Skip to content

Instantly share code, notes, and snippets.

@butschster

butschster/database.sh

Last active January 6, 2022 22:13
Show Gist options
  • Save butschster/d78045b57181b9b956e9fef98d2875a2 to your computer and use it in GitHub Desktop.
Save butschster/d78045b57181b9b956e9fef98d2875a2 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
database.sh
# INSTALL
# REQUIRES:
# - server (the server instance)
# - user (the database user instance)
#
# Add MySQL User
mysql --user="root" --password="IywEehlDEnpoOLSPgWEO" -e "DROP USER IF EXISTS test;"
mysql --user="root" --password="IywEehlDEnpoOLSPgWEO" -e "CREATE USER IF NOT EXISTS 'test'@'167.71.3.113' IDENTIFIED BY '23423werwer';"
mysql --user="root" --password="IywEehlDEnpoOLSPgWEO" -e "CREATE USER IF NOT EXISTS 'test'@'%' IDENTIFIED BY '23423werwer';"
mysql --user="root" --password="IywEehlDEnpoOLSPgWEO" -e "GRANT ALL ON test1.* TO 'test'@'167.71.3.113' WITH GRANT OPTION;"
mysql --user="root" --password="IywEehlDEnpoOLSPgWEO" -e "GRANT ALL ON test1.* TO 'test'@'%' WITH GRANT OPTION;"
mysql --user="root" --password="IywEehlDEnpoOLSPgWEO" -e "FLUSH PRIVILEGES;"
# REMOVE
# REQUIRES:
# - name (the name of the database)
#
# Drop The MySQL Database
mysql --user="root" --password="IywEehlDEnpoOLSPgWEO" -e "DROP DATABASE IF EXISTS test;"
# CHANGE ROOT PASSWORD
# REQUIRES:
# - server (the forge server instance)
# - db_password (random password for mysql user)
#
mysql --user="root" --password="IywEehlDEnpoOLSPgWEO" -e "ALTER USER 'forge'@'167.71.3.113' IDENTIFIED BY 'test';"
mysql --user="root" --password="IywEehlDEnpoOLSPgWEO" -e "ALTER USER 'forge'@'%' IDENTIFIED BY 'test';"
mysql --user="root" --password="IywEehlDEnpoOLSPgWEO" -e "ALTER USER 'root'@'167.71.3.113' IDENTIFIED BY 'test';"
mysql --user="root" --password="IywEehlDEnpoOLSPgWEO" -e "ALTER USER 'root'@'%' IDENTIFIED BY 'test';"
Raw
dummy.sh
#
# REQUIRES:
# - site (the forge site instance)
#
# Write A Dummy PHP Info Stub To A Site
rm -rf /home/forge/superprojects.space/public
mkdir -p /home/forge/superprojects.space/public
# Deploy The Proper Stub File Based On Project Type
echo "<?php phpinfo();" >
Raw
firewall.sh
# INSTALL
# REQUIRES:
# - rule (the forge rule instance)
#
sudo ufw allow 6001
# REMOVE
# REQUIRES:
# - ip_address (the ip address allowed by the rule)
# - port (the port allowed by the rule)
#
sudo ufw delete allow 6001
Raw
forge.sh
# PHP 7.3 Mysql 5.6
#
# REQUIRES:
# - server (the forge server instance)
# - event (the forge event instance)
# - sudo_password (random password for sudo)
# - db_password (random password for database user)
# - callback (the callback URL)
# - recipe_id (recipe id to run at the end)
#
sudo sed -i "s/#precedence ::ffff:0:0\/96 100/precedence ::ffff:0:0\/96 100/" /etc/gai.conf
# Upgrade The Base Packages
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get upgrade -y
# Add A Few PPAs To Stay Current
apt-get install -y --force-yes software-properties-common
# apt-add-repository ppa:fkrull/deadsnakes-python2.7 -y
apt-add-repository ppa:nginx/development -y
apt-add-repository ppa:chris-lea/redis-server -y
apt-add-repository ppa:ondrej/apache2 -y
apt-add-repository ppa:ondrej/php -y
# Setup MariaDB Repositories
# Update Package Lists
apt-get update
# Base Packages
add-apt-repository universe
apt-get install -y --force-yes build-essential curl fail2ban gcc git libmcrypt4 libpcre3-dev \
make python2.7 python-pip sendmail supervisor ufw unattended-upgrades unzip whois zsh ncdu
# Install Python Httpie
pip install httpie
# Disable Password Authentication Over SSH
sed -i "/PasswordAuthentication yes/d" /etc/ssh/sshd_config
echo "" | sudo tee -a /etc/ssh/sshd_config
echo "" | sudo tee -a /etc/ssh/sshd_config
echo "PasswordAuthentication no" | sudo tee -a /etc/ssh/sshd_config
# Restart SSH
ssh-keygen -A
service ssh restart
# Set The Hostname If Necessary
echo "red-chasm" > /etc/hostname
sed -i 's/127\.0\.0\.1.*localhost/127.0.0.1 red-chasm.localdomain red-chasm localhost/' /etc/hosts
hostname red-chasm
# Set The Timezone
# ln -sf /usr/share/zoneinfo/UTC /etc/localtime
ln -sf /usr/share/zoneinfo/UTC /etc/localtime
# Create The Root SSH Directory If Necessary
if [ ! -d /root/.ssh ]
then
mkdir -p /root/.ssh
touch /root/.ssh/authorized_keys
fi
# Setup Forge User
useradd forge
mkdir -p /home/forge/.ssh
mkdir -p /home/forge/.forge
adduser forge sudo
# Setup Bash For Forge User
chsh -s /bin/bash forge
cp /root/.profile /home/forge/.profile
cp /root/.bashrc /home/forge/.bashrc
# Set The Sudo Password For Forge
PASSWORD=$(mkpasswd jSqm0k4EsGjnv7mJ8oBY)
usermod --password $PASSWORD forge
# Build Formatted Keys & Copy Keys To Forge
if [ ! -d /root/.ssh ]
then
mkdir -p /root/.ssh
touch /root/.ssh/authorized_keys
fi
cat > /root/.ssh/authorized_keys << EOF
# Laravel Forge
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYlmATs0kV9aPQdCqaF12x8Bv0H5jIH2wfCzfpASB8oaRQOC2UerO/ukqtFzko9u5pqTb94bHG7MsQAjtJR13EcMAIOYxuNBEgMNVtJ6EJzklcxBRG9xKIZD6xiVdlxOBgguY72Yv8TkteeDPeN2YyqVx+HgRjqL0zwgFbVx8wlylQU1Gg8WDTERCdYX5jHmfdMN7IiIEYOw4F1U1eJTreexvid68X6OFHrWHAJhJXu8c/Q1d1UgWkHImN9IgHju6HPbge2D2W12UlpLw/FUGM1hNsfkLRwFLnPMnkBVsM27et+H4OdDEt52LtFfJuWKfWcAsrSzIjTCiXEcYsFjRh [email protected]
EOF
cp /root/.ssh/authorized_keys /home/forge/.ssh/authorized_keys
# Create The Server SSH Key
ssh-keygen -f /home/forge/.ssh/id_rsa -t rsa -N ''
# Copy Source Control Public Keys Into Known Hosts File
ssh-keyscan -H github.com >> /home/forge/.ssh/known_hosts
ssh-keyscan -H bitbucket.org >> /home/forge/.ssh/known_hosts
ssh-keyscan -H gitlab.com >> /home/forge/.ssh/known_hosts
# Configure Git Settings
git config --global user.name "Igor"
git config --global user.email "[email protected]"
# Add The Reconnect Script Into Forge Directory
cat > /home/forge/.forge/reconnect << EOF
#!/usr/bin/env bash
echo "# Laravel Forge" | tee -a /home/forge/.ssh/authorized_keys > /dev/null
echo \$1 | tee -a /home/forge/.ssh/authorized_keys > /dev/null
echo "# Laravel Forge" | tee -a /root/.ssh/authorized_keys > /dev/null
echo \$1 | tee -a /root/.ssh/authorized_keys > /dev/null
echo "Keys Added!"
EOF
# Setup Forge Home Directory Permissions
chown -R forge:forge /home/forge
chmod -R 755 /home/forge
chmod 700 /home/forge/.ssh/id_rsa
# Setup UFW Firewall
ufw allow 22
ufw allow 80
ufw allow 443
ufw --force enable
# Allow FPM Restart
echo "forge ALL=NOPASSWD: /usr/sbin/service php7.3-fpm reload" > /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php7.2-fpm reload" >> /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php7.1-fpm reload" >> /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php7.0-fpm reload" >> /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php5.6-fpm reload" >> /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php5-fpm reload" >> /etc/sudoers.d/php-fpm
# Install Base PHP Packages
apt-get install -y --force-yes php7.3-cli php7.3-dev \
php7.3-pgsql php7.3-sqlite3 php7.3-gd \
php7.3-curl php7.3-memcached \
php7.3-imap php7.3-mysql php7.3-mbstring \
php7.3-xml php7.3-zip php7.3-bcmath php7.3-soap \
php7.3-intl php7.3-readline
# Install Composer Package Manager
curl -sS https://getcomposer.org/installer | php
mv composer.phar /usr/local/bin/composer
# Misc. PHP CLI Configuration
sudo sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/7.3/cli/php.ini
sudo sed -i "s/display_errors = .*/display_errors = On/" /etc/php/7.3/cli/php.ini
sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.3/cli/php.ini
sudo sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.3/cli/php.ini
# Configure Sessions Directory Permissions
chmod 733 /var/lib/php/sessions
chmod +t /var/lib/php/sessions
# Write Systemd File For Linode
#
# REQUIRES:
# - server (the forge server instance)
# - site_name (the name of the site folder)
#
# Install Nginx & PHP-FPM
apt-get install -y --force-yes nginx php7.3-fpm
systemctl enable nginx.service
# Generate dhparam File
openssl dhparam -out /etc/nginx/dhparams.pem 2048
# Tweak Some PHP-FPM Settings
sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/7.3/fpm/php.ini
sed -i "s/display_errors = .*/display_errors = On/" /etc/php/7.3/fpm/php.ini
sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/" /etc/php/7.3/fpm/php.ini
sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.3/fpm/php.ini
sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.3/fpm/php.ini
# Configure FPM Pool Settings
sed -i "s/^user = www-data/user = forge/" /etc/php/7.3/fpm/pool.d/www.conf
sed -i "s/^group = www-data/group = forge/" /etc/php/7.3/fpm/pool.d/www.conf
sed -i "s/;listen\.owner.*/listen.owner = forge/" /etc/php/7.3/fpm/pool.d/www.conf
sed -i "s/;listen\.group.*/listen.group = forge/" /etc/php/7.3/fpm/pool.d/www.conf
sed -i "s/;listen\.mode.*/listen.mode = 0666/" /etc/php/7.3/fpm/pool.d/www.conf
sed -i "s/;request_terminate_timeout.*/request_terminate_timeout = 60/" /etc/php/7.3/fpm/pool.d/www.conf
# Configure Primary Nginx Settings
sed -i "s/user www-data;/user forge;/" /etc/nginx/nginx.conf
sed -i "s/worker_processes.*/worker_processes auto;/" /etc/nginx/nginx.conf
sed -i "s/# multi_accept.*/multi_accept on;/" /etc/nginx/nginx.conf
sed -i "s/# server_names_hash_bucket_size.*/server_names_hash_bucket_size 128;/" /etc/nginx/nginx.conf
# Configure Gzip
cat > /etc/nginx/conf.d/gzip.conf << EOF
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
text/plain
text/x-component;
EOF
# Disable The Default Nginx Site
rm /etc/nginx/sites-enabled/default
rm /etc/nginx/sites-available/default
service nginx restart
# Install A Catch All Server
cat > /etc/nginx/sites-available/catch-all << EOF
server {
return 404;
}
EOF
ln -s /etc/nginx/sites-available/catch-all /etc/nginx/sites-enabled/catch-all
# Restart Nginx & PHP-FPM Services
# Restart Nginx & PHP-FPM Services
#service nginx restart
service nginx reload
if [ ! -z "\$(ps aux | grep php-fpm | grep -v grep)" ]
then
service php7.3-fpm restart > /dev/null 2>&1
service php7.2-fpm restart > /dev/null 2>&1
service php7.1-fpm restart > /dev/null 2>&1
service php7.0-fpm restart > /dev/null 2>&1
service php5.6-fpm restart > /dev/null 2>&1
service php5-fpm restart > /dev/null 2>&1
fi
# Add Forge User To www-data Group
usermod -a -G www-data forge
id forge
groups forge
curl --silent --location https://deb.nodesource.com/setup_10.x | bash -
apt-get update
sudo apt-get install -y --force-yes nodejs
npm install -g pm2
npm install -g gulp
npm install -g yarn
#
# REQUIRES:
# - server (the forge server instance)
# - db_password (random password for mysql user)
#
# Set The Automated Root Password
export DEBIAN_FRONTEND=noninteractive
debconf-set-selections <<< "mysql-community-server mysql-community-server/data-dir select ''"
debconf-set-selections <<< "mysql-community-server mysql-community-server/root-pass password cA3meglsHhZuClGleFHa"
debconf-set-selections <<< "mysql-community-server mysql-community-server/re-root-pass password cA3meglsHhZuClGleFHa"
# Install MySQL
apt-get install -y mysql-server
# Configure Password Expiration
echo "default_password_lifetime = 0" >> /etc/mysql/mysql.conf.d/mysqld.cnf
# Configure Access Permissions For Root & Forge Users
sed -i '/^bind-address/s/bind-address.*=.*/bind-address = */' /etc/mysql/mysql.conf.d/mysqld.cnf
mysql --user="root" --password="cA3meglsHhZuClGleFHa" -e "GRANT ALL ON *.* TO root@'167.71.3.113' IDENTIFIED BY 'cA3meglsHhZuClGleFHa';"
mysql --user="root" --password="cA3meglsHhZuClGleFHa" -e "GRANT ALL ON *.* TO root@'%' IDENTIFIED BY 'cA3meglsHhZuClGleFHa';"
service mysql restart
mysql --user="root" --password="cA3meglsHhZuClGleFHa" -e "CREATE USER 'forge'@'167.71.3.113' IDENTIFIED BY 'cA3meglsHhZuClGleFHa';"
mysql --user="root" --password="cA3meglsHhZuClGleFHa" -e "GRANT ALL ON *.* TO 'forge'@'167.71.3.113' IDENTIFIED BY 'cA3meglsHhZuClGleFHa' WITH GRANT OPTION;"
mysql --user="root" --password="cA3meglsHhZuClGleFHa" -e "GRANT ALL ON *.* TO 'forge'@'%' IDENTIFIED BY 'cA3meglsHhZuClGleFHa' WITH GRANT OPTION;"
mysql --user="root" --password="cA3meglsHhZuClGleFHa" -e "FLUSH PRIVILEGES;"
# Create The Initial Database If Specified
mysql --user="root" --password="cA3meglsHhZuClGleFHa" -e "CREATE DATABASE forge CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
# Install & Configure Redis Server
apt-get install -y redis-server
sed -i 's/bind 127.0.0.1/bind 0.0.0.0/' /etc/redis/redis.conf
service redis-server restart
systemctl enable redis-server
# Install & Configure Memcached
apt-get install -y memcached
sed -i 's/-l 127.0.0.1/-l 0.0.0.0/' /etc/memcached.conf
service memcached restart
# Install & Configure Beanstalk
apt-get install -y --force-yes beanstalkd
sed -i "s/BEANSTALKD_LISTEN_ADDR.*/BEANSTALKD_LISTEN_ADDR=0.0.0.0/" /etc/default/beanstalkd
if grep START= /etc/default/beanstalkd; then
sed -i "s/#START=yes/START=yes/" /etc/default/beanstalkd
else
echo "START=yes" >> /etc/default/beanstalkd
fi
service beanstalkd start
sleep 5
service beanstalkd restart
systemctl enable beanstalkd
# Configure Supervisor Autostart
systemctl enable supervisor.service
service supervisor start
# Configure Swap Disk
if [ -f /swapfile ]; then
echo "Swap exists."
else
fallocate -l 1G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
echo "/swapfile none swap sw 0 0" >> /etc/fstab
echo "vm.swappiness=30" >> /etc/sysctl.conf
echo "vm.vfs_cache_pressure=50" >> /etc/sysctl.conf
fi
# Setup Unattended Security Upgrades
cat > /etc/apt/apt.conf.d/50unattended-upgrades << EOF
Unattended-Upgrade::Allowed-Origins {
"Ubuntu bionic-security";
};
Unattended-Upgrade::Package-Blacklist {
//
};
EOF
cat > /etc/apt/apt.conf.d/10periodic << EOF
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
EOF
curl --insecure --data "event_id=30041879&server_id=306720&sudo_password=jSqm0k4EsGjnv7mJ8oBY&db_password=cA3meglsHhZuClGleFHa&recipe_id=;" https://forge.laravel.com/provisioning/callback/app
Raw
forge56mariadb.sh
# PHP5.6 MadiaDB
#
# REQUIRES:
# - server (the forge server instance)
# - event (the forge event instance)
# - sudo_password (random password for sudo)
# - db_password (random password for database user)
# - callback (the callback URL)
# - recipe_id (recipe id to run at the end)
#
sudo sed -i "s/#precedence ::ffff:0:0\/96 100/precedence ::ffff:0:0\/96 100/" /etc/gai.conf
# Upgrade The Base Packages
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get upgrade -y
# Add A Few PPAs To Stay Current
apt-get install -y --force-yes software-properties-common
# apt-add-repository ppa:fkrull/deadsnakes-python2.7 -y
apt-add-repository ppa:nginx/development -y
apt-add-repository ppa:chris-lea/redis-server -y
apt-add-repository ppa:ondrej/apache2 -y
apt-add-repository ppa:ondrej/php -y
# apt-add-repository ppa:ondrej/php5-5.6 -y
# Setup MariaDB Repositories
sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
sudo add-apt-repository 'deb [arch=amd64,i386] http://mirrors.accretive-networks.net/mariadb/repo/10.3/ubuntu xenial main'
# Update Package Lists
apt-get update
# Base Packages
add-apt-repository universe
apt-get install -y --force-yes build-essential curl fail2ban gcc git libmcrypt4 libpcre3-dev \
make python2.7 python-pip sendmail supervisor ufw unattended-upgrades unzip whois zsh ncdu
# Install Python Httpie
pip install httpie
# Disable Password Authentication Over SSH
sed -i "/PasswordAuthentication yes/d" /etc/ssh/sshd_config
echo "" | sudo tee -a /etc/ssh/sshd_config
echo "" | sudo tee -a /etc/ssh/sshd_config
echo "PasswordAuthentication no" | sudo tee -a /etc/ssh/sshd_config
# Restart SSH
ssh-keygen -A
service ssh restart
# Set The Hostname If Necessary
echo "mellow-shelter" > /etc/hostname
sed -i 's/127\.0\.0\.1.*localhost/127.0.0.1 mellow-shelter.localdomain mellow-shelter localhost/' /etc/hosts
hostname mellow-shelter
# Set The Timezone
# ln -sf /usr/share/zoneinfo/UTC /etc/localtime
ln -sf /usr/share/zoneinfo/UTC /etc/localtime
# Create The Root SSH Directory If Necessary
if [ ! -d /root/.ssh ]
then
mkdir -p /root/.ssh
touch /root/.ssh/authorized_keys
fi
# Setup Forge User
useradd forge
mkdir -p /home/forge/.ssh
mkdir -p /home/forge/.forge
adduser forge sudo
# Setup Bash For Forge User
chsh -s /bin/bash forge
cp /root/.profile /home/forge/.profile
cp /root/.bashrc /home/forge/.bashrc
# Set The Sudo Password For Forge
PASSWORD=$(mkpasswd 8DlRjEGChLCBRKfTsaxd)
usermod --password $PASSWORD forge
# Build Formatted Keys & Copy Keys To Forge
cat > /root/.ssh/authorized_keys << EOF
# Laravel Forge
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjWOf2U/QVan+s49i75NMeV1f02/phMTJH19tcvFpCct4tcvUaMouQVY4FRb6lp74geTdcXyB/BzBStTPUVsTx2k87Rfy0LlIm3DYxA2PS6gEaKYkGSRAGk65tH09xKktbtXIUr5F6hzHsu8Mip9Fc+b57CRda6yWWH/q+v82iRGJJvZnLmHaxO3cuHB5yvo99Wbu+CzjjXcMcVUqrcbggOKHvfRr7KJ/Qg5Z04FPbd9GwHmsOAo6cwBs9J57yskMxpaYJElbMroXr7X3pDNHVIPE2+MooGnMRsrViTm1MDbQYoL0T9DXkvuqg0A5/PqtfmXNbt/cjrKTBZQkVTeEj [email protected]
EOF
cp /root/.ssh/authorized_keys /home/forge/.ssh/authorized_keys
# Create The Server SSH Key
ssh-keygen -f /home/forge/.ssh/id_rsa -t rsa -N ''
# Copy Source Control Public Keys Into Known Hosts File
ssh-keyscan -H github.com >> /home/forge/.ssh/known_hosts
ssh-keyscan -H bitbucket.org >> /home/forge/.ssh/known_hosts
ssh-keyscan -H gitlab.com >> /home/forge/.ssh/known_hosts
# Configure Git Settings
git config --global user.name "Igor"
git config --global user.email "[email protected]"
# Add The Reconnect Script Into Forge Directory
cat > /home/forge/.forge/reconnect << EOF
#!/usr/bin/env bash
echo "# Laravel Forge" | tee -a /home/forge/.ssh/authorized_keys > /dev/null
echo \$1 | tee -a /home/forge/.ssh/authorized_keys > /dev/null
echo "# Laravel Forge" | tee -a /root/.ssh/authorized_keys > /dev/null
echo \$1 | tee -a /root/.ssh/authorized_keys > /dev/null
echo "Keys Added!"
