224 lines
7.3 KiB
Bash
224 lines
7.3 KiB
Bash
###============================================================
|
|
## Ubuntu 18.04 NGINX Additional Domain Installer
|
|
###============================================================
|
|
## Zet comments hieronder:
|
|
#
|
|
#
|
|
#
|
|
##=============================================================
|
|
|
|
##-----------##
|
|
# NGINX #
|
|
##-----------##
|
|
|
|
cat <<EOF > /etc/nginx/sites-available/"$domain"
|
|
#fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=MYAPP:100m max_size=10g inactive=1440m;
|
|
|
|
server {
|
|
listen 80;
|
|
server_name www.$domain;
|
|
return 301 http://$domain\$request_uri;
|
|
}
|
|
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
root /var/www/$domain/html;
|
|
index index.php index.html index.htm index.nginx-debian.html;
|
|
server_name $domain;
|
|
#return 301 \$scheme:/\$domain\$request_uri; Redirect to non-www
|
|
#return 301 https://domein.nl$request_uri; Redirect to other domain
|
|
|
|
#add_header X-Cache "\$upstream_cache_status";
|
|
|
|
#netdata here
|
|
|
|
gzip on;
|
|
gzip_proxied any;
|
|
gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript image/svg image/svg+xml application/xml image/x-icon;
|
|
gzip_comp_level 2;
|
|
gzip_disable "msie6";
|
|
gzip_buffers 16 8k;
|
|
|
|
|
|
location / {
|
|
#try_files \$uri \$uri/ =404;
|
|
try_files \$uri \$uri/ /index.php\$is_args\$args;
|
|
#try_files \$uri \$uri/ \$uri.html \$uri.php\$is_args\$query_string;
|
|
}
|
|
|
|
location = /favicon.ico { log_not_found off; access_log off; }
|
|
location = /robots.txt { log_not_found off; access_log off; allow all; }
|
|
location ~* \.(css|gif|ico|jpeg|jpg|js|png|svg|webp|eot|otf|woff|woff2|ttf|ogg)\$ {
|
|
expires max;
|
|
log_not_found off;
|
|
add_header Cache-Control "public, no-transform";
|
|
}
|
|
|
|
location ~ \.php\$ {
|
|
include snippets/fastcgi-php.conf;
|
|
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
|
|
#fastcgi_cache MYAPP;
|
|
#fastcgi_cache_valid 200 302 301 1m;
|
|
#fastcgi_cache_valid 404 1m;
|
|
#fastcgi_cache_bypass \$no_cache;
|
|
#fastcgi_no_cache \$no_cache;
|
|
#fastcgi_cache_revalidate on;
|
|
#fastcgi_cache_background_update on;
|
|
#fastcgi_cache_lock on;
|
|
#fastcgi_cache_use_stale updating;
|
|
#fastcgi_buffer_size 128k;
|
|
#fastcgi_buffers 256 16k;
|
|
#fastcgi_busy_buffers_size 256k;
|
|
#fastcgi_temp_file_write_size 256k;
|
|
}
|
|
|
|
location ~ /\.ht {
|
|
deny all;
|
|
}
|
|
|
|
location /phpmyadmin {
|
|
index index.php;
|
|
}
|
|
|
|
#Cache everything by default
|
|
set \$no_cache 0;
|
|
|
|
#Don't cache POST requests
|
|
if (\$request_method = POST) {
|
|
set \$no_cache 1;
|
|
}
|
|
|
|
#Don't cache if the URL contains a query string
|
|
if (\$query_string != "") {
|
|
set \$no_cache 1;
|
|
}
|
|
|
|
#Don't cache the following URLs
|
|
if (\$request_uri ~* "/(administrator/|login.php)") {
|
|
set \$no_cache 1;
|
|
}
|
|
|
|
#Don't cache if there is a cookie called PHPSESSID
|
|
if (\$http_cookie = "PHPSESSID") {
|
|
set \$no_cache 1;
|
|
}
|
|
}
|
|
EOF
|
|
ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/
|
|
|
|
##----------------##
|
|
# PHPMyAdmin #
|
|
##----------------##
|
|
|
|
# Redirect phpmyadmin -> database
|
|
ln -s /usr/share/phpmyadmin /var/www/"$domain"/html/database
|
|
|
|
##-------------##
|
|
# Netdata #
|
|
##-------------##
|
|
|
|
if [ $netdata = 1 ]
|
|
then
|
|
apt install -y netdata
|
|
sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/g' /etc/netdata/health_alarm_notify.conf
|
|
ufw allow 19999/tcp
|
|
sed -i 's+#netdata here+location = /netdata {\n return 301 /netdata/;\n }\n\n location ~ /netdata/(?<ndpath>.*) {\n proxy_redirect off;\n proxy_set_header Host \$host;\n proxy_set_header X-Forwarded-Host \$host;\n proxy_set_header X-Forwarded-Server \$host;\n proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;\n proxy_http_version 1.1;\n proxy_pass_request_headers on;\n proxy_set_header Connection "keep-alive";\n proxy_store off;\n proxy_pass http://netdata/\$ndpath\$is_args\$args;\n }+g' /etc/nginx/sites-available/"$domain"
|
|
# systemctl stop netdata
|
|
# systemctl disable netdata
|
|
fi
|
|
|
|
##-------------##
|
|
# Certbot #
|
|
##-------------##
|
|
|
|
if [ $domainwww = 1 ]; then
|
|
certbot --nginx -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
|
|
|
|
elif [ $domainwww = 0 ]; then
|
|
certbot --nginx -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
|
|
fi
|
|
sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
|
|
sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"
|
|
sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"
|
|
|
|
##---------------##
|
|
# Wordpress #
|
|
##---------------##
|
|
|
|
if [ $wordpress = 1 ]; then
|
|
db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1`
|
|
db_name="wp_$db_suffix"
|
|
db_user="wp_$db_suffix"
|
|
db_pass=$(date +%s|sha256sum|base64|head -c 32)
|
|
mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
|
|
mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';"
|
|
mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"
|
|
wget https://wordpress.org/latest.tar.gz -O /tmp/wp.tar.gz
|
|
tar xzvf /tmp/wp.tar.gz -C /tmp
|
|
mv /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php
|
|
cp -a /tmp/wordpress/. /var/www/"$domain"/html
|
|
WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -)
|
|
cat <<EOF > /var/www/"$domain"/html/wp-config.php
|
|
<?php
|
|
define('DB_NAME', '$db_name');
|
|
define('DB_USER', '$db_user');
|
|
define('DB_PASSWORD', '$db_pass');
|
|
define('DB_HOST', 'localhost');
|
|
define('DB_CHARSET', 'utf8');
|
|
define('DB_COLLATE', '');
|
|
#define( 'WP_SITEURL', '' );
|
|
#define( 'WP_HOME', '' );
|
|
#define( 'ALTERNATE_WP_CRON', true );
|
|
#define('DISABLE_WP_CRON', 'true');
|
|
#define('WP_CRON_LOCK_TIMEOUT', 900);
|
|
#define('AUTOSAVE_INTERVAL', 300);
|
|
define( 'WP_MEMORY_LIMIT', '256M' );
|
|
define( 'DISALLOW_FILE_EDIT', true );
|
|
#define( 'EMPTY_TRASH_DAYS', 7 );
|
|
define( 'NOBLOGREDIRECT', 'https://$domain' );
|
|
#define( 'FS_CHMOD_DIR', ( 0755 & ~ umask() ) );
|
|
#define( 'FS_CHMOD_FILE', ( 0644 & ~ umask() ) );
|
|
#define( 'WP_ALLOW_REPAIR', true );
|
|
#define( 'FORCE_SSL_ADMIN', true );
|
|
#define( 'AUTOMATIC_UPDATER_DISABLED', true );
|
|
#define( 'WP_AUTO_UPDATE_CORE', false );
|
|
$WPSalts
|
|
\$table_prefix = '$db_name';
|
|
|
|
define('WP_DEBUG', false);
|
|
if ( !defined('ABSPATH') )
|
|
define('ABSPATH', dirname(__FILE__) . '/');
|
|
|
|
#\$memcached_servers = array(
|
|
# 'default' => array(
|
|
# '127.0.0.1:11211'
|
|
# )
|
|
#);
|
|
#define('WP_REDIS_HOST', '127.0.0.1');
|
|
#define('WP_REDIS_PASSWORD', '$password');
|
|
#define('WP_REDIS_PORT', '6379');
|
|
require_once(ABSPATH . 'wp-settings.php');
|
|
EOF
|
|
fi
|
|
|
|
##-----------------##
|
|
# Opcache GUI #
|
|
##-----------------##
|
|
|
|
wget https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php -O /var/www/"$domain"/html/opcache.php
|
|
|
|
##--------------##
|
|
# Info.php #
|
|
##--------------##
|
|
|
|
cat > /var/www/"$domain"/html/info.php <<- "EOF"
|
|
<?php
|
|
phpinfo();
|
|
EOF
|
|
|
|
##-----------------------##
|
|
# Html Folder Perms #
|
|
##-----------------------##
|
|
|
|
chown -R www-data:www-data /var/www/"$domain"/html |