Work_Archive/VPS-scripts_Ubuntu-Web-V1
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Merge branch 'dev'

Browse Source
This commit was merged in pull request #2.
This commit is contained in:
Gitea
2018-10-17 14:28:29 +02:00
parent 04d56c8086 029bd21496
commit d142f1fd09
12 changed files with 1375 additions and 435 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
Apache-Installer.sh
View File

@@ -3,8 +3,7 @@
###============================================================
## Zet comments hieronder:
#
# Netdata: $domain/netata ipv $domain:1999
# Letsencrypt: Fix (onder in file) toepassen
#
#
##=============================================================
@@ -23,7 +22,6 @@ chmod -R 755 /var/www
apt install -y apache2 mysql-server-5.7
# mysql_secure_installation automated
mysqladmin -u root password "$password"
mysql -u root -p"$password" -e "UPDATE mysql.user SET Password=PASSWORD('$password') WHERE User='root'"
mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')"
mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User=''"
mysql -u root -p"$password" -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'"
@@ -37,19 +35,30 @@ cat <<EOF > /etc/apache2/mods-enabled/dir.conf
</IfModule>
EOF
cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/"$domain".conf
cat <<EOF > /etc/apache2/sites-available/"$domain".conf
cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/"$domain.conf"
cat <<EOF > /etc/apache2/sites-available/"$domain.conf"
<VirtualHost *:80>
#netdata here
ServerAdmin $email
ServerName $domain
ServerAlias www.$domain
DocumentRoot /var/www/$domain/html
<Directory "/var/www/$domain/html">
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
ErrorLog \${APACHE_LOG_DIR}/error.log
CustomLog \${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
EOF
a2ensite $domain.conf
a2dissite 000-default.conf
a2ensite $domain
a2dissite 000-default
a2enmod http2
a2enmod proxy
a2enmod proxy_http
a2enmod rewrite
##---------##
# PHP #
@@ -64,6 +73,8 @@ sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=500
sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/7.2/apache2/php.ini
sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/7.2/apache2/php.ini
sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/7.2/apache2/php.ini
sed -i 's/upload_max_filesize = 2/upload_max_filesize = 128/g' /etc/php/7.2/apache2/php.ini
sed -i 's/post_max_size = 8/post_max_size = 64/g' /etc/php/7.2/apache2/php.ini
##----------------##
# PHPMyAdmin #
@@ -75,10 +86,9 @@ debconf-set-selections <<< "phpmyadmin phpmyadmin/mysql/admin-pass password $pas
debconf-set-selections <<< "phpmyadmin phpmyadmin/mysql/app-pass password $passsword"
debconf-set-selections <<< "phpmyadmin phpmyadmin/reconfigure-webserver multiselect apache2"
apt install -y phpmyadmin
ln -s /usr/share/phpmyadmin /var/www/"$domain"/html
# Redirect phpmyadmin -> database
mv /var/www/"$domain"/html/phpmyadmin /var/www/"$domain"/html/database
a2disconf phpmyadmin.conf
ln -s /usr/share/phpmyadmin /var/www/"$domain"/html/database
a2disconf phpmyadmin
##-------------##
# Postfix #
@@ -101,11 +111,11 @@ newaliases
# Netdata #
##-------------##
if [ $netdata = 1 ]
then
if [ $netdata = 1 ]; then
apt install -y netdata
sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/g' /etc/netdata/health_alarm_notify.conf
ufw allow 19999/tcp
sed -i 's+#netdata here+RewriteEngine On\n ProxyRequests Off\n ProxyPreserveHost On\n <Proxy *>\n Require all granted\n </Proxy>\n ProxyPass "/netdata/" "http://localhost:19999/" connectiontimeout=5 timeout=30 keepalive=on\n ProxyPassReverse "/netdata/" "http://localhost:19999/"\n #RewriteRule ^/netdata$ http://%{HTTP_HOST}/netdata/ [L,R=301] #HTTP\n RewriteRule ^/netdata$ https://%{HTTP_HOST}/netdata/ [L,R=301] #HTTPS+g' /etc/apache2/sites-available/"$domain.conf"
# systemctl stop netdata
# systemctl disable netdata
fi
@@ -114,8 +124,7 @@ fi
# Memcached #
##---------------##
if [ $memcached = 1 ]
then
if [ $memcached = 1 ]; then
apt install -y memcached
# systemctl stop memcached
# systemctl disable memcached
@@ -125,43 +134,36 @@ fi
# Redis #
##-----------##
if [ $redis = 1 ]
then
if [ $redis = 1 ]; then
apt install -y redis-server
sed -i 's/supervised no/supervised systemd/g' /etc/redis/redis.conf
sed -i 's/# bind 127.0.0.1 ::1/bind 127.0.0.1 ::1/g' /etc/redis/redis.conf
sed -i 's/# requirepass foobared/requirepass '$password'/g' /etc/redis/redis.conf
# systemctl stop redis
# systemctl stop redis.service
# systemctl disable redis
# systemctl disable redis.service
fi
##-------------##
# Certbot #
##-------------##
#add-apt-repository -y ppa:certbot/certbot
apt install -y python-certbot-apache
#certbot --apache -d $domain -d www.$domain
#sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/apache2/sites-available/"$domain"
#sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/apache2/sites-available/"$domain"
#sed -i 's#include /etc/letsencrypt/options-ssl-apache.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/apache2/sites-available/"$domain"
certbot --apache -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
##---------------##
# Wordpress #
##---------------##
if [ $wordpress = 1 ]
then
db_name="wp_1"
db_user="wp_1"
if [ $wordpress = 1 ]; then
db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1`
db_name="wp_$db_suffix"
db_user="wp_$db_suffix"
db_pass=$(date +%s|sha256sum|base64|head -c 32)
mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';"
mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"
wget https://wordpress.org/latest.tar.gz -O /tmp/wp.tar.gz
tar xzvf /tmp/wp.tar.gz -C /tmp
tar xzf /tmp/wp.tar.gz -C /tmp
mv /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php
cp -a /tmp/wordpress/. /var/www/"$domain"/html
WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -)
@@ -229,11 +231,10 @@ EOF
chown -R www-data:www-data /var/www/"$domain"/html
#Edit voor https, voeg het volgende toe aan $domain-le-ssl.conf tussen DocumentRoot en ErrorLog
#<Directory "/var/www/$domain/html">
# Options FollowSymLinks
# AllowOverride All
#
# Order allow,deny
# Allow from all
# </Directory>
##----------------------##
# Apache HTTP2 fix #
##----------------------##
sed -i '3i\ Protocols h2 http/1.1\' /etc/apache2/sites-available/ictdagbesteding.nl-le-ssl.conf
wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/dev/Apache_PHP-FPM_Installer.sh -O h2_fix.sh
source h2_fix.sh

17
Apache_PHP-FPM_Installer.sh Normal file
View File

@@ -0,0 +1,17 @@
###============================================================
## Ubuntu 18.04 Apache PHP-FPM Installer
###============================================================
## Zet comments hieronder:
#
# Dit script zorgt ervoor dat http2 werkt op Apache.
#
##=============================================================
apachectl stop
apt install -y php-fpm
a2enmod proxy_fcgi setenvif
a2enconf php7.2-fpm
a2dismod php7.2
a2dismod mpm_prefork
a2enmod mpm_worker
apachectl start

141
Extra_Domains/Apache_Domain.sh Normal file
View File

@@ -0,0 +1,141 @@
###============================================================
## Ubuntu 18.04 Apache Additional Domain Installer
###============================================================
## Zet comments hieronder:
#
#
#
##=============================================================
##------------##
# Apache #
##------------##
cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/"$domain.conf"
cat <<EOF > /etc/apache2/sites-available/"$domain.conf"
<VirtualHost *:80>
#netdata here
ServerAdmin $email
ServerName $domain
ServerAlias www.$domain
DocumentRoot /var/www/$domain/html
<Directory "/var/www/$domain/html">
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
ErrorLog \${APACHE_LOG_DIR}/error.log
CustomLog \${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
EOF
a2ensite $domain
##----------------##
# PHPMyAdmin #
##----------------##
# Redirect phpmyadmin -> database
ln -s /usr/share/phpmyadmin /var/www/"$domain"/html/database
##-------------##
# Netdata #
##-------------##
if [ $netdata = 1 ]
then
apt install -y netdata
sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/g' /etc/netdata/health_alarm_notify.conf
ufw allow 19999/tcp
sed -i 's+#netdata here+RewriteEngine On\n ProxyRequests Off\n ProxyPreserveHost On\n <Proxy *>\n Require all granted\n </Proxy>\n ProxyPass "/netdata/" "http://localhost:19999/" connectiontimeout=5 timeout=30 keepalive=on\n ProxyPassReverse "/netdata/" "http://localhost:19999/"\n #RewriteRule ^/netdata$ http://%{HTTP_HOST}/netdata/ [L,R=301] #HTTP\n RewriteRule ^/netdata$ https://%{HTTP_HOST}/netdata/ [L,R=301] #HTTPS+g' /etc/apache2/sites-available/"$domain.conf"
# systemctl stop netdata
# systemctl disable netdata
fi
##-------------##
# Certbot #
##-------------##
certbot --apache -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
##---------------##
# Wordpress #
##---------------##
if [ $wordpress = 1 ]
then
db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1`
db_name="wp_$db_suffix"
db_user="wp_$db_suffix"
db_pass=$(date +%s|sha256sum|base64|head -c 32)
mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';"
mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"
wget https://wordpress.org/latest.tar.gz -O /tmp/wp.tar.gz
tar xzvf /tmp/wp.tar.gz -C /tmp
mv /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php
cp -a /tmp/wordpress/. /var/www/"$domain"/html
WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -)
cat <<EOF > /var/www/"$domain"/html/wp-config.php
<?php
define('DB_NAME', '$db_name');
define('DB_USER', '$db_user');
define('DB_PASSWORD', '$db_pass');
define('DB_HOST', 'localhost');
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');
#define( 'WP_SITEURL', '' );
#define( 'WP_HOME', '' );
#define( 'ALTERNATE_WP_CRON', true );
#define('DISABLE_WP_CRON', 'true');
#define('WP_CRON_LOCK_TIMEOUT', 900);
#define('AUTOSAVE_INTERVAL', 300);
define( 'WP_MEMORY_LIMIT', '256M' );
define( 'DISALLOW_FILE_EDIT', true );
#define( 'EMPTY_TRASH_DAYS', 7 );
define( 'NOBLOGREDIRECT', 'https://$domain' );
#define( 'FS_CHMOD_DIR', ( 0755 & ~ umask() ) );
#define( 'FS_CHMOD_FILE', ( 0644 & ~ umask() ) );
#define( 'WP_ALLOW_REPAIR', true );
#define( 'FORCE_SSL_ADMIN', true );
#define( 'AUTOMATIC_UPDATER_DISABLED', true );
#define( 'WP_AUTO_UPDATE_CORE', false );
$WPSalts
\$table_prefix = '$db_name';
define('WP_DEBUG', false);
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
#\$memcached_servers = array(
# 'default' => array(
# '127.0.0.1:11211'
# )
#);
#define('WP_REDIS_HOST', '127.0.0.1');
#define('WP_REDIS_PASSWORD', '$password');
#define('WP_REDIS_PORT', '6379');
require_once(ABSPATH . 'wp-settings.php');
EOF
fi
##-----------------##
# Opcache GUI #
##-----------------##
wget https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php -O /var/www/"$domain"/html/opcache.php
##--------------##
# Info.php #
##--------------##
cat > /var/www/"$domain"/html/info.php <<- "EOF"
<?php
phpinfo();
EOF
##-----------------------##
# Html Folder Perms #
##-----------------------##
chown -R www-data:www-data /var/www/"$domain"/html

96
Extra_Domains/Domain_Installer.sh Normal file
View File

@@ -0,0 +1,96 @@
#!/bin/bash
###============================================================
## Ubuntu 18.04 Additional Domain Installer
###============================================================
## Zet comments hieronder:
#
#
#
##=============================================================
##----------##
# Menu #
##----------##
echo "Ubuntu 18.04 extra domein installatie script."
echo "Domein zonder www:"
read domain
echo "Algemeen wachtwoord:"
read password
echo "Administrator email:"
read email
echo "Webserver:"
PS3='Keuze:'
options=("Apache" "Nginx proxy" "Nginx proxy & standalone" "Nginx, PHP-FPM" "Quit")
select opt in "${options[@]}"
do
case $opt in
"Apache")
script=https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/dev/Extra_Domains/Apache_Domain.sh
break;;
"Nginx proxy")
script=https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/dev/Extra_Domains/RevProxySimple_Domain.sh
break;;
"Nginx proxy & standalone")
script=https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/dev/Extra_Domains/RevProxyAdvanced_Domain.sh
break;;
"Nginx, PHP-FPM")
script=https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/dev/Extra_Domains/NGINX_Domain.sh
break;;
"Quit")
exit;;
*) echo "Fout commando $REPLY";;
esac
done
while true; do
read -p "Installeer Netdata -> yes/no?" yn
case $yn in
[Yy]* ) netdata=1
break;;
[Nn]* ) netdata=0
break;;
* ) echo "Kies yes of no.";;
esac
done
while true; do
read -p "Installeer Wordpress -> yes/no?" yn
case $yn in
[Yy]* ) wordpress=1
break;;
[Nn]* ) wordpress=0
break;;
* ) echo "Kies yes of no.";;
esac
done
##----------------##
# Pre-Config #
##----------------##
cd /tmp
# Make sure all repositories and packages are up-to-date
apt update
apt upgrade -y
apt dist-upgrade -y
apt clean
apt autoremove -y
# Setup domain folder
mkdir -p /var/www/"$domain"/html
chmod -R 755 /var/www
##-------------------##
# Install Phase #
##-------------------##
echo "****************************"
sleep 0.5
echo "Installatie duurt 5 minuten."
sleep 0.5
echo "****************************"
wget $script -O Ubuntu-Domain_Installer.sh
source Ubuntu-Domain_Installer.sh
echo "Installatie geslaagd!"

210
Extra_Domains/NGINX_Domain.sh Normal file
View File

@@ -0,0 +1,210 @@
###============================================================
## Ubuntu 18.04 NGINX Additional Domain Installer
###============================================================
## Zet comments hieronder:
#
#
#
##=============================================================
##-----------##
# NGINX #
##-----------##
cat <<EOF > /etc/nginx/sites-available/"$domain"
fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=MYAPP:100m max_size=10g inactive=1440m;
server {
listen 80;
listen [::]:80;
root /var/www/$domain/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name $domain www.$domain;
#return 301 \$scheme:/\$domain\$request_uri; Redirect to non-www
#return 301 https://domein.nl$request_uri; Redirect to other domain
#netdata here
gzip on;
gzip_proxied any;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
gzip_min_length 1000;
gzip_comp_level 2;
gzip_disable "msie6";
gzip_buffers 16 8k;
location / {
#try_files \$uri \$uri/ =404;
try_files \$uri \$uri/ /index.php\$is_args\$args;
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png|svg|eot|otf|woff|woff2|ttf|ogg)\$ {
expires max;
log_not_found off;
}
location ~ \.php\$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_cache MYAPP;
fastcgi_cache_valid 200 302 301 1m;
fastcgi_cache_valid 404 1m;
fastcgi_cache_bypass \$no_cache;
fastcgi_no_cache \$no_cache;
fastcgi_cache_revalidate on;
fastcgi_cache_background_update on;
fastcgi_cache_lock on;
fastcgi_cache_use_stale updating;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
}
location ~ /\.ht {
deny all;
}
location /phpmyadmin {
index index.php;
}
#Cache everything by default
set \$no_cache 0;
#Don't cache POST requests
if (\$request_method = POST) {
set \$no_cache 1;
}
#Don't cache if the URL contains a query string
if (\$query_string != "") {
set \$no_cache 1;
}
#Don't cache the following URLs
if (\$request_uri ~* "/(administrator/|login.php)") {
set \$no_cache 1;
}
#Don't cache if there is a cookie called PHPSESSID
if (\$http_cookie = "PHPSESSID") {
set \$no_cache 1;
}
}
EOF
ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/
##----------------##
# PHPMyAdmin #
##----------------##
# Redirect phpmyadmin -> database
ln -s /usr/share/phpmyadmin /var/www/"$domain"/html/database
##-------------##
# Netdata #
##-------------##
if [ $netdata = 1 ]
then
apt install -y netdata
sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/g' /etc/netdata/health_alarm_notify.conf
ufw allow 19999/tcp
sed -i 's+#netdata here+location = /netdata {\n return 301 /netdata/;\n }\n\n location ~ /netdata/(?<ndpath>.*) {\n proxy_redirect off;\n proxy_set_header Host \$host;\n proxy_set_header X-Forwarded-Host \$host;\n proxy_set_header X-Forwarded-Server \$host;\n proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;\n proxy_http_version 1.1;\n proxy_pass_request_headers on;\n proxy_set_header Connection "keep-alive";\n proxy_store off;\n proxy_pass http://netdata/\$ndpath\$is_args\$args;\n }+g' /etc/nginx/sites-available/"$domain"
# systemctl stop netdata
# systemctl disable netdata
fi
##-------------##
# Certbot #
##-------------##
certbot --nginx -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"
sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"
##---------------##
# Wordpress #
##---------------##
if [ $wordpress = 1 ]; then
db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1`
db_name="wp_$db_suffix"
db_user="wp_$db_suffix"
db_pass=$(date +%s|sha256sum|base64|head -c 32)
mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';"
mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"
wget https://wordpress.org/latest.tar.gz -O /tmp/wp.tar.gz
tar xzvf /tmp/wp.tar.gz -C /tmp
mv /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php
cp -a /tmp/wordpress/. /var/www/"$domain"/html
WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -)
cat <<EOF > /var/www/"$domain"/html/wp-config.php
<?php
define('DB_NAME', '$db_name');
define('DB_USER', '$db_user');
define('DB_PASSWORD', '$db_pass');
define('DB_HOST', 'localhost');
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');
#define( 'WP_SITEURL', '' );
#define( 'WP_HOME', '' );
#define( 'ALTERNATE_WP_CRON', true );
#define('DISABLE_WP_CRON', 'true');
#define('WP_CRON_LOCK_TIMEOUT', 900);
#define('AUTOSAVE_INTERVAL', 300);
define( 'WP_MEMORY_LIMIT', '256M' );
define( 'DISALLOW_FILE_EDIT', true );
#define( 'EMPTY_TRASH_DAYS', 7 );
define( 'NOBLOGREDIRECT', 'https://$domain' );
#define( 'FS_CHMOD_DIR', ( 0755 & ~ umask() ) );
#define( 'FS_CHMOD_FILE', ( 0644 & ~ umask() ) );
#define( 'WP_ALLOW_REPAIR', true );
#define( 'FORCE_SSL_ADMIN', true );
#define( 'AUTOMATIC_UPDATER_DISABLED', true );
#define( 'WP_AUTO_UPDATE_CORE', false );
$WPSalts
\$table_prefix = '$db_name';
define('WP_DEBUG', false);
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
#\$memcached_servers = array(
# 'default' => array(
# '127.0.0.1:11211'
# )
#);
#define('WP_REDIS_HOST', '127.0.0.1');
#define('WP_REDIS_PASSWORD', '$password');
#define('WP_REDIS_PORT', '6379');
require_once(ABSPATH . 'wp-settings.php');
EOF
fi
##-----------------##
# Opcache GUI #
##-----------------##
wget https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php -O /var/www/"$domain"/html/opcache.php
##--------------##
# Info.php #
##--------------##
cat > /var/www/"$domain"/html/info.php <<- "EOF"
<?php
phpinfo();
EOF
##-----------------------##
# Html Folder Perms #
##-----------------------##
chown -R www-data:www-data /var/www/"$domain"/html

239
Extra_Domains/RevProxyAdvanced_Domain.sh Normal file
View File

@@ -0,0 +1,239 @@
###============================================================
## Ubuntu 18.04 Apache NGINX Reverse Proxy Additional Domain Installer
###============================================================
## Zet comments hieronder:
#
#
#
##=============================================================
##----------##
# Menu #
##----------##
echo "Domein instellen als NGINX reverse proxy of als NGINX webserver?"
PS3='Keuze:'
options=("Reverse proxy" "Webserver")
select opt in "${options[@]}"
do
case $opt in
"Reverse proxy")
domain_setup=1
break;;
"Webserver")
domain_setup=2
break;;
*) echo "Fout commando $REPLY";;
esac
done
##----------------##
# Pre-Config #
##----------------##
# Set server IP variable for apache access
server_ip=$(hostname -I|cut -f1 -d ' ')
##============##
# Apache #
##============##
##-------------------##
# Reverse Proxy #
##-------------------##
if [ $domain_setup = 1 ]; then
cat <<EOF > /etc/apache2/sites-available/"$domain.conf"
<VirtualHost *:8080>
ServerName $domain
ServerAlias www.$domain
DocumentRoot /var/www/$domain/html
<Directory /var/www/$domain/html>
AllowOverride All
</Directory>
</VirtualHost>
EOF
a2ensite "$domain"
fi
##===========##
# NGINX #
##===========##
##-------------------##
# Reverse Proxy #
##-------------------##
if [ $domain_setup = 1 ]; then
cat <<EOF > /etc/nginx/sites-available/"$domain"
server {
listen 80;
root /var/www/$domain/html;
index index.php index.html index.htm;
server_name $domain www.$domain;
#netdata here
location / {
proxy_pass http://$server_ip:8080;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$remote_addr;
proxy_set_header Host \$host;
proxy_set_header X-Forwarded-Proto \$scheme;
}
location ~ \.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|js|flv|swf|html|htm)(\\n|\?ver=[0-9.])\$ {
return 200;
}
location ~ /\.ht {
deny all;
}
}
EOF
fi
##---------------##
# Webserver #
##---------------##
if [ $domain_setup = 2 ]; then
cat <<EOF > /etc/nginx/sites-available/"$domain"
server {
listen 80 default_server;
root /var/www/$domain/html;
index index.php index.html index.htm;
server_name $domain www.$domain;
#netdata here
location / {
try_files \$uri \$uri/ /index.php;
}
location ~ \.php\$ {
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
include snippets/fastcgi-php.conf;
}
}
EOF
fi
ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/"$domain"
##===========##
# Other #
##===========##
##----------------##
# PHPMyAdmin #
##----------------##
# Redirect phpmyadmin -> database
ln -s /usr/share/phpmyadmin /var/www/"$domain"/html/database
##-------------##
# Netdata #
##-------------##
if [ $netdata = 1 ]
then
apt install -y netdata
sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/g' /etc/netdata/health_alarm_notify.conf
ufw allow 19999/tcp
sed -i 's+#netdata here+location = /netdata {\n return 301 /netdata/;\n }\n\n location ~ /netdata/(?<ndpath>.*) {\n proxy_redirect off;\n proxy_set_header Host \$host;\n proxy_set_header X-Forwarded-Host \$host;\n proxy_set_header X-Forwarded-Server \$host;\n proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;\n proxy_http_version 1.1;\n proxy_pass_request_headers on;\n proxy_set_header Connection "keep-alive";\n proxy_store off;\n proxy_pass http://netdata/\$ndpath\$is_args\$args;\n }+g' /etc/nginx/sites-available/"$domain"
# systemctl stop netdata
# systemctl disable netdata
fi
##-------------##
# Certbot #
##-------------##
certbot --nginx -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"
sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"
##---------------##
# Wordpress #
##---------------##
if [ $wordpress = 1 ]; then
db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1`
db_name="wp_$db_suffix"
db_user="wp_$db_suffix"
db_pass=$(date +%s|sha256sum|base64|head -c 32)
mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';"
mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"
wget https://wordpress.org/latest.tar.gz -O /tmp/wp.tar.gz
tar xzvf /tmp/wp.tar.gz -C /tmp
mv /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php
cp -a /tmp/wordpress/. /var/www/"$domain"/html
WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -)
cat <<EOF > /var/www/"$domain"/html/wp-config.php
<?php
define('DB_NAME', '$db_name');
define('DB_USER', '$db_user');
define('DB_PASSWORD', '$db_pass');
define('DB_HOST', 'localhost');
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');
#define( 'WP_SITEURL', '' );
#define( 'WP_HOME', '' );
#define( 'ALTERNATE_WP_CRON', true );
#define('DISABLE_WP_CRON', 'true');
#define('WP_CRON_LOCK_TIMEOUT', 900);
#define('AUTOSAVE_INTERVAL', 300);
define( 'WP_MEMORY_LIMIT', '256M' );
define( 'DISALLOW_FILE_EDIT', true );
#define( 'EMPTY_TRASH_DAYS', 7 );
define( 'NOBLOGREDIRECT', 'https://$domain' );
#define( 'FS_CHMOD_DIR', ( 0755 & ~ umask() ) );
#define( 'FS_CHMOD_FILE', ( 0644 & ~ umask() ) );
#define( 'WP_ALLOW_REPAIR', true );
#define( 'FORCE_SSL_ADMIN', true );
#define( 'AUTOMATIC_UPDATER_DISABLED', true );
#define( 'WP_AUTO_UPDATE_CORE', false );
$WPSalts
\$table_prefix = '$db_name';
define('WP_DEBUG', false);
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
#\$memcached_servers = array(
# 'default' => array(
# '127.0.0.1:11211'
# )
#);
#define('WP_REDIS_HOST', '127.0.0.1');
#define('WP_REDIS_PASSWORD', '$password');
#define('WP_REDIS_PORT', '6379');
require_once(ABSPATH . 'wp-settings.php');
EOF
fi
##-----------------##
# Opcache GUI #
##-----------------##
wget https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php -O /var/www/"$domain"/html/opcache.php
##--------------##
# Info.php #
##--------------##
cat > /var/www/"$domain"/html/info.php <<- "EOF"
<?php phpinfo();
EOF
##-----------------------##
# Html Folder Perms #
##-----------------------##
chown -R www-data:www-data /var/www/"$domain"/html

