Server Provisioning (install_server.sh)

Overview

Pragma CMS is designed to run on high-performance VPS environments. To eliminate server configuration errors, the core includes a complete, idempotent bash provisioner for Ubuntu/Debian.

Instead of relying on heavy Docker containers that add virtualization overhead, this script natively configures the exact stack required for maximum bare-metal performance.

Execution

Run this script as root on a fresh Ubuntu/Debian server:

What the Script Does Under the Hood

1. APT Optimization: Waits for background system updates to finish to prevent APT lock errors.
2. Web Server (Caddy): Installs Caddy Server and configures the Caddyfile with On-Demand TLS. This allows Pragma CMS to automatically generate SSL certificates for new client domains on the fly without restarting the server.
3. PHP-FPM Optimization: Installs PHP (8.4+) and strictly overrides php.ini via a 99-pragma.ini file. It enforces a highly aggressive OPcache configuration (opcache.enable=1, opcache.memory_consumption=256, opcache.max_accelerated_files=20000).
4. Database (MariaDB): Installs MariaDB, creates the master database (pragma_cms_platform), the staging database, and a pragma_master super-user.
5. Magic Permissions (ACLs): Uses setfacl to allow both the Web Server (www-data) and the SSH user to read/write files seamlessly without chmod 777 security risks.
6. Security Hardening:
   • Modifies /etc/ssh/sshd_config to change the default SSH port, disable Root login, and disable Password authentication.
   • Installs and configures Fail2Ban for SSH.
   • Enables UFW (Uncomplicated Firewall), allowing only HTTP(80), HTTPS(443), and the custom SSH port.
7. Cron Registration: Automatically injects backup.sh and check_updates.php into the system Crontab.