initial commit

This commit is contained in:
Tristan Ancelet 2023-05-03 10:31:45 -05:00
commit 6cd1e8414f

148
setup-server.sh Normal file
View File

@ -0,0 +1,148 @@
#!/usr/bin/bash
# Note: This is post installation
INSTALL_LOG=~/server-setup.log
if [[ ! -f ~/utils/logging.sh ]]; then
alias log="echo"
else
. ~/utils/logging.sh
fi
# Making sure user is running this as root
if [[ ! "$USER" == "root" ]]; then
echo "You are not root. Please either switch to root with (su -l) or login as root and rerun this script"
exit 1
fi
# Updating repo metadata & package db
# (-y) just means assume yes (for package download and updates)
apt update -y && apt upgrade -y
# These are the packages needed for setting up the server for my PHP application
declare -a needed_packages=(
# Webserver packages
firewalld
apache2
php
# Check packages
bind-utils
)
# Start Firewall Setup
# Setting up the rules for the webserver
firewall-cmd --zone=public --add-service=http --perm
firewall-cmd --zone=public --add-service=https --perm
# Setup rules for SSH server (omitting from repo-commit for obvious reasons)
###Do SSH Rule setup###
# End Firewall Setup
# Wildcard SSL Cert installation
# This will be uploaded seperately, as I do not want to share my certs with the world (this is just the bulk sum, I will be installing a complete encompassing certfile).
CERTS_ARCHIVE=~/tristan-ancelet-certs.tar
if [[ -f $CERTS_ARCHIVE ]]; then
mv $CERTS_ARCHIVE /etc/
cd /etc
tar xf $CERTS_ARCHIVE
[[ $? -eq 0 ]] && rm $CERTS_ARCHIVE
else
log "Cert archive was not found. Installation will continue, but site will not work. Please install the ssl certs manually"
fi
CERT=~/tristanancelet-cert.pem
if [[ ! -f $CERT ]]; then
cp $CERT /etc/apache2/apache.pem
fi
# App Location
WebAppLocation=/opt/WebCron
# The IP or IPs that will have access to the web app.
ALLOWED_ACCESS_CONFIG=""
# Begin apache2 config
#
a2enmod ssl
a2enmod php
# Since I will be using Apache2.4*
a2enmod authz_core
IP_REGEX='[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.'
if [[ ! "$ALLOWED_ACCESS_CONFIG" =~ ^$IP_REGEX$ ]]; then
log "The configured IP ($ALLOWED_ACCESS_CONFIG) did not match the format of an IP. Please fix the mistake and rerun this"
exit 1
fi
echo "
# Redirecting all http traffic to https
<VirtualHost *:80>
ServerAdmin webmaster@tristanancelet.com
ServerName webcron.tristanancelet.com
Redirect permanent / https://webcron.tristanancelet.com/
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@tristanancelet.com
ServerName webcron.tristanancelet.com
DocumentRoot /opt/WebCron
ErrorLog \${APACHE_LOG_DIR}/webcron-error.log
CustomLog \${APACHE_LOG_DIR}/webcron.log combined
<Directory $WebAppLocation/>
Require ip $ALLOWED_ACCESS_CONFIG
SSLOptions +StdEnvVars
</Directory>
SSLEngine on
SSLCertificateFile /etc/apache/apache.pem
SSLCertificateKeyFile /etc/apache/apache.pem
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
</VirtualHost>
</IfModule>" > /etc/apache2/sites-available/web-cron.conf
a2ensite web-cron
[[ $? -ne 0 ]] && log " There was an error when enabling the site, please read the error message, that was provided from the a2ensite command"
# End apache2 config
# Begin Post-Setup tests
## Checking that the A record for webcron.tristanancelet.com has been installed/configured on my DNS server
echo Doing post setup tests
echo "
Checking for DNS A record for this site
"
WebCronDNSLookupIP="$( dig webcron.tristanancelet.com +short | tail -n 1)"
if [[ ! "$WebCronDNSLookupIP" == *$(hostname -i)* ]]; then
echo "DNS A record check: Fail
Reason:
An a record for webcron.tristanancelet.com doesn't exist
"
else
echo "DNS A record check: Pass
"
fi
# End Post-Setup tests