https://github.com/digitalocean/do_user_scripts/blob/master/Ubuntu-14.04/network/open-vpn.yml

I update it to this and it seems to work fine now.

IPADDR=$(curl -s "http://canihazip.com/s")

Ubuntu16.04/cms/wordpress.sh only works on droplet with SSH keys. Does this script required droplet with the SSH leys?

sed -i "s/'DB_PASSWORD', 'password_here'/'DB_PASSWORD', '$wpmysqlpass'/g" /tmp/wordpress/wp-config.php;
sed: -e expression #1, char 54: unknown option to `s'

My $wpmysqlpass included a '/' forward slash in it when it was randomly generated.

Any chance of making this script work for ubuntu 16.04?

As we know there are many ways to create a default firewall. I would like to contribute a default policy that is not installed in the droplets, I will be using iptables tested under debian gnu/linux.

https://github.com/digitalocean/do_user_scripts/blob/master/Ubuntu-15.10/web-servers/lamp-phpmyadmin.yml

I would like to see a user-script for PHP 7 using the latest version of Ubuntu.

Thanks!

Spencer Thayer

For Ubuntu 14.04.3, it seems a package is needed: mysql-server-5.5
Using this script, I was unable to get nginx working or even recognized until I installed mysql-server-5.5 after the apt package manager gave me the following error:

The following packages have unmet dependencies:
 mysql-server : Depends: mysql-server-5.5 

After using apt to install mysql-server-5.5, nginx is now recognized and working.

In the routing setup you have 10.8.0.0/8 set. Isn't that equivalent to 10.0.0.0/8? Is that intentional or should it be 10.8.0.0/16?

I followed this tutorial over: https://www.digitalocean.com/community/tutorials/how-to-use-cloud-config-for-your-initial-server-setup

Then I copy-paste this guy in User Data, (updated the ssh-key) and tried it ...

#cloud-config
users:
  - name: demo
    ssh-authorized-keys:
      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCv60WjxoM39LgPDbiW7ne3gu18q0NIVv0RE6rDLNal1quXZ3nqAlANpl5qmhDQ+GS/sOtygSG4/9aiOA4vXO54k1mHWL2irjuB9XbXr00+44vSd2q/vtXdGXhdSMTf4/XK17fjKSG/9y3yD6nml6q9XgQxx9Vf/IkaKdlK0hbC1ds0+8h83PTb9dF3L7hf3Ch/ghvj5++tWJFdFeG+VI7EDuKNA4zL8C5FdYYWFA88YAmM8ndjA5qCjZXIIeZvZ/z9Kpy6DL0QZ8T3NsxRKapEU3nyiIuEAmn8fbnosWcsovw0IS1Hz6HsjYo4bu/gA82LWt3sdRUBZ/7ZsVD3ELip [email protected]
    sudo: ['ALL=(ALL) NOPASSWD:ALL']
    groups: sudo
    shell: /bin/bash
runcmd:
  - sed -i -e '/^Port/s/^.*$/Port 4444/' /etc/ssh/sshd_config
  - sed -i -e '/^PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config

but ... nothing !?

I'm using the docker image 1.12.1

It would be VERY nice to have updated cloud-inits over Github the way http://cloudinit.readthedocs.io/en/latest/topics/examples.html is doing it.

This is need for serious cloud operation.
Cheers!

I used the Open VPN userdata script when building my droplet. Presumably I now need to continue at step 3 of the tutorial at https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-14-04

But when I try to execute the command './build-key client1', it gives me the following error:

Please edit the vars script to reflect your configuration,
then source it with "source ./vars".
Next, to start with a fresh PKI configuration and to delete any
previous certificates and keys, run "./clean-all".
Finally, you can run this tool (pkitool) to build certificates/keys.

When trying to delete/add a plugin, I am prompted with a "Connection Information" screen, which ask for FTP information (which doesn't work) [Most likely a(n) write error (upon creation of the droplet using the userscript, I get "Broken Pipe" and "Write Error" )]

When looking usr/root/passwords.txt I find:

"Root MySQL Password"
"Wordpress MySQL Password"

With no password following them. (Line 13/14 in the user script)

I POST the following data to https://api.digitalocean.com/v2/droplets

{"name":"1470293222","image":"ubuntu-16-04-x64","size":"512mb","user_data":"#!/bin/bash\ncurl http://www.myserver.com","region":"nyc1"}

This should create a new droplet and run the script in user_data, but no matter what I do, I can't seem to get the script to run.

Strangely if I launch a Droplet from the Digital Ocean console - which appears NOT to use the REST API, then the userdata script appears to work OK

Anyone got any idea how to make a Digital Ocean boot script work?

Creating a user not named "root" seems to be suggested via the DO docs. But if I run this user script WordPress is installed by the root user and I have to add the ssh keys to my new user, plus sort out the site's permissions. Could this be automated?

test

Sed used with options (https://github.com/digitalocean/do_user_scripts/blob/master/Ubuntu-14.04/network/open-vpn.yml#L10)

sed -ie 's/.../.../' file.crt

does not only in-place editing but adds suffix 'e' to filename, causing result to be saved in

file.crte

This is due man sed:

       -i[SUFFIX], --in-place[=SUFFIX]

              edit files in place (makes backup if SUFFIX supplied)

where the 'e' is interpreted as param for -i option and not as next option -e and sed works with script supplied as first arg (if there is no other script supplied).
This simply breaks the whole script.

Solution: replace all sed commands dividing the options properly:

sed -i -e 's/.../.../' file.crt

the -e option in fact, is not necessary (but everybody uses sed in this way).
Working environment: Ubuntu 14.04 LTS, sed --version
sed (GNU sed) 4.2.2

When in the WordPress admin, if I try to install a plugin I get the following error:

Installing Plugin from uploaded file: wppusher.zip
Unpacking the package…

Could not create directory.

Which makes me think the script isn't setting the correct permissions on the wp-content folder?

ls -l wp-content output is:

drwxrwxr-x 20 www-data www-data 4096

Many of your users prefer to use FreeBSD for its UNIX kernel.

Some of use have our own scripts, but we would like a place to share them and see what DO come up with for automating the updates of core applications and services within the many droplets we create.

So, I was reading this article on securing droplets and I thought that most of this is just grunt work. Stuff that should be done by default, but the one click installs do none of this. So how about a few scripts so that users who want greater security (which is pretty much essential for the likes of wordpress)?

Stuff like setting up secure SSH, firewall rules, SSL, some basic auditing/pentesting scripts etc.

What do you think?

https://github.com/digitalocean/do_user_scripts/blob/master/Ubuntu-14.04/network/open-vpn.yml

This user script needs an update. I'm not sure why, but now I have to add this iptables command to get traffic to go through the VPN:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

I use Docker a lot and the project is updating very quickly.

The DO image is not following the standard installation setup. i.e. 8) Save and close the /etc/apt/sources.list.d/docker.list file. is not set so it's a pain to update Docker.

It would be awesome to open source the scripts you are using to create DO images. The community would improve it and we could all make sure we are using best practice for the Docker image.

Thanks!

Script : lemp.yml

Hi, from your script appear you miss to enable and run mariadb-server after install it :

systemctl enable mariadb
systemctl restart mariadb

Additional, to secure it :

mysql_secure_installation

Regards,
LainX84