lennartvdd · January 1, 2021 11:11
diff --git a/ubuntu-nginx-installer.sh b/ubuntu-nginx-installer.sh
 #!/bin/bash

 # This script does the following things
 # - update apt respositories
 # - Install:
 # 	- nginx
 #	- git 
 # - Create a GIT User
 # - Set up GIT bare repo
 # - Set up GIT working directories for nginx
 # - TODO: configure nginx to use PHP-FPM
 # - TODO: perform initial checkout (run by codeship or manual remote push)
 # - TODO: enable website in nginx (on catch-all vhost?) 
 # - TODO: optimize nginx performance 
 ValidHostnameRegex="^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$";

 echo -n "App name: "
 read APP
 if [[ ! ${APP} =~ ^[a-zA-Z][a-zA-Z0-9_-]+$ ]]; then 
 	echo "Invalid app name. Please simplify. No special chars. Start with a letter from the alphabet"
 	exit 1
 fi

 echo -n "App hostname: "
 read APP_HOSTNAME
 if [[ ! ${APP_HOSTNAME} =~ $ValidHostnameRegex ]]; then 
 	echo "Invalid hostname. Please simplify. No special chars. Start with a letter from the alphabet"
 	exit 1
 fi

 echo -n "GIT branch: "
 read GIT_BRANCH
 if [[ ! ${GIT_BRANCH} =~ ^[a-zA-Z][a-zA-Z0-9/_-]+$ ]]; then 
 	echo "Invalid git branch name. Please simplify. No special chars. Start with a letter from the alphabet"
 	exit 1
 fi

 GIT_USER=git
 GIT_GROUP=git
 GIT_HOME=/home/git
 GIT_REPOSITORY=$GIT_HOME/$APP.git
 WEBSERVER_USER=www-data
 WEBSERVER_GROUP=www-data
 APPLICATION_DIR=/var/www/$APP

 #############################

 set -e
 if [[ $EUID -ne 0 ]]; then
  echo "You must be a root user to run this script." 2>&1
  exit 1
 fi

 # Set TimeZone
 echo "Europe/Amsterdam" | tee /etc/timezone
 dpkg-reconfigure --frontend noninteractive tzdata

 apt-get update
 echo "Installing Postfix. Please see https://cloud.google.com/compute/docs/sending-mail#postfixsendgrid for install instructions."
 read -p "Press [Enter] key to continue..."
 echo "Again: make sure you follow the instructions here! https://cloud.google.com/compute/docs/sending-mail#postfixsendgrid"
 read -p "Have you read it? Press [Enter] key to continue for real this time..."
 apt-get install -y libsasl2-modules postfix # manual configuration required here! See https://cloud.google.com/compute/docs/sending-mail#postfixsendgrid
 apt-get install -y nginx 
 apt-get install -y git
 curl -sL https://deb.nodesource.com/setup_9.x | sudo -E bash -
 apt-get install -y nodejs

 # Install global node packages
 npm install -g bower

 # Create symlink to node for nodejs bin
 # sudo ln -s /usr/bin/nodejs /usr/bin/node

 #create web app directories and set ownership and permissions
 mkdir -p $APPLICATION_DIR
 chown -R $WEBSERVER_USER:$WEBSERVER_GROUP $APPLICATION_DIR
 chmod -R ug+rws $APPLICATION_DIR

 #Set up git user and create a bare repository
 useradd -m -s /bin/bash -G $WEBSERVER_GROUP $GIT_USER # TODO make /bin/nologin
 su - $GIT_USER -c "mkdir -p "$GIT_REPOSITORY" && cd "$GIT_REPOSITORY"; git init --bare;"

 # START: create 'hook/post-receive' script
 echo '#!/bin/bash

 export GIT_WORK_TREE='$APPLICATION_DIR'

 GIT_BRANCH='$GIT_BRANCH'

 #################

 set -e

 echo "Deploying $GIT_BRANCH branch to local worktree ... "
 git checkout -f $GIT_BRANCH

 cd $GIT_WORK_TREE

 echo "Update Bower Packages ... "
 bower --allow-root install

 echo "Change file ownership to $WEBSERVER_USER:$WEBSERVER_GROUP ... "
 chown -R $WEBSERVER_USER:$WEBSERVER_GROUP $GIT_WORK_TREE

 echo "Done deploying"
 ' > $GIT_REPOSITORY/hooks/post-receive
 # END: create 'hook/post-receive' script

 chmod 0775 $GIT_REPOSITORY/hooks/post-receive
 chown -R $GIT_USER:$GIT_GROUP $GIT_HOME/*


 echo '
 server {
    set $host_path "'$APPLICATION_DIR'";

    server_name '$APP_HOSTNAME';
    root $host_path;

    charset utf-8;

    location / {
        index index.html;
 		try_files $uri /index.html;
    }

    access_log  /var/log/nginx/'$APP_HOSTNAME'-access.log;
    error_log   /var/log/nginx/'$APP_HOSTNAME'-error.log;

    location ~ /.well-known/acme-challenge { allow all; }

    # prevent nginx from serving dotfiles (.htaccess, .svn, .git, etc.)
    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
    }
 }
 ' > /etc/nginx/sites-available/$APP
 ln -s /etc/nginx/sites-available/$APP /etc/nginx/sites-enabled/$APP
 service nginx restart

 cat <<EOF > ~/install_notes.txt
 Application environment is now configured. 

 Hostname:    $APP_HOSTNAME
 Appdir:      $APPLICATION_DIR
 GIT Branch:  $GIT_BRANCH

 You must perform the following tasks manually: 

 1. If you have not done it previously, configure postfix to use a sendhost like mandrillapp.
   See: https://cloud.google.com/compute/docs/sending-mail#postfixsendgrid 

 2. Add the CodeShip Project's SSH key to this server's git user authorized_keys file. 

    NOTE: 
    This is best done via the Google Developer console. 
    Prefix the key description with git@
    
 3. Configure CodeShip Project Deployment (under Project Settings > Deployment)

    $ git fetch --unshallow origin
    $ git push git@[server hostname/ip]:$APP.git $GIT_BRANCH
    
 4. Make a commit and push it to GitHub to start a build @ CodeShip. If the build succeeds, code is deployed to the server.

 5. Set the $APP_HOSTNAME DNS to resolve to this server's public IP address when you have confirmed that everything works.

 6. Optionally reconfigure the nginx virtualhost to use SSL. For more information, see: 
   https://www.digitalocean.com/community/tutorials/how-to-create-an-ssl-certificate-on-nginx-for-ubuntu-14-04#step-two-—-configure-nginx-to-use-ssl

 EOF

 cat ~/install_notes.txt
	#!/bin/bash

	# This script does the following things
	# - update apt respositories
	# - Install:
	# - nginx
	# - git
	# - Create a GIT User
	# - Set up GIT bare repo
	# - Set up GIT working directories for nginx
	# - TODO: configure nginx to use PHP-FPM
	# - TODO: perform initial checkout (run by codeship or manual remote push)
	# - TODO: enable website in nginx (on catch-all vhost?)
	# - TODO: optimize nginx performance
	ValidHostnameRegex="^(([a-zA-Z0-9]\|[a-zA-Z0-9][a-zA-Z0-9\-][a-zA-Z0-9])\.)([A-Za-z0-9]\|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$";

	echo -n "App name: "
	read APP
	if [[ ! ${APP} =~ ^[a-zA-Z][a-zA-Z0-9_-]+$ ]]; then
	echo "Invalid app name. Please simplify. No special chars. Start with a letter from the alphabet"
	exit 1
	fi

	echo -n "App hostname: "
	read APP_HOSTNAME
	if [[ ! ${APP_HOSTNAME} =~ $ValidHostnameRegex ]]; then
	echo "Invalid hostname. Please simplify. No special chars. Start with a letter from the alphabet"
	exit 1
	fi

	echo -n "GIT branch: "
	read GIT_BRANCH
	if [[ ! ${GIT_BRANCH} =~ ^[a-zA-Z][a-zA-Z0-9/_-]+$ ]]; then
	echo "Invalid git branch name. Please simplify. No special chars. Start with a letter from the alphabet"
	exit 1
	fi

	GIT_USER=git
	GIT_GROUP=git
	GIT_HOME=/home/git
	GIT_REPOSITORY=$GIT_HOME/$APP.git
	WEBSERVER_USER=www-data
	WEBSERVER_GROUP=www-data
	APPLICATION_DIR=/var/www/$APP

	#############################

	set -e
	if [[ $EUID -ne 0 ]]; then
	echo "You must be a root user to run this script." 2>&1
	exit 1
	fi

