Last active
May 19, 2016 20:58
-
-
Save extensionsapp/c4d71786a94d5b62705d3472221b885b to your computer and use it in GitHub Desktop.
Bash скрипт тихой установки WordPress (Debian 7, Debian 8).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| echo '------------------------------------------------------------------' | |
| echo ' _ _ _____ ____ ____ ____ ____ ____ ___ ___ ' | |
| echo ' ( \/\/ )( _ )( _ \( _ \( _ \( _ \( ___)/ __)/ __) ' | |
| echo ' ) ( )(_)( ) / )(_) ))___/ ) / )__) \__ \\__ \ ' | |
| echo ' (__/\__)(_____)(_)\_)(____/(__) (_)\_)(____)(___/(___/ ' | |
| echo ' ' | |
| echo '--------------------------- URL ДОМЕНА ---------------------------' | |
| AGAIN=yes | |
| while [ "${AGAIN}" = "yes" ] | |
| do | |
| if [ $1 ]; then | |
| DOMAIN=${1} | |
| echo ": ${DOMAIN}" | |
| else | |
| read -p ': ' DOMAIN | |
| fi | |
| if [ "${DOMAIN}" != "" ] | |
| then | |
| AGAIN=no | |
| else | |
| echo 'WARNING: URL домена не может быть пустым.' | |
| fi | |
| done | |
| echo '---------- ВАШ ЛОГИН ОТ АДМИН-ПАНЕЛИ, FTP И PHPMYADMIN -----------' | |
| USER=`echo ${DOMAIN} | sed -r "s/[^A-Za-z0-9]/_/g"` | |
| echo ": ${USER}" | |
| echo '------- ПРИДУМАЙТЕ ПАРОЛЬ ОТ АДМИН-ПАНЕЛИ, FTP И PHPMYADMIN ------' | |
| AGAIN=yes | |
| while [ "${AGAIN}" = "yes" ] | |
| do | |
| if [ $2 ] | |
| then | |
| PASSWD=${2} | |
| echo ": ${PASSWD}" | |
| else | |
| read -p ': ' PASSWD | |
| fi | |
| if [ "${PASSWD}" != "" ] | |
| then | |
| AGAIN=no | |
| else | |
| echo 'WARNING: Пароль от админ-панели, FTP и PhpMyAdmin не может быть пустым.' | |
| fi | |
| done | |
| echo '------------------------------------------------------------------' | |
| echo '' | |
| sleep 3 | |
| echo '------------------------------------------------------------------' | |
| echo '----- ОБНОВЛЕНИЕ -----' | |
| echo '------------------------------------------------------------------' | |
| echo '' | |
| apt-get -y -qq update && apt-get -y -qq install debian-keyring debian-archive-keyring wget curl nano htop sudo lsb-release ca-certificates git-core openssl netcat debconf-utils | |
| VER=`lsb_release -cs` | |
| echo "proftpd-basic shared/proftpd/inetd_or_standalone select standalone" | debconf-set-selections | |
| echo "iptables-persistent iptables-persistent/autosave_v6 boolean true" | debconf-set-selections | |
| echo "iptables-persistent iptables-persistent/autosave_v4 boolean true" | debconf-set-selections | |
| echo "mysql-server-5.5 mysql-server/root_password password ${PASSWD}" | debconf-set-selections | |
| echo "mysql-server-5.5 mysql-server/root_password_again password ${PASSWD}" | debconf-set-selections | |
| echo "phpmyadmin phpmyadmin/internal/skip-preseed boolean true" | debconf-set-selections | |
| echo "phpmyadmin phpmyadmin/reconfigure-webserver multiselect lighttpd" | debconf-set-selections | |
| echo "phpmyadmin phpmyadmin/dbconfig-install boolean false" | debconf-set-selections | |
| echo '' | |
| echo '------------------------------------------------------------------' | |
| echo '----- OK -----' | |
| echo '------------------------------------------------------------------' | |
| echo '' | |
| echo '------------------------------------------------------------------' | |
| echo '----- ПРОПИСЫВАЕМ СПИСОК РЕПОЗИТОРИЕВ -----' | |
| echo '------------------------------------------------------------------' | |
| echo '' | |
| echo "deb http://httpredir.debian.org/debian ${VER} main contrib non-free \n deb-src http://httpredir.debian.org/debian ${VER} main contrib non-free \n deb http://httpredir.debian.org/debian ${VER}-updates main contrib non-free \n deb-src http://httpredir.debian.org/debian ${VER}-updates main contrib non-free \n deb http://security.debian.org/ ${VER}/updates main contrib non-free \n deb-src http://security.debian.org/ ${VER}/updates main contrib non-free \n deb http://nginx.org/packages/debian/ ${VER} nginx \n deb-src http://nginx.org/packages/debian/ ${VER} nginx \n deb http://mirror.de.leaseweb.net/dotdeb/ ${VER} all \n deb-src http://mirror.de.leaseweb.net/dotdeb/ ${VER} all" > /etc/apt/sources.list | |
| echo '' | |
| echo '------------------------------------------------------------------' | |
| echo '----- OK -----' | |
| echo '------------------------------------------------------------------' | |
| echo '' | |
| echo '------------------------------------------------------------------' | |
| echo '----- ИМПОРТ КЛЮЧЕЙ -----' | |
| echo '------------------------------------------------------------------' | |
| echo '' | |
| wget --no-check-certificate http://www.dotdeb.org/dotdeb.gpg; apt-key add dotdeb.gpg; wget --no-check-certificate http://nginx.org/keys/nginx_signing.key; apt-key add nginx_signing.key | |
| rm -rf dotdeb.gpg | |
| rm -rf nginx_signing.key | |
| echo '' | |
| echo '------------------------------------------------------------------' | |
| echo '----- OK -----' | |
| echo '------------------------------------------------------------------' | |
| echo '' | |
| echo '------------------------------------------------------------------' | |
| echo '----- УЛУЧШЕНИЕ -----' | |
| echo '------------------------------------------------------------------' | |
| echo '' | |
| apt-get -y -qq update && apt-get -y -qq upgrade | |
| echo '' | |
| echo '------------------------------------------------------------------' | |
| echo '----- OK -----' | |
| echo '------------------------------------------------------------------' | |
| echo '' | |
| echo '------------------------------------------------------------------' | |
| echo '----- УСТАНОВКА ПАКЕТОВ -----' | |
| echo '------------------------------------------------------------------' | |
| echo '' | |
| apt-get -y install nginx mysql-server php5-fpm php5-mysql php5-gd php5-curl php-apc php5-cli php5-mcrypt php5-intl php-pear php5-ldap libssh2-php unzip zip rsync proftpd-basic phpmyadmin mysql-client unixodbc libpq5 dos2unix memcached fail2ban | |
| echo '' | |
| echo '------------------------------------------------------------------' | |
| echo '----- OK -----' | |
| echo '------------------------------------------------------------------' | |
| echo '' | |
| echo '------------------------------------------------------------------' | |
| echo '----- ДОБАВЛЕНИЕ ПОЛЬЗОВАТЕЛЯ -----' | |
| echo '------------------------------------------------------------------' | |
| echo '' | |
| useradd ${USER} -m -U -s /bin/false | |
| rm -rf /home/${USER}/* | |
| rm -rf /home/${USER}/.??* | |
| OPENSSL=`echo "${PASSWD}" | openssl passwd -1 -stdin -salt wordpress` | |
| wget -O /tmp/wordpress-latest-ru_RU.zip --no-check-certificate http://ru.wordpress.org/wordpress-latest-ru_RU.zip | |
| unzip /tmp/wordpress-latest-ru_RU.zip -d /tmp | |
| cp -r /tmp/wordpress/* /home/${USER}/ | |
| ln -s /usr/share/phpmyadmin /home/${USER} | |
| mv /home/${USER}/phpmyadmin /home/${USER}/abrakadabra | |
| php5enmod mcrypt | |
| chown -R ${USER}:www-data /home/${USER}/ | |
| echo '' | |
| echo '------------------------------------------------------------------' | |
| echo '----- OK -----' | |
| echo '------------------------------------------------------------------' | |
| echo '' | |
| echo '------------------------------------------------------------------' | |
| echo '----- НАСТРОЙКА WORDPRESS -----' | |
| echo '------------------------------------------------------------------' | |
| echo '' | |
| touch /home/${USER}/robots.txt | |
| ROBOTS=$(cat <<EOF | |
| User-agent: * | |
| Allow: /wp-content/uploads/ | |
| Disallow: /wp-login.php | |
| Disallow: /wp-register.php | |
| Disallow: /xmlrpc.php | |
| Disallow: /template.html | |
| Disallow: /cgi-bin | |
| Disallow: /wp-admin | |
| Disallow: /wp-includes | |
| Disallow: /wp-content/plugins | |
| Disallow: /wp-content/cache | |
| Disallow: /wp-content/themes | |
| Disallow: */trackback | |
| Disallow: */feed | |
| Disallow: */comments | |
| Disallow: */comment-page* | |
| Disallow: */replytocom= | |
| Disallow: /author* | |
| Disallow: */?author=* | |
| Disallow: /?feed= | |
| Disallow: /?s= | |
| Disallow: /?se= | |
| Host: ${DOMAIN} | |
| Sitemap: http://${DOMAIN}/sitemap.xml | |
| EOF | |
| ) | |
| echo "${ROBOTS}" > /home/${USER}/robots.txt | |
| cp /home/${USER}/wp-config-sample.php /home/${USER}/wp-config.php | |
| rm -r /home/${USER}/wp-config-sample.php | |
| sed -i~ "s/'DB_NAME', 'database_name_here'/'DB_NAME', '${USER}'/g" /home/${USER}/wp-config.php | |
| sed -i~ "s/'DB_USER', 'username_here'/'DB_USER', '${USER}'/g" /home/${USER}/wp-config.php | |
| sed -i~ "s/'DB_PASSWORD', 'password_here'/'DB_PASSWORD', '${PASSWD}'/g" /home/${USER}/wp-config.php | |
| rm -r /home/${USER}/*~ | |
| chown -R ${USER}:www-data /home/${USER} | |
| chmod g+w /home/${USER}/wp-content | |
| chmod g+w /home/${USER}/wp-config.php | |
| echo '' | |
| echo '------------------------------------------------------------------' | |
| echo '----- НАСТРОЙКА NGINX -----' | |
| echo '------------------------------------------------------------------' | |
| echo '' | |
| VHOST=$(cat <<EOF | |
| upstream php { | |
| server unix:/var/run/php5-fpm.sock; | |
| } | |
| server { | |
| listen 8080; | |
| listen [::]:8080; | |
| server_name ~^(?<host_uri>.+)$; | |
| rewrite ^/(.*)$ http://\$host_uri:80/\$1 permanent; | |
| } | |
| server { | |
| listen 80; | |
| listen [::]:80; | |
| server_name ~^www\.(?<domain_uri>.+)$; | |
| rewrite ^/(.*)$ http://\$domain_uri/\$1 permanent; | |
| } | |
| server { | |
| listen 80 default_server; | |
| listen [::]:80 default_server; | |
| root /home/${USER}; | |
| index index.php index.html index.htm; | |
| server_name ${DOMAIN}; | |
| rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.xml$ "/index.php?xml_sitemap=params=\$2" last; | |
| rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.xml\.gz$ "/index.php?xml_sitemap=params=\$2;zip=true" last; | |
| rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.html$ "/index.php?xml_sitemap=params=\$2;html=true" last; | |
| rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.html\.gz$ "/index.php?xml_sitemap=params=\$2;html=true;zip=true" last; | |
| location ~* ^/(\.htaccess|xmlrpc\.php)\$ { | |
| deny all; | |
| access_log off; | |
| error_log off; | |
| } | |
| location = /favicon.ico { | |
| log_not_found off; | |
| access_log off; | |
| } | |
| location = /robots.txt { | |
| allow all; | |
| log_not_found off; | |
| access_log off; | |
| } | |
| location ~ /\. { | |
| deny all; | |
| } | |
| location ~* /(?:uploads|files)/.*\.php$ { | |
| deny all; | |
| } | |
| location / { | |
| try_files \$uri \$uri/ /index.php?\$args; | |
| } | |
| rewrite /wp-admin$ \$scheme://\$host\$uri/ permanent; | |
| location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { | |
| access_log off; | |
| log_not_found off; | |
| expires max; | |
| } | |
| location ~ [^/]\.php(/|$) { | |
| fastcgi_split_path_info ^(.+?\.php)(/.*)$; | |
| if (!-f \$document_root\$fastcgi_script_name) { | |
| return 404; | |
| } | |
| include fastcgi_params; | |
| fastcgi_index index.php; | |
| fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; | |
| fastcgi_pass php; | |
| } | |
| location ~* ^/(abrakadabra)\$ { | |
| auth_basic "Login"; | |
| auth_basic_user_file /etc/nginx/nginx_pass; | |
| } | |
| } | |
| EOF | |
| ) | |
| echo "${VHOST}" > /etc/nginx/conf.d/${USER}.conf | |
| sed -i "s/user nginx;/user www-data;/g" /etc/nginx/nginx.conf | |
| sed -i "s/#gzip/gzip/g" /etc/nginx/nginx.conf | |
| echo "${DOMAIN}:$OPENSSL" >> /etc/nginx/nginx_pass | |
| SNHBS=`grep "server_names_hash_bucket_size" /etc/nginx/nginx.conf` | |
| if [ "${SNHBS}" = "" ] | |
| then | |
| sed -i "s/http {/http {\n\n server_names_hash_bucket_size 64;\n/g" /etc/nginx/nginx.conf | |
| fi | |
| LRZ=`grep "zone=wordpress" /etc/nginx/nginx.conf` | |
| if [ "${LRZ}" = "" ] | |
| then | |
| sed -i "s/http {/http {\n\n limit_req_zone \$binary_remote_addr zone=wordpress:10m rate=5r\/s;\n/g" /etc/nginx/nginx.conf | |
| fi | |
| sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/' /etc/php5/fpm/php.ini | |
| sed -i 's/max_execution_time = 30/max_execution_time = 120/' /etc/php5/fpm/php.ini | |
| sed -i 's/max_execution_time = 30/max_execution_time = 120/' /etc/php5/cli/php.ini | |
| sed -i 's/;date.timezone =/date.timezone = Europe\/Moscow/' /etc/php5/cli/php.ini | |
| sed -i 's/listen = 127.0.0.1:9000/listen = \/var\/run\/php5-fpm.sock/g' /etc/php5/fpm/pool.d/www.conf | |
| sed -i 's/;listen.mode = 0660/listen.mode = 0666/g' /etc/php5/fpm/pool.d/www.conf | |
| echo "extension=apc.so \napc.enabled=1 \napc.shm_size=128M \napc.ttl=3600 \napc.user_ttl=7200 \napc.gc_ttl=3600 \napc.max_file_size=1M" > /etc/php5/fpm/conf.d/20-apc.ini | |
| echo '' | |
| echo '------------------------------------------------------------------' | |
| echo '----- OK -----' | |
| echo '------------------------------------------------------------------' | |
| echo '' | |
| echo '------------------------------------------------------------------' | |
| echo '----- НАСТРОЙКА MYSQL -----' | |
| echo '------------------------------------------------------------------' | |
| echo '' | |
| sed -i~ "s/\[mysql\]/\[mysql\]\nuser=${USER}\npassword=${PASSWD}/g" /etc/mysql/my.cnf | |
| sed -i~ "s/\[mysqld\]/\[mysqld\]\ninit_connect='SET collation_connection = utf8_general_ci'\ninit_connect='SET NAMES utf8'\ncharacter-set-server=utf8\ncollation-server=utf8_general_ci\nskip-character-set-client-handshake/g" /etc/mysql/my.cnf | |
| sed -i~ "s/\key_buffer /key_buffer_size /g" /etc/mysql/my.cnf | |
| sed -i~ "s/\myisam-recover /myisam-recover-options /g" /etc/mysql/my.cnf | |
| sed -i~ "s/#max_connections = 100/max_connections = 600/g" /etc/mysql/my.cnf | |
| mysql -uroot -e "CREATE DATABASE ${USER};" | |
| mysql -uroot -e "GRANT ALL PRIVILEGES ON ${USER}.* TO ${USER}@localhost IDENTIFIED BY '${PASSWD}';" | |
| mysql -uroot -e "FLUSH PRIVILEGES;" | |
| echo '' | |
| echo '------------------------------------------------------------------' | |
| echo '----- OK -----' | |
| echo '------------------------------------------------------------------' | |
| echo '' | |
| echo '------------------------------------------------------------------' | |
| echo '----- НАСТРОЙКА PROFTPD -----' | |
| echo '------------------------------------------------------------------' | |
| echo '' | |
| sed -i "s/AuthUserFile \/etc\/proftpd\/ftpd\.passwd//g" /etc/proftpd/proftpd.conf | |
| echo 'AuthUserFile /etc/proftpd/ftpd.passwd' >> /etc/proftpd/proftpd.conf | |
| sed -i "s/\/bin\/false//g" /etc/shells | |
| echo '/bin/false' >> /etc/shells | |
| sed -i "s/# DefaultRoot/DefaultRoot/g" /etc/proftpd/proftpd.conf | |
| USERID=`id -u ${USER}` | |
| echo ${PASSWD} | ftpasswd --stdin --passwd --file=/etc/proftpd/ftpd.passwd --name=${USER} --shell=/bin/false --home=/home/${USER} --uid=${USERID} --gid=${USERID} | |
| echo '' | |
| echo '------------------------------------------------------------------' | |
| echo '----- OK -----' | |
| echo '------------------------------------------------------------------' | |
| echo '' | |
| echo '------------------------------------------------------------------' | |
| echo '----- НАСТРОЙКА FAIL2BAN -----' | |
| echo '------------------------------------------------------------------' | |
| echo '' | |
| rm -rf /etc/fail2ban/jail.local | |
| echo "[ssh]\nenabled = true\n[ssh-ddos]\nenabled = true\n[nginx-http-auth]\nenabled = true\n[proftpd]\nenabled = true" > /etc/fail2ban/jail.local | |
| echo '' | |
| echo '------------------------------------------------------------------' | |
| echo '----- OK -----' | |
| echo '------------------------------------------------------------------' | |
| echo '' | |
| echo '------------------------------------------------------------------' | |
| echo ' _ _ _____ ____ ____ ____ ____ ____ ___ ___ ' | |
| echo ' ( \/\/ )( _ )( _ \( _ \( _ \( _ \( ___)/ __)/ __) ' | |
| echo ' ) ( )(_)( ) / )(_) ))___/ ) / )__) \__ \\__ \ ' | |
| echo ' (__/\__)(_____)(_)\_)(____/(__) (_)\_)(____)(___/(___/ ' | |
| echo ' ' | |
| echo '------------------------------------------------------------------' | |
| echo '----- Сервер будет перезагружен через 10 сек ... -----' | |
| echo '!!!!! Нажмите CTRL+C ^C чтобы отменить перезагрузку !!!!!' | |
| echo '' | |
| sleep 10 | |
| reboot |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment