Skip to content
Browse files

Adding script files

  • Loading branch information...
1 parent 1c6765d commit f63745f6f4c08963d63ea9ce4c5f49227c16ca40 Dan Zitting committed Dec 5, 2009
Showing with 595 additions and 0 deletions.
  1. +1 −0 .gitignore
  2. +72 −0 README
  3. +42 −0 files/iptables.up.rules
  4. +37 −0 files/mydomain.com
  5. +22 −0 files/php-fastcgi
  6. +126 −0 files/php-fastcgi-rc
  7. +12 −0 files/wp.conf
  8. +35 −0 files/wp_super_cache.conf
  9. +203 −0 server-setup.sh
  10. +45 −0 wordpress-setup.sh
View
1 .gitignore
@@ -0,0 +1 @@
+.DS_Store
View
72 README
@@ -0,0 +1,72 @@
+ABOUT
+============================
+This script is designed to automate the deployment of Wordpress sites on a fresh server installation using an Nginx stack. This script (vps-setup.sh) sets up and configures the server and deployment stack and installs the initial Wordpress site on this server. The second script is optional as it (wordpress-site-setup.sh) installs Wordpress and the Nginx configuration for an additional Wordpress site/domain you would like to host on the server. The Wordpress install script can be run multiple times on a given server if you would like to host multiple Wordpress sites on the same server.
+
+
+VPS-SETUP.SH OVERVIEW
+============================
+This script installs and configures the server and Nginx stack and creates and installs the initial web site on nginx. All packages are installed through aptitude.
+
+The script disables SSH root login and sets up a sudo user and also changes the SSH port. All these are for server security.
+
+At the top of the script, you can see the variable that are to be set prior to running the script. All variable should have value, otherwise the script will not run.
+
+
+SLICE SETUP
+============================
+Before you run the script, login into slicemanager at manage.slicehost.com, click "DNS" tab and "Reverse DNS". Replace record with: server.domain.com (REPLACE server.domain.com with the correct host name).
+
+
+SERVER SETUP/CONFIGURATION
+============================
+Upload vps-setup.zip to /root.
+Login to the VPS as root and unzip the file.
+
+unzip vps-setup.zip
+cd vps-setup
+Now, run the setup.sh script.
+
+sh setup.sh
+
+During the set up, a dialog will ask you for entering a password for MySQL root user. Enter a password.
+
+After installation, MySQL is secured. For that the MySQL root password is asked. Enter the MySQL password you created in the above step.
+
+Enter current password for root (enter for none):
+
+Then following yes/no questions are asked. Answer them as follows.
+
+Change the root password? [Y/n] n
+Remove anonymous users? [Y/n] y
+Disallow root login remotely? [Y/n] y
+Remove test database and access to it? [Y/n] y
+Reload privilege tables now? [Y/n] y
+
+During the installation of Postfix mail server, select "Internet Site", and then for "System mail name:" -> "server.domain.com" (REPLACE server.domain.com with the correct host name).
+
+
+Server Setup Completion
+============================
+Once the script has completed, the root user can no longer SSH into the server. You need to use login for the sudo_user you setup in the script variables.
+
+Host: <whatever you setup in script variables>
+User: <whatever you setup in script variables>
+Password: <whatever you setup in script variables>
+SSH Port: <whatever you setup in script variables>
+
+MySQL root password: <whatever you entered during script execution for mysql root password>
+
+
+Wordpress Installation
+============================
+The site domain you setup in the script variables is created on Nginx by the script, however the site is empty. You need to upload Wordpress files to the web document root /home/public_html/itickmark.com/public/ and set up the database for the site.
+
+
+License
+============================
+Copyright (c) 2009 by iTickmark LLC
+
+This program is free software: you can redistribute it and/or modify it under the terms of the GNU Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
View
42 files/iptables.up.rules
@@ -0,0 +1,42 @@
+*filter
+
+
+# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
+-A INPUT -i lo -j ACCEPT
+-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
+
+
+# Accepts all established inbound connections
+-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+
+# Allows all outbound traffic
+# You can modify this to only allow certain traffic
+-A OUTPUT -j ACCEPT
+
+
+# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
+-A INPUT -p tcp --dport 80 -j ACCEPT
+-A INPUT -p tcp --dport 443 -j ACCEPT
+-A INPUT -p tcp --dport 25 -j ACCEPT
+
+# Allows SSH connections
+#
+# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
+#
+-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
+
+
+# Allow ping
+-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
+
+
+# log iptables denied calls
+-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
+
+
+# Reject all other inbound - default deny unless explicitly allowed policy
+-A INPUT -j REJECT
+-A FORWARD -j REJECT
+
+COMMIT
View
37 files/mydomain.com
@@ -0,0 +1,37 @@
+server {
+
+ listen 80;
+ server_name mydomain.com;
+ rewrite ^/(.*) http://www.mydomain.com/$1 permanent;
+
+ }
+
+
+server {
+
+ listen 80;
+ server_name www.mydomain.com;
+
+ access_log /home/public_html/mydomain.com/log/access.log;
+ error_log /home/public_html/mydomain.com/log/error.log;
+
+ location / {
+
+ root /home/public_html/mydomain.com/public/;
+ index index.php index.html;
+
+ # Basic version of Wordpress parameters, supporting nice permalinks.
+ include /etc/nginx/conf/wp.conf;
+ # Advanced version of Wordpress parameters supporting nice permalinks and WP Super Cache plugin
+ include /etc/nginx/conf/wp_super_cache.conf;
+ }
+
+ # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+ #
+ location ~ \.php$ {
+ fastcgi_pass 127.0.0.1:9000;
+ fastcgi_index index.php;
+ include /etc/nginx/fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME /home/public_html/mydomain.com/public/$fastcgi_script_name;
+ }
+ }
View
22 files/php-fastcgi
@@ -0,0 +1,22 @@
+#
+# Settings for php-cgi in external FASTCGI Mode
+#
+
+# Should php-fastcgi run automatically on startup? (default: no)
+
+START=yes
+
+# Which user runs PHP? (default: www-data)
+
+EXEC_AS_USER=www-data
+
+# Host and TCP port for FASTCGI-Listener (default: localhost:9000)
+
+FCGI_HOST=localhost
+FCGI_PORT=9000
+
+# Environment variables, which are processed by PHP
+
+PHP_FCGI_CHILDREN=5
+PHP_FCGI_MAX_REQUESTS=1000
+
View
126 files/php-fastcgi-rc
@@ -0,0 +1,126 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: php-fastcgi
+# Required-Start: $all
+# Required-Stop: $all
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Start and stop php-cgi in external FASTCGI mode
+# Description: Start and stop php-cgi in external FASTCGI mode
+### END INIT INFO
+
+# Author: Kurt Zankl <kz@xon.uni.cc>
+
+# Do NOT "set -e"
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="php-cgi in external FASTCGI mode"
+NAME=php-fastcgi
+DAEMON=/usr/bin/php-cgi
+PIDFILE=/var/run/$NAME.pid
+SCRIPTNAME=/etc/init.d/$NAME
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+# Load the VERBOSE setting and other rcS variables
+#. /lib/init/vars.sh
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
+. /lib/lsb/init-functions
+
+# If the daemon is not enabled, give the user a warning and then exit,
+# unless we are stopping the daemon
+if [ "$START" != "yes" -a "$1" != "stop" ]; then
+ log_warning_msg "To enable $NAME, edit /etc/default/$NAME and set START=yes"
+ exit 0
+fi
+
+# Process configuration
+export PHP_FCGI_CHILDREN PHP_FCGI_MAX_REQUESTS
+DAEMON_ARGS="-q -b $FCGI_HOST:$FCGI_PORT"
+
+
+do_start()
+{
+ # Return
+ # 0 if daemon has been started
+ # 1 if daemon was already running
+ # 2 if daemon could not be started
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
+ || return 1
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON \
+ --background --make-pidfile --chuid $EXEC_AS_USER --startas $DAEMON -- \
+ $DAEMON_ARGS \
+ || return 2
+}
+
+do_stop()
+{
+ # Return
+ # 0 if daemon has been stopped
+ # 1 if daemon was already stopped
+ # 2 if daemon could not be stopped
+ # other if a failure occurred
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE > /dev/null # --name $DAEMON
+ RETVAL="$?"
+ [ "$RETVAL" = 2 ] && return 2
+ # Wait for children to finish too if this is a daemon that forks
+ # and if the daemon is only ever run from this initscript.
+ # If the above conditions are not satisfied then add some other code
+ # that waits for the process to drop all resources that could be
+ # needed by services started subsequently. A last resort is to
+ # sleep for some time.
+ start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
+ [ "$?" = 2 ] && return 2
+ # Many daemons don't delete their pidfiles when they exit.
+ rm -f $PIDFILE
+ return "$RETVAL"
+}
+
+case "$1" in
+ start)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+ do_start
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ stop)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ restart|force-reload)
+ log_daemon_msg "Restarting $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1)
+ do_start
+ case "$?" in
+ 0) log_end_msg 0 ;;
+ 1) log_end_msg 1 ;; # Old process is still running
+ *) log_end_msg 1 ;; # Failed to start
+ esac
+ ;;
+ *)
+ # Failed to stop
+ log_end_msg 1
+ ;;
+ esac
+ ;;
+ *)
+ echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
+ exit 3
+ ;;
+esac
+
+:
View
12 files/wp.conf
@@ -0,0 +1,12 @@
+# WordPress pretty URLs: (as per dominiek.com)
+if (-f $request_filename) {
+break;
+}
+if (-d $request_filename) {
+break;
+}
+rewrite ^(.+)$ /index.php?q=$1 last;
+
+
+# Enable nice permalinks for WordPress: (as per Yawn.it)
+error_page 404 = //index.php?q=$uri;
View
35 files/wp_super_cache.conf
@@ -0,0 +1,35 @@
+# if the requested file exists, return it immediately
+if (-f $request_filename) {
+break;
+}
+
+set $supercache_file '';
+set $supercache_uri $request_uri;
+
+if ($request_method = POST) {
+set $supercache_uri '';
+}
+
+# Using pretty permalinks, so bypass the cache for any query string
+if ($query_string) {
+set $supercache_uri '';
+}
+
+if ($http_cookie ~* "comment_author_|wordpress|wp-postpass_" ) {
+set $supercache_uri '';
+}
+
+# if we haven't bypassed the cache, specify our supercache file
+if ($supercache_uri ~ ^(.+)$) {
+set $supercache_file /wp-content/cache/supercache/$http_host/$1index.html;
+}
+
+# only rewrite to the supercache file if it actually exists
+if (-f $document_root$supercache_file) {
+rewrite ^(.*)$ $supercache_file break;
+}
+
+# all other requests go to Wordpress
+if (!-e $request_filename) {
+rewrite . /index.php last;
+}
View
203 server-setup.sh
@@ -0,0 +1,203 @@
+#!/bin/bash
+
+#-- User Defined Variables --#
+hostname= #Your hostname (e.g. server.example.com)
+sudo_user= #Your username
+sudo_user_passwd= #your password
+root_passwd= #Your new root password
+ssh_port='22' #Your SSH port if you wish to change it from the default
+#-- UDV End --#
+
+set_locale()
+{
+ echo -n "Setting up system locale..."
+ { locale-gen en_US.UTF-8
+ unset LANG
+ /usr/sbin/update-locale LANG=en_US.UTF-8
+ } > /dev/null 2>&1
+ export LANG=en_US.UTF-8
+ echo "done."
+}
+
+set_hostname()
+{
+ if [ -n "$hostname" ]
+ then
+ echo -n "Setting up hostname..."
+ hostname $hostname
+ echo $hostname > /etc/hostname
+ echo "127.0.0.1 $hostname" >> /etc/hostname
+ echo "done."
+ fi
+}
+
+change_root_passwd()
+{
+ if [ -n "$root_passwd" ]
+ then
+ echo -n "Changing root password..."
+ echo "$root_passwd\n$root_passwd" > tmp/rootpass.$$
+ passwd root < tmp/rootpass.$$ > /dev/null 2>&1
+ echo "done."
+ fi
+}
+
+create_sudo_user()
+{
+ if [ -n "$sudo_user" -a -n "$sudo_user_passwd" ]
+ then
+ id $sudo_user > /dev/null 2>&1 && echo "Cannot create sudo user! User $sudo_user already exists!" && touch tmp/sudofailed.$$ && return
+ echo -n "Creating sudo user..."
+ useradd -d /home/$sudo_user -s /bin/bash -m $sudo_user
+ echo "$sudo_user_passwd\n$sudo_user_passwd" > tmp/sudopass.$$
+ passwd $sudo_user < tmp/sudopass.$$ > /dev/null 2>&1
+ echo "$sudo_user ALL=(ALL) ALL" >> /etc/sudoers
+ { echo 'export PS1="\[\e[32;1m\]\u\[\e[0m\]\[\e[32m\]@\h\[\e[36m\]\w \[\e[33m\]\$ \[\e[0m\]"'
+ echo 'alias ll="ls -la"'
+ echo 'alias a2r="sudo /etc/init.d/apache2 stop && sleep 2 && sudo /etc/init.d/apache2 start"'
+ echo 'alias n2r="sudo /etc/init.d/nginx stop && sleep 2 && sudo /etc/init.d/nginx start"'
+ echo 'alias ver="cat /etc/lsb-release"'
+ } >> /home/$sudo_user/.bashrc
+ echo "done."
+ fi
+}
+
+config_ssh()
+{
+ conf='/etc/ssh/sshd_config'
+ echo -n "Configuring SSH..."
+ sed -i -r 's/\s*X11Forwarding\s+yes/X11Forwarding no/g' $conf
+ sed -i -r 's/\s*UsePAM\s+yes/UsePAM no/g' $conf
+ sed -i -r 's/\s*UseDNS\s+yes/UseDNS no/g' $conf
+ grep -q "UsePAM no" $conf || echo "UsePAM no" >> $conf
+ grep -q "UseDNS no" $conf || echo "UseDNS no" >> $conf
+ if [ -n "$ssh_port" ]
+ then
+ sed -i -r "s/\s*Port\s+[0-9]+/Port $ssh_port/g" $conf
+ cp files/iptables.up.rules tmp/fw.$$
+ sed -i -r "s/\s+22\s+/ $ssh_port /" tmp/fw.$$
+ fi
+ if id $sudo_user > /dev/null 2>&1 && [ ! -e tmp/sudofailed.$$ ]
+ then
+ sed -i -r 's/\s*PermitRootLogin\s+yes/PermitRootLogin no/g' $conf
+ echo "AllowUsers $sudo_user" >> $conf
+ fi
+ echo "done."
+}
+
+setup_firewall()
+{
+ echo -n "Setting up firewall..."
+ cp tmp/fw.$$ /etc/iptables.up.rules
+ iptables -F
+ iptables-restore < /etc/iptables.up.rules > /dev/null 2>&1 &&
+ sed -i 's%pre-up iptables-restore < /etc/iptables.up.rules%%g' /etc/network/interfaces
+ sed -i -r 's%\s*iface\s+lo\s+inet\s+loopback%iface lo inet loopback\npre-up iptables-restore < /etc/iptables.up.rules%g' /etc/network/interfaces
+ /etc/init.d/ssh reload > /dev/null 2>&1
+ echo "done."
+}
+
+install_pkg()
+{
+ echo "Installing packages."
+ sleep 1
+ aptitude update
+ aptitude -y safe-upgrade
+ aptitude -y full-upgrade
+ aptitude -y install screen build-essential php5-common php5-dev php5-mysql php5-sqlite php5-tidy php5-xmlrpc php5-xsl php5-cgi php5-mcrypt php5-curl php5-gd php5-memcache php5-mhash php5-pspell php5-snmp php5-sqlite libmagick9-dev php5-cli
+ aptitude -y install make php-pear
+ echo "Installing ImageMagick PHP module. Just press <ENTER> at prompt.\n"
+ sleep 1
+ pecl install imagick
+ echo "extension=imagick.so" >> /etc/php5/cgi/php.ini
+ sed -i -r 's/\s*memory_limit\s+=\s+16M/memory_limit = 48M/g' /etc/php5/cgi/php.ini
+ aptitude -y install mysql-server mysql-client libmysqlclient15-dev
+ mysql_secure_installation
+ aptitude -y install subversion git-core
+ echo "Installing Postfix mail server\n"
+ echo "Select 'Internet Site', and then for 'System mail name:' -> $hostname\n".
+ sleep 2
+ aptitude -y install dnsutils postfix telnet mailx
+ grep "root: $sudo_user" /etc/aliases > /dev/null 2>&1 || echo "root: $sudo_user" >> /etc/aliases
+ newaliases
+ aptitude -y install nginx
+ aptitude -y install libfcgi0
+ echo "Done."
+}
+
+config_web()
+{
+ mkdir /etc/nginx/conf/
+ cp files/wp.conf /etc/nginx/conf/
+ cp files/wp_super_cache.conf /etc/nginx/conf/
+ cp files/php-fastcgi /etc/default/
+ cp files/php-fastcgi-rc /etc/init.d/php-fastcgi
+ chmod +x /etc/init.d/php-fastcgi
+ mkdir /home/public_html
+ groupadd webmasters
+ usermod -G webmasters $sudo_user
+ chown -R $sudo_user.webmasters /home/public_html
+ chmod -R g+w /home/public_html
+ find /home/public_html -type d -exec chmod g+s {} \;
+ /etc/init.d/nginx start
+ /etc/init.d/php-fastcgi start
+}
+
+copy_site_setup_files()
+}
+ mkdir /home/$sudo_user/setup
+ cp /root/wordpress-setup.sh /home/$sudo_user/setup/wordpress-setup.sh
+ mkdir /home/$sudo_user/setup/files
+ cp /root/files/mydomain.com /home/$sudo_user/setup/files/mydomain.com
+ mkdir /home/$sudo_user/setup/tmp
+}
+
+cleanup()
+{
+ rm -rf tmp/*
+}
+
+check_vars()
+{
+ if [ -n "$hostname" -a -n "$sudo_user" -a -n "$sudo_user_passwd" -a -n "$root_passwd" -a -n "$ssh_port" ]
+ then
+ return
+ else
+ echo "Value of variables cannot be empty."
+ fi
+}
+
+#-- Function calls and flow of execution --#
+
+# clean up tmp
+cleanup
+
+# check value of all UDVs
+check_vars
+
+# set host name of server
+set_hostname
+
+# set system locale
+set_locale
+
+# change root user password
+change_root_passwd
+
+# create and configure sudo user
+create_sudo_user
+
+# configure ssh
+config_ssh
+
+# set up and activate firewall
+setup_firewall
+
+# install packages
+install_pkg
+
+# configure nginx web server
+config_web
+
+# clean up tmp
+cleanup
View
45 wordpress-setup.sh
@@ -0,0 +1,45 @@
+site_domain= #Your wordpress domain (e.g. example.com)
+
+setup_site()
+{
+ mkdir /home/public_html/$1 && cd /home/public_html/$1 && mkdir public private log backup && cd -
+ find /home/public_html -type d -exec chmod g+s {} \;
+ cp files/mydomain.com tmp/domain.$$
+ sed -i -r "s/mydomain.com/$1/g" tmp/domain.$$
+ cp tmp/domain.$$ /etc/nginx/sites-available/$1
+ ln -s /etc/nginx/sites-available/$1 /etc/nginx/sites-enabled/$1
+ /etc/init.d/nginx restart
+}
+
+wordpress_setup()
+{
+ cd tmp
+ wget http://wordpress.org/latest.tar.gz
+ tar -xzvf latest.tar.gz
+ mv wordpress/* /home/public_html/$site_domain/public
+}
+
+check_vars()
+{
+ if [ -n "$site_domain" ]
+ then
+ return
+ else
+ echo "You must set the site_domain variable to your domain name."
+ fi
+}
+
+cleanup()
+{
+ rm -rf tmp/*
+}
+
+
+# set up a domain on nginx
+setup_site $site_domain
+
+# install wordpress
+wordpress_setup $site_domain
+
+# clean up tmp
+cleanup

0 comments on commit f63745f

Please sign in to comment.
Something went wrong with that request. Please try again.