rayelliott
/
wordpress-dev
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: rayelliott:c309b356d93635140df57a4e826b357c77a9a529
Branches Tags
rayelliott:master
..
compare: rayelliott:0303f5df58d026971542bb8188a0689c4d40e717
Branches Tags
rayelliott:master

No commits in common. "c309b356d93635140df57a4e826b357c77a9a529" and "0303f5df58d026971542bb8188a0689c4d40e717" have entirely different histories.
c309b356d9 ... 0303f5df58

2 changed files with 1 additions and 156 deletions
Show Stats Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
config config
notes.txt dev-setup-notes.txt

155
prod-webserver-provision.sh
View File

@ -1,155 +0,0 @@
#!/bin/sh
# TODO basic error checking
# TODO verbosity
# TODO hardening
_lets_encrypt_email="wptest@isnet.uk"
_server_base_url="wptest.isnet.uk"
# add user
useradd -m -s /bin/bash ray
groupadd docker
usermod -aG docker ray
mkdir /home/ray/.ssh
cp /root/.ssh/authorized_keys /home/ray/.ssh/
chown ray: /home/ray/.ssh/authorized_keys
apt-get update
apt-get install \
apt-transport-https \
ca-certificates \
curl \
gnupg2 \
software-properties-common \
apache2-utils \
ufw
ufw allow ssh
ufw allow http
ufw allow https
ufw enable
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/debian \
$(lsb_release -cs) \
stable"
apt-get update
apt-get install docker-ce docker-ce-cli containerd.io
curl -L "https://github.com/docker/compose/releases/download/1.25.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
echo "Basic HTTP authorisation password for user: ray"
_HT_PASSWD=$(htpasswd -nB ray | sed -e 's/\$/\$\$/g')
docker network create web
mkdir -p /var/docker/traefik
mkdir -p /var/docker/portainer
touch /var/docker/traefik/acme.json
chmod 600 /var/docker/traefik/acme.json
cd /var/docker/traefik || exit 20
echo "api:
dashboard: true
entryPoints:
http:
address: \":80\"
https:
address: \":443\"
providers:
docker:
endpoint: \"unix:///var/run/docker.sock\"
exposedByDefault: false
certificatesResolvers:
http:
acme:
email: $_lets_encrypt_email
storage: acme.json
httpChallenge:
entryPoint: http
" > traefik.yml
echo "version: '3'
services:
traefik:
image: traefik:v2.0
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- web
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.yml:/traefik.yml:ro
- ./acme.json:/acme.json
labels:
- \"traefik.enable=true\"
- \"traefik.http.routers.traefik.entrypoints=http\"
- \"traefik.http.routers.traefik.rule=Host(\`$_server_base_url\`)\"
- \"traefik.http.middlewares.traefik-auth.basicauth.users=$_HT_PASSWD\"
- \"traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https\"
- \"traefik.http.routers.traefik.middlewares=traefik-https-redirect\"
- \"traefik.http.routers.traefik-secure.entrypoints=https\"
- \"traefik.http.routers.traefik-secure.rule=Host(\`$_server_base_url\`)\"
- \"traefik.http.routers.traefik-secure.middlewares=traefik-auth\"
- \"traefik.http.routers.traefik-secure.tls=true\"
- \"traefik.http.routers.traefik-secure.tls.certresolver=http\"
- \"traefik.http.routers.traefik-secure.service=api@internal\"
networks:
web:
external: true
" >> docker-compose.yml
docker-compose up -d
cd /var/docker/portainer || exit 30
# create /var/docker/portainer/docker-compose.yml
_portainer_url="portainer.$_server_base_url"
echo "version: '3'
services:
portainer:
image: portainer/portainer:latest
container_name: portainer
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- web
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data:/data
labels:
- \"traefik.enable=true\"
- \"traefik.http.routers.portainer.entrypoints=http\"
- \"traefik.http.routers.portainer.rule=Host(\`$_portainer_url\`)\"
- \"traefik.http.middlewares.portainer-https-redirect.redirectscheme.scheme=https\"
- \"traefik.http.routers.portainer.middlewares=portainer-https-redirect\"
- \"traefik.http.routers.portainer-secure.entrypoints=https\"
- \"traefik.http.routers.portainer-secure.rule=Host(\`$_portainer_url\`)\"
- \"traefik.http.routers.portainer-secure.tls=true\"
- \"traefik.http.routers.portainer-secure.tls.certresolver=http\"
- \"traefik.http.routers.portainer-secure.service=portainer\"
- \"traefik.http.services.portainer.loadbalancer.server.port=9000\"
- \"traefik.docker.network=web\"
networks:
web:
external: true
" >> docker-compose.yml
docker-compose up -d
echo "VISIT PORTAINER URL NOW TO SET INITIAL LOGIN:" # or see if can set from script
echo " https://$_portainer_url"