DEV Community: M. K. Tanjin Sarker The latest articles on DEV Community by M. K. Tanjin Sarker (@tanjinsarker). https://dev.to/tanjinsarker https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1091067%2F048185dd-1ab1-4b09-be15-12baa575dcc2.jpeg DEV Community: M. K. Tanjin Sarker https://dev.to/tanjinsarker en Laravel Permission Hardening Script M. K. Tanjin Sarker Wed, 11 Mar 2026 10:24:30 +0000 https://dev.to/tanjinsarker/laravel-permission-hardening-script-g0l https://dev.to/tanjinsarker/laravel-permission-hardening-script-g0l <h2> Laravel File Permission Hardening for Multi-Developer Production Server </h2> <p>When multiple developers work on the same Laravel project on a production server, improper file permissions can cause several issues:</p> <ul> <li>Git permission errors</li> <li>Laravel 419 Page Expired errors</li> <li>Storage write failures</li> <li>Cache permission issues</li> <li>Security risks from overly permissive access</li> </ul> <p>This guide shows a <strong>safe and production-ready Laravel permission hardening setup</strong> using a Bash script.</p> <h2> Project Structure </h2> <p>Example Laravel project path:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>/var/www/html/laravel_application </code></pre> </div> <p>Developers:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>tanjin rasel </code></pre> </div> <p>Developer group:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>webdev </code></pre> </div> <p>Web server runtime user:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>www-data </code></pre> </div> <h2> Permission Strategy </h2> <p>We will follow these security rules:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Component</th> <th>Owner</th> <th>Permission</th> </tr> </thead> <tbody> <tr> <td>Project directory</td> <td>tanjin:webdev</td> <td>2775</td> </tr> <tr> <td>Application files</td> <td>tanjin:webdev</td> <td>664</td> </tr> <tr> <td>Directories</td> <td>tanjin:webdev</td> <td>2775</td> </tr> <tr> <td>storage</td> <td>www-data:webdev</td> <td>775</td> </tr> <tr> <td>bootstrap/cache</td> <td>www-data:webdev</td> <td>775</td> </tr> <tr> <td>.env</td> <td>tanjin:webdev</td> <td>640</td> </tr> <tr> <td>public</td> <td>tanjin:webdev</td> <td>755</td> </tr> </tbody> </table></div> <p>This setup ensures:</p> <ul> <li>Developers can modify project files</li> <li>Laravel runtime can write to storage and cache</li> <li>Sensitive environment variables remain protected</li> </ul> <h2> Why Use <code>2775</code> Permissions? </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>2775 </code></pre> </div> <p>Breakdown:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Value</th> <th>Meaning</th> </tr> </thead> <tbody> <tr> <td>2</td> <td>setgid (new files inherit group)</td> </tr> <tr> <td>7</td> <td>owner rwx</td> </tr> <tr> <td>7</td> <td>group rwx</td> </tr> <tr> <td>5</td> <td>others r-x</td> </tr> </tbody> </table></div> <p>Result:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>drwxrwsr-x </code></pre> </div> <p>This ensures all new files inherit the <strong>webdev group</strong>, enabling safe multi-developer collaboration.</p> <h2> Laravel Permission Hardening Script </h2> <p>Below is the complete Bash script to configure Laravel permissions safely.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="nv">PROJECT</span><span class="o">=</span>/var/www/html/laravel_application <span class="nv">MAINUSER</span><span class="o">=</span>tanjin <span class="nv">GROUP</span><span class="o">=</span>webdev <span class="nv">OTHERSUSER</span><span class="o">=</span><span class="s2">"rasel"</span> <span class="c"># create group if not exists</span> <span class="nb">sudo </span>groupadd <span class="nt">-f</span> <span class="nv">$GROUP</span> <span class="c"># add other developers to group</span> <span class="k">for </span>USER <span class="k">in</span> <span class="nv">$OTHERSUSER</span> <span class="k">do </span><span class="nb">sudo </span>usermod <span class="nt">-aG</span> <span class="nv">$GROUP</span> <span class="nv">$USER</span> <span class="k">done</span> <span class="c"># set project ownership</span> <span class="nb">sudo chown</span> <span class="nt">-R</span> <span class="nv">$MAINUSER</span>:<span class="nv">$GROUP</span> <span class="nv">$PROJECT</span> <span class="c"># directory permissions</span> <span class="nb">sudo </span>find <span class="nv">$PROJECT</span> <span class="nt">-type</span> d <span class="nt">-exec</span> <span class="nb">chmod </span>2775 <span class="o">{}</span> <span class="se">\;</span> <span class="c"># file permissions</span> <span class="nb">sudo </span>find <span class="nv">$PROJECT</span> <span class="nt">-type</span> f <span class="nt">-exec</span> <span class="nb">chmod </span>664 <span class="o">{}</span> <span class="se">\;</span> <span class="c"># laravel writable directories</span> <span class="nb">sudo chown</span> <span class="nt">-R</span> www-data:<span class="nv">$GROUP</span> <span class="nv">$PROJECT</span>/storage <span class="nb">sudo chown</span> <span class="nt">-R</span> www-data:<span class="nv">$GROUP</span> <span class="nv">$PROJECT</span>/bootstrap/cache <span class="nb">sudo chmod</span> <span class="nt">-R</span> 775 <span class="nv">$PROJECT</span>/storage <span class="nb">sudo chmod</span> <span class="nt">-R</span> 775 <span class="nv">$PROJECT</span>/bootstrap/cache <span class="c"># protect env file</span> <span class="nb">sudo chown</span> <span class="nv">$MAINUSER</span>:<span class="nv">$GROUP</span> <span class="nv">$PROJECT</span>/.env <span class="nb">sudo chmod </span>640 <span class="nv">$PROJECT</span>/.env <span class="c"># secure public directory</span> <span class="nb">sudo chmod</span> <span class="nt">-R</span> 755 <span class="nv">$PROJECT</span>/public <span class="nb">echo</span> <span class="s2">"Laravel permission hardening completed."</span> </code></pre> </div> <h2> How to Use the Script </h2> <p>Create the script file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>nano laravel_permission_fix.sh </code></pre> </div> <p>Paste the script and save.</p> <p>Make it executable:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">chmod</span> +x laravel_permission_fix.sh </code></pre> </div> <p>Run it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>./laravel_permission_fix.sh </code></pre> </div> <h2> Important Git Rule </h2> <p>Never run Git commands with <code>sudo</code>.</p> <p>Incorrect:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>git pull </code></pre> </div> <p>Correct:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git pull </code></pre> </div> <p>Running Git with sudo can cause <strong>repository ownership issues</strong>.</p> <h2> Laravel Writable Directories </h2> <p>Laravel requires write access to:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>storage bootstrap/cache </code></pre> </div> <p>Without proper permissions, you may encounter:</p> <ul> <li>419 Page Expired errors</li> <li>Failed cache writes</li> <li>Session storage errors</li> </ul> <p>The script configures these directories for <strong>www-data runtime access</strong>.</p> <h2> Security Notes </h2> <ul> <li>Never commit <code>.env</code> to Git</li> <li>Always protect <code>.env</code> with restricted permissions</li> <li>Use group-based developer access instead of giving full ownership</li> <li>Avoid <code>777</code> permissions on any Laravel directory</li> </ul> <h2> Final Recommended Structure </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>/var/www/html/laravel_application │ ├── app ├── bootstrap │ └── cache (www-data:webdev) │ ├── config ├── database ├── public (755) │ ├── resources ├── routes ├── storage (www-data:webdev) │ ├── vendor ├── artisan ├── composer.json └── .env (640) </code></pre> </div> <h2> Result </h2> <p>After running the script:</p> <ul> <li>Multiple developers can safely work on the project</li> <li>Laravel runtime can write to storage and cache</li> <li>Sensitive configuration files remain protected</li> <li>Git permission errors are avoided</li> </ul> <h2> Conclusion </h2> <p>Correct Laravel file permissions are essential for both <strong>security and stability</strong> in production environments.</p> <p>Using a <strong>group-based permission model with proper directory ownership</strong> ensures:</p> <ul> <li>secure collaboration</li> <li>predictable deployments</li> <li>fewer runtime errors</li> </ul> <p>If you found this guide useful, feel free to adapt the script to your own Laravel infrastructure.</p> laravel permissions linux devops Ubuntu 24.04 Setup Script: Nginx/Apache, PHP-FPM, MySQL/MariaDB, Docker, UFW M. K. Tanjin Sarker Wed, 21 Jan 2026 08:25:16 +0000 https://dev.to/tanjinsarker/ubuntu-2404-full-setup-lamp-stack-docker-docker-compose-one-script-2m56 https://dev.to/tanjinsarker/ubuntu-2404-full-setup-lamp-stack-docker-docker-compose-one-script-2m56 <h2> ✅ Ubuntu 24.04 Full Server Setup Script (Apache/Nginx + PHP-FPM Multi Version + MySQL/MariaDB + Docker + UFW + OpenSSH + Git + Composer) </h2> <p>This post shares an <strong>All-in-One Bash Script</strong> to quickly set up a production-ready environment on <strong>Ubuntu 24.04</strong>.</p> <p>✅ <strong>Web Server:</strong> Apache2 <strong>or</strong> Nginx (choose one)<br><br> ✅ <strong>Database:</strong> MySQL <strong>or</strong> MariaDB (choose one)<br><br> ✅ <strong>PHP-FPM:</strong> Default PHP + Multi PHP (7.4–8.3 optional)<br><br> ✅ <strong>Apache (conf-available):</strong> Creates all PHP version <code>.conf</code> files automatically, but enables only the <code>DEFAULT_PHP_VERSION</code><br><br> ✅ <strong>Docker + Docker Compose (Official Repo)</strong><br><br> ✅ <strong>UFW Firewall (Optional)</strong><br><br> ✅ <strong>OpenSSH Server (Optional)</strong><br><br> ✅ <strong>Git (Optional)</strong><br><br> ✅ <strong>Composer (Optional)</strong> </p> <h2> ✅ Features </h2> <h3> ✅ Web Server (Choose One) </h3> <ul> <li><code>INSTALL_APACHE2="yes/no"</code></li> <li><code>INSTALL_NGINX="yes/no"</code></li> </ul> <blockquote> <p>⚠️ If both are <code>yes</code>, the script will stop (port 80/443 conflict).</p> </blockquote> <h3> ✅ Database (Choose One) </h3> <ul> <li><code>INSTALL_MYSQL="yes/no"</code></li> <li><code>INSTALL_MARIADB="yes/no"</code></li> </ul> <blockquote> <p>⚠️ If both are <code>yes</code>, the script will stop to avoid conflicts.</p> </blockquote> <h3> ✅ OpenSSH (Optional) </h3> <ul> <li><code>INSTALL_OPENSSH="yes/no"</code></li> </ul> <p>Installs and enables <code>openssh-server</code> (useful for fresh VPS setups).</p> <h3> ✅ Git (Optional) </h3> <ul> <li><code>INSTALL_GIT="yes/no"</code></li> </ul> <p>Installs <code>git</code>.</p> <h3> ✅ Composer (Optional) </h3> <ul> <li><code>INSTALL_COMPOSER="yes/no"</code></li> </ul> <p>Installs Composer globally as <code>/usr/local/bin/composer</code>.</p> <blockquote> <p>✅ Composer requires PHP CLI to be available.<br><br> If you disable both Apache and Nginx, PHP might not be installed and Composer installation will be skipped.</p> </blockquote> <h3> ✅ PHP-FPM Multi-Version Support </h3> <ul> <li><code>DEFAULT_PHP_VERSION="8.4"</code></li> <li><code>ENABLE_MULTI_PHP_FPM="yes/no"</code></li> </ul> <p>✅ For <strong>Apache</strong>, the script auto-creates configs inside:</p> <ul> <li><code>/etc/apache2/conf-available/php7.4-fpm.conf</code></li> <li><code>/etc/apache2/conf-available/php8.0-fpm.conf</code></li> <li><code>/etc/apache2/conf-available/php8.1-fpm.conf</code></li> <li><code>/etc/apache2/conf-available/php8.2-fpm.conf</code></li> <li><code>/etc/apache2/conf-available/php8.3-fpm.conf</code></li> <li><code>/etc/apache2/conf-available/php8.4-fpm.conf</code></li> </ul> <p>✅ But enables only:</p> <ul> <li> <code>a2enconf php8.4-fpm</code> (or your selected default)</li> </ul> <h2> ✅ Recommended Default Setup (Example) </h2> <h3> ✅ Nginx + MariaDB + Docker + OpenSSH + Git + Composer </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">INSTALL_APACHE2</span><span class="o">=</span><span class="s2">"yes"</span> <span class="nv">INSTALL_NGINX</span><span class="o">=</span><span class="s2">"no"</span> <span class="nv">INSTALL_MYSQL</span><span class="o">=</span><span class="s2">"yes"</span> <span class="nv">INSTALL_MARIADB</span><span class="o">=</span><span class="s2">"no"</span> <span class="nv">INSTALL_DOCKER</span><span class="o">=</span><span class="s2">"yes"</span> <span class="nv">INSTALL_OPENSSH</span><span class="o">=</span><span class="s2">"yes"</span> <span class="nv">INSTALL_GIT</span><span class="o">=</span><span class="s2">"yes"</span> <span class="nv">INSTALL_COMPOSER</span><span class="o">=</span><span class="s2">"yes"</span> <span class="nv">ENABLE_UFW</span><span class="o">=</span><span class="s2">"yes"</span> </code></pre> </div> <h2> ⚠️ Security Note (Important) </h2> <p>This script creates <code>/var/www/html/info.php</code> for testing <code>phpinfo()</code>.</p> <p>✅ After testing, delete it immediately:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo rm</span> /var/www/html/info.php </code></pre> </div> <h2> ✅ The Full Script (Copy &amp; Run) </h2> <p>✅ Save as: <code>full_setup_ubuntu24.sh</code><br><br> ✅ Run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>bash full_setup_ubuntu24.sh </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="nb">set</span> <span class="nt">-euo</span> pipefail <span class="c"># -----------------------------</span> <span class="c"># CONFIG (EDIT THESE)</span> <span class="c"># -----------------------------</span> <span class="nv">DEFAULT_PHP_VERSION</span><span class="o">=</span><span class="s2">"8.4"</span> <span class="c"># Default PHP-FPM version for Web Server</span> <span class="nv">MYSQL_ROOT_PASSWORD</span><span class="o">=</span><span class="s2">"12345"</span> <span class="c"># Change this</span> <span class="nv">ENABLE_MULTI_PHP_FPM</span><span class="o">=</span><span class="s2">"yes"</span> <span class="c"># yes/no (install &amp; enable multiple FPM versions)</span> <span class="nv">INSTALL_PHPMYADMIN</span><span class="o">=</span><span class="s2">"no"</span> <span class="c"># yes/no</span> <span class="nv">ENABLE_UFW</span><span class="o">=</span><span class="s2">"yes"</span> <span class="c"># yes/no</span> <span class="nv">INSTALL_OPENSSH</span><span class="o">=</span><span class="s2">"yes"</span> <span class="c"># yes/no</span> <span class="nv">INSTALL_GIT</span><span class="o">=</span><span class="s2">"yes"</span> <span class="c"># yes/no</span> <span class="nv">INSTALL_COMPOSER</span><span class="o">=</span><span class="s2">"yes"</span> <span class="c"># yes/no</span> <span class="nv">INSTALL_APACHE2</span><span class="o">=</span><span class="s2">"yes"</span> <span class="c"># yes/no</span> <span class="nv">INSTALL_NGINX</span><span class="o">=</span><span class="s2">"no"</span> <span class="c"># yes/no</span> <span class="nv">INSTALL_MYSQL</span><span class="o">=</span><span class="s2">"yes"</span> <span class="c"># yes/no</span> <span class="nv">INSTALL_MARIADB</span><span class="o">=</span><span class="s2">"no"</span> <span class="c"># yes/no</span> <span class="nv">INSTALL_DOCKER</span><span class="o">=</span><span class="s2">"yes"</span> <span class="c"># yes/no</span> <span class="c"># -----------------------------</span> <span class="nb">echo</span> <span class="s2">"==========================================="</span> <span class="nb">echo</span> <span class="s2">" Ubuntu 24.04 Full Setup Script"</span> <span class="nb">echo</span> <span class="s2">" OpenSSH Install: </span><span class="k">${</span><span class="nv">INSTALL_OPENSSH</span><span class="k">}</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">" Git Install: </span><span class="k">${</span><span class="nv">INSTALL_GIT</span><span class="k">}</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">" Composer Install:</span><span class="k">${</span><span class="nv">INSTALL_COMPOSER</span><span class="k">}</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">" Apache Install: </span><span class="k">${</span><span class="nv">INSTALL_APACHE2</span><span class="k">}</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">" Nginx Install: </span><span class="k">${</span><span class="nv">INSTALL_NGINX</span><span class="k">}</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">" MySQL Install: </span><span class="k">${</span><span class="nv">INSTALL_MYSQL</span><span class="k">}</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">" MariaDB Install: </span><span class="k">${</span><span class="nv">INSTALL_MARIADB</span><span class="k">}</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">" Docker Install: </span><span class="k">${</span><span class="nv">INSTALL_DOCKER</span><span class="k">}</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">" Default PHP: PHP </span><span class="k">${</span><span class="nv">DEFAULT_PHP_VERSION</span><span class="k">}</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">"==========================================="</span> <span class="c"># Check root</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="nv">$EUID</span><span class="s2">"</span> <span class="nt">-ne</span> 0 <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"❌ Please run as root: sudo bash full_setup_ubuntu24.sh"</span> <span class="nb">exit </span>1 <span class="k">fi</span> <span class="c"># Conflict checks</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="k">${</span><span class="nv">INSTALL_MYSQL</span><span class="k">}</span><span class="s2">"</span> <span class="o">=</span> <span class="s2">"yes"</span> <span class="o">]</span> <span class="o">&amp;&amp;</span> <span class="o">[</span> <span class="s2">"</span><span class="k">${</span><span class="nv">INSTALL_MARIADB</span><span class="k">}</span><span class="s2">"</span> <span class="o">=</span> <span class="s2">"yes"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"❌ ERROR: You cannot install both MySQL and MariaDB together."</span> <span class="nb">echo</span> <span class="s2">" Set either INSTALL_MYSQL=yes OR INSTALL_MARIADB=yes"</span> <span class="nb">exit </span>1 <span class="k">fi if</span> <span class="o">[</span> <span class="s2">"</span><span class="k">${</span><span class="nv">INSTALL_APACHE2</span><span class="k">}</span><span class="s2">"</span> <span class="o">=</span> <span class="s2">"yes"</span> <span class="o">]</span> <span class="o">&amp;&amp;</span> <span class="o">[</span> <span class="s2">"</span><span class="k">${</span><span class="nv">INSTALL_NGINX</span><span class="k">}</span><span class="s2">"</span> <span class="o">=</span> <span class="s2">"yes"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"❌ ERROR: You cannot enable both Apache and Nginx together (port 80/443 conflict)."</span> <span class="nb">echo</span> <span class="s2">" Set either INSTALL_APACHE2=yes OR INSTALL_NGINX=yes"</span> <span class="nb">exit </span>1 <span class="k">fi </span><span class="nb">echo</span> <span class="s2">"✅ Updating system..."</span> apt update <span class="o">&amp;&amp;</span> apt upgrade <span class="nt">-y</span> <span class="nb">echo</span> <span class="s2">"✅ Installing basic tools..."</span> apt <span class="nb">install</span> <span class="nt">-y</span> software-properties-common curl ca-certificates gnupg lsb-release unzip <span class="c"># -----------------------------</span> <span class="c"># OpenSSH Install (Optional)</span> <span class="c"># -----------------------------</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="k">${</span><span class="nv">INSTALL_OPENSSH</span><span class="k">}</span><span class="s2">"</span> <span class="o">=</span> <span class="s2">"yes"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"✅ Installing OpenSSH Server..."</span> apt <span class="nb">install</span> <span class="nt">-y</span> openssh-server systemctl <span class="nb">enable</span> <span class="nt">--now</span> ssh <span class="k">else </span><span class="nb">echo</span> <span class="s2">"⏭️ Skipping OpenSSH installation..."</span> <span class="k">fi</span> <span class="c"># -----------------------------</span> <span class="c"># Git Install (Optional)</span> <span class="c"># -----------------------------</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="k">${</span><span class="nv">INSTALL_GIT</span><span class="k">}</span><span class="s2">"</span> <span class="o">=</span> <span class="s2">"yes"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"✅ Installing Git..."</span> apt <span class="nb">install</span> <span class="nt">-y</span> git <span class="k">else </span><span class="nb">echo</span> <span class="s2">"⏭️ Skipping Git installation..."</span> <span class="k">fi</span> <span class="c"># -----------------------------</span> <span class="c"># Apache2 Install (Optional)</span> <span class="c"># -----------------------------</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="k">${</span><span class="nv">INSTALL_APACHE2</span><span class="k">}</span><span class="s2">"</span> <span class="o">=</span> <span class="s2">"yes"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"✅ Installing Apache2..."</span> apt <span class="nb">install</span> <span class="nt">-y</span> apache2 systemctl <span class="nb">enable</span> <span class="nt">--now</span> apache2 <span class="nb">echo</span> <span class="s2">"✅ Enabling Apache modules for PHP-FPM..."</span> apt <span class="nb">install</span> <span class="nt">-y</span> libapache2-mod-fcgid a2enmod proxy_fcgi setenvif systemctl restart apache2 <span class="k">else </span><span class="nb">echo</span> <span class="s2">"⏭️ Skipping Apache2 installation..."</span> <span class="k">fi</span> <span class="c"># -----------------------------</span> <span class="c"># Nginx Install (Optional)</span> <span class="c"># -----------------------------</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="k">${</span><span class="nv">INSTALL_NGINX</span><span class="k">}</span><span class="s2">"</span> <span class="o">=</span> <span class="s2">"yes"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"✅ Installing Nginx..."</span> apt <span class="nb">install</span> <span class="nt">-y</span> nginx systemctl <span class="nb">enable</span> <span class="nt">--now</span> nginx <span class="k">else </span><span class="nb">echo</span> <span class="s2">"⏭️ Skipping Nginx installation..."</span> <span class="k">fi</span> <span class="c"># -----------------------------</span> <span class="c"># MySQL Install (Optional)</span> <span class="c"># -----------------------------</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="k">${</span><span class="nv">INSTALL_MYSQL</span><span class="k">}</span><span class="s2">"</span> <span class="o">=</span> <span class="s2">"yes"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"✅ Installing MySQL Server..."</span> apt <span class="nb">install</span> <span class="nt">-y</span> mysql-server systemctl <span class="nb">enable</span> <span class="nt">--now</span> mysql <span class="nb">echo</span> <span class="s2">"✅ Setting MySQL root password + mysql_native_password..."</span> mysql <span class="nt">-u</span> root <span class="o">&lt;&lt;</span><span class="no">MYSQL_SCRIPT</span><span class="sh"> ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '</span><span class="k">${</span><span class="nv">MYSQL_ROOT_PASSWORD</span><span class="k">}</span><span class="sh">'; FLUSH PRIVILEGES; </span><span class="no">MYSQL_SCRIPT </span> <span class="nb">echo</span> <span class="s2">"✅ Testing MySQL root login..."</span> mysql <span class="nt">-u</span> root <span class="nt">-p</span><span class="s2">"</span><span class="k">${</span><span class="nv">MYSQL_ROOT_PASSWORD</span><span class="k">}</span><span class="s2">"</span> <span class="nt">-e</span> <span class="s2">"SELECT 1;"</span> <span class="o">&gt;</span>/dev/null <span class="k">else </span><span class="nb">echo</span> <span class="s2">"⏭️ Skipping MySQL installation..."</span> <span class="k">fi</span> <span class="c"># -----------------------------</span> <span class="c"># MariaDB Install (Optional)</span> <span class="c"># -----------------------------</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="k">${</span><span class="nv">INSTALL_MARIADB</span><span class="k">}</span><span class="s2">"</span> <span class="o">=</span> <span class="s2">"yes"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"✅ Installing MariaDB Server..."</span> apt <span class="nb">install</span> <span class="nt">-y</span> mariadb-server systemctl <span class="nb">enable</span> <span class="nt">--now</span> mariadb <span class="nb">echo</span> <span class="s2">"✅ Setting MariaDB root password..."</span> mariadb <span class="nt">-u</span> root <span class="o">&lt;&lt;</span><span class="no">MARIADB_SCRIPT</span><span class="sh"> ALTER USER 'root'@'localhost' IDENTIFIED BY '</span><span class="k">${</span><span class="nv">MYSQL_ROOT_PASSWORD</span><span class="k">}</span><span class="sh">'; FLUSH PRIVILEGES; </span><span class="no">MARIADB_SCRIPT </span> <span class="nb">echo</span> <span class="s2">"✅ Testing MariaDB root login..."</span> mariadb <span class="nt">-u</span> root <span class="nt">-p</span><span class="s2">"</span><span class="k">${</span><span class="nv">MYSQL_ROOT_PASSWORD</span><span class="k">}</span><span class="s2">"</span> <span class="nt">-e</span> <span class="s2">"SELECT 1;"</span> <span class="o">&gt;</span>/dev/null <span class="k">else </span><span class="nb">echo</span> <span class="s2">"⏭️ Skipping MariaDB installation..."</span> <span class="k">fi</span> <span class="c"># -----------------------------</span> <span class="c"># PHP Install (Ondrej PPA)</span> <span class="c"># Only if Apache or Nginx is installed</span> <span class="c"># -----------------------------</span> <span class="nv">PHP_INSTALLED</span><span class="o">=</span><span class="s2">"no"</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="k">${</span><span class="nv">INSTALL_APACHE2</span><span class="k">}</span><span class="s2">"</span> <span class="o">=</span> <span class="s2">"yes"</span> <span class="o">]</span> <span class="o">||</span> <span class="o">[</span> <span class="s2">"</span><span class="k">${</span><span class="nv">INSTALL_NGINX</span><span class="k">}</span><span class="s2">"</span> <span class="o">=</span> <span class="s2">"yes"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nv">PHP_INSTALLED</span><span class="o">=</span><span class="s2">"yes"</span> <span class="nb">echo</span> <span class="s2">"✅ Adding PHP PPA (ondrej/php)..."</span> add-apt-repository ppa:ondrej/php <span class="nt">-y</span> apt update <span class="nt">-y</span> <span class="nb">echo</span> <span class="s2">"✅ Installing Default PHP </span><span class="k">${</span><span class="nv">DEFAULT_PHP_VERSION</span><span class="k">}</span><span class="s2"> (FPM + extensions + opcache)..."</span> apt <span class="nb">install</span> <span class="nt">-y</span> <span class="se">\</span> php<span class="k">${</span><span class="nv">DEFAULT_PHP_VERSION</span><span class="k">}</span> <span class="se">\</span> php<span class="k">${</span><span class="nv">DEFAULT_PHP_VERSION</span><span class="k">}</span><span class="nt">-fpm</span> <span class="se">\</span> php<span class="k">${</span><span class="nv">DEFAULT_PHP_VERSION</span><span class="k">}</span><span class="nt">-cli</span> <span class="se">\</span> php<span class="k">${</span><span class="nv">DEFAULT_PHP_VERSION</span><span class="k">}</span><span class="nt">-common</span> <span class="se">\</span> php<span class="k">${</span><span class="nv">DEFAULT_PHP_VERSION</span><span class="k">}</span><span class="nt">-mysql</span> <span class="se">\</span> php<span class="k">${</span><span class="nv">DEFAULT_PHP_VERSION</span><span class="k">}</span><span class="nt">-curl</span> <span class="se">\</span> php<span class="k">${</span><span class="nv">DEFAULT_PHP_VERSION</span><span class="k">}</span><span class="nt">-mbstring</span> <span class="se">\</span> php<span class="k">${</span><span class="nv">DEFAULT_PHP_VERSION</span><span class="k">}</span><span class="nt">-xml</span> <span class="se">\</span> php<span class="k">${</span><span class="nv">DEFAULT_PHP_VERSION</span><span class="k">}</span><span class="nt">-zip</span> <span class="se">\</span> php<span class="k">${</span><span class="nv">DEFAULT_PHP_VERSION</span><span class="k">}</span><span class="nt">-gd</span> <span class="se">\</span> php<span class="k">${</span><span class="nv">DEFAULT_PHP_VERSION</span><span class="k">}</span><span class="nt">-intl</span> <span class="se">\</span> php<span class="k">${</span><span class="nv">DEFAULT_PHP_VERSION</span><span class="k">}</span><span class="nt">-bcmath</span> <span class="se">\</span> php<span class="k">${</span><span class="nv">DEFAULT_PHP_VERSION</span><span class="k">}</span><span class="nt">-opcache</span> <span class="nb">echo</span> <span class="s2">"✅ Enabling PHP-FPM service for </span><span class="k">${</span><span class="nv">DEFAULT_PHP_VERSION</span><span class="k">}</span><span class="s2">..."</span> systemctl <span class="nb">enable</span> <span class="nt">--now</span> php<span class="k">${</span><span class="nv">DEFAULT_PHP_VERSION</span><span class="k">}</span><span class="nt">-fpm</span> <span class="c"># Optional: Multi PHP-FPM</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="k">${</span><span class="nv">ENABLE_MULTI_PHP_FPM</span><span class="k">}</span><span class="s2">"</span> <span class="o">=</span> <span class="s2">"yes"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"✅ Installing multiple PHP-FPM versions..."</span> <span class="k">for </span>v <span class="k">in </span>7.4 8.0 8.1 8.2 8.3<span class="p">;</span> <span class="k">do </span><span class="nb">echo</span> <span class="s2">"➡️ Installing PHP </span><span class="k">${</span><span class="nv">v</span><span class="k">}</span><span class="s2"> FPM..."</span> apt <span class="nb">install</span> <span class="nt">-y</span> <span class="se">\</span> php<span class="k">${</span><span class="nv">v</span><span class="k">}</span> <span class="se">\</span> php<span class="k">${</span><span class="nv">v</span><span class="k">}</span><span class="nt">-fpm</span> <span class="se">\</span> php<span class="k">${</span><span class="nv">v</span><span class="k">}</span><span class="nt">-cli</span> <span class="se">\</span> php<span class="k">${</span><span class="nv">v</span><span class="k">}</span><span class="nt">-common</span> <span class="se">\</span> php<span class="k">${</span><span class="nv">v</span><span class="k">}</span><span class="nt">-mysql</span> <span class="se">\</span> php<span class="k">${</span><span class="nv">v</span><span class="k">}</span><span class="nt">-curl</span> <span class="se">\</span> php<span class="k">${</span><span class="nv">v</span><span class="k">}</span><span class="nt">-mbstring</span> <span class="se">\</span> php<span class="k">${</span><span class="nv">v</span><span class="k">}</span><span class="nt">-xml</span> <span class="se">\</span> php<span class="k">${</span><span class="nv">v</span><span class="k">}</span><span class="nt">-zip</span> <span class="se">\</span> php<span class="k">${</span><span class="nv">v</span><span class="k">}</span><span class="nt">-gd</span> <span class="se">\</span> php<span class="k">${</span><span class="nv">v</span><span class="k">}</span><span class="nt">-intl</span> <span class="se">\</span> php<span class="k">${</span><span class="nv">v</span><span class="k">}</span><span class="nt">-bcmath</span> <span class="se">\</span> php<span class="k">${</span><span class="nv">v</span><span class="k">}</span><span class="nt">-opcache</span> <span class="o">||</span> <span class="nb">true </span>systemctl <span class="nb">enable</span> <span class="nt">--now</span> php<span class="k">${</span><span class="nv">v</span><span class="k">}</span><span class="nt">-fpm</span> <span class="o">||</span> <span class="nb">true </span><span class="k">done fi</span> <span class="c"># Set CLI default PHP</span> <span class="nb">echo</span> <span class="s2">"✅ Setting CLI default PHP to </span><span class="k">${</span><span class="nv">DEFAULT_PHP_VERSION</span><span class="k">}</span><span class="s2">..."</span> update-alternatives <span class="nt">--set</span> php /usr/bin/php<span class="k">${</span><span class="nv">DEFAULT_PHP_VERSION</span><span class="k">}</span> <span class="o">||</span> <span class="nb">true </span>update-alternatives <span class="nt">--set</span> phar /usr/bin/phar<span class="k">${</span><span class="nv">DEFAULT_PHP_VERSION</span><span class="k">}</span> <span class="o">||</span> <span class="nb">true </span>update-alternatives <span class="nt">--set</span> phar.phar /usr/bin/phar.phar<span class="k">${</span><span class="nv">DEFAULT_PHP_VERSION</span><span class="k">}</span> <span class="o">||</span> <span class="nb">true </span>update-alternatives <span class="nt">--set</span> phpize /usr/bin/phpize<span class="k">${</span><span class="nv">DEFAULT_PHP_VERSION</span><span class="k">}</span> <span class="o">||</span> <span class="nb">true </span>update-alternatives <span class="nt">--set</span> php-config /usr/bin/php-config<span class="k">${</span><span class="nv">DEFAULT_PHP_VERSION</span><span class="k">}</span> <span class="o">||</span> <span class="nb">true </span><span class="k">else </span><span class="nb">echo</span> <span class="s2">"⏭️ Skipping PHP installation because both Apache &amp; Nginx are disabled..."</span> <span class="k">fi</span> <span class="c"># -----------------------------</span> <span class="c"># Composer Install (Optional)</span> <span class="c"># Requires PHP CLI</span> <span class="c"># -----------------------------</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="k">${</span><span class="nv">INSTALL_COMPOSER</span><span class="k">}</span><span class="s2">"</span> <span class="o">=</span> <span class="s2">"yes"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then if </span><span class="nb">command</span> <span class="nt">-v</span> php <span class="o">&gt;</span>/dev/null 2&gt;&amp;1<span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"✅ Installing Composer..."</span> <span class="nv">EXPECTED_CHECKSUM</span><span class="o">=</span><span class="s2">"</span><span class="si">$(</span>php <span class="nt">-r</span> <span class="s1">'copy("https://composer.github.io/installer.sig", "php://stdout");'</span><span class="si">)</span><span class="s2">"</span> php <span class="nt">-r</span> <span class="s2">"copy('https://getcomposer.org/installer', 'composer-setup.php');"</span> <span class="nv">ACTUAL_CHECKSUM</span><span class="o">=</span><span class="s2">"</span><span class="si">$(</span>php <span class="nt">-r</span> <span class="s2">"echo hash_file('sha384', 'composer-setup.php');"</span><span class="si">)</span><span class="s2">"</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="nv">$EXPECTED_CHECKSUM</span><span class="s2">"</span> <span class="o">!=</span> <span class="s2">"</span><span class="nv">$ACTUAL_CHECKSUM</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"❌ ERROR: Invalid Composer installer checksum"</span> <span class="nb">rm</span> <span class="nt">-f</span> composer-setup.php <span class="nb">exit </span>1 <span class="k">fi </span>php composer-setup.php <span class="nt">--quiet</span> <span class="nt">--install-dir</span><span class="o">=</span>/usr/local/bin <span class="nt">--filename</span><span class="o">=</span>composer <span class="nb">rm</span> <span class="nt">-f</span> composer-setup.php <span class="nb">echo</span> <span class="s2">"✅ Composer installed: </span><span class="si">$(</span>composer <span class="nt">--version</span><span class="si">)</span><span class="s2">"</span> <span class="k">else </span><span class="nb">echo</span> <span class="s2">"⚠️ Composer requested but PHP is not installed. Skipping Composer..."</span> <span class="k">fi else </span><span class="nb">echo</span> <span class="s2">"⏭️ Skipping Composer installation..."</span> <span class="k">fi</span> <span class="c"># -----------------------------</span> <span class="c"># Apache PHP-FPM conf setup</span> <span class="c"># conf-available create all versions, enable only default</span> <span class="c"># -----------------------------</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="k">${</span><span class="nv">INSTALL_APACHE2</span><span class="k">}</span><span class="s2">"</span> <span class="o">=</span> <span class="s2">"yes"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"✅ Creating Apache PHP-FPM conf files in conf-available..."</span> <span class="nv">PHP_VERSIONS</span><span class="o">=()</span> PHP_VERSIONS+<span class="o">=(</span><span class="s2">"</span><span class="k">${</span><span class="nv">DEFAULT_PHP_VERSION</span><span class="k">}</span><span class="s2">"</span><span class="o">)</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="k">${</span><span class="nv">ENABLE_MULTI_PHP_FPM</span><span class="k">}</span><span class="s2">"</span> <span class="o">=</span> <span class="s2">"yes"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span>PHP_VERSIONS+<span class="o">=(</span>7.4 8.0 8.1 8.2 8.3<span class="o">)</span> <span class="k">fi </span><span class="nv">PHP_VERSIONS</span><span class="o">=(</span><span class="si">$(</span><span class="nb">printf</span> <span class="s2">"%s</span><span class="se">\n</span><span class="s2">"</span> <span class="s2">"</span><span class="k">${</span><span class="nv">PHP_VERSIONS</span><span class="p">[@]</span><span class="k">}</span><span class="s2">"</span> | <span class="nb">sort</span> <span class="nt">-u</span><span class="si">)</span><span class="o">)</span> <span class="k">for </span>v <span class="k">in</span> <span class="s2">"</span><span class="k">${</span><span class="nv">PHP_VERSIONS</span><span class="p">[@]</span><span class="k">}</span><span class="s2">"</span><span class="p">;</span> <span class="k">do </span><span class="nv">PHP_CONF</span><span class="o">=</span><span class="s2">"/etc/apache2/conf-available/php</span><span class="k">${</span><span class="nv">v</span><span class="k">}</span><span class="s2">-fpm.conf"</span> <span class="nb">echo</span> <span class="s2">"➡️ Creating: </span><span class="nv">$PHP_CONF</span><span class="s2">"</span> <span class="nb">cat</span> <span class="o">&gt;</span> <span class="s2">"</span><span class="nv">$PHP_CONF</span><span class="s2">"</span> <span class="o">&lt;&lt;</span><span class="no">EOF</span><span class="sh"> # Auto-generated PHP-FPM config: PHP </span><span class="k">${</span><span class="nv">v</span><span class="k">}</span><span class="sh"> &lt;IfModule proxy_fcgi_module&gt; &lt;FilesMatch </span><span class="se">\\</span><span class="sh">.php</span><span class="nv">$&gt;</span><span class="sh"> SetHandler "proxy:unix:/run/php/php</span><span class="k">${</span><span class="nv">v</span><span class="k">}</span><span class="sh">-fpm.sock|fcgi://localhost/" &lt;/FilesMatch&gt; &lt;/IfModule&gt; </span><span class="no">EOF </span> <span class="k">done </span><span class="nb">echo</span> <span class="s2">"✅ Disabling other PHP-FPM confs (avoid conflict)..."</span> <span class="k">for </span>v <span class="k">in</span> <span class="s2">"</span><span class="k">${</span><span class="nv">PHP_VERSIONS</span><span class="p">[@]</span><span class="k">}</span><span class="s2">"</span><span class="p">;</span> <span class="k">do if</span> <span class="o">[</span> <span class="s2">"</span><span class="nv">$v</span><span class="s2">"</span> <span class="o">!=</span> <span class="s2">"</span><span class="k">${</span><span class="nv">DEFAULT_PHP_VERSION</span><span class="k">}</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span>a2disconf <span class="s2">"php</span><span class="k">${</span><span class="nv">v</span><span class="k">}</span><span class="s2">-fpm"</span> <span class="o">&gt;</span>/dev/null 2&gt;&amp;1 <span class="o">||</span> <span class="nb">true </span><span class="k">fi done </span><span class="nb">echo</span> <span class="s2">"✅ Enabling only default PHP-FPM conf: php</span><span class="k">${</span><span class="nv">DEFAULT_PHP_VERSION</span><span class="k">}</span><span class="s2">-fpm"</span> a2enconf <span class="s2">"php</span><span class="k">${</span><span class="nv">DEFAULT_PHP_VERSION</span><span class="k">}</span><span class="s2">-fpm"</span> systemctl reload apache2 <span class="k">fi</span> <span class="c"># -----------------------------</span> <span class="c"># Nginx PHP-FPM config setup</span> <span class="c"># -----------------------------</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="k">${</span><span class="nv">INSTALL_NGINX</span><span class="k">}</span><span class="s2">"</span> <span class="o">=</span> <span class="s2">"yes"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"✅ Configuring Nginx for PHP-FPM (default PHP </span><span class="k">${</span><span class="nv">DEFAULT_PHP_VERSION</span><span class="k">}</span><span class="s2">)..."</span> <span class="nb">rm</span> <span class="nt">-f</span> /etc/nginx/sites-enabled/default <span class="nv">NGINX_SITE</span><span class="o">=</span><span class="s2">"/etc/nginx/sites-available/default-php-fpm"</span> <span class="nb">cat</span> <span class="o">&gt;</span> <span class="s2">"</span><span class="nv">$NGINX_SITE</span><span class="s2">"</span> <span class="o">&lt;&lt;</span><span class="no">EOF</span><span class="sh"> server { listen 80 default_server; listen [::]:80 default_server; root /var/www/html; index index.php index.html index.htm; server_name _; location / { try_files </span><span class="se">\$</span><span class="sh">uri </span><span class="se">\$</span><span class="sh">uri/ =404; } location ~ </span><span class="se">\\</span><span class="sh">.php</span><span class="se">\$</span><span class="sh"> { include snippets/fastcgi-php.conf; fastcgi_pass unix:/run/php/php</span><span class="k">${</span><span class="nv">DEFAULT_PHP_VERSION</span><span class="k">}</span><span class="sh">-fpm.sock; } location ~ /</span><span class="se">\\</span><span class="sh">.ht { deny all; } } </span><span class="no">EOF </span> <span class="nb">ln</span> <span class="nt">-sf</span> <span class="s2">"</span><span class="nv">$NGINX_SITE</span><span class="s2">"</span> /etc/nginx/sites-enabled/default-php-fpm nginx <span class="nt">-t</span> systemctl reload nginx <span class="k">fi</span> <span class="c"># -----------------------------</span> <span class="c"># PHP Info test file</span> <span class="c"># -----------------------------</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="k">${</span><span class="nv">INSTALL_APACHE2</span><span class="k">}</span><span class="s2">"</span> <span class="o">=</span> <span class="s2">"yes"</span> <span class="o">]</span> <span class="o">||</span> <span class="o">[</span> <span class="s2">"</span><span class="k">${</span><span class="nv">INSTALL_NGINX</span><span class="k">}</span><span class="s2">"</span> <span class="o">=</span> <span class="s2">"yes"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"✅ Creating PHP test file: /var/www/html/info.php"</span> <span class="nb">cat</span> <span class="o">&gt;</span> /var/www/html/info.php <span class="o">&lt;&lt;</span><span class="no">EOF</span><span class="sh"> &lt;?php phpinfo(); ?&gt; </span><span class="no">EOF </span><span class="k">fi</span> <span class="c"># -----------------------------</span> <span class="c"># Optional: phpMyAdmin</span> <span class="c"># -----------------------------</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="k">${</span><span class="nv">INSTALL_PHPMYADMIN</span><span class="k">}</span><span class="s2">"</span> <span class="o">=</span> <span class="s2">"yes"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"✅ Installing phpMyAdmin..."</span> apt <span class="nb">install</span> <span class="nt">-y</span> phpmyadmin <span class="o">||</span> <span class="nb">true </span><span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="k">${</span><span class="nv">INSTALL_APACHE2</span><span class="k">}</span><span class="s2">"</span> <span class="o">=</span> <span class="s2">"yes"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span>systemctl reload apache2 <span class="k">fi if</span> <span class="o">[</span> <span class="s2">"</span><span class="k">${</span><span class="nv">INSTALL_NGINX</span><span class="k">}</span><span class="s2">"</span> <span class="o">=</span> <span class="s2">"yes"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span>systemctl reload nginx <span class="k">fi fi</span> <span class="c"># -----------------------------</span> <span class="c"># Docker Install (Optional)</span> <span class="c"># -----------------------------</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="k">${</span><span class="nv">INSTALL_DOCKER</span><span class="k">}</span><span class="s2">"</span> <span class="o">=</span> <span class="s2">"yes"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"✅ Installing Docker + Docker Compose (official)..."</span> <span class="nb">install</span> <span class="nt">-m</span> 0755 <span class="nt">-d</span> /etc/apt/keyrings <span class="nb">rm</span> <span class="nt">-f</span> /etc/apt/keyrings/docker.gpg curl <span class="nt">-fsSL</span> https://download.docker.com/linux/ubuntu/gpg | gpg <span class="nt">--dearmor</span> <span class="nt">-o</span> /etc/apt/keyrings/docker.gpg <span class="nb">chmod </span>a+r /etc/apt/keyrings/docker.gpg <span class="nb">echo</span> <span class="se">\</span> <span class="s2">"deb [arch=</span><span class="si">$(</span>dpkg <span class="nt">--print-architecture</span><span class="si">)</span><span class="s2"> signed-by=/etc/apt/keyrings/docker.gpg] </span><span class="se">\</span><span class="s2"> https://download.docker.com/linux/ubuntu </span><span class="se">\</span><span class="s2"> </span><span class="si">$(</span><span class="nb">.</span> /etc/os-release <span class="o">&amp;&amp;</span> <span class="nb">echo</span> <span class="s2">"</span><span class="nv">$VERSION_CODENAME</span><span class="s2">"</span><span class="si">)</span><span class="s2"> stable"</span> <span class="se">\</span> <span class="o">&gt;</span> /etc/apt/sources.list.d/docker.list apt update <span class="nt">-y</span> apt <span class="nb">install</span> <span class="nt">-y</span> docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin systemctl <span class="nb">enable</span> <span class="nt">--now</span> docker <span class="k">if</span> <span class="o">[</span> <span class="nt">-n</span> <span class="s2">"</span><span class="k">${</span><span class="nv">SUDO_USER</span><span class="k">:-}</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"✅ Adding user '</span><span class="nv">$SUDO_USER</span><span class="s2">' to docker group..."</span> usermod <span class="nt">-aG</span> docker <span class="s2">"</span><span class="nv">$SUDO_USER</span><span class="s2">"</span> <span class="k">fi else </span><span class="nb">echo</span> <span class="s2">"⏭️ Skipping Docker installation..."</span> <span class="k">fi</span> <span class="c"># -----------------------------</span> <span class="c"># UFW Firewall (Optional)</span> <span class="c"># -----------------------------</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="k">${</span><span class="nv">ENABLE_UFW</span><span class="k">}</span><span class="s2">"</span> <span class="o">=</span> <span class="s2">"yes"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"✅ Setting up UFW firewall..."</span> apt <span class="nb">install</span> <span class="nt">-y</span> ufw <span class="c"># Only allow SSH if OpenSSH install enabled</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="k">${</span><span class="nv">INSTALL_OPENSSH</span><span class="k">}</span><span class="s2">"</span> <span class="o">=</span> <span class="s2">"yes"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span>ufw allow OpenSSH <span class="k">fi </span>ufw allow 80/tcp ufw allow 443/tcp ufw <span class="nt">--force</span> <span class="nb">enable </span>ufw status verbose <span class="k">fi</span> <span class="c"># -----------------------------</span> <span class="c"># Finished Summary</span> <span class="c"># -----------------------------</span> <span class="nb">echo</span> <span class="s2">"==========================================="</span> <span class="nb">echo</span> <span class="s2">"✅ INSTALLATION COMPLETE!"</span> <span class="nb">echo</span> <span class="s2">"==========================================="</span> <span class="nb">echo</span> <span class="s2">"OpenSSH Installed: </span><span class="k">${</span><span class="nv">INSTALL_OPENSSH</span><span class="k">}</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">"Git Installed: </span><span class="k">${</span><span class="nv">INSTALL_GIT</span><span class="k">}</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">"Composer Installed:</span><span class="k">${</span><span class="nv">INSTALL_COMPOSER</span><span class="k">}</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">"Apache Installed: </span><span class="k">${</span><span class="nv">INSTALL_APACHE2</span><span class="k">}</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">"Nginx Installed: </span><span class="k">${</span><span class="nv">INSTALL_NGINX</span><span class="k">}</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">"MySQL Installed: </span><span class="k">${</span><span class="nv">INSTALL_MYSQL</span><span class="k">}</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">"MariaDB Installed: </span><span class="k">${</span><span class="nv">INSTALL_MARIADB</span><span class="k">}</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">"Docker Installed: </span><span class="k">${</span><span class="nv">INSTALL_DOCKER</span><span class="k">}</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">""</span> <span class="nb">echo</span> <span class="s2">"OpenSSH: systemctl status ssh"</span> <span class="nb">echo</span> <span class="s2">"Apache: systemctl status apache2"</span> <span class="nb">echo</span> <span class="s2">"Nginx: systemctl status nginx"</span> <span class="nb">echo</span> <span class="s2">"MySQL: systemctl status mysql"</span> <span class="nb">echo</span> <span class="s2">"MariaDB: systemctl status mariadb"</span> <span class="nb">echo</span> <span class="s2">"PHP (CLI): php -v | head -n 1"</span> <span class="nb">echo</span> <span class="s2">"Git: git --version"</span> <span class="nb">echo</span> <span class="s2">"Composer: composer --version"</span> <span class="nb">echo</span> <span class="s2">"Docker: docker --version"</span> <span class="nb">echo</span> <span class="s2">"Compose: docker compose version"</span> <span class="nb">echo</span> <span class="s2">""</span> <span class="nb">echo</span> <span class="s2">"🔑 DB root password set to:"</span> <span class="nb">echo</span> <span class="s2">" </span><span class="k">${</span><span class="nv">MYSQL_ROOT_PASSWORD</span><span class="k">}</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">""</span> <span class="nb">echo</span> <span class="s2">"✅ PHP test page (if web server installed):"</span> <span class="nb">echo</span> <span class="s2">" http://YOUR_SERVER_IP/info.php"</span> <span class="nb">echo</span> <span class="s2">""</span> <span class="nb">echo</span> <span class="s2">"⚠️ IMPORTANT: Delete info.php after testing:"</span> <span class="nb">echo</span> <span class="s2">" sudo rm /var/www/html/info.php"</span> <span class="nb">echo</span> <span class="s2">""</span> <span class="nb">echo</span> <span class="s2">"✅ If Docker group added, logout/login required for it to work without sudo."</span> <span class="nb">echo</span> <span class="s2">"==========================================="</span> </code></pre> </div> <h2> ✅ Quick Troubleshooting </h2> <h3> ✅ Check services </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>systemctl status ssh systemctl status nginx systemctl status apache2 systemctl status mariadb systemctl status mysql systemctl status php8.4-fpm </code></pre> </div> <h3> ✅ Check open ports </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ss <span class="nt">-tulpn</span> | <span class="nb">grep</span> <span class="nt">-E</span> <span class="s1">'(:22|:80|:443|:3306)'</span> </code></pre> </div> <h2> ✅ Done ✅ </h2> <p>If you want, I can add these in the next version:</p> <p>✅ <code>INSTALL_SSL_CERTBOT="yes/no"</code> (Let’s Encrypt auto SSL)<br><br> ✅ <code>INSTALL_REDIS="yes/no"</code><br><br> ✅ <code>INSTALL_FAIL2BAN="yes/no"</code><br><br> ✅ per-site multi PHP config templates </p> <p>Happy Hosting 🚀</p> ubuntu docker php mysql Complete Step-by-Step Jenkins CI/CD Deployment on Ubuntu with GitLab M. K. Tanjin Sarker Thu, 25 Sep 2025 10:12:33 +0000 https://dev.to/tanjinsarker/gitlabjenkins-cicd-4hf0 https://dev.to/tanjinsarker/gitlabjenkins-cicd-4hf0 <h2> Step 1: Update Ubuntu &amp; Install Dependencies </h2> <p>Install Java 17 (required by Jenkins), <code>curl</code>, and other dependencies:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt update <span class="nb">sudo </span>apt <span class="nb">install</span> <span class="nt">-y</span> openjdk-17-jdk curl gnupg2 apt-transport-https software-properties-common </code></pre> </div> <h2> Step 2: Add Jenkins Repository </h2> <p>Add the Jenkins GPG key and repository:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-fsSL</span> https://pkg.jenkins.io/debian/jenkins.io-2023.key | <span class="nb">sudo tee</span> <span class="se">\</span> /usr/share/keyrings/jenkins-keyring.asc <span class="o">&gt;</span> /dev/null <span class="nb">echo </span>deb <span class="o">[</span>signed-by<span class="o">=</span>/usr/share/keyrings/jenkins-keyring.asc] https://pkg.jenkins.io/debian binary/ | <span class="se">\</span> <span class="nb">sudo tee</span> /etc/apt/sources.list.d/jenkins.list <span class="o">&gt;</span> /dev/null </code></pre> </div> <h2> Step 3: Install Jenkins </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt update <span class="nb">sudo </span>apt <span class="nb">install</span> <span class="nt">-y</span> jenkins </code></pre> </div> <h2> Step 4: Start &amp; Enable Jenkins </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>systemctl start jenkins <span class="nb">sudo </span>systemctl <span class="nb">enable </span>jenkins <span class="nb">sudo </span>systemctl status jenkins </code></pre> </div> <ul> <li>Default Jenkins runs on port <code>8080</code>.</li> <li>To change the port: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>nano /etc/default/jenkins <span class="c"># Change HTTP_PORT=8080 to HTTP_PORT=8008</span> <span class="nb">sudo </span>nano /lib/systemd/system/jenkins.service <span class="c"># Add Environment="JENKINS_PORT=8008"</span> <span class="nb">sudo </span>systemctl daemon-reload <span class="nb">sudo </span>systemctl restart jenkins </code></pre> </div> <ul> <li>Verify port: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ss <span class="nt">-tulnp</span> | <span class="nb">grep </span>jenkins </code></pre> </div> <ul> <li>Allow firewall access: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>ufw allow 8080 </code></pre> </div> <ul> <li>Open Jenkins in your browser: <code>http://&lt;jenkins-server-ip&gt;:8080</code> </li> </ul> <h2> Step 5: Unlock Jenkins </h2> <p>Get the initial admin password:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo cat</span> /var/lib/jenkins/secrets/initialAdminPassword </code></pre> </div> <p>Use this password to login via the browser.</p> <h2> Step 6: Install Recommended Plugins </h2> <ul> <li>Choose <strong>Install suggested plugins</strong>.</li> <li>Create the first admin user and continue.</li> </ul> <h2> Step 7: Install Essential Plugins </h2> <p>Go to <strong>Manage Jenkins → Plugins → Available</strong> and install:</p> <ul> <li>GitLab</li> <li>SSH Agent</li> <li>GitLab API</li> </ul> <p>Restart Jenkins after installation.</p> <h2> Step 8: Setup SSH Access for Deployment </h2> <ol> <li>Generate SSH key for Jenkins user: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ssh-keygen <span class="nt">-t</span> rsa <span class="nt">-b</span> 4096 <span class="nt">-C</span> <span class="s2">"jenkins@jenkins-server"</span> </code></pre> </div> <ol> <li>Copy the public key to your application server: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ssh-copy-id user@application-server-ip </code></pre> </div> <ol> <li>Test password-less login: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ssh user@application-server-ip <span class="s2">"ls -la"</span> </code></pre> </div> <h2> Step 9: Add SSH Key to Jenkins Credentials </h2> <ol> <li>Go to <strong>Manage Jenkins → Credentials → Global → Add Credentials</strong> </li> <li>Configure as: <ul> <li> <strong>Kind:</strong> SSH Username with private key </li> <li> <strong>Scope:</strong> Global </li> <li> <strong>ID:</strong> <code>deploy-private-key</code> </li> <li> <strong>Username:</strong> <code>root</code> (or your server user) </li> <li> <strong>Private Key:</strong> Enter directly (paste your <code>~/.ssh/id_rsa</code>) </li> </ul> </li> </ol> <h2> Step 10: Add GitLab Access Token </h2> <ol> <li>In GitLab → <strong>Settings → Personal Access Tokens</strong>, create a token: <ul> <li> <strong>Token Name:</strong> <code>jenkins-server</code> </li> <li> <strong>Expiration Date:</strong> As desired </li> <li> <strong>Scopes:</strong> Check <strong>API</strong> </li> </ul> </li> <li>Copy the generated token.</li> <li>In Jenkins, add it as a credential: <ul> <li> <strong>Kind:</strong> GitLab API token </li> <li> <strong>API Token:</strong> Paste the token </li> <li> <strong>ID:</strong> <code>gitlab-access-token</code> </li> </ul> </li> <li>Configure GitLab connection in Jenkins: <ul> <li> <strong>Connection Name:</strong> <code>gitlab.com</code> </li> <li> <strong>GitLab Host URL:</strong> <code>https://gitlab.com</code> </li> <li> <strong>Credential:</strong> <code>gitlab-access-token</code> </li> <li>Apply/Save</li> </ul> </li> </ol> <h2> Step 11: Add Application Server SSH Key to GitLab </h2> <p>On your application server:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ssh-keygen <span class="nt">-t</span> rsa <span class="nt">-b</span> 4096 <span class="nt">-C</span> <span class="s2">"server.application"</span> <span class="nb">cat</span> ~/.ssh/id_rsa.pub </code></pre> </div> <ul> <li>Add this public key in GitLab: <strong>Preferences → SSH Keys → Add new key</strong> </li> </ul> <h2> Step 12: Create Jenkins Pipeline Job </h2> <ol> <li>Go to <strong>New Item → Pipeline</strong> </li> <li>Configure GitLab connection: <ul> <li> <strong>Triggers:</strong> Check <em>Build when a change is pushed to GitLab</em> </li> </ul> </li> <li>Pipeline script example: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight groovy"><code><span class="n">pipeline</span> <span class="o">{</span> <span class="n">agent</span> <span class="n">any</span> <span class="n">stages</span> <span class="o">{</span> <span class="n">stage</span><span class="o">(</span><span class="s1">'Deploy main'</span><span class="o">)</span> <span class="o">{</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">sshagent</span><span class="o">([</span><span class="s1">'deploy-private-key'</span><span class="o">])</span> <span class="o">{</span> <span class="n">sh</span> <span class="s2">"ssh -o StrictHostKeyChecking=no -p 22 user@application_server_ip 'cd /var/www/html/application &amp;&amp; git pull origin main'"</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <ul> <li>Adjust the SSH port and paths as needed. </li> </ul> <h2> Step 13: Build &amp; Deploy </h2> <p>Now, whenever you push to GitLab, Jenkins will:</p> <ul> <li>Pull the latest code from the repository </li> <li>Deploy it automatically to your application server </li> </ul> <p>Check the <strong>Build History</strong> in Jenkins to verify successful deployments.</p> <p>✅ <strong>Your CI/CD pipeline is now fully functional, secure, and automated!