Update 'config/nextcloud/nextcloud-config.sh'

cheking if postfix already was installed by the system and if yes it wil be removed to prevent config conflicts

Apache-Installer.sh

@@ -15,24 +15,15 @@
 mkdir -p /var/www/"$domain"/html
 chmod -R 755 /var/www
 
-##--------------------##
-#    Apache + MySQL    #
-##--------------------##
+##------------##
+#    Apache    #
+##------------##
 
-apt install -y apache2 mysql-server
+apt install -y apache2
 if [ $datauser= = 1 ]; then
  source /root/data-user_setup.sh 
 
 fi
-# mysql_secure_installation automated
-mysqladmin -u root password "$password"
-mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')"
-mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User=''"
-mysql -u root -p"$password" -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'"
-mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
-mysql -u root -p"$password" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$password"';"
-mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"
-mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
 cat <<EOF > /etc/apache2/mods-enabled/dir.conf
 <IfModule mod_dir.c>
     DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm
@@ -68,7 +59,7 @@ a2enmod rewrite
 #    PHP    #
 ##---------##
 
-apt install -y libapache2-mod-php php${phpver}-mysql php${phpver}-cgi php${phpver}-common php${phpver}-pear php${phpver}-mbstring php${phpver}-curl php${phpver}-gd php${phpver}-intl php${phpver}-soap php${phpver}-xml php${phpver}-xmlrpc php${phpver}-zip
+apt install -y libapache2-mod-php php${phpver}-mysql php${phpver}-cgi php${phpver}-common php-pear php${phpver}-mbstring php${phpver}-curl php${phpver}-gd php${phpver}-intl php${phpver}-soap php${phpver}-xml php${phpver}-xmlrpc php${phpver}-zip
 
 sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' /etc/php/"$phpver"/apache2/php.ini
 sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/"$phpver"/apache2/php.ini
@@ -79,20 +70,7 @@ sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/"$php
 sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/"$phpver"/apache2/php.ini
 sed -i 's/upload_max_filesize = 2/upload_max_filesize = 128/g' /etc/php/"$phpver"/apache2/php.ini
 sed -i 's/post_max_size = 8/post_max_size = 64/g' /etc/php/"$phpver"/apache2/php.ini
-
-##----------------##
-#    PHPMyAdmin    #
-##----------------##
-
-debconf-set-selections <<< "phpmyadmin phpmyadmin/dbconfig-install boolean true"
-debconf-set-selections <<< "phpmyadmin phpmyadmin/app-password-confirm password $password"
-debconf-set-selections <<< "phpmyadmin phpmyadmin/mysql/admin-pass password $password"
-debconf-set-selections <<< "phpmyadmin phpmyadmin/mysql/app-pass password $passsword"
-debconf-set-selections <<< "phpmyadmin phpmyadmin/reconfigure-webserver multiselect apache2"
-apt install -y phpmyadmin
-# Redirect phpmyadmin -> database
-ln -s /usr/share/phpmyadmin /var/www/"$domain"/html/database
-a2disconf phpmyadmin
+service apache2 restart
 
 ##-------------##
 #    Postfix    #
@@ -160,69 +138,6 @@ elif [ $domainwww = 0 ]; then
     echo "certbot --apache -n -d $domain -m $email --hsts --redirect --no-eff-email --agree-tos" > ~/certbotactivate.sh
 fi
 
-
-
-##---------------##
-#    Wordpress    #
-##---------------##
-
-if [ $wordpress = 1 ]; then
-    db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1`
-    db_name="wp_$db_suffix"
-    db_user="wp_$db_suffix"
-    db_pass=$(date +%s|sha256sum|base64|head -c 32)
-    mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
-    mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';"
-    mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"
-    wget https://wordpress.org/latest.tar.gz -O /tmp/wp.tar.gz
-    tar xzf /tmp/wp.tar.gz -C /tmp
-    mv /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php
-    cp -a /tmp/wordpress/. /var/www/"$domain"/html
-    WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -)
-cat <<EOF > /var/www/"$domain"/html/wp-config.php
-<?php
-define('DB_NAME', '$db_name');
-define('DB_USER', '$db_user');
-define('DB_PASSWORD', '$db_pass');
-define('DB_HOST', 'localhost');
-define('DB_CHARSET', 'utf8');
-define('DB_COLLATE', '');
-#define( 'WP_SITEURL', '' );
-#define( 'WP_HOME', '' );
-#define( 'ALTERNATE_WP_CRON', true );
-#define('DISABLE_WP_CRON', 'true');
-#define('WP_CRON_LOCK_TIMEOUT', 900);
-#define('AUTOSAVE_INTERVAL', 300);
-define( 'WP_MEMORY_LIMIT', '256M' );
-define( 'DISALLOW_FILE_EDIT', true );
-#define( 'EMPTY_TRASH_DAYS', 7 );
-define( 'NOBLOGREDIRECT', 'https://$domain' );
-#define( 'FS_CHMOD_DIR', ( 0755 & ~ umask() ) );
-#define( 'FS_CHMOD_FILE', ( 0644 & ~ umask() ) );
-#define( 'WP_ALLOW_REPAIR', true );
-#define( 'FORCE_SSL_ADMIN', true );
-#define( 'AUTOMATIC_UPDATER_DISABLED', true );
-#define( 'WP_AUTO_UPDATE_CORE', false );
-$WPSalts
-#\$table_prefix = '$db_name';
-\$table_prefix = 'wp';
-
-define('WP_DEBUG', false);
-if ( !defined('ABSPATH') )
-	define('ABSPATH', dirname(__FILE__) . '/');
-
-#\$memcached_servers = array(
-#    'default' => array(
-#        '127.0.0.1:11211'
-#    )
-#);
-#define('WP_REDIS_HOST', '127.0.0.1');
-#define('WP_REDIS_PASSWORD', '$password');
-#define('WP_REDIS_PORT', '6379');
-require_once(ABSPATH . 'wp-settings.php');
-EOF
-fi
-
 ##-----------------##
 #    Opcache GUI    #
 ##-----------------##

Apache_PHP-FPM_Installer.sh

@@ -8,10 +8,10 @@
 ##=============================================================
 
 apachectl stop
-apt install -y php-fpm
+apt install -y php${phpver}-fpm
 a2enmod proxy_fcgi setenvif
-a2enconf php7.2-fpm
-a2dismod php7.2
+a2enconf php${phpver}-fpm
+a2dismod php${phpver}
 a2dismod mpm_prefork
 a2enmod mpm_worker
 apachectl start

Modules/BackendToggle-Scripts/toggle-Netdata_NGINX.sh

@@ -0,0 +1,29 @@
+function usage {
+ echo "Usage: $0 [option...]" >&2
+ echo
+ echo "   -e,    Enable Netdata"
+ echo "   -d,    Disable Netdata"
+ echo
+}
+
+
+if [ -n "$1" ]; then
+
+if [ "$1" = "-d" ]; then
+ echo "Disable Netdata"
+ sed -i '/deny all; #enables\/disables Netdata/c\        deny all; #enables\/disables Netdata' /etc/nginx/sites-available/Backend
+ systemctl stop netdata
+ systemctl disable netdata > /dev/null 2>&1
+ systemctl reload nginx
+elif [ "$1" = "-e" ]; then
+ echo "Enable Netdata"
+ sed -i '/deny all; #enables\/disables Netdata/c\        #deny all; #enables\/disables Netdata' /etc/nginx/sites-available/Backend
+ systemctl start netdata
+ systemctl enable netdata > /dev/null 2>&1
+ systemctl reload nginx
+else
+ usage
+fi
+else
+ usage
+fi

Modules/BackendToggle-Scripts/toggle-PhpMyAdmin_NGINX.sh

@@ -0,0 +1,25 @@
+function usage {
+ echo "Usage: $0 [option...]" >&2
+ echo
+ echo "   -e,    Enable PhpMyadmin"
+ echo "   -d,    Disable PhpMyadmin"
+ echo
+}
+
+
+if [ -n "$1" ]; then
+
+if [ "$1" = "-d" ]; then
+ echo "Disable PhpMyadmin"
+ sed -i '/deny all; #enables\/disables PHPMyadmin/c\        deny all; #enables\/disables PHPMyadmin' /etc/nginx/sites-available/Backend
+ systemctl reload nginx
+elif [ "$1" = "-e" ]; then
+ echo "Enable PhpMyadmin"
+ sed -i '/deny all; #enables\/disables PHPMyadmin/c\        #deny all; #enables\/disables PHPMyadmin' /etc/nginx/sites-available/Backend
+ systemctl reload nginx
+else
+ usage
+fi
+else
+ usage
+fi

NGINX-Installer.sh

@@ -15,9 +15,9 @@
 mkdir -p /var/www/"$domain"/html
 chmod -R 755 /var/www
 
-##-------------------##
-#    NGINX + MySQL    #
-##-------------------##
+##-----------##
+#    NGINX    #
+##-----------##
 
 
 if [ $brotlinginx = 1 ]; then
@@ -50,136 +50,21 @@ if [ $datauser= = 1 ]; then
 fi
 mkdir -p /etc/nginx
 
-apt install -y mysql-server
-# mysql_secure_installation automated
-mysqladmin -u root password "$password"
-mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')"
-mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User=''"
-mysql -u root -p"$password" -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'"
-mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
-mysql -u root -p"$password" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$password"';"
-mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"
-mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
-
 wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nginx/wprocket-nginx.conf -O /etc/nginx/wprocket-nginx.conf 
 
-cat <<EOF > /etc/nginx/sites-available/"$domain"
-#fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=MYAPP:100m max_size=10g inactive=1440m;
-
-upstream netdata {
-    server 127.0.0.1:19999;
-    keepalive 64;
-}
-
-server {
-    listen       80;
-    server_name   www.$domain;
-    return       301 http://$domain\$request_uri;
-}
-
-server {
-    listen 80;
-    listen [::]:80;
-    root /var/www/$domain/html;
-    index index.php index.html index.htm index.nginx-debian.html;
-    server_name $domain;
-    #return 301 \$scheme:/\$domain\$request_uri; Redirect to non-www
-    #return 301 https://domein.nl$request_uri; Redirect to other domain
-
-    #add_header X-Cache "\$upstream_cache_status";
-
-    #netdata here
-    
-    gzip on;
-    gzip_proxied any;
-    gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript image/svg image/svg+xml application/xml image/x-icon;
-    gzip_comp_level 2;
-    gzip_disable "msie6";
-    gzip_buffers 16 8k;
-	
-
-    location / {
-        #try_files \$uri \$uri/ =404;
-        try_files \$uri \$uri/ /index.php\$is_args\$args;
-        #try_files \$uri \$uri/ \$uri.html \$uri.php\$is_args\$query_string;
-    }
-
-    location = /favicon.ico { log_not_found off; access_log off; }
-    location = /robots.txt { log_not_found off; access_log off; allow all; }
-    location ~* \.(css|gif|ico|jpeg|jpg|js|png|svg|webp|eot|otf|woff|woff2|ttf|ogg)\$ {
-        expires max;
-        log_not_found off;
-        add_header Cache-Control "public, no-transform";
-    }
-
-    location ~ \.php\$ {
-        include snippets/fastcgi-php.conf;
-        fastcgi_pass unix:/var/run/php/php$phpver-fpm.sock;
-        #fastcgi_cache MYAPP;
-        #fastcgi_cache_valid 200 302 301 1m;
-        #fastcgi_cache_valid 404 1m;
-        #fastcgi_cache_bypass \$no_cache;
-        #fastcgi_no_cache \$no_cache;
-        #fastcgi_cache_revalidate on;
-        #fastcgi_cache_background_update on;
-        #fastcgi_cache_lock on;
-        #fastcgi_cache_use_stale updating;
-        #fastcgi_buffer_size 128k;
-        #fastcgi_buffers 256 16k;
-        #fastcgi_busy_buffers_size 256k;
-        #fastcgi_temp_file_write_size 256k;
-    }
-
-    location ~ /\.ht {
-        deny all;
-    }
-
-    location /phpmyadmin {
-        index index.php;
-    }
-
-    #Cache everything by default
-    set \$no_cache 0;
-
-    #Don't cache POST requests
-    if (\$request_method = POST) {
-        set \$no_cache 1;
-    }
-
-    #Don't cache if the URL contains a query string
-    if (\$query_string != "") {
-        set \$no_cache 1;
-    }
-
-    #Don't cache the following URLs
-    if (\$request_uri ~* "/(administrator/|login.php)") {
-        set \$no_cache 1;
-    }
-
-    #Don't cache if there is a cookie called PHPSESSID
-    if (\$http_cookie = "PHPSESSID") {
-        set \$no_cache 1;
-    }
-        # Increase bodysize for WP Rocket
-        client_max_body_size 256M;
-        ## Rocket-Nginx configuration
-        #include wprocket-nginx.conf;
-        #Yoast SEO Sitemaps
-        location ~ ([^/]*)sitemap(.*).x(m|s)l$ {
-                ## this rewrites sitemap.xml to /sitemap_index.xml
-                rewrite ^/sitemap.xml$ /sitemap_index.xml permanent;
-                ## this makes the XML sitemaps work
-                rewrite ^/([a-z]+)?-?sitemap.xsl$ /index.php?xsl=$1 last;
-                rewrite ^/sitemap_index.xml$ /index.php?sitemap=1 last;
-                rewrite ^/([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
-
-}
-
-}
-EOF
-
+wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nginx/Default-site-unconfigured -O /etc/nginx/sites-available/"$domain"
+sed -i -e 's/DOMAINname/'$domain'/' -e 's/PHPver/'$phpver'/' /etc/nginx/sites-available/"$domain"
 ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/
 
+
+wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nginx/Backend-unconfigured -O /etc/nginx/sites-available/Backend
+sed -i -e 's/DOMAINname/'$hostname'/' -e 's/PHPver/'$phpver'/' /etc/nginx/sites-available/Backend
+ln -s /etc/nginx/sites-available/Backend /etc/nginx/sites-enabled/
+
+mkdir -p /opt/toggle
+wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/Modules/BackendToggle-Scripts/toggle-Netdata_NGINX.sh -O  /opt/toggle/toggle-Netdata.sh
+wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/Modules/BackendToggle-Scripts/toggle-PhpMyAdmin.sh -O  /opt/toggle/toggle-PhpMyAdmin.sh
+
 ##---------##
 #    PHP    #
 ##---------##
@@ -199,26 +84,14 @@ sed -i 's/post_max_size = 8/post_max_size = 64/g' /etc/php/"$phpver"/fpm/php.ini
 wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nginx/www.confg -O /etc/php/"$phpver"/fpm/pool.d/www.conf
 sed -i 's/'rtag'/'"${phpver}"'/g' /etc/php/"$phpver"/fpm/pool.d/www.conf
 
-
-
-##----------------##
-#    PHPMyAdmin    #
-##----------------##
-
-debconf-set-selections <<< "phpmyadmin phpmyadmin/dbconfig-install boolean true"
-debconf-set-selections <<< "phpmyadmin phpmyadmin/app-password-confirm password $password"
-debconf-set-selections <<< "phpmyadmin phpmyadmin/mysql/admin-pass password $password"
-debconf-set-selections <<< "phpmyadmin phpmyadmin/mysql/app-pass password $passsword"
-debconf-set-selections <<< "phpmyadmin phpmyadmin/reconfigure-webserver multiselect"
-apt install -y phpmyadmin
-# Redirect phpmyadmin -> database
-ln -s /usr/share/phpmyadmin /var/www/"$domain"/database
-
 ##-------------##
 #    Postfix    #
 ##-------------##
 
