EasyEngine

by ikcam
4 deployments · 4 still active · last rev. 15 days ago

Easy Engine

Compatible with: Ubuntu 16.04 LTS, Ubuntu 18.04 LTS
						#!/bin/bash
# Fast deploy EasyEngine NGINX + PHP + Redis
#
#
#<UDF name="hostname" label="Hostname">
# HOSTNAME=
#
#<UDF name="fqdn" label="Fully Qualified Domain Name">
# FQDN=
#
#<UDF name="timezone" label="Timezone">
# TIMEZONE=
#
#<UDF name="userpubkey" label="User Public Key">
# USERPUBKEY=
#
#<UDF name="centerpubkey" label="Matrix Public Key">
# CENTERPUBKEY=
#
#<UDF name="eename" label="Default Name">
# EENAME=
#
#<UDF name="eemail" label="Default Email">
# EEMAIL=
#
#<UDF name="eepass" label="Default Password">
# EEPASS=

# This sets the variable $IPADDR to the IP address the new Linode receives.
IPV4=$(/sbin/ifconfig eth0 | awk '/inet / { print $2 }' | sed 's/addr://')
IPV6=$(ip -6 addr | grep inet6 | awk -F '[ \t]+|/' '{print $3}' | grep -v ^::1 | grep -v ^fe80)

function system_upgrade {
    unset UCF_FORCE_CONFFOLD
    export UCF_FORCE_CONFFNEW=YES
    ucf --purge /boot/grub/menu.lst
    export DEBIAN_FRONTEND=noninteractive
    apt-get update
    apt-get -o Dpkg::Options::="--force-confnew" -fuy upgrade
}

function set_hostname {
    # $1 - The hostname to define
    HOSTNAME="$1"

    if [ ! -n "$HOSTNAME" ]; then
        echo "Hostname undefined"
        return 1;
    fi

    echo "$HOSTNAME" > /etc/hostname
    hostname -F /etc/hostname
}

function set_hosts {
    IPV4="$1"
    IPV6="$2"
    HOSTNAME="$3"
    FQDN="$4"

    if [ ! -n "$IPV4" ] || [ ! -n "$IPV6" ] || [ ! -n "$HOSTNAME" ] || [ ! -n "$FQDN" ]; then
        echo "Invalid attributes."
        return 1;
    fi

    echo $IPV4 $FQDN $HOSTNAME >> /etc/hosts
    echo $IPV6 $FQDN $HOSTNAME >> /etc/hosts
}

function set_timezone {
    TIMEZONE="$1"

    if [ ! -n "$TIMEZONE" ]; then
        echo "Must provide a timezone"
        return 1;
    fi

    timedatectl set-timezone $TIMEZONE
}


function generate_ssh_key {
    FQDN="$1"

    if [ ! -n "$FQDN" ]; then
        echo "Must provide a FQDN"
        return 1;
    fi

    ssh-keygen -t rsa -b 4096 -C "$FQDN" -f /root/.ssh/id_rsa -q -P ""
}

function add_pubkey {
    PUBKEY="$1"

    if [ ! -n "$PUBKEY" ]; then
        echo "Must provide a pubkey"
        return 1;
    fi

    if [ ! -d "/root/.ssh" ]; then
      mkdir /root/.ssh
    fi

    echo "$PUBKEY" >> /root/.ssh/authorized_keys
}

function ssh_disable_password_login {
    # Disables root SSH access.
    sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
    service sshd restart
}

function easyengine_install {
    EENAME="$1"
    EEMAIL="$2"

    if [ ! -n "$EENAME" ] || [ ! -n "$EEMAIL" ]; then
        echo "Invalid attributes."
        return 1;
    fi

    wget -qO ee rt.cx/ee
    sudo bash ee <<< "$EENAME
$EEMAIL"
    source /etc/bash_completion.d/ee_auto.rc
}

function easyengine_example_create {
    ee site create example.com --wpredis <<< "y"
}

function easyenginse_example_delete {
    ee site delete example.com --no-prompt
}

