Skip to content

Instantly share code, notes, and snippets.

@dertin

dertin/install.sh

Last active July 4, 2018 00:38
Show Gist options
  • Save dertin/8de14e458dd4f0d3acb5f0deff120951 to your computer and use it in GitHub Desktop.
Save dertin/8de14e458dd4f0d3acb5f0deff120951 to your computer and use it in GitHub Desktop.
Download ZIP
INSTALL LEMP STACK - DEBIAN 8.8
Raw
install.sh
#!/bin/bash
# Tested on Debian 8.8 32bit / 64bit
# NOT COMPLETED, CONTAINS SERIOUS ERRORS
# TODO: https://www.linode.com/docs/security/securing-your-server
# Functions
function wgetAndDecompress(){
dirTmp=$1
folderTmp=$2
downloadAddress=$3
if [ -z $dirTmp ] || [ -z $folderTmp ] || [ -z $downloadAddress ]
then
read -n 1 -s -p "Critical error in wgetAndDecompress()" && echo -e "\n"
exit 0
fi
# tar.gz or tar.xz
mkdir -p $dirTmp/$folderTmp
wget -O $dirTmp/$folderTmp.tar $downloadAddress
rm -Rf $dirTmp/$folderTmp/*
tar -xvf $dirTmp/$folderTmp.tar -C $dirTmp/$folderTmp --strip-components=1
cd $dirTmp/$folderTmp
}
function pauseToContinue() {
read -n 1 -s -p "Press any key to continue" && echo -e "\n"
}
# init
read -e -i "Y" -p "Install Essential ? [Y/n]: " input_install_essential
if [ $input_install_essential == "Y" ] || [ $input_install_essential == "y" ]
then
# Build Essential
apt-get -y update
apt-get -y upgrade
apt-get -y install coreutils build-essential expect perl file sudo cron xsltproc docbook-xsl docbook-xml \
libpcre3 libpcre3-dev zlib1g-dev golang libssl-dev cmake-data cmake libtiffxx5 libexpat1-dev libpng12-dev libfreetype6-dev \
pkg-config libfontconfig1-dev libjpeg62-turbo-dev libjpeg-dev xorg-sgml-doctools \
x11proto-core-dev libxau-dev libxdmcp-dev needrestart g++ make binutils autoconf automake autotools-dev libtool \
libbz2-dev zlib1g-dev libcunit1-dev libxml2-dev libev-dev libevent-dev libjansson-dev \
libjemalloc-dev cython python3-dev python-setuptools libaio-dev libncurses5-dev \
m4 libunistring-dev libgmp-dev trousers libidn2-0 libunbound-dev \
bison libmcrypt-dev libicu-dev libltdl-dev libjpeg-dev libpng-dev libpspell-dev libreadline-dev \
uuid-dev libc6-dev libc-dbg libpam0g-dev libmsgpack-dev libstemmer-dev libbsd-dev \
libstdc++-4.9-dev autoconf-archive gnu-standards gettext gcc-4.9-locales debian-keyring \
g++-multilib g++-4.9-multilib gcc-multilib flex liblinear-tools liblinear-dev mcrypt \
gcj-jdk valgrind kytea libkytea-dev valgrind-mpi valkyrie \
libdbi-perl libboost-all-dev libreadline-dev rsync net-tools libdbd-mysql-perl \
re2c
apt-get -y remove --purge --auto-remove curl
apt-get -y build-dep curl
apt-get -y build-dep zlib
apt-get -y build-dep openssl
apt-get -y upgrade
apt-get -y autoremove
pauseToContinue
read -e -i "Y" -p "Reboot ? [Y/n]: " input_install_reboot
if [ $input_install_reboot == "Y" ] || [ $input_install_reboot == "y" ]
then
reboot
exit 0
fi
fi
#####################################################################################################################
read -e -i "Y" -p "Install OpenSSL ? [Y/n]: " input_install_openssl
if [ $input_install_openssl == "Y" ] || [ $input_install_openssl == "y" ]
then
# Install OpenSSL (Tested with 1.1.0f - https://www.openssl.org/source/openssl-1.1.0f.tar.gz)
openssl_address="https://www.openssl.org/source/openssl-1.1.0f.tar.gz"
read -e -i "$openssl_address" -p "Enter the download address for OpenSSL (tar.gz): " input_openssl_address
openssl_address="${input_openssl_address:-$openssl_address}"
openssl_install_tmp_dir="/var/tmp/openssl_build"
read -e -i "$openssl_install_tmp_dir" -p "Enter temporary directory for OpenSSL installation: " input_openssl_install_tmp_dir
openssl_install_tmp_dir="${input_openssl_install_tmp_dir:-$openssl_install_tmp_dir}"
# Func wgetAndDecompress (dirTmp, folderTmp, downloadAddress)
wgetAndDecompress $openssl_install_tmp_dir openssl_src $openssl_address
CPPFLAGS=-I/usr/local/include \
LDFLAGS="-L/usr/local/lib -Wl,-rpath,/usr/local/lib" \
LIBS="-ldl" \
./config -Wl,--enable-new-dtags,-rpath,'$(LIBRPATH)' no-comp no-zlib no-zlib-dynamic shared
make
make test
sed -i 's# libcrypto.a##;s# libssl.a##;/INSTALL_LIBS/s#libcrypto.a##' Makefile
make MANSUFFIX=ssl install
ldconfig
ldconfig -p | grep libcrypto
whereis openssl
openssl version -v
pauseToContinue
needrestart -r l
fi
#####################################################################################################################
read -e -i "Y" -p "Install zlib ? [Y/n]: " input_install_zlib
if [ $input_install_zlib == "Y" ] || [ $input_install_zlib == "y" ]
then
# Install zlib (Tested with 1.2.11 - http://www.zlib.net/zlib-1.2.11.tar.gz)
zlib_address="http://www.zlib.net/zlib-1.2.11.tar.gz"
read -e -i "$zlib_address" -p "Enter the download address for zlib (tar.gz): " input_zlib_address
zlib_address="${input_zlib_address:-$zlib_address}"
zlib_install_tmp_dir="/var/tmp/zlib_build"
read -e -i "$zlib_install_tmp_dir" -p "Enter temporary directory for zlib installation: " input_zlib_install_tmp_dir
zlib_install_tmp_dir="${input_zlib_install_tmp_dir:-$zlib_install_tmp_dir}"
# Func wgetAndDecompress (dirTmp, folderTmp, downloadAddress)
wgetAndDecompress $zlib_install_tmp_dir zlib_src $zlib_address
CPPFLAGS="-I/usr/local/include -I/usr/include/i386-linux-gnu" \
LDFLAGS="-L/usr/local/lib -Wl,-rpath,/usr/local/lib" \
LIBS="-ldl" \
./configure --shared
make
make install
ldconfig
pauseToContinue
fi
#####################################################################################################################
read -e -i "Y" -p "Install lz4 ? [Y/n]: " input_install_lz4
if [ $input_install_lz4 == "Y" ] || [ $input_install_lz4 == "y" ]
then
# Install LZ4 (Tested with v1.7.5 - https://github.com/lz4/lz4/archive/v1.7.5.tar.gz)
lz4_address="https://github.com/lz4/lz4/archive/v1.7.5.tar.gz"
read -e -i "$lz4_address" -p "Enter the download address for lz4 (tar.gz): " input_lz4_address
lz4_address="${input_lz4_address:-$lz4_address}"
lz4_install_tmp_dir="/var/tmp/lz4_build"
read -e -i "$lz4_install_tmp_dir" -p "Enter temporary directory for libssh2 installation: " input_lz4_install_tmp_dir
lz4_install_tmp_dir="${input_lz4_install_tmp_dir:-$lz4_install_tmp_dir}"
wgetAndDecompress $lz4_install_tmp_dir lz4_src $lz4_address
make
make install
ldconfig
lz4 -V
pauseToContinue
fi
#####################################################################################################################
read -e -i "Y" -p "Install libssh2 ? [Y/n]: " input_install_libssh2
if [ $input_install_libssh2 == "Y" ] || [ $input_install_libssh2 == "y" ]
then
# Install libssh2 (Tested with 1.8.0 - https://libssh2.org/download/libssh2-1.8.0.tar.gz)
libssh2_address="https://libssh2.org/download/libssh2-1.8.0.tar.gz"
read -e -i "$libssh2_address" -p "Enter the download address for libssh2 (tar.gz): " input_libssh2_address
libssh2_address="${input_libssh2_address:-$libssh2_address}"
libssh2_install_tmp_dir="/var/tmp/libssh2_build"
read -e -i "$libssh2_install_tmp_dir" -p "Enter temporary directory for libssh2 installation: " input_libssh2_install_tmp_dir
libssh2_install_tmp_dir="${input_libssh2_install_tmp_dir:-$libssh2_install_tmp_dir}"
wgetAndDecompress $libssh2_install_tmp_dir libssh2_src $libssh2_address
CPPFLAGS="-I/usr/local/include -I/usr/include/i386-linux-gnu" \
LDFLAGS="-L/usr/local/lib -Wl,-rpath,/usr/local/lib" \
LIBS="-ldl" \
./configure --with-openssl --with-libssl-prefix=/usr/local --with-libz --with-libz-prefix=/usr/local
make
make install
ldconfig
pauseToContinue
fi
#####################################################################################################################
read -e -i "Y" -p "Install Nghttp2 ? [Y/n]: " input_install_nghttp2
if [ $input_install_nghttp2 == "Y" ] || [ $input_install_nghttp2 == "y" ]
then
# Install Nghttp2: HTTP/2 C Library (Tested with v1.23.1 - https://github.com/nghttp2/nghttp2/releases/download/v1.23.1/nghttp2-1.23.1.tar.gz)
nghttp2_address="https://github.com/nghttp2/nghttp2/releases/download/v1.23.1/nghttp2-1.23.1.tar.gz"
read -e -i "$nghttp2_address" -p "Enter the download address for Nghttp2 (tar.gz): " input_nghttp2_address
nghttp2_address="${input_nghttp2_address:-$nghttp2_address}"
nghttp2_install_tmp_dir="/var/tmp/nghttp2_build"
read -e -i "$nghttp2_install_tmp_dir" -p "Enter temporary directory for Nghttp2 installation: " input_nghttp2_install_tmp_dir
nghttp2_install_tmp_dir="${input_nghttp2_install_tmp_dir:-$nghttp2_install_tmp_dir}"
wgetAndDecompress $nghttp2_install_tmp_dir nghttp2_src $nghttp2_address
CPPFLAGS="-I/usr/local/include -I/usr/include/i386-linux-gnu" \
LDFLAGS="-L/usr/local/lib -Wl,-rpath,/usr/local/lib" \
LIBS="-ldl" \
./configure
make
make install
ldconfig
pauseToContinue
fi
#####################################################################################################################
read -e -i "Y" -p "Install CURL ? [Y/n]: " input_install_curl
if [ $input_install_curl == "Y" ] || [ $input_install_curl == "y" ]
then
# Install CURL (Tested with 7.54.1 - https://curl.haxx.se/download/curl-7.54.1.tar.gz)
curl_address="https://curl.haxx.se/download/curl-7.54.1.tar.gz"
read -e -i "$curl_address" -p "Enter the download address for CURL (tar.gz): " input_curl_address
curl_address="${input_curl_address:-$curl_address}"
curl_install_tmp_dir="/var/tmp/curl_build"
read -e -i "$curl_install_tmp_dir" -p "Enter temporary directory for CURL installation: " input_curl_install_tmp_dir
curl_install_tmp_dir="${input_curl_install_tmp_dir:-$curl_install_tmp_dir}"
# Func wgetAndDecompress (dirTmp, folderTmp, downloadAddress)
wgetAndDecompress $curl_install_tmp_dir curl_src $curl_address
./buildconf
CPPFLAGS="-I/usr/local/include -I/usr/include/i386-linux-gnu" \
LDFLAGS="-L/usr/local/lib -Wl,-rpath,/usr/local/lib" \
LIBS="-ldl" \
./configure --enable-threaded-resolver --with-ssl=/usr/local/ssl --with-libssl-prefix=/usr/local --with-zlib=/usr/local/zlib --with-nghttp2 --with-libssh2
make
make install
ldconfig
curl -V
pauseToContinue
fi
#####################################################################################################################
read -e -i "n" -p "Install GnuTLS [Opcional] ? [Y/n]: " input_install_gnutls
if [ $input_install_gnutls == "Y" ] || [ $input_install_gnutls == "y" ]
then
# (Opcional) Install GnuTLS 3.5.13 (https://www.gnupg.org/ftp/gcrypt/gnutls/v3.5/gnutls-3.5.13.tar.xz)
apt-get -y build-dep nettle
apt-get -y build-dep p11-kit
gnutls_address="https://www.gnupg.org/ftp/gcrypt/gnutls/v3.5/gnutls-3.5.13.tar.xz"
read -e -i "$gnutls_address" -p "Enter the download address for GnuTLS (tar.gz): " input_gnutls_address
gnutls_address="${input_gnutls_address:-$gnutls_address}"
gnutls_install_tmp_dir="/var/tmp/gnutls_build"
read -e -i "$gnutls_install_tmp_dir" -p "Enter temporary directory for GnuTLS installation: " input_gnutls_install_tmp_dir
gnutls_install_tmp_dir="${input_gnutls_install_tmp_dir:-$gnutls_install_tmp_dir}"
# GnuTLS Dependencies: Nettle 3.3
# Func wgetAndDecompress (dirTmp, folderTmp, downloadAddress)
wgetAndDecompress '/var/tmp/nettle_build' nettle_src 'https://ftp.gnu.org/gnu/nettle/nettle-3.3.tar.gz'
CPPFLAGS="-I/usr/local/include -I/usr/include/i386-linux-gnu" \
LDFLAGS="-L/usr/local/lib -Wl,-rpath,/usr/local/lib" \
LDCONFIG=-L/usr/local/lib \
LIBS="-ldl" \
./configure
make
make install
chmod -v 755 /usr/lib/lib{hogweed,nettle}.so
ldconfig
pauseToContinue
# GnuTLS Dependencies: Libtasn1 >= 4.9
# Func wgetAndDecompress (dirTmp, folderTmp, downloadAddress)
wgetAndDecompress '/var/tmp/libtasn1_build' libtasn1_src 'http://ftp.gnu.org/gnu/libtasn1/libtasn1-4.12.tar.gz'
CPPFLAGS="-I/usr/local/include -I/usr/include/i386-linux-gnu" \
LDFLAGS="-L/usr/local/lib -Wl,-rpath,/usr/local/lib" \
LDCONFIG=-L/usr/local/lib \
LIBS="-ldl" \
./configure
make
make install
ldconfig
pauseToContinue
# GnuTLS Dependencies: p11-kit >= 0.23.1
# Func wgetAndDecompress (dirTmp, folderTmp, downloadAddress)
wgetAndDecompress '/var/tmp/p11kit_build' p11kit_src 'http://p11-glue.freedesktop.org/releases/p11-kit-0.23.2.tar.gz'
CPPFLAGS="-I/usr/local/include -I/usr/include/i386-linux-gnu" \
LDFLAGS="-L/usr/local/lib -Wl,-rpath,/usr/local/lib" \
LDCONFIG=-L/usr/local/lib \
LIBS="-ldl" \
./configure --with-trust-paths=/etc/ssl/certs
make
make install
ldconfig
pauseToContinue
# Compile GnuTLS
# Func wgetAndDecompress (dirTmp, folderTmp, downloadAddress)
wgetAndDecompress $gnutls_install_tmp_dir gnutls_src $gnutls_address
CPPFLAGS="-I/usr/local/include -I/usr/include/i386-linux-gnu" \
LDFLAGS="-L/usr/local/lib -Wl,-rpath,/usr/local/lib" \
LDCONFIG=-L/usr/local/lib \
LIBS="-ldl" \
./configure --enable-shared --with-default-trust-store-file=`curl-config --ca`
make
make install
ldconfig
pauseToContinue
fi
#####################################################################################################################
read -e -i "Y" -p "Install libcrack2 ? [Y/n]: " input_install_libcrack2
if [ $input_install_libcrack2 == "Y" ] || [ $input_install_libcrack2 == "y" ]
then
# Install libcrack2 (Tested with 2.9.6 - https://github.com/cracklib/cracklib/archive/cracklib-2.9.6.tar.gz)
libcrack2_address="https://github.com/cracklib/cracklib/archive/cracklib-2.9.6.tar.gz"
read -e -i "$libcrack2_address" -p "Enter the download address for libcrack2 (tar.gz): " input_libcrack2_address
libcrack2_address="${input_libcrack2_address:-$libcrack2_address}"
libcrack2_install_tmp_dir="/var/tmp/libcrack2_build"
read -e -i "$libcrack2_install_tmp_dir" -p "Enter temporary directory for libcrack2 installation: " input_libcrack2_install_tmp_dir
libcrack2_install_tmp_dir="${input_libcrack2_install_tmp_dir:-$libcrack2_install_tmp_dir}"
wgetAndDecompress $libcrack2_install_tmp_dir libcrack2_src $libcrack2_address
cd ./src
sed -i '/skipping/d' util/packer.c
mkdir -p /usr/local/lib/cracklib/pw_dict
./autogen.sh
CPPFLAGS="-I/usr/local/include -I/usr/include/i386-linux-gnu" \
LDFLAGS="-L/usr/local/lib -Wl,-rpath,/usr/local/lib" \
LDCONFIG=-L/usr/local/lib \
LIBS="-ldl" \
./configure --prefix=/usr/local
make
make install
make installcheck
ldconfig
pauseToContinue
cd ../words
make all
install -v -m644 -D ./cracklib-words.gz /usr/share/dict/cracklib-words.gz
gunzip -v /usr/share/dict/cracklib-words.gz
ln -v -sf cracklib-words /usr/share/dict/words
install -v -m755 -d /usr/local/lib/cracklib
#create-cracklib-dict /usr/share/dict/cracklib-words /usr/share/dict/cracklib-extra-words
create-cracklib-dict /usr/share/dict/cracklib-words
pauseToContinue
fi
#####################################################################################################################
read -e -i "Y" -p "Install LibXML2 ? [Y/n]: " input_install_libXML2
if [ $input_install_libXML2 == "Y" ] || [ $input_install_libXML2 == "y" ]
then
# Install LibXML2 (Tested with 2.9.4 - http://xmlsoft.org/sources/libxml2-2.9.4.tar.gz)
libXML2_address="http://xmlsoft.org/sources/libxml2-2.9.4.tar.gz"
read -e -i "$libXML2_address" -p "Enter the download address for LibXML2 (tar.gz): " input_libXML2_address
libXML2_address="${input_libXML2_address:-$libXML2_address}"
libXML2_install_tmp_dir="/var/tmp/libXML2_build"
read -e -i "$libXML2_install_tmp_dir" -p "Enter temporary directory for LibXML2 installation: " input_libXML2_install_tmp_dir
libXML2_install_tmp_dir="${input_libXML2_install_tmp_dir:-$libXML2_install_tmp_dir}"
wgetAndDecompress $libXML2_install_tmp_dir libXML2_src $libXML2_address
CPPFLAGS="-I/usr/local/include -I/usr/include/i386-linux-gnu" \
LDFLAGS="-L/usr/local/lib -Wl,-rpath,/usr/local/lib" \
LDCONFIG=-L/usr/local/lib \
LIBS="-ldl" \
./configure --prefix=/usr/local --with-history
make
make install
ldconfig
pauseToContinue
fi
#####################################################################################################################
read -e -i "Y" -p "Install libxslt ? [Y/n]: " input_install_libxslt
if [ $input_install_libxslt == "Y" ] || [ $input_install_libxslt == "y" ]
then
# Install libxslt (Tested with 1.1.29 - http://xmlsoft.org/sources/libxslt-1.1.29.tar.gz)
libxslt_address="http://xmlsoft.org/sources/libxslt-1.1.29.tar.gz"
read -e -i "$libxslt_address" -p "Enter the download address for libxslt (tar.gz): " input_libxslt_address
libxslt_address="${input_libxslt_address:-$libxslt_address}"
libxslt_install_tmp_dir="/var/tmp/libxslt_build"
read -e -i "$libxslt_install_tmp_dir" -p "Enter temporary directory for libxslt installation: " input_libxslt_install_tmp_dir
libxslt_install_tmp_dir="${input_libxslt_install_tmp_dir:-$libxslt_install_tmp_dir}"
wgetAndDecompress $libxslt_install_tmp_dir libxslt_src $libxslt_address
CPPFLAGS="-I/usr/local/include -I/usr/include/i386-linux-gnu" \
LDFLAGS="-L/usr/local/lib -Wl,-rpath,/usr/local/lib" \
LDCONFIG=-L/usr/local/lib \
LIBS="-ldl" \
./configure --prefix=/usr/local
make
make install
ldconfig
pauseToContinue
fi
#####################################################################################################################
read -e -i "Y" -p "Install jemalloc ? [Y/n]: " input_install_jemalloc
if [ $input_install_jemalloc == "Y" ] || [ $input_install_jemalloc == "y" ]
then
# Install jemalloc - https://github.com/jemalloc/jemalloc/archive/5.0.1.tar.gz
jemalloc_address="https://github.com/jemalloc/jemalloc/archive/5.0.1.tar.gz"
read -e -i "$jemalloc_address" -p "Enter the download address for jemalloc (tar.gz): " input_jemalloc_address
jemalloc_address="${input_jemalloc_address:-$jemalloc_address}"
jemalloc_install_tmp_dir="/var/tmp/jemalloc_build"
read -e -i "$jemalloc_install_tmp_dir" -p "Enter temporary directory for jemalloc installation: " input_jemalloc_install_tmp_dir
jemalloc_install_tmp_dir="${input_jemalloc_install_tmp_dir:-$jemalloc_install_tmp_dir}"
# Func wgetAndDecompress (dirTmp, folderTmp, downloadAddress)
wgetAndDecompress $jemalloc_install_tmp_dir jemalloc_src $jemalloc_address
./autogen.sh
CPPFLAGS="-I/usr/local/include -I/usr/include/i386-linux-gnu" \
LDFLAGS="-L/usr/local/lib -Wl,-rpath,/usr/local/lib" \
LDCONFIG=-L/usr/local/lib \
LIBS="-ldl" \
./configure --prefix=/usr/local --with-xslroot=/usr/share/xml/docbook/stylesheet/docbook-xsl/
make
#make install_bin install_include install_lib
make dist
make install
ldconfig
pauseToContinue
fi
#####################################################################################################################
read -e -i "Y" -p "Install MariaDB ? [Y/n]: " input_install_mariadb
if [ $input_install_mariadb == "Y" ] || [ $input_install_mariadb == "y" ]
then
# Install MariaDB 10.2.6 - https://mariadb.com/kb/en/mariadb/generic-build-instructions/
mariadb_address="https://downloads.mariadb.org/f/mariadb-10.2.6/source/mariadb-10.2.6.tar.gz?serve"
read -e -i "$mariadb_address" -p "Enter the download address for MariaDB (tar.gz): " input_mariadb_address
mariadb_address="${input_mariadb_address:-$mariadb_address}"
mariadb_install_tmp_dir="/var/tmp/mariadb_build"
read -e -i "$mariadb_install_tmp_dir" -p "Enter temporary directory for MariaDB installation: " input_mariadb_install_tmp_dir
mariadb_install_tmp_dir="${input_mariadb_install_tmp_dir:-$mariadb_install_tmp_dir}"
# Func wgetAndDecompress (dirTmp, folderTmp, downloadAddress)
wgetAndDecompress $mariadb_install_tmp_dir mariadb_src $mariadb_address
groupadd mysql
useradd -c "MySQL Server" -g mysql -s /bin/false mysql
cmake . -DBUILD_CONFIG=mysql_release \
-DCMAKE_C_FLAGS="-I/usr/local/include -I/usr/include/i386-linux-gnu" \
-DWITH_INNODB_LZ4=ON -DWITH_INNODB_LZMA=OFF -DWITH_INNODB_LZO=OFF -DWITH_INNODB_BZIP2=OFF \
-DWITH_ZLIB=system -DWITH_SSL=system -DWITH_JEMALLOC=system \
-DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_spanish_ci \
-DWITH_DEBUG=0 -DWITH_VALGRIND=0 -DPLUGIN_EXAMPLE=NO
make
make install
export PATH=$PATH:/usr/local/mysql/bin
echo "export PATH=$PATH:/usr/local/mysql/bin" >> /etc/profile
source /etc/profile
cd /usr/local/mysql
chown -R root .
chown -R mysql mysql
cp ./support-files/my-medium.cnf /etc/my.cnf
cp /etc/mysql/my.cnf /etc/mysql/my.cnf.back
# fix setting /etc/mysql/my.cnf
sed -i 's#lc-messages-dir.*=.*/usr/share/mysql#lc-messages-dir = /usr/local/mysql/share#g' /etc/mysql/my.cnf
sed -i 's#basedir.*=.*/usr#basedir = /usr/local/mysql#g' /etc/mysql/my.cnf
sed -i 's#datadir.*=.*/var/lib/mysql#datadir = /usr/local/mysql/data#g' /etc/mysql/my.cnf
# setting /etc/my.cnf
sed -i 's#socket.*=.*/tmp/mysql.sock#socket = /var/run/mysqld/mysqld.sock#g' /etc/my.cnf
my_print_defaults --mysqld
pauseToContinue
# log dir
mkdir -p /var/log/mysql/
touch /var/log/mysql/error.log
chown -R mysql:mysql /var/log/mysql/
# socket
mkdir -p /var/run/mysqld/
chown -R mysql:mysql /var/run/mysqld/
# datadir
mkdir -p /usr/local/mysql/data
./scripts/mysql_install_db --user=mysql --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data --socket=/var/run/mysqld/mysqld.sock --verbose
# datadir own
chown -R mysql:mysql /usr/local/mysql/data
cp ./support-files/mysql.server /etc/init.d/mysql
chmod +x /etc/init.d/mysql
update-rc.d mysql defaults
service mysql start
./bin/mysql_secure_installation --socket=/var/run/mysqld/mysqld.sock
./bin/mysqladmin -u root -p password
service mysql restart
service mysql status
pauseToContinue
# http://www.askapache.com/linux/mariadb-lz4-compression-howto-centos/
mysql -p -Ntbe 'set global innodb_compression_algorithm=lz4;set global innodb_compression_level=3'
mysql -p -Ntbe 'SHOW VARIABLES WHERE Variable_name LIKE "have_%" OR Variable_name LIKE "%_compression_%"'
pauseToContinue
wget http://mysqltuner.pl/ -O /usr/local/mysql/mysql-test/mysqltuner.pl
wget https://raw.githubusercontent.com/major/MySQLTuner-perl/master/basic_passwords.txt -O /usr/local/mysql/mysql-test/basic_passwords.txt
wget https://raw.githubusercontent.com/major/MySQLTuner-perl/master/vulnerabilities.csv -O /usr/local/mysql/mysql-test/vulnerabilities.csv
read -e -i "Y" -p "Run Test Tuner MariaDB ? [Y/n]: " input_install_mariadb_test_tuner
if [ $input_install_mariadb_test_tuner == "Y" ] || [ $input_install_mariadb_test_tuner == "y" ]
then
perl /usr/local/mysql/mysql-test/mysqltuner.pl --cvefile=/usr/local/mysql/mysql-test/vulnerabilities.csv
fi
cd ./mysql-test
read -e -i "n" -p "Run Test MariaDB ? [Y/n]: " input_install_mariadb_test
if [ $input_install_mariadb_test == "Y" ] || [ $input_install_mariadb_test == "y" ]
then
perl ./mysql-test-run.pl
fi
pauseToContinue
fi
read -e -i "Y" -p "Install PHP ? [Y/n]: " input_install_php
if [ $input_install_php == "Y" ] || [ $input_install_php == "y" ]
then
# (NOT TEST) Install PHP (Tested with 7.1.6 - https://github.com/php/php-src/archive/php-7.1.6.tar.gz)
# based on https://github.com/kasparsd/php-7-debian/
php_address="https://github.com/php/php-src/archive/php-7.1.6.tar.gz"
read -e -i "$php_address" -p "Enter the download address for PHP 7 (tar.gz): " input_php_address
php_address="${input_php_address:-$php_address}"
php_install_tmp_dir="/var/tmp/php_build"
read -e -i "$php_install_tmp_dir" -p "Enter temporary directory for nginx installation: " input_php_install_tmp_dir
php_install_tmp_dir="${input_php_install_tmp_dir:-$php_install_tmp_dir}"
# Func wgetAndDecompress (dirTmp, folderTmp, downloadAddress)
wgetAndDecompress $php_install_tmp_dir php_src $php_address
mkdir -p /usr/local/php7
./buildconf --force
CONFIGURE_STRING="--prefix=/usr/local/php7 \
--enable-huge-code-pages \
--with-config-file-scan-dir=/usr/local/php7/etc/conf.d \
--without-pear \
--enable-bcmath \
--with-bz2 \
--enable-calendar \
--enable-intl \
--enable-exif \
--enable-dba \
--enable-ftp \
--with-gettext \
--with-gd \
--with-jpeg-dir \
--enable-mbstring \
--with-mcrypt \
--with-mhash \
--enable-mysqlnd \
--with-mysql-sock=/var/run/mysqld/mysqld.sock \
--with-mysqli=/usr/local/mysql/bin/mariadb_config \
--with-pdo-mysql=/usr/local/mysql \
--with-openssl \
--enable-pcntl \
--with-pspell \
--enable-shmop \
--enable-soap \
--enable-sockets \
--enable-sysvmsg \
--enable-sysvsem \
--enable-sysvshm \
--enable-wddx \
--with-zlib \
--enable-zip \
--with-readline \
--with-curl \
--enable-simplexml \
--enable-xmlreader \
--enable-xmlwriter \
--enable-fpm \
--with-fpm-user=www-data \
--with-fpm-group=www-data"
#CPPFLAGS="-I/usr/local/include -I/usr/include/i386-linux-gnu" \
#LDFLAGS="-L/usr/local/lib -Wl,-rpath,/usr/local/lib" \
#LDCONFIG=-L/usr/local/lib \
#LIBS="-ldl" \
./configure $CONFIGURE_STRING
make
make install
# Create a dir for storing PHP module conf
mkdir /usr/local/php7/etc/conf.d
# Symlink php-fpm to php7-fpm
ln -s /usr/local/php7/sbin/php-fpm /usr/local/php7/sbin/php7-fpm
# Add config files
cp php-src/php.ini-production /usr/local/php7/lib/php.ini
cp conf/www.conf /usr/local/php7/etc/php-fpm.d/www.conf
cp conf/php-fpm.conf /usr/local/php7/etc/php-fpm.conf
cp conf/modules.ini /usr/local/php7/etc/conf.d/modules.ini
# Add the init script
cp conf/php7-fpm.init /etc/init.d/php7-fpm
chmod +x /etc/init.d/php7-fpm
update-rc.d php7-fpm defaults
ldconfig
service php7-fpm start
needrestart -r l
pauseToContinue
fi
read -e -i "Y" -p "Install nginx ? [Y/n]: " input_install_nginx
if [ $input_install_nginx == "Y" ] || [ $input_install_nginx == "y" ]
then
# 9 - (NOT TEST) Install nginx (Tested with 1.13.1 - https://nginx.org/download/nginx-1.13.1.tar.gz)
nginx_address="https://nginx.org/download/nginx-1.13.1.tar.gz"
read -e -i "$nginx_address" -p "Enter the download address for CURL (tar.gz): " input_nginx_address
nginx_address="${input_nginx_address:-$nginx_address}"
nginx_install_tmp_dir="/var/tmp/nginx_build"
read -e -i "$nginx_install_tmp_dir" -p "Enter temporary directory for nginx installation: " input_nginx_install_tmp_dir
nginx_install_tmp_dir="${input_nginx_install_tmp_dir:-$nginx_install_tmp_dir}"
# Func wgetAndDecompress (dirTmp, folderTmp, downloadAddress)
wgetAndDecompress $nginx_install_tmp_dir nginx_src $nginx_address
CPPFLAGS="-I/usr/local/include -I/usr/include/i386-linux-gnu" \
LDFLAGS="-L/usr/local/lib -Wl,-rpath,/usr/local/lib" \
LDCONFIG=-L/usr/local/lib \
LIBS="-ldl" \
./configure \
--prefix=/usr/share/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/lock/nginx.lock \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--user=www-data \
--group=www-data \
--without-mail_pop3_module \
--without-mail_imap_module \
--without-mail_smtp_module \
--without-http_uwsgi_module \
--without-http_scgi_module \
--without-http_memcached_module \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--with-http_v2_module \
--with-ipv6
make
make install
needrestart -r l
nginx -V
pauseToContinue
nano /etc/nginx/nginx.conf
nginx -t
pauseToContinue
nginx
pauseToContinue
fi
# NOTES:
# PHP 7 OPcache
# Install Nginx @see https://fak3r.com/2015/09/29/howto-build-nginx-with-http-2-support/
# https://www.nginx.com/blog/compiling-dynamic-modules-nginx-plus/
# SSL config @see https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
# Install Let’s Encrypt Client @see https://www.nginx.com/blog/free-certificates-lets-encrypt-and-nginx/
# Install MySql / MariaDb
# SEE: https://www.digitalocean.com/community/tutorials/how-to-secure-mysql-and-mariadb-databases-in-a-linux-vps
# http://howtolamp.com/lamp/mysql/5.6/securing/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment