diff --git a/Apache-Installer.sh b/Apache-Installer.sh index 3580c46..b9e347b 100644 --- a/Apache-Installer.sh +++ b/Apache-Installer.sh @@ -3,8 +3,7 @@ ###============================================================ ## Zet comments hieronder: # -# Netdata: $domain/netata ipv $domain:1999 -# Letsencrypt: Fix (onder in file) toepassen +# # ##============================================================= @@ -23,7 +22,6 @@ chmod -R 755 /var/www apt install -y apache2 mysql-server-5.7 # mysql_secure_installation automated mysqladmin -u root password "$password" -mysql -u root -p"$password" -e "UPDATE mysql.user SET Password=PASSWORD('$password') WHERE User='root'" mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')" mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User=''" mysql -u root -p"$password" -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'" @@ -37,19 +35,30 @@ cat < /etc/apache2/mods-enabled/dir.conf EOF -cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/"$domain".conf -cat < /etc/apache2/sites-available/"$domain".conf +cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/"$domain.conf" +cat < /etc/apache2/sites-available/"$domain.conf" + #netdata here ServerAdmin $email ServerName $domain ServerAlias www.$domain DocumentRoot /var/www/$domain/html + + Options FollowSymLinks + AllowOverride All + Order allow,deny + Allow from all + ErrorLog \${APACHE_LOG_DIR}/error.log CustomLog \${APACHE_LOG_DIR}/access.log combined EOF -a2ensite $domain.conf -a2dissite 000-default.conf +a2ensite $domain +a2dissite 000-default +a2enmod http2 +a2enmod proxy +a2enmod proxy_http +a2enmod rewrite ##---------## # PHP # @@ -64,6 +73,8 @@ sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=500 sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/7.2/apache2/php.ini sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/7.2/apache2/php.ini sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/7.2/apache2/php.ini +sed -i 's/upload_max_filesize = 2/upload_max_filesize = 128/g' /etc/php/7.2/apache2/php.ini +sed -i 's/post_max_size = 8/post_max_size = 64/g' /etc/php/7.2/apache2/php.ini ##----------------## # PHPMyAdmin # @@ -75,10 +86,9 @@ debconf-set-selections <<< "phpmyadmin phpmyadmin/mysql/admin-pass password $pas debconf-set-selections <<< "phpmyadmin phpmyadmin/mysql/app-pass password $passsword" debconf-set-selections <<< "phpmyadmin phpmyadmin/reconfigure-webserver multiselect apache2" apt install -y phpmyadmin -ln -s /usr/share/phpmyadmin /var/www/"$domain"/html # Redirect phpmyadmin -> database -mv /var/www/"$domain"/html/phpmyadmin /var/www/"$domain"/html/database -a2disconf phpmyadmin.conf +ln -s /usr/share/phpmyadmin /var/www/"$domain"/html/database +a2disconf phpmyadmin ##-------------## # Postfix # @@ -101,11 +111,11 @@ newaliases # Netdata # ##-------------## -if [ $netdata = 1 ] - then +if [ $netdata = 1 ]; then apt install -y netdata sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/g' /etc/netdata/health_alarm_notify.conf ufw allow 19999/tcp + sed -i 's+#netdata here+RewriteEngine On\n ProxyRequests Off\n ProxyPreserveHost On\n \n Require all granted\n \n ProxyPass "/netdata/" "http://localhost:19999/" connectiontimeout=5 timeout=30 keepalive=on\n ProxyPassReverse "/netdata/" "http://localhost:19999/"\n #RewriteRule ^/netdata$ http://%{HTTP_HOST}/netdata/ [L,R=301] #HTTP\n RewriteRule ^/netdata$ https://%{HTTP_HOST}/netdata/ [L,R=301] #HTTPS+g' /etc/apache2/sites-available/"$domain.conf" # systemctl stop netdata # systemctl disable netdata fi @@ -114,8 +124,7 @@ fi # Memcached # ##---------------## -if [ $memcached = 1 ] - then +if [ $memcached = 1 ]; then apt install -y memcached # systemctl stop memcached # systemctl disable memcached @@ -125,43 +134,36 @@ fi # Redis # ##-----------## -if [ $redis = 1 ] - then +if [ $redis = 1 ]; then apt install -y redis-server sed -i 's/supervised no/supervised systemd/g' /etc/redis/redis.conf sed -i 's/# bind 127.0.0.1 ::1/bind 127.0.0.1 ::1/g' /etc/redis/redis.conf sed -i 's/# requirepass foobared/requirepass '$password'/g' /etc/redis/redis.conf # systemctl stop redis - # systemctl stop redis.service # systemctl disable redis - # systemctl disable redis.service fi ##-------------## # Certbot # ##-------------## -#add-apt-repository -y ppa:certbot/certbot apt install -y python-certbot-apache -#certbot --apache -d $domain -d www.$domain -#sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/apache2/sites-available/"$domain" -#sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/apache2/sites-available/"$domain" -#sed -i 's#include /etc/letsencrypt/options-ssl-apache.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/apache2/sites-available/"$domain" +certbot --apache -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos ##---------------## # Wordpress # ##---------------## -if [ $wordpress = 1 ] - then - db_name="wp_1" - db_user="wp_1" +if [ $wordpress = 1 ]; then + db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1` + db_name="wp_$db_suffix" + db_user="wp_$db_suffix" db_pass=$(date +%s|sha256sum|base64|head -c 32) mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;" mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';" mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" wget https://wordpress.org/latest.tar.gz -O /tmp/wp.tar.gz - tar xzvf /tmp/wp.tar.gz -C /tmp + tar xzf /tmp/wp.tar.gz -C /tmp mv /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php cp -a /tmp/wordpress/. /var/www/"$domain"/html WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -) @@ -229,11 +231,10 @@ EOF chown -R www-data:www-data /var/www/"$domain"/html -#Edit voor https, voeg het volgende toe aan $domain-le-ssl.conf tussen DocumentRoot en ErrorLog -# -# Options FollowSymLinks -# AllowOverride All -# -# Order allow,deny -# Allow from all -# \ No newline at end of file +##----------------------## +# Apache HTTP2 fix # +##----------------------## + +sed -i '3i\ Protocols h2 http/1.1\' /etc/apache2/sites-available/ictdagbesteding.nl-le-ssl.conf +wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/dev/Apache_PHP-FPM_Installer.sh -O h2_fix.sh +source h2_fix.sh \ No newline at end of file diff --git a/Apache_PHP-FPM_Installer.sh b/Apache_PHP-FPM_Installer.sh new file mode 100644 index 0000000..30ae5eb --- /dev/null +++ b/Apache_PHP-FPM_Installer.sh @@ -0,0 +1,17 @@ +###============================================================ +## Ubuntu 18.04 Apache PHP-FPM Installer +###============================================================ +## Zet comments hieronder: +# +# Dit script zorgt ervoor dat http2 werkt op Apache. +# +##============================================================= + +apachectl stop +apt install -y php-fpm +a2enmod proxy_fcgi setenvif +a2enconf php7.2-fpm +a2dismod php7.2 +a2dismod mpm_prefork +a2enmod mpm_worker +apachectl start \ No newline at end of file diff --git a/Extra_Domains/Apache_Domain.sh b/Extra_Domains/Apache_Domain.sh new file mode 100644 index 0000000..71430af --- /dev/null +++ b/Extra_Domains/Apache_Domain.sh @@ -0,0 +1,141 @@ +###============================================================ +## Ubuntu 18.04 Apache Additional Domain Installer +###============================================================ +## Zet comments hieronder: +# +# +# +##============================================================= + +##------------## +# Apache # +##------------## + +cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/"$domain.conf" +cat < /etc/apache2/sites-available/"$domain.conf" + + #netdata here + ServerAdmin $email + ServerName $domain + ServerAlias www.