Skip to content

Instantly share code, notes, and snippets.

@brianclogan

brianclogan/setup.sh

Last active August 9, 2021 20:31
Show Gist options
  • Save brianclogan/2833fa1506a0591decb96f52c2fa5dcf to your computer and use it in GitHub Desktop.
Save brianclogan/2833fa1506a0591decb96f52c2fa5dcf to your computer and use it in GitHub Desktop.
Download ZIP
Raw
setup.sh
#!/bin/bash
#####
## Setup Swap
#####
if [ -f /swapfile ]; then
echo "Swap exists."
else
fallocate -l 1G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
echo "/swapfile none swap sw 0 0" >> /etc/fstab
echo "vm.swappiness=30" >> /etc/sysctl.conf
echo "vm.vfs_cache_pressure=50" >> /etc/sysctl.conf
fi
#####
## Upgrade Base Packages and stay current
#####
apt-get update -y
apt-add-repository ppa:ondrej/php -y
apt-get update -y
apt-get install -y --force-yes software-properties-common wget
apt-get install -y wget ruby-full
apt-get upgrade -y
#####
## Install PHP8.0
#####
apt-get install php8.0-cli php8.0-fpm php8.0-mysql php8.0-curl php8.0-gd php8.0-intl php8.0-mbstring php8.0-soap php8.0-xml php8.0-xmlrpc php8.0-zip php8.0-redis php8.0-memcached php8.0-imap php8.0-bcmath php8.0-msgpack php8.0-readline php8.0-igbinary php8.0-gmp -y --force-yes
#####
## Download Composer
#####
curl -s https://getcomposer.org/installer | php
mv composer.phar /usr/local/bin/composer
#####
## Install Sendmail
#####
apt-get install sendmail -y
#####
## Install Certbot
#####
snap refresh core
snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
#####
## Setup OPCACHE
#####
# Enable and configure
sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/8.0/fpm/php.ini
sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=128/g' /etc/php/8.0/fpm/php.ini
sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=10000/g' /etc/php/8.0/fpm/php.ini
sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=200/g' /etc/php/8.0/fpm/php.ini
sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/8.0/fpm/php.ini
sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/8.0/fpm/php.ini
sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=128/g' /etc/php/8.0/fpm/php.ini
sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=10000/g' /etc/php/8.0/fpm/php.ini
sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=200/g' /etc/php/8.0/fpm/php.ini
sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/8.0/fpm/php.ini
#####
## Setup PHP
#####
sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 500M/g' /etc/php/8.0/fpm/php.ini
# Restart PHP
systemctl restart php8.0-fpm
#####
## Install NGINX
#####
apt-get install nginx -y
#####
## Assign Permissions
#####
mkdir /var/www/admin.purevea.dev
chown -R www-data /var/www/admin.purevea.dev
#####
## Setup the NGINX Site
#####
## Remove Default Config
rm /etc/nginx/nginx.conf
## Setup Logs
mkdir /var/log/admin.purevea.dev
touch /var/log/admin.purevea.dev/nginx-access.log
touch /var/log/admin.purevea.dev/nginx-error.log;
cat > /etc/nginx/nginx.conf << 'ENDOFFILE'
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
server_tokens off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
gzip_proxied any;
gzip_comp_level 5;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /var/www/html;
index index.html;
}
}
ENDOFFILE
cat > /etc/nginx/sites-available/admin.purevea.dev << 'ENDOFFILE'
server {
## MAIN BLOCK
listen 80;
listen [::]:80;
server_name admin.purevea.dev;
root /var/www/admin.purevea.dev/public;
index index.php;
autoindex off;
access_log /var/log/admin.purevea.dev/nginx-access.log;
error_log /var/log/admin.purevea.dev/nginx-error.log;
client_max_body_size 250M;
## Hide PHP and NGINX Versions
server_tokens off;
fastcgi_hide_header X-Powered-By;
proxy_hide_header X-Powered-By;
## Security Headers
add_header X-Frame-Options SAMEORIGIN;
add_header Strict-Transport-Security "max-age=31536000";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
## Rewrite Method
location / {
try_files $uri $uri/ /index.php?$args;
}
## PHP FPM
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php8.0-fpm.sock;
}
## Prevent Reading .X files/folders
location ~ /\.(svn|git)/* {
deny all;
access_log off;
log_not_found off;
}
## Prevent .ht* files
location ~ /\.ht {
deny all;
access_log off;
log_not_found off;
}
## Prevent .user.ini Reading
location ~ /\.user.ini {
deny all;
access_log off;
log_not_found off;
}
## END MAIN BLOCK
## Caching
location ~* .(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|webp|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
expires max;
log_not_found off;
access_log off;
}
location ~* \.(txt|xml|js)$ {
expires max;
}
location ~* \.(css)$ {
expires max;
}
location ~* \.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|svg)$ {
expires max;
}
location ~* \.(jpg|jpeg|png|gif|swf|webp)$ {
expires max;
}
## End Caching
}
server {
listen 80;
listen [::]:80;
server_name admin.purevea.dev;
return 301 http://admin.purevea.dev$request_uri;
}
ENDOFFILE
rm /var/www/html/index.*
cat > /var/www/html/index.html << 'ENDOFFILE'
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<meta name="robots" content="noindex"/>
<title>FHOSTING</title>
<link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Nunito:wght@400;600;700&display=swap"/>
<link href="https://unpkg.com/tailwindcss@^2/dist/tailwind.min.css" rel="stylesheet"/>
<style>
body {
font-family: 'Nunito';
}
</style>
</head>
<body class="antialiased">
<div class="relative flex items-top justify-center min-h-screen bg-gray-100 dark:bg-gray-900 sm:items-center sm:pt-0">
<main>
<div class="">
<div class="max-w-7xl mx-auto sm:px-6 lg:px-8">
<div class="bg-white overflow-hidden shadow-xl sm:rounded-lg">
<div class="px-6 sm:px-2 bg-white border-b border-gray-200">
<div>
<div class="max-w-7xl pt-6 pb-12 px-2 sm:px-2 lg:px-6">
<div class="max-w-3xl ">
<p class="mt-4 font-medium text-lg text-gray-800">Your server is prepared, make sure
to point the domain (admin.purevea.dev) to view your site!</p>
</div>
</div>
</div>
</div>
<div class="bg-opacity-25 grid grid-cols-1 md:grid-cols-2">
<div class="p-6">
<div class="flex items-center">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512" style="width: 32px;">
<path d="M224 420c-11 0-20-9-20-20v-64c0-11 9-20 20-20s20 9 20 20v64c0 11-9 20-20 20zm224-148v192c0 26.5-21.5 48-48 48H48c-26.5 0-48-21.5-48-48V272c0-26.5 21.5-48 48-48h16v-64C64 71.6 136-.3 224.5 0 312.9.3 384 73.1 384 161.5V224h16c26.5 0 48 21.5 48 48zM96 224h256v-64c0-70.6-57.4-128-128-128S96 89.4 96 160v64zm320 240V272c0-8.8-7.2-16-16-16H48c-8.8 0-16 7.2-16 16v192c0 8.8 7.2 16 16 16h352c8.8 0 16-7.2 16-16z"/>
</svg>
</div>
<div class="ml-12">
<div class="mt-2 text-sm text-gray-500">
Once you have your domain pointed, don't forget to enable SSL! SSL is important to
protect your visitors information.
</div>
</div>
</div>
<div class="p-6 border-t border-gray-200 md:border-t-0 md:border-l">
<div class="flex items-center">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512" style="width: 32px;">
<path d="M256 340c-15.464 0-28 12.536-28 28s12.536 28 28 28 28-12.536 28-28-12.536-28-28-28zm7.67-24h-16c-6.627 0-12-5.373-12-12v-.381c0-70.343 77.44-63.619 77.44-107.408 0-20.016-17.761-40.211-57.44-40.211-29.144 0-44.265 9.649-59.211 28.692-3.908 4.98-11.054 5.995-16.248 2.376l-13.134-9.15c-5.625-3.919-6.86-11.771-2.645-17.177C185.658 133.514 210.842 116 255.67 116c52.32 0 97.44 29.751 97.44 80.211 0 67.414-77.44 63.849-77.44 107.408V304c0 6.627-5.373 12-12 12zM256 40c118.621 0 216 96.075 216 216 0 119.291-96.61 216-216 216-119.244 0-216-96.562-216-216 0-119.203 96.602-216 216-216m0-32C119.043 8 8 119.083 8 256c0 136.997 111.043 248 248 248s248-111.003 248-248C504 119.083 392.957 8 256 8z"/>
</svg>
<div class="ml-4 text-lg text-gray-600 leading-7 font-semibold">
<a href="https://defero.dev" target="_blank">Get Support</a>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</main>
</div>
</body>
</html>
ENDOFFILE
#####
## Set NGINX Site Live
#####
ln -s /etc/nginx/sites-available/admin.purevea.dev /etc/nginx/sites-enabled/
rm /etc/nginx/sites-enabled/default
service nginx reload
service nginx restart
####
## Setup CodeDeploy Agent
####
wget https://aws-codedeploy-us-west-2.s3.us-west-2.amazonaws.com/latest/install
chmod +x ./install
sudo ./install auto > /tmp/logfile
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment