-
-
Save slider23/f989640d4eaffcd0dc4685f5be09418a to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # REQUIRES: | |
| # - server (the forge server instance) | |
| # - site_name (the name of the site folder) | |
| # - sudo_password (random password for sudo) | |
| # - db_password (random password for database user) | |
| # - event_id (the provisioning event name) | |
| # - callback (the callback URL) | |
| # | |
| # | |
| # Language Fix | |
| # | |
| # source: http://bookmarks.honewatson.com/2009/05/30/perl-warning-please-check-that-your-locale-settings-ubuntu | |
| apt-get install -y language-pack-en-base | |
| export LANGUAGE=en_US.UTF-8 | |
| export LANG=en_US.UTF-8 | |
| export LC_ALL=en_US.UTF-8 | |
| locale-gen en_US.UTF-8 | |
| dpkg-reconfigure locales | |
| # Upgrade The Base Packages | |
| apt-get update | |
| apt-get upgrade -y | |
| # Add A Few PPAs To Stay Current | |
| apt-get install -y --force-yes software-properties-common | |
| apt-add-repository ppa:fkrull/deadsnakes-python2.7 -y | |
| apt-add-repository ppa:nginx/development -y | |
| apt-add-repository ppa:rwky/redis -y | |
| apt-add-repository ppa:ondrej/apache2 -y | |
| apt-add-repository ppa:ondrej/php -y | |
| # Setup MySQL 5.7 Repositories | |
| apt-key adv --keyserver ha.pool.sks-keyservers.net --recv-keys 5072E1F5 | |
| sh -c 'echo "deb http://repo.mysql.com/apt/ubuntu/ trusty mysql-5.7" >> /etc/apt/sources.list.d/mysql.list' | |
| # Update Package Lists | |
| apt-get update | |
| # Base Packages | |
| apt-get install -y --force-yes build-essential curl fail2ban gcc git libmcrypt4 libpcre3-dev \ | |
| make python2.7 python-pip supervisor ufw unattended-upgrades unzip whois zsh | |
| # Install Python Httpie | |
| pip install httpie | |
| # Disable Password Authentication Over SSH | |
| sed -i "/PasswordAuthentication yes/d" /etc/ssh/sshd_config | |
| echo "" | sudo tee -a /etc/ssh/sshd_config | |
| echo "" | sudo tee -a /etc/ssh/sshd_config | |
| echo "PasswordAuthentication no" | sudo tee -a /etc/ssh/sshd_config | |
| # Restart SSH | |
| ssh-keygen -A | |
| service ssh restart | |
| # Set The Hostname If Necessary | |
| echo "stc-sis" > /etc/hostname | |
| sed -i 's/127\.0\.0\.1.*localhost/127.0.0.1 stc-sis localhost/' /etc/hosts | |
| hostname stc-sis | |
| # Set The Timezone | |
| ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime | |
| # Create The Root SSH Directory If Necessary | |
| if [ ! -d /root/.ssh ] | |
| then | |
| mkdir -p /root/.ssh | |
| touch /root/.ssh/authorized_keys | |
| fi | |
| # Setup forge User | |
| useradd forge | |
| mkdir -p /home/forge/.ssh | |
| mkdir -p /home/forge/.forge | |
| adduser forge sudo | |
| # Setup Bash For forge User | |
| chsh -s /bin/bash forge | |
| cp /root/.profile /home/forge/.profile | |
| cp /root/.bashrc /home/forge/.bashrc | |
| # Set The Sudo Password For forge | |
| PASSWORD=$(mkpasswd CCojgsdW4QBzAHbe8Ztn) | |
| usermod --password $PASSWORD forge | |
| # Build Formatted Keys & Copy Keys To forge | |
| cat > /root/.ssh/authorized_keys << EOF | |
| # Laravel forge | |
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjsgJjvrBU4ZuHEY60ewEWtTr+/faQBeWjneTQiiYFEXbO9YE//kZP7dy1T5BXt+dbbHL67e6MoawVtqbJLoN6H7DE1mEoqmtC+LL451t1NRmg//kCxOlqtqsTiN1wVbt9N9GXKWaE91F7jYQQH7wh93mEKehfSbmUmGeqUE0Xd1RgHgKmyTFNOIZGQ3+Db+2ocStMzxRwBgnRoUp6GzljE+17NcSBx5no2OHcddaJ5AfYTqzrGUoJ4Q4hHuEMFSBxMuyjtRoTRSF9rdeR8H7UMaZhX2i+RjnnipaFgg7Cc9zShAVC6zrr/urZzg/3/oIasZV1XiMgRBw1wjisvuoD [email protected] | |
| EOF | |
| cp /root/.ssh/authorized_keys /home/forge/.ssh/authorized_keys | |
| # Create The Server SSH Key | |
| ssh-keygen -f /home/forge/.ssh/id_rsa -t rsa -N '' | |
| # Copy Github And Bitbucket Public Keys Into Known Hosts File | |
| ssh-keyscan -H github.com >> /home/forge/.ssh/known_hosts | |
| ssh-keyscan -H bitbucket.org >> /home/forge/.ssh/known_hosts | |
| # Configure Git Settings | |
| git config --global user.name "Cy Domingo" | |
| git config --global user.email "[email protected]" | |
| # Add The Reconnect Script Into forge Directory | |
| cat > /home/forge/.forge/reconnect << EOF | |
| #!/usr/bin/env bash | |
| echo "# Laravel forge" | tee -a /home/forge/.ssh/authorized_keys > /dev/null | |
| echo \$1 | tee -a /home/forge/.ssh/authorized_keys > /dev/null | |
| echo "# Laravel forge" | tee -a /root/.ssh/authorized_keys > /dev/null | |
| echo \$1 | tee -a /root/.ssh/authorized_keys > /dev/null | |
| echo "Keys Added!" | |
| EOF | |
| # Add The Environment Variables Scripts Into forge Directory | |
| cat > /home/forge/.forge/add-variable.php << EOF | |
| <?php | |
| // Get the script input... | |
| \$input = array_values(array_slice(\$_SERVER['argv'], 1)); | |
| // Get the path to the environment file... | |
| \$path = getcwd().'/'.\$input[2]; | |
| // Write a stub file if one doesn't exist... | |
| if ( ! file_exists(\$path)) { | |
| file_put_contents(\$path, '<?php return '.var_export([], true).';'); | |
| } | |
| // Set the new environment variable... | |
| \$env = require \$path; | |
| \$env[\$input[0]] = \$input[1]; | |
| // Write the environment file to disk... | |
| file_put_contents(\$path, '<?php return '.var_export(\$env, true).';'); | |
| EOF | |
| cat > /home/forge/.forge/remove-variable.php << EOF | |
| <?php | |
| // Get the script input... | |
| \$input = array_values(array_slice(\$_SERVER['argv'], 1)); | |
| // Get the path to the environment file... | |
| \$path = getcwd().'/'.\$input[1]; | |
| // Write a stub file if one doesn't exist... | |
| if ( ! file_exists(\$path)) { | |
| file_put_contents(\$path, '<?php return '.var_export([], true).';'); | |
| } | |
| // Remove the environment variable... | |
| \$env = require \$path; | |
| unset(\$env[\$input[0]]); | |
| // Write the environment file to disk... | |
| file_put_contents(\$path, '<?php return '.var_export(\$env, true).';'); | |
| EOF | |
| # Setup Site Directory Permissions | |
| chown -R forge:forge /home/forge | |
| chmod -R 755 /home/forge | |
| chmod 700 /home/forge/.ssh/id_rsa | |
| # Setup Unattended Security Upgrades | |
| cat > /etc/apt/apt.conf.d/50unattended-upgrades << EOF | |
| Unattended-Upgrade::Allowed-Origins { | |
| "Ubuntu trusty-security"; | |
| }; | |
| Unattended-Upgrade::Package-Blacklist { | |
| // | |
| }; | |
| EOF | |
| cat > /etc/apt/apt.conf.d/10periodic << EOF | |
| APT::Periodic::Update-Package-Lists "1"; | |