$domain + DocumentRoot /var/www/$domain/html + + Options FollowSymLinks + AllowOverride All + Order allow,deny + Allow from all + + ErrorLog \${APACHE_LOG_DIR}/error.log + CustomLog \${APACHE_LOG_DIR}/access.log combined + +EOF +a2ensite $domain + +##----------------## +# PHPMyAdmin # +##----------------## + +# Redirect phpmyadmin -> database +ln -s /usr/share/phpmyadmin /var/www/"$domain"/html/database + +##-------------## +# Netdata # +##-------------## + +if [ $netdata = 1 ] + then + apt install -y netdata + sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/g' /etc/netdata/health_alarm_notify.conf + ufw allow 19999/tcp + sed -i 's+#netdata here+RewriteEngine On\n ProxyRequests Off\n ProxyPreserveHost On\n \n Require all granted\n \n ProxyPass "/netdata/" "http://localhost:19999/" connectiontimeout=5 timeout=30 keepalive=on\n ProxyPassReverse "/netdata/" "http://localhost:19999/"\n #RewriteRule ^/netdata$ http://%{HTTP_HOST}/netdata/ [L,R=301] #HTTP\n RewriteRule ^/netdata$ https://%{HTTP_HOST}/netdata/ [L,R=301] #HTTPS+g' /etc/apache2/sites-available/"$domain.conf" + # systemctl stop netdata + # systemctl disable netdata +fi + +##-------------## +# Certbot # +##-------------## + +certbot --apache -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos + +##---------------## +# Wordpress # +##---------------## + +if [ $wordpress = 1 ] + then + db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1` + db_name="wp_$db_suffix" + db_user="wp_$db_suffix" + db_pass=$(date +%s|sha256sum|base64|head -c 32) + mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;" + mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';" + mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" + wget https://wordpress.org/latest.tar.gz -O /tmp/wp.tar.gz + tar xzvf /tmp/wp.tar.gz -C /tmp + mv /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php + cp -a /tmp/wordpress/. /var/www/"$domain"/html + WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -) +cat < /var/www/"$domain"/html/wp-config.php + array( +# '127.0.0.1:11211' +# ) +#); +#define('WP_REDIS_HOST', '127.0.0.1'); +#define('WP_REDIS_PASSWORD', '$password'); +#define('WP_REDIS_PORT', '6379'); +require_once(ABSPATH . 'wp-settings.php'); +EOF +fi + +##-----------------## +# Opcache GUI # +##-----------------## + +wget https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php -O /var/www/"$domain"/html/opcache.php + +##--------------## +# Info.php # +##--------------## + +cat > /var/www/"$domain"/html/info.php <<- "EOF" + yes/no?" yn + case $yn in + [Yy]* ) netdata=1 + break;; + [Nn]* ) netdata=0 + break;; + * ) echo "Kies yes of no.";; + esac +done + +while true; do + read -p "Installeer Wordpress -> yes/no?" yn + case $yn in + [Yy]* ) wordpress=1 + break;; + [Nn]* ) wordpress=0 + break;; + * ) echo "Kies yes of no.";; + esac +done + +##----------------## +# Pre-Config # +##----------------## + +cd /tmp +# Make sure all repositories and packages are up-to-date +apt update +apt upgrade -y +apt dist-upgrade -y +apt clean +apt autoremove -y +# Setup domain folder +mkdir -p /var/www/"$domain"/html +chmod -R 755 /var/www + +##-------------------## +# Install Phase # +##-------------------## + +echo "****************************" +sleep 0.5 +echo "Installatie duurt 5 minuten." +sleep 0.5 +echo "****************************" + +wget $script -O Ubuntu-Domain_Installer.sh +source Ubuntu-Domain_Installer.sh + +echo "Installatie geslaagd!" \ No newline at end of file diff --git a/Extra_Domains/NGINX_Domain.sh b/Extra_Domains/NGINX_Domain.sh new file mode 100644 index 0000000..d06318d --- /dev/null +++ b/Extra_Domains/NGINX_Domain.sh @@ -0,0 +1,210 @@ +###============================================================ +## Ubuntu 18.04 NGINX Additional Domain Installer +###============================================================ +## Zet comments hieronder: +# +# +# +##============================================================= + +##-----------## +# NGINX # +##-----------## + +cat < /etc/nginx/sites-available/"$domain" +fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=MYAPP:100m max_size=10g inactive=1440m; + +server { + listen 80; + listen [::]:80; + root /var/www/$domain/html; + index index.php index.html index.htm index.nginx-debian.html; + server_name $domain www.$domain; + #return 301 \$scheme:/\$domain\$request_uri; Redirect to non-www + #return 301 https://domein.nl$request_uri; Redirect to other domain + + #netdata here + + gzip on; + gzip_proxied any; + gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml; + gzip_min_length 1000; + gzip_comp_level 2; + gzip_disable "msie6"; + gzip_buffers 16 8k; + + + location / { + #try_files \$uri \$uri/ =404; + try_files \$uri \$uri/ /index.php\$is_args\$args; + } + + location = /favicon.ico { log_not_found off; access_log off; } + location = /robots.txt { log_not_found off; access_log off; allow all; } + location ~* \.(css|gif|ico|jpeg|jpg|js|png|svg|eot|otf|woff|woff2|ttf|ogg)\$ { + expires max; + log_not_found off; + } + + location ~ \.php\$ { + include snippets/fastcgi-php.conf; + fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 302 301 1m; + fastcgi_cache_valid 404 1m; + fastcgi_cache_bypass \$no_cache; + fastcgi_no_cache \$no_cache; + fastcgi_cache_revalidate on; + fastcgi_cache_background_update on; + fastcgi_cache_lock on; + fastcgi_cache_use_stale updating; + fastcgi_buffer_size 128k; + fastcgi_buffers 256 16k; + fastcgi_busy_buffers_size 256k; + fastcgi_temp_file_write_size 256k; + } + + location ~ /\.ht { + deny all; + } + + location /phpmyadmin { + index index.php; + } + + #Cache everything by default + set \$no_cache 0; + + #Don't cache POST requests + if (\$request_method = POST) { + set \$no_cache 1; + } + + #Don't cache if the URL contains a query string + if (\$query_string != "") { + set \$no_cache 1; + } + + #Don't cache the following URLs + if (\$request_uri ~* "/(administrator/|login.php)") { + set \$no_cache 1; + } + + #Don't cache if there is a cookie called PHPSESSID + if (\$http_cookie = "PHPSESSID") { + set \$no_cache 1; + } +} +EOF +ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/ + +##----------------## +# PHPMyAdmin # +##----------------## + +# Redirect phpmyadmin -> database +ln -s /usr/share/phpmyadmin /var/www/"$domain"/html/database + +##-------------## +# Netdata # +##-------------## + +if [ $netdata = 1 ] + then + apt install -y netdata + sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/g' /etc/netdata/health_alarm_notify.conf + ufw allow 19999/tcp + sed -i 's+#netdata here+location = /netdata {\n return 301 /netdata/;\n }\n\n location ~ /netdata/(?.