LEMP,Kernel,Security,Tools,Monitoring

by obs
697 deployments · 147 still active · last rev. 5 years ago

Installs nginx (optionally from https://launchpad.net/~nginx/+archive/stable), Apache, MySQL, PHP (running as fastcgi), monit, munin, various other tools, sets up basic firewall,locks down ssh, sets up standard user, installs postfix and configures root alias, installs ubuntu ec2 kernel

Compatible with: No distros currently supported
						#!/bin/bash
######
#IMPORTANT
#This is an experimental script bits of it may not work I use it for my own linodes and it works for me, if you have problems email admin@rwky.net
######
######
#LICENCE#
######
#Released under the BSD license http://www.opensource.org/licenses/bsd-license
#Copyright (c) 2011, Rowan Wookey <admin@rwky.net>
#All rights reserved.
#
#Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
#
#1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
#2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
#3. Neither the name of the <ORGANIZATION> nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
#THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
######
#<udf name="INSTALL_MYSQL" label="Instal MySQL?" oneOf="Yes,No">
#<udf name="MYSQL_PASSWORD" label="MySQL root password" default="">
#<udf name="NGINX_VERSION" label="Install nginx from PPA" oneOf="Yes,No" example="See https://launchpad.net/~nginx/+archive/stable">
#<udf name="SSH_PORT" label="SSH port" default="22">
#<udf name="USER" label="Unprivileged User Account" />
#<udf name="USER_PASSWORD" label="Unprivileged User Password" />
#<udf name="USER_SSHKEY" label="Public Key for User" default="" />
#<udf name="ROOT_EMAIL" label="Email alias for root" />
#<udf name="HOSTNAME" label="Hostname" default="" />
#<udf name="WHICHKERNEL" label="Use ubuntu ec2 kernel?" oneOf="No,Yes" />
#<udf name="WEBSERVER" label="Which webserver to use?" oneOf="Nginx,Apache Prefork,Apache Worker,None" />
######
#Support
######
#For support please email admin@rwky.net
#######

set -e

source <ssinclude StackScriptID="1">
source <ssinclude StackScriptID="2470">

#update system and set hostname
prep_system

#setup firewall
install_shorewall

#setup standard user
configure_user

#secure ssh
configure_ssh

#setup postfix
install_postfix

if [ "$INSTALL_MYSQL" == "Yes" ]
then
#setup mysql
install_mysql
fi

if [ "$WEBSERVER" == "Nginx" ]
then
#setup php
install_php_fcgi
fi

if [ "$WEBSERVER" == "Nginx" ]
then
#setup nginx
install_nginx
fi

if [ "$WEBSERVER" == "Apache Prefork" ]
then
#setup apache
apache_install
apache_tune
fi

if [ "$WEBSERVER" == "Apache Prefork" ]
then
#setup php
install_php_apache
fi

if [ "$WEBSERVER" == "Apache Worker" ]
then
#setup apache and php
install_php_apache_worker
fi

#install monit/munin/security tools/other tools
install_monit
install_munin
install_security
install_tools

#install stock kernel
#this requires user interaction
if [ "$WHICHKERNEL" == "Yes" ]
then
install_ubuntu_stock_kernel
fi

#set root .profile
set_root_profile

#delete users that aren't needed
deleteusers

#cleanup
cleanup

#send notification
notification_email