146 lines
6.7 KiB
Bash
146 lines
6.7 KiB
Bash
|
#!/bin/bash
|
||
|
|
||
|
if [ "${EUID}" -ne 0 ]; then
|
||
|
echo "You must be root to run this installer."
|
||
|
exit
|
||
|
fi
|
||
|
|
||
|
# check for Ubuntu 20.04
|
||
|
if ! grep -q "Ubuntu 20.04" /etc/issue; then
|
||
|
echo "This installer is only tested on Ubuntu 20.04. If you are on a"
|
||
|
echo "different version of Ubuntu or a Debian/Debian based distro"
|
||
|
echo "and want to try running this installer open this script and"
|
||
|
echo "comment out the exit command below this line and re-run."
|
||
|
exit
|
||
|
fi
|
||
|
|
||
|
# check if install is already in place
|
||
|
if [ -f "/usr/local/bin/vhost.sh" ]; then
|
||
|
echo "vhost-stack is already installed, bailing out."
|
||
|
exit
|
||
|
fi
|
||
|
|
||
|
# check for existing web server software installs
|
||
|
if [ -d "/etc/apache2/" ] || [ -d "/etc/php/" ] || [ -d "/etc/varnish/" ]; then
|
||
|
echo "WARNING: Apache, Varnish and/or PHP are already installed."
|
||
|
echo "This installer will overwrite existing configurations."
|
||
|
echo -e "You have five seconds to execute ctrl-c to cancel this install.\a"
|
||
|
sleep 5
|
||
|
fi
|
||
|
|
||
|
# install pwgen, used to create random passwords
|
||
|
apt -y install pwgen
|
||
|
|
||
|
# install mariadb (mysql)
|
||
|
if [ ! -d "/etc/mysql/" ]; then
|
||
|
|
||
|
MARIADBPWORD=`pwgen 12 1`
|
||
|
apt -y install mariadb-client mariadb-server
|
||
|
# record the initial root password
|
||
|
echo "#[client]" > /root/.my.cnf
|
||
|
echo "#password=$MARIADBPWORD" >> /root/.my.cnf
|
||
|
echo '!include /etc/mysql/debian.cnf' >> /root/.my.cnf
|
||
|
chmod 600 /root/.my.cnf
|
||
|
mysql -e "SET PASSWORD FOR 'root'@'localhost' = PASSWORD('$MARIADBPWORD');"
|
||
|
sed -i "s|password = |password = $MARIADBPWORD|g" /etc/mysql/debian.cnf
|
||
|
mysqladmin flush-privileges
|
||
|
|
||
|
fi
|
||
|
|
||
|
# Apache w/ PHP
|
||
|
apt -y install apache2 libapache2-mod-authnz-pam libwww-perl php-fpm php-cli php-ssh2 php-curl php-dev php-enchant php-mysql php-pear php-gd php-http php-imap php-intl php-mysql php-yaml php-propro php-pspell php-raphf php-ssh2 php-sqlite3 php-tidy php-xml php-xmlrpc php-zip php-mbstring php-imagick php-redis redis pwauth libapache2-mod-authnz-external
|
||
|
## http2 handled automatically now. double check. also look in to vhost log format
|
||
|
# force https for phpMyAdmin ??
|
||
|
cp etc/apache2/conf-available/* /etc/apache2/conf-available/
|
||
|
chmod 644 /etc/apache2/conf-available/*.conf
|
||
|
chown root:root /etc/apache2/conf-available/*.conf
|
||
|
a2enconf php7.4-fpm phpMyAdmin
|
||
|
cp etc/apache2/mods-available/* /etc/apache2/mods-available/
|
||
|
chmod 644 /etc/apache2/mods-available/*.conf
|
||
|
chown root:root /etc/apache2/mods-available/*.conf
|
||
|
a2enmod proxy_fcgi rewrite headers expires ssl http2 remoteip macro
|
||
|
# # sed -i "s|CustomLog|#CustomLog|g" /etc/apache2/sites-available/000-default.conf
|
||
|
sed -i "s|/var/www/html|/srv/www/html|g" /etc/apache2/sites-available/000-default.conf
|
||
|
# # sed -i "s|CustomLog|#CustomLog|g" /etc/apache2/sites-available/default-ssl.conf
|
||
|
sed -i "s|/var/www/html|/srv/www/html|g" /etc/apache2/sites-available/default-ssl.conf
|
||
|
## double check this next one after getting full setup going w/ haproxy & varnish
|
||
|
sed -i "s|%h %l %u|%a %l %u|g" /etc/apache2/apache2.conf
|
||
|
rm /var/log/apache2/other_vhosts_access.log
|
||
|
# configure security
|
||
|
echo '<Directory "/srv/www/">' >> /etc/apache2/conf-available/security.conf
|
||
|
echo ' AllowOverride All' >> /etc/apache2/conf-available/security.conf
|
||
|
echo ' Options Includes FollowSymLinks' >> /etc/apache2/conf-available/security.conf
|
||
|
echo ' Require all granted' >> /etc/apache2/conf-available/security.conf
|
||
|
echo '</Directory>' >> /etc/apache2/conf-available/security.conf
|
||
|
# configure php
|
||
|
sed -i "s|post_max_size = 8M|post_max_size = 256M|g" /etc/php/7.4/fpm/php.ini
|
||
|
sed -i "s|upload_max_filesize = 2M|upload_max_filesize = 256M|g" /etc/php/7.4/fpm/php.ini
|
||
|
sed -i "s|;date.timezone =|date.timezone = 'America/Los_Angeles'|g" /etc/php/7.4/fpm/php.ini
|
||
|
sed -i "s|;date.timezone =|date.timezone = 'America/Los_Angeles'|g" /etc/php/7.4/cli/php.ini
|
||
|
# Change Debian/Ubuntu session settings back to php defaults for compatability with user jails & php chroots
|
||
|
sed -i "s|;session.save_path = \"/var/lib/php/sessions\"|session.save_path = \"/tmp\"|g" /etc/php/7.4/fpm/php.ini
|
||
|
sed -i "s|;session.save_path = \"/var/lib/php/sessions\"|session.save_path = \"/tmp\"|g" /etc/php/7.4/cli/php.ini
|
||
|
sed -i "s|session.gc_probability = 0|session.gc_probability = 1|g" /etc/php/7.4/fpm/php.ini
|
||
|
sed -i "s|session.gc_probability = 0|session.gc_probability = 1|g" /etc/php/7.4/cli/php.ini
|
||
|
# Configure PHP-FPM to use "ondemand"
|
||
|
sed -i "s|pm = dynamic|pm = ondemand|g" /etc/php/7.4/fpm/pool.d/www.conf
|
||
|
systemctl reload apache2
|
||
|
## configure overrides
|
||
|
# sed -i "s|^user = www-data|user = $USERNAME|g" /etc/php/7.2/fpm/pool.d/www.conf
|
||
|
# sed -i "s|^group = www-data|group = $USERNAME|g" /etc/php/7.2/fpm/pool.d/www.conf
|
||
|
systemctl reload php7.4-fpm
|
||
|
|
||
|
if [ -d /srv/www ]; then
|
||
|
if [ -d /var/www ]; then
|
||
|
echo "WARNING: /srv/www & /var/www dirs both exists, skipping move of existing /var/www/ dir."
|
||
|
fi
|
||
|
else
|
||
|
if [ -d /var/www ]; then
|
||
|
mv /var/www /srv/www
|
||
|
ln -s /srv/www /var/www
|
||
|
else
|
||
|
mkdir /srv/www
|
||
|
fi
|
||
|
fi
|
||
|
|
||
|
# jailkit
|
||
|
apt -y install jailkit
|
||
|
# bugfix, fixed upstream, shouldn't be needed if jailkit package gets updated
|
||
|
sed -i "s/if (not config.has_key('hardlink')):/if ('hardlink' not in config):/g" /usr/sbin/jk_update
|
||
|
sed -i 's|paths = ssh|paths = /usr/bin/ssh*|' /etc/jailkit/jk_init.ini
|
||
|
echo "" >> /etc/jailkit/jk_init.ini
|
||
|
echo "[shellstack]" >> /etc/jailkit/jk_init.ini
|
||
|
echo "comment = full featured shell for vhost-stack jails" >> /etc/jailkit/jk_init.ini
|
||
|
echo "paths = curl, dircolors, du, env, git, groups, mysql, mysqldump, /etc/bash_completion, /etc/bash_completion.d/, /usr/share/bash-completion/, /etc/ssl/certs/, /etc/nanorc, /usr/libexec/command-not-found-handle, /usr/share/nano/, /usr/share/zoneinfo/, /usr/local/bin/composer, /usr/local/bin/wp, /usr/local/sbin/mini_sendmail" >> /etc/jailkit/jk_init.ini
|
||
|
echo "includesections = extendedshell, netutils, logbasics, apacheutils, php" >> /etc/jailkit/jk_init.ini
|
||
|
echo "" >> /etc/jailkit/jk_init.ini
|
||
|
echo "[php]" >> /etc/jailkit/jk_init.ini
|
||
|
echo "comment = php-cli and all required files" >> /etc/jailkit/jk_init.ini
|
||
|
echo "paths = /usr/bin/php*, /usr/bin/phar*, /etc/php/*/cli/, /etc/php/*/mods-available/, /usr/lib/php/, /usr/share/php/" >> /etc/jailkit/jk_init.ini
|
||
|
mkdir /usr/jails
|
||
|
cp libexec/command-not-found-handle /usr/libexec/command-not-found-handle
|
||
|
chmod 755 /usr/libexec/command-not-found-handle
|
||
|
chown root:root /usr/libexec/command-not-found-handle
|
||
|
|
||
|
# varnish
|
||
|
apt -y install varnish
|
||
|
systemctl disable varnish
|
||
|
service varnish stop
|
||
|
cp -a etc/varnish/* /etc/varnish/
|
||
|
find /etc/varnish/ -type d -exec chmod 755 {} +
|
||
|
find /etc/varnish/ -type f -exec chmod 644 {} +
|
||
|
chown -R root:root /etc/varnish/
|
||
|
## /usr/bin/varnishncsa
|
||
|
|
||
|
# mini_sendmail so users can send out of jails
|
||
|
cd /usr/local/src
|
||
|
wget http://www.acme.com/software/mini_sendmail/mini_sendmail-1.3.9.tar.gz
|
||
|
tar zxvf mini_sendmail-1.3.9.tar.gz
|
||
|
cd mini_sendmail-1.3.9/
|
||
|
make
|
||
|
cp mini_sendmail /usr/local/sbin
|
||
|
gzip mini_sendmail.8
|
||
|
cp mini_sendmail.8.gz /usr/local/share/man/man8
|
||
|
|
||
|
|