Ubuntu 11.04 - Apache - PHP-CGI - APC - Postfix-Gmail Script
Notes.
This must be on a fresh install. Period.
This script infers that you are going to operate your machine as root.
It will:
* –> Set up SSH
--> Set up your hostname
--> Set up a static IP
--> Set up BIND9 to cache DNS
--> Setup Apache2 with 1 virtual host + ports.conf
--> Setup PHP-CGI
--> Set up mpm_itk_module
--> Setup APC
--> Optimize Apache and PHP for 512MB (Got this part somewhere else)
--> Harden sysctl.conf
--> Install mod_security & mod_evasive
--> Install Google PageSpeed - mod_pagespeed
--> THE BEST PART - Setup Postfix to use your Gmail account for SMTP.</list>
Once it finishes just upload your website to /srv/www/yourdomain.com/public and you're good to go.
It might have a couple of bugs… Let me know if you find one and I'll update it.
First:
ssh ----DOMAIN----
nano setup.sh
# Paste contents of script then Ctrl+x - Y - Enter
chmod +x setup.sh
./setup.sh
#!/bin/bash
#############################################################
# Setup Ubuntu 11.04 32/64 Natty Web Server for WordPress #
# by Zach Browne - http://zachbrowne.com #
#############################################################
## Update and upgrade.
aptitude update && aptitude upgrade
## Setup SSH
mkdir ~/.ssh/
touch ~/.ssh/authorized_keys
echo "----YOUR-SSH-PUBLIC-KEY----" > ~/.ssh/authorized_keys
# Set up hosts file.
echo "scorpius" > /etc/hostname
hostname -F /etc/hostname
sed -i '1 a\----SERVER IP----\t\----YOUR FULL FQDN----\t\----HOSTNAME----' /etc/hosts
# Set up interfaces file for static IP.
cp /etc/network/{interfaces,interfaces.bak}
rm /etc/network/interfaces
touch /etc/network/interfaces
cat > /etc/network/interaces < <eof auto="" lo="" iface="" inet="" loopback="" eth0="" eth0:1="" statics="" address="" ----server="" ip----="" netmask="" 255.255.255.0="" gateway="" ----gateway----="" static="" ----internal="" 255.255.128.0="" eof="" #="" set="" resolv.conf="" to="" rotate="" dns="" cp="" etc="" {resolv.conf,resolv.conf.bak}="" rm="" touch="" cat="">/etc/resolv.conf < <eof search="" members.linode.com="" nameserver="" 72.14.188.5="" 72.14.179.5="" options="" rotate="" eof="" #="" restart="" networking.="" etc="" init.d="" networking="" ##="" setup="" apache2,="" php-cgi,="" apc,="" mysql,="" and="" optimize="" server="" for="" vps="" 512mb.="" install="" apps="" wordpress="" optimization="" aptitude="" -y="" apache2="" apache2-mpm-itk="" mysql-server="" fontconfig-config="" javascript-common="" libdbd-mysql-perl="" libdbi-perl="" libfontconfig1="" libfreetype6="" libgd2-xpm="" libjpeg62="" libjs-cropper="" libjs-jquery="" libjs-prototype="" libjs-scriptaculous="" libnet-daemon-perl="" libphp-phpmailer="" libphp-snoopy="" libplrpc-perl="" libt1-5="" libxpm4="" php-gettext="" php5-gd="" tinymce="" ttf-dejavu-core="" wwwconfig-common="" libapache2-mod-perl2="" php5-cgi="" php-apc="" php5-mysql="" php5-curl="" php5-imagick="" php5-mcrypt="" php5-common="" php5-pspell="" php5-snmp="" php5-xmlrpc="" php5-xsl="" imagemagick="" perl="" php-pear="" enable="" modules="" a2enmod="" actions="" rewrite="" apc="" echo="" "extension="apc.so"">/etc/php5/conf.d/apc.ini
# Configure PHP-CGI.
touch /etc/apache2/conf.d/php-cgi.conf
cat > /etc/apache2/conf.d/php-cgi.conf < <eof scriptalias="" local-bin="" usr="" bin="" addhandler="" application="" x-httpd-php5="" php="" action="" php-cgi="" eof="" #="" add="" ip="" to="" ports.conf.="" cp="" etc="" apache2="" {ports.conf,ports.conf.bak}="" rm="" ports.conf="" touch="" cat="">/etc/apache2/ports.conf < <eof 80="" 755="" namevirtualhost="" 72.14.187.136:80="" listen="" eof="" #="" create="" virtual="" directory="" &="" secure="" mkdir="" -p="" srv="" www="" ----domain----="" {public,logs}="" chown="" -r="" www-data:www-data="" find="" -type="" d="" -exec="" chmod="" {}="" \;="" host.="" touch="" etc="" apache2="" sites-available="" cat="">/etc/apache2/sites-available/----DOMAIN---- < <eof <virtualhost="" ----server-ip----:80="">RewriteEngine On
ServerName ----DOMAIN----
ServerAdmin www@----DOMAIN----
ServerAlias www.----DOMAIN----
DocumentRoot /srv/www/----DOMAIN----/public/
ErrorLog /srv/www/----DOMAIN----/logs/error.log
CustomLog /srv/www/----DOMAIN----/logs/access.log combined
<ifmodule mpm_itk_module="">AssignUserId www-data www-data</ifmodule>
EOF
# Create robots.txt file.
touch /srv/www/----DOMAIN----/public/robots.txt
cat > /srv/www/----DOMAIN----/public/robots.txt < <eof 0="" 1="" 2="" 5="" 15="" 45="" 5000="" user-agent:="" *="" eof="" ##="" optimize="" server.="" #="" remove="" apache="" server="" information="" from="" headers.="" sed="" -i="" 's="" servertokens="" .*="" prod="" '="" etc="" apache2="" conf.d="" security="" serversignature="" off="" tweak="" apache.conf.="" cp="" {apache2.conf,apache2.conf.bak}="" \(^\s*startservers\)\s*[0-9]*="" \1="" apache2.conf="" \(^\s*maxclients\)\s*[0-9]*="" \(^\s*minsparethreads\)\s*[0-9]*="" \(^\s*maxsparethreads\)\s*[0-9]*="" \(^\s*threadlimit\)\s*[0-9]*="" \(^\s*threadsperchild\)\s*[0-9]*="" \(^\s*maxrequestsperchild\)\s*[0-9]*="" php.ini.="" phpinidir="/etc/php5/cgi/php.ini" ^\(max_execution_time="\)[0-9]*/\1120/'" $phpinidir="" ^\(max_input_time="\)[0-9]*/\1300/'" ^\(memory_limit="\)[0-9]*M/\164M/'" ^\(post_max_size="\)[0-9]*M/\125M/'" ^\(upload_max_filesize="\)[0-9]*M/\125M/'" disable_functions="/disable_functions" =="" exec,system,passthru,shell_exec,escapeshellarg,escapeshellcmd,proc_close,proc_open,dl,popen,show_source="" harden="" sysctl.conf.="" ^#net.ipv4.conf.all.accept_source_route="0/net.ipv4.conf.all.accept_source_route" sysctl.conf="" ^net.ipv4.conf.all.accept_source_route="1/net.ipv4.conf.all.accept_source_route" ^#net.ipv6.conf.all.accept_source_route="0/net.ipv6.conf.all.accept_source_route" ^net.ipv6.conf.all.accept_source_route="1/net.ipv6.conf.all.accept_source_route" secure="" apache2.="" install="" mod_security="" &="" mod_evasive.="" aptitude="" -y="" libapache2-mod-evasive="" libapache-mod-security="" php5-suhosin="" apt-get="" -f="" pagespeed="" module.="" wget="" https:="" dl-ssl.google.com="" dl="" linux="" direct="" mod-pagespeed-beta_current_amd64.deb="" dpkg="" mod-pagespeed-*.deb="" postfix="" for="" use="" with="" gmail.="" postfix.="" echo="" "postfix="" main_mailer_type="" select="" internet="" site"="" |="" debconf-set-selections="" mailname="" string="" ----domain----"="" destinations="" localhost.localdomain,="" localhost"="" create="" main.cf="" file.="" main.cf.bak="" rm="" touch="" cat="">/etc/postfix/main.cf < <eof 104="" 128="" #="" main="" settings="" smtpd_banner="$myhostname" esmtp="" $mail_name="" (ubuntu)="" biff="no" append_dot_mydomain="no" readme_directory="no" tls="" parameters="" smtpd_tls_cert_file="/etc/ssl/certs/ssl-cert-snakeoil.pem" smtpd_tls_key_file="/etc/ssl/private/ssl-cert-snakeoil.key" smtpd_use_tls="no" smtpd_tls_session_cache_database="btree:${data_directory}/smtpd_scache" smtp_tls_session_cache_database="btree:${data_directory}/smtp_scache" host="" myhostname="----DOMAIN----" alias_maps="hash:/etc/aliases" alias_database="hash:/etc/aliases" myorigin="/etc/mailname" mydestination="relayhost" =="" [smtp.gmail.com]:587="" mynetworks="127.0.0.0/8" [::ffff:127.0.0.0]="" [::1]="" mailbox_size_limit="0" recipient_delimiter="+" inet_interfaces="loopback-only" default_transport="smtp" relay_transport="smtp" inet_protocols="all" sasl="" smtp_use_tls="yes" smtp_sasl_auth_enable="yes" smtp_sasl_password_maps="hash:/etc/postfix/sasl_passwd" smtp_sasl_security_options="noanonymous" smtp_sasl_tls_security_options="noanonymous" smtp_tls_cafile="/etc/postfix/cacert.pem" eof="" create="" sasl_password="" file.="" touch="" etc="" postfix="" sasl_passwd="" cat="">/etc/postfix/sasl_passwd <<eof 400="" [smtp.gmail.com]:587="" ----your-gmail-address----:----gmail="" password----="" eof="" #="" increase="" file="" security.="" chmod="" etc="" postfix="" sasl_passwd="" postmap="" touch="" cacert.pem="" cat="" ssl="" certs="" thawte_premium_server_ca.pem="">> /etc/postfix/cacert.pem
# Activate site, restart Postfix & Apache2.
a2ensite ----DOMAIN----
/etc/init.d/apache2 restart
/etc/init.d/postfix restart</eof></eof></eof></eof></eof></eof></eof></eof>
Good luck!
Zach