One-time fully automated shell script to install all needed software to run Laravel on Ubuntu 18.04 LTS. Creates user, installs ufw, nginx, php, nodejs/yarn, MariaDB/MySQL, PostgreSQL, Certbot (Let's Encrypt), Redis, Memcached, Beanstalkd, fail2ban, mosh. Optional parameters available.
Beyond the description, here some things that this script does (by default):
- Enables ubuntu auto-upgrade security releases
- Uses apt-fast to speed-up instalation
- Installs some tools:
ncdu
,awscli
,whois
,httpie
,mc
- Installs micro editor with clipboard support
- Installs and enable zsh with oh-my-zsh, pure, neofetch
- Creates swap file to avoid lack of memory
- Auto-generates secure and easy-to-copy passwords
- Installs fail2ban
- Installs and enable ufw
- Enable better gzip on nginx
- Configure private network
- Installs php7.4 (and others versions), many extensions with composer (and prestissimo)
- Secure install MariaDB (mysql) and PostgreSQL
- Installs supervisor daemon
- Certbot (let's encrypt) with CloudFlare plugin (others available to install)
- Installs mosh as great alternative to ssh
- Generates server ssh key
- Import keys from popular git services (github, bitbucket, gitlab)
To better choose what to install, check Parameters section
- Ubuntu 18.04 LTS
- root/sudo as current user
curl
orwget
should be installed- a new server. We are not responsible for any loss you may suffer.
- My referral links: Vultr - DigitalOcean
Without a new server, the script possible will ask things to replace files. Never recommended.
This script is installed by running one of the following commands in your terminal. You can install this via the command-line with either curl
or wget
.
At the end you'll receive a report with all passwords. Keep it safe.
bash -c "$(curl -fsSL https://git.io/Jv9a6)"
bash -c "$(wget -qO- https://git.io/Jv9a6)"
It's a good idea to inspect the install script from projects you don't yet know. You can do that by downloading the install script first, looking through it so everything looks normal, then running it:
curl -Lo install.sh https://raw.githubusercontent.com/insign/server-for-laravel/master/install.sh
bash install.sh
-u|--user=
- set new user name. Default: laravel-p|--pass=
- set new user password. Default is random (shown at the end)--name=
- set your name. Default is DevOps--email=
- set your e-mail. Default is none@none--dont-create-new-user
- don't creates a new user (not recommended)--keep-existing-user
- keep existent user if it exists--skip-swap
- skip creation swapfile (not recommended unless already exists)--swap-size
- set swap file size in MB. Default is 2048 (2GB)--skip-updates
- Skip updates and upgrade the system (not recommended)--no-omz
- don't install oh-my-zsh framework (not recommended)--no-mosh
- don't install mosh (ssh alternative)--no-ufw
- don't install or configure UFW firewall (not recommended)--no-nginx
- don't install or configure nginx--no-php
- don't install or configure php--no-node
- don't install or configure yarn/node/npm--no-mysql
- don't install or configure mysql (MariaDB actually)--my-pass-root=
- set the mysql root password. Default is random (shown at the end)--my-pass-user=
- set the mysql user password. Default is random (shown at the end)--no-postgres
- don't install or configure postgresql--pg-pass=
- set the system user 'postgres' password. Default is random (shown at the end)--pg-pass-root=
- set the pg postgres user password. Default is random (shown at the end)--pg-pass-user=
- set the pg user password. Default is random (shown at the end)--no-supervisor
- don't install or configure supervisor daemon--no-certbot
- don't install or configure certbot (let's encrypt)--no-redis
- don't install or configure redis-server--redis-pass
- set the redis master password. Default is random (shown at the end)--no-memcached
- don't install or configure memcached--no-beanstalkd
- don't install or configure beanstalkd--key-only=
- put here (with quotes) your personal ssh pubkey if you want to disable login using password. WARNING: Be sure to know what you are doing.--reboot
- reboot the system at the end of the script executation. Normally should not be used.
ssh [email protected] "bash -c \"\$(curl -fsSL https://git.io/Jv9a6)\" \"\" --reboot --key-only=\"$(cat ~/.ssh/id_rsa.pub)\""
In the above case, it is safe to use
--reboot
parameter.
bash -c "$(curl -fsSL https://git.io/Jv9a6)" "" --no-mysql --no-postgres --no-redis --no-memcached --no-beanstalkd
UFW are not configured to allow remote ports to db or cache. You should prefer private networking.
bash -c "$(curl -fsSL https://git.io/Jv9a6)" "" --no-nginx --no-php --no-postgres --no-node --no-certbot --no-redis --no-memcached --no-beanstalkd
bash -c "$(curl -fsSL https://git.io/Jv9a6)" "" --no-mysql --no-nginx --no-php --no-node --no-certbot --no-redis --no-memcached --no-beanstalkd
bash -c "$(curl -fsSL https://git.io/Jv9a6)" "" --no-mysql --no-nginx --no-php --no-node --no-postgres --no-certbot
- Finish postgresql installation
- Finish Certbot installation
- Finish supervisord installation
- Finish Redis server installation
- Finish Memcached installation
- Finish Beanstalkd installation
- Finish fail2ban installation
- Enable better gzip config for nginx by default
- Import popular git services ssh keys
- Generate ssh key
- Import pubkey
- Remove password login (ssh key only)
- Support for multiple php versions
- Install mosh as alternative of ssh
- Send report via e-mail
- Hide report at the end
- Run quiet installation with minimum verbosity
- Reboot after done
- Count time passed during installation
- Add CI for this script.
You are welcome, just do a PR with some explanation.
Licensed under lgpl-3.0. Check the GNU GPL3 License file for more details.