Work_Archive/VPS-scripts_Ubuntu-Web-V1
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Update 'RevProxyAdvanced.sh'

Browse Source
This commit is contained in:
tbergervoet
2018-09-25 13:41:49 +00:00
parent 076281575b
commit d1d7a09ded
1 changed files with 190 additions and 176 deletions
Download Patch File Download Diff File Expand all files Collapse all files

330
RevProxyAdvanced.sh
View File

@@ -1,22 +1,48 @@
#==============================================================================
# UBUNTU 18.04 BASH SCRIPT
# https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-as-a-web-server-and-reverse-proxy-for-apache-on-one-ubuntu-18-04-server
#==============================================================================
# apt update -y && apt upgrade -y && apt dist-upgrade -y
# do-release-upgrade -d
###============================================================
## Ubuntu 18.04 Apache NGINX Reverse Proxy Installer
###============================================================
## Zet comments hieronder:
#
#==============================================================================
#
#
##=============================================================
##----------##
# Menu #
##----------##
echo "Domein instellen als NGINX reverse proxy of als NGINX webserver?"
PS3='Keuze:'
options=("Reverse proxy" "Webserver")
select opt in "${options[@]}"
do
case $opt in
"Reverse proxy")
domain_setup=1
break;;
"Webserver")
domain_setup=2
break;;
*) echo "Fout commando $REPLY";;
esac
done
##----------------##
# Pre-Config #
##----------------##
# Set server IP variable for apache access
server_ip=$(hostname -I|cut -f1 -d ' ')
# Block direct apache acces
#ufw deny 8080/tcp
ufw deny 8080/tcp
# Setup domain folder
mkdir -p /var/www/"$domain"/public_html
mkdir -p /var/www/"$domain"/html
chmod -R 755 /var/www
#-------------------#
# APACHE + PHP-FPM #
#-------------------#
##------------##
# APACHE #
##------------##
apt install -y apache2 php-fpm
wget https://mirrors.edge.kernel.org/ubuntu/pool/multiverse/liba/libapache-mod-fastcgi/libapache2-mod-fastcgi_2.4.7~0910052141-1.2_amd64.deb
@@ -27,100 +53,92 @@ a2dissite 000-default
cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/001-default.conf
sed -i 's/:80/:8080/g' /etc/apache2/sites-available/001-default.conf
a2ensite 001-default
systemctl reload apache2
netstat -tlpn
#-------------------#
# MYSQL #
#-------------------#
apt install -y mysql-server-5.7
mysql_secure_installation
mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
mysql -u root -p"$passwd" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$passwd"';"
mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;"
mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
apt install -y libapache2-mod-php php-fpm php-mysql php-cgi php-common php-pear php-mbstring php-curl php-gd php-intl php-soap php-xml php-xmlrpc php-zip
#-------------------#
# MOD_FASTCGI #
#-------------------#
#a2dismod php7.2
# a2enmod actions
# mv /etc/apache2/mods-enabled/fastcgi.conf /etc/apache2/mods-enabled/fastcgi.conf.default
# cat <<EOF > /etc/apache2/mods-enabled/fastcgi.conf
# <IfModule mod_fastcgi.c>
# AddHandler fastcgi-script .fcgi
# FastCgiIpcDir /var/lib/apache2/fastcgi
# AddType application/x-httpd-fastphp .php
# Action application/x-httpd-fastphp /php-fcgi
# Alias /php-fcgi /usr/lib/cgi-bin/php-fcgi
# FastCgiExternalServer /usr/lib/cgi-bin/php-fcgi -socket /run/php/php7.2-fpm.sock -pass-header Authorization
# <Directory /usr/lib/cgi-bin>
# Require all granted
# </Directory>
# </IfModule>
# EOF
# apachectl -t
# systemctl reload apache2
#-------------------#
# VHOST APACHE #
#-------------------#
mkdir -p /var/www/"$domain"/public_html
cat <<EOF > /etc/apache2/sites-available/"$domain".conf
<VirtualHost *:8080>
ServerAdmin $email
ServerName $domain
ServerAlias www.$domain
DocumentRoot /var/www/$domain/public_html/
DocumentRoot /var/www/$domain/html
ErrorLog \${APACHE_LOG_DIR}/error.log
CustomLog \${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
EOF
a2ensite $domain.conf
systemctl reload apache2
a2ensite $domain
#-------------------#
# VHOST NGINX #
#-------------------#
##-----------##
# MYSQL #
##-----------##
apt install -y mysql-server-5.7
# mysql_secure_installation automated
mysqladmin -u root password "$password"
mysql -u root -p"$password" -e "UPDATE mysql.user SET Password=PASSWORD('$password') WHERE User='root'"
mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')"
mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User=''"
mysql -u root -p"$password" -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'"
mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
mysql -u root -p"$password" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$password"';"
mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"
mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
##-----------------##
# MOD_FASTCGI #
##-----------------##
a2dismod php7.2
a2enmod actions
mv /etc/apache2/mods-enabled/fastcgi.conf /etc/apache2/mods-enabled/fastcgi.conf.default
cat <<EOF > /etc/apache2/mods-enabled/fastcgi.conf
<IfModule mod_fastcgi.c>
AddHandler fastcgi-script .fcgi
FastCgiIpcDir /var/lib/apache2/fastcgi
AddType application/x-httpd-fastphp .php
Action application/x-httpd-fastphp /php-fcgi
Alias /php-fcgi /usr/lib/cgi-bin/php-fcgi
FastCgiExternalServer /usr/lib/cgi-bin/php-fcgi -socket /run/php/php7.2-fpm.sock -pass-header Authorization
<Directory /usr/lib/cgi-bin>
Require all granted
</Directory>
</IfModule>
EOF
##-----------##
# NGINX #
##-----------##
apt install -y nginx
rm /etc/nginx/sites-enabled/default
#mkdir -p /usr/share/nginx/$domain2
#echo "<?php phpinfo(); ?>" | tee /usr/share/nginx/$domain2/info.php
#cat <<EOF > /etc/nginx/sites-available/$domain2.conf
#server {
# listen 80 default_server;
#
# root /usr/share/nginx/$domain2;
# index index.php index.html index.htm;
#
# server_name $domain www.$domain2;
# location / {
# try_files \$uri \$uri/ /index.php;
# }
#
# location ~ \.php\$ {
# fastcgi_pass unix:/run/php/php7.2-fpm.sock;
# include snippets/fastcgi-php.conf;
# }
#}
#EOF
#ln -s /etc/nginx/sites-available/$domain2 /etc/nginx/sites-enabled/$domain2
nginx -t
cat <<EOF > /etc/nginx/sites-available/$domain.conf
server {
listen 80 default_server;
#-------------------#
# REVERSE PROXY #
#-------------------#
root /var/www/$domain/html;
index index.php index.html index.htm;
server_name $domain www.$domain;
location / {
try_files \$uri \$uri/ /index.php;
}
location ~ \.php\$ {
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
include snippets/fastcgi-php.conf;
}
}
EOF
ln -s /etc/nginx/sites-available/$domain /etc/nginx/sites-enabled/$domain
##-------------------##
# Reverse Proxy #
##-------------------##
if [ $domain_setup =1 ]
then
cat <<EOF > /etc/nginx/sites-available/"$domain"
server {
listen 80;
server_name $domain www.$domain;
root /var/www/$domain/public_html/;
root /var/www/$domain/html/;
index index.php index.htm index.html;
location / {
@@ -128,7 +146,7 @@ server {
}
location ~ \.php\$ {
proxy_pass http://127.0.0.1:8080;
proxy_pass http://$server_ip:8080;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
@@ -147,8 +165,7 @@ server {
}
EOF
ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/"$domain"
nginx -t
systemctl reload nginx
fi
#-------------------#
# MOD_RPAF #
@@ -167,40 +184,56 @@ cat <<EOF > /etc/apache2/mods-available/rpaf.conf
<IfModule mod_rpaf.c>
RPAF_Enable On
RPAF_Header X-Real-Ip
RPAF_ProxyIPs 127.0.0.1
RPAF_ProxyIPs $server_ip
RPAF_SetHostName On
RPAF_SetHTTPS On
RPAF_SetPort On
</IfModule>
EOF
a2enmod rpaf
apachectl -t
systemctl reload apache2
#-------------------#
# CERTBOT #
#-------------------#
##-------------##
# Certbot #
##-------------##
add-apt-repository -y ppa:certbot/certbot
apt update
apt install -y python-certbot-nginx
#certbot --nginx -d $domain -d www.$domain
#sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
#sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"
#sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"
#-------------------#
# PHPMYADMIN #
#-------------------#
##---------##
# PHP #
##---------##
apt install -y libapache2-mod-php php-fpm php-mysql php-cgi php-common php-pear php-mbstring php-curl php-gd php-intl php-soap php-xml php-xmlrpc php-zip
sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' /etc/php/7.2/apache2/php.ini
sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/7.2/apache2/php.ini
sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/7.2/apache2/php.ini
sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=50000/g' /etc/php/7.2/apache2/php.ini
sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/7.2/apache2/php.ini
sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/7.2/apache2/php.ini
sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/7.2/apache2/php.ini
##----------------##
# PHPMyAdmin #
##----------------##
debconf-set-selections <<< "phpmyadmin phpmyadmin/dbconfig-install boolean true"
debconf-set-selections <<< "phpmyadmin phpmyadmin/app-password-confirm password $password"
debconf-set-selections <<< "phpmyadmin phpmyadmin/mysql/admin-pass password $password"
debconf-set-selections <<< "phpmyadmin phpmyadmin/mysql/app-pass password $passsword"
debconf-set-selections <<< "phpmyadmin phpmyadmin/reconfigure-webserver multiselect"
apt install -y phpmyadmin
ln -s /usr/share/phpmyadmin /var/www/"$domain"/public_html
systemctl restart php7.2-fpm
ln -s /usr/share/phpmyadmin /var/www/"$domain"/html/phpmyadmin
# Redirect phpmyadmin -> database
mv /var/www/"$domain"/public_html/phpmyadmin /var/www/"$domain"/public_html/database
mv /var/www/"$domain"/html/phpmyadmin /var/www/"$domain"/html/database
a2disconf phpmyadmin.conf
systemctl restart apache2
#-------------------#
# POSTFIX #
#-------------------#
##-------------##
# Postfix #
##-------------##
debconf-set-selections <<< "postfix postfix/mailname string $domain"
debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"
@@ -208,7 +241,6 @@ apt install -y mailutils
sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf
sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf
sed -i 's/relayhost =/mydestination = '$domain', localhost.'$domain', '$domain'/g' /etc/postfix/main.cf
systemctl restart postfix
cat <<EOF > /etc/aliases
# See man 5 aliases for format
postmaster: root
@@ -216,82 +248,64 @@ root: $email
EOF
newaliases
#-------------------#
# NETDATA #
#-------------------#
##-------------##
# Netdata #
##-------------##
if [ $netdata = 1 ]
then
apt install -y netdata
sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/g' /etc/netdata/health_alarm_notify.conf
ufw allow 19999/tcp
# systemctl stop netdata
# systemctl disable netdata
fi
#-------------------#
# MEMCACHED #
# 127.0.0.1:11211 #
#-------------------#
##---------------##
# Memcached #
##---------------##
if [ $memcached = 1 ]
then
apt install -y memcached
systemctl restart memcached
# systemctl stop memcached
# systemctl disable memcached
fi
#-------------------#
# REDIS #
# 127.0.0.1:6379 #
#-------------------#
##-----------##
# Redis #
##-----------##
if [ $redis = 1 ]
then
apt install -y redis-server
sed -i 's/supervised no/supervised systemd/g' /etc/redis/redis.conf
sed -i 's/# bind 127.0.0.1 ::1/bind 127.0.0.1 ::1/g' /etc/redis/redis.conf
sed -i 's/# requirepass foobared/requirepass '$passwd'/g' /etc/redis/redis.conf
systemctl restart redis
systemctl restart redis.service
sed -i 's/# requirepass foobared/requirepass '$password'/g' /etc/redis/redis.conf
# systemctl stop redis
# systemctl stop redis.service
# systemctl disable redis
# systemctl disable redis.service
fi
#-------------------#
# PHP.ini #
#-------------------#
sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=50000/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/7.2/fpm/php.ini
sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/7.2/fpm/php.ini
systemctl restart php7.2-fpm.service
#-------------------#
# WP - INSTALL #
#-------------------#
##---------------##
# Wordpress #
##---------------##
if [ $wordpress = 1 ]
then
db_name="wp_1"
db_user="wp_1"
db_pass=$(date +%s|sha256sum|base64|head -c 32)
mysql -u root -p"$passwd" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
mysql -u root -p"$passwd" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';"
mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;"
mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';"
mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"
wget https://wordpress.org/latest.tar.gz -O /tmp/wp.tar.gz
tar xzvf /tmp/wp.tar.gz -C /tmp
mv /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php
cp -a /tmp/wordpress/. /var/www/"$domain"/public_html
chown -R www-data:www-data /var/www/"$domain"/public_html
cp -a /tmp/wordpress/. /var/www/"$domain"/html
WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -)
cat <<EOF > /var/www/"$domain"/public_html/wp-config.php
cat <<EOF > /var/www/"$domain"/html/wp-config.php
<?php
define('DB_NAME', '$db_name');
define('DB_USER', '$db_user');
@@ -328,29 +342,29 @@ if ( !defined('ABSPATH') )
# )
#);
#define('WP_REDIS_HOST', '127.0.0.1');
#define('WP_REDIS_PASSWORD', '$passwd');
#define('WP_REDIS_PASSWORD', '$password');
#define('WP_REDIS_PORT', '6379');
require_once(ABSPATH . 'wp-settings.php');
EOF
fi
#--------------------#
# WWW Folder Perms #
#--------------------#
chown -R www-data:www-data /var/www/"$domain"/html
#-------------------#
# OPCACHE GUI #
#-------------------#
##-----------------##
# Opcache GUI #
##-----------------##
wget https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php -O /var/www/"$domain"/html/opcache.php
#----------------#
# PHP.info #
#----------------#
##--------------##
# Info.php #
##--------------##
cat > /var/www/"$domain"/html/info.php <<- "EOF"
<?php
phpinfo();
EOF
##-----------------------##
# Html Folder Perms #
##-----------------------##
chown -R www-data:www-data /var/www/"$domain"/html