From d4503cc4759b5d593b1f5831340d986f617bd9ee Mon Sep 17 00:00:00 2001
From: tbergervoet <t.bergervoet@ictmaatwerk.com>
Date: Wed, 3 Oct 2018 15:50:19 +0200
Subject: [PATCH] Update 'RevProxySimple.sh'

---
 RevProxySimple.sh | 25 ++++++++++---------------
 1 file changed, 10 insertions(+), 15 deletions(-)

diff --git a/RevProxySimple.sh b/RevProxySimple.sh
index 35fd1ff..495e9d8 100644
--- a/RevProxySimple.sh
+++ b/RevProxySimple.sh
@@ -42,6 +42,8 @@ server {
     root /var/www/$domain/html;
     index index.php index.htm index.html;
     
+    #netdata here
+    
     location / {
         proxy_pass http://$server_ip:8080;
         proxy_set_header X-Real-IP  \$remote_addr;
@@ -57,11 +59,6 @@ server {
         deny all;
     }
     
-    #listen 443 ssl;
-    #ssl_certificate /etc/letsencrypt/live/$domain/fullchain.pem;
-    #ssl_certificate_key /etc/letsencrypt/live/$domain/privkey.pem;
-    #include /etc/letsencrypt/options-ssl-nginx.conf;
-    #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 }
 EOF
 ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/"$domain"
@@ -100,6 +97,8 @@ sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=500
 sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/7.2/apache2/php.ini
 sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/7.2/apache2/php.ini
 sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/7.2/apache2/php.ini
+sed -i 's/upload_max_filesize = 2/upload_max_filesize = 128/g' /etc/php/7.2/fpm/php.ini
+sed -i 's/post_max_size = 8/post_max_size = 64/g' /etc/php/7.2/fpm/php.ini
 
 ##----------------##
 #    PHPMyAdmin    #
@@ -111,10 +110,8 @@ debconf-set-selections <<< "phpmyadmin phpmyadmin/mysql/admin-pass password $pas
 debconf-set-selections <<< "phpmyadmin phpmyadmin/mysql/app-pass password $passsword"
 debconf-set-selections <<< "phpmyadmin phpmyadmin/reconfigure-webserver multiselect"
 apt install -y phpmyadmin
-ln -s /usr/share/phpmyadmin /var/www/"$domain"/html/phpmyadmin
 # Redirect phpmyadmin -> database
-mv /var/www/"$domain"/html/phpmyadmin /var/www/"$domain"/html/database
-a2disconf phpmyadmin.conf
+ln -s /usr/share/phpmyadmin /var/www/"$domain"/html/database
 
 ##-------------##
 #    Postfix    #
@@ -142,6 +139,7 @@ if [ $netdata = 1 ]
     apt install -y netdata
     sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/g' /etc/netdata/health_alarm_notify.conf
     ufw allow 19999/tcp
+    sed -i 's+#netdata here+location = /netdata {\n        return 301 /netdata/;\n    }\n\n    location ~ /netdata/(?<ndpath>.*) {\n        proxy_redirect off;\n        proxy_set_header Host \$host;\n        proxy_set_header X-Forwarded-Host \$host;\n        proxy_set_header X-Forwarded-Server \$host;\n        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;\n        proxy_http_version 1.1;\n        proxy_pass_request_headers on;\n        proxy_set_header Connection "keep-alive";\n        proxy_store off;\n        proxy_pass http://netdata/\$ndpath\$is_args\$args;\n    }+g' /etc/nginx/sites-available/"$domain"
     # systemctl stop netdata
     # systemctl disable netdata
 fi
@@ -168,21 +166,18 @@ if [ $redis = 1 ]
     sed -i 's/# bind 127.0.0.1 ::1/bind 127.0.0.1 ::1/g' /etc/redis/redis.conf
     sed -i 's/# requirepass foobared/requirepass '$password'/g' /etc/redis/redis.conf
     # systemctl stop redis
-    # systemctl stop redis.service
     # systemctl disable redis
-    # systemctl disable redis.service
 fi
 
 ##-------------##
 #    Certbot    #
 ##-------------##
 
-#add-apt-repository -y ppa:certbot/certbot
 apt install -y python-certbot-nginx
-#certbot --nginx -d $domain -d www.$domain
-#sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
-#sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"
-#sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"
+certbot --nginx -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
+sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
+sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"
+sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"
 
 ##---------------##
 #    Wordpress    #