#!/bin/bash ###============================================================ ## Ubuntu 18.04 Web Server Installer ###============================================================ ## Zet comments hieronder: # # # ##============================================================= ##----------## # Menu # ##----------## echo "NextCloudSetupDebian" echo "MYSQL Admin Password:" read password ##-----------------## # Static-Vars # ##-----------------## phpver=7.3 ##----------------## # Pre-Config # ##----------------## if [ ! -d ~/.ssh ] then mkdir ~/.ssh fi cd /tmp #mv /boot/grub/menu.lst /boot/grub/menu.lst.bck apt update apt upgrade -y apt dist-upgrade -y apt clean apt autoremove -y timedatectl set-timezone Europe/Amsterdam sed -i 's/#/vm.swappiness=10/g' /etc/sysctl.conf sed -i 's/#/vm.vfs_cache_pressure=50/g' /etc/sysctl.conf ##-------------------## # Install Phase # ##-------------------## apt install apt install -y exfat-fuse hfsprogs exfat-utils acl screen rsync exfat-utils ntfs-3g gphoto2 libimage-exiftool-perl php cifs-utils sudo ##-------------## # WebMin # ##-------------## apt update apt-get install apt-transport-https gnupg2 -y wget http://www.webmin.com/jcameron-key.asc apt-key add jcameron-key.asc rm jcameron-key.asc echo "deb https://download.webmin.com/download/repository sarge contrib" > /etc/apt/sources.list.d/webmin.list apt-get update apt-get install webmin -y ##------------## # MySQL # ##------------## apt install -y mariadb-server mysql -u root -e "ALTER USER 'root'@'localhost' IDENTIFIED BY '"$password"';" mysql -u root -e "FLUSH PRIVILEGES; mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')" mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User=''" mysql -u root -p"$password" -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'" mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;" mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" rm /etc/mysql/my.cnf cat > /etc/mysql/my.cnf <<- "EOF" # - "/etc/mysql/my.cnf" to set global options, [mysqld_safe] socket = /var/run/mysqld/mysqld.sock nice = 0 [mysqld] user = mysql pid-file = /var/run/mysqld/mysqld.pid socket = /var/run/mysqld/mysqld.sock port = 3306 basedir = /usr datadir = /var/lib/mysql tmpdir = /tmp lc-messages-dir = /usr/share/mysql skip-external-locking innodb_buffer_pool_size = 1G # (adjust value here, 50%-70% of total RAM) innodb_log_file_size = 256M innodb_flush_log_at_trx_commit = 1 # may change to 2 or 0 innodb_flush_method = O_DIRECT bind-address = 127.0.0.1 key_buffer_size = 16M max_allowed_packet = 16M thread_stack = 192K thread_cache_size = 8 myisam-recover-options = BACKUP #max_connections = 100 #table_open_cache = 64 #thread_concurrency = 10 query_cache_limit = 1M query_cache_size = 16M log_error = /var/log/mysql/error.log expire_logs_days = 10 max_binlog_size = 100M EOF systemctl restart mysql ##-----------## # NGINX # ##-----------## #installing nginx from apt apt install -y nginx wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nginx/nginx-default.conf -O /etc/nginx/nginx.conf mkdir -p /etc/nginx cat < /etc/nginx/sites-available/nextcloud server { root /var/www/nextcloud; index index.php index.html index.htm index.nginx-debian.html; #server_name $domain; ##### NEXTCLOUD SETTINGS ##### add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; add_header Referrer-Policy no-referrer; fastcgi_hide_header X-Powered-By; location = /robots.txt { allow all; log_not_found off; access_log off; } # The following 2 rules are only needed for the user_webfinger app. # Uncomment it if you're planning to use this app. #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; # The following rule is only needed for the Social app. # Uncomment it if you're planning to use this app. # rewrite ^/.well-known/webfinger /public.php?service=webfinger last; location = /.well-known/carddav { return 301 \$scheme://\$host/remote.php/dav; } location = /.well-known/caldav { return 301 \$scheme://\$host/remote.php/dav; } # set max upload size client_max_body_size 512M; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers gzip on; gzip_vary on; gzip_comp_level 4; gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; location / { rewrite ^ /index.php\$request_uri; } location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { deny all; } location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+)\.php(?:\$|\/) { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php$phpver-fpm.sock; fastcgi_split_path_info ^(.+?\.php)(\/.*|)\$; include fastcgi_params; fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; fastcgi_param PATH_INFO \$fastcgi_path_info; fastcgi_param modHeadersAvailable true; fastcgi_param front_controller_active true; fastcgi_intercept_errors on; fastcgi_request_buffering off; } location ~ ^\/(?:updater|ocs-provider)(?:\$|\/) { try_files \$uri/ =404; index index.php; } # Adding the cache control header for js and css files # Make sure it is BELOW the PHP block location ~ \.(?:css|js|woff2?|svg|gif)\$ { try_files \$uri /index.php\$request_uri; add_header Cache-Control "public, max-age=15778463"; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; add_header Referrer-Policy no-referrer; # Optional: Don't log access to assets access_log off; } location ~ \.(?:png|html|ttf|ico|jpg|jpeg)\$ { try_files \$uri /index.php\$request_uri; # Optional: Don't log access to other assets access_log off; } ##### NEXTCLOUD END ##### location /phpmyadmin { index index.php; } listen [::]:80 ipv6only=on; listen 80; } EOF rm /etc/nginx/sites-enabled/default ln -s /etc/nginx/sites-available/nextcloud /etc/nginx/sites-enabled/ ##---------## # PHP # ##---------## apt install -y php${phpver}-fpm php${phpver}-imagick php${phpver}-mysql php${phpver}-cgi php${phpver}-common php-pear php${phpver}-mbstring php${phpver}-curl php${phpver}-gd php${phpver}-intl php${phpver}-soap php${phpver}-xml php${phpver}-xmlrpc php${phpver}-zip wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nextcloud/php-fpm.ini -O /etc/php/"$phpver"/fpm/php.ini sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/"$phpver"/fpm/php.ini sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/"$phpver"/fpm/php.ini sed -i 's/upload_max_filesize = 2/upload_max_filesize = 128/g' /etc/php/"$phpver"/fpm/php.ini sed -i 's/upload_max_filesize = 2/upload_max_filesize = 128/g' /etc/php/"$phpver"/fpm/php.ini sed -i 's/max_execution_time = 30/max_execution_time = 300/g' /etc/php/"$phpver"/fpm/php.ini wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nginx/www.confg -O /etc/php/"$phpver"/fpm/pool.d/www.conf sed -i 's/'rtag'/'"${phpver}"'/g' /etc/php/"$phpver"/fpm/pool.d/www.conf ##---------------## # Nextcloud # ##---------------## apt install -y libmagickcore-6.q16-3-extra sudo cd /tmp db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1` db_name="nextcloud_$db_suffix" db_user="nextcloud_$db_suffix" db_pass=$(date +%s|sha256sum|base64|head -c 32) mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;" mysql -u root -p"$password" -e "CREATE USER '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';" mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost';" mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" wget https://download.nextcloud.com/server/releases/latest.tar.bz2 -O /tmp/nextcloud.tar.bz2 tar jxf /tmp/nextcloud.tar.bz2 -C /tmp cp -a /tmp/nextcloud/. /var/www/nextcloud cat < /var/www/nextcloud/config/autoconfig.php "mysql", "dbname" => "${db_name}", "dbuser" => "${db_user}", "dbpass" => "${db_pass}", "dbhost" => "localhost", "dbtableprefix" => "", "simpleSignUpLink.shown" => false, "directory" => "/var/www/nextcloud/data", ); EOF cat < ~/nextcloud-init.sh cd /var/www/nextcloud sudo -u www-data php occ db:convert-filecache-bigint rm -f /etc/update-motd.d/50-nextnotice EOF cat < /etc/update-motd.d/50-nextnotice #!/bin/sh red='\e[1;31m%s\e[0m\n' printf "\n" printf "\$red" "Please run nextcloud-init.sh after first nextcloud login" printf "\n" EOF chmod +x /etc/update-motd.d/50-nextnotice chown -R www-data:www-data /var/www/nextcloud echo "*/5 * * * * www-data php -f /var/www/nextcloud/cron.php" >> /etc/crontab ##---------------## # PHOTO-APP # ##---------------## mkdir /var/www/photoapp mv ~/nextcloud-server-app/scripts/* /var/www/photoapp/ cat < /etc/nginx/sites-available/photoapp server { listen 8000 ; listen [::]:8000 ; root /var/www/photoapp; index index.html index.htm index.php index.nginx-debian.html; location / { try_files $uri $uri/ /index.php$is_args$args; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/run/php/php7.3-fpm.sock; } } EOF ln -s /etc/nginx/sites-available/photoapp /etc/nginx/sites-enabled/ chown -R www-data:www-data /var/www/photoapp ##-----------------------## # Html Folder Perms # ##-----------------------## service php$phpver-fpm restart service nginx restart echo "www-data ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers ##----------## # Beep # ##----------## apt install -y beep echo ACTION=="add", SUBSYSTEM=="input", ATTRS{name}=="PC Speaker", ENV{DEVNAME}!="", GROUP="beep", MODE="0620" > /usr/lib/udev/rules.d/70-pcspkr-beep.rules usermod -G beep www-data usermod -G beep root cat < /etc/init.d/beep #! /bin/sh -e ### BEGIN INIT INFO # Provides: beep # Required-Start: $syslog # Required-Stop: $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: beep # Description: # ### END INIT INFO # Carry out specific functions (start, stop, restart etc) case "$1" in start) beep -l 75 -f 500 -n -l 75 -f 1000 -n -l 75 -f 2000 -n -l 75 -f 3000 ;; stop) beep -l 75 -f 3000 -n -l 75 -f 2000 -n -l 75 -f 1000 -n -l 75 -f 500 ;; *) echo "Usage: /etc/init.d/beep {start|stop}" exit 1 ;; esac exit 0 EOF chmod a+x /etc/init.d/beep update-rc.d beep defaults 01 echo "Installatie geslaagd!"