var/www/$websitename | |
Website folder: /var/www/$websitename/www${NC}" | |
#configuring apache2 | |
echo -e "${YELLOW}Now we going to configure apache2 for your domain name & website root folder...${NC}" | |
read -r -p "Do you want to configure Apache2 automatically? [y/N] " response | |
case $response in | |
[yY][eE][sS]|[yY]) | |
echo -e "Please, provide us with your domain name: " | |
read domain_name | |
echo -e "Please, provide us with your email: " | |
read domain_email | |
cat >/etc/apache2/sites-available/$domain_name.conf <<EOL | |
<VirtualHost *:80> | |
ServerAdmin $domain_email | |
ServerName $domain_name | |
ServerAlias www.$domain_name | |
DocumentRoot /var/www/$websitename/www/ | |
<Directory /> | |
Options +FollowSymLinks | |
AllowOverride All | |
</Directory> | |
<Directory /var/www/$websitename/www> | |
Options -Indexes +FollowSymLinks +MultiViews | |
AllowOverride All | |
Order allow,deny | |
allow from all | |
</Directory> | |
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ | |
<Directory "/usr/lib/cgi-bin"> | |
AllowOverride None | |
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch | |
Order allow,deny | |
Allow from all | |
</Directory> | |
ErrorLog ${APACHE_LOG_DIR}/error.log | |
# Possible values include: debug, info, notice, warn, error, crit, | |
# alert, emerg. | |
LogLevel warn | |
CustomLog ${APACHE_LOG_DIR}/access.log combined | |
</VirtualHost> | |
EOL | |
a2dissite 000-default | |
a2ensite $domain_name | |
service apache2 restart | |
P_IP="`wget http://ipinfo.io/ip -qO -`" | |
echo -e "${GREEN}Apache2 config was updated! | |
New config file was created: /etc/apache2/sites-available/$domain_name.conf | |
Domain was set to: $domain_name | |
Admin email was set to: $domain_email | |
Root folder was set to: /var/www/$websitename/www | |
Option Indexes was set to: -Indexes (to close directory listing) | |
Your server public IP is: $P_IP (Please, set this IP into your domain name 'A' record) | |
Website was activated & apache2 service reloaded! | |
${NC}" | |
;; | |
*) | |
echo -e "${RED}WARNING! Apache2 was not configured properly, you can do this manually or re run our script.${NC}" | |
;; | |
esac | |
#downloading WordPress, unpacking, adding basic pack of plugins, creating .htaccess with optimal & secure configuration | |
echo -e "${YELLOW}On this step we going to download latest version of WordPress with EN or RUS language, set optimal & secure configuration and add basic set of plugins...${NC}" | |
read -r -p "Do you want to install WordPress & automatically set optimal and secure configuration with basic set of plugins? [y/N] " response | |
case $response in | |
[yY][eE][sS]|[yY]) | |
wget https://wordpress.org/latest.zip -O /tmp/$wordpress_lang.zip | |
echo -e "Unpacking WordPress into website home directory..." | |
sleep 5 | |
unzip /tmp/$wordpress_lang.zip -d /var/www/$websitename/www/ | |
mv /var/www/$websitename/www/wordpress/* /var/www/$websitename/www | |
rm -rf /var/www/$websitename/www/wordpress | |
rm /tmp/$wordpress_lang.zip | |
mkdir /var/www/$websitename/www/wp-content/uploads | |
chmod -R 775 /var/www/$websitename/www/wp-content/uploads | |
echo -e "Now we going to download some useful plugins: | |
1. Google XML Sitemap generator" | |
sleep 7 | |
SITEMAP="`curl https://wordpress.org/plugins/google-sitemap-generator/ | grep https://downloads.wordpress.org/plugin/google-sitemap-generator.*.*.*.zip | awk '{print $3}' | sed -ne 's/.*\(http[^"]*.zip\).*/\1/p'`" | |
wget $SITEMAP -O /tmp/sitemap.zip | |
unzip /tmp/sitemap.zip -d /tmp/sitemap | |
mv /tmp/sitemap/* /var/www/$websitename/www/wp-content/plugins/ | |
rm /tmp/sitemap.zip | |
rm -rf /tmp/sitemap/ | |
echo -e "Downloading of plugins finished! All plugins were transfered into /wp-content/plugins directory.${NC}" | |
;; | |
*) | |
echo -e "${RED}WordPress and plugins were not downloaded & installed. You can do this manually or re run this script.${NC}" | |
;; | |
esac | |
#creation of secure .htaccess | |
echo -e "${YELLOW}Creation of secure .htaccess file...${NC}" | |
sleep 3 | |
cat >/var/www/$websitename/www/.htaccess <<EOL | |
<IfModule mod_rewrite.c> | |
RewriteEngine On | |
RewriteBase / | |
RewriteRule ^index\.php$ - [L] | |
RewriteCond %{REQUEST_FILENAME} !-f | |
RewriteCond %{REQUEST_FILENAME} !-d | |
RewriteRule . /index.php [L] | |
RewriteCond %{query_string} concat.*\( [NC,OR] | |
RewriteCond %{query_string} union.*select.*\( [NC,OR] | |
RewriteCond %{query_string} union.*all.*select [NC] | |
RewriteRule ^(.*)$ index.php [F,L] | |
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR] | |
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR] | |
</IfModule> | |
<Files .htaccess> | |
Order Allow,Deny | |
Deny from all | |
</Files> | |
<Files wp-config.php> | |
Order Allow,Deny | |
Deny from all | |
</Files> | |
<Files wp-config-sample.php> | |
Order Allow,Deny | |
Deny from all | |
</Files> | |
<Files readme.html> | |
Order Allow,Deny | |
Deny from all | |
</Files> | |
<Files xmlrpc.php> | |
Order allow,deny | |
Deny from all | |
</files> | |
# Gzip | |
<ifModule mod_deflate.c> | |
AddOutputFilterByType DEFLATE text/text text/html text/plain text/xml text/css application/x-javascript application/javascript text/javascript | |
</ifModule> | |
Options +FollowSymLinks -Indexes | |
EOL | |
chmod 644 /var/www/$websitename/www/.htaccess | |
echo -e "${GREEN}.htaccess file was succesfully created!${NC}" | |
#cration of robots.txt | |
echo -e "${YELLOW}Creation of robots.txt file...${NC}" | |
sleep 3 | |
cat >/var/www/$websitename/www/robots.txt <<EOL | |
User-agent: * | |
Disallow: /cgi-bin | |
Disallow: /wp-admin/ | |
Disallow: /wp-includes/ | |
Disallow: /wp-content/ | |
Disallow: /wp-content/plugins/ | |
Disallow: /wp-content/themes/ | |
Disallow: /trackback | |
Disallow: */trackback | |
Disallow: */*/trackback | |
Disallow: */*/feed/*/ | |
Disallow: */feed | |
Disallow: /*?* | |
Disallow: /tag | |
Disallow: /?author=* | |
EOL | |
echo -e "${GREEN}File robots.txt was succesfully created! | |
Setting correct rights on user's home directory and 755 rights on robots.txt${NC}" | |
sleep 3 | |
chmod 755 /var/www/$websitename/www/robots.txt | |
echo -e "${GREEN}Configuring fail2ban...${NC}" | |
sleep 3 | |
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf-old | |
cat >/etc/fail2ban/jail.conf <<EOL | |
[DEFAULT] | |
ignoreip = 127.0.0.1/8 | |
ignorecommand = | |
bantime = 1200 | |
findtime = 1200 | |
maxretry = 3 | |
backend = auto | |
usedns = warn | |
destemail = $domain_email | |
sendername = Fail2Ban | |
sender = fail2ban@localhost | |
banaction = iptables-multiport | |
mta = sendmail | |
# Default protocol | |
protocol = tcp | |
# Specify chain where jumps would need to be added in iptables-* actions | |
chain = INPUT | |
# ban & send an e-mail with whois report to the destemail. | |
action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] | |
%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s", sendername="%(sendername)s"] | |
action = %(action_mw)s | |
[ssh] | |
enabled = true | |
port = ssh | |
filter = sshd | |
logpath = /var/log/auth.log | |
maxretry = 5 | |
[ssh-ddos] | |
enabled = true | |
port = ssh | |
filter = sshd-ddos | |
logpath = /var/log/auth.log | |
maxretry = 5 | |
[apache-overflows] | |
enabled = true | |
port = http,https | |
filter = apache-overflows | |
logpath = /var/log/apache*/*error.log | |
maxretry = 5 | |
EOL | |
service fail2ban restart | |
echo -e "${GREEN}fail2ban configuration finished! | |
fail2ban service was restarted, default confige backuped at /etc/fail2ban/jail.conf-old | |
Jails were set for: ssh bruteforce, ssh ddos, apache overflows${NC}" | |
sleep 5 | |
echo -e "${GREEN} Configuring apache2 prefork & worker modules...${NC}" | |
sleep 3 | |
cat >/etc/apache2/mods-available/mpm_prefork.conf <<EOL | |
<IfModule mpm_prefork_module> | |
StartServers 1 | |
MinSpareServers 1 | |
MaxSpareServers 3 | |
MaxRequestWorkers 10 | |
MaxConnectionsPerChild 3000 | |
</IfModule> | |
EOL | |
cat > /etc/apache2/mods-available/mpm_worker.conf <<EOL | |
<IfModule mpm_worker_module> | |
StartServers 1 | |
MinSpareThreads 5 | |
MaxSpareThreads 15 | |
ThreadLimit 25 | |
ThreadsPerChild 5 | |
MaxRequestWorkers 25 | |
MaxConnectionsPerChild 200 | |
</IfModule> | |
EOL | |
a2dismod status | |
echo -e "${GREEN}Configuration of apache mods was succesfully finished! | |
Restarting Apache & MySQL services...${NC}" | |
service apache2 restart | |
service mysql restart | |
echo -e "${GREEN}Services succesfully restarted!${NC}" | |
sleep 3 | |
echo -e "${GREEN}Adding user & database for WordPress, setting wp-config.php...${NC}" | |
echo "Do you need to setup new MySQL database? (y/n)" | |
read -e setupmysql | |
if [ "$setupmysql" == y ] ; then | |
echo "MySQL Admin User: " | |
read -e mysqluser | |
echo "MySQL Admin Password: " | |
read -s mysqlpass | |
echo "MySQL Host (Enter for default 'localhost'): " | |
read -e mysqlhost | |
mysqlhost=${mysqlhost:-localhost} | |
fi | |
echo "WP Database Name: " | |
read -e db_name | |
echo "WP Database User: " | |
read -e db_user | |
echo "WP Database Password: " | |
read -s db_pass | |
echo "WP Database Table Prefix [numbers, letters, and underscores only] (Enter for default 'wp_'): " | |
read -e dbtable | |
dbtable=${dbtable:-wp_} | |
echo "Last chance - sure you want to run the install? (y/n)" | |
read -e run | |
if [ "$run" == y ] ; then | |
if [ "$setupmysql" == y ] ; then | |
echo "============================================" | |
echo "Setting up the database." | |
echo "============================================" | |
#login to MySQL, add database, add user and grant permissions | |
dbsetup="create database $db_name;GRANT ALL PRIVILEGES ON $db_name.* TO $db_user@$mysqlhost IDENTIFIED BY '$db_pass';FLUSH PRIVILEGES;" | |
mysql -u $mysqluser -p$mysqlpass -e "$dbsetup" | |
if [ $? != "0" ]; then | |
echo "============================================" | |
echo "[Error]: Database creation failed. Aborting." | |
echo "============================================" | |
exit 1 | |
fi | |
fi | |
mv /var/www/$websitename/www/wp-config-sample.php /var/www/$websitename/www/wp-config.php | |
#set database details with perl find and replace | |
perl -pi -e "s'database_name_here'"$db_name"'g" wp-config.php | |
perl -pi -e "s'username_here'"$db_user"'g" wp-config.php | |
perl -pi -e "s'password_here'"$db_pass"'g" wp-config.php | |
perl -pi -e "s/\'wp_\'/\'$dbtable\'/g" wp-config.php | |
#set WP salts | |
perl -i -pe' | |
BEGIN { | |
@chars = ("a" .. "z", "A" .. "Z", 0 .. 9); | |
push @chars, split //, "!@#$%^&*()-_ []{}<>~\`+=,.;:/?|"; | |
sub salt { join "", map $chars[ rand @chars ], 1 .. 64 } | |
} | |
s/put your unique phrase here/salt()/ge | |
' wp-config.php | |
chown -R $username:$username /var/www/$websitename | |
echo -e "${GREEN}Database user, database and wp-config.php were succesfully created & configured!${NC}" | |
sleep 3 | |
echo -e "Installation & configuration succesfully finished. Bye!" | |
else | |
exit | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
To run:
Paste all of the following in to terminal and hit Return: curl -L -o 'wp.sh' https://gist.github.com/wildkatz2004/c9637e1be5b70a41ea8ec36c97dcc47f/raw/wp.sh && sudo bash wp.sh