bebehei · May 4, 2014 14:51
diff --git a/siteadd.sh b/siteadd.sh
 #!/bin/bash

 # siteadd.sh script is used to add Unix-Accounts with surrounding setup for
 # php-fpm, mysql and nginx to host a websie with a dedicated user-account

 die(){
 	echo -e "\033[31m${@}\033[0m" >&2;
 	exit 1;
 }

 function usage(){
 cat << EOF
 USAGE:
     $0 -a USERNAME -d domain.tld
 OPTIONS:
     -a The username to serve in the Unix-Namesystem
     -d The domainname to serve
     -p password for the user (optional)
     -h print this help and exit
 EOF
 if [[ -z $1 ]]; then
 	exit 0
 	else
 		echo $1
 		exit 1
 fi
 }

 #check if needed commands are available
 command -v mysql >/dev/null 2>/dev/null
 [ $? -ne 0 ] && die 'DEP: MySQL is not installed!'
 command -v makepasswd >/dev/null 2>/dev/null
 [ $? -ne 0 ] && die 'DEP: The command makepasswd is not installed!'
 command -v useradd >/dev/null 2>/dev/null
 [ $? -ne 0 ] && die 'DEP: The command useradd is not installed!'

 PWLENGTH_MIN=20;
 PWLENGTH_MAX=25;

 USERLENGTH_MAX=16;

 ## make sure about trailing and leading slash.
 ## it wont get checked anywhere
 BASE_HTTP=/srv/http;
 BASE_FPM=/etc/php/fpm.d;
 BASE_NGINX=/etc/nginx/available-sites;

 BASE_SKEL=$BASE_HTTP/.skel;

 # Get all options
 while getopts ":a:d:p:h" opt; do
 	case $opt in
 		a)
 			ACC_USER=$OPTARG
 			;;
 		d)
 			ACC_DOMAIN=$OPTARG
 			;;
 		p)
 			ACC_PW=$OPTARG
 			;;
 		\?)
 			usage "Invalid option: -$OPTARG"
 			;;
 		h)
 			usage 0;
 			;;
 	esac
 done

 ##START CHECK VALUES
 [ -z $ACC_DOMAIN ] && usage 'No Domain given!'
 [ -z $ACC_USER ] && usage 'No user given!'

 #aufgrund von MySQL darf Nutzername maximal 16 Zeichen lang sein.
 ACC_USER=http-$ACC_USER
 [ ${#ACC_USER} -gt $USERLENGTH_MAX ] && die 'Username too long!'

 if [ -z $ACC_HOME ]; then
 	ACC_HOME=$BASE_HTTP/$ACC_DOMAIN
 fi
 if [ -e $ACC_HOME ]; then
 	die "Home-folder $ACC_HOME exists!"
 fi
 echo Homefolder: $ACC_HOME

 # Password
 if [ -z $ACC_PW ]; then
 	ACC_PW=$(makepasswd --maxchars $PWLENGTH_MAX --minchars $PWLENGTH_MIN || die makepass is not installed)
 fi
 echo MYSQL-PW for user $ACC_USER: $ACC_PW
 ##END CHECK VALUES

 #System User Creation
 useradd --system -mk $BASE_SKEL -c $ACC_DOMAIN -s /bin/false -d $ACC_HOME $ACC_USER || die "user $ACC_USER not added!"

 #MYSQL User Creation
 (mysql || die "Could not create mysql-account") << EOF
 CREATE USER '$ACC_USER'@'localhost' IDENTIFIED BY '$ACC_PW';
 GRANT USAGE ON *.* TO '$ACC_USER'@'localhost' IDENTIFIED BY '$ACC_PW' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0;
 CREATE DATABASE IF NOT EXISTS \`$ACC_USER\`;
 GRANT ALL PRIVILEGES ON \`$ACC_USER\`.* TO '$ACC_USER'@'localhost';
 GRANT ALL PRIVILEGES ON \`$ACC_USER\_%\`.* TO '$ACC_USER'@'localhost';
 EOF

 ##########################################################
 #START CATTING FILES, which are necessary for the ACCOUNT!
 ##########################################################
 cat << EOF > $ACC_HOME/.my.cnf
 [client]
 user=$ACC_USER
 password=$ACC_PW
 port=3306
 socket=/var/run/mysqld/mysqld.sock
 EOF

 #mind the >> to append to chmod.sh
 cat << EOF >> $BASE_HTTP/chmod.sh
 #Rules for $ACC_DOMAIN
 find $ACC_HOME -maxdepth 1 -not -name sock -not -name $ACC_DOMAIN | xargs -d "\\n" chown -R $ACC_USER:http --
 find $ACC_HOME -maxdepth 1 -not -name sock -not -name $ACC_DOMAIN | xargs -d "\\n" chmod -R g+rx --
 EOF

 cat << EOF > $BASE_NGINX/$ACC_DOMAIN.conf
 server {
 	listen      443 ssl spdy;
 	server_name $ACC_DOMAIN;

 	location ~ /(.*\\.php)$ {
 		fastcgi_pass	unix:/run/php-fpm/${ACC_USER}.sock;
 		fastcgi_index	index.php;
 		fastcgi_param	SCRIPT_FILENAME	/html/\$fastcgi_script_name;
 		include				conf/fastcgi_params;
 	}

 	location ~ /\\.ht {
 		deny  all;
 	}
 }
 EOF

 #FPM
 cat << EOF > $BASE_FPM/$ACC_USER.conf
 [$ACC_DOMAIN]
 user = $ACC_USER
 group = $ACC_USER
 listen = /run/php-fpm/$ACC_USER.sock
 listen.owner = http
 listen.group = http
 listen.mode = 0660

 pm = dynamic
 pm.max_children = 5
 pm.start_servers = 2
 pm.min_spare_servers = 1
 pm.max_spare_servers = 3

 chroot = /srv/http/\$pool
 chdir = /html

 access.log = /var/log/php-fpm/\$pool.access.log
 access.format = "%R - %u %t "%m %r%Q%q" %s %f %{mili}d %{kilo}M %C%%"

 security.limit_extensions = .php
 EOF
	#!/bin/bash

	# siteadd.sh script is used to add Unix-Accounts with surrounding setup for
	# php-fpm, mysql and nginx to host a websie with a dedicated user-account

	die(){
	echo -e "\033[31m${@}\033[0m" >&2;
	exit 1;
	}

	function usage(){
	cat << EOF
	USAGE:
	$0 -a USERNAME -d domain.tld
	OPTIONS:
	-a The username to serve in the Unix-Namesystem
	-d The domainname to serve
	-p password for the user (optional)
	-h print this help and exit
	EOF
	if [[ -z $1 ]]; then
	exit 0
	else
	echo $1
	exit 1
	fi
	}

	#check if needed commands are available
	command -v mysql >/dev/null 2>/dev/null
	[ $? -ne 0 ] && die 'DEP: MySQL is not installed!'
	command -v makepasswd >/dev/null 2>/dev/null
	[ $? -ne 0 ] && die 'DEP: The command makepasswd is not installed!'
	command -v useradd >/dev/null 2>/dev/null
	[ $? -ne 0 ] && die 'DEP: The command useradd is not installed!'

	PWLENGTH_MIN=20;
	PWLENGTH_MAX=25;

	USERLENGTH_MAX=16;

	## make sure about trailing and leading slash.
	## it wont get checked anywhere
	BASE_HTTP=/srv/http;
	BASE_FPM=/etc/php/fpm.d;
	BASE_NGINX=/etc/nginx/available-sites;

	BASE_SKEL=$BASE_HTTP/.skel;

	# Get all options
	while getopts ":a:d:p:h" opt; do
	case $opt in
	a)
	ACC_USER=$OPTARG
	;;
	d)
	ACC_DOMAIN=$OPTARG
	;;
	p)
	ACC_PW=$OPTARG
	;;
	\?)
	usage "Invalid option: -$OPTARG"
	;;
	h)
	usage 0;
	;;
	esac
	done

	##START CHECK VALUES
	[ -z $ACC_DOMAIN ] && usage 'No Domain given!'
	[ -z $ACC_USER ] && usage 'No user given!'

	#aufgrund von MySQL darf Nutzername maximal 16 Zeichen lang sein.
	ACC_USER=http-$ACC_USER
	[ ${#ACC_USER} -gt $USERLENGTH_MAX ] && die 'Username too long!'

	if [ -z $ACC_HOME ]; then
	ACC_HOME=$BASE_HTTP/$ACC_DOMAIN
	fi
	if [ -e $ACC_HOME ]; then
	die "Home-folder $ACC_HOME exists!"
	fi
	echo Homefolder: $ACC_HOME

	# Password
	if [ -z $ACC_PW ]; then
	ACC_PW=$(makepasswd --maxchars $PWLENGTH_MAX --minchars $PWLENGTH_MIN \|\| die makepass is not installed)
	fi
	echo MYSQL-PW for user $ACC_USER: $ACC_PW
	##END CHECK VALUES

	#System User Creation
	useradd --system -mk $BASE_SKEL -c $ACC_DOMAIN -s /bin/false -d $ACC_HOME $ACC_USER \|\| die "user $ACC_USER not added!"

	#MYSQL User Creation
	(mysql \|\| die "Could not create mysql-account") << EOF
	CREATE USER '$ACC_USER'@'localhost' IDENTIFIED BY '$ACC_PW';
	GRANT USAGE ON . TO '$ACC_USER'@'localhost' IDENTIFIED BY '$ACC_PW' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0;
	CREATE DATABASE IF NOT EXISTS \`$ACC_USER\`;
	GRANT ALL PRIVILEGES ON \`$ACC_USER\`.* TO '$ACC_USER'@'localhost';
	GRANT ALL PRIVILEGES ON \`$ACC_USER\_%\`.* TO '$ACC_USER'@'localhost';
	EOF

	##########################################################
	#START CATTING FILES, which are necessary for the ACCOUNT!
	##########################################################
	cat << EOF > $ACC_HOME/.my.cnf
	[client]
	user=$ACC_USER
	password=$ACC_PW
	port=3306
	socket=/var/run/mysqld/mysqld.sock
	EOF

	#mind the >> to append to chmod.sh
	cat << EOF >> $BASE_HTTP/chmod.sh
	#Rules for $ACC_DOMAIN
	find $ACC_HOME -maxdepth 1 -not -name sock -not -name $ACC_DOMAIN \| xargs -d "\\n" chown -R $ACC_USER:http --
	find $ACC_HOME -maxdepth 1 -not -name sock -not -name $ACC_DOMAIN \| xargs -d "\\n" chmod -R g+rx --
	EOF

	cat << EOF > $BASE_NGINX/$ACC_DOMAIN.conf
	server {
	listen 443 ssl spdy;
	server_name $ACC_DOMAIN;

	location ~ /(.*\\.php)$ {
	fastcgi_pass unix:/run/php-fpm/${ACC_USER}.sock;
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME /html/\$fastcgi_script_name;
	include conf/fastcgi_params;
	}

	location ~ /\\.ht {
	deny all;
	}
	}
	EOF

	#FPM
	cat << EOF > $BASE_FPM/$ACC_USER.conf
	[$ACC_DOMAIN]
	user = $ACC_USER
	group = $ACC_USER
	listen = /run/php-fpm/$ACC_USER.sock
	listen.owner = http
	listen.group = http
	listen.mode = 0660

	pm = dynamic
	pm.max_children = 5
	pm.start_servers = 2
	pm.min_spare_servers = 1
	pm.max_spare_servers = 3

	chroot = /srv/http/\$pool
	chdir = /html

	access.log = /var/log/php-fpm/\$pool.access.log
	access.format = "%R - %u %t "%m %r%Q%q" %s %f %{mili}d %{kilo}M %C%%"

	security.limit_extensions = .php
	EOF