Installing Site Wrangler
Full Install
If you have already installed Site Wrangler in a system before, you may find it faster to skip down to the Quick Install section. This guide assumes that you are running a root terminal shell on your server. To get to a root shell, you can use one of these two lines depending on your operating system:
su - sudo -i
First, let’s fetch Site Wrangler in the correct folder:
cd /opt/ git clone https://github.com/Rondore/sitewrangler.git cd sitewrangler/
If you got an error that git is not a command, you will need to install git and retry the git command.
Now we have a choice. If the server will only be used as a webhost and not for email, we can run just the installWebServer.sh file. Conversely, if we are only using the server for email and not as a webhost, we can run just installMailServer.sh.
It is important to note that these installers do overwrite some configuration files on your system. If you are converting an existing webserver to Site Wrangler, you will need to audit the installers you are using and adjust as needed.
The commands to run the installers are:
./bin/installCore.sh
./bin/installWebServer.sh
./bin/installMailServer.sh
./bin/installCsf.sh
If you modify your installer(s), then you will also likely need to adjust the configuration of Site Wrangler. See this guide on how to manually configure Site Wrangler.
If you install the web server and not the mail server, be sure to install sendmail if you want to get admin notifications from the server.
Firewall Whitelisting
You must whitelist your IP in the firewall to access the server with SSH. Run this line (replacing the IP address with your public IP) to grant your IP address SSH access to the server. This will add your IP to the file /etc/csf/csf.allow:
csf -a d=22|s=192.168.0.10
You will likely also want to prevent your server from notifying you every time you SSH into the server and also prevent the server from blocking you due to traffic that the server finds suspicious. To do both of these things, add your IP address to the file /etc/csf/csf.ignore
You can also whitelist any IPs of your choice for other services such as MySQL (port 3306) at this point.
Initial Configuration
First, let’s set your ip configuration. You need to know your local and public IP addresses.
Your local IP address is your IP address as your server knows it. It can be found by running ifconfig or similar utilities. This IP is used for things like binding services to an IP and port.
Your public IP address is your IP address as it’s known to the wider internet. This IP is used for things like DNS zone records. In some cases, your local and public IP address can be the same, but in cases like the cloud, you often have separate public and local IPs.
sw setting set local_ip 192.168.0.1 sw setting set public_ip 192.168.0.1 sw setting set ip6 2006::0001
Next we need to set the DNS settings. The first two are the DNS nameserver domain names to use in all new DNS zone records. These names need to point to existing ghost records. (Genrally speaking if you own example.com and your domain registrar let you set the nameservers for example.com to ns1.example.com and ns2.example.com and also allowed you to set the IP addresses for each to your server, then you have ghost records set)
sw setting set nameserver_one ns1.example.com sw setting set nameserver_two ns2.example.com
One last DNS setting to set is your DNS authority record to use for all new DNS zones. This value is used in DNS SOA records. This domain name should point to your server. (It’s okay to use a name you are just about to create a record for)
sw setting set dns_authority dns-admin.example.com
To get notifications from the server about security issues and build issues, set an email address to receive these warnings.
sw setting set system_admin_email user@example.com
Now that we have all our settings in place, you can reload the firewall to apply the new firewall. Do not run this before whitelisting your IP address in the previous steps. Otherwise you may lock yourself out of your server!
csf -ra
First Build
First, let’s start a screen on the server to run our build inside of. This will allow us to return to the build if we lose connection to the server.
screen -S swbuild
Once inside the screen, let’s enable a version of PHP if we need one. You can skip postgresql if you do not need it.
sw build install pecl-imagick postgresql php-8.3
We will also need to install nginx.
sw build install modsec-rules nginx
Next Steps
Congratulations, your server is now ready to start deploying websites. For an easy way to install WordPress, use the sw wp add command. Otherwise, you can follow and/or alter the steps in the manual site setup guide.
For setting up email, you can follow this guide.
Quick Install
Update your system and then run these commands as root, but only if your system is not yet a web or email server:
cd /opt/; git clone git@github.com:Rondore/sitewrangler.git; cd sitewrangler/; ./bin/installCore.sh; ./bin/installWebServer.sh; ./bin/installMailServer.sh; ./bin/installCsf.sh; if [ -n "$SSH_CLIENT" ] ; then echo $SSH_CLIENT | awk '{print "d=22|s=" $1}' | xargs csf -a; fi
Then set each required setting to the appropriate values:
sw setting set local_ip 192.168.0.1 sw setting set public_ip 192.168.0.1 sw setting set ip6 2006::0001 sw setting set nameserver_one ns1.example.com sw setting set nameserver_two ns2.example.com sw setting set dns_authority dns-admin.example.com sw setting set system_admin_email user@example.com
Now we need to add your IP and all administrators’ IP addresses to the firewall whitelist. We can do this for just the SSH port like this. You can also whitelist these IPs for other services such as MySQL (port 3306) at this point.
csf -a d=22|s=192.168.0.10
You will also want to add your IP address to /etc/csf/csf.ignore to avoid getting yourself blocked by firewall rules. Once that is done, you can reload the firewall to apply it’s settings. Do not run this before whitelisting your IP address.
csf -ra
Now you’re all set to start the first software build.
sw build install pecl-imagick postgresql php-8.3 modsec-rules nginx