santigarcor · June 24, 2024 10:59
diff --git a/server-setup.sh b/server-setup.sh
 #!/bin/bash
 export DEBIAN_FRONTEND="noninteractive"

 if [[ $(whoami) != "root" ]]; then
    echo "Please run this script as root user"
    exit 1
 fi

 inputWithDefault() {
    read -r userInput
    userInput=${userInput:-$1}
    echo "$userInput"
 }

 echo "Please enter server name(alpha): (Default: production)"

 newHostname=$(inputWithDefault production)

 oldHostname="$(cat /etc/hostname)"

 sed -i "s|$oldHostname|$newHostname|" /etc/hostname

 if grep -q "$oldHostname" /etc/hosts; then
    sed -i "s|$oldHostname|$newHostname|g" /etc/hosts
 else
    echo "127.0.1.1 $newHostname" >> /etc/hosts
 fi

 hostname "$newHostname"

 apt update && apt upgrade -y
 apt install -y unattended-upgrades htop curl
 clear

 # Comment the uncommented lines in the /etc/apt/apt.conf.d/50unattended-upgrades
 autoUpdateCommands=(
    's|\"\${distro_id}:\${distro_codename}\";|// \"\${distro_id}:\${distro_codename}\";|'
    's|\"\${distro_id}ESM:\${distro_codename}\";|// \"\${distro_id}ESM:\${distro_codename}\";|'
 )

 for autoUpdateCommand in "${autoUpdateCommands[@]}"; do
    sed -i "$autoUpdateCommand" /etc/apt/apt.conf.d/50unattended-upgrades
 done


 if grep -q "APT::Periodic::Unattended-Upgrade \"1\" ;" /etc/apt/apt.conf.d/10periodic; then
    echo "Already configured"
 else
    echo "APT::Periodic::Unattended-Upgrade \"1\" ;" >> /etc/apt/apt.conf.d/10periodic
 fi
 clear
 #
 # Add user
 #
 echo "Please enter the new user name(alpha): (Default provisioner)"
 username=$(inputWithDefault provisioner)

 echo "Please enter the password for '${username}': (Default 1234)"
 userPassword=$(inputWithDefault 1234)

 adduser --gecos "" --disabled-password --quiet "$username"
 echo "$username:$userPassword" | chpasswd

 # Add user to sudoers
 usermod -a -G sudo "$username"

 #
 # SSH configuration
 #
 if grep -q AllowUsers /etc/ssh/sshd_config; then
    sed -ri "s|(^(.*)AllowUsers)( *)?(.*)|AllowUsers \4 $username|" /etc/ssh/sshd_config
 else
    if id "ubuntu" >/dev/null 2>&1; then
        echo "AllowUsers $username ubuntu" >> /etc/ssh/sshd_config
    else
        echo "AllowUsers $username" >> /etc/ssh/sshd_config
    fi
 fi

 if grep -q PasswordAuthentication /etc/ssh/sshd_config; then
    sed -ri "s|(^(.*)PasswordAuthentication)( *)?(.*)|PasswordAuthentication no|" /etc/ssh/sshd_config
 else
    echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
 fi

 service ssh restart

 if [ ! -d "/home/$username/.ssh" ]; then
    mkdir "/home/$username/.ssh"
 fi
 clear
 #ssh-keygen -t rsa -b 4096 -C provisioner-key -f provicioner-key

 while [[ -z "$sshPublicKey" ]]
 do
    echo "Please generate a ssh key for the new user in your computer, use this command:"
    echo "ssh-keygen -t rsa -b 4096 -C ${newHostname}-key -f ${newHostname}-key"
    echo "\n"
    echo "Please paste the contents of the public key(${newHostname}-key.pub) here and press enter: (Can't be empty)"
    read -r  sshPublicKey
 done

 echo "$sshPublicKey" > "/home/$username/.ssh/authorized_keys"

 chown -R "$username": "/home/$username/.ssh"

 service ssh restart
 clear
 #
 # Nginx configuration
 #

 #Install php and nginx
 echo "Please enter the php version to install: (Default: 7.1)"
 phpVersion=$(inputWithDefault 7.1)
 phpString="php${phpVersion}"
 apt install -y language-pack-en-base
 LC_ALL=en_US.UTF-8 add-apt-repository ppa:ondrej/php -y
 apt update
 apt install -y zip unzip \
    "${phpString}-cli" "${phpString}-mbstring" "${phpString}-xml" "${phpString}-common" \
    "${phpString}-mcrypt" "${phpString}-zip" "${phpString}-curl" "${phpString}-mysql" \
    "${phpString}-fpm" "${phpString}-opcache" "${phpString}-phpdbg" "${phpString}-gd" \
    "${phpString}-readline" "${phpString}-json" "${phpString}-sqlite3" "${phpString}-pgsql" \
    nginx git