</strong></p> ubuntu cicd tutorial devops How to Install and Manage Multiple PHP Versions (7.4 - 8.4) on Ubuntu with Apache. M. K. Tanjin Sarker Thu, 18 Sep 2025 12:27:14 +0000 https://dev.to/tanjinsarker/how-to-install-and-manage-multiple-php-versions-74-84-on-ubuntu-with-apache-1o12 https://dev.to/tanjinsarker/how-to-install-and-manage-multiple-php-versions-74-84-on-ubuntu-with-apache-1o12 <h1> 🚀 PHP Multiple Versions (7.4 → 8.4) with Apache on Ubuntu </h1> <h2> 1️⃣ Add PHP PPA </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt update <span class="nb">sudo </span>apt <span class="nb">install</span> <span class="nt">-y</span> software-properties-common ca-certificates lsb-release apt-transport-https <span class="nb">sudo </span>add-apt-repository <span class="nt">-y</span> ppa:ondrej/php <span class="nb">sudo </span>apt update </code></pre> </div> <h2> 2️⃣ Install PHP Versions </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># PHP 7.4</span> <span class="nb">sudo </span>apt <span class="nb">install</span> <span class="nt">-y</span> php7.4 php7.4-cli php7.4-fpm <span class="c"># PHP 8.0</span> <span class="nb">sudo </span>apt <span class="nb">install</span> <span class="nt">-y</span> php8.0 php8.0-cli php8.0-fpm <span class="c"># PHP 8.1</span> <span class="nb">sudo </span>apt <span class="nb">install</span> <span class="nt">-y</span> php8.1 php8.1-cli php8.1-fpm <span class="c"># PHP 8.2</span> <span class="nb">sudo </span>apt <span class="nb">install</span> <span class="nt">-y</span> php8.2 php8.2-cli php8.2-fpm <span class="c"># PHP 8.3</span> <span class="nb">sudo </span>apt <span class="nb">install</span> <span class="nt">-y</span> php8.3 php8.3-cli php8.3-fpm <span class="c"># PHP 8.4</span> <span class="nb">sudo </span>apt <span class="nb">install</span> <span class="nt">-y</span> php8.4 php8.4-cli php8.4-fpm </code></pre> </div> <h2> 3️⃣ Install Important Extensions </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Replace X.X with version (7.4, 8.0, 8.1, 8.2, 8.3, 8.4)</span> <span class="nb">sudo </span>apt <span class="nb">install</span> <span class="nt">-y</span> phpX.X-cli phpX.X-fpm phpX.X-mysql phpX.X-xml phpX.X-curl phpX.X-mbstring phpX.X-zip phpX.X-bcmath phpX.X-gd phpX.X-intl phpX.X-readline phpX.X-soap phpX.X-opcache phpX.X-dev phpX.X-imagick phpX.X-pgsql phpX.X-sqlite3 </code></pre> </div> <p>👉 Covers <strong>Laravel, Symfony, WordPress, Drupal, Magento, APIs, image processing, DB drivers, and performance</strong>. </p> <h2> 4️⃣ Check Installed Versions </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>php <span class="nt">-v</span> <span class="c"># Current CLI version</span> update-alternatives <span class="nt">--list</span> php <span class="c"># All installed CLI versions</span> systemctl list-units | <span class="nb">grep </span>php <span class="c"># Running PHP-FPM services</span> php <span class="nt">-m</span> <span class="c"># Installed extensions</span> </code></pre> </div> <h2> 5️⃣ Switch PHP (CLI) </h2> <p>Interactive:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>update-alternatives <span class="nt">--config</span> php </code></pre> </div> <p>Direct:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>update-alternatives <span class="nt">--set</span> php /usr/bin/php8.3 </code></pre> </div> <p>Verify:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>php <span class="nt">-v</span> </code></pre> </div> <h2> 6️⃣ Switch PHP (Apache FPM) </h2> <h3> Enable/disable PHP-FPM </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>systemctl stop php7.4-fpm <span class="nb">sudo </span>systemctl <span class="nb">enable</span> <span class="nt">--now</span> php8.3-fpm </code></pre> </div> <h3> Enable Apache modules/config </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>a2enmod proxy_fcgi setenvif <span class="nb">sudo </span>a2enconf php8.3-fpm <span class="nb">sudo </span>a2disconf php7.4-fpm <span class="nb">sudo </span>systemctl reload apache2 </code></pre> </div> <h3> VirtualHost Example </h3> <div class="highlight js-code-highlight"> <pre class="highlight apache"><code> <span class="p">&lt;</span><span class="nl">FilesMatch</span><span class="sr"> \.php$</span><span class="p">&gt; </span> <span class="nc">SetHandler</span> "proxy:unix:/run/php/php8.3-fpm.sock|fcgi://localhost/" <span class="p">&lt;/</span><span class="nl">FilesMatch</span><span class="p">&gt; </span></code></pre> </div> <p>Reload Apache:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>systemctl restart apache2 </code></pre> </div> <h2> 7️⃣ Test PHP </h2> <p>Create <code>/var/www/html/info.php</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="nb">phpinfo</span><span class="p">();</span> </code></pre> </div> <p>Open in browser:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>http://localhost/info.php </code></pre> </div> <h2> 🔄 Quick Reference </h2> <ul> <li> <strong>Switch CLI PHP</strong> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nb">sudo </span>update-alternatives <span class="nt">--config</span> php </code></pre> </div> <ul> <li> <strong>Switch Apache PHP-FPM</strong> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nb">sudo </span>systemctl stop php8.0-fpm <span class="nb">sudo </span>systemctl start php8.2-fpm <span class="nb">sudo </span>a2enconf php8.2-fpm <span class="nb">sudo </span>a2disconf php8.0-fpm <span class="nb">sudo </span>systemctl reload apache2 </code></pre> </div> <p>✅ With this setup, you can: </p> <ul> <li>Install <strong>PHP 7.4 → 8.4</strong> </li> <li>Enable required <strong>extensions</strong> </li> <li>Switch between versions for <strong>CLI &amp; Apache</strong> </li> <li>Verify with <code>php -v</code> and <code>phpinfo()</code> </li> </ul> ubuntu devops tutorial php Automating MySQL Backups with Bash Script & Cron M. K. Tanjin Sarker Mon, 25 Aug 2025 04:19:44 +0000 https://dev.to/tanjinsarker/automating-mysql-backups-with-bash-script-cron-40oc https://dev.to/tanjinsarker/automating-mysql-backups-with-bash-script-cron-40oc <h1> 🚀 Automating MySQL Backups with Bash Script &amp; Cron </h1> <p>Databases are the heart of most applications—and losing them can be a nightmare. Manual backups work for quick fixes, but in production environments, <strong>automated MySQL backups</strong> are essential. </p> <p>In this guide, we’ll build a <strong>simple Bash script</strong> to back up MySQL databases, compress them, keep them for a fixed number of days, and schedule it with <code>cron</code>. </p> <h2> 🔑 Why Automate Backups? </h2> <ul> <li>✅ Ensures you always have a recent copy of your data </li> <li>✅ Reduces risk of human error </li> <li>✅ Saves time compared to manual exports </li> <li>✅ Easy to restore when disaster strikes </li> </ul> <h2> 🛠 Prerequisites </h2> <ul> <li>A Linux server with MySQL/MariaDB installed </li> <li>A user with access to all databases you want to back up </li> <li>Basic knowledge of shell commands </li> </ul> <h2> 1) Login as Root </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo</span> <span class="nt">-i</span> </code></pre> </div> <h2> 2) Create a Backup Folder &amp; Script File </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir</span> <span class="nt">-p</span> /home/backup <span class="nb">touch</span> /home/backup/backup-mysql.sh nano /home/backup/backup-mysql.sh </code></pre> </div> <h2> 3.1) Add the Backup Script for all Databases. </h2> <p>Paste this inside the file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="c">#----------------------------------------</span> <span class="c"># MySQL Backup Script</span> <span class="c">#----------------------------------------</span> <span class="c"># 🔧 Configuration</span> <span class="nv">HOST</span><span class="o">=</span><span class="s1">'mysql-localhost'</span> <span class="c"># MySQL server host</span> <span class="nv">USER</span><span class="o">=</span><span class="s1">'mysql-username'</span> <span class="c"># Username</span> <span class="nv">PASSWORD</span><span class="o">=</span><span class="s1">'mysql-password'</span> <span class="c"># Password</span> <span class="nv">DAYS_TO_KEEP</span><span class="o">=</span>5 <span class="c"># Delete backups older than X days</span> <span class="nv">GZIP</span><span class="o">=</span>1 <span class="c"># 1 = gzip compression, 0 = plain .sql</span> <span class="nv">BACKUP_PATH</span><span class="o">=</span><span class="s1">'/home/backup/mysql'</span> <span class="c"># Location to store backups</span> <span class="c">#TIMESTAMP=$(date +"%d_%m_%Y_%H_%M_%S") # Date-time for unique file names</span> <span class="nv">TIMESTAMP</span><span class="o">=</span><span class="si">$(</span><span class="nb">date</span> <span class="nt">-d</span> <span class="s2">"yesterday"</span> +<span class="s2">"%d_%m_%Y"</span><span class="si">)</span> <span class="c">#Date-time for previous date file names. reminder here crontab use after 12 am</span> <span class="c">#----------------------------------------</span> <span class="c"># 📂 Create backup folder if not exists</span> <span class="k">if</span> <span class="o">[</span> <span class="o">!</span> <span class="nt">-d</span> <span class="s2">"</span><span class="nv">$BACKUP_PATH</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">mkdir</span> <span class="nt">-p</span> <span class="s2">"</span><span class="nv">$BACKUP_PATH</span><span class="s2">"</span> <span class="k">fi</span> <span class="c"># 📋 Get database list</span> <span class="nv">databases</span><span class="o">=</span><span class="si">$(</span>mysql <span class="nt">-h</span> <span class="s2">"</span><span class="nv">$HOST</span><span class="s2">"</span> <span class="nt">-u</span> <span class="s2">"</span><span class="nv">$USER</span><span class="s2">"</span> <span class="nt">-p</span><span class="s2">"</span><span class="nv">$PASSWORD</span><span class="s2">"</span> <span class="nt">-e</span> <span class="s2">"SHOW DATABASES;"</span> | <span class="nb">tr</span> <span class="nt">-d</span> <span class="s2">"|"</span> | <span class="nb">grep</span> <span class="nt">-v</span> Database<span class="si">)</span> <span class="c"># 🔄 Loop through databases</span> <span class="k">for </span>DB <span class="k">in</span> <span class="nv">$databases</span><span class="p">;</span> <span class="k">do</span> <span class="c"># Skip system databases</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="nv">$DB</span><span class="s2">"</span> <span class="o">=</span> <span class="s1">'information_schema'</span> <span class="o">]</span> <span class="o">||</span> <span class="o">[</span> <span class="s2">"</span><span class="nv">$DB</span><span class="s2">"</span> <span class="o">=</span> <span class="s1">'performance_schema'</span> <span class="o">]</span> <span class="o">||</span> <span class="o">[</span> <span class="s2">"</span><span class="nv">$DB</span><span class="s2">"</span> <span class="o">=</span> <span class="s1">'mysql'</span> <span class="o">]</span> <span class="o">||</span> <span class="o">[</span> <span class="s2">"</span><span class="nv">$DB</span><span class="s2">"</span> <span class="o">=</span> <span class="s1">'sys'</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Skipping database: </span><span class="nv">$DB</span><span class="s2">"</span> <span class="k">continue fi</span> <span class="c"># Backup (with or without compression)</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="nv">$GZIP</span><span class="s2">"</span> <span class="nt">-eq</span> 0 <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Backing up database: </span><span class="nv">$DB</span><span class="s2"> (no compression)"</span> mysqldump <span class="nt">-h</span> <span class="s2">"</span><span class="nv">$HOST</span><span class="s2">"</span> <span class="nt">-u</span> <span class="s2">"</span><span class="nv">$USER</span><span class="s2">"</span> <span class="nt">-p</span><span class="s2">"</span><span class="nv">$PASSWORD</span><span class="s2">"</span> <span class="nt">--databases</span> <span class="s2">"</span><span class="nv">$DB</span><span class="s2">"</span> <span class="nt">--single-transaction</span> <span class="nt">--quick</span> <span class="nt">--extended-insert</span> <span class="nt">--compact</span> <span class="nt">--hex-blob</span> <span class="nt">--max-allowed-packet</span><span class="o">=</span>256M <span class="nt">--net-buffer-length</span><span class="o">=</span>2M <span class="o">&gt;</span> <span class="s2">"</span><span class="nv">$BACKUP_PATH</span><span class="s2">/</span><span class="k">${</span><span class="nv">DB</span><span class="k">}</span><span class="s2">-</span><span class="k">${</span><span