PHP7 LAMP

by rockwell15
75 deployments · 22 still active · last rev. 7 months ago

Installs PHP 7 & the latest MySQL / Apache. Optionally sets up first virtual host

Compatible with: Ubuntu 16.04 LTS, Ubuntu 14.04 LTS
						#!/bin/bash
# <UDF name="ssh_port" Label="SSH Port" default="22" />
# <UDF name="site_name" Label="Virtual Host Name" default="" />
# <UDF name="db_password" Label="MySQL root Password" />
# <UDF name="db_name" Label="Create Database" default="" example="Optionally create this database" />
# <UDF name="db_user" Label="Create MySQL User" default="" example="Optionally create this user" />
# <UDF name="db_user_password" Label="MySQL User's Password" default="" example="User's password" />



source <ssinclude StackScriptID="1">



#---- Update apt
system_update



#---- Install postfix mail
postfix_install_loopback_only



#---- Change default SSH port
sed -i 's/Port 22/Port '$SSH_PORT'/g' /etc/ssh/sshd_config



#---- Login security
apt-get -y install fail2ban
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
perl -i -0pe 's/\[ssh-ddos\]\n\nenabled  = false\nport     = ssh/\[ssh-ddos\]\n\nenabled  = true\nport     = '$SSH_PORT'/mg' /etc/fail2ban/jail.local
service fail2ban restart



#---- Firewall
cat > /etc/iptables.firewall.rules << EOF

	*filter

	#  Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesnt use lo0
	-A INPUT -i lo -j ACCEPT
	-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT

	#  Accept all established inbound connections
	-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

	#  Allow all outbound traffic - you can modify this to only allow certain traffic
	-A OUTPUT -j ACCEPT

	#  Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL).
	-A INPUT -p tcp --dport 80 -j ACCEPT
	-A INPUT -p tcp --dport 443 -j ACCEPT

	#  Allow ports for testing
	-A INPUT -p tcp --dport 8080:8090 -j ACCEPT

	#  Allow ports for MOSH (mobile shell)
	-A INPUT -p udp --dport 60000:61000 -j ACCEPT

	#  Allow SSH connections
	#  The -dport number should be the same port number you set in sshd_config
	-A INPUT -p tcp -m state --state NEW --dport $SSH_PORT -j ACCEPT

	#  Allow ping
	-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

	#  Log iptables denied calls
	-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

	#  Reject all other inbound - default deny unless explicitly allowed policy
	-A INPUT -j REJECT
	-A FORWARD -j REJECT

COMMIT
EOF
iptables-restore < /etc/iptables.firewall.rules
echo '#!/bin/sh' >> /etc/network/if-pre-up.d/firewall
echo '/sbin/iptables-restore < /etc/iptables.firewall.rules' >> /etc/network/if-pre-up.d/firewall
chmod +x /etc/network/if-pre-up.d/firewall



#---- Reboot when out-of-memory
echo '' >> /etc/sysctl.conf
echo 'vm.panic_on_oom=1' >> /etc/sysctl.conf
echo 'kernel.panic=10' >> /etc/sysctl.conf



#---- Install Apache
aptitude -y install apache2
cp /etc/apache2/apache2.conf /etc/apache2/apache2.backup.conf
sed -i 's/KeepAlive On/KeepAlive Off/' /etc/apache2/apache2.conf



#---- Install PHP
apt-get install software-properties-common -y --force-yes
add-apt-repository ppa:ondrej/php -y
apt-get update
apt-get install -y --force-yes php7.0 libapache2-mod-php7.0 php7.0-mysql php7.0-curl php7.0-json
cat >> /etc/apache2/apache2.conf << EOF

<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>

EOF
a2dismod mpm_event && a2enmod mpm_prefork && a2enmod php7
service apache2 restart


#---- Install MySQL
mysql_install "$DB_PASSWORD" && mysql_tune 40
mysql_create_database "$DB_PASSWORD" "$DB_NAME"
mysql_create_user "$DB_PASSWORD" "$DB_USER" "$DB_USER_PASSWORD"
mysql_grant_user "$DB_PASSWORD" "$DB_USER" "$DB_NAME"


#---- Virtual hosts
if [ ! -n "$SITE_NAME" ]; then
    mkdir -p /var/www/nogo
else
    a2dissite default
    mkdir -p /var/www/$SITE_NAME/public_html /var/www/$SITE_NAME/log /var/www/$SITE_NAME/backups

    cat > /etc/apache2/sites-available/$SITE_NAME.conf << EOF
        <VirtualHost *:80>
            ServerName  $SITE_NAME

            DirectoryIndex index.html index.php
            DocumentRoot /var/www/$SITE_NAME/public_html

            LogLevel warn
            ErrorLog  /var/www/$SITE_NAME/log/error.log
            CustomLog /var/www/$SITE_NAME/log/access.log combined
        </VirtualHost>

EOF
    a2ensite $SITE_NAME.conf
    service apache2 restart
fi

#---- Optimizations




#---- Restart everything
restartServices