Last active
December 1, 2019 08:15
-
-
Save vsnai/3b95b8e9c3bfb1bd224b007cc6ce534a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
if [ $# -ne 5 ]; then | |
echo ". prov.sh username password appname your_domain.com your_email@gmail.com" | |
exit 1 | |
fi | |
username="$1" | |
password="$2" | |
app="$3" | |
domain="$4" | |
email="$5" | |
echo "Adding repos, updating, and installing packages" | |
add-apt-repository -y ppa:nginx/development | |
add-apt-repository -y ppa:ondrej/php | |
add-apt-repository -y ppa:certbot/certbot | |
add-apt-repository -y ppa:chris-lea/redis-server | |
apt update | |
apt -y install git vim curl wget zip unzip htop | |
apt -y install nginx | |
apt -y install python-certbot-nginx | |
apt -y install mysql-server | |
apt -y install php7.4-{fpm,mysql,mbstring,xml,bcmath,fpm,zip} | |
apt -y install redis-server php-redis | |
echo "Setting up Firewall" | |
ufw allow ssh | |
ufw allow http | |
ufw allow https | |
ufw --force enable | |
echo "Configuring nginx" | |
cat > default << EOL | |
server { | |
listen 80; | |
listen [::]:80; | |
root /var/www/html; | |
index index.html index.htm index.nginx-debian.html; | |
server_name $domain www.$domain; | |
location / { | |
try_files \$uri \$uri/ =404; | |
} | |
} | |
EOL | |
mv default /etc/nginx/sites-available/ | |
service nginx restart | |
echo "Enabling HTTPS w/ Let's Encrypt" | |
certbot --nginx -n -d $domain -d www.$domain -m $email --agree-tos --redirect --no-eff-email | |
# echo "Creating a new user" | |
# useradd -m -p $(openssl passwd -1 $password) $username && usermod -aG sudo $username | |
# touch /home/$username/.hushlogin | |
# rsync --archive --chown=$username:$username ~/.ssh /home/$username | |
echo "Configuring nginx" | |
cat > default << EOL | |
server { | |
listen 80; | |
listen [::]:80; | |
server_name $domain; | |
return 301 https://\$server_name\$request_uri; | |
} | |
server { | |
listen 443 ssl http2; | |
listen [::]:443 ssl http2; | |
server_name $domain; | |
root /var/www/current; | |
ssl_certificate /etc/letsencrypt/live/$domain/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/$domain/privkey.pem; | |
ssl_protocols TLSv1.2; | |
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; | |
ssl_prefer_server_ciphers on; | |
add_header X-Frame-Options "SAMEORIGIN"; | |
add_header X-XSS-Protection "1; mode=block"; | |
add_header X-Content-Type-Options "nosniff"; | |
index index.html index.php; | |
charset utf-8; | |
location / { | |
try_files \$uri \$uri/ /index.php?\$query_string; | |
} | |
location = /favicon.ico { access_log off; log_not_found off; } | |
location = /robots.txt { access_log off; log_not_found off; } | |
error_page 404 /index.php; | |
location ~ \.php\$ { | |
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; | |
fastcgi_index index.php; | |
fastcgi_param SCRIPT_FILENAME \$realpath_root\$fastcgi_script_name; | |
include fastcgi_params; | |
} | |
location ~ /\.(?!well-known).* { | |
deny all; | |
} | |
} | |
EOL | |
mv default /etc/nginx/sites-available/ | |
service nginx restart | |
rm -rf /var/www/html | |
mkdir -p /var/www/releases/1 | |
ln -s /var/www/releases/1 /var/www/current | |
# ln -sfn /var/www/releases/2 /var/www/current | |
cat > /var/www/releases/1/index.html << EOL | |
<h1>Success</h1> | |
<p>Provisioned by wdv.io</p> | |
EOL | |
# mkdir -p /home/$username/$app/current/public | |
# cat > /home/$username/$app/current/public/index.html << EOL | |
# <h1>Success</h1> | |
# <p>Provisioned by wdv.io</p> | |
# EOL | |
echo "Setting up MySQL" | |
mysql --user=root <<_EOF_ | |
DELETE FROM mysql.user WHERE User=''; | |
DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1'); | |
DROP DATABASE IF EXISTS test; | |
DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'; | |
CREATE DATABASE $app DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; | |
CREATE USER $username@'localhost' IDENTIFIED BY '$password'; | |
GRANT ALL PRIVILEGES ON $app.* TO $username@'localhost'; | |
FLUSH PRIVILEGES; | |
_EOF_ | |
echo "Setting up Redis" | |
echo "Setting up Composer" | |
expected_signature="$(wget -q -O - https://composer.github.io/installer.sig)" | |
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" | |
actual_signature="$(php -r "echo hash_file('sha384', 'composer-setup.php');")" | |
if [ "$expected_signature" != "$actual_signature" ] | |
then | |
>&2 echo 'ERROR: Invalid installer signature' | |
rm composer-setup.php | |
exit 1 | |
fi | |
php composer-setup.php --quiet | |
RESULT=$? | |
rm composer-setup.php | |
mv composer.phar /usr/local/bin/composer | |
echo "Optimizing '/etc/php/7.4/fpm/pool.d/www.conf'" | |
sed -i 's/pm.max_children = 5/pm.max_children = 10/g' /etc/php/7.4/fpm/pool.d/www.conf | |
sed -i 's/pm.start_servers = 2/pm.start_servers = 4/g' /etc/php/7.4/fpm/pool.d/www.conf | |
sed -i 's/pm.min_spare_servers = 1/pm.min_spare_servers = 2/g' /etc/php/7.4/fpm/pool.d/www.conf | |
sed -i 's/pm.max_spare_servers = 3/pm.max_spare_servers = 4/g' /etc/php/7.4/fpm/pool.d/www.conf | |
sed -i 's/;pm.max_requests = 500/pm.max_requests = 1000/g' /etc/php/7.4/fpm/pool.d/www.conf | |
service php7.4-fpm restart | |
echo "Setup Node.js" | |
curl -sL https://deb.nodesource.com/setup_13.x | sudo bash - | |
apt install -y nodejs |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment