Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
1564 lines (1310 sloc) 45.2 KB
#!/bin/bash
LANG=C
ADMINUSER_MAIL=
ADMINUSER_ID=
ADMINUSER_PW=
ADMINUSER_PUBKEY=""
WORDPRESS_TITLE=""
FQDN=
CMSINSTALL_CHOICE=
# yes|no(default)|none|wordpress|pico
WORDPRESS_MAIL=${ADMINUSER_MAIL}
WORDPRESS_ID=${ADMINUSER_ID}
WORDPRESS_PW=${ADMINUSER_PW}
# WordPressの標準ロケールを変数に格納する
WPLOCALE=ja
WEBSERVER=nginx
# nginx (default)|apache
PHP_VERSION=7
# 7 (default)|5
PHP_TZ_REGION=Asia
PHP_TZ_CITY=Tokyo
MARIADB_VERSION=10.2
# ================================================================ #
# wp-cliダウンロード元を変数に格納する
WPCLI_DOWNLOADURI="https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar"
# Picoダウンロード元を変数に格納する
PICOURL=https://github.com/picocms/pico.git
COMPOSERURL=https://getcomposer.org/installer
OS_DIST_NAME=$(rpm -q --info centos-release | egrep ^Vendor | awk '{print $NF}' | sed -e "s/\(.*\)/\L\1/")
OS_DIST_VERSION=$(rpm -q --info centos-release | egrep ^Version | awk '{print $NF}')
REMI_REPO_URI=http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
YUMREPODIR=/etc/yum.repos.d
INSTALL_PACKAGES=(
git
augeas-libs
gcc
libffi-devel
openssl-devel
python-devel
python-tools
python-virtualenv
redhat-rpm-config
telnet
nmap
lsof
)
yum -y install ${INSTALL_PACKAGES[@]}
# ================================================================ #
# ================================================================ #
# ランダムパスワード生成ワンライナーを関数 RAND_OPENSSL にまとめる
RAND_OPENSSL(){
CMD=$(
echo '
NUM=16
KETA=1024
echo $(
openssl rand -base64 ${KETA} | \
tr -dc '[:alnum:]' | \
fold -w ${NUM} | \
egrep "([[:digit:]A-Z]{2,})" | \
sed -e "s/[cC1la90oOpPq6bvVxXzZiIyYuUjJkKsSwWg]//g" | \
head -c ${KETA}
) | \
sed -e "s/[[:space:]]//g" | \
cut -b -${NUM} | \
sed -e "s/\(.*\)/\U\1/"' | \
openssl enc -e -base64)
echo ${CMD} | openssl enc -d -base64 | sh
}
# ================================================================ #
# ================================================================ #
# 必要であれば、外部に公開するNICのインターフェイスをINTERFACE変数に格納する
# 通常は空欄でよい
# ここでINTERFACE変数が空欄であれば、lo以外の最初のNICが変数に格納される
INTERFACE=
# ユーザー指定変数を補完する変数に値を代入する
ADMINUSER_UID=500
ADMINUSER_GID=500
ADMINUSER_GROUPNAME=${ADMINUSER_ID}
ADMINUSER_SHELL=/bin/bash
ADMINUSER_HOMEDIR=/home/${ADMINUSER_ID}
# DB関連変数に値を代入する
DB_NAME=wpdb0000
DB_USER=wpuser0000
DB_PASS=$(RAND_OPENSSL)
# SSH接続許可対象IPv4アドレス(private)の配列を生成する
AllowIPAddrList=(
192.168.0.0/16
172.16.0.0/12
10.0.0.0/8
)
# バーチャルホスト関係のディレクトリ、ログファイルの変数に値を代入する
VHOSTDIR=/home/vhosts/${FQDN}
DROOTDIR=${VHOSTDIR}/DocumentRoot
if [ ! ${#WEBSERVER_UPPERCASE} = 0 ];
then
VHLOGDIR=${VHOSTDIR}/logs/${WEBSERVER}
else
WEBSERVER_UPPERCASE=$(echo ${WEBSERVER} | sed -e "s/\(.*\)/\U\1/")
VHLOGDIR=${VHOSTDIR}/logs/${WEBSERVER_UPPERCASE}
fi
ERRORLOG=${VHLOGDIR}/error_log
ACCESSLOG=${VHLOGDIR}/access_log
# webmasterユーザーに関する変数に値を代入する
WEBMASTER_USER=webmaster
WEBMASTER_GROUP=webmaster
WEBMASTER_UID=1000
WEBMASTER_GID=1000
WEBMASTER_SHELL=/sbin/nologin
WEBMASTER_HOME=${VHOSTDIR}
# CMS関連のフラグを CMSINSTALL_SPEC 変数に代入する
CMSINSTALL_CHOICE_UPPERCASE=$(
echo ${CMSINSTALL_CHOICE} | \
sed -e "s/\(.*\)/\U\1/"
)
if [ ${CMSINSTALL_CHOICE_UPPERCASE} = YES ];
then
CMSINSTALL_SPEC=WORDPRESS
fi
if [ ${CMSINSTALL_CHOICE_UPPERCASE} = NO ];
then
CMSINSTALL_SPEC=NONE
fi
if [ ${CMSINSTALL_CHOICE_UPPERCASE} = NONE ];
then
CMSINSTALL_SPEC=NONE
fi
if [ ${CMSINSTALL_CHOICE_UPPERCASE} = WORDPRESS ];
then
CMSINSTALL_SPEC=WORDPRESS
fi
if [ ${CMSINSTALL_CHOICE_UPPERCASE} = PICO ];
then
CMSINSTALL_SPEC=PICO
fi
if [ ${CMSINSTALL_SPEC} = WORDPRESS ];
then
MARIADB_INSTALL=YES
WPINSTALL_CHECK=YES
fi
# ================================================================ #
# ================================================================ #
# 石川さんごめんなさい
setenforce 0
SELINUX_CONFDIR=/etc/selinux
SELINUX_CONF=${SELINUX_CONFDIR}/config
SELINUX_BACKUPCONF=${SELINUX_CONFDIR}/BACKUP/$(basename ${SELINUX_CONF}).ORIG
mkdir -p ${SELINUX_CONFDIR}/BACKUP
cp -p ${SELINUX_CONF} ${SELINUX_BACKUPCONF}
sed -i "/SELINUX=enforcing/s/enforcing/disabled/" ${SELINUX_CONF}
# ================================================================ #
# ================================================================ #
# webmasterユーザーを作成する WEBMASTER_CREATE 関数
WEBMASTER_CREATE(){
groupadd -g \
${WEBMASTER_GID} \
${WEBMASTER_GROUP}
useradd \
-g ${WEBMASTER_GID} \
-u ${WEBMASTER_UID} \
-s ${WEBMASTER_SHELL} \
-d ${WEBMASTER_HOME} \
${WEBMASTER_USER}
}
# SSHでログインさせるユーザーに関する処理を行う SSHUSER_CREATE 関数
# - 処理内容
# グループ追加
# ユーザー追加
# パスワード設定
# (もしパスワード ADMINUSER_PW変数 が空欄ならランダムにパスワードを作成)
# sudoers設定
# SSH公開鍵の書式が正しければauthorized_keysに公開鍵を追加する
SSHUSER_CREATE(){
groupadd \
-g ${ADMINUSER_GID} \
${ADMINUSER_GROUPNAME}
useradd \
-g ${ADMINUSER_GID} \
-u ${ADMINUSER_UID} \
-s ${ADMINUSER_SHELL} \
-d ${ADMINUSER_HOMEDIR} \
${ADMINUSER_ID}
if [ ! 0 = ${#ADMINUSER_PW} ];
then
echo ${ADMINUSER_PW} | \
passwd --stdin ${ADMINUSER_ID}
else
ADMINUSER_PW=$(RAND_OPENSSL)
echo ${ADMINUSER_PW} | \
tee ${HOME}/.${ADMINUSER_ID}_PWFILE.txt
echo ${ADMINUSER_PW} | \
passwd --stdin ${ADMINUSER_ID}
fi
SUDOERS_FILE=/etc/sudoers.d/${ADMINUSER_ID}
echo -e \
"${ADMINUSER_ID}\tALL=(ALL)\tNOPASSWD: ALL" | \
tee ${SUDOERS_FILE}
chmod 444 ${SUDOERS_FILE}
SSH_AUTHKEY_TMPFILE=/root/SSH_AUTHKEY_TMPFILE
echo ${ADMINUSER_PUBKEY} | tee ${SSH_AUTHKEY_TMPFILE}
SSHKEYCHECK_RESULT=$(
ssh-keygen -l \
-f ${SSH_AUTHKEY_TMPFILE} | \
awk '{print $NF}' | \
sed -e "s/[\(\)]//g"
)
if [ ! 0 = ${#ADMINUSER_PUBKEY} ];
then
#
AUTHPUBKEYDIR=${ADMINUSER_HOMEDIR}/.ssh
AUTHPUBKEYFILE=${AUTHPUBKEYDIR}/authorized_keys
#
mkdir -p ${AUTHPUBKEYDIR}
touch ${AUTHPUBKEYFILE}
chown -R ${ADMINUSER_ID}. ${AUTHPUBKEYDIR}
chmod -R go-rwx ${AUTHPUBKEYDIR}
#
if [ ${SSHKEYCHECK_RESULT} = RSA ];
then
cp -p ${SSH_AUTHKEY_TMPFILE} ${AUTHPUBKEYFILE}
chown ${ADMINUSER_ID}. ${AUTHPUBKEYFILE}
fi
if [ ${SSHKEYCHECK_RESULT} = DSA ];
then
cp -p ${SSH_AUTHKEY_TMPFILE} ${AUTHPUBKEYFILE}
chown ${ADMINUSER_ID}. ${AUTHPUBKEYFILE}
fi
if [ ${SSHKEYCHECK_RESULT} = ECDSA ];
then
cp -p ${SSH_AUTHKEY_TMPFILE} ${AUTHPUBKEYFILE}
chown ${ADMINUSER_ID}. ${AUTHPUBKEYFILE}
fi
rm -f ${SSH_AUTHKEY_TMPFILE}
else
:
fi
}
SSHUSER_CREATE
# bind-utilsをインストールする BINDUTILS_INSTALL 関数
BINDUTILS_INSTALL(){
yum -y install bind-utils
}
BINDUTILS_INSTALL
# 配列AllowIPAddrListに今ログインしているIPアドレスを加えたものを
# 配列AllowIPAddrList_ALLへ格納する FIREWALLD_SSH_ALLOW 関数
# - 前提条件 : sshd_configでUseDNS yesであること : デフォルトはyes
FIREWALLD_SSH_ALLOW(){
# 現在のアクティブゾーンを変数に格納する
FW_ACTIVE_ZONE=$(firewall-cmd --get-active-zones | egrep -v ^[[:space:]])
# 一旦sshの許可を取り消す
firewall-cmd \
--permanent \
--remove-service=ssh
# 現在SSH接続しているホストをPTS変数へ代入する
for PTS in $(
who | \
egrep "pts/[0-9]{1,}" | \
egrep -v "(localhost|::1)" | \
awk '{print $NF}' | \
sed -e "s/[\(\)]//g"
)
do
# PTS変数がホスト名であればdigで名前解決を行い、
# IPアドレスであればそのまま ALLOWSSH_IPADDR 配列へ追加し、
# firewall-cmd コマンドでアクティブなゾーンのSSH接続を許可する
if [ 0 = $(dig ${PTS} | egrep "^${PTS}" > /dev/null ; echo $?) ];
then
ALLOWSSH_IPADDR=$(dig ${PTS} | egrep "^${PTS}" | awk '{print $NF}')/32
else
ALLOWSSH_IPADDR=${PTS}/32
fi
firewall-cmd \
--permanent \
--zone=${FW_ACTIVE_ZONE} \
--add-rich-rule="rule family="ipv4" \
source address="${ALLOWSSH_IPADDR}" \
port protocol="tcp" port="22" accept"
done
firewall-cmd --reload
}
FIREWALLD_SSH_ALLOW
# http httpsのポートを許可する FIREWALLD_WWW_ALLOW 関数
FIREWALLD_WWW_ALLOW(){
FW_ACTIVE_ZONE=$(firewall-cmd --get-active-zones | egrep -v ^[[:space:]])
firewall-cmd --zone=${FW_ACTIVE_ZONE} --add-service http --permanent
firewall-cmd --zone=${FW_ACTIVE_ZONE} --add-service https --permanent
firewall-cmd --reload
}
FIREWALLD_WWW_ALLOW
# 今あるグローバルIPアドレスの名前解決を行う FQDN_DIG_STATUS_CHECK 関数
FQDN_DIG_STATUS_CHECK(){
# もしすでにあるINTERFACE変数が0文字であれば
# lo以外の最初のインターフェイスを変数に格納する
if [ 0 = ${#INTERFACE} ];
then
INTERFACE=$(
ip a | \
egrep ^[0-9] | \
egrep -v ^1: | \
awk '{print $2}' | \
head -n 1 | \
sed -e "s/://"
)
fi
# INTERFACE変数に格納されたNICのIPアドレスをIPADDR変数に格納する
IPADDR=$(
ip a show dev ${INTERFACE} | \
egrep "^[[:space:]]{1,}inet[[:space:]]" | \
awk '{print $2}' | \
sed -e "s/\/[0-9]\{1,\}//"
)
# digコマンドの結果がegrepにマッチするかの終了ステータスをFQDN_DIG_STATUS_CHECKに代入する
FQDN_DIG_STATUS_CHECK=$(
dig ${FQDN} | \
egrep \
"(^${FQDN}.[[:space:]]{1,}[0-9]{1,}[[:space:]]{1,}IN[[:space:]]{1,}A[[:space:]]{1,}${IPADDR})" > \
/dev/null ; \
echo $?
)
# 最終的にグローバルIPアドレスを持つインターフェイスの
# 名前解決ができたかどうかを FQDN_DIG_STATUS_RESULT 変数に代入する
# (あちこちで終了ステータスを使うと混乱するのでYES NOに変換)
if [ 0 = ${FQDN_DIG_STATUS_CHECK} ];
then
FQDN_DIG_STATUS_RESULT=YES
else
FQDN_DIG_STATUS_RESULT=NO
fi
}
FQDN_DIG_STATUS_CHECK
# WordPress関連の変数をチェックする WP_ENV_CHECK 関数
WP_ENV_CHECK(){
#
if [ ${CMSINSTALL_SPEC} = WORDPRESS ];
then
#
if [ 0 = ${#WORDPRESS_MAIL} ];
then
ERROR_MSG="メールアドレスがありません"
ERRORLOG_FILE=${HOME}/${FUNCNAME[0]}_ERROR.log
echo ${ERROR_MSG} | tee ${ERRORLOG_FILE}
exit 1
fi
#
if [ 0 = ${#WORDPRESS_ID} ];
then
WORDPRESS_ID=$(RAND_OPENSSL)
fi
#
if [ 0 = ${#WORDPRESS_PW} ];
then
WORDPRESS_PW=$(RAND_OPENSSL)
fi
#
if [ 0 = ${#WORDPRESS_TITLE} ];
then
WORDPRESS_TITLE=$(RAND_OPENSSL)
fi
fi
}
WP_ENV_CHECK
# ================================================================ #
# ================================================================ #
# WordPressをインストールする場合、MariaDBをインストールする
# (MariaDBをインストールするかどうかの条件分岐は関数の外で行う)
MARIADB_INSTALL_FUNCTION(){
MARIADB_REPOURI=yum.mariadb.org
MARIADB_REPOFILE=${YUMREPODIR}/MariaDB.repo
MARIADB_OSNAME=${OS_DIST_NAME}${OS_DIST_VERSION}
cat << _EOL_ | tee ${MARIADB_REPOFILE}
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://${MARIADB_REPOURI}/${MARIADB_VERSION}/${MARIADB_OSNAME}-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
_EOL_
yum -y install MariaDB-server MariaDB-client galera MariaDB-tokudb-engine
}
MARIADB_SECURE_INSTALLATION(){
# MariaDBが起動していなければ起動させる
if [ ! 0 = $(systemctl status mariadb > /dev/null ; echo $?) ];
then
systemctl start mariadb
fi
# MariaDBを起動してもなおTCP3306をLISTENしていなければ異常終了させる
MARIADB_TCPLISTEN_STATUS=$(ss -lnt | egrep ":::3306" > /dev/null ; echo $?)
if [ ! 0 = ${MARIADB_TCPLISTEN_STATUS} ];
then
echo "MariaDB Start Error $(date)" | tee ${HOME}/MariaDB-ERROR.txt
exit 1
fi
# testデータベースを削除する
DELETE_SCHEME=test
DELETE_SCHEME_FIND_STATUS=$(
mysql -N -s -e "SHOW DATABASES;" | \
egrep "^${DELETE_SCHEME}$" > \
/dev/null ; \
echo $?
)
if [ 0 = ${DELETE_SCHEME_FIND_STATUS} ];
then
mysql -N -s -e "DROP DATABASE ${DELETE_SCHEME};"
fi
# rootユーザーにパスワードを付与する
MARIADB_ROOT_PW=$(RAND_OPENSSL)
MY_CNF_ROOT=${HOME}/.my.cnf
mysql -u root -e "SET PASSWORD FOR root@localhost=PASSWORD('${MARIADB_ROOT_PW}');"
cat << _EOL_ | tee ${MY_CNF_ROOT}
[mysql]
host = localhost
password = "${MARIADB_ROOT_PW}"
user = root
[mysqldump]
host = localhost
password = "${MARIADB_ROOT_PW}"
user = root
[mysqladmin]
host = localhost
password = "${MARIADB_ROOT_PW}"
user = root
_EOL_
MARIADB_ADDR_LIST=(
$(
mysql -N -s -e "SELECT USER,HOST,PASSWORD FROM mysql.user;" | \
egrep -v "(localhost|::1|$(uname -n))" | \
egrep "^root[[:space:]]" | \
awk '{print $NF}'
)
)
for MARIADB_ADDR in ${MARIADB_ADDR_LIST[@]}
do
mysql -e "SET PASSWORD FOR root@${MARIADB_ADDR}=PASSWORD('${MARIADB_ROOT_PW}');"
done
mysql -e "use mysql;DELETE FROM user WHERE password='';"
}
CMS_DATABASE_INSTALL(){
mysql -e "CREATE DATABASE ${DB_NAME} DEFAULT CHARACTER SET utf8;"
MARIADB_LOCALADDR_LIST=(
$(
mysql -N -s -e "SELECT USER,HOST,PASSWORD FROM mysql.user;" | \
egrep ^root | \
awk '{print $2}'
)
)
for MARIADB_ADDR in ${MARIADB_LOCALADDR_LIST[@]}
do
mysql -e "GRANT ALL PRIVILEGES ON \`${DB_NAME}\`.* TO ${DB_USER}@${MARIADB_ADDR} IDENTIFIED BY \"${DB_PASS}\";"
done
}
if [ ${MARIADB_INSTALL} = YES ];
then
MARIADB_INSTALL_FUNCTION
MARIADB_SECURE_INSTALLATION
CMS_DATABASE_INSTALL
fi
# ================================================================ #
# ================================================================ #
# PHPパッケージのためにremiリポジトリをインストールする
# - epelリポジトリもあわせてインストールされる
# - CMSインストール有無にかかわらず処理を行う
# - Apacheを選択した場合のみ「php」パッケージをインストールする
PHP_INSTALL_FUNCTION(){
# PHPバージョンを選択する変数 PHP_VERSION を綺麗にする
# - もし PHP_VERSION 変数が空であれば PHP_VERSION に 7 を代入する
if [ ${#PHP_VERSION} = 0 ];
then
PHP_VERSION=7
else
# - もし PHP_VERSION 変数に5か7が代入されていなければ7を強制代入する
PHPVERSION_GREP_STATUS=$(
echo ${PHP_VERSION} | \
egrep "^([57])$" > \
/dev/null 2>&1 ; \
echo $?