EOF
# Setup Forge Home Directory Permissions
chown -R forge:forge /home/forge
chmod -R 755 /home/forge
chmod 700 /home/forge/.ssh/id_rsa
# Setup UFW Firewall
ufw allow 22
ufw allow 80
ufw allow 443
ufw --force enable
# Allow FPM Restart
echo "forge ALL=NOPASSWD: /usr/sbin/service php7.3-fpm reload" > /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php7.2-fpm reload" >> /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php7.1-fpm reload" >> /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php7.0-fpm reload" >> /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php5.6-fpm reload" >> /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php5-fpm reload" >> /etc/sudoers.d/php-fpm
# Install Base PHP Packages
apt-get install -y --force-yes php5.6-cli php5.6-dev \
php5.6-pgsql php5.6-sqlite3 php5.6-gd \
php5.6-curl php5.6-dev \
php5.6-imap php5.6-mysql php5.6-memcached php5.6-mcrypt php5.6-mbstring \
php5.6-xml php5.6-imagick php5.6-zip php5.6-bcmath php5.6-soap \
php5.6-intl php5.6-readline
# Install Composer Package Manager
curl -sS https://getcomposer.org/installer | php
mv composer.phar /usr/local/bin/composer
# Misc. PHP CLI Configuration
sudo sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/5.6/cli/php.ini
sudo sed -i "s/display_errors = .*/display_errors = On/" /etc/php/5.6/cli/php.ini
sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/5.6/cli/php.ini
sudo sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/5.6/cli/php.ini
# Configure Sessions Directory Permissions
chmod 733 /var/lib/php/sessions
chmod +t /var/lib/php/sessions
# Write Systemd File For Linode
#
# REQUIRES:
# - server (the forge server instance)
# - site_name (the name of the site folder)
#
# Install Nginx & PHP-FPM
apt-get install -y --force-yes nginx php5.6-fpm
systemctl enable nginx.service
# Generate dhparam File
openssl dhparam -out /etc/nginx/dhparams.pem 2048
# Tweak Some PHP-FPM Settings
sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/5.6/fpm/php.ini
sed -i "s/display_errors = .*/display_errors = On/" /etc/php/5.6/fpm/php.ini
sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/" /etc/php/5.6/fpm/php.ini
sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/5.6/fpm/php.ini
sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/5.6/fpm/php.ini
# Configure FPM Pool Settings
sed -i "s/^user = www-data/user = forge/" /etc/php/5.6/fpm/pool.d/www.conf
sed -i "s/^group = www-data/group = forge/" /etc/php/5.6/fpm/pool.d/www.conf
sed -i "s/;listen\.owner.*/listen.owner = forge/" /etc/php/5.6/fpm/pool.d/www.conf
sed -i "s/;listen\.group.*/listen.group = forge/" /etc/php/5.6/fpm/pool.d/www.conf
sed -i "s/;listen\.mode.*/listen.mode = 0666/" /etc/php/5.6/fpm/pool.d/www.conf
sed -i "s/;request_terminate_timeout.*/request_terminate_timeout = 60/" /etc/php/5.6/fpm/pool.d/www.conf
# Configure Primary Nginx Settings
sed -i "s/user www-data;/user forge;/" /etc/nginx/nginx.conf
sed -i "s/worker_processes.*/worker_processes auto;/" /etc/nginx/nginx.conf
sed -i "s/# multi_accept.*/multi_accept on;/" /etc/nginx/nginx.conf
sed -i "s/# server_names_hash_bucket_size.*/server_names_hash_bucket_size 128;/" /etc/nginx/nginx.conf
# Configure Gzip
cat > /etc/nginx/conf.d/gzip.conf << EOF
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
text/plain
text/x-component;
EOF
# Disable The Default Nginx Site
rm /etc/nginx/sites-enabled/default
rm /etc/nginx/sites-available/default
service nginx restart
# Install A Catch All Server
cat > /etc/nginx/sites-available/catch-all << EOF
server {
return 404;
}
EOF
ln -s /etc/nginx/sites-available/catch-all /etc/nginx/sites-enabled/catch-all
# Restart Nginx & PHP-FPM Services
# Restart Nginx & PHP-FPM Services
#service nginx restart
service nginx reload
if [ ! -z "\$(ps aux | grep php-fpm | grep -v grep)" ]
then
service php7.3-fpm restart > /dev/null 2>&1
service php7.2-fpm restart > /dev/null 2>&1
service php7.1-fpm restart > /dev/null 2>&1
service php7.0-fpm restart > /dev/null 2>&1
service php5.6-fpm restart > /dev/null 2>&1
service php5-fpm restart > /dev/null 2>&1
fi
# Add Forge User To www-data Group
usermod -a -G www-data forge
id forge
groups forge
curl --silent --location https://deb.nodesource.com/setup_10.x | bash -
apt-get update
sudo apt-get install -y --force-yes nodejs
npm install -g pm2
npm install -g gulp
npm install -g yarn
#
# REQUIRES:
# - server (the forge server instance)
# - db_password (random password for mysql user)
#
# Set The Automated Root Password
export DEBIAN_FRONTEND=noninteractive
debconf-set-selections <<< "mariadb-server-10.3 mysql-server/data-dir select ''"
debconf-set-selections <<< "mariadb-server-10.3 mysql-server/root_password password bn2WmJholdg9TDV9mbeT"
debconf-set-selections <<< "mariadb-server-10.3 mysql-server/root_password_again password bn2WmJholdg9TDV9mbeT"
# Install MySQL
apt-get install -y mariadb-server-10.3
# Configure Password Expiration
# echo "default_password_lifetime = 0" >> /etc/mysql/my.cnf
# Configure Access Permissions For Root & Forge Users
sed -i '/^bind-address/s/bind-address.*=.*/bind-address = */' /etc/mysql/my.cnf
mysql --user="root" --password="bn2WmJholdg9TDV9mbeT" -e "GRANT ALL ON *.* TO root@'167.71.3.113' IDENTIFIED BY 'bn2WmJholdg9TDV9mbeT';"
mysql --user="root" --password="bn2WmJholdg9TDV9mbeT" -e "GRANT ALL ON *.* TO root@'%' IDENTIFIED BY 'bn2WmJholdg9TDV9mbeT';"
service mysql restart
mysql --user="root" --password="bn2WmJholdg9TDV9mbeT" -e "CREATE USER 'forge'@'167.71.3.113' IDENTIFIED BY 'bn2WmJholdg9TDV9mbeT';"
mysql --user="root" --password="bn2WmJholdg9TDV9mbeT" -e "GRANT ALL ON *.* TO 'forge'@'167.71.3.113' IDENTIFIED BY 'bn2WmJholdg9TDV9mbeT' WITH GRANT OPTION;"
mysql --user="root" --password="bn2WmJholdg9TDV9mbeT" -e "GRANT ALL ON *.* TO 'forge'@'%' IDENTIFIED BY 'bn2WmJholdg9TDV9mbeT' WITH GRANT OPTION;"
mysql --user="root" --password="bn2WmJholdg9TDV9mbeT" -e "FLUSH PRIVILEGES;"
# Set Character Set
echo "" >> /etc/mysql/my.cnf
echo "[mysqld]" >> /etc/mysql/my.cnf
echo "character-set-server = utf8" >> /etc/mysql/my.cnf
# Create The Initial Database If Specified
mysql --user="root" --password="bn2WmJholdg9TDV9mbeT" -e "CREATE DATABASE forge;"
# Install & Configure Redis Server
apt-get install -y redis-server
sed -i 's/bind 127.0.0.1/bind 0.0.0.0/' /etc/redis/redis.conf
service redis-server restart
systemctl enable redis-server
# Install & Configure Memcached
apt-get install -y memcached
sed -i 's/-l 127.0.0.1/-l 0.0.0.0/' /etc/memcached.conf
service memcached restart
# Install & Configure Beanstalk
apt-get install -y --force-yes beanstalkd
sed -i "s/BEANSTALKD_LISTEN_ADDR.*/BEANSTALKD_LISTEN_ADDR=0.0.0.0/" /etc/default/beanstalkd
if grep START= /etc/default/beanstalkd; then
sed -i "s/#START=yes/START=yes/" /etc/default/beanstalkd
else
echo "START=yes" >> /etc/default/beanstalkd
fi
service beanstalkd start
sleep 5
service beanstalkd restart
systemctl enable beanstalkd
# Configure Supervisor Autostart
systemctl enable supervisor.service
service supervisor start
# Configure Swap Disk
if [ -f /swapfile ]; then
echo "Swap exists."
