Amint azt a bevezetőben is említettem, célszerű a leggyakrabban elvégzett konfigurációs műveleteket egy szkript segítségével elvégeztetni. Nekünk csak annyi lesz a dolgunk, hogy megadunk néhány kiinduló adatot, a rabszolgamunkát pedig rábízzuk a szkriptre. Az alábbiakban közreadott bash szkript sem nem szép, sem nem elegáns, vagyis pont olyan, mint egy barkácsolt hátvakaró, amely éppen ott segít, ahol a legjobban viszket. De a dolgát elvégzi, ahogyan kell. Használd fel nyugodtan, módosítsd, ahogyan azt a szükségeid kívánják, vagy csak egyszerűen tanulj belőle.
#!/bin/bash ########################################################################## # Creating the website user and its configuration files. # ########################################################################## WEBDIR="/srv/web/www" WEBGROUP="www-data" SKEL="/etc/skel" SHELL="/bin/false" APACHE_CONFIG_DIR="/etc/apache2/sites-available/" FPM_POOL_DIR="/etc/php5/fpm/pool.d/" LOGROTATE_CONFIG_DIR="/etc/logrotate.d/www/" # Default hard quota in GB HARDQUOTA="1" # Default soft quota in % SOFTQUOTA="80" # Mount point (filesystem with quota) MPOINT="/dev/www/web" EMAIL="bolemanyi.attila@comega7.hu" MESSAGE="/tmp/message.txt" # Function to generate a random password # $1 = number of characters; defaults to 32 # $2 = include special characters; 1 = yes, 0 = no; defaults to 1 function randpass() { [ "$2" == "0" ] && CHAR="[:alnum:]" || CHAR="[:graph:]" cat /dev/urandom | tr -cd "$CHAR" | head -c ${1:-32} echo } ######################### # Creating website user # ######################### if [ $(id -u) -eq 0 ]; then read -p "Enter full website name (test.example.com): " USERNAME read -s -p "Enter password (or press ENTER to generate a random one): " PASSWORD if [ -z "$PASSWORD" ] then PASSWORD=$(randpass "16" "0") echo "" fi read -p "Enter quota size in GB (default=1): " QUOTA if [ -z "$QUOTA" ];then QUOTA=$HARDQUOTA fi echo "" egrep "^$USERNAME" /etc/passwd >/dev/null if [ $? -eq 0 ]; then echo "The website: $USERNAME has been already created!" exit 1 else pass=$(perl -e 'print crypt($ARGV[0], "password")' $PASSWORD) useradd -b $WEBDIR -G $WEBGROUP -k $SKEL -m -N -s $SHELL -p $pass $USERNAME [ $? -eq 0 ] && echo "The website user has been added to the system!" || echo "Failed to add a user!" fi else echo "Only root may add a website to the system" exit 2 fi #################################################################### # Cleaning up website directory and setting up filesystem security # #################################################################### HOME=$WEBDIR/$USERNAME chown -R $USERNAME:$WEBGROUP $HOME find $HOME -type f -exec rm -f {} \; find $HOME -type d -exec chmod 0550 {} \; chmod 750 $HOME"/www-data" chmod 750 $HOME"/www-site" chmod 750 $HOME"/log-files" chattr +i $HOME echo "Website home directory has been created and set up." ################################ # Setting up quota (in kBytes) # ################################ HARD_SIZE=$(echo "$QUOTA*1024*1024" | bc) SOFT_SIZE=$(echo "$QUOTA*1024*1024/100*$SOFTQUOTA" | bc) setquota -u $USERNAME $SOFT_SIZE $HARD_SIZE 0 0 -a $MPOINT echo "Quota has been set up." ##################################### # Creating FPM pool definition file # ##################################### FCGI_SOCKET_FILE="/var/run/"$USERNAME".php5-fpm.sock" FPM_POOL_FILE=$FPM_POOL_DIR$USERNAME".conf" if [ ! -f $FPM_POOL_FILE ]; then echo "Creating FPM/PHP pool definition file..." touch $FPM_POOL_FILE echo "["$USERNAME"]" >> $FPM_POOL_FILE echo "" >> $FPM_POOL_FILE echo "user = "$USERNAME >> $FPM_POOL_FILE echo "group = "$WEBGROUP >> $FPM_POOL_FILE echo "" >> $FPM_POOL_FILE echo "listen = "$FCGI_SOCKET_FILE >> $FPM_POOL_FILE echo "listen.backlog = 128" >> $FPM_POOL_FILE echo "listen.owner = "$USERNAME >> $FPM_POOL_FILE echo "listen.group = "$WEBGROUP >> $FPM_POOL_FILE echo "listen.mode = 0660" >> $FPM_POOL_FILE echo "" >> $FPM_POOL_FILE echo "pm = dynamic" >> $FPM_POOL_FILE echo "pm.max_children = 5" >> $FPM_POOL_FILE echo "pm.start_servers = 2" >> $FPM_POOL_FILE echo "pm.min_spare_servers = 1" >> $FPM_POOL_FILE echo "pm.max_spare_servers = 3" >> $FPM_POOL_FILE echo "" >> $FPM_POOL_FILE echo "php_admin_flag[display_errors] = off" >> $FPM_POOL_FILE echo "php_admin_value[error_log] = "$HOME"/log-files/fpm-php.error.log" >> $FPM_POOL_FILE echo "php_admin_flag[log_errors] = on" >> $FPM_POOL_FILE echo "php_admin_value[memory_limit] = 128M" >> $FPM_POOL_FILE echo "Restarting FPM/PHP service..." systemctl restart php5-fpm else echo "The file: "$FPM_POOL_FILE" already exists!" fi ################################################## # Creating Apache virtualhost configuration file # ################################################## APACHE_CONFIG_FILE=$APACHE_CONFIG_DIR$USERNAME".conf" if [ ! -f $APACHE_CONFIG_FILE ]; then echo "Creating Apache configuration file..." touch $APACHE_CONFIG_FILE echo "<VirtualHost *:80>" >> $APACHE_CONFIG_FILE echo " ServerName "$USERNAME >> $APACHE_CONFIG_FILE echo " ServerAdmin webmaster@comega7.local" >> $APACHE_CONFIG_FILE echo " DocumentRoot "$HOME"/www-site/" >> $APACHE_CONFIG_FILE echo "" >> $APACHE_CONFIG_FILE echo " <Directory \""$HOME"/www-site\">" >> $APACHE_CONFIG_FILE echo " Options +SymLinksIfOwnerMatch" >> $APACHE_CONFIG_FILE echo " AllowOverride Authconfig FileInfo Indexes Limit Options=Indexes,MultiViews" >> $APACHE_CONFIG_FILE echo " Require all granted" >> $APACHE_CONFIG_FILE echo " </Directory>" >> $APACHE_CONFIG_FILE echo "" >> $APACHE_CONFIG_FILE echo " <FilesMatch \\.php$>" >> $APACHE_CONFIG_FILE echo " SetHandler \"proxy:unix:"$FCGI_SOCKET_FILE"|fcgi://localhost\"" >> $APACHE_CONFIG_FILE echo " </FilesMatch>" >> $APACHE_CONFIG_FILE echo "" >> $APACHE_CONFIG_FILE echo " ErrorLog "$HOME"/log-files/error.log" >> $APACHE_CONFIG_FILE echo " CustomLog "$HOME"/log-files/access.log combined" >> $APACHE_CONFIG_FILE echo "</VirtualHost>" >> $APACHE_CONFIG_FILE echo "Enabling website config..." a2ensite $USERNAME echo "Restarting Apache webserver..." systemctl restart apache2 else echo "The file: "$APACHE_CONFIG_FILE" already exists!" fi ######################################## # Setting up Apache log files rotation # ######################################## LOGROTATE_CONFIG_FILE=$LOGROTATE_CONFIG_DIR$USERNAME if [ ! -f $LOGROTATE_CONFIG_FILE ]; then echo "Creating Apache log files rotation configuration file..." touch $LOGROTATE_CONFIG_FILE echo $HOME"/log-files/*.log {" >> $LOGROTATE_CONFIG_FILE echo " weekly" >> $LOGROTATE_CONFIG_FILE echo " missingok" >> $LOGROTATE_CONFIG_FILE echo " rotate 12" >> $LOGROTATE_CONFIG_FILE echo " compress" >> $LOGROTATE_CONFIG_FILE echo " delaycompress" >> $LOGROTATE_CONFIG_FILE echo " notifempty" >> $LOGROTATE_CONFIG_FILE echo " create 440 "$USERNAME" "$WEBGROUP >> $LOGROTATE_CONFIG_FILE echo " sharedscripts" >> $LOGROTATE_CONFIG_FILE echo " postrotate" >> $LOGROTATE_CONFIG_FILE echo " if /etc/init.d/apache2 status > /dev/null ; then \\" >> $LOGROTATE_CONFIG_FILE echo " /etc/init.d/apache2 reload > /dev/null ; \\" >> $LOGROTATE_CONFIG_FILE echo " fi;\\" >> $LOGROTATE_CONFIG_FILE echo " endscript" >> $LOGROTATE_CONFIG_FILE echo " prerotate" >> $LOGROTATE_CONFIG_FILE echo " if [ -d /etc/logrotate.d/httpd-prerotate ]; then \\" >> $LOGROTATE_CONFIG_FILE echo " run-parts /etc/logrotate.d/httpd-prerotate; \\" >> $LOGROTATE_CONFIG_FILE echo " fi;\\" >> $LOGROTATE_CONFIG_FILE echo " endscript" >> $LOGROTATE_CONFIG_FILE echo "}" >> $LOGROTATE_CONFIG_FILE else echo "The file: "$LOGROTATE_CONFIG_FILE" already exists!" fi ################################# # Sending e-mail about this job # ################################# SUBJECT="Created website at webserver.comega7.local - "$USERNAME echo "Hello, Admin!" > $MESSAGE echo "" >> $MESSAGE echo "I have just created a website with these parameters:" >> $MESSAGE echo "" >> $MESSAGE echo "Website URL (and FTP username): "$USERNAME >> $MESSAGE echo "Password: "$PASSWORD >> $MESSAGE R_HQUOTA=$(repquota $MPOINT | grep $USERNAME | awk '{print $5}') R_SQUOTA=$(repquota $MPOINT | grep $USERNAME | awk '{print $4}') REAL_HQUOTA=$(echo "scale=2; $R_HQUOTA/1024/1024" | bc ) REAL_SQUOTA=$(echo "scale=2; $R_SQUOTA/1024/1024" | bc ) echo "Hard quota size: "$REAL_HQUOTA" GB" >> $MESSAGE echo "Soft quota size: "$REAL_SQUOTA" GB" >> $MESSAGE echo "Web folder (for public web pages): www-site" >> $MESSAGE echo "Data folder (unseen from the Internet): www-data" >> $MESSAGE echo "Webserver log folder: log-files" >> $MESSAGE echo "" >> $MESSAGE echo "Your fantastic bash script ;-)" >> $MESSAGE /usr/bin/mail -s "$SUBJECT" "$EMAIL" < $MESSAGE echo "" > $MESSAGE
A fenti szkriptet mentsük el create-website-folder.sh néven és adjunk a számára futási jogot is, majd helyezzük el a /usr/bin mappában. A szkript működéséhez szükség lesz a mail és a bc parancsra is:
aptitude install mailutils bc
A tesztrendszeremen ez újabb módosítást igényel a Postfixen belül is. A /etc/postfix/generic fájl tartalma (a leveleket a root felhasználó küldi):
wordpress.comega7.local@webserver.comega7.local wordpress.comega7.local@comega7.hu joomla.comega7.local@webserver.comega7.local joomla.comega7.local@comega7.hu root@webserver.comega7.local root@comega7.hu
Juttassuk érvényre a fenti beállításokat:
postmap /etc/postfix/generic systemctl restart postfix
A szkript mostantól működőképes és e-mailt is küld mindarról, amit elvégzett értünk.