-debconf-set-selections <<< "postfix postfix/mailname string $hostname"
+#cheking if postfix already was installed by the system and if yes it wil be removed to prevent config conflicts
+if dpkg-query -Wf'${db:Status-abbrev}' postfix 2>/dev/null | grep -q '^i'; then apt purge -y postfix; fi
+
+debconf-set-selections <<< "postfix postfix/mailname string $domain"
 debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"
 apt install -y mailutils
 sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf
@@ -237,8 +110,6 @@ newaliases
 
     apt install -y netdata
     sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/g' /etc/netdata/health_alarm_notify.conf
-    ufw allow 19999/tcp
-    sed -i 's+#netdata here+location = /netdata {\n        return 301 /netdata/;\n    }\n\n    location ~ /netdata/(?<ndpath>.*) {\n        proxy_redirect off;\n        proxy_set_header Host \$host;\n        proxy_set_header X-Forwarded-Host \$host;\n        proxy_set_header X-Forwarded-Server \$host;\n        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;\n        proxy_http_version 1.1;\n        proxy_pass_request_headers on;\n        proxy_set_header Connection "keep-alive";\n        proxy_store off;\n        proxy_pass http://netdata/\$ndpath\$is_args\$args;\n    }+g' /etc/nginx/sites-available/"$domain"
     systemctl stop netdata
     systemctl disable netdata
 
@@ -268,68 +139,6 @@ if [ $redis = 1 ]; then
     # systemctl disable redis
 fi
 
-
-##---------------##
-#    Wordpress    #
-##---------------##
-
-if [ $wordpress = 1 ]; then
-    db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1`
-    db_name="wp_$db_suffix"
-    db_user="wp_$db_suffix"
-    db_pass=$(date +%s|sha256sum|base64|head -c 32)
-    mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
-    mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';"
-    mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"
-    wget https://wordpress.org/latest.tar.gz -O /tmp/wp.tar.gz
-    tar xzvf /tmp/wp.tar.gz -C /tmp
-    mv /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php
-    cp -a /tmp/wordpress/. /var/www/"$domain"/html
-    WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -)
-cat <<EOF > /var/www/"$domain"/html/wp-config.php
-<?php
-define('DB_NAME', '$db_name');
-define('DB_USER', '$db_user');
-define('DB_PASSWORD', '$db_pass');
-define('DB_HOST', 'localhost');
-define('DB_CHARSET', 'utf8');
-define('DB_COLLATE', '');
-#define( 'WP_SITEURL', '' );
-#define( 'WP_HOME', '' );
-#define( 'ALTERNATE_WP_CRON', true );
-#define('DISABLE_WP_CRON', 'true');
-#define('WP_CRON_LOCK_TIMEOUT', 900);
-#define('AUTOSAVE_INTERVAL', 300);
-define( 'WP_MEMORY_LIMIT', '256M' );
-define( 'DISALLOW_FILE_EDIT', true );
-#define( 'EMPTY_TRASH_DAYS', 7 );
-define( 'NOBLOGREDIRECT', 'https://$domain' );
-#define( 'FS_CHMOD_DIR', ( 0755 & ~ umask() ) );
-#define( 'FS_CHMOD_FILE', ( 0644 & ~ umask() ) );
-#define( 'WP_ALLOW_REPAIR', true );
-#define( 'FORCE_SSL_ADMIN', true );
-#define( 'AUTOMATIC_UPDATER_DISABLED', true );
-#define( 'WP_AUTO_UPDATE_CORE', false );
-$WPSalts
-#\$table_prefix = '$db_name';
-\$table_prefix = 'wp';
-
-define('WP_DEBUG', false);
-if ( !defined('ABSPATH') )
-	define('ABSPATH', dirname(__FILE__) . '/');
-
-#\$memcached_servers = array(
-#    'default' => array(
-#        '127.0.0.1:11211'
-#    )
-#);
-#define('WP_REDIS_HOST', '127.0.0.1');
-#define('WP_REDIS_PASSWORD', '$password');
-#define('WP_REDIS_PORT', '6379');
-require_once(ABSPATH . 'wp-settings.php');
-EOF
-fi
-
 ##---------------##
 #    Nextcloud    #
 ##---------------##
@@ -353,6 +162,7 @@ elif [ $domainwww = 0 ]; then
     certbot --nginx -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
     echo "certbot --nginx -n -d $domain -m $email --hsts --redirect --no-eff-email --agree-tos" > ~/certbotactivate.sh
 fi
+echo "certbot --nginx -n -d $hostname -m $email --hsts --redirect --no-eff-email --agree-tos" > ~/backend_certbotactivate.sh
 sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
 sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"
 sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"

README.md

@@ -3,6 +3,15 @@
 wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/installer.sh
 bash installer.sh
 ```
+
+**To enable logging for the installer use the folowing command**:
+```
+wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/installer.sh
+bash installer.sh 2>&1 | tee ~/output.log 
+```
+
+### Notice, SSH Port has been set 4242
+
 #### To set Netdata to monitor plugins:
 Reinstall netdata manualy
 ```
@@ -10,6 +19,15 @@ apt install curl
 bash <(curl -Ss https://my-netdata.io/kickstart-static64.sh)
 ```
 
+#### This script uses the folowing repo's as dependencies:
+```
+* VPS-scripts/Ubuntu-Backup
+* VPS-scripts/Ubuntu-Cockpit
+* VPS-scripts/Ubuntu-FTP
+* VPS-scripts/Ubuntu-MySQL
+```
+
+
 ###### Nginx Brotli donwload
 https://git.ictmaatwerk.com/deb/nginx-brotli/
 

config/WordPress-Bare-Config.php

@@ -0,0 +1,42 @@
+<?php
+define('DB_NAME', 'DBName');
+define('DB_USER', 'DBUser');
+define('DB_PASSWORD', 'DBPass');
+define('DB_HOST', 'localhost');
+define('DB_CHARSET', 'utf8');
+define('DB_COLLATE', '');
+#define( 'WP_SITEURL', '' );
+#define( 'WP_HOME', '' );
+#define( 'ALTERNATE_WP_CRON', true );
+#define('DISABLE_WP_CRON', 'true');
+#define('WP_CRON_LOCK_TIMEOUT', 900);
+#define('AUTOSAVE_INTERVAL', 300);
+define( 'WP_MEMORY_LIMIT', '256M' );
+define( 'DISALLOW_FILE_EDIT', true );
+#define( 'EMPTY_TRASH_DAYS', 7 );
+define( 'NOBLOGREDIRECT', 'https://DOMAINname' );
+define('FS_METHOD','direct');
+#define( 'FS_CHMOD_DIR', ( 0755 & ~ umask() ) );
+#define( 'FS_CHMOD_FILE', ( 0644 & ~ umask() ) );
+#define( 'WP_ALLOW_REPAIR', true );
+#define( 'FORCE_SSL_ADMIN', true );
+#define( 'AUTOMATIC_UPDATER_DISABLED', true );
+#define( 'WP_AUTO_UPDATE_CORE', false );
+#$table_prefix = 'DBName';
+$table_prefix = 'wp';
+
+WPsalty
+
+define('WP_DEBUG', false);
+if ( !defined('ABSPATH') )
+	define('ABSPATH', dirname(__FILE__) . '/');
+
+#$memcached_servers = array(
+#    'default' => array(
+#        '127.0.0.1:11211'
+#    )
+#);
+#define('WP_REDIS_HOST', '127.0.0.1');
+#define('WP_REDIS_PASSWORD', '<RedisPassword>');
+#define('WP_REDIS_PORT', '6379');
+require_once(ABSPATH . 'wp-settings.php');

config/nextcloud/nextcloud-config.sh

@@ -1,14 +1,15 @@
 apt install -y libmagickcore-6.q16-3-extra
 wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nextcloud/php-fpm.ini -O /etc/php/"$phpver"/fpm/php.ini
 cd /tmp
-db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1`
+db_suffix=`expr $(ls -l /var/www | grep -c ^d)`
 db_name="nextcloud_$db_suffix"
 db_user="nextcloud_$db_suffix"
 db_pass=$(date +%s|sha256sum|base64|head -c 32)
 mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
-mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';"
+mysql -u root -p"$password" -e "CREATE USER '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';"
+mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost';"
 mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"
-wget https://download.nextcloud.com/server/releases/latest-15.tar.bz2 -O /tmp/nextcloud.tar.bz2
+wget https://download.nextcloud.com/server/releases/latest-18.tar.bz2 -O /tmp/nextcloud.tar.bz2
 tar jxf /tmp/nextcloud.tar.bz2 -C /tmp
 cp -a /tmp/nextcloud/. /var/www/"$domain"/html
 

config/nginx/Backend-unconfigured

@@ -0,0 +1,41 @@
+server {
+    listen 80;
+    root /var/www/html;
+    index index.php index.html;
+    server_name DOMAINname;
+
+    location = /backend/netdata {
+            return 301 /backend/netdata/;
+        }
+
+    location ~ /backend/netdata/(?<ndpath>.*) {
+        deny all; #enables/disables Netdata
+        proxy_redirect off;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Server $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_http_version 1.1;
+        proxy_pass_request_headers on;
+        proxy_set_header Connection "keep-alive";
+        proxy_store off;
+        proxy_pass http://127.0.0.1:19999/$ndpath$is_args$args;
+    }
+
+    location /backend/database {
+        #deny all; #enables/disables PHPMyadmin
+        alias /usr/share/phpmyadmin;
+        location ~ \.php$ {
+            include fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME $request_filename;
+            fastcgi_split_path_info ^(.+\.php)(/.+)$;
+            fastcgi_pass unix:/var/run/php/phpPHPver-fpm.sock;
+            fastcgi_index index.php;
+        }
+    }
+    
+    location ~ /\.ht {
+        deny all;
+    }
+
+}

config/nginx/Default-site-unconfigured

@@ -0,0 +1,101 @@
+#fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=MYAPP:100m max_size=10g inactive=1440m;
+
+server {
+    listen       80;
+    server_name   www.DOMAINname;
+    return       301 http://DOMAINname$request_uri;
+}
+
+server {
+    listen 80;
+    listen [::]:80;
+    root /var/www/DOMAINname/html;
+    index index.php index.html index.htm index.nginx-debian.html;
+    server_name DOMAINname;
+    #return 301 $scheme:/$domain$request_uri; Redirect to non-www
+    #return 301 https://domein.nl; Redirect to other domain
+
+    #add_header X-Cache "$upstream_cache_status";
+
+    gzip on;
+    gzip_proxied any;
+    gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript image/svg image/svg+xml application/xml image/x-icon;
+    gzip_comp_level 2;
+    gzip_disable "msie6";
+    gzip_buffers 16 8k;
+	
+
+    location / {
+        #try_files $uri $uri/ =404;
+        try_files $uri $uri/ /index.php$is_args$args;
+        #try_files $uri $uri/ $uri.html $uri.php$is_args$query_string;
+    }
+
+    location = /favicon.ico { log_not_found off; access_log off; }
+    location = /robots.txt { log_not_found off; access_log off; allow all; }
+    location ~* \.(css|gif|ico|jpeg|jpg|js|png|svg|webp|eot|otf|woff|woff2|ttf|ogg)$ {
+        expires max;
+        log_not_found off;
+        add_header Cache-Control "public, no-transform";
+    }
+
+    location ~ \.php$ {
+        include snippets/fastcgi-php.conf;
+        fastcgi_pass unix:/var/run/php/phpPHPver-fpm.sock;
+        #fastcgi_cache MYAPP;
+        #fastcgi_cache_valid 200 302 301 1m;
+        #fastcgi_cache_valid 404 1m;
+        #fastcgi_cache_bypass $no_cache;
+        #fastcgi_no_cache $no_cache;
+        #fastcgi_cache_revalidate on;
+        #fastcgi_cache_background_update on;
+        #fastcgi_cache_lock on;
+        #fastcgi_cache_use_stale updating;
+        #fastcgi_buffer_size 128k;
+        #fastcgi_buffers 256 16k;
+        #fastcgi_busy_buffers_size 256k;
+        #fastcgi_temp_file_write_size 256k;
+    }
+
+    location ~ /\.ht {
+        deny all;
+    }
+
+    #Cache everything by default
+    set $no_cache 0;
+
+    #Don't cache POST requests
+    if ($request_method = POST) {
+        set $no_cache 1;
+    }
+
+    #Don't cache if the URL contains a query string
+    if ($query_string != "") {
+        set $no_cache 1;
+    }
+
+    #Don't cache the following URLs
+    if ($request_uri ~* "/(administrator/|login.php)") {
+        set $no_cache 1;
+    }
+
+    #Don't cache if there is a cookie called PHPSESSID
+    if ($http_cookie = "PHPSESSID") {
+        set $no_cache 1;
+    }
+        # Increase bodysize for WP Rocket
+        client_max_body_size 256M;
+        ## Rocket-Nginx configuration
+        #include wprocket-nginx.conf;
+        #Yoast SEO Sitemaps
+        location ~ ([^/]*)sitemap(.*).x(m|s)l$ {
+                ## this rewrites sitemap.xml to /sitemap_index.xml
+                rewrite ^/sitemap.xml$ /sitemap_index.xml permanent;
+                ## this makes the XML sitemaps work
+                rewrite ^/([a-z]+)?-?sitemap.xsl$ /index.php?xsl= last;
+                rewrite ^/sitemap_index.xml$ /index.php?sitemap=1 last;
+                rewrite ^/([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?sitemap=&sitemap_n= last;
+
+}
+
+}

config/nginx/Gitea-unconfigured

@@ -0,0 +1,14 @@
+server {
+    server_name DOMAINname;
+    client_max_body_size 40M;
+    listen 80 ;
+
+    location / {
+        proxy_pass http://localhost:3000;
+	proxy_hide_header X-Frame-Options;
+    }
+    
+    location /.well-known {
+        alias /var/www/DOMAINname/.well-known;
+    }
+}

config/nginx/ICTM_BCMS-site-unconfigured

@@ -0,0 +1,62 @@
+
+server {
+    listen       80;
+    server_name   www.DOMAINname;
+    return       301 http://DOMAINname$request_uri;
+}
+
+server {
+    listen 80;
+    listen [::]:80;
+    
+    index index.php index.html index.htm index.nginx-debian.html;
+    server_name DOMAINname;
+    gzip on;
+    gzip_proxied any;
+    gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript image/svg image/svg+xml application/xml image/x-icon;
+    gzip_comp_level 2;
+    gzip_disable "msie6";
+    gzip_buffers 16 8k;
+    
+    location ~* (.*) {
+            root /var/www/DOMAINname/html/public;
+            try_files $1 @app_index;
+    }
+
+    location @app_index {
+            root /var/www/DOMAINname/html/public;
+            fastcgi_pass unix:/run/php/phpPHPver-fpm.sock;
+            fastcgi_index  index.php;
+            include        fastcgi_params;
+            fastcgi_param  SCRIPT_FILENAME $document_root/index.php;
+            fastcgi_param  SCRIPT_NAME /index.php;
+    }
+
+    location ~ /\.ht {
+        deny all;
+    }
+
+
+    #Cache everything by default
+    set $no_cache 0;
+
+    #Don't cache POST requests
+    if ($request_method = POST) {
+        set $no_cache 1;
+    }
+
+    #Don't cache if the URL contains a query string
+    if ($query_string != "") {
+        set $no_cache 1;
+    }
+
+    #Don't cache the following URLs
+    if ($request_uri ~* "/(administrator/|login.php)") {
+        set $no_cache 1;
+    }
+
+    #Don't cache if there is a cookie called PHPSESSID
+    if ($http_cookie = "PHPSESSID") {
+        set $no_cache 1;
+    }
+}

config/nginx/nginx-default.conf

@@ -28,11 +28,16 @@ http {
 	include /etc/nginx/mime.types;
 	default_type text/html;
 
-	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+	ssl_protocols TLSv1.3 TLSv1.2;
 	ssl_prefer_server_ciphers on;
-    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
     ssl_session_cache shared:SSL:20m;
     ssl_session_timeout 180m;
+    ssl_ecdh_curve secp384r1;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+	add_header X-Frame-Options sameorigin;
+    add_header X-Content-Type-Options nosniff;
+    add_header X-Xss-Protection "1; mode=block";
 
     #access_log /var/log/nginx/access.log;
     access_log off;

config/phpmyadmin/config.footer.inc.php

@@ -1,8 +0,0 @@
-<?php
-/**
- * Debian local configuration file
- *
- * In this file you may add PHP or HTML statements that will be used to define
- * the footer for phpMyAdmin pages.
- */
-

config/phpmyadmin/config.header.inc.php

@@ -1,8 +0,0 @@
-<?php
-/**
- * Debian local configuration file
- *
- * In this file you may add PHP or HTML statements that will be used to define
- * the header for phpMyAdmin pages.
- */
-

config/phpmyadmin/config.inc.php

@@ -1,169 +0,0 @@
-<?php
-/**
- * Debian local configuration file
- *
- * This file overrides the settings made by phpMyAdmin interactive setup
- * utility.
- *
- * For example configuration see
- *   /usr/share/doc/phpmyadmin/examples/config.sample.inc.php
- * or
- *   /usr/share/doc/phpmyadmin/examples/config.manyhosts.inc.php
- *
- * NOTE: do not add security sensitive data to this file (like passwords)
- * unless you really know what you're doing. If you do, any user that can
- * run PHP or CGI on your webserver will be able to read them. If you still
- * want to do this, make sure to properly secure the access to this file
- * (also on the filesystem level).
- */
-
-if (!function_exists('check_file_access')) {
-    function check_file_access($path)
-    {
-        if (is_readable($path)) {
-            return true;
-        } else {
-            error_log(
-                'phpmyadmin: Failed to load ' . $path
-                . ' Check group www-data has read access and open_basedir restrictions.'
-            );
-            return false;
-        }
-    }
-}
-
-// Load secret generated on postinst
-if (check_file_access('/var/lib/phpmyadmin/blowfish_secret.inc.php')) {
-    require('/var/lib/phpmyadmin/blowfish_secret.inc.php');
-}
-
-// Load autoconf local config
-if (check_file_access('/var/lib/phpmyadmin/config.inc.php')) {
-    require('/var/lib/phpmyadmin/config.inc.php');
-}
-
-/**
- * Server(s) configuration
- */
-$i = 0;
-// The $cfg['Servers'] array starts with $cfg['Servers'][1].  Do not use $cfg['Servers'][0].
-// You can disable a server config entry by setting host to ''.
-$i++;
-
-/**
- * Read configuration from dbconfig-common
- * You can regenerate it using: dpkg-reconfigure -plow phpmyadmin
- */
-if (check_file_access('/etc/phpmyadmin/config-db.php')) {
-    require('/etc/phpmyadmin/config-db.php');
-}
-
-/* Configure according to dbconfig-common if enabled */
-if (!empty($dbname)) {
-    /* Authentication type */
-    $cfg['Servers'][$i]['auth_type'] = 'cookie';
-    /* Server parameters */
-    if (empty($dbserver)) $dbserver = 'localhost';
-    $cfg['Servers'][$i]['host'] = $dbserver;
-
-    if (!empty($dbport) || $dbserver != 'localhost') {
-        $cfg['Servers'][$i]['connect_type'] = 'tcp';
-        $cfg['Servers'][$i]['port'] = $dbport;
-    }
-    //$cfg['Servers'][$i]['compress'] = false;
-    /* Select mysqli if your server has it */
-    $cfg['Servers'][$i]['extension'] = 'mysqli';
-    /* Optional: User for advanced features */
-    $cfg['Servers'][$i]['controluser'] = $dbuser;
-    $cfg['Servers'][$i]['controlpass'] = $dbpass;
-    /* Optional: Advanced phpMyAdmin features */
-    $cfg['Servers'][$i]['pmadb'] = $dbname;
-    $cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
-    $cfg['Servers'][$i]['relation'] = 'pma__relation';
-    $cfg['Servers'][$i]['table_info'] = 'pma__table_info';
-    $cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
-    $cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
-    $cfg['Servers'][$i]['column_info'] = 'pma__column_info';
-    $cfg['Servers'][$i]['history'] = 'pma__history';
-    $cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
-    $cfg['Servers'][$i]['tracking'] = 'pma__tracking';
-    $cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
-    $cfg['Servers'][$i]['recent'] = 'pma__recent';
-    $cfg['Servers'][$i]['favorite'] = 'pma__favorite';
-    $cfg['Servers'][$i]['users'] = 'pma__users';
-    $cfg['Servers'][$i]['usergroups'] = 'pma__usergroups';
-    $cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';
-    $cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches';
-    $cfg['Servers'][$i]['central_columns'] = 'pma__central_columns';
-    $cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings';
-    $cfg['Servers'][$i]['export_templates'] = 'pma__export_templates';
-
-    /* Uncomment the following to enable logging in to passwordless accounts,
-     * after taking note of the associated security risks. */
-    // $cfg['Servers'][$i]['AllowNoPassword'] = TRUE;
