From 8df4166520bae2333f6b5bcdfad51177966998f0 Mon Sep 17 00:00:00 2001 From: flashwave Date: Mon, 17 Jan 2022 02:37:46 +0100 Subject: [PATCH] Added Vagrant config and script for quick setting up a virtual development environment. --- .gitattributes | 1 + .gitignore | 6 ++ LICENSE | 2 +- Vagrantfile | 7 ++ devel/misuzu/config.ini | 7 ++ devel/nginx/fastcgi_params | 35 ++++++++++ devel/nginx/mime.types | 94 +++++++++++++++++++++++++ devel/nginx/nginx.conf | 91 ++++++++++++++++++++++++ devel/setup-devbox.sh | 139 +++++++++++++++++++++++++++++++++++++ 9 files changed, 381 insertions(+), 1 deletion(-) create mode 100644 Vagrantfile create mode 100644 devel/misuzu/config.ini create mode 100644 devel/nginx/fastcgi_params create mode 100644 devel/nginx/mime.types create mode 100644 devel/nginx/nginx.conf create mode 100644 devel/setup-devbox.sh diff --git a/.gitattributes b/.gitattributes index 176a458f..cdc3f394 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1 +1,2 @@ * text=auto +/msz text eol=lf diff --git a/.gitignore b/.gitignore index d9e72dff..1ab189a5 100644 --- a/.gitignore +++ b/.gitignore @@ -22,6 +22,12 @@ .vs/ .idea/ +# Vagrant things +.vagrant/ +/devel/nginx/dhparam.pem +/devel/nginx/misuzu.crt +/devel/nginx/misuzu.key + # Compiled/copied assets /public/js /public/css diff --git a/LICENSE b/LICENSE index 8bdd0820..68e179ac 100644 --- a/LICENSE +++ b/LICENSE @@ -186,7 +186,7 @@ same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright (c) 2017-2021, flashwave + Copyright 2017-2022 flashwave Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/Vagrantfile b/Vagrantfile new file mode 100644 index 00000000..e233c7ac --- /dev/null +++ b/Vagrantfile @@ -0,0 +1,7 @@ +Vagrant.configure("2") do |config| + config.vm.box = "ubuntu/focal64" + config.vm.network "forwarded_port", guest: 80, host: 10080 + config.vm.network "forwarded_port", guest: 443, host: 10443 + config.vm.network "forwarded_port", guest: 3306, host: 13306 + config.vm.provision :shell, path: "devel/setup-devbox.sh" +end diff --git a/devel/misuzu/config.ini b/devel/misuzu/config.ini new file mode 100644 index 00000000..cc392c57 --- /dev/null +++ b/devel/misuzu/config.ini @@ -0,0 +1,7 @@ +[Database] +driver = mysql +unix_socket = /var/run/mysqld/mysqld.sock +username = misuzu +password = toastiscool100 +dbname = misuzu +charset = utf8mb4 diff --git a/devel/nginx/fastcgi_params b/devel/nginx/fastcgi_params new file mode 100644 index 00000000..ac70fd56 --- /dev/null +++ b/devel/nginx/fastcgi_params @@ -0,0 +1,35 @@ +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +#fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +#fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param DOCUMENT_ROOT $realpath_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REQUEST_SCHEME $scheme; +fastcgi_param HTTPS $https if_not_empty; +fastcgi_param PATH_INFO $fastcgi_path_info; +fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +fastcgi_param REDIRECT_STATUS 200; + +fastcgi_connect_timeout 60; +fastcgi_send_timeout 180; +fastcgi_read_timeout 180; +fastcgi_buffers 256 4k; +fastcgi_busy_buffers_size 256k; +fastcgi_temp_file_write_size 256k; diff --git a/devel/nginx/mime.types b/devel/nginx/mime.types new file mode 100644 index 00000000..8fdfaefd --- /dev/null +++ b/devel/nginx/mime.types @@ -0,0 +1,94 @@ +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + application/wasm wasm; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/png png; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + image/svg+xml svg svgz; + image/webp