	# Set TimeZone
	echo "Europe/Amsterdam" \| tee /etc/timezone
	dpkg-reconfigure --frontend noninteractive tzdata

	apt-get update
	echo "Installing Postfix. Please see https://cloud.google.com/compute/docs/sending-mail#postfixsendgrid for install instructions."
	read -p "Press [Enter] key to continue..."
	echo "Again: make sure you follow the instructions here! https://cloud.google.com/compute/docs/sending-mail#postfixsendgrid"
	read -p "Have you read it? Press [Enter] key to continue for real this time..."
	apt-get install -y libsasl2-modules postfix # manual configuration required here! See https://cloud.google.com/compute/docs/sending-mail#postfixsendgrid
	apt-get install -y nginx
	apt-get install -y git
	curl -sL https://deb.nodesource.com/setup_9.x \| sudo -E bash -
	apt-get install -y nodejs

	# Install global node packages
	npm install -g bower

	# Create symlink to node for nodejs bin
	# sudo ln -s /usr/bin/nodejs /usr/bin/node

	#create web app directories and set ownership and permissions
	mkdir -p $APPLICATION_DIR
	chown -R $WEBSERVER_USER:$WEBSERVER_GROUP $APPLICATION_DIR
	chmod -R ug+rws $APPLICATION_DIR

	#Set up git user and create a bare repository
	useradd -m -s /bin/bash -G $WEBSERVER_GROUP $GIT_USER # TODO make /bin/nologin
	su - $GIT_USER -c "mkdir -p "$GIT_REPOSITORY" && cd "$GIT_REPOSITORY"; git init --bare;"

	# START: create 'hook/post-receive' script
	echo '#!/bin/bash

	export GIT_WORK_TREE='$APPLICATION_DIR'

	GIT_BRANCH='$GIT_BRANCH'

	#################

	set -e

	echo "Deploying $GIT_BRANCH branch to local worktree ... "
	git checkout -f $GIT_BRANCH

	cd $GIT_WORK_TREE

	echo "Update Bower Packages ... "
	bower --allow-root install

	echo "Change file ownership to $WEBSERVER_USER:$WEBSERVER_GROUP ... "
	chown -R $WEBSERVER_USER:$WEBSERVER_GROUP $GIT_WORK_TREE

	echo "Done deploying"
	' > $GIT_REPOSITORY/hooks/post-receive
	# END: create 'hook/post-receive' script

	chmod 0775 $GIT_REPOSITORY/hooks/post-receive
	chown -R $GIT_USER:$GIT_GROUP $GIT_HOME/*


	echo '
	server {
	set $host_path "'$APPLICATION_DIR'";

	server_name '$APP_HOSTNAME';
	root $host_path;

	charset utf-8;

	location / {
	index index.html;
	try_files $uri /index.html;
	}

	access_log /var/log/nginx/'$APP_HOSTNAME'-access.log;
	error_log /var/log/nginx/'$APP_HOSTNAME'-error.log;

	location ~ /.well-known/acme-challenge { allow all; }

	# prevent nginx from serving dotfiles (.htaccess, .svn, .git, etc.)
	location ~ /\. {
	deny all;
	access_log off;
	log_not_found off;
	}
	}
	' > /etc/nginx/sites-available/$APP
	ln -s /etc/nginx/sites-available/$APP /etc/nginx/sites-enabled/$APP
	service nginx restart

	cat <<EOF > ~/install_notes.txt
	Application environment is now configured.

	Hostname: $APP_HOSTNAME
	Appdir: $APPLICATION_DIR
	GIT Branch: $GIT_BRANCH

	You must perform the following tasks manually:

	1. If you have not done it previously, configure postfix to use a sendhost like mandrillapp.
	See: https://cloud.google.com/compute/docs/sending-mail#postfixsendgrid

	2. Add the CodeShip Project's SSH key to this server's git user authorized_keys file.

	NOTE:
	This is best done via the Google Developer console.
	Prefix the key description with git@

	3. Configure CodeShip Project Deployment (under Project Settings > Deployment)

	$ git fetch --unshallow origin
	$ git push git@[server hostname/ip]:$APP.git $GIT_BRANCH

	4. Make a commit and push it to GitHub to start a build @ CodeShip. If the build succeeds, code is deployed to the server.

	5. Set the $APP_HOSTNAME DNS to resolve to this server's public IP address when you have confirmed that everything works.

	6. Optionally reconfigure the nginx virtualhost to use SSL. For more information, see:
	https://www.digitalocean.com/community/tutorials/how-to-create-an-ssl-certificate-on-nginx-for-ubuntu-14-04#step-two-—-configure-nginx-to-use-ssl

	EOF

	cat ~/install_notes.txt