-
-    /* Advance to next server for rest of config */
-    $i++;
-}
-
-/* Authentication type */
-//$cfg['Servers'][$i]['auth_type'] = 'cookie';
-/* Server parameters */
-//$cfg['Servers'][$i]['host'] = 'localhost';
-//$cfg['Servers'][$i]['connect_type'] = 'tcp';
-//$cfg['Servers'][$i]['compress'] = false;
-/* Uncomment the following to enable logging in to passwordless accounts,
- * after taking note of the associated security risks. */
-// $cfg['Servers'][$i]['AllowNoPassword'] = TRUE;
-
-/**
- * phpMyAdmin configuration storage settings.
- */
-
-/* User used to manipulate with storage */
-// $cfg['Servers'][$i]['controlhost'] = '';
-// $cfg['Servers'][$i]['controlport'] = '';
-// $cfg['Servers'][$i]['controluser'] = 'pma';
-// $cfg['Servers'][$i]['controlpass'] = 'pmapass';
-
-/* Storage database and tables */
-// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
-// $cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
-// $cfg['Servers'][$i]['relation'] = 'pma__relation';
-// $cfg['Servers'][$i]['table_info'] = 'pma__table_info';
-// $cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
-// $cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
-// $cfg['Servers'][$i]['column_info'] = 'pma__column_info';
-// $cfg['Servers'][$i]['history'] = 'pma__history';
-// $cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
-// $cfg['Servers'][$i]['tracking'] = 'pma__tracking';
-// $cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
-// $cfg['Servers'][$i]['recent'] = 'pma__recent';
-// $cfg['Servers'][$i]['favorite'] = 'pma__favorite';
-// $cfg['Servers'][$i]['users'] = 'pma__users';
-// $cfg['Servers'][$i]['usergroups'] = 'pma__usergroups';
-// $cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';
-// $cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches';
-// $cfg['Servers'][$i]['central_columns'] = 'pma__central_columns';
-// $cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings';
-// $cfg['Servers'][$i]['export_templates'] = 'pma__export_templates';
-/* Contrib / Swekey authentication */
-// $cfg['Servers'][$i]['auth_swekey_config'] = '/etc/swekey-pma.conf';
-
-/*
- * End of servers configuration
- */
-
-/*
- * Directories for saving/loading files from server
- */
-$cfg['UploadDir'] = '';
-$cfg['SaveDir'] = '';
-
-/* Support additional configurations */
-foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename)
-{
-    include($filename);
-}
-
-

config/phpmyadmin/vendor_config.php

@@ -1,80 +0,0 @@
-<?php
-/* vim: set expandtab sw=4 ts=4 sts=4: */
-/**
- * File for vendor customisation, you can change here paths or some behaviour,
- * which vendors such as Linux distributions might want to change.
- *
- * For changing this file you should know what you are doing. For this reason
- * options here are not part of normal configuration.
- *
- * @package PhpMyAdmin
- */
-if (! defined('PHPMYADMIN')) {
-    exit;
-}
-
-/**
- * Path to vendor autoload file. Useful when you want to
- * have have vendor dependencies somewhere else.
- */
-define('AUTOLOAD_FILE', './vendor/autoload.php');
-
-/**
- * Directory where cache files are stored.
- */
-define('TEMP_DIR', '/var/lib/phpmyadmin/tmp/');
-
-/**
- * Path to changelog file, can be gzip compressed. Useful when you want to
- * have documentation somewhere else, eg. /usr/share/doc.
- */
-define('CHANGELOG_FILE', './ChangeLog');
-
-/**
- * Path to license file. Useful when you want to have documentation somewhere
- * else, eg. /usr/share/doc.
- */
-define('LICENSE_FILE', './LICENSE');
-
-/**
- * Directory where SQL scripts to create/upgrade configuration storage reside.
- */
-define('SQL_DIR', './sql/');
-
-/**
- * Directory where configuration files are stored.
- * It is not used directly in code, just a convenient
- * define used further in this file.
- */
-define('CONFIG_DIR', '/etc/phpmyadmin/');
-
-/**
- * Filename of a configuration file.
- */
-define('CONFIG_FILE', CONFIG_DIR . 'config.inc.php');
-
-/**
- * Filename of custom header file.
- */
-define('CUSTOM_HEADER_FILE', CONFIG_DIR . 'config.header.inc.php');
-
-/**
- * Filename of custom footer file.
- */
-define('CUSTOM_FOOTER_FILE', CONFIG_DIR . 'config.footer.inc.php');
-
-/**
- * Default value for check for version upgrades.
- */
-define('VERSION_CHECK_DEFAULT', true);
-
-/**
- * Path to files with compiled locales (*.mo)
- */
-define('LOCALE_PATH', './locale/');
-
-/**
- * Avoid referring to nonexistent files (causes warnings when open_basedir
- * is used)
- */
-define('K_PATH_IMAGES', '');

installer.sh

@@ -49,14 +49,36 @@ echo "Administrator email:"
 read email
 echo "Webserver:"
 PS3='Keuze:'
-options=("Apache" "Nginx proxy" "Nginx proxy & standalone" "Nginx, PHP-FPM" "Quit")
+options=("Nginx, PHP-FPM" "Apache" "Other" "Quit")
 select opt in "${options[@]}"
 do
     case $opt in
+        "Nginx, PHP-FPM")
+        	webserv=n
+        	newsql=1
+            script=https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/NGINX-Installer.sh
+            break;;
         "Apache")
             webserv=a
+            newsql=1
             script=https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/Apache-Installer.sh
             break;;
+        "Other")
+        	webserv=o
+            break;;
+        "Quit")
+            exit;;
+        *) echo "Fout commando $REPLY";;
+    esac
+done
+
+
+if [ $webserv = o ]; then
+PS3='Keuze:'
+options=( "Nginx proxy" "Nginx proxy & standalone")
+select opt in "${options[@]}"
+do
+    case $opt in
         "Nginx proxy")
         	webserv=np
             script=https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/RevProxySimple.sh
@@ -65,38 +87,11 @@ do
         	webserv=nps
             script=https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/RevProxyAdvanced.sh
             break;;
-        "Nginx, PHP-FPM")
-        	webserv=n
-            script=https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/NGINX-Installer.sh
-            break;;
-        "Quit")
-            exit;;
         *) echo "Fout commando $REPLY";;
     esac
 done
+fi
 
-while true; do
-    read -p "Password login uit zetten -> yes/no?" yn
-    case $yn in
-        [Yy]* ) sshkey=1
-        break;;
-        [Nn]* ) sshkey=0
-        break;;
-        * ) echo "Kies yes of no.";;
-    esac
-done
-
-while true; do
-    read -p "Enable per-domain data user-> yes/no?" yn
-    case $yn in
-        [Yy]* ) datauser=1
-        wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-FTP/raw/branch/master/data-user_setup.sh -O /root/data-user_setup.sh
-        break;;
-        [Nn]* ) datauser=0
-        break;;
-        * ) echo "Choose yes or no.";;
-    esac
-done
 
 if [ $webserv = n ]; then
     while true; do
@@ -124,7 +119,28 @@ else
     nextcloud=0
 fi
 
-cockpit=1
+while true; do
+    read -p "Password login uit zetten -> yes/no?" yn
+    case $yn in
+        [Yy]* ) sshkey=1
+        break;;
+        [Nn]* ) sshkey=0
+        break;;
+        * ) echo "Kies yes of no.";;
+    esac
+done
+
+while true; do
+    read -p "Enable per-domain data user-> yes/no?" yn
+    case $yn in
+        [Yy]* ) datauser=1
+        wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-FTP/raw/branch/master/data-user_setup.sh -O /root/data-user_setup.sh
+        break;;
+        [Nn]* ) datauser=0
+        break;;
+        * ) echo "Choose yes or no.";;
+    esac
+done
 
 while true; do
     read -p "Installeer Memcached -> yes/no?" yn
@@ -164,6 +180,9 @@ done
 ##-----------------##
 