)
if [ ! ${PHPVERSION_GREP_STATUS} = 0 ];
then
PHP_VERSION=7
fi
fi
yum -y install ${REMI_REPO_URI}
# epelリポジトリのenabledを0にする
EPELREPO_FILE=${YUMREPODIR}/epel.repo
EPELREPO_BACKUPFILE=${YUMREPODIR}/BACKUP/epel.repo.ORIG
mkdir -p ${YUMREPODIR}/BACKUP
cp -p ${EPELREPO_FILE} ${EPELREPO_BACKUPFILE}
sed -i "/^[[:space:]]\{0,\}enabled[[:space:]]\{0,\}=[[:space:]]\{0,\}1/s/1/0/g" \
${YUMREPODIR}/epel.repo
PHPREPO=$(
ls ${YUMREPODIR} | \
egrep "remi-php${PHPVERSION}[0-9]{1,}" | \
sort -n | \
tail -n 2 | \
head -n 1 | \
sed -e "s/\.repo//"
)
PACKAGELIST=(
$(
yum --enablerepo=${PHPREPO} list | \
egrep ^php | \
egrep -v "(pecl|php-twig-ctwig|php-oci8|snmp|odbc|yac|smbclient|sqlsrv|php-mysql\.$(uname -m)|phalcon2|php\.$(uname -m))" | \
egrep ${PHPREPO}$ | \
awk '{print $1}'
)
)
WEBSERVER_UPPERCASE=$(echo ${WEBSERVER} | sed -e "s/\(.*\)/\U\1/")
WEBSERVER=${WEBSERVER_UPPERCASE}
if [ ${WEBSERVER} = NGINX ];
then
yum -y --enablerepo=epel,remi,${PHPREPO} install ${PACKAGELIST[@]}
fi
if [ ${WEBSERVER} = APACHE ];
then
PACKAGELIST=( ${PACKAGELIST[@]} php.$(uname -m) )
yum -y --enablerepo=epel,remi,${PHPREPO} install ${PACKAGELIST[@]}
fi
# php.ini の ;date.timezone = を置換する
PHPINI_DIR=/etc
PHPINI_BACKUPDIR=${PHPINI_DIR}/BACKUP
PHPINI_FILE=php.ini
PHPINI_BACKUPFILE=${PHPINI_BACKUPDIR}/${PHPINI_FILE}.ORIG
mkdir -p ${PHPINI_BACKUPDIR}
cp -p ${PHPINI_DIR}/${PHPINI_FILE} ${PHPINI_BACKUPFILE}
sed -i "/\;date.timezone/a date.timezone\ =\ ${PHP_TZ_REGION}\/${PHP_TZ_CITY}" \
${PHPINI_DIR}/${PHPINI_FILE}
}
# ================================================================ #
# ================================================================ #
# バーチャルホスト設定を行う CREATE_VHOST 関数
CREATE_VHOST(){
mkdir -p ${VHOSTDIR}
mkdir -p ${DROOTDIR}
chown -R ${WEBMASTER_USER}:${WEBMASTER_GROUP} ${DROOTDIR}
chown ${WEBMASTER_USER}:${WEBMASTER_GROUP} ${VHOSTDIR}
chmod -R g+w ${DROOTDIR}
chmod g+w ${VHOSTDIR}
mkdir -p ${VHLOGDIR}
}
# ================================================================ #
# Let's Encrypt パッケージをインストールする LETSENCRYPT_INSTALL 関数
LETSENCRYPT_INSTALL(){
yum -y --enablerepo=epel install certbot
curl -o /usr/bin/certbot-auto https://dl.eff.org/certbot-auto
chmod 755 /usr/bin/certbot-auto
certbot-auto --help
}
# ================================================================ #
# ================================================================ #
# nginxのバーチャルホストを作成する VHOSTCONF_CREATE_NGINX 関数
VHOSTCONF_CREATE_NGINX(){
# Let's Encrypt のための一時的なconfigを生成する
TMP_VHOSTCONF_CREATE_NGINX
# nginx起動 (起動していたら再起動)
NGINX_START
# certbot-auto による証明書取得 (名前解決の判断は関数内で行っている)
CREATE_CERT
# 一時的なconfigを削除(mv)する
TMP_VHOSTCONF_DISABLE_NGINX
# 名前解決の成否とWordPressインストール有無によって異なるconfigを生成する
if [ ${FQDN_DIG_STATUS_RESULT} = YES ];
then
# http -> https へリダイレクトするconfigを生成する
VHOST_CREATECONF_HTTP_REDIRECT_NGINX
if [ ${WPINSTALL_CHECK} = YES ];
then
# WordPress向けのconfig(https)を生成する
VHOST_CREATECONF_HTTPS_NGINX_WP
else
# 通常のconfig(https)を生成する
VHOST_CREATECONF_HTTPS_NGINX
fi
else
if [ ${WPINSTALL_CHECK} = YES ];
then
# WordPress向けのconfig(http)を生成する
VHOST_CREATECONF_HTTP_NGINX_WP
else
# 通常のconfig(http)を生成する
VHOST_CREATECONF_HTTP_NGINX
fi
fi
PHPFPM_START
}
TMP_VHOSTCONF_CREATE_NGINX(){
TMP_VHOSTCONF=${VHOSTCONF_DIR}/0000_TMP_${FQDN}.conf
cat << _EOL_ | tee ${TMP_VHOSTCONF}
server {
listen 80;
server_name ${FQDN};
location / {
root /home/vhosts/${FQDN}/DocumentRoot ;
index index.html index.htm ;
}
}
_EOL_
echo ${FQDN} | tee ${DROOTDIR}/index.html
}
CREATE_CERT(){
if [ ${FQDN_DIG_STATUS_RESULT} = YES ];
then
certbot-auto \
certonly \
--webroot \
--agree-tos \
--renew-by-default \
-m ${ADMINUSER_MAIL} \
-w ${DROOTDIR} \
-d ${FQDN} \
-n
fi
}
TMP_VHOSTCONF_DISABLE_NGINX(){
NGINX_BACKUPDIR=/etc/nginx/conf.d/BACKUP
mkdir -p ${NGINX_BACKUPDIR}
mv ${TMP_VHOSTCONF} ${NGINX_BACKUPDIR}
NGINX_START
}
VHOST_CREATECONF_HTTP_REDIRECT_NGINX(){
VHOST_REDIRECT_CONF=${VHOSTCONF_DIR}/0000_${FQDN}_REDIRECT.conf
cat << _EOL_ | tee ${VHOST_REDIRECT_CONF}
server {
listen 80;
server_name _FQDN_;
rewrite ^(.*)$ https://_FQDN_$request_uri permanent; # SSL ONLY
}
_EOL_
sed -i "s/_FQDN_/${FQDN}/g" ${VHOST_REDIRECT_CONF}
}
VHOST_CREATECONF_HTTPS_NGINX(){
VHOST_HTTPS_CONF=${VHOSTCONF_DIR}/0000_${FQDN}_HTTPS.conf
cat << _EOL_ | tee ${VHOST_HTTPS_CONF}
server {
listen 443 ssl;
server_name _FQDN_;
ssl_certificate /etc/letsencrypt/live/_FQDN_/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/_FQDN_/privkey.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256";
