server-stack-automation/server-prod-stack-setup.sh at master · michaelbontyes/server-stack-automation · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
#!sbin/bash
RED='\033[0;31m'
NC='\033[0m' # No Color

echo $RED "
INSTALLATION PRE-REQUISITES

0. BE ROOT
1. Install apache2: NO need to configure
2. Install mysql-server: Set Root password
3. Install phpmyadmin and secure it
4. Create users and databases for both dev and staging
5. Ensure the EDLFB certificates and key are in the /root folder

WOULD YOU LIKE TO INSTALL THE REQUIRED PACKAGES? (yes/no/exit)
" $NC
read prereq
case $prereq in
  n|no|No|nO|NO|non|Non|nOn|noN|NOn|NoN|NON) break ;;
  y|yes|Y|Yes|YES|YEs|YeS|yEs|yES|yeS|Oui|oui) apt-get update
  apt-get install -y apache2
  #apt-get install -y mysql-server
  apt-get install -y php5
  apt-get install -y php-mysql
  apt-get install -y php5-curl ;;
  *) exit
esac

#SFTP USER
echo $RED "

LET'S START BY CREATING THE SFTP USER AND IT'S PASSWORD

" $NC
sudo adduser webdeploy

#VHOSTS
echo "Please enter a value for the new vhost:
"
read dev

echo "Creating vhosts in /var/www/vhosts"
mkdir -p /var/www/vhosts/$dev

sleep 2

#APACHE
echo "Creating apache config files"
touch /etc/apache2/sites-available/$dev.conf

echo " <VirtualHost *:80>
        ServerName $dev

        DocumentRoot /var/www/vhosts/$dev

        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

        <Directory /var/www/vhosts/$dev>

            Header always set X-Xss-Protection \"1; mode=block\"
            Header always set X-Frame-Options SAMEORIGIN

            Options -Indexes +FollowSymLinks -MultiViews
            AllowOverride All
            AuthType Basic
            Order allow,deny
            AuthName \"Preview\"
            AuthUserFile /etc/apache2/.htpasswd
            Require valid-user
            Allow from localhost
            Satisfy Any
        </Directory>

        <files xmlrpc.php>
        Order allow,deny
        Deny from all
        </files>

        ErrorLog /var/log/apache2/$dev-error.log
        CustomLog /var/log/apache2/$dev-access.log combined
        LogLevel warn
</VirtualHost>

<VirtualHost *:443>
        ServerName $dev

        DocumentRoot /var/www/vhosts/$dev

        <Directory /var/www/vhosts/$dev>

            Header always set X-Xss-Protection \"1; mode=block\"
            Header always set X-Frame-Options SAMEORIGIN

            Options -Indexes +FollowSymLinks -MultiViews
            AllowOverride All
            AuthType Basic
            Order allow,deny
            AuthName \"Preview\"
            AuthUserFile /etc/apache2/.htpasswd
            Require valid-user
            Allow from localhost
            Satisfy Any
        </Directory>

        <files xmlrpc.php>
        Order allow,deny
        Deny from all
        </files>

        ErrorLog /var/log/apache2/$dev-error.log
        CustomLog /var/log/apache2/$dev-access.log combined
        LogLevel warn

        <FilesMatch \"\.(cgi|shtml|phtml|php)$\">
        SSLOptions +StdEnvVars
        </FilesMatch>

        BrowserMatch \"MSIE [2-6]\"                 nokeepalive ssl-unclean-shutdown                 downgrade-1.0 force-response-1.0
        BrowserMatch \"MSIE [17-9]\" ssl-unclean-shutdown

</VirtualHost>
" >> /etc/apache2/sites-available/$dev.conf

cat /etc/apache2/sites-available/$dev.conf
echo "dev config file created"

sleep 2

echo $RED "
ENTER HTPASSWD CREDENTIALS: (THIS WILL BE THE HASHED preview:skbf8*fbsjhv&bhkbgs7.)
" $NC
read creds

echo " $creds" >> /etc/apache2/.htpasswd

sleep 2

echo "Enabling the new site"
sudo a2ensite $dev.conf

echo $RED "
DISABLING DEFAULT SITES

" $NC
sudo a2dissite 000-default.conf
sudo a2dissite default-ssl.conf

echo $RED "
SETTING SERVER NAME

" $NC
echo "ServerName $dev

# HTTP SLOW CONTROL
MaxRequestWorkers 100
LimitRequestLine 4094
LimitRequestBody 20971520
LimitRequestFieldSize 4094
LimitRequestFields 50

" >> /etc/apache2/apache2.conf

echo $RED "
ENABLING APACHE2 MODULES

" $NC
sudo a2enmod ssl
sudo a2enmod rewrite
sudo a2enmod headers
sudo a2enmod expires
sudo php5enmod mcrypt

sudo apt-get -y install apache2-dev libtool git
git clone https://github.com/cloudflare/mod_cloudflare.git && cd mod_cloudflare
apxs -a -i -c mod_cloudflare.c

sudo service apache2 restart

# WordPress
echo $RED "
FETCHING PRE-REQUISITES TO INSTALL WORDPRESS

" $NC
sudo apt-get update
sudo apt-get install -y wget
sudo apt-get install -y zip
sudo apt-get install -y unzip

echo "Installing Latest WordPress"
cd /var/www/
wget https://wordpress.org/latest.zip
unzip latest.zip
sudo rm latest.zip
cp -R wordpress/* /var/www/vhosts/$dev
sudo rm -R /var/www/vhosts/$dev/wp-content/themes/*
sudo rm -R /var/www/vhosts/$dev/wp-content/plugins/*
sudo rm -R /var/www/wordpress/

#DATABASES
# echo "Creating databases and users
# Enter the user for the DB:
# "
# read devuser
#
# echo "Enter the password for the DB:
# "
# read devpass
#
# echo "Enter the DB Host (In most cases it would be 'localhost'):
# "
# read dbhost
#
# echo "You will now be prompted for the root user's MySQL password:
# "
#
# mysql -u root -p<< EOF
# create database $devuser;
# create user '$devuser'@'$dbhost' identified by '$devpass';
# grant usage on *.* to $devuser@$dbhost identified by '$devpass';
# grant all privileges on $devuser.* to $devuser@$dbhost ;
#
# flush privileges;
# EOF

#WP-CLI
cd /var/www/vhosts/$dev/
curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
sudo chmod +x wp-cli.phar
sudo mv wp-cli.phar /usr/local/bin/wp

echo "Assigning proper permissions to vhosts"
sudo chown -R www-data:www-data /var/www/vhosts/$dev
sudo chmod -R 775 /var/www/vhosts/$dev
sudo chown -R webdeploy /var/www/vhosts/$dev/wp-content
sudo chmod -R 775 /var/www/vhosts/$dev/wp-content
sudo chown root:root /var/www/vhosts/$dev/xmlrpc.php
sudo chmod 700 /var/www/vhosts/$dev/xmlrpc.php

#UFW
echo $RED "
SETTIGN UP BASIC UFW RULES

" $NC
sudo ufw enable
ufw default deny incoming
ufw default allow outgoing
sudo ufw allow 80
sudo ufw allow 443

echo $RED "
DOES THE SERVER NEED TO SEND MAIL? (yes/no)

" $NC

read mail
case $mail in
  n|no|No|nO|NO|non|Non|nOn|noN|NOn|NoN|NON) sudo ufw deny out 25 ;;
  y|yes|Y|Yes|YES|YEs|YeS|yEs|yES|yeS|Oui|oui) break ;;
  *) break ;;
esac


echo "
AND THAT'S IT!
Now please verify the settings quickly and navigate to $dev to complete the WP quick install"