/
ss-install.txt
634 lines (473 loc) · 22.5 KB
/
ss-install.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
#!/bin/bash
#############################################################
#### author: slickstack #####################################
#### link: https://slickstack.io ############################
#### mirror: http://mirrors.slickstack.io/ss-install.txt ####
#### path: /var/www/ss-install ##############################
#### purpose: installs slickstack (re-installable) ##########
#############################################################
## slickstack config ##
source /var/www/ss-config
##################
#### ss-check ####
##################
## delete tmp files ##
rm -R -f /tmp/ss-check*
# download latest versions ##
cd /tmp/
wget --no-cache http://mirrors.slickstack.io/ss-check.txt
## rename files ##
mv ss-check.txt ss-check
## copy files to their destinations ##
cp -R -f -d --no-preserve=mode,ownership /tmp/ss-check /var/www/ss-check
## delete tmp files ##
rm -R -f /tmp/ss-check*
## reset permissions ##
chown root:root /var/www/ss-check
chmod 755 /var/www/ss-check
## call scripts ##
source /var/www/ss-check
source /var/www/ss-perms
###############
#### repos ####
###############
## fix dpkg ##
DEBIAN_FRONTEND=noninteractive dpkg --configure -a --force-confold
## update and upgrade repos ##
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' /usr/bin/apt -q --yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" update
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' /usr/bin/apt -q --yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" upgrade
## autoremove ##
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' /usr/bin/apt -q --yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" autoremove
## install update-manager-core ##
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' /usr/bin/apt -q --yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install update-manager-core
## install linux utilities ##
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' /usr/bin/apt -q --yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install zip unzip
## install git ##
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' /usr/bin/apt -q --yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install git
#########################
#### configure users ####
#########################
## reset root ssh/sftp password ##
echo root:$rootpass | /usr/sbin/chpasswd
## ensure root password never expires ##
chage -E -1 -m 0 -M -1 -I -1 -W 99999 root
## add sudo ssh/sftp user ##
adduser --disabled-password --gecos "" $sudo
echo $sudo:$sudopass | /usr/sbin/chpasswd
## add non-sudo sftp user (chroot jail) ##
adduser --disabled-password --gecos "" $user
echo $user:$userpass | /usr/sbin/chpasswd
## set default editor to nano ##
update-alternatives --set editor /bin/nano
####################################
#### configure sudoers (visudo) ####
####################################
## delete tmp files ##
rm -R -f /tmp/sudoers.txt sudoers
## download latest versions ##
cd /tmp/
wget --no-cache http://mirrors.slickstack.io/ubuntu/sudoers.txt
## replace variables ##
sed -i "s/@SUDO/${sudo}/g" /tmp/sudoers.txt
## rename files ##
mv sudoers.txt sudoers
## copy files to their destinations ##
cp -R -f -d --no-preserve=mode,ownership /tmp/sudoers /etc/sudoers
## delete tmp files ##
rm -R -f /tmp/sudoers.txt sudoers
## reset permissions ##
chown root:root /etc/sudoers
chmod 440 /etc/sudoers
############################
#### configure ssh/sftp ####
############################
## delete tmp files ##
rm -R -f /tmp/sshd-config.txt sshd_config
## download latest versions ##
cd /tmp/
wget --no-cache http://mirrors.slickstack.io/ubuntu/sshd-config.txt
## replace variables ##
sed -i "s/@SUDO/${sudo}/g" /tmp/sshd-config.txt
sed -i "s/@USER/${user}/g" /tmp/sshd-config.txt
## rename files ##
mv sshd-config.txt sshd_config
## overwrite all files to their various destinations ##
cp -R -f --no-preserve=mode,ownership /tmp/sshd_config /etc/ssh/sshd_config
## delete tmp files ##
rm -R -f /tmp/sshd-config.txt sshd_config
## reset permissions ##
chown root:root /etc/ssh/sshd_config
