Staff Picks
See AllInstall Libreoffice
PickSets up Libreoffice in the VM to make soffice command available. It can be used for various office file conversions.
# Ensure the package list is up-to-date
echo "Updating package list..."
sudo apt-get update -y
Install & enable Imagick on PHP8.4
PickInstall imagick & imagick from pecl & connection the extension
#!/bin/bash
if [ "$EUID" -ne 0 ]
then echo "Please run as root"
Change all SSL sites on this server to use HSTS
PickHSTS is a setting you can enable on your SSL-enabled domains to ensure browsers will never connect to the non-secured version of your web site. https://https.cio.gov/hsts/ If you run this scr...
# Set the text we want to insert into each record
INSERT='\ # Enable HSTS (added manually)\n add_header Strict-Transport-Security "max-age=31536000" always;\n'
# For every site in sites-available without the phrase "HSTS" in it...
Artisan Helper
PickAdding `art` for artisan to the bash profile for easy access. It will work in envoyer style deploys looking for artisan in `./current` and `./default/current` directories.
#!/bin/bash
# Make using artisan a little easier
#
Install VIPS library command line tools
PickVIPS is a high speed library for image processing, happily handling images of any size on any amount of RAM available. For example resizing of 20,000x5,000 image to 1,200 x312 pixel dimension take...
sudo apt-get install libvips
sudo apt-get install libvips-toolsRecent Recipes
See Morefail2ban jail.local config - Ingress Server
Configures fail2ban to protect against SSH brute force attacks, malicious bots, rate limit abuse, and vulnerability scanners. Run on load balancers or standalone web servers that receive direct int...
#!/bin/bash
set -e
# Ensure script is run as root
Install Libreoffice
PickSets up Libreoffice in the VM to make soffice command available. It can be used for various office file conversions.
# Ensure the package list is up-to-date
echo "Updating package list..."
sudo apt-get update -y
Install & enable Imagick on PHP8.4
PickInstall imagick & imagick from pecl & connection the extension
#!/bin/bash
if [ "$EUID" -ne 0 ]
then echo "Please run as root"
CraftCMS RCE Vulnerability Patch
A remote code execution vulnerability was discovered late 2024 that potentially makes Craft sites vulnerable to remote code execution attacks (CVE-2024-56145). This solution is suggested by the ...
#!/usr/bin/env bash
# ============================================================================
# Title: Forge CraftCMS RCE Patch
Harden and Optimise Nginx/SSL
Hardens Nginx and Optimises Nginx SSL. Pretty much automates this guide > https://beguier.eu/nicolas/articles/nginx-tls-security-configuration.html
#!/usr/bin/env bash
# Ensure the script is run as root
if [ "$EUID" -ne 0 ]; then
Blank Default Site
Find the default site and remove all code from the index.html so that when visiting the servers IP address, it no longer displays a Laravel Forge welcome page.
#!/usr/bin/env bash
# Check if running as root
if [[ $EUID -ne 0 ]]; then
Update PHP-FPM Settings - All Installed PHP Versions.
This script will loop through the php-fpm php.ini files for all installed PHP versions and replace the settings with the ones defined in this file. Just update the replacers[] array and run.
#!/usr/bin/env bash
declare -A replacers
Install Docker
sudo apt-get update
sudo apt-get -y install ca-certificates curl
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
ClamAV
ClamAV® is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
# install ClamAV
sudo apt-get -y --force-yes install clamav clamav-daemon
# Configure