update

optimized, tested and supports Ubuntu 18.04 LTS

README.md

@@ -1,6 +1,6 @@
 ### CloudLite Readme
 
-CloudLite is a free collection of shell scripts for rapid deployment of LNMP stacks (Linux, Nginx, MySQL and PHP 7.0) for Debian and Ubuntu.
+CloudLite is a free collection of shell scripts for rapid deployment of LEMP stacks (Linux, Nginx, MySQL and PHP 7.2) for Debian and Ubuntu.
 
 The following are installed:-
 
@@ -42,9 +42,35 @@ kindly refer to these links:-
  ./domain.sh dbgui on
  ./domain.sh dbgui off
 
+### DO NOT FORGET TO ADD A REGULAR USER WITH SUDOER CAPABILITY!
+
+### Last step is to add user to database
+
+ # Create a database
+ mysql> CREATE DATABASE `mydb`;
+
+ # Create a user
+ mysql> CREATE USER 'myuser' IDENTIFIED BY 'mypassword';
+
+ # Grant permissions to access and use the MySQL server
+ # Only allow access from localhost (secure and common configuration to use for a web application):
+ mysql> GRANT USAGE ON *.* TO 'myuser'@localhost IDENTIFIED BY 'mypassword';
+
+ # To allow access to MySQL server from any other computer on the network:
+ mysql> GRANT USAGE ON *.* TO 'myuser'@'%' IDENTIFIED BY 'mypassword';
+
+ # Grant all privileges to a user on a specific database
+ mysql> GRANT ALL privileges ON `mydb`.* TO 'myuser'@localhost;
+
+ # CREATING ANOTHER SUPER USER (not safe! has ALL privileges across ALL databases on the server)
+ mysql> GRANT ALL PRIVILEGES ON *.* TO 'myuser'@'%';
+
+ # Save the changes
+ mysql> FLUSH PRIVILEGES;
+
 ### Requirements
 
-- Supports Debian 8, Ubuntu 16.04.
+- Supports Debian 8, Ubuntu 18.04.
 - A server with at least 256MB RAM. 512MB and above recommended.
 - Basic Linux knowledge. You will need know how to connect to your
  server remotely.

install.sh

@@ -1,22 +1,22 @@
 #!/bin/bash
 
 # First uninstall any unnecessary packages.
-apt-get update
-apt-get -y install nano
-apt-get -y install lsb-release
+apt update
+apt -y install nano
+apt -y install lsb-release
 systemctl stop apache2.service
 systemctl stop sendmail.service
 systemctl stop bind9.service
 systemctl stop nscd.service
-apt-get -y purge nscd bind9 sendmail apache2 apache2.2-common
+apt -y purge nscd bind9 sendmail apache2 apache2.2-common
 
 echo ""
 echo "Installing updates & configuring SSHD / hostname."
 sleep 5
 ./setup.sh basic
 
 echo ""
-echo "Installing LAMP or LNMP stack."
+echo "Installing LEMP stack."
 sleep 5
 ./setup.sh install
 
@@ -25,6 +25,11 @@ echo "Installing phpmyadmin/adminer."
 sleep 5
 ./setup.sh dbgui
 
+echo ""
+echo "Installing Let's Encrypt Certbot."
+sleep 5
+./setup.sh letsencrypt
+
 echo ""
 echo "Optimizing AWStats, PHP, logrotate & webserver config."
 sleep 5

options.conf

@@ -1,3 +1,9 @@
+# Hostname can be anything. E.g. "vps", "zeus", "jupiter"
+# FQDN can be any domain that you own and doesn't have to be hosted on this server
+HOSTNAME=srv1
+HOSTNAME_FQDN=srv1.yourdomain.com
+SERVER_IP="0.0.0.0"
+
 # Set SSH port. (Default: 22)
 SSHD_PORT=22
 
@@ -7,15 +13,9 @@ ADMIN_EMAIL="admin@yourdomain.com"
 # Choose whether you want to maintain 'root login' or not. Options = yes|no
 ROOT_LOGIN=no
 
-# Oracle MySQL = 1, MariaDB = 2, Percona = 3
+# Oracle MariaDB = 1, MySQL = 2
 DBSERVER=1
 
-# MariaDB 5.5 options
-# Generate preferred repo from https://downloads.mariadb.org/mariadb/repositories/
-# Specify repository's hostname if using another mirror. Required for APT pinning
-MARIADB_REPO='http://ftp.osuosl.org/pub/mariadb/repo/5.5/'
-MARIADB_REPO_HOSTNAME='ftp.osuosl.org'
-
 # Enable official nginx.org repository. Options = yes|no
 # Faster nginx updates, fewer compiled in modules
 USE_NGINX_ORG_REPO=no
@@ -26,11 +26,6 @@ MYSQL_ROOT_PASSWORD=abcd1234
 # phpMyAdmin = 1, Adminer = 2
 DB_GUI=2
 
-# Set amount of RAM for Varnish cache
-VARNISH_CACHE_SIZE=50M
-# Varnish version. Only used for Debian stable or Ubuntu LTS.
-VARNISH_VER=3.0
-
 
 #########################################################
 # You may simply use the defaults for the options below #
@@ -44,12 +39,16 @@ GIT_ENABLE=no
 
 # Any other packages that you wish to install. Leave empty if nothing more is needed
 # Eg. MISC_PACKAGES="htop dnsutils vim tmux imagemagick"
-MISC_PACKAGES=""
+MISC_PACKAGES="nano mc htop"
 
+# updated on 2019-10-31
 # Configure PHP. Recommended to leave PHP_BASE unchanged
 # You may safely remove all the modules in PHP_EXTRAS
-PHP_BASE="php7.0-fpm php7.0-mysql"
-PHP_EXTRAS="php7.0-zip php7.0-curl php7.0-gd php7.0-intl php7.0-imap php7.0-mcrypt php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy php7.0-xmlrpc php7.0-xsl php7.0-mbstring php-gettext php-memcache php-pear php-imagick php7.0-apcu"
+PHP_BASE="php7.2-fpm php7.2-mysql"
+PHP_EXTRAS="php7.2-zip php7.2-curl php7.2-gd php7.2-intl php7.2-imap php7.2-pspell php7.2-recode php7.2-sqlite3 php7.2-tidy php7.2-xmlrpc php7.2-xsl php7.2-mbstring php-gettext php-memcache php-pear php-imagick php7.2-apcu"
+
+# php 7.2 will not install
+# php-mcrypt
 
 # Settings for php.ini
 PHP_MEMORY_LIMIT=96M

setup.sh

@@ -14,14 +14,20 @@ fi
 
 function basic_server_setup {
 
- apt-get update && apt-get -y upgrade
+ apt update && apt -y upgrade
 
  # Reconfigure sshd - change port and disable root login
  sed -i 's/^Port [0-9]*/Port '${SSHD_PORT}'/' /etc/ssh/sshd_config
  if [ $ROOT_LOGIN = "no" ]; then
  sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
  fi;
- systemctl reload sshd
+ # Enable Password Authentication
+ sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
+ systemctl reload ssh.service
+
+ # Set hostname and FQDN
+ sed -i 's/'${SERVER_IP}'.*/'${SERVER_IP}' '${HOSTNAME_FQDN}' '${HOSTNAME}'/' /etc/hosts
+ echo "$HOSTNAME" > /etc/hostname
 
  # Basic hardening of sysctl.conf
  sed -i 's/^#net.ipv4.conf.all.accept_source_route = 0/net.ipv4.conf.all.accept_source_route = 0/' /etc/sysctl.conf
@@ -39,7 +45,7 @@ function basic_server_setup {
 
 function install_webserver {
 
- apt-get -y install nginx
+ apt -y install nginx
  ufw allow 'Nginx HTTP'
 
  if [ $USE_NGINX_ORG_REPO = "yes" ]; then
@@ -65,54 +71,50 @@ function install_webserver {
 function install_php {
 
  # Install PHP packages and extensions specified in options.conf
- apt-get -y install $PHP_BASE
- # apt-get -y install $PHP_EXTRAS
+ apt -y install $PHP_BASE
+ apt -y install $PHP_EXTRAS
 
 } # End function install_php
 
 
 function install_extras {
 
  if [ $AWSTATS_ENABLE = 'yes' ]; then
- apt-get -y install awstats
+ apt -y install awstats
  fi
 
  # Install any other packages specified in options.conf
- apt-get -y install $MISC_PACKAGES
+ apt -y install $MISC_PACKAGES
 
 } # End function install_extras
 
 
 function install_mysql {
 
- if [ $DBSERVER = 3 ]; then
- echo "percona-server-server-5.6 percona-server-server/root_password password $MYSQL_ROOT_PASSWORD" | debconf-set-selections
- echo "percona-server-server-5.6 percona-server-server/root_password_again password $MYSQL_ROOT_PASSWORD" | debconf-set-selections
+ if [ $DBSERVER = 1 ]; then
+ apt -y install mariadb-server mariadb-client
  else
- echo "mysql-server mysql-server/root_password password $MYSQL_ROOT_PASSWORD" | debconf-set-selections
- echo "mysql-server mysql-server/root_password_again password $MYSQL_ROOT_PASSWORD" | debconf-set-selections
- fi
-
- if [ $DBSERVER = 2 ]; then
- apt-get -y install mariadb-server mariadb-client
- elif [ $DBSERVER = 3 ]; then
- apt-get -y install percona-server-server-5.6 percona-server-client-5.6
- else
- apt-get -y install mysql-server mysql-client
+ apt -y install mysql-server mysql-client
  fi
 
  echo -e "\033[35;1m Securing MySQL... \033[0m"
  sleep 5
 
- apt-get -y install expect
+ apt -y install expect
 
  SECURE_MYSQL=$(expect -c "
  set timeout 10
  spawn mysql_secure_installation
  expect \"Enter current password for root (enter for none):\"
- send \"$MYSQL_ROOT_PASSWORD\r\"
+ send \"\r\"
  expect \"Change the root password?\"
- send \"n\r\"
+ send \"y\r\"
+ expect \"Set root password?\"
+ send \"y\r\"
+ expect \"New password:\"
+ send \"$MYSQL_ROOT_PASSWORD\r\"
+ expect \"Re-enter new password:\"
+ send \"$MYSQL_ROOT_PASSWORD\r\"
  expect \"Remove anonymous users?\"
  send \"y\r\"
  expect \"Disallow root login remotely?\"
@@ -155,9 +157,9 @@ function optimize_stack {
  sed -i 's/^[^#]/#&/' /etc/cron.d/awstats
  fi
 
- systemctl stop php7.0-fpm.service
+ systemctl stop php7.2-fpm.service
 
- php_fpm_conf="/etc/php/7.0/fpm/pool.d/www.conf"
+ php_fpm_conf="/etc/php/7.2/fpm/pool.d/www.conf"
  # Limit FPM processes
  sed -i 's/^pm.max_children.*/pm.max_children = '${FPM_MAX_CHILDREN}'/' $php_fpm_conf
  sed -i 's/^pm.start_servers.*/pm.start_servers = '${FPM_START_SERVERS}'/' $php_fpm_conf
@@ -167,7 +169,7 @@ function optimize_stack {
  # Change to socket connection for better performance
  sed -i 's/^listen =.*/listen = \/var\/run\/php7.0-fpm.sock/' $php_fpm_conf
 
- php_ini_dir="/etc/php/7.0/fpm/php.ini"
+ php_ini_dir="/etc/php/7.2/fpm/php.ini"
  # Tweak php.ini based on input in options.conf
  sed -i 's/^max_execution_time.*/max_execution_time = '${PHP_MAX_EXECUTION_TIME}'/' $php_ini_dir
  sed -i 's/^memory_limit.*/memory_limit = '${PHP_MEMORY_LIMIT}'/' $php_ini_dir
@@ -181,9 +183,9 @@ function optimize_stack {
 
  restart_webserver
  sleep 2
- systemctl start php7.0-fpm.service
+ systemctl start php7.2-fpm.service
  sleep 2
- systemctl restart php7.0-fpm.service
+ systemctl restart php7.2-fpm.service
  echo -e "\033[35;1m Optimize complete! \033[0m"
 
 } # End function optimize
@@ -195,7 +197,7 @@ function install_postfix {
  echo "postfix postfix/main_mailer_type select Internet Site" | debconf-set-selections
  echo "postfix postfix/mailname string $HOSTNAME_FQDN" | debconf-set-selections
  echo "postfix postfix/destinations string localhost.localdomain, localhost" | debconf-set-selections
- apt-get -y install postfix
+ apt -y install postfix
 
  # Allow mail delivery from localhost only
  /usr/sbin/postconf -e "inet_interfaces = loopback-only"
@@ -204,6 +206,8 @@ function install_postfix {
  postfix stop
  sleep 1
  postfix start
+ sleep 1
+ systemctl restart postfix
 
 } # End function install_postfix
 
@@ -342,9 +346,10 @@ function secure_tmp_dd {
 } # End function secure_tmp_tmpdd
 
 function install_letsencrypt {
- add-apt-repository ppa:certbot/certbot
- apt-get update
- apt-get install -y python-certbot-nginx
+ # add-apt-repository ppa:certbot/certbot
+ # apt-get update
+ # apt-get install -y python-certbot-nginx
+ apt -y install certbot
  ufw allow 'Nginx Full'
  ufw delete allow 'Nginx HTTP'
 }
@@ -411,7 +416,7 @@ install)
  install_extras
  install_postfix
  restart_webserver
- systemctl restart php7.0-fpm.service
+ systemctl restart php7.2-fpm.service
  echo -e "\033[35;1m Webserver + PHP-FPM + MySQL install complete! \033[0m"
  ;;
 optimize)