Skip to content

Instantly share code, notes, and snippets.

@ZEROF
Last active August 20, 2020 12:38
Show Gist options
  • Save ZEROF/10743343 to your computer and use it in GitHub Desktop.
Save ZEROF/10743343 to your computer and use it in GitHub Desktop.
Hiawatha web server install script (Hiawatha,PHP-FPM,MariaDB)
#!/bin/bash
# This script will help you to set Hiawatha Server.
# Tested on Devuan 8 32/64bit. Debian Jessie supported as well.
# Script author ZEROF <zerof at backbox dot org>
# If you like Linux and security join http://backbox.org
# Script version 0.6c
# This script is distributed under a DO WHAT THE F*** YOU WANT TO PUBLIC LICENSE.
# http://www.wtfpl.net/txt/copying/
clear
function banner ()
{
echo ""
echo -e "╦ ╦┬┌─┐┬ ┬┌─┐┌┬┐┬ ┬┌─┐ ╔═╗╦ ╦╔═╗ ╔═╗╔═╗╔╦╗ ╔╦╗┌─┐┬─┐┬┌─┐╔╦╗╔╗ "
echo -e "╠═╣│├─┤│││├─┤ │ ├─┤├─┤───╠═╝╠═╣╠═╝───╠╣ ╠═╝║║║───║║║├─┤├┬┘│├─┤ ║║╠╩╗"
echo -e "╩ ╩┴┴ ┴└┴┘┴ ┴ ┴ ┴ ┴┴ ┴ ╩ ╩ ╩╩ ╚ ╩ ╩ ╩ ╩ ╩┴ ┴┴└─┴┴ ┴═╩╝╚═╝"
}
# Vars
config="/etc/hiawatha/hiawatha.conf"
connect1="ConnectTo = /var/lib/hiawatha/php-fcgi.sock"
connect2="ConnectTo = /var/run/php5-fpm.sock"
info="[!]This is only for fresh installed servers, script don't check if you made changes on your system.\n[!]If something goes wrong, you can find hiawatha.conf.backup in /etc/hiawatha/."
up="\033[1;33m[!]\e[0m"
#User check. Must be r00t
if [ $USER != 'root' ]; then
echo "[!]Are you root? NO. Then try again."
exit
fi
# End function
function enter ()
{
echo ""
read -sn 1 -p "Press any key to continue..."
clear
}
#Check for system versin and egrep last package from tuxhelp
download_deb() {
wget "https://files.tuxhelp.org/hiawatha/$(wget -O- https://files.tuxhelp.org/hiawatha | egrep -o "hiawatha_[0-9\.]+_$1.deb" | sort -V | sort -V | tail -1)"
}
#Download
down() {
if [ "$(getconf LONG_BIT)" = "64" ]; then
download_deb amd64
else
download_deb i386
fi
}
# Just to be sure that menu will work around
$selection
# Restart Hiawatha
function restart ()
{
service hiawatha restart
}
# Install MariaDB
function mariadb ()
{
apt install mariadb-server -y
}
function mariadb_secure ()
{
mysql_secure_installation
}
# Setting wordpress vhost [s]
function wordpress_vhost()
{
echo -e "\e[31m\n$up This script will remove any directory with name wordpress, take care about that.\nControl + C if you want to check then start script again.\e[0m"
sleep 5
echo -e -n "\n$up Set site/vhost order/remove number(example 1-10): "
read number
echo -e -n "\n$up Enter domain name or your server IP: "
read domain
echo -e -n "\n$up Enter site folder (example /var/www/hiawatha/wordpress): "
read root
echo -e -n "\n$up Enter site default page (index.php or index.html): "
read index
echo -e "\n#${number}\nVirtualHost {\n\tHostname = ${domain} \n\tWebsiteRoot = ${root}\n\tStartFile = ${index} #Use index.php or index.html\n\t#AccessLogfile = ${root}/access.log\n\t#ErrorLogfile = ${root}/error.log\n\tTimeForCGI = 5\n\tUseFastCGI = PHP5\n\tUseToolKit = wordpress\n}\n
#${number}\nUrlToolkit {\nToolkitID = wordpress\nRequestURI exists Return\nMatch .*\?(.*) Rewrite /index.php?$1\nMatch .* Rewrite /index.php\n}" >> $config
mkdir -p $root
}
# wget last version from WP site
function wordpress ()
{
if [ -d "$wordpress)" ]; then
rm -rf wordpress
else
echo -e "\n$up We are going to install your Wordpress site.\n"
enter
fi
wget http://wordpress.org/latest.tar.gz
tar -xzf latest.tar.gz
echo -e -n "$up Your wordpress vhost directory (ex./var/www/hiawatha/wordpress): "
read path
