Oddiesea
2/15/2020 - 10:17 AM

coder.sh

coder.sh
content_copyfile_download
#!/bin/bash
# SET VARIABLES
while getopts u:p:d:x: option
do
case "${option}"
in
u) USER=${OPTARG};;
p) PASSWORD=${OPTARG};;
d) HOSTNAME=${OPTARG};;
x) EMAIL=${OPTARG};;
esac
done
# update & upgrade #
sudo apt-get update
sudo apt-get upgrade
# ADD repo
sudo add-apt-repository ppa:deadsnakes/ppa
sudo add-apt-repository ppa:longsleep/golang-backports
curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -
sudo apt update
# REMOVE some unneeded apps 
# sudo apt-get remove
# INSTALL new apps
sudo apt-get install -y nginx python3.7 software-properties-common python3-pip golang-go sudo certbot python-certbot-nginx nodejs git docker.io ubuntu-make apache2-utils
# INSTALL python libs
sudo pip3 install virtualenv
# ADD NGINX USER
sudo sh -c "echo -n '$USER:' >> /etc/nginx/.htpasswd"
sudo sh -c "openssl passwd -apr1 $PASSWORD >> /etc/nginx/.htpasswd"
# DISABLE NGINX DEFAULT
unlink /etc/nginx/sites-enabled/default
# START NGINX
sudo /etc/init.d/nginx start
# ADD INITIAL CONFIG FOR CERTBOT
cat >/etc/nginx/sites-enabled/reverse-proxy.conf <<EOL
        server {
    listen 80;
    listen [::]:80;
    return 301 https://$host$request_uri;
}
server {
    listen 443 default_server;
    listen            [::]:443;
    access_log            /var/log/nginx/nginx.access.log;
    error_log            /var/log/nginx/nginx.error.log;
    location / {
        auth_basic "Restricted Content";
        auth_basic_user_file /etc/nginx/.htpasswd;
        proxy_pass http://localhost:8080;
        proxy_set_header Accept-Encoding gzip;
    }
}
EOL
# RELOAD NGINX
service nginx reload
# CERTBOT
certbot  --nginx -d $HOSTNAME --non-interactive --agree-tos -m $EMAIL
# ADD FINAL Config
sudo service nginx stop
sudo rm /etc/nginx/sites-enabled/reverse-proxy.conf
cat >/etc/nginx/sites-enabled/reverse-proxy.conf <<EOL
        server {
    listen 80;
    listen [::]:80;
    return 301 https://$host$request_uri;
}
server {
    listen 443 default_server;
    listen            [::]:443;
    ssl on;
    ssl_certificate /etc/letsencrypt/live/$HOSTNAME/cert.pem;
    ssl_certificate_key /etc/letsencrypt/live/$HOSTNAME/privkey.pem;
    access_log            /var/log/nginx/nginx.access.log;
    error_log            /var/log/nginx/nginx.error.log;
    location / {
        auth_basic "Restricted Content";
        auth_basic_user_file /etc/nginx/.htpasswd;
        proxy_pass http://localhost:8080;
        proxy_set_header Upgrade \$http_upgrade;
        proxy_set_header Connection upgrade;
        proxy_set_header Accept-Encoding gzip;
    }
}
EOL
service nginx restart
# SET UP FIREWALL
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 80
sudo ufw allow https
sudo ufw allow 8000:8005/tcp
sudo ufw allow 8000:8005/udp
sudo ufw enable
# DOWNLOAD SERVER
cd ~/
curl -s https://api.github.com/repos/cdr/code-server/releases | grep browser_download_url | grep 'linux-x86_64.tar.gz' | head -n 1 | cut -d '"' -f 4 | wget -i -
mkdir code-server
tar xf *.tar.gz -C code-server --strip-components 1
find . -maxdepth 1 -type f -delete
# RUN SERVER
cd ~/code-server
chmod +x ./code-server
sudo ./code-server --auth none