184
Extra_Domains/RevProxySimple_Domain.sh Normal file
View File

@@ -0,0 +1,184 @@
###============================================================
## Ubuntu 18.04 Apache NGINX Reverse Proxy Additional Domain Installer
###============================================================
## Zet comments hieronder:
#
#
#
##=============================================================
##----------------##
# Pre-Config #
##----------------##
# Set server IP variable for apache access
server_ip=$(hostname -I|cut -f1 -d ' ')
##-----------##
# NGINX #
##-----------##
cat <<EOF > /etc/nginx/sites-available/"$domain"
server {
listen 80;
server_name $domain www.$domain;
root /var/www/$domain/html;
index index.php index.htm index.html;
#netdata here
location / {
proxy_pass http://$server_ip:8080;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$remote_addr;
proxy_set_header Host \$host;
proxy_set_header X-Forwarded-Proto \$scheme;
}
location ~ \.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|js|flv|swf|html|htm)(\\n|\?ver=[0-9.])\$ {
return 200;
}
location ~ /\.ht {
deny all;
}
}
EOF
ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/"$domain"
##------------##
# Apache #
##------------##
cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/"$domain.conf"
cat <<EOF > /etc/apache2/sites-available/"$domain.conf"
<VirtualHost *:8080>
ServerAdmin $email
ServerName $domain
ServerAlias www.$domain
DocumentRoot /var/www/$domain/html
ErrorLog \${APACHE_LOG_DIR}/error.log
CustomLog \${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
EOF
a2ensite "$domain"
##----------------##
# PHPMyAdmin #
##----------------##
# Redirect phpmyadmin -> database
ln -s /usr/share/phpmyadmin /var/www/"$domain"/html/database
##-------------##
# Netdata #
##-------------##
if [ $netdata = 1 ]; then
apt install -y netdata
sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/g' /etc/netdata/health_alarm_notify.conf
ufw allow 19999/tcp
sed -i 's+#netdata here+location = /netdata {\n return 301 /netdata/;\n }\n\n location ~ /netdata/(?<ndpath>.*) {\n proxy_redirect off;\n proxy_set_header Host \$host;\n proxy_set_header X-Forwarded-Host \$host;\n proxy_set_header X-Forwarded-Server \$host;\n proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;\n proxy_http_version 1.1;\n proxy_pass_request_headers on;\n proxy_set_header Connection "keep-alive";\n proxy_store off;\n proxy_pass http://netdata/\$ndpath\$is_args\$args;\n }+g' /etc/nginx/sites-available/"$domain"
# systemctl stop netdata
# systemctl disable netdata
fi
##-------------##
# Certbot #
##-------------##
certbot --nginx -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"
sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"
##---------------##
# Wordpress #
##---------------##
if [ $wordpress = 1 ]; then
db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1`
db_name="wp_$db_suffix"
db_user="wp_$db_suffix"
db_pass=$(date +%s|sha256sum|base64|head -c 32)
mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';"
mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"
wget https://wordpress.org/latest.tar.gz -O /tmp/wp.tar.gz
tar xzvf /tmp/wp.tar.gz -C /tmp
mv /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php
cp -a /tmp/wordpress/. /var/www/"$domain"/html
WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -)
cat <<EOF > /var/www/"$domain"/html/wp-config.php
<?php
define('DB_NAME', '$db_name');
define('DB_USER', '$db_user');
define('DB_PASSWORD', '$db_pass');
define('DB_HOST', 'localhost');
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');
#define( 'WP_SITEURL', '' );
#define( 'WP_HOME', '' );
#define( 'ALTERNATE_WP_CRON', true );
#define('DISABLE_WP_CRON', 'true');
#define('WP_CRON_LOCK_TIMEOUT', 900);
#define('AUTOSAVE_INTERVAL', 300);
define( 'WP_MEMORY_LIMIT', '256M' );
define( 'DISALLOW_FILE_EDIT', true );
#define( 'EMPTY_TRASH_DAYS', 7 );
define( 'NOBLOGREDIRECT', 'https://$domain' );
#define( 'FS_CHMOD_DIR', ( 0755 & ~ umask() ) );
#define( 'FS_CHMOD_FILE', ( 0644 & ~ umask() ) );
#define( 'WP_ALLOW_REPAIR', true );
#define( 'FORCE_SSL_ADMIN', true );
#define( 'AUTOMATIC_UPDATER_DISABLED', true );
#define( 'WP_AUTO_UPDATE_CORE', false );
$WPSalts
\$table_prefix = '$db_name';
define('WP_DEBUG', false);
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
/**
* Handle SSL reverse proxy
*/
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
$_SERVER['HTTPS']='on';
if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) {
$_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_HOST'];
}
#\$memcached_servers = array(
# 'default' => array(
# '127.0.0.1:11211'
# )
#);
#define('WP_REDIS_HOST', '127.0.0.1');
#define('WP_REDIS_PASSWORD', '$password');
#define('WP_REDIS_PORT', '6379');
require_once(ABSPATH . 'wp-settings.php');
EOF
fi
##-----------------##
# Opcache GUI #
##-----------------##
wget https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php -O /var/www/"$domain"/html/opcache.php
##--------------##
# Info.php #
##--------------##
cat > /var/www/"$domain"/html/info.php <<- "EOF"
<?php
phpinfo();
EOF
##-----------------------##
# Html Folder Perms #
##-----------------------##
chown -R www-data:www-data /var/www/"$domain"/html

58
Main-Installer.sh
View File

@@ -21,15 +21,23 @@ echo "Administrator email:"
read email
echo "Webserver:"
PS3='Keuze:'
options=("Apache" "Apache, Nginx reverse proxy" "Nginx, PHP-FPM" "Quit")
options=("Apache" "Nginx proxy" "Nginx proxy & standalone" "Nginx, PHP-FPM" "Quit")
select opt in "${options[@]}"
do
case $opt in
"Apache")
script=https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/Apache-Installer.sh
break;;
<<<<<<< HEAD
"Apache, Nginx reverse proxy")
script=https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/RevProxySimple.sh
=======
"Nginx proxy")
script=https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/dev/RevProxySimple.sh
>>>>>>> dev
break;;
"Nginx proxy & standalone")
script=https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/dev/RevProxyAdvanced.sh
break;;
"Nginx, PHP-FPM")
script=https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/NGINX-Installer.sh
@@ -40,6 +48,17 @@ do
esac
done
while true; do
read -p "Installeer Cockpit -> yes/no?" yn
case $yn in
[Yy]* ) cockpit=1
break;;
[Nn]* ) cockpit=0
break;;
* ) echo "Kies yes of no.";;
esac
done
while true; do
read -p "Installeer Netdata -> yes/no?" yn
case $yn in
@@ -91,7 +110,8 @@ done
sed -i 's/PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
echo "root:$password" | chpasswd
cd /tmp
mv /boot/grub/menu.lst /boot/grub/menu.lst.bck
#mv /boot/grub/menu.lst /boot/grub/menu.lst.bck
add-apt-repository -y ppa:certbot/certbot
apt update
apt upgrade -y
apt dist-upgrade -y
@@ -103,18 +123,16 @@ sed -i 's/;preserve_hostname: false/preserve_hostname: true/g' /etc/cloud/cloud.
timedatectl set-timezone Europe/Amsterdam
sed -i 's/#/vm.swappiness=10/g' /etc/sysctl.conf
sed -i 's/#/vm.vfs_cache_pressure=50/g' /etc/sysctl.conf
touch /etc/cron.d/updates
cat <<EOF > /etc/cron.d/updates
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# m h dom mon dow command
0 0 * * * apt update -y && apt upgrade -y && apt dist-upgrade -y
cat <<EOF > /etc/crontab
# m h dom mon dow user command
0 3 * * 1 root apt update && apt upgrade -y
EOF
systemctl restart cron
ufw allow OpenSSH
ufw allow 443/tcp
ufw allow 80/tcp
ufw limit ssh
echo "y" | sudo ufw enable
echo "y" | ufw enable
##-------------------##
# Install Phase #
@@ -170,6 +188,28 @@ log_error = /var/log/mysql/error.log
expire_logs_days = 10
max_binlog_size = 100M
EOF
##-------------##
# Cockpit #
##-------------##
if [ $cockpit = 1 ]; then
wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Cockpit/raw/branch/master/Slave-installer.sh -O Slave-Installer.sh
source Slave-Installer.sh
fi
##-------------------##
# Backup Script #
##-------------------##
wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Backup/raw/branch/master/WP_Ftp-Backup.sh -O /root/WP_Ftp-Backup.sh
echo "Installatie geslaagd!"
##------------##

128
NGINX-Installer.sh
View File

@@ -22,7 +22,6 @@ chmod -R 755 /var/www
apt install -y nginx mysql-server-5.7
# mysql_secure_installation automated
mysqladmin -u root password "$password"
mysql -u root -p"$password" -e "UPDATE mysql.user SET Password=PASSWORD('$password') WHERE User='root'"
mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')"
mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User=''"
mysql -u root -p"$password" -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'"
@@ -30,9 +29,14 @@ mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FR
mysql -u root -p"$password" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$password"';"
mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"
mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
cat <<EOF > /etc/nginx/sites-available/$domain
cat <<EOF > /etc/nginx/sites-available/"$domain"
fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=MYAPP:100m max_size=10g inactive=1440m;
upstream netdata {
server 127.0.0.1:19999;
keepalive 64;
}
server {
listen 80;
listen [::]:80;
@@ -42,23 +46,8 @@ server {
#return 301 \$scheme:/\$domain\$request_uri; Redirect to non-www
#return 301 https://domein.nl$request_uri; Redirect to other domain
location = /netdata {
return 301 /netdata/;
}
#netdata here
location ~ /netdata/(?<ndpath>.*) {
proxy_redirect off;
proxy_set_header Host \$host;
proxy_set_header X-Forwarded-Host \$host;
proxy_set_header X-Forwarded-Server \$host;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_pass_request_headers on;
proxy_set_header Connection "keep-alive";
proxy_store off;
proxy_pass http://netdata/\$ndpath\$is_args\$args;
}
gzip on;
gzip_proxied any;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
@@ -184,72 +173,7 @@ http {
include /etc/nginx/sites-enabled/*;
}
EOF
cat <<EOF > /etc/nginx/sites-available/default
#fastcgi_cache_key \$scheme\$request_method\$host\$request_uri;
#add_header X-Cache "\$upstream_cache_status";
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#ssl_session_cache shared:SSL:20m;
#ssl_session_timeout 180m;
#client_body_buffer_size 10K;
#client_header_buffer_size 1k;
#client_max_body_size 8m;
#large_client_header_buffers 4 4k;
#access_log off;
upstream netdata {
server 127.0.0.1:19999;
keepalive 64;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
location = /netdata {
return 301 /netdata/;
}
location ~ /netdata/(?<ndpath>.*) {
proxy_redirect off;
proxy_set_header Host \$host;
proxy_set_header X-Forwarded-Host \$host;
proxy_set_header X-Forwarded-Server \$host;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_pass_request_headers on;
proxy_set_header Connection "keep-alive";
proxy_store off;
proxy_pass http://netdata/\$ndpath\$is_args\$args;
gzip on;
gzip_proxied any;
gzip_types *;
}
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name _;
location / {
try_files \$uri \$uri/ =404;
}
# pass PHP scripts to FastCGI server
location ~ \.php\$ {
include snippets/fastcgi-php.conf;
# With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
# With php-cgi (or other tcp sockets):
#fastcgi_pass 127.0.0.1:9000;
}
}
EOF
ln -s /etc/nginx/sites-available/$domain /etc/nginx/sites-enabled/
sed -i 's/#cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/7.2/fpm/php.ini
ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/
##---------##
# PHP #
@@ -257,7 +181,7 @@ sed -i 's/#cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/7.2/fpm/php.ini
apt install -y php-fpm php-mysql php-cgi php-common php-pear php-mbstring php-curl php-gd php-intl php-soap php-xml php-xmlrpc php-zip
sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/7.2/fpm/php.ini
@@ -265,6 +189,8 @@ sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=500
sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/7.2/fpm/php.ini
sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/7.2/fpm/php.ini
sed -i 's/upload_max_filesize = 2/upload_max_filesize = 128/g' /etc/php/7.2/fpm/php.ini
sed -i 's/post_max_size = 8/post_max_size = 64/g' /etc/php/7.2/fpm/php.ini
##----------------##
# PHPMyAdmin #
@@ -276,9 +202,8 @@ debconf-set-selections <<< "phpmyadmin phpmyadmin/mysql/admin-pass password $pas
debconf-set-selections <<< "phpmyadmin phpmyadmin/mysql/app-pass password $passsword"
debconf-set-selections <<< "phpmyadmin phpmyadmin/reconfigure-webserver multiselect"
apt install -y phpmyadmin
ln -s /usr/share/phpmyadmin /var/www/"$domain"/html
# Redirect phpmyadmin -> database
mv /var/www/"$domain"/html/phpmyadmin /var/www/"$domain"/html/database
ln -s /usr/share/phpmyadmin /var/www/"$domain"/html/database
##-------------##
# Postfix #
@@ -301,11 +226,11 @@ newaliases
# Netdata #
##-------------##
if [ $netdata = 1 ]
then
if [ $netdata = 1 ]; then
apt install -y netdata
sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/g' /etc/netdata/health_alarm_notify.conf
ufw allow 19999/tcp
sed -i 's+#netdata here+location = /netdata {\n return 301 /netdata/;\n }\n\n location ~ /netdata/(?<ndpath>.*) {\n proxy_redirect off;\n proxy_set_header Host \$host;\n proxy_set_header X-Forwarded-Host \$host;\n proxy_set_header X-Forwarded-Server \$host;\n proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;\n proxy_http_version 1.1;\n proxy_pass_request_headers on;\n proxy_set_header Connection "keep-alive";\n proxy_store off;\n proxy_pass http://netdata/\$ndpath\$is_args\$args;\n }+g' /etc/nginx/sites-available/"$domain"
# systemctl stop netdata
# systemctl disable netdata
fi
@@ -314,8 +239,7 @@ fi
# Memcached #
##---------------##
if [ $memcached = 1 ]
then
if [ $memcached = 1 ]; then
apt install -y memcached
# systemctl stop memcached
# systemctl disable memcached
@@ -325,8 +249,7 @@ fi
# Redis #
##-----------##
if [ $redis = 1 ]
then
if [ $redis = 1 ]; then
apt install -y redis-server
sed -i 's/supervised no/supervised systemd/g' /etc/redis/redis.conf
sed -i 's/# bind 127.0.0.1 ::1/bind 127.0.0.1 ::1/g' /etc/redis/redis.conf
@@ -341,22 +264,20 @@ fi
# Certbot #
##-------------##
#add-apt-repository -y ppa:certbot/certbot
apt install -y python-certbot-nginx
#certbot --nginx -d $domain -d www.$domain
#sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
#sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"
#sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"
#check certbot auto-renewal -> certbot renew --dry-run
certbot --nginx -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"
sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"
##---------------##
# Wordpress #
##---------------##
if [ $wordpress = 1 ]
then
db_name="wp_1"
db_user="wp_1"
if [ $wordpress = 1 ]; then
db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1`
db_name="wp_$db_suffix"
db_user="wp_$db_suffix"
db_pass=$(date +%s|sha256sum|base64|head -c 32)
mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';"
@@ -365,7 +286,6 @@ if [ $wordpress = 1 ]
tar xzvf /tmp/wp.tar.gz -C /tmp
mv /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php
cp -a /tmp/wordpress/. /var/www/"$domain"/html
chown -R www-data:www-data /var/www/"$domain"/html
WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -)
cat <<EOF > /var/www/"$domain"/html/wp-config.php
<?php

39
README.md
View File

@@ -3,3 +3,42 @@ https://github.com/TimVNL/debian-setup-scripts
https://serverfault.com/questions/527630/what-is-the-different-usages-for-sites-available-vs-the-conf-d-directory-for-ngi
https://gist.github.com/TimVNL/b22cbdeea4b6f438ae5e90f75afed838
Brotli voor NGINX:
https://www.howtoforge.com/tutorial/how-to-install-nginx-with-brotli-compression-on-ubuntu-1804/
Werkend NGINX server block voor de reverse proxy:
```
server {
listen 80;
root /var/www/host.name/html;
index index.php index.html index.htm;
server_name host.name www.host.name;
location / {
proxy_pass http://server_ip:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
}
location ~ \.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|js|flv|swf|html|htm)(\\n|\?ver=[0-9.])$ {
return 200;
}
location ~ /\.ht {
deny all;
}
#listen 443 ssl;
#ssl_certificate /etc/letsencrypt/live/host.name/fullchain.pem;
#ssl_certificate_key /etc/letsencrypt/live/host.name/privkey.pem;
#include /etc/letsencrypt/options-ssl-nginx.conf;
#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
```

484
RevProxyAdvanced.sh
View File

@@ -1,158 +1,80 @@
#==============================================================================
# UBUNTU 18.04 BASH SCRIPT
# https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-as-a-web-server-and-reverse-proxy-for-apache-on-one-ubuntu-18-04-server
#==============================================================================
# apt update -y && apt upgrade -y && apt dist-upgrade -y
# do-release-upgrade -d
###============================================================
## Ubuntu 18.04 Apache NGINX Reverse Proxy Installer
###============================================================
## Zet comments hieronder:
#
#==============================================================================
#
#
##=============================================================
##----------##
# Menu #
##----------##
echo "Domein instellen als NGINX reverse proxy of als NGINX webserver?"
PS3='Keuze:'
options=("Reverse proxy" "Webserver")
select opt in "${options[@]}"
do
case $opt in
"Reverse proxy")
domain_setup=1
break;;
"Webserver")
domain_setup=2
break;;
*) echo "Fout commando $REPLY";;
esac
done
##----------------##
# Pre-Config #
##----------------##
# Set server IP variable for apache access
server_ip=$(hostname -I|cut -f1 -d ' ')
# Block direct apache acces
#ufw deny 8080/tcp
ufw deny 8080/tcp
# Setup domain folder
mkdir -p /var/www/"$domain"/public_html
mkdir -p /var/www/"$domain"/html
chmod -R 755 /var/www
#-------------------#
# APACHE + PHP-FPM #
#-------------------#
##============##
# Apache #
##============##
apt install -y apache2 php-fpm
wget https://mirrors.edge.kernel.org/ubuntu/pool/multiverse/liba/libapache-mod-fastcgi/libapache2-mod-fastcgi_2.4.7~0910052141-1.2_amd64.deb
dpkg -i libapache2-mod-fastcgi_2.4.7~0910052141-1.2_amd64.deb
mv /etc/apache2/ports.conf /etc/apache2/ports.conf.default
echo "Listen 8080" | tee /etc/apache2/ports.conf
echo "Listen 8080" | sudo tee /etc/apache2/ports.conf
a2dissite 000-default
cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/001-default.conf
sed -i 's/:80/:8080/g' /etc/apache2/sites-available/001-default.conf
a2ensite 001-default
systemctl reload apache2
netstat -tlpn
#-------------------#
# MYSQL #
#-------------------#
apt install -y mysql-server-5.7
mysql_secure_installation
mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
mysql -u root -p"$passwd" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$passwd"';"
mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;"
mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
apt install -y libapache2-mod-php php-fpm php-mysql php-cgi php-common php-pear php-mbstring php-curl php-gd php-intl php-soap php-xml php-xmlrpc php-zip
#-------------------#
# MOD_FASTCGI #
#-------------------#
##-----------------##
# Mod_FastCGI #
##-----------------##
#a2dismod php7.2
# a2enmod actions
# mv /etc/apache2/mods-enabled/fastcgi.conf /etc/apache2/mods-enabled/fastcgi.conf.default
# cat <<EOF > /etc/apache2/mods-enabled/fastcgi.conf
# <IfModule mod_fastcgi.c>
# AddHandler fastcgi-script .fcgi
# FastCgiIpcDir /var/lib/apache2/fastcgi
# AddType application/x-httpd-fastphp .php
# Action application/x-httpd-fastphp /php-fcgi
# Alias /php-fcgi /usr/lib/cgi-bin/php-fcgi
# FastCgiExternalServer /usr/lib/cgi-bin/php-fcgi -socket /run/php/php7.2-fpm.sock -pass-header Authorization
# <Directory /usr/lib/cgi-bin>
# Require all granted
# </Directory>
# </IfModule>
# EOF
# apachectl -t
# systemctl reload apache2
#-------------------#
# VHOST APACHE #
#-------------------#
mkdir -p /var/www/"$domain"/public_html
cat <<EOF > /etc/apache2/sites-available/"$domain".conf
<VirtualHost *:8080>
ServerAdmin $email
ServerName $domain
ServerAlias www.$domain
DocumentRoot /var/www/$domain/public_html/
ErrorLog \${APACHE_LOG_DIR}/error.log
CustomLog \${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
a2enmod actions
mv /etc/apache2/mods-enabled/fastcgi.conf /etc/apache2/mods-enabled/fastcgi.conf.default
cat <<EOF > /etc/apache2/mods-enabled/fastcgi.conf
<IfModule mod_fastcgi.c>
AddHandler fastcgi-script .fcgi
FastCgiIpcDir /var/lib/apache2/fastcgi
AddType application/x-httpd-fastphp .php
Action application/x-httpd-fastphp /php-fcgi
Alias /php-fcgi /usr/lib/cgi-bin/php-fcgi
FastCgiExternalServer /usr/lib/cgi-bin/php-fcgi -socket /run/php/php7.2-fpm.sock -pass-header Authorization
<Directory /usr/lib/cgi-bin>
Require all granted
</Directory>
</IfModule>
EOF
a2ensite $domain.conf
systemctl reload apache2
#-------------------#
# VHOST NGINX #
#-------------------#
apt install -y nginx
rm /etc/nginx/sites-enabled/default
#mkdir -p /usr/share/nginx/$domain2
#echo "<?php phpinfo(); ?>" | tee /usr/share/nginx/$domain2/info.php
#cat <<EOF > /etc/nginx/sites-available/$domain2.conf
#server {
# listen 80 default_server;
#
# root /usr/share/nginx/$domain2;
# index index.php index.html index.htm;
#
# server_name $domain www.$domain2;
# location / {
# try_files \$uri \$uri/ /index.php;
# }
#
# location ~ \.php\$ {
# fastcgi_pass unix:/run/php/php7.2-fpm.sock;
# include snippets/fastcgi-php.conf;
# }
#}
#EOF
#ln -s /etc/nginx/sites-available/$domain2 /etc/nginx/sites-enabled/$domain2
nginx -t
#-------------------#
# REVERSE PROXY #
#-------------------#
cat <<EOF > /etc/nginx/sites-available/"$domain"
server {
listen 80;
server_name $domain www.$domain;
root /var/www/$domain/public_html/;
index index.php index.htm index.html;
location / {
try_files \$uri \$uri/ /index.php;
}
location ~ \.php\$ {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
}
location ~ /\.ht {
deny all;
}
#listen 443 ssl;
#ssl_certificate /etc/letsencrypt/live/$domain/fullchain.pem;
#ssl_certificate_key /etc/letsencrypt/live/$domain/privkey.pem;
#include /etc/letsencrypt/options-ssl-nginx.conf;
#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
EOF
ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/"$domain"
nginx -t
systemctl reload nginx
#-------------------#
# MOD_RPAF #
#-------------------#
##--------------##
# Mod_RPAF #
##--------------##
apt install -y unzip build-essential apache2-dev
wget https://github.com/gnif/mod_rpaf/archive/stable.zip
@@ -167,40 +89,177 @@ cat <<EOF > /etc/apache2/mods-available/rpaf.conf
<IfModule mod_rpaf.c>
RPAF_Enable On
RPAF_Header X-Real-Ip
RPAF_ProxyIPs 127.0.0.1
RPAF_ProxyIPs $server_ip
RPAF_SetHostName On
RPAF_SetHTTPS On
RPAF_SetPort On
</IfModule>
EOF
a2enmod rpaf
apachectl -t
systemctl reload apache2
#-------------------#
# CERTBOT #
#-------------------#
##-------------------##
# Reverse Proxy #
##-------------------##
add-apt-repository -y ppa:certbot/certbot
apt update
apt install -y python-certbot-nginx
#certbot --nginx -d $domain -d www.$domain
if [ $domain_setup = 1 ]; then
cat <<EOF > /etc/apache2/sites-available/"$domain.conf"
<VirtualHost *:8080>
ServerName $domain
ServerAlias www.$domain
DocumentRoot /var/www/$domain/html
<Directory /var/www/$domain/html>
AllowOverride All
</Directory>
</VirtualHost>
EOF
a2ensite $domain
fi
#-------------------#
# PHPMYADMIN #
#-------------------#
apt install -y phpmyadmin
ln -s /usr/share/phpmyadmin /var/www/"$domain"/public_html
systemctl restart php7.2-fpm
# Redirect phpmyadmin -> database
mv /var/www/"$domain"/public_html/phpmyadmin /var/www/"$domain"/public_html/database
a2disconf phpmyadmin.conf
systemctl restart apache2
#-------------------#
# POSTFIX #
#-------------------#
##===========##
# NGINX #
##===========##
apt install -y nginx
rm /etc/nginx/sites-enabled/default
##-------------------##
# Reverse Proxy #
##-------------------##
if [ $domain_setup = 1 ]; then
cat <<EOF > /etc/nginx/sites-available/"$domain"
upstream netdata {
server 127.0.0.1:19999;
keepalive 64;
}
server {
listen 80;
root /var/www/$domain/html;
index index.php index.html index.htm;
server_name $domain www.$domain;
#netdata here
location / {
proxy_pass http://$server_ip:8080;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$remote_addr;
proxy_set_header Host \$host;
proxy_set_header X-Forwarded-Proto \$scheme;
}
location ~ \.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|js|flv|swf|html|htm)(\\n|\?ver=[0-9.])\$ {
return 200;
}
location ~ /\.ht {
deny all;
}
}
EOF
fi
##---------------##
# Webserver #
##---------------##
if [ $domain_setup = 2 ]; then
cat <<EOF > /etc/nginx/sites-available/"$domain"
upstream netdata {
server 127.0.0.1:19999;
keepalive 64;
}
server {
listen 80;
root /var/www/$domain/html;
index index.php index.html index.htm;
server_name $domain www.$domain;
#netdata here
location / {
try_files \$uri \$uri/ /index.php;
}
location ~ \.php\$ {
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
include snippets/fastcgi-php.conf;
}
}
EOF
fi
ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/"$domain"
##===========##
# Other #
##===========##
##-----------##
# MYSQL #
##-----------##
apt install -y mysql-server-5.7
# mysql_secure_installation automated
mysqladmin -u root password "$password"
mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')"
mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User=''"
mysql -u root -p"$password" -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'"
mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
mysql -u root -p"$password" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$password"';"
mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"
mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
##-------------##
# Certbot #
##-------------##
apt install -y python-certbot-nginx
certbot --nginx -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"
sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"
##---------##
# PHP #
##---------##
apt install -y php-mysql php-cgi php-common php-pear php-mbstring php-curl php-gd php-intl php-soap php-xml php-xmlrpc php-zip
sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.enable=1/opcache.enable=0/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=50000/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/7.2/fpm/php.ini
sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/7.2/fpm/php.ini
sed -i 's/upload_max_filesize = 2/upload_max_filesize = 128/g' /etc/php/7.2/fpm/php.ini
sed -i 's/post_max_size = 8/post_max_size = 64/g' /etc/php/7.2/fpm/php.ini
##----------------##
# PHPMyAdmin #
##----------------##
debconf-set-selections <<< "phpmyadmin phpmyadmin/dbconfig-install boolean true"
debconf-set-selections <<< "phpmyadmin phpmyadmin/app-password-confirm password $password"
debconf-set-selections <<< "phpmyadmin phpmyadmin/mysql/admin-pass password $password"
debconf-set-selections <<< "phpmyadmin phpmyadmin/mysql/app-pass password $passsword"
debconf-set-selections <<< "phpmyadmin phpmyadmin/reconfigure-webserver multiselect"
apt install -y phpmyadmin
# Redirect phpmyadmin -> database
ln -s /usr/share/phpmyadmin /var/www/"$domain"/html/database
##-------------##
# Postfix #
##-------------##
debconf-set-selections <<< "postfix postfix/mailname string $domain"
debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"
@@ -208,7 +267,6 @@ apt install -y mailutils
sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf
sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf
sed -i 's/relayhost =/mydestination = '$domain', localhost.'$domain', '$domain'/g' /etc/postfix/main.cf
systemctl restart postfix
cat <<EOF > /etc/aliases
# See man 5 aliases for format
postmaster: root
@@ -216,82 +274,61 @@ root: $email
EOF
newaliases
#-------------------#
# NETDATA #
#-------------------#
##-------------##
# Netdata #
##-------------##
if [ $netdata = 1 ]
then
if [ $netdata = 1 ]; then
apt install -y netdata
sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/g' /etc/netdata/health_alarm_notify.conf
ufw allow 19999/tcp
sed -i 's+#netdata here+location = /netdata {\n return 301 /netdata/;\n }\n\n location ~ /netdata/(?<ndpath>.*) {\n proxy_redirect off;\n proxy_set_header Host \$host;\n proxy_set_header X-Forwarded-Host \$host;\n proxy_set_header X-Forwarded-Server \$host;\n proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;\n proxy_http_version 1.1;\n proxy_pass_request_headers on;\n proxy_set_header Connection "keep-alive";\n proxy_store off;\n proxy_pass http://netdata/\$ndpath\$is_args\$args;\n }+g' /etc/nginx/sites-available/"$domain"
# systemctl stop netdata
# systemctl disable netdata
fi
#-------------------#
# MEMCACHED #
# 127.0.0.1:11211 #
#-------------------#
if [ $memcached = 1 ]
then
##---------------##
# Memcached #
##---------------##
if [ $memcached = 1 ]; then
apt install -y memcached
systemctl restart memcached
# systemctl stop memcached
# systemctl disable memcached
fi
#-------------------#
# REDIS #
# 127.0.0.1:6379 #
#-------------------#
##-----------##
# Redis #
##-----------##
if [ $redis = 1 ]
then
if [ $redis = 1 ]; then
apt install -y redis-server
sed -i 's/supervised no/supervised systemd/g' /etc/redis/redis.conf
sed -i 's/# bind 127.0.0.1 ::1/bind 127.0.0.1 ::1/g' /etc/redis/redis.conf
sed -i 's/# requirepass foobared/requirepass '$passwd'/g' /etc/redis/redis.conf
systemctl restart redis
systemctl restart redis.service
sed -i 's/# requirepass foobared/requirepass '$password'/g' /etc/redis/redis.conf
# systemctl stop redis
# systemctl stop redis.service
# systemctl disable redis
# systemctl disable redis.service
fi
#-------------------#
# PHP.ini #
#-------------------#
##---------------##
# Wordpress #
##---------------##
sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=50000/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/7.2/fpm/php.ini
sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/7.2/fpm/php.ini
systemctl restart php7.2-fpm.service
#-------------------#
# WP - INSTALL #
#-------------------#
if [ $wordpress = 1 ]
then
db_name="wp_1"
db_user="wp_1"
if [ $wordpress = 1 ]; then
db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1`
db_name="wp_$db_suffix"
db_user="wp_$db_suffix"
db_pass=$(date +%s|sha256sum|base64|head -c 32)
mysql -u root -p"$passwd" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
mysql -u root -p"$passwd" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';"
mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;"
mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';"
mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"
wget https://wordpress.org/latest.tar.gz -O /tmp/wp.tar.gz
tar xzvf /tmp/wp.tar.gz -C /tmp
mv /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php
cp -a /tmp/wordpress/. /var/www/"$domain"/public_html
chown -R www-data:www-data /var/www/"$domain"/public_html
cp -a /tmp/wordpress/. /var/www/"$domain"/html
WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -)
cat <<EOF > /var/www/"$domain"/public_html/wp-config.php
cat <<EOF > /var/www/"$domain"/html/wp-config.php
<?php
define('DB_NAME', '$db_name');
define('DB_USER', '$db_user');
@@ -328,29 +365,28 @@ if ( !defined('ABSPATH') )
# )
#);
#define('WP_REDIS_HOST', '127.0.0.1');
#define('WP_REDIS_PASSWORD', '$passwd');
#define('WP_REDIS_PASSWORD', '$password');
#define('WP_REDIS_PORT', '6379');
require_once(ABSPATH . 'wp-settings.php');
EOF
fi
#--------------------#
# WWW Folder Perms #
#--------------------#
chown -R www-data:www-data /var/www/"$domain"/html
#-------------------#
# OPCACHE GUI #
#-------------------#
##-----------------##
# Opcache GUI #
##-----------------##
wget https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php -O /var/www/"$domain"/html/opcache.php
#----------------#
# PHP.info #
#----------------#
##--------------##
# Info.php #
##--------------##
cat > /var/www/"$domain"/html/info.php <<- "EOF"
<?php
phpinfo();
<?php phpinfo();
EOF
##-----------------------##
# Html Folder Perms #
##-----------------------##
chown -R www-data:www-data /var/www/"$domain"/html

89
RevProxySimple.sh
View File

@@ -11,6 +11,8 @@
# Pre-Config #
##----------------##
# Set server IP variable for apache access
server_ip=$(hostname -I|cut -f1 -d ' ')
# Block direct apache acces
ufw deny 8080/tcp
# Setup domain folder
@@ -24,7 +26,10 @@ chmod -R 755 /var/www
apt install -y nginx mysql-server-5.7
# mysql_secure_installation automated
mysqladmin -u root password "$password"
<<<<<<< HEAD
mysql -u root -p"$password" -e "UPDATE mysql.user SET Password=PASSWORD('$password') WHERE User='root'"
=======
>>>>>>> dev
mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')"
mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User=''"
mysql -u root -p"$password" -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'"
@@ -34,28 +39,35 @@ mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"
mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
rm /etc/nginx/sites-enabled/default
cat <<EOF > /etc/nginx/sites-available/"$domain"
server {
listen 80;
root /var/www/$domain/html;
index index.html index.htm index.php;
server_name $domain www.$domain;
location / {
try_files \$uri \$uri/ /index.php;
upstream netdata {
server 127.0.0.1:19999;
keepalive 64;
}
location ~ \.php\$ {
server {
listen 80;
server_name $domain www.$domain;
root /var/www/$domain/html;
index index.php index.htm index.html;
#netdata here
location / {
proxy_pass http://$server_ip:8080;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$remote_addr;
proxy_set_header Host \$host;
proxy_pass http://127.0.0.1:8080;
proxy_set_header X-Forwarded-Proto \$scheme;
}
location ~ \.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|js|flv|swf|html|htm)(\\n|\?ver=[0-9.])\$ {
return 200;
}
location ~ /\.ht {
deny all;
}
}
EOF
ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/"$domain"
@@ -66,9 +78,9 @@ ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/"$domain"
apt install -y apache2
mv /etc/apache2/ports.conf /etc/apache2/ports.conf.default
echo "Listen 127.0.0.1:8080" | tee /etc/apache2/ports.conf
cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/"$domain".conf
cat <<EOF > /etc/apache2/sites-available/"$domain".conf
echo "Listen 8080" | tee /etc/apache2/ports.conf
cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/"$domain.conf"
cat <<EOF > /etc/apache2/sites-available/"$domain.conf"
<VirtualHost *:8080>
ServerAdmin $email
ServerName $domain
@@ -94,6 +106,8 @@ sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=500
sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/7.2/apache2/php.ini
sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/7.2/apache2/php.ini
sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/7.2/apache2/php.ini
sed -i 's/upload_max_filesize = 2/upload_max_filesize = 128/g' /etc/php/7.2/fpm/php.ini
sed -i 's/post_max_size = 8/post_max_size = 64/g' /etc/php/7.2/fpm/php.ini
##----------------##
# PHPMyAdmin #
@@ -105,10 +119,8 @@ debconf-set-selections <<< "phpmyadmin phpmyadmin/mysql/admin-pass password $pas
debconf-set-selections <<< "phpmyadmin phpmyadmin/mysql/app-pass password $passsword"
debconf-set-selections <<< "phpmyadmin phpmyadmin/reconfigure-webserver multiselect"
apt install -y phpmyadmin
ln -s /usr/share/phpmyadmin /var/www/"$domain"/html/phpmyadmin
# Redirect phpmyadmin -> database
mv /var/www/"$domain"/html/phpmyadmin /var/www/"$domain"/html/database
a2disconf phpmyadmin.conf
ln -s /usr/share/phpmyadmin /var/www/"$domain"/html/database
##-------------##
# Postfix #
@@ -131,11 +143,11 @@ newaliases
# Netdata #
##-------------##
if [ $netdata = 1 ]
then
if [ $netdata = 1 ]; then
apt install -y netdata
sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/g' /etc/netdata/health_alarm_notify.conf
ufw allow 19999/tcp
sed -i 's+#netdata here+location = /netdata {\n return 301 /netdata/;\n }\n\n location ~ /netdata/(?<ndpath>.*) {\n proxy_redirect off;\n proxy_set_header Host \$host;\n proxy_set_header X-Forwarded-Host \$host;\n proxy_set_header X-Forwarded-Server \$host;\n proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;\n proxy_http_version 1.1;\n proxy_pass_request_headers on;\n proxy_set_header Connection "keep-alive";\n proxy_store off;\n proxy_pass http://netdata/\$ndpath\$is_args\$args;\n }+g' /etc/nginx/sites-available/"$domain"
# systemctl stop netdata
# systemctl disable netdata
fi
@@ -144,8 +156,7 @@ fi
# Memcached #
##---------------##
if [ $memcached = 1 ]
then
if [ $memcached = 1 ]; then
apt install -y memcached
# systemctl stop memcached
# systemctl disable memcached
@@ -155,37 +166,33 @@ fi
# Redis #
##-----------##
if [ $redis = 1 ]
then
if [ $redis = 1 ]; then
apt install -y redis-server
sed -i 's/supervised no/supervised systemd/g' /etc/redis/redis.conf
sed -i 's/# bind 127.0.0.1 ::1/bind 127.0.0.1 ::1/g' /etc/redis/redis.conf
sed -i 's/# requirepass foobared/requirepass '$password'/g' /etc/redis/redis.conf
# systemctl stop redis
# systemctl stop redis.service
# systemctl disable redis
# systemctl disable redis.service
fi
##-------------##
# Certbot #
##-------------##
#add-apt-repository -y ppa:certbot/certbot
apt install -y python-certbot-apache
#certbot --apache -d $domain -d www.$domain
#sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/apache2/sites-available/"$domain"
#sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/apache2/sites-available/"$domain"
#sed -i 's#include /etc/letsencrypt/options-ssl-apache.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/apache2/sites-available/"$domain"
apt install -y python-certbot-nginx
certbot --nginx -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"
sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"
##---------------##
# Wordpress #
##---------------##
if [ $wordpress = 1 ]
then
db_name="wp_1"
db_user="wp_1"
if [ $wordpress = 1 ]; then
db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1`
db_name="wp_$db_suffix"
db_user="wp_$db_suffix"
db_pass=$(date +%s|sha256sum|base64|head -c 32)
mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';"
@@ -226,6 +233,16 @@ define('WP_DEBUG', false);
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
/**
* Handle SSL reverse proxy
*/
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
$_SERVER['HTTPS']='on';
if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) {
$_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_HOST'];
}
#\$memcached_servers = array(
# 'default' => array(
# '127.0.0.1:11211'