347 lines
11 KiB
Bash
347 lines
11 KiB
Bash
#==============================================================================
|
|
# UBUNTU 18.04 BASH SCRIPT
|
|
# https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-as-a-web-server-and-reverse-proxy-for-apache-on-one-ubuntu-18-04-server
|
|
#==============================================================================
|
|
# apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y
|
|
# do-release-upgrade -d
|
|
#
|
|
#==============================================================================
|
|
|
|
# Block direct apache acces
|
|
ufw deny 8080/tcp
|
|
ufw allow from $server_ip proto tcp to any port 8080
|
|
|
|
#-------------------#
|
|
# APACHE + PHP-FPM #
|
|
#-------------------#
|
|
|
|
apt install apache2 php-fpm -y
|
|
wget https://mirrors.edge.kernel.org/ubuntu/pool/multiverse/liba/libapache-mod-fastcgi/libapache2-mod-fastcgi_2.4.7~0910052141-1.2_amd64.deb
|
|
dpkg -i libapache2-mod-fastcgi_2.4.7~0910052141-1.2_amd64.deb
|
|
mv /etc/apache2/ports.conf /etc/apache2/ports.conf.default
|
|
echo "Listen 8080" | tee /etc/apache2/ports.conf
|
|
a2dissite 000-default
|
|
cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/001-default.conf
|
|
sed -i 's/:80/:8080/g' /etc/apache2/sites-available/001-default.conf
|
|
a2ensite 001-default
|
|
systemctl reload apache2
|
|
netstat -tlpn
|
|
|
|
#-------------------#
|
|
# MYSQL #
|
|
#-------------------#
|
|
|
|
apt install mysql-server-5.7 -y
|
|
mysql_secure_installation
|
|
mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
|
|
mysql -u root -p"$passwd" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$passwd"';"
|
|
mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;"
|
|
mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
|
|
apt install libapache2-mod-php php-fpm php-mysql php-cgi php-common php-pear php-mbstring php-curl php-gd php-intl php-soap php-xml php-xmlrpc php-zip -y
|
|
|
|
#-------------------#
|
|
# MOD_FASTCGI #
|
|
#-------------------#
|
|
|
|
a2dismod php7.2
|
|
a2enmod actions
|
|
mv /etc/apache2/mods-enabled/fastcgi.conf /etc/apache2/mods-enabled/fastcgi.conf.default
|
|
cat <<EOF > /etc/apache2/mods-enabled/fastcgi.conf
|
|
<IfModule mod_fastcgi.c>
|
|
AddHandler fastcgi-script .fcgi
|
|
FastCgiIpcDir /var/lib/apache2/fastcgi
|
|
AddType application/x-httpd-fastphp .php
|
|
Action application/x-httpd-fastphp /php-fcgi
|
|
Alias /php-fcgi /usr/lib/cgi-bin/php-fcgi
|
|
FastCgiExternalServer /usr/lib/cgi-bin/php-fcgi -socket /run/php/php7.2-fpm.sock -pass-header Authorization
|
|
<Directory /usr/lib/cgi-bin>
|
|
Require all granted
|
|
</Directory>
|
|
</IfModule>
|
|
EOF
|
|
apachectl -t
|
|
systemctl reload apache2
|
|
|
|
#-------------------#
|
|
# VHOST APACHE #
|
|
#-------------------#
|
|
|
|
mkdir -v /var/www/$domain
|
|
echo "<?php phpinfo(); ?>" | tee /var/www/$domain/info.php
|
|
cat <<EOF > /etc/apache2/sites-available/$domain.conf
|
|
<VirtualHost *:8080>
|
|
ServerName $domain
|
|
ServerAlias www.$domain
|
|
DocumentRoot /var/www/$domain
|
|
<Directory /var/www/$domain>
|
|
AllowOverride All
|
|
</Directory>
|
|
</VirtualHost>
|
|
EOF
|
|
a2ensite $domain
|
|
systemctl reload apache2
|
|
|
|
#-------------------#
|
|
# VHOST NGINX #
|
|
#-------------------#
|
|
|
|
apt install nginx -y
|
|
rm /etc/nginx/sites-enabled/default
|
|
#mkdir -v /usr/share/nginx/$domain2
|
|
#echo "<?php phpinfo(); ?>" | tee /usr/share/nginx/$domain2/info.php
|
|
#cat <<EOF > /etc/nginx/sites-available/$domain2.conf
|
|
#server {
|
|
# listen 80 default_server;
|
|
#
|
|
# root /usr/share/nginx/$domain2;
|
|
# index index.php index.html index.htm;
|
|
#
|
|
# server_name $domain www.$domain2;
|
|
# location / {
|
|
# try_files \$uri \$uri/ /index.php;
|
|
# }
|
|
#
|
|
# location ~ \.php\$ {
|
|
# fastcgi_pass unix:/run/php/php7.2-fpm.sock;
|
|
# include snippets/fastcgi-php.conf;
|
|
# }
|
|
#}
|
|
#EOF
|
|
#ln -s /etc/nginx/sites-available/$domain2 /etc/nginx/sites-enabled/$domain2
|
|
nginx -t
|
|
|
|
#-------------------#
|
|
# RESERVE PROXY #
|
|
#-------------------#
|
|
|
|
cat <<EOF > /etc/nginx/sites-available/apache
|
|
server {
|
|
listen 80;
|
|
server_name $domain;
|
|
root /var/www/$domain;
|
|
index index.php index.htm index.html;
|
|
|
|
location / {
|
|
try_files \$uri \$uri/ /index.php;
|
|
}
|
|
|
|
location /.php\$ {
|
|
proxy_pass http://$server_ip:8080;
|
|
proxy_set_header Host \$host;
|
|
proxy_set_header X-Real-IP \$remote_addr;
|
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto \$scheme;
|
|
}
|
|
|
|
location ~ /\.ht {
|
|
deny all;
|
|
}
|
|
|
|
listen 443 ssl;
|
|
ssl_certificate /etc/letsencrypt/live/$domain/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/$domain/privkey.pem;
|
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
|
}
|
|
EOF
|
|
ln -s /etc/nginx/sites-available/apache /etc/nginx/sites-enabled/apache
|
|
nginx -t
|
|
systemctl reload nginx
|
|
|
|
#-------------------#
|
|
# MOD_RPAF #
|
|
#-------------------#
|
|
|
|
apt install unzip build-essential apache2-dev -y
|
|
wget https://github.com/gnif/mod_rpaf/archive/stable.zip
|
|
unzip stable.zip
|
|
cd mod_rpaf-stable
|
|
make
|
|
make install
|
|
cat <<EOF > /etc/apache2/mods-available/rpaf.load
|
|
LoadModule rpaf_module /usr/lib/apache2/modules/mod_rpaf.so
|
|
EOF
|
|
cat <<EOF > /etc/apache2/mods-available/rpaf.conf
|
|
<IfModule mod_rpaf.c>
|
|
RPAF_Enable On
|
|
RPAF_Header X-Real-Ip
|
|
RPAF_ProxyIPs $server_ip
|
|
RPAF_SetHostName On
|
|
RPAF_SetHTTPS On
|
|
RPAF_SetPort On
|
|
</IfModule>
|
|
EOF
|
|
a2enmod rpaf
|
|
apachectl -t
|
|
systemctl reload apache2
|
|
|
|
#-------------------#
|
|
# CERTBOT #
|
|
#-------------------#
|
|
|
|
add-apt-repository ppa:certbot/certbot
|
|
apt update
|
|
apt install python-certbot-nginx -y
|
|
#certbot --nginx -d $domain -d www.$domain
|
|
|
|
#-------------------#
|
|
# PHPMYADMIN #
|
|
#-------------------#
|
|
|
|
apt-get install phpmyadmin -y
|
|
ln -s /usr/share/phpmyadmin /var/www/"$domain"/public_html
|
|
systemctl restart php7.2-fpm
|
|
# Redirect phpmyadmin -> database
|
|
mv /var/www/"$domain"/public_html/phpmyadmin /var/www/"$domain"/public_html/database
|
|
a2disconf phpmyadmin.conf
|
|
systemctl restart apache2
|
|
|
|
#-------------------#
|
|
# POSTFIX #
|
|
#-------------------#
|
|
|
|
apt install mailutils -y
|
|
sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf
|
|
sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf
|
|
sed -i 's/relayhost =/mydestination = '$domain', localhost.'$domain', '$domain'/g' /etc/postfix/main.cf
|
|
systemctl restart postfix
|
|
cat <<EOF > /etc/aliases
|
|
# See man 5 aliases for format
|
|
postmaster: root
|
|
root: $email
|
|
EOF
|
|
newaliases
|
|
|
|
#-------------------#
|
|
# NETDATA #
|
|
#-------------------#
|
|
|
|
if [ $netdata = 1 ]
|
|
then
|
|
bash <(curl -Ss https://my-netdata.io/kickstart.sh)
|
|
ufw allow 19999/tcp
|
|
# systemctl stop netdata
|
|
# systemctl disable netdata
|
|
fi
|
|
|
|
#-------------------#
|
|
# MEMCACHED #
|
|
# 127.0.0.1:11211 #
|
|
#-------------------#
|
|
|
|
if [ $memcached = 1 ]
|
|
then
|
|
apt-get install memcached -y
|
|
systemctl restart memcached
|
|
# systemctl stop memcached
|
|
# systemctl disable memcached
|
|
fi
|
|
|
|
#-------------------#
|
|
# REDIS #
|
|
# 127.0.0.1:6379 #
|
|
#-------------------#
|
|
|
|
if [ $redis = 1 ]
|
|
then
|
|
apt install redis-server -y
|
|
sed -i 's/supervised no/supervised systemd/g' /etc/redis/redis.conf
|
|
sed -i 's/# bind 127.0.0.1 ::1/bind 127.0.0.1 ::1/g' /etc/redis/redis.conf
|
|
sed -i 's/# requirepass foobared/requirepass '$passwd'/g' /etc/redis/redis.conf
|
|
systemctl restart redis
|
|
systemctl restart redis.service
|
|
# systemctl stop redis
|
|
# systemctl stop redis.service
|
|
# systemctl disable redis
|
|
# systemctl disable redis.service
|
|
fi
|
|
|
|
#-------------------#
|
|
# PHP.ini #
|
|
#-------------------#
|
|
|
|
sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' /etc/php/7.2/fpm/php.ini
|
|
sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/7.2/fpm/php.ini
|
|
sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/7.2/fpm/php.ini
|
|
sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=50000/g' /etc/php/7.2/fpm/php.ini
|
|
sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/7.2/fpm/php.ini
|
|
sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/7.2/fpm/php.ini
|
|
sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/7.2/fpm/php.ini
|
|
systemctl restart php7.2-fpm.service
|
|
|
|
#-------------------#
|
|
# WP - INSTALL #
|
|
#-------------------#
|
|
|
|
if [ $wordpress = 1 ]
|
|
then
|
|
db_name="wp_1"
|
|
db_user="wp_1"
|
|
db_pass=$(date +%s|sha256sum|base64|head -c 32)
|
|
mysql -u root -p"$passwd" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
|
|
mysql -u root -p"$passwd" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';"
|
|
mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;"
|
|
wget https://wordpress.org/latest.tar.gz -O /tmp/wp.tar.gz
|
|
tar xzvf /tmp/wp.tar.gz -C /tmp
|
|
mv /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php
|
|
cp -a /tmp/wordpress/. /var/www/"$domain"/public_html
|
|
chown -R www-data:www-data /var/www/"$domain"/public_html
|
|
WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -)
|
|
cat <<EOF > /var/www/"$domain"/public_html/wp-config.php
|
|
<?php
|
|
define('DB_NAME', '$db_name');
|
|
define('DB_USER', '$db_user');
|
|
define('DB_PASSWORD', '$db_pass');
|
|
define('DB_HOST', 'localhost');
|
|
define('DB_CHARSET', 'utf8');
|
|
define('DB_COLLATE', '');
|
|
#define( 'WP_SITEURL', '' );
|
|
#define( 'WP_HOME', '' );
|
|
#define( 'ALTERNATE_WP_CRON', true );
|
|
#define('DISABLE_WP_CRON', 'true');
|
|
#define('WP_CRON_LOCK_TIMEOUT', 900);
|
|
#define('AUTOSAVE_INTERVAL', 300);
|
|
define( 'WP_MEMORY_LIMIT', '256M' );
|
|
define( 'DISALLOW_FILE_EDIT', true );
|
|
#define( 'EMPTY_TRASH_DAYS', 7 );
|
|
define( 'NOBLOGREDIRECT', 'https://$domain' );
|
|
#define( 'FS_CHMOD_DIR', ( 0755 & ~ umask() ) );
|
|
#define( 'FS_CHMOD_FILE', ( 0644 & ~ umask() ) );
|
|
#define( 'WP_ALLOW_REPAIR', true );
|
|
#define( 'FORCE_SSL_ADMIN', true );
|
|
#define( 'AUTOMATIC_UPDATER_DISABLED', true );
|
|
#define( 'WP_AUTO_UPDATE_CORE', false );
|
|
$WPSalts
|
|
\$table_prefix = '$db_name';
|
|
|
|
define('WP_DEBUG', false);
|
|
if ( !defined('ABSPATH') )
|
|
define('ABSPATH', dirname(__FILE__) . '/');
|
|
|
|
#\$memcached_servers = array(
|
|
# 'default' => array(
|
|
# '127.0.0.1:11211'
|
|
# )
|
|
#);
|
|
#define('WP_REDIS_HOST', '127.0.0.1');
|
|
#define('WP_REDIS_PASSWORD', '$passwd');
|
|
#define('WP_REDIS_PORT', '6379');
|
|
require_once(ABSPATH . 'wp-settings.php');
|
|
EOF
|
|
fi
|
|
|
|
#-------------------#
|
|
# OPCACHE GUI #
|
|
#-------------------#
|
|
|
|
wget https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php -O /var/www/"$domain"/public_html/opcache.php
|
|
|
|
#----------------#
|
|
# PHP.info #
|
|
#----------------#
|
|
|
|
cat > /var/www/"$domain"/public_html/info.php <<- "EOF"
|
|
<?php
|
|
phpinfo();
|
|
?>
|
|
EOF |