Skip to content

Instantly share code, notes, and snippets.

@DevSusu

DevSusu/1-setup.sh

Last active December 19, 2024 19:20
Show Gist options
  • Save DevSusu/c8c301e76fbf0b8130c483e2c34388cc to your computer and use it in GitHub Desktop.
Save DevSusu/c8c301e76fbf0b8130c483e2c34388cc to your computer and use it in GitHub Desktop.
Download ZIP
Setup Apache, LetsEncrypt, Vsftpd for multiple domain, multiple users (Ubuntu 18.04)
Raw
1-setup.sh
# reference
# ubuntu, php
# https://websiteforstudents.com/apache2-with-php-7-1-support-on-ubuntu-18-04-lts-beta-server/
# apache
# https://www.digitalocean.com/community/tutorials/how-to-install-the-apache-web-server-on-ubuntu-18-04
# https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-18-04
# vsftpd
# https://sinaru.com/2015/08/22/vsftp-to-backup-multiple-websites/
# https://www.digitalocean.com/community/tutorials/how-to-set-up-vsftpd-for-a-user-s-directory-on-ubuntu-18-04
sudo apt update
sudo apt install software-properties-common
sudo apt install apache2
sudo systemctl status apache2
# for letsencrypt (ssl certificate)
sudo add-apt-repository ppa:certbot/certbot
sudo apt install python-certbot-apache
# php & apache2
sudo add-apt-repository ppa:ondrej/php
sudo apt install php libapache2-mod-php
# fix timezone settings
sudo vi /etc/php/7.4/apache2/php.ini
# add index.php to default
sudo vi /etc/apache2/dir.conf
# default site for obtaining main cert (for ftp-ssl)
sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/<your_domain>.conf
sudo vi /etc/apache2/sites-available/<your_domain>.conf
# add ServerName <your_domain>, ServerAlias <your_domain>
sudo touch /etc/apache2/sites.conf
sudo vi /etc/apache2/apache2.conf
# add line Include sites.conf
sudo apache2ctl configtest
sudo a2ensite <your_domain>
sudo a2dissite 000-default
sudo systemctl reload apache2
sudo certbot --apache -d <your_domain>
# cert is saved on /etc/letsencrypt/live/<your_domain>/
sudo apache2ctl configtest
sudo systemctl reload apache2
---
$ sudo apt install vsftpd
# backup conf
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig
# setup firewall
sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
sudo ufw allow 990/tcp
sudo ufw allow 40000:50000/tcp
$ sudo vi /etc/vsftpd.conf
# edit as vsftpd.conf file below
sudo systemctl restart vsftpd
# get ready for allowing only ftp login for created users (in addsite.sh)
sudo vi /bin/ftponly
sudo chmod a+x /bin/ftponly
sudo vi /etc/shells
# add 1 line
# /bin/ftponly
# create base apache conf files (copy from below)
vi base.conf
vi ssl.conf
# create scripts, make it executable
vi adduser.sh
vi addsite.sh
sudo chmod +x adduser.sh
sudo chmod +x addsite.sh
Raw
2-adduser.sh
# $1 : username
echo "creating new user and directory"
# create user and directory
sudo adduser $1 --disabled-password --gecos ""
sudo passwd $1
sudo mkdir -p /home/$1/ftp/www/
sudo chown nobody:nogroup /home/$1/ftp
sudo chmod a-w /home/$1/ftp
sudo chown $1:$1 /home/$1/ftp/www
sudo ls -la /home/$1/ftp
echo "user $1 created and directory is all set (/home/$1/ftp)"
echo "enabling ftp login.."
# add user to vsftpd.userlist
echo "$1" | sudo tee -a /etc/vsftpd.userlist
sudo systemctl restart vsftpd
# only allow ftp login
sudo usermod $1 -s /bin/ftponly
echo "ftp now available"
Raw
3-addsite.sh
# first, make sure your domain points to the original server
# $1 : username
# $2 : domain
# $3 : domain alias (www). optional
echo "creating new apache virtualhost"
# setup apache, create a cert
if [ -z "$3" ]
then
sudo sed -e "s/<username>/$1/g" -e "s/<domain>/$2/g" base.conf > $2.conf
else
sudo sed -e "s/<username>/$1/g" -e "s/<domain>/$2/g" -e "s/<alias>/$3/g" base.conf > $2.conf
fi
sudo mv $2.conf /etc/apache2/sites-available/
sudo sed -e "s/<username>/$1/g" sites.conf | sudo tee -a /etc/apache2/sites.conf
sudo apache2ctl configtest
sudo a2ensite $2
sudo systemctl restart apache2
if [ -z "$3" ]
then
echo "Site all set! visit http://$2"
echo "run sudo certbot --apache -d $2"
else
echo "Site all set! visit http://$2 , http://$3"
echo "run sudo certbot --apache -d $2 -d $3"
fi
Raw
base.conf
<VirtualHost *:80>
ServerAdmin <your_email>
ServerName <domain>
ServerAlias <alias>
DocumentRoot /home/<username>/ftp/www/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Raw
ftponly
#!/bin/sh
echo "This account is limited to FTP access only."
Raw
sites.conf
<Directory /home/<username>/ftp/www/>
AllowOverride All
Require all granted
</Directory>
Raw
ss.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin [email protected]
ServerName <domain>
ServerAlias <alias>
DocumentRoot /home/<username>/ftp/www/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/<domain>/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/<domain>/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/<domain>/chain.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Raw
vsftpd.conf
listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
ssl_enable=YES
rsa_cert_file=/etc/letsencrypt/live/<your_domain>/cert.pem
rsa_private_key_file=/etc/letsencrypt/live/<your_domain>/privkey.pem
allow_anon_ssl=NO
user_sub_token=$USER
local_root=/home/$USER/ftp
pasv_min_port=40000
pasv_max_port=50000
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment