Webserver Setup: Difference between revisions
From Sea of Fate
Jump to navigationJump to search
| Line 1: | Line 1: | ||
==Introduction== | ==Introduction== | ||
Some scripts to help with the deployment of webservers. | Some scripts to help with the deployment of webservers. Back to '''[[Virtual Machines | here]]''' | ||
==Apache Webservers== | ==Apache Webservers== | ||
Revision as of 00:47, 15 March 2025
Introduction
Some scripts to help with the deployment of webservers. Back to here
Apache Webservers
Install packages
To help with installing the various packages for webservers we have a simple script to call apt to install them all. We have a copy in my Templates dir on lemon as we will need to copy it to the new webserver. After it is copied to the target webserver we call the script with
./lamp_client_install.sh
Although it is called lamp it only installs the MySQL client not the server(we will user the MySQL server on Mandarin) This what it does
#!/bin/bash # # Script to install a LAMP server (MySQL client only), PHP, ImageMagick, SFTP, and Exif reader # # Update package lists sudo apt update -y # # Install Apache2 sudo apt install apache2 -y # # Install PHP and common extensions sudo apt install php libapache2-mod-php php-cli php-mysql php-gd php-curl php-xml php-mbstring php-zip -y # # Install MySQL client sudo apt install mysql-client -y # # Install ImageMagick sudo apt install imagemagick -y # # Install OpenSSH server (SFTP) sudo apt install openssh-server -y # # Enable SSH service sudo systemctl enable ssh # # Install exiftool (Exif reader) sudo apt install libimage-exiftool-perl -y # # Restart Apache2 sudo systemctl restart apache2 # echo "LAMP server (MySQL client only), PHP, ImageMagick, SFTP, and Exif reader installation complete." echo "Apache2 is running. SSH is enabled."
Website Config
Once Apache and it supporting packages are done we will need to create the config files. We will need 6 configs created.
- hostname.seaoffate.local as http
- hostname.seaoffate.local as https
- purpose.seaoffate.local as http
- purpose.seaoffate.local as https
- purpose.seaoffate.net as http
- purpose.seaoffate.net as https
The file will be stored in the Templates dir on nigel login on lemon Although there are six websites they all will serve from the same docroot. we will get one of the names from the hostname of the VM and the other will be the parameter in the call.
./apache_config.sh purpose
purpose will be what the reason for having the webserver eg wiki or photo. We do not need the .seaofffate.local or .net as that is assumed
#!/bin/bash # # Script to configure Apache for HTTP and HTTPS, create directories, and enable modules # # Get website purpose from command line WEBSITE_PURPOSE="$1" # # Check if website purpose is provided if [ -z "$WEBSITE_PURPOSE" ]; then echo "Usage: sudo 0 <website\_purpose\>" exit 1 fi \# Define hostname HOSTNAME\=(hostname) # # Define domain names DOMAIN_HOST="$HOSTNAME.seaoffate.local" DOMAIN_PURPOSE_LOCAL="$WEBSITE_PURPOSE.seaoffate.local" DOMAIN_PURPOSE_NET="$WEBSITE_PURPOSE.seaoffate.net" # # Define document root DOC_ROOT="/var/www/$WEBSITE_PURPOSE.seaoffate.local/public_html" # # Create document root directory sudo mkdir -p "$DOC_ROOT" sudo chown -R www-data:www-data "$DOC_ROOT" # # Create SSL directories sudo mkdir -p /etc/apache2/ssl/ sudo chmod 700 /etc/apache2/ssl/ # # Create HTTP configuration for hostname.local echo "<VirtualHost *:80>" | sudo tee /etc/apache2/sites-available/$DOMAIN_HOST.conf echo " ServerName $DOMAIN_HOST" | sudo tee -a /etc/apache2/sites-available/$DOMAIN_HOST.conf echo " DocumentRoot $DOC_ROOT" | sudo tee -a /etc/apache2/sites-available/DOMAIN\_HOST\.conf echo " ErrorLog \\{APACHE_LOG_DIR}/$DOMAIN_HOST-error.log" | sudo tee -a /etc/apache2/sites-available/DOMAIN\_HOST\.conf echo " CustomLog \\{APACHE_LOG_DIR}/$DOMAIN_HOST-access.log combined" | sudo tee -a /etc/apache2/sites-available/$DOMAIN_HOST.conf echo "</VirtualHost>" | sudo tee -a /etc/apache2/sites-available/$DOMAIN_HOST.conf # # Create HTTPS configuration for hostname.local echo "<VirtualHost *:443>" | sudo tee /etc/apache2/sites-available/$DOMAIN_HOST-ssl.conf echo " ServerName $DOMAIN_HOST" | sudo tee -a /etc/apache2/sites-available/$DOMAIN_HOST-ssl.conf echo " DocumentRoot $DOC_ROOT" | sudo tee -a /etc/apache2/sites-available/DOMAIN\_HOST\-ssl\.conf echo " ErrorLog \\{APACHE_LOG_DIR}/$DOMAIN_HOST-ssl-error.log" | sudo tee -a /etc/apache2/sites-available/DOMAIN\_HOST\-ssl\.conf echo " CustomLog \\{APACHE_LOG_DIR}/$DOMAIN_HOST-ssl-access.log combined" | sudo tee -a /etc/apache2/sites-available/$DOMAIN_HOST-ssl.conf echo " SSLEngine on" | sudo tee -a /etc/apache2/sites-available/$DOMAIN_HOST-ssl.conf echo " SSLCertificateFile /etc/apache2/ssl/$DOMAIN_HOST.crt" | sudo tee -a /etc/apache2/sites-available/$DOMAIN_HOST-ssl.conf echo " SSLCertificateKeyFile /etc/apache2/ssl/$DOMAIN_HOST.key" | sudo tee -a /etc/apache2/sites-available/$DOMAIN_HOST-ssl.conf echo "</VirtualHost>" | sudo tee -a /etc/apache2/sites-available/$DOMAIN_HOST-ssl.conf # # Create HTTP configuration for purpose.local echo "<VirtualHost *:80>" | sudo tee /etc/apache2/sites-available/$DOMAIN_PURPOSE_LOCAL.conf echo " ServerName $DOMAIN_PURPOSE_LOCAL" | sudo tee -a /etc/apache2/sites-available/$DOMAIN_PURPOSE_LOCAL.conf echo " DocumentRoot $DOC_ROOT" | sudo tee -a /etc/apache2/sites-available/DOMAIN\_PURPOSE\_LOCAL\.conf echo " ErrorLog \\{APACHE_LOG_DIR}/$DOMAIN_PURPOSE_LOCAL-error.log" | sudo tee -a /etc/apache2/sites-available/DOMAIN\_PURPOSE\_LOCAL\.conf echo " CustomLog \\{APACHE_LOG_DIR}/$DOMAIN_PURPOSE_LOCAL-access.log combined" | sudo tee -a /etc/apache2/sites-available/$DOMAIN_PURPOSE_LOCAL.conf echo "</VirtualHost>" | sudo tee -a /etc/apache2/sites-available/$DOMAIN_PURPOSE_LOCAL.conf # # Create HTTPS configuration for purpose.local echo "<VirtualHost *:443>" | sudo tee /etc/apache2/sites-available/$DOMAIN_PURPOSE_LOCAL-ssl.conf echo " ServerName $DOMAIN_PURPOSE_LOCAL" | sudo tee -a /etc/apache2/sites-available/$DOMAIN_PURPOSE_LOCAL-ssl.conf echo " DocumentRoot $DOC_ROOT" | sudo tee -a /etc/apache2/sites-available/DOMAIN\_PURPOSE\_LOCAL\-ssl\.conf echo " ErrorLog \\{APACHE_LOG_DIR}/$DOMAIN_PURPOSE_LOCAL-ssl-error.log" | sudo tee -a /etc/apache2/sites-available/DOMAIN\_PURPOSE\_LOCAL\-ssl\.conf echo " CustomLog \\{APACHE_LOG_DIR}/$DOMAIN_PURPOSE_LOCAL-ssl-access.log combined" | sudo tee -a /etc/apache2/sites-available/$DOMAIN_PURPOSE_LOCAL-ssl.conf echo " SSLEngine on" | sudo tee -a /etc/apache2/sites-available/$DOMAIN_PURPOSE_LOCAL-ssl.conf echo " SSLCertificateFile /etc/apache2/ssl/$DOMAIN_PURPOSE_LOCAL.crt" | sudo tee -a /etc/apache2/sites-available/$DOMAIN_PURPOSE_LOCAL.ssl.conf echo " SSLCertificateKeyFile /etc/apache2/ssl/$DOMAIN_PURPOSE_LOCAL.key" | sudo tee -a /etc/apache2/sites-available/$DOMAIN_PURPOSE_LOCAL-ssl.conf echo "</VirtualHost>" | sudo tee -a /etc/apache2/sites-available/$DOMAIN_PURPOSE_LOCAL-ssl.conf # # Create HTTP configuration for purpose.net echo "<VirtualHost *:80>" | sudo tee /etc/apache2/sites-available/$DOMAIN_PURPOSE_NET.conf echo " ServerName $DOMAIN_PURPOSE_NET" | sudo tee -a /etc/apache2/sites-available/$DOMAIN_PURPOSE_NET.conf echo " DocumentRoot $DOC_ROOT" | sudo tee -a /etc/apache2/sites-available/DOMAIN\_PURPOSE\_NET\.conf echo " ErrorLog \\{APACHE_LOG_DIR}/$DOMAIN_PURPOSE_NET-error.log" | sudo tee -a /etc/apache2/sites-available/DOMAIN\_PURPOSE\_NET\.conf echo " CustomLog \\{APACHE_LOG_DIR}/$DOMAIN_PURPOSE_NET-access.log combined" | sudo tee -a /etc/apache2/sites-available/$DOMAIN_PURPOSE_NET.conf echo "</VirtualHost>" | sudo tee -a /etc/apache2/sites-available/$DOMAIN_PURPOSE_NET.conf # # Create HTTPS configuration for purpose.net echo "<VirtualHost *:443>" | sudo tee /etc/apache2/sites-available/$DOMAIN_PURPOSE_NET-ssl.conf echo " ServerName $DOMAIN_PURPOSE_NET" | sudo tee -a /etc/apache2/sites-available/$DOMAIN_PURPOSE_NET-ssl.conf echo " DocumentRoot $DOC_ROOT" | sudo tee -a /etc/apache2/sites-available/DOMAIN\_PURPOSE\_NET\-ssl\.conf echo " ErrorLog \\{APACHE_LOG_DIR}/$DOMAIN_PURPOSE_NET-ssl-error.log" | sudo tee -a /etc/apache2/sites-available/DOMAIN\_PURPOSE\_NET\-ssl\.conf echo " CustomLog \\{APACHE_LOG_DIR}/$DOMAIN_PURPOSE_NET-ssl-access.log combined" | sudo tee -a /etc/apache2/sites-available/$DOMAIN_PURPOSE_NET-ssl.conf echo " SSLEngine on" | sudo tee -a /etc/apache2/sites-available/$DOMAIN_PURPOSE_NET-ssl.conf echo " SSLCertificateFile /etc/apache2/ssl/$DOMAIN_PURPOSE_NET.crt" | sudo tee -a /etc/apache2/sites-available/$DOMAIN_PURPOSE_NET-ssl.conf echo " SSLCertificateKeyFile /etc/apache2/ssl/$DOMAIN_PURPOSE_NET.key" | sudo tee -a /etc
Add site to Nginx
This will take two parameters the first is the website name and the second is the IP address
website_fwd_config.sh websitename x.x.x.x
There is no need to add seaoffate.local or .net. this script will create four configs.
- sitename.seaoffate.local as http
- sitename.seaoffate.local as https
- sitename.seaoffate.net as http
- sitename.seaoffate.net as https
It should enable both of the http: versions (.local & .net) but it will not enable the https: so we have some time to get the certs done before ssl is deployed. note that the .local is sharing the same certificate amongst all of the .local websites that are being deployed here. The script is on Raisin on the root of nigel. Note we will have to do this for a hostname and the purpose as the hostname will not be known here eg run once for photo and once more for plum.
If it is lost it can be deployed again from this:
#!/bin/bash
#
# Script to configure Nginx as a reverse proxy
#
# Get website name, IP address from command line
WEBSITE_NAME="$1"
FORWARD_IP="$2"
#
# Check if parameters are provided
if [ -z "$WEBSITE_NAME" ] || [ -z "$FORWARD_IP" ]; then
echo "Usage: sudo $0 <website_name> <forward_ip>"
exit 1
fi
#
# Define domain names
DOMAIN_LOCAL="$WEBSITE_NAME.seaoffate.local"
DOMAIN_NET="$WEBSITE_NAME.seaoffate.net"
#
# Create Nginx configuration file for .local
echo "server {" | sudo tee /etc/nginx/sites-available/$DOMAIN_LOCAL
echo " listen 80;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo " server_name $DOMAIN_LOCAL;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo " location / {" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo " proxy_pass http://$FORWARD_IP/;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo " proxy_set_header Host \$host;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo " proxy_set_header X-Real-IP \$remote_addr;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo " proxy_set_header X-Forwarded-Proto \$scheme;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo " }" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo "}" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
#
# Create Nginx configuration file for .local (HTTPS, but not enabled)
echo "server {" | sudo tee /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo " listen 443 ssl;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo " server_name $DOMAIN_LOCAL;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo " ssl_certificate /etc/ssl/certs/raisin.seaoffate.local.crt;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo " ssl_certificate_key /etc/ssl/private/raisin.seaoffate.local.key;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo " location / {" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo " proxy_pass http://$FORWARD_IP/;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo " proxy_set_header Host \$host;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo " proxy_set_header X-Real-IP \$remote_addr;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo " proxy_set_header X-Forwarded-Proto \$scheme;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo " }" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "}" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
#
# Create Nginx configuration file for .net
echo "server {" | sudo tee /etc/nginx/sites-available/$DOMAIN_NET
echo " listen 80;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo " server_name $DOMAIN_NET;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo " location / {" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo " proxy_pass http://$FORWARD_IP/;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo " proxy_set_header Host \$host;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo " proxy_set_header X-Real-IP \$remote_addr;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo " proxy_set_header X-Forwarded-Proto \$scheme;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo " }" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo "}" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
#
# Create Nginx configuration file for .net (HTTPS, but not enabled)
echo "server {" | sudo tee /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo " listen 443 ssl;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo " server_name $DOMAIN_NET;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo " ssl_certificate /etc/nginx/ssl/$DOMAIN_NET.crt;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo " ssl_certificate_key /etc/nginx/ssl/$DOMAIN_NET.key;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo " location / {" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo " proxy_pass http://$FORWARD_IP/;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo " proxy_set_header Host \$host;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo " proxy_set_header X-Real-IP \$remote_addr;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo " proxy_set_header X-Forwarded-Proto \$scheme;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo " }" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "}" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
#
# Create SSL directories (only for .net)
sudo mkdir -p /etc/nginx/ssl/
sudo chmod 700 /etc/nginx/ssl/
#
# Enable HTTP sites
sudo ln -s /etc/nginx/sites-available/$DOMAIN_LOCAL /etc/nginx/sites-enabled/
sudo ln -s /etc/nginx/sites-available/$DOMAIN_NET /etc/nginx/sites-enabled/
#
# Restart Nginx
sudo systemctl restart nginx
#
echo "Nginx configuration complete."
echo "HTTP sites enabled. SSL directories created."
echo "Add your Cloudflare SSL certificates to /etc/nginx/ssl/ for .net and enable HTTPS sites."
echo "Using existing certs for .seaoffate.local."
Revove Website from Proxy (Raisin)
We all make mistakes and we have to recover. This script will remove mistakes created by the website_fwd_config.sh above call it with
./remove_nginx_website.sh sitename
sitename is the site that needs to be removed, only the host potion needs to be supplied do not put in the .seaoffate.let or .seaoffate.local because it will remove all four configs(.local & .net and http ang https). All four website configs created above will be removed from /etc/nginx/sites-available & sites.enabled.
#!/bin/bash # # Script to remove an Nginx reverse proxy website configuration # # Get website name from command line WEBSITE_NAME="$1" # # Check if website name is provided if [ -z "$WEBSITE_NAME" ]; then echo "Usage: sudo $0 <website_name>" exit 1 fi # # Define domain names DOMAIN_LOCAL="$WEBSITE_NAME.seaoffate.local" DOMAIN_NET="$WEBSITE_NAME.seaoffate.net" # # Define configuration file paths CONFIG_LOCAL="/etc/nginx/sites-available/$DOMAIN_LOCAL" CONFIG_LOCAL_SSL="/etc/nginx/sites-available/$DOMAIN_LOCAL-ssl" CONFIG_NET="/etc/nginx/sites-available/$DOMAIN_NET" CONFIG_NET_SSL="/etc/nginx/sites-available/$DOMAIN_NET-ssl" SYMLINK_LOCAL="/etc/nginx/sites-enabled/$DOMAIN_LOCAL" SYMLINK_NET="/etc/nginx/sites-enabled/$DOMAIN_NET" # # Remove configuration files sudo rm -f "$CONFIG_LOCAL" "$CONFIG_LOCAL_SSL" "$CONFIG_NET" "$CONFIG_NET_SSL" # # Remove symbolic links (disable sites) sudo rm -f "$SYMLINK_LOCAL" "$SYMLINK_NET" # # Restart Nginx sudo systemctl restart nginx # echo "Nginx website configuration removed." echo "Website: $WEBSITE_NAME" echo "Domains: $DOMAIN_LOCAL and $DOMAIN_NET" # # List sites-available directory echo "\nContents of /etc/nginx/sites-available/: " ls -l /etc/nginx/sites-available/
