├── README.md ├── aliases ├── create-certificate.sh ├── create-git-repo.sh ├── create-mysql.sh ├── install-maria.sh ├── install-mongo.sh ├── provision.sh └── serve-laravel.sh /README.md: -------------------------------------------------------------------------------- 1 | # Server setup scripts 2 | 3 | These are the scripts used to provision the server for the Capybara IOT project. The project is a php Laravel project and as the server is based around the [Homestead](https://github.com/laravel/homestead) virtual box that the community has created. 4 | 5 | # Overview 6 | These scripts will do several things for you. 7 | 8 | ### Provision the Server 9 | They will install all required dependencies and configure the server for production. For example php, node, MariaDB, git,... will be installed, and things like firewall and password logins will be set. 10 | 11 | ### Create a MariaDB/MySQL Table 12 | `create-mysql.sh $name_of_database` 13 | 14 | ### Install MongoDB 15 | `install-mongo.sh $mongo_user $mongo_password` 16 | 17 | ### Create nginx Servers 18 | `serve-laravel.sh $server_name root $http_port(default 80) $https_port(default 443) $php_version` 19 | 20 | ### Create git repo for auto deployment 21 | `create-git-repo.sh $repo_name $site_address $user_that_owns_repo` 22 | 23 | # Requirments 24 | 25 | * Ubuntu 16.04 26 | * root access 27 | 28 | 29 | # Usage 30 | 31 | ## Provision 32 | 33 | These scripts were intended to be run as the root user. 34 | 35 | 1. Sudo into root 36 | 37 | ``` 38 | sudo su 39 | ``` 40 | 41 | 2. Change directory to `/root` 42 | 43 | ``` 44 | cd /root 45 | ``` 46 | 47 | 3. Clone the repository into `/root` 48 | 49 | 50 | ```bash 51 | git clone https://jsarry@bitbucket.org/turkubeerdev/laravel-serve.git server 52 | ``` 53 | 54 | > Note: the scripts must be cloned into the folder `/root/server/` the provision script looks for scripts in `/root/server/`. See excerpt below. 55 | 56 | ``` 57 | 457: # Setup MariaDB Repositories 58 | 458: 59 | 459: bash /root/server/install-maria.sh $mysql_root_username $mysql_username $mysql_password 60 | 460: 61 | 461: 62 | ``` 63 | 64 | Once you have cloned the scripts into `/root/server/` open and configure the required variables. 65 | 66 | There are two section you MUST modify. First in the beginning 67 | 68 | ### Variables 69 | ``` 70 | # Decleration of Variables 71 | # Host 72 | host_name="hostname" 73 | # user 74 | sudo_user="root-user" 75 | sudo_password="supersecret" #will be encrypted using mkpasswd 76 | 77 | # git config 78 | git_name="user user" 79 | git_email="user@user.com" 80 | 81 | # MySQL 82 | mysql_username="root" 83 | mysql_password="supersecret" 84 | mysql_database="datatable" 85 | 86 | # Mongo 87 | mongo_user="user" 88 | mongo_password="supersecret" 89 | ``` 90 | 91 | configure these to your taste. 92 | 93 | ### SSH Keys 94 | Add your ssh keys. If you don't you will have no way of accessing your server. 95 | 96 | ``` 97 | 103: # Build Formatted Keys & Copy Keys 98 | 104: 99 | 105: #Remove this line once you have pasted in your public keys!! 100 | 106: exit 0 101 | 107: cat > /root/.ssh/authorized_keys << EOF 102 | 108: # ssh-public authorize keys 103 | 109: {{ !!! ADD YOUR SSH KEYS HERE !!!}} 104 | 110: EOF 105 | ``` 106 | 107 | > Note: As a bit of protection. If you don't modify this section of the `provision.sh` script the script will not run. Remove `exit 0` line once you've added your ssh keys. 108 | 109 | Once you've set up everything run the provision script 110 | 111 | ```bash 112 | bash provision.sh 113 | ``` 114 | 115 | This can take a while. 116 | 117 | ## Setting up server 118 | To create a server block you need to run the `serve-laravel.sh` script. 119 | 120 | The script takes several perameters 121 | 1. server_name - required (example.com) 122 | 2. http_port - required (80) 123 | 3. https_port - required (443) 124 | 4. php_version - required (5.6, 7.0, 7.1, 7.2) 125 | 126 | ``` 127 | bash serve-laravel.sh $server_name root $http_port(default 80) $https_port(default 443) $php_version 128 | ``` 129 | 130 | You should then create a self-signed ssl certificate by running and passing the server_name you just used above as the parameter. 131 | 132 | ``` 133 | bash create-certificate server_name 134 | ``` 135 | 136 | ## Automated Deployment 137 | Finally this is optional but you can create a git repo to help with automated deployments. 138 | 139 | The script takes several parameters 140 | 1. REPO - required (project_name) 141 | 2. WEBSITE - required (example.com) 142 | 3. USER - required (user) 143 | 144 | > Note: The user should not be root 145 | 146 | ``` 147 | bash create-git-repo.sh REPO WEBSITE USER 148 | ``` 149 | 150 | You can now add the server a remote git url ie: 151 | 152 | ``` 153 | git remote add deploy user@:/home/{user}/git/REPO 154 | ``` 155 | 156 | now when you 157 | 158 | ``` 159 | git push deploy 160 | ``` 161 | 162 | it will push to the remote server and trigger a build. Your new code should be reflected on your production site. 163 | -------------------------------------------------------------------------------- /aliases: -------------------------------------------------------------------------------- 1 | alias ..="cd .." 2 | alias ...="cd ../.." 3 | 4 | alias h='cd ~' 5 | alias c='clear' 6 | alias art=artisan 7 | 8 | alias phpspec='vendor/bin/phpspec' 9 | alias phpunit='vendor/bin/phpunit' 10 | alias serve=serve-laravel 11 | 12 | alias xoff='sudo phpdismod -s cli xdebug' 13 | alias xon='sudo phpenmod -s cli xdebug' 14 | 15 | function artisan() { 16 | php artisan "$@" 17 | } 18 | 19 | function dusk() { 20 | pids=$(pidof /usr/bin/Xvfb) 21 | 22 | if [ ! -n "$pids" ]; then 23 | Xvfb :0 -screen 0 1280x960x24 & 24 | fi 25 | 26 | php artisan dusk "$@" 27 | } 28 | 29 | function php56() { 30 | sudo update-alternatives --set php /usr/bin/php5.6 31 | } 32 | 33 | function php70() { 34 | sudo update-alternatives --set php /usr/bin/php7.0 35 | } 36 | 37 | function php71() { 38 | sudo update-alternatives --set php /usr/bin/php7.1 39 | } 40 | 41 | function php72() { 42 | sudo update-alternatives --set php /usr/bin/php7.2 43 | } 44 | 45 | function serve-apache() { 46 | if [[ "$1" && "$2" ]] 47 | then 48 | sudo bash /root/server/scripts/create-certificate.sh "$1" 49 | sudo dos2unix /root/server/serve-apache.sh 50 | sudo bash /root/server/serve-apache.sh "$1" "$2" 80 443 "${3:-7.1}" 51 | else 52 | echo "Error: missing required parameters." 53 | echo "Usage: " 54 | echo " serve-apache domain path" 55 | fi 56 | } 57 | 58 | function serve-laravel() { 59 | if [[ "$1" && "$2" ]] 60 | then 61 | sudo bash /root/server/create-certificate.sh "$1" 62 | sudo dos2unix /root/server/serve-laravel.sh 63 | sudo bash /root/server/serve-laravel.sh "$1" "$2" 80 443 "${3:-7.1}" 64 | else 65 | echo "Error: missing required parameters." 66 | echo "Usage: " 67 | echo " serve domain path" 68 | fi 69 | } 70 | 71 | function serve-proxy() { 72 | if [[ "$1" && "$2" ]] 73 | then 74 | sudo dos2unix /root/server/serve-proxy.sh 75 | sudo bash /root/server/serve-proxy.sh "$1" "$2" 80 443 "${3:-7.1}" 76 | else 77 | echo "Error: missing required parameters." 78 | echo "Usage: " 79 | echo " serve-proxy domain port" 80 | fi 81 | } 82 | 83 | function serve-silverstripe() { 84 | if [[ "$1" && "$2" ]] 85 | then 86 | sudo bash /root/server/create-certificate.sh "$1" 87 | sudo dos2unix /root/server/serve-silverstripe.sh 88 | sudo bash /root/server/serve-silverstripe.sh "$1" "$2" 80 443 "${3:-7.1}" 89 | else 90 | echo "Error: missing required parameters." 91 | echo "Usage: " 92 | echo " serve-silverstripe domain path" 93 | fi 94 | } 95 | 96 | function serve-spa() { 97 | if [[ "$1" && "$2" ]] 98 | then 99 | sudo bash /root/server/create-certificate.sh "$1" 100 | sudo dos2unix /root/server/serve-spa.sh 101 | sudo bash /root/server/serve-spa.sh "$1" "$2" 80 443 "${3:-7.1}" 102 | else 103 | echo "Error: missing required parameters." 104 | echo "Usage: " 105 | echo " serve-spa domain path" 106 | fi 107 | } 108 | 109 | function serve-statamic() { 110 | if [[ "$1" && "$2" ]] 111 | then 112 | sudo bash /root/server/create-certificate.sh "$1" 113 | sudo dos2unix /root/server/serve-statamic.sh 114 | sudo bash /root/server/serve-statamic.sh "$1" "$2" 80 443 "${3:-7.1}" 115 | else 116 | echo "Error: missing required parameters." 117 | echo "Usage: " 118 | echo " serve-statamic domain path" 119 | fi 120 | } 121 | 122 | function serve-symfony2() { 123 | if [[ "$1" && "$2" ]] 124 | then 125 | sudo bash /root/server/create-certificate.sh "$1" 126 | sudo dos2unix /root/server/serve-symfony2.sh 127 | sudo bash /root/server/serve-symfony2.sh "$1" "$2" 80 443 "${3:-7.1}" 128 | else 129 | echo "Error: missing required parameters." 130 | echo "Usage: " 131 | echo " serve-symfony2 domain path" 132 | fi 133 | } 134 | 135 | function serve-symfony4() { 136 | if [[ "$1" && "$2" ]] 137 | then 138 | sudo bash /root/server/create-certificate.sh "$1" 139 | sudo dos2unix /root/server/serve-symfony4.sh 140 | sudo bash /root/server/serve-symfony4.sh "$1" "$2" 80 443 "${3:-7.1}" 141 | else 142 | echo "Error: missing required parameters." 143 | echo "Usage: " 144 | echo " serve-symfony4 domain path" 145 | fi 146 | } 147 | 148 | function serve-pimcore() { 149 | if [[ "$1" && "$2" ]] 150 | then 151 | sudo bash /root/server/create-certificate.sh "$1" 152 | sudo dos2unix /root/server/serve-pimcore.sh 153 | sudo bash /root/server/serve-pimcore.sh "$1" "$2" 80 443 "${3:-7.1}" 154 | else 155 | echo "Error: missing required parameters." 156 | echo "Usage: " 157 | echo " serve-pimcore domain path" 158 | fi 159 | } 160 | 161 | function share() { 162 | if [[ "$1" ]] 163 | then 164 | ngrok http ${@:2} -host-header="$1" 80 165 | else 166 | echo "Error: missing required parameters." 167 | echo "Usage: " 168 | echo " share domain" 169 | echo "Invocation with extra params passed directly to ngrok" 170 | echo " share domain -region=eu -subdomain=test1234" 171 | fi 172 | } 173 | 174 | function flip() { 175 | sudo bash /root/server/flip-webserver.sh 176 | } 177 | 178 | function __has_pv() { 179 | $(hash pv 2>/dev/null); 180 | 181 | return $? 182 | } 183 | 184 | function __pv_install_message() { 185 | if ! __has_pv; then 186 | echo $1 187 | echo "Install pv with \`sudo apt-get install -y pv\` then run this command again." 188 | echo "" 189 | fi 190 | } 191 | 192 | 193 | 194 | function xphp() { 195 | (php -m | grep -q xdebug) 196 | if [[ $? -eq 0 ]] 197 | then 198 | XDEBUG_ENABLED=true 199 | else 200 | XDEBUG_ENABLED=false 201 | fi 202 | 203 | if ! $XDEBUG_ENABLED; then xon; fi 204 | 205 | php \ 206 | -dxdebug.remote_host=192.168.10.1 \ 207 | -dxdebug.remote_autostart=1 \ 208 | "$@" 209 | 210 | if ! $XDEBUG_ENABLED; then xoff; fi 211 | } 212 | -------------------------------------------------------------------------------- /create-certificate.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | mkdir /etc/nginx/ssl 2>/dev/null 4 | 5 | PATH_SSL="/etc/nginx/ssl" 6 | PATH_CNF="${PATH_SSL}/${1}.cnf" 7 | PATH_KEY="${PATH_SSL}/${1}.key" 8 | PATH_CRT="${PATH_SSL}/${1}.crt" 9 | 10 | # Only generate a certificate if there isn't one already there. 11 | if [ ! -f $PATH_CNF ] || [ ! -f $PATH_KEY ] || [ ! -f $PATH_CRT ] 12 | then 13 | 14 | # Uncomment the global 'copy_extentions' OpenSSL option to ensure the SANs are copied into the certificate. 15 | sed -i '/copy_extensions\ =\ copy/s/^#\ //g' /etc/ssl/openssl.cnf 16 | 17 | # Generate an OpenSSL configuration file specifically for this certificate. 18 | block=" 19 | [ req ] 20 | prompt = no 21 | default_bits = 2048 22 | default_keyfile = $PATH_KEY 23 | encrypt_key = no 24 | default_md = sha256 25 | distinguished_name = req_distinguished_name 26 | x509_extensions = v3_ca 27 | 28 | [ req_distinguished_name ] 29 | O=Vagrant 30 | C=UN 31 | CN=$1 32 | 33 | [ v3_ca ] 34 | basicConstraints=CA:FALSE 35 | subjectKeyIdentifier=hash 36 | authorityKeyIdentifier=keyid,issuer 37 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment 38 | subjectAltName = @alternate_names 39 | 40 | [ alternate_names ] 41 | DNS.1 = $1 42 | DNS.2 = *.$1 43 | " 44 | echo "$block" > $PATH_CNF 45 | 46 | # Finally, generate the private key and certificate. 47 | openssl genrsa -out "$PATH_KEY" 2048 2>/dev/null 48 | openssl req -new -x509 -config "$PATH_CNF" -out "$PATH_CRT" -days 365 2>/dev/null 49 | fi 50 | -------------------------------------------------------------------------------- /create-git-repo.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [[ "$1" && "$2" && "$3"]] 4 | then 5 | REPO=$1 6 | WEBSITE=$2 7 | USER=$3 8 | 9 | # Make a git directory for user 10 | if [ ! -d ~$USER/git ] 11 | then 12 | mkdir -p ~$USER/git 13 | fi 14 | 15 | # Make git repo 16 | if [ ! -d ~$USER/git/${REPO}.git ] 17 | then 18 | mkdir -p ~$USER/git/${REPO}.git 19 | cd ~$USER/git/${REPO}.git 20 | git init --bare 21 | else 22 | echo "Error: Repo already exists" 23 | exit 0 24 | fi 25 | 26 | 27 | # Adding post recieve hook 28 | cat > ~$USER/git/${REPO}.git/hooks/post-receive <<-EOF 29 | echo "********************" 30 | echo "Post receive hook: Updating website" 31 | echo "********************" 32 | 33 | #set the git repo dir 34 | 35 | GIT_REPO_DIR=~/git/${REPO}.git 36 | echo "The git repo dir is \$GIT_REPO_DIR" 37 | 38 | 39 | 40 | WEBROOT=~/sites/${WEBSITE} 41 | GIT_WORK_TREE=\$WEBROOT git checkout -f 42 | #change directory to the project dir 43 | cd \$WEBROOT 44 | 45 | rm -f storage/cache/* 46 | echo 'cache cleared' 47 | rm -f storage/views/* 48 | echo 'views cleared' 49 | 50 | composer install 51 | 52 | php artisan migrate --no-interaction 53 | 54 | #Basset 55 | #php artisan basset:build 56 | 57 | #Bower 58 | # only run if bower.json has changed 59 | 60 | echo "** NPM **" 61 | 62 | # switch to webroot 63 | cd \$GIT_REPO_DIR 64 | 65 | # geting a 'fatal: ambiguous argument' from this ? 66 | #changedfiles=( \`git diff-tree --no-commit-id --name-only HEAD@{1} HEAD\` ) 67 | 68 | changedfiles=( \`git diff-tree --no-commit-id --name-only HEAD^ HEAD\` ) 69 | 70 | #switch back 71 | cd \$WEBROOT 72 | 73 | # check if packages has been updated, if so install 74 | if [[ "\${changedfiles[*]}" =~ "package.json" ]]; then 75 | echo "npm packages have been updated - installing" 76 | npm install 77 | echo "compiling assets for production" 78 | npm run production 79 | fi 80 | 81 | 82 | # check if composer has been updated, if so install 83 | # Check if the composer.lock file is present 84 | if [[ "\${changedfiles[*]}" =~ "composer.lock" ]]; then 85 | # Install or update packages specified in the lock file 86 | echo "composer.lock has been updated - do install" 87 | composer install --no-dev 88 | fi 89 | 90 | 91 | php artisan cache:clear 92 | 93 | EOF 94 | sudo chmod +x ~$USER/git/${REPO}.git/hooks/post-receive 95 | chmod capybara ~$USER/git -R 96 | else 97 | echo "Error: missing required parameters." 98 | echo "Usage: repo_name site_address user_that_owns_repo" 99 | fi -------------------------------------------------------------------------------- /create-mysql.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | if [[ "$1" ]] 4 | then 5 | cat > /root/.my.cnf << EOF 6 | [client] 7 | user = capybara 8 | password = JDcGDX86SG^MXuQ 9 | host = localhost 10 | EOF 11 | 12 | cp /root/.my.cnf /home/capybara/.my.cnf 13 | 14 | DB=$1; 15 | 16 | mysql -e "CREATE DATABASE IF NOT EXISTS \`$DB\` DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_unicode_ci"; 17 | else 18 | echo "Error: missing required parameter." 19 | echo "Usage: " 20 | echo " database name" 21 | fi 22 | -------------------------------------------------------------------------------- /install-maria.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # MySQL 4 | if [[ "$1" && "$2" && "$3" ]] 5 | then 6 | mysql_root_username=$1 7 | mysql_username=$2 8 | mysql_password=$3 9 | 10 | export DEBIAN_FRONTEND=noninteractive 11 | # Check If Maria Has Been Installed 12 | 13 | if [ -f /home/vagrant/.maria ] 14 | then 15 | echo "MariaDB already installed." 16 | exit 0 17 | fi 18 | 19 | touch /home/vagrant/.maria 20 | 21 | # Disable Apparmor 22 | # See https://github.com/laravel/homestead/issues/629#issue-247524528 23 | 24 | sudo service apparmor stop 25 | sudo service apparmor teardown 26 | sudo update-rc.d -f apparmor remove 27 | 28 | # Remove MySQL 29 | 30 | apt-get remove -y --purge mysql-server mysql-client mysql-common 31 | apt-get autoremove -y 32 | apt-get autoclean 33 | 34 | rm -rf /var/lib/mysql 35 | rm -rf /var/log/mysql 36 | rm -rf /etc/mysql 37 | 38 | # Add Maria PPA 39 | 40 | sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8 41 | sudo add-apt-repository 'deb [arch=amd64,i386,ppc64el] http://ftp.osuosl.org/pub/mariadb/repo/10.2/ubuntu xenial main' 42 | apt-get update 43 | 44 | # Set The Automated Root Password 45 | 46 | export DEBIAN_FRONTEND=noninteractive 47 | 48 | debconf-set-selections <<< "mariadb-server-10.2 mysql-server/data-dir select ''" 49 | debconf-set-selections <<< "mariadb-server-10.2 mysql-server/root_password password $mysql_password" 50 | debconf-set-selections <<< "mariadb-server-10.2 mysql-server/root_password_again password $mysql_password" 51 | 52 | # Install MariaDB 53 | 54 | apt-get install -y mariadb-server 55 | 56 | # Configure Maria Remote Access 57 | 58 | sed -i '/^bind-address/s/bind-address.*=.*/bind-address = */' /etc/mysql/my.cnf 59 | 60 | mysql --user="$mysql_root_username" --password="$mysql_password" -e "GRANT ALL ON *.* TO $mysql_root_username@'0.0.0.0' IDENTIFIED BY '$mysql_password';" 61 | mysql --user="$mysql_root_username" --password="$mysql_password" -e "GRANT ALL ON *.* TO root@'%' IDENTIFIED BY '$mysql_password';" 62 | service mysql restart 63 | 64 | mysql --user="$mysql_root_username" --password="$mysql_password" -e "CREATE USER '$mysql_username'@'0.0.0.0' IDENTIFIED BY '$mysql_password';" 65 | mysql --user="$mysql_root_username" --password="$mysql_password" -e "GRANT ALL ON *.* TO '$mysql_username'@'0.0.0.0' IDENTIFIED BY '$mysql_password' WITH GRANT OPTION;" 66 | mysql --user="$mysql_root_username" --password="$mysql_password" -e "GRANT ALL ON *.* TO '$mysql_username'@'%' IDENTIFIED BY '$mysql_password' WITH GRANT OPTION;" 67 | mysql --user="$mysql_root_username" --password="$mysql_password" -e "FLUSH PRIVILEGES;" 68 | service mysql restart 69 | else 70 | echo "Error: missing one ore more of the three required parameters." 71 | echo "Usage: bash install-maria.sh mysql_root_username mysql_username mysql_password" 72 | fi -------------------------------------------------------------------------------- /install-mongo.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | if [[ "$1" && "$2" ]] 3 | then 4 | mongo_user="$1" 5 | mongo_password="$2" 6 | 7 | if [ -f /home/capybara/.mongo ] 8 | then 9 | echo "MongoDB already installed." 10 | exit 0 11 | fi 12 | 13 | touch /home/capybara/.mongo 14 | 15 | sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 0C49F3730359A14518585931BC711F9BA15703C6 2>&1 16 | 17 | echo "deb [ arch=amd64,arm64 ] http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.4.list 18 | 19 | sudo apt-get update 20 | 21 | sudo DEBIAN_FRONTEND=noninteractive apt-get -yq -o Dpkg::Options::="--force-confnew" install mongodb-org autoconf g++ make openssl libssl-dev libcurl4-openssl-dev pkg-config libsasl2-dev php-dev 22 | 23 | sudo ufw allow 27017 24 | sudo sed -i "s/bindIp: .*/bindIp: 0.0.0.0/" /etc/mongod.conf 25 | 26 | sudo systemctl enable mongod 27 | sudo systemctl start mongod 28 | 29 | sudo rm -rf /tmp/mongo-php-driver /usr/src/mongo-php-driver 30 | git clone -c advice.detachedHead=false -q -b '1.3.3' --single-branch https://github.com/mongodb/mongo-php-driver.git /tmp/mongo-php-driver 31 | sudo mv /tmp/mongo-php-driver /usr/src/mongo-php-driver 32 | cd /usr/src/mongo-php-driver 33 | git submodule -q update --init 34 | 35 | phpize5.6 36 | ./configure --with-php-config=/usr/bin/php-config5.6 > /dev/null 37 | make clean > /dev/null 38 | make >/dev/null 2>&1 39 | sudo make install 40 | sudo chmod 644 /usr/lib/php/20131226/mongodb.so 41 | sudo bash -c "echo 'extension=mongodb.so' > /etc/php/5.6/mods-available/mongo.ini" 42 | sudo ln -s /etc/php/5.6/mods-available/mongo.ini /etc/php/5.6/cli/conf.d/20-mongo.ini 43 | sudo ln -s /etc/php/5.6/mods-available/mongo.ini /etc/php/5.6/fpm/conf.d/20-mongo.ini 44 | sudo service php5.6-fpm restart 45 | 46 | phpize7.0 47 | ./configure --with-php-config=/usr/bin/php-config7.0 > /dev/null 48 | make clean > /dev/null 49 | make >/dev/null 2>&1 50 | sudo make install 51 | sudo chmod 644 /usr/lib/php/20151012/mongodb.so 52 | sudo bash -c "echo 'extension=mongodb.so' > /etc/php/7.0/mods-available/mongo.ini" 53 | sudo ln -s /etc/php/7.0/mods-available/mongo.ini /etc/php/7.0/cli/conf.d/20-mongo.ini 54 | sudo ln -s /etc/php/7.0/mods-available/mongo.ini /etc/php/7.0/fpm/conf.d/20-mongo.ini 55 | sudo service php7.0-fpm restart 56 | 57 | phpize7.1 58 | ./configure --with-php-config=/usr/bin/php-config7.1 > /dev/null 59 | make clean > /dev/null 60 | make >/dev/null 2>&1 61 | sudo make install 62 | sudo chmod 644 /usr/lib/php/20160303/mongodb.so 63 | sudo bash -c "echo 'extension=mongodb.so' > /etc/php/7.1/mods-available/mongo.ini" 64 | sudo ln -s /etc/php/7.1/mods-available/mongo.ini /etc/php/7.1/cli/conf.d/20-mongo.ini 65 | sudo ln -s /etc/php/7.1/mods-available/mongo.ini /etc/php/7.1/fpm/conf.d/20-mongo.ini 66 | sudo service php7.1-fpm restart 67 | 68 | phpize7.2 69 | ./configure --with-php-config=/usr/bin/php-config7.2 > /dev/null 70 | make clean > /dev/null 71 | make >/dev/null 2>&1 72 | sudo make install 73 | sudo chmod 644 /usr/lib/php/20160303/mongodb.so 74 | sudo bash -c "echo 'extension=mongodb.so' > /etc/php/7.2/mods-available/mongo.ini" 75 | sudo ln -s /etc/php/7.2/mods-available/mongo.ini /etc/php/7.2/cli/conf.d/20-mongo.ini 76 | sudo ln -s /etc/php/7.2/mods-available/mongo.ini /etc/php/7.2/fpm/conf.d/20-mongo.ini 77 | sudo service php7.2-fpm restart 78 | 79 | mongo admin --eval "db.createUser({user:'\`$mongo_user\`',pwd:'\`$mongo_password\`',roles:['root']})" 80 | else 81 | echo "Error: missing one ore more of the three required parameters." 82 | echo "Usage: bash install-mongo.sh mongo_user mongo_password" 83 | fi -------------------------------------------------------------------------------- /provision.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # REQUIRES: 3 | # - server (the server instance) 4 | # - site_name (the name of the site folder) 5 | # - sudo_password (random password for sudo) 6 | # - db_password (random password for database user) 7 | # - event_id (the provisioning event name) 8 | # - callback (the callback URL) 9 | # 10 | 11 | # Decleration of Variables 12 | # Host 13 | host_name="" 14 | # user 15 | sudo_user="" 16 | sudo_password="" #will be encrypted using mkpasswd 17 | 18 | # git config 19 | git_name="" 20 | git_email="" 21 | 22 | # MySQL 23 | mysql_username="" 24 | mysql_password="" 25 | mysql_database="" 26 | 27 | # Mongo 28 | mongo_user="" 29 | mongo_password="" 30 | 31 | sudo sed -i "s/#precedence ::ffff:0:0\/96 100/precedence ::ffff:0:0\/96 100/" /etc/gai.conf 32 | 33 | # Upgrade The Base Packages 34 | 35 | apt-get update 36 | apt-get upgrade -y 37 | 38 | # Add A Few PPAs To Stay Current 39 | 40 | apt-get install -y --force-yes software-properties-common 41 | 42 | # apt-add-repository ppa:fkrull/deadsnakes-python2.7 -y 43 | apt-add-repository ppa:nginx/development -y 44 | apt-add-repository ppa:chris-lea/redis-server -y 45 | apt-add-repository ppa:ondrej/php -y 46 | 47 | curl -s https://packagecloud.io/gpg.key | apt-key add - 48 | echo "deb http://packages.blackfire.io/debian any main" | tee /etc/apt/sources.list.d/blackfire.list 49 | 50 | 51 | # Update Package Lists 52 | 53 | apt-get update 54 | # Base Packages 55 | 56 | apt-get install -y --force-yes build-essential curl fail2ban gcc git libmcrypt4 libpcre3-dev \ 57 | make python2.7 python-pip supervisor ufw unattended-upgrades unzip whois zsh 58 | 59 | # Install Python Httpie 60 | 61 | pip install httpie 62 | 63 | 64 | # Disable Password Authentication Over SSH 65 | 66 | sed -i "/PasswordAuthentication yes/d" /etc/ssh/sshd_config 67 | echo "" | sudo tee -a /etc/ssh/sshd_config 68 | echo "" | sudo tee -a /etc/ssh/sshd_config 69 | echo "PasswordAuthentication no" | sudo tee -a /etc/ssh/sshd_config 70 | 71 | # Restart SSH 72 | 73 | ssh-keygen -A 74 | service ssh restart 75 | 76 | 77 | # Set The Timezone 78 | 79 | ln -sf /usr/share/zoneinfo/America/New_York /etc/localtime 80 | 81 | # Create The Root SSH Directory If Necessary 82 | 83 | if [ ! -d /root/.ssh ] 84 | then 85 | mkdir -p /root/.ssh 86 | touch /root/.ssh/authorized_keys 87 | fi 88 | 89 | # Setup User 90 | 91 | useradd $sudo_user 92 | mkdir -p /home/$sudo_user/.ssh 93 | mkdir -p /home/$sudo_user/.$sudo_user 94 | adduser $sudo_user sudo 95 | 96 | # Setup Bash For User 97 | 98 | chsh -s /bin/bash $sudo_user 99 | cp /root/.profile /home/$sudo_user/.profile 100 | cp /root/.bashrc /home/$sudo_user/.bashrc 101 | 102 | # Set The Sudo Password For User 103 | 104 | PASSWORD=$(mkpasswd ${sudo_password}) 105 | usermod --password $PASSWORD $sudo_user 106 | 107 | # Build Formatted Keys & Copy Keys 108 | 109 | #Remove this line once you have pasted in your public keys!! 110 | exit 0 111 | cat > /root/.ssh/authorized_keys << EOF 112 | # ssh-public authorize keys 113 | 114 | EOF 115 | 116 | 117 | cp /root/.ssh/authorized_keys /home/$sudo_user/.ssh/authorized_keys 118 | 119 | # Create The Server SSH Key 120 | 121 | ssh-keygen -f /home/$sudo_user/.ssh/id_rsa -t rsa -N '' 122 | 123 | # Copy Github And Bitbucket Public Keys Into Known Hosts File 124 | 125 | ssh-keyscan -H github.com >> /home/$sudo_user/.ssh/known_hosts 126 | ssh-keyscan -H bitbucket.org >> /home/$sudo_user/.ssh/known_hosts 127 | 128 | # Configure Git Settings 129 | 130 | git config --global user.name "$git_name" 131 | git config --global user.email "$git_email" 132 | 133 | # Setup Site Directory Permissions 134 | 135 | chown -R $sudo_user:$sudo_user /home/$sudo_user 136 | chmod -R 755 /home/$sudo_user 137 | chmod 700 /home/$sudo_user/.ssh/id_rsa 138 | 139 | # Setup UFW Firewall 140 | 141 | ufw allow 22 142 | ufw allow 80 143 | ufw allow 443 144 | ufw --force enable 145 | 146 | # Install PHP Stuffs 147 | # Current PHP 148 | apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ 149 | php7.2-cli php7.2-dev \ 150 | php7.2-pgsql php7.2-sqlite3 php7.2-gd \ 151 | php7.2-curl php7.2-memcached \ 152 | php7.2-imap php7.2-mysql php7.2-mbstring \ 153 | php7.2-xml php7.2-zip php7.2-bcmath php7.2-soap \ 154 | php7.2-intl php7.2-readline 155 | 156 | # PHP 7.1 157 | apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ 158 | php7.1-cli php7.1-dev \ 159 | php7.1-pgsql php7.1-sqlite3 php7.1-gd \ 160 | php7.1-curl php7.1-memcached \ 161 | php7.1-imap php7.1-mysql php7.1-mbstring \ 162 | php7.1-xml php7.1-zip php7.1-bcmath php7.1-soap \ 163 | php7.1-intl php7.1-readline php-xdebug php-pear 164 | 165 | # PHP 7.0 166 | apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ 167 | php7.0-cli php7.0-dev \ 168 | php7.0-pgsql php7.0-sqlite3 php7.0-gd \ 169 | php7.0-curl php7.0-memcached \ 170 | php7.0-imap php7.0-mysql php7.0-mbstring \ 171 | php7.0-xml php7.0-zip php7.0-bcmath php7.0-soap \ 172 | php7.0-intl php7.0-readline 173 | 174 | # PHP 5.6 175 | apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ 176 | php5.6-cli php5.6-dev \ 177 | php5.6-pgsql php5.6-sqlite3 php5.6-gd \ 178 | php5.6-curl php5.6-memcached \ 179 | php5.6-imap php5.6-mysql php5.6-mbstring \ 180 | php5.6-xml php5.6-zip php5.6-bcmath php5.6-soap \ 181 | php5.6-intl php5.6-readline php5.6-mcrypt 182 | 183 | update-alternatives --set php /usr/bin/php7.2 184 | 185 | # Install Composer 186 | 187 | curl -sS https://getcomposer.org/installer | php 188 | mv composer.phar /usr/local/bin/composer 189 | 190 | # Install Laravel Envoy & Installer 191 | 192 | sudo su ${sudo_user} <<'EOF' 193 | /usr/local/bin/composer global require "laravel/envoy=~1.0" 194 | /usr/local/bin/composer global require "laravel/installer=~1.1" 195 | /usr/local/bin/composer global require "drush/drush=~8" 196 | EOF 197 | 198 | # Set Some PHP CLI Settings 199 | sudo sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/7.2/cli/php.ini 200 | sudo sed -i "s/display_errors = .*/display_errors = On/" /etc/php/7.2/cli/php.ini 201 | sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.2/cli/php.ini 202 | sudo sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.2/cli/php.ini 203 | 204 | sudo sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/7.1/cli/php.ini 205 | sudo sed -i "s/display_errors = .*/display_errors = On/" /etc/php/7.1/cli/php.ini 206 | sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.1/cli/php.ini 207 | sudo sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.1/cli/php.ini 208 | 209 | sudo sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/7.0/cli/php.ini 210 | sudo sed -i "s/display_errors = .*/display_errors = On/" /etc/php/7.0/cli/php.ini 211 | sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.0/cli/php.ini 212 | sudo sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.0/cli/php.ini 213 | 214 | sudo sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/5.6/cli/php.ini 215 | sudo sed -i "s/display_errors = .*/display_errors = On/" /etc/php/5.6/cli/php.ini 216 | sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/5.6/cli/php.ini 217 | sudo sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/5.6/cli/php.ini 218 | 219 | # Install Nginx & PHP-FPM 220 | 221 | apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages \ 222 | nginx php7.1-fpm php7.2-fpm php7.0-fpm php5.6-fpm 223 | 224 | rm /etc/nginx/sites-enabled/default 225 | rm /etc/nginx/sites-available/default 226 | service nginx restart 227 | 228 | # Setup Some PHP-FPM Options 229 | echo "xdebug.remote_enable = 1" >> /etc/php/7.2/mods-available/xdebug.ini 230 | echo "xdebug.remote_connect_back = 1" >> /etc/php/7.2/mods-available/xdebug.ini 231 | echo "xdebug.remote_port = 9000" >> /etc/php/7.2/mods-available/xdebug.ini 232 | echo "xdebug.max_nesting_level = 512" >> /etc/php/7.2/mods-available/xdebug.ini 233 | echo "opcache.revalidate_freq = 0" >> /etc/php/7.2/mods-available/opcache.ini 234 | 235 | echo "xdebug.remote_enable = 1" >> /etc/php/7.1/mods-available/xdebug.ini 236 | echo "xdebug.remote_connect_back = 1" >> /etc/php/7.1/mods-available/xdebug.ini 237 | echo "xdebug.remote_port = 9000" >> /etc/php/7.1/mods-available/xdebug.ini 238 | echo "xdebug.max_nesting_level = 512" >> /etc/php/7.1/mods-available/xdebug.ini 239 | echo "opcache.revalidate_freq = 0" >> /etc/php/7.1/mods-available/opcache.ini 240 | 241 | echo "xdebug.remote_enable = 1" >> /etc/php/7.0/mods-available/xdebug.ini 242 | echo "xdebug.remote_connect_back = 1" >> /etc/php/7.0/mods-available/xdebug.ini 243 | echo "xdebug.remote_port = 9000" >> /etc/php/7.0/mods-available/xdebug.ini 244 | echo "xdebug.max_nesting_level = 512" >> /etc/php/7.0/mods-available/xdebug.ini 245 | echo "opcache.revalidate_freq = 0" >> /etc/php/7.0/mods-available/opcache.ini 246 | 247 | echo "xdebug.remote_enable = 1" >> /etc/php/5.6/mods-available/xdebug.ini 248 | echo "xdebug.remote_connect_back = 1" >> /etc/php/5.6/mods-available/xdebug.ini 249 | echo "xdebug.remote_port = 9000" >> /etc/php/5.6/mods-available/xdebug.ini 250 | echo "xdebug.max_nesting_level = 512" >> /etc/php/5.6/mods-available/xdebug.ini 251 | echo "opcache.revalidate_freq = 0" >> /etc/php/5.6/mods-available/opcache.ini 252 | 253 | sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/7.2/fpm/php.ini 254 | sed -i "s/display_errors = .*/display_errors = On/" /etc/php/7.2/fpm/php.ini 255 | sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/" /etc/php/7.2/fpm/php.ini 256 | sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.2/fpm/php.ini 257 | sed -i "s/upload_max_filesize = .*/upload_max_filesize = 100M/" /etc/php/7.2/fpm/php.ini 258 | sed -i "s/post_max_size = .*/post_max_size = 100M/" /etc/php/7.2/fpm/php.ini 259 | sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.2/fpm/php.ini 260 | 261 | printf "[openssl]\n" | tee -a /etc/php/7.2/fpm/php.ini 262 | printf "openssl.cainfo = /etc/ssl/certs/ca-certificates.crt\n" | tee -a /etc/php/7.2/fpm/php.ini 263 | 264 | printf "[curl]\n" | tee -a /etc/php/7.2/fpm/php.ini 265 | printf "curl.cainfo = /etc/ssl/certs/ca-certificates.crt\n" | tee -a /etc/php/7.2/fpm/php.ini 266 | 267 | sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/7.1/fpm/php.ini 268 | sed -i "s/display_errors = .*/display_errors = On/" /etc/php/7.1/fpm/php.ini 269 | sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/" /etc/php/7.1/fpm/php.ini 270 | sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.1/fpm/php.ini 271 | sed -i "s/upload_max_filesize = .*/upload_max_filesize = 100M/" /etc/php/7.1/fpm/php.ini 272 | sed -i "s/post_max_size = .*/post_max_size = 100M/" /etc/php/7.1/fpm/php.ini 273 | sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.1/fpm/php.ini 274 | 275 | printf "[openssl]\n" | tee -a /etc/php/7.1/fpm/php.ini 276 | printf "openssl.cainfo = /etc/ssl/certs/ca-certificates.crt\n" | tee -a /etc/php/7.1/fpm/php.ini 277 | 278 | printf "[curl]\n" | tee -a /etc/php/7.1/fpm/php.ini 279 | printf "curl.cainfo = /etc/ssl/certs/ca-certificates.crt\n" | tee -a /etc/php/7.1/fpm/php.ini 280 | 281 | sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/7.0/fpm/php.ini 282 | sed -i "s/display_errors = .*/display_errors = On/" /etc/php/7.0/fpm/php.ini 283 | sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/" /etc/php/7.0/fpm/php.ini 284 | sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.0/fpm/php.ini 285 | sed -i "s/upload_max_filesize = .*/upload_max_filesize = 100M/" /etc/php/7.0/fpm/php.ini 286 | sed -i "s/post_max_size = .*/post_max_size = 100M/" /etc/php/7.0/fpm/php.ini 287 | sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.0/fpm/php.ini 288 | 289 | printf "[curl]\n" | tee -a /etc/php/7.0/fpm/php.ini 290 | printf "curl.cainfo = /etc/ssl/certs/ca-certificates.crt\n" | tee -a /etc/php/7.0/fpm/php.ini 291 | 292 | sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/5.6/fpm/php.ini 293 | sed -i "s/display_errors = .*/display_errors = On/" /etc/php/5.6/fpm/php.ini 294 | sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/" /etc/php/5.6/fpm/php.ini 295 | sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/5.6/fpm/php.ini 296 | sed -i "s/upload_max_filesize = .*/upload_max_filesize = 100M/" /etc/php/5.6/fpm/php.ini 297 | sed -i "s/post_max_size = .*/post_max_size = 100M/" /etc/php/5.6/fpm/php.ini 298 | sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/5.6/fpm/php.ini 299 | 300 | printf "[curl]\n" | tee -a /etc/php/5.6/fpm/php.ini 301 | printf "curl.cainfo = /etc/ssl/certs/ca-certificates.crt\n" | tee -a /etc/php/5.6/fpm/php.ini 302 | 303 | # Disable XDebug On The CLI 304 | 305 | sudo phpdismod -s cli xdebug 306 | 307 | # Copy fastcgi_params to Nginx because they broke it on the PPA 308 | 309 | cat > /etc/nginx/fastcgi_params << EOF 310 | fastcgi_param QUERY_STRING \$query_string; 311 | fastcgi_param REQUEST_METHOD \$request_method; 312 | fastcgi_param CONTENT_TYPE \$content_type; 313 | fastcgi_param CONTENT_LENGTH \$content_length; 314 | fastcgi_param SCRIPT_FILENAME \$request_filename; 315 | fastcgi_param SCRIPT_NAME \$fastcgi_script_name; 316 | fastcgi_param REQUEST_URI \$request_uri; 317 | fastcgi_param DOCUMENT_URI \$document_uri; 318 | fastcgi_param DOCUMENT_ROOT \$document_root; 319 | fastcgi_param SERVER_PROTOCOL \$server_protocol; 320 | fastcgi_param GATEWAY_INTERFACE CGI/1.1; 321 | fastcgi_param SERVER_SOFTWARE nginx/\$nginx_version; 322 | fastcgi_param REMOTE_ADDR \$remote_addr; 323 | fastcgi_param REMOTE_PORT \$remote_port; 324 | fastcgi_param SERVER_ADDR \$server_addr; 325 | fastcgi_param SERVER_PORT \$server_port; 326 | fastcgi_param SERVER_NAME \$server_name; 327 | fastcgi_param HTTPS \$https if_not_empty; 328 | fastcgi_param REDIRECT_STATUS 200; 329 | EOF 330 | 331 | # Set The Nginx & PHP-FPM User 332 | 333 | sed -i "s/user www-data;/user ${sudo_user};/" /etc/nginx/nginx.conf 334 | sed -i "s/# server_names_hash_bucket_size.*/server_names_hash_bucket_size 64;/" /etc/nginx/nginx.conf 335 | 336 | sed -i "s/user = www-data/user = ${sudo_user}/" /etc/php/7.2/fpm/pool.d/www.conf 337 | sed -i "s/group = www-data/group = ${sudo_user}/" /etc/php/7.2/fpm/pool.d/www.conf 338 | 339 | sed -i "s/user = www-data/user = ${sudo_user}/" /etc/php/7.1/fpm/pool.d/www.conf 340 | sed -i "s/group = www-data/group = ${sudo_user}/" /etc/php/7.1/fpm/pool.d/www.conf 341 | 342 | sed -i "s/listen\.owner.*/listen.owner = ${sudo_user}/" /etc/php/7.1/fpm/pool.d/www.conf 343 | sed -i "s/listen\.group.*/listen.group = ${sudo_user}/" /etc/php/7.1/fpm/pool.d/www.conf 344 | sed -i "s/;listen\.mode.*/listen.mode = 0666/" /etc/php/7.1/fpm/pool.d/www.conf 345 | 346 | sed -i "s/user = www-data/user = ${sudo_user}/" /etc/php/7.0/fpm/pool.d/www.conf 347 | sed -i "s/group = www-data/group = ${sudo_user}/" /etc/php/7.0/fpm/pool.d/www.conf 348 | 349 | sed -i "s/listen\.owner.*/listen.owner = ${sudo_user}/" /etc/php/7.0/fpm/pool.d/www.conf 350 | sed -i "s/listen\.group.*/listen.group = ${sudo_user}/" /etc/php/7.0/fpm/pool.d/www.conf 351 | sed -i "s/;listen\.mode.*/listen.mode = 0666/" /etc/php/7.0/fpm/pool.d/www.conf 352 | 353 | sed -i "s/user = www-data/user = ${sudo_user}/" /etc/php/5.6/fpm/pool.d/www.conf 354 | sed -i "s/group = www-data/group = ${sudo_user}/" /etc/php/5.6/fpm/pool.d/www.conf 355 | 356 | sed -i "s/listen\.owner.*/listen.owner = ${sudo_user}/" /etc/php/5.6/fpm/pool.d/www.conf 357 | sed -i "s/listen\.group.*/listen.group = ${sudo_user}/" /etc/php/5.6/fpm/pool.d/www.conf 358 | sed -i "s/;listen\.mode.*/listen.mode = 0666/" /etc/php/5.6/fpm/pool.d/www.conf 359 | 360 | 361 | service nginx restart 362 | service php7.2-fpm restart 363 | service php7.1-fpm restart 364 | service php7.0-fpm restart 365 | service php5.6-fpm restart 366 | 367 | 368 | 369 | # Install Composer Package Manager 370 | 371 | curl -sS https://getcomposer.org/installer | php 372 | mv composer.phar /usr/local/bin/composer 373 | 374 | # Misc. PHP CLI Configuration 375 | 376 | sudo sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/7.1/cli/php.ini 377 | sudo sed -i "s/display_errors = .*/display_errors = On/" /etc/php/7.1/cli/php.ini 378 | sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.1/cli/php.ini 379 | sudo sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.1/cli/php.ini 380 | 381 | sudo sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/7.1/cli/php.ini 382 | sudo sed -i "s/display_errors = .*/display_errors = On/" /etc/php/7.1/cli/php.ini 383 | sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.1/cli/php.ini 384 | sudo sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.1/cli/php.ini 385 | 386 | # Configure Sessions Directory Permissions 387 | 388 | chmod 733 /var/lib/php/sessions 389 | chmod +t /var/lib/php/sessions 390 | 391 | 392 | # Generate dhparam File 393 | 394 | openssl dhparam -out /etc/nginx/dhparams.pem 2048 395 | 396 | # Configure A Few More Server Things 397 | 398 | sed -i "s/;request_terminate_timeout.*/request_terminate_timeout = 60/" /etc/php/7.1/fpm/pool.d/www.conf 399 | 400 | sed -i "s/worker_processes.*/worker_processes auto;/" /etc/nginx/nginx.conf 401 | sed -i "s/# multi_accept.*/multi_accept on;/" /etc/nginx/nginx.conf 402 | 403 | # Install A Catch All Server 404 | 405 | cat > /etc/nginx/sites-available/catch-all << EOF 406 | server { 407 | return 404; 408 | } 409 | EOF 410 | 411 | ln -s /etc/nginx/sites-available/catch-all /etc/nginx/sites-enabled/catch-all 412 | 413 | # Restart Nginx & PHP-FPM Services 414 | 415 | # Restart Nginx & PHP-FPM Services 416 | 417 | if [ ! -z "\$(ps aux | grep php-fpm | grep -v grep)" ] 418 | then 419 | service php7.1-fpm restart 420 | fi 421 | 422 | service nginx restart 423 | service nginx reload 424 | 425 | # Add sudo_user User To www-data Group 426 | 427 | usermod -a -G www-data ${sudo_user} 428 | id ${sudo_user} 429 | groups ${sudo_user} 430 | 431 | 432 | curl --silent --location https://deb.nodesource.com/setup_8.x | bash - 433 | 434 | apt-get update 435 | 436 | sudo apt-get install -y --force-yes nodejs 437 | 438 | npm install -g pm2 439 | npm install -g gulp 440 | npm install -g yarn 441 | 442 | # Install SQLite 443 | 444 | apt-get install -y sqlite3 libsqlite3-dev 445 | 446 | # Setup MariaDB Repositories 447 | 448 | bash /root/server/install-maria.sh $mysql_root_username $mysql_username $mysql_password 449 | 450 | 451 | # Install Mongo 452 | 453 | bash /root/server/install-maria.sh $mongo_user $mongo_password 454 | 455 | 456 | # Install & Configure Redis Server 457 | 458 | apt-get install -y redis-server 459 | sed -i 's/bind 127.1.0.1/bind 0.0.0.0/' /etc/redis/redis.conf 460 | service redis-server restart 461 | # Install & Configure Memcached 462 | 463 | apt-get install -y memcached 464 | sed -i 's/-l 127.1.0.1/-l 0.0.0.0/' /etc/memcached.conf 465 | service memcached restart 466 | # Install & Configure Beanstalk 467 | 468 | apt-get install -y --force-yes beanstalkd 469 | sed -i "s/BEANSTALKD_LISTEN_ADDR.*/BEANSTALKD_LISTEN_ADDR=0.0.0.0/" /etc/default/beanstalkd 470 | sed -i "s/#START=yes/START=yes/" /etc/default/beanstalkd 471 | /etc/init.d/beanstalkd start 472 | 473 | apt-get install -y blackfire-agent blackfire-php 474 | service php7.1-fpm restart 475 | 476 | # Install & Configure MailHog 477 | 478 | # Download binary from github 479 | wget --quiet -O /usr/local/bin/mailhog https://github.com/mailhog/MailHog/releases/download/v0.2.1/MailHog_linux_amd64 480 | 481 | # Make it executable 482 | chmod +x /usr/local/bin/mailhog 483 | 484 | # Make it start on reboot 485 | sudo tee /etc/systemd/system/mailhog.service < /dev/null 2>&1 & 493 | 494 | [Install] 495 | WantedBy=multi-user.target 496 | EOL 497 | 498 | # Start it now in the background 499 | service mailhog start 500 | 501 | 502 | # Configure Supervisor Autostart 503 | 504 | systemctl enable supervisor.service 505 | service supervisor start 506 | 507 | # Configure Swap Disk 508 | 509 | if [ -f /swapfile ]; then 510 | echo "Swap exists." 511 | else 512 | fallocate -l 1G /swapfile 513 | chmod 600 /swapfile 514 | mkswap /swapfile 515 | swapon /swapfile 516 | echo "/swapfile none swap sw 0 0" >> /etc/fstab 517 | echo "vm.swappiness=30" >> /etc/sysctl.conf 518 | echo "vm.vfs_cache_pressure=50" >> /etc/sysctl.conf 519 | fi 520 | 521 | # Setup Unattended Security Upgrades 522 | 523 | cat > /etc/apt/apt.conf.d/50unattended-upgrades << EOF 524 | Unattended-Upgrade::Allowed-Origins { 525 | "Ubuntu xenial-security"; 526 | }; 527 | Unattended-Upgrade::Package-Blacklist { 528 | // 529 | }; 530 | EOF 531 | 532 | cat > /etc/apt/apt.conf.d/10periodic << EOF 533 | APT::Periodic::Update-Package-Lists "1"; 534 | APT::Periodic::Download-Upgradeable-Packages "1"; 535 | APT::Periodic::AutocleanInterval "7"; 536 | APT::Periodic::Unattended-Upgrade "1"; 537 | EOF 538 | 539 | apt-get -y autoremove; 540 | apt-get -y clean; -------------------------------------------------------------------------------- /serve-laravel.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | declare -A params=$6 # Create an associative array 4 | paramsTXT="" 5 | if [ -n "$6" ]; then 6 | for element in "${!params[@]}" 7 | do 8 | paramsTXT="${paramsTXT} 9 | fastcgi_param ${element} ${params[$element]};" 10 | done 11 | fi 12 | 13 | block="server { 14 | listen ${3:-80}; 15 | listen ${4:-443} ssl http2; 16 | server_name .$1; 17 | root \"$2\"; 18 | 19 | index index.html index.htm index.php; 20 | 21 | charset utf-8; 22 | 23 | location / { 24 | try_files \$uri \$uri/ /index.php?\$query_string; 25 | } 26 | 27 | location = /favicon.ico { access_log off; log_not_found off; } 28 | location = /robots.txt { access_log off; log_not_found off; } 29 | 30 | access_log off; 31 | error_log /var/log/nginx/$1-error.log error; 32 | 33 | sendfile off; 34 | 35 | client_max_body_size 100m; 36 | 37 | location ~ \.php$ { 38 | fastcgi_split_path_info ^(.+\.php)(/.+)$; 39 | fastcgi_pass unix:/var/run/php/php$5-fpm.sock; 40 | fastcgi_index index.php; 41 | include fastcgi_params; 42 | fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; 43 | $paramsTXT 44 | 45 | fastcgi_intercept_errors off; 46 | fastcgi_buffer_size 16k; 47 | fastcgi_buffers 4 16k; 48 | fastcgi_connect_timeout 300; 49 | fastcgi_send_timeout 300; 50 | fastcgi_read_timeout 300; 51 | } 52 | 53 | location ~ /\.ht { 54 | deny all; 55 | } 56 | 57 | ssl_certificate /etc/nginx/ssl/$1.crt; 58 | ssl_certificate_key /etc/nginx/ssl/$1.key; 59 | } 60 | " 61 | 62 | echo "$block" > "/etc/nginx/sites-available/$1" 63 | ln -fs "/etc/nginx/sites-available/$1" "/etc/nginx/sites-enabled/$1" 64 | --------------------------------------------------------------------------------