Work_Archive/VPS-scripts_Ubuntu-Web-V1
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Comment LetsEncrypt Fix

Browse Source 
source for fix:
https://community.letsencrypt.org/t/404-on-all-wordpress-pages-except-home-and-admin-pages/41477
https://serverfault.com/questions/203550/htaccess-is-ignored-even-though-virtualhost-has-allowoverride-all
This commit is contained in:
Bram Prieshof
2018-09-06 10:54:04 +00:00
parent 388c1dface
commit f360f1513d
1 changed files with 290 additions and 280 deletions
Download Patch File Download Diff File Expand all files Collapse all files

570
resources/Apache_v1.0.sh
View File

@@ -1,280 +1,290 @@
#============================================================================== #==============================================================================
# UBUNTU 18.04 BASH SCRIPT # UBUNTU 18.04 BASH SCRIPT
#============================================================================== #==============================================================================
# apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y # apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y
# do-release-upgrade -d # do-release-upgrade -d
# #
#============================================================================== #==============================================================================
echo Welk domein mag gekoppeld worden? Typ domein zonder www echo Welk domein mag gekoppeld worden? Typ domein zonder www
read domain read domain
echo Standaard wachtwoord echo Standaard wachtwoord
read passwd read passwd
echo administrator email echo administrator email
read email read email
apt-get update apt-get update
apt-get upgrade -y apt-get upgrade -y
apt-get dist-upgrade -y apt-get dist-upgrade -y
apt-get clean apt-get clean
apt-get autoremove -y apt-get autoremove -y
hostnamectl set-hostname $domain hostnamectl set-hostname $domain
sed -i 's/;preserve_hostname: false/preserve_hostname: true/g' /etc/cloud/cloud.cfg sed -i 's/;preserve_hostname: false/preserve_hostname: true/g' /etc/cloud/cloud.cfg
timedatectl set-timezone Europe/Amsterdam timedatectl set-timezone Europe/Amsterdam
ufw allow OpenSSH ufw allow OpenSSH
ufw allow 443/tcp ufw allow 443/tcp
ufw allow 80/tcp ufw allow 80/tcp
ufw limit ssh ufw limit ssh
echo "y" | sudo ufw enable echo "y" | sudo ufw enable
sed -i 's/#/vm.swappiness=10/g' /etc/sysctl.conf sed -i 's/#/vm.swappiness=10/g' /etc/sysctl.conf
sed -i 's/#/vm.vfs_cache_pressure=50/g' /etc/sysctl.conf sed -i 's/#/vm.vfs_cache_pressure=50/g' /etc/sysctl.conf
#-------------------# #-------------------#
# LAMP # # LAMP #
#-------------------# #-------------------#
install apache2 -y install apache2 -y
apt install mysql-server-5.7 -y apt install mysql-server-5.7 -y
mysql_secure_installation mysql_secure_installation
mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;" mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
mysql -u root -p"$passwd" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$passwd"';" mysql -u root -p"$passwd" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$passwd"';"
mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;" mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;"
mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;" mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
apt install libapache2-mod-php php-fpm php-mysql php-cgi php-common php-pear php-mbstring php-curl php-gd php-intl php-soap php-xml php-xmlrpc php-zip -y apt install libapache2-mod-php php-fpm php-mysql php-cgi php-common php-pear php-mbstring php-curl php-gd php-intl php-soap php-xml php-xmlrpc php-zip -y
cat <<EOF > /etc/apache2/mods-enabled/dir.conf cat <<EOF > /etc/apache2/mods-enabled/dir.conf
<IfModule mod_dir.c> <IfModule mod_dir.c>
DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm
</IfModule> </IfModule>
EOF EOF
systemctl restart apache2 systemctl restart apache2
#systemctl status apache2 #systemctl status apache2
#-------------------# #-------------------#
# VIRTUAL HOST # # VIRTUAL HOST #
#-------------------# #-------------------#
rm /var/www/html rm /var/www/html
mkdir -p /var/www/"$domain"/public_html mkdir -p /var/www/"$domain"/public_html
chmod -R 755 /var/www chmod -R 755 /var/www
cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/"$domain".conf cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/"$domain".conf
cat <<EOF > /etc/apache2/sites-available/"$domain".conf cat <<EOF > /etc/apache2/sites-available/"$domain".conf
<VirtualHost *:80> <VirtualHost *:80>
ServerAdmin $email ServerAdmin $email
ServerName $domain ServerName $domain
ServerAlias www.$domain ServerAlias www.$domain
DocumentRoot /var/www/$domain/public_html DocumentRoot /var/www/$domain/public_html
ErrorLog \${APACHE_LOG_DIR}/error.log ErrorLog \${APACHE_LOG_DIR}/error.log
CustomLog \${APACHE_LOG_DIR}/access.log combined CustomLog \${APACHE_LOG_DIR}/access.log combined
</VirtualHost> </VirtualHost>
EOF EOF
a2ensite $domain.conf a2ensite $domain.conf
a2dissite 000-default.conf a2dissite 000-default.conf
systemctl restart apache2 systemctl restart apache2
#-------------------# #-------------------#
# PHPMYADMIN # # PHPMYADMIN #
#-------------------# #-------------------#
apt-get install phpmyadmin -y apt-get install phpmyadmin -y
ln -s /usr/share/phpmyadmin /var/www/"$domain"/public_html ln -s /usr/share/phpmyadmin /var/www/"$domain"/public_html
systemctl restart php7.2-fpm systemctl restart php7.2-fpm
# Redirect phpmyadmin -> database # Redirect phpmyadmin -> database
cd /var/www/"$domain"/public_html/ cd /var/www/"$domain"/public_html/
ls -l ls -l
mv phpmyadmin database mv phpmyadmin database
#-------------------# #-------------------#
# POSTFIX # # POSTFIX #
#-------------------# #-------------------#
apt install mailutils -y apt install mailutils -y
sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf
sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf
sed -i 's/relayhost =/mydestination = '$domain', localhost.'$domain', '$domain'/g' /etc/postfix/main.cf sed -i 's/relayhost =/mydestination = '$domain', localhost.'$domain', '$domain'/g' /etc/postfix/main.cf
systemctl restart postfix systemctl restart postfix
cat <<EOF > /etc/aliases cat <<EOF > /etc/aliases
# See man 5 aliases for format # See man 5 aliases for format
postmaster: root postmaster: root
root: $email root: $email
EOF EOF
newaliases newaliases
#-------------------# #-------------------#
# NETDATA # # NETDATA #
#-------------------# #-------------------#
bash <(curl -Ss https://my-netdata.io/kickstart.sh) bash <(curl -Ss https://my-netdata.io/kickstart.sh)
ufw allow 19999/tcp ufw allow 19999/tcp
# systemctl stop netdata # systemctl stop netdata
# systemctl disable netdata # systemctl disable netdata
#-------------------# #-------------------#
# MEMCACHED # # MEMCACHED #
# 127.0.0.1:11211 # # 127.0.0.1:11211 #
#-------------------# #-------------------#
#apt-get install memcached -y #apt-get install memcached -y
#systemctl restart memcached #systemctl restart memcached
# systemctl stop memcached # systemctl stop memcached
# systemctl disable memcached # systemctl disable memcached
#-------------------# #-------------------#
# REDIS # # REDIS #
# 127.0.0.1:6379 # # 127.0.0.1:6379 #
#-------------------# #-------------------#
#apt install redis-server -y #apt install redis-server -y
#sed -i 's/supervised no/supervised systemd/g' /etc/redis/redis.conf #sed -i 's/supervised no/supervised systemd/g' /etc/redis/redis.conf
#sed -i 's/# bind 127.0.0.1 ::1/bind 127.0.0.1 ::1/g' /etc/redis/redis.conf #sed -i 's/# bind 127.0.0.1 ::1/bind 127.0.0.1 ::1/g' /etc/redis/redis.conf
#sed -i 's/# requirepass foobared/requirepass '$passwd'/g' /etc/redis/redis.conf #sed -i 's/# requirepass foobared/requirepass '$passwd'/g' /etc/redis/redis.conf
#systemctl restart redis #systemctl restart redis
#systemctl restart redis.service #systemctl restart redis.service
# systemctl stop redis # systemctl stop redis
# systemctl stop redis.service # systemctl stop redis.service
# systemctl disable redis # systemctl disable redis
# systemctl disable redis.service # systemctl disable redis.service
#-------------------# #-------------------#
# CERTBOT # # CERTBOT #
#-------------------# #-------------------#
add-apt-repository ppa:certbot/certbot add-apt-repository ppa:certbot/certbot
apt install python-certbot-apache -y apt install python-certbot-apache -y
ufw allow 443/tcp ufw allow 443/tcp
#certbot --nginx -d $domain -d www.$domain #certbot --nginx -d $domain -d www.$domain
#check certbot auto-renewal -> certbot renew --dry-run #check certbot auto-renewal -> certbot renew --dry-run
#-------------------# #-------------------#
# PHP.ini # # PHP.ini #
#-------------------# #-------------------#
sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' /etc/php/7.2/fpm/php.ini sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/7.2/fpm/php.ini sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/7.2/fpm/php.ini sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=50000/g' /etc/php/7.2/fpm/php.ini sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=50000/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/7.2/fpm/php.ini sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/7.2/fpm/php.ini sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/7.2/fpm/php.ini
sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/7.2/fpm/php.ini sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/7.2/fpm/php.ini
systemctl restart php7.2-fpm.service systemctl restart php7.2-fpm.service
#-------------------# #-------------------#
# MYSQL SETTINGS # # MYSQL SETTINGS #
#-------------------# #-------------------#
cd /etc/mysql cd /etc/mysql
rm /etc/mysql/my.cnf rm /etc/mysql/my.cnf
cat > /etc/mysql/my.cnf <<- "EOF" cat > /etc/mysql/my.cnf <<- "EOF"
# - "/etc/mysql/my.cnf" to set global options, # - "/etc/mysql/my.cnf" to set global options,
[mysqld_safe] [mysqld_safe]
socket = /var/run/mysqld/mysqld.sock socket = /var/run/mysqld/mysqld.sock
nice = 0 nice = 0
[mysqld] [mysqld]
user = mysql user = mysql
pid-file = /var/run/mysqld/mysqld.pid pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock socket = /var/run/mysqld/mysqld.sock
port = 3306 port = 3306
basedir = /usr basedir = /usr
datadir = /var/lib/mysql datadir = /var/lib/mysql
tmpdir = /tmp tmpdir = /tmp
lc-messages-dir = /usr/share/mysql lc-messages-dir = /usr/share/mysql
skip-external-locking skip-external-locking
innodb_buffer_pool_size = 1G # (adjust value here, 50%-70% of total RAM) innodb_buffer_pool_size = 1G # (adjust value here, 50%-70% of total RAM)
innodb_log_file_size = 256M innodb_log_file_size = 256M
innodb_flush_log_at_trx_commit = 1 # may change to 2 or 0 innodb_flush_log_at_trx_commit = 1 # may change to 2 or 0
innodb_flush_method = O_DIRECT innodb_flush_method = O_DIRECT
bind-address = 127.0.0.1 bind-address = 127.0.0.1
key_buffer_size = 16M key_buffer_size = 16M
max_allowed_packet = 16M max_allowed_packet = 16M
thread_stack = 192K thread_stack = 192K
thread_cache_size = 8 thread_cache_size = 8
myisam-recover-options = BACKUP myisam-recover-options = BACKUP
#max_connections = 100 #max_connections = 100
#table_open_cache = 64 #table_open_cache = 64
#thread_concurrency = 10 #thread_concurrency = 10
query_cache_limit = 1M query_cache_limit = 1M
query_cache_size = 16M query_cache_size = 16M
log_error = /var/log/mysql/error.log log_error = /var/log/mysql/error.log
expire_logs_days = 10 expire_logs_days = 10
max_binlog_size = 100M max_binlog_size = 100M
EOF EOF
#-------------------# #-------------------#
# WP - INSTALL # # WP - INSTALL #
#-------------------# #-------------------#
db_name="wp_1" db_name="wp_1"
db_user="wp_1" db_user="wp_1"
db_pass=$(date +%s|sha256sum|base64|head -c 32) db_pass=$(date +%s|sha256sum|base64|head -c 32)
mysql -u root -p"$passwd" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;" mysql -u root -p"$passwd" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
mysql -u root -p"$passwd" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';" mysql -u root -p"$passwd" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';"
mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;" mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;"
cd /tmp cd /tmp
curl -LO https://wordpress.org/latest.tar.gz curl -LO https://wordpress.org/latest.tar.gz
tar xzvf latest.tar.gz tar xzvf latest.tar.gz
cp /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php cp /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php
path="$domain" path="$domain"
cp -a /tmp/wordpress/. /var/www/"$path"/public_html cp -a /tmp/wordpress/. /var/www/"$path"/public_html
chown -R www-data:www-data /var/www/"$path"/public_html chown -R www-data:www-data /var/www/"$path"/public_html
WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -) WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -)
cat <<EOF > /var/www/"$domain"/public_html/wp-config.php cat <<EOF > /var/www/"$domain"/public_html/wp-config.php
<?php <?php
define('DB_NAME', '$db_name'); define('DB_NAME', '$db_name');
define('DB_USER', '$db_user'); define('DB_USER', '$db_user');
define('DB_PASSWORD', '$db_pass'); define('DB_PASSWORD', '$db_pass');
define('DB_HOST', 'localhost'); define('DB_HOST', 'localhost');
define('DB_CHARSET', 'utf8'); define('DB_CHARSET', 'utf8');
define('DB_COLLATE', ''); define('DB_COLLATE', '');
#define( 'WP_SITEURL', '' ); #define( 'WP_SITEURL', '' );
#define( 'WP_HOME', '' ); #define( 'WP_HOME', '' );
#define( 'ALTERNATE_WP_CRON', true ); #define( 'ALTERNATE_WP_CRON', true );
#define('DISABLE_WP_CRON', 'true'); #define('DISABLE_WP_CRON', 'true');
#define('WP_CRON_LOCK_TIMEOUT', 900); #define('WP_CRON_LOCK_TIMEOUT', 900);
#define('AUTOSAVE_INTERVAL', 300); #define('AUTOSAVE_INTERVAL', 300);
define( 'WP_MEMORY_LIMIT', '256M' ); define( 'WP_MEMORY_LIMIT', '256M' );
define( 'DISALLOW_FILE_EDIT', true ); define( 'DISALLOW_FILE_EDIT', true );
#define( 'EMPTY_TRASH_DAYS', 7 ); #define( 'EMPTY_TRASH_DAYS', 7 );
define( 'NOBLOGREDIRECT', 'https://$domain' ); define( 'NOBLOGREDIRECT', 'https://$domain' );
#define( 'FS_CHMOD_DIR', ( 0755 & ~ umask() ) ); #define( 'FS_CHMOD_DIR', ( 0755 & ~ umask() ) );
#define( 'FS_CHMOD_FILE', ( 0644 & ~ umask() ) ); #define( 'FS_CHMOD_FILE', ( 0644 & ~ umask() ) );
#define( 'WP_ALLOW_REPAIR', true ); #define( 'WP_ALLOW_REPAIR', true );
#define( 'FORCE_SSL_ADMIN', true ); #define( 'FORCE_SSL_ADMIN', true );
#define( 'AUTOMATIC_UPDATER_DISABLED', true ); #define( 'AUTOMATIC_UPDATER_DISABLED', true );
#define( 'WP_AUTO_UPDATE_CORE', false ); #define( 'WP_AUTO_UPDATE_CORE', false );
$WPSalts $WPSalts
\$table_prefix = '$db_name'; \$table_prefix = '$db_name';
define('WP_DEBUG', false); define('WP_DEBUG', false);
if ( !defined('ABSPATH') ) if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/'); define('ABSPATH', dirname(__FILE__) . '/');
#\$memcached_servers = array( #\$memcached_servers = array(
# 'default' => array( # 'default' => array(
# '127.0.0.1:11211' # '127.0.0.1:11211'
# ) # )
#); #);
#define('WP_REDIS_HOST', '127.0.0.1'); #define('WP_REDIS_HOST', '127.0.0.1');
#define('WP_REDIS_PASSWORD', '$passwd'); #define('WP_REDIS_PASSWORD', '$passwd');
#define('WP_REDIS_PORT', '6379'); #define('WP_REDIS_PORT', '6379');
require_once(ABSPATH . 'wp-settings.php'); require_once(ABSPATH . 'wp-settings.php');
EOF EOF
#-------------------# #-------------------#
# OPCACHE GUI # # OPCACHE GUI #
#-------------------# #-------------------#
cd /tmp cd /tmp
curl -LO https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php curl -LO https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php
cp /tmp/index.php /tmp/opcache.php cp /tmp/index.php /tmp/opcache.php
cp -a /tmp/opcache.php /var/www/"$domain"/public_html cp -a /tmp/opcache.php /var/www/"$domain"/public_html
cat > /var/www/"$domain"/public_html/info.php <<- "EOF" cat > /var/www/"$domain"/public_html/info.php <<- "EOF"
<?php <?php
phpinfo(); phpinfo();
?> ?>
EOF EOF
#-------------------# #-------------------#
# UPDATE CRON # # UPDATE CRON #
#-------------------# #-------------------#
cd /etc/cron.d cd /etc/cron.d
touch updates touch updates
cat <<EOF > /etc/cron.d/updates cat <<EOF > /etc/cron.d/updates
SHELL=/bin/sh SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# m h dom mon dow command # m h dom mon dow command
0 0 * * * apt-get update -y && apt-get upgrade -y &&apt-get dist-upgrade -y 0 0 * * * apt-get update -y && apt-get upgrade -y &&apt-get dist-upgrade -y
EOF EOF
#-------------------# #-------------------#
# BACKUP CRON # # BACKUP CRON #
#-------------------# #-------------------#
cd /home cd /home
touch backup.sh touch backup.sh
cd /etc/cron.d cd /etc/cron.d
touch backup touch backup
cat <<EOF > /etc/cron.d/backup cat <<EOF > /etc/cron.d/backup
SHELL=/bin/sh SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# m h dom mon dow command # m h dom mon dow command
0 1 * * * /bin/bash /home/backup.sh 0 1 * * * /bin/bash /home/backup.sh
EOF EOF
#-------------------# #-------------------#
# SSL & HTTP/2 # # SSL & HTTP/2 #
#-------------------# #-------------------#
#certbot --nginx -d $domain -d www.$domain #certbot --nginx -d $domain -d www.$domain
#sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain" #sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
#sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain" #sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"
#sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain" #sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"
#Edit voor https, voeg het volgende toe aan $domain-le-ssl.conf tussen DocumentRoot en ErrorLog
#<Directory "/var/www/videoguard.ictmaatwerk.com/public_html">
# Options FollowSymLinks
# AllowOverride All
#
# Order allow,deny
# Allow from all
# </Directory>