207 lines
5.2 KiB
Bash
207 lines
5.2 KiB
Bash
#!/usr/bin/bash
|
|
|
|
# Note: This is post installation
|
|
|
|
INSTALL_LOG=~/server-setup.log
|
|
|
|
if [[ ! -f ~/utils/logging.sh ]]; then
|
|
alias log="echo"
|
|
else
|
|
. ~/utils/logging.sh
|
|
fi
|
|
|
|
# Making sure user is running this as root
|
|
if [[ ! "$USER" == "root" ]]; then
|
|
echo "You are not root. Please either switch to root with (su -l) or login as root and rerun this script"
|
|
exit 1
|
|
fi
|
|
|
|
|
|
# Updating repo metadata & package db
|
|
# (-y) just means assume yes (for package download and updates)
|
|
apt update -y && apt upgrade -y
|
|
|
|
# These are the packages needed for setting up the server for my PHP application
|
|
declare -a needed_packages=(
|
|
# Webserver packages
|
|
firewalld
|
|
apache2
|
|
php
|
|
|
|
# Check packages
|
|
bind-utils
|
|
)
|
|
declare -a packages_to_install
|
|
|
|
INSTALLED_PACKAGES="$( apt list --installed )"
|
|
|
|
# Filtering packages from my needed_packages array (in case some are already installed)
|
|
for package in ${needed_packages[@]}; do
|
|
if [[ ! "$INSTALLED_PACKAGES" == *$package* ]]; then
|
|
packages_to_install+=( "$package" )
|
|
fi
|
|
done
|
|
|
|
unset needed_packages
|
|
|
|
# Installing the packages that aren't already installed
|
|
apt install -y ${packages_to_install}
|
|
|
|
|
|
# Start: Firewall Setup
|
|
|
|
# Setting up the rules for the webserver
|
|
firewall-cmd --zone=public --add-service=http --perm
|
|
firewall-cmd --zone=public --add-service=https --perm
|
|
|
|
# Setup rules for SSH server (omitting from repo-commit for obvious reasons)
|
|
###Do SSH Rule setup###
|
|
|
|
# End: Firewall Setup
|
|
|
|
|
|
# Wildcard SSL Cert installation
|
|
# This will be uploaded seperately, as I do not want to share my certs with the world (this is just the bulk sum, I will be installing a complete encompassing certfile).
|
|
CERTS_ARCHIVE=~/tristanancelet-certs.tar
|
|
if [[ -f $CERTS_ARCHIVE ]]; then
|
|
mv $CERTS_ARCHIVE /etc/
|
|
cd /etc
|
|
tar xf $CERTS_ARCHIVE
|
|
[[ $? -eq 0 ]] && rm $CERTS_ARCHIVE
|
|
else
|
|
log "Cert archive was not found. Installation will continue, but the backup certs will not be included"
|
|
fi
|
|
|
|
CERT=~/tristanancelet-cert.pem
|
|
if [[ ! -f $CERT ]]; then
|
|
cp $CERT /etc/apache2/apache.pem
|
|
fi
|
|
|
|
# App Location
|
|
WebAppLocation=/opt/WebCron
|
|
# The IP or IPs that will have access to the web app.
|
|
ALLOWED_ACCESS_CONFIG=""
|
|
|
|
|
|
# Begin apache2 config
|
|
|
|
#
|
|
a2enmod ssl
|
|
a2enmod php
|
|
# Since I will be using Apache2.4*
|
|
a2enmod authz_core
|
|
|
|
|
|
IP_REGEX='[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.'