 sed -ri "s|;cgi.fix_pathinfo=1|cgi.fix_pathinfo=0|" "/etc/php/${phpVersion}/fpm/php.ini"

 sed -ri "s|(user.*=).*www-data|\1 $username|" "/etc/php/${phpVersion}/fpm/pool.d/www.conf"
 sed -ri "s|(group.*=).*www-data|\1 $username|" "/etc/php/${phpVersion}/fpm/pool.d/www.conf"
 clear

 echo "Please enter max_requests for the fpm pool.d configuration: (Default: 500)"
 maxRequests=$(inputWithDefault 500)
 sed -ri "s|;(pm\.max_requests.*=).*|\1 ${maxRequests}|" "/etc/php/${phpVersion}/fpm/pool.d/www.conf"

 service "${phpString}-fpm" restart
 clear

 #
 # Default Site Configuration
 #
 echo "Please enter the project name: (Default: default)"
 siteName=$(inputWithDefault default)
 siteFolder="/home/$username/$siteName"

 echo "Are you going to use envoyer for the Laravel deployment?: (y/n) (Default: n)"
 usingEnvoyer=$(inputWithDefault n)
 if [ "$usingEnvoyer" == "y" ]; then
    sitePath="/home/$username/${siteName}/current/public"
 else
    echo "Is the site a Laravel project?: (y/n) (Default: n)"
    isALaravelProject=$(inputWithDefault n)
    if [ "$isALaravelProject" == "y" ]; then
        sitePath="/home/$username/${siteName}/public"
    else
        sitePath="/home/$username/$siteName"
    fi
 fi

 echo "Please enter the project domain name/ip: (Default: localhost)"
 serverName=$(inputWithDefault localhost)

 mkdir "$siteFolder"

 echo "<?php phpinfo();" > "$siteFolder/index.php"

 chown -R "$username": "$siteFolder"
 #chmod -R 775 "$siteFolder"

 siteConf="
 server {
    listen 80;
    listen [::]:80;

    server_name $serverName;

    root $sitePath;

    index index.html index.htm index.php ;

    charset utf-8 ;

    location / {
        try_files \$uri \$uri/ /index.php?\$query_string;
    }

    location = /favicon.ico { access_log off ; log_not_found off ; }
    location = /robots.txt { access_log off ; log_not_found off ; }

    access_log off;
    error_log /var/log/nginx/$siteName-error.log error;

    error_page 404 /index.php;

    location ~ \\.php$ {
        try_files \$uri =404;
        fastcgi_split_path_info ^(.+\\.php)(/.+)\$;
        fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
    }

    location ~ /\\.ht {
        deny all;
    }
 }
 "

 echo "$siteConf" > "/etc/nginx/sites-available/$siteName"

 if [ ! -f "/etc/nginx/sites-enabled/$siteName" ]; then
    ln -s "/etc/nginx/sites-available/$siteName" "/etc/nginx/sites-enabled/$siteName"
 fi

 service nginx reload

 #
 # Composer configuration
 #
 curl -sS https://getcomposer.org/installer | php
 mv composer.phar /usr/local/bin/composer
 chown "$username:$username" /usr/local/bin/composer
 clear

 echo "Please enter the swap size in GB: (Default: 0)"
 swapSize=$(inputWithDefault 0)
 if [ "$swapSize" != "0" ] && [[ $swapSize =~ ^[0-9]+$ ]] ; then
    sudo fallocate -l "${swapSize}G" /swapfile
    sudo mkswap /swapfile
    sudo swapon /swapfile
 fi

 if grep -q "%sudo.*ALL=(ALL).*NOPASSWD:ALL" /etc/sudoers; then
    sed -ri "s|(%sudo.*ALL=\(ALL\).*)NOPASSWD:(ALL)|\1\2|" /etc/sudoers
 fi

 if grep -q "Defaults.*exempt_group=sudo" /etc/sudoers; then
    sed -ri "s|Defaults.*exempt_group=sudo||" /etc/sudoers
 fi

 echo "$username ALL=NOPASSWD: /usr/sbin/service ${phpString}-fpm reload" >> /etc/sudoers
 echo "$username ALL=NOPASSWD: /usr/sbin/service nginx restart" >> /etc/sudoers

