blob: 4a78a40a3ba5a194eed05f7611a140db554bade6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
#!/bin/bash
apt install -y vim screen tmux net-tools htop socat bc lshw locate dnsutils mc openssh-server openssl
apt install -y rsync git
apt install -y catdoc
apt install -y poppler-utils
apt install -y apache2
apt install -y mariadb-client
apt install -y apt-file
#apt install postgresql-client
#apt install ldap-utils
sed -i 's/^# de_DE.UTF-8 UTF-8/de_DE.UTF-8 UTF-8/' /etc/locale.gen
locale-gen
apt install -y mariadb-server
apt install -y curl graphicsmagick
apt install -y php php-apcu php-bz2 php-cli php-common php-curl php-fpm php-gd php-geoip php-intl php-json php-mbstring php-mysql php-opcache php-readline php-soap php-xml php-xmlrpc php-xsl php-zip php-pgsql php-ldap
# HEADS UP: manually executed as no connection to outside allowed
curl https://getcomposer.org/download/latest-stable/composer.phar > /usr/local/bin/composer
chmod +x /usr/local/bin/composer
export DBPASS=`openssl rand -base64 8 | tr -d /=+`
mysql -Bse "CREATE USER IF NOT EXISTs 'web'@'localhost' IDENTIFIED BY '$DBPASS';"
mysql -Bse "CREATE DATABASE IF NOT EXISTs web CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
mysql -Bse "CREATE DATABASE IF NOT EXISTs web_sync_prepare CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
mysql -Bse "GRANT ALL PRIVILEGES ON web.* TO 'web'@'localhost';"
cat > /var/www/.my.cnf << EOL
[client]
user=web
password=$DBPASS
[mysql]
database=web
EOL
chmod 600 /var/www/.my.cnf
chown www-data:www-data /var/www/.my.cnf
# required for composer dump-autoload
mkdir -p /var/www/.cache
chown www-data:www-data /var/www/.cache
chown -R www-data:www-data /var/www/html/
sed -i -e '/^www-data:/s/usr\/sbin\/nologin/bin\/bash/' /etc/passwd
mkdir -p /var/www/.ssh/
cat > /var/www/.ssh/authorized_keys << EOL
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPt7sxrtFX55Mdc4giYRHsGgZfqU+mmmSpV6zgX9/OoR ben@bnf.dev
EOL
sed -i \
-e 's/^;*date.timezone *=.*/date.timezone = Europe\/Berlin/' \
-e 's/^;* *max_input_vars *=.*/max_input_vars = 3000/' \
-e 's/^;*max_execution_time *=.*/max_execution_time = 240/' \
-e 's/^;*memory_limit *=.*/memory_limit = 384M/' \
-e 's/^;*post_max_size *=.*/post_max_size = 128M/' \
-e 's/^;*upload_max_filesize *=.*/upload_max_filesize = 128M/' \
-e 's/^;*opcache.enable_cli *=.*/opcache.enable_cli = 1/' \
/etc/php/7.2/apache2/php.ini \
/etc/php/7.2/fpm/php.ini \
/etc/php/7.2/cli/php.ini
cat > /etc/apache2/conf-available/web.conf << EOL
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
EOL
a2enconf web
sed -i 's/<\/VirtualHost>/\n\t<Location "\/">\n\t\tRequire all denied\n\t<\/Location>\n&/' /etc/apache2/sites-available/000-default.conf
mv /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/000-default-ssl.conf
sed -i 's/\t<\/VirtualHost>/\n\t\t<Location "\/">\n\t\t\tRequire all denied\n\t\t<\/Location>\n&/' /etc/apache2/sites-available/000-default-ssl.conf
a2ensite 000-default-ssl
a2enmod ssl
a2enmod rewrite
a2enmod headers
a2enmod expires
service apache2 reload
cat > /etc/mysql/mariadb.conf.d/70-disable-strict-mode.cnf << EOL
[mysqld]
sql_mode=IGNORE_SPACE,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
EOL
service mysql restart
|
