WordPressのインストールをShellスクリプトで半自動化する
半自動化シリーズも結構色々とやってそこそこたまってきた。Remineの半自動化とかzabbixの半自動化とか色々とやってきてここでWordPressという、WordPressは結構、まだ使っているところ多いしサーバで運用したいとかいうニーズもなくはないのと自分でも楽したいというのもあってRedmine共々にたまに必要なこともあるので簡単に構築できるようにしておきたいので、ほかのと合わせてShellスクリプトで一撃インストールできるようにしてみた。
ほんとはDokcerとかk8s使うとかの方がいいんですけど、やはり制約あって単独鯖がいいとかもあったりするし、都度、調べて手動でチマチマコマンドコピペとかやりたくないのでShellスクリプトにしてみた。大きく変わらない限りはバージョンとか変えれば使えるようにしておいた。ひとまずAWSとGCPでは試していてRDSとかCloudSQLでは使えるようにはなっていました。あと管理画面にBasic認証かけています。
◆Shellスクリプト
#!/bin/bash
HOST_NAME=wordpress-srv
DATABASE=wordpress
DB_INITIAL_PASSWORD=paswword
DB_ROOT_PASSWORD=rootpassword
DB_USER=wordpress
DB_PASSWORD=wordpress
DB_HOST=localhost
PHP_VERSION=8.2
WP_CONFIG_URL=https://api.wordpress.org/secret-key/1.1/salt/
WEB_USER=www-data
HTPASSWORD_PATH=/etc/nginx/basic
BASIC_AUTH_USER=admin
BASIC_AUTH_PASSWORD=admin
SERVER_NAME=wp.wxample.com
SITE_URL=https://wp.example.com/
DOCUMENT_ROOT=/var/www/wordpress
WP_CONFIG_PATH=${DOCUMENT_ROOT}/wp-config.php
ADMIN_MAIL=ujimasa@hotmail.com
WORDPRESS_DL_URL=https://ja.wordpress.org/latest-ja.tar.gz
DOCUMENT_ROOT=/var/www/wordpress
sudo hostnamectl set-hostname ${HOST_NAME}
# ---------------------------------------------
# 1.nginxインストール
# ---------------------------------------------
read -p "## Do you want to install nginx? (y/n) [y]: " -e -i "y" nginxResponseinput
if [ "$nginxResponseinput" == "y" ] || [ "$nginxResponseinput" == "Y" ]; then
echo "# install nginx process..."
sudo apt install -y curl gnupg2 ca-certificates lsb-release ubuntu-keyring
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
| sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \
| sudo tee /etc/apt/sources.list.d/nginx.list
sudo apt update
sudo apt install -y nginx
sudo tee /etc/nginx/nginx.conf <<_EOF_
user ${WEB_USER};
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
# MIME
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers off;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
##
# Security Headers
##
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# Virtual Host Configs
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
_EOF_
sudo systemctl enable nginx
sudo systemctl start nginx
echo "# Install nginx done!"
fi
# ---------------------------------------------
# 2.PHPインストール
# ---------------------------------------------
read -p "## Do you want to install php? (y/n) [y]: " -e -i "y" phpResponseinput
if [ "$phpResponseinput" == "y" ] || [ "$phpResponseinput" == "Y" ]; then
echo "# install php process..."
sudo apt -y install software-properties-common
sudo add-apt-repository ppa:ondrej/php
sudo apt -y update
sudo apt -y install php${PHP_VERSION}-fpm \
php${PHP_VERSION}-common \
php${PHP_VERSION}-mysql \
php${PHP_VERSION}-xml \
php${PHP_VERSION}-xmlrpc \
php${PHP_VERSION}-curl \
php${PHP_VERSION}-gd \
php${PHP_VERSION}-imagick \
php${PHP_VERSION}-cli \
php${PHP_VERSION}-dev \
php${PHP_VERSION}-imap \
php${PHP_VERSION}-mbstring \
php${PHP_VERSION}-soap \
php${PHP_VERSION}-zip \
php${PHP_VERSION}-bcmath \
&& sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/${PHP_VERSION}/fpm/php.ini \
&& service php/${PHP_VERSION}-fpm restart
echo "# Install php done!"
fi
# ---------------------------------------------
# 3.WordPressインストール
# ---------------------------------------------
read -p "## Do you want to install WordPress? (y/n) [y]: " -e -i "y" wpResponseinput
if [ "$wpResponseinput" == "y" ] || [ "$wpResponseinput" == "Y" ]; then
echo "# install WordPress process..."
wget ${WORDPRESS_DL_URL}
tar -xvzf latest-ja.tar.gz
sudo mkdir -p /var/www
sudo mv wordpress /var/www/
sudo chown -R www-data:www-data ${DOCUMENT_ROOT}
sudo chmod -R 755 ${DOCUMENT_ROOT}
sudo mv ${DOCUMENT_ROOT}/wp-config-sample.php ${WP_CONFIG_PATH}
sudo rm -rf latest-ja.tar.gz
echo "# Setting WordPress process..."
sudo sed -i "s/define( 'DB_NAME', 'database_name_here' );/define( 'DB_NAME', '${DATABASE}' );/g" ${WP_CONFIG_PATH}
sudo sed -i "s/define( 'DB_USER', 'username_here' );/define( 'DB_USER', '${DB_USER}' );/g" ${WP_CONFIG_PATH}
sudo sed -i "s/define( 'DB_PASSWORD', 'password_here' );/define( 'DB_PASSWORD', '${DB_PASSWORD}' );/g" ${WP_CONFIG_PATH}
sudo sed -i "s/define( 'DB_HOST', 'localhost' );/define( 'DB_HOST', '${DB_HOST}' );/g" ${WP_CONFIG_PATH}
tmp=$(mktemp)
curl -k -s "${WP_CONFIG_URL}" |
awk -F"'" -v OFS="'" '
NR == FNR {
map[$2] = $4
next
}
/^define\(/ && ($2 in map) {
$4 = map[$2]
}
{ print }
' - "${WP_CONFIG_PATH}" > "$tmp" &&
sudo mv -- "$tmp" "${WP_CONFIG_PATH}"
sudo chown -R ${WEB_USER}:${WEB_USER} ${DOCUMENT_ROOT}
#
# Basic認証
#
sudo mkdir -p ${HTPASSWORD_PATH}
sudo apt-get -y update
sudo apt-get -y install apache2-utils
if [ ! -e "${HTPASSWORD_PATH}/.htpasswd" ]; then
sudo touch "${HTPASSWORD_PATH}/.htpasswd"
fi
sudo htpasswd -b "${HTPASSWORD_PATH}/.htpasswd" "${BASIC_AUTH_USER}" "${BASIC_AUTH_PASSWORD}"
echo "# Install WordPress done!"
fi
# ---------------------------------------------
# 4.MariaDBインストール
# ---------------------------------------------
read -p "## Do you want to install MariaDB? (y/n) [y]: " -e -i "y" MariaDBResponseinput
if [ "$MariaDBResponseinput" == "y" ] || [ "$MariaDBResponseinput" == "Y" ]; then
read -p "## Do you want to Setting localDataBase? (y/n) [y]: " -e -i "y" localDBResponseinput
if [ "$localDBResponseinput" == "y" ] || [ "$localDBResponseinput" == "Y" ]; then
echo "# please password input ${DB_PASSWORD} "
sudo apt-get -y install apt-transport-https curl
sudo mkdir -p /etc/apt/keyrings
sudo curl -o /etc/apt/keyrings/mariadb-keyring.pgp 'https://mariadb.org/mariadb_release_signing_key.pgp'
sudo apt-get -y update
sudo apt-get -y install mariadb-server
sudo mysql -u root -p'${DB_INITIAL_PASSWORD}' -h localhost<<_EOF_
ALTER USER root@localhost IDENTIFIED BY '${DB_ROOT_PASSWORD}';
DELETE FROM mysql.user WHERE User='';
DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
DROP DATABASE IF EXISTS test;
FLUSH PRIVILEGES;
_EOF_
#
# データベース作成
#
sudo mysql -u root -p"${DB_ROOT_PASSWORD}" -h "${DB_HOST}"<<_EOF_
CREATE DATABASE ${DATABASE};
create user '${DB_USER}'@'${DB_HOST}' identified by '${DB_PASSWORD}';
grant all privileges on wordpress.* to '${DB_USER}'@'${DB_HOST}';
FLUSH PRIVILEGES;
_EOF_
else
#
# ローカルデータベース以外にインストールする場合
#
sudo apt install -y mariadb-client
#
# データベース作成
#
echo "please input password:${DB_ROOT_PASSWORD}"
sudo mysql -u root -h ${DB_HOST} -p<<_EOF_
CREATE DATABASE ${DATABASE};
create user '${DB_USER}'@'%' identified by '${DB_PASSWORD}';
grant all privileges on wordpress.* to '${DB_USER}'@'%';
FLUSH PRIVILEGES;
_EOF_
fi
fi
# ---------------------------------------------
# 5.SSL設定 Let'sEncrypt使用しない場合はn
# ---------------------------------------------
read -p "## Do you want to install Let's Encrypt? (y/n) [y]: " -e -i "y" sslResponseinput
if [ "$sslResponseinput" == "y" ] || [ "$sslResponseinput" == "Y" ]; then
echo "# install Let's Encrypt process..."
sudo mkdir ${DOCUMENT_ROOT}/.well-known
cat <<_EOF_ | sudo tee /etc/nginx/conf.d/local.conf
server {
listen 80;
server_name ${SERVER_NAME};
index index.html index.htm index.php;
root ${DOCUMENT_ROOT};
location ^~ /.well-known/acme-challenge/ {
allow all;
root ${DOCUMENT_ROOT};
default_type "text/plain";
try_files \$uri =404;
}
}
_EOF_
sudo systemctl stop nginx
sudo systemctl start nginx
sudo apt -y install certbot
sudo certbot certonly --webroot -w ${DOCUMENT_ROOT} -d ${SERVER_NAME} --agree-tos --email ${ADMIN_MAIL} --non-interactive
#
# config準備
#
cat <<_EOF_ | sudo tee /etc/nginx/conf.d/local.conf
upstream phpfpm{
server unix:/var/run/php/php${PHP_VERSION}-fpm.sock;
}
server {
listen 80;
listen [::]:80;
server_name "${SERVER_NAME}";
if (\$http_x_forwarded_proto != https) {
return 301 https://\$host\$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
root ${DOCUMENT_ROOT};
ssl on;
if (\$host != "${SERVER_NAME}"){
return 444;
}
server_name "${SERVER_NAME}";
index index.html index.htm index.php;
client_max_body_size 1024M;
ssl_stapling on;
ssl_stapling_verify on;
ssl_certificate /etc/letsencrypt/live/${SERVER_NAME}/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/${SERVER_NAME}/privkey.pem; # managed by Certbot
#include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
try_files \$uri \$uri/ @wordpress;
}
location ~* /wp-config.php {
deny all;
}
location ~ \.php$ {
try_files \$uri \$uri @wordpress;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass phpfpm;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
}
location @wordpress {
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass phpfpm;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME \$document_root/index.php;
}
location ~* /wp-admin/((?!admin-ajax\.php).)*$ {
auth_basic "Basic Auth";
auth_basic_user_file /etc/nginx/basic/.htpasswd;
}
}
_EOF_
sudo rm -Rf ${DOCUMENT_ROOT}/.well-known
echo "# Install Let'sEncrypt done!"
fi
# ---------------------------------------------
# 自己証明書使用時
# ---------------------------------------------
read -p "## Do you want to use self cert? (y/n) [y]: " -e -i "n" selfcertResponseinput
if [ "$selfcertResponseinput" == "y" ] || [ "$selfcertResponseinput" == "Y" ]; then
echo "# install setting self cert process..."
sudo mkdir /etc/nginx/ssl
sudo openssl genrsa -out /etc/nginx/ssl/server.key 2048
sudo openssl req -new -key /etc/nginx/ssl/server.key -out /etc/nginx/ssl/server.csr
sudo openssl x509 -days 3650 -req -signkey /etc/nginx/ssl/server.key -in /etc/nginx/ssl/server.csr -out /etc/nginx/ssl/server.crt
#
# config準備
#
cat <<_EOF_ | sudo tee /etc/nginx/conf.d/local.conf
upstream phpfpm{
server unix:/var/run/php/php${PHP_VERSION}-fpm.sock;
}
server {
listen 80;
listen [::]:80;
server_name "${SERVER_NAME}";
if (\$http_x_forwarded_proto != https) {
return 301 https://\$host\$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
root ${DOCUMENT_ROOT};
ssl on;
if (\$host != "${SERVER_NAME}"){
return 444;
}
server_name "${SERVER_NAME}";
index index.html index.htm index.php;
client_max_body_size 1024M;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
location / {
try_files \$uri \$uri/ @wordpress;
}
location ~* /wp-config.php {
deny all;
}
location ~ \.php$ {
try_files \$uri \$uri @wordpress;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass phpfpm;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
}
location @wordpress {
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass phpfpm;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME \$document_root/index.php;
}
location ~* /wp-admin/((?!admin-ajax\.php).)*$ {
auth_basic "Basic Auth";
auth_basic_user_file /etc/nginx/basic/.htpasswd;
}
}
_EOF_
fi
#
# nginx再起動
#
sudo service nginx restart
echo "### WordPress Setting Done!"
他に需要あるやつとかもあるんだろうけど、ChatGPTとか駆使しても単独で解決できないほどヨワヨワなので、ここまでが限界。そして貧しいので、この程度のスキルでもなんとかなるよとかいう奇特な方いらっしゃったら副業のお仕事とかいただけると幸いです。
コメント