| APT::Periodic::Download-Upgradeable-Packages "1"; | |
| APT::Periodic::AutocleanInterval "7"; | |
| APT::Periodic::Unattended-Upgrade "1"; | |
| EOF | |
| # Setup UFW Firewall | |
| ufw allow 22 | |
| ufw allow 80 | |
| ufw allow 443 | |
| ufw allow 2222 | |
| ufw --force enable | |
| # Allow FPM Restart | |
| echo "forge ALL=NOPASSWD: /usr/sbin/service php7.0-fpm reload" > /etc/sudoers.d/php-fpm | |
| echo "forge ALL=NOPASSWD: /usr/sbin/service php5-fpm reload" >> /etc/sudoers.d/php-fpm | |
| # Install Base PHP Packages | |
| apt-get install -y --force-yes php7.0-cli php7.0-dev \ | |
| php-pgsql php-sqlite3 php-gd \ | |
| php-curl php7.0-dev \ | |
| php-imap php-mysql php-memcached php-mcrypt php-mbstring \ | |
| php-xml php-imagick php7.0-zip | |
| # Install Composer Package Manager | |
| curl -sS https://getcomposer.org/installer | php | |
| mv composer.phar /usr/local/bin/composer | |
| # Misc. PHP CLI Configuration | |
| sudo sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/7.0/cli/php.ini | |
| sudo sed -i "s/display_errors = .*/display_errors = On/" /etc/php/7.0/cli/php.ini | |
| sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.0/cli/php.ini | |
| sudo sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.0/cli/php.ini | |
| # Configure Sessions Directory Permissions | |
| chmod 733 /var/lib/php/sessions | |
| chmod +t /var/lib/php/sessions | |
| # | |
| # REQUIRES: | |
| # - server (the forge server instance) | |
| # - site_name (the name of the site folder) | |
| # | |
| # Install Nginx & PHP-FPM | |
| apt-get install -y --force-yes nginx php7.0-fpm | |
| # Generate dhparam File | |
| # openssl dhparam -out /etc/nginx/dhparams.pem 2048 | |
| # Disable The Default Nginx Site | |
| rm /etc/nginx/sites-enabled/default | |
| rm /etc/nginx/sites-available/default | |
| service nginx restart | |
| # Tweak Some PHP-FPM Settings | |
| sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/7.0/fpm/php.ini | |
| sed -i "s/display_errors = .*/display_errors = On/" /etc/php/7.0/fpm/php.ini | |
| sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/" /etc/php/7.0/fpm/php.ini | |
| sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.0/fpm/php.ini | |
| sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.0/fpm/php.ini | |
| # Setup Session Save Path | |
| sed -i "s/\;session.save_path = .*/session.save_path = \"\/var\/lib\/php5\/sessions\"/" /etc/php/7.0/fpm/php.ini | |
| sed -i "s/php5\/sessions/php\/sessions/" /etc/php/7.0/fpm/php.ini | |
| # Configure Nginx & PHP-FPM To Run As forge | |
| sed -i "s/user www-data;/user forge;/" /etc/nginx/nginx.conf | |
| sed -i "s/# server_names_hash_bucket_size.*/server_names_hash_bucket_size 64;/" /etc/nginx/nginx.conf | |
| sed -i "s/^user = www-data/user = forge/" /etc/php/7.0/fpm/pool.d/www.conf | |
| sed -i "s/^group = www-data/group = forge/" /etc/php/7.0/fpm/pool.d/www.conf | |
| sed -i "s/;listen\.owner.*/listen.owner = forge/" /etc/php/7.0/fpm/pool.d/www.conf | |
| sed -i "s/;listen\.group.*/listen.group = forge/" /etc/php/7.0/fpm/pool.d/www.conf | |
| sed -i "s/;listen\.mode.*/listen.mode = 0666/" /etc/php/7.0/fpm/pool.d/www.conf | |
| # Configure A Few More Server Things | |
| sed -i "s/;request_terminate_timeout.*/request_terminate_timeout = 60/" /etc/php/7.0/fpm/pool.d/www.conf | |
| sed -i "s/worker_processes.*/worker_processes auto;/" /etc/nginx/nginx.conf | |
| sed -i "s/# multi_accept.*/multi_accept on;/" /etc/nginx/nginx.conf | |
| # Install A Catch All Server | |
| cat > /etc/nginx/sites-available/catch-all << EOF | |
| server { | |
| return 404; | |
| } | |
| EOF | |
| ln -s /etc/nginx/sites-available/catch-all /etc/nginx/sites-enabled/catch-all | |
| # Restart Nginx & PHP-FPM Services | |
| # Restart Nginx & PHP-FPM Services | |
| if [ ! -z "\$(ps aux | grep php-fpm | grep -v grep)" ] | |
| then | |
| service php5-fpm restart | |
| service php7.0-fpm restart | |
| fi | |
| service nginx restart | |
| service nginx reload | |
| # Add forge User To www-data Group | |
| usermod -a -G www-data forge | |
| id forge | |
| groups forge | |
| # | |
| # REQUIRES: | |
| # - server (the forge server instance) | |
| # | |
| # Only Install PHP Extensions When Not On HHVM | |
| curl --silent --location https://deb.nodesource.com/setup_5.x | bash - | |
| apt-get update | |
| sudo apt-get install -y --force-yes nodejs | |
| npm install -g pm2 | |
| npm install -g gulp | |
| # | |
| # REQUIRES: | |
| # - server (the forge server instance) | |
| # - db_password (random password for mysql user) | |
| # | |
| # Set The Automated Root Password | |
| export DEBIAN_FRONTEND=noninteractive | |
| debconf-set-selections <<< "mysql-community-server mysql-community-server/data-dir select ''" | |
| debconf-set-selections <<< "mysql-community-server mysql-community-server/root-pass password qCfbhdxdbgvsn7bwCHb6" | |
| debconf-set-selections <<< "mysql-community-server mysql-community-server/re-root-pass password qCfbhdxdbgvsn7bwCHb6" | |
| # Install MySQL | |
| apt-get install -y mysql-server | |
| # Configure Password Expiration | |
| echo "default_password_lifetime = 0" >> /etc/mysql/my.cnf | |
| # Configure Access Permissions For Root & forge Users | |
| sed -i '/^bind-address/s/bind-address.*=.*/bind-address = */' /etc/mysql/my.cnf | |
| mysql --user="root" --password="qCfbhdxdbgvsn7bwCHb6" -e "GRANT ALL ON *.* TO root@'182.18.234.104' IDENTIFIED BY 'qCfbhdxdbgvsn7bwCHb6';" | |
| mysql --user="root" --password="qCfbhdxdbgvsn7bwCHb6" -e "GRANT ALL ON *.* TO root@'%' IDENTIFIED BY 'qCfbhdxdbgvsn7bwCHb6';" | |
| service mysql restart | |
| mysql --user="root" --password="qCfbhdxdbgvsn7bwCHb6" -e "CREATE USER 'forge'@'182.18.234.104' IDENTIFIED BY 'qCfbhdxdbgvsn7bwCHb6';" | |
| mysql --user="root" --password="qCfbhdxdbgvsn7bwCHb6" -e "GRANT ALL ON *.* TO 'forge'@'182.18.234.104' IDENTIFIED BY 'qCfbhdxdbgvsn7bwCHb6' WITH GRANT OPTION;" | |
| mysql --user="root" --password="qCfbhdxdbgvsn7bwCHb6" -e "GRANT ALL ON *.* TO 'forge'@'%' IDENTIFIED BY 'qCfbhdxdbgvsn7bwCHb6' WITH GRANT OPTION;" | |
| mysql --user="root" --password="qCfbhdxdbgvsn7bwCHb6" -e "FLUSH PRIVILEGES;" | |
| # Create The Initial Database If Specified | |
| mysql --user="root" --password="qCfbhdxdbgvsn7bwCHb6" -e "CREATE DATABASE forge;" | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment