freebsd_install 4.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130
  1. ### FreeBSD Server Installation Guide ###
  2. ##################################################
  3. # Connecting to Server
  4. ssh root@207.246.121.231
  5. ##################################################
  6. # Configuring Users
  7. passwd &&
  8. pw useradd user -m &&
  9. passwd user &&
  10. pkg update && pkg install -y sudo &&
  11. pw group mod wheel -m user &&
  12. sed -i .bak 's/# %wheel ALL=(ALL:ALL) ALL/%wheel ALL=(ALL:ALL) ALL/' /usr/local/etc/sudoers
  13. ##################################################
  14. # Configuring SSH Authentication
  15. ssh-keygen -t rsa -b 4096 &&
  16. ssh-copy-id -i ~/.ssh/id_rsa.pub user@207.246.121.231 &&
  17. ssh user@207.246.121.231
  18. ##################################################
  19. # Updating Server
  20. sudo pkg update && sudo pkg upgrade -y &&
  21. # Installing Packages
  22. sudo pkg install -y nginx py39-certbot-nginx rsync py39-fail2ban &&
  23. # Configuring Editor
  24. echo -e "set number relativenumber\nset hlsearch\nset incsearch\nsyntax on\nnnoremap ZW :w<CR>\nnnoremap S :%s//<Left>" | tee ~/.vimrc > /dev/null &&
  25. # Configuring Firewall
  26. # Configuring Fail2ban
  27. sudo cp /usr/local/etc/fail2ban/fail2ban.conf /usr/local/etc/fail2ban/fail2ban.local &&
  28. sudo cp /usr/local/etc/fail2ban/jail.conf /usr/local/etc/fail2ban/jail.local &&
  29. sudo sed -i .bak 's/#allowipv6 = auto/allowipv6 = auto/' /usr/local/etc/fail2ban/fail2ban.local &&
  30. sudo sed -i .bak '/backend = %(sshd_backend)s/a\
  31. enabled = true\
  32. maxretry = 3\
  33. bantime = 31536000\
  34. findtime = 18144000' /usr/local/etc/fail2ban/jail.local &&
  35. sudo sysrc fail2ban_enable=YES &&
  36. sudo service fail2ban start &&
  37. # Configuring SSH
  38. sudo sed -i .bak 's/#Port 22/Port 2356/' /etc/ssh/sshd_config &&
  39. sudo sed -i .bak 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config &&
  40. sudo sed -i .bak 's/#StrictModes yes/StrictModes yes/' /etc/ssh/sshd_config &&
  41. sudo sed -i .bak 's/#MaxAuthTries 6/MaxAuthTries 1/' /etc/ssh/sshd_config &&
  42. sudo sed -i .bak 's/#MaxSessions 10/MaxSessions 1/' /etc/ssh/sshd_config &&
  43. sudo sed -i .bak 's/PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config &&
  44. sudo sed -i .bak 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/' /etc/ssh/sshd_config &&
  45. sudo sed -i .bak 's/#UsePAM yes/UsePAM no/' /etc/ssh/sshd_config &&
  46. sudo service sshd reload &&
  47. # Nginx
  48. sudo sysrc nginx_enable=YES &&
  49. sudo service nginx start &&
  50. sudo sed -i .bak '/default_type application\/octet-stream;/a\
  51. server_tokens off;' /usr/local/etc/nginx/nginx.conf &&
  52. sudo sed -i .bak '/keepalive_timeout 65/a\
  53. \
  54. server {\
  55. listen 80;\
  56. listen [::]:80;\
  57. \
  58. \
  59. root /usr/local/www/website.com;\
  60. \
  61. index index.html index.htm index.nginx-debian.html;\
  62. \
  63. server_name website.com www.website.com;\
  64. \
  65. gzip on;\
  66. gzip_min_length 1100;\
  67. gzip_buffers 4 32k;\
  68. gzip_types text/plain application/x-javascript text/xml text/css;\
  69. gzip_vary on;\
  70. \
  71. # Media: images, icons, video, audio, HTC\
  72. location ~* \.(?:jpg|jpeg|gif|png|ico|svg|webp|mp3)$ {\
  73. expires 1M;\
  74. access_log off;\
  75. # max-age must be in seconds\
  76. add_header Cache-Control "max-age=2629746, public";\
  77. }\
  78. \
  79. # CSS and Javascript\
  80. location ~* \.(?:css|js)$ {\
  81. expires 1y;\
  82. access_log off;\
  83. add_header Cache-Control "max-age=31556952, public";\
  84. }\
  85. \
  86. location / {\
  87. if ($request_uri ~ ^/(.*)\.html(\?|$)) {\
  88. return 302 /$1;\
  89. }\
  90. try_files $uri $uri.html $uri/ =404;\
  91. }\
  92. \
  93. \
  94. }' /usr/local/etc/nginx/nginx.conf &&
  95. sudo chmod -R 777 /usr/local/www/ &&
  96. sudo -u user mkdir /usr/local/www/website.com &&
  97. sudo service nginx reload &&
  98. # Certbot
  99. sudo certbot --nginx --register-unsafely-without-email &&
  100. # Crontab
  101. echo "0 0 * * 0 /usr/local/bin/backupscript" | crontab - &&
  102. echo -e "0 */6 * * * pkg update && pkg upgrade -y && freebsd-update fetch && freebsd-update install\n0 0 * * 0 certbot --nginx renew" | sudo crontab - &&
  103. # Backups
  104. mkdir ~/backups &&
  105. echo '#!/bin/sh
  106. rsync -artvzP /var/www/website.com ~/backups/$(date "+%d_%m_%Y")' | sudo tee /usr/local/bin/backupscript > /dev/null &&
  107. sudo chmod +x /usr/local/bin/backupscript
  108. ##################################################
  109. # Syncing Website
  110. rsync -rtvzPe 'ssh -p 2356' ~/documents/websites/website.com user@207.246.121.231:/usr/local/www/ --delete