CLD1-ConfigWebServer/createclient.bash at master · SemicolonManifest/CLD1-ConfigWebServer · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
#!/usr/bin/env bash

# Authors: theo.gautier@cpnv.ch, Cyril.GOLDENSCHUE@cpnv.ch
# Last update date: 2021.11.05
# Description: Script to run to create users in the project

if [ "$EUID" -ne 0 ]
  then echo "Error: Please run as root. Aborted."
  exit
fi


clientok=0
passwordok=0


while [[ $clientok -eq 0 ]]; do
    echo -n "Username: "
    read -r client
    if [[ -n $client ]]; then
            clientok=1
    else
            echo -e "\nPlease enter a username!"
    fi
done

while [[ $passwordok -eq 0 ]]; do
    # from https://stackoverflow.com/questions/2654009/how-to-make-bash-script-ask-for-a-password
    echo -n "Password: "
    stty_orig=$(stty -g) # save original terminal setting.
    stty -echo           # turn-off echoing.
    read -r password  # read the password
    stty "$stty_orig"    # restore terminal setting.

    if [[ -n $password ]]; then
        firstpassSuccess=1
        else
        echo -e "\nPlease enter a password!"
    fi

    if [[ $firstpassSuccess -eq 1 ]]; then
        echo -ne "\nConfirm Password: "
        stty_orig=$(stty -g) # save original terminal setting.
        stty -echo           # turn-off echoing.
        read -r confirmpassword  # read the password
        stty "$stty_orig"    # restore terminal setting.

        if [[ "$password" == "$confirmpassword" ]]; then
        passwordok=1
        else echo -e "\nPasswords did not match"
        firstpassSuccess=0
        fi
    fi
done


# create user
echo -e "\n\nCreating user"

useradd ${client} -p $(openssl passwd -crypt ${password}) -m -d "/home/${client}" -s /bin/bash

mkdir /home/${client}/www

echo "${client}" >> /home/${client}/www/index.php

chown ${client}:www-data -R /home/${client}

chmod 750 -R /home/${client}

echo "umask 007" >> /home/${client}/.bashrc

# create nginx config

echo "creating nginx config"

echo "server {
    listen 80;
    listen [::]:80;

    server_name ${client}.ch www.${client}.ch;

    root /home/${client}/www;
    index index.html index.php;

    location / {
        try_files \$uri \$uri/ /index.php\$is_args\$args  =404;
    }

    location ~ \.php$ {
        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
        fastcgi_pass unix:/var/run/php/php7.4fpm-${client}.sock;
        fastcgi_index index.php;
        include /etc/nginx/fastcgi_params;
    }
}" >> /etc/nginx/sites-available/${client}

ln -s /etc/nginx/sites-available/${client} /etc/nginx/sites-enabled/

# create php config

echo -e "creating php config"

echo "[${client}]
user = ${client}
group = ${client}
listen = /var/run/php/php7.4fpm-${client}.sock
listen.owner = www-data
listen.group = www-data

pm = dynamic
pm.max_children = 64
pm.start_servers = 10
pm.min_spare_servers = 5
pm.max_spare_servers = 20
pm.process_idle_timeout = 10s" >> /etc/php/7.4/fpm/pool.d/${client}.conf

systemctl restart nginx
systemctl restart php7.4-fpm

#database
echo -e "Creating mariadb database"

query_mysql="CREATE DATABASE ${client};
GRANT ALL PRIVILEGES ON ${client}.* TO '${client}'@'%' IDENTIFIED BY '${password}';
FLUSH PRIVILEGES;"

mysql --execute="${query_mysql}"