Ubuntu LEMP installer (Yii 1.x)

ubuntu-lemp-yii1-installer.sh

#!/bin/bash

# This script does the following things
# - update apt respositories
# - Install:
# 	- nginx
#	- memcaced
#	- php5-fpm
#	- php5-mysql
#	- php5-curl
#	- php-apc
#	- php5-memcache
# 	- php5-sqlite
#	- php5-gd
#	- git 
#	- composer
# - Create a GIT User
# - Set up GIT bare repo
# - Set up GIT working directories for nginx
# - TODO: configure nginx to use PHP-FPM
# - TODO: perform initial checkout (run by codeship or manual remote push)
# - TODO: enable website in nginx (on catch-all vhost?) 
# - TODO: optimize nginx performance 
ValidHostnameRegex="^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$";

echo -n "App name: "
read APP
if [[ ! ${APP} =~ ^[a-zA-Z][a-zA-Z0-9_-]+$ ]]; then 
	echo "Invalid app name. Please simplify. No special chars. Start with a letter from the alphabet"
	exit 1
fi

echo -n "App hostname: "
read APP_HOSTNAME
if [[ ! ${APP_HOSTNAME} =~ $ValidHostnameRegex ]]; then 
	echo "Invalid hostname. Please simplify. No special chars. Start with a letter from the alphabet"
	exit 1
fi

echo -n "GIT branch: "
read GIT_BRANCH
if [[ ! ${GIT_BRANCH} =~ ^[a-zA-Z][a-zA-Z0-9/_-]+$ ]]; then 
	echo "Invalid git branch name. Please simplify. No special chars. Start with a letter from the alphabet"
	exit 1
fi

GIT_USER=git
GIT_GROUP=git
GIT_HOME=/home/git
GIT_REPOSITORY=$GIT_HOME/$APP.git
WEBSERVER_USER=www-data
WEBSERVER_GROUP=www-data
APPLICATION_DIR=/var/www/$APP

#############################

set -e
if [[ $EUID -ne 0 ]]; then
  echo "You must be a root user to run this script." 2>&1
  exit 1
fi

# Set TimeZone
echo "Europe/Amsterdam" | tee /etc/timezone
dpkg-reconfigure --frontend noninteractive tzdata

apt-get update
echo "Installing Postfix. Please see https://cloud.google.com/compute/docs/sending-mail#postfixsendgrid for install instructions."
read -p "Press [Enter] key to continue..."
echo "Again: make sure you follow the instructions here! https://cloud.google.com/compute/docs/sending-mail#postfixsendgrid"
read -p "Have you read it? Press [Enter] key to continue for real this time..."
apt-get install -y libsasl2-modules postfix # manual configuration required here! See https://cloud.google.com/compute/docs/sending-mail#postfixsendgrid
apt-get install -y nginx 
apt-get install -y memcached
apt-get install -y php5-fpm php5-mysql php5-curl php-apc php5-memcache php5-sqlite php-soap php5-ldap php5-gd
apt-get install -y git
curl -sS https://getcomposer.org/installer | php && cp composer.phar /usr/local/bin/composer

# php.ini disable cgi.fix_pathinfo (security risk)
sed 's/^;\?\s\?cgi\.fix_pathinfo\s*=\s*[01]\s*$/cgi\.fix_pathinfo=0/' < /etc/php5/fpm/php.ini > /etc/php5/fpm/php.ini.tmp && mv /etc/php5/fpm/php.ini.tmp /etc/php5/fpm/php.ini
service php5-fpm restart

mkdir -p $APPLICATION_DIR
chown -R $WEBSERVER_USER:$WEBSERVER_GROUP $APPLICATION_DIR
chmod -R ug+rws $APPLICATION_DIR

#Set up git user and create a bare repository
useradd -m -s /bin/bash -G $WEBSERVER_GROUP $GIT_USER # TODO make /bin/nologin
su - $GIT_USER -c "mkdir -p "$GIT_REPOSITORY" && cd "$GIT_REPOSITORY"; git init --bare;"

# START: create 'hook/post-receive' script
echo '#!/bin/bash

export GIT_WORK_TREE='$APPLICATION_DIR'