else
fallocate -l 1G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
echo "/swapfile none swap sw 0 0" >> /etc/fstab
echo "vm.swappiness=30" >> /etc/sysctl.conf
echo "vm.vfs_cache_pressure=50" >> /etc/sysctl.conf
fi
# Setup Unattended Security Upgrades
cat > /etc/apt/apt.conf.d/50unattended-upgrades << EOF
Unattended-Upgrade::Allowed-Origins {
"Ubuntu bionic-security";
};
Unattended-Upgrade::Package-Blacklist {
//
};
EOF
cat > /etc/apt/apt.conf.d/10periodic << EOF
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
EOF
curl --insecure --data "event_id=30082598&server_id=306979&sudo_password=8DlRjEGChLCBRKfTsaxd&db_password=bn2WmJholdg9TDV9mbeT&recipe_id=" https://forge.laravel.com/provisioning/callback/app
Raw
forge70pgsql.sh
# PHP7.0 pgsql
#
# REQUIRES:
# - server (the forge server instance)
# - event (the forge event instance)
# - sudo_password (random password for sudo)
# - db_password (random password for database user)
# - callback (the callback URL)
# - recipe_id (recipe id to run at the end)
#
sudo sed -i "s/#precedence ::ffff:0:0\/96 100/precedence ::ffff:0:0\/96 100/" /etc/gai.conf
# Upgrade The Base Packages
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get upgrade -y
# Add A Few PPAs To Stay Current
apt-get install -y --force-yes software-properties-common
# apt-add-repository ppa:fkrull/deadsnakes-python2.7 -y
apt-add-repository ppa:nginx/development -y
apt-add-repository ppa:chris-lea/redis-server -y
apt-add-repository ppa:ondrej/apache2 -y
apt-add-repository ppa:ondrej/php -y
# Setup MariaDB Repositories
# Update Package Lists
apt-get update
# Base Packages
add-apt-repository universe
apt-get install -y --force-yes build-essential curl fail2ban gcc git libmcrypt4 libpcre3-dev \
make python2.7 python-pip sendmail supervisor ufw unattended-upgrades unzip whois zsh ncdu
# Install Python Httpie
pip install httpie
# Disable Password Authentication Over SSH
sed -i "/PasswordAuthentication yes/d" /etc/ssh/sshd_config
echo "" | sudo tee -a /etc/ssh/sshd_config
echo "" | sudo tee -a /etc/ssh/sshd_config
echo "PasswordAuthentication no" | sudo tee -a /etc/ssh/sshd_config
# Restart SSH
ssh-keygen -A
service ssh restart
# Set The Hostname If Necessary
echo "deep-oasis" > /etc/hostname
sed -i 's/127\.0\.0\.1.*localhost/127.0.0.1 deep-oasis.localdomain deep-oasis localhost/' /etc/hosts
hostname deep-oasis
# Set The Timezone
# ln -sf /usr/share/zoneinfo/UTC /etc/localtime
ln -sf /usr/share/zoneinfo/UTC /etc/localtime
# Create The Root SSH Directory If Necessary
if [ ! -d /root/.ssh ]
then
mkdir -p /root/.ssh
touch /root/.ssh/authorized_keys
fi
# Setup Forge User
useradd forge
mkdir -p /home/forge/.ssh
mkdir -p /home/forge/.forge
adduser forge sudo
# Setup Bash For Forge User
chsh -s /bin/bash forge
cp /root/.profile /home/forge/.profile
cp /root/.bashrc /home/forge/.bashrc
# Set The Sudo Password For Forge
PASSWORD=$(mkpasswd 6xTGCaGrhIYuUev8pBy5)
usermod --password $PASSWORD forge
# Build Formatted Keys & Copy Keys To Forge
cat > /root/.ssh/authorized_keys << EOF
# Laravel Forge
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJO6V3BJ4/5GNPthRwjXfRCnm/Vx7S1evPOPK+fEjsDrf9AlU3RmtQ28b1GbA6OYtHlZw/B83NcnDtEa/ecgTGqGwqG6chbqANio54RlkielD5hDxPNQEG3xaTGOAxDyXVO5z2ObmCtStd37K+RDqL42fQGa4WUcN1/W2rccgQWZvABeVrZ1PEyiY4hs5rV5gVCwaBnhyNFlvhyyIp3ru9ZfPeeG83Nu1Db8ZCVuc0Mrbwu/0cA+1S88XMxKWZNrgmbAK5YWFllNDjI3NLuxtvsIfDs8TtFIWeM1B4t7GbipxhD7mAq9TTmkm5aSI2zARLLgrt9oHxfRQ7KRujjRdJ [email protected]
EOF
cp /root/.ssh/authorized_keys /home/forge/.ssh/authorized_keys
# Create The Server SSH Key
ssh-keygen -f /home/forge/.ssh/id_rsa -t rsa -N ''
# Copy Source Control Public Keys Into Known Hosts File
ssh-keyscan -H github.com >> /home/forge/.ssh/known_hosts
ssh-keyscan -H bitbucket.org >> /home/forge/.ssh/known_hosts
ssh-keyscan -H gitlab.com >> /home/forge/.ssh/known_hosts
# Configure Git Settings
git config --global user.name "Igor"
git config --global user.email "[email protected]"
# Add The Reconnect Script Into Forge Directory
cat > /home/forge/.forge/reconnect << EOF
#!/usr/bin/env bash
echo "# Laravel Forge" | tee -a /home/forge/.ssh/authorized_keys > /dev/null
echo \$1 | tee -a /home/forge/.ssh/authorized_keys > /dev/null
echo "# Laravel Forge" | tee -a /root/.ssh/authorized_keys > /dev/null
echo \$1 | tee -a /root/.ssh/authorized_keys > /dev/null
echo "Keys Added!"
EOF
# Setup Forge Home Directory Permissions
chown -R forge:forge /home/forge
chmod -R 755 /home/forge
chmod 700 /home/forge/.ssh/id_rsa
# Setup UFW Firewall
ufw allow 22
ufw allow 80
ufw allow 443
ufw --force enable
# Allow FPM Restart
echo "forge ALL=NOPASSWD: /usr/sbin/service php7.3-fpm reload" > /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php7.2-fpm reload" >> /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php7.1-fpm reload" >> /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php7.0-fpm reload" >> /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php5.6-fpm reload" >> /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php5-fpm reload" >> /etc/sudoers.d/php-fpm
# Install Base PHP Packages
apt-get install -y --force-yes php7.0-cli php7.0-dev \
php7.0-pgsql php7.0-sqlite3 php7.0-gd \
php7.0-curl php7.0-dev \
php7.0-imap php7.0-mysql php7.0-memcached php7.0-mcrypt php7.0-mbstring \
php7.0-xml php7.0-imagick php7.0-zip php7.0-bcmath php7.0-soap \
php7.0-intl php7.0-readline
# Install Composer Package Manager
curl -sS https://getcomposer.org/installer | php
mv composer.phar /usr/local/bin/composer
# Misc. PHP CLI Configuration
sudo sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/7.0/cli/php.ini
sudo sed -i "s/display_errors = .*/display_errors = On/" /etc/php/7.0/cli/php.ini
sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.0/cli/php.ini
sudo sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.0/cli/php.ini
# Configure Sessions Directory Permissions
chmod 733 /var/lib/php/sessions
chmod +t /var/lib/php/sessions
# Write Systemd File For Linode
#
# REQUIRES:
# - server (the forge server instance)
# - site_name (the name of the site folder)
#
# Install Nginx & PHP-FPM
apt-get install -y --force-yes nginx php7.0-fpm
systemctl enable nginx.service
# Generate dhparam File
openssl dhparam -out /etc/nginx/dhparams.pem 2048
# Tweak Some PHP-FPM Settings
sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/7.0/fpm/php.ini
sed -i "s/display_errors = .*/display_errors = On/" /etc/php/7.0/fpm/php.ini
sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/" /etc/php/7.0/fpm/php.ini
sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.0/fpm/php.ini
sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.0/fpm/php.ini
# Configure FPM Pool Settings
sed -i "s/^user = www-data/user = forge/" /etc/php/7.0/fpm/pool.d/www.conf
sed -i "s/^group = www-data/group = forge/" /etc/php/7.0/fpm/pool.d/www.conf
sed -i "s/;listen\.owner.*/listen.owner = forge/" /etc/php/7.0/fpm/pool.d/www.conf
sed -i "s/;listen\.group.*/listen.group = forge/" /etc/php/7.0/fpm/pool.d/www.conf
sed -i "s/;listen\.mode.*/listen.mode = 0666/" /etc/php/7.0/fpm/pool.d/www.conf
sed -i "s/;request_terminate_timeout.*/request_terminate_timeout = 60/" /etc/php/7.0/fpm/pool.d/www.conf
# Configure Primary Nginx Settings
sed -i "s/user www-data;/user forge;/" /etc/nginx/nginx.conf
sed -i "s/worker_processes.*/worker_processes auto;/" /etc/nginx/nginx.conf
sed -i "s/# multi_accept.*/multi_accept on;/" /etc/nginx/nginx.conf
sed -i "s/# server_names_hash_bucket_size.*/server_names_hash_bucket_size 128;/" /etc/nginx/nginx.conf
# Configure Gzip
cat > /etc/nginx/conf.d/gzip.conf << EOF
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
text/plain
text/x-component;
EOF
# Disable The Default Nginx Site
rm /etc/nginx/sites-enabled/default
rm /etc/nginx/sites-available/default
service nginx restart
# Install A Catch All Server
cat > /etc/nginx/sites-available/catch-all << EOF
server {
return 404;
}
EOF
ln -s /etc/nginx/sites-available/catch-all /etc/nginx/sites-enabled/catch-all
# Restart Nginx & PHP-FPM Services
# Restart Nginx & PHP-FPM Services
#service nginx restart
service nginx reload
if [ ! -z "\$(ps aux | grep php-fpm | grep -v grep)" ]
then
service php7.3-fpm restart > /dev/null 2>&1
service php7.2-fpm restart > /dev/null 2>&1
service php7.1-fpm restart > /dev/null 2>&1
service php7.0-fpm restart > /dev/null 2>&1
service php5.6-fpm restart > /dev/null 2>&1
service php5-fpm restart > /dev/null 2>&1
fi
# Add Forge User To www-data Group
usermod -a -G www-data forge
id forge
groups forge
curl --silent --location https://deb.nodesource.com/setup_10.x | bash -
apt-get update
sudo apt-get install -y --force-yes nodejs
npm install -g pm2
npm install -g gulp
npm install -g yarn
#
# REQUIRES:
# - server (the forge server instance)
# - db_password (random password for database user)
#
# Install Postgres
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main" >> /etc/apt/sources.list.d/pgdg.list'
apt-get update
apt-get install -y --force-yes postgresql postgresql-contrib
# Configure Postgres For Remote Access
sed -i "s/#listen_addresses = 'localhost'/listen_addresses = '*'/g" /etc/postgresql/11/main/postgresql.conf
echo "host all all 0.0.0.0/0 md5" | tee -a /etc/postgresql/11/main/pg_hba.conf
sudo -u postgres psql -c "CREATE ROLE forge LOGIN PASSWORD 'K2frkqlLNuF2JyWvfiHo' SUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION;"
service postgresql restart
# Configure The Timezone
sudo sed -i "s/localtime/UTC/" /etc/postgresql/11/main/postgresql.conf
service postgresql restart
# Create The Initial Database If Specified
sudo -u postgres /usr/bin/createdb --echo --owner=forge forge
# Install & Configure Redis Server
apt-get install -y redis-server
sed -i 's/bind 127.0.0.1/bind 0.0.0.0/' /etc/redis/redis.conf
service redis-server restart
systemctl enable redis-server
# Install & Configure Memcached
apt-get install -y memcached
sed -i 's/-l 127.0.0.1/-l 0.0.0.0/' /etc/memcached.conf
service memcached restart
# Install & Configure Beanstalk
apt-get install -y --force-yes beanstalkd
sed -i "s/BEANSTALKD_LISTEN_ADDR.*/BEANSTALKD_LISTEN_ADDR=0.0.0.0/" /etc/default/beanstalkd
if grep START= /etc/default/beanstalkd; then
sed -i "s/#START=yes/START=yes/" /etc/default/beanstalkd
else
echo "START=yes" >> /etc/default/beanstalkd
fi
service beanstalkd start
sleep 5
service beanstalkd restart
systemctl enable beanstalkd
# Configure Supervisor Autostart
systemctl enable supervisor.service
service supervisor start
# Configure Swap Disk
if [ -f /swapfile ]; then
echo "Swap exists."
else
fallocate -l 1G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
echo "/swapfile none swap sw 0 0" >> /etc/fstab
echo "vm.swappiness=30" >> /etc/sysctl.conf
echo "vm.vfs_cache_pressure=50" >> /etc/sysctl.conf
fi
# Setup Unattended Security Upgrades
cat > /etc/apt/apt.conf.d/50unattended-upgrades << EOF
Unattended-Upgrade::Allowed-Origins {
"Ubuntu bionic-security";
};
Unattended-Upgrade::Package-Blacklist {
//
};
EOF
cat > /etc/apt/apt.conf.d/10periodic << EOF
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
EOF
curl --insecure --data "event_id=30082753&server_id=306982&sudo_password=6xTGCaGrhIYuUev8pBy5&db_password=K2frkqlLNuF2JyWvfiHo&recipe_id=" https://forge.laravel.com/provisioning/callback/app
Raw
forge71mysql8.sh
#
# REQUIRES:
# - server (the forge server instance)
# - event (the forge event instance)
# - sudo_password (random password for sudo)
# - db_password (random password for database user)
# - callback (the callback URL)
# - recipe_id (recipe id to run at the end)
#
sudo sed -i "s/#precedence ::ffff:0:0\/96 100/precedence ::ffff:0:0\/96 100/" /etc/gai.conf
# Upgrade The Base Packages
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get upgrade -y
# Add A Few PPAs To Stay Current
apt-get install -y --force-yes software-properties-common
# apt-add-repository ppa:fkrull/deadsnakes-python2.7 -y
apt-add-repository ppa:nginx/development -y
apt-add-repository ppa:chris-lea/redis-server -y
apt-add-repository ppa:ondrej/apache2 -y
apt-add-repository ppa:ondrej/php -y
# Setup MariaDB Repositories
# Update Package Lists
apt-get update
# Base Packages
add-apt-repository universe
apt-get install -y --force-yes build-essential curl fail2ban gcc git libmcrypt4 libpcre3-dev \
make python2.7 python-pip sendmail supervisor ufw unattended-upgrades unzip whois zsh ncdu
# Install Python Httpie
pip install httpie
# Disable Password Authentication Over SSH
sed -i "/PasswordAuthentication yes/d" /etc/ssh/sshd_config
echo "" | sudo tee -a /etc/ssh/sshd_config
echo "" | sudo tee -a /etc/ssh/sshd_config
echo "PasswordAuthentication no" | sudo tee -a /etc/ssh/sshd_config
# Restart SSH
ssh-keygen -A
service ssh restart
# Set The Hostname If Necessary
echo "tall-moon" > /etc/hostname
sed -i 's/127\.0\.0\.1.*localhost/127.0.0.1 tall-moon.localdomain tall-moon localhost/' /etc/hosts
hostname tall-moon
# Set The Timezone
# ln -sf /usr/share/zoneinfo/UTC /etc/localtime
ln -sf /usr/share/zoneinfo/UTC /etc/localtime
# Create The Root SSH Directory If Necessary
if [ ! -d /root/.ssh ]
then
mkdir -p /root/.ssh
touch /root/.ssh/authorized_keys
fi
# Setup Forge User
useradd forge
mkdir -p /home/forge/.ssh
mkdir -p /home/forge/.forge
adduser forge sudo
# Setup Bash For Forge User
chsh -s /bin/bash forge
cp /root/.profile /home/forge/.profile
cp /root/.bashrc /home/forge/.bashrc
# Set The Sudo Password For Forge
PASSWORD=$(mkpasswd PEi8Q20ZZorcEUNB6JRQ)
usermod --password $PASSWORD forge
# Build Formatted Keys & Copy Keys To Forge
cat > /root/.ssh/authorized_keys << EOF
# Laravel Forge
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCskbWtwbqj0f4Zrhz8vrDWfa74ljA83cbMvxlhnwDrdPt4a4ti7vJ+Y0O/Jwf4tWZmkL0ZmN6SOTcfRuUMqUw06obgVn/KH8lJMaEV+2k+TjBJijscuMmImxYuq7NiPbIyg05o5QsFEdqkdbnw0LIxy7cb/E/GDVBfsn/VxSMGQI3dks9SQpFRUgGMo8EfJL3JyRFxtm3H3sZMySHPWqssiNS/oNWb/dZ2fxpcnqKcTLSJo+W9eR+/MKoR0GHrhFF5zwXKxeOlbssdJtOS/ryeNEu4kakck7jOersT0A5jAx1HCw1N3lo+sBBt6ledyI4nlF2holF01+YEm+TsDZEh [email protected]
EOF
cp /root/.ssh/authorized_keys /home/forge/.ssh/authorized_keys
# Create The Server SSH Key
ssh-keygen -f /home/forge/.ssh/id_rsa -t rsa -N ''
# Copy Source Control Public Keys Into Known Hosts File
ssh-keyscan -H github.com >> /home/forge/.ssh/known_hosts
ssh-keyscan -H bitbucket.org >> /home/forge/.ssh/known_hosts
ssh-keyscan -H gitlab.com >> /home/forge/.ssh/known_hosts
# Configure Git Settings
git config --global user.name "Igor"
git config --global user.email "[email protected]"
# Add The Reconnect Script Into Forge Directory
cat > /home/forge/.forge/reconnect << EOF
#!/usr/bin/env bash
echo "# Laravel Forge" | tee -a /home/forge/.ssh/authorized_keys > /dev/null
echo \$1 | tee -a /home/forge/.ssh/authorized_keys > /dev/null
echo "# Laravel Forge" | tee -a /root/.ssh/authorized_keys > /dev/null
echo \$1 | tee -a /root/.ssh/authorized_keys > /dev/null
echo "Keys Added!"
EOF
# Setup Forge Home Directory Permissions
chown -R forge:forge /home/forge
chmod -R 755 /home/forge
chmod 700 /home/forge/.ssh/id_rsa
# Setup UFW Firewall
ufw allow 22
ufw allow 80
ufw allow 443
ufw --force enable
# Allow FPM Restart
echo "forge ALL=NOPASSWD: /usr/sbin/service php7.3-fpm reload" > /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php7.2-fpm reload" >> /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php7.1-fpm reload" >> /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php7.0-fpm reload" >> /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php5.6-fpm reload" >> /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php5-fpm reload" >> /etc/sudoers.d/php-fpm
# Install Base PHP Packages
apt-get install -y --force-yes php7.1-cli php7.1-dev \
php7.1-pgsql php7.1-sqlite3 php7.1-gd \
php7.1-curl php7.1-memcached \
php7.1-imap php7.1-mysql php7.1-mbstring \
php7.1-xml php7.1-imagick php7.1-zip php7.1-bcmath php7.1-soap \
php7.1-intl php7.1-readline php7.1-mcrypt
# Install Composer Package Manager
curl -sS https://getcomposer.org/installer | php
mv composer.phar /usr/local/bin/composer
# Misc. PHP CLI Configuration
sudo sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/7.1/cli/php.ini
sudo sed -i "s/display_errors = .*/display_errors = On/" /etc/php/7.1/cli/php.ini
sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.1/cli/php.ini
sudo sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.1/cli/php.ini
# Configure Sessions Directory Permissions
chmod 733 /var/lib/php/sessions
chmod +t /var/lib/php/sessions
# Write Systemd File For Linode
#
# REQUIRES:
# - server (the forge server instance)
# - site_name (the name of the site folder)
#
# Install Nginx & PHP-FPM
apt-get install -y --force-yes nginx php7.1-fpm
systemctl enable nginx.service
# Generate dhparam File
openssl dhparam -out /etc/nginx/dhparams.pem 2048
# Tweak Some PHP-FPM Settings
sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/7.1/fpm/php.ini
sed -i "s/display_errors = .*/display_errors = On/" /etc/php/7.1/fpm/php.ini
sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/" /etc/php/7.1/fpm/php.ini
sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.1/fpm/php.ini
sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.1/fpm/php.ini
# Configure FPM Pool Settings
sed -i "s/^user = www-data/user = forge/" /etc/php/7.1/fpm/pool.d/www.conf
sed -i "s/^group = www-data/group = forge/" /etc/php/7.1/fpm/pool.d/www.conf
sed -i "s/;listen\.owner.*/listen.owner = forge/" /etc/php/7.1/fpm/pool.d/www.conf
sed -i "s/;listen\.group.*/listen.group = forge/" /etc/php/7.1/fpm/pool.d/www.conf
sed -i "s/;listen\.mode.*/listen.mode = 0666/" /etc/php/7.1/fpm/pool.d/www.conf
sed -i "s/;request_terminate_timeout.*/request_terminate_timeout = 60/" /etc/php/7.1/fpm/pool.d/www.conf
# Configure Primary Nginx Settings
sed -i "s/user www-data;/user forge;/" /etc/nginx/nginx.conf
sed -i "s/worker_processes.*/worker_processes auto;/" /etc/nginx/nginx.conf
sed -i "s/# multi_accept.*/multi_accept on;/" /etc/nginx/nginx.conf
sed -i "s/# server_names_hash_bucket_size.*/server_names_hash_bucket_size 128;/" /etc/nginx/nginx.conf
# Configure Gzip
cat > /etc/nginx/conf.d/gzip.conf << EOF
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
text/plain
text/x-component;
EOF
# Disable The Default Nginx Site
rm /etc/nginx/sites-enabled/default
rm /etc/nginx/sites-available/default
service nginx restart
# Install A Catch All Server
cat > /etc/nginx/sites-available/catch-all << EOF
server {
return 404;
}
EOF
ln -s /etc/nginx/sites-available/catch-all /etc/nginx/sites-enabled/catch-all
# Restart Nginx & PHP-FPM Services
# Restart Nginx & PHP-FPM Services
#service nginx restart
service nginx reload
if [ ! -z "\$(ps aux | grep php-fpm | grep -v grep)" ]
then
service php7.3-fpm restart > /dev/null 2>&1
service php7.2-fpm restart > /dev/null 2>&1
service php7.1-fpm restart > /dev/null 2>&1
service php7.0-fpm restart > /dev/null 2>&1
service php5.6-fpm restart > /dev/null 2>&1
service php5-fpm restart > /dev/null 2>&1
fi
# Add Forge User To www-data Group
usermod -a -G www-data forge
id forge
groups forge
curl --silent --location https://deb.nodesource.com/setup_10.x | bash -
apt-get update
sudo apt-get install -y --force-yes nodejs
npm install -g pm2
npm install -g gulp
npm install -g yarn
#
# REQUIRES:
# - server (the forge server instance)
# - db_password (random password for mysql user)
#
# Set The Automated Root Password
export DEBIAN_FRONTEND=noninteractive
wget -c https://dev.mysql.com/get/mysql-apt-config_0.8.12-1_all.deb
dpkg --install mysql-apt-config_0.8.12-1_all.deb
debconf-set-selections <<< "mysql-community-server mysql-community-server/data-dir select ''"
debconf-set-selections <<< "mysql-community-server mysql-community-server/root-pass password 2BfaCQGXvwWs4chksok3"
debconf-set-selections <<< "mysql-community-server mysql-community-server/re-root-pass password 2BfaCQGXvwWs4chksok3"
apt-get update
# Install MySQL
apt-get install -y mysql-server
# Configure Password Expiration
echo "default_password_lifetime = 0" >> /etc/mysql/mysql.conf.d/mysqld.cnf
# Configure Access Permissions For Root & Forge Users
sed -i '/^bind-address/s/bind-address.*=.*/bind-address = */' /etc/mysql/mysql.conf.d/mysqld.cnf
mysql --user="root" --password="2BfaCQGXvwWs4chksok3" -e "CREATE USER 'root'@'167.71.3.113' IDENTIFIED WITH mysql_native_password BY '2BfaCQGXvwWs4chksok3';"
mysql --user="root" --password="2BfaCQGXvwWs4chksok3" -e "CREATE USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY '2BfaCQGXvwWs4chksok3';"
mysql --user="root" --password="2BfaCQGXvwWs4chksok3" -e "GRANT ALL PRIVILEGES ON *.* TO root@'167.71.3.113' WITH GRANT OPTION;"
mysql --user="root" --password="2BfaCQGXvwWs4chksok3" -e "GRANT ALL PRIVILEGES ON *.* TO root@'%' WITH GRANT OPTION;"
service mysql restart
mysql --user="root" --password="2BfaCQGXvwWs4chksok3" -e "CREATE USER 'forge'@'167.71.3.113' IDENTIFIED WITH mysql_native_password BY '2BfaCQGXvwWs4chksok3';"
mysql --user="root" --password="2BfaCQGXvwWs4chksok3" -e "CREATE USER 'forge'@'%' IDENTIFIED WITH mysql_native_password BY '2BfaCQGXvwWs4chksok3';"
mysql --user="root" --password="2BfaCQGXvwWs4chksok3" -e "GRANT ALL PRIVILEGES ON *.* TO 'forge'@'167.71.3.113' WITH GRANT OPTION;"
mysql --user="root" --password="2BfaCQGXvwWs4chksok3" -e "GRANT ALL PRIVILEGES ON *.* TO 'forge'@'%' WITH GRANT OPTION;"
mysql --user="root" --password="2BfaCQGXvwWs4chksok3" -e "FLUSH PRIVILEGES;"
# Create The Initial Database If Specified
mysql --user="root" --password="2BfaCQGXvwWs4chksok3" -e "CREATE DATABASE forge CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
# Install & Configure Redis Server
apt-get install -y redis-server
sed -i 's/bind 127.0.0.1/bind 0.0.0.0/' /etc/redis/redis.conf
service redis-server restart
systemctl enable redis-server
# Install & Configure Memcached
apt-get install -y memcached
sed -i 's/-l 127.0.0.1/-l 0.0.0.0/' /etc/memcached.conf
service memcached restart
# Install & Configure Beanstalk
apt-get install -y --force-yes beanstalkd
sed -i "s/BEANSTALKD_LISTEN_ADDR.*/BEANSTALKD_LISTEN_ADDR=0.0.0.0/" /etc/default/beanstalkd
if grep START= /etc/default/beanstalkd; then
sed -i "s/#START=yes/START=yes/" /etc/default/beanstalkd
else
echo "START=yes" >> /etc/default/beanstalkd
fi
service beanstalkd start
sleep 5
service beanstalkd restart
systemctl enable beanstalkd
# Configure Supervisor Autostart
systemctl enable supervisor.service
service supervisor start
# Configure Swap Disk
if [ -f /swapfile ]; then
echo "Swap exists."
else
fallocate -l 1G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
echo "/swapfile none swap sw 0 0" >> /etc/fstab
echo "vm.swappiness=30" >> /etc/sysctl.conf
echo "vm.vfs_cache_pressure=50" >> /etc/sysctl.conf
fi
# Setup Unattended Security Upgrades
cat > /etc/apt/apt.conf.d/50unattended-upgrades << EOF
Unattended-Upgrade::Allowed-Origins {
"Ubuntu bionic-security";
};
Unattended-Upgrade::Package-Blacklist {
//
};
EOF
cat > /etc/apt/apt.conf.d/10periodic << EOF
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
EOF
curl --insecure --data "event_id=30082785&server_id=306983&sudo_password=PEi8Q20ZZorcEUNB6JRQ&db_password=2BfaCQGXvwWs4chksok3&recipe_id=" https://forge.laravel.com/provisioning/callback/app
Raw
letsencrypt.sh
#
# REQUIRES:
# - site (the forge site instance)
#
# Remove The Nginx Site
rm "/etc/nginx/sites-enabled/www.default"
rm "/etc/nginx/sites-enabled/default"
rm "/etc/nginx/sites-available/www.default"
rm "/etc/nginx/sites-available/default"
# Remove Configuration Directories
rm -rf "/etc/nginx/forge-conf/default"
rm -rf "/etc/nginx/forge-conf/www.default"
# Remove The SSL Certificates
rm -rf "/etc/nginx/ssl/default"
# Remove The Site In Forge Directory
rm -rf "/home/forge/default"
# Restart Nginx & PHP-FPM Services
# Restart Nginx & PHP-FPM Services
#service nginx restart
service nginx reload
if [ ! -z "\$(ps aux | grep php-fpm | grep -v grep)" ]
then
service php7.3-fpm restart > /dev/null 2>&1
service php7.2-fpm restart > /dev/null 2>&1
service php7.1-fpm restart > /dev/null 2>&1
service php7.0-fpm restart > /dev/null 2>&1
service php5.6-fpm restart > /dev/null 2>&1
service php5-fpm restart > /dev/null 2>&1
fi
root@ubuntu-s-1vcpu-1gb-ams3-06:~/.forge# cat provision-30439323.sh
#
# REQUIRES:
# - site (the forge site instance)
#
cat > /etc/nginx/fastcgi_params << EOF
fastcgi_param QUERY_STRING \$query_string;
fastcgi_param REQUEST_METHOD \$request_method;
fastcgi_param CONTENT_TYPE \$content_type;
fastcgi_param CONTENT_LENGTH \$content_length;
fastcgi_param SCRIPT_FILENAME \$request_filename;
fastcgi_param SCRIPT_NAME \$fastcgi_script_name;
fastcgi_param REQUEST_URI \$request_uri;
fastcgi_param DOCUMENT_URI \$document_uri;
fastcgi_param DOCUMENT_ROOT \$document_root;
fastcgi_param SERVER_PROTOCOL \$server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/\$nginx_version;
fastcgi_param REMOTE_ADDR \$remote_addr;
fastcgi_param REMOTE_PORT \$remote_port;
fastcgi_param SERVER_ADDR \$server_addr;
fastcgi_param SERVER_PORT \$server_port;
fastcgi_param SERVER_NAME \$server_name;
fastcgi_param HTTPS \$https if_not_empty;
fastcgi_param REDIRECT_STATUS 200;
fastcgi_param HTTP_PROXY "";
EOF
# Generate dhparams File If Necessary
if [ ! -f /etc/nginx/dhparams.pem ]
then
openssl dhparam -out /etc/nginx/dhparams.pem 2048
fi
# Write The Nginx Server Block For The Site
rm -f "/etc/nginx/sites-available/sputnikcloud.com"
rm -f "/etc/nginx/sites-available/www.sputnikcloud.com"
cat > /etc/nginx/sites-available/sputnikcloud.com << EOF
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/sputnikcloud.com/before/*;
server {
listen 80;
listen [::]:80;
server_name sputnikcloud.com;
root /home/forge/sputnikcloud.com/public;
