VPS-scripts_Ubuntu-Web-V1/resources/Reverse_proxy_v1.0.sh

#==============================================================================
#   UBUNTU 18.04 BASH SCRIPT
#   https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-as-a-web-server-and-reverse-proxy-for-apache-on-one-ubuntu-18-04-server
#==============================================================================    
#   apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y
#   do-release-upgrade -d
#
#==============================================================================
echo domein zonder www:
read domain
echo server ip:
read server_ip
echo standaard wachtwoord:
read passwd
echo administrator email:
read email
apt-get update
apt-get upgrade -y
apt-get dist-upgrade -y
apt-get clean
apt-get autoremove -y
hostnamectl set-hostname $domain
sed -i 's/;preserve_hostname: false/preserve_hostname: true/g' /etc/cloud/cloud.cfg
timedatectl set-timezone Europe/Amsterdam
ufw allow OpenSSH
ufw allow 443/tcp
ufw allow 80/tcp
ufw limit ssh
echo "y" | sudo ufw enable
sed -i 's/#/vm.swappiness=10/g' /etc/sysctl.conf
sed -i 's/#/vm.vfs_cache_pressure=50/g' /etc/sysctl.conf
# Block direct apache acces
ufw deny 8080/tcp
ufw allow from $server_ip to any port 8080
#-------------------#
#  APACHE + PHP-FPM #
#-------------------#
apt install apache2 php-fpm -y
wget https://mirrors.edge.kernel.org/ubuntu/pool/multiverse/liba/libapache-mod-fastcgi/libapache2-mod-fastcgi_2.4.7~0910052141-1.2_amd64.deb
dpkg -i libapache2-mod-fastcgi_2.4.7~0910052141-1.2_amd64.deb
mv /etc/apache2/ports.conf /etc/apache2/ports.conf.default
echo "Listen 8080" | sudo tee /etc/apache2/ports.conf
a2dissite 000-default
cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/001-default.conf
sed -i 's/:80/:8080/g' /etc/apache2/sites-available/001-default.conf
a2ensite 001-default
systemctl reload apache2
netstat -tlpn
#-------------------#
#       MYSQL       #
#-------------------#
apt install mysql-server-5.7 -y
mysql_secure_installation
mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
mysql -u root -p"$passwd" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$passwd"';"
mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;"
mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
apt install libapache2-mod-php php-fpm php-mysql php-cgi php-common php-pear php-mbstring php-curl php-gd php-intl php-soap php-xml php-xmlrpc php-zip -y
#-------------------#
#    MOD_FASTCGI    #
#-------------------#
sudo a2dismod php7.2
a2enmod actions
mv /etc/apache2/mods-enabled/fastcgi.conf /etc/apache2/mods-enabled/fastcgi.conf.default
cat <<EOF > /etc/apache2/mods-enabled/fastcgi.conf
<IfModule mod_fastcgi.c>
  AddHandler fastcgi-script .fcgi
  FastCgiIpcDir /var/lib/apache2/fastcgi
  AddType application/x-httpd-fastphp .php
  Action application/x-httpd-fastphp /php-fcgi
  Alias /php-fcgi /usr/lib/cgi-bin/php-fcgi
  FastCgiExternalServer /usr/lib/cgi-bin/php-fcgi -socket /run/php/php7.2-fpm.sock -pass-header Authorization
  <Directory /usr/lib/cgi-bin>
    Require all granted
  </Directory>
</IfModule>
EOF
apachectl -t
systemctl reload apache2
#-------------------#
#   VHOST APACHE    #
#-------------------#
mkdir -v /var/www/$domain
echo "<?php phpinfo(); ?>" | sudo tee /var/www/$domain/info.php
cat <<EOF > /etc/apache2/sites-available/$domain.conf
<VirtualHost *:8080>
        ServerName $domain
        ServerAlias www.$domain
        DocumentRoot /var/www/$domain
        <Directory /var/www/$domain>
            AllowOverride All
        </Directory>
    </VirtualHost>
EOF
a2ensite $domain
systemctl reload apache2
#-------------------#
#    VHOST NGINX    # vps559198.veerweg4.nl
#-------------------#
apt install nginx -y
rm /etc/nginx/sites-enabled/default
#mkdir -v /usr/share/nginx/$domain2
#echo "<?php phpinfo(); ?>" | sudo tee /usr/share/nginx/$domain2/info.php
#cat <<EOF > /etc/nginx/sites-available/$domain2.conf
#server {
#    listen 80 default_server;
#
#    root /usr/share/nginx/$domain2;
#    index index.php index.html index.htm;
#
#    server_name $domain www.$domain2;
#    location / {
#        try_files \$uri \$uri/ /index.php;
#    }
#
#    location ~ \.php\$ {
#        fastcgi_pass unix:/run/php/php7.2-fpm.sock;
#        include snippets/fastcgi-php.conf;
#    }
#}
#EOF
#ln -s /etc/nginx/sites-available/$domain2 /etc/nginx/sites-enabled/$domain2
nginx -t
#-------------------#
#   RESERVE PROXY   # 
#-------------------#
cat <<EOF > /etc/nginx/sites-available/apache
server {
    listen 80;
    server_name $domain;
    root /var/www/$domain;
    index index.php index.htm index.html;
    
    location / {
        try_files \$uri \$uri/ /index.php;
    }

    location /.php\$ {
        proxy_pass http://$server_ip:8080;
        proxy_set_header Host \$host;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto \$scheme;
    }
    
    location ~ /\.ht {
        deny all;
    }
    
    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/$domain/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/$domain/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
EOF
ln -s /etc/nginx/sites-available/apache /etc/nginx/sites-enabled/apache
nginx -t
systemctl reload nginx
#-------------------#
#     MOD_RPAF      #
#-------------------#
apt install unzip build-essential apache2-dev -y
wget https://github.com/gnif/mod_rpaf/archive/stable.zip
unzip stable.zip
cd mod_rpaf-stable
make
make install
cat <<EOF > /etc/apache2/mods-available/rpaf.load
LoadModule rpaf_module /usr/lib/apache2/modules/mod_rpaf.so
EOF
cat <<EOF > /etc/apache2/mods-available/rpaf.conf
    <IfModule mod_rpaf.c>
        RPAF_Enable             On
        RPAF_Header             X-Real-Ip
        RPAF_ProxyIPs           $server_ip 
        RPAF_SetHostName        On
        RPAF_SetHTTPS           On
        RPAF_SetPort            On
    </IfModule>
EOF
a2enmod rpaf
apachectl -t
systemctl reload apache2
#-------------------#
#      CERTBOT      #
#-------------------#
add-apt-repository ppa:certbot/certbot
apt update
apt install python-certbot-nginx -y
certbot --nginx -d $domain
#-------------------#
#     PHPMYADMIN    #
#-------------------#
apt-get install phpmyadmin -y
ln -s /usr/share/phpmyadmin /var/www/"$domain"/public_html
systemctl restart php7.2-fpm
# Redirect phpmyadmin -> database
cd /var/www/"$domain"/public_html/
ls -l
mv phpmyadmin database
#-------------------#
#      POSTFIX      #
#-------------------#
apt install mailutils -y
sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf
sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf
sed -i 's/relayhost =/mydestination = '$domain', localhost.'$domain', '$domain'/g' /etc/postfix/main.cf
systemctl restart postfix
cat <<EOF > /etc/aliases
# See man 5 aliases for format
postmaster:    root
root:          $email
EOF
newaliases
#-------------------#
#      NETDATA      #
#-------------------#
bash <(curl -Ss https://my-netdata.io/kickstart.sh)
ufw allow 19999/tcp
# systemctl stop netdata
# systemctl disable netdata
#-------------------#
#     MEMCACHED     #
#  127.0.0.1:11211  #
#-------------------#
#apt-get install memcached -y
#systemctl restart memcached
# systemctl stop memcached
# systemctl disable memcached
#-------------------#
#       REDIS       #
#  127.0.0.1:6379   #
#-------------------#
#apt install redis-server -y
#sed -i 's/supervised no/supervised systemd/g' /etc/redis/redis.conf
#sed -i 's/# bind 127.0.0.1 ::1/bind 127.0.0.1 ::1/g' /etc/redis/redis.conf
#sed -i 's/# requirepass foobared/requirepass '$passwd'/g' /etc/redis/redis.conf
#systemctl restart redis
#systemctl restart redis.service
# systemctl stop redis
# systemctl stop redis.service
# systemctl disable redis
# systemctl disable redis.service
#-------------------#
#      PHP.ini      #
#-------------------#
sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=50000/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/7.2/fpm/php.ini
sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/7.2/fpm/php.ini
systemctl restart php7.2-fpm.service
#-------------------#
#   MYSQL SETTINGS  #
#-------------------#
cd /etc/mysql
rm /etc/mysql/my.cnf
cat > /etc/mysql/my.cnf <<- "EOF"
# - "/etc/mysql/my.cnf" to set global options,
[mysqld_safe]
socket		= /var/run/mysqld/mysqld.sock
nice		= 0

