Merge branch 'dev'

RevProxySimple.sh

@@ -11,6 +11,8 @@
 #    Pre-Config    #
 ##----------------##
 
+# Set server IP variable for apache access
+server_ip=$(hostname -I|cut -f1 -d ' ')
 # Block direct apache acces
 ufw deny 8080/tcp
 # Setup domain folder
@@ -24,7 +26,10 @@ chmod -R 755 /var/www
 apt install -y nginx mysql-server-5.7
 # mysql_secure_installation automated
 mysqladmin -u root password "$password"
+<<<<<<< HEAD
 mysql -u root -p"$password" -e "UPDATE mysql.user SET Password=PASSWORD('$password') WHERE User='root'"
+=======
+>>>>>>> dev
 mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')"
 mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User=''"
 mysql -u root -p"$password" -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'"
@@ -34,28 +39,35 @@ mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"
 mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
 rm /etc/nginx/sites-enabled/default
 cat <<EOF > /etc/nginx/sites-available/"$domain"
+upstream netdata {
+    server 127.0.0.1:19999;
+    keepalive 64;
+}
+
 server {
-        listen 80;
-
-        root /var/www/$domain/html;
-        index index.html index.htm index.php;
-
-        server_name $domain www.$domain;
-
-        location / {
-            try_files \$uri \$uri/ /index.php;
-        }
-
-        location ~ \.php\$ {
-            proxy_set_header X-Real-IP  \$remote_addr;
-            proxy_set_header X-Forwarded-For \$remote_addr;
-            proxy_set_header Host \$host;
-            proxy_pass http://127.0.0.1:8080;
-        }
-
-        location ~ /\.ht {
-            deny all;
-        }
+    listen 80;
+    server_name $domain www.$domain;
+    root /var/www/$domain/html;
+    index index.php index.htm index.html;
+    
+    #netdata here
+    
+    location / {
+        proxy_pass http://$server_ip:8080;
+        proxy_set_header X-Real-IP  \$remote_addr;
+        proxy_set_header X-Forwarded-For \$remote_addr;
+        proxy_set_header Host \$host;
+        proxy_set_header X-Forwarded-Proto \$scheme;
+    }
+        
+    location ~ \.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|js|flv|swf|html|htm)(\\n|\?ver=[0-9.])\$ {
+        return 200;
+    }
+    
+    location ~ /\.ht {
+        deny all;
+    }
+    
 }
 EOF
 ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/"$domain"
@@ -66,9 +78,9 @@ ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/"$domain"
 
 apt install -y apache2
 mv /etc/apache2/ports.conf /etc/apache2/ports.conf.default
-echo "Listen 127.0.0.1:8080" | tee /etc/apache2/ports.conf
-cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/"$domain".conf
-cat <<EOF > /etc/apache2/sites-available/"$domain".conf
+echo "Listen 8080" | tee /etc/apache2/ports.conf
+cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/"$domain.conf"
+cat <<EOF > /etc/apache2/sites-available/"$domain.conf"
 <VirtualHost *:8080>
     ServerAdmin $email
     ServerName $domain
@@ -94,6 +106,8 @@ sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=500
 sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/7.2/apache2/php.ini
 sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/7.2/apache2/php.ini
 sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/7.2/apache2/php.ini
+sed -i 's/upload_max_filesize = 2/upload_max_filesize = 128/g' /etc/php/7.2/fpm/php.ini
+sed -i 's/post_max_size = 8/post_max_size = 64/g' /etc/php/7.2/fpm/php.ini
 
