-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathinstall_wordpress_ssl.sh
More file actions
172 lines (143 loc) · 5.81 KB
/
install_wordpress_ssl.sh
File metadata and controls
172 lines (143 loc) · 5.81 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
#!/bin/bash
# Exit immediately on any error
set -e
# Prompt for domain name
read -p "Enter your domain name (e.g., example.com): " DOMAIN
# Prompt for email address for Let's Encrypt
read -p "Enter your email address (for Let's Encrypt SSL): " EMAIL
# Variables
DB_NAME="wordpress_$(echo $DOMAIN | tr . _)"
DB_USER="wp_user_$(echo $DOMAIN | tr . _)"
DB_PASSWORD=$(openssl rand -base64 16) # Generate a random password
DB_ROOT_PASSWORD="root_password" # Update with your MariaDB root password
WORDPRESS_DIR="/var/www/$DOMAIN"
# Update system packages
echo "Updating system packages..."
apt update && apt upgrade -y
# Install required packages
echo "Installing required packages..."
apt install -y apache2 mariadb-server mariadb-client wget curl unzip php php-{cli,curl,gd,imagick,intl,json,mbstring,mysql,opcache,readline,xml,zip} \
certbot python3-certbot-apache bash-completion
# Start and enable Apache and MariaDB
echo "Starting and enabling Apache and MariaDB services..."
systemctl start apache2 mariadb
systemctl enable apache2 mariadb
# Secure MariaDB installation
echo "Securing MariaDB..."
mysql_secure_installation <<EOF
n
$DB_ROOT_PASSWORD
$DB_ROOT_PASSWORD
y
y
y
y
EOF
# Configure MariaDB for WordPress
echo "Configuring MariaDB for WordPress..."
mysql -u root -p"$DB_ROOT_PASSWORD" <<EOF
CREATE DATABASE $DB_NAME;
CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASSWORD';
GRANT ALL PRIVILEGES ON $DB_NAME.* TO '$DB_USER'@'localhost';
FLUSH PRIVILEGES;
EOF
# Create and configure Apache VirtualHost
echo "Creating Apache configuration for $DOMAIN..."
cat <<EOL > /etc/apache2/sites-available/$DOMAIN.conf
<VirtualHost *:80>
ServerAdmin $EMAIL
ServerName $DOMAIN
ServerAlias www.$DOMAIN
DocumentRoot $WORDPRESS_DIR
<Directory $WORDPRESS_DIR>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog \${APACHE_LOG_DIR}/$DOMAIN_error.log
CustomLog \${APACHE_LOG_DIR}/$DOMAIN_access.log combined
</VirtualHost>
EOL
# Enable Apache configurations
echo "Enabling Apache configurations..."
a2ensite $DOMAIN
a2enmod rewrite headers
apachectl configtest
systemctl reload apache2
# Generate Let's Encrypt SSL Certificates
echo "Generating Let's Encrypt SSL certificates for $DOMAIN..."
if ! certbot certonly --webroot -w $WORDPRESS_DIR --non-interactive --agree-tos --email $EMAIL -d $DOMAIN -d www.$DOMAIN; then
echo "Error: SSL certificate generation failed. Check domain DNS settings and ensure the site is accessible."
exit 1
fi
# Create SSL VirtualHost after successful certificate generation
echo "Creating SSL VirtualHost for $DOMAIN..."
cat <<EOL > /etc/apache2/sites-available/$DOMAIN-ssl.conf
<VirtualHost *:443>
ServerAdmin $EMAIL
ServerName $DOMAIN
ServerAlias www.$DOMAIN
DocumentRoot $WORDPRESS_DIR
<Directory $WORDPRESS_DIR>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/$DOMAIN/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/$DOMAIN/privkey.pem
SSLProtocol TLSv1.2 TLSv1.3
SSLCipherSuite TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256
SSLHonorCipherOrder On
SSLSessionTickets Off
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()"
ErrorLog \${APACHE_LOG_DIR}/$DOMAIN_error.log
CustomLog \${APACHE_LOG_DIR}/$DOMAIN_access.log combined
</VirtualHost>
EOL
a2ensite $DOMAIN-ssl
apachectl configtest
# Reload Apache to apply changes
echo "Reloading Apache..."
systemctl reload apache2
# Download and configure WordPress
echo "Downloading and configuring WordPress..."
wget -q https://wordpress.org/latest.tar.gz -O /tmp/latest.tar.gz
mkdir -p $WORDPRESS_DIR
tar -xzf /tmp/latest.tar.gz -C $WORDPRESS_DIR --strip-components=1
chown -R www-data:www-data $WORDPRESS_DIR
find $WORDPRESS_DIR -type d -exec chmod 755 {} \;
find $WORDPRESS_DIR -type f -exec chmod 644 {} \;
# Create wp-config.php
echo "Creating WordPress configuration file..."
cat <<EOL > $WORDPRESS_DIR/wp-config.php
<?php
define( 'DB_NAME', '$DB_NAME' );
define( 'DB_USER', '$DB_USER' );
define( 'DB_PASSWORD', '$DB_PASSWORD' );
define( 'DB_HOST', 'localhost' );
define( 'DB_CHARSET', 'utf8mb4' );
define( 'DB_COLLATE', '' );
define('AUTH_KEY', $(curl -s https://api.wordpress.org/secret-key/1.1/salt/));
define('SECURE_AUTH_KEY', $(curl -s https://api.wordpress.org/secret-key/1.1/salt/));
define('LOGGED_IN_KEY', $(curl -s https://api.wordpress.org/secret-key/1.1/salt/));
define('NONCE_KEY', $(curl -s https://api.wordpress.org/secret-key/1.1/salt/));
define('AUTH_SALT', $(curl -s https://api.wordpress.org/secret-key/1.1/salt/));
define('SECURE_AUTH_SALT', $(curl -s https://api.wordpress.org/secret-key/1.1/salt/));
define('LOGGED_IN_SALT', $(curl -s https://api.wordpress.org/secret-key/1.1/salt/));
define('NONCE_SALT', $(curl -s https://api.wordpress.org/secret-key/1.1/salt/));
\$table_prefix = 'wp_';
define( 'WP_DEBUG', false );
if ( !defined( 'ABSPATH' ) ) {
define( 'ABSPATH', dirname( __FILE__ ) . '/' );
}
require_once ABSPATH . 'wp-settings.php';
EOL
# Add Certbot renewal to cron
echo "Setting up SSL renewal cron job..."
(crontab -l 2>/dev/null; echo "0 2 * * * certbot renew --quiet >> /var/log/letsencrypt/renew.log") | crontab -
echo "Installation completed! Visit https://$DOMAIN to complete WordPress setup."