From f304a1e39dd620ea610aad9afaefb92ff1083937 Mon Sep 17 00:00:00 2001 From: ictmaatwerk Date: Wed, 12 Sep 2018 12:58:44 +0000 Subject: [PATCH] 'NGINX-Installer.sh' updaten --- NGINX-Installer.sh | 204 ++++++++++++++++++++++----------------------- 1 file changed, 101 insertions(+), 103 deletions(-) diff --git a/NGINX-Installer.sh b/NGINX-Installer.sh index e4c546b..639903c 100644 --- a/NGINX-Installer.sh +++ b/NGINX-Installer.sh @@ -12,14 +12,13 @@ # LEMP # #-------------------# -apt install nginx mysql-server-5.7 -y -ufw allow 'Nginx HTTP' +apt install -y nginx mysql-server-5.7 mysql_secure_installation mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;" mysql -u root -p"$passwd" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$passwd"';" mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;" mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;" -apt install php-fpm php-mysql php-cgi php-common php-pear php-mbstring php-curl php-gd php-intl php-soap php-xml php-xmlrpc php-zip -y +apt install -y php-fpm php-mysql php-cgi php-common php-pear php-mbstring php-curl php-gd php-intl php-soap php-xml php-xmlrpc php-zip #-------------------# # NGINX CONFIG # @@ -31,19 +30,19 @@ cat < /etc/nginx/sites-available/$domain fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=MYAPP:100m max_size=10g inactive=1440m; server { - listen 80; - listen [::]:80; - root /var/www/$domain/html; - index index.php index.html index.htm index.nginx-debian.html; - server_name $domain www.$domain; - #return 301 \$scheme:/\$domain\$request_uri; Redirect to non-www - #return 301 https://domein.nl$request_uri; Redirect to other domain + listen 80; + listen [::]:80; + root /var/www/$domain/html; + index index.php index.html index.htm index.nginx-debian.html; + server_name $domain www.$domain; + #return 301 \$scheme:/\$domain\$request_uri; Redirect to non-www + #return 301 https://domein.nl$request_uri; Redirect to other domain - location = /netdata { + location = /netdata { return 301 /netdata/; - } + } - location ~ /netdata/(?.*) { + location ~ /netdata/(?.*) { proxy_redirect off; proxy_set_header Host \$host; @@ -55,80 +54,76 @@ server { proxy_set_header Connection "keep-alive"; proxy_store off; proxy_pass http://netdata/\$ndpath\$is_args\$args; - } - gzip on; - gzip_proxied any; - gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml; - gzip_min_length 1000; - gzip_comp_level 2; - gzip_disable "msie6"; - gzip_buffers 16 8k; + } + gzip on; + gzip_proxied any; + gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml; + gzip_min_length 1000; + gzip_comp_level 2; + gzip_disable "msie6"; + gzip_buffers 16 8k; - location / { - #try_files \$uri \$uri/ =404; - try_files \$uri \$uri/ /index.php\$is_args\$args; - } + location / { + #try_files \$uri \$uri/ =404; + try_files \$uri \$uri/ /index.php\$is_args\$args; + } - location = /favicon.ico { log_not_found off; access_log off; } - location = /robots.txt { log_not_found off; access_log off; allow all; } - location ~* \.(css|gif|ico|jpeg|jpg|js|png|svg|eot|otf|woff|woff2|ttf|ogg)$ { + location = /favicon.ico { log_not_found off; access_log off; } + location = /robots.txt { log_not_found off; access_log off; allow all; } + location ~* \.(css|gif|ico|jpeg|jpg|js|png|svg|eot|otf|woff|woff2|ttf|ogg)$ { expires max; log_not_found off; - } - - location ~ \.php$ { - include snippets/fastcgi-php.conf; - fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; - fastcgi_cache MYAPP; - fastcgi_cache_valid 200 302 301 1m; - fastcgi_cache_valid 404 1m; - fastcgi_cache_bypass \$no_cache; - fastcgi_no_cache \$no_cache; - fastcgi_cache_revalidate on; - fastcgi_cache_background_update on; - fastcgi_cache_lock on; - fastcgi_cache_use_stale updating; - fastcgi_buffer_size 128k; - fastcgi_buffers 256 16k; - fastcgi_busy_buffers_size 256k; - fastcgi_temp_file_write_size 256k; - } + } - location ~ /\.ht { - deny all; - } + location ~ \.php$ { + include snippets/fastcgi-php.conf; + fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 302 301 1m; + fastcgi_cache_valid 404 1m; + fastcgi_cache_bypass \$no_cache; + fastcgi_no_cache \$no_cache; + fastcgi_cache_revalidate on; + fastcgi_cache_background_update on; + fastcgi_cache_lock on; + fastcgi_cache_use_stale updating; + fastcgi_buffer_size 128k; + fastcgi_buffers 256 16k; + fastcgi_busy_buffers_size 256k; + fastcgi_temp_file_write_size 256k; + } - location /phpmyadmin { - index index.php; - } + location ~ /\.ht { + deny all; + } - #Cache everything by default - set \$no_cache 0; + location /phpmyadmin { + index index.php; + } - #Don't cache POST requests - if (\$request_method = POST) - { - set \$no_cache 1; - } + #Cache everything by default + set \$no_cache 0; - #Don't cache if the URL contains a query string - if (\$query_string != "") - { - set \$no_cache 1; - } + #Don't cache POST requests + if (\$request_method = POST) { + set \$no_cache 1; + } - #Don't cache the following URLs - if (\$request_uri ~* "/(administrator/|login.php)") - { - set \$no_cache 1; - } + #Don't cache if the URL contains a query string + if (\$query_string != "") { + set \$no_cache 1; + } - #Don't cache if there is a cookie called PHPSESSID - if (\$http_cookie = "PHPSESSID") - { - set \$no_cache 1; - } + #Don't cache the following URLs + if (\$request_uri ~* "/(administrator/|login.php)") { + set \$no_cache 1; + } + + #Don't cache if there is a cookie called PHPSESSID + if (\$http_cookie = "PHPSESSID") { + set \$no_cache 1; + } } EOF cat < /etc/nginx/nginx.conf @@ -145,14 +140,14 @@ http { fastcgi_cache_key \$scheme\$request_method\$host\$request_uri; add_header X-Cache "\$upstream_cache_status"; - + sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; # server_tokens off; - + client_body_buffer_size 10K; client_header_buffer_size 1k; client_max_body_size 8m; @@ -186,27 +181,27 @@ http { } EOF cat < /etc/nginx/sites-available/default - #fastcgi_cache_key \$scheme\$request_method\$host\$request_uri; - #add_header X-Cache "\$upstream_cache_status"; - - #add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - #ssl_session_cache shared:SSL:20m; - #ssl_session_timeout 180m; - #client_body_buffer_size 10K; - #client_header_buffer_size 1k; - #client_max_body_size 8m; - #large_client_header_buffers 4 4k; - #access_log off; - - upstream netdata { +#fastcgi_cache_key \$scheme\$request_method\$host\$request_uri; +#add_header X-Cache "\$upstream_cache_status"; + +#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; +#ssl_session_cache shared:SSL:20m; +#ssl_session_timeout 180m; +#client_body_buffer_size 10K; +#client_header_buffer_size 1k; +#client_max_body_size 8m; +#large_client_header_buffers 4 4k; +#access_log off; + +upstream netdata { server 127.0.0.1:19999; keepalive 64; } - - server { + +server { listen 80 default_server; listen [::]:80 default_server; - + location = /netdata { return 301 /netdata/; } @@ -237,11 +232,11 @@ cat < /etc/nginx/sites-available/default location / { try_files \$uri \$uri/ =404; } - + # pass PHP scripts to FastCGI server - location ~ \.php$ { + location ~ \.php\$ { include snippets/fastcgi-php.conf; - + # With php-fpm (or other unix sockets): fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; # With php-cgi (or other tcp sockets): @@ -257,7 +252,7 @@ systemctl reload nginx # PHPMYADMIN # #-------------------# -apt-get install phpmyadmin -y +apt install -y phpmyadmin ln -s /usr/share/phpmyadmin /var/www/"$domain"/html systemctl restart php7.2-fpm # Redirect phpmyadmin -> database @@ -267,7 +262,9 @@ mv /var/www/"$domain"/html/phpmyadmin /var/www/"$domain"/html/database # POSTFIX # #-------------------# -apt install mailutils -y +debconf-set-selections <<< "postfix postfix/mailname string $domain" +debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'" +apt install -y mailutils sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf sed -i 's/relayhost =/mydestination = '$domain', localhost.'$domain', '$domain'/g' /etc/postfix/main.cf @@ -284,7 +281,7 @@ newaliases #-------------------# if [ $netdata = 1 ] then - bash <(curl -Ss https://my-netdata.io/kickstart.sh) + apt install -y netdata ufw allow 19999/tcp # systemctl stop netdata # systemctl disable netdata @@ -296,7 +293,7 @@ fi #-------------------# if [ $memcached = 1 ] then - apt-get install memcached -y + apt install -y memcached systemctl restart memcached # systemctl stop memcached # systemctl disable memcached @@ -307,7 +304,7 @@ fi #-------------------# if [ $redis = 1 ] then - apt install redis-server -y + apt install -y redis-server sed -i 's/supervised no/supervised systemd/g' /etc/redis/redis.conf sed -i 's/# bind 127.0.0.1 ::1/bind 127.0.0.1 ::1/g' /etc/redis/redis.conf sed -i 's/# requirepass foobared/requirepass '$passwd'/g' /etc/redis/redis.conf @@ -322,8 +319,9 @@ fi # CERTBOT # #-------------------# -add-apt-repository ppa:certbot/certbot -apt install python-certbot-nginx -y +add-apt-repository -y ppa:certbot/certbot +apt update +apt install -y python-certbot-nginx #certbot --nginx -d $domain -d www.$domain #sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain" #sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"