[mysqld]
user		= mysql
pid-file	= /var/run/mysqld/mysqld.pid
socket		= /var/run/mysqld/mysqld.sock
port		= 3306
basedir		= /usr
datadir		= /var/lib/mysql
tmpdir		= /tmp
lc-messages-dir	= /usr/share/mysql
skip-external-locking

innodb_buffer_pool_size = 1G # (adjust value here, 50%-70% of total RAM)
innodb_log_file_size = 256M
innodb_flush_log_at_trx_commit = 1 # may change to 2 or 0
innodb_flush_method = O_DIRECT
bind-address		= 127.0.0.1
key_buffer_size		= 16M
max_allowed_packet	= 16M
thread_stack		= 192K
thread_cache_size       = 8
myisam-recover-options  = BACKUP
#max_connections        = 100
#table_open_cache       = 64
#thread_concurrency     = 10
query_cache_limit	= 1M
query_cache_size        = 16M
log_error = /var/log/mysql/error.log
expire_logs_days	= 10
max_binlog_size   = 100M
EOF
#-------------------#
#    WP - INSTALL   #
#-------------------#
db_name="wp_1"
db_user="wp_1"
db_pass=$(date +%s|sha256sum|base64|head -c 32)
mysql -u root -p"$passwd" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
mysql -u root -p"$passwd" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';"
mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;"
cd /tmp
curl -LO https://wordpress.org/latest.tar.gz
tar xzvf latest.tar.gz
cp /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php
path="$domain"
cp -a /tmp/wordpress/. /var/www/"$path"/public_html
chown -R www-data:www-data /var/www/"$path"/public_html
WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -)
cat <<EOF > /var/www/"$domain"/public_html/wp-config.php
<?php
define('DB_NAME', '$db_name');
define('DB_USER', '$db_user');
define('DB_PASSWORD', '$db_pass');
define('DB_HOST', 'localhost');
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');
#define( 'WP_SITEURL', '' );
#define( 'WP_HOME', '' );
#define( 'ALTERNATE_WP_CRON', true );
#define('DISABLE_WP_CRON', 'true');
#define('WP_CRON_LOCK_TIMEOUT', 900);
#define('AUTOSAVE_INTERVAL', 300);
define( 'WP_MEMORY_LIMIT', '256M' );
define( 'DISALLOW_FILE_EDIT', true );
#define( 'EMPTY_TRASH_DAYS', 7 );
define( 'NOBLOGREDIRECT', 'https://$domain' );
#define( 'FS_CHMOD_DIR', ( 0755 & ~ umask() ) );
#define( 'FS_CHMOD_FILE', ( 0644 & ~ umask() ) );
#define( 'WP_ALLOW_REPAIR', true );
#define( 'FORCE_SSL_ADMIN', true );
#define( 'AUTOMATIC_UPDATER_DISABLED', true );
#define( 'WP_AUTO_UPDATE_CORE', false );
$WPSalts
\$table_prefix = '$db_name';

define('WP_DEBUG', false);
if ( !defined('ABSPATH') )
	define('ABSPATH', dirname(__FILE__) . '/');

#\$memcached_servers = array(
#    'default' => array(
#        '127.0.0.1:11211'
#    )
#);
#define('WP_REDIS_HOST', '127.0.0.1');
#define('WP_REDIS_PASSWORD', '$passwd');
#define('WP_REDIS_PORT', '6379');
require_once(ABSPATH . 'wp-settings.php');
EOF
#-------------------#
#    OPCACHE GUI    #
#-------------------#
cd /tmp
curl -LO https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php
cp /tmp/index.php /tmp/opcache.php
cp -a /tmp/opcache.php /var/www/"$domain"/public_html
cat > /var/www/"$domain"/public_html/info.php <<- "EOF"
<?php
phpinfo();
?>
EOF
#-------------------#
#    UPDATE CRON    #
#-------------------#
cd /etc/cron.d
touch updates
cat <<EOF > /etc/cron.d/updates
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# m h  dom mon dow   command
0 0 * * * apt-get update -y && apt-get upgrade -y &&apt-get dist-upgrade -y
EOF
#-------------------#
#    BACKUP CRON    #
#-------------------#
cd /home
touch backup.sh
cd /etc/cron.d
touch backup
cat <<EOF > /etc/cron.d/backup
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# m h  dom mon dow   command
0 1 * * * /bin/bash /home/backup.sh
EOF