# FORGE SSL (DO NOT REMOVE!)
# ssl_certificate;
# ssl_certificate_key;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/sputnikcloud.com/server/*;
location / {
try_files \$uri \$uri/ /index.php?\$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/sputnikcloud.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/sputnikcloud.com/after/*;
EOF
# Write The Configuration Directories
mkdir -p /etc/nginx/forge-conf/sputnikcloud.com/before
mkdir -p /etc/nginx/forge-conf/sputnikcloud.com/after
mkdir -p /etc/nginx/forge-conf/sputnikcloud.com/server
# Enable The Nginx Sites
rm -f "/etc/nginx/sites-enabled/sputnikcloud.com"
rm -f "/etc/nginx/sites-enabled/www.sputnikcloud.com"
ln -s /etc/nginx/sites-available/sputnikcloud.com /etc/nginx/sites-enabled/sputnikcloud.com
# Write The Base Redirector For The Site
#
# REQUIRES:
# - server (the server instance)
# - site (the site instance)
# - siteName (the site name)
# - aliases (the site aliases)
# - certificate (the certificate) (optional)
#
rm -f /etc/nginx/forge-conf/sputnikcloud.com/before/redirect.conf
rm -f /etc/nginx/forge-conf/sputnikcloud.com/before/ssl_redirect.conf
cat > /etc/nginx/forge-conf/sputnikcloud.com/before/redirect.conf << EOF
server {
listen 80;
listen [::]:80;
server_name www.sputnikcloud.com;
return 301 \$scheme://sputnikcloud.com\$request_uri;
}
EOF
# Restart Nginx & PHP-FPM Services
service nginx reload
if [ ! -z "\$(ps aux | grep php-fpm | grep -v grep)" ]
then
service php7.3-fpm restart > /dev/null 2>&1
service php7.2-fpm restart > /dev/null 2>&1
service php7.1-fpm restart > /dev/null 2>&1
service php7.0-fpm restart > /dev/null 2>&1
service php5.6-fpm restart > /dev/null 2>&1
service php5-fpm restart > /dev/null 2>&1
fi
# Restart HHVM-FastCGI When Running HHVM
Raw
nginx-site.sh
# INSTALL
# REQUIRES:
# - site (the forge site instance)
#
cat > /etc/nginx/fastcgi_params << EOF
fastcgi_param QUERY_STRING \$query_string;
fastcgi_param REQUEST_METHOD \$request_method;
fastcgi_param CONTENT_TYPE \$content_type;
fastcgi_param CONTENT_LENGTH \$content_length;
fastcgi_param SCRIPT_FILENAME \$request_filename;
fastcgi_param SCRIPT_NAME \$fastcgi_script_name;
fastcgi_param REQUEST_URI \$request_uri;
fastcgi_param DOCUMENT_URI \$document_uri;
fastcgi_param DOCUMENT_ROOT \$document_root;
fastcgi_param SERVER_PROTOCOL \$server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/\$nginx_version;
fastcgi_param REMOTE_ADDR \$remote_addr;
fastcgi_param REMOTE_PORT \$remote_port;
fastcgi_param SERVER_ADDR \$server_addr;
fastcgi_param SERVER_PORT \$server_port;
fastcgi_param SERVER_NAME \$server_name;
fastcgi_param HTTPS \$https if_not_empty;
fastcgi_param REDIRECT_STATUS 200;
fastcgi_param HTTP_PROXY "";
EOF
# Generate dhparams File If Necessary
if [ ! -f /etc/nginx/dhparams.pem ]
then
openssl dhparam -out /etc/nginx/dhparams.pem 2048
fi
# Write The Nginx Server Block For The Site
rm -f "/etc/nginx/sites-available/superprojects.space"
rm -f "/etc/nginx/sites-available/www.superprojects.space"
cat > /etc/nginx/sites-available/superprojects.space << EOF
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/superprojects.space/before/*;
server {
listen 80;
listen [::]:80;
server_name superprojects.space;
root /home/forge/superprojects.space/public;
# FORGE SSL (DO NOT REMOVE!)
# ssl_certificate;
# ssl_certificate_key;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/superprojects.space/server/*;
location / {
try_files \$uri \$uri/ /index.php?\$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/superprojects.space-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/superprojects.space/after/*;
EOF
# Write The Configuration Directories
mkdir -p /etc/nginx/forge-conf/superprojects.space/before
mkdir -p /etc/nginx/forge-conf/superprojects.space/after
mkdir -p /etc/nginx/forge-conf/superprojects.space/server
# Enable The Nginx Sites
rm -f "/etc/nginx/sites-enabled/superprojects.space"
rm -f "/etc/nginx/sites-enabled/www.superprojects.space"
ln -s /etc/nginx/sites-available/superprojects.space /etc/nginx/sites-enabled/superprojects.space
# Write The Base Redirector For The Site
#
# REQUIRES:
# - server (the server instance)
# - site (the site instance)
# - siteName (the site name)
# - aliases (the site aliases)
# - certificate (the certificate) (optional)
#
rm -f /etc/nginx/forge-conf/superprojects.space/before/redirect.conf
rm -f /etc/nginx/forge-conf/superprojects.space/before/ssl_redirect.conf
cat > /etc/nginx/forge-conf/superprojects.space/before/redirect.conf << EOF
server {
listen 80;
listen [::]:80;
server_name www.superprojects.space;
return 301 \$scheme://superprojects.space\$request_uri;
}
EOF
# Restart Nginx & PHP-FPM Services
service nginx reload
if [ ! -z "\$(ps aux | grep php-fpm | grep -v grep)" ]
then
service php7.3-fpm restart > /dev/null 2>&1
service php7.2-fpm restart > /dev/null 2>&1
service php7.1-fpm restart > /dev/null 2>&1
service php7.0-fpm restart > /dev/null 2>&1
service php5.6-fpm restart > /dev/null 2>&1
service php5-fpm restart > /dev/null 2>&1
fi
# Restart HHVM-FastCGI When Running HHVM
# REMOVE
# REQUIRES:
# - site (the forge site instance)
#
# Remove The Nginx Site
rm "/etc/nginx/sites-enabled/www.superprojects.space"
rm "/etc/nginx/sites-enabled/superprojects.space"
rm "/etc/nginx/sites-available/www.superprojects.space"
rm "/etc/nginx/sites-available/superprojects.space"
# Remove Configuration Directories
rm -rf "/etc/nginx/forge-conf/superprojects.space"
rm -rf "/etc/nginx/forge-conf/www.superprojects.space"
# Remove The SSL Certificates
rm -rf "/etc/nginx/ssl/superprojects.space"
# Remove The Site In Forge Directory
rm -rf "/home/forge/superprojects.space"
# Restart Nginx & PHP-FPM Services
# Restart Nginx & PHP-FPM Services
#service nginx restart
service nginx reload
if [ ! -z "\$(ps aux | grep php-fpm | grep -v grep)" ]
then
service php7.3-fpm restart > /dev/null 2>&1
service php7.2-fpm restart > /dev/null 2>&1
service php7.1-fpm restart > /dev/null 2>&1
service php7.0-fpm restart > /dev/null 2>&1
service php5.6-fpm restart > /dev/null 2>&1
service php5-fpm restart > /dev/null 2>&1
fi
Raw
opcache.sh
# ENABLE
# REQUIRES:
# - server (the forge server instance)
#
sed -i "s/;\?opcache\.enable=.*/opcache.enable = 1/" /etc/php/7.3/fpm/php.ini
sed -i "s/;\?opcache\.enable =.*/opcache.enable = 1/" /etc/php/7.3/fpm/php.ini
sed -i "s/;\?opcache\.memory_consumption.*/opcache.memory_consumption = 512/" /etc/php/7.3/fpm/php.ini
sed -i "s/;\?opcache\.interned_strings_buffer.*/opcache.interned_strings_buffer = 64/" /etc/php/7.3/fpm/php.ini
sed -i "s/;\?opcache\.max_accelerated_files.*/opcache.max_accelerated_files = 30000/" /etc/php/7.3/fpm/php.ini
sed -i "s/;\?opcache\.validate_timestamps.*/opcache.validate_timestamps = 0/" /etc/php/7.3/fpm/php.ini
sed -i "s/;\?opcache\.save_comments.*/opcache.save_comments = 1/" /etc/php/7.3/fpm/php.ini
# sed -i "s/;\?opcache\.fast_shutdown.*/opcache.fast_shutdown = 1/" /etc/php/7.3/fpm/php.ini
# Restart Nginx & PHP-FPM Services
#service nginx restart
service nginx reload
if [ ! -z "\$(ps aux | grep php-fpm | grep -v grep)" ]
then
service php7.3-fpm restart > /dev/null 2>&1
service php7.2-fpm restart > /dev/null 2>&1
service php7.1-fpm restart > /dev/null 2>&1
service php7.0-fpm restart > /dev/null 2>&1
service php5.6-fpm restart > /dev/null 2>&1
service php5-fpm restart > /dev/null 2>&1
fi
# DISABLE
# REQUIRES:
# - server (the forge server instance)
#
sed -i "s/;\?opcache.enable=.*/opcache.enable = 0/" /etc/php/7.3/fpm/php.ini
sed -i "s/;\?opcache.enable =.*/opcache.enable = 0/" /etc/php/7.3/fpm/php.ini
# Restart Nginx & PHP-FPM Services
#service nginx restart
service nginx reload
if [ ! -z "\$(ps aux | grep php-fpm | grep -v grep)" ]
then