webp; + + application/font-woff woff; + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.wap.wmlc wmlc; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; + application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + audio/opus opus; + audio/x-caf caf; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; + + font/ttf ttf; + font/otf otf; +} diff --git a/devel/nginx/nginx.conf b/devel/nginx/nginx.conf new file mode 100644 index 00000000..978e389c --- /dev/null +++ b/devel/nginx/nginx.conf @@ -0,0 +1,91 @@ +user www-data; +worker_processes auto; +pid /var/run/nginx.pid; + +events { + worker_connections 768; +} + +http { + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + server_tokens off; + + charset utf-8; + + gzip on; + gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; + + include mime.types; + default_type application/octet-stream; + + client_max_body_size 100M; + disable_symlinks off; + + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; + ssl_ecdh_curve secp384r1; + ssl_session_cache shared:SSL:10m; + ssl_session_tickets off; + ssl_stapling on; + ssl_stapling_verify on; + ssl_dhparam dhparam.pem; + + error_log /var/log/nginx/error.log crit; + + server { + root /www/misuzu/public; + server_name misuzu; + index index.php; + + location / { + try_files $uri $uri/ /index.php?$query_string; + } + + location ~* \.(eot|otf|ttf|woff|woff2)$ { + add_header Access-Control-Allow-Origin *; + } + + location /msz-storage { + alias /www/misuzu/store; + internal; + } + + listen 80; + listen 443 ssl; + listen [::]:80; + listen [::]:443 ssl; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + log_not_found off; + access_log off; + } + + ssl_certificate misuzu.crt; + ssl_certificate_key misuzu.key; + + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + } + } +} diff --git a/devel/setup-devbox.sh b/devel/setup-devbox.sh new file mode 100644 index 00000000..bc2eea44 --- /dev/null +++ b/devel/setup-devbox.sh @@ -0,0 +1,139 @@ +#!/usr/bin/env bash + +# this is only intended for the vagrant shit +# for the love of god don't run this on anything but that +# configuration is almost identical to production + +echo -e "> Misuzu Vagrant Auto Configurator " +echo -e "" + +echo -e "=> Installing apt requirements" +apt-get update +apt-get install -y software-properties-common dirmngr apt-transport-https + +echo -e "=> Adding PHP PPA" +add-apt-repository -y ppa:ondrej/php + +echo -e "=> Adding MariaDB 10.6 repostiory" +apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc' +add-apt-repository -y 'deb [arch=amd64,arm64,ppc64el,s390x] https://ftp.nluug.nl/db/mariadb/repo/10.6/ubuntu focal main' + +echo -e "=> Performing full package upgrade" +apt-get update +apt-get full-upgrade -y + +echo -e "=> Installing required packages" +apt-get install -y nginx-full mariadb-server-10.6 openssl \ + php7.4 php7.4-bcmath php7.4-cli php7.4-common php7.4-curl php7.4-dev \ + php7.4-fpm php7.4-gd php7.4-igbinary php7.4-imagick php7.4-intl \ + php7.4-ldap php7.4-mbstring php7.4-mysql php7.4-opcache php7.4-readline \ + php7.4-redis php7.4-sqlite3 php7.4-xml php7.4-zip + +SSL_DHPARAM=/vagrant/devel/nginx/dhparam.pem +SSL_CRT=/vagrant/devel/nginx/misuzu.crt +SSL_KEY=/vagrant/devel/nginx/misuzu.key + +echo -e "=> Generating dhparam.pem" +[ -f "$SSL_DHPARAM" ] || openssl dhparam -out $SSL_DHPARAM 2048 + +echo -e "=> Generating SSL certificate" +[ -f "$SSL_CRT" ] || [ -f "$SSL_KEY" ] || openssl req -subj '/O=Flashii/C=NL/CN=localhost' -new -newkey rsa:2048 -sha256 -days 9001 -nodes -x509 -keyout $SSL_KEY -out $SSL_CRT + +echo -e "=> Replacing NGINX configuration" + +echo -e "==> Removing existing configuration folder" +rm -rf /etc/nginx + +echo -e "==> Linking Misuzu config folder" +ln -fs /vagrant/devel/nginx /etc/nginx + +echo -e "==> Restarting NGINX" +service nginx restart + +echo -e "=> Adjusting PHP configuration" + +echo -e "==> Set display_startup_errors to On" +sed -i 's/display_startup_errors = Off/display_startup_errors = On/g' /etc/php/7.4/fpm/php.ini + +echo -e "==> Increase max upload size to 150M" +sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 150M/g' /etc/php/7.4/fpm/php.ini + +echo -e "==> Increase max body size to 150M" +sed -i 's/post_max_size = 8M/post_max_size = 150M/g' /etc/php/7.4/fpm/php.ini + +echo -e "==> Restarting PHP-FPM" +service php7.4-fpm restart + +echo -e "=> Adjusting MariaDB configuration" + +echo -e "==> Creating MariaDB database" +mysql -vv -e "CREATE DATABASE misuzu COLLATE 'utf8mb4_bin'" + +echo -e "==> Creating MariaDB user" +mysql -vv -e "CREATE USER 'misuzu'@'localhost' IDENTIFIED BY 'toastiscool100'" +mysql -vv -e "CREATE USER 'misuzu'@'%' IDENTIFIED BY 'toastiscool100'" + +echo -e "==> Granting database access to MariaDB user" +mysql -vv -e "GRANT EXECUTE, SELECT, SHOW VIEW, ALTER, ALTER ROUTINE, CREATE, CREATE ROUTINE, CREATE TEMPORARY TABLES, CREATE VIEW, DELETE, DROP, EVENT, INDEX, INSERT, REFERENCES, TRIGGER, UPDATE, LOCK TABLES ON misuzu.* TO 'misuzu'@'localhost'" +mysql -vv -e "GRANT EXECUTE, SELECT, SHOW VIEW, ALTER, ALTER ROUTINE, CREATE, CREATE ROUTINE, CREATE TEMPORARY TABLES, CREATE VIEW, DELETE, DROP, EVENT, INDEX, INSERT, REFERENCES, TRIGGER, UPDATE, LOCK TABLES ON misuzu.* TO 'misuzu'@'%'" + +echo -e "==> Reloading MariaDB privileges" +mysql -vv -e "FLUSH PRIVILEGES" + +# Taken from https://getcomposer.org/doc/faqs/how-to-install-composer-programmatically.md +# Remove when composer dependencies are dropkicked + +echo -e "=> Installing Composer" + +echo -e "==> Fetching expecting checksum" +EXPECTED_CHECKSUM="$(php -r 'copy("https://composer.github.io/installer.sig", "php://stdout");')" + +echo -e "==> Downloading installer" +php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" + +echo -e "==> Hashing installer" +ACTUAL_CHECKSUM="$(php -r "echo hash_file('sha384', 'composer-setup.php');")" + +echo -e "==> Confirming checksum" +if [ "$EXPECTED_CHECKSUM" != "$ACTUAL_CHECKSUM" ] +then + >&2 echo 'ERROR: Invalid installer checksum' + rm composer-setup.php + exit 1 +fi + +echo -e "==> Installing to /bin/composer" +php composer-setup.php --quiet --install-dir=/bin --filename=composer + +echo -e "==> Removing installer" +rm composer-setup.php +# End of composer things + +echo -e "=> Adjusting Misuzu configuration" + +MSZ_CONFIG=/vagrant/config/config.ini + +echo -e "==> Replacing Misuzu config.ini" +rm $MSZ_CONFIG +cp /vagrant/devel/misuzu/config.ini $MSZ_CONFIG + +# ENTER: JANK +echo -e "==> Running composer install as www-data" +sudo -u www-data composer install -d /vagrant + +echo -e "==> Adding frequent cron jobs as www-data" +(sudo -u www-data crontab -l 2>/dev/null; echo "0,10,20,30,40 * * * * php7.4 /www/misuzu/msz cron") | sudo -u www-data crontab - + +echo -e "==> Adding infrequent cron jobs as www-data" +(sudo -u www-data crontab -l 2>/dev/null; echo "50 * * * * php7.4 /www/misuzu/msz cron low") | sudo -u www-data crontab - + +echo -e "==> Nuking /www" +rm -rf /www + +echo -e "==> Creating /www" +mkdir /www + +echo -e "==> Linking /vagrant to /www/misuzu" +ln -fs /vagrant /www/misuzu + +echo -e "Done!"