diff --git a/installer.sh b/installer.sh new file mode 100644 index 0000000..e52bb19 --- /dev/null +++ b/installer.sh @@ -0,0 +1,229 @@ +###============================================================ +## Ubuntu 18.04 Mailserver installer +###============================================================ + + +##----------## +# Menu # +##----------## +#echo "Menu" + +#echo "Ubuntu 18.04 Mailserver installatie script." +#echo "Domein zonder www en mail.:" +#read domain +#echo "Algemeen wachtwoord:" +#read password +#echo "Administrator email:" +#read email + +##-----------------## +# Static-Vars # +##-----------------## +echo "Static-Vars" +domain=ictdagbesteding.nl +password=JW9t9ipdgLrWvMqHq7hX +email=admin@ictdagbesteding.nl + +phpver=7.2 +domonly=${domain} +domain=mail.${domain} + +##----------------## +# Pre-Config # +##----------------## +echo "Pre-Config" + +hostnamectl set-hostname $domain +apt update +apt install mysql-server software-properties-common wget -y +add-apt-repository universe -y +add-apt-repository ppa:ondrej/php -y +apt upgrade -y +apt autoremove -y +mkdir -p /var/www/"$domain"/html +chmod -R 755 /var/www + +##-----------------------## +# Html Folder Perms # +##-----------------------## +echo "Html Folder Perms" + +chown -R www-data:www-data /var/www/"$domain"/html + +##-----------## +# NGINX # +##-----------## +echo "NGINX" + +#installing nginx from apt +apt install -y nginx +wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nginx/nginx-default.conf -O /etc/nginx/nginx.conf + + +cat < /etc/nginx/sites-available/"$domain" +#fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=MYAPP:100m max_size=10g inactive=1440m; + +server { + listen 80; + server_name www.$domain; + return 301 http://$domain\$request_uri; +} + +server { + listen 80; + listen [::]:80; + root /var/www/$domain/html; + index index.php index.html index.htm index.nginx-debian.html; + server_name $domain; + #return 301 \$scheme:/\$domain\$request_uri; Redirect to non-www + #return 301 https://domein.nl$request_uri; Redirect to other domain + + #add_header X-Cache "\$upstream_cache_status"; + + #netdata here + + gzip on; + gzip_proxied any; + gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript image/svg image/svg+xml application/xml image/x-icon; + gzip_comp_level 2; + gzip_disable "msie6"; + gzip_buffers 16 8k; + +# location /rspamd { +# proxy_pass http://127.0.0.1:11334/; +# proxy_set_header Host \$host; +# proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; +#} + + location / { + #try_files \$uri \$uri/ =404; + try_files \$uri \$uri/ /index.php\$is_args\$args; + #try_files \$uri \$uri/ \$uri.html \$uri.php\$is_args\$query_string; + } + + location = /favicon.ico { log_not_found off; access_log off; } + location = /robots.txt { log_not_found off; access_log off; allow all; } + location ~* \.(css|gif|ico|jpeg|jpg|js|png|svg|webp|eot|otf|woff|woff2|ttf|ogg)\$ { + expires max; + log_not_found off; + add_header Cache-Control "public, no-transform"; + } + + location ~ \.php\$ { + include snippets/fastcgi-php.conf; + fastcgi_pass unix:/var/run/php/php${phpver}-fpm.sock; + #fastcgi_cache MYAPP; + #fastcgi_cache_valid 200 302 301 1m; + #fastcgi_cache_valid 404 1m; + #fastcgi_cache_bypass \$no_cache; + #fastcgi_no_cache \$no_cache; + #fastcgi_cache_revalidate on; + #fastcgi_cache_background_update on; + #fastcgi_cache_lock on; + #fastcgi_cache_use_stale updating; + #fastcgi_buffer_size 128k; + #fastcgi_buffers 256 16k; + #fastcgi_busy_buffers_size 256k; + #fastcgi_temp_file_write_size 256k; + } + + location ~ /\.ht { + deny all; + } + + location /phpmyadmin { + index index.php; + } + + #Cache everything by default + set \$no_cache 0; + + #Don't cache POST requests + if (\$request_method = POST) { + set \$no_cache 1; + } + + #Don't cache if the URL contains a query string + if (\$query_string != "") { + set \$no_cache 1; + } + + #Don't cache the following URLs + if (\$request_uri ~* "/(administrator/|login.php)") { + set \$no_cache 1; + } + + #Don't cache if there is a cookie called PHPSESSID + if (\$http_cookie = "PHPSESSID") { + set \$no_cache 1; + } + } +EOF + +ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/ + +##-------------------------------## +# NGINX Single core bug fix # +##-------------------------------## +echo "NGINX Single core bug fix" + +mkdir /etc/systemd/system/nginx.service.d +printf "[Service]\nExecStartPost=/bin/sleep 0.1\n" > /etc/systemd/system/nginx.service.d/override.conf +systemctl daemon-reload + +##------------------------------## +# MySQL_Secure_Installation # +##------------------------------## +echo "MySQL_Secure_Installation" + +mysqladmin -u root password "$password" +mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')" +mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User=''" +mysql -u root -p"$password" -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'" +mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;" +mysql -u root -p"$password" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$password"';" +mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" + +##-----------## +# MySQL # +##-----------## +echo "MySQL" + +mkdir -p /etc/nginx +mysql -u root -p"$password" -e "CREATE DATABASE postfixadmin;" +mysql -u root -p"$password" -e "GRANT ALL ON postfixadmin.* TO 'postfixadmin'@'localhost' IDENTIFIED BY '"$password"';" +mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" + +##------------------## +# PostfixADMIN # +##------------------## +echo "PostfixADMIN" + +apt install php${phpver} php${phpver}-zip php${phpver}-fpm php${phpver}-cli php${phpver}-json php${phpver}-mysql php${phpver}-opcache php${phpver}-mbstring php${phpver}-readline -y +apt install libc-client2007e mlock php${phpver}-common php${phpver}-imap -y +mkdir -p /var/www/"$domain"/html/postfixadmin/templates_c +wget --tries=3 https://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-3.1/postfixadmin-3.1.tar.gz -O /tmp/postfixadmin.tar.gz +tar -xf /tmp/postfixadmin.tar.gz -C /var/www/"$domain"/html/postfixadmin --strip-components=1 +chown -R www-data: /var/www/"$domain"/html/ +chmod 755 -R /var/www/"$domain"/html/postfixadmin/templates_c +wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/dev/config/postfixadmin/config.local.php -O /var/www/ictdagbesteding.nl/html/postfixadmin/config.local.php +sed -i -e 's/PASSword/'$password'/' -e 's/ABuSe/'$domain'/' -e 's/HostMASter/'$domain'/' -e 's/PostMAster/'$domain'/' -e 's/WebMAster/'$domain'/' /var/www/"$domain"/html/postfixadmin/config.local.php +bash /var/www/"$domain"/html/postfixadmin/scripts/postfixadmin-cli admin add superadmin@"$domain" --superadmin 1 --active 1 --password "$password" --password2 "$password" +groupadd -g 5000 vmail +useradd -u 5000 -g vmail -s /usr/sbin/nologin -d /var/mail/vmail -m vmail + +##-------------## +# Certbot # +##-------------## +echo "Certbot" + +add-apt-repository ppa:certbot/certbot -y +apt install -y python-certbot-nginx +mkdir -p /etc/letsencrypt/live/$domain/ +certbot --nginx -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos +echo "certbot --nginx -n -d $domain -m $email --hsts --redirect --no-eff-email --agree-tos" > ~/certbotactivate.sh +sed -i -e 's/ssl ipv6only/ssl http2 ipv6only/' -e 's/listen 443 ssl/listen 443 ssl http2/' /etc/nginx/sites-available/"$domain" +sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain" +openssl dhparam -out /etc/ssl/certs/dhparam.pem 1024 +chmod 755 -R /etc/ssl/certs/dhparam.pem +systemctl restart nginx \ No newline at end of file