Clean fail2ban jail folder before creating own jails

they wil also be displayed at the end of installation

AppendCMS.sh

@@ -7,19 +7,12 @@ if [ ! -f "/etc/ICTM/selopts.list" ] || [ ! -f "/etc/ICTM/mainvar.list" ] ; then
 
 source /etc/ICTM/selopts.list
 source /etc/ICTM/mainvar.list
+rm /tmp/apt.list
 source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/ModulesMenu.list)
 
 #Setting Menulist to webserver
-if [[ $webserv = "apache" ]]; then
-#Apache Menulist
-CMSL=("${ApacheCMSL[@]}")
-options=("${ApacheOptions[@]}")
-fi
-if [[ $webserv = "nginx" ]]; then
-#Nginx Menulist
-CMSL=("${NginxCMSL[@]}")
-options=("${NginxOptions[@]}")
-fi
+declare -n CMSL="$webserv"CMSL
+declare -n options="$webserv"Options
 
 
 ##----------------##
@@ -80,6 +73,19 @@ if [ $IMODE = n ]; then
     domain=$(whiptail --nocancel --inputbox "                        Enter the domain without WWW     " 11 82 --title "Config" 3>&1 1>&2 2>&3)
     [[ -d "/var/www/"$domain"/html" ]] && msg "              This domain already exists on this server, Exiting" 8 78 && exit;
     if (whiptail --title "Config" --yesno "                 Does www.${domain} exist in DNS" 8 78); then domainwww=1; else domainwww=0; fi
+    if (whiptail --title "Set sitename?" --yesno "Set sitename to ${domain//./_} ?" 8 78); then
+    sitename=${domain//./_}
+    else
+    while true; do
+      sitename=$(whiptail --nocancel --inputbox "Enter sitename, Must NOT contain special characters, except: _" 8 78 --title "Sitename" 3>&1 1>&2 2>&3)
+      if [[ $sitename == *['!'@#\$%^\&*()+,.]* ]] || [ -z "$sitename" ]
+      then
+         whiptail  --msgbox "   Site can't be empty, or contain a special character except for: _" 11 78
+      else 
+      break
+      fi
+    done
+    fi
     if (whiptail --title "Config" --yesno "                       Enable SSL on installation?" 11 78); then sslenable=1; else sslenable=0; fi
     PasswordQuest
     CMS=$(whiptail --title "What CMS should be installed?" --radiolist "Features" 11 118 5 "${CMSL[@]}" 3>&1 1>&2 2>&3)
@@ -101,6 +107,23 @@ if [ $IMODE = l ]; then
             * ) echo "Choose yes of no.";;
         esac
     done
+    read -p "Set sitename to ${domain//./_}? (y/n)" choice
+    case "$choice" in
+      y|Y ) sitename=${domain//./_};;
+      n|N ) echo "";
+      while true; do
+      echo "Please enter sitename, Must NOT contain special characters, except: _";read sitename
+      if [[ $sitename == *['!'@#\$%^\&*()+,.]* ]] || [ -z "$sitename" ]
+      then
+         echo "Site can't be empty, or contain a special character except for: _"
+      else 
+      break
+      fi
+    done
+      ;;
+      * ) echo "invalid";;
+    esac
+
     while true; do
         read -p "Enable SSL on installation? -> yes/no?" yn
         case $yn in
@@ -145,12 +168,12 @@ fi
 #   Preconf   #
 ##-----------##
 
-echo "Running preconf for Webserv"
+msg "           Running preconf for Webserv"
 if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/appendCMS-preconf.sh; then
     source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/appendCMS-preconf.sh)
 fi
 
-echo "Running preconf for CMS"
+msg "            Running preconf for CMS"
 if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CMS/"$CMS"/preconf.sh; then
     source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CMS/"$CMS"/preconf.sh)
 fi
@@ -173,27 +196,61 @@ cat /tmp/apt.list | xargs $PKGI
 #   Configuring   #
 ##---------------##
 
-echo "Running conf for Webserv"
+msg "           Running conf for Webserv"
 if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/appendCMS-conf.sh; then
     source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/appendCMS-conf.sh)
 fi
 
-echo "Setting up SSL"
 if [ $sslenable = 1 ]; then
-    if [ $domainwww = 1 ]; then
-        certbot --"$webserv" -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
-    elif [ $domainwww = 0 ]; then
-        certbot --"$webserv" -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
+msg "                Setting up SSL"
+    if [ $webserv = nginx_nonphp ]; then
+        certwebserv=nginx
+    else
+        certwebserv=$webserv
     fi
+    site_ext=ssl
+    if [ $domainwww = 1 ]; then
+        certbot --"$certwebserv" certonly -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
+    elif [ $domainwww = 0 ]; then
+        certbot --"$certwebserv" certonly -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
+    fi
+    if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/ssl-handler.sh; then
+        source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/ssl-handler.sh)
+    fi
+elif [ $sslenable = 0 ]; then
+    site_ext=nossl
 fi
 
 wget -q -t7 "$repo"/raw/branch/"$branch"/Scripts/EnableSSL.sh -O ~/activateSSL-$domain.sh
-sed -i -e 's/DOMAINname/'$domain'/' -e 's/CONFname/'$domain'/' -e 's/DomainWWW/'$domainwww'/' -e 's/Email/'$email'/' -e 's/WebServer/'$webserv'/' ~/activateSSL-$domain.sh
+sed -i -e 's/DOMAINname/'$domain'/' -e 's/CONFname/'$sitename'/' -e 's/DomainWWW/'$domainwww'/' -e 's/Email/'$email'/' -e 's/WebServer/'$webserv'/' ~/activateSSL-$domain.sh
 
-echo "Running conf for CMS"
+msg "              Running conf for CMS"
 if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CMS/"$CMS"/conf.sh; then
     source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CMS/"$CMS"/conf.sh)
 fi
 if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CMS/"$CMS"/"$webserv"-conf.sh; then
     source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CMS/"$CMS"/"$webserv"-conf.sh)
-fi
+fi
+
+##--------------------------##
+#   Backup-util Site Setup   #
+##--------------------------##
+
+repobckutil=https://git.ictmaatwerk.com/VPS-scripts/Backup-Util
+branchbckutil=master
+if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repobckutil"/raw/branch/"$branchbckutil"/cms-handeler.sh; then
+ source <(curl --retry 7 --retry-delay 5 -s "$repobckutil"/raw/branch/"$branchbckutil"/cms-handeler.sh)
+fi
+
+##------------##
+#   Services   #
+##------------##
+
+systemctl reload fail2ban
+
+##-------##
+#   Done  #
+##-------##
+
+msg "                Added CMS!"
+for f in /etc/update-motd.d/51*; do bash $f; done

AppendModule.sh

@@ -11,19 +11,12 @@ if [ ! -f "/etc/ICTM/selopts.list" ] || [ ! -f "/etc/ICTM/mainvar.list" ] ; then
 
 source /etc/ICTM/selopts.list
 source /etc/ICTM/mainvar.list
+rm /tmp/apt.list
 source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/ModulesMenu.list)
 
 #Setting Menulist to webserver
-if [[ $webserv = "apache" ]]; then
-#Apache Menulist
-CMSL=("${ApacheCMSL[@]}")
-options=("${ApacheOptions[@]}")
-fi
-if [[ $webserv = "nginx" ]]; then
-#Nginx Menulist
-CMSL=("${NginxCMSL[@]}")
-options=("${NginxOptions[@]}")
-fi
+declare -n CMSL="$webserv"CMSL
+declare -n options="$webserv"Options
 
 #Filtering already installed modules
 for target in "${SelectedOptions[@]}"; do
@@ -155,7 +148,7 @@ option="$option""$aonoption"
 ##-----------##
 
 
-echo "Generating apt list for Options"
+msg "        Generating apt list for Options"
 for val1 in ${option[*]}; do
     echo "$val1" #TMP
     modListed=$(wget -t7 -qO - "$repo"/raw/branch/master/extModules.list|grep "$val1")
@@ -189,7 +182,7 @@ done
 #   Preconf   #
 ##-----------##
 
-echo "Running preconf for Options"
+msg "          Running preconf for Options"
 for val1 in ${option[*]}; do
     echo "$val1" #TMP
     modListed=$(wget -t7 -qO - "$repo"/raw/branch/master/extModules.list|grep "$val1")
@@ -228,7 +221,7 @@ cat /tmp/apt.list | xargs $PKGI
 #   Configuring   #
 ##---------------##
 
-echo "Running conf for Options"
+msg "            Running conf for Options"
 for val1 in ${option[*]}; do
     echo "$val1" #TMP
     modListed=$(wget -t7 -qO - "$repo"/raw/branch/master/extModules.list|grep "$val1")
@@ -252,3 +245,11 @@ for val1 in ${option[*]}; do
         fi
     fi
 done
+
+
+##-------##
+#   Done  #
+##-------##
+
+msg "                Added Module!"
+for f in /etc/update-motd.d/51*; do bash $f; done

CMS/Backend/Fpm-Pool.conf-unconfigured

@@ -0,0 +1,28 @@
+[Backend]
+user = Backend
+group = Backend
+listen = /var/run/php/phpPHPver-fpm-Backend.sock
+listen.owner = www-data
+listen.group = www-data
+php_admin_value[disable_functions] = exec,passthru,shell_exec,system
+php_admin_value[opcache.enable] = 0      
+php_admin_value[max_input_vars] = 5000                                                                                                                                                                                                                                         
+php_admin_value[upload_max_filesize] = 256M                                                                                                                                                                                                                                    
+php_admin_value[post_max_size] = 16M                                                                                                                                                                                                                                           
+php_admin_value[max_input_time] = 15                                                                                                                                                                                                                                           
+php_admin_value[cgi.fix_pathinfo] = 0                                                                                                                                                                                                                                          
+php_admin_value[allow_url_fopen] = Off                                                                                                                                                                                                                                         
+php_admin_value[file_uploads] = Off                                                                                                                                                                                                                                   
+php_admin_value[open_basedir] = /var/log/PhpMyAdmin:/usr/share/phpmyadmin:/var/lib/phpmyadmin:/etc/phpmyadmin                                                                                                                                                                                                                 
+php_admin_value[session.use_strict_mode] = 1                                                                                                                                                                                                                                   
+php_admin_value[session.cookie_httponly] = 1                                                                                                                                                                                                                                   
+;HTTPSONLY php_admin_value[session.cookie_samesite] = Strict                                                                                                                                                                                                                              
+;HTTPSONLY php_admin_value[session.cookie_secure] = 1                                                                                                                                                                                                                                     
+                                                                                                                                                                                                                                                                               
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+chdir = /
+

CMS/Backend/apache-conf.sh

@@ -0,0 +1,4 @@
+wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/Backend/apache-siteBackend-unconfigured -O /tmp/apache-siteconf
+sed -i -e 's/PHPver/'$phpver'/' -e 's/DOMAINname/'$hostname'/' /tmp/apache-siteconf
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' /etc/apache2/sites-available/Backend_"$site_ext".conf
+systemctl reload apache2

CMS/Backend/apache-siteBackend-unconfigured

@@ -0,0 +1,23 @@
+#beginConf
+
+ErrorLog ${APACHE_LOG_DIR}/Backend_error.log
+#CustomLog ${APACHE_LOG_DIR}/Backend_custom.log combined
+
+DirectoryIndex index.php index.html index.htm
+DocumentRoot /var/www/html
+
+Alias /backend/database /usr/share/phpmyadmin
+
+<Directory /usr/share/phpmyadmin>
+    #enables/disables PHPMyadmin
+    deny from all
+    Require all granted
+    Options FollowSymLinks
+    DirectoryIndex index.php
+<FilesMatch \.php$>
+    SetHandler "proxy:unix:/var/run/php/phpPHPver-fpm-Backend.sock|fcgi://localhost"
+</FilesMatch>
+
+</Directory>
+
+#endConf

CMS/Backend/conf.sh

@@ -0,0 +1,14 @@
+#Backend PHP Pool
+wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/Backend/Fpm-Pool.conf-unconfigured -O /etc/php/"$phpver"/fpm/pool.d/Backend.conf
+sed -i 's/PHPver/'$phpver'/' /etc/php/"$phpver"/fpm/pool.d/Backend.conf
+groupadd Backend
+useradd -g Backend Backend
+#PHPMyAdmin configuration
+touch /var/log/PhpMyAdmin/PhpMyAdmin_auth.log
+chown Backend:Backend -R /usr/share/phpmyadmin
+chown Backend:Backend -R /var/lib/phpmyadmin/tmp
+chown Backend:Backend -R /var/log/PhpMyAdmin
+systemctl reload php"$phpver"-fpm
+#Auto disable backends at night
+echo "0 0 * * * root bash /opt/toggle/toggle-Netdata.sh -d > >/dev/null 2>&1" >> /etc/cron.d/autodisablebackend
+echo "0 0 * * * root bash /opt/toggle/toggle-PhpMyAdmin.sh -d > >/dev/null 2>&1" >> /etc/cron.d/autodisablebackend

CMS/Backend/nginx-conf.sh

@@ -1,4 +1,4 @@
 wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/Backend/nginx-siteBackend-unconfigured -O /tmp/nginx-backendconf
 sed -i -e 's/PHPver/'$phpver'/' -e 's/DOMAINname/'$hostname'/' /tmp/nginx-backendconf
-sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-backendconf' -e '/#ConfHere/c\' /etc/nginx/sites-enabled/Backend
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-backendconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/Backend_"$site_ext"
 systemctl reload nginx

