bf · July 12, 2020 20:44
diff --git a/debian-10-nginx-letsencrypt-hugo.sh b/debian-10-nginx-letsencrypt-hugo.sh
 # remove annoying mouse handling from vim
 echo "set mouse -=a" > ~/.vimrc

 # install packages
 sudo apt install -y git hugo python3-acme python3-certbot python3-mock python3-openssl \
      python3-pkg-resources python3-pyparsing python3-zope.interface python3-certbot-nginx
      
 # add user, follow instructions, generate strong password with pwgen 100
 adduser foobar 

 # switch to user 
 su - foobar

 # add ssh key to user
 mkdir ~/.ssh
 echo "...." > authorized_keys

 # create git and checkout folder
 mkdir hugo hugo.git

 # init empty git repo
 cd hugo.git
 git init --bare

 # fix the hugo.git/hooks/post-receive
 echo "GIT_WORK_TREE=/home/foobar/hugo git checkout -f master && hugo -s /home/foobar/hugo " > ~/hugo.git/hooks/post-receive
 chmod +x ~/hugo.git/hooks/post-receive

 # on your local machine, change git config so new git repo is used
 git remote add origin foobar@host:hugo.git
 git push origin master

 # add nginx config for page
 cat > /etc/nginx/sites-available/mypage.com <<EOF
 server {
 	listen 80;
 	server_name mypage.com www.mypage.com;
 	
 	# add compression
 	gzip on;
 	gzip_disable "msie6";

 	gzip_comp_level 6;
 	gzip_min_length 1100;
 	gzip_buffers 16 8k;
 	gzip_proxied any;
 	gzip_types
 	    text/plain
 	    text/css
 	    text/js
 	    text/xml
 	    text/javascript
 	    application/javascript
 	    application/json
 	    application/xml
 	    application/rss+xml
 	    image/svg+xml;
 	    
 	# add caching
 	location ~* \.(jpe?g|png|gif|ttf|svg|eot|woff2?)$ {
 		expires 365d;
    		add_header Vary Accept-Encoding;
 		add_header Cache-Control "public";
    		access_log off;
 		tcp_nodelay off;
 		break;
 	}
 	
 	# add routes
 	root /home/foobar/hugo/public;
 	index index.html;

 	location / {
 		try_files $uri $uri/ =404;
 	}
 }
 EOF

 # enable config
 ln -s /etc/nginx/sites-available/mypage.com /etc/nginx/sites-enabled/mypage.com 

 # test nginx config
 nginx -t

 # restart nginx 
 systemctl restart nginx

 # run certbot and follow the dialog 
 certbot --nginx -d mydomain.com -d www.mydomain.com

 # certbot should have automatically installed a cronjob now

 # fix nginx config to make sure that only either www. or non-www. subdomain is used 

 # go to /etc/ssh/sshd_config and disable password authentication

 # enable unattended upgrades
 apt install -y unattended-upgrades apt-listchanges
	# remove annoying mouse handling from vim
	echo "set mouse -=a" > ~/.vimrc

	# install packages
	sudo apt install -y git hugo python3-acme python3-certbot python3-mock python3-openssl \
	python3-pkg-resources python3-pyparsing python3-zope.interface python3-certbot-nginx

	# add user, follow instructions, generate strong password with pwgen 100
	adduser foobar

	# switch to user
	su - foobar

	# add ssh key to user
	mkdir ~/.ssh
	echo "...." > authorized_keys

	# create git and checkout folder
	mkdir hugo hugo.git

	# init empty git repo
	cd hugo.git
	git init --bare

	# fix the hugo.git/hooks/post-receive
	echo "GIT_WORK_TREE=/home/foobar/hugo git checkout -f master && hugo -s /home/foobar/hugo " > ~/hugo.git/hooks/post-receive
	chmod +x ~/hugo.git/hooks/post-receive

	# on your local machine, change git config so new git repo is used
	git remote add origin foobar@host:hugo.git
	git push origin master

	# add nginx config for page
	cat > /etc/nginx/sites-available/mypage.com <<EOF
	server {
	listen 80;
	server_name mypage.com www.mypage.com;

	# add compression
	gzip on;
	gzip_disable "msie6";

	gzip_comp_level 6;
	gzip_min_length 1100;
	gzip_buffers 16 8k;
	gzip_proxied any;
	gzip_types
	text/plain
	text/css
	text/js
	text/xml
	text/javascript
	application/javascript
	application/json
	application/xml
	application/rss+xml
	image/svg+xml;

	# add caching
	location ~* \.(jpe?g\|png\|gif\|ttf\|svg\|eot\|woff2?)$ {
	expires 365d;
	add_header Vary Accept-Encoding;
	add_header Cache-Control "public";
	access_log off;
	tcp_nodelay off;
	break;
	}

	# add routes
	root /home/foobar/hugo/public;
	index index.html;

	location / {
	try_files $uri $uri/ =404;
	}
	}
	EOF

	# enable config
	ln -s /etc/nginx/sites-available/mypage.com /etc/nginx/sites-enabled/mypage.com

	# test nginx config
	nginx -t

	# restart nginx
	systemctl restart nginx

	# run certbot and follow the dialog
	certbot --nginx -d mydomain.com -d www.mydomain.com

	# certbot should have automatically installed a cronjob now

	# fix nginx config to make sure that only either www. or non-www. subdomain is used

	# go to /etc/ssh/sshd_config and disable password authentication

	# enable unattended upgrades
	apt install -y unattended-upgrades apt-listchanges