 ##----------------##
 #    PHPMyAdmin    #
@@ -105,10 +119,8 @@ debconf-set-selections <<< "phpmyadmin phpmyadmin/mysql/admin-pass password $pas
 debconf-set-selections <<< "phpmyadmin phpmyadmin/mysql/app-pass password $passsword"
 debconf-set-selections <<< "phpmyadmin phpmyadmin/reconfigure-webserver multiselect"
 apt install -y phpmyadmin
-ln -s /usr/share/phpmyadmin /var/www/"$domain"/html/phpmyadmin
 # Redirect phpmyadmin -> database
-mv /var/www/"$domain"/html/phpmyadmin /var/www/"$domain"/html/database
-a2disconf phpmyadmin.conf
+ln -s /usr/share/phpmyadmin /var/www/"$domain"/html/database
 
 ##-------------##
 #    Postfix    #
@@ -131,11 +143,11 @@ newaliases
 #    Netdata    #
 ##-------------##
 
-if [ $netdata = 1 ]
-    then
+if [ $netdata = 1 ]; then
     apt install -y netdata
     sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/g' /etc/netdata/health_alarm_notify.conf
     ufw allow 19999/tcp
+    sed -i 's+#netdata here+location = /netdata {\n        return 301 /netdata/;\n    }\n\n    location ~ /netdata/(?<ndpath>.*) {\n        proxy_redirect off;\n        proxy_set_header Host \$host;\n        proxy_set_header X-Forwarded-Host \$host;\n        proxy_set_header X-Forwarded-Server \$host;\n        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;\n        proxy_http_version 1.1;\n        proxy_pass_request_headers on;\n        proxy_set_header Connection "keep-alive";\n        proxy_store off;\n        proxy_pass http://netdata/\$ndpath\$is_args\$args;\n    }+g' /etc/nginx/sites-available/"$domain"
     # systemctl stop netdata
     # systemctl disable netdata
 fi
@@ -144,8 +156,7 @@ fi
 #    Memcached    #
 ##---------------##
 
-if [ $memcached = 1 ]
-    then
+if [ $memcached = 1 ]; then
     apt install -y memcached
     # systemctl stop memcached
     # systemctl disable memcached
@@ -155,37 +166,33 @@ fi
 #    Redis    #
 ##-----------##
 
-if [ $redis = 1 ]
-    then
+if [ $redis = 1 ]; then
     apt install -y redis-server
     sed -i 's/supervised no/supervised systemd/g' /etc/redis/redis.conf
     sed -i 's/# bind 127.0.0.1 ::1/bind 127.0.0.1 ::1/g' /etc/redis/redis.conf
     sed -i 's/# requirepass foobared/requirepass '$password'/g' /etc/redis/redis.conf
     # systemctl stop redis
-    # systemctl stop redis.service
     # systemctl disable redis
-    # systemctl disable redis.service
 fi
 
 ##-------------##
 #    Certbot    #
 ##-------------##
 
-#add-apt-repository -y ppa:certbot/certbot
-apt install -y python-certbot-apache
-#certbot --apache -d $domain -d www.$domain
-#sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/apache2/sites-available/"$domain"
-#sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/apache2/sites-available/"$domain"
-#sed -i 's#include /etc/letsencrypt/options-ssl-apache.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/apache2/sites-available/"$domain"
+apt install -y python-certbot-nginx
+certbot --nginx -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
+sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
+sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"
+sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"
 
 ##---------------##
 #    Wordpress    #
 ##---------------##
 
-if [ $wordpress = 1 ]
-    then
-    db_name="wp_1"
-    db_user="wp_1"
+if [ $wordpress = 1 ]; then
+    db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1`
+    db_name="wp_$db_suffix"
+    db_user="wp_$db_suffix"
     db_pass=$(date +%s|sha256sum|base64|head -c 32)
     mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
     mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';"
@@ -226,6 +233,16 @@ define('WP_DEBUG', false);
 if ( !defined('ABSPATH') )
 	define('ABSPATH', dirname(__FILE__) . '/');
 
+/**
+ * Handle SSL reverse proxy
+ */
+if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
+    $_SERVER['HTTPS']='on';
+
+if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) {
+    $_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_HOST'];
+}
+
 #\$memcached_servers = array(
 #    'default' => array(
 #        '127.0.0.1:11211'