Skip to content

Instantly share code, notes, and snippets.

@od3n

od3n/gist:c61b3e2de00aa13b3159a76ea5b39c8a

Created April 17, 2019 12:34
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save od3n/c61b3e2de00aa13b3159a76ea5b39c8a to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save od3n/c61b3e2de00aa13b3159a76ea5b39c8a to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @slider23 slider23 revised this gist Nov 12, 2014. 1 changed file with 0 additions and 11 deletions.
    11 changes: 0 additions & 11 deletions gistfile1.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -67,17 +67,6 @@ cp /root/.bashrc /home/forge/.bashrc
    PASSWORD=$(mkpasswd jMYIjsqe0xvneGL6WkYR)
    usermod --password $PASSWORD forge

    # Build Formatted Keys & Copy Keys To Forge


    cat > /root/.ssh/authorized_keys << EOF
    # Laravel Forge
    ssh-rsa AAAAB3NzaC1yc2EAAAADAQBAAAAgQDU5WA6pBG50FLNCrGv5II84HR7xY6AT8FYa+EdGce0aQYtiusn8kVMCNYK19bWcgJq4L4gM8wudy93JscjnIWgSYT2vPROgAXsvY/1JTNOHqg5n8GYpJBH86MMWiEup6VGPClWsxURrfJiwRsEYbdQgbCnBz/APLVnHC/gkV9/mgw== phpseclib-generated-key
    EOF


    cp /root/.ssh/authorized_keys /home/forge/.ssh/authorized_keys

    # Create The Server SSH Key

    ssh-keygen -f /home/forge/.ssh/id_rsa -t rsa -N ''
  2. @slider23 slider23 revised this gist Nov 12, 2014. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion gistfile1.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -72,7 +72,7 @@ usermod --password $PASSWORD forge

    cat > /root/.ssh/authorized_keys << EOF
    # Laravel Forge
    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDU5WA6pBG50FLNCGv5II84HR7xY6AT8FYa+EdGce0aQYtiusn8kVMCNYK19bWcgJq4L4gM8udy93JscjnIWgSYT2vnPROgAXsvY/1JTNOHqg5n8GYpJBH86MMWiEup6VGPClWsxURrfJiwRsEYbdQgbCnBz/APLVnHC/gkV9/mgw== phpseclib-generated-key
    ssh-rsa AAAAB3NzaC1yc2EAAAADAQBAAAAgQDU5WA6pBG50FLNCrGv5II84HR7xY6AT8FYa+EdGce0aQYtiusn8kVMCNYK19bWcgJq4L4gM8wudy93JscjnIWgSYT2vPROgAXsvY/1JTNOHqg5n8GYpJBH86MMWiEup6VGPClWsxURrfJiwRsEYbdQgbCnBz/APLVnHC/gkV9/mgw== phpseclib-generated-key
    EOF


  3. @slider23 slider23 created this gist Nov 12, 2014.
    377 changes: 377 additions & 0 deletions gistfile1.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,377 @@
    #
    # REQUIRES:
    # - server (the forge server instance)
    # - site_name (the name of the site folder)
    # - sudo_password (random password for sudo)
    # - db_password (random password for database user)
    # - event_id (the provisioning event name)
    # - callback (the callback URL)
    #

    # Upgrade The Base Packages

    apt-get update
    apt-get upgrade -y

    # Add A Few PPAs To Stay Current

    apt-get install -y software-properties-common

    apt-add-repository ppa:nginx/stable -y
    apt-add-repository ppa:rwky/redis -y
    apt-add-repository ppa:chris-lea/node.js -y
    apt-add-repository ppa:ondrej/php5 -y

    apt-get update
    # Base Packages

    apt-get install -y build-essential curl fail2ban gcc git libmcrypt4 libpcre3-dev \
    make python-pip supervisor ufw unattended-upgrades unzip whois zsh

    # Install Python Httpie

    pip install httpie

    # Disable Password Authentication Over SSH

    echo "PasswordAuthentication no" | sudo tee -a /etc/ssh/sshd_config

    service ssh restart

    # Set The Hostname If Necessary


    echo "linode-aiur" > /etc/hostname
    sed -i 's/127\.0\.0\.1.*localhost/127.0.0.1 localhost linode-aiur/' /etc/hosts
    hostname linode-aiur

    # Set The Timezone

    ln -sf /usr/share/zoneinfo/Asia/Dubai /etc/localtime

    # Setup Forge User

    useradd forge
    mkdir -p /home/forge/.ssh
    mkdir -p /home/forge/.forge
    adduser forge sudo

    # Setup Bash For Forge User

    chsh -s /bin/bash forge
    cp /root/.profile /home/forge/.profile
    cp /root/.bashrc /home/forge/.bashrc

    # Set The Sudo Password For Forge

    PASSWORD=$(mkpasswd jMYIjsqe0xvneGL6WkYR)
    usermod --password $PASSWORD forge

    # Build Formatted Keys & Copy Keys To Forge


    cat > /root/.ssh/authorized_keys << EOF
    # Laravel Forge
    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDU5WA6pBG50FLNCGv5II84HR7xY6AT8FYa+EdGce0aQYtiusn8kVMCNYK19bWcgJq4L4gM8udy93JscjnIWgSYT2vnPROgAXsvY/1JTNOHqg5n8GYpJBH86MMWiEup6VGPClWsxURrfJiwRsEYbdQgbCnBz/APLVnHC/gkV9/mgw== phpseclib-generated-key
    EOF


    cp /root/.ssh/authorized_keys /home/forge/.ssh/authorized_keys

    # Create The Server SSH Key

    ssh-keygen -f /home/forge/.ssh/id_rsa -t rsa -N ''

    # Copy Github And Bitbucket Public Keys Into Known Hosts File

    ssh-keyscan -H github.com >> /home/forge/.ssh/known_hosts
    ssh-keyscan -H bitbucket.org >> /home/forge/.ssh/known_hosts

    # Add The Reconnect Script Into Forge Directory

    cat > /home/forge/.forge/reconnect << EOF
    #!/usr/bin/env bash
    echo "# Laravel Forge" | tee -a /home/forge/.ssh/authorized_keys > /dev/null
    echo \$1 | tee -a /home/forge/.ssh/authorized_keys > /dev/null
    echo "# Laravel Forge" | tee -a /root/.ssh/authorized_keys > /dev/null
    echo \$1 | tee -a /root/.ssh/authorized_keys > /dev/null
    echo "Keys Added!"
    EOF

    # Add The Environment Variables Scripts Into Forge Directory

    cat > /home/forge/.forge/add-variable.php << EOF
    <?php
    // Get the script input...
    \$input = array_values(array_slice(\$_SERVER['argv'], 1));
    // Get the path to the environment file...
    \$path = getcwd().'/'.\$input[2];
    // Write a stub file if one doesn't exist...
    if ( ! file_exists(\$path)) {
    file_put_contents(\$path, '<?php return '.var_export([], true).';');
    }
    // Set the new environment variable...
    \$env = require \$path;
    \$env[\$input[0]] = \$input[1];
    // Write the environment file to disk...
    file_put_contents(\$path, '<?php return '.var_export(\$env, true).';');
    EOF

    cat > /home/forge/.forge/remove-variable.php << EOF
    <?php
    // Get the script input...
    \$input = array_values(array_slice(\$_SERVER['argv'], 1));
    // Get the path to the environment file...
    \$path = getcwd().'/'.\$input[1];
    // Write a stub file if one doesn't exist...
    if ( ! file_exists(\$path)) {
    file_put_contents(\$path, '<?php return '.var_export([], true).';');
    }
    // Remove the environment variable...
    \$env = require \$path;
    unset(\$env[\$input[0]]);
    // Write the environment file to disk...
    file_put_contents(\$path, '<?php return '.var_export(\$env, true).';');
    EOF

    # Setup Site Directory Permissions

    chown -R forge:forge /home/forge
    chmod -R 755 /home/forge
    chmod 700 /home/forge/.ssh/id_rsa

    # Setup Unattended Security Upgrades

    cat > /etc/apt/apt.conf.d/50unattended-upgrades << EOF
    Unattended-Upgrade::Allowed-Origins {
    "Ubuntu trusty-security";
    };
    Unattended-Upgrade::Package-Blacklist {
    //
    };
    EOF

    cat > /etc/apt/apt.conf.d/10periodic << EOF
    APT::Periodic::Update-Package-Lists "1";
    APT::Periodic::Download-Upgradeable-Packages "1";
    APT::Periodic::AutocleanInterval "7";
    APT::Periodic::Unattended-Upgrade "1";
    EOF

    # Setup UFW Firewall

    ufw allow 22
    ufw allow 80
    ufw allow 443
    ufw --force enable

    # Install Base PHP Packages

    apt-get install -y php5-cli php5-dev php-pear \
    php5-mysql php5-pgsql php5-sqlite \
    php5-apcu php5-json php5-curl php5-dev php5-gd \
    php5-gmp php5-imap php5-mcrypt php5-xdebug php5-memcached

    # Make The MCrypt Extension Available

    ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
    sudo php5enmod mcrypt
    sudo service nginx restart

    # Install Composer Package Manager

    curl -sS https://getcomposer.org/installer | php
    mv composer.phar /usr/local/bin/composer

    # Misc. PHP CLI Configuration

    sudo sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php5/cli/php.ini
    sudo sed -i "s/display_errors = .*/display_errors = On/" /etc/php5/cli/php.ini
    sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php5/cli/php.ini
    sudo sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php5/cli/php.ini


    #
    # REQUIRES:
    # - server (the forge server instance)
    # - site_name (the name of the site folder)
    #

    # Install Nginx & PHP-FPM

    apt-get install -y nginx php5-fpm

    # Disable The Default Nginx Site

    rm /etc/nginx/sites-enabled/default
    rm /etc/nginx/sites-available/default
    service nginx restart

    # Tweak Some PHP-FPM Settings

    sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php5/fpm/php.ini
    sed -i "s/display_errors = .*/display_errors = On/" /etc/php5/fpm/php.ini
    sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/" /etc/php5/fpm/php.ini
    sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php5/fpm/php.ini
    sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php5/fpm/php.ini

    # Configure Nginx & PHP-FPM To Run As Forge

    sed -i "s/user www-data;/user forge;/" /etc/nginx/nginx.conf
    sed -i "s/# server_names_hash_bucket_size.*/server_names_hash_bucket_size 64;/" /etc/nginx/nginx.conf

    sed -i "s/^user = www-data/user = forge/" /etc/php5/fpm/pool.d/www.conf
    sed -i "s/^group = www-data/group = forge/" /etc/php5/fpm/pool.d/www.conf

    sed -i "s/;listen\.owner.*/listen.owner = forge/" /etc/php5/fpm/pool.d/www.conf
    sed -i "s/;listen\.group.*/listen.group = forge/" /etc/php5/fpm/pool.d/www.conf
    sed -i "s/;listen\.mode.*/listen.mode = 0666/" /etc/php5/fpm/pool.d/www.conf

    # Configure A Few More Server Things

    sed -i "s/;request_terminate_timeout.*/request_terminate_timeout = 60/" /etc/php5/fpm/pool.d/www.conf
    sed -i "s/worker_processes.*/worker_processes auto;/" /etc/nginx/nginx.conf
    sed -i "s/# multi_accept.*/multi_accept on;/" /etc/nginx/nginx.conf

    # Install A Catch All Server

    cat > /etc/nginx/sites-available/catch-all << EOF
    server {
    return 404;
    }
    EOF

    ln -s /etc/nginx/sites-available/catch-all /etc/nginx/sites-enabled/catch-all

    # Restart Nginx & PHP-FPM Services

    # Restart Nginx & PHP-FPM Services

    service php5-fpm restart
    service nginx restart

    # Add Forge User To www-data Group

    usermod -a -G www-data forge
    id forge
    groups forge

    #
    # REQUIRES:
    # - server (the forge server instance)
    #

    # Only Install PHP Extensions When Not On HHVM


    # Install The Phalcon Framework

    # cd /root
    # git clone --depth=1 https://github.com/phalcon/cphalcon.git
    # cd /root/cphalcon/build
    # ./install
    # cd /root
    # rm -rf /root/cphalcon
    # echo "extension=phalcon.so" > /etc/php5/mods-available/phalcon.ini
    # ln -s /etc/php5/mods-available/phalcon.ini /etc/php5/fpm/conf.d/20-phalcon.ini
    # ln -s /etc/php5/mods-available/phalcon.ini /etc/php5/cli/conf.d/20-phalcon.ini

    # Install The Mongo Extension

    printf "no\n" | pecl install mongo
    echo "extension=mongo.so" > /etc/php5/mods-available/mongo.ini
    ln -s /etc/php5/mods-available/mongo.ini /etc/php5/fpm/conf.d/20-mongo.ini
    ln -s /etc/php5/mods-available/mongo.ini /etc/php5/cli/conf.d/20-mongo.ini


    # Install Node

    apt-get install -y nodejs

    # Install Grunt CLI & Gulp

    npm install -g pm2
    npm install -g grunt-cli
    npm install -g gulp

    #
    # REQUIRES:
    # - server (the forge server instance)
    # - db_password (random password for mysql user)
    #

    # Set The Automated Root Password

    debconf-set-selections <<< "mysql-server mysql-server/root_password password T2Jm5jDCsL2MHIiiFPI5"
    debconf-set-selections <<< "mysql-server mysql-server/root_password_again password T2Jm5jDCsL2MHIiiFPI5"

    # Install MySQL

    apt-get install -y mysql-server

    # Configure Access Permissions For Root & Forge Users

    sed -i '/^bind-address/s/bind-address.*=.*/bind-address = */' /etc/mysql/my.cnf
    mysql --user="root" --password="T2Jm5jDCsL2MHIiiFPI5" -e "GRANT ALL ON *.* TO root@'109.74.200.135' IDENTIFIED BY 'T2Jm5jDCsL2MHIiiFPI5';"
    mysql --user="root" --password="T2Jm5jDCsL2MHIiiFPI5" -e "GRANT ALL ON *.* TO root@'%' IDENTIFIED BY 'T2Jm5jDCsL2MHIiiFPI5';"
    service mysql restart

    mysql --user="root" --password="T2Jm5jDCsL2MHIiiFPI5" -e "CREATE USER 'forge'@'109.74.200.135' IDENTIFIED BY 'T2Jm5jDCsL2MHIiiFPI5';"
    mysql --user="root" --password="T2Jm5jDCsL2MHIiiFPI5" -e "GRANT ALL ON *.* TO 'forge'@'109.74.200.135' IDENTIFIED BY 'T2Jm5jDCsL2MHIiiFPI5';"
    mysql --user="root" --password="T2Jm5jDCsL2MHIiiFPI5" -e "GRANT ALL ON *.* TO 'forge'@'%' IDENTIFIED BY 'T2Jm5jDCsL2MHIiiFPI5';"
    mysql --user="root" --password="T2Jm5jDCsL2MHIiiFPI5" -e "FLUSH PRIVILEGES;"

    # Create The Initial Database If Specified


    #
    # REQUIRES:
    # - server (the forge server instance)
    # - db_password (random password for database user)
    #

    # Install Postgres

    apt-get install -y postgresql

    # Configure Postgres For Remote Access

    sed -i "s/#listen_addresses = 'localhost'/listen_addresses = '*'/g" /etc/postgresql/9.3/main/postgresql.conf
    echo "host all all 0.0.0.0/0 md5" | tee -a /etc/postgresql/9.3/main/pg_hba.conf
    sudo -u postgres psql -c "CREATE ROLE forge LOGIN UNENCRYPTED PASSWORD 'T2Jm5jDCsL2MHIiiFPI5' SUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION;"
    service postgresql restart

    # Create The Initial Database If Specified


    # Install & Configure Redis Server

    apt-get install -y redis-server
    sed -i 's/bind 127.0.0.1/bind 0.0.0.0/' /etc/redis/redis.conf
    service redis-server restart
    # Install & Configure Memcached

    apt-get install -y memcached
    sed -i 's/-l 127.0.0.1/-l 0.0.0.0/' /etc/memcached.conf
    service memcached restart
    # Install & Configure Beanstalk

    apt-get install -y beanstalkd
    sed -i "s/BEANSTALKD_LISTEN_ADDR.*/BEANSTALKD_LISTEN_ADDR=0.0.0.0/" /etc/default/beanstalkd
    sed -i "s/#START=yes/START=yes/" /etc/default/beanstalkd
    /etc/init.d/beanstalkd start