-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmysql.sh
133 lines (103 loc) · 4.22 KB
/
mysql.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
#! /usr/bin/env bash
#############################################
########## RUN THIS SCRIPT AS root ##########
#############################################
######### CHANGE THESE SETTINGS #########
TIMEZONE="Europe/London"
############### ALL DONE! ###############
echo -e "\nPlease enter a hostname for the server to begin."
read -p 'Hostname: ' hostvar
HOSTNAME=$hostvar
echo -e "\nPlease enter a username to create."
read -p 'Username: ' uservar
USERNAME=$uservar
echo -e "\nPlease enter your SSH public key (Starts with 'ssh-rsa ' and often found by typing 'cat ~/.ssh/id_rsa.pub' in Terminal/Console)."
read -p 'SSH Public Key: ' sshvar
SSHPUBKEY=$sshvar
echo "Starting setup script..."
### Run Software Updates First ###
sudo apt install -y ca-certificates
sudo apt -y update
sudo apt -y upgrade
### Install Required Software ###
sudo apt install -y build-essential
sudo apt install -y dnsutils
sudo apt install -y software-properties-common
sudo apt install -y nscd
sudo apt install -y nano
sudo apt install -y git
sudo apt install -y python-pip
sudo apt install -y gcc
sudo apt install -y autoconf
sudo apt install -y curl
sudo apt install -y libtool
sudo apt install -y python-dev
sudo apt install -y make
sudo apt install -y g++
sudo apt install -y ufw
sudo apt install -y fail2ban
sudo apt install -y wget zip unzip python2.7 unattended-upgrades htop
sudo apt remove -y apparmor
sudo apt autoremove
IPADDRESS=`dig -4 @resolver1.opendns.com -t a myip.opendns.com +short`
IFS='.' read -r -a array1 <<< ${HOSTNAME}; SHORTNAME=${array1[0]};
BASH_USERNAME=${USER}
CLIENTIP=`echo $SSH_CLIENT | awk '{ print $1}'`
## Fix the hostname ##
hostname $HOSTNAME
sudo echo ${HOSTNAME} > /etc/hostname
sudo echo -e "127.0.0.1\tlocalhost ${HOSTNAME} ${SHORTNAME}\n${IPADDRESS}\t${HOSTNAME} ${SHORTNAME}\n\n" > /etc/hosts
### Add Google DNS Resolvers ###
sudo rm -Rf /etc/resolvconf/resolv.conf.d/*
sudo touch /etc/resolvconf/resolv.conf.d/base
sudo touch /etc/resolvconf/resolv.conf.d/head
sudo touch /etc/resolvconf/resolv.conf.d/original
sudo echo -e "nameserver 127.0.0.1\nnameserver 8.8.8.8\nnameserver 8.8.4.4\noptions timeout 1\n" > /etc/resolvconf/resolv.conf.d/tail
resolvconf -u
### Configure Time Server & Timezone ###
sudo rm -Rf /etc/localtime;ln -fs /usr/share/zoneinfo/${TIMEZONE} /etc/localtime
sudo rm -Rf /etc/timezone;ln -fs /usr/share/zoneinfo/${TIMEZONE} /etc/timezone
sudo apt install -y ntp
sudo service ntp stop
sudo ntpd -gq
sudo service ntp start
### Configure SSH ###
sudo adduser ${USERNAME}
sudo adduser ${USERNAME} sudo
sudo mkdir -p /home/${USERNAME}/.ssh
sudo echo ${SSHPUBKEY} > /home/${USERNAME}/.ssh/authorized_keys
sudo chown -Rf ${USERNAME}:${USERNAME} /home/${USERNAME}
sudo wget "https://raw.githubusercontent.com/robkerry/server-setup/master/config/sshd_config" -O sshd_config
sudo mv -f /etc/ssh/sshd_config /etc/ssh/sshd_config.old
sudo mv -f sshd_config /etc/ssh/sshd_config
### Configure MySQL ###
sudo fallocate -l 1G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
sudo echo "/swapfile none swap sw 0 0" | sudo tee -a /etc/fstab
sudo echo "vm.swappiness=30" | sudo tee -a /etc/sysctl.conf
sudo echo "vm.vfs_cache_pressure=50" | sudo tee -a /etc/sysctl.conf
sudo sysctl -w net.core.somaxconn=100000
sudo sysctl -w net.ipv4.ip_local_port_range="10000 65535"
sudo sysctl -w net.ipv4.tcp_tw_reuse=1
sudo echo -e "net.core.somaxconn=100000\nnet.ipv4.ip_local_port_range=10000 65535\nsysctl -w net.ipv4.tcp_tw_reuse=1\n" > /etc/sysctl.d/network-tuning.conf
wget "https://repo.percona.com/apt/percona-release_latest.generic_all.deb"
sudo dpkg -i percona-release_latest.generic_all.deb
sudo apt update
sudo apt install -y percona-xtradb-cluster-57
sudo service mysql stop
### Configure Firewall ###
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 22123/tcp
sudo ufw allow in on eth1 to any port 3306
sudo ufw allow in on eth1 to any port 4444
sudo ufw allow in on eth1 to any port 3306
sudo ufw allow in on eth1 to any port 4567
sudo ufw allow in on eth1 to any port 4568
sudo ufw allow from ${CLIENTIP}
sudo ufw enable
sudo service ufw restart
sudo service ssh restart
sudo echo -e "\nInstall Complete!\n\nIn future, SSH into this server using 'ssh ${USERNAME}@${HOSTNAME} -p 22123'"