-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathinstall_ubuntu.sh
195 lines (168 loc) · 5.65 KB
/
install_ubuntu.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
#!/usr/bin/env bash
DB_NAME=om
SITE_URL=aws.vecnet.org
# http://stackoverflow.com/questions/18215973/how-to-check-if-running-as-root-in-a-bash-script
# EUID Expands to the effective user ID of the current user, initialized at shell startup.
# This variable is readonly.
if [ "${EUID}" -ne 0 ]
then echo "Please run as root"
exit
fi
apt update
apt -y install python-minimal python-pip git
apt -y install openssl libssl-dev
mkdir -p /opt/portal/om
git clone https://github.com/vecnet/om /opt/portal/$SITE_URL
mkdir -p /opt/portal/$SITE_URL/logs
touch /opt/portal/$SITE_URL/django.log
chown -R www-data:www-data /opt/portal/$SITE_URL
pip install -r /opt/portal/$SITE_URL/requirements/aws.txt
cat > /opt/portal/$SITE_URL/config_local.py << EOL
import os
settings_module="website.settings.aws"
os.environ["SECRET_KEY"] = "lkl39#;l=01,<ML;lodfsd;lkOP(aa;dsf90adfsadfksldfjp90sdflsklilsdfslklkj"
os.environ["DATABASE_NAME"] = "om"
os.environ["DATABASE_USER"] = "om"
os.environ["DATABASE_PASSWORD"] = "om"
EOL
#################################
# Configure postgresql
#################################
apt -y install postgresql postgresql-contrib libpq-dev
sudo -u postgres createdb ${DB_NAME}
sudo -u postgres psql -c "CREATE USER ${DB_NAME} WITH PASSWORD '${DB_NAME}'"
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE \"${DB_NAME}\" to ${DB_NAME};"
#############################
# Configure apache - no SSL, sufficient for let's encrypt it
#############################
apt -y install apache2 apache2-dev libapache2-mod-wsgi
a2enmod rewrite
a2enmod ssl
a2enmod wsgi
# To activate new configuration, you need to run:
service apache2 restart
mkdir -p /etc/apache2/ssl/
cat > /etc/apache2/sites-available/$SITE_URL.conf << EOL
<VirtualHost *:80>
ServerName $SITE_URL
Alias /.well-known/ /opt/portal/$SITE_URL/apache/.well-known/
RewriteEngine On
RewriteCond %{HTTPS} off
# Leave /.well-known/ directory open for let's encrypt it client
RewriteCond %{REQUEST_URI} !^/.well-known
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}?%{QUERY_STRING}
<Directory /opt/portal/$SITE_URL/apache/.well-known/>
Options -Indexes +FollowSymLinks
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
EOL
a2ensite $SITE_URL.conf
a2dissite 000-default.conf
service apache2 reload
##########################
# Firewall configuration
##########################
ufw allow http
ufw allow https
###########################
## Let's encrypt it
###########################
#sh -c "curl https://get.acme.sh | sh"
#/root/.acme.sh/acme.sh --issue -d $SITE_URL -w /opt/portal/$SITE_URL/apache
#/root/.acme.sh/acme.sh --installcert -d $SITE_URL --certpath /etc/apache2/ssl/$SITE_URL.cer --keypath /etc/apache2/ssl/$SITE_URL.key --fullchainpath /etc/apache2/ssl/$SITE_URL.int.cer --reloadcmd "service apache2 restart"
#
#
###########################
## Finalize apache conf (SSL)
###########################
cat > /etc/apache2/sites-available/$SITE_URL.conf << EOL
<VirtualHost *:80>
Alias /.well-known/ /opt/portal/$SITE_URL/apache/.well-known/
<Directory /opt/portal/$SITE_URL/apache/.well-known/>
Options -Indexes +FollowSymLinks
AllowOverride None
Require all granted
</Directory>
ServerAdmin [email protected]
CustomLog /opt/portal/$SITE_URL/logs/$SITE_URL.access.log combined
ErrorLog /opt/portal/$SITE_URL/logs/$SITE_URL.error.log
DocumentRoot "/opt/portal/$SITE_URL/"
Alias /static/ /opt/portal/$SITE_URL/apache/static/
<Directory /$SITE_URL/apache/static/ >
# Order deny,allow
# Allow from all
Require all granted
</Directory>
<Directory "/opt/portal/$SITE_URL/">
Options Includes FollowSymLinks
AllowOverride all
# Order allow,deny
# Allow from all
Require all granted
</Directory>
WSGIDaemonProcess $SITE_URL processes=3 python-path=/opt/portal/$SITE_URL/
WSGIProcessGroup $SITE_URL
WSGIScriptAlias / /opt/portal/$SITE_URL/wsgi.py
TraceEnable Off
</VirtualHost>
EOL
#cat > /etc/apache2/sites-available/$SITE_URL.conf << EOL
#<VirtualHost *:80>
# ServerName $SITE_URL
# Alias /.well-known/ /opt/portal/$SITE_URL/apache/.well-known/
# RewriteEngine On
# RewriteCond %{HTTPS} off
# # Leave /.well-known/ directory open for let's encrypt it client
# RewriteCond %{REQUEST_URI} !^/.well-known
# RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}?%{QUERY_STRING}
#
# <Directory /opt/portal/$SITE_URL/apache/.well-known/>
# Options -Indexes +FollowSymLinks
# AllowOverride None
# Require all granted
# </Directory>
#
#
#</VirtualHost>
#
#<VirtualHost *:443>
# ServerAdmin [email protected]
# ServerName $SITE_URL
# CustomLog /opt/portal/$SITE_URL/logs/$SITE_URL.access.log combined
# ErrorLog /opt/portal/$SITE_URL/logs/$SITE_URL.error.log
#
# SSLEngine on
#
# SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
# SSLCertificateFile /etc/apache2/ssl/$SITE_URL.crt
# SSLCertificateKeyFile /etc/apache2/ssl/$SITE_URL.key
# SSLCertificateChainFile /etc/apache2/ssl/$SITE_URL.int.cer
#
#
# DocumentRoot "/opt/portal/$SITE_URL/"
# Alias /static/ /opt/portal/$SITE_URL/apache/static/
# <Directory /$SITE_URL/apache/static/ >
# # Order deny,allow
# # Allow from all
# Require all granted
# </Directory>
#
# <Directory "/opt/portal/$SITE_URL/">
# Options Includes FollowSymLinks
# AllowOverride all
# # Order allow,deny
# # Allow from all
# Require all granted
# </Directory>
#
# WSGIDaemonProcess $SITE_URL processes=3 python-path=/opt/portal/$SITE_URL/:/usr/lib/python2.7/ home=/opt/portal/$SITE_URL/ display-name=$SITE_URL
# WSGIProcessGroup $SITE_URL
# WSGIScriptAlias / /opt/portal/$SITE_URL/wsgi.py
#
# TraceEnable Off
#
#</VirtualHost>
#EOL
service apache2 restart