## restart ssh ##
/etc/init.d/ssh restart
############################
#### configure timezone ####
############################
## set UTC timezone ##
timedatectl set-timezone UTC
#########################
#### install crontab ####
#########################
## delete tmp files ##
# rm -R -f /tmp/crontab.txt /tmp/root
## download latest versions ##
# cd /tmp/
# wget --no-cache http://mirrors.slickstack.io/ubuntu/crontab.txt
## rename files ##
# mv /tmp/crontab.txt /tmp/root
## copy files to destinations ##
# cp -R -f --preserve=mode,ownership /tmp/root /var/spool/cron/crontabs/root
## delete tmp files ##
# rm -R -f /tmp/crontab.txt /tmp/root
## install slickstack crontab ##
crontab /var/www/0-crontab
## reset permissions ##
chown root:root /var/spool/cron/crontabs/root
## reload crontab ##
/etc/init.d/cron reload
#######################
### install wp-cli ####
#######################
## download latest versions ##
cd /tmp/
wget --no-cache http://mirrors.slickstack.io/wp-cli/wp-cli.phar
wget --no-cache http://mirrors.slickstack.io/wp-cli/wp-completion.txt
## rename files and copy to their destinations ##
mv wp-cli.phar /usr/local/bin/wp
## rename files ##
mv /tmp/wp-completion.txt /tmp/wp-completion.bash
## copy files to destinations ##
cp -R -f --preserve=mode,ownership /tmp/wp-completion.bash /home/wp-completion.bash
## reset permissions ##
## https://www.alexgeorgiou.gr/wp-cli-www-data-user-permissions-linux/ ##
chown root:root /usr/local/bin/
chown www-data:www-data /usr/local/bin/wp
chmod 6775 /usr/local/bin/wp
chown www-data:www-data /home/wp-completion.bash
chmod 6775 /home/wp-completion.bash
#########################
#### install openssl ####
#########################
## generate ssl certificate ##
openssl req -new -x509 -nodes -days 730 -newkey rsa:2048 -keyout /etc/ssl/nginx.key -out /etc/ssl/nginx.crt -subj "/C=${country}/ST=${state}/L=${city}/O=${company}/OU=${dept}/CN=${domain}"
## reset permissions ##
chown root:root /etc/ssl/nginx.key
chown root:root /etc/ssl/nginx.crt
########################################
#### install nginx (latest version) ####
########################################
## update repos ##
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' /usr/bin/apt -q --yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" update
## add nginx mainline (dev) ppa ##
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' /usr/bin/add-apt-repository --yes ppa:nginx/development
## update repos ##
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' /usr/bin/apt -q --yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" update
## install nginx-extras ##
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' /usr/bin/apt -q --yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install nginx-extras
#########################
#### configure nginx ####
#########################
## delete tmp files ##
rm -R -f /tmp/nginx-conf.txt /tmp/nginx-conf /tmp/nginx.conf
## download latest versions ##
cd /tmp/
wget --no-cache http://mirrors.slickstack.io/nginx/nginx-conf.txt
## replace placeholders with slickstack variables ##
sed -i "s/@CACHEMEMORY/${cachememory}/g" /tmp/nginx-conf.txt
sed -i "s/@CACHEINACTIVE/${cacheinactive}/g" /tmp/nginx-conf.txt
sed -i "s/@CACHEMAXSIZE/${cachemaxsize}/g" /tmp/nginx-conf.txt
## rename files ##
mv nginx-conf.txt nginx.conf
## copy files to destinations ##
cp -R -f --no-preserve=mode,ownership /tmp/nginx.conf /etc/nginx/nginx.conf
## delete tmp files ##
rm -R -f /tmp/nginx-conf.txt /tmp/nginx.conf
## create fastcgi cache directory if does not exist ##
mkdir /var/www/cache
## reset permissions ##
chown www-data:www-data /var/www/cache
chown root:root /etc/nginx/nginx.conf
######################################
#### configure nginx server block ####
######################################
## delete tmp files ##
rm -R -f /tmp/default.txt /tmp/default /tmp/server-block.txt /tmp/server-block /tmp/server-block-ssl.txt /tmp/server-block-ssl
## download latest versions ##
cd /tmp/
if [[ "$ssl" == "yes" ]]
then wget --no-cache http://mirrors.slickstack.io/nginx/server-block-ssl.txt
mv /tmp/server-block-ssl.txt /tmp/default.txt
else wget --no-cache http://mirrors.slickstack.io/nginx/server-block.txt
mv /tmp/server-block.txt /tmp/default.txt
fi
## replace @DOMAIN placeholder with slickstack variable ##
sed -i "s/@DOMAIN/${domain}/g" /tmp/default.txt
sed -i "s/@CACHEVALID/${cachevalid}/g" /tmp/default.txt
## enable or disable fastcgi cache ##
## set skip_cache default to 0 only if fastcgi cache enabled in ss-config ##
if [[ "$cache" == "fastcgi" ]]
then sed -i "s/@FASTCGI/0/g" /tmp/default.txt
else sed -i "s/@FASTCGI/1/g" /tmp/default.txt
fi
## rename files ##
mv /tmp/default.txt /tmp/default
## copy files to destinations ##
cp -R -f --no-preserve=mode,ownership /tmp/default /etc/nginx/sites-available/default
## delete tmp files ##
rm -R -f /tmp/default.txt /tmp/default /tmp/server-block.txt /tmp/server-block /tmp/server-block-ssl.txt /tmp/server-block-ssl
## reset permissions ##
chown root:root /etc/nginx/sites-available/default
## restart nginx ##
/etc/init.d/nginx restart
######################################
#### install php 7.0 and php 7.2 #####
######################################
## purge php 7.0 and extensions ##
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' /usr/bin/apt -q --yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" purge php7.0
## delete PHP 7.0 files ##
rm -R -f /etc/php/7.0*
## purge php 7.2 and extensions ##
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' /usr/bin/apt -q --yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" purge php7.2
## install php 7.2 and extensions ##
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' /usr/bin/apt -q --yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install php7.2 php7.2-fpm php7.2-mysql php7.2-curl php7.2-zip php7.2-gd php7.2-mbstring php7.2-bcmath php7.2-xml php7.2-json php7.2-soap
## delete tmp files ##
rm -R -f /tmp/php.ini* /tmp/php-fpm.conf* /tmp/www.conf*
## download latest versions ##
cd /tmp/
wget --no-cache http://mirrors.slickstack.io/php/7.2/php.ini
wget --no-cache http://mirrors.slickstack.io/php/7.2/php-fpm.conf
wget --no-cache http://mirrors.slickstack.io/php/7.2/www.conf
## copy files to their destinations ##
cp -R -f --no-preserve=mode,ownership /tmp/php.ini /etc/php/7.2/fpm/php.ini
cp -R -f --no-preserve=mode,ownership /tmp/php.ini /etc/php/7.2/cli/php.ini
cp -R -f --no-preserve=mode,ownership /tmp/php-fpm.conf /etc/php/7.2/fpm/php-fpm.conf
cp -R -f --no-preserve=mode,ownership /tmp/www.conf /etc/php/7.2/fpm/pool.d/www.conf
## delete tmp files ##
rm -R -f /tmp/php.ini* /tmp/php-fpm.conf* /tmp/www.conf*
## customize php settings ##
# sed -i '/error_log/c\error_log = /var/www/logs/error.log' /etc/php/7.0/fpm/php-fpm.conf
# sed -i '/error_log/c\error_log = /var/www/logs/error.log' /etc/php/7.2/fpm/php-fpm.conf
## reset permissions ##
chown root:root /etc/php/7.2/fpm/php.ini
chown root:root /etc/php/7.2/cli/php.ini
chown root:root /etc/php/7.2/fpm/php-fpm.conf
chown root:root /etc/php/7.2/fpm/pool.d/www.conf
## set default php version ##
update-alternatives --set php /usr/bin/php7.2
## restart php ##
/etc/init.d/php7.2-fpm restart
###########################
#### install mysql 5.7 ####
###########################
## set noninteractive ##
export DEBIAN_FRONTEND=noninteractive;
## store mysql root password ##
## http://serverfault.com/a/830352/344471 ##
echo debconf mysql-server/root_password password ${dbrootpass} | debconf-set-selections
echo debconf mysql-server/root_password_again password ${dbrootpass} | debconf-set-selections
# echo "mysql-server-5.7 mysql-server/root_password password ${dbrootpass}" | debconf-set-selections
# echo "mysql-server-5.7 mysql-server/root_password_again password ${dbrootpass}" | debconf-set-selections
# debconf-set-selections <<< "mysql-server-5.7 mysql-server/root_password password ${dbrootpass}"
# debconf-set-selections <<< "mysql-server-5.7 mysql-server/root_password_again password ${dbrootpass}"
## install mysql 5.7 ##
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' /usr/bin/apt -q --yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install mysql-server-5.7
## confirm installed ##
echo "MySQL 5.7 is installed, now we will secure it."
