Work_Archive/VPS-scripts_Ubuntu-Web-V1
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Bestanden uploaden naar 'resources'

Browse Source
This commit is contained in:
ictmaatwerk
2018-09-05 12:09:29 +00:00
parent f71df520ea
commit 685e48a43a
2 changed files with 706 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

490
resources/Nginx_v1.5.sh Normal file
View File

@@ -0,0 +1,490 @@
#==============================================================================
# UBUNTU 18.04 BASH SCRIPT
#==============================================================================
# top -o %MEM -> See Memory consumption
# apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y
# do-release-upgrade -d
#
#==============================================================================
echo Welk domein mag gekoppeld worden? Typ domein zonder www
read domain
echo Standaard wachtwoord
read passwd
echo administrator email
read email
apt-get update
apt-get upgrade -y
apt-get dist-upgrade -y
apt-get clean
apt-get autoremove -y
hostnamectl set-hostname $domain
sed -i 's/;preserve_hostname: false/preserve_hostname: true/g' /etc/cloud/cloud.cfg
timedatectl set-timezone Europe/Amsterdam
ufw allow OpenSSH
ufw allow 443/tcp
ufw allow 80/tcp
ufw limit ssh
echo "y" | sudo ufw enable
sed -i 's/#/vm.swappiness=10/g' /etc/sysctl.conf
sed -i 's/#/vm.vfs_cache_pressure=50/g' /etc/sysctl.conf
#-------------------#
# EXTRA TOOLS #
#-------------------#
apt install rsync grsync -y
apt install sshpass -y
#-------------------#
# LEMP #
#-------------------#
apt install nginx -y
ufw allow 'Nginx HTTP'
apt install mysql-server-5.7 -y
mysql_secure_installation
mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
mysql -u root -p"$passwd" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$passwd"';"
mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;"
mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
apt install php-fpm php-mysql php-cgi php-common php-pear php-mbstring php-curl php-gd php-intl php-soap php-xml php-xmlrpc php-zip -y
#-------------------#
# NGINX CONFIG #
#-------------------#
mkdir -p /var/www/"$domain"/html
chmod -R 755 /var/www
cat <<EOF > /etc/nginx/sites-available/$domain
fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=MYAPP:100m max_size=10g inactive=1440m;
server {
listen 80;
listen [::]:80;
root /var/www/$domain/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name $domain www.$domain;
#return 301 \$scheme:/\$domain\$request_uri; Redirect to non-www
#return 301 https://domein.nl$request_uri; Redirect to other domain
location = /netdata {
return 301 /netdata/;
}
location ~ /netdata/(?<ndpath>.*) {
proxy_redirect off;
proxy_set_header Host \$host;
proxy_set_header X-Forwarded-Host \$host;
proxy_set_header X-Forwarded-Server \$host;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_pass_request_headers on;
proxy_set_header Connection "keep-alive";
proxy_store off;
proxy_pass http://netdata/\$ndpath\$is_args\$args;
}
gzip on;
gzip_proxied any;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
gzip_min_length 1000;
gzip_comp_level 2;
gzip_disable "msie6";
gzip_buffers 16 8k;
location / {
#try_files \$uri \$uri/ =404;
try_files \$uri \$uri/ /index.php\$is_args\$args;
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png|svg|eot|otf|woff|woff2|ttf|ogg)$ {
expires max;
log_not_found off;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_cache MYAPP;
fastcgi_cache_valid 200 302 301 1m;
fastcgi_cache_valid 404 1m;
fastcgi_cache_bypass \$no_cache;
fastcgi_no_cache \$no_cache;
fastcgi_cache_revalidate on;
fastcgi_cache_background_update on;
fastcgi_cache_lock on;
fastcgi_cache_use_stale updating;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
}
location ~ /\.ht {
deny all;
}
location /phpmyadmin {
index index.php;
}
#Cache everything by default
set \$no_cache 0;
#Don't cache POST requests
if (\$request_method = POST)
{
set \$no_cache 1;
}
#Don't cache if the URL contains a query string
if (\$query_string != "")
{
set \$no_cache 1;
}
#Don't cache the following URLs
if (\$request_uri ~* "/(administrator/|login.php)")
{
set \$no_cache 1;
}
#Don't cache if there is a cookie called PHPSESSID
if (\$http_cookie = "PHPSESSID")
{
set \$no_cache 1;
}
}
EOF
cat <<EOF > /etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 1024;
}
http {
fastcgi_cache_key \$scheme\$request_method\$host\$request_uri;
add_header X-Cache "\$upstream_cache_status";
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
client_body_buffer_size 10K;
client_header_buffer_size 1k;
client_max_body_size 8m;
large_client_header_buffers 4 4k;
server_names_hash_bucket_size 64;
include /etc/nginx/mime.types;
default_type text/html;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 180m;
#access_log /var/log/nginx/access.log;
access_log off;
error_log /var/log/nginx/error.log;
gzip on;
gzip_proxied any;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
gzip_min_length 1000;
gzip_comp_level 2;
gzip_disable "msie6";
gzip_buffers 16 8k;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
EOF
cat <<EOF > /etc/nginx/sites-available/default
#fastcgi_cache_key \$scheme\$request_method\$host\$request_uri;
#add_header X-Cache "\$upstream_cache_status";
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#ssl_session_cache shared:SSL:20m;
#ssl_session_timeout 180m;
#client_body_buffer_size 10K;
#client_header_buffer_size 1k;
#client_max_body_size 8m;
#large_client_header_buffers 4 4k;
#access_log off;
upstream netdata {
server 127.0.0.1:19999;
keepalive 64;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
location = /netdata {
return 301 /netdata/;
}
location ~ /netdata/(?<ndpath>.*) {
proxy_redirect off;
proxy_set_header Host \$host;
proxy_set_header X-Forwarded-Host \$host;
proxy_set_header X-Forwarded-Server \$host;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_pass_request_headers on;
proxy_set_header Connection "keep-alive";
proxy_store off;
proxy_pass http://netdata/\$ndpath\$is_args\$args;
gzip on;
gzip_proxied any;
gzip_types *;
}
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name _;
location / {
try_files \$uri \$uri/ =404;
}
# pass PHP scripts to FastCGI server
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
# With php-cgi (or other tcp sockets):
#fastcgi_pass 127.0.0.1:9000;
}
}
EOF
ln -s /etc/nginx/sites-available/$domain /etc/nginx/sites-enabled/
sed -i 's/#cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/7.2/fpm/php.ini
systemctl reload nginx
#-------------------#
# PHPMYADMIN #
#-------------------#
apt-get install phpmyadmin -y
ln -s /usr/share/phpmyadmin /var/www/"$domain"/html
systemctl restart php7.2-fpm
# Redirect phpmyadmin -> database
cd /var/www/"$domain"/html/
ls -l
mv phpmyadmin database
#-------------------#
# POSTFIX #
#-------------------#
apt install mailutils -y
sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf
sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf
sed -i 's/relayhost =/mydestination = '$domain', localhost.'$domain', '$domain'/g' /etc/postfix/main.cf
systemctl restart postfix
cat <<EOF > /etc/aliases
# See man 5 aliases for format
postmaster: root
root: $email
EOF
newaliases
#-------------------#
# NETDATA #
#-------------------#
bash <(curl -Ss https://my-netdata.io/kickstart.sh)
ufw allow 19999/tcp
# systemctl stop netdata
# systemctl disable netdata
#-------------------#
# MEMCACHED #
# 127.0.0.1:11211 #
#-------------------#
#apt-get install memcached -y
#systemctl restart memcached
# systemctl stop memcached
# systemctl disable memcached
#-------------------#
# REDIS #
# 127.0.0.1:6379 #
#-------------------#
#apt install redis-server -y
#sed -i 's/supervised no/supervised systemd/g' /etc/redis/redis.conf
#sed -i 's/# bind 127.0.0.1 ::1/bind 127.0.0.1 ::1/g' /etc/redis/redis.conf
#sed -i 's/# requirepass foobared/requirepass '$passwd'/g' /etc/redis/redis.conf
#systemctl restart redis
#systemctl restart redis.service
# systemctl stop redis
# systemctl stop redis.service
# systemctl disable redis
# systemctl disable redis.service
#-------------------#
# CERTBOT #
#-------------------#
add-apt-repository ppa:certbot/certbot
apt install python-certbot-nginx -y
ufw allow 443/tcp
#certbot --nginx -d $domain -d www.$domain
#check certbot auto-renewal -> certbot renew --dry-run
#-------------------#
# PHP.ini #
#-------------------#
sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=50000/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/7.2/fpm/php.ini
sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/7.2/fpm/php.ini
systemctl restart php7.2-fpm.service
#-------------------#
# MYSQL SETTINGS #
#-------------------#
cd /etc/mysql
rm /etc/mysql/my.cnf
cat > /etc/mysql/my.cnf <<- "EOF"
# - "/etc/mysql/my.cnf" to set global options,
[mysqld_safe]
socket = /var/run/mysqld/mysqld.sock
nice = 0
[mysqld]
user = mysql
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
port = 3306
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
lc-messages-dir = /usr/share/mysql
skip-external-locking
innodb_buffer_pool_size = 1G # (adjust value here, 50%-70% of total RAM)
innodb_log_file_size = 256M
innodb_flush_log_at_trx_commit = 1 # may change to 2 or 0
innodb_flush_method = O_DIRECT
bind-address = 127.0.0.1
key_buffer_size = 16M
max_allowed_packet = 16M
thread_stack = 192K
thread_cache_size = 8
myisam-recover-options = BACKUP
#max_connections = 100
#table_open_cache = 64
#thread_concurrency = 10
query_cache_limit = 1M
query_cache_size = 16M
log_error = /var/log/mysql/error.log
expire_logs_days = 10
max_binlog_size = 100M
EOF
#-------------------#
# WP - INSTALL #
#-------------------#
db_name="wp_1"
db_user="wp_1"
db_pass=$(date +%s|sha256sum|base64|head -c 32)
mysql -u root -p"$passwd" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
mysql -u root -p"$passwd" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';"
mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;"
cd /tmp
curl -LO https://wordpress.org/latest.tar.gz
tar xzvf latest.tar.gz
cp /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php
path="$domain"
cp -a /tmp/wordpress/. /var/www/"$path"/html
chown -R www-data:www-data /var/www/"$path"/html
WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -)
cat <<EOF > /var/www/"$domain"/html/wp-config.php
<?php
define('DB_NAME', '$db_name');
define('DB_USER', '$db_user');
define('DB_PASSWORD', '$db_pass');
define('DB_HOST', 'localhost');
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');
#define( 'WP_SITEURL', '' );
#define( 'WP_HOME', '' );
#define( 'ALTERNATE_WP_CRON', true );
#define('DISABLE_WP_CRON', 'true');
#define('WP_CRON_LOCK_TIMEOUT', 900);
#define('AUTOSAVE_INTERVAL', 300);
define( 'WP_MEMORY_LIMIT', '256M' );
define( 'DISALLOW_FILE_EDIT', true );
#define( 'EMPTY_TRASH_DAYS', 7 );
define( 'NOBLOGREDIRECT', 'https://$domain' );
#define( 'FS_CHMOD_DIR', ( 0755 & ~ umask() ) );
#define( 'FS_CHMOD_FILE', ( 0644 & ~ umask() ) );
#define( 'WP_ALLOW_REPAIR', true );
#define( 'FORCE_SSL_ADMIN', true );
#define( 'AUTOMATIC_UPDATER_DISABLED', true );
#define( 'WP_AUTO_UPDATE_CORE', false );
$WPSalts
\$table_prefix = '$db_name';
define('WP_DEBUG', false);
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
#\$memcached_servers = array(
# 'default' => array(
# '127.0.0.1:11211'
# )
#);
#define('WP_REDIS_HOST', '127.0.0.1');
#define('WP_REDIS_PASSWORD', '$passwd');
#define('WP_REDIS_PORT', '6379');
require_once(ABSPATH . 'wp-settings.php');
EOF
#-------------------#
# OPCACHE GUI #
#-------------------#
cd /tmp
curl -LO https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php
cp /tmp/index.php /tmp/opcache.php
cp -a /tmp/opcache.php /var/www/"$domain"/html
cat > /var/www/"$domain"/html/info.php <<- "EOF"
<?php
phpinfo();
?>
EOF
#-------------------#
# UPDATE CRON #
#-------------------#
cd /etc/cron.d
touch updates
cat <<EOF > /etc/cron.d/updates
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# m h dom mon dow command
0 0 * * * apt-get update -y && apt-get upgrade -y &&apt-get dist-upgrade -y
EOF
#-------------------#
# BACKUP CRON #
#-------------------#
cd /home
touch backup.sh
cd /etc/cron.d
touch backup
cat <<EOF > /etc/cron.d/backup
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# m h dom mon dow command
0 1 * * * /bin/bash /home/backup.sh
EOF
#-------------------#
# SSL & HTTP/2 #
#-------------------#
#certbot --nginx -d $domain -d www.$domain
#sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
#sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"
#sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"