setup-vhost.sh

#!/bin/bash
set -euo pipefail
IFS=$'\n\t'

function check_root() {
	if [ ! "$(whoami)" = "root" ]
	then
		echo "Root privilege required to run this script. Rerun as root."
		exit 1
	fi
}
check_root

if [ -z "$1" ] || [ -z "$2" ]
then
	echo "Usage: setup-vhost <username> <hostname>"
	exit
fi


function set_available_php_version_from_runtime {
	# 1. Get first line of version text ("PHP 8.2.7 (cli) (built: Jun  9 2023 19:37:27) (NTS)")
	# 2. Get the full version number ("8.2.7")
	# 3. Strip everything after the second dot
	PHP_VERSION=$(php --version | head -n 1 | cut -d ' ' -f 2 | cut -d '.' -f 1,2)
	#PHP_VERSION="8.2"
}
set_available_php_version_from_runtime


set +e # disable exit on error (in case user/folder already exists)
adduser "$1"
mkdir "/home/$1/www/"
set -e # reenable exit on error

chown -R "$1":"$1" "/home/$1/www/"


# User default values and override with user specifics
grep "^[^;]" /etc/php/${PHP_VERSION}/fpm/pool.d/www.conf | \
	sed	-e "s/^\[www\]/\[$1\]/g" \
		-e "s/^user = www-data/user = $1/g" \
		-e "s/^group = www-data/group = $1/g" \
		-e "s/\/var\/www/\/home\/$1\/www/g" \
		-e "s/php${PHP_VERSION}-fpm.sock/php${PHP_VERSION}-fpm-$1.sock/g" \
		-e "/^php_admin_value.*/d" > "/etc/php/${PHP_VERSION}/fpm/pool.d/$1.conf"

# Add non-default stuff
cat >> "/etc/php/${PHP_VERSION}/fpm/pool.d/$1.conf" <<END
;request_terminate_timeout = 180s
;rlimit_files = 131072
;rlimit_core = unlimited
END

# certbot
echo "Fetching letsencrypt.org certificate for $2"
certbot certonly --rsa-key-size 4096 --nginx -d "$2"

# nginx config
cat > "/etc/nginx/sites-available/$2.conf" <<END
server{
	server_name $2;
	server_tokens off; # We've set this in /etc/nginx/nginx.conf already
	listen 80;
	listen [::]:80;

	# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
	return 301 https://\$host\$request_uri;
}

server {
	server_name $2;
	server_tokens off; # We've set this in /etc/nginx/nginx.conf already
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	charset utf-8;

	root /home/$1/www/;
	include snippets/headers_defaults;
	include snippets/php_defaults;

	location ~ \.php\$ {
		# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
		include fastcgi_params;
		fastcgi_intercept_errors on;
		fastcgi_index index.php;
		fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
		try_files \$uri =404;
		fastcgi_pass unix:/run/php/php${PHP_VERSION}-fpm-$1.sock;
		error_page 404 /404page.html;
	}

	# TLS config
	# Certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
	ssl_certificate         /etc/letsencrypt/live/$2/fullchain.pem;
	ssl_certificate_key     /etc/letsencrypt/live/$2/privkey.pem;
	ssl_trusted_certificate /etc/letsencrypt/live/$2/chain.pem;

	include snippets/tls_defaults;

	access_log /var/log/nginx/$2-access.log;
	error_log  /var/log/nginx/$2-error.log;
}
END

ln -s "/etc/nginx/sites-available/$2.conf" "/etc/nginx/sites-enabled/$2.conf"


service nginx reload
service php${PHP_VERSION}-fpm reload


echo "Virtual Host Created. Upload Files to /home/$1/www"
echo -n "Create MySQL database for user? [y/N]:"
read mysql_db_create
if [[ "$mysql_db_create" == "y" || "$mysql_db_create" == "Y" ]]
then
	echo -n "MySQL root password: "
	read mysql_root_password
	echo -n "MySQL username: "
	read mysql_user
	echo -n "Password: "
	read mysql_password
	echo -n "MySQL database name: "
	read mysql_db_name
	mysql -u root -p"$mysql_root_password" mysql -e "CREATE DATABASE $mysql_db_name; GRANT ALL ON  $mysql_db_name.* TO $mysql_user@localhost IDENTIFIED BY '$mysql_password';FLUSH PRIVILEGES;"
	echo "Database Created."
	echo -n "Import SQL file to this database? [y/N]:"
	read mysql_import_sql
	if [[ "$mysql_import_sql" == "y" || "$mysql_import_sql" == "Y" ]]
	then
		echo -n "SQL file (absolute path)?:"
		read mysql_import_location
		mysql -u root -p "$mysql_root_password" "$mysql_db_name" < "$mysql_import_location";
	fi
fi