Skip to content

Instantly share code, notes, and snippets.

@frank-bg

frank-bg/01-lamp.sh

Last active January 20, 2021 02:10
Show Gist options
  • Save frank-bg/fc7f4a746c55204ca113caf27d57c85e to your computer and use it in GitHub Desktop.
Save frank-bg/fc7f4a746c55204ca113caf27d57c85e to your computer and use it in GitHub Desktop.
Download ZIP
lamp installation based on homestead settler
Raw
01-lamp.sh
#!/usr/bin/env bash
function isRoot() {
if [ "$EUID" -ne 0 ]; then
return 1
fi
}
if ! isRoot; then
echo "Sorry, you need to run this as root"
exit 1
fi
if [ "x$1" == "x" ]
then
echo "Error: missing required parameter."
echo "Usage: "
echo " $0 username "
exit 0
fi
if ! id -u "$1" >/dev/null 2>&1;
then
echo "Error: user not exists in system."
exit 0
fi
USERNAME=$1
# Install Some PPAs
apt-get install -y software-properties-common curl
apt-add-repository ppa:nginx/development -y
apt-add-repository ppa:ondrej/php -y
apt-add-repository ppa:chris-lea/redis-server -y
# Install Some Basic Packages
apt-get install -y build-essential dos2unix gcc git libmcrypt4 libpcre3-dev libpng-dev chrony unzip make python2.7-dev \
python-pip re2c supervisor unattended-upgrades whois vim libnotify-bin pv cifs-utils mcrypt bash-completion zsh \
graphviz avahi-daemon tshark imagemagick
# Set My Timezone
ln -sf /usr/share/zoneinfo/UTC /etc/localtime
# Install Generic PHP packages
apt-get install -y --allow-change-held-packages \
php-imagick php-memcached php-redis php-xdebug php-dev
# PHP 7.4
apt-get install -y --allow-change-held-packages \
php7.4 php7.4-bcmath php7.4-bz2 php7.4-cgi php7.4-cli php7.4-common php7.4-curl php7.4-dba php7.4-dev \
php7.4-enchant php7.4-fpm php7.4-gd php7.4-gmp php7.4-imap php7.4-interbase php7.4-intl php7.4-json php7.4-ldap \
php7.4-mbstring php7.4-mysql php7.4-odbc php7.4-opcache php7.4-pgsql php7.4-phpdbg php7.4-pspell php7.4-readline \
php7.4-snmp php7.4-soap php7.4-sqlite3 php7.4-sybase php7.4-tidy php7.4-xml php7.4-xmlrpc php7.4-xsl php7.4-zip
# PHP 5.6
apt-get install -y --allow-change-held-packages \
php5.6-bcmath php5.6-bz2 php5.6-cgi php5.6-cli php5.6-common php5.6-curl php5.6-dba php5.6-dev php5.6-enchant \
php5.6-fpm php5.6-gd php5.6-gmp php5.6-imap php5.6-interbase php5.6-intl php5.6-json php5.6-ldap php5.6-mbstring \
php5.6-mcrypt php5.6-mysql php5.6-odbc php5.6-opcache php5.6-pgsql php5.6-phpdbg php5.6-pspell php5.6-readline \
php5.6-recode php5.6-snmp php5.6-soap php5.6-sqlite3 php5.6-sybase php5.6-tidy php5.6-xml php5.6-xmlrpc php5.6-xsl \
php5.6-zip
update-alternatives --set php /usr/bin/php7.4
update-alternatives --set php-config /usr/bin/php-config7.4
update-alternatives --set phpize /usr/bin/phpize7.4
# Install Composer
curl -sS https://getcomposer.org/installer | php
mv composer.phar /usr/local/bin/composer
# Set Some PHP CLI Settings
sudo sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/7.4/cli/php.ini
sudo sed -i "s/display_errors = .*/display_errors = On/" /etc/php/7.4/cli/php.ini
sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.4/cli/php.ini
sudo sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.4/cli/php.ini
sudo sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/5.6/cli/php.ini
sudo sed -i "s/display_errors = .*/display_errors = On/" /etc/php/5.6/cli/php.ini
sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/5.6/cli/php.ini
sudo sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/5.6/cli/php.ini
# Setup Some PHP-FPM Options
echo "xdebug.remote_enable = 1" >> /etc/php/7.4/mods-available/xdebug.ini
echo "xdebug.remote_connect_back = 1" >> /etc/php/7.4/mods-available/xdebug.ini
echo "xdebug.remote_port = 9000" >> /etc/php/7.4/mods-available/xdebug.ini
echo "xdebug.max_nesting_level = 512" >> /etc/php/7.4/mods-available/xdebug.ini
echo "opcache.revalidate_freq = 0" >> /etc/php/7.4/mods-available/opcache.ini
echo "xdebug.remote_enable = 1" >> /etc/php/5.6/mods-available/xdebug.ini
echo "xdebug.remote_connect_back = 1" >> /etc/php/5.6/mods-available/xdebug.ini
echo "xdebug.remote_port = 9000" >> /etc/php/5.6/mods-available/xdebug.ini
echo "xdebug.max_nesting_level = 512" >> /etc/php/5.6/mods-available/xdebug.ini
echo "opcache.revalidate_freq = 0" >> /etc/php/5.6/mods-available/opcache.ini
sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/7.4/fpm/php.ini
sed -i "s/display_errors = .*/display_errors = On/" /etc/php/7.4/fpm/php.ini
sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/" /etc/php/7.4/fpm/php.ini
sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.4/fpm/php.ini
sed -i "s/upload_max_filesize = .*/upload_max_filesize = 100M/" /etc/php/7.4/fpm/php.ini
sed -i "s/post_max_size = .*/post_max_size = 100M/" /etc/php/7.4/fpm/php.ini
sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.4/fpm/php.ini
printf "[openssl]\n" | tee -a /etc/php/7.4/fpm/php.ini
printf "openssl.cainfo = /etc/ssl/certs/ca-certificates.crt\n" | tee -a /etc/php/7.4/fpm/php.ini
printf "[curl]\n" | tee -a /etc/php/7.4/fpm/php.ini
printf "curl.cainfo = /etc/ssl/certs/ca-certificates.crt\n" | tee -a /etc/php/7.4/fpm/php.ini
sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/5.6/fpm/php.ini
sed -i "s/display_errors = .*/display_errors = On/" /etc/php/5.6/fpm/php.ini
sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/" /etc/php/5.6/fpm/php.ini
sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/5.6/fpm/php.ini
sed -i "s/upload_max_filesize = .*/upload_max_filesize = 100M/" /etc/php/5.6/fpm/php.ini
sed -i "s/post_max_size = .*/post_max_size = 100M/" /etc/php/5.6/fpm/php.ini
sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/5.6/fpm/php.ini
printf "[openssl]\n" | tee -a /etc/php/5.6/fpm/php.ini
printf "openssl.cainfo = /etc/ssl/certs/ca-certificates.crt\n" | tee -a /etc/php/5.6/fpm/php.ini
printf "[curl]\n" | tee -a /etc/php/5.6/fpm/php.ini
printf "curl.cainfo = /etc/ssl/certs/ca-certificates.crt\n" | tee -a /etc/php/5.6/fpm/php.ini
# Disable XDebug On The CLI
sudo phpdismod -s cli xdebug
# Set The PHP-FPM User
sed -i "s/user = www-data/user = $USERNAME/" /etc/php/7.4/fpm/pool.d/www.conf
sed -i "s/group = www-data/group = $USERNAME/" /etc/php/7.4/fpm/pool.d/www.conf
sed -i "s/listen\.owner.*/listen.owner = $USERNAME/" /etc/php/7.4/fpm/pool.d/www.conf
sed -i "s/listen\.group.*/listen.group = $USERNAME/" /etc/php/7.4/fpm/pool.d/www.conf
sed -i "s/;listen\.mode.*/listen.mode = 0666/" /etc/php/7.4/fpm/pool.d/www.conf
sed -i "s/user = www-data/user = $USERNAME/" /etc/php/5.6/fpm/pool.d/www.conf
sed -i "s/group = www-data/group = $USERNAME/" /etc/php/5.6/fpm/pool.d/www.conf
sed -i "s/listen\.owner.*/listen.owner = $USERNAME/" /etc/php/5.6/fpm/pool.d/www.conf
sed -i "s/listen\.group.*/listen.group = $USERNAME/" /etc/php/5.6/fpm/pool.d/www.conf
sed -i "s/;listen\.mode.*/listen.mode = 0666/" /etc/php/5.6/fpm/pool.d/www.conf
service php7.4-fpm restart
service php5.6-fpm restart
usermod -a -G www-data $USERNAME
# Install & Configure MailHog
wget --quiet -O /usr/local/bin/mailhog https://github.com/mailhog/MailHog/releases/download/v0.2.1/MailHog_linux_amd64
chmod +x /usr/local/bin/mailhog
sudo tee /etc/systemd/system/mailhog.service <<EOL
[Unit]
Description=Mailhog
After=network.target
[Service]
User=$USERNAME
ExecStart=/usr/bin/env /usr/local/bin/mailhog > /dev/null 2>&1 &
[Install]
WantedBy=multi-user.target
EOL
systemctl daemon-reload
systemctl enable mailhog
# Delete obsolete networking
apt-get -y purge ppp pppconfig pppoeconf
# Delete oddities
apt-get -y purge popularity-contest installation-report command-not-found command-not-found-data friendly-recovery \
fonts-ubuntu-font-family-console laptop-detect
apt-get -y autoremove;
apt-get -y clean;
# Install Apache
export DEBIAN_FRONTEND=noninteractive
apt-get install -y apache2 php5.6-cgi php7.4-cgi libapache2-mod-fcgid
sed -i "s/www-data/$USERNAME/" /etc/apache2/envvars
# Enable FPM
sudo a2enconf php5.6-fpm
sudo a2enconf php7.4-fpm
# Assume user wants mode_rewrite support
sudo a2enmod rewrite
# Turn on HTTPS support
sudo a2enmod ssl
# Turn on proxy & fcgi
sudo a2enmod proxy proxy_fcgi
# Turn on headers support
sudo a2enmod headers actions alias
# Add Mutex to config to prevent auto restart issues
if [ -z "$(grep '^Mutex posixsem$' /etc/apache2/apache2.conf)" ]
then
echo 'Mutex posixsem' | sudo tee -a /etc/apache2/apache2.conf
fi
service apache2 restart
service php5.6-fpm restart
service php7.4-fpm restart
service apache2 reload
# Install MariaDB
# Disable Apparmor
# See https://github.com/laravel/homestead/issues/629#issue-247524528
sudo service apparmor stop
sudo service apparmor teardown
sudo update-rc.d -f apparmor remove
# Remove MySQL
apt-get remove -y --purge mysql-server mysql-client mysql-common
apt-get autoremove -y
apt-get autoclean
rm -rf /var/lib/mysql
rm -rf /var/log/mysql
rm -rf /etc/mysql
# Add Maria PPA
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 0xF1656F24C74CD1D8
sudo add-apt-repository "deb [arch=amd64,ppc64el] http://ftp.osuosl.org/pub/mariadb/repo/10.3/ubuntu $(lsb_release -cs) main"
apt-get update
# Set The Automated Root Password
export DEBIAN_FRONTEND=noninteractive
debconf-set-selections <<< "mariadb-server mysql-server/data-dir select ''"
debconf-set-selections <<< "mariadb-server mysql-server/root_password password secret"
debconf-set-selections <<< "mariadb-server mysql-server/root_password_again password secret"
# Install MariaDB
apt-get install -y mariadb-server
# Configure Maria Remote Access and ignore db dirs
cat > /etc/mysql/conf.d/mysql.cnf << EOF
[mysqld]
bind-address = 0.0.0.0
ignore-db-dir = lost+found
sql-mode=""
EOF
export MYSQL_PWD=secret
mysql --user="root" -e "GRANT ALL ON *.* TO root@'0.0.0.0' IDENTIFIED BY 'secret' WITH GRANT OPTION;"
service mysql restart
mysql --user="root" -e "CREATE USER IF NOT EXISTS 'homestead'@'0.0.0.0' IDENTIFIED BY 'secret';"
mysql --user="root" -e "GRANT ALL ON *.* TO 'homestead'@'0.0.0.0' IDENTIFIED BY 'secret' WITH GRANT OPTION;"
mysql --user="root" -e "GRANT ALL ON *.* TO 'homestead'@'%' IDENTIFIED BY 'secret' WITH GRANT OPTION;"
mysql --user="root" -e "FLUSH PRIVILEGES;"
service mysql restart
mysql_upgrade --user="root" --verbose --force
service mysql restart
unset MYSQL_PWD
# Remove any Homestead entries from /etc/hosts and prepare for adding new ones.
sudo sed -i '/#### HOMESTEAD-SITES-BEGIN/,/#### HOMESTEAD-SITES-END/d' /etc/hosts
printf "#### HOMESTEAD-SITES-BEGIN\n#### HOMESTEAD-SITES-END\n" | sudo tee -a /etc/hosts > /dev/null
# dir for SSL certs
mkdir -p /etc/nginx/ssl 2>/dev/null
Raw
99-add-site.sh
#!/usr/bin/env bash
function isRoot() {
if [ "$EUID" -ne 0 ]; then
return 1
fi
}
if ! isRoot; then
echo "Sorry, you need to run this as root"
exit 1
fi
if [ "x$1" == "x" ] || [ "x$2" == "x" ] || [ "x$3" == "x" ] || [ "x$4" == "x" ] || [ "x$5" == "x" ]
then
echo "Error: missing required parameter."
