Work_Archive/VPS-scripts_Web-V2
1
0
Fork 0
Code Issues 3 Pull Requests Packages Projects Releases 11 Wiki Activity

Merge 'Centos Testing' to 'master'

Browse Source
This commit was merged in pull request #8.
This commit is contained in:
Bram Prieshof
2020-12-10 14:39:15 +01:00
parent d7fcf5e55c a87850f6d0
commit 2501e3ff3d
59 changed files with 460 additions and 182 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
AppendCMS.sh
View File

@@ -4,9 +4,13 @@
if [ ! -f "/etc/ICTM/selopts.list" ] || [ ! -f "/etc/ICTM/mainvar.list" ] ; then echo 'This system is not yet setup, please run the main installer first' && exit ; fi if [ ! -f "/etc/ICTM/selopts.list" ] || [ ! -f "/etc/ICTM/mainvar.list" ] ; then echo 'This system is not yet setup, please run the main installer first' && exit ; fi
source /etc/ICTM/selopts.list source /etc/ICTM/selopts.list
source /etc/ICTM/mainvar.list source /etc/ICTM/mainvar.list
if [ $webserv != nginx_nonphp ]; then
if [ ! -f "/etc/ICTM/phpvar.list" ] ; then echo 'Php var list missing,Please run /Scipts/GeneratePhplist from the repo ' && exit ; fi
source /etc/ICTM/phpvar.list
fi
if [ -f "/etc/ICTM/apachevar.list" ] ; then source /etc/ICTM/apachevar.list; fi
rm /tmp/pkg.list > $OUTPUT 2>&1 rm /tmp/pkg.list > $OUTPUT 2>&1
source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/ModulesMenu.list) source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/ModulesMenu.list)
@@ -196,8 +200,8 @@ fi
# Installer # # Installer #
##-------------## ##-------------##
$PKGM update $PKGUC
sed -i 's/PHPver/'$phpver'/g' /tmp/pkg.list sed -i 's/PHPprefix/'$phpPkgName'/g' /tmp/pkg.list
cat /tmp/pkg.list | xargs $PKGI cat /tmp/pkg.list | xargs $PKGI
@@ -274,4 +278,4 @@ systemctl reload fail2ban
##-------## ##-------##
msg " Added CMS!" msg " Added CMS!"
for f in /etc/update-motd.d/51*; do bash $f; done if stat --printf='' /etc/update-motd.d/51* 2>/dev/null; then for f in /etc/update-motd.d/51*; do bash $f; done; fi

12
AppendModule.sh
View File

@@ -4,13 +4,17 @@
if [ ! -f "/etc/ICTM/selopts.list" ] || [ ! -f "/etc/ICTM/mainvar.list" ] ; then echo 'This system is not yet setup, please run the main installer first' && exit ; fi if [ ! -f "/etc/ICTM/selopts.list" ] || [ ! -f "/etc/ICTM/mainvar.list" ] ; then echo 'This system is not yet setup, please run the main installer first' && exit ; fi
##-----------------## ##-----------------##
# Fetching Vars # # Fetching Vars #
##-----------------## ##-----------------##
source /etc/ICTM/selopts.list source /etc/ICTM/selopts.list
source /etc/ICTM/mainvar.list source /etc/ICTM/mainvar.list
if [ $webserv != nginx_nonphp ]; then
if [ ! -f "/etc/ICTM/phpvar.list" ] ; then echo 'Php var list missing,Please run /Scipts/GeneratePhplist from the repo ' && exit ; fi
source /etc/ICTM/phpvar.list
fi
if [ -f "/etc/ICTM/apachevar.list" ] ; then source /etc/ICTM/apachevar.list; fi
rm /tmp/pkg.list rm /tmp/pkg.list
source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/ModulesMenu.list) source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/ModulesMenu.list)
@@ -227,8 +231,8 @@ done
# Installer # # Installer #
##-------------## ##-------------##
$PKGM update $PKGUC
sed -i 's/PHPver/'$phpver'/g' /tmp/pkg.list sed -i 's/PHPprefix/'$phpPkgName'/g' /tmp/pkg.list
cat /tmp/pkg.list | xargs $PKGI cat /tmp/pkg.list | xargs $PKGI
@@ -267,4 +271,4 @@ done
##-------## ##-------##
msg " Added Module!" msg " Added Module!"
for f in /etc/update-motd.d/51*; do bash $f; done if stat --printf='' /etc/update-motd.d/51* 2>/dev/null; then for f in /etc/update-motd.d/51*; do bash $f; done; fi

4
CMS/Backend/Fpm-Pool.conf-unconfigured
View File

@@ -12,8 +12,8 @@ php_admin_value[post_max_size] = 16M
php_admin_value[max_input_time] = 15 php_admin_value[max_input_time] = 15
php_admin_value[cgi.fix_pathinfo] = 0 php_admin_value[cgi.fix_pathinfo] = 0
php_admin_value[allow_url_fopen] = Off php_admin_value[allow_url_fopen] = Off
php_admin_value[file_uploads] = Off php_admin_value[file_uploads] = On
php_admin_value[open_basedir] = /var/log/PhpMyAdmin:/usr/share/phpmyadmin:/var/lib/phpmyadmin:/etc/phpmyadmin php_admin_value[open_basedir] = /var/log/PhpMyAdmin:/usr/share/phpmyadmin:/var/lib/phpmyadmin:/etc/phpmyadmin:/tmp
php_admin_value[session.use_strict_mode] = 1 php_admin_value[session.use_strict_mode] = 1
php_admin_value[session.cookie_httponly] = 1 php_admin_value[session.cookie_httponly] = 1
;HTTPSONLY php_admin_value[session.cookie_samesite] = Strict ;HTTPSONLY php_admin_value[session.cookie_samesite] = Strict

4
CMS/Backend/apache-conf.sh
View File

@@ -1,4 +1,4 @@
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/Backend/apache-siteBackend-unconfigured -o /tmp/apache-siteconf curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/Backend/apache-siteBackend-unconfigured -o /tmp/apache-siteconf
sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$hostname'/g' /tmp/apache-siteconf sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$hostname'/g' /tmp/apache-siteconf
sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' /etc/apache2/sites-available/Backend_"$siteBackend_ext".conf sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' "$apacheConfDir"/sites-available/Backend_"$siteBackend_ext".conf
systemctl reload apache2 systemctl reload $apacheService

6
CMS/Backend/conf.sh
View File

@@ -1,6 +1,6 @@
#Backend PHP Pool #Backend PHP Pool
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/Backend/Fpm-Pool.conf-unconfigured -o /etc/php/"$phpver"/fpm/pool.d/Backend.conf curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/Backend/Fpm-Pool.conf-unconfigured -o "$phpPoolDir"/Backend.conf
sed -i 's/PHPver/'$phpver'/' /etc/php/"$phpver"/fpm/pool.d/Backend.conf sed -i 's/PHPver/'$phpver'/' "$phpPoolDir"/Backend.conf
groupadd Backend groupadd Backend
useradd -g Backend Backend useradd -g Backend Backend
#PHPMyAdmin configuration #PHPMyAdmin configuration
@@ -8,7 +8,7 @@ touch /var/log/PhpMyAdmin/PhpMyAdmin_auth.log
chown Backend:Backend -R /usr/share/phpmyadmin chown Backend:Backend -R /usr/share/phpmyadmin
chown Backend:Backend -R /var/lib/phpmyadmin/tmp chown Backend:Backend -R /var/lib/phpmyadmin/tmp
chown Backend:Backend -R /var/log/PhpMyAdmin chown Backend:Backend -R /var/log/PhpMyAdmin
systemctl reload php"$phpver"-fpm systemctl reload "$phpFPMService"
#Auto disable backends at night #Auto disable backends at night
echo "0 0 * * * root bash /opt/toggle/toggle-Netdata.sh -d > >/dev/null 2>&1" >> /etc/cron.d/autodisablebackend echo "0 0 * * * root bash /opt/toggle/toggle-Netdata.sh -d > >/dev/null 2>&1" >> /etc/cron.d/autodisablebackend
echo "0 0 * * * root bash /opt/toggle/toggle-PhpMyAdmin.sh -d > >/dev/null 2>&1" >> /etc/cron.d/autodisablebackend echo "0 0 * * * root bash /opt/toggle/toggle-PhpMyAdmin.sh -d > >/dev/null 2>&1" >> /etc/cron.d/autodisablebackend

2
CMS/nextcloud/Fpm-Pool.conf-unconfigured
View File

@@ -4,7 +4,7 @@ group = SITEname
listen = /var/run/php/phpPHPver-fpm-SITEname.sock listen = /var/run/php/phpPHPver-fpm-SITEname.sock
listen.owner = www-data listen.owner = www-data
listen.group = www-data listen.group = www-data
php_admin_value[disable_functions] = exec,passthru,shell_exec,system php_admin_value[disable_functions] = exec,passthru,system
php_admin_value[error_log] = /var/log/php-fpm/error-SITEname.log php_admin_value[error_log] = /var/log/php-fpm/error-SITEname.log
; OPCACHE SETTINGS ; OPCACHE SETTINGS
php_admin_value[opcache.memory_consumption] = 256 php_admin_value[opcache.memory_consumption] = 256

8
CMS/nextcloud/apache-conf.sh
View File

@@ -1,11 +1,11 @@
#Apache #Apache
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/nextcloud/Apache-unconfigured -o /tmp/apache-siteconf curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/nextcloud/Apache-unconfigured -o /tmp/apache-siteconf
sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/apache-siteconf sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/apache-siteconf
sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' /etc/apache2/sites-available/"$sitename"_"$site_ext".conf sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' "$apacheConfDir"/sites-available/"$sitename"_"$site_ext".conf
chown "$sitename":"$sitename" -R /var/www/"$domain"/html chown "$sitename":"$sitename" -R /var/www/"$domain"/html
#PHP #PHP
sed -i -e '/cgi.fix_pathinfo/c\php_admin_value[cgi.fix_pathinfo] = 1' /etc/php/"$phpver"/fpm/pool.d/$sitename.conf sed -i -e '/cgi.fix_pathinfo/c\php_admin_value[cgi.fix_pathinfo] = 1' "$phpPoolDir"/$sitename.conf
sed -i -e '/security.limit_extensions/c\php_admin_value[security.limit_extensions] = .php' /etc/php/"$phpver"/fpm/pool.d/$sitename.conf sed -i -e '/security.limit_extensions/c\php_admin_value[security.limit_extensions] = .php' "$phpPoolDir"/$sitename.conf
systemctl reload apache2 php$phpver-fpm systemctl reload $apacheService $phpFPMService

1
CMS/nextcloud/apt.pkg.list Normal file
View File

@@ -0,0 +1 @@
libmagickcore-6.q16-3-extra zlib1g libpng-dev

23
CMS/nextcloud/conf.sh
View File

@@ -1,6 +1,6 @@
#PHP Pool #PHP Pool
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/nextcloud/Fpm-Pool.conf-unconfigured -o /etc/php/"$phpver"/fpm/pool.d/"$sitename".conf curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/nextcloud/Fpm-Pool.conf-unconfigured -o "$phpPoolDir"/"$sitename".conf
sed -i -e 's/PHPver/'$phpver'/g' -e 's/SITEname/'$sitename'/g' -e 's/DOMAINname/'$domain'/g' /etc/php/"$phpver"/fpm/pool.d/$sitename.conf sed -i -e 's/PHPver/'$phpver'/g' -e 's/SITEname/'$sitename'/g' -e 's/DOMAINname/'$domain'/g' "$phpPoolDir"/$sitename.conf
groupadd "$sitename" groupadd "$sitename"
useradd -g "$sitename" "$sitename" useradd -g "$sitename" "$sitename"
mkdir -p /var/www/"$domain"/html/data mkdir -p /var/www/"$domain"/html/data
@@ -15,7 +15,7 @@ touch /var/www/"$domain"/html/data/nextcloud.log > $OUTPUT 2>&1
db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1` db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1`
db_name="nextcloud_$db_suffix" db_name="nextcloud_$db_suffix"
db_user="nextcloud_$db_suffix" db_user="nextcloud_$db_suffix"
db_pass=$(date +%s|sha256sum|base64|head -c 32) db_pass=$(tr -dc 'A-Za-z0-9!#%()*+,-.:;<=>?@[]^_{|}~' </dev/urandom | head -c 30 ; echo)
mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;" > $OUTPUT 2>&1 mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;" > $OUTPUT 2>&1
mysql -u root -p"$password" -e "CREATE USER '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';" > $OUTPUT 2>&1 mysql -u root -p"$password" -e "CREATE USER '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';" > $OUTPUT 2>&1
mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost';" > $OUTPUT 2>&1 mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost';" > $OUTPUT 2>&1
@@ -36,8 +36,16 @@ cat <<EOF > /var/www/$domain/html/config/autoconfig.php
); );
EOF EOF
#Setting Permsissions
chown "$sitename":"$sitename" -R /var/www/"$domain"/html chown "$sitename":"$sitename" -R /var/www/"$domain"/html
if [ "$shortdist" = "el8" ]; then
#Setting SeLiux perms for centos
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/$domain/html(/.*)?" > $OUTPUT 2>&1
restorecon -vr /var/www/ > $OUTPUT 2>&1
fi
#Makeing nextcloud Finalize script and setting login Notice #Makeing nextcloud Finalize script and setting login Notice
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/nextcloud/nextcloud-init.sh -o ~/NextcloudInit-"$sitename".sh curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/nextcloud/nextcloud-init.sh -o ~/NextcloudInit-"$sitename".sh
sed -i -e 's/DOMAINname/'$domain'/' -e 's/SITEname/'$sitename'/' ~/NextcloudInit-"$sitename".sh sed -i -e 's/DOMAINname/'$domain'/' -e 's/SITEname/'$sitename'/' ~/NextcloudInit-"$sitename".sh
@@ -46,13 +54,8 @@ sed -i -e 's/SITEname/'$sitename'/' /etc/update-motd.d/51-nextnotice-"${sitename
chmod +x /etc/update-motd.d/51-nextnotice-"${sitename//_}" chmod +x /etc/update-motd.d/51-nextnotice-"${sitename//_}"
#Nextcloud logging location
mkdir /var/log/nextcloud
chmod 774 -R /var/log/nextcloud
ln -s /var/www/"$domain"/html/data/nextcloud.log /var/log/nextcloud/"$sitename"
#fail2ban #fail2ban
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/nextcloud_unconfigured -o /etc/fail2ban/jail.d/"$sitename"-nextcloud.local curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/nextcloud_unconfigured -o /etc/fail2ban/jail.d/"$sitename"-nextcloud.local
sed -i 's/SITEname/'$sitename'/' /etc/fail2ban/jail.d/"$sitename"-nextcloud.local sed -i 's/DOMain/'$domain'/' /etc/fail2ban/jail.d/"$sitename"-nextcloud.local
systemctl reload php"$phpver"-fpm systemctl reload "$phpFPMService"

1
CMS/nextcloud/dnf.pkg.list Normal file
View File

@@ -0,0 +1 @@
ImageMagick-libs zlib libpng

2
CMS/nextcloud/generic.pkg.list
View File

@@ -1 +1 @@
libmagickcore-6.q16-3-extra libxml2 openssl zlib1g libpng-dev phpPHPver-bcmath phpPHPver-gmp libxml2 openssl PHPprefix-bcmath PHPprefix-gmp bzip2

4
CMS/nextcloud/nextcloud-init.sh
View File

@@ -7,13 +7,13 @@ sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set default_loca
sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set skeletondirectory --value= sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set skeletondirectory --value=
sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set memcache.local --value='\OC\Memcache\APCu' sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set memcache.local --value='\OC\Memcache\APCu'
if [ "$(systemctl is-active redis-server)" = "active" ]; then if [ "$(systemctl is-active redis-server)" = "active" ] || [ "$(systemctl is-active redis)" = "active" ]; then
sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set memcache.distributed --value='\OC\Memcache\Redis' sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set memcache.distributed --value='\OC\Memcache\Redis'
sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set memcache.locking --value='\OC\Memcache\Redis' sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set memcache.locking --value='\OC\Memcache\Redis'
sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set redis host --value=localhost sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set redis host --value=localhost
sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set redis port --value=6379 sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set redis port --value=6379
else else
echo "Redis not installed or running on this system" echo "Redis running on this system"
fi fi
echo "*/5 * * * * SITEname php -f /var/www/DOMAINname/html/cron.php > /dev/null 2>&1" >> /etc/crontab echo "*/5 * * * * SITEname php -f /var/www/DOMAINname/html/cron.php > /dev/null 2>&1" >> /etc/crontab

8
CMS/none/apache-conf.sh
View File

@@ -1,9 +1,5 @@
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/none/Apache-unconfigured -o /tmp/apache-siteconf curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/none/Apache-unconfigured -o /tmp/apache-siteconf
sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/apache-siteconf sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/apache-siteconf
sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' /etc/apache2/sites-available/"$sitename"_"$site_ext".conf sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' "$apacheConfDir"/sites-available/"$sitename"_"$site_ext".conf
mkdir -p /var/www/"$domain"/html
echo "<html><head></head><body>$webserv has been succsefully installed by the Wizard</body></html>" > /var/www/$domain/html/index.html systemctl reload $apacheService
chown "$sitename":"$sitename" -R /var/www/"$domain"/html
systemctl reload apache2

20
CMS/none/conf.sh
View File

@@ -1,12 +1,26 @@
#Creating webfolder
mkdir -p /var/www/"$domain"/html
#Ceating content
echo "<html><head></head><body>$webserv has been succsefully installed by the Wizard</body></html>" > /var/www/$domain/html/index.html
#Do not generate php pool when php is not installed #Do not generate php pool when php is not installed
if [ $webserv != nginx_nonphp ]; then if [ $webserv != nginx_nonphp ]; then
#Setup PHP Pool #Setup PHP Pool
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/none/Fpm-Pool.conf-unconfigured -o /etc/php/"$phpver"/fpm/pool.d/"$sitename".conf curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/none/Fpm-Pool.conf-unconfigured -o "$phpPoolDir"/"$sitename".conf
sed -i -e 's/PHPver/'$phpver'/g' -e 's/SITEname/'$sitename'/g' -e 's/DOMAINname/'$domain'/' /etc/php/"$phpver"/fpm/pool.d/$sitename.conf sed -i -e 's/PHPver/'$phpver'/g' -e 's/SITEname/'$sitename'/g' -e 's/DOMAINname/'$domain'/' "$phpPoolDir"/$sitename.conf
groupadd "$sitename" groupadd "$sitename"
useradd -g "$sitename" "$sitename" useradd -g "$sitename" "$sitename"
systemctl reload php"$phpver"-fpm systemctl reload $phpFPMService
#Setting Permsissions
chown "$sitename":"$sitename" -R /var/www/"$domain"/html
fi
if [ "$shortdist" = "el8" ]; then
#Setting SeLiux perms for centos
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/$domain/html(/.*)?" > $OUTPUT 2>&1
restorecon -vr /var/www/ > $OUTPUT 2>&1
fi fi

4
CMS/none/nginx-conf.sh
View File

@@ -1,9 +1,5 @@
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/none/Nginx-unconfigured -o /tmp/nginx-siteconf curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/none/Nginx-unconfigured -o /tmp/nginx-siteconf
sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/nginx-siteconf sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/nginx-siteconf
sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"_"$site_ext" sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"_"$site_ext"
mkdir -p /var/www/"$domain"/html
echo "<html><head></head><body>$webserv has been succsefully installed by the Wizard</body></html>" > /var/www/$domain/html/index.html
chown "$sitename":"$sitename" -R /var/www/"$domain"/html
systemctl reload nginx systemctl reload nginx

4
CMS/none/nginx_nonphp-conf.sh
View File

@@ -1,9 +1,5 @@
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/none/Nginx_nonphp-unconfigured -o /tmp/nginx-siteconf curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/none/Nginx_nonphp-unconfigured -o /tmp/nginx-siteconf
sed -i -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/nginx-siteconf sed -i -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/nginx-siteconf
sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"_"$site_ext" sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"_"$site_ext"
mkdir -p /var/www/"$domain"/html
echo "<html><head></head><body>$webserv has been succsefully installed by the Wizard</body></html>" > /var/www/$domain/html/index.html
chown www-data:www-data -R /var/www/"$domain"/html
systemctl reload nginx systemctl reload nginx

4
CMS/wordpress/apache-conf.sh
View File

@@ -1,6 +1,6 @@
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/wordpress/Apache-unconfigured -o /tmp/apache-siteconf curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/wordpress/Apache-unconfigured -o /tmp/apache-siteconf
sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/apache-siteconf sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/apache-siteconf
sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' /etc/apache2/sites-available/"$sitename"_"$site_ext".conf sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' "$apacheConfDir"/sites-available/"$sitename"_"$site_ext".conf
chown "$sitename":"$sitename" -R /var/www/"$domain"/html chown "$sitename":"$sitename" -R /var/www/"$domain"/html
systemctl reload apache2 php$phpver-fpm systemctl reload $apacheService $phpFPMService

17
CMS/wordpress/conf.sh
View File

@@ -9,7 +9,7 @@ fi
db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1` db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1`
db_name="wp_$db_suffix" db_name="wp_$db_suffix"
db_user="wp_$db_suffix" db_user="wp_$db_suffix"
db_pass=$(date +%s|sha256sum|base64|head -c 32) db_pass=$(tr -dc 'A-Za-z0-9!#%()*+,-.:;<=>?@[]^_{|}~' </dev/urandom | head -c 30 ; echo)
WPSalts=$(curl --retry 7 --retry-delay 5 -s https://api.wordpress.org/secret-key/1.1/salt/) WPSalts=$(curl --retry 7 --retry-delay 5 -s https://api.wordpress.org/secret-key/1.1/salt/)
#Setting up Database #Setting up Database
@@ -33,21 +33,30 @@ printf '%s\n' "$WPSalts" >> /var/www/"$domain"/html/wp-config.php
printf '%s\n' "require_once(ABSPATH . 'wp-settings.php');" >> /var/www/"$domain"/html/wp-config.php printf '%s\n' "require_once(ABSPATH . 'wp-settings.php');" >> /var/www/"$domain"/html/wp-config.php
#PHP Pool #PHP Pool
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/wordpress/Fpm-Pool.conf-unconfigured -o /etc/php/"$phpver"/fpm/pool.d/"$sitename".conf curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/wordpress/Fpm-Pool.conf-unconfigured -o "$phpPoolDir"/"$sitename".conf
sed -i -e 's/PHPver/'$phpver'/g' -e 's/SITEname/'$sitename'/g' -e 's/DOMAINname/'$domain'/g' /etc/php/"$phpver"/fpm/pool.d/$sitename.conf sed -i -e 's/PHPver/'$phpver'/g' -e 's/SITEname/'$sitename'/g' -e 's/DOMAINname/'$domain'/g' "$phpPoolDir"/$sitename.conf
groupadd "$sitename" groupadd "$sitename"
useradd -g "$sitename" "$sitename" useradd -g "$sitename" "$sitename"
systemctl reload php"$phpver"-fpm systemctl reload $phpFPMService
#fail2ban #fail2ban
if [ ! -f /etc/fail2ban/jail.d/wordpress-syslog.local ]; then if [ ! -f /etc/fail2ban/jail.d/wordpress-syslog.local ]; then
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/wordpress-syslog.jail -o /etc/fail2ban/jail.d/wordpress-syslog.local curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/wordpress-syslog.jail -o /etc/fail2ban/jail.d/wordpress-syslog.local
if [ "$shortdist" = "el8" ]; then
sed -i '/logpath/c\logpath = /var/log/messages' /etc/fail2ban/jail.d/wordpress-syslog.local
fi
fi fi
#Setting Permsissions #Setting Permsissions
chown "$sitename":"$sitename" -R /var/www/"$domain"/html chown "$sitename":"$sitename" -R /var/www/"$domain"/html
if [ "$shortdist" = "el8" ]; then
#Setting SeLiux perms for centos
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/$domain/html(/.*)?" > $OUTPUT 2>&1
restorecon -vr /var/www/ > $OUTPUT 2>&1
fi
#Makeing wordpress Finalize script and setting login Notice #Makeing wordpress Finalize script and setting login Notice
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/wordpress/wordpress-init.sh -o ~/WordpressInit-"$sitename".sh curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/wordpress/wordpress-init.sh -o ~/WordpressInit-"$sitename".sh
sed -i -e 's/DOMAINname/'$domain'/' -e 's/SITEname/'$sitename'/' ~/WordpressInit-"$sitename".sh sed -i -e 's/DOMAINname/'$domain'/' -e 's/SITEname/'$sitename'/' ~/WordpressInit-"$sitename".sh

2
CMS/wordpress/nginx-conf.sh
View File

@@ -4,4 +4,4 @@ sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$
sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"_"$site_ext" sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"_"$site_ext"
#Reloading Services #Reloading Services
systemctl reload nginx php$phpver-fpm systemctl reload nginx $phpFPMService

14
CMS/wordpress/wordpress-init.sh
View File

@@ -1,10 +1,10 @@
sudo -u SITEname wp --path=/var/www/DOMAINname/html core update sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html core update
sudo -u SITEname wp --path=/var/www/DOMAINname/html theme update --all sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html theme update --all
sudo -u SITEname wp --path=/var/www/DOMAINname/html plugin install wp-fail2ban --activate sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html plugin install wp-fail2ban --activate
sudo -u SITEname wp --path=/var/www/DOMAINname/html plugin install all-in-one-wp-migration --activate sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html plugin install all-in-one-wp-migration --activate
sudo -u SITEname wp --path=/var/www/DOMAINname/html plugin install https://git.ictmaatwerk.com/downloads/wp/migrate.zip --activate sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html plugin install https://git.ictmaatwerk.com/downloads/wp/migrate.zip --activate
sudo -u SITEname wp --path=/var/www/DOMAINname/html cron event run wp_update_plugins sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html cron event run wp_update_plugins
sudo -u SITEname wp --path=/var/www/DOMAINname/html plugin update --all sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html plugin update --all
echo -e "\e[96m Please update all-in-one-wp-migration-unlimited plugin manually\e[39m" echo -e "\e[96m Please update all-in-one-wp-migration-unlimited plugin manually\e[39m"
sn2=SITEname sn2=SITEname
rm -f /etc/update-motd.d/51-wpnotice-${sn2//_} rm -f /etc/update-motd.d/51-wpnotice-${sn2//_}

20
CoreModules/apache/appendCMS-conf.sh
View File

@@ -4,19 +4,19 @@
if [ $domainwww = 1 ]; then if [ $domainwww = 1 ]; then
#non-ssl #non-ssl
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-wwwredir >> /etc/apache2/sites-available/"$sitename"_nossl.conf curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-wwwredir >> "$apacheConfDir"/sites-available/"$sitename"_nossl.conf
echo "" >> /etc/apache2/sites-available/"$sitename"_nossl.conf echo "" >> "$apacheConfDir"/sites-available/"$sitename"_nossl.conf
#ssl #ssl
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-wwwredir >> /etc/apache2/sites-available/"$sitename"_ssl.conf curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-wwwredir >> "$apacheConfDir"/sites-available/"$sitename"_ssl.conf
echo "" >> /etc/apache2/sites-available/"$sitename"_ssl.conf echo "" >> "$apacheConfDir"/sites-available/"$sitename"_ssl.conf
fi fi
#non-ssl #non-ssl
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-unconfigured >> /etc/apache2/sites-available/"$sitename"_nossl.conf curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-unconfigured >> "$apacheConfDir"/sites-available/"$sitename"_nossl.conf
sed -i -e 's/DOMAINname/'$domain'/g' /etc/apache2/sites-available/"$sitename"_nossl.conf sed -i -e 's/DOMAINname/'$domain'/g' "$apacheConfDir"/sites-available/"$sitename"_nossl.conf
ln -s /etc/apache2/sites-available/"$sitename"_nossl.conf /etc/apache2/sites-enabled/010-"$sitename".conf ln -s "$apacheConfDir"/sites-available/"$sitename"_nossl.conf "$apacheConfDir"/sites-enabled/010-"$sitename".conf
#ssl #ssl
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-unconfigured >> /etc/apache2/sites-available/"$sitename"_ssl.conf curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-unconfigured >> "$apacheConfDir"/sites-available/"$sitename"_ssl.conf
sed -i -e 's/DOMAINname/'$domain'/g' /etc/apache2/sites-available/"$sitename"_ssl.conf sed -i -e 's/DOMAINname/'$domain'/g' "$apacheConfDir"/sites-available/"$sitename"_ssl.conf
systemctl reload apache2 systemctl reload $apacheService

0
CoreModules/apache/generic.pkg.list → CoreModules/apache/apt.pkg.list
View File

61
CoreModules/apache/conf.sh
View File

@@ -1,54 +1,69 @@
systemctl stop apache2 > $OUTPUT 2>&1 systemctl stop $apacheService > $OUTPUT 2>&1
############## ##############
# Apache # # Apache #
############## ##############
if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then
a2dissite 000-default > $OUTPUT 2>&1 a2dissite 000-default > $OUTPUT 2>&1
a2dismod mpm_prefork > $OUTPUT 2>&1 a2dismod mpm_prefork > $OUTPUT 2>&1
a2enmod actions fcgid alias proxy_fcgi ssl headers http2 setenvif socache_shmcb > $OUTPUT 2>&1 a2enmod actions fcgid alias proxy_fcgi ssl headers http2 setenvif socache_shmcb > $OUTPUT 2>&1
mkdir -p "$apacheConfDir"/snippets/
elif [ "$shortdist" = "el8" ]; then
echo 'IncludeOptional conf-enabled/*.conf' >>/etc/httpd/conf/httpd.conf
echo 'IncludeOptional sites-enabled/*.conf' >>/etc/httpd/conf/httpd.conf
sed -i -e '/User apache/c\User www-data' -e '/Group apache/c\Group www-data' /etc/httpd/conf/httpd.conf
sed -i 's/^/#/g' /etc/httpd/conf.d/welcome.conf
#Creating directories
mkdir -p /etc/httpd/{sites-available,sites-enabled,conf-enabled,conf-available,snippets}
#getting aditional apache config for centos
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/conf-httpd-custom.conf -o "$apacheConfDir"/conf-enabled/zzz-Httpd-custom.conf
fi
mkdir -p /etc/apache2/snippets/ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/snippets-ssl.conf -o "$apacheConfDir"/snippets/apa-ssl.conf
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/snippets-ssl.conf -o /etc/apache2/snippets/apa-ssl.conf curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/snippets-backendredir.conf -o "$apacheConfDir"/snippets/apa-backendredir.conf
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/snippets-backendredir.conf -o /etc/apache2/snippets/apa-backendredir.conf sed -i -e 's/HOSTname/'$hostname'/' "$apacheConfDir"/snippets/apa-backendredir.conf
sed -i -e 's/HOSTname/'$hostname'/' /etc/apache2/snippets/apa-backendredir.conf curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/conf-custom.conf -o "$apacheConfDir"/conf-enabled/zzz-custom.conf
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/conf-custom.conf -o /etc/apache2/conf-enabled/zzz-custom.conf
#Catch all (ip and unconfigured domains) #Catch all (ip and unconfigured domains)
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_CatchAll -o /etc/apache2/sites-available/CatchAll.conf curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_CatchAll -o "$apacheConfDir"/sites-available/CatchAll.conf
ln -s /etc/apache2/sites-available/CatchAll.conf /etc/apache2/sites-enabled/999-CatchAll.conf ln -s "$apacheConfDir"/sites-available/CatchAll.conf "$apacheConfDir"/sites-enabled/999-CatchAll.conf
if [ $domainwww = 1 ]; then if [ $domainwww = 1 ]; then
#non-ssl #non-ssl
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-wwwredir >> /etc/apache2/sites-available/"$sitename"_nossl.conf curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-wwwredir >> "$apacheConfDir"/sites-available/"$sitename"_nossl.conf
echo "" >> /etc/apache2/sites-available/"$sitename"_nossl.conf echo "" >> "$apacheConfDir"/sites-available/"$sitename"_nossl.conf
#ssl #ssl
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-wwwredir >> /etc/apache2/sites-available/"$sitename"_ssl.conf curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-wwwredir >> "$apacheConfDir"/sites-available/"$sitename"_ssl.conf
echo "" >> /etc/apache2/sites-available/"$sitename"_ssl.conf echo "" >> "$apacheConfDir"/sites-available/"$sitename"_ssl.conf
fi fi
#non-ssl #non-ssl
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-unconfigured >> /etc/apache2/sites-available/"$sitename"_nossl.conf curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-unconfigured >> "$apacheConfDir"/sites-available/"$sitename"_nossl.conf
sed -i -e 's/DOMAINname/'$domain'/g' /etc/apache2/sites-available/"$sitename"_nossl.conf sed -i -e 's/DOMAINname/'$domain'/g' "$apacheConfDir"/sites-available/"$sitename"_nossl.conf
ln -s /etc/apache2/sites-available/"$sitename"_nossl.conf /etc/apache2/sites-enabled/010-"$sitename".conf ln -s "$apacheConfDir"/sites-available/"$sitename"_nossl.conf "$apacheConfDir"/sites-enabled/010-"$sitename".conf
#ssl #ssl
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-unconfigured >> /etc/apache2/sites-available/"$sitename"_ssl.conf curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-unconfigured >> "$apacheConfDir"/sites-available/"$sitename"_ssl.conf
sed -i -e 's/DOMAINname/'$domain'/g' /etc/apache2/sites-available/"$sitename"_ssl.conf sed -i -e 's/DOMAINname/'$domain'/g' "$apacheConfDir"/sites-available/"$sitename"_ssl.conf
#non-ssl-Backend #non-ssl-Backend
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-unconfigured >> /etc/apache2/sites-available/Backend_nossl.conf curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-unconfigured >> "$apacheConfDir"/sites-available/Backend_nossl.conf
sed -i -e 's/DOMAINname/'$hostname'/g' /etc/apache2/sites-available/Backend_nossl.conf sed -i -e 's/DOMAINname/'$hostname'/g' "$apacheConfDir"/sites-available/Backend_nossl.conf
ln -s /etc/apache2/sites-available/Backend_nossl.conf /etc/apache2/sites-enabled/010-Backend.conf ln -s "$apacheConfDir"/sites-available/Backend_nossl.conf "$apacheConfDir"/sites-enabled/010-Backend.conf
#ssl-Backend #ssl-Backend
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-unconfigured >> /etc/apache2/sites-available/Backend_ssl.conf curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-unconfigured >> "$apacheConfDir"/sites-available/Backend_ssl.conf
sed -i -e 's/DOMAINname/'$hostname'/g' /etc/apache2/sites-available/Backend_ssl.conf sed -i -e 's/DOMAINname/'$hostname'/g' "$apacheConfDir"/sites-available/Backend_ssl.conf
mkdir -p /opt/toggle mkdir -p /opt/toggle
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/toggles/toggle-PhpMyAdmin_APACHE.sh -o /opt/toggle/toggle-PhpMyAdmin.sh curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/toggles/toggle-PhpMyAdmin_APACHE.sh -o /opt/toggle/toggle-PhpMyAdmin.sh
sed -i -e 's/APASRV/'$apacheService'/' -e 's#APADIR#'$apacheConfDir'#' /opt/toggle/toggle-PhpMyAdmin.sh
# custom Welcome page # custom Welcome page
echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /var/www/html/index.html echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /var/www/html/index.html
systemctl start apache2 > $OUTPUT 2>&1 systemctl start $apacheService > $OUTPUT 2>&1
systemctl enable $apacheService > $OUTPUT 2>&1

1
CoreModules/apache/config/apache2/conf-httpd-custom.conf Normal file
View File

@@ -0,0 +1 @@
Define APACHE_LOG_DIR /var/log/httpd

1
CoreModules/apache/dnf.pkg.list Normal file
View File

@@ -0,0 +1 @@
httpd mod_fcgid mod_ssl

16
CoreModules/apache/preconf.sh
View File

@@ -1 +1,17 @@
if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then
# Debian/Ubunbtu apache variables
apacheConfDir=/etc/apache2
apacheService=apache2
elif [ "$shortdist" = "el8" ]; then
# Centos Php variable
apacheConfDir=/etc/httpd
apacheService=httpd
fi
#Storing vars to config
for storeme in apacheService apacheConfDir; do
declare -p $storeme | cut -d ' ' -f 3- >> /etc/ICTM/apachevar.list
done
curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=apache osrel=$shortdist bash > $OUTPUT 2>&1 > $OUTPUT 2>&1 curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=apache osrel=$shortdist bash > $OUTPUT 2>&1 > $OUTPUT 2>&1

10
CoreModules/apache/ssl-handler.sh
View File

@@ -1,9 +1,9 @@
rm /etc/apache2/sites-enabled/010-"$sitename".conf rm "$apacheConfDir"/sites-enabled/010-"$sitename".conf
ln -s /etc/apache2/sites-available/"$sitename"_"$site_ext".conf /etc/apache2/sites-enabled/010-"$sitename".conf ln -s "$apacheConfDir"/sites-available/"$sitename"_"$site_ext".conf "$apacheConfDir"/sites-enabled/010-"$sitename".conf
if [ -n "$sslfr" ]; then if [ -n "$sslfr" ]; then
rm /etc/apache2/sites-enabled/010-Backend.conf rm "$apacheConfDir"/sites-enabled/010-Backend.conf
ln -s /etc/apache2/sites-available/Backend_"$siteBackend_ext".conf /etc/apache2/sites-enabled/010-Backend.conf ln -s "$apacheConfDir"/sites-available/Backend_"$siteBackend_ext".conf "$apacheConfDir"/sites-enabled/010-Backend.conf
fi fi
systemctl reload apache2 systemctl reload $apacheService

31
CoreModules/generic/conf.sh
View File

@@ -1,7 +1,26 @@
##----------##
# Centos #
##----------##
if [ "$shortdist" = "el8" ]; then
#SeLinux
semanage port -a -t ssh_port_t -p tcp 4242
systemctl enable ufw > $OUTPUT 2>&1
#Motd
mkdir /etc/update-motd.d
echo 'if stat --printf="" /etc/update-motd.d/51* 2>/dev/null; then for f in /etc/update-motd.d/51*; do bash $f; done; fi' >> /etc/profile
fi
##-------## ##-------##
# UFW # # UFW #
##-------## ##-------##
if [ "$shortdist" = "el8" ]; then
sed -i -e '/tuple/d' -e '/dapp/d' /usr/share/ufw/iptables/user.rules
sed -i -e '/tuple/d' -e '/dapp/d' /usr/share/ufw/iptables/user6.rules
echo "y" | ufw reset > $OUTPUT 2>&1
systemctl enable ufw > $OUTPUT 2>&1
fi
sed -i '/IPV6=/c\IPV6=yes' /etc/default/ufw sed -i '/IPV6=/c\IPV6=yes' /etc/default/ufw
ufw default deny incoming > $OUTPUT 2>&1 ufw default deny incoming > $OUTPUT 2>&1
ufw default allow outgoing > $OUTPUT 2>&1 ufw default allow outgoing > $OUTPUT 2>&1
@@ -23,6 +42,18 @@ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fai
curl --retry 7 --retry-delay 5 -s https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-hard.conf -o /etc/fail2ban/filter.d/wordpress-hard.local curl --retry 7 --retry-delay 5 -s https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-hard.conf -o /etc/fail2ban/filter.d/wordpress-hard.local
curl --retry 7 --retry-delay 5 -s https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-soft.conf -o /etc/fail2ban/filter.d/wordpress-soft.local curl --retry 7 --retry-delay 5 -s https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-soft.conf -o /etc/fail2ban/filter.d/wordpress-soft.local
if [ "$shortdist" = "el8" ]; then
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/action.d/ufw.conf -o /etc/fail2ban/action.d/ufw.conf
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/selinux/policies/fail2ban-allowhttpd.te -o /tmp/fail2ban-allowhttpd.te
checkmodule -M -m -o /tmp/fail2ban-allowhttpd.mod /tmp/fail2ban-allowhttpd.te
semodule_package -o /tmp/fail2ban-allowhttpd.pp -m /tmp/fail2ban-allowhttpd.mod
semodule -i /tmp/fail2ban-allowhttpd.pp
fi
#Start fail2ban service
systemctl start fail2ban
systemctl enable fail2ban
#General jails #General jails
rm /etc/fail2ban/jail.d/* rm /etc/fail2ban/jail.d/*
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/sshd.jail -o /etc/fail2ban/jail.d/sshd.local curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/sshd.jail -o /etc/fail2ban/jail.d/sshd.local

2
CoreModules/generic/dnf.pkg.list
View File

@@ -1 +1 @@
cronie cronie policycoreutils-python-utils

2
CoreModules/generic/generic.pkg.list
View File

@@ -1 +1 @@
htop ufw nload fail2ban sudo bash-completion nano htop ufw nload fail2ban sudo bash-completion

87
CoreModules/generic/preconf.sh
View File

@@ -1,23 +1,77 @@
##-----------------------## if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then
# Prerequisite packages # ########################
##-----------------------## # Debian/Ubunbtu #
########################
curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=init osrel=$shortdist bash > $OUTPUT 2>&1
##--------------## ##--------------##
# Repositories # # Repositories #
##--------------## ##--------------##
curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=universe osrel=$shortdist bash > $OUTPUT 2>&1 curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=universe osrel=$shortdist bash > $OUTPUT 2>&1
curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=php osrel=$shortdist bash > $OUTPUT 2>&1 ##------------##
# System #
##------------##
sed -i -e '/XKBLAYOUT=/c\XKBLAYOUT=us' -e '/XKBVARIANT=/c\XKBVARIANT="intl"' /etc/default/keyboard > $OUTPUT 2>&1
##-------------## ##-------------##
# Updates # # Updates #
##-------------## ##-------------##
debconf-set-selections <<< 'libssl1.1:amd64 libraries/restart-without-asking boolean true' debconf-set-selections <<< 'libssl1.1:amd64 libraries/restart-without-asking boolean true'
$PKGM update $PKGUC
$PKGM upgrade -y $PKGUP
##-------------##
# Postfix #
##-------------##
#Checking if postfix exists on this system and if so it wil be removed to prevent config conflicts
if dpkg-query -Wf'${db:Status-abbrev}' postfix 2>/dev/null | grep -q '^i'; then apt purge -y postfix > $OUTPUT 2>&1; fi
elif [ "$shortdist" = "el8" ]; then
################
# Centos #
################
##--------------##
# Repositories #
##--------------##
curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=epel osrel=$shortdist bash > $OUTPUT 2>&1
##------------##
# System #
##------------##
localectl set-keymap us > $OUTPUT 2>&1
useradd -r -U -s /usr/sbin/nologin -d /var/www www-data > $OUTPUT 2>&1
systemctl disable firewalld --now > $OUTPUT 2>&1
##-------------##
# Postfix #
##-------------##
if dnf list installed postfix >/dev/null 2>&1; then dnf remove postfix -y; fi
fi
#################
# General #
#################
##-----------------------##
# Prerequisite packages #
##-----------------------##
curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=init osrel=$shortdist bash > $OUTPUT 2>&1
##--------------##
# Repositories #
##--------------##
curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=php osrel=$shortdist bash > $OUTPUT 2>&1
##------------## ##------------##
@@ -30,12 +84,6 @@ timedatectl set-timezone Europe/Amsterdam > $OUTPUT 2>&1
sed -i -e '/Port 22/c\Port 4242' -e 's/PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config > $OUTPUT 2>&1 sed -i -e '/Port 22/c\Port 4242' -e 's/PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config > $OUTPUT 2>&1
if [ "$osrel" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb10" ] ; then
sed -i -e '/XKBLAYOUT=/c\XKBLAYOUT=us' -e '/XKBVARIANT=/c\XKBVARIANT="intl"' /etc/default/keyboard > $OUTPUT 2>&1
elif [ "$osrel" = "cent8" ]; then
localectl set-keymap us-int
fi
##----------## ##----------##
# Swap # # Swap #
##----------## ##----------##
@@ -51,12 +99,3 @@ else
fi fi
echo "vm.swappiness=10" >> /etc/sysctl.conf echo "vm.swappiness=10" >> /etc/sysctl.conf
echo "vm.vfs_cache_pressure=50" >> /etc/sysctl.conf echo "vm.vfs_cache_pressure=50" >> /etc/sysctl.conf
##-------------##
# Postfix #
##-------------##
#Checking if postfix exists on this system and if so it wil be removed to prevent config conflicts
if dpkg-query -Wf'${db:Status-abbrev}' postfix 2>/dev/null | grep -q '^i'; then apt purge -y postfix > $OUTPUT 2>&1; fi

1
CoreModules/nginx/apt.pkg.list Normal file
View File

@@ -0,0 +1 @@
apache2-utils

3
CoreModules/nginx/conf.sh
View File

@@ -43,4 +43,5 @@ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/to
# custom Welcome page # custom Welcome page
echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /usr/share/nginx/html/index.html echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /usr/share/nginx/html/index.html
systemctl start nginx systemctl start nginx > $OUTPUT 2>&1
systemctl enable nginx > $OUTPUT 2>&1

1
CoreModules/nginx/dnf.pkg.list Normal file
View File

@@ -0,0 +1 @@
httpd-tools

2
CoreModules/nginx/generic.pkg.list
View File

@@ -1 +1 @@
nginx apache2-utils nginx

1
CoreModules/nginx_nonphp/apt.pkg.list Normal file
View File

@@ -0,0 +1 @@
apache2-utils

3
CoreModules/nginx_nonphp/conf.sh
View File

@@ -28,4 +28,5 @@ sed -i -e 's/DOMAINname/'$domain'/g' /etc/nginx/sites-available/"$sitename"_ssl
# custom Welcome page # custom Welcome page
echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /usr/share/nginx/html/index.html echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /usr/share/nginx/html/index.html
systemctl start nginx systemctl start nginx > $OUTPUT 2>&1
systemctl enable nginx > $OUTPUT 2>&1

1
CoreModules/nginx_nonphp/dnf.pkg.list Normal file
View File

@@ -0,0 +1 @@
httpd-tools

2
CoreModules/nginx_nonphp/generic.pkg.list
View File

@@ -1 +1 @@
nginx apache2-utils nginx

5
Scripts/EnableSSL.sh
View File

@@ -8,8 +8,9 @@ webserv=WebServer
webservice=WebServer webservice=WebServer
#Correcting service name for Apache #Correcting service name for Apache
if [ $webservice = apache ]; then if [ $webservice = apache ]; then\
webservice=apache2 source /etc/ICTM/apachevar.list
webservice="$apacheService"
ext=.conf ext=.conf
fi fi

21
Scripts/GeneratePhplist.sh Normal file
View File

@@ -0,0 +1,21 @@
if [ ! -f "/etc/ICTM/mainvar.list" ] ; then echo 'This system is not yet setup, please run the main installer first' && exit ; fi
if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then
# Debian/Ubunbtu Php variables
phpPoolDir=/etc/php/${phpver}/fpm/pool.d
phpPkgName=php${phpver}
phpMainConf=/etc/php/${phpver}/fpm/php.ini
phpFPMService=php${phpver}-fpm
elif [ "$shortdist" = "el8" ]; then
# Centos Php variable
phpPoolDir=/etc/opt/remi/php${phpver//.}/php-fpm.d/
phpPkgName=php${phpver//.}-php
phpMainConf=/etc/opt/remi/php${phpver//.}/php.ini
phpFPMService=php${phpver//.}-php-fpm
fi
#Storing vars to config
for storeme in phpPoolDir phpPkgName phpMainConf phpFPMService; do
declare -p $storeme | cut -d ' ' -f 3- >> /etc/ICTM/phpvar.list
done

12
Scripts/SMI.sh
View File

@@ -50,7 +50,7 @@ elif [[ "${dist}" == *"centos"* ]] && [[ "${dist_ver}" == *"8"* ]]; then
PKGM="dnf" PKGM="dnf"
PKGI="${PKGM} install --setopt=install_weak_deps=False --best -y" PKGI="${PKGM} install --setopt=install_weak_deps=False --best -y"
PKGLIST="dnf" PKGLIST="dnf"
shortdist=cent8 shortdist=el8
echo "This OS is not supported" echo "This OS is not supported"
exit exit
else else
@@ -100,7 +100,7 @@ fi
##--------------------------## ##--------------------------##
msg " Starting installer" 8 78 msg " Starting installer" 8 78
$PKGM update > $OUTPUT 2>&1 $PKGUC > $OUTPUT 2>&1
$PKGI curl > $OUTPUT 2>&1 $PKGI curl > $OUTPUT 2>&1
@@ -134,8 +134,8 @@ fi
msg " Preconfiguring" msg " Preconfiguring"
curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=init osrel=$shortdist bash > $OUTPUT 2>&1 curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=init osrel=$shortdist bash > $OUTPUT 2>&1
$PKGM update $PKGUC
$PKGM upgrade -y $PKGUP
##-------------------## ##-------------------##
@@ -155,8 +155,8 @@ fi
# Installer # # Installer #
##-------------## ##-------------##
$PKGM update $PKGUC
sed -i 's/PHPver/'$phpver'/g' /tmp/pkg.list sed -i 's/PHPprefix/'$phpPkgName'/g' /tmp/pkg.list
cat /tmp/pkg.list | xargs $PKGI cat /tmp/pkg.list | xargs $PKGI

8
Scripts/toggles/toggle-PhpMyAdmin_APACHE.sh
View File

@@ -20,13 +20,13 @@ if [ -n "$1" ]; then
if [[ "$1" = "-d" && "$PhpMA" != 0 ]]; then if [[ "$1" = "-d" && "$PhpMA" != 0 ]]; then
echo "Disable PhpMyadmin" echo "Disable PhpMyadmin"
sed -i '/PhpMA=/c\PhpMA=0' /etc/ICTM/toggle.conf sed -i '/PhpMA=/c\PhpMA=0' /etc/ICTM/toggle.conf
sed -i --follow-symlinks '/#enables\/disables PHPMyadmin/!b;n;cdeny from all' /etc/apache2/sites-enabled/010-Backend.conf sed -i --follow-symlinks '/#enables\/disables PHPMyadmin/!b;n;cdeny from all' /APADIR/sites-enabled/010-Backend.conf
systemctl reload apache2 systemctl reload APASRV
elif [[ "$1" = "-e" && "$PhpMA" != 1 ]]; then elif [[ "$1" = "-e" && "$PhpMA" != 1 ]]; then
echo "Enable PhpMyadmin" echo "Enable PhpMyadmin"
sed -i '/PhpMA=/c\PhpMA=1' /etc/ICTM/toggle.conf sed -i '/PhpMA=/c\PhpMA=1' /etc/ICTM/toggle.conf
sed -i --follow-symlinks '/#enables\/disables PHPMyadmin/!b;n;c#deny from all' /etc/apache2/sites-enabled/010-Backend.conf sed -i --follow-symlinks '/#enables\/disables PHPMyadmin/!b;n;c#deny from all' /APADIR/sites-enabled/010-Backend.conf
systemctl reload apache2 systemctl reload APASRV
elif [[ "$1" = "-h" ]]; then elif [[ "$1" = "-h" ]]; then
usage usage
else else

1
SubModules/php-fpm/apt.pkg.list Normal file
View File

@@ -0,0 +1 @@
php-pear

39
SubModules/php-fpm/conf.sh
View File

@@ -1,17 +1,32 @@
systemctl stop php${phpver}-fpm systemctl stop $phpFPMService
############### ###############
# PHP-FPM # # PHP-FPM #
############### ###############
sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/"$phpver"/fpm/php.ini sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' "$phpMainConf"
sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' /etc/php/"$phpver"/fpm/php.ini sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' "$phpMainConf"
sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/"$phpver"/fpm/php.ini sed -i 's/;opcache.enable=1/opcache.enable=1/g' "$phpMainConf"
sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/"$phpver"/fpm/php.ini sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' "$phpMainConf"
sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=50000/g' /etc/php/"$phpver"/fpm/php.ini sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=50000/g' "$phpMainConf"
sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/"$phpver"/fpm/php.ini sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' "$phpMainConf"
sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/"$phpver"/fpm/php.ini sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' "$phpMainConf"
sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/"$phpver"/fpm/php.ini sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' "$phpMainConf"
sed -i 's/upload_max_filesize = 2/upload_max_filesize = 128/g' /etc/php/"$phpver"/fpm/php.ini sed -i 's/upload_max_filesize = 2/upload_max_filesize = 128/g' "$phpMainConf"
sed -i 's/post_max_size = 8/post_max_size = 64/g' /etc/php/"$phpver"/fpm/php.ini sed -i 's/post_max_size = 8/post_max_size = 64/g' "$phpMainConf"
if [ "$shortdist" = "el8" ]; then
# Centos Mysql config
echo "pdo_mysql.default_socket = '/var/run/mysqld/mysqld.sock'" >> /etc/opt/remi/php${phpver//.}/php.d/60-mysql_sock.ini
echo "mysql.default_socket = '/var/run/mysqld/mysqld.sock'" >> /etc/opt/remi/php${phpver//.}/php.d/60-mysql_sock.ini
echo "mysqli.default_socket = '/var/run/mysqld/mysqld.sock'" >> /etc/opt/remi/php${phpver//.}/php.d/60-mysql_sock.ini
echo "d /run/php 0755 www-data www-data - -" > /usr/lib/tmpfiles.d/php-custom.conf
#Centos php Bin
sudo ln -s /usr/bin/php${phpver//.} /usr/bin/php
#Centos SeLinux
setsebool -P httpd_can_network_connect 1
fi
systemctl start $phpFPMService
systemctl enable $phpFPMService
systemctl start php${phpver}-fpm

1
SubModules/php-fpm/dnf.pkg.list Normal file
View File

@@ -0,0 +1 @@
PHPprefix-pear PHPprefix

2
SubModules/php-fpm/generic.pkg.list
View File

@@ -1 +1 @@
phpPHPver-imagick php-pear phpPHPver-cli phpPHPver-apcu phpPHPver-fpm phpPHPver-mysql phpPHPver-cgi phpPHPver-common phpPHPver-mbstring phpPHPver-curl phpPHPver-gd phpPHPver-intl phpPHPver-soap phpPHPver-xml phpPHPver-xmlrpc phpPHPver-zip PHPprefix-imagick PHPprefix-cli PHPprefix-apcu PHPprefix-fpm PHPprefix-mysql PHPprefix-cgi PHPprefix-common PHPprefix-mbstring PHPprefix-curl PHPprefix-gd PHPprefix-intl PHPprefix-soap PHPprefix-xml PHPprefix-xmlrpc PHPprefix-zip

22
SubModules/php-fpm/preconf.sh Normal file
View File

@@ -0,0 +1,22 @@
if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then
# Debian/Ubunbtu Php variables
phpPoolDir=/etc/php/${phpver}/fpm/pool.d
phpPkgName=php${phpver}
phpMainConf=/etc/php/${phpver}/fpm/php.ini
phpFPMService=php${phpver}-fpm
elif [ "$shortdist" = "el8" ]; then
# Centos Php variable
phpPoolDir=/etc/opt/remi/php${phpver//.}/php-fpm.d/
phpPkgName=php${phpver//.}-php
phpMainConf=/etc/opt/remi/php${phpver//.}/php.ini
phpFPMService=php${phpver//.}-php-fpm
#Creating Socket directory
mkdir -p /var/run/php
fi
#Storing vars to config
for storeme in phpPoolDir phpPkgName phpMainConf phpFPMService; do
declare -p $storeme | cut -d ' ' -f 3- >> /etc/ICTM/phpvar.list
done

4
SubModules/postfix/conf.sh
View File

@@ -13,4 +13,6 @@ root: $email
EOF EOF
newaliases newaliases
systemctl reload postfix postfix@- systemctl start postfix
systemctl enable postfix
systemctl reload postfix

2
SubModules/postfix/preconf.sh
View File

@@ -7,5 +7,7 @@ if [ -z "${domain}" ]; then
fi fi
fi fi
if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then
debconf-set-selections <<< "postfix postfix/mailname string $domain" debconf-set-selections <<< "postfix postfix/mailname string $domain"
debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'" debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"
fi

1
SubModules/redis/apt.pkg.list Normal file
View File

@@ -0,0 +1 @@
redis-server

2
SubModules/redis/conf.sh
View File

@@ -1,3 +1,3 @@
#!/bin/bash #!/bin/bash
systemctl enable --now redis-server systemctl enable --now $redisService

1
SubModules/redis/dnf.pkg.list Normal file
View File

@@ -0,0 +1 @@
redis

2
SubModules/redis/generic.pkg.list
View File

@@ -1 +1 @@
redis-server phpPHPver-redis PHPprefix-redis

10
SubModules/redis/preconf.sh
View File

@@ -1,3 +1,13 @@
#!/bin/bash #!/bin/bash
if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then
# Debian/Ubunbtu redis variables
redisService=redis-server
elif [ "$shortdist" = "el8" ]; then
# Centos redis variable
redisService=redis
fi
curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=redis osrel=$shortdist bash > $OUTPUT 2>&1 curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=redis osrel=$shortdist bash > $OUTPUT 2>&1

2
config/fail2ban/Jails/nextcloud_unconfigured
View File

@@ -6,4 +6,4 @@ filter = nextcloud
maxretry = 15 maxretry = 15
bantime = 900 bantime = 900
findtime = 900 findtime = 900
logpath = /var/log/nextcloud/SITEname logpath = /var/www/DOMain/html/data/nextcloud.log

42
config/fail2ban/action.d/ufw.conf Normal file
View File

@@ -0,0 +1,42 @@
# Fail2Ban action configuration file for ufw
#
# You are required to run "ufw enable" before this will have any effect.
#
# The insert position should be appropriate to block the required traffic.
# A number after an allow rule to the application won't be of much use.
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = [ -n "<application>" ] && app="app <application>"
ufw insert <insertpos> <blocktype> from <ip> to <destination> $app
actionunban = [ -n "<application>" ] && app="app <application>"
ufw delete <blocktype> from <ip> to <destination> $app
[Init]
# Option: insertpos
# Notes.: The position number in the firewall list to insert the block rule
insertpos = 1
# Option: blocktype
# Notes.: reject or deny
blocktype = reject
# Option: destination
# Notes.: The destination address to block in the ufw rule
destination = any
# Option: application
# Notes.: application from sudo ufw app list
application =
# DEV NOTES:
#
# Author: Guilhem Lettron
# Enhancements: Daniel Black

21
config/selinux/policies/fail2ban-allowhttpd.te Normal file
View File

@@ -0,0 +1,21 @@
module fail2ban-allowhttpd 1.1;
require {
type httpd_sys_rw_content_t;
type fail2ban_t;
type syslogd_var_run_t;
type fail2ban_client_t;
class capability dac_override;
class dir { read getattr search ioctl };
class file { getattr read open search ioctl };
}
#============= fail2ban_client_t ==============
allow fail2ban_client_t httpd_sys_rw_content_t:file getattr;
allow fail2ban_client_t self:capability dac_override;
#============= fail2ban_t ==============
allow fail2ban_t httpd_sys_rw_content_t:dir { read getattr search ioctl };
allow fail2ban_t httpd_sys_rw_content_t:file { read getattr open search ioctl };
allow fail2ban_t syslogd_var_run_t:dir read;
allow fail2ban_t syslogd_var_run_t:file { read getattr open };

35
installer.sh
View File

@@ -24,7 +24,7 @@ fi
#Git-repo #Git-repo
repo=https://git.ictmaatwerk.com/VPS-scripts/Web-V2 repo=https://git.ictmaatwerk.com/VPS-scripts/Web-V2
branch=master branch=Centos-Testing
branchtype=branch #=branch for branch and =tag for release branchtype=branch #=branch for branch and =tag for release
#Installer-config #Installer-config
phpver=7.4 phpver=7.4
@@ -38,29 +38,33 @@ dist=$(grep --color=never -Po "^ID=\K.*" "/etc/os-release")
if [[ "${dist}" == *"ubuntu"* ]] && [[ "${dist_ver}" == *"18.04"* ]]; then if [[ "${dist}" == *"ubuntu"* ]] && [[ "${dist_ver}" == *"18.04"* ]]; then
PKGM="$APTMODE" PKGM="$APTMODE"
PKGUC="$PKGM update"
PKGUP="$PKGM upgrade -y"
PKGI="${PKGM} install -y --no-install-recommends" PKGI="${PKGM} install -y --no-install-recommends"
PKGLIST="apt" PKGLIST="apt"
shortdist=ubu1804 shortdist=ubu1804
elif [[ "${dist}" == *"ubuntu"* ]] && [[ "${dist_ver}" == *"20.04"* ]]; then elif [[ "${dist}" == *"ubuntu"* ]] && [[ "${dist_ver}" == *"20.04"* ]]; then
echo "Ubuntu 20.04 is not yet fully tested, not recommended for production server"
PKGM="$APTMODE" PKGM="$APTMODE"
PKGUC="$PKGM update"
PKGUP="$PKGM upgrade -y"
PKGI="${PKGM} install -y --no-install-recommends" PKGI="${PKGM} install -y --no-install-recommends"
PKGLIST="apt" PKGLIST="apt"
shortdist=ubu2004 shortdist=ubu2004
elif [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"10"* ]]; then elif [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"10"* ]]; then
echo "Debian 10 Detected"
PKGM="$APTMODE" PKGM="$APTMODE"
PKGUC="$PKGM update"
PKGUP="$PKGM upgrade -y"
PKGI="${PKGM} install -y --no-install-recommends" PKGI="${PKGM} install -y --no-install-recommends"
PKGLIST="apt" PKGLIST="apt"
shortdist=deb10 shortdist=deb10
elif [[ "${dist}" == *"centos"* ]] && [[ "${dist_ver}" == *"8"* ]]; then elif [[ "${dist}" == *"centos"* ]] && [[ "${dist_ver}" == *"8"* ]]; then
echo "Centos 8 Detected"
PKGM="dnf" PKGM="dnf"
PKGUC="$PKGM check-update --refresh"
PKGUP="$PKGM update -y"
PKGI="${PKGM} install --setopt=install_weak_deps=False --best -y" PKGI="${PKGM} install --setopt=install_weak_deps=False --best -y"
PKGLIST="dnf" PKGLIST="dnf"
shortdist=cent8 shortdist=el8
echo "This os in not supported" echo "The support for this os is being worked on"
exit
else else
echo "This os in not supported" echo "This os in not supported"
exit exit
@@ -199,7 +203,8 @@ done
##----------------## ##----------------##
if [[ "$syscheckoff" -ne 1 ]] && [[ -d /etc/ICTM ]]; then msg " This system has already been installed by Web-V2" && exit; fi if [[ "$syscheckoff" -ne 1 ]] && [[ -d /etc/ICTM ]]; then msg " This system has already been installed by Web-V2" && exit; fi
if [[ "$syscheckoff" -ne 1 ]] && [[ ! -z $(dpkg -l | cut -d " " -f 3 | grep "^mysql-server") || ! -z $(dpkg -l | cut -d " " -f 3 | grep "nginx") || ! -z $(dpkg -l | cut -d " " -f 3 | grep "apache") || ! -z $(dpkg -l | cut -d " " -f 3 | grep "php") ]] ; then msg " This system has installed packages, Web-V2 is designed for clean systems" && exit; fi ##Check for pkgs, not yet setup for Centos
# if [[ "$syscheckoff" -ne 1 ]] && [[ ! -z $(dpkg -l | cut -d " " -f 3 | grep "^mysql-server") || ! -z $(dpkg -l | cut -d " " -f 3 | grep "nginx") || ! -z $(dpkg -l | cut -d " " -f 3 | grep "apache") || ! -z $(dpkg -l | cut -d " " -f 3 | grep "php") ]] ; then msg " This system has installed packages, Web-V2 is designed for clean systems" && exit; fi
##--------------------------## ##--------------------------##
@@ -207,8 +212,8 @@ if [[ "$syscheckoff" -ne 1 ]] && [[ ! -z $(dpkg -l | cut -d " " -f 3 | grep "^my
##--------------------------## ##--------------------------##
msg " Starting installer" 8 78 msg " Starting installer" 8 78
$PKGM update > $OUTPUT 2>&1 $PKGUC > $OUTPUT 2>&1
$PKGI curl wget > $OUTPUT 2>&1 $PKGI curl wget tar > $OUTPUT 2>&1
##--------## ##--------##
@@ -364,7 +369,7 @@ fi
mkdir -p /etc/ICTM/sites mkdir -p /etc/ICTM/sites
echo "InstDate=$(date "+%d-%B-%Y")" >> /etc/ICTM/mainvar.list echo "InstDate=$(date "+%d-%B-%Y")" >> /etc/ICTM/mainvar.list
for storeme in PKGM PKGI PKGLIST OUTPUT IMODE shortdist repo branch branchtype webserv email shortdist hostname; do for storeme in PKGM PKGI PKGUC PKGUP PKGLIST OUTPUT IMODE shortdist repo branch branchtype webserv email shortdist hostname; do
declare -p $storeme | cut -d ' ' -f 3- >> /etc/ICTM/mainvar.list declare -p $storeme | cut -d ' ' -f 3- >> /etc/ICTM/mainvar.list
done done
@@ -468,7 +473,7 @@ for val1 in ${option[*]}; do
printf " " >>/tmp/pkg.list printf " " >>/tmp/pkg.list
fi fi
if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed""$PKGLIST".pkg.list; then if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed""$PKGLIST".pkg.list; then
curl --retry 7 --retry-delay 5 -s "$modListed""$PKGLIST" >>/tmp/pkg.list curl --retry 7 --retry-delay 5 -s "$modListed""$PKGLIST".pkg.list >>/tmp/pkg.list
printf " " >>/tmp/pkg.list printf " " >>/tmp/pkg.list
fi fi
if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed""$webserv"-"$PKGLIST".pkg.list; then if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed""$webserv"-"$PKGLIST".pkg.list; then
@@ -578,8 +583,8 @@ done
# Installer # # Installer #
##-------------## ##-------------##
$PKGM update $PKGM update -y
sed -i 's/PHPver/'$phpver'/g' /tmp/pkg.list sed -i 's/PHPprefix/'$phpPkgName'/g' /tmp/pkg.list
cat /tmp/pkg.list | xargs $PKGI cat /tmp/pkg.list | xargs $PKGI
@@ -703,4 +708,4 @@ systemctl reload sshd fail2ban
##-------## ##-------##
msg " Done installing!" msg " Done installing!"
for f in /etc/update-motd.d/51*; do bash $f; done if stat --printf='' /etc/update-motd.d/51* 2>/dev/null; then for f in /etc/update-motd.d/51*; do bash $f; done; fi