|
|
if [[ ! "$ALLOWED_ACCESS_CONFIG" =~ ^$IP_REGEX$ ]]; then
|
|
log "The configured IP ($ALLOWED_ACCESS_CONFIG) did not match the format of an IP. Please fix the mistake and rerun this"
|
|
exit 1
|
|
fi
|
|
|
|
site_config_file=/etc/apache2/sites-available/webcron.conf
|
|
site_config="
|
|
# Redirecting all http traffic to https
|
|
<VirtualHost *:80>
|
|
ServerAdmin webmaster@tristanancelet.com
|
|
ServerName webcron.tristanancelet.com
|
|
Redirect permanent / https://webcron.tristanancelet.com/
|
|
</VirtualHost>
|
|
|
|
<IfModule mod_ssl.c>
|
|
<VirtualHost *:443>
|
|
ServerAdmin webmaster@tristanancelet.com
|
|
ServerName webcron.tristanancelet.com
|
|
DocumentRoot /opt/WebCron
|
|
|
|
|
|
ErrorLog \${APACHE_LOG_DIR}/webcron-error.log
|
|
CustomLog \${APACHE_LOG_DIR}/webcron.log combined
|
|
|
|
<Directory $WebAppLocation/>
|
|
Require ip $ALLOWED_ACCESS_CONFIG
|
|
SSLOptions +StdEnvVars
|
|
</Directory>
|
|
|
|
SSLEngine on
|
|
SSLCertificateFile /etc/apache/apache.pem
|
|
SSLCertificateKeyFile /etc/apache/apache.pem
|
|
|
|
<FilesMatch "\.(cgi|shtml|phtml|php)$">
|
|
SSLOptions +StdEnvVars
|
|
</FilesMatch>
|
|
</VirtualHost>
|
|
</IfModule>"
|
|
|
|
# If the site config files doesn't exist or doesn't match what it needs to be then it will be overwritten.
|
|
if [[ ! -f $site_config_file ]] || [[ ! "$(<$site_config_file)" == "$site_config" ]] ; then
|
|
echo "$site_config" > $site_config_file
|
|
fi
|
|
|
|
|
|
# Enable the site with a2ensite
|
|
a2ensite web-cron
|
|
|
|
[[ $? -ne 0 ]] && log " There was an error when enabling the site, please read the error message, that was provided from the a2ensite command"
|
|
# End apache2 config
|
|
|
|
|
|
|
|
# Start: Enabling Services
|
|
|
|
for services in firewalld apache2; do
|
|
service_status="$( systemctl status $service )"
|
|
service_enabled="$( grep Loaded <<< "$service_status" | awk '{ print $4 }' )"
|
|
service_active="$( grep Active <<< "$service_status" | awk '{ pring $2 }' )"
|
|
|
|
if [[ "$service_enabled" == *disabled* ]]; then
|
|
# Enabling the service if it isn't
|
|
systemctl enable $service
|
|
fi
|
|
|
|
case $service_active in
|
|
*inactive*)
|
|
# If the service wasn't started in installation, go ahead and start it (as it would've also been enabled above)
|
|
systemctl start $service
|
|
continue
|
|
;;
|
|
|
|
*active*)
|
|
# If the service was already running then just restart it so it can reload the new configs
|
|
systemctl restart $service
|
|
;;
|
|
esac
|
|
|
|
# Unsetting these variables to ensure that it doesn't cause an issue (although it's impossible with the current setup)
|
|
unset service_status service_enabled service_active
|
|
done
|
|
|
|
# End: Enabling Services
|
|
|
|
|
|
|
|
|
|
# Start: Post-Setup tests
|
|
|
|
## Checking that the A record for webcron.tristanancelet.com has been installed/configured on my DNS server
|
|
echo Doing post setup tests
|
|
|
|
echo "
|
|
Checking for DNS A record for this site
|
|
|
|
"
|
|
WebCronDNSLookupIP="$( dig webcron.tristanancelet.com +short | tail -n 1)"
|
|
if [[ ! "$WebCronDNSLookupIP" == *$(hostname -i)* ]]; then
|
|
echo "DNS A record check: Fail
|
|
|
|
Reason:
|
|
An a record for webcron.tristanancelet.com doesn't exist
|
|
|
|
"
|
|
else
|
|
echo "DNS A record check: Pass
|
|
|
|
"
|
|
fi
|
|
|
|
# End: Post-Setup tests
|