#!/bin/bash ###============================================================ ## Ubuntu 18.04 Web Server Installer ###============================================================ ## Zet comments hieronder: # # # ##============================================================= ##----------## # Menu # ##----------## echo "Ubuntu 18.04 installatie script." echo "Domein zonder www:" read domain while true; do read -p "bestaat www.${domain} in DNS -> yes/no?" yn case $yn in [Yy]* ) domainwww=1 break;; [Nn]* ) domainwww=0 break;; * ) echo "Kies yes of no.";; esac done while true; do read -p "Hostname with ictmaatwerk-cs.nl -> yes/no?" yn case $yn in [Nn]* ) echo 'Enter full hostname:' read hostname break;; [Yy]* ) echo 'Hostname (eg: VCH001) zonder ".ictmaatwerk-cs.nl":' read hostname hostname=$hostname".ictmaatwerk-cs.nl" break;; * )echo "Choose yes or no.";; esac done echo "Algemeen wachtwoord:" read password echo "Administrator email:" read email echo "Webserver:" PS3='Keuze:' options=("Nginx, PHP-FPM" "Apache" "Other" "Quit") select opt in "${options[@]}" do case $opt in "Nginx, PHP-FPM") webserv=n newsql=1 script=https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/NGINX-Installer.sh break;; "Apache") webserv=a newsql=1 script=https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/Apache-Installer.sh break;; "Other") webserv=o break;; "Quit") exit;; *) echo "Fout commando $REPLY";; esac done if [ $webserv = o ]; then PS3='Keuze:' options=( "Nginx proxy" "Nginx proxy & standalone") select opt in "${options[@]}" do case $opt in "Nginx proxy") webserv=np script=https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/RevProxySimple.sh break;; "Nginx proxy & standalone") webserv=nps script=https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/RevProxyAdvanced.sh break;; *) echo "Fout commando $REPLY";; esac done fi if [ $webserv = n ]; then while true; do read -p "Password login uit zetten -> yes/no?" yn case $yn in [Yy]* ) sshkey=1 break;; [Nn]* ) sshkey=0 break;; * ) echo "Kies yes of no.";; esac done while true; do read -p "Enable per-domain data user-> yes/no?" yn case $yn in [Yy]* ) datauser=1 wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-FTP/raw/branch/master/data-user_setup.sh -O /root/data-user_setup.sh break;; [Nn]* ) datauser=0 break;; * ) echo "Choose yes or no.";; esac done if [ $webserv = n ]; then while true; do read -p "Brotli Precompression > yes/no?" yn case $yn in [Yy]* ) brotlinginx=1 break;; [Nn]* ) brotlinginx=0 break;; * ) echo "Kies yes of no.";; esac done while true; do read -p "Nextcloud Setup? > yes/no?" yn case $yn in [Yy]* ) nextcloud=1 break;; [Nn]* ) nextcloud=0 break;; * ) echo "Kies yes of no.";; esac done else brotlinginx=0 nextcloud=0 fi while true; do read -p "Installeer Memcached -> yes/no?" yn case $yn in [Yy]* ) memcached=1 break;; [Nn]* ) memcached=0 break;; * ) echo "Kies yes of no.";; esac done while true; do read -p "Installeer Redis Cache -> yes/no?" yn case $yn in [Yy]* ) redis=1 break;; [Nn]* ) redis=0 break;; * ) echo "Kies yes of no.";; esac done while true; do read -p "Installeer Wordpress -> yes/no?" yn case $yn in [Yy]* ) wordpress=1 break;; [Nn]* ) wordpress=0 break;; * ) echo "Kies yes of no.";; esac done ##-----------------## # Static-Vars # ##-----------------## phpver=7.3 sqlver=8.0 #or 5.7 cockpit=1 ##----------------## # Pre-Config # ##----------------## if [ ! -d ~/.ssh ] then mkdir ~/.ssh fi echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOtJ4ZiLi+SntA3m54oEJjlA8bE73gggkhGjOaVHsLNo6YmKtZlPaxwWiGvoATv4Vm41WWxKbUWbYGHVTe8DusqKpf/JCgB1r/8rQe828qwaEGXWGxta1Ykq+ndDeBLFGhVp0nNdcnND5HIwarEW4zhBDXUMzYw7IBxPYb48tVIobs/yPN6nSWT2G8FX7XDJNifS+ThVLnCHHS3i/uio8b8jz1oT2s6UH09EBwxg99+0yVaSQV2q8CthDZ8rSgz8pAhQ6FwVfUd9c/PQjtbUSQStvKvr3muv5Q8UnzAvKiO83rsM91aDwv0E6kqpB77BrkpfQXOJNDmdqlnsa2AlkL ICTMaatwerk@Key" >> ~/.ssh/authorized_keys echo "root:$password" | chpasswd cd /tmp #mv /boot/grub/menu.lst /boot/grub/menu.lst.bck apt install -y software-properties-common add-apt-repository -y ppa:certbot/certbot add-apt-repository -y ppa:ondrej/php apt update apt upgrade -y apt dist-upgrade -y apt install -y rsync grsync sshpass apt clean apt autoremove -y hostnamectl set-hostname $hostname sed -i 's/;preserve_hostname: false/preserve_hostname: true/g' /etc/cloud/cloud.cfg timedatectl set-timezone Europe/Amsterdam if free | awk '/^Swap:/ {exit !