Created
July 20, 2015 02:17
-
-
Save bradchesney79/a365cb2dbd7ec2f5053d to your computer and use it in GitHub Desktop.
Debian Jessie Multi-Virtual Host Setup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| HOSTNAME="www" | |
| DOMAIN="rustbeltrebellion.com" | |
| IPV4="45.33.112.226" | |
| IPV6="2600:3c00::f03c:91ff:fe26:42cf" | |
| ##### ##### | |
| ##### CONFIGURE THE HOSTNAME ##### | |
| printf "\n" >> /var/log/auto-install.log | |
| printf "Set the hostname\n\n" >> /var/log/auto-install.log | |
| hostnamectl set-hostname $HOSTNAME | |
| ##### UPDATE THE HOSTS FILE ##### | |
| printf "\n" >> /var/log/auto-install.log | |
| printf "Fully populate hosts file\n\n" >> /var/log/auto-install.log | |
| printf "127.0.0.1\t\t\tlocalhost.localdomain localhost\n" > /etc/hosts | |
| printf "127.0.1.1\t\t\tdebian\n" >> /etc/hosts | |
| printf "$IPV4\t\t$HOSTNAME.$DOMAIN $HOSTNAME\n" >> /etc/hosts | |
| printf "\n" >> /etc/hosts | |
| printf "# The following lines are desirable for IPv6 capable hosts\n" >> /etc/hosts | |
| printf "::1\t\t\t\tlocalhost ip6-localhost ip6-loopback\n" >> /etc/hosts | |
| printf "ff02::1\t\t\t\tip6-allnodes\n" >> /etc/hosts | |
| printf "ff02::2\t\t\t\tip6-allrouters\n" >> /etc/hosts | |
| printf "$IPV6\t$HOSTNAME.$DOMAIN $HOSTNAME" >> /etc/hosts | |
| ##### SET THE TIMEZONE & TIME ##### | |
| printf "\n" >> /var/log/apt/auto-install.log | |
| printf "Set the timezone to UTC \n\n" >> /var/log/apt/auto-install.log | |
| TIMEZONE="Etc/UTC" # This is a server, UTC is the only appropriate timezone | |
| echo $TIMEZONE > /etc/timezone | |
| cp /usr/share/zoneinfo/${TIMEZONE} /etc/localtime # This sets the time | |
| ##### UPDATE APT SOURCES ##### | |
| printf "\n" >> /var/log/apt/auto-install.log | |
| printf "Update apt sources\n\n" >> /var/log/apt/auto-install.log | |
| echo "deb http://ftp.us.debian.org/debian testing main contrib non-free" > /etc/apt/sources.list | |
| printf "\n" >> /etc/apt/sources.list | |
| echo "deb http://ftp.debian.org/debian/ jessie-updates main contrib non-free" >> /etc/apt/sources.list | |
| printf "\n" >> /etc/apt/sources.list | |
| echo "deb http://security.debian.org/ jessie/updates main contrib non-free" >> /etc/apt/sources.list | |
| printf "\n" >> /etc/apt/sources.list | |
| echo "deb http://backports.debian.org/debian-backports squeeze-backports main" >> /etc/apt/sources.list | |
| ##### UPDATE THE SYSTEM ##### | |
| printf "\n" >> /var/log/apt/auto-install.log | |
| printf "Update the system\n\n" >> /var/log/apt/auto-install.log | |
| apt-get -qy update > /dev/null | |
| printf "\n" >> /var/log/apt/auto-install.log | |
| printf "Upgrade the system\n\n" >> /var/log/apt/auto-install.log | |
| apt-get -qy dist-upgrade >> /var/log/auto-install.log | |
| ##### INSTALL THE FIRST BATCHES OF PACKAGES ##### | |
| printf "\n" >> /var/log/auto-install.log | |
| printf "Install the first batch of packages for Apache & PHP\n\n" >> /var/log/auto-install.log | |
| echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections | |
| echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections | |
| apt-get -qy install sudo tcl perl python3 apache2 tmux iptables-persistent ssh openssl openssl-blacklist libnet-ssleay-perl fail2ban libapache2-mod-fastcgi php5-fpm php5 libapache2-mod-php5 php-pear php5-curl >> /var/log/auto-install.log | |
| ##### CLEAN UP ##### | |
| printf "\n" >> /var/log/auto-install.log | |
| printf "First autoremove of packages\n\n" >> /var/log/auto-install.log | |
| apt-get -qy autoremove >> /var/log/auto-install.log | |
| ##### UPDATE THE IPTABLES RULES ##### | |
| printf "\n" >> /var/log/apt/auto-install.log | |
| printf "Update the IP tables rules\n\n" >> /var/log/apt/auto-install.log | |
| echo "*filter" > /etc/iptables/rules.v4 | |
| printf "\n" >> /etc/iptables/rules.v4 | |
| echo "# Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0" >> /etc/iptables/rules.v4 | |
| echo "-A INPUT -i lo -j ACCEPT" >> /etc/iptables/rules.v4 | |
| echo "-A INPUT -d 127.0.0.0/8 -j REJECT" >> /etc/iptables/rules.v4 | |
| printf "\n" >> /etc/iptables/rules.v4 | |
| echo "# Accept all established inbound connections" >> /etc/iptables/rules.v4 | |
| echo "-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT" >> /etc/iptables/rules.v4 | |
| printf "\n" >> /etc/iptables/rules.v4 | |
| echo "# Allow all outbound traffic - you can modify this to only allow certain traffic" >> /etc/iptables/rules.v4 | |
| echo "-A OUTPUT -j ACCEPT" >> /etc/iptables/rules.v4 | |
| printf "\n" >> /etc/iptables/rules.v4 | |
| echo "# Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL)." >> /etc/iptables/rules.v4 | |
| echo "-A INPUT -p tcp --dport 80 -j ACCEPT" >> /etc/iptables/rules.v4 | |
| echo "-A INPUT -p tcp --dport 443 -j ACCEPT" >> /etc/iptables/rules.v4 | |
| printf "\n" >> /etc/iptables/rules.v4 | |
| echo "# Allow SSH connections" >> /etc/iptables/rules.v4 | |
| echo "#" >> /etc/iptables/rules.v4 | |
| echo "# The -dport number should be the same port number you set in sshd_config" >> /etc/iptables/rules.v4 | |
| echo "#" >> /etc/iptables/rules.v4 | |
| echo "-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT" >> /etc/iptables/rules.v4 | |
| printf "\n" >> /etc/iptables/rules.v4 | |
| echo "# Allow ping" >> /etc/iptables/rules.v4 | |
| echo "-A INPUT -p icmp --icmp-type echo-request -j ACCEPT" >> /etc/iptables/rules.v4 | |
| printf "\n" >> /etc/iptables/rules.v4 | |
| echo "# Log iptables denied calls" >> /etc/iptables/rules.v4 | |
| echo "#-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7" >> /etc/iptables/rules.v4 | |
| printf "\n" >> /etc/iptables/rules.v4 | |
| echo "# Drop all other inbound - default deny unless explicitly allowed policy" >> /etc/iptables/rules.v4 | |
| echo "-A INPUT -j DROP" >> /etc/iptables/rules.v4 | |
| echo "-A FORWARD -j DROP" >> /etc/iptables/rules.v4 | |
| printf "\n" >> /etc/iptables/rules.v4 | |
| echo "COMMIT" >> /etc/iptables/rules.v4 | |
| ##### APPLY THE IPTABLES RULES ##### | |
| printf "\n" >> /var/log/apt/auto-install.log | |
| printf "Aplly the IP tables rules\n\n" >> /var/log/apt/auto-install.log | |
| iptables-restore < /etc/iptables/rules.v4 | |
| ##### USING fail2ban DEFAULT CONFIG ##### | |
| # See /etc/fail2ban/jail.conf for additional options | |
| ##### CONFIGURE APACHE ##### | |
| printf "\n" >> /var/log/apt/auto-install.log | |
| printf "Configure Apache\n\n" >> /var/log/apt/auto-install.log | |
| a2enmod actions | |
| printf "<IfModule mod_fastcgi.c>\n" > /etc/apache2/mods-available/fastcgi.conf | |
| printf "\tAddType application/x-httpd-fastphp5 .php\n" >> /etc/apache2/mods-available/fastcgi.conf | |
| printf "\tAction application/x-httpd-fastphp5 /php5-fcgi\n" >> /etc/apache2/mods-available/fastcgi.conf | |
| printf "\tAlias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi\n" >> /etc/apache2/mods-available/fastcgi.conf | |
| printf "\tFastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /var/run/php5-fpm.sock -pass-header Authorization\n" >> /etc/apache2/mods-available/fastcgi.conf | |
| printf "\t<Directory /usr/lib/cgi-bin>\n" >> /etc/apache2/mods-available/fastcgi.conf | |
| printf "\t\tRequire all granted\n" >> /etc/apache2/mods-available/fastcgi.conf | |
| printf "\t</Directory>\n" >> /etc/apache2/mods-available/fastcgi.conf | |
| printf "</IfModule>" >> /etc/apache2/mods-available/fastcgi.conf |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment