diff --git a/lib/lemper-create.sh b/lib/lemper-create.sh index 43d2c7a..2e26d2c 100755 --- a/lib/lemper-create.sh +++ b/lib/lemper-create.sh @@ -18,8 +18,8 @@ set -e # Version control. -APP_NAME=$(basename "$0") -APP_VERSION="1.0.1" +PROG_NAME=$(basename "$0") +PROG_VER="2.x.x" CMD_PARENT="lemper-cli" CMD_NAME="create" @@ -95,7 +95,7 @@ function run() { # May need to run this as sudo! if [[ "$(id -u)" -ne 0 ]]; then - error "This command can only be used by root." + error "This command can only be run by root." exit 1 fi @@ -109,7 +109,7 @@ done if [[ ${#NO_PACKAGES[@]} -gt 0 ]]; then printf -v NO_PACKAGES_STR '%s, ' "${NO_PACKAGES[@]}" - error "${APP_NAME^} requires: ${NO_PACKAGES_STR%, }, please install it first!" + error "${PROG_NAME} requires: ${NO_PACKAGES_STR%, }, please install it first!" echo "help: run 'sudo apt-get install ${NO_PACKAGES[*]}'" exit 1 fi @@ -123,8 +123,8 @@ fi # output to STDERR. # function show_usage { - cat <<- _EOF_ -${APP_NAME^} ${APP_VERSION} + cat <<- EOL +${CMD_PARENT} ${CMD_NAME} ${PROG_VER} Creates NGiNX virtual host (vHost) configuration file. Requirements: @@ -149,7 +149,7 @@ Options: -p, --php-version PHP version for selected framework. Latest recommended PHP version is "7.4". -u, --username - Use username added from adduseruseradd. Default user set as lemper. Do not use root user!! + Use username added from useradd. Default user set as LEMPer's user, Do not use root user!! -w, --webroot Web root is an absolute path to the website root directory, i.e. /home/lemper/webapps/example.test. @@ -178,7 +178,7 @@ Example: For more informations visit https://masedi.net/lemper Mail bug reports and suggestions to -_EOF_ +EOL } ## @@ -188,7 +188,7 @@ _EOF_ # function create_vhost_default() { if [[ ${DRYRUN} != true ]]; then - cat <<- _EOF_ + cat <<- EOL server { listen 80; listen [::]:80; @@ -202,8 +202,8 @@ server { #include /etc/nginx/includes/ssl.conf; ## Log Settings. - access_log ${WEBROOT}/access_log combined buffer=32k; - error_log ${WEBROOT}/error_log error; + access_log /home/${USERNAME}/logs/nginx/access_log combined buffer=32k; + error_log /home/${USERNAME}/logs/nginx/error_log error; ## Virtual host root directory. set \$root_path "${WEBROOT}"; @@ -290,14 +290,14 @@ server { } ## Uncomment to enable error page directives configuration. - include /etc/nginx/includes/error_pages.conf; + #include /etc/nginx/includes/error_pages.conf; ## Uncomment to enable support cgi-bin scripts using fcgiwrap (like cgi-bin in Apache). #include /etc/nginx/includes/fcgiwrap.conf; } -_EOF_ +EOL else - info "Vhost created in dryrun mode, no data written." + info "Vhost created in dry run mode, no data written." fi } @@ -307,7 +307,7 @@ _EOF_ # function create_vhost_drupal() { if [[ ${DRYRUN} != true ]]; then - cat <<- _EOF_ + cat <<- EOL server { listen 80; listen [::]:80; @@ -321,8 +321,8 @@ server { #include /etc/nginx/includes/ssl.conf; ## Log Settings. - access_log ${WEBROOT}/access_log combined buffer=32k; - error_log ${WEBROOT}/error_log error; + access_log /home/${USERNAME}/logs/nginx/access_log combined buffer=32k; + error_log /home/${USERNAME}/logs/nginx/error_log error; ## Virtual host root directory. set \$root_path "${WEBROOT}"; @@ -403,14 +403,14 @@ server { } ## Uncomment to enable error page directives configuration. - include /etc/nginx/includes/error_pages.conf; + #include /etc/nginx/includes/error_pages.conf; ## Uncomment to enable support cgi-bin scripts using fcgiwrap (like cgi-bin in Apache). #include /etc/nginx/includes/fcgiwrap.conf; } -_EOF_ +EOL else - info "Vhost created in dryrun mode, no data written." + info "Vhost created in dry run mode, no data written." fi } @@ -420,7 +420,7 @@ _EOF_ # function create_vhost_laravel() { if [[ ${DRYRUN} != true ]]; then - cat <<- _EOF_ + cat <<- EOL server { listen 80; listen [::]:80; @@ -434,8 +434,8 @@ server { #include /etc/nginx/includes/ssl.conf; ## Log Settings. - access_log ${WEBROOT}/access_log combined buffer=32k; - error_log ${WEBROOT}/error_log error; + access_log /home/${USERNAME}/logs/nginx/access_log combined buffer=32k; + error_log /home/${USERNAME}/logs/nginx/error_log error; ## Virtual host root directory. set \$root_path "${WEBROOT}/public"; @@ -517,14 +517,14 @@ server { } ## Uncomment to enable error page directives configuration. - include /etc/nginx/includes/error_pages.conf; + #include /etc/nginx/includes/error_pages.conf; ## Uncomment to enable support cgi-bin scripts using fcgiwrap (like cgi-bin in Apache). #include /etc/nginx/includes/fcgiwrap.conf; } -_EOF_ +EOL else - info "Vhost created in dryrun mode, no data written." + info "Vhost created in dry run mode, no data written." fi } @@ -534,7 +534,7 @@ _EOF_ # function create_vhost_phalcon() { if [[ ${DRYRUN} != true ]]; then - cat <<- _EOF_ + cat <<- EOL server { listen 80; listen [::]:80; @@ -548,8 +548,8 @@ server { #include /etc/nginx/includes/ssl.conf; ## Log Settings. - access_log ${WEBROOT}/access_log combined buffer=32k; - error_log ${WEBROOT}/error_log error; + access_log /home/${USERNAME}/logs/nginx/access_log combined buffer=32k; + error_log /home/${USERNAME}/logs/nginx/error_log error; ## Virtual host root directory. set \$root_path "${WEBROOT}/public"; @@ -634,14 +634,14 @@ server { } ## Uncomment to enable error page directives configuration. - include /etc/nginx/includes/error_pages.conf; + #include /etc/nginx/includes/error_pages.conf; ## Uncomment to enable support cgi-bin scripts using fcgiwrap (like cgi-bin in Apache). #include /etc/nginx/includes/fcgiwrap.conf; } -_EOF_ +EOL else - info "Vhost created in dryrun mode, no data written." + info "Vhost created in dry run mode, no data written." fi } @@ -649,21 +649,21 @@ _EOF_ # Output Wordpress Multisite vHost header. # function prepare_vhost_wpms() { - cat <<- _EOF_ + cat <<- EOL # Wordpress Multisite Mapping for NGiNX (Requires NGiNX Helper plugin). map \$http_host \$blogid { default 0; include ${WEBROOT}/wp-content/uploads/nginx-helper/[map].conf; } -_EOF_ +EOL } ## # Output server block for HTTP to HTTPS redirection. # function redirect_http_to_https() { - cat <<- _EOF_ + cat <<- EOL # HTTP to HTTPS redirection server { @@ -675,7 +675,7 @@ server { # Automatically redirect site to HTTPS protocol. return 301 https://\$server_name\$request_uri; } -_EOF_ +EOL } ## @@ -684,7 +684,7 @@ _EOF_ # function create_index_file() { if [[ ${DRYRUN} != true ]]; then - cat <<- _EOF_ + cat <<- EOL @@ -731,9 +731,9 @@ div.banner{color:#009639;font-family:Montserrat,sans-serif;position:absolute;lef -_EOF_ +EOL else - info "index file created in dryrun mode, no data written." + info "index file created in dry run mode, no data written." fi } @@ -742,7 +742,7 @@ _EOF_ # To be outputted into new pool file in fpm/pool.d. # function create_fpm_pool_conf() { - cat <<- _EOF_ + cat <<- EOL [${USERNAME}] user = ${USERNAME} group = ${USERNAME} @@ -793,7 +793,7 @@ php_admin_value[upload_tmp_dir] = /home/${USERNAME}/.lemper/tmp php_admin_value[upload_max_filesize] = 20M php_admin_value[post_max_size] = 20M ;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f you@yourmail.com -_EOF_ +EOL } ## @@ -877,9 +877,9 @@ function add_local_domain() { # function create_app_db() { echo "Creating application database (SQL)..." - + APP_UID="$(openssl rand -base64 32 | tr -dc 'a-z0-9' | fold -w 8 | head -n 1)" - APP_DB_USER=${1:-"${USERNAME}_${APP_UID}"} + APP_DB_USER=${1:-"db_${APP_UID}"} APP_DB_PASS=${2:-"$(openssl rand -base64 64 | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1)"} APP_DB_NAME=${3:-"app_${APP_UID}"} @@ -906,7 +906,7 @@ function install_wordpress() { # Download WordPress skeleton files. run sudo -u "${USERNAME}" -i -- wp-cli core download --path="${WEBROOT}" - # create_app_db [system_username] [app_db_username] [app_db_password] [app_db_name] + # create_app_db [app_db_username] [app_db_password] [app_db_name] create_app_db "${APP_DB_USER}" "${APP_DB_PASS}" "${APP_DB_NAME}" run sudo -u "${USERNAME}" -i -- wp-cli config create --dbname="${APP_DB_NAME}" \ @@ -931,10 +931,10 @@ function install_wordpress() { # function init_lemper_create() { # Command line arguments. - OPTS=$(getopt -o u:d:e:f:4:6:w:p:icPsFWDhv \ - -l username:,domain-name:,admin-email:,framework:,ipv4:,ipv6:,webroot:,php-version:,install-app \ + OPTS=$(getopt -o u:d:e:f:4:6:w:p:iScPsFWDhv \ + -l username:,domain-name:,admin-email:,framework:,ipv4:,ipv6:,webroot:,php-version:,install-app,subdomains \ -l enable-fastcgi-cache,enable-pagespeed,enable-ssl,enable-fail2ban,wildcard-domain,dryrun,help,version \ - -n "${APP_NAME}" -- "$@") + -n "${PROG_NAME}" -- "$@") eval set -- "${OPTS}" @@ -947,6 +947,7 @@ function init_lemper_create() { FRAMEWORK="default" PHP_VERSION="7.4" INSTALL_APP=false + WPMS_SUBDOMAINS="" ENABLE_FASTCGI_CACHE=false ENABLE_PAGESPEED=false ENABLE_SSL=false @@ -954,14 +955,6 @@ function init_lemper_create() { ENABLE_FAIL2BAN=false TMPDIR="/tmp/lemper" - # Default application login. - APP_UID="$(openssl rand -base64 32 | tr -dc 'a-z0-9' | fold -w 6 | head -n 1)" - APP_DB_USER="${USERNAME}_${APP_UID}" - APP_DB_PASS="$(openssl rand -base64 64 | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1)" - APP_DB_NAME="app_${APP_UID}" - APP_ADMIN_USER="admin" - APP_ADMIN_PASS="$(openssl rand -base64 64 | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1)" - # Test mode DRYRUN=false @@ -969,75 +962,97 @@ function init_lemper_create() { MAIN_ARGS=0 # Parse flags - while true - do + while true; do case "${1}" in - -4 | --ipv4) shift + -4 | --ipv4) + shift IPv4="${1}" shift ;; - -6 | --ipv6) shift + -6 | --ipv6) + shift IPv6="${1}" shift ;; - -d | --domain-name) shift + -d | --domain-name) + shift SERVERNAME="${1}" MAIN_ARGS=$((MAIN_ARGS + 1)) shift ;; - -e | --admin-email) shift + -e | --admin-email) + shift APP_ADMIN_EMAIL="${1}" shift ;; - -f | --framework) shift + -f | --framework) + shift FRAMEWORK="${1}" shift ;; - -u | --username) shift + -u | --username) + shift USERNAME="${1}" shift ;; - -w | --webroot) shift + -w | --webroot) + shift # Remove badly and trailing slash. #WEBROOT=$(echo "${1}" | sed 's:/*$::') WEBROOT=$(echo "${1}" | tr -s /) shift ;; - -p | --php-version) shift + -p | --php-version) + shift PHP_VERSION="${1}" shift ;; - -c | --enable-fastcgi-cache) shift + -c | --enable-fastcgi-cache) + shift ENABLE_FASTCGI_CACHE=true ;; - -D | --dryrun) shift + -D | --dryrun) + shift DRYRUN=true ;; - -F | --enable-fail2ban) shift + -F | --enable-fail2ban) + shift ENABLE_FAIL2BAN=true ;; - -h | --help) shift + -h | --help) + shift show_usage exit 0 ;; - -i | --install-app) shift + -i | --install-app) + shift INSTALL_APP=true ;; - -P | --enable-pagespeed) shift + -S | --subdomains) + shift + WPMS_SUBDOMAINS="--subdomains" + ;; + -P | --enable-pagespeed) + shift ENABLE_PAGESPEED=true ;; - -s | --enable-ssl) shift + -s | --enable-ssl) + shift ENABLE_SSL=true ;; - -v | --version) shift - echo "${APP_NAME^} version ${APP_VERSION}" - exit 1 + -v | --version) + shift + echo "${PROG_NAME} version ${PROG_VER}" + exit 0 ;; - -W | --wildcard-domain) shift + -W | --wildcard-domain) + shift ENABLE_WILDCARD_DOMAIN=true ;; - --) shift + --) + # End of all options, shift to the next (non getopt) argument as $1. + shift break ;; *) @@ -1047,6 +1062,14 @@ function init_lemper_create() { esac done + # Default application credential data. + APP_UID="$(openssl rand -base64 32 | tr -dc 'a-z0-9' | fold -w 6 | head -n 1)" + APP_DB_USER="${USERNAME}_${APP_UID}" + APP_DB_PASS="$(openssl rand -base64 64 | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1)" + APP_DB_NAME="app_${APP_UID}" + APP_ADMIN_USER="admin" + APP_ADMIN_PASS="$(openssl rand -base64 64 | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1)" + if [[ "${MAIN_ARGS}" -ge 1 ]]; then # Additional Check - ensure that Nginx's configuration meets the requirements. if [[ ! -d /etc/nginx/sites-available && ! -d /etc/nginx/vhost ]]; then @@ -1236,7 +1259,7 @@ function init_lemper_create() { error "Something went wrong while downloading ${FRAMEWORK^} files." fi - # create_app_db [system_username] [app_db_username] [app_db_password] [app_db_name] + # create_app_db [app_db_username] [app_db_password] [app_db_name] create_app_db "${APP_DB_USER}" "${APP_DB_PASS}" "${APP_DB_NAME}" else info "It seems that ${FRAMEWORK^} skeleton files already exists." @@ -1368,6 +1391,8 @@ function init_lemper_create() { # Install WordPress skeleton. install_wordpress + APP_ADMIN_USER="wpadmin" + if command -v wp-cli &> /dev/null; then run sudo -u "${USERNAME}" -i -- wp-cli core install --url="${SERVERNAME}" \ --title="WordPress Managed by LEMPer Stack" \ @@ -1412,22 +1437,25 @@ function init_lemper_create() { # Install WordPress. install_wordpress + APP_ADMIN_USER="wpadmin" + if command -v wp-cli &> /dev/null; then - run sudo -u "${USERNAME}" -i -- wp-cli core multisite-install --subdomains --url="${SERVERNAME}" \ + run sudo -u "${USERNAME}" -i -- wp-cli core multisite-install "${WPMS_SUBDOMAINS}" --url="${SERVERNAME}" \ --title="WordPress Multi-site Managed by LEMPer" --admin_user="${APP_ADMIN_USER}" \ --admin_password="${APP_ADMIN_PASS}" --admin_email="${APP_ADMIN_EMAIL}" --path="${WEBROOT}" && \ - run sudo -u "${USERNAME}" -i -- wp-cli plugin install akismet nginx-helper --activate-network --path="${WEBROOT}" + run sudo -u "${USERNAME}" -i -- wp-cli plugin install \ + akismet classic-editor nginx-helper redis-cache statically --activate-network --path="${WEBROOT}" fi # Mercator domain mapping. run git clone --depth=1 --branch=master -q https://github.com/humanmade/Mercator.git "${WEBROOT}/wp-content/mu-plugins/mercator" && \ - cat > "${WEBROOT}/wp-content/sunrise.php" <<_EOL_ + cat > "${WEBROOT}/wp-content/sunrise.php" < "/etc/fail2ban/jail.d/${SERVERNAME}.conf" <<_EOL_ + cat > "/etc/fail2ban/jail.d/${SERVERNAME}.conf" < "/etc/lemper/vhost.d/${SERVERNAME}.conf" <<_EOL_ + cat > "/etc/lemper/vhost.d/${SERVERNAME}.conf" <