*) {\n proxy_redirect off;\n proxy_set_header Host \$host;\n proxy_set_header X-Forwarded-Host \$host;\n proxy_set_header X-Forwarded-Server \$host;\n proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;\n proxy_http_version 1.1;\n proxy_pass_request_headers on;\n proxy_set_header Connection "keep-alive";\n proxy_store off;\n proxy_pass http://netdata/\$ndpath\$is_args\$args;\n }+g' /etc/nginx/sites-available/"$domain" + # systemctl stop netdata + # systemctl disable netdata +fi + +##-------------## +# Certbot # +##-------------## + +certbot --nginx -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos +sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain" +sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain" +sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain" + +##---------------## +# Wordpress # +##---------------## + +if [ $wordpress = 1 ]; then + db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1` + db_name="wp_$db_suffix" + db_user="wp_$db_suffix" + db_pass=$(date +%s|sha256sum|base64|head -c 32) + mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;" + mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';" + mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" + wget https://wordpress.org/latest.tar.gz -O /tmp/wp.tar.gz + tar xzvf /tmp/wp.tar.gz -C /tmp + mv /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php + cp -a /tmp/wordpress/. /var/www/"$domain"/html + WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -) +cat < /var/www/"$domain"/html/wp-config.php + array( +# '127.0.0.1:11211' +# ) +#); +#define('WP_REDIS_HOST', '127.0.0.1'); +#define('WP_REDIS_PASSWORD', '$password'); +#define('WP_REDIS_PORT', '6379'); +require_once(ABSPATH . 'wp-settings.php'); +EOF +fi + +##-----------------## +# Opcache GUI # +##-----------------## + +wget https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php -O /var/www/"$domain"/html/opcache.php + +##--------------## +# Info.php # +##--------------## + +cat > /var/www/"$domain"/html/info.php <<- "EOF" + /etc/apache2/sites-available/"$domain.conf" + + ServerName $domain + ServerAlias www.$domain + DocumentRoot /var/www/$domain/html + + AllowOverride All + + +EOF +a2ensite "$domain" +fi + +##===========## +# NGINX # +##===========## + +##-------------------## +# Reverse Proxy # +##-------------------## + +if [ $domain_setup = 1 ]; then +cat < /etc/nginx/sites-available/"$domain" +server { + listen 80; + + root /var/www/$domain/html; + index index.php index.html index.htm; + + server_name $domain www.$domain; + + #netdata here + + location / { + proxy_pass http://$server_ip:8080; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$remote_addr; + proxy_set_header Host \$host; + proxy_set_header X-Forwarded-Proto \$scheme; + } + + location ~ \.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|js|flv|swf|html|htm)(\\n|\?ver=[0-9.])\$ { + return 200; + } + + location ~ /\.ht { + deny all; + } +} +EOF +fi + +##---------------## +# Webserver # +##---------------## + +if [ $domain_setup = 2 ]; then +cat < /etc/nginx/sites-available/"$domain" +server { + listen 80 default_server; + + root /var/www/$domain/html; + index index.php index.html index.htm; + + server_name $domain www.$domain; + + #netdata here + + location / { + try_files \$uri \$uri/ /index.php; + } + + location ~ \.php\$ { + fastcgi_pass unix:/run/php/php7.2-fpm.sock; + include snippets/fastcgi-php.conf; + } +} +EOF +fi +ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/"$domain" + +##===========## +# Other # +##===========## + +##----------------## +# PHPMyAdmin # +##----------------## + +# Redirect phpmyadmin -> database +ln -s /usr/share/phpmyadmin /var/www/"$domain"/html/database + +##-------------## +# Netdata # +##-------------## + +if [ $netdata = 1 ] + then + apt install -y netdata + sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/g' /etc/netdata/health_alarm_notify.conf + ufw allow 19999/tcp + sed -i 's+#netdata here+location = /netdata {\n return 301 /netdata/;\n }\n\n location ~ /netdata/(?.*) {\n proxy_redirect off;\n proxy_set_header Host \$host;\n proxy_set_header X-Forwarded-Host \$host;\n proxy_set_header X-Forwarded-Server \$host;\n proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;\n proxy_http_version 1.1;\n proxy_pass_request_headers on;\n proxy_set_header Connection "keep-alive";\n proxy_store off;\n proxy_pass http://netdata/\$ndpath\$is_args\$args;\n }+g' /etc/nginx/sites-available/"$domain" + # systemctl stop netdata + # systemctl disable netdata +fi + +##-------------## +# Certbot # +##-------------## + +certbot --nginx -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos +sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain" +sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain" +sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain" + +##---------------## +# Wordpress # +##---------------## + +if [ $wordpress = 1 ]; then + db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1` + db_name="wp_$db_suffix" + db_user="wp_$db_suffix" + db_pass=$(date +%s|sha256sum|base64|head -c 32) + mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;" + mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';" + mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" + wget https://wordpress.org/latest.tar.gz -O /tmp/wp.tar.gz + tar xzvf /tmp/wp.tar.gz -C /tmp + mv /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php + cp -a /tmp/wordpress/. /var/www/"$domain"/html + WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -) +cat < /var/www/"$domain"/html/wp-config.php + array( +# '127.0.0.1:11211' +# ) +#); +#define('WP_REDIS_HOST', '127.0.0.1'); +#define('WP_REDIS_PASSWORD', '$password'); +#define('WP_REDIS_PORT', '6379'); +require_once(ABSPATH . 'wp-settings.php'); +EOF +fi + +##-----------------## +# Opcache GUI # +##-----------------## + +wget https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php -O /var/www/"$domain"/html/opcache.php + +##--------------## +# Info.php # +##--------------## + +cat > /var/www/"$domain"/html/info.php <<- "EOF" + /etc/nginx/sites-available/"$domain" +server { + listen 80; + server_name $domain www.$domain; + root /var/www/$domain/html; + index index.php index.htm index.html; + + #netdata here + + location / { + proxy_pass http://$server_ip:8080; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$remote_addr; + proxy_set_header Host \$host; + proxy_set_header X-Forwarded-Proto \$scheme; + } + + location ~ \.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|js|flv|swf|html|htm)(\\n|\?ver=[0-9.])\$ { + return 200; + } + + location ~ /\.ht { + deny all; + } +} +EOF +ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/"$domain" + +##------------## +# Apache # +##------------## + +cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/"$domain.conf" +cat < /etc/apache2/sites-available/"$domain.conf" + + ServerAdmin $email + ServerName $domain + ServerAlias www.$domain + DocumentRoot /var/www/$domain/html + ErrorLog \${APACHE_LOG_DIR}/error.log + CustomLog \${APACHE_LOG_DIR}/access.log combined + +EOF +a2ensite "$domain" + +##----------------## +# PHPMyAdmin # +##----------------## + +# Redirect phpmyadmin -> database +ln -s /usr/share/phpmyadmin /var/www/"$domain"/html/database + +##-------------## +# Netdata # +##-------------## + +if [ $netdata = 1 ]; then + apt install -y netdata + sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/g' /etc/netdata/health_alarm_notify.conf + ufw allow 19999/tcp + sed -i 's+#netdata here+location = /netdata {\n return 301 /netdata/;\n }\n\n location ~ /netdata/(?.*) {\n proxy_redirect off;\n proxy_set_header Host \$host;\n proxy_set_header X-Forwarded-Host \$host;\n proxy_set_header X-Forwarded-Server \$host;\n proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;\n proxy_http_version 1.1;\n proxy_pass_request_headers on;\n proxy_set_header Connection "keep-alive";\n proxy_store off;\n proxy_pass http://netdata/\$ndpath\$is_args\$args;\n }+g' /etc/nginx/sites-available/"$domain" + # systemctl stop netdata + # systemctl disable netdata +fi + +##-------------## +# Certbot # +##-------------## + +certbot --nginx -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos +sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain" +sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain" +sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain" + +##---------------## +# Wordpress # +##---------------## + +if [ $wordpress = 1 ]; then + db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1` + db_name="wp_$db_suffix" + db_user="wp_$db_suffix" + db_pass=$(date +%s|sha256sum|base64|head -c 32) + mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;" + mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';" + mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" + wget https://wordpress.org/latest.tar.gz -O /tmp/wp.tar.gz + tar xzvf /tmp/wp.tar.gz -C /tmp + mv /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php + cp -a /tmp/wordpress/. /var/www/"$domain"/html + WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -) +cat < /var/www/"$domain"/html/wp-config.php + array( +# '127.0.0.1:11211' +# ) +#); +#define('WP_REDIS_HOST', '127.0.0.1'); +#define('WP_REDIS_PASSWORD', '$password'); +#define('WP_REDIS_PORT', '6379'); +require_once(ABSPATH . 'wp-settings.php'); +EOF +fi + +##-----------------## +# Opcache GUI # +##-----------------## + +wget https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php -O /var/www/"$domain"/html/opcache.php + +##--------------## +# Info.php # +##--------------## + +cat > /var/www/"$domain"/html/info.php <<- "EOF" +>>>>>> dev + break;; + "Nginx proxy & standalone") + script=https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/dev/RevProxyAdvanced.sh break;; "Nginx, PHP-FPM") script=https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/NGINX-Installer.sh @@ -40,6 +48,17 @@ do esac done +while true; do + read -p "Installeer Cockpit -> yes/no?" yn + case $yn in + [Yy]* ) cockpit=1 + break;; + [Nn]* ) cockpit=0 + break;; + * ) echo "Kies yes of no.";; + esac +done + while true; do read -p "Installeer Netdata -> yes/no?" yn case $yn in @@ -91,7 +110,8 @@ done sed -i 's/PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config echo "root:$password" | chpasswd cd /tmp -mv /boot/grub/menu.lst /boot/grub/menu.lst.bck +#mv /boot/grub/menu.lst /boot/grub/menu.lst.bck +add-apt-repository -y ppa:certbot/certbot apt update apt upgrade -y apt dist-upgrade -y @@ -103,18 +123,16 @@ sed -i 's/;preserve_hostname: false/preserve_hostname: true/g' /etc/cloud/cloud. timedatectl set-timezone Europe/Amsterdam sed -i 's/#/vm.swappiness=10/g' /etc/sysctl.conf sed -i 's/#/vm.vfs_cache_pressure=50/g' /etc/sysctl.conf -touch /etc/cron.d/updates -cat < /etc/cron.d/updates -SHELL=/bin/sh -PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin -# m h dom mon dow command -0 0 * * * apt update -y && apt upgrade -y && apt dist-upgrade -y +cat < /etc/crontab +# m h dom mon dow user command +0 3 * * 1 root apt update && apt upgrade -y EOF +systemctl restart cron ufw allow OpenSSH ufw allow 443/tcp ufw allow 80/tcp ufw limit ssh -echo "y" | sudo ufw enable +echo "y" | ufw enable ##-------------------## # Install Phase # @@ -170,6 +188,28 @@ log_error = /var/log/mysql/error.log expire_logs_days = 10 max_binlog_size = 100M EOF + +##-------------## +# Cockpit # +##-------------## + +if [ $cockpit = 1 ]; then + wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Cockpit/raw/branch/master/Slave-installer.sh -O Slave-Installer.sh + source Slave-Installer.sh +fi + + + +##-------------------## +# Backup Script # +##-------------------## + +wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Backup/raw/branch/master/WP_Ftp-Backup.sh -O /root/WP_Ftp-Backup.sh + + + + + echo "Installatie geslaagd!" ##------------## diff --git a/NGINX-Installer.sh b/NGINX-Installer.sh index 7ade9de..0768068 100644 --- a/NGINX-Installer.sh +++ b/NGINX-Installer.sh @@ -22,7 +22,6 @@ chmod -R 755 /var/www apt install -y nginx mysql-server-5.7 # mysql_secure_installation automated mysqladmin -u root password "$password" -mysql -u root -p"$password" -e "UPDATE mysql.user SET Password=PASSWORD('$password') WHERE User='root'" mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')" mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User=''" mysql -u root -p"$password" -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'" @@ -30,9 +29,14 @@ mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FR mysql -u root -p"$password" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$password"';" mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;" -cat < /etc/nginx/sites-available/$domain +cat < /etc/nginx/sites-available/"$domain" fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=MYAPP:100m max_size=10g inactive=1440m; - + +upstream netdata { + server 127.0.0.1:19999; + keepalive 64; +} + server { listen 80; listen [::]:80; @@ -42,23 +46,8 @@ server { #return 301 \$scheme:/\$domain\$request_uri; Redirect to non-www #return 301 https://domein.nl$request_uri; Redirect to other domain - location = /netdata { - return 301 /netdata/; - } - - location ~ /netdata/(?.