249 lines
7.2 KiB
Bash
Executable File
249 lines
7.2 KiB
Bash
Executable File
#!/bin/bash
|
|
# Type of instance Base 19.2
|
|
|
|
# wpDeploy
|
|
# Nick Leffler
|
|
# 20190930 v1
|
|
|
|
##### EDIT HERE ####
|
|
# acme.sh location
|
|
acmebin="/root/.acme.sh/acme.sh"
|
|
|
|
# httpd server user
|
|
wwwUser="nginx"
|
|
|
|
#### DON"T TOUCH BELOW HERE ####
|
|
|
|
get_info () {
|
|
read -p "Enter Site Name: " siteName
|
|
read -p "Enter Site Title: " siteTitle
|
|
read -p "SSL [Y/n]: " siteProtoIn
|
|
read -p "Certbot ready? [Y/n]: " cbReady
|
|
read -p "Enter Site URL [without http/s]: " siteURL
|
|
read -p "Enter WPAdmin email: " adminEmail
|
|
|
|
if [[ $siteProtoIn == "n" ]]; then
|
|
siteProto="http://"
|
|
ssl=0
|
|
fi
|
|
|
|
fullURL="${siteProto}${siteURL}"
|
|
}
|
|
|
|
genSSL () {
|
|
mkdir -p "/etc/nginx/ssl/${siteURL}/" || exit
|
|
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/${siteURL}/key -out /etc/nginx/ssl/${siteURL}/crt \
|
|
-subj "/C=TT/ST=TT/L=TT/O=TEMP/OU=TEMP/CN=$siteURL/emailAddress=TEMP"
|
|
|
|
sslCert="/etc/nginx/ssl/${siteURL}/crt"
|
|
sslKey="/etc/nginx/ssl/${siteURL}/key"
|
|
}
|
|
|
|
certbotSSL () {
|
|
"${acmebin}" --issue --dns dns_cf -d "${siteURL}" --reloadcmd "systemctl reload nginx" --force
|
|
|
|
sslCert="/root/.acme.sh/${siteURL}/fullchain.cer"
|
|
sslKey="/root/.acme.sh/${siteURL}/${siteURL}.key"
|
|
}
|
|
|
|
create_wp_db () {
|
|
siteNoP=$(echo "${siteURL}" | sed 's/\.//g')
|
|
# create wordpress user with passwd
|
|
wpasswd=$(openssl rand 39 -base64 | cut -c1-37)
|
|
wpapasswd=$(openssl rand 39 -base64 | cut -c1-37)
|
|
mysql -e "create database ${siteNoP}"
|
|
mysql -e "grant all on ${siteNoP}.* to ${siteNoP}@localhost identified by '${wpasswd}'"
|
|
}
|
|
|
|
vHostHTTP () {
|
|
siteFile="/etc/nginx/sites-available/${siteURL}"
|
|
# create nginx config for site
|
|
cat <<EOF > "${siteFile}"
|
|
server {
|
|
## Your website name goes here.
|
|
server_name "${siteURL}";
|
|
## Your only path reference.
|
|
root "${siteFP}";
|
|
## This should be in your http block and if it is, it's not needed here.
|
|
index index.php;
|
|
|
|
location = /favicon.ico {
|
|
log_not_found off;
|
|
access_log off;
|
|
}
|
|
|
|
location = /robots.txt {
|
|
allow all;
|
|
log_not_found off;
|
|
access_log off;
|
|
}
|
|
|
|
location ~ /\. {
|
|
access_log off;
|
|
log_not_found off;
|
|
deny all;
|
|
}
|
|
|
|
location ~* \\.(js|css|png|jpg|jpeg|gif|ico)$ {
|
|
expires max;
|
|
log_not_found off;
|
|
}
|
|
|
|
|
|
location / {
|
|
# This is cool because no php is touched for static content.
|
|
# include the "?\$args" part so non-default permalinks doesn't break when using query string
|
|
try_files \$uri \$uri/ /index.php?\$args;
|
|
}
|
|
|
|
# Pass PHP scripts to PHP-FPM
|
|
location ~* \\.php\$ {
|
|
fastcgi_index index.php;
|
|
fastcgi_intercept_errors on;
|
|
fastcgi_pass php;
|
|
#fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
|
|
include fastcgi_params;
|
|
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
|
|
fastcgi_param SCRIPT_NAME \$fastcgi_script_name;
|
|
}
|
|
}
|
|
EOF
|
|
}
|
|
|
|
vHostHTTPS () {
|
|
# create nginx config for site
|
|
siteFile="/etc/nginx/sites-available/${siteURL}"
|
|
cat <<EOF > "${siteFile}"
|
|
server {
|
|
listen 80;
|
|
server_name "${siteURL}";
|
|
return 301 https://\$server_name\$request_uri;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl;
|
|
## Your website name goes here.
|
|
server_name "${siteURL}";
|
|
## Your only path reference.
|
|
root "${siteFP}";
|
|
## This should be in your http block and if it is, it's not needed here.
|
|
index index.php;
|
|
|
|
location = /favicon.ico {
|
|
log_not_found off;
|
|
access_log off;
|
|
}
|
|
|
|
location = /robots.txt {
|
|
allow all;
|
|
log_not_found off;
|
|
access_log off;
|
|
}
|
|
|
|
location ~ /\. {
|
|
access_log off;
|
|
log_not_found off;
|
|
deny all;
|
|
}
|
|
|
|
location ~* \\.(js|css|png|jpg|jpeg|gif|ico)$ {
|
|
expires max;
|
|
log_not_found off;
|
|
}
|
|
|
|
|
|
location / {
|
|
# This is cool because no php is touched for static content.
|
|
# include the "?\$args" part so non-default permalinks doesn't break when using query string
|
|
try_files \$uri \$uri/ /index.php?\$args;
|
|
}
|
|
|
|
# Pass PHP scripts to PHP-FPM
|
|
location ~* \\.php\$ {
|
|
fastcgi_index index.php;
|
|
fastcgi_intercept_errors on;
|
|
fastcgi_pass php;
|
|
#fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
|
|
include fastcgi_params;
|
|
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
|
|
fastcgi_param SCRIPT_NAME \$fastcgi_script_name;
|
|
}
|
|
|
|
ssl_certificate "${sslCert}";
|
|
ssl_certificate_key "${sslKey}";
|
|
|
|
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK";
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_session_cache shared:SSL:10m;
|
|
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
|
|
add_header X-Content-Type-Options nosniff;
|
|
#ssl_stapling on;
|
|
#ssl_stapling_verify on;
|
|
#resolver 8.8.8.8 4.2.2.1 valid=300s;
|
|
#resolver_timeout 5s;
|
|
}
|
|
EOF
|
|
}
|
|
|
|
nginx-conf () {
|
|
if [[ "${ssl}" = 1 ]]; then
|
|
if [[ "${cbReady}" = "y" ]]; then
|
|
certbotSSL
|
|
else
|
|
genSSL
|
|
fi
|
|
vHostHTTPS
|
|
else
|
|
vHostHTTP
|
|
fi
|
|
}
|
|
|
|
########################################################################
|
|
# #
|
|
# Starts HERE #
|
|
# #
|
|
########################################################################
|
|
|
|
# set defaults
|
|
siteProto="https://"
|
|
ssl=1
|
|
cbReady="y"
|
|
|
|
# get mdata
|
|
get_info
|
|
|
|
# Create variable from inputed ones
|
|
siteFP="/usr/share/nginx/html/${siteURL}/wordpress"
|
|
|
|
# do mysql stuff
|
|
create_wp_db
|
|
|
|
# create admin email
|
|
#adminEmail="admin@${siteURL}"
|
|
|
|
# Create site with wp-cli
|
|
mkdir -p "${siteFP}" || exit
|
|
cd "${siteFP}" || exit
|
|
chown -R "${wwwUser}":"${wwwUser}" "$(dirname ${siteFP})"
|
|
sudo -u "${wwwUser}" /usr/local/bin/wp core download
|
|
sudo -u "${wwwUser}" /usr/local/bin/wp config create --dbname="${siteNoP}" --dbuser="${siteNoP}" --dbpass="${wpasswd}" --path="${siteFP}"
|
|
sudo -u "${wwwUser}" /usr/local/bin/wp core install --url="${fullURL}" --title="${siteTitle}" --admin_user="wpm258159" --admin_password="${wpapasswd}" --admin_email="${adminEmail}" --path="${siteFP}" --skip-email
|
|
|
|
|
|
# Confiugre nginx and create config
|
|
nginx-conf
|
|
ln -s ${siteFile} /etc/nginx/sites-enabled/
|
|
nginx -t
|
|
read -p "Would you like to reload nginx to take new changes?: [y/n]" yy
|
|
if [ ${yy} == "y" ]; then
|
|
echo "reloading nginx"
|
|
systemctl reload nginx
|
|
fi
|
|
|
|
# Echo errythang that matters
|
|
echo "The WP sql password is: ${wpasswd}"
|
|
echo "${siteName} is at ${siteProto}${siteURL} with the title ${siteTitle} and the admin email of ${adminEmail}"
|
|
echo "The wp-admin email/username is: ${adminEmail} and the password is: ${wpapasswd}"
|
|
echo "Thank you and have a great day"
|