Appendix A: Webserver Installation Scripts – Detailed Explanation.

Jun 1
Ninad Kanthi

.\install.sh

  • First the script updates and upgrades the servers
    • sudo apt-get update
    • sudo apt-get upgrade -y
  • Next script installs Apache2, start it and set it to restart on reboot
    • sudo apt install -y apache2
    • sudo systemctl start apache2
    • sudo systemctl enable apache2
  • Install PHP and restart Apache2
    • sudo apt-get install -y php7.0 libapache2-mod-php7.0 php7 …
    • sudo systemctl start apache2
  • Download and expand WordPress installation and extract it. Its downloaded at the default location of the ‘webuser’ and then expanded in the folder ‘wordpress
    • sudo wget -c http://wordpress.org/latest.tar.gz
    • sudo tar -xzvf latest.tar.gz
  • WordPress comes with a sample configuration file ‘wp-config-sample.php‘. Install script makes a copy of this file with a new file name – ‘wp-config.php‘ and places this new file with the rest of installation files
    • eval homedir=~
    • wpfilepath=$homedir/wordpress/wp-config.php
    • sudo cp ~/wordpress/wp-config-sample.php $wpfilepath
  • In the wp-config.php file, script next substitutes the database name, username, user password and private IP of the database server name. Script calls python script –
    py_file_replace_str.py – to substitute the values. The database name, user name and password specified should be the same as those specified whilst configuring the MySql database server
    • sudo python py_file_replace_str.py $wpfilepath “database_name_here” “wordpress
    • sudo python py_file_replace_str.py $wpfilepath “username_here” “remotewpuser
    • sudo python py_file_replace_str.py $wpfilepath “password_here” “<<pwd>>”
    • sudo python py_file_replace_str.py $wpfilepath “localhost” “10.0.2.4
  • Next script ensures that the logged in user and automation user has access to the folder where WordPress will be installed next
    • sudo chown -R www-data:www-data /var/www/html
    • sudo chown -R webuser:webuser /var/www/html
  • Makes a directory for the WordPress installation folder and copy all the WordPress files to that folder.
    • sudo mkdir /var/www/html/wordpress
    • sudo cp -a ~/wordpress/* /var/www/html/wordpress
  • Restart and Re-enable Apache2. This is just to check that everything is still working fine
    • sudo systemctl restart apache2
    • sudo systemctl reload apache2
  • Now that script has installed WordPress inside the default website folder, it needs to configure Apache2 to serve WordPress files instead of Apache2 files. The configuration file of Apache2 is found @ /etc/apache2/apache2.conf. Script replaces the string /var/www/ with /var/www/html/wordpress in the configuration file . This indicates to Apache2 that the default folder to server web server requests from is now different. After replacement, restart Apache to load the new config data.
    • source ./replace_str.sh
    • sudo systemctl restart apache2
  • The default http web site configuration file for Apache is ‘/etc/apache2/sites-available/000-default.conf‘. Script makes a copy of it (wordpress.conf) and updates the copy by adding ServerName, ServerAlias and replacing default folder location with
    /var/www/html/wordpress. Python script ‘py_file_sub_str.py‘ does all the substitution and replacement.
    • sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/wordpress.conf
    • sudo python py_file_sub_str.py
  • Finally script indicates to Apache2 to remove the previous web site and configuration data and add the new web site whilst using the new web site configuration file.
    • sudo a2dissite 000-default.conf
    • sudo a2ensite wordpress.conf
  • Next it restarts and reload Apache2
    • sudo service apache2 restart
    • sudo service apache2 reload
  • DONE!

.\install-ssl.sh

The complete script is repeated below and is self-explanatory. Just bear in mind that it caters for rolling your own SSL files as well as configuring SSL via LetsEncrypt approach.

#!/bin/bash
echo '...............  Starting SSL Deployment    ..........................................'
#echo 'Important: Before executing this script you set the https from wordpress admin site'
echo '...............  Assigning Permissions    ............................................'

sudo chown -R webuser:webuser /etc/apache2/
sudo chown -R www-data:www-data /etc/apache2/
sudo chown -R webuser:webuser /var/www/html
sudo chown -R www-data:www-data /var/www/html
sudo chown -R webuser:webuser /var/log/apache2

echo '...............  creating back-up copy of default-ssl.conf    .........................'
sudo cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/wordpress-ssl.conf

echo ' ..............  installing and configuring the certificates on the machine............'
# if installing from letscertify, uncomment the following section
# ================  Lets encrypt SSL                  ========================
echo ' .........   certificate installation from letscertify ..................'
if [ -d "/etc/letsencrypt" ];
then
    echo "......... Assuming that LetsCertify certificates would be remotely installed. ......... "
    sudo chown -R webuser:webuser /etc/letsencrypt/
    sudo chown -R www-data:www-data /etc/letsencrypt/
else
    echo "......... Installing LetsCertify certificates      .................................... "
    sudo apt-get install -y software-properties-common
    sudo add-apt-repository ppa:certbot/certbot 
    sudo apt-get update 
    sudo apt-get install -y certbot
    # uncomment one of the followinc commands
    #sudo certbot certonly --dry-run --webroot -w /var/www/html/wordpress -d blogs.ninadkanthi.co.uk
    sudo certbot certonly --webroot -w /var/www/html/wordpress -d blogs.ninadkanthi.co.uk
    sudo chown -R webuser:webuser /etc/letsencrypt/
    sudo chown -R www-data:www-data /etc/letsencrypt/
fi 

echo '...................            If everything ok, then next line should be ok ...............'
cat /etc/letsencrypt/live/blogs.ninadkanthi.co.uk/README
# assuming evrything is going ok

echo '...............  substituting values in wordpress-ssl.conf    ..............................'
sudo python py_file_replace_str.py "/etc/apache2/sites-available/wordpress-ssl.conf" "/etc/ssl/certs/ssl-cert-snakeoil.pem" "/etc/letsencrypt/live/blogs.ninadkanthi.co.uk/fullchain.pem"
sudo python py_file_replace_str.py "/etc/apache2/sites-available/wordpress-ssl.conf" "/etc/ssl/private/ssl-cert-snakeoil.key" "/etc/letsencrypt/live/blogs.ninadkanthi.co.uk/privkey.pem"    


 echo '.........DONE certificate installation fine from letscertify ..............................'
# ================  Lets encrypt SSL                  ========================

# If installing from pre-configured SSL files uncomment following lines
# ================  Pre-configured SSL                  ========================
#echo '       configuring SSL for pre-created SSL files    -----------'

#sudo apt-get update 
#sudo mkdir /etc/ninadkanthi.co.uk
#sudo chown -R webuser:webuser /etc/ninadkanthi.co.uk
#sudo chown -R www-data:www-data /etc/ninadkanthi.co.uk
#sudo cp *.crt /etc/ninadkanthi.co.uk
#sudo cp *.key /etc/ninadkanthi.co.uk 
#sudo cp *.csr /etc/ninadkanthi.co.uk

#sudo python py_file_replace_str.py "/etc/apache2/sites-available/wordpress-ssl.conf" "/etc/ssl/certs/ssl-cert-snakeoil.pem" "/etc/ninadkanthi.co.uk/8e61c57d613db53b.crt"
#sudo python py_file_replace_str.py "/etc/apache2/sites-available/wordpress-ssl.conf" "/etc/ssl/private/ssl-cert-snakeoil.key" "/etc/ninadkanthi.co.uk/ninadkanthi.co.uk.key"
#sudo python py_file_replace_str.py "/etc/apache2/sites-available/wordpress-ssl.conf" "#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt" "SSLCertificateChainFile /etc/ninadkanthi.co.uk/gd_bundle-g2-g1.crt"
# ================  Pre-configured SSL                  ========================


echo '...............  substituting values in wordpress-ssl.conf    ..................................'
sudo python py_file_replace_str.py "/etc/apache2/sites-available/wordpress-ssl.conf" "ServerAdmin webmaster@localhost"  "ServerAdmin webmaster@localhost \n\t\t\tServerName ninadkanthi.co.uk \n\t\t\tServerAlias www.ninadkanthi.co.uk"
sudo python py_file_replace_str.py "/etc/apache2/sites-available/wordpress-ssl.conf" "DocumentRoot /var/www/html" "DocumentRoot /var/www/html/wordpress"
echo ' -------------- [DONE] configuring SSL for pre-created SSL files'

echo '...............  substituting values in wordpress.conf    ......................................'
#sudo python py_file_replace_str.py "/etc/apache2/sites-available/wordpress.conf" "/etc/ssl/private/ssl-cert-snakeoil.key" "/etc/ninadkanthi.co.uk/ninadkanthi.co.uk.key"
sudo python py_file_replace_str.py "/etc/apache2/sites-available/wordpress.conf" "#Include conf-available/serve-cgi-bin.conf" "#Include conf-available/serve-cgi-bin.conf \n\t\t\tRedirect / https://blogs.ninadkanthi.co.uk/"

echo ' ...................test that everything is ok ; if error, next step will not work .............'
sudo apachectl configtest

echo ' .................. switching SSL on ...........................................................'
sudo a2enmod ssl
sudo a2ensite wordpress-ssl.conf
sudo service apache2 restart
sudo service apache2 reload

echo "..............Done ............................................................................"

Leave a Reply

Your email address will not be published. Required fields are marked *