function easyengine_enable_stack {
    mkdir /var/log/php5
    touch /var/log/php5/slow.log
    ee stack install --phpmyadmin
    apt-get install -y composer
    cd /var/www/22222/htdocs/db/pma && composer install --no-dev
}

function easyengine_fix_nginx {
    sed -i 's/ssl_ciphers /ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";/' /etc/nginx/nginx.conf
}

function proftpd_install {
    cd ~
    apt-get -qy install proftpd-basic proftpd-mod-mysql

    ee site create ftp --mysql

    cat > ftp.sql << EOF
CREATE TABLE IF NOT EXISTS \`ftpgroup\` (
    \`groupname\` varchar(16) COLLATE utf8_general_ci NOT NULL,
    \`gid\` smallint(6) NOT NULL DEFAULT '5500',
    \`members\` varchar(16) COLLATE utf8_general_ci NOT NULL,
    KEY \`groupname\` (\`groupname\`) )
    ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci COMMENT='ProFTP group table';

CREATE TABLE IF NOT EXISTS \`ftpuser\` (
    \`id\` int(10) unsigned NOT NULL AUTO_INCREMENT,
    \`userid\` varchar(32) COLLATE utf8_general_ci NOT NULL DEFAULT '',
    \`passwd\` varchar(32) COLLATE utf8_general_ci NOT NULL DEFAULT '',
    \`uid\` smallint(6) NOT NULL DEFAULT '33',
    \`gid\` smallint(6) NOT NULL DEFAULT '33',
    \`homedir\` varchar(255) COLLATE utf8_general_ci NOT NULL DEFAULT '',
    \`shell\` varchar(16) COLLATE utf8_general_ci NOT NULL DEFAULT '/sbin/nologin',
    \`count\` int(11) NOT NULL DEFAULT '0', \`accessed\` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
    \`modified\` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
    PRIMARY KEY (\`id\`),
    UNIQUE KEY \`userid\` (\`userid\`) )
    ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci COMMENT='ProFTP user table';
EOF
    mysql ftp < ftp.sql
    rm -rf ftp.sql

    sed -i 's/# DefaultRoot/DefaultRoot/' /etc/proftpd/proftpd.conf
    sed -i 's/# RequireValidShell/RequireValidShell/' /etc/proftpd/proftpd.conf
    sed -i 's/#Include \/etc\/proftpd\/sql.conf/Include \/etc\/proftpd\/sql.conf/' /etc/proftpd/proftpd.conf
    sed -i 's/#LoadModule mod_sql.c/LoadModule mod_sql.c/' /etc/proftpd/modules.conf
    sed -i 's/#LoadModule mod_sql_mysql.c/LoadModule mod_sql_mysql.c/' /etc/proftpd/modules.conf

    DBPASS_A="$(ee site info ftp | grep 'DB_PASS')"
    DBPASS_B="$(echo -e "${DBPASS_A}" | tr -d '[:space:]')"
    DBPASS="$(echo -e "${DBPASS_B}" | tr -d 'DB_PASS')"

    cat > /etc/proftpd/sql.conf << EOF
SQLBackend        mysql

#Passwords in MySQL are encrypted using CRYPT
SQLAuthTypes            OpenSSL Crypt
SQLAuthenticate         users groups


# used to connect to the database
# databasename@host database_user user_password
SQLConnectInfo  ftp@localhost ftp $DBPASS


# Here we tell ProFTPd the names of the database columns in the "usertable"
# we want it to interact with. Match the names with those in the db
SQLUserInfo     ftpuser userid passwd uid gid homedir shell

# Here we tell ProFTPd the names of the database columns in the "grouptable"
# we want it to interact with. Again the names match with those in the db
SQLGroupInfo    ftpgroup groupname gid members

# set min UID and GID - otherwise these are 999 each
SQLMinID        33

# Update count every time user logs in
# SQLLog PASS updatecount
# SQLNamedQuery updatecount UPDATE \"count=count+1, accessed=now() WHERE userid='%u'\" ftpuser

# Update modified everytime user uploads or deletes a file
SQLLog  STOR,DELE modified
SQLNamedQuery modified UPDATE \"modified=now() WHERE userid='%u'\" ftpuser

SqlLogFile /var/log/proftpd/sql.log
EOF

    service proftpd restart
}

function monit_setup {
    EENAME="$1"
    EEMAIL="$2"
    EEPASS="$3"
    FQDN="$4"

    if [ ! -n "$EENAME" ] || [ ! -n "$EEMAIL" ] || [ ! -n "$EEPASS" ] || [ ! -n "$FQDN" ]; then
        echo "Invalid attributes."
        return 1;
    fi

    apt-get install -qy monit
    mv /etc/monit/monitrc /etc/monit/monitrc.bak

    # Main Monit config
    cat > /etc/monit/monitrc << EOF
set daemon  60

set httpd port 2812
    allow $EENAME:$EEPASS

set eventqueue basedir /var/monit slots 5000

set mailserver localhost
set alert $EEMAIL

include /etc/monit/conf.d/*
include /etc/monit/conf-enabled/*
EOF

    # Monit chmod
    chmod 600 /etc/monit/monitrc

    # Monit: CPU
    cat > /etc/monit/conf.d/cpu << EOF
check system $FQDN
    if memory usage > 80% for 2 cycles then alert
    if cpu usage (user) > 70% for 2 cycles then alert
        if cpu usage (system) > 30% then alert
    if cpu usage (wait) > 20% then alert
    if loadavg (1min) > 6 for 2 cycles then alert
    if loadavg (5min) > 4 for 2 cycles then alert
    if swap usage > 5% then alert

check filesystem rootfs with path /
    if space usage > 80% then alert
EOF

    # Monit: MySQL
    cat > /etc/monit/conf.d/mysqld << EOF
check process mysqld with pidfile /var/run/mysqld/mysqld.pid
    group database
    start program = "/usr/sbin/service mysql start"
    stop program = "/usr/sbin/service mysql stop"
    if failed host localhost port 3306 protocol mysql then restart
    if 5 restarts within 5 cycles then alert
EOF

    # Monit: NGINX
    cat > /etc/monit/conf.d/nginx << EOF
check process nginx with pidfile /var/run/nginx.pid
    group www
    start program = "/usr/sbin/service nginx start"
    stop program = "/usr/sbin/service nginx stop"
    if failed host localhost port 80 protocol http
        with timeout 10 seconds
    then restart
    if 5 restarts within 5 cycles then alert
EOF

    # Monit: PHP5.6
    cat > /etc/monit/conf.d/php5.6 << EOF
check process php5.6-fpm with pidfile "/var/run/php/php5.6-fpm.pid"
    group www
    if cpu > 80% for 2 cycles then alert
EOF

    # Monit: proFTPd
    cat > /etc/monit/conf.d/proftpd << EOF
check process proftpd with pidfile /var/run/proftpd.pid
    group www
    start program = "/usr/sbin/service proftpd start"
    stop program = "/usr/sbin/service proftpd stop"
    if failed host localhost port 21 protocol ftp
        with timeout 10 seconds
        then restart
    if 5 restarts within 5 cycles then alert
EOF

    # Monit: SSHd
    cat > /etc/monit/conf.d/sshd << EOF
check process sshd with pidfile /var/run/sshd.pid
    start program "/usr/sbin/service ssh start"
    stop program "/usr/sbin/service ssh stop"
    if failed host 127.0.0.1 port 22 protocol ssh then restart
    if 5 restarts within 5 cycles then alert
EOF

    service monit reload
    service monit restart
}

system_upgrade
set_hostname "$HOSTNAME"
set_hosts "$IPV4" "$IPV6" "$HOSTNAME" "$FQDN"
set_timezone "$TIMEZONE"
generate_ssh_key "$FQDN"
add_pubkey "$USERPUBKEY"
add_pubkey "$CENTERPUBKEY"
add_pubkey "$(cat /root/.ssh/id_rsa.pub)"
ssh_disable_password_login
easyengine_install "$EENAME" "$EEMAIL"
easyengine_example_create
easyenginse_example_delete
easyengine_enable_stack
easyengine_fix_nginx
proftpd_install
monit_setup "$EENAME" "$EEMAIL" "$EEPASS" "$FQDN"