 phpver=7.3
+sqlver=8.0 #or 5.7
+cockpit=1
+PHPMyadmin=1
 
 ##----------------##
 #    Pre-Config    #
@@ -175,16 +194,19 @@ then
    mkdir ~/.ssh
 fi
 echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOtJ4ZiLi+SntA3m54oEJjlA8bE73gggkhGjOaVHsLNo6YmKtZlPaxwWiGvoATv4Vm41WWxKbUWbYGHVTe8DusqKpf/JCgB1r/8rQe828qwaEGXWGxta1Ykq+ndDeBLFGhVp0nNdcnND5HIwarEW4zhBDXUMzYw7IBxPYb48tVIobs/yPN6nSWT2G8FX7XDJNifS+ThVLnCHHS3i/uio8b8jz1oT2s6UH09EBwxg99+0yVaSQV2q8CthDZ8rSgz8pAhQ6FwVfUd9c/PQjtbUSQStvKvr3muv5Q8UnzAvKiO83rsM91aDwv0E6kqpB77BrkpfQXOJNDmdqlnsa2AlkL ICTMaatwerk@Key" >> ~/.ssh/authorized_keys
+sed -i '/Port 22/c\Port 4242' /etc/ssh/sshd_config
+service sshd restart
 echo "root:$password" | chpasswd
 cd /tmp
 #mv /boot/grub/menu.lst /boot/grub/menu.lst.bck
+apt update #to avoid apt being unable to install software-properties-common
 apt install -y software-properties-common
 add-apt-repository -y ppa:certbot/certbot
 add-apt-repository -y ppa:ondrej/php
 apt update
 apt upgrade -y
 apt dist-upgrade -y
-apt install -y rsync grsync sshpass
+apt install -y rsync sshpass
 apt clean
 apt autoremove -y
 hostnamectl set-hostname $hostname
@@ -205,10 +227,10 @@ sed -i 's/#/vm.vfs_cache_pressure=50/g' /etc/sysctl.conf
 sed -i 's/IPV6=yes/IPV6=no/g'   /etc/default/ufw
 sed -i "\$a0 3 * * 1 root apt update >/dev/null 2>&1&& apt upgrade -y >/dev/null 2>&1" /etc/crontab
 systemctl restart cron
-ufw allow OpenSSH
 ufw allow 443/tcp
 ufw allow 80/tcp
-ufw limit ssh
+ufw limit 4242/tcp
+
 echo "y" | ufw enable
 
 mkdir /root/.ssh
@@ -219,56 +241,23 @@ apt install fail2ban -y
 #    Install Phase    #
 ##-------------------##
 
-echo "****************************"
-sleep 0.5
-echo "Installatie duurt 5 minuten."
-sleep 0.5
-echo "****************************"
+##-----------##
+#    MySQL    #
+##-----------##
+
+
+if [ $newsql = 1 ]; then
+    wget https://git.ictmaatwerk.com/VPS-scripts/MySQL/raw/branch/master/mysql-${sqlver}.sh -O Mysql-Installer.sh
+    source Mysql-Installer.sh
+fi
+
+##---------------##
+#    Webserver    #
+##---------------##
 
 wget $script -O Ubuntu-Web_Installer.sh
 source Ubuntu-Web_Installer.sh
-
-##------------------##
-#    MySQL Config    #
-##------------------##
-
-rm /etc/mysql/my.cnf
-cat > /etc/mysql/my.cnf <<- "EOF"
-# - "/etc/mysql/my.cnf" to set global options,
-[mysqld_safe]
-socket		= /var/run/mysqld/mysqld.sock
-nice		= 0
-
-[mysqld]
-user		= mysql
-pid-file	= /var/run/mysqld/mysqld.pid
-socket		= /var/run/mysqld/mysqld.sock
-port		= 3306
-basedir		= /usr
-datadir		= /var/lib/mysql
-tmpdir		= /tmp
-lc-messages-dir	= /usr/share/mysql
-skip-external-locking
-
-innodb_buffer_pool_size = 1G # (adjust value here, 50%-70% of total RAM)
-innodb_log_file_size = 256M
-innodb_flush_log_at_trx_commit = 1 # may change to 2 or 0
-innodb_flush_method = O_DIRECT
-bind-address		= 127.0.0.1
-key_buffer_size		= 16M
-max_allowed_packet	= 16M
-thread_stack		= 192K
-thread_cache_size       = 8
-myisam-recover-options  = BACKUP
-#max_connections        = 100
-#table_open_cache       = 64
-#thread_concurrency     = 10
-query_cache_limit	= 1M
-query_cache_size        = 16M
-log_error = /var/log/mysql/error.log
-expire_logs_days	= 10
-max_binlog_size   = 100M
-EOF
+ln -s /usr/share/phpmyadmin /var/www/"$domain"/database
 
 ##-------------##
 #    Cockpit    #
@@ -279,17 +268,32 @@ if [ $cockpit = 1 ]; then
     source Slave-Installer.sh
 fi
 
-
-
 if [ $sshkey = 1 ]; then
 	sed -i 's/PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
 fi
 
-##------------------------##
-#    PHP-Myadmin update    #
-##------------------------##
+##---------------##
+#    Wordpress    #
+##---------------##
 
-bash <(curl -s https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/PHPMyAdmin_Updater.sh)
+if [ $wordpress = 1 ]; then
+    db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1`
+    db_name="wp_$db_suffix"
+    db_user="wp_$db_suffix"
+    db_pass=$(date +%s|sha256sum|base64|head -c 32)
+    WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -)
+    mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
+    mysql -u root -p"$password" -e "CREATE USER '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';"
+    mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost';"
+    mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"
+    wget https://wordpress.org/latest.tar.gz -O /tmp/wp.tar.gz
+    tar xzvf /tmp/wp.tar.gz -C /tmp
+    mv /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php
+    cp -a /tmp/wordpress/. /var/www/"$domain"/html    
+wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/WordPress-Bare-Config.php -O /var/www/"$domain"/html/wp-config.php
+sed -i -e 's/DBPass/'$db_pass'/' -e 's/DBUser/'$db_user'/'  -e 's/DBName/'$db_name'/' -e 's/DOMAINname/'$domain'/' /var/www/"$domain"/html/wp-config.php
+printf '%s\n' "g/WPsalty/d" a "$WPSalts" . w | ed -s /var/www/"$domain"/html/wp-config.php
+fi
 
 ##-------------------##
 #    Backup Script    #

mysql-5.7.sh

@@ -1,44 +0,0 @@
-
-phpmyadminver=4.9.0.1
-
-## mysql Password
-#password=<set me for testing purposes>
-
-##------------##
-#     MySQL    #
-##------------##
-
-
-apt install -y mysql-server
-mysqladmin -u root password "$password"
-mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')"
-mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User=''"
-mysql -u root -p"$password" -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'"
-mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
-mysql -u root -p"$password" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$password"';"
-mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"
-mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
-
-##----------------##
-#    PHPMyAdmin    #
-##----------------##
-
-
-debconf-set-selections <<< "phpmyadmin phpmyadmin/dbconfig-install boolean true"
-debconf-set-selections <<< "phpmyadmin phpmyadmin/app-password-confirm password $password"
-debconf-set-selections <<< "phpmyadmin phpmyadmin/mysql/admin-pass password $password"
-debconf-set-selections <<< "phpmyadmin phpmyadmin/mysql/app-pass password $passsword"
-debconf-set-selections <<< "phpmyadmin phpmyadmin/reconfigure-webserver multiselect"
-apt install -y phpmyadmin
-a2disconf phpmyadmin
-
-ln -s /usr/share/phpmyadmin /var/www/"$domain"/database
-cd /tmp
-
-mkdir /usr/share/phpmyadmin/
-mkdir /etc/phpmyadmin
-
-wget https://files.phpmyadmin.net/phpMyAdmin/$phpmyadminver/phpMyAdmin-$phpmyadminver-all-languages.tar.gz
-tar xzf phpMyAdmin-$phpmyadminver-all-languages.tar.gz
-mv phpMyAdmin-$phpmyadminver-all-languages/* /usr/share/phpmyadmin
-wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/phpmyadmin/vendor_config.php -O /usr/share/phpmyadmin/libraries/vendor_config.php

mysql-8.0.sh

@@ -1,60 +0,0 @@
-##------------##
-#     MySQL    #
-##------------##
-
-
-## mysql Password
-#password=<set me for testing purposes>
-
-export DEBIAN_FRONTEND=noninteractive
-
-apt install gnupg -y
-
-debconf-set-selections <<< 'mysql-apt-config mysql-apt-config/repo-codename select bionic'
-debconf-set-selections <<< 'mysql-apt-config mysql-apt-config/repo-distro select ubuntu'
-debconf-set-selections <<< 'mysql-apt-config mysql-apt-config/repo-url string http://repo.mysql.com/apt/'
-debconf-set-selections <<< 'mysql-apt-config mysql-apt-config/select-preview select '
-debconf-set-selections <<< 'mysql-apt-config mysql-apt-config/select-product select Ok'
-debconf-set-selections <<< 'mysql-apt-config mysql-apt-config/select-server select mysql-8.0'
-debconf-set-selections <<< 'mysql-apt-config mysql-apt-config/select-tools select '
-debconf-set-selections <<< 'mysql-apt-config mysql-apt-config/unsupported-platform select abort'
-
-debconf-set-selections <<< "mysql-community-server mysql-community-server/root-pass password $password"
-debconf-set-selections <<< "mysql-community-server mysql-community-server/re-root-pass password $password"
-debconf-set-selections <<< "mysql-community-server mysql-server/default-auth-override select Use Legacy Authentication Method (Retain MySQL 5.x Compatibility)"
-
-wget https://dev.mysql.com/get/mysql-apt-config_0.8.13-1_all.deb -O /tmp/mysql-apt-conf.deb
-dpkg -i /tmp/mysql-apt-conf.deb
-apt-get update
-apt-get install -y mysql-server
-
-##-----------------##
-#     PhpMyAdmin    #
-##-----------------##
-
-                              
-phpmyadminver=4.9.0.1
-
-cd /tmp
-mkdir /usr/share/phpmyadmin/
-mkdir /etc/phpmyadmin
-wget https://files.phpmyadmin.net/phpMyAdmin/$phpmyadminver/phpMyAdmin-$phpmyadminver-all-languages.tar.gz
-tar xzf phpMyAdmin-$phpmyadminver-all-languages.tar.gz
-mv phpMyAdmin-$phpmyadminver-all-languages/* /usr/share/phpmyadmin
-
-wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/phpmyadmin/vendor_config.php -O /usr/share/phpmyadmin/libraries/vendor_config.php
-wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/phpmyadmin/config.footer.inc.php -O /etc/phpmyadmin/config.footer.inc.php
-wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/phpmyadmin/config.header.inc.php -O /etc/phpmyadmin/config.header.inc.php
-wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/phpmyadmin/config.inc.php -O /etc/phpmyadmin/config.inc.php
-touch /var/lib/phpmyadmin/config.inc.php
-touch /etc/phpmyadmin/config-db.php
-
-mkdir -p /var/lib/phpmyadmin/tmp/
-chown -R www-data:www-data /var/lib/phpmyadmin/
-
-blowsec=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
-echo -e "<?php\n\n\$cfg['blowfish_secret'] = '$blowsec';\n\n?>" >> /var/lib/phpmyadmin/blowfish_secret.inc.php
-
-mysql -u root --password="$password" < /usr/share/phpmyadmin/sql/create_tables.sql
-
-ln -s /usr/share/phpmyadmin /var/www/"$domain"/database

resources/wordpress.sh

@@ -1,78 +1,79 @@
-#==============================================================================
-#   INSTALL SECOND WEBSITE WITH WORDPRESS
-#==============================================================================  
-echo Welk domein mag gekoppeld worden? Typ domein zonder www
-read domain
-echo Standaard wachtwoord?
-read passwd
-echo Database user en name?
-read db_name db_user
-echo Standaard wachtwoord
-read passwd
-db_pass=$(date +%s|sha256sum|base64|head -c 32)
-#-------------------#
-#    MYSQL CONFIG   #
-#-------------------#
-mysql -u root -p"$passwd" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
-mysql -u root -p"$passwd" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';"
-mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;"
-#-------------------#
-#    WP - INSTALL   #
-#-------------------#
-cd /tmp
-curl -LO https://wordpress.org/latest.tar.gz
-tar xzvf latest.tar.gz
-cp /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php
-cp -a /tmp/wordpress/. /var/www/"$domain"/html
-chown -R www-data:www-data /var/www/"$domain"/html
-WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -)
-cat <<EOF > /var/www/"$domain"/html/wp-config.php
-<?php
-define('DB_NAME', '$db_name');
-define('DB_USER', '$db_user');
-define('DB_PASSWORD', '$db_pass');
-define('DB_HOST', 'localhost');
-define('DB_CHARSET', 'utf8');
-define('DB_COLLATE', '');
-#define( 'WP_SITEURL', '' );
-#define( 'WP_HOME', '' );
-#define( 'ALTERNATE_WP_CRON', true );
-#define('DISABLE_WP_CRON', 'true');
-#define('WP_CRON_LOCK_TIMEOUT', 900);
-#define('AUTOSAVE_INTERVAL', 300);
-define( 'WP_MEMORY_LIMIT', '256M' );
-#define( 'FS_CHMOD_DIR', ( 0755 & ~ umask() ) );
-#define( 'FS_CHMOD_FILE', ( 0644 & ~ umask() ) );
-#define( 'WP_ALLOW_REPAIR', true );
-#define( 'FORCE_SSL_ADMIN', true );
-#define( 'AUTOMATIC_UPDATER_DISABLED', true );
-#define( 'WP_AUTO_UPDATE_CORE', false );
-$WPSalts
-\$table_prefix = '$db_name';
-
-define('WP_DEBUG', false);
-if ( !defined('ABSPATH') )
-	define('ABSPATH', dirname(__FILE__) . '/');
-
-#\$memcached_servers = array(
-#    'default' => array(
-#        '127.0.0.1:11211'
-#    )
-#);
-#define('WP_REDIS_HOST', '127.0.0.1');
-#define('WP_REDIS_PASSWORD', '$passwd');
-#define('WP_REDIS_PORT', '6379');
-require_once(ABSPATH . 'wp-settings.php');
-EOF
-#-------------------#
-#    OPCACHE GUI    #
-#-------------------#
-cd /tmp
-curl -LO https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php
-cp /tmp/index.php /tmp/opcache.php
-cp -a /tmp/opcache.php /var/www/"$domain"/html
-cat > /var/www/"$domain"/html/info.php <<- "EOF"
-<?php
-phpinfo();
-?>
+#==============================================================================
+#   INSTALL SECOND WEBSITE WITH WORDPRESS
+#==============================================================================  
+echo Welk domein mag gekoppeld worden? Typ domein zonder www
+read domain
+echo Standaard wachtwoord?
+read passwd
+echo Database user en name?
+read db_name db_user
+echo Standaard wachtwoord
+read passwd
+db_pass=$(date +%s|sha256sum|base64|head -c 32)
+#-------------------#
+#    MYSQL CONFIG   #
+#-------------------#
+mysql -u root -p"$passwd" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
+mysql -u root -p"$passwd" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';"
+mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;"
+#-------------------#
+#    WP - INSTALL   #
+#-------------------#
+cd /tmp
+curl -LO https://wordpress.org/latest.tar.gz
+tar xzvf latest.tar.gz
+cp /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php
+cp -a /tmp/wordpress/. /var/www/"$domain"/html
+chown -R www-data:www-data /var/www/"$domain"/html
+WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -)
+cat <<EOF > /var/www/"$domain"/html/wp-config.php
+<?php
+define('DB_NAME', '$db_name');
+define('DB_USER', '$db_user');
+define('DB_PASSWORD', '$db_pass');
+define('DB_HOST', 'localhost');
+define('DB_CHARSET', 'utf8');
+define('DB_COLLATE', '');
+#define( 'WP_SITEURL', '' );
+define('FS_METHOD','direct');
+#define( 'WP_HOME', '' );
+#define( 'ALTERNATE_WP_CRON', true );
+#define('DISABLE_WP_CRON', 'true');
+#define('WP_CRON_LOCK_TIMEOUT', 900);
+#define('AUTOSAVE_INTERVAL', 300);
+define( 'WP_MEMORY_LIMIT', '256M' );
+#define( 'FS_CHMOD_DIR', ( 0755 & ~ umask() ) );
+#define( 'FS_CHMOD_FILE', ( 0644 & ~ umask() ) );
+#define( 'WP_ALLOW_REPAIR', true );
+#define( 'FORCE_SSL_ADMIN', true );
+#define( 'AUTOMATIC_UPDATER_DISABLED', true );
+#define( 'WP_AUTO_UPDATE_CORE', false );
+$WPSalts
+\$table_prefix = '$db_name';
+
+define('WP_DEBUG', false);
+if ( !defined('ABSPATH') )
+	define('ABSPATH', dirname(__FILE__) . '/');
+
+#\$memcached_servers = array(
+#    'default' => array(
+#        '127.0.0.1:11211'
+#    )
+#);
+#define('WP_REDIS_HOST', '127.0.0.1');
+#define('WP_REDIS_PASSWORD', '$passwd');
+#define('WP_REDIS_PORT', '6379');
+require_once(ABSPATH . 'wp-settings.php');
+EOF
+#-------------------#
+#    OPCACHE GUI    #
+#-------------------#
+cd /tmp
+curl -LO https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php
+cp /tmp/index.php /tmp/opcache.php
+cp -a /tmp/opcache.php /var/www/"$domain"/html
+cat > /var/www/"$domain"/html/info.php <<- "EOF"
+<?php
+phpinfo();
+?>
 EOF