Work_Archive/VPS-scripts_Ubuntu-Web-V1
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Update 'RevProxyAdvanced.sh'

Browse Source
This commit is contained in:
tbergervoet
2018-09-26 11:46:16 +00:00
parent 196ba430b9
commit 91bfb312fe
1 changed files with 133 additions and 129 deletions
Download Patch File Download Diff File Expand all files Collapse all files

262
RevProxyAdvanced.sh
View File

@@ -40,52 +40,25 @@ ufw deny 8080/tcp
mkdir -p /var/www/"$domain"/html mkdir -p /var/www/"$domain"/html
chmod -R 755 /var/www chmod -R 755 /var/www
##------------## ##============##
# APACHE # # Apache #
##------------## ##============##
apt install -y apache2 php-fpm apt install apache2 php-fpm
wget https://mirrors.edge.kernel.org/ubuntu/pool/multiverse/liba/libapache-mod-fastcgi/libapache2-mod-fastcgi_2.4.7~0910052141-1.2_amd64.deb wget https://mirrors.edge.kernel.org/ubuntu/pool/multiverse/liba/libapache-mod-fastcgi/libapache2-mod-fastcgi_2.4.7~0910052141-1.2_amd64.deb
dpkg -i libapache2-mod-fastcgi_2.4.7~0910052141-1.2_amd64.deb dpkg -i libapache2-mod-fastcgi_2.4.7~0910052141-1.2_amd64.deb
mv /etc/apache2/ports.conf /etc/apache2/ports.conf.default mv /etc/apache2/ports.conf /etc/apache2/ports.conf.default
echo "Listen 8080" | tee /etc/apache2/ports.conf echo "Listen 8080" | sudo tee /etc/apache2/ports.conf
a2dissite 000-default a2dissite 000-default
cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/001-default.conf cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/001-default.conf
sed -i 's/:80/:8080/g' /etc/apache2/sites-available/001-default.conf sed -i 's/:80/:8080/g' /etc/apache2/sites-available/001-default.conf
a2ensite 001-default a2ensite 001-default
cat <<EOF > /etc/apache2/sites-available/"$domain".conf
<VirtualHost *:8080>
ServerName $domain
ServerAlias www.$domain
DocumentRoot /var/www/$domain/html
<Directory /var/www/$domain/html>
AllowOverride All
</Directory>
</VirtualHost>
EOF
a2ensite $domain
##-----------##
# MYSQL #
##-----------##
apt install -y mysql-server-5.7
# mysql_secure_installation automated
mysqladmin -u root password "$password"
#mysql -u root -p"$password" -e "UPDATE mysql.user SET Password=PASSWORD('$password') WHERE User='root'"
mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')"
mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User=''"
mysql -u root -p"$password" -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'"
mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
mysql -u root -p"$password" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$password"';"
mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"
mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
##-----------------## ##-----------------##
# MOD_FASTCGI # # Mod_FastCGI #
##-----------------## ##-----------------##
a2dismod php7.2 #a2dismod php7.2
a2enmod actions a2enmod actions
mv /etc/apache2/mods-enabled/fastcgi.conf /etc/apache2/mods-enabled/fastcgi.conf.default mv /etc/apache2/mods-enabled/fastcgi.conf /etc/apache2/mods-enabled/fastcgi.conf.default
cat <<EOF > /etc/apache2/mods-enabled/fastcgi.conf cat <<EOF > /etc/apache2/mods-enabled/fastcgi.conf
@@ -102,46 +75,63 @@ cat <<EOF > /etc/apache2/mods-enabled/fastcgi.conf
</IfModule> </IfModule>
EOF EOF
##===========## ##--------------##
# NGINX # # Mod_RPAF #
##===========## ##--------------##
apt install -y nginx apt install -y unzip build-essential apache2-dev
rm /etc/nginx/sites-enabled/default wget https://github.com/gnif/mod_rpaf/archive/stable.zip
unzip stable.zip
##---------------## cd mod_rpaf-stable
# Webserver # make
##---------------## make install
cat <<EOF > /etc/apache2/mods-available/rpaf.load
if [ $domain_setup = 2 ] LoadModule rpaf_module /usr/lib/apache2/modules/mod_rpaf.so
then
cat <<EOF > /etc/nginx/sites-available/"$domain"
server {
listen 80 default_server;
root /var/www/$domain/html;
index index.php index.html index.htm;
server_name $domain www.$domain;
location / {
try_files \$uri \$uri/ /index.php;
}
location ~ \.php\$ {
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
include snippets/fastcgi-php.conf;
}
}
EOF EOF
ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/"$domain" cat <<EOF > /etc/apache2/mods-available/rpaf.conf
fi <IfModule mod_rpaf.c>
RPAF_Enable On
RPAF_Header X-Real-Ip
RPAF_ProxyIPs $server_ip
RPAF_SetHostName On
RPAF_SetHTTPS On
RPAF_SetPort On
</IfModule>
EOF
a2enmod rpaf
##-------------------## ##-------------------##
# Reverse Proxy # # Reverse Proxy #
##-------------------## ##-------------------##
if [ $domain_setup = 1 ] if [ $domain_setup = 1 ]; then
then cat <<EOF > /etc/apache2/sites-available/"$domain.conf"
<VirtualHost *:8080>
ServerName $domain
ServerAlias www.$domain
DocumentRoot /var/www/$domain/html
<Directory /var/www/$domain/html>
AllowOverride All
</Directory>
</VirtualHost>
EOF
a2ensite $domain
fi
systemctl restart apache2
##===========##
# NGINX #
##===========##
apt install nginx
rm /etc/nginx/sites-enabled/default
##-------------------##
# Reverse Proxy #
##-------------------##
if [ $domain_setup = 1 ]; then
cat <<EOF > /etc/nginx/sites-available/"$domain" cat <<EOF > /etc/nginx/sites-available/"$domain"
server { server {
listen 80; listen 80;
@@ -172,40 +162,60 @@ server {
#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
} }
EOF EOF
ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/"$domain"
fi fi
##--------------## ##---------------##
# MOD_RPAF # # Webserver #
##--------------## ##---------------##
apt install -y unzip build-essential apache2-dev if [ $domain_setup = 2 ]; then
wget https://github.com/gnif/mod_rpaf/archive/stable.zip cat <<EOF > /etc/nginx/sites-available/"$domain"
unzip stable.zip server {
cd mod_rpaf-stable listen 80 default_server;
make
make install root /usr/share/nginx/example.com;
cat <<EOF > /etc/apache2/mods-available/rpaf.load index index.php index.html index.htm;
LoadModule rpaf_module /usr/lib/apache2/modules/mod_rpaf.so
server_name example.com www.example.com;
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
include snippets/fastcgi-php.conf;
}
}
EOF EOF
cat <<EOF > /etc/apache2/mods-available/rpaf.conf fi
<IfModule mod_rpaf.c>
RPAF_Enable On ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/"$domain"
RPAF_Header X-Real-Ip
RPAF_ProxyIPs $server_ip ##===========##
RPAF_SetHostName On # Other #
RPAF_SetHTTPS On ##===========##
RPAF_SetPort On
</IfModule> ##-----------##
EOF # MYSQL #
a2enmod rpaf ##-----------##
apt install -y mysql-server-5.7
# mysql_secure_installation automated
mysqladmin -u root password "$password"
mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')"
mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User=''"
mysql -u root -p"$password" -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'"
mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
mysql -u root -p"$password" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$password"';"
mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"
mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
##-------------## ##-------------##
# Certbot # # Certbot #
##-------------## ##-------------##
apt install -y python-certbot-nginx apt install -y python-certbot-nginx
#certbot --nginx -d $domain -d www.$domain #certbot --nginx -d "$domain" -d "www.$domain"
#sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain" #sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
#sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain" #sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"
#sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain" #sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"
@@ -214,7 +224,7 @@ apt install -y python-certbot-nginx
# PHP # # PHP #
##---------## ##---------##
apt install -y libapache2-mod-php php-fpm php-mysql php-cgi php-common php-pear php-mbstring php-curl php-gd php-intl php-soap php-xml php-xmlrpc php-zip apt install -y php-mysql php-cgi php-common php-pear php-mbstring php-curl php-gd php-intl php-soap php-xml php-xmlrpc php-zip
sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' /etc/php/7.2/apache2/php.ini sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' /etc/php/7.2/apache2/php.ini
sed -i 's/;opcache.enable=1/opcache.enable=0/g' /etc/php/7.2/apache2/php.ini sed -i 's/;opcache.enable=1/opcache.enable=0/g' /etc/php/7.2/apache2/php.ini
@@ -260,59 +270,54 @@ newaliases
# Netdata # # Netdata #
##-------------## ##-------------##
if [ $netdata = 1 ] if [ $netdata = 1 ]; then
then apt install -y netdata
apt install -y netdata sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/g' /etc/netdata/health_alarm_notify.conf
sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/g' /etc/netdata/health_alarm_notify.conf ufw allow 19999/tcp
ufw allow 19999/tcp # systemctl stop netdata
# systemctl stop netdata # systemctl disable netdata
# systemctl disable netdata
fi fi
##---------------## ##---------------##
# Memcached # # Memcached #
##---------------## ##---------------##
if [ $memcached = 1 ] if [ $memcached = 1 ]; then
then apt install -y memcached
apt install -y memcached # systemctl stop memcached
# systemctl stop memcached # systemctl disable memcached
# systemctl disable memcached
fi fi
##-----------## ##-----------##
# Redis # # Redis #
##-----------## ##-----------##
if [ $redis = 1 ] if [ $redis = 1 ]; then
then apt install -y redis-server
apt install -y redis-server sed -i 's/supervised no/supervised systemd/g' /etc/redis/redis.conf
sed -i 's/supervised no/supervised systemd/g' /etc/redis/redis.conf sed -i 's/# bind 127.0.0.1 ::1/bind 127.0.0.1 ::1/g' /etc/redis/redis.conf
sed -i 's/# bind 127.0.0.1 ::1/bind 127.0.0.1 ::1/g' /etc/redis/redis.conf sed -i 's/# requirepass foobared/requirepass '$password'/g' /etc/redis/redis.conf
sed -i 's/# requirepass foobared/requirepass '$password'/g' /etc/redis/redis.conf # systemctl stop redis
# systemctl stop redis # systemctl disable redis
# systemctl stop redis.service
# systemctl disable redis
# systemctl disable redis.service
fi fi
##---------------## ##---------------##
# Wordpress # # Wordpress #
##---------------## ##---------------##
if [ $wordpress = 1 ] if [ $wordpress = 1 ]; then
then db_name="wp_1"
db_name="wp_1" db_user="wp_1"
db_user="wp_1" db_pass=$(date +%s|sha256sum|base64|head -c 32)
db_pass=$(date +%s|sha256sum|base64|head -c 32) mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;" mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';"
mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';" mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"
mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" wget https://wordpress.org/latest.tar.gz -O /tmp/wp.tar.gz
wget https://wordpress.org/latest.tar.gz -O /tmp/wp.tar.gz tar xzvf /tmp/wp.tar.gz -C /tmp
tar xzvf /tmp/wp.tar.gz -C /tmp mv /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php
mv /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php cp -a /tmp/wordpress/. /var/www/"$domain"/html
cp -a /tmp/wordpress/. /var/www/"$domain"/html WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -)
WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -)
cat <<EOF > /var/www/"$domain"/html/wp-config.php cat <<EOF > /var/www/"$domain"/html/wp-config.php
<?php <?php
define('DB_NAME', '$db_name'); define('DB_NAME', '$db_name');
@@ -367,8 +372,7 @@ wget https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php -O /v
##--------------## ##--------------##
cat > /var/www/"$domain"/html/info.php <<- "EOF" cat > /var/www/"$domain"/html/info.php <<- "EOF"
<?php <?php phpinfo();
phpinfo();
EOF EOF
##-----------------------## ##-----------------------##