kato
/
installation_guides


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130
							### FreeBSD Server Installation Guide ###

##################################################

# Connecting to Server
ssh root@207.246.121.231

##################################################

# Configuring Users
passwd &&
pw useradd user -m &&
passwd user &&
pkg update && pkg install -y sudo &&
pw group mod wheel -m user &&
sed -i .bak 's/# %wheel ALL=(ALL:ALL) ALL/%wheel ALL=(ALL:ALL) ALL/' /usr/local/etc/sudoers

##################################################

# Configuring SSH Authentication
ssh-keygen -t rsa -b 4096 &&
ssh-copy-id -i ~/.ssh/id_rsa.pub user@207.246.121.231 &&
ssh user@207.246.121.231

##################################################

# Updating Server
sudo pkg update && sudo pkg upgrade -y &&

# Installing Packages
sudo pkg install -y nginx py39-certbot-nginx rsync py39-fail2ban &&

# Configuring Editor
echo -e "set number relativenumber\nset hlsearch\nset incsearch\nsyntax on\nnnoremap ZW :w<CR>\nnnoremap S :%s//<Left>" | tee ~/.vimrc > /dev/null &&

# Configuring Firewall

# Configuring Fail2ban
sudo cp /usr/local/etc/fail2ban/fail2ban.conf /usr/local/etc/fail2ban/fail2ban.local &&
sudo cp /usr/local/etc/fail2ban/jail.conf /usr/local/etc/fail2ban/jail.local &&
sudo sed -i .bak 's/#allowipv6 = auto/allowipv6 = auto/' /usr/local/etc/fail2ban/fail2ban.local &&
sudo sed -i .bak '/backend = %(sshd_backend)s/a\
enabled = true\
maxretry = 3\
bantime = 31536000\
findtime = 18144000' /usr/local/etc/fail2ban/jail.local &&
sudo sysrc fail2ban_enable=YES &&
sudo service fail2ban start &&

# Configuring SSH
sudo sed -i .bak 's/#Port 22/Port 2356/' /etc/ssh/sshd_config &&
sudo sed -i .bak 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config &&
sudo sed -i .bak 's/#StrictModes yes/StrictModes yes/' /etc/ssh/sshd_config &&
sudo sed -i .bak 's/#MaxAuthTries 6/MaxAuthTries 1/' /etc/ssh/sshd_config &&
sudo sed -i .bak 's/#MaxSessions 10/MaxSessions 1/' /etc/ssh/sshd_config &&
sudo sed -i .bak 's/PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config &&
sudo sed -i .bak 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/' /etc/ssh/sshd_config &&
sudo sed -i .bak 's/#UsePAM yes/UsePAM no/' /etc/ssh/sshd_config &&
sudo service sshd reload &&

# Nginx
sudo sysrc nginx_enable=YES &&
sudo service nginx start &&
sudo sed -i .bak '/default_type  application\/octet-stream;/a\
    server_tokens   off;' /usr/local/etc/nginx/nginx.conf &&
sudo sed -i .bak '/keepalive_timeout  65/a\
\
        server {\
        listen 80;\
        listen [::]:80;\
\
\
        root /usr/local/www/website.com;\
\
        index index.html index.htm index.nginx-debian.html;\
\
        server_name website.com www.website.com;\
\
        gzip on;\
        gzip_min_length 1100;\
        gzip_buffers 4 32k;\
        gzip_types text/plain application/x-javascript text/xml text/css;\
        gzip_vary on;\
\
        # Media: images, icons, video, audio, HTC\
        location ~* \.(?:jpg|jpeg|gif|png|ico|svg|webp|mp3)$ {\
                expires 1M;\
                access_log off;\
                # max-age must be in seconds\
                add_header Cache-Control "max-age=2629746, public";\
}\
\
        # CSS and Javascript\
        location ~* \.(?:css|js)$ {\
                expires 1y;\
                access_log off;\
                add_header Cache-Control "max-age=31556952, public";\
}\
\
        location / {\
                if ($request_uri ~ ^/(.*)\.html(\?|$)) {\
                return 302 /$1;\
        }\
                try_files $uri $uri.html $uri/ =404;\
        }\
\
\
}' /usr/local/etc/nginx/nginx.conf &&
sudo chmod -R 777 /usr/local/www/ &&
sudo -u user mkdir /usr/local/www/website.com &&
sudo service nginx reload &&

# Certbot
sudo certbot --nginx --register-unsafely-without-email &&

# Crontab
echo "0 0 * * 0 /usr/local/bin/backupscript" | crontab - &&
echo -e "0 */6 * * * pkg update && pkg upgrade -y && freebsd-update fetch && freebsd-update install\n0 0 * * 0 certbot --nginx renew" | sudo crontab - &&

# Backups
mkdir ~/backups &&
echo '#!/bin/sh
rsync -artvzP /var/www/website.com ~/backups/$(date "+%d_%m_%Y")' | sudo tee /usr/local/bin/backupscript > /dev/null &&
sudo chmod +x /usr/local/bin/backupscript

##################################################

# Syncing Website
rsync -rtvzPe 'ssh -p 2356' ~/documents/websites/website.com user@207.246.121.231:/usr/local/www/ --delete