class="nv">TIMESTAMP</span><span class="k">}</span><span class="s2">.sql"</span> <span class="k">else </span><span class="nb">echo</span> <span class="s2">"Backing up database: </span><span class="nv">$DB</span><span class="s2"> (with compression)"</span> mysqldump <span class="nt">-h</span> <span class="s2">"</span><span class="nv">$HOST</span><span class="s2">"</span> <span class="nt">-u</span> <span class="s2">"</span><span class="nv">$USER</span><span class="s2">"</span> <span class="nt">-p</span><span class="s2">"</span><span class="nv">$PASSWORD</span><span class="s2">"</span> <span class="nt">--databases</span> <span class="s2">"</span><span class="nv">$DB</span><span class="s2">"</span> <span class="nt">--single-transaction</span> <span class="nt">--quick</span> <span class="nt">--extended-insert</span> <span class="nt">--compact</span> <span class="nt">--hex-blob</span> <span class="nt">--max-allowed-packet</span><span class="o">=</span>256M <span class="nt">--net-buffer-length</span><span class="o">=</span>2M | <span class="nb">gzip</span> <span class="nt">-9</span> <span class="nt">-c</span> <span class="o">&gt;</span> <span class="s2">"</span><span class="nv">$BACKUP_PATH</span><span class="s2">/</span><span class="k">${</span><span class="nv">DB</span><span class="k">}</span><span class="s2">-</span><span class="k">${</span><span class="nv">TIMESTAMP</span><span class="k">}</span><span class="s2">.sql.gz"</span> <span class="k">fi done</span> <span class="c"># 🧹 Delete old backups</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="nv">$DAYS_TO_KEEP</span><span class="s2">"</span> <span class="nt">-gt</span> 0 <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Deleting backups older than </span><span class="nv">$DAYS_TO_KEEP</span><span class="s2"> days"</span> find <span class="s2">"</span><span class="nv">$BACKUP_PATH</span><span class="s2">"</span>/<span class="k">*</span> <span class="nt">-mtime</span> +<span class="s2">"</span><span class="nv">$DAYS_TO_KEEP</span><span class="s2">"</span> <span class="nt">-exec</span> <span class="nb">rm</span> <span class="o">{}</span> <span class="se">\;</span> <span class="k">fi</span> </code></pre> </div> <h2> 3.2) Add the Backup Script for single Database. </h2> <p>Paste this inside the file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="c">#----------------------------------------</span> <span class="c"># MySQL Backup Script</span> <span class="c">#----------------------------------------</span> <span class="c"># 🔧 Configuration</span> <span class="nv">HOST</span><span class="o">=</span><span class="s1">'mysql-localhost'</span> <span class="c"># MySQL server host</span> <span class="nv">USER</span><span class="o">=</span><span class="s1">'mysql-username'</span> <span class="c"># Username</span> <span class="nv">PASSWORD</span><span class="o">=</span><span class="s1">'mysql-password'</span> <span class="c"># Password</span> <span class="nv">DB</span><span class="o">=</span><span class="s1">'mysql-database'</span> <span class="nv">DAYS_TO_KEEP</span><span class="o">=</span>5 <span class="c"># Delete backups older than X days</span> <span class="nv">GZIP</span><span class="o">=</span>1 <span class="c"># 1 = gzip compression, 0 = plain .sql</span> <span class="nv">BACKUP_PATH</span><span class="o">=</span><span class="s1">'/home/backup/mysql'</span> <span class="c"># Location to store backups</span> <span class="c">#TIMESTAMP=$(date +"%d_%m_%Y_%H_%M_%S") # Date-time for unique file names</span> <span class="nv">TIMESTAMP</span><span class="o">=</span><span class="si">$(</span><span class="nb">date</span> <span class="nt">-d</span> <span class="s2">"yesterday"</span> +<span class="s2">"%d_%m_%Y"</span><span class="si">)</span> <span class="c">#Date-time for previous date file names. reminder here crontab use after 12 am</span> <span class="c">#----------------------------------------</span> <span class="c"># Create the backup folder</span> <span class="k">if</span> <span class="o">[</span> <span class="o">!</span> <span class="nt">-d</span> <span class="nv">$BACKUP_PATH</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">mkdir</span> <span class="nt">-p</span> <span class="nv">$BACKUP_PATH</span> <span class="k">fi</span> <span class="c"># Backup (with or without compression)</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="nv">$GZIP</span><span class="s2">"</span> <span class="nt">-eq</span> 0 <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Backing up database: </span><span class="nv">$DB</span><span class="s2"> (no compression)"</span> mysqldump <span class="nt">-h</span> <span class="s2">"</span><span class="nv">$HOST</span><span class="s2">"</span> <span class="nt">-u</span> <span class="s2">"</span><span class="nv">$USER</span><span class="s2">"</span> <span class="nt">-p</span><span class="s2">"</span><span class="nv">$PASSWORD</span><span class="s2">"</span> <span class="nt">--databases</span> <span class="s2">"</span><span class="nv">$DB</span><span class="s2">"</span> <span class="nt">--single-transaction</span> <span class="nt">--quick</span> <span class="nt">--extended-insert</span> <span class="nt">--compact</span> <span class="nt">--hex-blob</span> <span class="nt">--max-allowed-packet</span><span class="o">=</span>256M <span class="nt">--net-buffer-length</span><span class="o">=</span>2M <span class="o">&gt;</span> <span class="s2">"</span><span class="nv">$BACKUP_PATH</span><span class="s2">/</span><span class="k">${</span><span class="nv">DB</span><span class="k">}</span><span class="s2">-</span><span class="k">${</span><span class="nv">TIMESTAMP</span><span class="k">}</span><span class="s2">.sql"</span> <span class="k">else </span><span class="nb">echo</span> <span class="s2">"Backing up database: </span><span class="nv">$DB</span><span class="s2"> (with compression)"</span> mysqldump <span class="nt">-h</span> <span class="s2">"</span><span class="nv">$HOST</span><span class="s2">"</span> <span class="nt">-u</span> <span class="s2">"</span><span class="nv">$USER</span><span class="s2">"</span> <span class="nt">-p</span><span class="s2">"</span><span class="nv">$PASSWORD</span><span class="s2">"</span> <span class="nt">--databases</span> <span class="s2">"</span><span class="nv">$DB</span><span class="s2">"</span> <span class="nt">--single-transaction</span> <span class="nt">--quick</span> <span class="nt">--extended-insert</span> <span class="nt">--compact</span> <span class="nt">--hex-blob</span> <span class="nt">--max-allowed-packet</span><span class="o">=</span>256M <span class="nt">--net-buffer-length</span><span class="o">=</span>2M | <span class="nb">gzip</span> <span class="nt">-9</span> <span class="nt">-c</span> <span class="o">&gt;</span> <span class="s2">"</span><span class="nv">$BACKUP_PATH</span><span class="s2">/</span><span class="k">${</span><span class="nv">DB</span><span class="k">}</span><span class="s2">-</span><span class="k">${</span><span class="nv">TIMESTAMP</span><span class="k">}</span><span class="s2">.sql.gz"</span> <span class="k">fi</span> <span class="c"># Delete old backups</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="nv">$DAYS_TO_KEEP</span><span class="s2">"</span> <span class="nt">-gt</span> 0 <span class="o">]</span> <span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Deleting backups older than </span><span class="nv">$DAYS_TO_KEEP</span><span class="s2"> days"</span> find <span class="nv">$BACKUP_PATH</span>/<span class="k">*</span> <span class="nt">-mtime</span> +<span class="nv">$DAYS_TO_KEEP</span> <span class="nt">-exec</span> <span class="nb">rm</span> <span class="o">{}</span> <span class="se">\;</span> <span class="k">fi</span> </code></pre> </div> <h2> 4) Make the Script Executable </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">chmod</span> +x /home/backup/backup-mysql.sh </code></pre> </div> <h2> 5) Test the Script </h2> <p>Run it manually:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>/home/backup/backup-mysql.sh </code></pre> </div> <p>Backups will be stored inside:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>/home/backup/mysql/ </code></pre> </div> <h2> 6) Automate with Cron </h2> <p>Open crontab:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>crontab <span class="nt">-e</span> </code></pre> </div> <p>Add this line to run the backup daily at <strong>2:30 AM</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>30 2 <span class="k">*</span> <span class="k">*</span> <span class="k">*</span> /home/backup/backup-mysql.sh <span class="o">&gt;</span>/dev/null 2&gt;&amp;1 </code></pre> </div> <p>Restart cron service:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>systemctl restart cron </code></pre> </div> <h2> 🧠 How It Works (Script Breakdown) </h2> <ul> <li> <strong>Configuration variables</strong> → Define MySQL credentials, backup path, retention days. </li> <li> <strong>Timestamp</strong> → Ensures unique filenames (<code>dbname-24_08_2025_02_30_00.sql.gz</code>). </li> <li> <strong>Timestamp</strong> → Ensures previous filenames (<code>dbname-24_08_2025.sql.gz</code>). </li> <li> <strong>Database filtering</strong> → Skips system databases (<code>information_schema</code>, etc.). </li> <li> <strong>mysqldump with <code>--single-transaction</code></strong> → Ensures consistent snapshot for InnoDB without locking tables. </li> <li> <strong>gzip compression</strong> → Saves space. </li> <li> <strong>Retention policy (<code>find -mtime</code>)</strong> → Deletes backups older than 5 days. </li> </ul> <h2> ✅ Conclusion </h2> <p>With just a few lines of Bash and a cron job, you’ve automated MySQL backups. </p> <ul> <li>Backups run <strong>every day at 2:30 AM</strong> </li> <li>Old backups <strong>older than 5 days are automatically removed</strong> </li> <li>The script is simple to extend for remote storage, logging, or notifications </li> </ul> <p>Automating backups is a small investment that can <strong>save you hours—or even your entire project—in case of data loss</strong>. </p> bash mysql automation devops Fail2Ban: The Essential Security Tool for Preventing Attacks on Linux Servers M. K. Tanjin Sarker Sun, 24 Aug 2025 17:38:40 +0000 https://dev.to/tanjinsarker/fail2ban-the-essential-security-tool-for-preventing-attacks-on-linux-servers-559d https://dev.to/tanjinsarker/fail2ban-the-essential-security-tool-for-preventing-attacks-on-linux-servers-559d <h1> 🚀 Fail2Ban Setup with Email Alerts (msmtp + Gmail) </h1> <p>This guide explains how to install, configure, and use <strong>Fail2Ban</strong> to protect your server from brute-force attacks, block malicious requests, and send email alerts via <strong>msmtp + Gmail</strong>.</p> <h2> 📌 1. Install Fail2Ban </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt update <span class="nb">sudo </span>apt <span class="nb">install </span>fail2ban <span class="nt">-y</span> </code></pre> </div> <p>Enable and start the service:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>systemctl <span class="nb">enable </span>fail2ban <span class="nb">sudo </span>systemctl start fail2ban <span class="nb">sudo </span>systemctl status fail2ban </code></pre> </div> <h2> 📌 2. Configure Fail2Ban </h2> <h3> Copy default configuration: </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo cp</span> /etc/fail2ban/jail.conf /etc/fail2ban/jail.local </code></pre> </div> <p>Or open directly:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>nano /etc/fail2ban/jail.local </code></pre> </div> <h3> Example <code>jail.local</code> configuration: </h3> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="nn">[DEFAULT]</span> <span class="c"># Ban settings </span><span class="py">bantime</span> <span class="p">=</span> <span class="s">1m</span> <span class="py">findtime</span> <span class="p">=</span> <span class="s">10m</span> <span class="py">maxretry</span> <span class="p">=</span> <span class="s">2</span> <span class="py">backend</span> <span class="p">=</span> <span class="s">auto</span> <span class="py">banaction</span> <span class="p">=</span> <span class="s">ufw</span> <span class="py">action</span> <span class="p">=</span> <span class="s">%(action_mwl)s</span> <span class="c"># Email notification </span><span class="py">destemail</span> <span class="p">=</span> <span class="s">tanjinsarker@gmail.com</span> <span class="py">sender</span> <span class="p">=</span> <span class="s">tanjinfail2ban@gmail.com</span> <span class="py">mta</span> <span class="p">=</span> <span class="s">sendmail</span> <span class="c"># Ignore trusted IPs </span><span class="py">ignoreip</span> <span class="p">=</span> <span class="s">127.0.0.1/8 ::1</span> <span class="c"># Logging </span><span class="py">loglevel</span> <span class="p">=</span> <span class="s">INFO</span> <span class="py">logtarget</span> <span class="p">=</span> <span class="s">/var/log/fail2ban.log</span> <span class="c"># 🚀 Protect SSH </span><span class="nn">[sshd]</span> <span class="py">enabled</span> <span class="p">=</span> <span class="s">true</span> <span class="c"># 🚀 Block malicious file requests (.php, .asp, .jsp, .exe) </span><span class="nn">[php-url-ban]</span> <span class="py">enabled</span> <span class="p">=</span> <span class="s">true</span> <span class="py">filter</span> <span class="p">=</span> <span class="s">php-url</span> <span class="py">port</span> <span class="p">=</span> <span class="s">http,https</span> <span class="py">logpath</span> <span class="p">=</span> <span class="s">/var/www/html/access.log</span> </code></pre> </div> <h2> 📌 3. Create Custom Fail2Ban Filter </h2> <p>Create a new filter for suspicious <code>.php</code>, <code>.asp</code>, <code>.jsp</code>, <code>.exe</code> requests:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>nano /etc/fail2ban/filter.d/php-url.conf </code></pre> </div> <p>Add the following:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="nn">[Definition]</span> <span class="py">failregex</span> <span class="p">=</span> <span class="s">^&lt;HOST&gt; -.*"(GET|POST).*</span><span class="se">\.</span><span class="s">(php|asp|jsp|exe)(</span><span class="se">\?</span><span class="s">.*)? HTTP.*"</span> <span class="py">ignoreregex</span> <span class="p">=</span> </code></pre> </div> <h2> 📌 4. Manage Fail2Ban </h2> <h3> Check active jails: </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>fail2ban-client status | <span class="nb">grep</span> <span class="s2">"Jail list"</span> | <span class="nb">cut</span> <span class="nt">-d</span>: <span class="nt">-f2</span> | <span class="nb">tr</span> <span class="s1">','</span> <span class="s1">'\n'</span> | <span class="k">while </span><span class="nb">read </span>jail<span class="p">;</span> <span class="k">do </span><span class="nb">echo</span> <span class="s2">"Jail: </span><span class="nv">$jail</span><span class="s2">"</span> <span class="nb">sudo </span>fail2ban-client status <span class="s2">"</span><span class="nv">$jail</span><span class="s2">"</span> | <span class="nb">grep</span> <span class="s2">"Banned IP list"</span> <span class="k">done</span> </code></pre> </div> <h3> Ban / Unban IPs manually: </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Ban IP</span> <span class="nb">sudo </span>fail2ban-client <span class="nb">set </span>sshd banip 192.168.68.129 <span class="c"># Unban IP</span> <span class="nb">sudo </span>fail2ban-client <span class="nb">set </span>sshd unbanip 192.168.68.129 <span class="c"># Check if an IP is banned</span> <span class="nb">sudo </span>fail2ban-client get sshd banip 192.168.68.129 </code></pre> </div> <h2> 📌 5. Firewall Configuration </h2> <p>Ensure only <strong>one firewall backend</strong> is active.</p> <h3> Check status: </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>systemctl is-active ufw <span class="nb">sudo </span>systemctl is-active firewalld <span class="nb">sudo </span>systemctl is-active nftables </code></pre> </div> <h3> Disable unused backends: </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Disable firewalld</span> <span class="nb">sudo </span>systemctl stop firewalld <span class="nb">sudo </span>systemctl disable firewalld <span class="nb">sudo </span>systemctl mask firewalld <span class="c"># Disable nftables</span> <span class="nb">sudo </span>systemctl stop nftables <span class="nb">sudo </span>systemctl disable nftables <span class="nb">sudo </span>systemctl mask nftables </code></pre> </div> <h3> Re-enable if needed: </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>systemctl unmask firewalld <span class="nb">sudo </span>systemctl unmask nftables </code></pre> </div> <h2> 📌 6. Install msmtp (Email Relay) </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt <span class="nb">install </span>msmtp msmtp-mta mailutils </code></pre> </div> <h2> 📌 7. Configure msmtp </h2> <p>Edit config:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>nano /etc/msmtprc </code></pre> </div> <p>Example <code>msmtprc</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="err">defaults</span> <span class="err">auth</span> <span class="err">on</span> <span class="err">tls</span> <span class="err">on</span> <span class="err">tls_trust_file</span> <span class="err">/etc/ssl/certs/ca-certificates.crt</span> <span class="err">logfile</span> <span class="err">~/.msmtp.log</span> <span class="err">account</span> <span class="err">gmail</span> <span class="err">host</span> <span class="err">smtp.gmail.com</span> <span class="err">port</span> <span class="err">587</span> <span class="err">from</span> <span class="err">tanjinfail2ban@gmail.com</span> <span class="err">user</span> <span class="err">tanjinfail2ban@gmail.com</span> <span class="err">password</span> <span class="err">*********</span> <span class="err">account</span> <span class="err">default</span> <span class="err">:</span> <span class="err">gmail</span> </code></pre> </div> <h3> Set permissions: </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo chown </span>root:root /etc/msmtprc <span class="nb">sudo chmod </span>600 /etc/msmtprc </code></pre> </div> <p>If running as non-root user:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo chown</span> <span class="nv">$USER</span>:<span class="nv">$USER</span> ~/.msmtprc <span class="nb">sudo chmod </span>600 ~/.msmtprc </code></pre> </div> <p>Or make globally readable:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo chmod </span>644 /etc/msmtprc <span class="nb">sudo </span>systemctl restart fail2ban </code></pre> </div> <p>Restart Fail2ban:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>systemctl restart fail2ban </code></pre> </div> <h2> 📌 8. Test Email Sending </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">echo</span> <span class="nt">-e</span> <span class="s2">"Subject: test</span><span class="se">\n\n</span><span class="s2">This is a test email"</span> | msmtp <span class="nt">--debug</span> <span class="nt">-a</span> gmail tanjinsarker@gmail.com </code></pre> </div> <p>Check your inbox to verify delivery.</p> <h2> 📌 9. Testing Fail2Ban Functionality </h2> <h3> Test SSH protection: </h3> <ol> <li>Attempt multiple failed SSH logins from a different IP (up to <code>maxretry</code>). </li> <li>Check if the IP gets banned: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>fail2ban-client status sshd </code></pre> </div> <ol> <li>Verify email notification was sent.</li> </ol> <h3> Test Web filter (<code>php-url-ban</code>): </h3> <ol> <li>Simulate a request to a forbidden URL (e.g., <code>.php</code>, <code>.asp</code>): </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl http://your-server-ip/test.php </code></pre> </div> <ol> <li>Check if the IP appears in the banned list: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>fail2ban-client status php-url-ban </code></pre> </div> <ol> <li>Check your email for the ban alert.</li> </ol> <h3> Test Filter Regex Manually </h3> <p>Before banning, you can <strong>test the filter regex</strong> against your access log:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>fail2ban-regex /var/www/html/access.log /etc/fail2ban/filter.d/php-url.conf </code></pre> </div> <p>This will:</p> <ul> <li>Show which lines match the filter.</li> <li>Confirm your <code>php-url</code> filter works correctly.</li> <li>Help troubleshoot if IPs are not being banned.</li> </ul> <h2> 📌 10. SSH Successful Login Email Alerts </h2> <p>This guide explains how to configure your server so that <strong>every successful SSH login triggers an email alert</strong>. This method uses PAM (Pluggable Authentication Modules), which integrates directly with the SSH login process.</p> <h2> Requirements </h2> <ul> <li>A working mail service on your server (e.g., <code>postfix</code>, <code>sendmail</code>, or an SMTP relay)</li> <li>Root or sudo access</li> </ul> <h2> Step 1: Edit PAM SSH Configuration </h2> <p>Open the PAM configuration for SSH:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>nano /etc/pam.d/sshd </code></pre> </div> <p>At the end of the file, add the following line:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>session optional pam_exec.so seteuid /usr/local/bin/ssh-login-alert.sh </code></pre> </div> <p>This tells PAM to run our custom script on every successful SSH login.</p> <h2> Step 2: Create the Alert Script </h2> <p>Create a new script at <code>/usr/local/bin/ssh-login-alert.sh</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>nano /usr/local/bin/ssh-login-alert.sh </code></pre> </div> <p>Paste the following content:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="nv">USERNAME</span><span class="o">=</span><span class="si">$(</span><span class="nb">whoami</span><span class="si">)</span> <span class="nv">IP</span><span class="o">=</span><span class="si">$(</span><span class="nb">echo</span> <span class="nv">$PAM_RHOST</span><span class="si">)</span> <span class="nv">HOST</span><span class="o">=</span><span class="si">$(</span><span class="nb">hostname</span><span class="si">)</span> <span class="nv">DATE</span><span class="o">=</span><span class="si">$(</span><span class="nb">date</span> <span class="s1">'+%Y-%m-%d %H:%M:%S'</span><span class="si">)</span> <span class="nv">MESSAGE</span><span class="o">=</span><span class="s2">"SSH Login on </span><span class="nv">$HOST</span><span class="s2"> User: </span><span class="nv">$USERNAME</span><span class="s2"> From: </span><span class="nv">$IP</span><span class="s2"> Date: </span><span class="nv">$DATE</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">"</span><span class="nv">$MESSAGE</span><span class="s2">"</span> | mail <span class="nt">-s</span> <span class="s2">"SSH Login Alert on </span><span class="nv">$HOST</span><span class="s2">"</span> you@example.com </code></pre> </div> <blockquote> <p>🔧 Replace <code>you@example.com</code> with your actual email address.</p> </blockquote> <h2> Step 3: Make Script Executable </h2> <p>Run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo chmod</span> +x /usr/local/bin/ssh-login-alert.sh </code></pre> </div> <h2> Step 4: Restart SSH Service </h2> <p>Apply changes by restarting SSH:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>systemctl restart sshd </code></pre> </div> <h2> Step 5: Test </h2> <ol> <li>Log out of your server.</li> <li>Log back in via SSH.</li> <li>Check your email inbox.</li> </ol> <p>You should receive an alert similar to:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>SSH Login on myserver User: root From: 192.168.1.100 Date: 2025-08-27 12:34:56 </code></pre> </div> <h2> Notes </h2> <ul> <li>Ensure your mail system is properly configured; otherwise, emails will not be delivered.</li> <li>For added reliability, consider also logging alerts to a file.</li> <li>This method works for <strong>all SSH users</strong> system-wide.</li> </ul> <p>✅ Done! You now receive an email on <strong>every successful SSH login</strong>.</p> <h2> ✅ Final Notes </h2> <ul> <li>Fail2Ban is now protecting <strong>SSH</strong> and <strong>web access logs</strong> from malicious requests. </li> <li>Emails will be sent using <strong>msmtp (Gmail SMTP relay)</strong>. </li> <li>Always secure your Gmail account with an <strong>App Password</strong> (never your real Gmail password).</li> </ul>