 reboot
	#!/bin/bash
	export DEBIAN_FRONTEND="noninteractive"

	if [[ $(whoami) != "root" ]]; then
	echo "Please run this script as root user"
	exit 1
	fi

	inputWithDefault() {
	read -r userInput
	userInput=${userInput:-$1}
	echo "$userInput"
	}

	echo "Please enter server name(alpha): (Default: production)"

	newHostname=$(inputWithDefault production)

	oldHostname="$(cat /etc/hostname)"

	sed -i "s\|$oldHostname\|$newHostname\|" /etc/hostname

	if grep -q "$oldHostname" /etc/hosts; then
	sed -i "s\|$oldHostname\|$newHostname\|g" /etc/hosts
	else
	echo "127.0.1.1 $newHostname" >> /etc/hosts
	fi

	hostname "$newHostname"

	apt update && apt upgrade -y
	apt install -y unattended-upgrades htop curl
	clear

	# Comment the uncommented lines in the /etc/apt/apt.conf.d/50unattended-upgrades
	autoUpdateCommands=(
	's\|\"\${distro_id}:\${distro_codename}\";\|// \"\${distro_id}:\${distro_codename}\";\|'
	's\|\"\${distro_id}ESM:\${distro_codename}\";\|// \"\${distro_id}ESM:\${distro_codename}\";\|'
	)

	for autoUpdateCommand in "${autoUpdateCommands[@]}"; do
	sed -i "$autoUpdateCommand" /etc/apt/apt.conf.d/50unattended-upgrades
	done


	if grep -q "APT::Periodic::Unattended-Upgrade \"1\" ;" /etc/apt/apt.conf.d/10periodic; then
	echo "Already configured"
	else
	echo "APT::Periodic::Unattended-Upgrade \"1\" ;" >> /etc/apt/apt.conf.d/10periodic
	fi
	clear
	#
	# Add user
	#
	echo "Please enter the new user name(alpha): (Default provisioner)"
	username=$(inputWithDefault provisioner)

	echo "Please enter the password for '${username}': (Default 1234)"
	userPassword=$(inputWithDefault 1234)

	adduser --gecos "" --disabled-password --quiet "$username"
	echo "$username:$userPassword" \| chpasswd

	# Add user to sudoers
	usermod -a -G sudo "$username"

	#
	# SSH configuration
	#
	if grep -q AllowUsers /etc/ssh/sshd_config; then
	sed -ri "s\|(^(.)AllowUsers)( )?(.*)\|AllowUsers \4 $username\|" /etc/ssh/sshd_config
	else
	if id "ubuntu" >/dev/null 2>&1; then
	echo "AllowUsers $username ubuntu" >> /etc/ssh/sshd_config
	else
	echo "AllowUsers $username" >> /etc/ssh/sshd_config
	fi
	fi

	if grep -q PasswordAuthentication /etc/ssh/sshd_config; then
	sed -ri "s\|(^(.)PasswordAuthentication)( )?(.*)\|PasswordAuthentication no\|" /etc/ssh/sshd_config
	else
	echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
	fi

	service ssh restart

	if [ ! -d "/home/$username/.ssh" ]; then
	mkdir "/home/$username/.ssh"
	fi
	clear
	#ssh-keygen -t rsa -b 4096 -C provisioner-key -f provicioner-key

	while [[ -z "$sshPublicKey" ]]
	do
	echo "Please generate a ssh key for the new user in your computer, use this command:"
	echo "ssh-keygen -t rsa -b 4096 -C ${newHostname}-key -f ${newHostname}-key"
	echo "\n"
	echo "Please paste the contents of the public key(${newHostname}-key.pub) here and press enter: (Can't be empty)"
	read -r sshPublicKey
	done

	echo "$sshPublicKey" > "/home/$username/.ssh/authorized_keys"

	chown -R "$username": "/home/$username/.ssh"

	service ssh restart
	clear
	#
	# Nginx configuration
	#

	#Install php and nginx
	echo "Please enter the php version to install: (Default: 7.1)"
	phpVersion=$(inputWithDefault 7.1)
	phpString="php${phpVersion}"
	apt install -y language-pack-en-base
	LC_ALL=en_US.UTF-8 add-apt-repository ppa:ondrej/php -y
	apt update
	apt install -y zip unzip \
	"${phpString}-cli" "${phpString}-mbstring" "${phpString}-xml" "${phpString}-common" \
	"${phpString}-mcrypt" "${phpString}-zip" "${phpString}-curl" "${phpString}-mysql" \
	"${phpString}-fpm" "${phpString}-opcache" "${phpString}-phpdbg" "${phpString}-gd" \
	"${phpString}-readline" "${phpString}-json" "${phpString}-sqlite3" "${phpString}-pgsql" \
	nginx git

	sed -ri "s\|;cgi.fix_pathinfo=1\|cgi.fix_pathinfo=0\|" "/etc/php/${phpVersion}/fpm/php.ini"

	sed -ri "s\|(user.=).www-data\|\1 $username\|" "/etc/php/${phpVersion}/fpm/pool.d/www.conf"
	sed -ri "s\|(group.=).www-data\|\1 $username\|" "/etc/php/${phpVersion}/fpm/pool.d/www.conf"
	clear

	echo "Please enter max_requests for the fpm pool.d configuration: (Default: 500)"
	maxRequests=$(inputWithDefault 500)
	sed -ri "s\|;(pm\.max_requests.=).\|\1 ${maxRequests}\|" "/etc/php/${phpVersion}/fpm/pool.d/www.conf"

	service "${phpString}-fpm" restart
	clear

	#
	# Default Site Configuration
	#
	echo "Please enter the project name: (Default: default)"
	siteName=$(inputWithDefault default)
	siteFolder="/home/$username/$siteName"

	echo "Are you going to use envoyer for the Laravel deployment?: (y/n) (Default: n)"
	usingEnvoyer=$(inputWithDefault n)
	if [ "$usingEnvoyer" == "y" ]; then
	sitePath="/home/$username/${siteName}/current/public"
	else
	echo "Is the site a Laravel project?: (y/n) (Default: n)"
	isALaravelProject=$(inputWithDefault n)
	if [ "$isALaravelProject" == "y" ]; then
	sitePath="/home/$username/${siteName}/public"
	else
	sitePath="/home/$username/$siteName"
	fi
	fi

	echo "Please enter the project domain name/ip: (Default: localhost)"
	serverName=$(inputWithDefault localhost)

	mkdir "$siteFolder"

	echo "<?php phpinfo();" > "$siteFolder/index.php"

	chown -R "$username": "$siteFolder"
	#chmod -R 775 "$siteFolder"

	siteConf="
	server {
	listen 80;
	listen [::]:80;

	server_name $serverName;

	root $sitePath;

	index index.html index.htm index.php ;

	charset utf-8 ;

	location / {
	try_files \$uri \$uri/ /index.php?\$query_string;
	}

	location = /favicon.ico { access_log off ; log_not_found off ; }
	location = /robots.txt { access_log off ; log_not_found off ; }

	access_log off;
	error_log /var/log/nginx/$siteName-error.log error;

	error_page 404 /index.php;

	location ~ \\.php$ {
	try_files \$uri =404;
	fastcgi_split_path_info ^(.+\\.php)(/.+)\$;
	fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
	fastcgi_index index.php;
	include fastcgi_params;
	fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
	}

	location ~ /\\.ht {
	deny all;
	}
	}
	"

	echo "$siteConf" > "/etc/nginx/sites-available/$siteName"

	if [ ! -f "/etc/nginx/sites-enabled/$siteName" ]; then
	ln -s "/etc/nginx/sites-available/$siteName" "/etc/nginx/sites-enabled/$siteName"
	fi

	service nginx reload

	#
	# Composer configuration
	#
	curl -sS https://getcomposer.org/installer \| php
	mv composer.phar /usr/local/bin/composer
	chown "$username:$username" /usr/local/bin/composer
	clear

	echo "Please enter the swap size in GB: (Default: 0)"
	swapSize=$(inputWithDefault 0)
	if [ "$swapSize" != "0" ] && [[ $swapSize =~ ^[0-9]+$ ]] ; then
	sudo fallocate -l "${swapSize}G" /swapfile
	sudo mkswap /swapfile
	sudo swapon /swapfile
	fi

	if grep -q "%sudo.ALL=(ALL).NOPASSWD:ALL" /etc/sudoers; then
	sed -ri "s\|(%sudo.ALL=\(ALL\).)NOPASSWD:(ALL)\|\1\2\|" /etc/sudoers
	fi

	if grep -q "Defaults.*exempt_group=sudo" /etc/sudoers; then
	sed -ri "s\|Defaults.*exempt_group=sudo\|\|" /etc/sudoers
	fi

	echo "$username ALL=NOPASSWD: /usr/sbin/service ${phpString}-fpm reload" >> /etc/sudoers
	echo "$username ALL=NOPASSWD: /usr/sbin/service nginx restart" >> /etc/sudoers

	reboot