Vengala Vinay

Having 9+ Years of Experience in Software Development

Home » Automating Apache Domain Management on Ubuntu: A Guide to Provisioning & Security

Automating Apache Domain Management on Ubuntu: A Guide to Provisioning & Security

Managing multiple domains on an Ubuntu server can quickly become a repetitive and error-prone task. From creating system users to configuring Apache VirtualHosts and securing MySQL databases, the manual overhead is significant. This suite of professional Bash utilities simplifies and automates the entire process, ensuring every new site is fast, isolated, and secure by default.

 

1. Zero-Touch Domain Provisioning

The core of this suite is add_domain.sh. It doesn’t just create an Apache config; it provisions a complete environment:

  • System Isolation: Every domain gets a dedicated system user and a public_html directory with 750 permissions.
  • Multi-PHP Support: Built-in PHP-FPM integration with automatic version discovery (7.4 to 8.3+).
  • Secure Credentials: Random 16-character passwords generated via OpenSSL for both system and database users.
  • Automated SSL-Ready Configs: Generates VirtualHost files tailored for PHP, WordPress, Python (WSGI), Ruby (Passenger), and even Docker proxies.
# Provision a new WordPress site with PHP 8.2
sudo ./add_domain.sh my-new-site.com --type=wordpress --php=8.2

2. Advanced Site Cloning & Duplication

Ever needed to create a staging environment in seconds? clone_domain.sh is a massive time-saver. It performs a “Deep Clone” of an existing site:

  • Copies the filesystem and synchronizes the MySQL database.
  • Recursive Find-Replace: Automatically updates the domain name and credentials across all files and database dumps.
  • Integrated Setup: Leverages the primary provisioning logic to ensure the clone is just as secure as the original.

3. Security & DevOps Features

Beyond setup, these scripts prioritize long-term server health and security:

  • Security Headers: Every site is automatically hardened with X-Content-Type-Options: nosniff, X-Frame-Options: SAMEORIGIN, and restricted access to sensitive files (.git, .env).
  • Git Sync & Webhooks: Set up automated deployments with GitHub/GitLab webhooks. Trigger pulls automatically on push without manual SSH intervention.
  • Credential Rotation: Use rotate_passwords.sh to instantly update system and DB credentials for any domain in the system.
  • Centralized Audit Logging: Every event is logged to /var/log/apache_setup_audit.log, providing a clear trail of all server modifications.

Getting Started

You can find the full source code and documentation for these utilities on GitHub. Feel free to contribute or fork the project to fit your specific server architecture.

Requirements: Ubuntu/Debian, Apache2, MySQL/MariaDB, and OpenSSL.

Optimize your workflow and secure your server today.