ssl_prefer_server_ciphers on;
location / {
root /home/vhosts/_FQDN_/DocumentRoot ;
index index.html index.htm index.php ;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ /\.ht {
deny all;
}
location ~ [^/]\.php(/|$) {
root /home/vhosts/_FQDN_/DocumentRoot ;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f \$document_root\$fastcgi_script_name) {
return 404;
}
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
include fastcgi_params;
fastcgi_buffers 256 128k;
fastcgi_buffer_size 128k;
fastcgi_intercept_errors on;
fastcgi_read_timeout 120s;
}
}
_EOL_
sed -i "s/_FQDN_/${FQDN}/g" ${VHOST_HTTPS_CONF}
PHPFPM_START
}
VHOST_CREATECONF_HTTPS_NGINX_WP(){
VHOST_HTTPS_WP_CONF=${VHOSTCONF_DIR}/0000_${FQDN}_WPHTTPS.conf
cat << _EOL_ | tee ${VHOST_HTTPS_WP_CONF}
server {
listen 443 ssl;
server_name _FQDN_;
ssl_certificate /etc/letsencrypt/live/_FQDN_/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/_FQDN_/privkey.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256";
ssl_prefer_server_ciphers on;
access_log /home/vhosts/_FQDN_/logs/NGINX/access.log main;
error_log /home/vhosts/_FQDN_/logs/NGINX/error.log warn;
# rewrite ^(.*)$ https://_FQDN_\$request_uri permanent; # SSL ONLY
charset UTF-8;
client_max_body_size 16M;
root /home/vhosts/_FQDN_/DocumentRoot;
index index.php index.html index.htm;
rewrite /wp-admin$ \$scheme://\$host\$uri/ permanent;
location / {
try_files \$uri \$uri/ /index.php?\$args;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location ~* /\.well-known {
allow all;
}
location ~* /\. {
deny all;
}
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
location ~* /wp-login\.php|/wp-admin/((?!admin-ajax\.php).)*$ {
satisfy any;
allow 0.0.0.0/0;
allow 127.0.0.1;
deny all;
auth_basic "basic authentication";
auth_basic_user_file "/home/vhosts/_FQDN_/.htpasswd";
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f \$document_root\$fastcgi_script_name) {
return 404;
}
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
include fastcgi_params;
fastcgi_buffers 256 128k;
fastcgi_buffer_size 128k;
fastcgi_intercept_errors on;
fastcgi_read_timeout 120s;
}
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f \$document_root\$fastcgi_script_name) {
return 404;
}
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
include fastcgi_params;
fastcgi_buffers 256 128k;
fastcgi_buffer_size 128k;
fastcgi_intercept_errors on;
fastcgi_read_timeout 120s;
set \$do_not_cache 1; ## page cache
set \$device "pc";
if (\$request_method = POST) {
set \$do_not_cache 1;
}
if (\$query_string != "") {
set \$do_not_cache 1;
}
if (\$http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
set \$do_not_cache 1;
}
if (\$request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
set \$do_not_cache 1;
}
if (\$http_user_agent ~* " Android |\(iPad|Android; Tablet; .+Firefox") {
set \$device "tablet";
}
if (\$http_user_agent ~* " Android .+ Mobile |\(iPhone|\(iPod|IEMobile|Android; Mobile; .+Firefox|Windows Phone") {
set \$device "smart";
}
fastcgi_cache wpcache;
fastcgi_cache_key "\$device:\$request_method:\$scheme://\$host\$request_uri";
fastcgi_cache_valid 200 10m;
fastcgi_no_cache \$do_not_cache;
fastcgi_cache_bypass \$do_not_cache;
}
}
_EOL_
sed -i "s/_FQDN_/${FQDN}/g" ${VHOST_HTTPS_WP_CONF}
}
VHOST_CREATECONF_HTTP_NGINX(){
VHOST_HTTP_CONF=${VHOSTCONF_DIR}/0000_${FQDN}_HTTP.conf
cat << _EOL_ | tee ${VHOST_HTTP_CONF}
server {
listen 80;
server_name _FQDN_;
access_log /home/vhosts/_FQDN_/logs/NGINX/access.log main;
error_log /home/vhosts/_FQDN_/logs/NGINX/error.log warn;
charset UTF-8;
client_max_body_size 16M;
root /home/vhosts/_FQDN_/DocumentRoot;
index index.php index.html index.htm;
location / {
try_files \$uri \$uri/ /index.php?\$args;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location ~* /\.well-known {
allow all;
}
location ~* /\. {
deny all;
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f \$document_root\$fastcgi_script_name) {
return 404;
}
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
include fastcgi_params;
fastcgi_buffers 256 128k;
fastcgi_buffer_size 128k;
fastcgi_intercept_errors on;
fastcgi_read_timeout 120s;
}
}
_EOL_
sed -i "s/_FQDN_/${FQDN}/g" ${VHOST_HTTP_CONF}
}
VHOST_CREATECONF_HTTP_NGINX_WP(){
VHOST_HTTP_WP_CONF=${VHOSTCONF_DIR}/0000_${FQDN}_WPHTTP.conf
cat << _EOL_ | tee ${VHOST_HTTP_WP_CONF}
server {
listen 80;
server_name _FQDN_;
access_log /home/vhosts/_FQDN_/logs/NGINX/access.log main;
error_log /home/vhosts/_FQDN_/logs/NGINX/error.log warn;
# rewrite ^(.*)\$ https://_FQDN_$request_uri permanent; # SSL ONLY
charset UTF-8;
client_max_body_size 16M;
root /home/vhosts/_FQDN_/DocumentRoot;
index index.php index.html index.htm;
rewrite /wp-admin$ \$scheme://\$host\$uri/ permanent;
location / {
try_files \$uri \$uri/ /index.php?\$args;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location ~* /\.well-known {
allow all;
}
location ~* /\. {
deny all;
}
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
location ~* /wp-login\.php|/wp-admin/((?!admin-ajax\.php).)*$ {
satisfy any;
allow 0.0.0.0/0;
allow 127.0.0.1;
deny all;
auth_basic "basic authentication";
auth_basic_user_file "/home/vhosts/_FQDN_/.htpasswd";
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f \$document_root\$fastcgi_script_name) {
return 404;
}
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
include fastcgi_params;
fastcgi_buffers 256 128k;
fastcgi_buffer_size 128k;
fastcgi_intercept_errors on;
fastcgi_read_timeout 120s;
}
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f \$document_root\$fastcgi_script_name) {
return 404;
}
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
include fastcgi_params;
fastcgi_buffers 256 128k;
fastcgi_buffer_size 128k;
fastcgi_intercept_errors on;
fastcgi_read_timeout 120s;
set \$do_not_cache 1; ## page cache
set \$device "pc";
if (\$request_method = POST) {
set \$do_not_cache 1;
}
if (\$query_string != "") {
set \$do_not_cache 1;
}
if (\$http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
set \$do_not_cache 1;
}
if (\$request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
set \$do_not_cache 1;
}
if (\$http_user_agent ~* " Android |\(iPad|Android; Tablet; .+Firefox") {
set \$device "tablet";
}
if (\$http_user_agent ~* " Android .+ Mobile |\(iPhone|\(iPod|IEMobile|Android; Mobile; .+Firefox|Windows Phone") {
set \$device "smart";
}
fastcgi_cache wpcache;
fastcgi_cache_key "\$device:\$request_method:\$scheme://\$host\$request_uri";
fastcgi_cache_valid 200 10m;
fastcgi_no_cache \$do_not_cache;
fastcgi_cache_bypass \$do_not_cache;
}
}
_EOL_
sed -i "s/_FQDN_/${FQDN}/g" ${VHOST_HTTP_WP_CONF}
}
# ================================================================ #
# ================================================================ #
# Nginxをインストールする NGINX_INSTALL 関数
NGINX_INSTALL(){
NGINX_REPOFILE=${YUMREPODIR}/nginx.repo
cat << '_EOL_' | tee ${NGINX_REPOFILE}
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/mainline/centos/7/$basearch/
gpgcheck=0
enabled=1
_EOL_
NGINX_PACKAGES=(
nginx
nginx-module-geoip
)
yum -y install ${NGINX_PACKAGES[@]}
NGINX_CONF=/etc/nginx/nginx.conf
cp -p ${NGINX_CONF}{,.ORIG}
sed -i "/^[[:space:]]\{0,\}worker_processes/s/[[:digit:]]\{1,\}/auto/" ${NGINX_CONF}
# 最初のブロックの最初の行を捕まえて変数 FIRST_BLOCK_STARTLINE に代入する
FIRST_BLOCK_STARTLINE=$(
cat ${NGINX_CONF} | \
egrep "^[[:space:]]{0,}[[:alnum:]]{1,}[[:space:]]{0,}\{" | \
head -n 1
)
# FIRST_BLOCK_STARTLINE の前の行にgeoipモジュールを動的に読み込む記述を追加する
sed -i "/^${FIRST_BLOCK_STARTLINE}/i \
load_module modules\/ngx_http_geoip_module\.so\;\n\
load_module modules\/ngx_stream_geoip_module\.so\;\n" ${NGINX_CONF}
# WordPressをインストールする場合の処理
if [ ${WPINSTALL_CHECK} = YES ];
then
# httpブロックの行を捕まえて変数 MAIN_HTTP_NEXTLINE に代入する
MAIN_HTTP_NEXTLINE=$(
cat ${NGINX_CONF} | \
egrep "^[[:space:]]{0,}http[[:space:]]{0,}\{" | \
head -n 1
)
# MAIN_HTTP_NEXTLINE の下の行に ヘッダコントロールの記述を追記する
sed -i "/^${MAIN_HTTP_NEXTLINE}/a \
fastcgi_ignore_headers \"Vary\" \"Cache-Control\" \"Expires\"\;\n" \
${NGINX_CONF}
# MAIN_HTTP_NEXTLINE の下の行に fastcgi_cache_path の記述を追記する
sed -i "/^${MAIN_HTTP_NEXTLINE}/a \
fastcgi_cache_path \/var\/cache\/nginx\/wordpress levels=1:2 keys_zone=wpcache:30m max_size=512M inactive=600m\;\n" \
${NGINX_CONF}
fi
# WEBサーバーがNGINXなら php-fpm.d/www.ini を置換する
PHPFPM_WWWCONF=/etc/php-fpm.d/www.conf
cp -p ${PHPFPM_WWWCONF}{,.ORIG}
sed -i "/^[[:space:]]\{0,\}user/s/apache/nginx/" ${PHPFPM_WWWCONF}
sed -i "/^[[:space:]]\{0,\}group/s/apache/nginx/" ${PHPFPM_WWWCONF}
# WEBサーバーがNGINXなら phpセッションディレクトリの権限を変更する
PHPCACHEDIR=/var/lib/php
for DIRS in $(echo ${PHPCACHEDIR}/*) ; do chgrp nginx ${DIRS} ; done
}
# ================================================================ #
# ================================================================ #
# Apacheをインストールする APACHE_INSTALL 関数
APACHE_INSTALL(){
APACHE_PACKAGES=(
httpd
mod_ssl
)
yum -y install ${APACHE_PACKAGES[@]}
