Amazon Linux 2 LTS - Wordpress / PHP-FPM / NGINX / MariaDB / WP-CLI Auto Install

aws-linux-2-wordpress.sh

#!/bin/bash

##############################################################
# Set Your System and Wordpress Config Preferences
##############################################################

export SYSTEM_USER=username          # User PHP-FPM runs under

# Database 
export WP_DB_NAME=wordpress
export WP_DB_USER=wordpress
export WP_DB_PASS=strongpassword
export WP_DB_PREFIX=em_               # Only numbers, letters, and underscores please!

# Site info
export SITE_URL=www.domain.com
export SITE_TITLE="My Great Wordpress Site"

# Wordpress Login Info (please don't use 'admin' here)
export ADMIN_USERNAME=username
export ADMIN_PASSWORD=verystrongpassword
export [email protected]

##########################
# Start the setup and install
##########################
# Run system updates
yum update -y

# Install NGINX 1.12
amazon-linux-extras install nginx1.12

# Install PHP 7.2
amazon-linux-extras install php7.2


# Install MariaDB (MySQL replacement)
yum install -y mariadb-server mariadb


# I like to setup my websites under /var/www/vhosts/domain.com/httpdocs It's how I roll

mkdir -p /var/www/vhosts/$SITE_URL/httpdocs

# Create a user for the website to run under (I don't like running as a guessable user)
useradd -d /var/www/vhosts/$SITE_URL/  $SYSTEM_USER

# Set permissions
chown -R $SYSTEM_USER:$SYSTEM_USER  /var/www/vhosts/$SITE_URL

# Configure PHP-FPM instance to run as the user created (replace <USERNAME> with the user you used in the last step)
cat << EOF > /etc/php-fpm.d/www.conf 
[www]
user = $SYSTEM_USER
group = $SYSTEM_USER
listen = /run/php-fpm/www.sock
listen.acl_users = apache,nginx
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
slowlog = /var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path]    = /var/lib/php/session
php_value[soap.wsdl_cache_dir]  = /var/lib/php/wsdlcache
EOF

# Configure NGINX
cat << EOF > /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '\$remote_addr - \$remote_user [\$time_local] "\$request" '
                      '\$status \$body_bytes_sent "\$http_referer" '
                      '"\$http_user_agent" "\$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;
}
EOF

# Configure NGINX VirtualHost
cat << EOF > /etc/nginx/conf.d/$SITE_URL.conf
server {
    listen       80 ;
    server_name  $SITE_URL;
    server_name _;
    # note that these lines are originally from the "location /" block
    root   /var/www/vhosts/$SITE_URL/httpdocs;
    index index.php index.html index.htm;
    location = /favicon.ico {
            log_not_found off;
            access_log off;
    }
    location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
    }
    location / {
            # This is cool because no php is touched for static content.
            # include the "?" part so non-default permalinks doesn't break when using query string
		try_files \$uri \$uri/ /index.php?\$args;
    }
    location ~* \.(js|css|png|jpg|jpeg|gif|ico)\$ {
            expires max;
            log_not_found off;
    }
    error_page 404 /404.html;
    error_page 500 502 503 504 /50x.html;

    location = /50x.html {
        root /usr/share/nginx/html;
    }
	location ~ \.(php|phar)(/.*)?\$ {
	    fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)\$; 
	    fastcgi_pass unix:/run/php-fpm/www.sock;
	    fastcgi_intercept_errors on;
	    fastcgi_index  index.php;
	    include        fastcgi_params;
	    fastcgi_param  SCRIPT_FILENAME  \$document_root\$fastcgi_script_name;
	    fastcgi_param  PATH_INFO \$fastcgi_path_info;
	}
}
EOF

# remove un-used files
rm -f /etc/nginx/conf.d/php-fpm.conf
rm -f /etc/nginx/default.d/php.conf


# Start services and set to start on boot

systemctl start mariadb
systemctl enable php-fpm
systemctl start nginx
systemctl enable nginx
systemctl start php-fpm
systemctl enable php-fpm

sleep 15

# Secure MariaDB with a Random Password and save it in /root/.my.cnf
# Also setup Wordpress DB

SQLROOTPASS=`< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo;`

mysql -u root <<-EOF

UPDATE mysql.user SET Password=PASSWORD('`echo $SQLROOTPASS`') WHERE User='root';
DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
DELETE FROM mysql.user WHERE User='';
DELETE FROM mysql.db WHERE Db='test' OR Db='test_%';
DROP DATABASE test;
CREATE DATABASE $WP_DB_NAME;
grant all on $WP_DB_NAME.* to $WP_DB_USER@'localhost' identified by '$WP_DB_PASS';
FLUSH PRIVILEGES;
EOF


cat << EOF > ~/.my.cnf 
[client] 
password=`echo $SQLROOTPASS` 
EOF

sleep 5


# Install WP-CLI (wp-cli.org)

curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
chmod +x wp-cli.phar 
mv wp-cli.phar /usr/local/bin/wp


# Install Wordpress as the SYSTEM_USER

su $SYSTEM_USER
cd /var/www/vhosts/$SITE_URL/httpdocs
wp core download
wp config create --dbname=$WP_DB_NAME --dbuser=$WP_DB_USER --dbpass=$WP_DB_PASS --dbprefix=$WP_DB_PREFIX
wp core install --url=$SITE_URL --title="$SITE_TITLE" --admin_user=$ADMIN_USERNAME --admin_password=$ADMIN_PASSWORD --admin_email=$ADMIN_EMAIL