Webserver Setup

From Sea of Fate
Jump to navigationJump to search

Introduction

Some scripts to help with the deployment of webservers.

Apache Webservers

To help with installing the various packages for webservers we have a simple script to call apt to install them all. We have a copy in my Templates dir on lemon as we will need to copy it to the new webserver. After it is copied to the target webserver we call the script with 

./lamp_client_install.sh

Although it is called lamp it only installs the MySQL client not the server(we will user the MySQL server on Mandarin) This what it does

  1. !/bin/bash
  1. Script to install a LAMP server (MySQL client only), PHP, ImageMagick, SFTP, and Exif reader
  1. Update package lists

sudo apt update -y

  1. Install Apache2

sudo apt install apache2 -y

  1. Install PHP and common extensions

sudo apt install php libapache2-mod-php php-cli php-mysql php-gd php-curl php-xml php-mbstring php-zip -y

  1. Install MySQL client

sudo apt install mysql-client -y

  1. Install ImageMagick

sudo apt install imagemagick -y

  1. Install OpenSSH server (SFTP)

sudo apt install openssh-server -y

  1. Enable SSH service

sudo systemctl enable ssh

  1. Install exiftool (Exif reader)

sudo apt install libimage-exiftool-perl -y

  1. Restart Apache2

sudo systemctl restart apache2

echo "LAMP server (MySQL client only), PHP, ImageMagick, SFTP, and Exif reader installation complete." echo "Apache2 is running. SSH is enabled."

Add site to Nginx

This will take two parameters the first is the website name and the second is the IP address 

website_fwd_config.sh websitename x.x.x.x

There is no need to add seaoffate.local or .net. this script will create four configs.

  • sitename.seaoffate.local as http
  • sitename.seaoffate.local as https
  • sitename.seaoffate.net as http
  • sitename.seaoffate.net as https

It should enable both of the http: versions (.local & .net) but it will not enable the https: so we have some time to get the certs done before ssl is deployed. note that the .local is sharing the same certificate amongst all of the .local websites that are being deployed here. The script is on Raisin on the root of nigel. Note we will have to do this for a hostname and the purpose as the hostname will not be known here eg run once for photo and once more for plum.

If it is lost it can be deployed again from this: 

#!/bin/bash

# Script to configure Nginx as a reverse proxy

# Get website name, IP address from command line
WEBSITE_NAME="$1"
FORWARD_IP="$2"

# Check if parameters are provided
if [ -z "$WEBSITE_NAME" ] || [ -z "$FORWARD_IP" ]; then
  echo "Usage: sudo $0 <website_name> <forward_ip>"
  exit 1
fi

# Define domain names
DOMAIN_LOCAL="$WEBSITE_NAME.seaoffate.local"
DOMAIN_NET="$WEBSITE_NAME.seaoffate.net"

# Create Nginx configuration file for .local
echo "server {" | sudo tee /etc/nginx/sites-available/$DOMAIN_LOCAL
echo "    listen 80;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo "    server_name $DOMAIN_LOCAL;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo "    location / {" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo "        proxy_pass http://$FORWARD_IP/;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo "        proxy_set_header Host \$host;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo "        proxy_set_header X-Real-IP \$remote_addr;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo "        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo "        proxy_set_header X-Forwarded-Proto \$scheme;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo "    }" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo "}" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL

# Create Nginx configuration file for .local (HTTPS, but not enabled)
echo "server {" | sudo tee /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "    listen 443 ssl;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "    server_name $DOMAIN_LOCAL;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "    ssl_certificate /etc/ssl/certs/raisin.seaoffate.local.crt;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "    ssl_certificate_key /etc/ssl/private/raisin.seaoffate.local.key;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "    location / {" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "        proxy_pass http://$FORWARD_IP/;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "        proxy_set_header Host \$host;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "        proxy_set_header X-Real-IP \$remote_addr;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "        proxy_set_header X-Forwarded-Proto \$scheme;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "    }" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "}" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl

# Create Nginx configuration file for .net
echo "server {" | sudo tee /etc/nginx/sites-available/$DOMAIN_NET
echo "    listen 80;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo "    server_name $DOMAIN_NET;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo "    location / {" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo "        proxy_pass http://$FORWARD_IP/;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo "        proxy_set_header Host \$host;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo "        proxy_set_header X-Real-IP \$remote_addr;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo "        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo "        proxy_set_header X-Forwarded-Proto \$scheme;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo "    }" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo "}" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET

# Create Nginx configuration file for .net (HTTPS, but not enabled)
echo "server {" | sudo tee /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "    listen 443 ssl;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "    server_name $DOMAIN_NET;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "    ssl_certificate /etc/nginx/ssl/$DOMAIN_NET.crt;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "    ssl_certificate_key /etc/nginx/ssl/$DOMAIN_NET.key;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "    location / {" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "        proxy_pass http://$FORWARD_IP/;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "        proxy_set_header Host \$host;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "        proxy_set_header X-Real-IP \$remote_addr;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "        proxy_set_header X-Forwarded-Proto \$scheme;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "    }" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "}" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl

# Create SSL directories (only for .net)
sudo mkdir -p /etc/nginx/ssl/
sudo chmod 700 /etc/nginx/ssl/

# Enable HTTP sites
sudo ln -s /etc/nginx/sites-available/$DOMAIN_LOCAL /etc/nginx/sites-enabled/
sudo ln -s /etc/nginx/sites-available/$DOMAIN_NET /etc/nginx/sites-enabled/

# Restart Nginx
sudo systemctl restart nginx

echo "Nginx configuration complete."
echo "HTTP sites enabled. SSL directories created."
echo "Add your Cloudflare SSL certificates to /etc/nginx/ssl/ for .net and enable HTTPS sites."
echo "Using existing certs for .seaoffate.local."

Revove Website from Proxy (Raisin)

We all make mistakes and we have to recover. This script will remove mistakes created by the website_fwd_config.sh above call it with 

./remove_nginx_website.sh sitename

sitename is the site that needs to be removed, only the host potion needs to be supplied do not put in the .seaoffate.let or .seaoffate.local because it will remove all four configs(.local & .net and http ang https). All four website configs created above will be removed from /etc/nginx/sites-available & sites.enabled. 

#!/bin/bash

# Script to remove an Nginx reverse proxy website configuration

# Get website name from command line
WEBSITE_NAME="$1"

# Check if website name is provided
if [ -z "$WEBSITE_NAME" ]; then
  echo "Usage: sudo $0 <website_name>"
  exit 1
fi

# Define domain names
DOMAIN_LOCAL="$WEBSITE_NAME.seaoffate.local"
DOMAIN_NET="$WEBSITE_NAME.seaoffate.net"

# Define configuration file paths
CONFIG_LOCAL="/etc/nginx/sites-available/$DOMAIN_LOCAL"
CONFIG_LOCAL_SSL="/etc/nginx/sites-available/$DOMAIN_LOCAL-ssl"
CONFIG_NET="/etc/nginx/sites-available/$DOMAIN_NET"
CONFIG_NET_SSL="/etc/nginx/sites-available/$DOMAIN_NET-ssl"
SYMLINK_LOCAL="/etc/nginx/sites-enabled/$DOMAIN_LOCAL"
SYMLINK_NET="/etc/nginx/sites-enabled/$DOMAIN_NET"

# Remove configuration files
sudo rm -f "$CONFIG_LOCAL" "$CONFIG_LOCAL_SSL" "$CONFIG_NET" "$CONFIG_NET_SSL"

# Remove symbolic links (disable sites)
sudo rm -f "$SYMLINK_LOCAL" "$SYMLINK_NET"

# Restart Nginx
sudo systemctl restart nginx

echo "Nginx website configuration removed."
echo "Website: $WEBSITE_NAME"
echo "Domains: $DOMAIN_LOCAL and $DOMAIN_NET"

# List sites-available directory
echo "\nContents of /etc/nginx/sites-available/: "
ls -l /etc/nginx/sites-available/
Retrieved from "https://wiki.seaoffate.net/index.php?title=Webserver_Setup&oldid=194"