###============================================================
##      Ubuntu 18.04 LEMP Stack Installer
###============================================================
## Zet comments hieronder:
#
#
#
##=============================================================

##----------------##
#    Pre-Config    #
##----------------##

# Setup domain folder
mkdir -p /var/www/"$domain"/html
chmod -R 755 /var/www

##-------------------##
#    NGINX + MySQL    #
##-------------------##


if [ $brotlinginx = 1 ]; then
  # Getting and installing nginx from local source
  wget https://git.ictmaatwerk.com/deb/nginx-brotli/nginx_latest~bionic_amd64.deb
  wget https://git.ictmaatwerk.com/deb/nginx-brotli/nginx-dbg_latest~bionic_amd64.deb
  dpkg -i nginx_latest~bionic_amd64.deb
  dpkg -i nginx-dbg_latest~bionic_amd64.deb
  
  # Creating extra files and directories
  wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nginx/nginx-brotli.conf -O /etc/nginx/nginx.conf
  mkdir /etc/nginx/sites-available /etc/nginx/sites-enabled /etc/nginx/snippets /etc/nginx/modules-available /etc/nginx/modules-enabled /etc/nginx/snippets/
  wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nginx/fastcgi/fastcgi.conf -O /etc/nginx/fastcgi.conf
  wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nginx/fastcgi/fastcgi-php.conf -O /etc/nginx/snippets/fastcgi-php.conf
 
  #installing precompresion tools 
  apt install -y brotli git golang-go gzip
  go get github.com/tdewolff/minify/cmd/minify
  cp ~/go/bin/minify /bin/minify
  rm -rf ~/go
  wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/Minify/minify_and_precompression.sh -O ~/minify_and_precompression.sh
else
  #installing nginx from apt
  apt install -y nginx
  wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nginx/nginx-default.conf -O /etc/nginx/nginx.conf
fi
if [ $datauser= = 1 ]; then
 source /root/data-user_setup.sh 

fi
mkdir -p /etc/nginx

apt install -y mysql-server
# mysql_secure_installation automated
mysqladmin -u root password "$password"
mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')"
mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User=''"
mysql -u root -p"$password" -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'"
mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
mysql -u root -p"$password" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$password"';"
mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"
mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"

wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nginx/wprocket-nginx.conf -O /etc/nginx/wprocket-nginx.conf 

cat <<EOF > /etc/nginx/sites-available/"$domain"
#fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=MYAPP:100m max_size=10g inactive=1440m;

upstream netdata {
    server 127.0.0.1:19999;
    keepalive 64;
}

server {
    listen       80;
    server_name   www.$domain;
    return       301 http://$domain\$request_uri;
}

server {
    listen 80;
    listen [::]:80;
    root /var/www/$domain/html;
    index index.php index.html index.htm index.nginx-debian.html;
    server_name $domain;
    #return 301 \$scheme:/\$domain\$request_uri; Redirect to non-www
    #return 301 https://domein.nl$request_uri; Redirect to other domain

    #add_header X-Cache "\$upstream_cache_status";

    #netdata here
    
    gzip on;
    gzip_proxied any;
    gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript image/svg image/svg+xml application/xml image/x-icon;
    gzip_comp_level 2;
    gzip_disable "msie6";
    gzip_buffers 16 8k;
	

    location / {
        #try_files \$uri \$uri/ =404;
        try_files \$uri \$uri/ /index.php\$is_args\$args;
        #try_files \$uri \$uri/ \$uri.html \$uri.php\$is_args\$query_string;
    }

    location = /favicon.ico { log_not_found off; access_log off; }
    location = /robots.txt { log_not_found off; access_log off; allow all; }
    location ~* \.(css|gif|ico|jpeg|jpg|js|png|svg|webp|eot|otf|woff|woff2|ttf|ogg)\$ {
        expires max;
        log_not_found off;
        add_header Cache-Control "public, no-transform";
    }

    location ~ \.php\$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php$phpver-fpm.sock;
        #fastcgi_cache MYAPP;
        #fastcgi_cache_valid 200 302 301 1m;
        #fastcgi_cache_valid 404 1m;
        #fastcgi_cache_bypass \$no_cache;
        #fastcgi_no_cache \$no_cache;
        #fastcgi_cache_revalidate on;
        #fastcgi_cache_background_update on;
        #fastcgi_cache_lock on;
        #fastcgi_cache_use_stale updating;
        #fastcgi_buffer_size 128k;
        #fastcgi_buffers 256 16k;
        #fastcgi_busy_buffers_size 256k;
        #fastcgi_temp_file_write_size 256k;
    }

    location ~ /\.ht {
        deny all;
    }

    location /phpmyadmin {
        index index.php;
    }

    #Cache everything by default
    set \$no_cache 0;