APACHE_CONF=/etc/httpd/conf/httpd.conf
cp -p ${APACHE_CONF}{,.ORIG}
sed -i "/^[[:space:]]\{0,\}DocumentRoot/d" ${APACHE_CONF}
sed -i "/^[[:space:]]\{0,\}ScriptAlias/d" ${APACHE_CONF}
sed -i "/^<Directory \"\/var\/www\/html\">$/,/^<\/Directory>$/d" ${APACHE_CONF}
sed -i "/^<Directory \"\/var\/www\/cgi-bin\">$/,/^<\/Directory>$/d" ${APACHE_CONF}
sed -i "/^[[:space:]]\{0,\}DirectoryIndex/s/index.html/index.php index.html index.htm/g" ${APACHE_CONF}
}
VHOSTCONF_CREATE_APACHE(){
TMP_VHOSTCONF_CREATE_APACHE
if [ ${FQDN_DIG_STATUS_RESULT} = YES ];
then
APACHE_START
CREATE_CERT
TMP_VHOSTCONF_DISABLE_APACHE
VHOSTCONF_DISABLE_APACHE
VHOST_CREATECONF_HTTP_REDIRECT_APACHE
VHOST_CREATECONF_HTTPS_APACHE
else
VHOST_CREATECONF_HTTP_APACHE
fi
}
TMP_VHOSTCONF_CREATE_APACHE(){
TMP_VHOSTCONF=${VHOSTCONF_DIR}/0000_TMP_${FQDN}.conf
cat << _EOL_ | tee ${TMP_VHOSTCONF}
<VirtualHost _default_:*>
DocumentRoot /home/vhosts/_FQDN_/DocumentRoot
<Directory "/home/vhosts/_FQDN_/DocumentRoot">
Require all granted
</Directory>
</VirtualHost>
_EOL_
sed -i "s/_FQDN_/${FQDN}/g" ${TMP_VHOSTCONF}
echo ${FQDN} | tee ${DROOTDIR}/index.html
}
TMP_VHOSTCONF_DISABLE_APACHE(){
APACHE_BACKUPDIR=/etc/httpd/conf.d/BACKUP
mkdir -p ${APACHE_BACKUPDIR}
mv ${TMP_VHOSTCONF} ${APACHE_BACKUPDIR}
APACHE_START
}
VHOST_CREATECONF_HTTP_REDIRECT_APACHE(){
APACHE_SSL_CONF=${VHOSTCONF_DIR}/ssl.conf
VHOST_REDIRECT_CONF=${VHOSTCONF_DIR}/0000_${FQDN}_REDIRECT.conf
if [ -f ${APACHE_SSL_CONF} ];
then
mkdir -p ${APACHE_BACKUPDIR}
cp -p ${APACHE_SSL_CONF} ${APACHE_BACKUPDIR}/${APACHE_SSL_CONF}.ORIG
sed -i "/^<VirtualHost/,/^<\/VirtualHost>$/d;/^[[:space:]]\{0,\}#/d;/^[[:space:]]\{0,\}$/d" \
${APACHE_SSL_CONF}
else
if [ 0 = $(rpm -q mod_ssl) ];
then
SSLCONF_CREATE_APACHE
else
yum -y install mod_ssl
SSLCONF_CREATE_APACHE
fi
fi
cat << _EOL_ | tee ${VHOST_REDIRECT_CONF}
<VirtualHost *:80>
DocumentRoot /home/vhosts/_FQDN_/DocumentRoot
ServerName _FQDN_
<Directory "/home/vhosts/_FQDN_/DocumentRoot">
Require all granted
AllowOverride All
Options FollowSymlinks
</Directory>
<ifModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
</ifModule>
</VirtualHost>
_EOL_
sed -i "s/_FQDN_/${FQDN}/g" ${VHOST_REDIRECT_CONF}
}
VHOST_CREATECONF_HTTPS_APACHE(){
VHOST_HTTPS_CONF=${VHOSTCONF_DIR}/0000_${FQDN}_HTTPS.conf
cat << _EOL_ | tee ${VHOST_HTTPS_CONF}
<VirtualHost *:443>
DocumentRoot /home/vhosts/_FQDN_/DocumentRoot
ServerName _FQDN_
ErrorLog /home/vhosts/_FQDN_/logs/APACHE/ssl_error.log
CustomLog /home/vhosts/_FQDN_/logs/APACHE/ssl_access.log combined env=!no_log
LogLevel warn
SSLEngine on
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLCertificateFile /etc/letsencrypt/live/_FQDN_/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/_FQDN_/privkey.pem
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
<Directory "/home/vhosts/_FQDN_/DocumentRoot">
Require all granted
AllowOverride All
Options FollowSymlinks
</Directory>
</VirtualHost>
_EOL_
sed -i "s/_FQDN_/${FQDN}/g" ${VHOST_HTTPS_CONF}
}
SSLCONF_CREATE_APACHE(){
cat << _EOL_ | tee ${APACHE_SSL_CONF}
Listen 443 https
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
SSLSessionCache shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout 300
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
_EOL_
}
VHOST_CREATECONF_HTTP_APACHE(){
VHOST_HTTP_CONF=${VHOSTCONF_DIR}/0000_${FQDN}_HTTP.conf
cat << _EOL_ | tee ${VHOST_HTTP_CONF}
<VirtualHost *:80>
DocumentRoot /home/vhosts/_FQDN_/DocumentRoot
ServerName _FQDN_
ErrorLog /home/vhosts/_FQDN_/logs/APACHE/error.log
CustomLog /home/vhosts/_FQDN_/logs/APACHE/access.log combined
LogLevel warn
<Directory "/home/vhosts/_FQDN_/DocumentRoot">
Require all granted
AllowOverride All
Options FollowSymlinks
</Directory>
</VirtualHost>
_EOL_
sed -i "s/_FQDN_/${FQDN}/g" ${VHOST_HTTP_CONF}
}
# ================================================================ #
# ================================================================ #
WEBSERVER_SHARED_FUNCTION(){
# WEBサーバーを選択する変数 WEBSERVER に代入された値を
# 綺麗にする (大文字へ統一、Apacheとhttpdの表記ゆれをAPACHEへ統一)
if [ ! ${#WEBSERVER} = 0 ];
then
WEBSERVER_UPPERCASE=$(echo ${WEBSERVER} | sed -e "s/\(.*\)/\U\1/")
WEBSERVER=${WEBSERVER_UPPERCASE}
if [ ${WEBSERVER_UPPERCASE} = HTTPD ];
then
WEBSERVER=APACHE
fi
else
WEBSERVER=NGINX
fi
if [ ${WEBSERVER} = NGINX ];
then
NGINX_INSTALL
fi
if [ ${WEBSERVER} = APACHE ];
then
APACHE_INSTALL
fi
WEBMASTER_GROUP_ADD_STATUS=$(
cat /etc/group | \
egrep ${WEBMASTER_GROUP} > \
/dev/null ; \
echo $?
)
if [ ${WEBMASTER_GROUP_ADD_STATUS} = 0 ];
then
GROUPADD_WEBSERVER_USER
fi
if [ ${WEBSERVER} = NGINX ];
then
WEBSERVER_USER=nginx
VHOSTCONF_DIR=/etc/nginx/conf.d
VHOSTCONF_CREATE_NGINX
fi
if [ ${WEBSERVER} = APACHE ];
then
WEBSERVER_USER=apache
VHOSTCONF_DIR=/etc/httpd/conf.d
VHOSTCONF_CREATE_APACHE
fi
}
NGINX_START(){
NGINX_START_STATUS=$(systemctl status nginx > /dev/null ; echo $?)
if [ ${NGINX_START_STATUS} = 3 ];
then
systemctl start nginx
systemctl enable nginx
fi
if [ ${NGINX_START_STATUS} = 0 ];
then
systemctl restart nginx
systemctl enable nginx
fi
}
APACHE_START(){
APACHE_START_STATUS=$(systemctl status httpd > /dev/null ; echo $?)
if [ ${APACHE_START_STATUS} = 3 ];
then
systemctl start httpd
systemctl enable httpd
fi
if [ ${APACHE_START_STATUS} = 0 ];
then
systemctl restart httpd
systemctl enable httpd
fi
}
PHPFPM_START(){
PHPFPM_START_STATUS=$(systemctl status php-fpm > /dev/null ; echo $?)
if [ ${PHPFPM_START_STATUS} = 3 ];
then
systemctl start php-fpm
systemctl enable php-fpm
fi
if [ ${PHPFPM_START_STATUS} = 0 ];
then
systemctl restart php-fpm
systemctl enable php-fpm
fi
}
GROUPADD_WEBSERVER_USER(){
APACHE_USER_ADD_STATUS=$(
cat /etc/passwd | \
egrep ^apache > \
/dev/null ; \
echo $?
)
NGINX_USER_ADD_STATUS=$(
cat /etc/passwd | \
egrep ^nginx > \
/dev/null ; \
echo $?
)
if [ ${APACHE_USER_ADD_STATUS} = 0 ];
then
gpasswd -a ${ADMINUSER_ID} ${WEBMASTER_GROUP}
gpasswd -a apache ${WEBMASTER_GROUP}
fi
if [ ${NGINX_USER_ADD_STATUS} = 0 ];
then
gpasswd -a ${ADMINUSER_ID} ${WEBMASTER_GROUP}
gpasswd -a nginx ${WEBMASTER_GROUP}
fi
}
# ================================================================ #
# ================================================================ #
WEBMASTER_CREATE
CREATE_VHOST
PHP_INSTALL_FUNCTION
LETSENCRYPT_INSTALL
WEBSERVER_SHARED_FUNCTION
# ================================================================ #
# ================================================================ #
# wp-cliをインストールする WPCLI_INSTALL 関数
WPCLI_INSTALL(){
WPCLI=/usr/local/bin/wp
curl -o ${WPCLI} ${WPCLI_DOWNLOADURI}
chmod 755 ${WPCLI}
}
# WordPressをインストールする WORDPRESS_INSTALL 関数
WORDPRESS_INSTALL() {
WP_DEFINE_FSMETHOD_WORD="define('FS_METHOD', 'direct');"
WP_DROOT=${DROOTDIR}
WP_CONFIG=${WP_DROOT}/wp-config.php
# WordPressをダウンロードする
${WPCLI} \
--allow-root \
core \
download \
--path=${WP_DROOT} \
--locale=${WPLOCALE}
# WordPressの初期設定を行う
${WPCLI} \
--allow-root \
core \
config \
--path=${WP_DROOT} \
--dbname=${DB_NAME} \
--dbuser=${DB_USER} \
--dbpass=${DB_PASS} \
--dbhost=localhost
[ ! -f ${WP_CONFIG}.ORIG ] && sed -i.ORIG "/^<?php/a ${WP_DEFINE_FSMETHOD_WORD}" ${WP_CONFIG}
SSLPORT=443
HTTPS_LISTEN_STATUS=$(ss -lnt | awk '{print $4}' | egrep :${SSLPORT} > /dev/null ; echo $?)
if [ ${HTTPS_LISTEN_STATUS} = 0 ];
then
SITE_URL_SCHEME=https
else
SITE_URL_SCHEME=http
fi
${WPCLI} \
--allow-root \
core \
install \
--path=${WP_DROOT} \
--url=${SITE_URL_SCHEME}://${FQDN} \
--title="${WORDPRESS_TITLE}" \
--admin_user=${ADMINUSER_ID} \
--admin_password=${ADMINUSER_PW} \
--admin_email=${ADMINUSER_MAIL}
mv ${WP_CONFIG} ${VHOSTDIR}
}
if [ ${WPINSTALL_CHECK} = YES ];
then
WPCLI_INSTALL
WORDPRESS_INSTALL
fi
# ================================================================ #
# ================================================================ #
# Pico をインストールする PICO_INSTALL 関数
PICO_INSTALL(){
cd ${DROOTDIR}
git clone ${PICOURL} .
curl -sS ${COMPOSERURL} | php
php composer.phar install
cp -pr content-sample content
cd ${DROOTDIR}/content
mv index.md{,.ORIG}
cd
}
if [ ${CMSINSTALL_SPEC} = PICO ];
then
PICO_INSTALL
fi
# ================================================================ #
# ================================================================ #
# 最後に /home/vhosts 以下のオーナーとパーミッションを変更する
CREATE_VHOST
# ================================================================ #
##--@--##
yum -y --enablerepo=epel,remi,${PHPREPO} update
systemctl reboot
# EOF
You can’t perform that action at this time.