mysql_install/mysql_install.sh

#!/usr/bin/env bash
set -Eeuo pipefail

# ============================================================
# Arch Linux: MariaDB + Apache + PHP + phpMyAdmin installer
# Fixes Apache threaded MPM issue by switching to prefork
# ============================================================
#
# Usage:
#   sudo bash install_mariadb_phpmyadmin_arch.sh
#
# Optional:
#   sudo DB_ROOT_PASSWORD='yourpassword' bash install_mariadb_phpmyadmin_arch.sh
#
# ============================================================

DB_ROOT_PASSWORD="${DB_ROOT_PASSWORD:-}"
HTTPD_CONF="/etc/httpd/conf/httpd.conf"
PHP_INI="/etc/php/php.ini"
PHPMYADMIN_APACHE_CONF="/etc/httpd/conf/extra/phpmyadmin.conf"
PHPMYADMIN_MAIN_CONF="/etc/webapps/phpmyadmin/config.inc.php"
MARIADB_DATA_DIR="/var/lib/mysql"
WEBROOT="/srv/http"
INFO_FILE="${WEBROOT}/info.php"

log() {
  echo
  echo "============================================================"
  echo "[INFO] $*"
  echo "============================================================"
}

warn() {
  echo
  echo "[WARN] $*" >&2
}

die() {
  echo
  echo "[ERROR] $*" >&2
  exit 1
}

require_root() {
  if [[ "${EUID}" -ne 0 ]]; then
    die "Run this script as root: sudo bash $0"
  fi
}

backup_file() {
  local file="$1"
  if [[ -f "$file" ]]; then
    cp -an "$file" "${file}.bak.$(date +%Y%m%d%H%M%S)"
  fi
}

append_if_missing() {
  local file="$1"
  local line="$2"
  grep -Fqx "$line" "$file" 2>/dev/null || echo "$line" >> "$file"
}

configure_apache_mpm_for_php() {
  log "Switching Apache from threaded MPM to prefork for mod_php"

  backup_file "$HTTPD_CONF"

  if grep -Eq '^[[:space:]]*LoadModule mpm_event_module modules/mod_mpm_event.so' "$HTTPD_CONF"; then
    sed -i 's|^[[:space:]]*LoadModule mpm_event_module modules/mod_mpm_event.so|#LoadModule mpm_event_module modules/mod_mpm_event.so|' "$HTTPD_CONF"
  fi

  if grep -Eq '^[#[:space:]]*LoadModule mpm_prefork_module modules/mod_mpm_prefork.so' "$HTTPD_CONF"; then
    sed -i 's|^[#[:space:]]*LoadModule mpm_prefork_module modules/mod_mpm_prefork.so|LoadModule mpm_prefork_module modules/mod_mpm_prefork.so|' "$HTTPD_CONF"
  elif ! grep -Eq '^[[:space:]]*LoadModule mpm_prefork_module modules/mod_mpm_prefork.so' "$HTTPD_CONF"; then
    sed -i '/mod_unixd.so/a LoadModule mpm_prefork_module modules/mod_mpm_prefork.so' "$HTTPD_CONF" || true
    if ! grep -Eq '^[[:space:]]*LoadModule mpm_prefork_module modules/mod_mpm_prefork.so' "$HTTPD_CONF"; then
      echo 'LoadModule mpm_prefork_module modules/mod_mpm_prefork.so' >> "$HTTPD_CONF"
    fi
  fi
}

enable_php_module_httpd() {
  log "Configuring Apache for PHP"

  backup_file "$HTTPD_CONF"

  if grep -Eq '^[#[:space:]]*LoadModule php_module modules/libphp.so' "$HTTPD_CONF"; then
    sed -i 's|^[#[:space:]]*LoadModule php_module modules/libphp.so|LoadModule php_module modules/libphp.so|' "$HTTPD_CONF"
  elif ! grep -Eq '^[[:space:]]*LoadModule php_module modules/libphp.so' "$HTTPD_CONF"; then
    echo 'LoadModule php_module modules/libphp.so' >> "$HTTPD_CONF"
  fi

  append_if_missing "$HTTPD_CONF" "AddHandler php-script .php"
  append_if_missing "$HTTPD_CONF" "Include conf/extra/php_module.conf"
  append_if_missing "$HTTPD_CONF" "Include conf/extra/phpmyadmin.conf"
}

configure_php() {
  log "Configuring PHP extensions for MariaDB"

  backup_file "$PHP_INI"

  sed -i 's|^[;[:space:]]*extension=mysqli|extension=mysqli|' "$PHP_INI" || true
  sed -i 's|^[;[:space:]]*extension=pdo_mysql|extension=pdo_mysql|' "$PHP_INI" || true

  if ! grep -Eq '^extension=mysqli' "$PHP_INI"; then
    echo 'extension=mysqli' >> "$PHP_INI"
  fi

  if ! grep -Eq '^extension=pdo_mysql' "$PHP_INI"; then
    echo 'extension=pdo_mysql' >> "$PHP_INI"
  fi
}

configure_phpmyadmin_apache() {
  log "Writing Apache config for phpMyAdmin"

  mkdir -p "$(dirname "$PHPMYADMIN_APACHE_CONF")"

  cat > "$PHPMYADMIN_APACHE_CONF" <<'EOF'
Alias /phpmyadmin "/usr/share/webapps/phpMyAdmin"

<Directory "/usr/share/webapps/phpMyAdmin">
    DirectoryIndex index.php
    AllowOverride All
    Options FollowSymLinks
    Require all granted
</Directory>
EOF
}

generate_blowfish_secret() {
  if command -v openssl >/dev/null 2>&1; then
    openssl rand -base64 32 | tr -d '\n'
  else
    head -c 32 /dev/urandom | base64 | tr -d '\n'
  fi
}

configure_phpmyadmin_main() {
  log "Configuring phpMyAdmin"

  [[ -f "$PHPMYADMIN_MAIN_CONF" ]] || die "phpMyAdmin config not found at $PHPMYADMIN_MAIN_CONF"

  backup_file "$PHPMYADMIN_MAIN_CONF"

  local blowfish
  blowfish="$(generate_blowfish_secret)"

  if grep -Eq "auth_type" "$PHPMYADMIN_MAIN_CONF"; then
    sed -i "s|\(\$cfg\['Servers'\]\[\$i\]\['auth_type'\][[:space:]]*=[[:space:]]*\).*|\1'cookie';|" "$PHPMYADMIN_MAIN_CONF" || true
  else
    cat >> "$PHPMYADMIN_MAIN_CONF" <<EOF

\$cfg['Servers'][\$i]['auth_type'] = 'cookie';
EOF
  fi

  if grep -Eq "blowfish_secret" "$PHPMYADMIN_MAIN_CONF"; then
    sed -i "s|\(\$cfg\['blowfish_secret'\][[:space:]]*=[[:space:]]*\).*|\1'${blowfish}';|" "$PHPMYADMIN_MAIN_CONF" || true
  else
    cat >> "$PHPMYADMIN_MAIN_CONF" <<EOF

\$cfg['blowfish_secret'] = '${blowfish}';
EOF
  fi
}

initialize_mariadb() {
  log "Initializing MariaDB if needed"

  if [[ ! -d "$MARIADB_DATA_DIR/mysql" ]]; then
    mariadb-install-db --user=mysql --basedir=/usr --datadir="$MARIADB_DATA_DIR"
  else
    warn "MariaDB data directory already appears initialized; skipping mariadb-install-db"
  fi
}

test_httpd_config() {
  log "Testing Apache configuration"
  httpd -t
}

start_enable_services() {
  log "Enabling and starting MariaDB and Apache"
  systemctl enable --now mariadb
  systemctl enable --now httpd
}

secure_mariadb() {
  log "Applying MariaDB hardening"

  if [[ -z "$DB_ROOT_PASSWORD" ]]; then
    DB_ROOT_PASSWORD="$(tr -dc 'A-Za-z0-9!@#%^*_+=-' </dev/urandom | head -c 24 || true)"
    if [[ -z "$DB_ROOT_PASSWORD" ]]; then
      die "Failed to generate DB_ROOT_PASSWORD"
    fi
    warn "No DB_ROOT_PASSWORD provided. Generated one automatically."
  fi

  mariadb <<SQL
DELETE FROM mysql.user WHERE User='';
DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
DROP DATABASE IF EXISTS test;
ALTER USER 'root'@'localhost' IDENTIFIED BY '${DB_ROOT_PASSWORD}';
FLUSH PRIVILEGES;
SQL

  log "MariaDB root password set successfully"
}

write_php_test_page() {
  log "Writing PHP test file"

  mkdir -p "$WEBROOT"
  cat > "$INFO_FILE" <<'EOF'
<?php phpinfo();
EOF
}

install_packages() {
  log "Installing required packages"

  pacman -Sy --needed --noconfirm \
    mariadb apache php php-apache phpmyadmin openssl
}

print_summary() {
  local ip
  ip="$(hostname -I 2>/dev/null | awk '{print $1}')"

  echo
  echo "============================================================"
  echo "INSTALL COMPLETE"
  echo "============================================================"
  echo
  echo "Services:"
  echo "  - MariaDB: systemctl status mariadb"
  echo "  - Apache : systemctl status httpd"
  echo
  echo "phpMyAdmin:"
  echo "  - Local: http://localhost/phpmyadmin"
  if [[ -n "${ip:-}" ]]; then
    echo "  - LAN  : http://${ip}/phpmyadmin"
  fi
  echo
  echo "PHP test page:"
  echo "  - Local: http://localhost/info.php"
  if [[ -n "${ip:-}" ]]; then
    echo "  - LAN  : http://${ip}/info.php"
  fi
  echo
  echo "MariaDB root password:"
  echo "  ${DB_ROOT_PASSWORD}"
  echo
  echo "phpMyAdmin login:"
  echo "  Username: root"
  echo "  Password: ${DB_ROOT_PASSWORD}"
  echo
  echo "Important files:"
  echo "  - Apache config       : ${HTTPD_CONF}"
  echo "  - PHP config          : ${PHP_INI}"
  echo "  - phpMyAdmin Apache   : ${PHPMYADMIN_APACHE_CONF}"
  echo "  - phpMyAdmin main conf: ${PHPMYADMIN_MAIN_CONF}"
  echo
  warn "Delete ${INFO_FILE} after testing; it exposes PHP configuration details."
}

main() {
  require_root
  install_packages
  configure_apache_mpm_for_php
  enable_php_module_httpd
  configure_php
  configure_phpmyadmin_apache
  configure_phpmyadmin_main
  initialize_mariadb
  test_httpd_config
  start_enable_services
  secure_mariadb
  write_php_test_page
  print_summary
}

main "$@"