GIT_BRANCH='$GIT_BRANCH'
YII_APP=$GIT_WORK_TREE/public_html

#################

set -e

echo "Deploying $GIT_BRANCH branch to local worktree..."
git checkout -f $GIT_BRANCH

echo "Setting permissions..."
chmod +x $YII_APP/protected/yiic
chmod 0777 $YII_APP/assets
chmod 0777 $YII_APP/protected/runtime

echo "Running migrations..."
$YII_APP/protected/yiic migrate --interactive=0

echo "Done deploying"
' > $GIT_REPOSITORY/hooks/post-receive
# END: create 'hook/post-receive' script

chmod 0775 $GIT_REPOSITORY/hooks/post-receive
chown -R $GIT_USER:$GIT_GROUP $GIT_HOME/*


echo '
server {
    set $host_path "'$APPLICATION_DIR'";

    server_name '$APP_HOSTNAME';
    root $host_path/public_html;
    set $yii_bootstrap "index.php";

    charset utf-8;

    location / {
        index index.html $yii_bootstrap;
        try_files $uri $uri/ /$yii_bootstrap?$args;
    }

    location ~ ^/(protected|framework|themes/\w+/views) {
        deny all;
    }

    #avoid processing of calls to unexisting static files by yii
    location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
        try_files $uri =404;
    }

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php {
        fastcgi_split_path_info  ^(.+\.php)(.*)$;

        #let yii catch the calls to unexising PHP files
        set $fsn /$yii_bootstrap;
        if (-f $document_root$fastcgi_script_name){
            set $fsn $fastcgi_script_name;
        }

        fastcgi_pass   unix:/var/run/php5-fpm.sock;
        include fastcgi_params;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fsn;

        #PATH_INFO and PATH_TRANSLATED can be omitted, but RFC 3875 specifies them for CGI
        fastcgi_param  PATH_INFO        $fastcgi_path_info;
        fastcgi_param  PATH_TRANSLATED  $document_root$fsn;
    }

    # prevent nginx from serving dotfiles (.htaccess, .svn, .git, etc.)
    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
    }
}
' > /etc/nginx/sites-available/$APP
ln -s /etc/nginx/sites-available/$APP /etc/nginx/sites-enabled/$APP
service nginx restart

cat <<EOF > ~/install_notes.txt
Application environment is now configured. 

Hostname:    $APP_HOSTNAME
Appdir:      $APPLICATION_DIR
GIT Branch:  $GIT_BRANCH

You must perform the following tasks manually: 

1. If you have not done it previously, configure postfix to use a sendhost like mandrillapp.
   See: https://cloud.google.com/compute/docs/sending-mail#postfixsendgrid 

2. Add the CodeShip Project's SSH key to this server's git user authorized_keys file. 

    NOTE: 
    This is best done via the Google Developer console. 
    Prefix the key description with git@
    
3. Configure CodeShip Project Deployment (under Project Settings > Deployment)

    $ git fetch --unshallow origin
    $ git push git@[server hostname/ip]:{$APP}.git $GIT_BRANCH
    
4. Make a commit and push it to GitHub to start a build @ CodeShip. If the build succeeds, code is deployed to the server.

    NOTE: 
    These instructions are for NEW apps. You can safely ignore this when restoring an existing application. 
    The first deployment will fail on migrations. You must come back here to configure the app.
    
      1. Create config/main.php and config/console.php (database, caching, etc). 
      
      2. Configure database connections.
      
      3. Run initial migrations
         $ ./yiic migrate --interactive=0 --migrationPath=ext.apiAuth.migrations
         $ ./yiic migrate --interactive=0
         
      4. When using rights: install it manually by calling http://$APP_HOSTNAME/rights/install. 
         You can login using admin/admin.
         NOTE: Don't forget to set module.rights.install=false in main.php after installing rights. 
         You have to do this manually. It's advised to change the default admin/admin password.

		 
5. Set the $APP_HOSTNAME DNS to resolve to this server's public IP address when you have confirmed that everything works.

6. Optionally reconfigure the nginx virtualhost to use SSL. For more information, see: 
   https://www.digitalocean.com/community/tutorials/how-to-create-an-ssl-certificate-on-nginx-for-ubuntu-14-04#step-two-—-configure-nginx-to-use-ssl

EOF

cat ~/install_notes.txt