$2}'; then echo "swap enabled" else fallocate -l 1G /swapfile chmod 600 /swapfile mkswap /swapfile swapon /swapfile echo '/swapfile swap swap defaults 0 0' >> /etc/fstab fi sed -i 's/#/vm.swappiness=10/g' /etc/sysctl.conf sed -i 's/#/vm.vfs_cache_pressure=50/g' /etc/sysctl.conf sed -i 's/IPV6=yes/IPV6=no/g' /etc/default/ufw sed -i "\$a0 3 * * 1 root apt update >/dev/null 2>&1&& apt upgrade -y >/dev/null 2>&1" /etc/crontab systemctl restart cron ufw allow OpenSSH ufw allow 443/tcp ufw allow 80/tcp ufw limit ssh echo "y" | ufw enable mkdir /root/.ssh apt install fail2ban -y ##-------------------## # Install Phase # ##-------------------## wget $script -O Ubuntu-Web_Installer.sh source Ubuntu-Web_Installer.sh ##-----------## # MySQL # ##-----------## if [ $newsql = 1 ]; then wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/mysql-${sqlver}.sh -O Mysql-Installer.sh source Mysql-Installer.sh fi rm /etc/mysql/my.cnf cat > /etc/mysql/my.cnf <<- "EOF" # - "/etc/mysql/my.cnf" to set global options, [mysqld_safe] socket = /var/run/mysqld/mysqld.sock nice = 0 [mysqld] user = mysql pid-file = /var/run/mysqld/mysqld.pid socket = /var/run/mysqld/mysqld.sock port = 3306 basedir = /usr datadir = /var/lib/mysql tmpdir = /tmp lc-messages-dir = /usr/share/mysql skip-external-locking innodb_buffer_pool_size = 1G # (adjust value here, 50%-70% of total RAM) innodb_log_file_size = 256M innodb_flush_log_at_trx_commit = 1 # may change to 2 or 0 innodb_flush_method = O_DIRECT bind-address = 127.0.0.1 key_buffer_size = 16M max_allowed_packet = 16M thread_stack = 192K thread_cache_size = 8 myisam-recover-options = BACKUP #max_connections = 100 #table_open_cache = 64 #thread_concurrency = 10 query_cache_limit = 1M query_cache_size = 16M log_error = /var/log/mysql/error.log expire_logs_days = 10 max_binlog_size = 100M EOF ##-------------## # Cockpit # ##-------------## if [ $cockpit = 1 ]; then wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Cockpit/raw/branch/master/Slave-installer.sh -O Slave-Installer.sh source Slave-Installer.sh fi if [ $sshkey = 1 ]; then sed -i 's/PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config fi ##---------------## # Wordpress # ##---------------## if [ $wordpress = 1 ]; then db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1` db_name="wp_$db_suffix" db_user="wp_$db_suffix" db_pass=$(date +%s|sha256sum|base64|head -c 32) mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;" mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';" mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" wget https://wordpress.org/latest.tar.gz -O /tmp/wp.tar.gz tar xzvf /tmp/wp.tar.gz -C /tmp mv /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php cp -a /tmp/wordpress/. /var/www/"$domain"/html WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -) cat < /var/www/"$domain"/html/wp-config.php array( # '127.0.0.1:11211' # ) #); #define('WP_REDIS_HOST', '127.0.0.1'); #define('WP_REDIS_PASSWORD', '$password'); #define('WP_REDIS_PORT', '6379'); require_once(ABSPATH . 'wp-settings.php'); EOF fi ##-------------------## # Backup Script # ##-------------------## wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Backup/raw/branch/master/install-backup-tools.sh -O /root/install-backup-tools.sh chmod +x /root/install-backup-tools.sh ##----------------## # F2B Script # ##----------------## wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/Fail2Ban/setup-fail2banWP.sh -O /root/setup-fail2banWP.sh chmod +x /root/setup-fail2banWP.sh echo "Installatie geslaagd!" ##------------## # Reboot # ##------------## echo "Reboot in:" sleep 1 echo 3 sleep 1 echo 2 sleep 1 echo 1 reboot