From 4f24203564af3d134c236301e4568ce2586f1cb8 Mon Sep 17 00:00:00 2001 From: Dennis Eichhorn Date: Sun, 10 Sep 2023 18:58:34 +0000 Subject: [PATCH] update --- Helper/inspectproject.sh | 16 +- Helper/serverInstall.sh | 468 ++++++++++++++++++++++++++++++++++++--- 2 files changed, 442 insertions(+), 42 deletions(-) diff --git a/Helper/inspectproject.sh b/Helper/inspectproject.sh index d1864e2..365a680 100755 --- a/Helper/inspectproject.sh +++ b/Helper/inspectproject.sh @@ -4,43 +4,43 @@ SCRIPT=$(readlink -f "$0") BPATH=$(dirname "$SCRIPT") echo "#################################################" -echo "PHP strict" +echo "# PHP strict" echo "#################################################" grep -r -L "declare(strict_types=1);" --include=*.php --exclude-dir={*vendor*,*Files*,*privateSetup*,*demoSetup*,*LanguageDetection*,*Resources*,*node_modules*,*privateSetup*,*Build*} --exclude={*.tpl.php,*Hooks.php,*Routes.php,*SearchCommands.php} ${BPATH}/../../phpOMS ${BPATH}/../../Web ${BPATH}/../../Modules ${BPATH}/../../Model echo "#################################################" -echo "JS security inspection" +echo "# JS security inspection" echo "#################################################" grep -rlni "onafterprint=\|onbeforeprint=\|onbeforeunload=\|onerror=\|onhaschange=\|onload=\|onmessage=\|onoffline=\|ononline=\|onpagehide=\|onpageshow=\|onpopstate=\|onredo=\|onresize=\|onstorage=\|onund=o\|onunload=\|onblur=\|onchage=\|oncontextmenu=\|onfocus=\|onformchange=\|onforminput=\|oninput=\|oninvalid=\|onreset=\|onselect=\|onsubmit=\|onkeydown=\|onkeypress=\|onkeyup=\|onclick=\|ondblclic=k\|ondrag=\|ondragend=\|ondragenter=\|ondragleave=\|ondragover=\|ondragstart=\|ondrop=\|onmousedown=\|onmousemove=\|onmouseout=\|onmouseover=\|onmouseup=\|onmousewheel=\|onscroll=\|onabor=t\|oncanplay=\|oncanplaythrough=\|ondurationchange=\|onemptied=\|onended=\|onerror=\|onloadeddata=\|onloadedmetadata=\|onloadstart=\|onpause=\|onplay=\|onplaying=\|onprogress=\|onratechange=\|onreadystatechange=\|onseeked=\|onseeking=\|onstalled=\|onsuspend=\|ontimeupdate=\|onvolumechange=" --include=*.js ${BPATH}/../../jsOMS ${BPATH}/../../Model ${BPATH}/../../Modules ${BPATH}/../../Web echo "#################################################" -echo "PHPCS" +echo "# PHPCS" echo "#################################################" ./vendor/bin/phpcs --severity=1 ./ --standard="Build/Config/phpcs.xml" echo "#################################################" -echo "PHP static inspection" +echo "# PHP static inspection" echo "#################################################" ./vendor/bin/phpstan analyse -l 9 -c Build/Config/phpstan.neon ./ echo "#################################################" -echo "Rector inspection" +echo "# Rector inspection" echo "#################################################" # vendor/bin/rector process --config Build/Config/rector.php --dry-run ./ echo "#################################################" -echo "ESlint" +echo "# ESlint" echo "#################################################" npx eslint jsOMS/ -c Build/Config/.eslintrc.json echo "#################################################" -echo "MYSQL queries" +echo "# MYSQL queries" echo "#################################################" mysqldumpslow -t 10 /var/log/mysql/mysql-slow.log @@ -48,7 +48,7 @@ mysqldumpslow -t 10 -s l /var/log/mysql/mysql-slow.log pt-query-digest /var/log/mysql/mysql-slow.log echo "#################################################" -echo "PHP stats inspection" +echo "# PHP stats inspection" echo "#################################################" ./vendor/bin/phploc --exclude vendor --exclude node_modules --exclude Resources --exclude Build --exclude .git --exclude privateSetup --exclude demoSetup ./ diff --git a/Helper/serverInstall.sh b/Helper/serverInstall.sh index d8a73f8..b2c3da8 100644 --- a/Helper/serverInstall.sh +++ b/Helper/serverInstall.sh @@ -4,13 +4,13 @@ ## General ############################################################### -# For every user .bash_profile +# For every user .bash_profile/.bashrc export PROMPT_COMMAND='if [ "$(id -u)" -ne 0 ]; then echo "$(date "+%Y-%m-%d.%H:%M:%S") $(pwd) $(history 1)" >> /var/www/html/backup/bash/$(date "+%Y-%m-%d").log; fi' apt-get update -apt-get install git snapd ufw +apt-get install git snapd ufw software-properties-common # Security @@ -28,14 +28,39 @@ service fail2ban restart # TODO: upload ssh key and disable password login if successful # https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys-on-ubuntu-20-04 +# copy the public key (e.g. *.pub to the file ~/.ssh/authorized_keys of the respective user) +# change /etc/ssh/sshd_config PasswordAuthentication no +# systemctl restart ssh + ############################################################### ## Web ############################################################### -apt-get install php8.1 php8.1-dev php8.1-cli php8.1-common php8.1-mysql php8.1-pgsql php8.1-xdebug php8.1-opcache php8.1-pdo php8.1-sqlite php8.1-mbstring php8.1-curl php8.1-imap php8.1-bcmath php8.1-zip php8.1-dom php8.1-xml php8.1-phar php8.1-gd php-pear apache2 mysql-server wkhtmltopdf tesseract-ocr +apt-get install php8.1 php8.1-dev php8.1-cli php8.1-common php8.1-mysql php8.1-pgsql php8.1-xdebug php8.1-opcache php8.1-pdo php8.1-sqlite php8.1-mbstring php8.1-curl php8.1-imap php8.1-bcmath php8.1-zip php8.1-dom php8.1-xml php8.1-phar php8.1-gd php-pear apache2 mariadb-server mariadb-client wkhtmltopdf tesseract-ocr +systemctl enable apache2 a2enmod rewrite a2enmod headers +systemctl restart apache2 + +# Database + +mysql_secure_installation +systemctl start mariadb +systemctl enable mariadb + +mysql -u root -p + +CREATE USER 'jingga'@'%' IDENTIFIED BY 'dYg8#@wLiWJ3vE'; +CREATE USER 'demo'@'%' IDENTIFIED BY 'orange'; + +CREATE DATABASE jingga COMMENT 'Main application database'; +CREATE DATABASE demo COMMENT 'Demo application database'; + +GRANT ALL PRIVILEGES ON jingga TO 'jingga'@'%'; +GRANT ALL PRIVILEGES ON demo TO 'demo'@'%'; + +FLUSH PRIVILEGES; # Apache2 @@ -43,6 +68,156 @@ cat << EOF > /etc/apache2/sites-available/000-default.conf ServerAdmin info@jingga.app DocumentRoot /var/www/html/jingga + ServerName jingga.app + ServerAlias www.jingga.app + + SetEnv OMS_STRIPE_SECRET 1 + SetEnv OMS_STRIPE_PUBLIC 2 + SetEnv OMS_STRIPE_WEBHOOK 3 + SetEnv OMS_PRIVATE_KEY_I 4 + + + Options Indexes FollowSymLinks + AllowOverride All + Require all granted + + + ErrorLog \${APACHE_LOG_DIR}/error.log + CustomLog \${APACHE_LOG_DIR}/access.log combined + + + + ServerAdmin info@jingga.app + DocumentRoot /var/www/html/jingga + ServerName jingga.shop + ServerAlias www.jingga.shop + ServerAlias shop.jingga.app + + SetEnv OMS_STRIPE_SECRET 1 + SetEnv OMS_STRIPE_PUBLIC 2 + SetEnv OMS_STRIPE_WEBHOOK 3 + SetEnv OMS_PRIVATE_KEY_I 4 + + + Options Indexes FollowSymLinks + AllowOverride All + Require all granted + + + ErrorLog \${APACHE_LOG_DIR}/error.log + CustomLog \${APACHE_LOG_DIR}/access.log combined + + + + ServerAdmin info@jingga.app + DocumentRoot /var/www/html/jingga_demo + ServerName demo.jingga.app + + SetEnv OMS_STRIPE_SECRET 1 + SetEnv OMS_STRIPE_PUBLIC 2 + SetEnv OMS_STRIPE_WEBHOOK 3 + SetEnv OMS_PRIVATE_KEY_I 4 + + + Options Indexes FollowSymLinks + AllowOverride All + Require all granted + + + ErrorLog \${APACHE_LOG_DIR}/error.log + CustomLog \${APACHE_LOG_DIR}/access.log combined + + + + ServerAdmin info@jingga.app + DocumentRoot /var/www/html/jingga + ServerName jingga.services + ServerAlias www.jingga.services + ServerAlias services.jingga.app + + SetEnv OMS_STRIPE_SECRET 1 + SetEnv OMS_STRIPE_PUBLIC 2 + SetEnv OMS_STRIPE_WEBHOOK 3 + SetEnv OMS_PRIVATE_KEY_I 4 + + + Options Indexes FollowSymLinks + AllowOverride All + Require all granted + + + ErrorLog \${APACHE_LOG_DIR}/error.log + CustomLog \${APACHE_LOG_DIR}/access.log combined + + + + ServerAdmin info@jingga.app + DocumentRoot /var/www/html/jingga + ServerName jingga.software + ServerAlias www.jingga.software + + SetEnv OMS_STRIPE_SECRET 1 + SetEnv OMS_STRIPE_PUBLIC 2 + SetEnv OMS_STRIPE_WEBHOOK 3 + SetEnv OMS_PRIVATE_KEY_I 4 + + + Options Indexes FollowSymLinks + AllowOverride All + Require all granted + + + ErrorLog \${APACHE_LOG_DIR}/error.log + CustomLog \${APACHE_LOG_DIR}/access.log combined + + + + ServerAdmin info@jingga.app + DocumentRoot /var/www/html/jingga + ServerName jingga.shop + ServerAlias www.jingga.shop + + SetEnv OMS_STRIPE_SECRET 1 + SetEnv OMS_STRIPE_PUBLIC 2 + SetEnv OMS_STRIPE_WEBHOOK 3 + SetEnv OMS_PRIVATE_KEY_I 4 + + + Options Indexes FollowSymLinks + AllowOverride All + Require all granted + + + ErrorLog \${APACHE_LOG_DIR}/error.log + CustomLog \${APACHE_LOG_DIR}/access.log combined + + + + ServerAdmin info@jingga.app + DocumentRoot /var/www/html/jingga + ServerName jingga.systems + ServerAlias www.jingga.systems + + SetEnv OMS_STRIPE_SECRET 1 + SetEnv OMS_STRIPE_PUBLIC 2 + SetEnv OMS_STRIPE_WEBHOOK 3 + SetEnv OMS_PRIVATE_KEY_I 4 + + + Options Indexes FollowSymLinks + AllowOverride All + Require all granted + + + ErrorLog \${APACHE_LOG_DIR}/error.log + CustomLog \${APACHE_LOG_DIR}/access.log combined + + + + ServerAdmin info@jingga.app + DocumentRoot /var/www/html/jingga + ServerName jingga.solutions + ServerAlias www.jingga.solutions SetEnv OMS_STRIPE_SECRET 1 SetEnv OMS_STRIPE_PUBLIC 2 @@ -60,12 +235,11 @@ cat << EOF > /etc/apache2/sites-available/000-default.conf EOF -cat << EOF > /etc/apache2/sites-available/001-saas.conf +cat << EOF > /etc/apache2/sites-available/001-orw.conf ServerAdmin info@jingga.app DocumentRoot /var/www/html/jingga ServerName orw.jingga.app - ServerAlias www.orw.jingga.app SetEnv OMS_STRIPE_SECRET 1 SetEnv OMS_STRIPE_PUBLIC 2 @@ -85,29 +259,8 @@ cat << EOF > /etc/apache2/sites-available/001-saas.conf ServerAdmin info@jingga.app DocumentRoot /var/www/html/jingga - ServerName invoicing.jingga.app - ServerAlias www.invoicing.jingga.app - - SetEnv OMS_STRIPE_SECRET 1 - SetEnv OMS_STRIPE_PUBLIC 2 - SetEnv OMS_STRIPE_WEBHOOK 3 - SetEnv OMS_PRIVATE_KEY_I 4 - - - Options Indexes FollowSymLinks - AllowOverride All - Require all granted - - - ErrorLog \${APACHE_LOG_DIR}/error.log - CustomLog \${APACHE_LOG_DIR}/access.log combined - - - - ServerAdmin info@jingga.app - DocumentRoot /var/www/html/jingga - ServerName fleetmanagement.jingga.app - ServerAlias www.fleetmanagement.jingga.app + ServerName jingga.watch + ServerAlias www.jingga.watch SetEnv OMS_STRIPE_SECRET 1 SetEnv OMS_STRIPE_PUBLIC 2 @@ -125,10 +278,233 @@ cat << EOF > /etc/apache2/sites-available/001-saas.conf EOF -a2ensite 001-saas.conf -a2ensite 000-saas.conf -service apache2 reload -service apache2 restart +cat << EOF > /etc/apache2/sites-available/001-invoicing.conf + + ServerAdmin info@jingga.app + DocumentRoot /var/www/html/jingga + ServerName invoicing.jingga.app + + SetEnv OMS_STRIPE_SECRET 1 + SetEnv OMS_STRIPE_PUBLIC 2 + SetEnv OMS_STRIPE_WEBHOOK 3 + SetEnv OMS_PRIVATE_KEY_I 4 + + + Options Indexes FollowSymLinks + AllowOverride All + Require all granted + + + ErrorLog \${APACHE_LOG_DIR}/error.log + CustomLog \${APACHE_LOG_DIR}/access.log combined + + + + ServerAdmin info@jingga.app + DocumentRoot /var/www/html/jingga + ServerName jingga.sale + ServerAlias www.jingga.sale + + SetEnv OMS_STRIPE_SECRET 1 + SetEnv OMS_STRIPE_PUBLIC 2 + SetEnv OMS_STRIPE_WEBHOOK 3 + SetEnv OMS_PRIVATE_KEY_I 4 + + + Options Indexes FollowSymLinks + AllowOverride All + Require all granted + + + ErrorLog \${APACHE_LOG_DIR}/error.log + CustomLog \${APACHE_LOG_DIR}/access.log combined + +EOF + +cat << EOF > /etc/apache2/sites-available/001-fleet.conf + + ServerAdmin info@jingga.app + DocumentRoot /var/www/html/jingga + ServerName fleetmanagement.jingga.app + + SetEnv OMS_STRIPE_SECRET 1 + SetEnv OMS_STRIPE_PUBLIC 2 + SetEnv OMS_STRIPE_WEBHOOK 3 + SetEnv OMS_PRIVATE_KEY_I 4 + + + Options Indexes FollowSymLinks + AllowOverride All + Require all granted + + + ErrorLog \${APACHE_LOG_DIR}/error.log + CustomLog \${APACHE_LOG_DIR}/access.log combined + + + + ServerAdmin info@jingga.app + DocumentRoot /var/www/html/jingga + ServerName jingga.autos + ServerAlias www.jingga.autos + + SetEnv OMS_STRIPE_SECRET 1 + SetEnv OMS_STRIPE_PUBLIC 2 + SetEnv OMS_STRIPE_WEBHOOK 3 + SetEnv OMS_PRIVATE_KEY_I 4 + + + Options Indexes FollowSymLinks + AllowOverride All + Require all granted + + + ErrorLog \${APACHE_LOG_DIR}/error.log + CustomLog \${APACHE_LOG_DIR}/access.log combined + +EOF + +cat << EOF > /etc/apache2/sites-available/001-contract.conf + + ServerAdmin info@jingga.app + DocumentRoot /var/www/html/jingga + ServerName contractmanagement.jingga.app + + SetEnv OMS_STRIPE_SECRET 1 + SetEnv OMS_STRIPE_PUBLIC 2 + SetEnv OMS_STRIPE_WEBHOOK 3 + SetEnv OMS_PRIVATE_KEY_I 4 + + + Options Indexes FollowSymLinks + AllowOverride All + Require all granted + + + ErrorLog \${APACHE_LOG_DIR}/error.log + CustomLog \${APACHE_LOG_DIR}/access.log combined + + + + ServerAdmin info@jingga.app + DocumentRoot /var/www/html/jingga + ServerName jingga.media + ServerAlias www.jingga.media + + SetEnv OMS_STRIPE_SECRET 1 + SetEnv OMS_STRIPE_PUBLIC 2 + SetEnv OMS_STRIPE_WEBHOOK 3 + SetEnv OMS_PRIVATE_KEY_I 4 + + + Options Indexes FollowSymLinks + AllowOverride All + Require all granted + + + ErrorLog \${APACHE_LOG_DIR}/error.log + CustomLog \${APACHE_LOG_DIR}/access.log combined + +EOF + +cat << EOF > /etc/apache2/sites-available/001-support.conf + + ServerAdmin info@jingga.app + DocumentRoot /var/www/html/jingga + ServerName support.jingga.app + + SetEnv OMS_STRIPE_SECRET 1 + SetEnv OMS_STRIPE_PUBLIC 2 + SetEnv OMS_STRIPE_WEBHOOK 3 + SetEnv OMS_PRIVATE_KEY_I 4 + + + Options Indexes FollowSymLinks + AllowOverride All + Require all granted + + + ErrorLog \${APACHE_LOG_DIR}/error.log + CustomLog \${APACHE_LOG_DIR}/access.log combined + + + + ServerAdmin info@jingga.app + DocumentRoot /var/www/html/jingga + ServerName jingga.support + ServerAlias www.jingga.support + + SetEnv OMS_STRIPE_SECRET 1 + SetEnv OMS_STRIPE_PUBLIC 2 + SetEnv OMS_STRIPE_WEBHOOK 3 + SetEnv OMS_PRIVATE_KEY_I 4 + + + Options Indexes FollowSymLinks + AllowOverride All + Require all granted + + + ErrorLog \${APACHE_LOG_DIR}/error.log + CustomLog \${APACHE_LOG_DIR}/access.log combined + +EOF + +cat << EOF > /etc/apache2/sites-available/001-wiki.conf + + ServerAdmin info@jingga.app + DocumentRoot /var/www/html/jingga + ServerName wiki.jingga.app + + SetEnv OMS_STRIPE_SECRET 1 + SetEnv OMS_STRIPE_PUBLIC 2 + SetEnv OMS_STRIPE_WEBHOOK 3 + SetEnv OMS_PRIVATE_KEY_I 4 + + + Options Indexes FollowSymLinks + AllowOverride All + Require all granted + + + ErrorLog \${APACHE_LOG_DIR}/error.log + CustomLog \${APACHE_LOG_DIR}/access.log combined + + + + ServerAdmin info@jingga.app + DocumentRoot /var/www/html/jingga + ServerName jingga.wiki + ServerAlias www.jingga.wiki + + SetEnv OMS_STRIPE_SECRET 1 + SetEnv OMS_STRIPE_PUBLIC 2 + SetEnv OMS_STRIPE_WEBHOOK 3 + SetEnv OMS_PRIVATE_KEY_I 4 + + + Options Indexes FollowSymLinks + AllowOverride All + Require all granted + + + ErrorLog \${APACHE_LOG_DIR}/error.log + CustomLog \${APACHE_LOG_DIR}/access.log combined + +EOF + +sudo -u www-data mkdir /var/www/html/jingga +sudo -u www-data mkdir /var/www/html/jingga_demo + +a2ensite 001-orw.conf +a2ensite 001-invoicing.conf +a2ensite 001-fleet.conf +a2ensite 001-contract.conf +a2ensite 001-support.conf +a2ensite 001-wiki.conf + +systemctl reload apache2 +systemctl restart apache2 snap install --classic certbot ln -s /snap/bin/certbot /usr/bin/certbot @@ -143,9 +519,33 @@ certbot renew --dry-run apt-get install borgbackup -borg init -v --encryption=repokey /var/www/html -borg key export /var/www/html repokey +mkdir /backup +borg init -v --encryption=repokey /backup +borg key export /backup repokey + +############################################################### +## vscode +############################################################### + +apt-get install wget gpg +wget -qO- https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > packages.microsoft.gpg +install -D -o root -g root -m 644 packages.microsoft.gpg /etc/apt/keyrings/packages.microsoft.gpg +sh -c 'echo "deb [arch=amd64,arm64,armhf signed-by=/etc/apt/keyrings/packages.microsoft.gpg] https://packages.microsoft.com/repos/code stable main" > /etc/apt/sources.list.d/vscode.list' +rm -f packages.microsoft.gpg + +apt install apt-transport-https +apt update +apt install code ############################################################### ## Content ############################################################### + +cd /var/www/html/jingga +git clone --recurse-submodules https://github.com/Karaka-Management/Karaka.git . +git clone --recurse-submodules https://github.com/Karaka-Management/privateSetup.git + +cd /var/www/html/jingga_demo +git clone --recurse-submodules https://github.com/Karaka-Management/Karaka.git . +git clone --recurse-submodules https://github.com/Karaka-Management/demoSetup.git +