echo "Usage: "
echo " $0 domain directory http_port https_port php_version "
exit 0
fi
declare -A params=$6 # Create an associative array
declare -A headers=${9} # Create an associative array
paramsTXT=""
if [ -n "$6" ]; then
for element in "${!params[@]}"
do
paramsTXT="${paramsTXT}
SetEnv ${element} \"${params[$element]}\""
done
fi
headersTXT=""
if [ -n "${9}" ]; then
for element in "${!headers[@]}"
do
headersTXT="${headersTXT}
Header always set ${element} \"${headers[$element]}\""
done
fi
export DEBIAN_FRONTEND=noninteractive
block="<VirtualHost *:$3>
ServerAdmin webmaster@localhost
ServerName $1
ServerAlias www.$1
DocumentRoot "$2"
$paramsTXT
$headersTXT
<Directory "$2">
AllowOverride All
Require all granted
</Directory>
<IfModule mod_fastcgi.c>
AddHandler php"$5"-fcgi .php
Action php"$5"-fcgi /php"$5"-fcgi
Alias /php"$5"-fcgi /usr/lib/cgi-bin/php"$5"
FastCgiExternalServer /usr/lib/cgi-bin/php"$5" -socket /var/run/php/php"$5"-fpm.sock -pass-header Authorization
</IfModule>
<IfModule !mod_fastcgi.c>
<IfModule mod_proxy_fcgi.c>
<FilesMatch \".+\.ph(ar|p|tml)$\">
SetHandler \"proxy:unix:/var/run/php/php"$5"-fpm.sock|fcgi://localhost\"
</FilesMatch>
</IfModule>
</IfModule>
#LogLevel info ssl:warn
ErrorLog \${APACHE_LOG_DIR}/$1-error.log
CustomLog \${APACHE_LOG_DIR}/$1-access.log combined
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
"
echo "$block" > "/etc/apache2/sites-available/$1.conf"
ln -fs "/etc/apache2/sites-available/$1.conf" "/etc/apache2/sites-enabled/$1.conf"
blockssl="<IfModule mod_ssl.c>
<VirtualHost *:$4>
ServerAdmin webmaster@localhost
ServerName $1
ServerAlias www.$1
DocumentRoot "$2"
$paramsTXT
<Directory "$2">
AllowOverride All
Require all granted
</Directory>
#LogLevel info ssl:warn
ErrorLog \${APACHE_LOG_DIR}/$1-error.log
CustomLog \${APACHE_LOG_DIR}/$1-access.log combined
#Include conf-available/serve-cgi-bin.conf
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
#SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
#SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
SSLCertificateFile /etc/nginx/ssl/$1.crt
SSLCertificateKeyFile /etc/nginx/ssl/$1.key
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
#SSLCACertificatePath /etc/ssl/certs/
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
#SSLCARevocationPath /etc/apache2/ssl.crl/
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
#SSLVerifyClient require
#SSLVerifyDepth 10
<FilesMatch \"\.(cgi|shtml|phtml|php)$\">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
<IfModule mod_fastcgi.c>
AddHandler php"$5"-fcgi .php
Action php"$5"-fcgi /php"$5"-fcgi
Alias /php"$5"-fcgi /usr/lib/cgi-bin/php"$5"
FastCgiExternalServer /usr/lib/cgi-bin/php"$5" -socket /var/run/php/php"$5"-fpm.sock -pass-header Authorization
</IfModule>
<IfModule !mod_fastcgi.c>
<IfModule mod_proxy_fcgi.c>
<FilesMatch \".+\.ph(ar|p|tml)$\">
SetHandler \"proxy:unix:/var/run/php/php"$5"-fpm.sock|fcgi://localhost/\"
</FilesMatch>
</IfModule>
</IfModule>
BrowserMatch \"MSIE [2-6]\" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch \"MSIE [17-9]\" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
"
echo "$blockssl" > "/etc/apache2/sites-available/$1-ssl.conf"
ln -fs "/etc/apache2/sites-available/$1-ssl.conf" "/etc/apache2/sites-enabled/$1-ssl.conf"
# Generate cert
PATH_SSL="/etc/nginx/ssl"
# Path to the custom Homestead $(hostname) Root CA certificate.
PATH_ROOT_CNF="${PATH_SSL}/ca.homestead.$(hostname).cnf"
PATH_ROOT_CRT="${PATH_SSL}/ca.homestead.$(hostname).crt"
PATH_ROOT_KEY="${PATH_SSL}/ca.homestead.$(hostname).key"
# Path to the custom site certificate.
PATH_CNF="${PATH_SSL}/${1}.cnf"
PATH_CRT="${PATH_SSL}/${1}.crt"
PATH_CSR="${PATH_SSL}/${1}.csr"
PATH_KEY="${PATH_SSL}/${1}.key"
BASE_CNF="
[ ca ]
default_ca = ca_homestead_$(hostname)
[ ca_homestead_$(hostname) ]
dir = $PATH_SSL
certs = $PATH_SSL
new_certs_dir = $PATH_SSL
private_key = $PATH_ROOT_KEY
certificate = $PATH_ROOT_CRT
default_md = sha256
name_opt = ca_default
cert_opt = ca_default
default_days = 365
preserve = no
policy = policy_loose
[ policy_loose ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
prompt = no
encrypt_key = no
default_bits = 2048
distinguished_name = req_distinguished_name
string_mask = utf8only
default_md = sha256
x509_extensions = v3_ca
[ v3_ca ]
authorityKeyIdentifier = keyid,issuer
basicConstraints = critical, CA:true, pathlen:0
keyUsage = critical, digitalSignature, keyCertSign
subjectKeyIdentifier = hash
[ server_cert ]
authorityKeyIdentifier = keyid,issuer:always
basicConstraints = CA:FALSE
extendedKeyUsage = serverAuth
keyUsage = critical, digitalSignature, keyEncipherment
subjectAltName = @alternate_names
subjectKeyIdentifier = hash
"
# Only generate the root certificate when there isn't one already there.
if [ ! -f $PATH_ROOT_CNF ] || [ ! -f $PATH_ROOT_KEY ] || [ ! -f $PATH_ROOT_CRT ]
then
# Generate an OpenSSL configuration file specifically for this certificate.
cnf="
${BASE_CNF}
[ req_distinguished_name ]
O = Vagrant
C = UN
CN = Homestead $(hostname) Root CA
"
echo "$cnf" > $PATH_ROOT_CNF
# Finally, generate the private key and certificate.
openssl genrsa -out "$PATH_ROOT_KEY" 4096 2>/dev/null
openssl req -config "$PATH_ROOT_CNF" \
-key "$PATH_ROOT_KEY" \
-x509 -new -extensions v3_ca -days 3650 -sha256 \
-out "$PATH_ROOT_CRT" 2>/dev/null
# Symlink ca to local certificate storage and run update command
ln --force --symbolic $PATH_ROOT_CRT /usr/local/share/ca-certificates/
update-ca-certificates
fi
# Only generate a certificate if there isn't one already there.
if [ ! -f $PATH_CNF ] || [ ! -f $PATH_KEY ] || [ ! -f $PATH_CRT ]
then
# Uncomment the global 'copy_extentions' OpenSSL option to ensure the SANs are copied into the certificate.
sed -i '/copy_extensions\ =\ copy/s/^#\ //g' /etc/ssl/openssl.cnf
# Generate an OpenSSL configuration file specifically for this certificate.
cnf="
${BASE_CNF}
[ req_distinguished_name ]
O = Vagrant
C = UN
CN = $1
[ alternate_names ]
DNS.1 = $1
DNS.2 = *.$1
"
echo "$cnf" > $PATH_CNF
# Finally, generate the private key and certificate signed with the Homestead $(hostname) Root CA.
openssl genrsa -out "$PATH_KEY" 2048 2>/dev/null
openssl req -config "$PATH_CNF" \
-key "$PATH_KEY" \
-new -sha256 -out "$PATH_CSR" 2>/dev/null
openssl x509 -req -extfile "$PATH_CNF" \
-extensions server_cert -days 365 -sha256 \
-in "$PATH_CSR" \
-CA "$PATH_ROOT_CRT" -CAkey "$PATH_ROOT_KEY" -CAcreateserial \
-out "$PATH_CRT" 2>/dev/null
fi
# Add new IP-host pair to /etc/hosts.
IP='127.0.0.1'
HOSTNAME=$1
if [ -n "$(grep [^\.]$HOSTNAME /etc/hosts)" ]
then
echo "$HOSTNAME already exists:";
echo $(grep [^\.]$HOSTNAME /etc/hosts);
else
sudo sed -i "/#### HOMESTEAD-SITES-BEGIN/c\#### HOMESTEAD-SITES-BEGIN\\n$IP\t$HOSTNAME" /etc/hosts
if ! [ -n "$(grep [^\.]$HOSTNAME /etc/hosts)" ]
then
echo "Failed to Add $HOSTNAME, Try again!";
fi
fi
service apache2 restart
service php"$5"-fpm restart
service apache2 reload
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment