Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #### User Setup ####
- #Create group
- sudo groupadd kritdev;
- #Create user
- sudo su -c "useradd devadmin -s /bin/bash -m -G kritdev";
- usermod -aG sudo devadmin;
- #Set user temporary password
- echo "devadmin:devadmin" | sudo chpasswd
- #Add SSH key
- echo "devadmin" | su devadmin -c "mkdir ~/.ssh";
- echo "devadmin" | su devadmin -c "chmod 700 ~/.ssh";
- echo "devadmin" | su devadmin -c 'sudo -S echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCcKK/shbCKUXZ9CfY76c88/O8ehhAErLxjnB7zvL8vBOr2iipTB7Nge+6+dVsZlHhLx+SM9R5eqkPweu0RfUWNU++UIqu2ezv7YhJrMIkNX+HYEvDxY2WQHRJ/d2uu++kXmsnz69r5yGy3SDadldiwRmyXShJwy9ykK6hh5XLPndEZwJiqGKYcMnk33nG123QC/RXXxIrmSfocOGgZOIhlQR4FBsulmjCDE36sa/Pu5FM+oODzlnOjX2HPYMs3VCWK888UPxMvfo5F8YfAMozCyadfu1ZzLKR95Dn4o6ncrbAgLFtA4//3/zOldhMks+fGJdjsjiLI5TtlVR9yc/L9 teodormatis@stefan.todirica-C02QQ2W7FVH8" >> ~/.ssh/authorized_keys';
- echo "devadmin" | su devadmin -c "chmod 600 ~/.ssh/authorized_keys";
- #Disable password authentication
- sudo sed -i '/PasswordAuthentication yes/c\PasswordAuthentication no' /etc/ssh/sshd_config;
- #Reload sshd
- sudo systemctl reload sshd;
- #### nginx Setup ####
- sudo apt-get update;
- sudo apt-get install nginx -y;
- yes | sudo ufw enable;
- sudo ufw allow 'Nginx Full';
- sudo ufw allow 'ssh';
- #### Let's Encrypt Setup ####
- yes "" | sudo apt-add-repository ppa:certbot/certbot;
- sudo apt-get update;
- sudo apt-get install python-certbot-nginx -y;
- sudo sed -i '/server_name _;/c\server_name dev.krit.ro; \
- #Proxy Location Block' /etc/nginx/sites-available/default
- sudo systemctl reload nginx;
- sudo certbot --non-interactive --agree-tos -m teodormatis@gmail.com --redirect --nginx -d dev.krit.ro
- sudo certbot --non-interactive --agree-tos -m teodormatis@gmail.com --redirect --nginx -d dev.api.krit.ro
- sudo certbot --non-interactive --agree-tos -m teodormatis@gmail.com --redirect --nginx -d dev.admin.krit.ro
- sudo systemctl enable certbot.timer;
- sudo systemctl start certbot.timer;
- #### NodeJS Setup ####
- curl -sL https://deb.nodesource.com/setup_11.x -o nodesource_setup.sh;
- sudo sh nodesource_setup.sh;
- sudo apt-get install -y nodejs;
- sudo apt-get install -y build-essential;
- cat >~/hello.js <<EOL
- #!/usr/bin/env nodejs
- var http = require('http');
- http.createServer(function (req, res) {
- res.writeHead(200, {'Content-Type': 'text/plain'});
- res.end('Hello World\n');
- }).listen(8080, 'localhost');
- console.log('Server running at http://localhost:8080/');
- EOL
- chmod +x ./hello.js;
- sudo npm install -g pm2;
- pm2 startup systemd;
- sudo env PATH=$PATH:/usr/bin /usr/lib/node_modules/pm2/bin/pm2 startup systemd -u devadmin --hp /home/devadmin;
- pm2 start hello.js;
- #### Mod NGINX server file ####
- sudo sed -i '49,54 s/^/#/' /etc/nginx/sites-available/default;
- sudo sed -i '/#Proxy Location Block/i \
- location / {\
- proxy_pass http://localhost:8080;\
- proxy_http_version 1.1;\
- proxy_set_header Upgrade $http_upgrade;\
- proxy_set_header Connection 'upgrade';\
- proxy_set_header Host $host;\
- proxy_cache_bypass $http_upgrade;\
- auth_basic "Username and Password Required";\
- auth_basic_user_file /etc/nginx/.htpasswd;\
- }' /etc/nginx/sites-available/default;
- sudo systemctl restart nginx;
- #### Install MariaDB ####
- sudo apt-get install -y mariadb-server mariadb-client;
- mysql_secure_installation <<EOF
- n
- somepass
- somepass
- y
- y
- y
- y
- y
- EOF
- sudo systemctl restart mysql.service;
- #### Password protect nginx reverse proxy ####
- sudo apt-get install -y apache2-utils;
- sudo htpasswd -c /etc/nginx/.htpasswd devadmin devadmin
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement