diff --git a/README.md b/README.md index a8f9b6f..7e3213d 100644 --- a/README.md +++ b/README.md @@ -63,11 +63,17 @@ Cloned project ├── README.md └── docker-compose.yml ``` + * `acme` contains all applied certificates from Lets Encrypt + * `bin` contains multiple CLI scripts to allow you add or delete virtual hosts, install applications, upgrade, etc + * `data` stores the MySQL database + * `logs` contains all of the web server logs and virtual host access logs + * `lsws` contains all web server configuration files + * `sites` contains the document roots (the WordPress application will install here) ## Usage @@ -93,54 +99,54 @@ docker-compose down ### Setting the WebAdmin Password We strongly recommend you set your personal password right away. ``` -bash bin/webadmin.sh MYPASSWORD +bash bin/webadmin.sh my_password ``` ### Starting a Demo Site -After running the following command, you should be able to access the WordPress installation with the configured domain. By default the domain is `https://localhost` and also `https://server_IP`. +After running the following command, you should be able to access the WordPress installation with the configured domain. By default the domain is http://localhost. ``` bash bin/demosite.sh ``` ### Creating a Domain and Virtual Host ``` -bash bin/domain.sh [-add|-a] example.com +bash bin/domain.sh [-A, --add] example.com ``` ### Deleting a Domain and Virtual Host ``` -bash bin/domain.sh [-del|-d] example.com +bash bin/domain.sh [-D, --del] example.com ``` ### Creating a Database You can either automatically generate the user, password, and database names, or specify them. Use the following to auto generate: ``` -bash bin/database.sh [-domain|-d] example.com +bash bin/database.sh [-D, --domain] example.com ``` Use this command to specify your own names, substituting `user_name`, `my_password`, and `database_name` with your preferred values: ``` -bash bin/database.sh [-domain|-d] example.com [-user|-u] user_name [-password|-p] my_password [-database|-db] database_name +bash bin/database.sh [-D, --domain] example.com [-U, --user] USER_NAME [-P, --password] MY_PASS [-DB, --database] DATABASE_NAME ``` ### Installing a WordPress Site To preconfigure the `wp-config` file, run the `database.sh` script for your domain, before you use the following command to install WordPress: ``` -./bin/appinstall.sh [-app|-a] wordpress [-domain|-d] example.com +./bin/appinstall.sh [-A, --app] wordpress [-D, --domain] example.com ``` ### Install ACME We need to run the ACME installation command the **first time only**. With email notification: ``` -./bin/acme.sh [--install|-i] [--email|-e] EMAIL_ADDR +./bin/acme.sh [-I, --install] [-E, --email] EMAIL_ADDR ``` Without email notification: ``` -./bin/acme.sh [--install|-i] [--no-email|-ne] +./bin/acme.sh [-I, --install] [-NE, --no-email] ``` ### Applying a Let's Encrypt Certificate Use the root domain in this command, and it will check for a certificate and automatically apply one with and without `www`: ``` -./bin/acme.sh [-domain|-d] example.com +./bin/acme.sh [-D, --domain] example.com ``` ### Update Web Server To upgrade the web server to latest stable version, run the following: ``` -bash bin/webadmin.sh [-lsup|-upgrade] +bash bin/webadmin.sh [-U, --upgrade] ``` ### Apply OWASP ModSecurity Enable OWASP `mod_secure` on the web server: diff --git a/bin/acme.sh b/bin/acme.sh index 1667bc9..1ec7120 100755 --- a/bin/acme.sh +++ b/bin/acme.sh @@ -7,6 +7,13 @@ UNINSTALL='' TYPE=0 CONT_NAME='litespeed' ACME_SRC='https://raw.githubusercontent.com/Neilpang/acme.sh/master/acme.sh' +EPACE=' ' + +echow(){ + FLAG=${1} + shift + echo -e "\033[1m${EPACE}${FLAG}\033[0m${@}" +} help_message(){ case ${1} in @@ -14,13 +21,18 @@ help_message(){ echo 'You will need to install acme script at the first time.' echo 'Please run acme.sh --install --email example@example.com' ;; - "2") - echo 'Command [--install] [--email EMAIL_ADDR]' - echo 'Command [--install] [--no-email]' - echo 'Command [--domain DOMAIN_NAME]' - echo 'Example: acme.sh --install --email example@example.com' - echo 'Example: acme.sh --install --no-email' - echo 'Example: acme.sh --domain example.com' + "2") + echo -e "\033[1mOPTIONS\033[0m" + echow '-D, --domain [DOMAIN_NAME]' + echo "${EPACE}${EPACE}Example: acme.sh --domain example.com" + echo "${EPACE}${EPACE}will auto detect and apply for both example.com and www.example.com domains." + echow '-H, --help' + echo "${EPACE}${EPACE}Display help and exit." + echo -e "\033[1m Only for the First time\033[0m" + echow '--install --email [EMAIL_ADDR]' + echo "${EPACE}${EPACE}Will install ACME with the Email provided" + echow '--install --no-email' + echo "${EPACE}${EPACE}Will install ACME without the Email." exit 0 ;; "3") @@ -178,22 +190,22 @@ while [ ! -z "${1}" ]; do -[hH] | -help | --help) help_message 2 ;; - -d | -domain | --domain) shift + -[dD] | -domain | --domain) shift check_input "${1}" DOMAIN="${1}" ;; - -i | --install ) + -[iI] | --install ) INSTALL=true ;; - -u | --uninstall ) + -[uU] | --uninstall ) UNINSTALL=true uninstall_acme ;; - -e | --email ) shift + -[eE] | --email ) shift check_input "${1}" EMAIL="${1}" ;; - -ne | --no-email ) shift + -NE | --no-email ) shift NO_EMAIL=true ;; *) diff --git a/bin/appinstall.sh b/bin/appinstall.sh index 590a281..a612980 100755 --- a/bin/appinstall.sh +++ b/bin/appinstall.sh @@ -1,10 +1,22 @@ #!/usr/bin/env bash APP_NAME='' DOMAIN='' +EPACE=' ' + +echow(){ + FLAG=${1} + shift + echo -e "\033[1m${EPACE}${FLAG}\033[0m${@}" +} help_message(){ - echo 'Command [-app app_name] [-domain domain_name]' - echo 'Example: appinstall.sh -app wordpress -d example.com' + echo -e "\033[1mOPTIONS\033[0m" + echow '-A, --app [app_name] -D, --domain [DOMAIN_NAME]' + echo "${EPACE}${EPACE}Example: appinstall.sh -A wordpress -D example.com" + echo "${EPACE}${EPACE}Will install WordPress CMS under the example.com domain" + echow '-H, --help' + echo "${EPACE}${EPACE}Display help and exit." + exit 0 } check_input(){ @@ -30,11 +42,11 @@ while [ ! -z "${1}" ]; do -[hH] | -help | --help) help_message ;; - -app | -a | -A) shift + -[aA] | -app | --app) shift check_input "${1}" APP_NAME="${1}" ;; - -d | -D | -domain) shift + -[dD] | -domain | --domain) shift check_input "${1}" DOMAIN="${1}" ;; diff --git a/bin/container/serialctl.sh b/bin/container/serialctl.sh new file mode 100755 index 0000000..8099c97 --- /dev/null +++ b/bin/container/serialctl.sh @@ -0,0 +1,75 @@ +#!/bin/bash +LSDIR='/usr/local/lsws' + +help_message(){ + echo 'Command [-serial|-S] SERIAL' + echo 'Example: serialctl.sh -s SERIAL' + echo 'Example: serialctl.sh -s TRIAL' + exit 0 +} + +check_input(){ + if [ -z "${1}" ]; then + help_message + exit 1 + fi +} + +backup_old(){ + if [ -f ${1} ] && [ ! -f ${1}_old ]; then + mv ${1} ${1}_old + fi +} + +detect_ols(){ + if [ -e ${LSDIR}/bin/openlitespeed ]; then + echo '[X] Detect OpenLiteSpeed, abort!' + exit 1 + fi +} + +apply_serial(){ + detect_ols + check_input ${1} + echo ${1} | grep -i 'trial' >/dev/null + if [ ${?} = 0 ]; then + echo 'Apply Trial License' + if [ ! -e ${LSDIR}/conf/serial.no ] && [ ! -e ${LSDIR}/conf/license.key ]; then + rm -f ${LSDIR}/conf/trial.key* + wget -P ${LSDIR}/conf -q http://license.litespeedtech.com/reseller/trial.key + echo 'Apply trial finished' + else + echo "Please backup and remove your existing license, apply abort!" + exit 1 + fi + else + echo "Apply Serial number: ${1}" + backup_old ${LSDIR}/conf/serial.no + backup_old ${LSDIR}/conf/license.key + backup_old ${LSDIR}/conf/trial.key + echo "${1}" > ${LSDIR}/conf/serial.no + ${LSDIR}/bin/lshttpd -r + if [ -f ${LSDIR}/conf/license.key ]; then + echo '[O] Apply success' + else + echo '[X] Apply failed, please check!' + exit 1 + fi + fi +} + +check_input ${1} +while [ ! -z "${1}" ]; do + case ${1} in + -[hH] | -help | --help) + help_message + ;; + -[sS] | -serial) shift + apply_serial "${1}" + ;; + *) + help_message + ;; + esac + shift +done \ No newline at end of file diff --git a/bin/database.sh b/bin/database.sh index e432098..1d08a1c 100755 --- a/bin/database.sh +++ b/bin/database.sh @@ -7,13 +7,25 @@ SQL_USER='' SQL_PASS='' ANY="'%'" SET_OK=0 +EPACE=' ' + +echow(){ + FLAG=${1} + shift + echo -e "\033[1m${EPACE}${FLAG}\033[0m${@}" +} help_message(){ - echo 'Command [-domain xxx]' - echo 'Command [-domain xxx] [-user xxx] [-password xxx] [-database xxx]' - echo 'Example 1: database.sh -domain example.com' - echo 'Example 2: database.sh -domain example.com -user USERNAME -password PASSWORD -database DATABASENAME' - echo 'Script will auto assign database & username by the domain and random password for example 1' + echo -e "\033[1mOPTIONS\033[0m" + echow '-D, --domain [DOMAIN_NAME]' + echo "${EPACE}${EPACE}Example: database.sh -D example.com" + echo "${EPACE}${EPACE}Will auto generate Database/username/password for the domain" + echow '-D, --domain [DOMAIN_NAME] -U, --user [xxx] -P, --password [xxx] -DB, --database [xxx]' + echo "${EPACE}${EPACE}Example: database.sh -D example.com -U USERNAME -P PASSWORD -DB DATABASENAME" + echo "${EPACE}${EPACE}Will create Database/username/password by given" + echow '-H, --help' + echo "${EPACE}${EPACE}Display help and exit." + exit 0 } check_input(){ @@ -120,16 +132,16 @@ while [ ! -z "${1}" ]; do -[hH] | -help | --help) help_message ;; - -d | -D | -domain) shift + -[dD] | -domain| --domain) shift DOMAIN="${1}" ;; - -u | -U | -user) shift + -[uU] | -user | --user) shift SQL_USER="${1}" ;; - -p | -P | -password) shift + -[pP] | -password| --password) shift SQL_PASS="'${1}'" ;; - -db | -DB | -database) shift + -db | -DB | -database| --database) shift SQL_DB="${1}" ;; *) diff --git a/bin/domain.sh b/bin/domain.sh index b787496..3a4b344 100755 --- a/bin/domain.sh +++ b/bin/domain.sh @@ -1,10 +1,21 @@ #!/usr/bin/env bash CONT_NAME='litespeed' +EPACE=' ' + +echow(){ + FLAG=${1} + shift + echo -e "\033[1m${EPACE}${FLAG}\033[0m${@}" +} help_message(){ - echo 'Command [-add|-del] [domain_name]' - echo 'Example 1: domain.sh -add example.com' - echo 'Example 2: domain.sh -del example.com' + echo -e "\033[1mOPTIONS\033[0m" + echow "-A, --add [domain_name]" + echo "${EPACE}${EPACE}Example: domain.sh -A example.com, will add the domain to Listener and auto create a new virtual host." + echow "-D, --del [domain_name]" + echo "${EPACE}${EPACE}Example: domain.sh -D example.com, will delete the domain from Listener." + echow '-H, --help' + echo "${EPACE}${EPACE}Display help and exit." } check_input(){ @@ -35,10 +46,10 @@ while [ ! -z "${1}" ]; do -[hH] | -help | --help) help_message ;; - -add | -a | -A) shift + -[aA] | -add | --add) shift add_domain ${1} ;; - -del | -d | -D | -delete) shift + -[dD] | -del | --del | --delete) shift del_domain ${1} ;; *) diff --git a/bin/webadmin.sh b/bin/webadmin.sh index 9b097d9..059a6dc 100755 --- a/bin/webadmin.sh +++ b/bin/webadmin.sh @@ -1,17 +1,27 @@ #!/usr/bin/env bash CONT_NAME='litespeed' +EPACE=' ' + +echow(){ + FLAG=${1} + shift + echo -e "\033[1m${EPACE}${FLAG}\033[0m${@}" +} help_message(){ - echo 'Command [PASSWORD]' - echo 'Example: webadmin.sh mypassword' - echo 'Command [-r]' - echo 'Example: webadmin.sh -r' - echo 'Will restart LiteSpeed Web Server' - echo 'Command [-modsec] [enable|disable]' - echo 'Example: webadmin -modsec enable' - echo 'Command [-lsup]' - echo 'Example: webadmin.sh -lsup' - echo 'Will upgrade to latest stable version' + echo -e "\033[1mOPTIONS\033[0m" + echow '[Enter Your PASSWORD]' + echo "${EPACE}${EPACE}Example: webadmin.sh MY_SECURE_PASS, to update web admin password immediatly." + echow '-R, --restart' + echo "${EPACE}${EPACE}Will gracefully restart LiteSpeed Web Server." + echow '-M, --mod-secure [enable|disable]' + echo "${EPACE}${EPACE}Example: webadmin.sh -M enable, will enable and apply Mod_Secure OWASP rules on server" + echow '-U, --upgrade' + echo "${EPACE}${EPACE}Will upgrade web server to latest stable version" + echow '-S, --serial [YOUR_SERIAL|TRIAL]' + echo "${EPACE}${EPACE}Will apply your serial number to LiteSpeed Web Server." + echow '-H, --help' + echo "${EPACE}${EPACE}Display help and exit." exit 0 } @@ -26,6 +36,11 @@ lsws_restart(){ docker-compose exec ${CONT_NAME} su -c '/usr/local/lsws/bin/lswsctrl restart >/dev/null' } +apply_serial(){ + docker-compose exec ${CONT_NAME} su -c "serialctl.sh -s ${1}" + lsws_restart +} + mod_secure(){ if [ "${1}" = 'enable' ] || [ "${1}" = 'Enable' ]; then docker-compose exec ${CONT_NAME} su -s /bin/bash root -c "owaspctl.sh -enable" @@ -62,12 +77,15 @@ while [ ! -z "${1}" ]; do -[rR] | -restart | --restart) lsws_restart ;; - -modsec | -sec| --sec) shift + -M | -mode-secure | --mod-secure) shift mod_secure ${1} ;; - -lsup | -upgrade) shift + -lsup | --lsup | --upgrade | -U) shift ls_upgrade - ;; + ;; + -[sS] | -serial | --serial) shift + apply_serial ${1} + ;; *) main ${1} ;;