SirNeural · July 7, 2017 08:27
diff --git a/setup.sh b/setup.sh
 #!/usr/bin/env bash

 # Check if using bash
 if [ ! "$BASH_VERSION" ] ; then
    echo "Please do not use sh to run this script ($0), just execute it directly with bash" 1>&2
    exit 1
 fi

 # Set variables
 read -p "Username: " USERNAME
 read -s -p "Primary Password: " PASSWORD
 echo
 read -s -p "Htpasswd Password: " HTPASSWORD
 echo
 read -p "Project Folder: " PROJECTFOLDER
 read -p "URL: (example.com) " URL
 SYNCPORT='9024'

 # Find IP Address
 IP=""
 if [ -f /usr/bin/ec2metadata ]
 then
  IP=`timeout 1 ec2metadata --public-hostname`
 fi
 if [ "$IP" = "unavailable" ]
 then
 	IP=`curl http://ipinfo.io/ip 2>/dev/null | egrep -o "[0-9\.]*"`
 fi
 if [ "$IP" = "" ]
 then
 	IP=`ifconfig | perl -ple 'print $_ if /inet addr/ and $_ =~ s/.*inet addr:((?:\d+\.){3}\d+).*/$1/g  ;$_=""' | grep -v ^\s*$ | grep -v 127.0.0.1 | head -n 1`
 fi
 if [ "$IP" = "" ]
 then
 	IP=`cat /etc/hostname | head -n 1`
 fi

 # Create project folder, written in 4 single mkdir-statements to make sure this runs everywhere without problems
 sudo mkdir "/var/www"
 sudo mkdir "/var/www/html"
 sudo mkdir "/var/www/html/${PROJECTFOLDER}"
 sudo mkdir "/var/www/html/${PROJECTFOLDER}/public"

 # Update repositories
 sudo apt-get update
 sudo apt-get -y upgrade

 # Set firewall options
 sudo ufw allow ssh
 sudo ufw allow 80/tcp
 sudo ufw allow 443/tcp
 sudo ufw allow 587/tcp
 sudo ufw allow 1723/tcp
 sudo ufw allow $SYNCPORT/tcp
 sudo ufw allow 22000/tcp
 sudo ufw allow 21027/udp

 sed -ie 's/DEFAULT_FORWARD_POLICY="DROP"/DEFAULT_FORWARD_POLICY="ACCEPT"/' /etc/default/ufw
 sed -i "1i# START OPENVPN RULES\n# NAT table rules\n*nat\n:POSTROUTING ACCEPT [0:0]\n# Allow traffic from OpenVPN client to eth0\n\n-A POSTROUTING -s 192.168.2.0/24 -o eth0 -j MASQUERADE\nCOMMIT\n# END OPENVPN RULES\n" /etc/ufw/before.rules
 sed -i "29i# allow GRE protocol for VPN\n-A ufw-before-input -p 47 -j ACCEPT\n" /etc/ufw/before.rules

 echo "y" | sudo ufw enable

 # Set configuration options 
 sudo debconf-set-selections <<< "mysql-server mysql-server/root_password password $PASSWORD"
 sudo debconf-set-selections <<< "mysql-server mysql-server/root_password_again password $PASSWORD"
 sudo apt-get install -y lamp-server^

 sudo debconf-set-selections <<< "phpmyadmin phpmyadmin/dbconfig-install boolean true"
 sudo debconf-set-selections <<< "phpmyadmin phpmyadmin/app-password-confirm password $PASSWORD"
 sudo debconf-set-selections <<< "phpmyadmin phpmyadmin/mysql/admin-pass password $PASSWORD"
 sudo debconf-set-selections <<< "phpmyadmin phpmyadmin/mysql/app-pass password $PASSWORD"
 sudo debconf-set-selections <<< "phpmyadmin phpmyadmin/reconfigure-webserver multiselect apache2"
 sudo apt-get -y install phpmyadmin apache2-utils

 # Set a symbolic link to connect phpmyadmin and root web directory
 ln -s /usr/share/phpmyadmin /var/www/html/$PROJECTFOLDER/public

 # Secure PHPMyAdmin
 VHOST=$(cat <<EOF
 # phpMyAdmin default Apache configuration

 Alias /phpmyadmin /usr/share/phpmyadmin

 <Directory /usr/share/phpmyadmin>
 	Options FollowSymLinks
 	DirectoryIndex index.php
 	AllowOverride All

 	<IfModule mod_php5.c>
 		AddType application/x-httpd-php .php

 		php_flag magic_quotes_gpc Off
 		php_flag track_vars On
 		php_flag register_globals Off
 		php_admin_flag allow_url_fopen Off
 		php_value include_path .
 		php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
 		php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext/:/usr/share/javascript/
 	</IfModule>

 </Directory>

 # Authorize for setup
 <Directory /usr/share/phpmyadmin/setup>
    <IfModule mod_authn_file.c>
    AuthType Basic
    AuthName "phpMyAdmin Setup"
    AuthUserFile /etc/phpmyadmin/htpasswd.setup
    </IfModule>
    Require valid-user
 </Directory>

 # Disallow web access to directories that don't need it
 <Directory /usr/share/phpmyadmin/libraries>
    Order Deny,Allow
    Deny from All
 </Directory>
 <Directory /usr/share/phpmyadmin/setup/lib>
    Order Deny,Allow
    Deny from All
 </Directory>
 EOF
 )
 echo "${VHOST}" > /etc/apache2/conf-available/phpmyadmin.conf

 # Set Password
 VHOST=$(cat <<EOF
 AuthType Basic
 AuthName "Restricted Files"
 AuthUserFile /etc/phpmyadmin/.htpasswd
 Require valid-user
 EOF
 )
 echo "${VHOST}" > /usr/share/phpmyadmin/.htaccess

 htpasswd -c -b -B -C 14 /etc/phpmyadmin/.htpasswd $USERNAME $HTPASSWORD

 # Setup hosts file
 VHOST=$(cat <<EOF
 <VirtualHost 127.0.0.1:8080>
 		ServerName $URL
 		ServerAlias www.$URL

 		ServerAdmin admin@$URL
 		DocumentRoot /var/www/html/$PROJECTFOLDER/public

 		#LogLevel info ssl:warn

 		ErrorLog \${APACHE_LOG_DIR}/error.log
 		CustomLog \${APACHE_LOG_DIR}/access.log combined

 		<Directory />
 				Options FollowSymLinks
 				AllowOverride None
 		</Directory>
 		<Directory /var/www/html/>
 				Options Indexes FollowSymLinks MultiViews
 				AllowOverride None
 				Order allow,deny
 				allow from all
 		</Directory>
 </VirtualHost>

 # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
 EOF
 )
 echo "${VHOST}" > /etc/apache2/sites-available/000-default.conf

 # setup ports file
 VHOST=$(cat <<EOF
 Listen 8080

 <IfModule ssl_module>
 		Listen 8081
 </IfModule>

 <IfModule mod_gnutls.c>
 		Listen 8081
 </IfModule>

 # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
 EOF
 )
 echo "${VHOST}" > /etc/apache2/ports.conf

 # Enable different mods
 sudo a2enmod rewrite
 sudo a2enmod ssl

 # Setup ssl certificates
 sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/ssl.key -out /etc/ssl/ssl.crt -subj "/C=US/CN=www.$URL/emailAddress=admin@$URL"

 # Install php5 packages
 sudo apt-get -y install php5-dev php5-mcrypt php5-imagick php5-gd php5-curl php5-cli php5-xmlrpc php5-mysql php5-zip php5-memcached memcached

 # Enable php5 mods
 sudo php5enmod mcrypt

 # Restart apache
 sudo service apache2 restart

 # Install nginx
 sudo apt-get -y install nginx

 # Replace default configuration
 VHOST=$(cat <<EOF
 server {
        listen 80;
        server_name $IP;
        return 301 https://$URL;
 }
 server {
 		listen 80 default_server;
 		listen [::]:80 default_server ipv6only=on;

 		listen 443 ssl;
 		listen [::]:443 ssl ipv6only=on;

 		root /var/www/html/$PROJECTFOLDER/public;
 		index index.php index.html index.htm;

 		server_name $URL;
 		ssl_certificate /etc/ssl/ssl.crt;
 		ssl_certificate_key /etc/ssl/ssl.key;

 		location ~* .*/\..* {
 	               	deny all;
 	       	}
 	       	location ~ /(\.|wp-config.php|readme.html|license.txt|schema.txt|password.txt|passwords.txt) { 
 		        deny all; 
 		}
 		location ~ ~$ { 
 		        access_log off; 
 		        log_not_found off; 
 		        deny all; 
 		}
 		location ~* \.(engine|inc\.php|class\.php|phps|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_ {
 			deny all;
 		}
 		location ~ \.php\$ {
 			proxy_set_header X_CF_CONNECTING_IP \$remote_addr;
 			proxy_set_header Host \$host;
 			proxy_pass http://127.0.0.1:8080;
 		}
 		location / {
 				try_files \$uri \$uri/ =404;
 		}
 }
 EOF
 )
 echo "${VHOST}" > /etc/nginx/sites-available/default

 # Install miscellaneous packages
 sudo apt-get -y install openssl git nodejs npm curl zip screen libapache2-mod-php5 nginx libtool apache2-dev

 # Install bower
 npm install bower -g

 # Install Composer
 curl -s https://getcomposer.org/installer | php
 mv composer.phar /usr/local/bin/composer

 # Install mod_cloudflare
 wget https://www.cloudflare.com/static/misc/mod_cloudflare/mod_cloudflare.c
 apxs -a -i -c mod_cloudflare.c
 rm mod_cloudflare.c

 # Restart web services
 service apache2 restart
 service nginx restart

 # Remove Apache's default demo file
 sudo rm /var/www/html/index*.html
 sudo echo "<?php
 phpinfo();" > /var/www/html/$PROJECTFOLDER/public/index.php

 # Add the syncthing release PGP keys:
 curl -s https://syncthing.net/release-key.txt | sudo apt-key add -

 # Add the "release" channel to your APT sources:
 echo "deb http://apt.syncthing.net/ syncthing release" | sudo tee /etc/apt/sources.list.d/syncthing.list

 # Update and install syncthing:
 sudo apt-get update
 sudo apt-get -y install syncthing

 # Run setup for syncthing
 syncthing -generate="/root/.config/syncthing"

 # Replace default configuration
 sed -e "s/<gui enabled=\"true\" tls=\"false\">/<gui enabled=\"true\" tls=\"true\">/g" /root/.config/syncthing/config.xml > /root/.config/syncthing/config.xml.tmp && mv /root/.config/syncthing/config.xml.tmp /root/.config/syncthing/config.xml
 sed -e "s/<address>127.0.0.1:8384<\/address>/<address>0.0.0.0:$SYNCPORT<\/address>/g" /root/.config/syncthing/config.xml > /root/.config/syncthing/config.xml.tmp && mv /root/.config/syncthing/config.xml.tmp /root/.config/syncthing/config.xml

 # Secure mysql installation (mysql_secure_installation)
 mysql_secure_installation

 # final feedback
 echo "Voila!"
	#!/usr/bin/env bash

	# Check if using bash
	if [ ! "$BASH_VERSION" ] ; then
	echo "Please do not use sh to run this script ($0), just execute it directly with bash" 1>&2
	exit 1
	fi

	# Set variables
	read -p "Username: " USERNAME
	read -s -p "Primary Password: " PASSWORD
	echo
	read -s -p "Htpasswd Password: " HTPASSWORD
	echo
	read -p "Project Folder: " PROJECTFOLDER
	read -p "URL: (example.com) " URL
	SYNCPORT='9024'

	# Find IP Address
	IP=""
	if [ -f /usr/bin/ec2metadata ]
	then
	IP=`timeout 1 ec2metadata --public-hostname`
	fi
	if [ "$IP" = "unavailable" ]
	then
	IP=`curl http://ipinfo.io/ip 2>/dev/null \| egrep -o "[0-9\.]*"`
	fi
	if [ "$IP" = "" ]
	then
	IP=`ifconfig \| perl -ple 'print $_ if /inet addr/ and $_ =~ s/.inet addr:((?:\d+\.){3}\d+)./$1/g ;$_=""' \| grep -v ^\s*$ \| grep -v 127.0.0.1 \| head -n 1`
	fi
	if [ "$IP" = "" ]
	then
	IP=`cat /etc/hostname \| head -n 1`
	fi

	# Create project folder, written in 4 single mkdir-statements to make sure this runs everywhere without problems
	sudo mkdir "/var/www"
	sudo mkdir "/var/www/html"
	sudo mkdir "/var/www/html/${PROJECTFOLDER}"
	sudo mkdir "/var/www/html/${PROJECTFOLDER}/public"

	# Update repositories
	sudo apt-get update
	sudo apt-get -y upgrade

	# Set firewall options
	sudo ufw allow ssh
	sudo ufw allow 80/tcp
	sudo ufw allow 443/tcp
	sudo ufw allow 587/tcp
	sudo ufw allow 1723/tcp
	sudo ufw allow $SYNCPORT/tcp
	sudo ufw allow 22000/tcp
	sudo ufw allow 21027/udp

	sed -ie 's/DEFAULT_FORWARD_POLICY="DROP"/DEFAULT_FORWARD_POLICY="ACCEPT"/' /etc/default/ufw
	sed -i "1i# START OPENVPN RULES\n# NAT table rules\n*nat\n:POSTROUTING ACCEPT [0:0]\n# Allow traffic from OpenVPN client to eth0\n\n-A POSTROUTING -s 192.168.2.0/24 -o eth0 -j MASQUERADE\nCOMMIT\n# END OPENVPN RULES\n" /etc/ufw/before.rules
	sed -i "29i# allow GRE protocol for VPN\n-A ufw-before-input -p 47 -j ACCEPT\n" /etc/ufw/before.rules

	echo "y" \| sudo ufw enable

	# Set configuration options
	sudo debconf-set-selections <<< "mysql-server mysql-server/root_password password $PASSWORD"
	sudo debconf-set-selections <<< "mysql-server mysql-server/root_password_again password $PASSWORD"
	sudo apt-get install -y lamp-server^

	sudo debconf-set-selections <<< "phpmyadmin phpmyadmin/dbconfig-install boolean true"
	sudo debconf-set-selections <<< "phpmyadmin phpmyadmin/app-password-confirm password $PASSWORD"
	sudo debconf-set-selections <<< "phpmyadmin phpmyadmin/mysql/admin-pass password $PASSWORD"
	sudo debconf-set-selections <<< "phpmyadmin phpmyadmin/mysql/app-pass password $PASSWORD"
	sudo debconf-set-selections <<< "phpmyadmin phpmyadmin/reconfigure-webserver multiselect apache2"
	sudo apt-get -y install phpmyadmin apache2-utils

	# Set a symbolic link to connect phpmyadmin and root web directory
	ln -s /usr/share/phpmyadmin /var/www/html/$PROJECTFOLDER/public

	# Secure PHPMyAdmin
	VHOST=$(cat <<EOF
	# phpMyAdmin default Apache configuration

	Alias /phpmyadmin /usr/share/phpmyadmin

	<Directory /usr/share/phpmyadmin>
	Options FollowSymLinks
	DirectoryIndex index.php
	AllowOverride All

	<IfModule mod_php5.c>
	AddType application/x-httpd-php .php

	php_flag magic_quotes_gpc Off
	php_flag track_vars On
	php_flag register_globals Off
	php_admin_flag allow_url_fopen Off
	php_value include_path .
	php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
	php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext/:/usr/share/javascript/
	</IfModule>

	</Directory>

	# Authorize for setup
	<Directory /usr/share/phpmyadmin/setup>
	<IfModule mod_authn_file.c>
	AuthType Basic
	AuthName "phpMyAdmin Setup"
	AuthUserFile /etc/phpmyadmin/htpasswd.setup
	</IfModule>
	Require valid-user
	</Directory>

	# Disallow web access to directories that don't need it
	<Directory /usr/share/phpmyadmin/libraries>
	Order Deny,Allow
	Deny from All
	</Directory>
	<Directory /usr/share/phpmyadmin/setup/lib>
	Order Deny,Allow
	Deny from All
	</Directory>
	EOF
	)
	echo "${VHOST}" > /etc/apache2/conf-available/phpmyadmin.conf

	# Set Password
	VHOST=$(cat <<EOF
	AuthType Basic
	AuthName "Restricted Files"
	AuthUserFile /etc/phpmyadmin/.htpasswd
	Require valid-user
	EOF
	)
	echo "${VHOST}" > /usr/share/phpmyadmin/.htaccess

	htpasswd -c -b -B -C 14 /etc/phpmyadmin/.htpasswd $USERNAME $HTPASSWORD

	# Setup hosts file
	VHOST=$(cat <<EOF
	<VirtualHost 127.0.0.1:8080>
	ServerName $URL
	ServerAlias www.$URL

	ServerAdmin admin@$URL
	DocumentRoot /var/www/html/$PROJECTFOLDER/public

	#LogLevel info ssl:warn

	ErrorLog \${APACHE_LOG_DIR}/error.log
	CustomLog \${APACHE_LOG_DIR}/access.log combined

	<Directory />
	Options FollowSymLinks
	AllowOverride None
	</Directory>
	<Directory /var/www/html/>
	Options Indexes FollowSymLinks MultiViews
	AllowOverride None
	Order allow,deny
	allow from all
	</Directory>
	</VirtualHost>

	# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
	EOF
	)
	echo "${VHOST}" > /etc/apache2/sites-available/000-default.conf

	# setup ports file
	VHOST=$(cat <<EOF
	Listen 8080

	<IfModule ssl_module>
	Listen 8081
	</IfModule>

	<IfModule mod_gnutls.c>
	Listen 8081
	</IfModule>

	# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
	EOF
	)
	echo "${VHOST}" > /etc/apache2/ports.conf

	# Enable different mods
	sudo a2enmod rewrite
	sudo a2enmod ssl

	# Setup ssl certificates
	sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/ssl.key -out /etc/ssl/ssl.crt -subj "/C=US/CN=www.$URL/emailAddress=admin@$URL"

	# Install php5 packages
	sudo apt-get -y install php5-dev php5-mcrypt php5-imagick php5-gd php5-curl php5-cli php5-xmlrpc php5-mysql php5-zip php5-memcached memcached

	# Enable php5 mods
	sudo php5enmod mcrypt

	# Restart apache
	sudo service apache2 restart

	# Install nginx
	sudo apt-get -y install nginx

	# Replace default configuration
	VHOST=$(cat <<EOF
	server {
	listen 80;
	server_name $IP;
	return 301 https://$URL;
	}
	server {
	listen 80 default_server;
	listen [::]:80 default_server ipv6only=on;

	listen 443 ssl;
	listen [::]:443 ssl ipv6only=on;

	root /var/www/html/$PROJECTFOLDER/public;
	index index.php index.html index.htm;

	server_name $URL;
	ssl_certificate /etc/ssl/ssl.crt;
	ssl_certificate_key /etc/ssl/ssl.key;

	location ~* ./\.. {
	deny all;
	}
	location ~ /(\.\|wp-config.php\|readme.html\|license.txt\|schema.txt\|password.txt\|passwords.txt) {
	deny all;
	}
	location ~ ~$ {
	access_log off;
	log_not_found off;
	deny all;
	}
	location ~* \.(engine\|inc\.php\|class\.php\|phps\|info\|install\|make\|module\|profile\|test\|po\|sh\|.sql\|theme\|tpl(\.php)?\|xtmpl)$\|^(\..\|Entries.*\|Repository\|Root\|Tag\|Template)$\|\.php_ {
	deny all;
	}
	location ~ \.php\$ {
	proxy_set_header X_CF_CONNECTING_IP \$remote_addr;
	proxy_set_header Host \$host;
	proxy_pass http://127.0.0.1:8080;
	}
	location / {
	try_files \$uri \$uri/ =404;
	}
	}
	EOF
	)
	echo "${VHOST}" > /etc/nginx/sites-available/default

	# Install miscellaneous packages
	sudo apt-get -y install openssl git nodejs npm curl zip screen libapache2-mod-php5 nginx libtool apache2-dev

	# Install bower
	npm install bower -g

	# Install Composer
	curl -s https://getcomposer.org/installer \| php
	mv composer.phar /usr/local/bin/composer

	# Install mod_cloudflare
	wget https://www.cloudflare.com/static/misc/mod_cloudflare/mod_cloudflare.c
	apxs -a -i -c mod_cloudflare.c
	rm mod_cloudflare.c

	# Restart web services
	service apache2 restart
	service nginx restart

	# Remove Apache's default demo file
	sudo rm /var/www/html/index*.html
	sudo echo "<?php
	phpinfo();" > /var/www/html/$PROJECTFOLDER/public/index.php

	# Add the syncthing release PGP keys:
	curl -s https://syncthing.net/release-key.txt \| sudo apt-key add -

	# Add the "release" channel to your APT sources:
	echo "deb http://apt.syncthing.net/ syncthing release" \| sudo tee /etc/apt/sources.list.d/syncthing.list

	# Update and install syncthing:
	sudo apt-get update
	sudo apt-get -y install syncthing

	# Run setup for syncthing
	syncthing -generate="/root/.config/syncthing"

	# Replace default configuration
	sed -e "s/<gui enabled=\"true\" tls=\"false\">/<gui enabled=\"true\" tls=\"true\">/g" /root/.config/syncthing/config.xml > /root/.config/syncthing/config.xml.tmp && mv /root/.config/syncthing/config.xml.tmp /root/.config/syncthing/config.xml
	sed -e "s/<address>127.0.0.1:8384<\/address>/<address>0.0.0.0:$SYNCPORT<\/address>/g" /root/.config/syncthing/config.xml > /root/.config/syncthing/config.xml.tmp && mv /root/.config/syncthing/config.xml.tmp /root/.config/syncthing/config.xml

	# Secure mysql installation (mysql_secure_installation)
	mysql_secure_installation

	# final feedback
	echo "Voila!"
No results found