commit 6cd1e8414f37098659f42604bcb620a2107083af Author: Tristan Ancelet Date: Wed May 3 10:31:45 2023 -0500 initial commit diff --git a/setup-server.sh b/setup-server.sh new file mode 100644 index 0000000..d5385f5 --- /dev/null +++ b/setup-server.sh @@ -0,0 +1,148 @@ +#!/usr/bin/bash + +# Note: This is post installation + +INSTALL_LOG=~/server-setup.log + +if [[ ! -f ~/utils/logging.sh ]]; then + alias log="echo" +else + . ~/utils/logging.sh +fi + +# Making sure user is running this as root +if [[ ! "$USER" == "root" ]]; then + echo "You are not root. Please either switch to root with (su -l) or login as root and rerun this script" + exit 1 +fi + + +# Updating repo metadata & package db +# (-y) just means assume yes (for package download and updates) +apt update -y && apt upgrade -y + +# These are the packages needed for setting up the server for my PHP application +declare -a needed_packages=( + # Webserver packages + firewalld + apache2 + php + + # Check packages + bind-utils +) + + +# Start Firewall Setup + +# Setting up the rules for the webserver +firewall-cmd --zone=public --add-service=http --perm +firewall-cmd --zone=public --add-service=https --perm + +# Setup rules for SSH server (omitting from repo-commit for obvious reasons) +###Do SSH Rule setup### +# End Firewall Setup + + +# Wildcard SSL Cert installation +# This will be uploaded seperately, as I do not want to share my certs with the world (this is just the bulk sum, I will be installing a complete encompassing certfile). +CERTS_ARCHIVE=~/tristan-ancelet-certs.tar +if [[ -f $CERTS_ARCHIVE ]]; then + mv $CERTS_ARCHIVE /etc/ + cd /etc + tar xf $CERTS_ARCHIVE + [[ $? -eq 0 ]] && rm $CERTS_ARCHIVE +else + log "Cert archive was not found. Installation will continue, but site will not work. Please install the ssl certs manually" +fi + +CERT=~/tristanancelet-cert.pem +if [[ ! -f $CERT ]]; then + cp $CERT /etc/apache2/apache.pem +fi + +# App Location +WebAppLocation=/opt/WebCron +# The IP or IPs that will have access to the web app. +ALLOWED_ACCESS_CONFIG="" + + +# Begin apache2 config + +# +a2enmod ssl +a2enmod php +# Since I will be using Apache2.4* +a2enmod authz_core + + +IP_REGEX='[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.' +if [[ ! "$ALLOWED_ACCESS_CONFIG" =~ ^$IP_REGEX$ ]]; then + log "The configured IP ($ALLOWED_ACCESS_CONFIG) did not match the format of an IP. Please fix the mistake and rerun this" + exit 1 +fi + +echo " +# Redirecting all http traffic to https + + ServerAdmin webmaster@tristanancelet.com + ServerName webcron.tristanancelet.com + Redirect permanent / https://webcron.tristanancelet.com/ + + + + + ServerAdmin webmaster@tristanancelet.com + ServerName webcron.tristanancelet.com + DocumentRoot /opt/WebCron + + + ErrorLog \${APACHE_LOG_DIR}/webcron-error.log + CustomLog \${APACHE_LOG_DIR}/webcron.log combined + + + Require ip $ALLOWED_ACCESS_CONFIG + SSLOptions +StdEnvVars + + + SSLEngine on + SSLCertificateFile /etc/apache/apache.pem + SSLCertificateKeyFile /etc/apache/apache.pem + + + SSLOptions +StdEnvVars + + +" > /etc/apache2/sites-available/web-cron.conf + + +a2ensite web-cron + +[[ $? -ne 0 ]] && log " There was an error when enabling the site, please read the error message, that was provided from the a2ensite command" +# End apache2 config + + +# Begin Post-Setup tests + +## Checking that the A record for webcron.tristanancelet.com has been installed/configured on my DNS server +echo Doing post setup tests + +echo " +Checking for DNS A record for this site + +" +WebCronDNSLookupIP="$( dig webcron.tristanancelet.com +short | tail -n 1)" +if [[ ! "$WebCronDNSLookupIP" == *$(hostname -i)* ]]; then + echo "DNS A record check: Fail + +Reason: +An a record for webcron.tristanancelet.com doesn't exist + +" +else + echo "DNS A record check: Pass + +" +fi + +# End Post-Setup tests