424 lines
13 KiB
Bash
424 lines
13 KiB
Bash
#==============================================================================
|
|
# UBUNTU 18.04 BASH SCRIPT
|
|
#==============================================================================
|
|
# top -o %MEM -> See Memory consumption
|
|
# apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y
|
|
# do-release-upgrade -d
|
|
#
|
|
# Add ssl_dhparam
|
|
#==============================================================================
|
|
|
|
#-------------------#
|
|
# LEMP #
|
|
#-------------------#
|
|
|
|
apt install -y nginx mysql-server-5.7
|
|
mysql_secure_installation
|
|
mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
|
|
mysql -u root -p"$passwd" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$passwd"';"
|
|
mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;"
|
|
mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
|
|
apt install -y php-fpm php-mysql php-cgi php-common php-pear php-mbstring php-curl php-gd php-intl php-soap php-xml php-xmlrpc php-zip
|
|
|
|
#-------------------#
|
|
# NGINX CONFIG #
|
|
#-------------------#
|
|
|
|
mkdir -p /var/www/"$domain"/html
|
|
chmod -R 755 /var/www
|
|
cat <<EOF > /etc/nginx/sites-available/$domain
|
|
fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=MYAPP:100m max_size=10g inactive=1440m;
|
|
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
root /var/www/$domain/html;
|
|
index index.php index.html index.htm index.nginx-debian.html;
|
|
server_name $domain www.$domain;
|
|
#return 301 \$scheme:/\$domain\$request_uri; Redirect to non-www
|
|
#return 301 https://domein.nl$request_uri; Redirect to other domain
|
|
|
|
location = /netdata {
|
|
return 301 /netdata/;
|
|
}
|
|
|
|
location ~ /netdata/(?<ndpath>.*) {
|
|
proxy_redirect off;
|
|
proxy_set_header Host \$host;
|
|
|
|
proxy_set_header X-Forwarded-Host \$host;
|
|
proxy_set_header X-Forwarded-Server \$host;
|
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
proxy_http_version 1.1;
|
|
proxy_pass_request_headers on;
|
|
proxy_set_header Connection "keep-alive";
|
|
proxy_store off;
|
|
proxy_pass http://netdata/\$ndpath\$is_args\$args;
|
|
}
|
|
gzip on;
|
|
gzip_proxied any;
|
|
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
|
|
gzip_min_length 1000;
|
|
gzip_comp_level 2;
|
|
gzip_disable "msie6";
|
|
gzip_buffers 16 8k;
|
|
|
|
|
|
location / {
|
|
#try_files \$uri \$uri/ =404;
|
|
try_files \$uri \$uri/ /index.php\$is_args\$args;
|
|
}
|
|
|
|
location = /favicon.ico { log_not_found off; access_log off; }
|
|
location = /robots.txt { log_not_found off; access_log off; allow all; }
|
|
location ~* \.(css|gif|ico|jpeg|jpg|js|png|svg|eot|otf|woff|woff2|ttf|ogg)$ {
|
|
expires max;
|
|
log_not_found off;
|
|
}
|
|
|
|
location ~ \.php$ {
|
|
include snippets/fastcgi-php.conf;
|
|
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
|
|
fastcgi_cache MYAPP;
|
|
fastcgi_cache_valid 200 302 301 1m;
|
|
fastcgi_cache_valid 404 1m;
|
|
fastcgi_cache_bypass \$no_cache;
|
|
fastcgi_no_cache \$no_cache;
|
|
fastcgi_cache_revalidate on;
|
|
fastcgi_cache_background_update on;
|
|
fastcgi_cache_lock on;
|
|
fastcgi_cache_use_stale updating;
|
|
fastcgi_buffer_size 128k;
|
|
fastcgi_buffers 256 16k;
|
|
fastcgi_busy_buffers_size 256k;
|
|
fastcgi_temp_file_write_size 256k;
|
|
}
|
|
|
|
location ~ /\.ht {
|
|
deny all;
|
|
}
|
|
|
|
location /phpmyadmin {
|
|
index index.php;
|
|
}
|
|
|
|
#Cache everything by default
|
|
set \$no_cache 0;
|
|
|
|
#Don't cache POST requests
|
|
if (\$request_method = POST) {
|
|
set \$no_cache 1;
|
|
}
|
|
|
|
#Don't cache if the URL contains a query string
|
|
if (\$query_string != "") {
|
|
set \$no_cache 1;
|
|
}
|
|
|
|
#Don't cache the following URLs
|
|
if (\$request_uri ~* "/(administrator/|login.php)") {
|
|
set \$no_cache 1;
|
|
}
|
|
|
|
#Don't cache if there is a cookie called PHPSESSID
|
|
if (\$http_cookie = "PHPSESSID") {
|
|
set \$no_cache 1;
|
|
}
|
|
}
|
|
EOF
|
|
cat <<EOF > /etc/nginx/nginx.conf
|
|
user www-data;
|
|
worker_processes auto;
|
|
pid /run/nginx.pid;
|
|
include /etc/nginx/modules-enabled/*.conf;
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
}
|
|
|
|
http {
|
|
|
|
fastcgi_cache_key \$scheme\$request_method\$host\$request_uri;
|
|
add_header X-Cache "\$upstream_cache_status";
|
|
|
|
sendfile on;
|
|
tcp_nopush on;
|
|
tcp_nodelay on;
|
|
keepalive_timeout 65;
|
|
types_hash_max_size 2048;
|
|
# server_tokens off;
|
|
|
|
client_body_buffer_size 10K;
|
|
client_header_buffer_size 1k;
|
|
client_max_body_size 8m;
|
|
large_client_header_buffers 4 4k;
|
|
|
|
server_names_hash_bucket_size 64;
|
|
|
|
include /etc/nginx/mime.types;
|
|
default_type text/html;
|
|
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
|
|
ssl_prefer_server_ciphers on;
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
ssl_session_cache shared:SSL:20m;
|
|
ssl_session_timeout 180m;
|
|
|
|
#access_log /var/log/nginx/access.log;
|
|
access_log off;
|
|
error_log /var/log/nginx/error.log;
|
|
|
|
gzip on;
|
|
gzip_proxied any;
|
|
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
|
|
gzip_min_length 1000;
|
|
gzip_comp_level 2;
|
|
gzip_disable "msie6";
|
|
gzip_buffers 16 8k;
|
|
|
|
include /etc/nginx/conf.d/*.conf;
|
|
include /etc/nginx/sites-enabled/*;
|
|
}
|
|
EOF
|
|
cat <<EOF > /etc/nginx/sites-available/default
|
|
#fastcgi_cache_key \$scheme\$request_method\$host\$request_uri;
|
|
#add_header X-Cache "\$upstream_cache_status";
|
|
|
|
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
#ssl_session_cache shared:SSL:20m;
|
|
#ssl_session_timeout 180m;
|
|
#client_body_buffer_size 10K;
|
|
#client_header_buffer_size 1k;
|
|
#client_max_body_size 8m;
|
|
#large_client_header_buffers 4 4k;
|
|
#access_log off;
|
|
|
|
upstream netdata {
|
|
server 127.0.0.1:19999;
|
|
keepalive 64;
|
|
}
|
|
|
|
server {
|
|
listen 80 default_server;
|
|
listen [::]:80 default_server;
|
|
|
|
location = /netdata {
|
|
return 301 /netdata/;
|
|
}
|
|
|
|
location ~ /netdata/(?<ndpath>.*) {
|
|
proxy_redirect off;
|
|
proxy_set_header Host \$host;
|
|
|
|
proxy_set_header X-Forwarded-Host \$host;
|
|
proxy_set_header X-Forwarded-Server \$host;
|
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
proxy_http_version 1.1;
|
|
proxy_pass_request_headers on;
|
|
proxy_set_header Connection "keep-alive";
|
|
proxy_store off;
|
|
proxy_pass http://netdata/\$ndpath\$is_args\$args;
|
|
|
|
gzip on;
|
|
gzip_proxied any;
|
|
gzip_types *;
|
|
}
|
|
|
|
root /var/www/html;
|
|
index index.php index.html index.htm index.nginx-debian.html;
|
|
|
|
server_name _;
|
|
|
|
location / {
|
|
try_files \$uri \$uri/ =404;
|
|
}
|
|
|
|
# pass PHP scripts to FastCGI server
|
|
location ~ \.php\$ {
|
|
include snippets/fastcgi-php.conf;
|
|
|
|
# With php-fpm (or other unix sockets):
|
|
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
|
|
# With php-cgi (or other tcp sockets):
|
|
#fastcgi_pass 127.0.0.1:9000;
|
|
}
|
|
}
|
|
EOF
|
|
ln -s /etc/nginx/sites-available/$domain /etc/nginx/sites-enabled/
|
|
sed -i 's/#cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/7.2/fpm/php.ini
|
|
systemctl reload nginx
|
|
|
|
#-------------------#
|
|
# PHPMYADMIN #
|
|
#-------------------#
|
|
|
|
apt install -y phpmyadmin
|
|
ln -s /usr/share/phpmyadmin /var/www/"$domain"/html
|
|
systemctl restart php7.2-fpm
|
|
# Redirect phpmyadmin -> database
|
|
mv /var/www/"$domain"/html/phpmyadmin /var/www/"$domain"/html/database
|
|
|
|
#-------------------#
|
|
# POSTFIX #
|
|
#-------------------#
|
|
|
|
debconf-set-selections <<< "postfix postfix/mailname string $domain"
|
|
debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"
|
|
apt install -y mailutils
|
|
sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf
|
|
sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf
|
|
sed -i 's/relayhost =/mydestination = '$domain', localhost.'$domain', '$domain'/g' /etc/postfix/main.cf
|
|
systemctl restart postfix
|
|
cat <<EOF > /etc/aliases
|
|
# See man 5 aliases for format
|
|
postmaster: root
|
|
root: $email
|
|
EOF
|
|
newaliases
|
|
|
|
#-------------------#
|
|
# NETDATA #
|
|
#-------------------#
|
|
if [ $netdata = 1 ]
|
|
then
|
|
apt install -y netdata
|
|
ufw allow 19999/tcp
|
|
# systemctl stop netdata
|
|
# systemctl disable netdata
|
|
fi
|
|
|
|
#-------------------#
|
|
# MEMCACHED #
|
|
# 127.0.0.1:11211 #
|
|
#-------------------#
|
|
if [ $memcached = 1 ]
|
|
then
|
|
apt install -y memcached
|
|
systemctl restart memcached
|
|
# systemctl stop memcached
|
|
# systemctl disable memcached
|
|
fi
|
|
#-------------------#
|
|
# REDIS #
|
|
# 127.0.0.1:6379 #
|
|
#-------------------#
|
|
if [ $redis = 1 ]
|
|
then
|
|
apt install -y redis-server
|
|
sed -i 's/supervised no/supervised systemd/g' /etc/redis/redis.conf
|
|
sed -i 's/# bind 127.0.0.1 ::1/bind 127.0.0.1 ::1/g' /etc/redis/redis.conf
|
|
sed -i 's/# requirepass foobared/requirepass '$passwd'/g' /etc/redis/redis.conf
|
|
systemctl restart redis
|
|
systemctl restart redis.service
|
|
# systemctl stop redis
|
|
# systemctl stop redis.service
|
|
# systemctl disable redis
|
|
# systemctl disable redis.service
|
|
fi
|
|
#-------------------#
|
|
# CERTBOT #
|
|
#-------------------#
|
|
|
|
add-apt-repository -y ppa:certbot/certbot
|
|
apt update
|
|
apt install -y python-certbot-nginx
|
|
#certbot --nginx -d $domain -d www.$domain
|
|
#sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
|
|
#sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"
|
|
#sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"
|
|
#check certbot auto-renewal -> certbot renew --dry-run
|
|
|
|
#-------------------#
|
|
# PHP.ini #
|
|
#-------------------#
|
|
|
|
sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' /etc/php/7.2/fpm/php.ini
|
|
sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/7.2/fpm/php.ini
|
|
sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/7.2/fpm/php.ini
|
|
sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=50000/g' /etc/php/7.2/fpm/php.ini
|
|
sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/7.2/fpm/php.ini
|
|
sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/7.2/fpm/php.ini
|
|
sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/7.2/fpm/php.ini
|
|
systemctl restart php7.2-fpm.service
|
|
|
|
#-------------------#
|
|
# WP - INSTALL #
|
|
#-------------------#
|
|
|
|
if [ $wordpress = 1 ]
|
|
then
|
|
db_name="wp_1"
|
|
db_user="wp_1"
|
|
db_pass=$(date +%s|sha256sum|base64|head -c 32)
|
|
mysql -u root -p"$passwd" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
|
|
mysql -u root -p"$passwd" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';"
|
|
mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;"
|
|
wget https://wordpress.org/latest.tar.gz -O /tmp/wp.tar.gz
|
|
tar xzvf /tmp/wp.tar.gz -C /tmp
|
|
mv /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php
|
|
cp -a /tmp/wordpress/. /var/www/"$domain"/html
|
|
chown -R www-data:www-data /var/www/"$domain"/html
|
|
WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -)
|
|
cat <<EOF > /var/www/"$domain"/html/wp-config.php
|
|
<?php
|
|
define('DB_NAME', '$db_name');
|
|
define('DB_USER', '$db_user');
|
|
define('DB_PASSWORD', '$db_pass');
|
|
define('DB_HOST', 'localhost');
|
|
define('DB_CHARSET', 'utf8');
|
|
define('DB_COLLATE', '');
|
|
#define( 'WP_SITEURL', '' );
|
|
#define( 'WP_HOME', '' );
|
|
#define( 'ALTERNATE_WP_CRON', true );
|
|
#define('DISABLE_WP_CRON', 'true');
|
|
#define('WP_CRON_LOCK_TIMEOUT', 900);
|
|
#define('AUTOSAVE_INTERVAL', 300);
|
|
define( 'WP_MEMORY_LIMIT', '256M' );
|
|
define( 'DISALLOW_FILE_EDIT', true );
|
|
#define( 'EMPTY_TRASH_DAYS', 7 );
|
|
define( 'NOBLOGREDIRECT', 'https://$domain' );
|
|
#define( 'FS_CHMOD_DIR', ( 0755 & ~ umask() ) );
|
|
#define( 'FS_CHMOD_FILE', ( 0644 & ~ umask() ) );
|
|
#define( 'WP_ALLOW_REPAIR', true );
|
|
#define( 'FORCE_SSL_ADMIN', true );
|
|
#define( 'AUTOMATIC_UPDATER_DISABLED', true );
|
|
#define( 'WP_AUTO_UPDATE_CORE', false );
|
|
$WPSalts
|
|
\$table_prefix = '$db_name';
|
|
|
|
define('WP_DEBUG', false);
|
|
if ( !defined('ABSPATH') )
|
|
define('ABSPATH', dirname(__FILE__) . '/');
|
|
|
|
#\$memcached_servers = array(
|
|
# 'default' => array(
|
|
# '127.0.0.1:11211'
|
|
# )
|
|
#);
|
|
#define('WP_REDIS_HOST', '127.0.0.1');
|
|
#define('WP_REDIS_PASSWORD', '$passwd');
|
|
#define('WP_REDIS_PORT', '6379');
|
|
require_once(ABSPATH . 'wp-settings.php');
|
|
EOF
|
|
fi
|
|
|
|
#--------------------#
|
|
# WWW Folder Perms #
|
|
#--------------------#
|
|
|
|
chown -R www-data:www-data /var/www/"$domain"/html
|
|
|
|
#-------------------#
|
|
# OPCACHE GUI #
|
|
#-------------------#
|
|
|
|
wget https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php -O /var/www/"$domain"/html/opcache.php
|
|
|
|
#----------------#
|
|
# PHP.info #
|
|
#----------------#
|
|
|
|
cat > /var/www/"$domain"/html/info.php <<- "EOF"
|
|
<?php
|
|
phpinfo();
|
|
EOF |