diff --git a/Apache-Installer.sh b/Apache-Installer.sh index b9e347b..b5d1fdb 100644 --- a/Apache-Installer.sh +++ b/Apache-Installer.sh @@ -148,7 +148,9 @@ fi ##-------------## apt install -y python-certbot-apache -certbot --apache -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos +certbot --apache -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos +certbot --apache -n -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos + ##---------------## # Wordpress # diff --git a/Main-Installer.sh b/Main-Installer.sh index 60a9c70..b37bda3 100644 --- a/Main-Installer.sh +++ b/Main-Installer.sh @@ -43,6 +43,18 @@ do esac done +while true; do + read -p "Password login uit zetten -> yes/no?" yn + case $yn in + [Yy]* ) sshkey=1 + break;; + [Nn]* ) sshkey=0 + break;; + * ) echo "Kies yes of no.";; + esac +done + + while true; do read -p "Installeer Cockpit -> yes/no?" yn case $yn in @@ -102,7 +114,7 @@ done # Pre-Config # ##----------------## -sed -i 's/PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config +echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOtJ4ZiLi+SntA3m54oEJjlA8bE73gggkhGjOaVHsLNo6YmKtZlPaxwWiGvoATv4Vm41WWxKbUWbYGHVTe8DusqKpf/JCgB1r/8rQe828qwaEGXWGxta1Ykq+ndDeBLFGhVp0nNdcnND5HIwarEW4zhBDXUMzYw7IBxPYb48tVIobs/yPN6nSWT2G8FX7XDJNifS+ThVLnCHHS3i/uio8b8jz1oT2s6UH09EBwxg99+0yVaSQV2q8CthDZ8rSgz8pAhQ6FwVfUd9c/PQjtbUSQStvKvr3muv5Q8UnzAvKiO83rsM91aDwv0E6kqpB77BrkpfQXOJNDmdqlnsa2AlkL ICTMaatwerk@Key" >> ~/.ssh/authorized_keys echo "root:$password" | chpasswd cd /tmp #mv /boot/grub/menu.lst /boot/grub/menu.lst.bck @@ -118,10 +130,8 @@ sed -i 's/;preserve_hostname: false/preserve_hostname: true/g' /etc/cloud/cloud. timedatectl set-timezone Europe/Amsterdam sed -i 's/#/vm.swappiness=10/g' /etc/sysctl.conf sed -i 's/#/vm.vfs_cache_pressure=50/g' /etc/sysctl.conf -cat < /etc/crontab -# m h dom mon dow user command -0 3 * * 1 root apt update && apt upgrade -y -EOF + +sed -i "\$a0 3 * * 1 root apt update && apt upgrade -y > /dev/null 2>&1" /etc/crontab systemctl restart cron ufw allow OpenSSH ufw allow 443/tcp @@ -193,13 +203,21 @@ if [ $cockpit = 1 ]; then source Slave-Installer.sh fi + + +if [ $sshkey = 1 ]; then + sed -i 's/PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config +fi + ##-------------------## # Backup Script # ##-------------------## -wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Backup/raw/branch/master/WP_Ftp-Backup.sh -O /root/WP_Ftp-Backup.sh - +wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Backup/raw/branch/master/WP_Ftp-Backup.sh -O /root/backup.sh +chmod +x /root/backup.sh +wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Backup/raw/branch/master/WP_Ftp-Backup_Setup.sh -O /root/install-backup-tools.sh +chmod +x /root/install-backup-tools.sh echo "Installatie geslaagd!" diff --git a/NGINX-Installer.sh b/NGINX-Installer.sh index bac5089..ce65b85 100644 --- a/NGINX-Installer.sh +++ b/NGINX-Installer.sh @@ -264,7 +264,8 @@ fi ##-------------## apt install -y python-certbot-nginx -certbot --nginx -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos +certbot --nginx -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos +certbot --nginx -n -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain" sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain" sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"