    #Don't cache POST requests
    if (\$request_method = POST) {
        set \$no_cache 1;
    }

    #Don't cache if the URL contains a query string
    if (\$query_string != "") {
        set \$no_cache 1;
    }

    #Don't cache the following URLs
    if (\$request_uri ~* "/(administrator/|login.php)") {
        set \$no_cache 1;
    }

    #Don't cache if there is a cookie called PHPSESSID
    if (\$http_cookie = "PHPSESSID") {
        set \$no_cache 1;
    }
        # Increase bodysize for WP Rocket
        client_max_body_size 256M;
        ## Rocket-Nginx configuration
        #include wprocket-nginx.conf;
        #Yoast SEO Sitemaps
        location ~ ([^/]*)sitemap(.*).x(m|s)l$ {
                ## this rewrites sitemap.xml to /sitemap_index.xml
                rewrite ^/sitemap.xml$ /sitemap_index.xml permanent;
                ## this makes the XML sitemaps work
                rewrite ^/([a-z]+)?-?sitemap.xsl$ /index.php?xsl=$1 last;
                rewrite ^/sitemap_index.xml$ /index.php?sitemap=1 last;
                rewrite ^/([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;

}

}
EOF

ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/

##---------##
#    PHP    #
##---------##

apt install -y php${phpver}-fpm php${phpver}-imagick php${phpver}-mysql php${phpver}-cgi php${phpver}-common php-pear php${phpver}-mbstring php${phpver}-curl php${phpver}-gd php${phpver}-intl php${phpver}-soap php${phpver}-xml php${phpver}-xmlrpc php${phpver}-zip

sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/"$phpver"/fpm/php.ini
sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' /etc/php/"$phpver"/fpm/php.ini
sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/"$phpver"/fpm/php.ini
sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/"$phpver"/fpm/php.ini
sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=50000/g' /etc/php/"$phpver"/fpm/php.ini
sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/"$phpver"/fpm/php.ini
sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/"$phpver"/fpm/php.ini
sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/"$phpver"/fpm/php.ini
sed -i 's/upload_max_filesize = 2/upload_max_filesize = 128/g' /etc/php/"$phpver"/fpm/php.ini
sed -i 's/post_max_size = 8/post_max_size = 64/g' /etc/php/"$phpver"/fpm/php.ini
wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nginx/www.confg -O /etc/php/"$phpver"/fpm/pool.d/www.conf
sed -i 's/'rtag'/'"${phpver}"'/g' /etc/php/"$phpver"/fpm/pool.d/www.conf



##----------------##
#    PHPMyAdmin    #
##----------------##

debconf-set-selections <<< "phpmyadmin phpmyadmin/dbconfig-install boolean true"
debconf-set-selections <<< "phpmyadmin phpmyadmin/app-password-confirm password $password"
debconf-set-selections <<< "phpmyadmin phpmyadmin/mysql/admin-pass password $password"
debconf-set-selections <<< "phpmyadmin phpmyadmin/mysql/app-pass password $passsword"
debconf-set-selections <<< "phpmyadmin phpmyadmin/reconfigure-webserver multiselect"
apt install -y phpmyadmin
# Redirect phpmyadmin -> database
ln -s /usr/share/phpmyadmin /var/www/"$domain"/database

##-------------##
#    Postfix    #
##-------------##

debconf-set-selections <<< "postfix postfix/mailname string $hostname"
debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"
apt install -y mailutils
sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf
sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf
sed -i 's/relayhost =/mydestination = '$hostname', localhost.'$hostname', '$hostname'/g' /etc/postfix/main.cf
cat <<EOF > /etc/aliases
# See man 5 aliases for format
postmaster:    root
root:          $email
EOF
newaliases

##-------------##
#    Netdata    #
##-------------##

    apt install -y netdata
    sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/g' /etc/netdata/health_alarm_notify.conf
    ufw allow 19999/tcp
    sed -i 's+#netdata here+location = /netdata {\n        return 301 /netdata/;\n    }\n\n    location ~ /netdata/(?<ndpath>.*) {\n        proxy_redirect off;\n        proxy_set_header Host \$host;\n        proxy_set_header X-Forwarded-Host \$host;\n        proxy_set_header X-Forwarded-Server \$host;\n        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;\n        proxy_http_version 1.1;\n        proxy_pass_request_headers on;\n        proxy_set_header Connection "keep-alive";\n        proxy_store off;\n        proxy_pass http://netdata/\$ndpath\$is_args\$args;\n    }+g' /etc/nginx/sites-available/"$domain"
    systemctl stop netdata
    systemctl disable netdata

##---------------##
#    Memcached    #
##---------------##

if [ $memcached = 1 ]; then
    apt install -y 
    # systemctl stop memcached
    # systemctl disable memcached
fi

##-----------##
#    Redis    #
##-----------##

if [ $redis = 1 ]; then
    apt install -y redis-server
    sed -i 's/supervised no/supervised systemd/g' /etc/redis/redis.conf
    sed -i 's/# bind 127.0.0.1 ::1/bind 127.0.0.1 ::1/g' /etc/redis/redis.conf
    sed -i 's/# requirepass foobared/# requirepass '$password'/g' /etc/redis/redis.conf
    git clone https://github.com/phpredis/phpredis.git /opt/phpredis
    apt install -y php${phpver}-dev 
    #sed -i "\$a0 3 * * 1 root git clone https://github.com/phpredis/phpredis.git /opt/phpredis >/dev/null 2>&1" /etc/crontab
    # systemctl stop redis
    # systemctl disable redis
fi


##---------------##
#    Wordpress    #
##---------------##

if [ $wordpress = 1 ]; then
    db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1`
    db_name="wp_$db_suffix"
    db_user="wp_$db_suffix"
    db_pass=$(date +%s|sha256sum|base64|head -c 32)
    mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
    mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';"
    mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"
    wget https://wordpress.org/latest.tar.gz -O /tmp/wp.tar.gz
    tar xzvf /tmp/wp.tar.gz -C /tmp
    mv /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php
    cp -a /tmp/wordpress/. /var/www/"$domain"/html
    WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -)
cat <<EOF > /var/www/"$domain"/html/wp-config.php
<?php
define('DB_NAME', '$db_name');
define('DB_USER', '$db_user');
define('DB_PASSWORD', '$db_pass');
define('DB_HOST', 'localhost');
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');
#define( 'WP_SITEURL', '' );
#define( 'WP_HOME', '' );
#define( 'ALTERNATE_WP_CRON', true );
#define('DISABLE_WP_CRON', 'true');
#define('WP_CRON_LOCK_TIMEOUT', 900);
#define('AUTOSAVE_INTERVAL', 300);
define( 'WP_MEMORY_LIMIT', '256M' );
define( 'DISALLOW_FILE_EDIT', true );
#define( 'EMPTY_TRASH_DAYS', 7 );
define( 'NOBLOGREDIRECT', 'https://$domain' );
#define( 'FS_CHMOD_DIR', ( 0755 & ~ umask() ) );
#define( 'FS_CHMOD_FILE', ( 0644 & ~ umask() ) );
#define( 'WP_ALLOW_REPAIR', true );
#define( 'FORCE_SSL_ADMIN', true );
#define( 'AUTOMATIC_UPDATER_DISABLED', true );
#define( 'WP_AUTO_UPDATE_CORE', false );
$WPSalts
#\$table_prefix = '$db_name';
\$table_prefix = 'wp';

define('WP_DEBUG', false);
if ( !defined('ABSPATH') )
	define('ABSPATH', dirname(__FILE__) . '/');

#\$memcached_servers = array(
#    'default' => array(
#        '127.0.0.1:11211'
#    )
#);
#define('WP_REDIS_HOST', '127.0.0.1');
#define('WP_REDIS_PASSWORD', '$password');
#define('WP_REDIS_PORT', '6379');
require_once(ABSPATH . 'wp-settings.php');
EOF
fi

##---------------##
#    Nextcloud    #
##---------------##

if [ $nextcloud = 1 ]; then
wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nextcloud/nextcloud-config.sh -O nextcloud-config.sh
source nextcloud-config.sh
fi


##-------------##
#    Certbot    #
##-------------##

apt install -y python-certbot-nginx
if [ $domainwww = 1 ]; then
    certbot --nginx -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
    echo "certbot --nginx -n -d $domain -d www.$domain -m $email --hsts --redirect --no-eff-email --agree-tos" > ~/certbotactivate.sh

elif [ $domainwww = 0 ]; then
    certbot --nginx -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
    echo "certbot --nginx -n -d $domain -m $email --hsts --redirect --no-eff-email --agree-tos" > ~/certbotactivate.sh
fi
sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"
sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"


##-----------------##
#    Opcache GUI    #
##-----------------##

wget https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php -O /var/www/"$domain"/html/opcache.php

##--------------##
#    Info.php    #
##--------------##

cat > /var/www/"$domain"/html/info.php <<- "EOF"
<?php
phpinfo();
EOF

##-----------------------##
#    Html Folder Perms    #
##-----------------------##

chown -R www-data:www-data /var/www/"$domain"/html

##------------------------##
#    Default NGINX page    #
##------------------------##

rm -rf /var/www/html/*
echo "<html><head></head><body>Nginx is functioning normally</body></html>" > /var/www/html/index.html
chown www-data:www-data /var/www/html/index.html