Release v1.0.39

README.md

@@ -26,8 +26,8 @@ The git repository setup makes it very easy to deploy a product version to the s
 
 ```bash
 yum -y install tar
-curl -s -L https://github.com/rvwoens/centos-laravel-stack/archive/v1.0.38.tar.gz | tar -xz
-cd centos-laravel-stack-1.0.38
+curl -s -L https://github.com/rvwoens/centos-laravel-stack/archive/v1.0.39.tar.gz | tar -xz
+cd centos-laravel-stack-1.0.39
 ./setup_full
 
 ```

VERSION

@@ -1,2 +1,2 @@
-version=v1.0.38
-date="Mon Aug 17 23:27:19 CEST 2020"
+version=v1.0.39
+date="Mon Aug 24 01:45:23 CEST 2020"

parts/05_security

@@ -58,6 +58,7 @@ setemp=`mktemp`
 if [ "$selinux" = "n" ]; then
   cat $selinuxconf |
     sed -e "s/SELINUX=/\nSELINUX=disabled\n#SELINUX=/" >$setemp
+  export rebootOnExit=Y
 else
   cat $selinuxconf |
     sed -e "s/SELINUX=/\nSELINUX=enforcing\n#SELINUX=/" >$setemp

parts/06_global_settings

@@ -28,6 +28,9 @@ git clone https://github.com/bmc/fortunes.git /usr/local/share/fortunes
 yum -y install cowsay
 echo "fortune /usr/local/share/fortunes/fortunes | cowsay -W 100 -f small" >/etc/profile.d/cowsay.sh
 
+loglin "06.05 additional yum installs"
+dnf install -y rsync
+
 logline "06.99 global settings END"
 
 

parts/07_php

@@ -7,22 +7,25 @@ logline "07.00 install php7.1 from remi"
 logline "07.01 yum php"
 ## yum PHP 7.1 and start fpm
 yum -d1 -y install php74-php-fpm php74-php-cli php74-php-mysqlnd php74-php-mcrypt
-yum -d1 -y install  php74-php-pecl-imagick php74-php-mbstring
+yum -d1 -y install  php74-php-pecl-imagick php74-php-mbstring php74-php-pecl-zip php74-php-xml php74-php-bcmath
 #php71-php-pear
-yum -d1 -y install  php74-php-common
+yum -d1 -y install  php74-php-common php74-php-gd
 
-## make php available without '71'
+## make php available without '74' (could do yum-config-manager --enable remi-php74;yum install php-cli.. << !!!! NOO this installs an OTHER php7.4 on /usr/bin)
+## NOO dont do this: https://stackoverflow.com/questions/48682572/centos-installed-php72-but-command-line-php-isn-not-working/48683067
 ln -s /usr/bin/php74 /usr/bin/php
 
 logline "07.02 php.ini changes (short open tags, expose off, max exec time, memory limit, date.timezone, fix_pathinfo)"
 phpini=`php74 --ini | grep Loaded | grep -o -e '/etc.*'`
 echo "PHP ini file at $phpini"
 phpinitemp=`mktemp`
+# make some changes to the php.ini (you might tweak this a little)
 cat $phpini |
 	sed -e "s/short_open_tag = Off/short_open_tag = On/" | 
 	sed -e "s/expose_php = On/expose_php = Off/" |
 	sed -r "s/max_execution_time = [0-9]+/max_execution_time = 360/" |
 	sed -r "s/memory_limit = [0-9]+M/memory_limit = 512M/" |
+	sed -r "s/upload_max_filesize = [0-9]+M/upload_max_filesize = 12M/" |
         sed -e "s/;date.timezone =/date.timezone = Europe\/Amsterdam/" |
 	sed -r "s/;cgi.fix_pathinfo=[0-9]/cgi.fix_pathinfo=0/" 	>$phpinitemp
 mv -f $phpinitemp $phpini

parts/10_nginx

@@ -38,13 +38,18 @@ if grep "server_names_hash_bucket_size" /etc/nginx/nginx.conf ; then
 	echo "nginx already patched.."
 else
 	conftemp=`mktemp`
-	cat /etc/nginx/nginx.conf | sed "s#include /etc/nginx/conf.d/\*.conf;#include /etc/nginx/conf.d/\*.conf;\n    include /etc/nginx/sites-enabled/\*.conf;\n    server_names_hash_bucket_size 64;\n\n#" >$conftemp
+	cat /etc/nginx/nginx.conf | \
+		sed "s#include /etc/nginx/conf.d/\*.conf;#include /etc/nginx/conf.d/\*.conf;\n    include /etc/nginx/sites-enabled/\*.conf;\n    server_names_hash_bucket_size 64;\nclient_max_body_size 12M;\n\n#" \
+		>$conftemp
 	mv -f $conftemp /etc/nginx/nginx.conf
 fi
 logline "10.05 punch a hole in Selinux"
 setsebool -P httpd_can_network_connect 1
 
-logline "10.06 start services"
+logline "10.06 create a default landing page for the machine"
+cp -R ${BASH_SOURCE%/*}/assets/homepage/* /usr/share/nginx/html
+
+logline "10.07 start services"
 service php74-php-fpm restart
 service nginx restart
 # create a symlink 

parts/assets/homepage/index.html

@@ -0,0 +1,14 @@
+<html>
+<head>
+<style>
+        body {background-color:#ffffff;font-size:12px;padding-top:30px;font-family:Lucida Grande,Arial,Helvetica,Sans Serif }
+</style>
+<body >
+    <div style="width:300px;margin:auto">
+        <img src="http://www.innovader.nl/wp-content/uploads/innovader-logo-2_white_268x62.png">
+        <h2>This domain is reserved</h2>
+        <i>Innovader is a group of internet entrepreneurs and experts who use their knowledge and experience to help
+        companies and organizations achieve greatness. <a href="http://www.innovader.nl">Learn more</a></i>
+    </div>
+</body>
+</html>

parts/userbin/addvhost

@@ -26,7 +26,7 @@ echo -n "Press return to continue >" && read
 
 sudo mkdir $WWWSITE
 sudo mkdir $WWWSITE/public
-echo -e "welcome to $SERVERNAME but it is still empty <?='But PHP is working:'.implode(',',[1,2,3,4]);?>\n\n" | sudo tee --append $WWWSITE/public/index.php
+echo -e "welcome to $SERVERNAME but it is still empty. <?='testing: '.implode(',',[1,2,3,4]);?>\n\n" > $WWWSITE/public/index.php
 sudo chown $USER:nginx -R $WWWSITE
 
 mkdir $GITSITE
@@ -46,7 +46,8 @@ for f in $VHOSTDIR/*.conf; do
                 max=$v
         fi
 done
-let "max=$max+1"
+# 10# removes leading 0 which leads to octal numbering
+let "max=$((10#$max))+1"
 printf -v maxf "%02d" $max
 newconffile=$maxf-$SERVERNAME.conf
 newconf=$VHOSTDIR/$maxf-$SERVERNAME.conf

parts/userbin/addzhost

@@ -0,0 +1,179 @@
+#!/bin/bash
+
+if [ -z "$2" ]; then
+	echo "Usage: addzhost <domain> <pull-repo> [<initial-tag>]"
+	echo "Add ZDD (zero downtime deployment) host"
+ 	echo "1) creates /var/www/domain"
+ 	echo "2) creates vhost nginx to domain and *.domain (like www.asd.nl)"
+ 	echo "3) creates puller to pull from git repo <pull-repo>"
+	echo "4) checks out <initial-tag> as first release or MASTER as default"
+	echo "USE FULL DOMAIN like xxyy.nl or asd.com"
+	echo "USE gitlab ssh clone address - make sure this server id_rsa.pub has gitlab access to an account that can read the repo"
+	echo "Go to gitlab->user->profile->ssh keys and add the id_rsa.pub"
+	echo "Create a .env on the top directory"
+	exit;
+fi
+# expand the ~ directory
+HOME=`readlink -f ~`
+
+if [ -z $3 ]; then
+	TAG=master
+else
+	TAG=$3
+fi
+
+export WWWDIR=/var/www
+export VHOSTDIR=/etc/nginx/sites-available
+
+WWWSITE=$WWWDIR/$1
+GITREPO=$2
+SERVERNAME=$1
+
+if [ -d $WWWSITE ]; then
+	echo "$WWWSITE already exists!"
+	exit
+fi
+
+echo "Laravel app    at: $WWWSITE"
+echo "Git repository at: $GITREPO"
+echo "Servername       : $SERVERNAME"
+echo "Initial release  : $TAG"
+echo -n "Press return to continue >" && read
+
+sudo mkdir $WWWSITE
+sudo mkdir -p $WWWSITE/releases/$TAG
+sudo mkdir -p $WWWSITE/storage
+sudo chown -R $USER:nginx $WWWSITE
+mkdir -p $WWWSITE/storage/logs
+mkdir -p $WWWSITE/storage/framework/cache
+mkdir -p $WWWSITE/storage/framework/views
+mkdir -p $WWWSITE/storage/framework/sessions
+chmod a+w -R $WWWSITE/storage
+echo "STUB" >$WWWSITE/storage/stub
+cat << EOFETC >$WWWSITE/.env
+APP_ENV=prod
+APP_KEY=base64:/kWEgZL5G/I7zQi72qocObBxeHNMDJfJEwIHy+tdeAk=
+EOFETC
+
+cd $WWWSITE
+# create puller script. Heredoc without quotes will interpolate $ and literal $ needs \$ and <<- heredoc will allow indentation
+cat << EOFPULLER >$WWWSITE/puller
+	if [ -z "\$1" ]; then
+		echo "Usage: puller <tag>"
+		exit
+	fi
+	# exit on any failure
+	set -e
+	RELEASE_DIR=$WWWSITE/releases/\$1
+	mkdir -p \$RELEASE_DIR
+	cd \$RELEASE_DIR
+	echo ">>>> Pulling git archive from $GITREPO into \$RELEASE_DIR"
+	git archive --remote=$GITREPO --format=tar \$1 | tar xf -
+	echo ">>>> Pulled \$1 archive. Now do some after-deploy work"
+	sudo chown $USER:nginx -R \$RELEASE_DIR
+	# standard symlinks
+	ln -sf $WWWSITE/.env ./
+	rm -Rf storage
+	ln -sf $WWWSITE/storage ./
+	composer install -o --no-interaction --no-dev
+	if [ -x after_deploy ]; then
+		./after_deploy
+	fi
+	sudo chmod a+w -R $WWWSITE/storage
+	sudo chmod a+w \$RELEASE_DIR/bootstrap/cache
+	# now swap for current
+	echo ">>>> \$1 ready to go live"
+	rm -f $WWWSITE/current
+	# even more atomic: ln -sf \$RELEASE_DIR current_tmp && mv -Tf current_tmp current
+	ln -sf \$RELEASE_DIR $WWWSITE/current
+	echo ">>>> \$1 is now live"
+EOFPULLER
+cat << EOFROLLBACK >$WWWSITE/rollback
+	if [ -z "\$1" ]; then
+                echo "Usage: rollback <tag> - rolls back to <tag> which should already exist"
+                exit
+        fi
+	set -e
+        RELEASE_DIR=$WWWSITE/releases/\$1
+	if [ ! -d \$RELEASE_DIR ]; then
+		echo "Release $1 does not exist"
+		exit
+	fi
+	echo "\$1 ready to go live"
+        rm -f $WWWSITE/current
+        ln -sf \$RELEASE_DIR $WWWSITE/current
+        echo "\$1 is now live"
+EOFROLLBACK
+chmod a+x $WWWSITE/puller
+chmod a+x $WWWSITE/rollback
+echo "Created $WWWSITE ZDD structure. Now pulling initial release"
+if $WWWSITE/puller $TAG ; then
+	echo "Successful pull. Lets continue"
+else
+	echo "Exiting"
+	exit 1
+fi
+echo "------------------------- NGINX vhost ---------------------------"
+max=0
+for f in $VHOSTDIR/*.conf; do
+        #echo $f
+        v=`basename $f | grep -o "[0-9]*" | head -1`
+        #echo "$f -> $v"
+        if [ "$f" == "$VHOSTDIR/$v-$SERVERNAME.conf" ]; then
+                echo "vhost already exists: $f - press enter to continue and remove old"
+                read
+                sudo rm $f
+		sudo rm /etc/nginx/sites-enabled/$v-$SERVERNAME.conf
+        fi
+        if [ 0$v -gt 0$max ]; then
+                max=$v
+        fi
+done
+# convert max to 10based decimal (remove leading 0 which leads to octal numbers)
+let "max=$((10#$max))+1"
+printf -v maxf "%02d" $max
+newconffile=$maxf-$SERVERNAME.conf
+newconf=$VHOSTDIR/$maxf-$SERVERNAME.conf
+cat << EOF-nginxconf >/tmp/newconf
+server {
+        server_name www.$SERVERNAME;
+        return 301 \$scheme://$SERVERNAME\$request_uri;
+}
+server {
+   listen   80;
+   server_name $SERVERNAME *.$SERVERNAME;
+   root $WWWSITE/current/public;
+   index  index.html index.htm index.php;
+
+   location / {
+        try_files \$uri \$uri/ /index.php?\$query_string;
+   }
+
+   location ~ \.php\$ {
+       fastcgi_pass 127.0.0.1:9000;
+       fastcgi_index  index.php;
+       try_files \$uri /index.php =404;
+       fastcgi_split_path_info ^(.+\.php)(/.+)\$;
+	# note realpathroot instead of documentroot makes symbolic link resolved by nginx and solves php realpath issues
+       fastcgi_param SCRIPT_FILENAME \$realpath_root\$fastcgi_script_name;
+       fastcgi_buffers 256 128k;
+       fastcgi_connect_timeout 300s;
+       fastcgi_send_timeout 300s;
+       fastcgi_read_timeout 300s;
+       include fastcgi_params;
+    }
+}
+EOF-nginxconf
+sudo cp /tmp/newconf $newconf
+sudo ln -s $newconf /etc/nginx/sites-enabled/$newconffile
+echo "Created $newconf for nginx. restarting nginx.."
+sudo service nginx restart
+
+echo "Adding Laravel schedule to crontab"
+cd ~/crontab
+echo "* * * * * php $WWWSITE/current/artisan schedule:run >> /dev/null 2>&1" >>crondef
+crontab crondef
+cd ~
+
+myip=`curl -s ifconfig.me`
+echo "-------------------------------------------------------------"

setup_full

@@ -18,8 +18,11 @@ echo "##########################################################"
 echo "##########################################################"
 echo "FULL setup ready"
 echo "##########################################################"
-echo "Log out as root now, and never log in as root again."
-echo "Log in as $username now"
+echo "Need to reboot for SELinux config change. Press a key to reboot"
+echo "Then login as $username, not as root! Press a key to reboot"
+read
+reboot now
+