*) { - proxy_redirect off; - proxy_set_header Host \$host; - - proxy_set_header X-Forwarded-Host \$host; - proxy_set_header X-Forwarded-Server \$host; - proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; - proxy_http_version 1.1; - proxy_pass_request_headers on; - proxy_set_header Connection "keep-alive"; - proxy_store off; - proxy_pass http://netdata/\$ndpath\$is_args\$args; - } + #netdata here + gzip on; gzip_proxied any; gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml; @@ -184,72 +173,7 @@ http { include /etc/nginx/sites-enabled/*; } EOF -cat < /etc/nginx/sites-available/default -#fastcgi_cache_key \$scheme\$request_method\$host\$request_uri; -#add_header X-Cache "\$upstream_cache_status"; - -#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; -#ssl_session_cache shared:SSL:20m; -#ssl_session_timeout 180m; -#client_body_buffer_size 10K; -#client_header_buffer_size 1k; -#client_max_body_size 8m; -#large_client_header_buffers 4 4k; -#access_log off; - -upstream netdata { - server 127.0.0.1:19999; - keepalive 64; -} - -server { - listen 80 default_server; - listen [::]:80 default_server; - - location = /netdata { - return 301 /netdata/; - } - - location ~ /netdata/(?.*) { - proxy_redirect off; - proxy_set_header Host \$host; - - proxy_set_header X-Forwarded-Host \$host; - proxy_set_header X-Forwarded-Server \$host; - proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; - proxy_http_version 1.1; - proxy_pass_request_headers on; - proxy_set_header Connection "keep-alive"; - proxy_store off; - proxy_pass http://netdata/\$ndpath\$is_args\$args; - - gzip on; - gzip_proxied any; - gzip_types *; - } - - root /var/www/html; - index index.php index.html index.htm index.nginx-debian.html; - - server_name _; - - location / { - try_files \$uri \$uri/ =404; - } - - # pass PHP scripts to FastCGI server - location ~ \.php\$ { - include snippets/fastcgi-php.conf; - - # With php-fpm (or other unix sockets): - fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; - # With php-cgi (or other tcp sockets): - #fastcgi_pass 127.0.0.1:9000; - } -} -EOF -ln -s /etc/nginx/sites-available/$domain /etc/nginx/sites-enabled/ -sed -i 's/#cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/7.2/fpm/php.ini +ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/ ##---------## # PHP # @@ -257,7 +181,7 @@ sed -i 's/#cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/7.2/fpm/php.ini apt install -y php-fpm php-mysql php-cgi php-common php-pear php-mbstring php-curl php-gd php-intl php-soap php-xml php-xmlrpc php-zip - +sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/7.2/fpm/php.ini sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' /etc/php/7.2/fpm/php.ini sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/7.2/fpm/php.ini sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/7.2/fpm/php.ini @@ -265,6 +189,8 @@ sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=500 sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/7.2/fpm/php.ini sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/7.2/fpm/php.ini sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/7.2/fpm/php.ini +sed -i 's/upload_max_filesize = 2/upload_max_filesize = 128/g' /etc/php/7.2/fpm/php.ini +sed -i 's/post_max_size = 8/post_max_size = 64/g' /etc/php/7.2/fpm/php.ini ##----------------## # PHPMyAdmin # @@ -276,9 +202,8 @@ debconf-set-selections <<< "phpmyadmin phpmyadmin/mysql/admin-pass password $pas debconf-set-selections <<< "phpmyadmin phpmyadmin/mysql/app-pass password $passsword" debconf-set-selections <<< "phpmyadmin phpmyadmin/reconfigure-webserver multiselect" apt install -y phpmyadmin -ln -s /usr/share/phpmyadmin /var/www/"$domain"/html # Redirect phpmyadmin -> database -mv /var/www/"$domain"/html/phpmyadmin /var/www/"$domain"/html/database +ln -s /usr/share/phpmyadmin /var/www/"$domain"/html/database ##-------------## # Postfix # @@ -301,11 +226,11 @@ newaliases # Netdata # ##-------------## -if [ $netdata = 1 ] - then +if [ $netdata = 1 ]; then apt install -y netdata sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/g' /etc/netdata/health_alarm_notify.conf ufw allow 19999/tcp + sed -i 's+#netdata here+location = /netdata {\n return 301 /netdata/;\n }\n\n location ~ /netdata/(?.*) {\n proxy_redirect off;\n proxy_set_header Host \$host;\n proxy_set_header X-Forwarded-Host \$host;\n proxy_set_header X-Forwarded-Server \$host;\n proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;\n proxy_http_version 1.1;\n proxy_pass_request_headers on;\n proxy_set_header Connection "keep-alive";\n proxy_store off;\n proxy_pass http://netdata/\$ndpath\$is_args\$args;\n }+g' /etc/nginx/sites-available/"$domain" # systemctl stop netdata # systemctl disable netdata fi @@ -314,8 +239,7 @@ fi # Memcached # ##---------------## -if [ $memcached = 1 ] - then +if [ $memcached = 1 ]; then apt install -y memcached # systemctl stop memcached # systemctl disable memcached @@ -325,8 +249,7 @@ fi # Redis # ##-----------## -if [ $redis = 1 ] - then +if [ $redis = 1 ]; then apt install -y redis-server sed -i 's/supervised no/supervised systemd/g' /etc/redis/redis.conf sed -i 's/# bind 127.0.0.1 ::1/bind 127.0.0.1 ::1/g' /etc/redis/redis.conf @@ -341,22 +264,20 @@ fi # Certbot # ##-------------## -#add-apt-repository -y ppa:certbot/certbot apt install -y python-certbot-nginx -#certbot --nginx -d $domain -d www.$domain -#sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain" -#sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain" -#sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain" -#check certbot auto-renewal -> certbot renew --dry-run +certbot --nginx -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos +sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain" +sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain" +sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain" ##---------------## # Wordpress # ##---------------## -if [ $wordpress = 1 ] - then - db_name="wp_1" - db_user="wp_1" +if [ $wordpress = 1 ]; then + db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1` + db_name="wp_$db_suffix" + db_user="wp_$db_suffix" db_pass=$(date +%s|sha256sum|base64|head -c 32) mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;" mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';" @@ -365,7 +286,6 @@ if [ $wordpress = 1 ] tar xzvf /tmp/wp.tar.gz -C /tmp mv /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php cp -a /tmp/wordpress/. /var/www/"$domain"/html - chown -R www-data:www-data /var/www/"$domain"/html WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -) cat < /var/www/"$domain"/html/wp-config.php /etc/apache2/mods-enabled/fastcgi.conf -# - # AddHandler fastcgi-script .fcgi - # FastCgiIpcDir /var/lib/apache2/fastcgi - # AddType application/x-httpd-fastphp .php - # Action application/x-httpd-fastphp /php-fcgi - # Alias /php-fcgi /usr/lib/cgi-bin/php-fcgi - # FastCgiExternalServer /usr/lib/cgi-bin/php-fcgi -socket /run/php/php7.2-fpm.sock -pass-header Authorization - # - # Require all granted - # -# -# EOF -# apachectl -t -# systemctl reload apache2 - -#-------------------# -# VHOST APACHE # -#-------------------# - -mkdir -p /var/www/"$domain"/public_html -cat < /etc/apache2/sites-available/"$domain".conf - - ServerAdmin $email - ServerName $domain - ServerAlias www.$domain - DocumentRoot /var/www/$domain/public_html/ - ErrorLog \${APACHE_LOG_DIR}/error.log - CustomLog \${APACHE_LOG_DIR}/access.log combined - +a2enmod actions +mv /etc/apache2/mods-enabled/fastcgi.conf /etc/apache2/mods-enabled/fastcgi.conf.default +cat < /etc/apache2/mods-enabled/fastcgi.conf + + AddHandler fastcgi-script .fcgi + FastCgiIpcDir /var/lib/apache2/fastcgi + AddType application/x-httpd-fastphp .php + Action application/x-httpd-fastphp /php-fcgi + Alias /php-fcgi /usr/lib/cgi-bin/php-fcgi + FastCgiExternalServer /usr/lib/cgi-bin/php-fcgi -socket /run/php/php7.2-fpm.sock -pass-header Authorization + + Require all granted + + EOF -a2ensite $domain.conf -systemctl reload apache2 -#-------------------# -# VHOST NGINX # -#-------------------# - -apt install -y nginx -rm /etc/nginx/sites-enabled/default -#mkdir -p /usr/share/nginx/$domain2 -#echo "" | tee /usr/share/nginx/$domain2/info.php -#cat < /etc/nginx/sites-available/$domain2.conf -#server { -# listen 80 default_server; -# -# root /usr/share/nginx/$domain2; -# index index.php index.html index.htm; -# -# server_name $domain www.$domain2; -# location / { -# try_files \$uri \$uri/ /index.php; -# } -# -# location ~ \.php\$ { -# fastcgi_pass unix:/run/php/php7.2-fpm.sock; -# include snippets/fastcgi-php.conf; -# } -#} -#EOF -#ln -s /etc/nginx/sites-available/$domain2 /etc/nginx/sites-enabled/$domain2 -nginx -t - -#-------------------# -# REVERSE PROXY # -#-------------------# - -cat < /etc/nginx/sites-available/"$domain" -server { - listen 80; - server_name $domain www.$domain; - root /var/www/$domain/public_html/; - index index.php index.htm index.html; - - location / { - try_files \$uri \$uri/ /index.php; - } - - location ~ \.php\$ { - proxy_pass http://127.0.0.1:8080; - proxy_set_header Host \$host; - proxy_set_header X-Real-IP \$remote_addr; - proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto \$scheme; - } - - location ~ /\.ht { - deny all; - } - - #listen 443 ssl; - #ssl_certificate /etc/letsencrypt/live/$domain/fullchain.pem; - #ssl_certificate_key /etc/letsencrypt/live/$domain/privkey.pem; - #include /etc/letsencrypt/options-ssl-nginx.conf; - #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; -} -EOF -ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/"$domain" -nginx -t -systemctl reload nginx - -#-------------------# -# MOD_RPAF # -#-------------------# +##--------------## +# Mod_RPAF # +##--------------## apt install -y unzip build-essential apache2-dev wget https://github.com/gnif/mod_rpaf/archive/stable.zip @@ -167,40 +89,177 @@ cat < /etc/apache2/mods-available/rpaf.conf RPAF_Enable On RPAF_Header X-Real-Ip - RPAF_ProxyIPs 127.0.0.1 + RPAF_ProxyIPs $server_ip RPAF_SetHostName On RPAF_SetHTTPS On RPAF_SetPort On EOF a2enmod rpaf -apachectl -t -systemctl reload apache2 -#-------------------# -# CERTBOT # -#-------------------# +##-------------------## +# Reverse Proxy # +##-------------------## -add-apt-repository -y ppa:certbot/certbot -apt update -apt install -y python-certbot-nginx -#certbot --nginx -d $domain -d www.$domain +if [ $domain_setup = 1 ]; then +cat < /etc/apache2/sites-available/"$domain.conf" + + ServerName $domain + ServerAlias www.$domain + DocumentRoot /var/www/$domain/html + + AllowOverride All + + +EOF +a2ensite $domain +fi -#-------------------# -# PHPMYADMIN # -#-------------------# - -apt install -y phpmyadmin -ln -s /usr/share/phpmyadmin /var/www/"$domain"/public_html -systemctl restart php7.2-fpm -# Redirect phpmyadmin -> database -mv /var/www/"$domain"/public_html/phpmyadmin /var/www/"$domain"/public_html/database -a2disconf phpmyadmin.conf systemctl restart apache2 -#-------------------# -# POSTFIX # -#-------------------# +##===========## +# NGINX # +##===========## + +apt install -y nginx +rm /etc/nginx/sites-enabled/default + +##-------------------## +# Reverse Proxy # +##-------------------## + +if [ $domain_setup = 1 ]; then +cat < /etc/nginx/sites-available/"$domain" +upstream netdata { + server 127.0.0.1:19999; + keepalive 64; +} + +server { + listen 80; + + root /var/www/$domain/html; + index index.php index.html index.htm; + + server_name $domain www.$domain; + + #netdata here + + location / { + proxy_pass http://$server_ip:8080; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$remote_addr; + proxy_set_header Host \$host; + proxy_set_header X-Forwarded-Proto \$scheme; + } + + location ~ \.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|js|flv|swf|html|htm)(\\n|\?ver=[0-9.])\$ { + return 200; + } + + location ~ /\.ht { + deny all; + } +} +EOF +fi + +##---------------## +# Webserver # +##---------------## + +if [ $domain_setup = 2 ]; then +cat < /etc/nginx/sites-available/"$domain" +upstream netdata { + server 127.0.0.1:19999; + keepalive 64; +} + +server { + listen 80; + + root /var/www/$domain/html; + index index.php index.html index.htm; + + server_name $domain www.$domain; + + #netdata here + + location / { + try_files \$uri \$uri/ /index.php; + } + + location ~ \.php\$ { + fastcgi_pass unix:/run/php/php7.2-fpm.sock; + include snippets/fastcgi-php.conf; + } +} +EOF +fi + +ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/"$domain" + +##===========## +# Other # +##===========## + +##-----------## +# MYSQL # +##-----------## + +apt install -y mysql-server-5.7 +# mysql_secure_installation automated +mysqladmin -u root password "$password" +mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')" +mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User=''" +mysql -u root -p"$password" -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'" +mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;" +mysql -u root -p"$password" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$password"';" +mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" +mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;" + +##-------------## +# Certbot # +##-------------## + +apt install -y python-certbot-nginx +certbot --nginx -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos +sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain" +sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain" +sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain" + +##---------## +# PHP # +##---------## + +apt install -y php-mysql php-cgi php-common php-pear php-mbstring php-curl php-gd php-intl php-soap php-xml php-xmlrpc php-zip + +sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' /etc/php/7.2/fpm/php.ini +sed -i 's/;opcache.enable=1/opcache.enable=0/g' /etc/php/7.2/fpm/php.ini +sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/7.2/fpm/php.ini +sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=50000/g' /etc/php/7.2/fpm/php.ini +sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/7.2/fpm/php.ini +sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/7.2/fpm/php.ini +sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/7.2/fpm/php.ini +sed -i 's/upload_max_filesize = 2/upload_max_filesize = 128/g' /etc/php/7.2/fpm/php.ini +sed -i 's/post_max_size = 8/post_max_size = 64/g' /etc/php/7.2/fpm/php.ini + +##----------------## +# PHPMyAdmin # +##----------------## + +debconf-set-selections <<< "phpmyadmin phpmyadmin/dbconfig-install boolean true" +debconf-set-selections <<< "phpmyadmin phpmyadmin/app-password-confirm password $password" +debconf-set-selections <<< "phpmyadmin phpmyadmin/mysql/admin-pass password $password" +debconf-set-selections <<< "phpmyadmin phpmyadmin/mysql/app-pass password $passsword" +debconf-set-selections <<< "phpmyadmin phpmyadmin/reconfigure-webserver multiselect" +apt install -y phpmyadmin +# Redirect phpmyadmin -> database +ln -s /usr/share/phpmyadmin /var/www/"$domain"/html/database + +##-------------## +# Postfix # +##-------------## debconf-set-selections <<< "postfix postfix/mailname string $domain" debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'" @@ -208,7 +267,6 @@ apt install -y mailutils sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf sed -i 's/relayhost =/mydestination = '$domain', localhost.'$domain', '$domain'/g' /etc/postfix/main.cf -systemctl restart postfix cat < /etc/aliases # See man 5 aliases for format postmaster: root @@ -216,82 +274,61 @@ root: $email EOF newaliases -#-------------------# -# NETDATA # -#-------------------# +##-------------## +# Netdata # +##-------------## -if [ $netdata = 1 ] - then - apt install -y netdata - ufw allow 19999/tcp - # systemctl stop netdata - # systemctl disable netdata +if [ $netdata = 1 ]; then + apt install -y netdata + sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/g' /etc/netdata/health_alarm_notify.conf + ufw allow 19999/tcp + sed -i 's+#netdata here+location = /netdata {\n return 301 /netdata/;\n }\n\n location ~ /netdata/(?.*) {\n proxy_redirect off;\n proxy_set_header Host \$host;\n proxy_set_header X-Forwarded-Host \$host;\n proxy_set_header X-Forwarded-Server \$host;\n proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;\n proxy_http_version 1.1;\n proxy_pass_request_headers on;\n proxy_set_header Connection "keep-alive";\n proxy_store off;\n proxy_pass http://netdata/\$ndpath\$is_args\$args;\n }+g' /etc/nginx/sites-available/"$domain" + # systemctl stop netdata + # systemctl disable netdata fi -#-------------------# -# MEMCACHED # -# 127.0.0.1:11211 # -#-------------------# -if [ $memcached = 1 ] - then - apt install -y memcached - systemctl restart memcached - # systemctl stop memcached - # systemctl disable memcached +##---------------## +# Memcached # +##---------------## + +if [ $memcached = 1 ]; then + apt install -y memcached + # systemctl stop memcached + # systemctl disable memcached fi -#-------------------# -# REDIS # -# 127.0.0.1:6379 # -#-------------------# +##-----------## +# Redis # +##-----------## -if [ $redis = 1 ] - then - apt install -y redis-server - sed -i 's/supervised no/supervised systemd/g' /etc/redis/redis.conf - sed -i 's/# bind 127.0.0.1 ::1/bind 127.0.0.1 ::1/g' /etc/redis/redis.conf - sed -i 's/# requirepass foobared/requirepass '$passwd'/g' /etc/redis/redis.conf - systemctl restart redis - systemctl restart redis.service - # systemctl stop redis - # systemctl stop redis.service - # systemctl disable redis - # systemctl disable redis.service +if [ $redis = 1 ]; then + apt install -y redis-server + sed -i 's/supervised no/supervised systemd/g' /etc/redis/redis.conf + sed -i 's/# bind 127.0.0.1 ::1/bind 127.0.0.1 ::1/g' /etc/redis/redis.conf + sed -i 's/# requirepass foobared/requirepass '$password'/g' /etc/redis/redis.conf + # systemctl stop redis + # systemctl disable redis fi -#-------------------# -# PHP.ini # -#-------------------# +##---------------## +# Wordpress # +##---------------## -sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' /etc/php/7.2/fpm/php.ini -sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/7.2/fpm/php.ini -sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/7.2/fpm/php.ini -sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=50000/g' /etc/php/7.2/fpm/php.ini -sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/7.2/fpm/php.ini -sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/7.2/fpm/php.ini -sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/7.2/fpm/php.ini -systemctl restart php7.2-fpm.service - -#-------------------# -# WP - INSTALL # -#-------------------# - -if [ $wordpress = 1 ] - then - db_name="wp_1" - db_user="wp_1" +if [ $wordpress = 1 ]; then + db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1` + db_name="wp_$db_suffix" + db_user="wp_$db_suffix" db_pass=$(date +%s|sha256sum|base64|head -c 32) - mysql -u root -p"$passwd" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;" - mysql -u root -p"$passwd" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';" - mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;" + mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;" + mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';" + mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" wget https://wordpress.org/latest.tar.gz -O /tmp/wp.tar.gz - tar xzvf /tmp/wp.tar.gz -C /tmp - mv /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php - cp -a /tmp/wordpress/. /var/www/"$domain"/public_html - chown -R www-data:www-data /var/www/"$domain"/public_html + tar xzvf /tmp/wp.tar.gz -C /tmp + mv /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php + cp -a /tmp/wordpress/. /var/www/"$domain"/html WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -) -cat < /var/www/"$domain"/public_html/wp-config.php +cat < /var/www/"$domain"/html/wp-config.php /var/www/"$domain"/html/info.php <<- "EOF" ->>>>>> dev mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')" mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User=''" mysql -u root -p"$password" -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'" @@ -34,28 +39,35 @@ mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;" rm /etc/nginx/sites-enabled/default cat < /etc/nginx/sites-available/"$domain" +upstream netdata { + server 127.0.0.1:19999; + keepalive 64; +} + server { - listen 80; - - root /var/www/$domain/html; - index index.html index.htm index.php; - - server_name $domain www.$domain; - - location / { - try_files \$uri \$uri/ /index.php; - } - - location ~ \.php\$ { - proxy_set_header X-Real-IP \$remote_addr; - proxy_set_header X-Forwarded-For \$remote_addr; - proxy_set_header Host \$host; - proxy_pass http://127.0.0.1:8080; - } - - location ~ /\.ht { - deny all; - } + listen 80; + server_name $domain www.$domain; + root /var/www/$domain/html; + index index.php index.htm index.html; + + #netdata here + + location / { + proxy_pass http://$server_ip:8080; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$remote_addr; + proxy_set_header Host \$host; + proxy_set_header X-Forwarded-Proto \$scheme; + } + + location ~ \.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|js|flv|swf|html|htm)(\\n|\?ver=[0-9.])\$ { + return 200; + } + + location ~ /\.ht { + deny all; + } + } EOF ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/"$domain" @@ -66,9 +78,9 @@ ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/"$domain" apt install -y apache2 mv /etc/apache2/ports.conf /etc/apache2/ports.conf.default -echo "Listen 127.0.0.1:8080" | tee /etc/apache2/ports.conf -cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/"$domain".conf -cat < /etc/apache2/sites-available/"$domain".conf +echo "Listen 8080" | tee /etc/apache2/ports.conf +cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/"$domain.conf" +cat < /etc/apache2/sites-available/"$domain.conf" ServerAdmin $email ServerName $domain @@ -94,6 +106,8 @@ sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=500 sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/7.2/apache2/php.ini sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/7.2/apache2/php.ini sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/7.2/apache2/php.ini +sed -i 's/upload_max_filesize = 2/upload_max_filesize = 128/g' /etc/php/7.2/fpm/php.ini +sed -i 's/post_max_size = 8/post_max_size = 64/g' /etc/php/7.2/fpm/php.ini ##----------------## # PHPMyAdmin # @@ -105,10 +119,8 @@ debconf-set-selections <<< "phpmyadmin phpmyadmin/mysql/admin-pass password $pas debconf-set-selections <<< "phpmyadmin phpmyadmin/mysql/app-pass password $passsword" debconf-set-selections <<< "phpmyadmin phpmyadmin/reconfigure-webserver multiselect" apt install -y phpmyadmin -ln -s /usr/share/phpmyadmin /var/www/"$domain"/html/phpmyadmin # Redirect phpmyadmin -> database -mv /var/www/"$domain"/html/phpmyadmin /var/www/"$domain"/html/database -a2disconf phpmyadmin.conf +ln -s /usr/share/phpmyadmin /var/www/"$domain"/html/database ##-------------## # Postfix # @@ -131,11 +143,11 @@ newaliases # Netdata # ##-------------## -if [ $netdata = 1 ] - then +if [ $netdata = 1 ]; then apt install -y netdata sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/g' /etc/netdata/health_alarm_notify.conf ufw allow 19999/tcp + sed -i 's+#netdata here+location = /netdata {\n return 301 /netdata/;\n }\n\n location ~ /netdata/(?.*) {\n proxy_redirect off;\n proxy_set_header Host \$host;\n proxy_set_header X-Forwarded-Host \$host;\n proxy_set_header X-Forwarded-Server \$host;\n proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;\n proxy_http_version 1.1;\n proxy_pass_request_headers on;\n proxy_set_header Connection "keep-alive";\n proxy_store off;\n proxy_pass http://netdata/\$ndpath\$is_args\$args;\n }+g' /etc/nginx/sites-available/"$domain" # systemctl stop netdata # systemctl disable netdata fi @@ -144,8 +156,7 @@ fi # Memcached # ##---------------## -if [ $memcached = 1 ] - then +if [ $memcached = 1 ]; then apt install -y memcached # systemctl stop memcached # systemctl disable memcached @@ -155,37 +166,33 @@ fi # Redis # ##-----------## -if [ $redis = 1 ] - then +if [ $redis = 1 ]; then apt install -y redis-server sed -i 's/supervised no/supervised systemd/g' /etc/redis/redis.conf sed -i 's/# bind 127.0.0.1 ::1/bind 127.0.0.1 ::1/g' /etc/redis/redis.conf sed -i 's/# requirepass foobared/requirepass '$password'/g' /etc/redis/redis.conf # systemctl stop redis - # systemctl stop redis.service # systemctl disable redis - # systemctl disable redis.service fi ##-------------## # Certbot # ##-------------## -#add-apt-repository -y ppa:certbot/certbot -apt install -y python-certbot-apache -#certbot --apache -d $domain -d www.$domain -#sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/apache2/sites-available/"$domain" -#sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/apache2/sites-available/"$domain" -#sed -i 's#include /etc/letsencrypt/options-ssl-apache.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/apache2/sites-available/"$domain" +apt install -y python-certbot-nginx +certbot --nginx -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos +sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain" +sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain" +sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain" ##---------------## # Wordpress # ##---------------## -if [ $wordpress = 1 ] - then - db_name="wp_1" - db_user="wp_1" +if [ $wordpress = 1 ]; then + db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1` + db_name="wp_$db_suffix" + db_user="wp_$db_suffix" db_pass=$(date +%s|sha256sum|base64|head -c 32) mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;" mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';" @@ -226,6 +233,16 @@ define('WP_DEBUG', false); if ( !defined('ABSPATH') ) define('ABSPATH', dirname(__FILE__) . '/'); +/** + * Handle SSL reverse proxy + */ +if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') + $_SERVER['HTTPS']='on'; + +if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) { + $_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_HOST']; +} + #\$memcached_servers = array( # 'default' => array( # '127.0.0.1:11211'