Webserver Setup

From Sea of Fate
Jump to navigationJump to search

Introduction

Some scripts to help with the deployment of webservers. Back to the main page here

Apache Webservers

Install packages

To help with installing the various packages for webservers we have a simple script to call apt to install them all. We have a copy in my Templates dir on lemon as we will need to copy it to the new webserver. After it is copied to the target webserver we call the script with 

./lamp_client_install.sh

Although it is called lamp it only installs the MySQL client not the server(we will user the MySQL server on Mandarin) This what it does 

#!/bin/bash
#
# Script to install a LAMP server (MySQL client only), PHP, ImageMagick, SFTP, and Exif reader
#
# Update package lists
sudo apt update -y
#
# Install Apache2
sudo apt install apache2 -y
#
# Install PHP and common extensions
sudo apt install php libapache2-mod-php php-cli php-mysql php-gd php-curl php-xml php-mbstring php-zip -y
#
# Install MySQL client
sudo apt install mysql-client -y
#
# Install ImageMagick
sudo apt install imagemagick -y
#
# Install OpenSSH server (SFTP)
sudo apt install openssh-server -y
#
# Enable SSH service
sudo systemctl enable ssh
#
# Install exiftool (Exif reader)
sudo apt install libimage-exiftool-perl -y
#
# Restart Apache2
sudo systemctl restart apache2
#
echo "LAMP server (MySQL client only), PHP, ImageMagick, SFTP, and Exif reader installation complete."
echo "Apache2 is running. SSH is enabled."

Website Config

Once Apache and it supporting packages are done we will need to create the config files. We will need 6 configs created.

  • hostname.seaoffate.local as http
  • hostname.seaoffate.local as https
  • purpose.seaoffate.local as http
  • purpose.seaoffate.local as https
  • purpose.seaoffate.net as http
  • purpose.seaoffate.net as https

The file will be stored in the Templates dir on nigel login on lemon Although there are six websites they all will serve from the same docroot. we will get one of the names from the hostname of the VM and the other will be the parameter in the call. 

./apache_config.sh purpose

purpose will be what the reason for having the webserver eg wiki or photo. We do not need the .seaofffate.local or .net as that is assumed

#!/bin/bash # # Script to create Apache configuration files for a website. # # Get website name from user input read -p "Enter website name: " website_name # # Get the hostname of the vm hostname=$(hostname) # # Define document root docroot="/var/www/${website_name}.seaoffate.net/public_html" # # Create directory structure mkdir -p "$docroot" echo "Directory structure created: $docroot" # # Set permissions and ownership chown -R www-data:www-data "/var/www/${website_name}.seaoffate.net" chmod -R 755 "/var/www/${website_name}.seaoffate.net" echo "Permissions and ownership set for: /var/www/${website_name}.seaoffate.net" # # Create index.php cat <<EOF > "$docroot/index.php" <?php date_default_timezone_set('Europe/London'); \$ukTime = date('l, F j, Y, g:i:s A'); # date_default_timezone_set('Europe/Madrid'); \$spainTime = date('l, F j, Y, g:i:s A'); # date_default_timezone_set('America/New_York'); \$nyTime = date('l, F j, Y, g:i:s A');  ?> <!DOCTYPE html> <html> <head> <title>Time Display</title> <style> body { display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; font-family: sans-serif; } # #time-container { text-align: center; } # #uk-time, #spain-time, #ny-time { font-size: 24px; margin: 10px; } </style> </head> <body> <div id="time-container"> <div id="uk-time">UK (London): <?php echo \$ukTime; ?></div> <div id="spain-time">Spain (Madrid): <?php echo \$spainTime; ?></div> <div id="ny-time">New York: <?php echo \$nyTime; ?></div> </div> </body> </html> EOF echo "index.php created in: $docroot" # Create Apache configuration files cat <<EOF > "/etc/apache2/sites-available/${website_name}.seaoffate.local.conf" <VirtualHost *:80> ServerName ${website_name}.seaoffate.local DocumentRoot "$docroot" ErrorLog \${APACHE_LOG_DIR}/${website_name}.seaoffate.local-error.log CustomLog \${APACHE_LOG_DIR}/${website_name}.seaoffate.local-access.log combined </VirtualHost> EOF echo "HTTP config created: /etc/apache2/sites-available/${website_name}.seaoffate.local.conf" cat <<EOF > "/etc/apache2/sites-available/${website_name}.seaoffate.local-ssl.conf" <VirtualHost *:443> ServerName ${website_name}.seaoffate.local DocumentRoot "$docroot" SSLEngine on SSLCertificateFile /etc/ssl/certs/${website_name}.seaoffate.local.crt SSLCertificateKeyFile /etc/ssl/private/${website_name}.seaoffate.local.key ErrorLog \${APACHE_LOG_DIR}/${website_name}.seaoffate.local-ssl-error.log CustomLog \${APACHE_LOG_DIR}/${website_name}.seaoffate.local-ssl-access.log combined </VirtualHost> EOF echo "HTTPS config created: /etc/apache2/sites-available/${website_name}.seaoffate.local-ssl.conf" cat <<EOF > "/etc/apache2/sites-available/${website_name}.seaoffate.net.conf" <VirtualHost *:80> ServerName ${website_name}.seaoffate.net DocumentRoot "$docroot" ErrorLog \${APACHE_LOG_DIR}/${website_name}.seaoffate.net-error.log CustomLog \${APACHE_LOG_DIR}/${website_name}.seaoffate.net-access.log combined </VirtualHost> EOF echo "HTTP config created: /etc/apache2/sites-available/${website_name}.seaoffate.net.conf" cat <<EOF > "/etc/apache2/sites-available/${website_name}.seaoffate.net-ssl.conf" <VirtualHost *:443> ServerName ${website_name}.seaoffate.net DocumentRoot "$docroot" SSLEngine on SSLCertificateFile /etc/ssl/certs/${website_name}.seaoffate.net.crt SSLCertificateKeyFile /etc/ssl/private/${website_name}.seaoffate.net.key ErrorLog \${APACHE_LOG_DIR}/${website_name}.seaoffate.net-ssl-error.log CustomLog \${APACHE_LOG_DIR}/${website_name}.seaoffate.net-ssl-access.log combined </VirtualHost> EOF echo "HTTPS config created: /etc/apache2/sites-available/${website_name}.seaoffate.net-ssl.conf" cat <<EOF > "/etc/apache2/sites-available/${hostname}.seaoffate.local.conf" <VirtualHost *:80> ServerName ${hostname}.seaoffate.local DocumentRoot "$docroot" ErrorLog \${APACHE_LOG_DIR}/${hostname}.seaoffate.local-error.log CustomLog \${APACHE_LOG_DIR}/${hostname}.seaoffate.local-access.log combined </VirtualHost> EOF echo "HTTP config created: /etc/apache2/sites-available/${hostname}.seaoffate.local.conf" cat <<EOF > "/etc/apache2/sites-available/${hostname}.seaoffate.local-ssl.conf" <VirtualHost *:443> ServerName ${hostname}.seaoffate.local DocumentRoot "$docroot" SSLEngine on SSLCertificateFile /etc/ssl/certs/${hostname}.seaoffate.local.crt SSLCertificateKeyFile /etc/ssl/private/${hostname}.seaoffate.local.key ErrorLog \${APACHE_LOG_DIR}/${hostname}.seaoffate.local-ssl-error.log CustomLog \${APACHE_LOG_DIR}/${hostname}.seaoffate.local-ssl-access.log combined </VirtualHost> EOF echo "HTTPS config created: /etc/apache2/sites-available/${hostname}.seaoffate.local-ssl.conf" #Remove the backslashes from the APACHE_LOG_DIR variable sed -i 's/\\\${APACHE_LOG_DIR}/${APACHE_LOG_DIR}/g' /etc/apache2/sites-available/*.conf echo "Removed backslashes from APACHE_LOG_DIR in config files" echo "All configuration files created and corrected."

Add site to Nginx

This will take two parameters the first is the website name and the second is the IP address 

website_fwd_config.sh websitename x.x.x.x

There is no need to add seaoffate.local or .net. this script will create four configs.

  • sitename.seaoffate.local as http
  • sitename.seaoffate.local as https
  • sitename.seaoffate.net as http
  • sitename.seaoffate.net as https

It should enable both of the http: versions (.local & .net) but it will not enable the https: so we have some time to get the certs done before ssl is deployed. note that the .local is sharing the same certificate amongst all of the .local websites that are being deployed here. The script is on Raisin on the root of nigel. Note we will have to do this for a hostname and the purpose as the hostname will not be known here eg run once for photo and once more for plum.

If it is lost it can be deployed again from this: 

#!/bin/bash
#
# Script to configure Nginx as a reverse proxy
#
# Get website name, IP address from command line
WEBSITE_NAME="$1"
FORWARD_IP="$2"
#
# Check if parameters are provided
if [ -z "$WEBSITE_NAME" ] || [ -z "$FORWARD_IP" ]; then
  echo "Usage: sudo $0 <website_name> <forward_ip>"
  exit 1
fi
#
# Define domain names
DOMAIN_LOCAL="$WEBSITE_NAME.seaoffate.local"
DOMAIN_NET="$WEBSITE_NAME.seaoffate.net"
# 
# Create Nginx configuration file for .local
echo "server {" | sudo tee /etc/nginx/sites-available/$DOMAIN_LOCAL
echo "    listen 80;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo "    server_name $DOMAIN_LOCAL;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo "    location / {" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo "        proxy_pass http://$FORWARD_IP/;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo "        proxy_set_header Host \$host;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo "        proxy_set_header X-Real-IP \$remote_addr;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo "        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo "        proxy_set_header X-Forwarded-Proto \$scheme;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo "    }" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo "}" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
#
# Create Nginx configuration file for .local (HTTPS, but not enabled)
echo "server {" | sudo tee /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "    listen 443 ssl;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "    server_name $DOMAIN_LOCAL;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "    ssl_certificate /etc/ssl/certs/raisin.seaoffate.local.crt;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "    ssl_certificate_key /etc/ssl/private/raisin.seaoffate.local.key;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "    location / {" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "        proxy_pass http://$FORWARD_IP/;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "        proxy_set_header Host \$host;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "        proxy_set_header X-Real-IP \$remote_addr;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "        proxy_set_header X-Forwarded-Proto \$scheme;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "    }" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "}" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
#
# Create Nginx configuration file for .net
echo "server {" | sudo tee /etc/nginx/sites-available/$DOMAIN_NET
echo "    listen 80;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo "    server_name $DOMAIN_NET;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo "    location / {" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo "        proxy_pass http://$FORWARD_IP/;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo "        proxy_set_header Host \$host;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo "        proxy_set_header X-Real-IP \$remote_addr;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo "        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo "        proxy_set_header X-Forwarded-Proto \$scheme;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo "    }" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo "}" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
#
# Create Nginx configuration file for .net (HTTPS, but not enabled)
echo "server {" | sudo tee /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "    listen 443 ssl;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "    server_name $DOMAIN_NET;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "    ssl_certificate /etc/nginx/ssl/$DOMAIN_NET.crt;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "    ssl_certificate_key /etc/nginx/ssl/$DOMAIN_NET.key;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "    location / {" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "        proxy_pass http://$FORWARD_IP/;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "        proxy_set_header Host \$host;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "        proxy_set_header X-Real-IP \$remote_addr;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "        proxy_set_header X-Forwarded-Proto \$scheme;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "    }" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "}" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
#
# Create SSL directories (only for .net)
sudo mkdir -p /etc/nginx/ssl/
sudo chmod 700 /etc/nginx/ssl/
#
# Enable HTTP sites
sudo ln -s /etc/nginx/sites-available/$DOMAIN_LOCAL /etc/nginx/sites-enabled/
sudo ln -s /etc/nginx/sites-available/$DOMAIN_NET /etc/nginx/sites-enabled/
#
# Restart Nginx
sudo systemctl restart nginx
# 
echo "Nginx configuration complete."
echo "HTTP sites enabled. SSL directories created."
echo "Add your Cloudflare SSL certificates to /etc/nginx/ssl/ for .net and enable HTTPS sites."
echo "Using existing certs for .seaoffate.local."

Revove Website from Proxy (Raisin)

We all make mistakes and we have to recover. This script will remove mistakes created by the website_fwd_config.sh above call it with 

./remove_nginx_website.sh sitename

sitename is the site that needs to be removed, only the host potion needs to be supplied do not put in the .seaoffate.let or .seaoffate.local because it will remove all four configs(.local & .net and http ang https). All four website configs created above will be removed from /etc/nginx/sites-available & sites.enabled. 

#!/bin/bash
#
# Script to remove an Nginx reverse proxy website configuration
#
# Get website name from command line
WEBSITE_NAME="$1"
#
# Check if website name is provided
if [ -z "$WEBSITE_NAME" ]; then
  echo "Usage: sudo $0 <website_name>"
  exit 1
fi
#
# Define domain names
DOMAIN_LOCAL="$WEBSITE_NAME.seaoffate.local"
DOMAIN_NET="$WEBSITE_NAME.seaoffate.net"
#
# Define configuration file paths
CONFIG_LOCAL="/etc/nginx/sites-available/$DOMAIN_LOCAL"
CONFIG_LOCAL_SSL="/etc/nginx/sites-available/$DOMAIN_LOCAL-ssl"
CONFIG_NET="/etc/nginx/sites-available/$DOMAIN_NET"
CONFIG_NET_SSL="/etc/nginx/sites-available/$DOMAIN_NET-ssl"
SYMLINK_LOCAL="/etc/nginx/sites-enabled/$DOMAIN_LOCAL"
SYMLINK_NET="/etc/nginx/sites-enabled/$DOMAIN_NET"
#
# Remove configuration files
sudo rm -f "$CONFIG_LOCAL" "$CONFIG_LOCAL_SSL" "$CONFIG_NET" "$CONFIG_NET_SSL"
#
# Remove symbolic links (disable sites)
sudo rm -f "$SYMLINK_LOCAL" "$SYMLINK_NET"
#
# Restart Nginx
sudo systemctl restart nginx
#
echo "Nginx website configuration removed."
echo "Website: $WEBSITE_NAME"
echo "Domains: $DOMAIN_LOCAL and $DOMAIN_NET"
#
# List sites-available directory
echo "\nContents of /etc/nginx/sites-available/: "
ls -l /etc/nginx/sites-available/
Retrieved from "https://wiki.seaoffate.net/index.php?title=Webserver_Setup&oldid=247"