Server Provisioning Recipe

gistfile1.sh

# Update packages

apt-get update
apt-get upgrade -y

# Add A Few PPAs To Stay Current

apt-get install -y software-properties-common

apt-add-repository ppa:nginx/stable -y
apt-add-repository ppa:rwky/redis -y
apt-add-repository ppa:chris-lea/node.js -y
apt-add-repository ppa:ondrej/php5-5.6 -y

apt-get update


# Add some common packages

apt-get install -y build-essential curl fail2ban gcc git libmcrypt4 libpcre3-dev \
make python-pip supervisor ufw unattended-upgrades unzip whois zsh

# Set the server timezone
ln -sf /usr/share/zoneinfo/Europe/London /etc/localtime

# Set the server's SSH key
ssh-keygen -f ~/.ssh/id_rsa -t rsa -N ''

# Now Add Github And Bitbucket Public Keys to known_hosts

ssh-keyscan -H github.com >> ~/.ssh/known_hosts
ssh-keyscan -H bitbucket.org >> ~/.ssh/known_hosts



# Allow Unattended Upgrades
# Security Upgrades

cat > /etc/apt/apt.conf.d/50unattended-upgrades << EOF
Unattended-Upgrade::Allowed-Origins {
	"Ubuntu trusty-security";
};
Unattended-Upgrade::Package-Blacklist {
	//
};
EOF

# Periodic Package Upgrades

cat > /etc/apt/apt.conf.d/10periodic << EOF
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
EOF


# Setup UFW Firewall

ufw allow 22
ufw allow 80
ufw allow 443
ufw --force enable

# Install PHP with FPM, MySQL support, Curl, Caching, mcrypt and JSON
apt-get install -y php5-cli php5-dev php-pear \
php5-mysqlnd php5-pgsql php5-sqlite \
php5-apcu php5-json php5-curl php5-dev php5-gd \
php5-gmp php5-imap php5-mcrypt php5-memcached php5-xdebug

# include the mcrypt module
ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
sudo php5enmod mcrypt

# Restart NGINX
sudo service nginx restart

# Install Composer and make it globally accessible
curl -sS https://getcomposer.org/installer | php
mv composer.phar /usr/local/bin/composer

# Modify php.ini file to change error reporting settings, memory limits and timezone
sudo sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php5/cli/php.ini
sudo sed -i "s/display_errors = .*/display_errors = On/" /etc/php5/cli/php.ini
sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php5/cli/php.ini
sudo sed -i "s/;date.timezone.*/date.timezone = Europe\/Dublin/" /etc/php5/cli/php.ini

# Install Nginx & PHP-FPM

apt-get install -y nginx php5-fpm

# Disable The Default Nginx Site

rm /etc/nginx/sites-enabled/default
rm /etc/nginx/sites-available/default
service nginx restart

# Modify FPM php.ini 

sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php5/fpm/php.ini
sed -i "s/display_errors = .*/display_errors = On/" /etc/php5/fpm/php.ini
sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/" /etc/php5/fpm/php.ini
sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php5/fpm/php.ini
sed -i "s/;date.timezone.*/date.timezone = Europe\/Dublin/" /etc/php5/fpm/php.ini
sed -i "s/\;session.save_path = .*/session.save_path = \"\/var\/lib\/php5\/sessions\"/" /etc/php5/fpm/php.ini

# Set a Catch-All VHOST to always return 404
cat > /etc/nginx/sites-available/catch-all << EOF
server {
	return 404;
}
EOF

ln -s /etc/nginx/sites-available/catch-all /etc/nginx/sites-enabled/catch-all

# Restart Nginx & PHP-FPM Services

service php5-fpm restart
service nginx restart

# Set MySQL root password

debconf-set-selections <<< "mysql-server mysql-server/root_password password root"
debconf-set-selections <<< "mysql-server mysql-server/root_password_again password root"

# Install MySQL server

apt-get install -y mysql-server


# Install & Configure Memcached

apt-get install -y memcached
sed -i 's/-l 127.0.0.1/-l 0.0.0.0/' /etc/memcached.conf
service memcached restart

# Add Actual vhost and enable it

cat > /etc/nginx/sites-available/MYSITE << EOF
server {
	listen 80 default_server;
	root /var/www/home/MYSITE/public;
        index index.php app.php ;

	# Make site accessible from http://localhost/
	server_name localhost www.MYSITE.com;
 
        # set expiration of assets to MAX for caching
        location ~* \.(ico|css|js|gif|jpe?g|png)(\?[0-9]+)?$ {
                expires max;
                log_not_found off;
        }
 
        location / {
                try_files $uri $uri/ /index.php?$args;
        }
 
        location ~ \.php$ { 
          root /var/www/home/MYSITE/public;
          try_files $uri =404; 
          # NOTE: You should have "cgi.fix_pathinfo = 1;" in php.ini 
          # With php5-fpm: 
          include fastcgi_params; 
          fastcgi_pass unix:/var/run/php5-fpm.sock; 
          fastcgi_index index.php; 
          fastcgi_param REMOTE_ADDR $http_x_forwarded_for; 
          fastcgi_param REMOTE_ADDR $remote_addr; 
          fastcgi_param REMOTE_PORT $remote_port; 
          fastcgi_param SERVER_ADDR $server_addr; 
          fastcgi_param SERVER_PORT $server_port; 
          fastcgi_param SERVER_NAME $server_name;

          # send bad requests to 404
          fastcgi_intercept_errors on; 
          
          #  see http://wiki.nginx.org/HttpFastcgiModule#.24fastcgi_script_name 
          fastcgi_param SCRIPT_FILENAME /var/www/home/MYSITE/public$fastcgi_script_name; 
    } 

}
EOF

ln -s /etc/nginx/sites-available/MYSITE /etc/nginx/sites-enabled/MYSITE

# Restart Nginx & PHP-FPM Services
service php5-fpm restart
service nginx restart