Server installation script

unix server setup

Server security
http://www.codelitt.com/blog/my-first-10-minutes-on-a-server-primer-for-securing-ubuntu/
https://www.inversoft.com/guides/2016-guide-to-user-data-security


echo todo https://www.magentocommerce.com/wiki/1_-_installation_and_configuration/configuring_nginx_for_magento
echo todo http://blog.nexcess.net/2010/12/06/securing-magento-file-directory-permissions/

read -p "Press any key to continue..." -n1 -s

#sudo -s
#!/bin/bash
if [[ $(/usr/bin/id -u) -ne 0 ]]; then
    echo "Not running as root"
    exit
fi

apt-get update -y
apt-get upgrade -y

apt-get install curl build-essential linux-headers-`uname -r` -y

#firewall
open port 80
ufw allow 2108
ufw allow http
ufw logging off
ufw enable

#install ssh
apt-get install openssh-server
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original
chmod a-w /etc/ssh/sshd_config.original
echo -e "\n\nPubkeyAuthentication yes" >> /etc/ssh/sshd_config
echo -e "\n\nAllowGroups sshusers" >> /etc/ssh/sshd_config
echo change port to 2108
read -p "Press any key to continue... " -n1 -s
nano /etc/ssh/sshd_config
ssh-keygen -t dsa
/etc/init.d/ssh restart
echo Now copy the file ~/.ssh/id_dsa.pub to the client and put it in  ~/.ssh/authorized_keys
read -p "Press any key to continue... " -n1 -s
groupadd -r sshusers
useradd -G sshusers latuser
passwd latuser

# add this to .bash_profile of the ssh user to source the .bashrc file
if [ -f ~/.bashrc ]; then
  . ~/.bashrc
fi

# add aliases to .bashrc
alias ll='ls -alFh'
alias ls='ls --color=auto'

#install mysql
apt-get install mysql-server mysql-client
/usr/bin/mysql_secure_installation
mysql_install_db
service mysql restart

read -s -p "Please provide password for user magento_user:" passwordmagentouser

read -d '' SQLCMD <<EOF
CREATE DATABASE magento;
GRANT ALL PRIVILEGES ON magento.* TO
"magento_user"@"localhost" IDENTIFIED BY
"$passwordmagentouser";
FLUSH PRIVILEGES;
ALTER DATABASE magento DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
EXIT
EOF

mysql -u root -p -e "${SQLCMD}"

# install nginx
nginx=stable # use nginx=development for latest development version
add-apt-repository ppa:nginx/$nginx
apt-get update
apt-get install nginx
useradd --no-create-home nginx
service nginx start
echo todo use magento configuration for site https://www.magentocommerce.com/wiki/1_-_installation_and_configuration/configuring_nginx_for_magento

#todo configure nginx.conf http://www.rackspace.com/knowledge_center/article/installing-nginx-and-php-fpm-setup-for-nginx

cd /etc/nginx
tar -czf NGINX_Config_Backup.tar.gz nginx.conf fastcgi_params

echo configure nginx.conf
echo see http://www.howtoforge.com/installing-nginx-with-php5-and-php-fpm-and-mysql-support-lemp-on-ubuntu-12.04-lts
echo change worker_processes to the number of CPU cores
echo worker_processes 4;
echo You should now edit the worker_connections variable. It's the number of simultaneous requests 
echo nginx can handle per worker. So a 1024 value allows me to handle 4096 requests.
read -p "Press any key to continue..." -n1 -s
nano /etc/nginx/nginx.conf

# install php
gpg --keyserver keys.gnupg.net --recv-key 89DF5277
gpg -a --export 89DF5277 | sudo apt-key add -
apt-get update -y
apt-get upgrade -y
apt-get install build-essential php5-cli php5-common -y
apt-get install php5-fpm php5-cgi php-pear php5-mysql php5-gd php5-curl php5-mcrypt -y
php5enmod mcrypt

# development
# apt-get install php5-dev php5-user-cache

echo -e "\n\n[apc]\napc.write_lock = 1\napc.slam_defence = 0" >> /etc/php5/fpm/php.ini
echo -e "\n\nlisten.owner = nginx\nlisten.group = nginx\nlisten.mode = 0660" >> /etc/php5/fpm/pool.d/www.conf
echo replace listen=127.0.0.1:9000 with listen=/var/run/php5-fpm.sock
echo replace user = www-date and group = www-date with user = nginx and group = nginx
read -p "Press any key to continue..." -n1 -s
nano /etc/php5/fpm/pool.d/www.conf

nano /etc/php.ini
      Add `extension=pdo.so`
      Add `extension=pdo_mysql.so`
 
# When you open up php.ini, find cgi.fix_pathinfo and set the value to ``
# set date.timezone and cgi.fix_pathinfo = 0
# change memory_limit to memory_limit = 512M
           
cd /opt/local/etc/php5
cp php-fpm.conf.default php-fpm.conf
cp php.ini-development php.ini
 
nano /etc/php5/fpm/pool.d/www.conf
 
# ... and make the listen line look as follows:
 
# [...]
# ;listen = 127.0.0.1:9000
# listen = /var/run/php5-fpm.sock
# ..]

sed -i -e '1i#mkdir /var/run/php5-fpm.sock\' /etc/rc.local
sed -i -e '1i#chown nginx /var/run/php5-fpm.sock\' /etc/rc.local

#mv /etc/php5/fpm/pool.d/www.conf /etc/php5/fpm/pool.d/www.conf.bak

echo todo: config file php-fpm pool.d sockets file http://www.rackspace.com/knowledge_center/article/installing-nginx-and-php-fpm-setup-for-php-fpm
read -p "Press any key to continue..." -n1 -s

# magento
useradd -m magento_user
passwd magento_user
mkdir /var/www/devmagento
chown -R magento_user /var/www/devmagento
echo todo, dit is nog niet correct!
echo zie file and dir ownership op http://www.magentocommerce.com/knowledge-base/entry/ce18-and-ee113-installing#install-sample
read -p "Press any key to continue..." -n1 -s
find /var/www/devmagento -type d -exec chmod 700 {} \;
find /var/www/devmagento -type f -exec chmod 600 {} \;

# chmod uo+w /var/www/devmagento/app/etc
# chmod uo+w -R /var/www/devmagento/media

curl -O http://www.magentocommerce.com/downloads/assets/1.9.0.1/magento-1.9.0.1.tar.gz
tar xzvf /tmp/magento-1.9.0.1.tar.gz -C /var/www/devmagento
#for apache
echo "AcceptPathInfo On" >> /var/www/magento/magento/.htaccess

#phpmyadmin
apt-get install phpmyadmin -y
# host phpmyadmin on http:://DOMAIN/dbmgr
ln -s /usr/share/phpmyadmin /var/www/devmagento/dbmgr

service nginx restart
service php5-fpm restart

echo open http://YOURDOMAIN/index.php/install to configure magento