cp -r wordpress ${path}
chown -R www-data:www-data ${path}
rm latest.tar.gz
rm -rf wordpress
}
# Removing wordpress installation
function rem_wordpress()
{
echo -n "\n\t$up Type Wordpress path directory (ex./var/www/hiawatha/wordpress):"
read word_path
rm -rf $word_path
echo -e -n "\n\t$up Enter your mysql user name: "
read user
echo -e -n "\n\t$up Type mysql password(you can't see your password): "
stty_orig=`stty -g`
stty -echo
read pass
stty $stty_orig
echo ""
echo -e -n "\n\t$up Type wordpress database name: "
read db_name
mysql -u $user -p$pass -e "drop database $db_name"
service mysql restart
}
# Setting MySql server details
function set_mysql ()
{
echo -e -n "\n\t$up Enter your mysql user name: "
read user
echo -e -n "\n\t$up Type mysql password(you can't see your password): "
stty_orig=`stty -g`
stty -echo
read pass
stty $stty_orig
echo ""
echo -e -n "\n\t$up Type database name: "
read db_name
mysql -u $user -p$pass -e "create database $db_name"
service mysql remove
}
# Simple function yes and no when user start installation of phpmyadmin
function yes_no ()
{
echo -e "\n$up \e[40;38;5;82mPHPMYADMIN INSTALLATION \e[0m\n"
read -p "Install phpMyAdmin (y/n)? " choice
case "$choice" in
y|Y ) phpmyadmin;admin_hiawatha;where_phpmyadmin;;
n|N ) selection;;
* ) echo -e "$up Wrong answer. Don't worry you can start phpMyadmin installation when you are ready";;
esac
}
# Need to be set for vhost needs
function where_phpmyadmin ()
{
echo -e -n "\n$up Type your main site path directory (ex./var/www/hiawatha/wordpress): "
read phpadmin
ln -s /usr/share/phpmyadmin $phpadmin
}
# Get last version from server and install
function phpmyadmin ()
{
apt install phpmyadmin -y
}
function admin_hiawatha ()
{
sed -i '/#Use index.php or index.html/s/$/\n\tAlias = \/phpmyadmin:\/usr\/share\/phpmyadmin/' $config
restart
enter
}
# Hiawatha function to protect folders and file
function protect ()
{
echo -e -n "\n$up Enter order number for removing rules in the future(ex 1,2): "
read number
echo -e -n "\n$up Enter path directory you want to protect (example /var/www/hiawatha/): "
read directory
echo -e "\n#${number}0\nDirectory {\nPath = $directory\nAccessList = Deny All\n}" >> /etc/hiawatha/hiawatha.conf
restart
}
# Removing protection rule
function protect_remove ()
{
echo -e -n "\n$up Enter remove number: "
read n
for i in "${n[@]}"
do sed -i "/#${n}\0/,/} /d" $config
done
sed -i 's/ $//' $config
restart
}
function fail2 ()
{
apt install fail2ban -y
service fail2ban restart
cd /etc/fail2ban
echo ""
echo -e "\e[30;48;5;82m We are going to protect your server SSH and SFTP with fail2ban. \e[0m \n"
sleep 2
echo -e "\e[30;48;5;82m For that we will need information about port your are using for SSH. \e[0m \n"
sleep 2
echo -ne "\e[30;48;5;82m You SSH port is: \e[0m"
read port
cat <<EOF > "/etc/fail2ban/jail.local"
[ssh]
enabled = true
port = sftp,$port
filter = sshd
logpath = /var/log/auth.log
findtime = 300
maxretry = 3
bantime = 86400
EOF
echo""
service fail2ban restart
}
function fail2_remove()
{
rm /etc/fail2ban/jail.local
apt --purge remove fail2ban -y
}
# Menu
function print_menu()
{
banner
echo ""
echo "[1] - system update, upgrade and dist-upgrade."
echo "[2] - install required dependencies for Hiawatha."
echo "[3] - install PHP5 and PHP5 modules."
echo "[4] - installation of MariaDB 10.0."
echo "[5] - secure MariaDB installation."
echo "[6] - install Hiawatha Webserver."
echo "[7] - set VPS/SERVER time zone."
echo -e "\n\e[40;38;5;82m SETTING HIAWATHA \e[30;48;5;82m WEB SERVER \e[0m \n"
echo "[8] - setting PHP-FPM (FastCGI)."
echo "[9] - add new VHOST (ex. site order number, yoursite.com, /var/www, index.php)"
echo "[10] - install Wordpress (don't run option 9 if you want to do this)."
echo "[11] - remove VHOST."
echo "[12] - install phpMyadmin (run only after setting first vhost)."
echo "[13] - remove phpMyadmin."
echo "[14] - remove Wordpress installation."
echo -e "\n\e[40;38;5;82m HIAWATHA \e[30;48;5;82m SECURITY \e[0m \n"
echo "[15] - protect site directory."
echo "[16] - remove directory protection."
echo "[17] - ban clients who misbehave (basic DDOS protection)."
echo "[18] - install fail2ban and protect SSH and SFTP."
echo "[19] - remove fail2ban and settings."
echo ""
echo "[0] - exit program."
echo ""
echo -e -n "$up Enter selection: "
}
selection=
until [ "$selection" = "0" ]; do
print_menu
read selection
echo ""
case $selection in
1 ) apt update -y;apt upgrade -y;apt dist-upgrade -y; apt install python-pip -y; apt install asciinema;clear;;
2 ) apt install libc6-dev libssl-dev dpkg-dev debhelper curl fakeroot libxml2-dev libxslt1-dev -y;clear;;
3 ) apt install php5-cgi php5 php5-cli php5-mysql php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl php5-xcache apache2-utils php5-fpm -y;enter;;
4 ) apt install python-software-properties -y;mariadb;clear;;
5 ) mariadb_secure;enter;clear ;;
6 ) down; dpkg -i hiawatha_*.deb; rm hiawatha_*;enter ;;
7 ) dpkg-reconfigure tzdata; enter; echo "We are done.It was cool? NO :)";enter ;;
8 ) echo -e $info;sleep 3;cp $config $config\.backup;x=( 57 58 59 60 61 );for i in "${x[@]}";do sed -i "${i}s/^#//" $config;done;sed -i s'/\#CGIhandler\ =\ \/usr\/bin\/php\-cgi\:php/CGIhandler\ = \/usr\/bin\/php\-cgi\:php/' $config;sed -i s#"$connect1"#"$connect2"#g $config;service php5-fpm restart; enter ;;
9 ) echo -e -n "\n$up Set site/vhost remove number(example 1-10): ";read number; echo -e -n "\n$up Enter domain name or your server IP: ";read domain;echo -e -n "\n$up Enter site folder (example /var/www/hiawatha): ";read root;echo -e -n "\n$up Enter site default page (index.php or index.html): ";read index;echo -e "\n#${number}\nVirtualHost {\n\tHostname = ${domain} \n\tWebsiteRoot = ${root}\n\tStartFile = ${index} #Use index.php or index.html\n\t#AccessLogfile = ${root}/access.log\n\t#ErrorLogfile = ${root}/error.log\n\tTimeForCGI = 20\n\tUseFastCGI = PHP5\n}" >> $config;enter ;;
10 ) wordpress_vhost;wordpress;set_mysql;echo "";restart;echo "";service php5-fpm restart;echo -e "\e[31m\n$up Open your browser with your domain or ip and start wordpress installation.\nIf something goes wrong check your settings (/etc/hiawatha/hiawatha.conf)\e[0m";sleep 3;yes_no ;;
11 ) echo -e -n "\n$up Enter site/vhost remove number: " ;read n; for i in "${n[@]}";do sed -i "/#${n}/,/} /d" $config;done;sed -i '$d' $config;enter ;;
12 ) phpmyadmin;admin_hiawatha;where_phpmyadmin; ;;
13 ) apt remove phpmyadmin;rem=$(find / -type d -name phpmyadmin); rm -rf $rem;enter;;
14 ) rem_wordpress;enter ;;
15 ) echo -e "\n$up\e[31m If you want to protect directory from public access use this option\e[0m";protect ;;
16 ) protect_remove ;;
17 ) x=( 40 41 42 43 44 );for i in "${x[@]}";do sed -i "${i}s/^#//" $config;done; clear;;
18 ) fail2; enter ;;
19 ) fail2_remove;clear ;;
0 ) exit ;;
* ) echo -e "$up Please enter 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, ,13, 14, 15, 16, 17, 18, 19 or 0"
esac
done
@newreality
Copy link

Running script on new Debian 7.1 vps install pulls dist-upgrade packages post-Jessie update which creates errors in FPM install. Could you update this wonderful script? Thanks!

Copy link

ghost commented May 6, 2015

Instead of updating the script for every Hiawatha release, maybe you can use the version number of the latest release as published via https://www.hiawatha-webserver.org/latest

@ZEROF
Copy link
Author

ZEROF commented Aug 10, 2015

Hi all. I will start to work on few updates starting from tonight :). Hope to fix all until next weekend.

To do:

  1. Auto-update from repository
  2. Fixing php-fpm issue (new issue pop-up after last Debian 8 updates, need to work on that this week).
  3. Moving to Debian 8
  4. Updating phpmyadmin version (this need to be be done every time on my side, because i host edited version of phpmyadmin to work out of box)
  5. Removing old and not supported php packages for Debian 8, php5-ming, php5-ps, php5-ffmpeg
  6. Default version of MariaDB now is 10.* (from Jessie)

** I just made small update and set script to egrep last hiawatha Debian packages.

P.S. Debian 8 made a lot of updates from last script update (new php version is one of them) and i will need to boot up new test machine and see how things goes on, small updates need to be worked on. I got one free VPS today to test all this and I hope to bring new version soon. 27/01/2016 (Happy New Year folks). I just got new SSD as well and that will speed up my work. Test i was running on my local machine are not same as running them on servers from providers (in most case they are VPS running on openvz).

About MariaDB ... Before new versions 10.1 and 10.0 i was 100% for using Mariadb, but as don't see direction of Mariadb I'm not sure that i will stick with it. Some issues on clients servers etc. made me think that i need stable data system, and I'm not sure that I can trust Mariadb on that. Friend of mine lost some data on Zimbra server (using MariaDB 10.0-15) and we did spend few days to fix issues but without luck fro now.

Hope to bring full update script soon. Cheers!

@ZEROF
Copy link
Author

ZEROF commented Jan 29, 2016

Hi all,

I'm happy to share new version with you (0.6). I will not remove old version from internet, but you will need to fix issues if you find some, i wanted to keep with Debian 7 support, but it's not logic anymore. This version was tested on Devuan (Debian without systemd). I will need testers, run it and see how things will go on your side. About updates:

  1. Full Debian 8+ support
  2. MariaDB 10.0+
  3. Removed dns servers installation, this will stay Hiawatha install and administration script, no time for more
  4. Fixed fast PHP (php-fpm)
  5. New security option (ban abusive users)
  6. Code clean up

TO DO

  1. Better PHP security
  2. XSS protection and other security options

And more ...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment