301 lines
11 KiB
Bash
301 lines
11 KiB
Bash
###============================================================
|
|
## Ubuntu 18.04 LEMP Stack Installer
|
|
###============================================================
|
|
## Zet comments hieronder:
|
|
#
|
|
#
|
|
#
|
|
##=============================================================
|
|
|
|
##----------------##
|
|
# Pre-Config #
|
|
##----------------##
|
|
|
|
# Setup domain folder
|
|
mkdir -p /var/www/"$domain"/html
|
|
chmod -R 755 /var/www
|
|
|
|
##-----------##
|
|
# NGINX #
|
|
##-----------##
|
|
|
|
|
|
if [ $brotlinginx = 1 ]; then
|
|
# Getting and installing nginx from local source
|
|
wget https://git.ictmaatwerk.com/deb/nginx-brotli/nginx_latest~bionic_amd64.deb
|
|
wget https://git.ictmaatwerk.com/deb/nginx-brotli/nginx-dbg_latest~bionic_amd64.deb
|
|
dpkg -i nginx_latest~bionic_amd64.deb
|
|
dpkg -i nginx-dbg_latest~bionic_amd64.deb
|
|
|
|
# Creating extra files and directories
|
|
wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nginx/nginx-brotli.conf -O /etc/nginx/nginx.conf
|
|
mkdir /etc/nginx/sites-available /etc/nginx/sites-enabled /etc/nginx/snippets /etc/nginx/modules-available /etc/nginx/modules-enabled /etc/nginx/snippets/
|
|
wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nginx/fastcgi/fastcgi.conf -O /etc/nginx/fastcgi.conf
|
|
wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nginx/fastcgi/fastcgi-php.conf -O /etc/nginx/snippets/fastcgi-php.conf
|
|
|
|
#installing precompresion tools
|
|
apt install -y brotli git golang-go gzip
|
|
go get github.com/tdewolff/minify/cmd/minify
|
|
cp ~/go/bin/minify /bin/minify
|
|
rm -rf ~/go
|
|
wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/Minify/minify_and_precompression.sh -O ~/minify_and_precompression.sh
|
|
else
|
|
#installing nginx from apt
|
|
apt install -y nginx
|
|
wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nginx/nginx-default.conf -O /etc/nginx/nginx.conf
|
|
fi
|
|
if [ $datauser= = 1 ]; then
|
|
source /root/data-user_setup.sh
|
|
|
|
fi
|
|
mkdir -p /etc/nginx
|
|
|
|
wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nginx/wprocket-nginx.conf -O /etc/nginx/wprocket-nginx.conf
|
|
|
|
cat <<EOF > /etc/nginx/sites-available/"$domain"
|
|
#fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=MYAPP:100m max_size=10g inactive=1440m;
|
|
|
|
upstream netdata {
|
|
server 127.0.0.1:19999;
|
|
keepalive 64;
|
|
}
|
|
|
|
server {
|
|
listen 80;
|
|
server_name www.$domain;
|
|
return 301 http://$domain\$request_uri;
|
|
}
|
|
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
root /var/www/$domain/html;
|
|
index index.php index.html index.htm index.nginx-debian.html;
|
|
server_name $domain;
|
|
#return 301 \$scheme:/\$domain\$request_uri; Redirect to non-www
|
|
#return 301 https://domein.nl$request_uri; Redirect to other domain
|
|
|
|
#add_header X-Cache "\$upstream_cache_status";
|
|
|
|
#netdata here
|
|
|
|
gzip on;
|
|
gzip_proxied any;
|
|
gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript image/svg image/svg+xml application/xml image/x-icon;
|
|
gzip_comp_level 2;
|
|
gzip_disable "msie6";
|
|
gzip_buffers 16 8k;
|
|
|
|
|
|
location / {
|
|
#try_files \$uri \$uri/ =404;
|
|
try_files \$uri \$uri/ /index.php\$is_args\$args;
|
|
#try_files \$uri \$uri/ \$uri.html \$uri.php\$is_args\$query_string;
|
|
}
|
|
|
|
location = /favicon.ico { log_not_found off; access_log off; }
|
|
location = /robots.txt { log_not_found off; access_log off; allow all; }
|
|
location ~* \.(css|gif|ico|jpeg|jpg|js|png|svg|webp|eot|otf|woff|woff2|ttf|ogg)\$ {
|
|
expires max;
|
|
log_not_found off;
|
|
add_header Cache-Control "public, no-transform";
|
|
}
|
|
|
|
location ~ \.php\$ {
|
|
include snippets/fastcgi-php.conf;
|
|
fastcgi_pass unix:/var/run/php/php$phpver-fpm.sock;
|
|
#fastcgi_cache MYAPP;
|
|
#fastcgi_cache_valid 200 302 301 1m;
|
|
#fastcgi_cache_valid 404 1m;
|
|
#fastcgi_cache_bypass \$no_cache;
|
|
#fastcgi_no_cache \$no_cache;
|
|
#fastcgi_cache_revalidate on;
|
|
#fastcgi_cache_background_update on;
|
|
#fastcgi_cache_lock on;
|
|
#fastcgi_cache_use_stale updating;
|
|
#fastcgi_buffer_size 128k;
|
|
#fastcgi_buffers 256 16k;
|
|
#fastcgi_busy_buffers_size 256k;
|
|
#fastcgi_temp_file_write_size 256k;
|
|
}
|
|
|
|
location ~ /\.ht {
|
|
deny all;
|
|
}
|
|
|
|
location /phpmyadmin {
|
|
index index.php;
|
|
}
|
|
|
|
#Cache everything by default
|
|
set \$no_cache 0;
|
|
|
|
#Don't cache POST requests
|
|
if (\$request_method = POST) {
|
|
set \$no_cache 1;
|
|
}
|
|
|
|
#Don't cache if the URL contains a query string
|
|
if (\$query_string != "") {
|
|
set \$no_cache 1;
|
|
}
|
|
|
|
#Don't cache the following URLs
|
|
if (\$request_uri ~* "/(administrator/|login.php)") {
|
|
set \$no_cache 1;
|
|
}
|
|
|
|
#Don't cache if there is a cookie called PHPSESSID
|
|
if (\$http_cookie = "PHPSESSID") {
|
|
set \$no_cache 1;
|
|
}
|
|
# Increase bodysize for WP Rocket
|
|
client_max_body_size 256M;
|
|
## Rocket-Nginx configuration
|
|
#include wprocket-nginx.conf;
|
|
#Yoast SEO Sitemaps
|
|
location ~ ([^/]*)sitemap(.*).x(m|s)l$ {
|
|
## this rewrites sitemap.xml to /sitemap_index.xml
|
|
rewrite ^/sitemap.xml$ /sitemap_index.xml permanent;
|
|
## this makes the XML sitemaps work
|
|
rewrite ^/([a-z]+)?-?sitemap.xsl$ /index.php?xsl=$1 last;
|
|
rewrite ^/sitemap_index.xml$ /index.php?sitemap=1 last;
|
|
rewrite ^/([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
|
|
|
|
}
|
|
|
|
}
|
|
EOF
|
|
|
|
ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/
|
|
|
|
##---------##
|
|
# PHP #
|
|
##---------##
|
|
|
|
apt install -y php${phpver}-fpm php${phpver}-imagick php${phpver}-mysql php${phpver}-cgi php${phpver}-common php-pear php${phpver}-mbstring php${phpver}-curl php${phpver}-gd php${phpver}-intl php${phpver}-soap php${phpver}-xml php${phpver}-xmlrpc php${phpver}-zip
|
|
|
|
sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/"$phpver"/fpm/php.ini
|
|
sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' /etc/php/"$phpver"/fpm/php.ini
|
|
sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/"$phpver"/fpm/php.ini
|
|
sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/"$phpver"/fpm/php.ini
|
|
sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=50000/g' /etc/php/"$phpver"/fpm/php.ini
|
|
sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/"$phpver"/fpm/php.ini
|
|
sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/"$phpver"/fpm/php.ini
|
|
sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/"$phpver"/fpm/php.ini
|
|
sed -i 's/upload_max_filesize = 2/upload_max_filesize = 128/g' /etc/php/"$phpver"/fpm/php.ini
|
|
sed -i 's/post_max_size = 8/post_max_size = 64/g' /etc/php/"$phpver"/fpm/php.ini
|
|
wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nginx/www.confg -O /etc/php/"$phpver"/fpm/pool.d/www.conf
|
|
sed -i 's/'rtag'/'"${phpver}"'/g' /etc/php/"$phpver"/fpm/pool.d/www.conf
|
|
|
|
##-------------##
|
|
# Postfix #
|
|
##-------------##
|
|
|
|
debconf-set-selections <<< "postfix postfix/mailname string $hostname"
|
|
debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"
|
|
apt install -y mailutils
|
|
sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf
|
|
sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf
|
|
sed -i 's/relayhost =/mydestination = '$hostname', localhost.'$hostname', '$hostname'/g' /etc/postfix/main.cf
|
|
cat <<EOF > /etc/aliases
|
|
# See man 5 aliases for format
|
|
postmaster: root
|
|
root: $email
|
|
EOF
|
|
newaliases
|
|
|
|
##-------------##
|
|
# Netdata #
|
|
##-------------##
|
|
|
|
apt install -y netdata
|
|
sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/g' /etc/netdata/health_alarm_notify.conf
|
|
ufw allow 19999/tcp
|
|
sed -i 's+#netdata here+location = /netdata {\n return 301 /netdata/;\n }\n\n location ~ /netdata/(?<ndpath>.*) {\n proxy_redirect off;\n proxy_set_header Host \$host;\n proxy_set_header X-Forwarded-Host \$host;\n proxy_set_header X-Forwarded-Server \$host;\n proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;\n proxy_http_version 1.1;\n proxy_pass_request_headers on;\n proxy_set_header Connection "keep-alive";\n proxy_store off;\n proxy_pass http://netdata/\$ndpath\$is_args\$args;\n }+g' /etc/nginx/sites-available/"$domain"
|
|
systemctl stop netdata
|
|
systemctl disable netdata
|
|
|
|
##---------------##
|
|
# Memcached #
|
|
##---------------##
|
|
|
|
if [ $memcached = 1 ]; then
|
|
apt install -y
|
|
# systemctl stop memcached
|
|
# systemctl disable memcached
|
|
fi
|
|
|
|
##-----------##
|
|
# Redis #
|
|
##-----------##
|
|
|
|
if [ $redis = 1 ]; then
|
|
apt install -y redis-server
|
|
sed -i 's/supervised no/supervised systemd/g' /etc/redis/redis.conf
|
|
sed -i 's/# bind 127.0.0.1 ::1/bind 127.0.0.1 ::1/g' /etc/redis/redis.conf
|
|
sed -i 's/# requirepass foobared/# requirepass '$password'/g' /etc/redis/redis.conf
|
|
git clone https://github.com/phpredis/phpredis.git /opt/phpredis
|
|
apt install -y php${phpver}-dev
|
|
#sed -i "\$a0 3 * * 1 root git clone https://github.com/phpredis/phpredis.git /opt/phpredis >/dev/null 2>&1" /etc/crontab
|
|
# systemctl stop redis
|
|
# systemctl disable redis
|
|
fi
|
|
|
|
##---------------##
|
|
# Nextcloud #
|
|
##---------------##
|
|
|
|
if [ $nextcloud = 1 ]; then
|
|
wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nextcloud/nextcloud-config.sh -O nextcloud-config.sh
|
|
source nextcloud-config.sh
|
|
fi
|
|
|
|
|
|
##-------------##
|
|
# Certbot #
|
|
##-------------##
|
|
|
|
apt install -y python-certbot-nginx
|
|
if [ $domainwww = 1 ]; then
|
|
certbot --nginx -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
|
|
echo "certbot --nginx -n -d $domain -d www.$domain -m $email --hsts --redirect --no-eff-email --agree-tos" > ~/certbotactivate.sh
|
|
|
|
elif [ $domainwww = 0 ]; then
|
|
certbot --nginx -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
|
|
echo "certbot --nginx -n -d $domain -m $email --hsts --redirect --no-eff-email --agree-tos" > ~/certbotactivate.sh
|
|
fi
|
|
sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
|
|
sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"
|
|
sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"
|
|
|
|
|
|
##-----------------##
|
|
# Opcache GUI #
|
|
##-----------------##
|
|
|
|
wget https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php -O /var/www/"$domain"/html/opcache.php
|
|
|
|
##--------------##
|
|
# Info.php #
|
|
##--------------##
|
|
|
|
cat > /var/www/"$domain"/html/info.php <<- "EOF"
|
|
<?php
|
|
phpinfo();
|
|
EOF
|
|
|
|
##-----------------------##
|
|
# Html Folder Perms #
|
|
##-----------------------##
|
|
|
|
chown -R www-data:www-data /var/www/"$domain"/html
|
|
|
|
##------------------------##
|
|
# Default NGINX page #
|
|
##------------------------##
|
|
|
|
rm -rf /var/www/html/*
|
|
echo "<html><head></head><body>Nginx is functioning normally</body></html>" > /var/www/html/index.html
|
|
chown www-data:www-data /var/www/html/index.html
|