2023-05-03 15:31:45 +00:00
#!/usr/bin/bash
# Note: This is post installation
INSTALL_LOG = ~/server-setup.log
if [ [ ! -f ~/utils/logging.sh ] ] ; then
alias log = "echo"
else
. ~/utils/logging.sh
fi
# Making sure user is running this as root
if [ [ ! " $USER " = = "root" ] ] ; then
echo "You are not root. Please either switch to root with (su -l) or login as root and rerun this script"
exit 1
fi
# Updating repo metadata & package db
# (-y) just means assume yes (for package download and updates)
apt update -y && apt upgrade -y
# These are the packages needed for setting up the server for my PHP application
declare -a needed_packages = (
# Webserver packages
firewalld
apache2
php
# Check packages
bind-utils
)
2023-05-03 16:05:54 +00:00
declare -a packages_to_install
2023-05-03 15:31:45 +00:00
2023-05-03 16:05:54 +00:00
INSTALLED_PACKAGES = " $( apt list --installed ) "
2023-05-03 15:31:45 +00:00
2023-05-03 16:05:54 +00:00
# Filtering packages from my needed_packages array (in case some are already installed)
for package in ${ needed_packages [@] } ; do
if [ [ ! " $INSTALLED_PACKAGES " = = *$package * ] ] ; then
packages_to_install += ( " $package " )
fi
done
unset needed_packages
# Installing the packages that aren't already installed
apt install -y ${ packages_to_install }
# Start: Firewall Setup
2023-05-03 15:31:45 +00:00
# Setting up the rules for the webserver
firewall-cmd --zone= public --add-service= http --perm
firewall-cmd --zone= public --add-service= https --perm
# Setup rules for SSH server (omitting from repo-commit for obvious reasons)
###Do SSH Rule setup###
2023-05-03 16:05:54 +00:00
# End: Firewall Setup
2023-05-03 15:31:45 +00:00
# Wildcard SSL Cert installation
# This will be uploaded seperately, as I do not want to share my certs with the world (this is just the bulk sum, I will be installing a complete encompassing certfile).
2023-05-03 16:07:52 +00:00
CERTS_ARCHIVE = ~/tristanancelet-certs.tar
2023-05-03 15:31:45 +00:00
if [ [ -f $CERTS_ARCHIVE ] ] ; then
mv $CERTS_ARCHIVE /etc/
cd /etc
tar xf $CERTS_ARCHIVE
[ [ $? -eq 0 ] ] && rm $CERTS_ARCHIVE
else
2023-05-03 16:09:15 +00:00
log "Cert archive was not found. Installation will continue, but the backup certs will not be included"
2023-05-03 15:31:45 +00:00
fi
CERT = ~/tristanancelet-cert.pem
if [ [ ! -f $CERT ] ] ; then
cp $CERT /etc/apache2/apache.pem
fi
# App Location
WebAppLocation = /opt/WebCron
# The IP or IPs that will have access to the web app.
ALLOWED_ACCESS_CONFIG = ""
# Begin apache2 config
#
a2enmod ssl
a2enmod php
# Since I will be using Apache2.4*
a2enmod authz_core
IP_REGEX = '[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.'
if [ [ ! " $ALLOWED_ACCESS_CONFIG " = ~ ^$IP_REGEX $ ] ] ; then
log " The configured IP ( $ALLOWED_ACCESS_CONFIG ) did not match the format of an IP. Please fix the mistake and rerun this "
exit 1
fi
2023-05-03 16:05:54 +00:00
site_config_file = /etc/apache2/sites-available/webcron.conf
site_config = "
2023-05-03 15:31:45 +00:00
# Redirecting all http traffic to https
<VirtualHost *:80>
ServerAdmin webmaster@tristanancelet.com
ServerName webcron.tristanancelet.com
Redirect permanent / https://webcron.tristanancelet.com/
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@tristanancelet.com
ServerName webcron.tristanancelet.com
DocumentRoot /opt/WebCron
ErrorLog \$ { APACHE_LOG_DIR} /webcron-error.log
CustomLog \$ { APACHE_LOG_DIR} /webcron.log combined
<Directory $WebAppLocation />
Require ip $ALLOWED_ACCESS_CONFIG
SSLOptions +StdEnvVars
</Directory>
SSLEngine on
SSLCertificateFile /etc/apache/apache.pem
SSLCertificateKeyFile /etc/apache/apache.pem
<FilesMatch " \.(cgi|shtml|phtml|php) $" >
SSLOptions +StdEnvVars
</FilesMatch>
</VirtualHost>
2023-05-03 16:05:54 +00:00
</IfModule>"
# If the site config files doesn't exist or doesn't match what it needs to be then it will be overwritten.
if [ [ ! -f $site_config_file ] ] || [ [ ! " $( <$site_config_file ) " = = " $site_config " ] ] ; then
echo " $site_config " > $site_config_file
fi
2023-05-03 15:31:45 +00:00
2023-05-03 16:05:54 +00:00
# Enable the site with a2ensite
2023-05-03 15:31:45 +00:00
a2ensite web-cron
[ [ $? -ne 0 ] ] && log " There was an error when enabling the site, please read the error message, that was provided from the a2ensite command"
# End apache2 config
2023-05-03 16:05:54 +00:00
# Start: Enabling Services
for services in firewalld apache2; do
service_status = " $( systemctl status $service ) "
service_enabled = " $( grep Loaded <<< " $service_status " | awk '{ print $4 }' ) "
service_active = " $( grep Active <<< " $service_status " | awk '{ pring $2 }' ) "
if [ [ " $service_enabled " = = *disabled* ] ] ; then
# Enabling the service if it isn't
systemctl enable $service
fi
case $service_active in
*inactive*)
# If the service wasn't started in installation, go ahead and start it (as it would've also been enabled above)
systemctl start $service
continue
; ;
*active*)
# If the service was already running then just restart it so it can reload the new configs
systemctl restart $service
; ;
esac
# Unsetting these variables to ensure that it doesn't cause an issue (although it's impossible with the current setup)
unset service_status service_enabled service_active
done
# End: Enabling Services
# Start: Post-Setup tests
2023-05-03 15:31:45 +00:00
## Checking that the A record for webcron.tristanancelet.com has been installed/configured on my DNS server
echo Doing post setup tests
echo "
Checking for DNS A record for this site
"
WebCronDNSLookupIP = " $( dig webcron.tristanancelet.com +short | tail -n 1) "
if [ [ ! " $WebCronDNSLookupIP " = = *$( hostname -i) * ] ] ; then
echo " DNS A record check: Fail
Reason:
An a record for webcron.tristanancelet.com doesn' t exist
"
else
echo " DNS A record check: Pass
"
fi
2023-05-03 16:05:54 +00:00
# End: Post-Setup tests