##########################
#### secure mysql 5.7 ####
##########################
## install expect ##
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' /usr/bin/apt -q --yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install expect
## build expect script ##
tee ~/secure_our_mysql.sh > /dev/null << EOF
spawn $(which mysql_secure_installation)
## re-enter root password ##
expect "Enter password for user root:"
send "${dbrootpass}\r"
## skip the validate password plugin ##
expect "Press y|Y for Yes, any other key for No:"
send "n\r"
## skip change root password ##
expect "Change the password for root ? ((Press y|Y for Yes, any other key for No) :"
send "n\r"
## remove anonymous users ##
expect "Remove anonymous users? (Press y|Y for Yes, any other key for No) :"
send "y\r"
## disable remote connections ##
expect "Disallow root login remotely? (Press y|Y for Yes, any other key for No) :"
send "y\r"
## remote test database ##
expect "Remove test database and access to it? (Press y|Y for Yes, any other key for No) :"
send "y\r"
## reload privileges ##
expect "Reload privilege tables now? (Press y|Y for Yes, any other key for No) :"
send "y\r"
## end of script ##
EOF
## run expect script ##
expect ~/secure_our_mysql.sh
## cleanup ##
rm -v ~/secure_our_mysql.sh
## uninstall expect ##
# apt -qq purge expect > /dev/null # Uninstall Expect, commented out in case you need Expect
## confirm secured ##
echo "Congratulations, MySQL 5.7 is installed and secured. Onward!"
###############################
#### setup mysql 5.7 users ####
###############################
mysql -uroot -p${dbrootpass} -e "CREATE DATABASE ${dbname};"
mysql -uroot -p${dbrootpass} -e "CREATE USER '${dbuser}'@'localhost' IDENTIFIED BY '${dbuserpass}';"
mysql -uroot -p${dbrootpass} -e "CREATE USER '${dbuser}'@'127.0.0.1' IDENTIFIED BY '${dbuserpass}';"
mysql -uroot -p${dbrootpass} -e "GRANT ALL PRIVILEGES ON ${dbname}.* TO '${dbuser}'@'localhost';"
mysql -uroot -p${dbrootpass} -e "GRANT ALL PRIVILEGES ON ${dbname}.* TO '${dbuser}'@'127.0.0.1';"
mysql -uroot -p${dbrootpass} -e "FLUSH PRIVILEGES;"
############################################
#### install wordpress (latest version) ####
############################################
## download latest version ##
cd /var/www/html/
wget --no-cache http://wordpress.org/latest.tar.gz
## untar files ##
tar xfz latest.tar.gz
rsync -raqIp wordpress/* ./
## cleanup ##
rm -rf wordpress
rm -f latest.tar.gz
## install wplite mu-plugins ##
source /var/www/ss-muplugs
## create temp directory if doesn't exist (will not overwrite) ##
mkdir /var/www/html/wp-content/temp
#############################
#### configure wordpress ####
#############################
## delete tmp files ##
rm -R -f /tmp/wp-config*
## download latest versions ##
cd /tmp/
wget --no-cache http://mirrors.slickstack.io/wordpress/wp-config.txt
## replace placeholders with variables ##
sed -i "s/@DBNAME/${dbname}/g" /tmp/wp-config.txt
sed -i "s/@DBUSER/${dbuser}/g" /tmp/wp-config.txt
sed -i "s/@DBPASSWORD/${dbuserpass}/g" /tmp/wp-config.txt
sed -i "s/@DBNAME/${dbname}/g" /tmp/wp-config.txt
sed -i "s/@TABLEPREFIX/${dbprefix}/g" /tmp/wp-config.txt
# sed -i "s/@DBHOST/${dbhost}/g" /tmp/wp-config.txt
# sed -i "s/@DBCHARSET/${dbcharset}/g" /tmp/wp-config.txt
# sed -i "s/@DBCOLLATE/${dbcollate}/g" /tmp/wp-config.txt
## replace cloudflare placeholders ##
sed -i "s/@CLOUDFLAREAPIKEY/${cloudflareapikey}/g" /tmp/wp-config.txt
sed -i "s/@CLOUDFLAREAPIEMAIL/${cloudflareapiemail}/g" /tmp/wp-config.txt
## replace salt keys ##
sed -i "s/@AUTHKEY/$(openssl rand -hex 48)/g" /tmp/wp-config.txt
sed -i "s/@SECUREAUTHKEY/$(openssl rand -hex 48)/g" /tmp/wp-config.txt
sed -i "s/@LOGGEDINKEY/$(openssl rand -hex 48)/g" /tmp/wp-config.txt
sed -i "s/@NONCEKEY/$(openssl rand -hex 48)/g" /tmp/wp-config.txt
sed -i "s/@AUTHSALT/$(openssl rand -hex 48)/g" /tmp/wp-config.txt
sed -i "s/@SECUREAUTHSALT/$(openssl rand -hex 48)/g" /tmp/wp-config.txt
sed -i "s/@LOGGEDINSALT/$(openssl rand -hex 48)/g" /tmp/wp-config.txt
sed -i "s/@NONCESALT/$(openssl rand -hex 48)/g" /tmp/wp-config.txt
## replace debug placeholers ##
if [[ "$production" == "yes" ]]
then sed -i "s/@DEBUGON/false/g" /tmp/wp-config.txt
else sed -i "s/@DEBUGON/true/g" /tmp/wp-config.txt
fi
## replace debug placeholers ##
# if [[ "$production" == "yes" ]]
# then sed -i "s/@DEBUGLOG/false/g" /tmp/wp-config.txt
# else sed -i "s/@DEBUGLOG/true/g" /tmp/wp-config.txt
# fi
## replace debug placeholers ##
if [[ "$production" == "yes" ]]
then sed -i "s/@DEBUGDISPLAY/false/g" /tmp/wp-config.txt
else sed -i "s/@DEBUGDISPLAY/true/g" /tmp/wp-config.txt
fi
## rename files ##
mv /tmp/wp-config.txt /tmp/wp-config.php
## copy files to destinations ##
cp -R -f --no-preserve=mode,ownership /tmp/wp-config.php /var/www/html/wp-config.php
## delete tmp files ##
rm -R -f /tmp/wp-config*
############################################
#### install redis (latest apt version) ####
############################################
## install redis-server ##
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' /usr/bin/apt -q --yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install redis-server
## install php-redis ##
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' /usr/bin/apt -q --yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install php-redis
## start redis ##
/etc/init.d/redis-server start
##############################################
#### configure redis (latest apt version) ####
##############################################
## configure redis for object caching ##
sed -i '/maxmemory.*bytes.*/c\maxmemory 512mb' /etc/redis/redis.conf
sed -i '/maxmemory-policy noeviction/c\maxmemory-policy allkeys-lru' /etc/redis/redis.conf
## reset permissions ##
chown redis:redis /etc/redis/redis.conf
chown redis:redis /var/run/redis
## restart services ##
/etc/init.d/redis-server restart
/etc/init.d/php7.2-fpm restart
############################################
#### install monit (latest apt version) ####
############################################
# ## install monit ##
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' /usr/bin/apt -q --yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install monit
## configure monit settings ##
sed -i 's@/var/log/monit.log@/var/www/monit.log@' /etc/monit/monitrc
## reset permissions ##
chown root:root /etc/monit/monitrc
chmod 0700 /etc/monit/monitrc
## restart monit ##
/etc/init.d/monit restart
#####################
#### install ufw ####
#####################
## delete tmp files ##
rm -R -f /tmp/ufw-conf.txt* /tmp/ufw.conf*
rm -R -f /tmp/user-rules.txt* /tmp/user.rules*
## install ufw ##
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' /usr/bin/apt -q --yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install ufw
## ufw rules ##
ufw default deny incoming
ufw default allow outgoing
ufw allow 6969
ufw allow 80
ufw allow 443
ufw allow 6379
ufw --force disable
ufw --force enable
echo "y" | ufw enable
# retrieve latest versions ##
cd /tmp/
wget --no-cache http://mirrors.slickstack.io/ubuntu/ufw-conf.txt
wget --no-cache http://mirrors.slickstack.io/ubuntu/user-rules.txt
# wget --no-cache http://mirrors.slickstack.io/ubuntu/18.04/ufw/ver/ufw-conf.txt
# wget --no-cache http://mirrors.slickstack.io/ubuntu/18.04/ufw/ver/user-rules.txt
## rename files ##
mv ufw-conf.txt ufw.conf
mv user-rules.txt user.rules
## copy files to their destinations ##
cp -R -f -d --no-preserve=mode,ownership /tmp/ufw.conf /etc/ufw/ufw.conf
cp -R -f -d --no-preserve=mode,ownership /tmp/user.rules /etc/ufw/user.rules
## delete tmp files ##
rm -R -f /tmp/ufw-conf.txt* /tmp/ufw.conf*
rm -R -f /tmp/user-rules.txt* /tmp/user.rules*
## restart ufw ##
/etc/init.d/ufw force-reload
/etc/init.d/ufw restart
###############################
#### complete installation ####
###############################
## update and upgrade repos ##
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' /usr/bin/apt -q --yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" update
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' /usr/bin/apt -q --yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" upgrade
## autoremove ##
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' /usr/bin/apt -q --yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" autoremove
## fix dpkg ##
DEBIAN_FRONTEND=noninteractive dpkg --configure -a --force-confold
## run scripts ##
source /var/www/ss-clean
source /var/www/ss-perms
## restart services ##
/etc/init.d/nginx restart
/etc/init.d/php7.2-fpm restart