diff --git a/CMS/Backend/Fpm-Pool.conf-unconfigured b/CMS/Backend/Fpm-Pool.conf-unconfigured index 1fbe55b..84305a2 100644 --- a/CMS/Backend/Fpm-Pool.conf-unconfigured +++ b/CMS/Backend/Fpm-Pool.conf-unconfigured @@ -8,7 +8,7 @@ php_admin_value[disable_functions] = exec,passthru,shell_exec,system php_admin_value[opcache.enable] = 0 php_admin_value[max_input_vars] = 5000 php_admin_value[upload_max_filesize] = 256M -php_admin_value[post_max_size] = 16M +php_admin_value[post_max_size] = 256M php_admin_value[max_input_time] = 15 php_admin_value[cgi.fix_pathinfo] = 0 php_admin_value[allow_url_fopen] = Off diff --git a/CMS/Backend/nginx-siteBackend-unconfigured b/CMS/Backend/nginx-siteBackend-unconfigured index d7fe94f..64aef26 100644 --- a/CMS/Backend/nginx-siteBackend-unconfigured +++ b/CMS/Backend/nginx-siteBackend-unconfigured @@ -24,12 +24,14 @@ location = /backend/netdata { location /backend/database { deny all; #enables/disables PHPMyadmin index index.php index.html; + client_max_body_size 256m; alias /usr/share/phpmyadmin; location ~ \.php$ { include fastcgi_params; fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php/phpPHPver-fpm-Backend.sock; + fastcgi_read_timeout 10m; fastcgi_index index.php; } } diff --git a/CMS/nextcloud/conf.sh b/CMS/nextcloud/conf.sh index 1ab8b42..c27fa16 100644 --- a/CMS/nextcloud/conf.sh +++ b/CMS/nextcloud/conf.sh @@ -45,15 +45,17 @@ if [ "$shortdist" = "el8" ]; then restorecon -r /var/www/ > $OUTPUT 2>&1 fi -#PHP 8.0 Settings -if [ "$phpVerBranch" = "8x" ]; then - if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then - if ! grep -Fxq "apc.enable_cli=1" /etc/php/${phpver}/mods-available/apcu.ini; then - echo "apc.enable_cli=1" >> /etc/php/${phpver}/mods-available/apcu.ini - fi - elif [ "$shortdist" = "el8" ]; then - sed -i "/apc.enable_cli/c\apc.enable_cli=1" /etc/opt/remi/php${phpver//.}/php.d/40-apcu.ini +#Enable PHP-ACPU on CLI +if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then + if ! grep -Fxq "apc.enable_cli=1" /etc/php/${phpver}/mods-available/apcu.ini; then + echo "apc.enable_cli=1" >> /etc/php/${phpver}/mods-available/apcu.ini fi +elif [ "$shortdist" = "el8" ]; then + sed -i "/apc.enable_cli/c\apc.enable_cli=1" /etc/opt/remi/php${phpver//.}/php.d/40-apcu.ini +fi + +#PHP 8.0 Settings +if [ "$phpVerBranch" = "8x" ]; then sed -i "/opcache.enable/c\php_admin_value[opcache.enable] = 1" "$phpPoolDir"/"$sitename".conf fi diff --git a/CoreModules/apache/conf.sh b/CoreModules/apache/conf.sh index e6dc629..0479bd9 100644 --- a/CoreModules/apache/conf.sh +++ b/CoreModules/apache/conf.sh @@ -4,7 +4,7 @@ systemctl stop $apacheService > $OUTPUT 2>&1 # Apache # ############## -if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then +if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then a2dissite 000-default > $OUTPUT 2>&1 a2dismod mpm_prefork > $OUTPUT 2>&1 a2enmod actions fcgid alias proxy_fcgi proxy_http ssl headers http2 setenvif socache_shmcb rewrite > $OUTPUT 2>&1 diff --git a/CoreModules/apache/preconf.sh b/CoreModules/apache/preconf.sh index 87a4508..441a93f 100644 --- a/CoreModules/apache/preconf.sh +++ b/CoreModules/apache/preconf.sh @@ -1,4 +1,4 @@ -if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then +if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then # Debian/Ubunbtu apache variables apacheConfDir=/etc/apache2 apacheService=apache2 diff --git a/CoreModules/generic/preconf.sh b/CoreModules/generic/preconf.sh index 24fc427..10f3a35 100644 --- a/CoreModules/generic/preconf.sh +++ b/CoreModules/generic/preconf.sh @@ -1,4 +1,4 @@ -if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then +if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then ######################## # Debian/Ubunbtu # ######################## diff --git a/CoreModules/nginx/conf.sh b/CoreModules/nginx/conf.sh index 4f96f79..3c8177f 100644 --- a/CoreModules/nginx/conf.sh +++ b/CoreModules/nginx/conf.sh @@ -42,7 +42,7 @@ mkdir -p /opt/toggle curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/toggles/toggle-Netdata_NGINX.sh -o /opt/toggle/toggle-Netdata.sh curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/toggles/toggle-PhpMyAdmin_NGINX.sh -o /opt/toggle/toggle-PhpMyAdmin.sh ##monit toggle -if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then +if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then monitconf=/etc/monit/monitrc elif [ "$shortdist" = "el8" ]; then monitconf=/etc/monitrc diff --git a/PhpUpdater.sh b/PhpUpdater.sh index d8b41a7..f8188b2 100644 --- a/PhpUpdater.sh +++ b/PhpUpdater.sh @@ -6,9 +6,17 @@ source /etc/ICTM/mainvar.list if [ -z $shortdist ] ; then source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/MicroOSDetect.sh) ; fi if [ ! -f "/etc/ICTM/phpvar.list" ] ; then bash <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/GeneratePhplist.sh) ; fi source /etc/ICTM/phpvar.list -if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then +if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ]; then + # Ubuntu Php variable apt update - RepoVersion=`apt list |grep php | grep deb.sury.org| cut -f1 -d"-"| tail -1 |sed 's/php//'` + if ! ls /var/lib/apt/lists/ppa.launchpad.net_ondrej_php*_Packages > /dev/null 2>&1 ; then echo 'PHP(Sury) repo not installed' && echo 'Install using: curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=php bash' && exit ; fi + RepoVersion=`grep -h '^Package: php' /var/lib/apt/lists/ppa.launchpad.net_ondrej_php*_Packages | cut -f1 -d"-" | sort | tail -1| sed -e 's/Package: php//'` +elif [ "$shortdist" = "deb10" ]|| [ "$shortdist" = "deb11" ]; then + # Debian Php variable + apt update + if ! ls /var/lib/apt/lists/packages.sury.org_php*_Packages > /dev/null 2>&1 ; then echo 'PHP(Sury) repo not installed' && echo 'Install using: curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=php bash' && exit ; fi + RepoVersion=`grep -h '^Package: php' /var/lib/apt/lists/packages.sury.org*_Packages| cut -f1 -d"-" | sort | tail -1| sed -e 's/Package: php//'` +fi elif [ "$shortdist" = "el8" ]; then dnf check-update --refresh RepoVersion=`dnf list php* | awk '{print $1; }' | cut -f1 -d"-"| tail -1 |sed 's/php//' | sed 's/./&./1'` @@ -32,7 +40,7 @@ if [ $IMODE = n ]; then if (whiptail --title "Set new php version?" --yesno "Install php version $RepoVersion ?" 8 78); then newphpver=$RepoVersion else - newphpver=$(whiptail --inputbox "Please enter the version to install" --title "Custom" 8 39 3>&1 1>&2 2>&3) + newphpver=$(whiptail --inputbox "Please enter the version to install" --nocancel --title "Custom" 8 39 3>&1 1>&2 2>&3) fi fi @@ -55,7 +63,7 @@ if [ $IMODE = l ]; then fi #Genereating vars for new php version - if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then + if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then # Debian/Ubunbtu Php variables newphpPoolDir=/etc/php/${newphpver}/fpm/pool.d newphpPkgName=php${newphpver} diff --git a/Scripts/GenerateApacheList.sh b/Scripts/GenerateApacheList.sh index 49de67f..4c5670b 100644 --- a/Scripts/GenerateApacheList.sh +++ b/Scripts/GenerateApacheList.sh @@ -2,7 +2,7 @@ if [ ! -f "/etc/ICTM/mainvar.list" ] ; then echo 'This system is not yet setup, source /etc/ICTM/mainvar.list if [ -z $shortdist ] ; then source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/MicroOSDetect.sh) ; fi -if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then +if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then # Debian/Ubunbtu apache variables apacheConfDir=/etc/apache2 apacheService=apache2 diff --git a/Scripts/GeneratePhplist.sh b/Scripts/GeneratePhplist.sh index e848b8e..c31b16d 100644 --- a/Scripts/GeneratePhplist.sh +++ b/Scripts/GeneratePhplist.sh @@ -2,7 +2,7 @@ if [ ! -f "/etc/ICTM/mainvar.list" ] ; then echo 'This system is not yet setup, source /etc/ICTM/mainvar.list if [ -z $shortdist ] ; then source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/MicroOSDetect.sh) ; fi -if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then +if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then # Debian/Ubunbtu Php variables phpPoolDir=/etc/php/${phpver}/fpm/pool.d phpPkgName=php${phpver} diff --git a/Scripts/MicroOSDetect.sh b/Scripts/MicroOSDetect.sh index c6ccf85..4ea533c 100644 --- a/Scripts/MicroOSDetect.sh +++ b/Scripts/MicroOSDetect.sh @@ -7,6 +7,8 @@ if [[ "${dist}" == *"ubuntu"* ]] && [[ "${dist_ver}" == *"18.04"* ]]; then shortdist=ubu2004 elif [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"10"* ]]; then shortdist=deb10 +elif [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"11"* ]]; then + shortdist=deb11 elif [[ "${dist}" == *"centos"* ]] && [[ "${dist_ver}" == *"8"* ]]; then shortdist=el8 else diff --git a/Scripts/SMI.sh b/Scripts/SMI.sh index 06ac178..b4ee86c 100644 --- a/Scripts/SMI.sh +++ b/Scripts/SMI.sh @@ -45,14 +45,18 @@ elif [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"10"* ]]; then PKGI="${PKGM} install -y --no-install-recommends" PKGLIST="apt" shortdist=deb10 +elif [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"11"* ]]; then + echo "Debian 11 Detected" + PKGM="$APTMODE" + PKGI="${PKGM} install -y --no-install-recommends" + PKGLIST="apt" + shortdist=deb11 elif [[ "${dist}" == *"centos"* ]] && [[ "${dist_ver}" == *"8"* ]]; then echo "Centos 8 Detected" PKGM="dnf" PKGI="${PKGM} install --setopt=install_weak_deps=False --best -y" PKGLIST="dnf" shortdist=el8 - echo "This OS is not supported" - exit else echo "This OS is not supported" exit diff --git a/SubModules/php-fpm/preconf.sh b/SubModules/php-fpm/preconf.sh index 29ff8de..79fe42c 100644 --- a/SubModules/php-fpm/preconf.sh +++ b/SubModules/php-fpm/preconf.sh @@ -1,4 +1,4 @@ -if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then +if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then # Debian/Ubunbtu Php variables phpPoolDir=/etc/php/${phpver}/fpm/pool.d phpPkgName=php${phpver} diff --git a/SubModules/postfix/Postfix-EnableSSL.sh b/SubModules/postfix/Postfix-EnableSSL.sh new file mode 100644 index 0000000..7bd2e61 --- /dev/null +++ b/SubModules/postfix/Postfix-EnableSSL.sh @@ -0,0 +1,32 @@ +#Sript for setting up SSL/TLS for Postfix (Web-V2) + +##Loading install vars +source /etc/ICTM/mainvar.list +##Checking if hostname cert exists +if [ ! -f "/etc/acmesh/inst/$hostname/cert.pem" ] || [ ! -f "/etc/acmesh/inst/$hostname/key.pem" ] ; then echo 'SSL Certificate for $hostname is not installed' && exit ; fi + +##Updating Postix config +printf "Updating Postfix config" +systemctl stop postfix +sed -i "/smtpd_tls_cert_file=/c\ssmtpd_tls_cert_file=/etc/acmesh/inst/$hostname/cert.pem" /etc/postfix/main.cf +sed -i "/smtpd_tls_key_file=/c\smtpd_tls_key_file=/etc/acmesh/inst/$hostname/key.pem" /etc/postfix/main.cf +systemctl start postfix +printf " [\e[1;32m Ok \e[0m]\n" + +##Adding postfix to SSL services (so it gets reloaded when a the cert is renewd) +printf "Updating SSL services list" +echo "postfix" >> /etc/ICTM/SslServices +printf " [\e[1;32m Ok \e[0m]\n" + +##Remove script +while true; do + read -p "Remove this script -> yes/no?" yn + case $yn in + [Nn]* ) + break;; + [Yy]* ) + rm -- "$0" + break;; + * )echo "Choose yes or no.";; + esac +done \ No newline at end of file diff --git a/SubModules/postfix/conf.sh b/SubModules/postfix/conf.sh index 2d4c3b7..7ccc6b6 100644 --- a/SubModules/postfix/conf.sh +++ b/SubModules/postfix/conf.sh @@ -52,7 +52,7 @@ ${hostname} EOF -if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then +if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then mkdir -p /var/spool/postfix/var/run/opendkim sudo chown opendkim:postfix /var/spool/postfix/var/run/opendkim sed -i "/^RUNDIR=/c\RUNDIR=/var/spool/postfix/var/run/opendkim" /etc/default/opendkim @@ -90,6 +90,9 @@ chmod +x /etc/update-motd.d/51-generalspf systemctl start postfix opendkim systemctl enable postfix opendkim +#Getting script for enableling ssl on Postfix +curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/postfix/Postfix-EnableSSL.sh -o ~/Postfix-EnableSSL.sh + #if using Append module run for existing cms/sites if [ "$itype" = "AddMod" ]; then for file in /etc/ICTM/sites/*; do diff --git a/SubModules/postfix/preconf.sh b/SubModules/postfix/preconf.sh index fec0bd6..3c7e3bf 100644 --- a/SubModules/postfix/preconf.sh +++ b/SubModules/postfix/preconf.sh @@ -1,4 +1,4 @@ -if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then +if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then debconf-set-selections <<< "postfix postfix/mailname string $hostname" debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'" fi \ No newline at end of file diff --git a/SubModules/redis/preconf.sh b/SubModules/redis/preconf.sh index 8dec08d..cc761e0 100644 --- a/SubModules/redis/preconf.sh +++ b/SubModules/redis/preconf.sh @@ -1,6 +1,6 @@ #!/bin/bash -if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then +if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then # Debian/Ubunbtu redis variables redisService=redis-server diff --git a/extModules.list b/extModules.list index f2d9b69..7fee0bf 100644 --- a/extModules.list +++ b/extModules.list @@ -1,4 +1,5 @@ https://git.ictmaatwerk.com/VPS-scripts/MySQL/raw/branch/master/ https://git.ictmaatwerk.com/VPS-scripts/Unattended-Security-Updates/raw/branch/master/ https://git.ictmaatwerk.com/VPS-scripts/Backup-Util/raw/branch/master/ -https://git.ictmaatwerk.com/VPS-scripts/AcmeSH/raw/branch/main/ \ No newline at end of file +https://git.ictmaatwerk.com/VPS-scripts/AcmeSH/raw/branch/main/ +https://git.ictmaatwerk.com/VPS-scripts/MariaDB/raw/branch/master/ \ No newline at end of file diff --git a/installer.sh b/installer.sh index e9ee770..d75359d 100644 --- a/installer.sh +++ b/installer.sh @@ -64,6 +64,13 @@ elif [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"10"* ]]; then PKGI="${PKGM} install -y --no-install-recommends" PKGLIST="apt" shortdist=deb10 +elif [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"11"* ]]; then + PKGM="$APTMODE" + PKGUC="$PKGM update" + PKGUP="$PKGM upgrade -y" + PKGI="${PKGM} install -y --no-install-recommends" + PKGLIST="apt" + shortdist=deb11 elif [ "$(grep -oP '(?<=^PLATFORM_ID=).+' /etc/os-release | tr -d '"')" = "platform:el8" ]; then PKGM="dnf" PKGUC="$PKGM check-update --refresh" @@ -750,7 +757,14 @@ done # Services # ##------------## -systemctl reload sshd fail2ban +#Set ssh service for distro +if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then + SSHService=ssh +elif [ "$shortdist" = "el8" ]; then + SSHService=sshd +fi + +systemctl reload $SSHService fail2ban ##-------##