service php7.3-fpm restart > /dev/null 2>&1
service php7.2-fpm restart > /dev/null 2>&1
service php7.1-fpm restart > /dev/null 2>&1
service php7.0-fpm restart > /dev/null 2>&1
service php5.6-fpm restart > /dev/null 2>&1
service php5-fpm restart > /dev/null 2>&1
fi
Raw
php-upgrade.sh
#
# REQUIRES:
# - server (the forge server instance)
#
set -e
export DEBIAN_FRONTEND=noninteractive
apt-get install -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -y --only-upgrade php7.0-cli php7.0-dev \
php7.0-pgsql php7.0-sqlite3 php7.0-gd \
php7.0-curl php7.0-dev \
php7.0-imap php7.0-mysql php7.0-memcached php7.0-mcrypt php7.0-mbstring \
php7.0-xml php7.0-imagick php7.0-zip php7.0-bcmath php7.0-soap \
php7.0-intl php7.0-readline
apt-get install -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -y --only-upgrade php7.1-fpm php7.1-cli php7.1-dev \
php7.1-pgsql php7.1-sqlite3 php7.1-gd \
php7.1-curl php7.1-memcached \
php7.1-imap php7.1-mysql php7.1-mbstring \
php7.1-xml php7.1-zip php7.1-bcmath php7.1-soap \
php7.1-intl php7.1-readline php7.1-mcrypt php-msgpack php-igbinary
apt-get install -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -y --only-upgrade php7.2-cli php7.2-dev \
php7.2-pgsql php7.2-sqlite3 php7.2-gd \
php7.2-curl php7.2-memcached \
php7.2-imap php7.2-mysql php7.2-mbstring \
php7.2-xml php7.2-zip php7.2-bcmath php7.2-soap \
php7.2-intl php7.2-readline
apt-get install -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -y --only-upgrade php7.3-fpm php7.3-cli php7.3-dev \
php7.3-pgsql php7.3-sqlite3 php7.3-gd \
php7.3-curl php7.3-memcached \
php7.3-imap php7.3-mysql php7.3-mbstring \
php7.3-xml php7.3-zip php7.3-bcmath php7.3-soap \
php7.3-intl php7.3-readline php-msgpack php-igbinary
echo "Restarting Nginx"
service nginx restart
service nginx reload
echo "Nginx Restarted"
Raw
redirect.sh
# INSTALL
# REQUIRES:
# - rule (the forge redirect rule instance)
#
if [ ! -f /etc/nginx/forge-conf/superprojects.space/server/redirect_rules.conf ]
then
touch /etc/nginx/forge-conf/superprojects.space/server/redirect_rules.conf
fi
echo "" > /etc/nginx/forge-conf/superprojects.space/server/redirect_rules.conf
echo "" | tee -a /etc/nginx/forge-conf/superprojects.space/server/redirect_rules.conf
echo "# Laravel Forge Redirect Rule 34892" | tee -a /etc/nginx/forge-conf/superprojects.space/server/redirect_rules.conf
echo "rewrite test1 tset2 redirect;" | tee -a /etc/nginx/forge-conf/superprojects.space/server/redirect_rules.conf
# Restart Nginx & PHP-FPM Services
#service nginx restart
service nginx reload
if [ ! -z "\$(ps aux | grep php-fpm | grep -v grep)" ]
then
service php7.3-fpm restart > /dev/null 2>&1
service php7.2-fpm restart > /dev/null 2>&1
service php7.1-fpm restart > /dev/null 2>&1
service php7.0-fpm restart > /dev/null 2>&1
service php5.6-fpm restart > /dev/null 2>&1
service php5-fpm restart > /dev/null 2>&1
fi
# REMOVE
# REQUIRES:
# - rule (the forge redirect rule instance)
#
if [ ! -f /etc/nginx/forge-conf/superprojects.space/server/redirect_rules.conf ]
then
touch /etc/nginx/forge-conf/superprojects.space/server/redirect_rules.conf
fi
echo "" > /etc/nginx/forge-conf/superprojects.space/server/redirect_rules.conf
# Restart Nginx & PHP-FPM Services
#service nginx restart
service nginx reload
if [ ! -z "\$(ps aux | grep php-fpm | grep -v grep)" ]
then
service php7.3-fpm restart > /dev/null 2>&1
service php7.2-fpm restart > /dev/null 2>&1
service php7.1-fpm restart > /dev/null 2>&1
service php7.0-fpm restart > /dev/null 2>&1
service php5.6-fpm restart > /dev/null 2>&1
service php5-fpm restart > /dev/null 2>&1
fi
Raw
scheduler.sh
# INSTALL
# REQUIRES:
# - job (the forge job instance)
#
echo "" | tee -a /etc/crontab
echo "# Laravel Forge Scheduler 469075" | tee -a /etc/crontab
echo '0 0 * * 0 root apt-get autoremove && apt-get autoclean > /home/forge/.forge/scheduled-469075.log 2>&1' | tee -a /etc/crontab
# REMOVE
# REQUIRES:
# - job_id (the forge job ID)
#
sed -i "/# Laravel Forge Scheduler 469074/,+1d" /etc/crontab
Raw
ssh.sh
# INSTALL
# REQUIRES:
# - name (the name of the SSH Key)
# - key (the key text)
#
echo "# Megacomp" | tee -a /home/forge/.ssh/authorized_keys
echo "ssh-rsa ..." | tee -a /home/forge/.ssh/authorized_key
# REMOVE
# REQUIRES:
# - name (the name of the SSH Key)
#
sed -i "/# test$/,+1d" /home/forge/.ssh/authorized_keys
Raw
ssl-cert.sh
#
# REQUIRES:
# - certificate (the certificate instance)
# - site (the site instance)
# - key (the private key)
# - contents (the text of the certificate)
#
# Make A Directory To Hold The Files
mkdir -p /etc/nginx/ssl/superprojects.space/598643
# Install The Private Key
cat > /etc/nginx/ssl/superprojects.space/598643/server.key << EOF
test
EOF
# Install The SSL Certificate
cat > /etc/nginx/ssl/superprojects.space/598643/server.crt << EOF
test
EOF
# REQUIRES:
# - server (the server instance)
# - certificate (the certificate)
# - site (the site instance)
#
# Build DHParams If Necessary
if [ ! -f /etc/nginx/dhparams.pem ]
then
openssl dhparam -out /etc/nginx/dhparams.pem 2048
fi
# Change Site To Listen On Port 443
sed -i "s/listen 80;/listen 443 ssl http2;/" /etc/nginx/sites-available/sputnikcloud.com
sed -i "s/listen \[::\]:80;/listen \[::\]:443 ssl http2;/" /etc/nginx/sites-available/sputnikcloud.com
sed -i "s/listen 80 default_server;/listen 443 ssl http2;/" /etc/nginx/sites-available/sputnikcloud.com
sed -i "s/listen \[::\]:80 default_server;/listen \[::\]:443 ssl http2;/" /etc/nginx/sites-available/sputnikcloud.com
# Replace Forge SSL Stubs
sed -i -r "s/# ssl_certificate_key.*/ssl_certificate_key \/etc\/nginx\/ssl\/sputnikcloud.com\/605289\/server.key;/" /etc/nginx/sites-available/sputnikcloud.com
sed -i -r "s/# ssl_certificate.*/ssl_certificate \/etc\/nginx\/ssl\/sputnikcloud.com\/605289\/server.crt;/" /etc/nginx/sites-available/sputnikcloud.com
# Write The SSL Redirect
rm -f "/etc/nginx/forge-conf/sputnikcloud.com/before/redirect.conf"
rm -f "/etc/nginx/forge-conf/sputnikcloud.com/before/ssl_redirect.conf"
#
# REQUIRES:
# - server (the server instance)
# - site (the site instance)
# - siteName (the site name)
# - aliases (the site aliases)
# - certificate (the certificate) (optional)
#
rm -f /etc/nginx/forge-conf/sputnikcloud.com/before/redirect.conf
rm -f /etc/nginx/forge-conf/sputnikcloud.com/before/ssl_redirect.conf
cat > /etc/nginx/forge-conf/sputnikcloud.com/before/ssl_redirect.conf << EOF
# Redirect every request to HTTPS...
server {
listen 80;
listen [::]:80;
server_name .sputnikcloud.com;
return 301 https://\$host\$request_uri;
}
# Redirect SSL to primary domain SSL...
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/sputnikcloud.com/605289/server.crt;
ssl_certificate_key /etc/nginx/ssl/sputnikcloud.com/605289/server.key;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
server_name www.sputnikcloud.com;
return 301 https://sputnikcloud.com\$request_uri;
}
EOF
# Remove Legacy "www" Server Blocks
rm -f "/etc/nginx/sites-enabled/www.sputnikcloud.com"
rm -f "/etc/nginx/sites-available/www.sputnikcloud.com"
# Setup Renew Job If Using LetsEncrypt
#
# REQUIRES:
# - certificate (the certificate)
#
# Remove Any Existing File
rm -f /etc/cron.d/letsencrypt-renew-830338
# Add The Cron File
# Restart Nginx & PHP-FPM Services
# Restart Nginx & PHP-FPM Services
#service nginx restart
service nginx reload
if [ ! -z "\$(ps aux | grep php-fpm | grep -v grep)" ]
then
service php7.3-fpm restart > /dev/null 2>&1
service php7.2-fpm restart > /dev/null 2>&1
service php7.1-fpm restart > /dev/null 2>&1
service php7.0-fpm restart > /dev/null 2>&1
service php5.6-fpm restart > /dev/null 2>&1
service php5-fpm restart > /dev/null 2>&1
fi
nginx -s reload
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment