VPS-scripts_Ubuntu-Mail/installer.sh

###============================================================
##      Ubuntu 18.04 Mailserver installer
###============================================================


##----------##
#    Menu    #
##----------##
#echo "Menu"

#echo "Ubuntu 18.04 Mailserver installatie script."
#echo "Domein zonder www en mail.:"
#read domain
#echo "Algemeen wachtwoord:"
#read password
#echo "Administrator email:"
#read email

##-----------------##
#    Static-Vars    #
##-----------------##
echo "Static-Vars"
domain=ictdagbesteding.nl
password=JW9t9ipdgLrWvMqHq7hX
email=admin@ictdagbesteding.nl

phpver=7.2
domonly=${domain}
domain=mail.${domain}

##----------------##
#    Pre-Config    #
##----------------##
echo "Pre-Config"

hostnamectl set-hostname $domain
apt update
apt install mysql-server software-properties-common wget -y
add-apt-repository universe -y
add-apt-repository ppa:ondrej/php -y
apt upgrade -y
apt autoremove -y
mkdir -p /var/www/"$domain"/html
chmod -R 755 /var/www

##-----------------------##
#    Html Folder Perms    #
##-----------------------##
echo "Html Folder Perms"

chown -R www-data:www-data /var/www/"$domain"/html

##-----------##
#    NGINX    #
##-----------##
echo "NGINX"

#installing nginx from apt
apt install -y nginx
wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nginx/nginx-default.conf -O /etc/nginx/nginx.conf


cat <<EOF > /etc/nginx/sites-available/"$domain"
#fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=MYAPP:100m max_size=10g inactive=1440m;

server {
    listen       80;
    server_name   www.$domain;
    return       301 http://$domain\$request_uri;
}

server {
    listen 80;
    listen [::]:80;
    root /var/www/$domain/html;
    index index.php index.html index.htm index.nginx-debian.html;
    server_name $domain;
    #return 301 \$scheme:/\$domain\$request_uri; Redirect to non-www
    #return 301 https://domein.nl$request_uri; Redirect to other domain

    #add_header X-Cache "\$upstream_cache_status";

    #netdata here
        
    gzip on;
    gzip_proxied any;
    gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript image/svg image/svg+xml application/xml image/x-icon;
    gzip_comp_level 2;
    gzip_disable "msie6";
    gzip_buffers 16 8k;

#    location /rspamd {
#    proxy_pass http://127.0.0.1:11334/;
#    proxy_set_header Host \$host;
#    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
#}

        location / {
            #try_files \$uri \$uri/ =404;
            try_files \$uri \$uri/ /index.php\$is_args\$args;
            #try_files \$uri \$uri/ \$uri.html \$uri.php\$is_args\$query_string;
        }

        location = /favicon.ico { log_not_found off; access_log off; }
        location = /robots.txt { log_not_found off; access_log off; allow all; }
        location ~* \.(css|gif|ico|jpeg|jpg|js|png|svg|webp|eot|otf|woff|woff2|ttf|ogg)\$ {
            expires max;
            log_not_found off;
            add_header Cache-Control "public, no-transform";
        }

        location ~ \.php\$ {
            include snippets/fastcgi-php.conf;
            fastcgi_pass unix:/var/run/php/php${phpver}-fpm.sock;
            #fastcgi_cache MYAPP;
            #fastcgi_cache_valid 200 302 301 1m;
            #fastcgi_cache_valid 404 1m;
            #fastcgi_cache_bypass \$no_cache;
            #fastcgi_no_cache \$no_cache;
            #fastcgi_cache_revalidate on;
            #fastcgi_cache_background_update on;
            #fastcgi_cache_lock on;
            #fastcgi_cache_use_stale updating;
            #fastcgi_buffer_size 128k;
            #fastcgi_buffers 256 16k;
            #fastcgi_busy_buffers_size 256k;
            #fastcgi_temp_file_write_size 256k;
        }

        location ~ /\.ht {
            deny all;
        }

        location /phpmyadmin {
            index index.php;
        }

        #Cache everything by default
        set \$no_cache 0;

        #Don't cache POST requests
        if (\$request_method = POST) {
            set \$no_cache 1;
        }

        #Don't cache if the URL contains a query string
        if (\$query_string != "") {
            set \$no_cache 1;
        }

        #Don't cache the following URLs
        if (\$request_uri ~* "/(administrator/|login.php)") {
            set \$no_cache 1;
        }

        #Don't cache if there is a cookie called PHPSESSID
        if (\$http_cookie = "PHPSESSID") {
            set \$no_cache 1;
        }
    }
EOF

ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/

##-------------------------------##
#    NGINX Single core bug fix    #
##-------------------------------##
echo "NGINX Single core bug fix"

mkdir /etc/systemd/system/nginx.service.d
printf "[Service]\nExecStartPost=/bin/sleep 0.1\n" > /etc/systemd/system/nginx.service.d/override.conf
systemctl daemon-reload

##------------------------------##
#    MySQL_Secure_Installation   #
##------------------------------##
echo "MySQL_Secure_Installation"

mysqladmin -u root password "$password"
mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')"
mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User=''"
mysql -u root -p"$password" -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'"
mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
mysql -u root -p"$password" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$password"';"
mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"

##-----------##
#    MySQL    #
##-----------##
echo "MySQL"

mkdir -p /etc/nginx
mysql -u root -p"$password" -e "CREATE DATABASE postfixadmin;"
mysql -u root -p"$password" -e "GRANT ALL ON postfixadmin.* TO 'postfixadmin'@'localhost' IDENTIFIED BY '"$password"';"
mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"

##------------------##
#    PostfixADMIN    #
##------------------##
echo "PostfixADMIN"

apt install php${phpver} php${phpver}-zip php${phpver}-fpm php${phpver}-cli php${phpver}-json php${phpver}-mysql php${phpver}-opcache php${phpver}-mbstring php${phpver}-readline -y
apt install libc-client2007e mlock php${phpver}-common php${phpver}-imap -y
#mkdir -p /var/www/"$domain"/html/postfixadmin/templates_c
#wget --tries=3 https://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-3.1/postfixadmin-3.1.tar.gz -O /tmp/postfixadmin.tar.gz
#tar -xf /tmp/postfixadmin.tar.gz -C /var/www/"$domain"/html/postfixadmin --strip-components=1
#chown -R www-data: /var/www/"$domain"/html/
#chmod 755 -R /var/www/"$domain"/html/postfixadmin/templates_c
#wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/dev/config/postfixadmin/config.local.php -O /var/www/$domain/html/postfixadmin/config.local.php
#sed -i -e 's/PASSword/'$password'/' -e 's/dOmaINnamE/'$domain'/' /var/www/"$domain"/html/postfixadmin/config.local.php
#bash /var/www/"$domain"/html/postfixadmin/scripts/postfixadmin-cli admin add superadmin@"$domain" --superadmin 1 --active 1 --password "$password" --password2 "$password"
#groupadd -g 5000 vmail
#useradd -u 5000 -g vmail -s /usr/sbin/nologin -d /var/mail/vmail -m vmail

##-------------##
#    Certbot    #
##-------------##
#echo "Certbot"

#add-apt-repository ppa:certbot/certbot -y
#apt install -y python-certbot-nginx
#mkdir -p /etc/letsencrypt/live/$domain/
#certbot --nginx -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
#echo "certbot --nginx -n -d $domain -m $email --hsts --redirect --no-eff-email --agree-tos" > ~/certbotactivate.sh
#sed -i -e 's/ssl ipv6only/ssl http2 ipv6only/' -e 's/listen 443 ssl/listen 443 ssl http2/' /etc/nginx/sites-available/"$domain"
#sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"
#openssl dhparam -out /etc/ssl/certs/dhparam.pem 1024
#chmod 755 -R /etc/ssl/certs/dhparam.pem
#systemctl restart nginx