 |
Linode Forum
Linode Community Forums
|
| Author |
Message |
zachbrowne
Joined: 21 Jan 2011
Posts: 4
|
| Posted: Fri Jun 24, 2011 4:59 pm Post subject: Ubuntu 11.04 - Apache - PHP-CGI - APC - Postfix-Gmail Script |
|
|
I wrote this script for myself but it seems like it would be useful for everyone. I could have written in functions but I didn't have time. Just find/replace each variable.
Notes.
* This must be on a fresh install. Period.
* This script infers that you are going to operate your machine as root.
It will:
--> Set up SSH
--> Set up your hostname
--> Set up a static IP
--> Set up BIND9 to cache DNS
--> Setup Apache2 with 1 virtual host + ports.conf
--> Setup PHP-CGI
--> Set up mpm_itk_module
--> Setup APC
--> Optimize Apache and PHP for 512MB (Got this part somewhere else)
--> Harden sysctl.conf
--> Install mod_security & mod_evasive
--> Install Google PageSpeed - mod_pagespeed
--> THE BEST PART - Setup Postfix to use your Gmail account for SMTP.
Once it finishes just upload your website to /srv/www/yourdomain.com/public and you're good to go.
It might have a couple of bugs... Let me know if you find one and I'll update it.
First:
Code:
ssh ----DOMAIN----
nano setup.sh
# Paste contents of script then Ctrl+x - Y - Enter
chmod +x setup.sh
./setup.sh
Code:
#!/bin/bash
#############################################################
# Setup Ubuntu 11.04 32/64 Natty Web Server for WordPress #
# by Zach Browne - http://zachbrowne.com #
#############################################################
## Update and upgrade.
aptitude update && aptitude upgrade
## Setup SSH
mkdir ~/.ssh/
touch ~/.ssh/authorized_keys
echo "----YOUR-SSH-PUBLIC-KEY----" > ~/.ssh/authorized_keys
# Set up hosts file.
echo "scorpius" > /etc/hostname
hostname -F /etc/hostname
sed -i '1 a\----SERVER IP----\t\----YOUR FULL FQDN----\t\----HOSTNAME----' /etc/hosts
# Set up interfaces file for static IP.
cp /etc/network/{interfaces,interfaces.bak}
rm /etc/network/interfaces
touch /etc/network/interfaces
cat > /etc/network/interaces <<EOF
auto lo
iface lo inet loopback
auto eth0 eth0:1
iface eth0 inet statics
address ----SERVER IP----
netmask 255.255.255.0
gateway ----GATEWAY----
iface eth0:1 inet static
address ----INTERNAL IP----
netmask 255.255.128.0
EOF
# Set resolv.conf to rotate DNS
cp /etc/{resolv.conf,resolv.conf.bak}
rm /etc/resolv.conf
touch /etc/resolv.conf
cat > /etc/resolv.conf <<EOF
search members.linode.com
nameserver 72.14.188.5
nameserver 72.14.179.5
options rotate
EOF
# Restart networking.
/etc/init.d/networking restart
## Setup Apache2, PHP-CGI, APC, MySQL, and optimize server for VPS 512MB.
# Install apps for WordPress optimization
aptitude -y install apache2 apache2-mpm-itk mysql-server fontconfig-config javascript-common libdbd-mysql-perl libdbi-perl libfontconfig1 libfreetype6 libgd2-xpm libjpeg62 libjs-cropper libjs-jquery libjs-prototype libjs-scriptaculous libnet-daemon-perl libphp-phpmailer libphp-snoopy libplrpc-perl libt1-5 libxpm4 php-gettext php5-gd tinymce ttf-dejavu-core wwwconfig-common libapache2-mod-perl2 php5-cgi php-apc php5-mysql php5-curl php5-gd php5-imagick php5-mcrypt php5-common php5-pspell php5-snmp php5-xmlrpc php5-xsl imagemagick perl php-pear
# Enable modules
a2enmod actions rewrite
# Enable APC
echo "extension=apc.so" > /etc/php5/conf.d/apc.ini
# Configure PHP-CGI.
touch /etc/apache2/conf.d/php-cgi.conf
cat > /etc/apache2/conf.d/php-cgi.conf <<EOF
ScriptAlias /local-bin /usr/bin
AddHandler application/x-httpd-php5 php
Action application/x-httpd-php5 /local-bin/php-cgi
EOF
# Add IP to ports.conf.
cp /etc/apache2/{ports.conf,ports.conf.bak}
rm /etc/apache2/ports.conf
touch /etc/apache2/ports.conf
cat > /etc/apache2/ports.conf <<EOF
NameVirtualHost 72.14.187.136:80
Listen 80
EOF
# Create virtual directory & secure
mkdir -p /srv/www/----DOMAIN----/{public,logs}
chown -R www-data:www-data /srv/www/
find /srv/www/ -type d -exec chmod 755 {} \;
# Create virtual host.
touch /etc/apache2/sites-available/----DOMAIN----
cat > /etc/apache2/sites-available/----DOMAIN---- <<EOF
<VirtualHost ----SERVER-IP----:80>
RewriteEngine On
ServerName ----DOMAIN----
ServerAdmin www@----DOMAIN----
ServerAlias www.----DOMAIN----
DocumentRoot /srv/www/----DOMAIN----/public/
ErrorLog /srv/www/----DOMAIN----/logs/error.log
CustomLog /srv/www/----DOMAIN----/logs/access.log combined
<IfModule mpm_itk_module>
AssignUserId www-data www-data
</IfModule>
</VirtualHost>
EOF
# Create robots.txt file.
touch /srv/www/----DOMAIN----/public/robots.txt
cat > /srv/www/----DOMAIN----/public/robots.txt <<EOF
User-agent: *
EOF
## Optimize server.
# Remove Apache server information from headers.
sed -i 's/ServerTokens .*/ServerTokens Prod/' /etc/apache2/conf.d/security
sed -i 's/ServerSignature .*/ServerSignature Off/' /etc/apache2/conf.d/security
# Tweak apache.conf.
cp /etc/apache2/{apache2.conf,apache2.conf.bak}
sed -i 's/\(^\s*StartServers\)\s*[0-9]*/\1 1/' /etc/apache2/apache2.conf
sed -i 's/\(^\s*MaxClients\)\s*[0-9]*/\1 45/' /etc/apache2/apache2.conf
sed -i 's/\(^\s*MinSpareThreads\)\s*[0-9]*/\1 2/' /etc/apache2/apache2.conf
sed -i 's/\(^\s*MaxSpareThreads\)\s*[0-9]*/\1 5/' /etc/apache2/apache2.conf
sed -i 's/\(^\s*ThreadLimit\)\s*[0-9]*/\1 15/' /etc/apache2/apache2.conf
sed -i 's/\(^\s*ThreadsPerChild\)\s*[0-9]*/\1 15/' /etc/apache2/apache2.conf
sed -i 's/\(^\s*MaxRequestsPerChild\)\s*[0-9]*/\1 5000/' /etc/apache2/apache2.conf
# Tweak php.ini.
phpinidir="/etc/php5/cgi/php.ini"
sed -i 's/^\(max_execution_time = \)[0-9]*/\1120/' $phpinidir
sed -i 's/^\(max_input_time = \)[0-9]*/\1300/' $phpinidir
sed -i 's/^\(memory_limit = \)[0-9]*M/\164M/' $phpinidir
sed -i 's/^\(post_max_size = \)[0-9]*M/\125M/' $phpinidir
sed -i 's/^\(upload_max_filesize = \)[0-9]*M/\125M/' $phpinidir
sed -i 's/disable_functions =/disable_functions = exec,system,passthru,shell_exec,escapeshellarg,escapeshellcmd,proc_close,proc_open,dl,popen,show_source/' $phpinidir
# Harden sysctl.conf.
sed -i 's/^#net.ipv4.conf.all.accept_source_route = 0/net.ipv4.conf.all.accept_source_route = 0/' /etc/sysctl.conf
sed -i 's/^net.ipv4.conf.all.accept_source_route = 1/net.ipv4.conf.all.accept_source_route = 0/' /etc/sysctl.conf
sed -i 's/^#net.ipv6.conf.all.accept_source_route = 0/net.ipv6.conf.all.accept_source_route = 0/' /etc/sysctl.conf
sed -i 's/^net.ipv6.conf.all.accept_source_route = 1/net.ipv6.conf.all.accept_source_route = 0/' /etc/sysctl.conf
## Secure Apache2.
# Install mod_security & mod_evasive.
aptitude -y install libapache2-mod-evasive libapache-mod-security php5-suhosin
apt-get -f install
# Install PageSpeed Apache2 Module.
wget https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-beta_current_amd64.deb
dpkg -i mod-pagespeed-*.deb
apt-get -f install
## Install Postfix for use with Gmail.
# Install Postfix.
echo "postfix postfix/main_mailer_type select Internet Site" | debconf-set-selections
echo "postfix postfix/mailname string ----DOMAIN----" | debconf-set-selections
echo "postfix postfix/destinations string localhost.localdomain, localhost" | debconf-set-selections
aptitude -y install postfix
# Create main.cf file.
cp /etc/postfix/main.cf /etc/postfix/main.cf.bak
rm /etc/postfix/main.cf
touch /etc/postfix/main.cf
cat > /etc/postfix/main.cf <<EOF
# Main settings
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=no
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# Host settings
myhostname = ----DOMAIN----
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination =
relayhost = [smtp.gmail.com]:587
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = loopback-only
default_transport = smtp
relay_transport = smtp
inet_protocols = all
# SASL Settings
smtp_use_tls=yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_CAfile = /etc/postfix/cacert.pem
EOF
# Create sasl_password file.
touch /etc/postfix/sasl_passwd
cat > /etc/postfix/sasl_passwd <<EOF
[smtp.gmail.com]:587 ----YOUR-GMAIL-ADDRESS----:----GMAIL PASSWORD----
EOF
# Increase file security.
chmod 400 /etc/postfix/sasl_passwd
postmap /etc/postfix/sasl_passwd
touch /etc/postfix/cacert.pem
cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem >> /etc/postfix/cacert.pem
# Activate site, restart Postfix & Apache2.
a2ensite ----DOMAIN----
/etc/init.d/apache2 restart
/etc/init.d/postfix restart
Good luck!
Zach[/code] |
|
| Back to top |
|
| |
|