CMS/Backend/nginx-siteBackend-unconfigured

@@ -1,4 +1,8 @@
 #beginConf
+
+#access_log /var/log/nginx/Backend-access.log;
+error_log /var/log/nginx/Backend-error.log;
+
 location = /backend/netdata {
             return 301 /backend/netdata/;
         }
@@ -25,7 +29,7 @@ location = /backend/netdata {
             include fastcgi_params;
             fastcgi_param SCRIPT_FILENAME $request_filename;
             fastcgi_split_path_info ^(.+\.php)(/.+)$;
-            fastcgi_pass unix:/var/run/php/phpPHPver-fpm.sock;
+            fastcgi_pass unix:/var/run/php/phpPHPver-fpm-Backend.sock;
             fastcgi_index index.php;
         }
     }

CMS/nextcloud/Apache-unconfigured

@@ -0,0 +1,31 @@
+#beginConf
+
+ErrorLog ${APACHE_LOG_DIR}/SITEname_error.log
+#CustomLog ${APACHE_LOG_DIR}/SITEname_custom.log combined
+
+DirectoryIndex index.php index.html index.htm
+DocumentRoot /var/www/DOMAINname/html
+
+Redirect 301 /.well-known/carddav /remote.php/dav
+Redirect 301 /.well-known/caldav /remote.php/dav
+
+<Directory /var/www/DOMAINname/html>
+  Require all granted
+  AllowOverride All
+  Options FollowSymLinks MultiViews
+  Satisfy Any
+  <IfModule mod_dav.c>
+    Dav off
+  </IfModule>
+
+</Directory>
+
+<Directory "/var/www/DOMAINname/html/data/">
+    Require all denied
+</Directory>
+
+<FilesMatch \.php$>
+    SetHandler "proxy:unix:/var/run/php/phpPHPver-fpm-SITEname.sock|fcgi://localhost"
+</FilesMatch>
+
+#endConf

CMS/nextcloud/Fpm-Pool.conf-unconfigured

@@ -0,0 +1,45 @@
+[SITEname]
+user = SITEname
+group = SITEname
+listen = /var/run/php/phpPHPver-fpm-SITEname.sock
+listen.owner = www-data
+listen.group = www-data
+php_admin_value[disable_functions] = exec,passthru,shell_exec,system
+php_admin_value[error_log] = /var/log/php-fpm/error-SITEname.log
+; OPCACHE SETTINGS
+php_admin_value[opcache.memory_consumption] = 256
+php_admin_value[opcache.enable] = 0
+php_admin_value[opcache.interned_strings_buffer] = 32
+php_admin_value[opcache.max_accelerated_files] = 50000
+php_admin_value[opcache.max_wasted_percentage] = 5
+php_admin_value[opcache.revalidate_freq] = 0
+php_admin_value[opcache.validate_timestamps] = 1
+
+; PERFORMANCE LIMITS
+php_admin_value[max_input_vars] = 1000
+php_admin_value[upload_max_filesize] = 1G
+php_admin_value[post_max_size] = 1G
+php_admin_value[max_input_time] = 60
+php_admin_value[memory_limit] = 512M
+
+; SECURITY
+php_admin_value[cgi.fix_pathinfo] = 0
+php_admin_value[allow_url_fopen] = Off
+php_admin_value[file_uploads] = on
+php_admin_value[open_basedir] = /var/www/DOMAINname/html:/var/run/php/phpPHPver-fpm-SITEname.sock:/var/lib/redis/redis.sock:/proc/meminfo:/proc/cpuinfo:/dev/urandom:/tmp
+php_admin_value[session.use_strict_mode] = 1
+php_admin_value[session.cookie_httponly] = 1
+;HTTPSONLY php_admin_value[session.cookie_samesite] = Strict
+;HTTPSONLY php_admin_value[session.cookie_secure] = 1
+
+pm = dynamic
+pm.max_children = 30
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 5
+chdir = /
+env[HOSTNAME] = $HOSTNAME
+env[PATH] = /usr/local/bin:/usr/bin:/bin
+env[TMP] = /tmp
+env[TMPDIR] = /tmp
+env[TEMP] = /tmp

CMS/nextcloud/MotdNextCloud

@@ -1,5 +1,5 @@
 #!/bin/sh
 red='\e[1;31m%s\e[0m\n'
 printf "\n"
-printf $red "Please run nextcloud-init.sh after the first nextcloud login"
+printf $red "Please run bash ~/NextcloudInit-SITEname.sh after the first nextcloud login"
 printf "\n"

CMS/nextcloud/Nginx-unconfigured

@@ -1,15 +1,18 @@
 #beginConf
+
+#access_log /var/log/nginx/SITEname-access.log;
+error_log /var/log/nginx/SITEname-error.log;
+
 root /var/www/DOMAINname/html;
 # Set max upload size
 client_max_body_size 1G;
 
 add_header Referrer-Policy "no-referrer" always;
-add_header X-Content-Type-Options "nosniff" always;
 add_header X-Download-Options "noopen" always;
-add_header X-Frame-Options "SAMEORIGIN" always;
 add_header X-Permitted-Cross-Domain-Policies "none" always;
 add_header X-Robots-Tag "none" always;
-add_header X-XSS-Protection "1; mode=block" always;
+fastcgi_send_timeout 300;
+fastcgi_read_timeout 300;
 fastcgi_hide_header X-Powered-By;
 fastcgi_buffers 64 4K;
 gzip on;
@@ -53,7 +56,7 @@ location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|u
     fastcgi_param HTTPS on;
     fastcgi_param modHeadersAvailable true;
     fastcgi_param front_controller_active true;
-    fastcgi_pass unix:/var/run/php/phpPHPver-fpm.sock;
+    fastcgi_pass unix:/var/run/php/phpPHPver-fpm-SITEname.sock;
     fastcgi_intercept_errors on;
     fastcgi_request_buffering off;
 }
@@ -67,12 +70,9 @@ location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
     try_files $uri /index.php$request_uri;
     add_header Cache-Control "public, max-age=15778463";
     add_header Referrer-Policy "no-referrer" always;
-    add_header X-Content-Type-Options "nosniff" always;
     add_header X-Download-Options "noopen" always;
-    add_header X-Frame-Options "SAMEORIGIN" always;
     add_header X-Permitted-Cross-Domain-Policies "none" always;
     add_header X-Robots-Tag "none" always;
-    add_header X-XSS-Protection "1; mode=block" always;
     access_log off;
 }
 

CMS/nextcloud/apache-conf.sh

@@ -0,0 +1,11 @@
+#Apache
+wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/nextcloud/Apache-unconfigured -O /tmp/apache-siteconf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/' -e 's/SITEname/'$sitename'/' /tmp/apache-siteconf
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' /etc/apache2/sites-available/"$sitename"_"$site_ext".conf
+chown "$sitename":"$sitename" -R /var/www/"$domain"/html
+
+#PHP
+sed -i -e '/cgi.fix_pathinfo/c\php_admin_value[cgi.fix_pathinfo] = 1' /etc/php/"$phpver"/fpm/pool.d/$sitename.conf
+sed -i -e '/security.limit_extensions/c\php_admin_value[security.limit_extensions] = .php' /etc/php/"$phpver"/fpm/pool.d/$sitename.conf
+
+systemctl reload apache2 php$phpver-fpm

CMS/nextcloud/apt.list

@@ -1 +1 @@
-libmagickcore-6.q16-3-extra libxml2 openssl zlib1g libpng-dev
+libmagickcore-6.q16-3-extra libxml2 openssl zlib1g libpng-dev phpPHPver-apcu phpPHPver-bcmath phpPHPver-gmp

CMS/nextcloud/conf.sh

@@ -0,0 +1,58 @@
+#PHP Pool
+wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/nextcloud/Fpm-Pool.conf-unconfigured -O /etc/php/"$phpver"/fpm/pool.d/"$sitename".conf
+sed -i -e 's/PHPver/'$phpver'/' -e 's/SITEname/'$sitename'/' -e 's/DOMAINname/'$domain'/' /etc/php/"$phpver"/fpm/pool.d/$sitename.conf
+groupadd "$sitename"
+useradd -g "$sitename" "$sitename"
+mkdir -p /var/www/"$domain"/html/data
+
+#Getting Nextcloud
+wget -t7 http://mirror.nxdi.nl/resources/nextcloud/latest.tar.bz2 -O /tmp/nextcloud.tar.bz2
+tar jxf /tmp/nextcloud.tar.bz2 -C /tmp
+cp -a /tmp/nextcloud/. /var/www/"$domain"/html
+touch /var/www/"$domain"/html/data/nextcloud.log
+
+#Creating DB
+db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1`
+db_name="nextcloud_$db_suffix"
+db_user="nextcloud_$db_suffix"
+db_pass=$(date +%s|sha256sum|base64|head -c 32)
+mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;" > $OUTPUT 2>&1
+mysql -u root -p"$password" -e "CREATE USER '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';" > $OUTPUT 2>&1
+mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost';" > $OUTPUT 2>&1
+mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" > $OUTPUT 2>&1
+
+#Configuring Nextcloud
+cat <<EOF > /var/www/$domain/html/config/autoconfig.php
+<?php
+\$AUTOCONFIG = array(
+  "dbtype"        => "mysql",
+  "dbname"        => "${db_name}",
+  "dbuser"        => "${db_user}",
+  "dbpass"        => "${db_pass}",
+  "dbhost"        => "localhost",
+  "dbtableprefix" => "",
+  "simpleSignUpLink.shown" => false,
+  "directory"     => "/var/www/$domain/html/data",
+);
+EOF
+
+chown "$sitename":"$sitename" -R /var/www/"$domain"/html
+
+#Makeing nextcloud Finalize script and setting login Notice
+wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/nextcloud/nextcloud-init.sh -O ~/NextcloudInit-"$sitename".sh
+sed -i -e 's/DOMAINname/'$domain'/' -e 's/SITEname/'$sitename'/' ~/NextcloudInit-"$sitename".sh
+wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/nextcloud/MotdNextCloud -O /etc/update-motd.d/51-nextnotice
+sed -i -e 's/SITEname/'$sitename'/' /etc/update-motd.d/51-nextnotice
+chmod +x /etc/update-motd.d/51-nextnotice
+
+
+#Nextcloud logging location
+mkdir /var/log/nextcloud
+chmod 774 -R /var/log/nextcloud
+ln -s /var/www/"$domain"/html/data/nextcloud.log /var/log/nextcloud/"$sitename"
+
+#fail2ban
+wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/Jails/nextcloud_unconfigured -O /etc/fail2ban/jail.d/"$sitename"-nextcloud.local
+sed -i 's/SITEname/'$sitename'/' /etc/fail2ban/jail.d/"$sitename"-nextcloud.local
+
+systemctl reload php"$phpver"-fpm

CMS/nextcloud/nextcloud-init.sh

@@ -1,4 +1,33 @@
-sudo -u www-data php /var/www/DOMAINname/html/occ db:convert-filecache-bigint
-sudo -u www-data php /var/www/DOMAINname/html/occ db:add-missing-indices
-echo "*/5  *  *  *  * www-data	php -f /var/www/DOMAINname/html/cron.php > /dev/null 2>&1" >> /etc/crontab
-rm -f /etc/update-motd.d/50-nextnotice
+sudo -u SITEname php /var/www/DOMAINname/html/occ db:convert-filecache-bigint
+sudo -u SITEname php /var/www/DOMAINname/html/occ db:add-missing-indices
+sudo -u SITEname php /var/www/DOMAINname/html/occ app:disable firstrunwizard
+
+sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set default_language --value=nl
+sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set default_locale --value=nl
+sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set skeletondirectory --value=
+sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set memcache.local --value='\OC\Memcache\APCu'
+
+if [ "$(systemctl is-active  redis-server)" = "active" ]; then
+    sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set memcache.distributed --value='\OC\Memcache\Redis'
+    sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set memcache.locking --value='\OC\Memcache\Redis'
+    sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set redis host --value=localhost
+    sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set redis port --value=6379
+else 
+    echo "Redis not installed or running on this system" 
+fi
+
+echo "*/5  *  *  *  * SITEname	php -f /var/www/DOMAINname/html/cron.php > /dev/null 2>&1" >> /etc/crontab
+rm -f /etc/update-motd.d/51-nextnotice
+
+#Remove script
+while true; do
+    read -p "Remove this script -> yes/no?" yn
+    case $yn in
+        [Nn]* )
+        break;;
+        [Yy]* )
+        rm -- "$0"
+        break;;
+        * )echo "Choose yes or no.";;
+    esac
+done

CMS/nextcloud/nginx-conf.sh

@@ -1,60 +1,15 @@
 #Nextcloud major release version
-nxtVer=18
 
 #Configuring nginx
 wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/nextcloud/Nginx-unconfigured -O /tmp/nginx-siteconf
-sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/' /tmp/nginx-siteconf
-sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-enabled/"$domain"
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/' -e 's/SITEname/'$sitename'/' /tmp/nginx-siteconf
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"_"$site_ext"
 if [ $sslenable = 0 ]; then
-sed -i -e '/fastcgi_param HTTPS/c\#  fastcgi_param HTTPS' /etc/nginx/sites-enabled/"$domain"
+  sed -i -e '/fastcgi_param HTTPS/c\#  fastcgi_param HTTPS' /etc/nginx/sites-available/"$sitename"_nossl
 fi
 
-mkdir -p /var/www/"$domain"/html
-
-#Configuring PHP
-if [ -z ${ignphpcms+x} ]; then ignphpcms=0;fi
-	if [ $ignphpcms != 1 ]; then
-		sed -i '/upload_max_filesize/c\upload_max_filesize = 1G' /etc/php/"$phpver"/fpm/php.ini
-		sed -i '/post_max_size/c\post_max_size = 1G' /etc/php/"$phpver"/fpm/php.ini
-		sed -i '/memory_limit/c\memory_limit = 512M' /etc/php/"$phpver"/fpm/php.ini
-fi
-
-#Getting Nextcloud
-wget -t7 https://download.nextcloud.com/server/releases/latest-"$nxtVer".tar.bz2 -O /tmp/nextcloud.tar.bz2
-tar jxf /tmp/nextcloud.tar.bz2 -C /tmp
-cp -a /tmp/nextcloud/. /var/www/"$domain"/html
-
-#Creating DB
-db_suffix=`expr $(ls -l /var/www | grep -c ^d)`
-db_name="nextcloud_$db_suffix"
-db_user="nextcloud_$db_suffix"
-db_pass=$(date +%s|sha256sum|base64|head -c 32)
-mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;" > $OUTPUT 2>&1
-mysql -u root -p"$password" -e "CREATE USER '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';" > $OUTPUT 2>&1
-mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost';" > $OUTPUT 2>&1
-mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" > $OUTPUT 2>&1
-
-#Configuring Nextcloud
-cat <<EOF > /var/www/$domain/html/config/autoconfig.php
-<?php
-\$AUTOCONFIG = array(
-  "dbtype"        => "mysql",
-  "dbname"        => "${db_name}",
-  "dbuser"        => "${db_user}",
-  "dbpass"        => "${db_pass}",
-  "dbhost"        => "localhost",
-  "dbtableprefix" => "",
-  "simpleSignUpLink.shown" => false,
-  "directory"     => "/var/www/$domain/html/data",
-);
-EOF
-
-chown www-data:www-data -R /var/www/"$domain"/html
-systemctl reload nginx php$phpver-fpm
+systemctl reload nginx 
+
+
 
 
-#Makeing nextcloud Finalize script and setting login Notice
-wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/nextcloud/nextcloud-init.sh -O ~/nextcloud-init.sh
-sed -i -e 's/DOMAINname/'$domain'/' ~/nextcloud-init.sh
-wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/nextcloud/MotdNextCloud -O /etc/update-motd.d/50-nextnotice
-chmod +x /etc/update-motd.d/50-nextnotice

CMS/none/Apache-unconfigured

@@ -0,0 +1,21 @@
+#beginConf
+
+ErrorLog ${APACHE_LOG_DIR}/SITEname_error.log
+#CustomLog ${APACHE_LOG_DIR}/SITEname_custom.log combined
+
+DirectoryIndex index.php index.html index.htm
+DocumentRoot /var/www/DOMAINname/html
+
+
+<Directory /var/www/DOMAINname/html>
+    Options Indexes FollowSymLinks MultiViews
+    AllowOverride All
+    Order allow,deny
+    allow from all
+</Directory>
+
+<FilesMatch \.php$>
+    SetHandler "proxy:unix:/var/run/php/phpPHPver-fpm-SITEname.sock|fcgi://localhost"
+</FilesMatch>
+
+#endConf

CMS/none/Fpm-Pool.conf-unconfigured

@@ -0,0 +1,39 @@
+[SITEname]
+user = SITEname
+group = SITEname
+listen = /var/run/php/phpPHPver-fpm-SITEname.sock
+listen.owner = www-data
+listen.group = www-data
+php_admin_value[disable_functions] = exec,passthru,shell_exec,system
+php_admin_value[error_log] = /var/log/php-fpm/error-SITEname.log
+; OPCACHE SETTINGS
+php_admin_value[opcache.memory_consumption] = 256
+php_admin_value[opcache.enable] = 0
+php_admin_value[opcache.interned_strings_buffer] = 32
+php_admin_value[opcache.max_accelerated_files] = 50000
+php_admin_value[opcache.max_wasted_percentage] = 5
+php_admin_value[opcache.revalidate_freq] = 0
+php_admin_value[opcache.validate_timestamps] = 1
+
+; PERFORMANCE LIMITS
+php_admin_value[max_input_vars] = 100
+php_admin_value[upload_max_filesize] = 64
+php_admin_value[post_max_size] = 1
+php_admin_value[max_input_time] = 15
+
+; SECURITY
+php_admin_value[cgi.fix_pathinfo] = 0
+php_admin_value[allow_url_fopen] = Off
+php_admin_value[file_uploads] = Off
+php_admin_value[open_basedir] = /var/www/DOMAINname/html
+php_admin_value[session.use_strict_mode] = 1
+php_admin_value[session.cookie_httponly] = 1
+;HTTPSONLY php_admin_value[session.cookie_samesite] = Strict
+;HTTPSONLY php_admin_value[session.cookie_secure] = 1
+
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+chdir = /

CMS/none/Nginx-unconfigured

@@ -1,4 +1,8 @@
 #beginConf
+
+    #access_log /var/log/nginx/SITEname-access.log;
+    error_log /var/log/nginx/SITEname-error.log;
+
     index index.php index.html index.htm index.nginx-debian.html;
     root /var/www/DOMAINname/html;
     gzip on;
@@ -16,7 +20,7 @@
     
     location ~ \.php$ {
         include snippets/fastcgi-php.conf;
-        fastcgi_pass unix:/var/run/php/phpPHPver-fpm.sock;
+        fastcgi_pass unix:/var/run/php/phpPHPver-fpm-SITEname.sock;
     }
 
     location ~ /\.ht {

CMS/none/Nginx_nonphp-unconfigured

@@ -0,0 +1,25 @@
+#beginConf
+
+    #access_log /var/log/nginx/SITEname-access.log;
+    error_log /var/log/nginx/SITEname-error.log;
+
+    index index.php index.html index.htm index.nginx-debian.html;
+    root /var/www/DOMAINname/html;
+    gzip on;
+    gzip_proxied any;
+    gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript image/svg image/svg+xml application/xml image/x-icon;
+    gzip_comp_level 2;
+    gzip_disable "msie6";
+    gzip_buffers 16 8k;
+
+    location / {
+        #try_files $uri $uri/ =404;
+        try_files $uri $uri/ /index.php$is_args$args;
+        #try_files $uri $uri/ $uri.html $uri.php$is_args$query_string;
+    }
+
+    location ~ /\.ht {
+        deny all;
+    }
+    
+#endConf

CMS/none/apache-conf.sh

@@ -0,0 +1,9 @@
+wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/none/Apache-unconfigured -O /tmp/apache-siteconf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/' -e 's/SITEname/'$sitename'/' /tmp/apache-siteconf
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' /etc/apache2/sites-available/"$sitename"_"$site_ext".conf
+mkdir -p /var/www/"$domain"/html
+
+echo "<html><head></head><body>$webserv has been succsefully installed by the Wizard</body></html>" > /var/www/$domain/html/index.html
+
+chown "$sitename":"$sitename" -R /var/www/"$domain"/html
+systemctl reload apache2

CMS/none/conf.sh

@@ -0,0 +1,12 @@
+#Do not generate php pool when php is not installed
+if [ $webserv != nginx_nonphp ]; then
+
+#Setup PHP Pool
+wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/none/Fpm-Pool.conf-unconfigured -O /etc/php/"$phpver"/fpm/pool.d/"$sitename".conf
+sed -i -e 's/PHPver/'$phpver'/' -e 's/SITEname/'$sitename'/' -e 's/DOMAINname/'$domain'/' /etc/php/"$phpver"/fpm/pool.d/$sitename.conf
+groupadd "$sitename"
+useradd -g "$sitename" "$sitename"
+
+systemctl reload php"$phpver"-fpm
+
+fi

CMS/none/nginx-conf.sh

@@ -1,7 +1,9 @@
 wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/none/Nginx-unconfigured -O /tmp/nginx-siteconf
-sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/' /tmp/nginx-siteconf
-sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-enabled/"$domain"
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/' -e 's/SITEname/'$sitename'/' /tmp/nginx-siteconf
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"_"$site_ext"
 mkdir -p /var/www/"$domain"/html
-chown www-data:www-data -R /var/www/"$domain"/html
+
 echo "<html><head></head><body>$webserv has been succsefully installed by the Wizard</body></html>" > /var/www/$domain/html/index.html
+
+chown "$sitename":"$sitename" -R /var/www/"$domain"/html
 systemctl reload nginx

CMS/none/nginx_nonphp-conf.sh

@@ -0,0 +1,9 @@
+wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/none/Nginx_nonphp-unconfigured -O /tmp/nginx-siteconf
+sed -i -e 's/DOMAINname/'$domain'/' -e 's/SITEname/'$sitename'/' /tmp/nginx-siteconf
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"_"$site_ext"
+mkdir -p /var/www/"$domain"/html
+
+echo "<html><head></head><body>$webserv has been succsefully installed by the Wizard</body></html>" > /var/www/$domain/html/index.html
+
+chown www-data:www-data -R /var/www/"$domain"/html
+systemctl reload nginx

CMS/wordpress/Apache-unconfigured

@@ -0,0 +1,36 @@
+#beginConf
+
+ErrorLog ${APACHE_LOG_DIR}/SITEname_error.log
+#CustomLog ${APACHE_LOG_DIR}/SITEname_custom.log combined
+
+DirectoryIndex index.php index.html index.htm
+DocumentRoot /var/www/DOMAINname/html
+
+
+<Directory /var/www/DOMAINname/html>
+    Options FollowSymLinks
+    AllowOverride Limit Options FileInfo
+    DirectoryIndex index.php
+    Order allow,deny
+    Allow from all
+    <IfModule mod_rewrite.c>
+	RewriteEngine On
+	RewriteBase /
+	RewriteCond %{REQUEST_FILENAME} !-f
+	RewriteCond %{REQUEST_FILENAME} !-d
+	RewriteRule . /index.php [L]
+     </IfModule>
+</Directory>
+
+<Directory /var/www/DOMAINname/wp-content>
+    Options FollowSymLinks
+    Order allow,deny
+    Allow from all
+</Directory>
+
+
+<FilesMatch \.php$>
+    SetHandler "proxy:unix:/var/run/php/phpPHPver-fpm-SITEname.sock|fcgi://localhost"
+</FilesMatch>
+
+#endConf

CMS/wordpress/Fpm-Pool.conf-unconfigured

@@ -0,0 +1,39 @@
+[SITEname]
+user = SITEname
+group = SITEname
+listen = /var/run/php/phpPHPver-fpm-SITEname.sock
+listen.owner = www-data
+listen.group = www-data
+php_admin_value[error_log] = /var/log/php-fpm/error-SITEname.log
+php_admin_value[disable_functions] = exec,passthru,shell_exec,system
+; OPCACHE SETTINGS
+php_admin_value[opcache.memory_consumption] = 256
+php_admin_value[opcache.enable] = 0
+php_admin_value[opcache.interned_strings_buffer] = 32
+php_admin_value[opcache.max_accelerated_files] = 50000
+php_admin_value[opcache.max_wasted_percentage] = 5
+php_admin_value[opcache.revalidate_freq] = 0
+php_admin_value[opcache.validate_timestamps] = 1
+
+; PERFORMANCE LIMITS
+php_admin_value[max_input_vars] = 5000
+php_admin_value[upload_max_filesize] = 128M
+php_admin_value[post_max_size] = 32M
+php_admin_value[max_input_time] = 30
+
+; SECURITY
+php_admin_value[cgi.fix_pathinfo] = 0
+php_admin_value[allow_url_fopen] = Off
+php_admin_value[file_uploads] = on
+php_admin_value[open_basedir] = "/var/www/DOMAINname/html"
+php_admin_value[session.use_strict_mode] = 1
+php_admin_value[session.cookie_httponly] = 1
+;HTTPSONLY php_admin_value[session.cookie_samesite] = Strict
+;HTTPSONLY php_admin_value[session.cookie_secure] = 1
+
+pm = dynamic
+pm.max_children = 20
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+chdir = /

CMS/wordpress/MotdWordpress

@@ -0,0 +1,5 @@
+#!/bin/sh
+red='\e[1;31m%s\e[0m\n'
+printf "\n"
+printf $red "Please run bash ~/WordpressInit-SITEname.sh after the first wordpress login"
+printf "\n"

CMS/wordpress/Nginx-unconfigured

@@ -1,4 +1,8 @@
 #beginConf
+
+#access_log /var/log/nginx/SITEname-access.log;
+error_log /var/log/nginx/SITEname-error.log;
+
 root /var/www/DOMAINname/html;
 index index.php index.htm index.html;
 
@@ -24,7 +28,7 @@ location ~* \.(css|gif|ico|jpeg|jpg|js|png|svg|webp|eot|otf|woff|woff2|ttf|ogg)$
 
 location ~ \.php$ {
     include snippets/fastcgi-php.conf;
-    fastcgi_pass unix:/var/run/php/phpPHPver-fpm.sock;
+    fastcgi_pass unix:/var/run/php/phpPHPver-fpm-SITEname.sock;
 }
 
 location ~ /\.ht {

CMS/wordpress/apache-conf.sh

@@ -0,0 +1,6 @@
+wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/wordpress/Apache-unconfigured -O /tmp/apache-siteconf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/' -e 's/SITEname/'$sitename'/' /tmp/apache-siteconf
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' /etc/apache2/sites-available/"$sitename"_"$site_ext".conf
+
+chown "$sitename":"$sitename" -R /var/www/"$domain"/html
+systemctl reload apache2 php$phpver-fpm

CMS/wordpress/conf.sh

@@ -1,3 +1,10 @@
+#WP-CLI
+if [ ! -f /usr/local/bin/wp ]; then
+   wget -q -t7 https://raw.githubusercontent.com/wp-cli/wp-cli/v2.4.0/utils/wp-completion.bash -O  /etc/bash_completion.d/wp
+   wget -q -t7 https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp
+   chmod +x /usr/local/bin/wp
+fi
+
 #Creating DB
 db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1`
 db_name="wp_$db_suffix"
@@ -15,7 +22,7 @@ mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" > $OUTPUT 2>&1
 mkdir -p /var/www/"$domain"/html
 
 #Getting WordPress
-wget -q -t7 https://wordpress.org/latest.tar.gz -O /tmp/wp.tar.gz
+wget -q -t7 http://mirror.nxdi.nl/resources/wordpress/latest.tar.gz -O /tmp/wp.tar.gz
 tar -C /var/www/"$domain"/html -xzf /tmp/wp.tar.gz --strip 1
 rm /var/www/"$domain"/html/wp-config-sample.php 
 
@@ -24,5 +31,25 @@ wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/wordpress/WordPress-unconfigured -O
 sed -i -e 's/DBPass/'$db_pass'/' -e 's/DBUser/'$db_user'/'  -e 's/DBName/'$db_name'/' -e 's/DOMAINname/'$domain'/' /var/www/"$domain"/html/wp-config.php
 printf '%s\n' "g/WPsalty/d" a "$WPSalts" . w | ed -s /var/www/"$domain"/html/wp-config.php
 
+#PHP Pool
+wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/wordpress/Fpm-Pool.conf-unconfigured -O /etc/php/"$phpver"/fpm/pool.d/"$sitename".conf
+sed -i -e 's/PHPver/'$phpver'/' -e 's/SITEname/'$sitename'/' -e 's/DOMAINname/'$domain'/' /etc/php/"$phpver"/fpm/pool.d/$sitename.conf
+groupadd "$sitename"
+useradd -g "$sitename" "$sitename"
+
+systemctl reload php"$phpver"-fpm
+
+#fail2ban
+if [ ! -f /etc/fail2ban/jail.d/wordpress-syslog.local ]; then
+    wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/Jails/wordpress-syslog.jail -O /etc/fail2ban/jail.d/wordpress-syslog.local
+fi
+
 #Setting Permsissions
-chown www-data:www-data -R /var/www/"$domain"/html
+chown "$sitename":"$sitename" -R /var/www/"$domain"/html
+
+#Makeing wordpress Finalize script and setting login Notice
+wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/wordpress/wordpress-init.sh -O ~/WordpressInit-"$sitename".sh
+sed -i -e 's/DOMAINname/'$domain'/' -e 's/SITEname/'$sitename'/' ~/WordpressInit-"$sitename".sh
+wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/wordpress/MotdWordpress -O /etc/update-motd.d/51-wpnotice
+sed -i -e 's/SITEname/'$sitename'/' /etc/update-motd.d/51-wpnotice
+chmod +x /etc/update-motd.d/51-wpnotice

CMS/wordpress/nginx-conf.sh

@@ -1,15 +1,7 @@
-#Configuring PHP
-if [ -z ${ignphpcms+x} ]; then ignphpcms=0;fi
-	if [ $ignphpcms != 1 ]; then
-		sed -i '/upload_max_filesize/c\upload_max_filesize = 1G' /etc/php/"$phpver"/fpm/php.ini
-		sed -i '/post_max_size/c\post_max_size = 512M' /etc/php/"$phpver"/fpm/php.ini
-		sed -i '/memory_limit/c\memory_limit = 512M' /etc/php/"$phpver"/fpm/php.ini
-fi
-
 #Configuring nginx
 wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/wordpress/Nginx-unconfigured -O /tmp/nginx-siteconf
-sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/' /tmp/nginx-siteconf
-sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-enabled/"$domain"
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/' -e 's/SITEname/'$sitename'/' /tmp/nginx-siteconf
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"_"$site_ext"
 
 #Reloading Services
 systemctl reload nginx php$phpver-fpm

CMS/wordpress/wordpress-init.sh

@@ -0,0 +1,20 @@
+sudo -u SITEname wp --path=/var/www/DOMAINname/html core update
+sudo -u SITEname wp --path=/var/www/DOMAINname/html plugin update --all
+sudo -u SITEname wp --path=/var/www/DOMAINname/html theme update --all
+sudo -u SITEname wp --path=/var/www/DOMAINname/html plugin install wp-fail2ban --activate
+sudo -u SITEname wp --path=/var/www/DOMAINname/html plugin install all-in-one-wp-migration --activate
+sudo -u SITEname wp --path=/var/www/DOMAINname/html plugin install https://git.ictmaatwerk.com/downloads/wp/migrate.zip --activate
+rm -f /etc/update-motd.d/51-wpnotice
+
+#Remove script
+while true; do
+    read -p "Remove this script -> yes/no?" yn
+    case $yn in
+        [Nn]* )
+        break;;
+        [Yy]* )
+        rm -- "$0"
+        break;;
+        * )echo "Choose yes or no.";;
+    esac
+done

CoreModules/apache/appendCMS-conf.sh

@@ -0,0 +1,22 @@
+##############
+#   Apache   #
+##############
+
+if [ $domainwww = 1 ]; then
+	#non-ssl
+	wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/apache/config/apache2/site-wwwredir >> /etc/apache2/sites-available/"$sitename"_nossl.conf
+	echo "" >> /etc/apache2/sites-available/"$sitename"_nossl.conf
+	#ssl 
+	wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/apache/config/apache2/site_ssl-wwwredir >> /etc/apache2/sites-available/"$sitename"_ssl.conf
+	echo "" >> /etc/apache2/sites-available/"$sitename"_ssl.conf
+fi
+
+#non-ssl
+wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/apache/config/apache2/site-unconfigured >> /etc/apache2/sites-available/"$sitename"_nossl.conf
+sed -i -e 's/DOMAINname/'$domain'/' /etc/apache2/sites-available/"$sitename"_nossl.conf 
+ln -s /etc/apache2/sites-available/"$sitename"_nossl.conf /etc/apache2/sites-enabled/010-"$sitename".conf
+#ssl
+wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/apache/config/apache2/site_ssl-unconfigured >> /etc/apache2/sites-available/"$sitename"_ssl.conf
+sed -i -e 's/DOMAINname/'$domain'/' /etc/apache2/sites-available/"$sitename"_ssl.conf
+
+systemctl reload apache2

CoreModules/apache/apt.list

@@ -1 +1 @@
-apache2 php-pear libapache2-mod-php phpPHPver-mysql phpPHPver-cgi phpPHPver-common phpPHPver-mbstring phpPHPver-curl phpPHPver-gd phpPHPver-intl phpPHPver-soap phpPHPver-xml phpPHPver-xmlrpc phpPHPver-zip python-certbot-apache
+apache2 libapache2-mod-fcgid python-certbot-apache

CoreModules/apache/conf.sh

@@ -0,0 +1,52 @@
+systemctl stop apache2
+
+##############
+#   Apache   #
+##############
+
+a2dissite 000-default 
+a2dismod mpm_prefork
+a2enmod actions fcgid alias proxy_fcgi ssl headers http2 setenvif socache_shmcb
+
+mkdir -p /etc/apache2/snippets/
+wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/apache/config/apache2/snippets-ssl.conf -O /etc/apache2/snippets/apa-ssl.conf
+wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/apache/config/apache2/conf-custom.conf -O /etc/apache2/conf-enabled/zzz-custom.conf
+
+#Catch all (ip and unconfigured domains)
+wget - -t7 "$repo"/raw/branch/"$branch"/CoreModules/apache/config/apache2/site_CatchAll -O /etc/apache2/sites-available/CatchAll.conf
+ln -s /etc/apache2/sites-available/CatchAll.conf /etc/apache2/sites-enabled/999-CatchAll.conf
+
+
+if [ $domainwww = 1 ]; then
+	#non-ssl
+	wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/apache/config/apache2/site-wwwredir >> /etc/apache2/sites-available/"$sitename"_nossl.conf
+	echo "" >> /etc/apache2/sites-available/"$sitename"_nossl.conf
+	#ssl 
+	wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/apache/config/apache2/site_ssl-wwwredir >> /etc/apache2/sites-available/"$sitename"_ssl.conf
+	echo "" >> /etc/apache2/sites-available/"$sitename"_ssl.conf
+fi
+#non-ssl
+wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/apache/config/apache2/site-unconfigured >> /etc/apache2/sites-available/"$sitename"_nossl.conf
+sed -i -e 's/DOMAINname/'$domain'/' /etc/apache2/sites-available/"$sitename"_nossl.conf 
+ln -s /etc/apache2/sites-available/"$sitename"_nossl.conf /etc/apache2/sites-enabled/010-"$sitename".conf
+#ssl
+wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/apache/config/apache2/site_ssl-unconfigured >> /etc/apache2/sites-available/"$sitename"_ssl.conf
+sed -i -e 's/DOMAINname/'$domain'/' /etc/apache2/sites-available/"$sitename"_ssl.conf
+
+#non-ssl-Backend
+wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/apache/config/apache2/site-unconfigured >> /etc/apache2/sites-available/Backend_nossl.conf
+sed -i -e 's/DOMAINname/'$hostname'/' /etc/apache2/sites-available/Backend_nossl.conf 
+ln -s /etc/apache2/sites-available/Backend_nossl.conf /etc/apache2/sites-enabled/010-Backend.conf
+#ssl-Backend
+wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/apache/config/apache2/site_ssl-unconfigured >> /etc/apache2/sites-available/Backend_ssl.conf
+sed -i -e 's/DOMAINname/'$hostname'/' /etc/apache2/sites-available/Backend_ssl.conf
+
+
+mkdir -p /opt/toggle
+wget -q -t7 "$repo"/raw/branch/"$branch"/Scripts/toggles/toggle-PhpMyAdmin_APACHE.sh -O  /opt/toggle/toggle-PhpMyAdmin.sh
+
+
+# custom Welcome page
+echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /var/www/html/index.html
+
+systemctl start apache2

CoreModules/apache/config/apache2/conf-custom.conf

@@ -0,0 +1,3 @@
+SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
+ServerTokens Prod
+ServerSignature Off

CoreModules/apache/config/apache2/site-unconfigured

@@ -0,0 +1,6 @@
+<VirtualHost *:80>
+    ServerName DOMAINname 
+
+#ConfHere
+
+</VirtualHost>

CoreModules/apache/config/apache2/site-wwwredir

@@ -0,0 +1,4 @@
+<VirtualHost *:80>
+    ServerName www.DOMAINname
+    Redirect permanent / http://DOMAINname/
+</VirtualHost>

CoreModules/apache/config/apache2/site_CatchAll

@@ -0,0 +1,8 @@
+<VirtualHost *:80>
+    DocumentRoot /var/www/html
+    ServerName localhost
+    ServerAlias "*"
+    ErrorLog /dev/null
+    CustomLog /dev/null common
+</VirtualHost>
+

CoreModules/apache/config/apache2/site_ssl-unconfigured

@@ -0,0 +1,16 @@
+<VirtualHost *:80>
+    ServerName DOMAINname 
+    Redirect permanent / https://DOMAINname/
+</VirtualHost>
+
+<VirtualHost *:443>
+    ServerName DOMAINname
+    SSLEngine on
+    SSLCertificateFile      /etc/letsencrypt/live/DOMAINname/cert.pem
+    SSLCertificateKeyFile   /etc/letsencrypt/live/DOMAINname/privkey.pem
+    SSLCertificateChainFile /etc/letsencrypt/live/DOMAINname/chain.pem
+    Include snippets/apa-ssl.conf
+
+#ConfHere
+
+</VirtualHost>

CoreModules/apache/config/apache2/site_ssl-wwwredir

@@ -0,0 +1,14 @@
+<VirtualHost *:80>
+    ServerName www.DOMAINname
+    Redirect permanent / https://DOMAINname/
+</VirtualHost>
+
+<VirtualHost *:443>
+    ServerName www.DOMAINname
+    SSLEngine on
+    SSLCertificateFile      /etc/letsencrypt/live/DOMAINname/cert.pem
+    SSLCertificateKeyFile   /etc/letsencrypt/live/DOMAINname/privkey.pem
+    SSLCertificateChainFile /etc/letsencrypt/live/DOMAINname/chain.pem
+    Include snippets/apa-ssl.conf
+    Redirect permanent / https://DOMAINname/
+</VirtualHost>

CoreModules/apache/config/apache2/snippets-ssl.conf

@@ -0,0 +1,7 @@
+Protocols h2 http/1.1
+Header always set Strict-Transport-Security "max-age=63072000"
+SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
+SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+SSLHonorCipherOrder     on
+SSLSessionTickets       off
+SSLUseStapling On

CoreModules/apache/preconf.sh

@@ -0,0 +1 @@
+$PKGA ppa:ondrej/apache2 -y -n > $OUTPUT 2>&1

CoreModules/apache/reqmodules.sh

@@ -0,0 +1 @@
+aonoption="$aonoption php-fpm"

CoreModules/apache/ssl-handler.sh

@@ -0,0 +1,9 @@
+rm /etc/apache2/sites-enabled/010-"$sitename".conf
+ln -s /etc/apache2/sites-available/"$sitename"_ssl.conf /etc/apache2/sites-enabled/010-"$sitename".conf
+
+if [ -n "$sslfr" ]; then
+rm /etc/apache2/sites-enabled/010-Backend.conf
+ln -s /etc/apache2/sites-available/Backend_ssl.conf /etc/apache2/sites-enabled/010-Backend.conf
+fi
+
+systemctl reload apache2

CoreModules/generic/apt.list

@@ -1 +1 @@
-mailutils htop ufw
+mailutils htop ufw nload fail2ban

CoreModules/generic/conf.sh

@@ -5,6 +5,7 @@
 sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf
 sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf
 sed -i 's/relayhost =/mydestination = '$hostname', localhost.'$hostname', '$hostname'/g' /etc/postfix/main.cf
+echo "bounce_notice_recipient = info@$domain" >> /etc/postfix/main.cf
 cat <<EOF > /etc/aliases
 # See man 5 aliases for format
 postmaster:    root
@@ -12,24 +13,6 @@ root:          $email
 EOF
 newaliases
 
-
-##------------##
-#   Fail2Ban   #
-##------------##
-
-##Disabled
-#sed -i 's/root@localhost/'$email'/g' /etc/fail2ban/jail.conf
-#wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/sshd.local -O /etc/fail2ban/jail.d/sshd.local
-#if [[ $CMS == "Nextcloud" ]]; then
-#wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/nextcloud.conf -O /etc/fail2ban/filter.d/nextcloud.conf
-#wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/nextcloud.local -O /etc/fail2ban/jail.d/nextcloud.local
-#fi
-#if [[ $CMS == "Wordpress" ]]; then
-#wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/wordpress.conf -O /etc/fail2ban/filter.d/wordpress.conf
-#wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/wordpress.local -O /etc/fail2ban/jail.d/wordpress.local
-#fi
-
-
 ##-------##
 #   UFW   #
 ##-------##
@@ -40,4 +23,25 @@ ufw default allow outgoing > $OUTPUT 2>&1
 ufw allow 80/tcp > $OUTPUT 2>&1
 ufw allow 443/tcp > $OUTPUT 2>&1
 ufw limit 4242/tcp > $OUTPUT 2>&1
-echo "y" | ufw enable > $OUTPUT 2>&1
+echo "y" | ufw enable > $OUTPUT 2>&1
+
+##------------##
+#   Fail2Ban   #
+##------------##
+
+#General config
+wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/jail.local -O /etc/fail2ban/jail.local
+
+#Custom Fiters
+wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/Filters/nextcloud.filter -O /etc/fail2ban/filter.d/nextcloud.local
+wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/Filters/phpmyadmin-authlog.filter -O /etc/fail2ban/filter.d/phpmyadmin-authlog.local
+wget -q -t7 https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-hard.conf -O /etc/fail2ban/filter.d/wordpress-hard.local
+wget -q -t7 https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-soft.conf -O /etc/fail2ban/filter.d/wordpress-soft.local
+
+#General jails
+rm /etc/fail2ban/jail.d/*
+wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/Jails/sshd.jail -O /etc/fail2ban/jail.d/sshd.local
+if [ -z $disbackendcms ]; then
+ wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/Jails/phpmyadmin.jail -O /etc/fail2ban/jail.d/phpmyadmin.local
+fi
+

CoreModules/generic/preconf.sh

@@ -11,7 +11,6 @@ $PKGI software-properties-common gnupg > $OUTPUT 2>&1
 $PKGA universe -y > $OUTPUT 2>&1
 $PKGA ppa:ondrej/php -y -n > $OUTPUT 2>&1
 $PKGA ppa:certbot/certbot -y -n > $OUTPUT 2>&1
-$PKGA ppa:chris-lea/redis-server -y -n > $OUTPUT 2>&1
 
 
 ##-------------##

CoreModules/nginx/appendCMS-conf.sh

@@ -2,8 +2,21 @@
 #   Nginx   #
 #############
 
-wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-unconfigured -O /etc/nginx/sites-available/"$domain"
-sed -i -e 's/DOMAINname/'$domain'/' /etc/nginx/sites-available/"$domain"
-ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/
+if [ $domainwww = 1 ]; then
+	#non-ssl
+	wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-wwwredir >> /etc/nginx/sites-available/"$sitename"_nossl
+	echo "" >> /etc/nginx/sites-available/"$sitename"_nossl
+	#ssl 
+	wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site_ssl-wwwredir >> /etc/nginx/sites-available/"$sitename"_ssl
+	echo "" >> /etc/nginx/sites-available/"$sitename"_ssl 
+fi
+
+#non-ssl
+wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-unconfigured >> /etc/nginx/sites-available/"$sitename"_nossl 
+sed -i -e 's/DOMAINname/'$domain'/' /etc/nginx/sites-available/"$sitename"_nossl 
+ln -s /etc/nginx/sites-available/"$sitename"_nossl /etc/nginx/sites-enabled/"$sitename"
+#ssl
+wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site_ssl-unconfigured >> /etc/nginx/sites-available/"$sitename"_ssl 
+sed -i -e 's/DOMAINname/'$domain'/' /etc/nginx/sites-available/"$sitename"_ssl 
 
 systemctl reload nginx

CoreModules/nginx/apt.list

@@ -1 +1 @@
-nginx phpPHPver-imagick php-pear phpPHPver-cli  phpPHPver-fpm phpPHPver-mysql phpPHPver-cgi phpPHPver-common phpPHPver-mbstring phpPHPver-curl phpPHPver-gd phpPHPver-intl phpPHPver-soap phpPHPver-xml phpPHPver-xmlrpc phpPHPver-zip python-certbot-nginx
+nginx apache2-utils python-certbot-nginx

CoreModules/nginx/conf.sh

@@ -1,47 +1,45 @@
-systemctl stop php${phpver}-fpm nginx
+systemctl stop nginx
 
 #############
 #   Nginx   #
 #############
 
-mkdir -p /etc/nginx/sites-available /etc/nginx/sites-enabled /etc/nginx/snippets /etc/nginx/modules-available /etc/nginx/modules-enabled /etc/nginx/snippets/
+mkdir -p /var/www/html /etc/nginx/sites-available /etc/nginx/sites-enabled /etc/nginx/snippets /etc/nginx/modules-available /etc/nginx/modules-enabled /etc/nginx/snippets/
 wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/fastcgi.conf -O /etc/nginx/fastcgi.conf
 wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/fastcgi-php.conf -O /etc/nginx/snippets/fastcgi-php.conf
+wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/snippets-ssl.conf -O /etc/nginx/snippets/ngx-ssl.conf
 wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/nginx-default.conf -O /etc/nginx/nginx.conf
 
 if [ $domainwww = 1 ]; then
-	wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-wwwredir >> /etc/nginx/sites-available/"$domain"
-	echo "" >> /etc/nginx/sites-available/"$domain" 
+	#non-ssl
+	wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-wwwredir >> /etc/nginx/sites-available/"$sitename"_nossl
+	echo "" >> /etc/nginx/sites-available/"$sitename"_nossl
+	#ssl 
+	wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site_ssl-wwwredir >> /etc/nginx/sites-available/"$sitename"_ssl
+	echo "" >> /etc/nginx/sites-available/"$sitename"_ssl 
 fi
-wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-unconfigured >> /etc/nginx/sites-available/"$domain"
-sed -i -e 's/DOMAINname/'$domain'/' /etc/nginx/sites-available/"$domain"
-ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/
+#non-ssl
+wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-unconfigured >> /etc/nginx/sites-available/"$sitename"_nossl 
+sed -i -e 's/DOMAINname/'$domain'/' /etc/nginx/sites-available/"$sitename"_nossl 
+ln -s /etc/nginx/sites-available/"$sitename"_nossl /etc/nginx/sites-enabled/"$sitename"
+#ssl
+wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site_ssl-unconfigured >> /etc/nginx/sites-available/"$sitename"_ssl 
+sed -i -e 's/DOMAINname/'$domain'/' /etc/nginx/sites-available/"$sitename"_ssl 
 
-wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-unconfigured -O /etc/nginx/sites-available/Backend
-sed -i -e 's/DOMAINname/'$hostname'/' /etc/nginx/sites-available/Backend
-ln -s /etc/nginx/sites-available/Backend /etc/nginx/sites-enabled/
+#Backend
+##non-ssl
+wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-unconfigured >> /etc/nginx/sites-available/Backend_nossl 
+sed -i -e 's/DOMAINname/'$hostname'/' /etc/nginx/sites-available/Backend_nossl 
+ln -s /etc/nginx/sites-available/Backend_nossl /etc/nginx/sites-enabled/Backend
+##ssl
+wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site_ssl-unconfigured >> /etc/nginx/sites-available/Backend_ssl 
+sed -i -e 's/DOMAINname/'$hostname'/' /etc/nginx/sites-available/Backend_ssl 
 
 mkdir -p /opt/toggle
 wget -q -t7 "$repo"/raw/branch/"$branch"/Scripts/toggles/toggle-Netdata_NGINX.sh -O  /opt/toggle/toggle-Netdata.sh
 wget -q -t7 "$repo"/raw/branch/"$branch"/Scripts/toggles/toggle-PhpMyAdmin_NGINX.sh -O  /opt/toggle/toggle-PhpMyAdmin.sh
 
 # custom Welcome page
-echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /var/www/html/index.html
-###############
-#   PHP-FPM   #
-###############
+echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /usr/share/nginx/html/index.html
 
-sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/"$phpver"/fpm/php.ini
-sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' /etc/php/"$phpver"/fpm/php.ini
-sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/"$phpver"/fpm/php.ini
-sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/"$phpver"/fpm/php.ini
-sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=50000/g' /etc/php/"$phpver"/fpm/php.ini
-sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/"$phpver"/fpm/php.ini
-sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/"$phpver"/fpm/php.ini
-sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/"$phpver"/fpm/php.ini
-sed -i 's/upload_max_filesize = 2/upload_max_filesize = 128/g' /etc/php/"$phpver"/fpm/php.ini
-sed -i 's/post_max_size = 8/post_max_size = 64/g' /etc/php/"$phpver"/fpm/php.ini
-wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/PHP-FPM/www.confg -O /etc/php/"$phpver"/fpm/pool.d/www.conf
-sed -i 's/'rtag'/'"${phpver}"'/g' /etc/php/"$phpver"/fpm/pool.d/www.conf
-
-systemctl start php${phpver}-fpm nginx
+systemctl start nginx

CoreModules/nginx/config/PHP-FPM/www.confg

@@ -1,423 +0,0 @@
-; Start a new pool named 'www'.
-; the variable $pool can be used in any directive and will be replaced by the
-; pool name ('www' here)
-[www]
-
-; Per pool prefix
-; It only applies on the following directives:
-; - 'access.log'
-; - 'slowlog'
-; - 'listen' (unixsocket)
-; - 'chroot'
-; - 'chdir'
-; - 'php_values'
-; - 'php_admin_values'
-; When not set, the global prefix (or /usr) applies instead.
-; Note: This directive can also be relative to the global prefix.
-; Default Value: none
-;prefix = /path/to/pools/$pool
-
-; Unix user/group of processes
-; Note: The user is mandatory. If the group is not set, the default user's group
-;       will be used.
-user = www-data
-group = www-data
-
-; The address on which to accept FastCGI requests.
-; Valid syntaxes are:
-;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific IPv4 address on
-;                            a specific port;
-;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
-;                            a specific port;
-;   'port'                 - to listen on a TCP socket to all addresses
-;                            (IPv6 and IPv4-mapped) on a specific port;
-;   '/path/to/unix/socket' - to listen on a unix socket.
-; Note: This value is mandatory.
-listen = /run/php/phprtag-fpm.sock
-
-; Set listen(2) backlog.
-; Default Value: 511 (-1 on FreeBSD and OpenBSD)
-;listen.backlog = 511
-
-; Set permissions for unix socket, if one is used. In Linux, read/write
-; permissions must be set in order to allow connections from a web server. Many
-; BSD-derived systems allow connections regardless of permissions.
-; Default Values: user and group are set as the running user
-;                 mode is set to 0660
-listen.owner = www-data
-listen.group = www-data
-;listen.mode = 0660
-; When POSIX Access Control Lists are supported you can set them using
-; these options, value is a comma separated list of user/group names.
-; When set, listen.owner and listen.group are ignored
-;listen.acl_users =
-;listen.acl_groups =
-
-; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
-; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
-; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
-; must be separated by a comma. If this value is left blank, connections will be
-; accepted from any ip address.
-; Default Value: any
-;listen.allowed_clients = 127.0.0.1
-
-; Specify the nice(2) priority to apply to the pool processes (only if set)
-; The value can vary from -19 (highest priority) to 20 (lower priority)
-; Note: - It will only work if the FPM master process is launched as root
-;       - The pool processes will inherit the master process priority
-;         unless it specified otherwise
-; Default Value: no set
-; process.priority = -19
-
-; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user
-; or group is differrent than the master process user. It allows to create process
-; core dump and ptrace the process for the pool user.
-; Default Value: no
-; process.dumpable = yes
-
-; Choose how the process manager will control the number of child processes.
-; Possible Values:
-;   static  - a fixed number (pm.max_children) of child processes;
-;   dynamic - the number of child processes are set dynamically based on the
-;             following directives. With this process management, there will be
-;             always at least 1 children.
-;             pm.max_children      - the maximum number of children that can
-;                                    be alive at the same time.
-;             pm.start_servers     - the number of children created on startup.
-;             pm.min_spare_servers - the minimum number of children in 'idle'
-;                                    state (waiting to process). If the number
-;                                    of 'idle' processes is less than this
-;                                    number then some children will be created.
-;             pm.max_spare_servers - the maximum number of children in 'idle'
-;                                    state (waiting to process). If the number
-;                                    of 'idle' processes is greater than this
-;                                    number then some children will be killed.
-;  ondemand - no children are created at startup. Children will be forked when
-;             new requests will connect. The following parameter are used:
-;             pm.max_children           - the maximum number of children that
-;                                         can be alive at the same time.
-;             pm.process_idle_timeout   - The number of seconds after which
-;                                         an idle process will be killed.
-; Note: This value is mandatory.
-pm = dynamic
-
-; The number of child processes to be created when pm is set to 'static' and the
-; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
-; This value sets the limit on the number of simultaneous requests that will be
-; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
-; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
-; CGI. The below defaults are based on a server without much resources. Don't
-; forget to tweak pm.* to fit your needs.
-; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
-; Note: This value is mandatory.
-pm.max_children = 5
-
-; The number of child processes created on startup.
-; Note: Used only when pm is set to 'dynamic'
-; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
-pm.start_servers = 2
-
-; The desired minimum number of idle server processes.
-; Note: Used only when pm is set to 'dynamic'
-; Note: Mandatory when pm is set to 'dynamic'
-pm.min_spare_servers = 1
-
-; The desired maximum number of idle server processes.
-; Note: Used only when pm is set to 'dynamic'
-; Note: Mandatory when pm is set to 'dynamic'
-pm.max_spare_servers = 3
-
-; The number of seconds after which an idle process will be killed.
-; Note: Used only when pm is set to 'ondemand'
-; Default Value: 10s
-;pm.process_idle_timeout = 10s;
-
-; The number of requests each child process should execute before respawning.
-; This can be useful to work around memory leaks in 3rd party libraries. For
-; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
-; Default Value: 0
-;pm.max_requests = 500
-
-; The URI to view the FPM status page. If this value is not set, no URI will be
-; recognized as a status page. It shows the following informations:
-;   pool                 - the name of the pool;
-;   process manager      - static, dynamic or ondemand;
-;   start time           - the date and time FPM has started;
-;   start since          - number of seconds since FPM has started;
-;   accepted conn        - the number of request accepted by the pool;
-;   listen queue         - the number of request in the queue of pending
-;                          connections (see backlog in listen(2));
-;   max listen queue     - the maximum number of requests in the queue
-;                          of pending connections since FPM has started;
-;   listen queue len     - the size of the socket queue of pending connections;
-;   idle processes       - the number of idle processes;
-;   active processes     - the number of active processes;
-;   total processes      - the number of idle + active processes;
-;   max active processes - the maximum number of active processes since FPM
-;                          has started;
-;   max children reached - number of times, the process limit has been reached,
-;                          when pm tries to start more children (works only for
-;                          pm 'dynamic' and 'ondemand');
-; Value are updated in real time.
-; Example output:
-;   pool:                 www
-;   process manager:      static
-;   start time:           01/Jul/2011:17:53:49 +0200
-;   start since:          62636
-;   accepted conn:        190460
-;   listen queue:         0
-;   max listen queue:     1
-;   listen queue len:     42
-;   idle processes:       4
-;   active processes:     11
-;   total processes:      15
-;   max active processes: 12
-;   max children reached: 0
-;
-; By default the status page output is formatted as text/plain. Passing either
-; 'html', 'xml' or 'json' in the query string will return the corresponding
-; output syntax. Example:
-;   http://www.foo.bar/status
-;   http://www.foo.bar/status?json
-;   http://www.foo.bar/status?html
-;   http://www.foo.bar/status?xml
-;
-; By default the status page only outputs short status. Passing 'full' in the
-; query string will also return status for each pool process.
-; Example:
-;   http://www.foo.bar/status?full
-;   http://www.foo.bar/status?json&full
-;   http://www.foo.bar/status?html&full
-;   http://www.foo.bar/status?xml&full
-; The Full status returns for each process:
-;   pid                  - the PID of the process;
-;   state                - the state of the process (Idle, Running, ...);
-;   start time           - the date and time the process has started;
-;   start since          - the number of seconds since the process has started;
-;   requests             - the number of requests the process has served;
-;   request duration     - the duration in µs of the requests;
-;   request method       - the request method (GET, POST, ...);
-;   request URI          - the request URI with the query string;
-;   content length       - the content length of the request (only with POST);
-;   user                 - the user (PHP_AUTH_USER) (or '-' if not set);
-;   script               - the main script called (or '-' if not set);
-;   last request cpu     - the %cpu the last request consumed
-;                          it's always 0 if the process is not in Idle state
-;                          because CPU calculation is done when the request
-;                          processing has terminated;
-;   last request memory  - the max amount of memory the last request consumed
-;                          it's always 0 if the process is not in Idle state
-;                          because memory calculation is done when the request
-;                          processing has terminated;
-; If the process is in Idle state, then informations are related to the
-; last request the process has served. Otherwise informations are related to
-; the current request being served.
-; Example output:
-;   ************************
-;   pid:                  31330
-;   state:                Running
-;   start time:           01/Jul/2011:17:53:49 +0200
-;   start since:          63087
-;   requests:             12808
-;   request duration:     1250261
-;   request method:       GET
-;   request URI:          /test_mem.php?N=10000
-;   content length:       0
-;   user:                 -
-;   script:               /home/fat/web/docs/php/test_mem.php
-;   last request cpu:     0.00
-;   last request memory:  0
-;
-; Note: There is a real-time FPM status monitoring sample web page available
-;       It's available in: /usr/share/php/rtag/fpm/status.html
-;
-; Note: The value must start with a leading slash (/). The value can be
-;       anything, but it may not be a good idea to use the .php extension or it
-;       may conflict with a real PHP file.
-; Default Value: not set
-;pm.status_path = /status
-
-; The ping URI to call the monitoring page of FPM. If this value is not set, no
-; URI will be recognized as a ping page. This could be used to test from outside
-; that FPM is alive and responding, or to
-; - create a graph of FPM availability (rrd or such);
-; - remove a server from a group if it is not responding (load balancing);
-; - trigger alerts for the operating team (24/7).
-; Note: The value must start with a leading slash (/). The value can be
-;       anything, but it may not be a good idea to use the .php extension or it
-;       may conflict with a real PHP file.
-; Default Value: not set
-;ping.path = /ping
-
-; This directive may be used to customize the response of a ping request. The
-; response is formatted as text/plain with a 200 response code.
-; Default Value: pong
-;ping.response = pong
-
-; The access log file
-; Default: not set
-;access.log = log/$pool.access.log
-
-; The access log format.
-; The following syntax is allowed
-;  %%: the '%' character
-;  %C: %CPU used by the request
-;      it can accept the following format:
-;      - %{user}C for user CPU only
-;      - %{system}C for system CPU only
-;      - %{total}C  for user + system CPU (default)
-;  %d: time taken to serve the request
-;      it can accept the following format:
-;      - %{seconds}d (default)
-;      - %{miliseconds}d
-;      - %{mili}d
-;      - %{microseconds}d
-;      - %{micro}d
-;  %e: an environment variable (same as $_ENV or $_SERVER)
-;      it must be associated with embraces to specify the name of the env
-;      variable. Some exemples:
-;      - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
-;      - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
-;  %f: script filename
-;  %l: content-length of the request (for POST request only)
-;  %m: request method
-;  %M: peak of memory allocated by PHP
-;      it can accept the following format:
-;      - %{bytes}M (default)
-;      - %{kilobytes}M
-;      - %{kilo}M
-;      - %{megabytes}M
-;      - %{mega}M
-;  %n: pool name
-;  %o: output header
-;      it must be associated with embraces to specify the name of the header:
-;      - %{Content-Type}o
-;      - %{X-Powered-By}o
-;      - %{Transfert-Encoding}o
-;      - ....
-;  %p: PID of the child that serviced the request
-;  %P: PID of the parent of the child that serviced the request
-;  %q: the query string
-;  %Q: the '?' character if query string exists
-;  %r: the request URI (without the query string, see %q and %Q)
-;  %R: remote IP address
-;  %s: status (response code)
-;  %t: server time the request was received
-;      it can accept a strftime(3) format:
-;      %d/%b/%Y:%H:%M:%S %z (default)
-;      The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
-;      e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
-;  %T: time the log has been written (the request has finished)
-;      it can accept a strftime(3) format:
-;      %d/%b/%Y:%H:%M:%S %z (default)
-;      The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
-;      e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
-;  %u: remote user
-;
-; Default: "%R - %u %t \"%m %r\" %s"
-;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
-
-; The log file for slow requests
-; Default Value: not set
-; Note: slowlog is mandatory if request_slowlog_timeout is set
-;slowlog = log/$pool.log.slow
-
-; The timeout for serving a single request after which a PHP backtrace will be
-; dumped to the 'slowlog' file. A value of '0s' means 'off'.
-; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
-; Default Value: 0
-;request_slowlog_timeout = 0
-
-; Depth of slow log stack trace.
-; Default Value: 20
-;request_slowlog_trace_depth = 20
-
-; The timeout for serving a single request after which the worker process will
-; be killed. This option should be used when the 'max_execution_time' ini option
-; does not stop script execution for some reason. A value of '0' means 'off'.
-; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
-; Default Value: 0
-;request_terminate_timeout = 0
-
-; Set open file descriptor rlimit.
-; Default Value: system defined value
-;rlimit_files = 1024
-
-; Set max core size rlimit.
-; Possible Values: 'unlimited' or an integer greater or equal to 0
-; Default Value: system defined value
-;rlimit_core = 0
-
-; Chroot to this directory at the start. This value must be defined as an
-; absolute path. When this value is not set, chroot is not used.
-; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
-; of its subdirectories. If the pool prefix is not set, the global prefix
-; will be used instead.
-; Note: chrooting is a great security feature and should be used whenever
-;       possible. However, all PHP paths will be relative to the chroot
-;       (error_log, sessions.save_path, ...).
-; Default Value: not set
-;chroot =
-
-; Chdir to this directory at the start.
-; Note: relative path can be used.
-; Default Value: current directory or / when chroot
-;chdir = /var/www
-
-; Redirect worker stdout and stderr into main error log. If not set, stdout and
-; stderr will be redirected to /dev/null according to FastCGI specs.
-; Note: on highloaded environement, this can cause some delay in the page
-; process time (several ms).
-; Default Value: no
-;catch_workers_output = yes
-
-; Clear environment in FPM workers
-; Prevents arbitrary environment variables from reaching FPM worker processes
-; by clearing the environment in workers before env vars specified in this
-; pool configuration are added.
-; Setting to "no" will make all environment variables available to PHP code
-; via getenv(), $_ENV and $_SERVER.
-; Default Value: yes
-;clear_env = no
-
-; Limits the extensions of the main script FPM will allow to parse. This can
-; prevent configuration mistakes on the web server side. You should only limit
-; FPM to .php extensions to prevent malicious users to use other extensions to
-; execute php code.
-; Note: set an empty value to allow all extensions.
-; Default Value: .php
-;security.limit_extensions = .php .php3 .php4 .php5 .php7
-
-; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
-; the current environment.
-; Default Value: clean env
-env[HOSTNAME] = $HOSTNAME
-env[PATH] = /usr/local/bin:/usr/bin:/bin
-env[TMP] = /tmp
-env[TMPDIR] = /tmp
-env[TEMP] = /tmp
-
-; Additional php.ini defines, specific to this pool of workers. These settings
-; overwrite the values previously defined in the php.ini. The directives are the
-; same as the PHP SAPI:
-;   php_value/php_flag             - you can set classic ini defines which can
-;                                    be overwritten from PHP call 'ini_set'.
-;   php_admin_value/php_admin_flag - these directives won't be overwritten by
-;                                     PHP call 'ini_set'
-; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
-
-; Defining 'extension' will load the corresponding shared extension from
-; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
-; overwrite previously defined php.ini values, but will append the new value
-; instead.
-
-; Note: path INI options can be relative and will be expanded with the prefix
-; (pool, global or /usr)
-
-; Default Value: nothing is defined by default except the values in php.ini and
-;                specified at startup with the -d argument
-;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
-;php_flag[display_errors] = off
-;php_admin_value[error_log] = /var/log/fpm-php.www.log
-;php_admin_flag[log_errors] = on
-;php_admin_value[memory_limit] = 32M

CoreModules/nginx/config/nginx/nginx-default.conf

@@ -25,19 +25,10 @@ http {
 
 	server_names_hash_bucket_size 64;
 
-	include /etc/nginx/mime.types;
-	default_type text/html;
+    root   /usr/share/nginx/html;
 
-	ssl_protocols TLSv1.3 TLSv1.2;
-	ssl_prefer_server_ciphers on;
-    ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
-    ssl_session_cache shared:SSL:20m;
-    ssl_session_timeout 180m;
-    ssl_ecdh_curve secp384r1;
-    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
-	add_header X-Frame-Options sameorigin;
-    add_header X-Content-Type-Options nosniff;
-    add_header X-Xss-Protection "1; mode=block";
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
 
     #access_log /var/log/nginx/access.log;
     access_log off;
@@ -50,6 +41,7 @@ http {
     gzip_disable "msie6";
     gzip_buffers 16 8k;
 
+    include /etc/nginx/snippets/ngx-ssl.conf;
 	include /etc/nginx/conf.d/*.conf;
 	include /etc/nginx/sites-enabled/*;
 }

CoreModules/nginx/config/nginx/site_ssl-unconfigured

@@ -0,0 +1,24 @@
+server {
+    listen 80;
+    listen [::]:80;
+	server_name   DOMAINname;
+    
+    location / {
+        return 301 https://$host$request_uri;
+    }
+    
+}
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2; 
+    server_name   DOMAINname;
+    ssl_certificate /etc/letsencrypt/live/DOMAINname/fullchain.pem; 
+    ssl_certificate_key /etc/letsencrypt/live/DOMAINname/privkey.pem; 
+    include snippets/ngx-ssl.conf; 
+    
+    
+
+#ConfHere
+
+}

CoreModules/nginx/config/nginx/site_ssl-wwwredir

@@ -0,0 +1,18 @@
+server {
+	#www.domain > domain redirect
+    listen       80;
+    listen       [::]:80;
+    server_name   www.DOMAINname;
+    return       301 http://DOMAINname$request_uri;
+}
+
+server {
+    #SSL www.domain > domain redirect
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2; 
+    server_name   www.DOMAINname;
+    ssl_certificate /etc/letsencrypt/live/DOMAINname/fullchain.pem; 
+    ssl_certificate_key /etc/letsencrypt/live/DOMAINname/privkey.pem; 
+    include snippets/ngx-ssl.conf; 
+    return       301 https://DOMAINname$request_uri;
+}

CoreModules/nginx/config/nginx/snippets-ssl.conf

@@ -0,0 +1,10 @@
+ssl_session_cache shared:le_nginx_SSL:1m;
+ssl_session_timeout 1440m;
+ssl_prefer_server_ciphers on;
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
+add_header X-Frame-Options sameorigin;
+add_header X-Content-Type-Options nosniff;
+add_header X-Xss-Protection "1; mode=block";
+add_header Strict-Transport-Security "max-age=31536000" always;
+ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

CoreModules/nginx/phpupdate-handeler.sh

@@ -0,0 +1,24 @@
+for f in /etc/nginx/sites-available/*; do
+    if [ $IMODE = n ] && [ $PhpPurge = 0 ]; then
+        if (whiptail --title "Update Nginx config ?" --yesno "Update php version in nginx site: ${f##*/}  ?" 8 78); then
+            sed -i  "s/$phpver/$newphpver/" $f
+        fi
+    fi
+    if [ $IMODE = l ] && [ $PhpPurge = 0 ]; then
+            while true; do
+                read -p "Update php version in nginx site: ${f##*/} ? -> yes/no?" yn
+                case $yn in
+                [Yy]* ) sed -i  "s/$phpver/$newphpver/" $f
+                break;;
+                [Nn]* ) echo ""
+                break;;
+                * ) echo "Choose yes of no.";;
+            esac
+        done    
+    fi
+    if [ $PhpPurge = 1 ]; then
+        sed -i  "s/$phpver/$newphpver/" $f
+    fi
+done
+ 
+systemctl reload nginx

CoreModules/nginx/preconf.sh

@@ -1 +1,2 @@
-$PKGA ppa:nginx/stable -y > $OUTPUT 2>&1
+echo "deb http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" > /etc/apt/sources.list.d/nginx.list
+curl -fsSL https://nginx.org/keys/nginx_signing.key | sudo apt-key add -

CoreModules/nginx/reqmodules.sh

@@ -0,0 +1 @@
+aonoption="$aonoption php-fpm"

CoreModules/nginx/ssl-handler.sh

@@ -0,0 +1,9 @@
+rm /etc/nginx/sites-enabled/"$sitename"
+ln -s /etc/nginx/sites-available/"$sitename"_ssl /etc/nginx/sites-enabled/"$sitename"
+
+if [ -n "$sslfr" ]; then
+rm /etc/nginx/sites-enabled/Backend
+ln -s /etc/nginx/sites-available/Backend_ssl /etc/nginx/sites-enabled/Backend
+fi
+
+systemctl reload nginx

CoreModules/nginx_nonphp/appendCMS-conf.sh

@@ -0,0 +1,22 @@
+#############
+#   Nginx   #
+#############
+
+if [ $domainwww = 1 ]; then
+	#non-ssl
+	wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-wwwredir >> /etc/nginx/sites-available/"$sitename"_nossl
+	echo "" >> /etc/nginx/sites-available/"$sitename"_nossl
+	#ssl 
+	wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site_ssl-wwwredir >> /etc/nginx/sites-available/"$sitename"_ssl
+	echo "" >> /etc/nginx/sites-available/"$sitename"_ssl 
+fi
+
+#non-ssl
+wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-unconfigured >> /etc/nginx/sites-available/"$sitename"_nossl 
+sed -i -e 's/DOMAINname/'$domain'/' /etc/nginx/sites-available/"$sitename"_nossl 
+ln -s /etc/nginx/sites-available/"$sitename"_nossl /etc/nginx/sites-enabled/"$sitename"
+#ssl
+wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site_ssl-unconfigured >> /etc/nginx/sites-available/"$sitename"_ssl 
+sed -i -e 's/DOMAINname/'$domain'/' /etc/nginx/sites-available/"$sitename"_ssl 
+
+systemctl reload nginx

CoreModules/nginx_nonphp/apt.list

@@ -0,0 +1 @@
+nginx apache2-utils python-certbot-nginx

CoreModules/nginx_nonphp/conf.sh

@@ -0,0 +1,31 @@
+systemctl stop nginx
+
+#############
+#   Nginx   #
+#############
+
+mkdir -p /var/www/html /etc/nginx/sites-available /etc/nginx/sites-enabled /etc/nginx/snippets /etc/nginx/modules-available /etc/nginx/modules-enabled /etc/nginx/snippets/
+wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/fastcgi.conf -O /etc/nginx/fastcgi.conf
+wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/snippets-ssl.conf -O /etc/nginx/snippets/ngx-ssl.conf
+wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/nginx-default.conf -O /etc/nginx/nginx.conf
+
+if [ $domainwww = 1 ]; then
+	#non-ssl
+	wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-wwwredir >> /etc/nginx/sites-available/"$sitename"_nossl
+	echo "" >> /etc/nginx/sites-available/"$sitename"_nossl
+	#ssl 
+	wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site_ssl-wwwredir >> /etc/nginx/sites-available/"$sitename"_ssl
+	echo "" >> /etc/nginx/sites-available/"$sitename"_ssl 
+fi
+#non-ssl
+wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-unconfigured >> /etc/nginx/sites-available/"$sitename"_nossl 
+sed -i -e 's/DOMAINname/'$domain'/' /etc/nginx/sites-available/"$sitename"_nossl 
+ln -s /etc/nginx/sites-available/"$sitename"_nossl /etc/nginx/sites-enabled/"$sitename"
+#ssl
+wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site_ssl-unconfigured >> /etc/nginx/sites-available/"$sitename"_ssl 
+sed -i -e 's/DOMAINname/'$domain'/' /etc/nginx/sites-available/"$sitename"_ssl 
+
+# custom Welcome page
+echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /usr/share/nginx/html/index.html
+
+systemctl start nginx

CoreModules/nginx_nonphp/preconf.sh

@@ -0,0 +1,6 @@
+echo "deb http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" > /etc/apt/sources.list.d/nginx.list
+curl -fsSL https://nginx.org/keys/nginx_signing.key | sudo apt-key add -
+
+#Disable PhpMyadmin and Backend cms
+disbackendcms=1
+PHPMyadmin=1

CoreModules/nginx_nonphp/ssl-handler.sh

@@ -0,0 +1,4 @@
+rm /etc/nginx/sites-enabled/"$sitename"
+ln -s /etc/nginx/sites-available/"$sitename"_ssl /etc/nginx/sites-enabled/"$sitename"
+
+systemctl reload nginx

Docs/docs/Dev-Adding-Modules.md

@@ -1,5 +1,5 @@
 # Module modes
-A module can be external(in other/external git repo) or internal(Modules/<ModuleName>).  
+A module can be external(in other/external git repo) or internal(SubModules/<ModuleName>).  
 In both cases the file structure is expected as shown below
 
 # List of possible Files and expected Structure
@@ -12,7 +12,7 @@ In both cases the file structure is expected as shown below
 * config/*
 
 ## The internal module location
-Modules/`<ModuleName>`
+SubModules/`<ModuleName>`
 
 # File Explanation
 | File Name | Description     |

ModulesMenu.list

@@ -5,6 +5,7 @@
 if [ $IMODE = n ]; then
 #WebServers
 webservers=("Nginx:" "Will install NGINX Webserver." ON)
+webservers+=("Nginx_nonphp:" "Will install NGINX Webserver without php-fpm." OFF)
 webservers+=("Apache:" "Will install Apache Webserver." OFF)
 
 ##Nginx
@@ -13,31 +14,43 @@ nginxCMSL=("None:" "A plain webserver will be setup." OFF)
 nginxCMSL+=("Wordpress:" "WordPress is a content management system based on PHP." OFF)
 nginxCMSL+=("Nextcloud:" "Nextcloud is a suite of client-server software for creating and using file hosting services." OFF)
 #Options
-nginxOptions=("Option 1:" "Option 1 Desription" OFF)
-nginxOptions+=("Option 2:" "Option 2 Desription" OFF)
-nginxOptions+=("Option 3:" "Option 3 Desription" OFF)
+nginxOptions=("Redis:" "Redis caching" OFF)
+
+##Nginx
+#CMSList
+nginx_nonphpCMSL=("None:" "A plain webserver will be setup." OFF)
+#Options
+nginx_nonphpOptions=("Redis:" "Redis caching" OFF)
 
 ##Apache
 #CMSList
 apacheCMSL=("None:" "A plain webserver will be setup." OFF)
 apacheCMSL+=("Wordpress:" "WordPress is a content management system based on PHP." OFF)
+apacheCMSL+=("Nextcloud:" "Nextcloud is a suite of client-server software for creating and using file hosting services." OFF)
 #Options
-apacheOptions=("Option 1:" "Option 1 Desription" OFF)
-apacheOptions+=("Option 2: " "Option 2 Desription" OFF)
+apacheOptions=("Redis:" "Redis caching" OFF)
+
 fi
 if [ $IMODE = l ]; then
 #WebServers
-webservers=("Nginx" "Apache" "Quit")
+webservers=("Nginx" "Nginx_nonphp"  "Apache" "Quit")
+
 ##Nginx
 #CMSList
-nginxCMSL=("Wordpress" "Nextcloud" "None")
+nginxCMSL=("None" "Wordpress" "Nextcloud")
 #Options
-nginxOptions=("Ngx Option 1:" "Ngx Option 2:" "Ngx Option 3:")
+nginxOptions=("Redis:")
 
+##Nginx-nonphp
+#CMSList
+nginx_nonphpCMSL=("None")
+#Options
+nginx_nonphpOptions=("Redis:")
 
 ##Apache
 #CMSList
-apacheCMSL=("Wordpress" "Nextcloud" "None")
+apacheCMSL=("None" "Wordpress" "Nextcloud")
 #Options
-apacheOptions=("Apa Option 1:" "Apa Option 2:" "Apa Option 3:")
+apacheOptions=("Redis:")
+
 fi

Notes.md

@@ -1,2 +0,0 @@
-### Apache config 
-set `IncludeOptional sites-enabled/*.conf` to `IncludeOptional sites-enabled/*`

PhpUpdater.sh

@@ -0,0 +1,91 @@
+#sysCheck
+if [ ! -f "/etc/ICTM/selopts.list" ] || [ ! -f "/etc/ICTM/mainvar.list" ] ; then echo 'This system is not yet setup, please run the main installer first' && exit ; fi
+
+PKGI="${PKGM} install -y --no-install-recommends"
+#Getting variables
+source /etc/ICTM/mainvar.list
+PPAversion=`apt list php | egrep -o "([0-9]{1,}.)+[0-9]{1,}" | cut -c 3-` && PPAversion=`echo $PPAversion | awk '{print $1; }'  | cut -f1 -d"+"`
+
+msg () {
+    if [ $IMODE = n ]; then
+        TERM=ansi whiptail --title "Info" --msgbox "$1" 8 52
+    fi
+    if [ $IMODE = l ]; then
+        echo "$1"
+    fi
+}
+
+msg "Current php version: $phpver"
+
+if [ $IMODE = n ]; then
+    # Legacy/Main Menu
+    PKGP="debconf-apt-progress -- apt purge -y"
+
+    #Menu
+    if (whiptail --title "Set new php version?" --yesno "Install php version $PPAversion ?" 8 78); then
+        newphpver=$PPAversion
+    else
+        newphpver=$(whiptail --inputbox "Please enter the version to install" --title "Custom" 8 39 3>&1 1>&2 2>&3)
+    fi
+
+    #Install
+     apt list --installed | less | grep php$phpver | cut -f1 -d"/" | sed "s/$phpver/$newphpver/"  | xargs $PKGI
+
+    #Config
+    cp /etc/php/$phpver/fpm/pool.d/* /etc/php/$newphpver/fpm/pool.d/
+
+    #Purge
+    if (whiptail --title "Set new php version?" --yesno "Remove php $phpver ?" 8 78); then
+       PhpPurge=1
+       $PKGP -y php$phpver*
+    else
+       PhpPurge=0
+    fi
+fi
+
+if [ $IMODE = l ]; then
+    # Legacy/Main Menu
+    PKGP="apt purge -y"
+
+    #Menu    
+    while true; do
+        read -p "Set phpversion to version $PPAversion ? -> yes/no?" yn
+        case $yn in
+            [Yy]* ) newphpver=$PPAversion
+            break;;
+            [Nn]* ) echo "";
+            echo "Please enter php version to install:";read newphpver
+            break;;
+            * ) echo "Choose yes or no.";;
+        esac
+    done
+    
+    #Install
+    apt list --installed | less | grep php$phpver | cut -f1 -d"/" | sed "s/$phpver/$newphpver/"  | xargs $PKGI
+
+    #Config
+    cp /etc/php/$phpver/fpm/pool.d/* /etc/php/$newphpver/fpm/pool.d/
+    
+    #Purge
+    while true; do
+        read -p "Remove php $phpver ? -> yes/no?" yn
+        case $yn in
+            [Yy]* ) PhpPurge=1 ; $PKGP php$phpver*
+            break;;
+            [Nn]* ) PhpPurge=0 ; echo ""
+            break;;
+            * ) echo "Choose yes or no.";;
+        esac
+    done    
+fi
+
+for f in /etc/php/$newphpver/fpm/pool.d/*; do
+    sed -i  "s/$phpver/$newphpver/" $f
+done
+systemctl reload php$newphpver-fpm
+
+sed -i "/phpver/c\phpver=\"$newphpver\"" /etc/ICTM/mainvar.list
+
+if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/phpupdate-handeler.sh; then
+ source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/phpupdate-handeler.sh)
+fi

Scripts/EnableSSL.sh

@@ -1,5 +1,7 @@
+#loading install vars
+source /etc/ICTM/mainvar.list
 #Setting Vars
-confname=CONFname
+sitename=CONFname
 domain=DOMAINname
 domainwww=DomainWWW
 email=Email
@@ -9,21 +11,40 @@ webservice=WebServer
 #Correcting service name for Apache
 if [ $webservice = apache ]; then
     webservice=apache2
+    ext=.conf
+fi
+
+#Correcting service name for nginx_nonphp
+if [ $webservice = nginx_nonphp ]; then
+    webservice=nginx
+    webserv=nginx
 fi
 
 #Backing-up and removing current config
-sed -n '/#beginConf/,/#endConf/p' /etc/"$webservice"/sites-enabled/"$confname" > /tmp/"$confname"-config
-sed -n -i '/#beginConf/{:a;N;/#endConf/!ba;N;s/.*\n/#ConfHere\n/};p' /etc/"$webservice"/sites-enabled/"$confname"
+sed -n '/#beginConf/,/#endConf/p' /etc/"$webservice"/sites-available/"$sitename"_nossl"$ext" > /tmp/"$sitename"-config
+sed -n -i '/#beginConf/{:a;N;/#endConf/!ba;N;s/.*\n/#ConfHere\n/};p' /etc/"$webservice"/sites-available/"$sitename"_nossl"$ext"
 systemctl reload $webservice
 
 #Enabling SSL
 if [ $domainwww = 1 ]; then
-   certbot --"$webserv" -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
+   certbot --"$webserv" certonly -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
 elif [ $domainwww = 0 ]; then
-   certbot --"$webserv" -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
+   certbot --"$webserv" certonly -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
 fi  
 
 #Restoring config
-sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e "/#ConfHere1/ r /tmp/"$confname"-config" -e '/#ConfHere/c\' /etc/"$webservice"/sites-enabled/"$confname"
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e "/#ConfHere1/ r /tmp/"$sitename"-config" -e '/#ConfHere/c\' /etc/"$webservice"/sites-available/"$sitename"_ssl"$ext"
+source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/ssl-handler.sh)
 
-systemctl reload $webservice
+#Remove script
+while true; do
+    read -p "Remove this script -> yes/no?" yn
+    case $yn in
+        [Nn]* )
+        break;;
+        [Yy]* )
+        rm -- "$0"
+        break;;
+        * )echo "Choose yes or no.";;
+    esac
+done

Scripts/toggles/toggle-Netdata_NGINX.sh

@@ -1,29 +1,41 @@
 function usage {
- echo "Usage: $0 [option...]" >&2
- echo
- echo "   -e,    Enable Netdata"
- echo "   -d,    Disable Netdata"
- echo
+    echo "Usage: $0 [option...]" >&2
+    echo
+    echo "   -e,    Enable Netdata"
+    echo "   -d,    Disable Netdata"
+    echo "   -h,    Shows this information"
+    echo
 }
-
-
 if [ -n "$1" ]; then
-
-if [ "$1" = "-d" ]; then
- echo "Disable Netdata"
- sed -i '/deny all; #enables\/disables Netdata/c\        deny all; #enables\/disables Netdata' /etc/nginx/sites-available/Backend
- systemctl stop netdata
- systemctl disable netdata > /dev/null 2>&1
- systemctl reload nginx
-elif [ "$1" = "-e" ]; then
- echo "Enable Netdata"
- sed -i '/deny all; #enables\/disables Netdata/c\        #deny all; #enables\/disables Netdata' /etc/nginx/sites-available/Backend
- systemctl start netdata
- systemctl enable netdata > /dev/null 2>&1
- systemctl reload nginx
+    if [[ ! -f /etc/ICTM/toggle.conf ]]; then
+        echo "Creating File"
+        touch /etc/ICTM/toggle.conf
+    fi
+    source /etc/ICTM/toggle.conf
+    if [ -z "$NetDa" ]; then
+        echo "Creating Var"
+        echo "NetDa=3" >> /etc/ICTM/toggle.conf
+        NetDa=3
+    fi
+    if [[ "$1" = "-d" && "$NetDa" != 0 ]]; then
+        echo "Disable Netdata"
+        sed -i '/NetDa=/c\NetDa=0' /etc/ICTM/toggle.conf
+        sed -i --follow-symlinks '/deny all; #enables\/disables Netdata/c\        deny all; #enables\/disables Netdata' /etc/nginx/sites-enabled/Backend
+        systemctl stop netdata
+        systemctl disable netdata > /dev/null 2>&1
+        systemctl reload nginx
+    elif [[ "$1" = "-e" && "$NetDa" !=  1 ]]; then
+        echo "Enable Netdata"
+        sed -i '/NetDa=/c\NetDa=1' /etc/ICTM/toggle.conf
+        sed -i --follow-symlinks '/deny all; #enables\/disables Netdata/c\        #deny all; #enables\/disables Netdata' /etc/nginx/sites-enabled/Backend
+        systemctl start netdata
+        systemctl enable netdata > /dev/null 2>&1
+        systemctl reload nginx
+    elif [[ "$1" = "-h" ]]; then
+        usage
+    else
+        echo "Oopsie!"
+    fi
 else
  usage
-fi
-else
- usage
-fi
+fi

Scripts/toggles/toggle-PhpMyAdmin_APACHE.sh

@@ -0,0 +1,37 @@
+function usage {
+    echo "Usage: $0 [option...]" >&2
+    echo
+    echo "   -e,    Enable PhpMyadmin"
+    echo "   -d,    Disable PhpMyadmin"
+    echo "   -h,    Shows this information"
+    echo
+}
+if [ -n "$1" ]; then
+    if [[ ! -f /etc/ICTM/toggle.conf ]]; then
+        echo "Creating File"
+        touch /etc/ICTM/toggle.conf
+    fi
+    source /etc/ICTM/toggle.conf
+    if [ -z "$PhpMA" ]; then
+        echo "Creating Var"
+        echo "PhpMA=3" >> /etc/ICTM/toggle.conf
+        PhpMA=3
+    fi
+    if [[ "$1" = "-d" && "$PhpMA" != 0 ]]; then
+        echo "Disable PhpMyadmin"
+        sed -i '/PhpMA=/c\PhpMA=0' /etc/ICTM/toggle.conf
+        sed -i --follow-symlinks '/#enables\/disables PHPMyadmin/!b;n;cdeny from all' /etc/apache2/sites-enabled/010-Backend.conf
+        systemctl reload apache2
+    elif [[ "$1" = "-e" && "$PhpMA" !=  1 ]]; then
+        echo "Enable PhpMyadmin"
+        sed -i '/PhpMA=/c\PhpMA=1' /etc/ICTM/toggle.conf
+        sed -i --follow-symlinks '/#enables\/disables PHPMyadmin/!b;n;c#deny from all' /etc/apache2/sites-enabled/010-Backend.conf
+        systemctl reload apache2
+    elif [[ "$1" = "-h" ]]; then
+        usage
+    else
+        echo "Oopsie!"
+    fi
+else
+ usage
+fi

Scripts/toggles/toggle-PhpMyAdmin_NGINX.sh

@@ -1,25 +1,37 @@
 function usage {
- echo "Usage: $0 [option...]" >&2
- echo
- echo "   -e,    Enable PhpMyadmin"
- echo "   -d,    Disable PhpMyadmin"
- echo
+    echo "Usage: $0 [option...]" >&2
+    echo
+    echo "   -e,    Enable PhpMyadmin"
+    echo "   -d,    Disable PhpMyadmin"
+    echo "   -h,    Shows this information"
+    echo
 }
-
-
 if [ -n "$1" ]; then
-
-if [ "$1" = "-d" ]; then
- echo "Disable PhpMyadmin"
- sed -i '/deny all; #enables\/disables PHPMyadmin/c\        deny all; #enables\/disables PHPMyadmin' /etc/nginx/sites-available/Backend
- systemctl reload nginx
-elif [ "$1" = "-e" ]; then
- echo "Enable PhpMyadmin"
- sed -i '/deny all; #enables\/disables PHPMyadmin/c\        #deny all; #enables\/disables PHPMyadmin' /etc/nginx/sites-available/Backend
- systemctl reload nginx
+    if [[ ! -f /etc/ICTM/toggle.conf ]]; then
+        echo "Creating File"
+        touch /etc/ICTM/toggle.conf
+    fi
+    source /etc/ICTM/toggle.conf
+    if [ -z "$PhpMA" ]; then
+        echo "Creating Var"
+        echo "PhpMA=3" >> /etc/ICTM/toggle.conf
+        PhpMA=3
+    fi
+    if [[ "$1" = "-d" && "$PhpMA" != 0 ]]; then
+        echo "Disable PhpMyadmin"
+        sed -i '/PhpMA=/c\PhpMA=0' /etc/ICTM/toggle.conf
+        sed -i --follow-symlinks '/deny all; #enables\/disables PHPMyadmin/c\        deny all; #enables\/disables PHPMyadmin' /etc/nginx/sites-enabled/Backend
+        systemctl reload nginx
+    elif [[ "$1" = "-e" && "$PhpMA" !=  1 ]]; then
+        echo "Enable PhpMyadmin"
+        sed -i '/PhpMA=/c\PhpMA=1' /etc/ICTM/toggle.conf
+        sed -i --follow-symlinks '/deny all; #enables\/disables PHPMyadmin/c\        #deny all; #enables\/disables PHPMyadmin' /etc/nginx/sites-enabled/Backend
+        systemctl reload nginx
+    elif [[ "$1" = "-h" ]]; then
+        usage
+    else
+        echo "Oopsie!"
+    fi
 else
  usage
-fi
-else
- usage
-fi
+fi

SubModules/php-fpm/apt.list

@@ -0,0 +1 @@
+phpPHPver-imagick php-pear phpPHPver-cli  phpPHPver-fpm phpPHPver-mysql phpPHPver-cgi phpPHPver-common phpPHPver-mbstring phpPHPver-curl phpPHPver-gd phpPHPver-intl phpPHPver-soap phpPHPver-xml phpPHPver-xmlrpc phpPHPver-zip 

SubModules/php-fpm/conf.sh

@@ -0,0 +1,17 @@
+systemctl stop php${phpver}-fpm 
+###############
+#   PHP-FPM   #
+###############
+
+sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/"$phpver"/fpm/php.ini
+sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' /etc/php/"$phpver"/fpm/php.ini
+sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/"$phpver"/fpm/php.ini
+sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/"$phpver"/fpm/php.ini
+sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=50000/g' /etc/php/"$phpver"/fpm/php.ini
+sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/"$phpver"/fpm/php.ini
+sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/"$phpver"/fpm/php.ini
+sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/"$phpver"/fpm/php.ini
+sed -i 's/upload_max_filesize = 2/upload_max_filesize = 128/g' /etc/php/"$phpver"/fpm/php.ini
+sed -i 's/post_max_size = 8/post_max_size = 64/g' /etc/php/"$phpver"/fpm/php.ini
+
+systemctl start php${phpver}-fpm

SubModules/redis/apt.list

@@ -0,0 +1 @@
+redis-server phpPHPver-redis

SubModules/redis/conf.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+systemctl enable --now redis-server

SubModules/redis/preconf.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+$PKGA ppa:chris-lea/redis-server -y -n > $OUTPUT 2>&1

TO-DO_FIX-CHECK.md

@@ -0,0 +1,4 @@
+# Menu Legacy
+~~Options enable/disable~~  
+WordPress hardening  
+DH-key length

TO-DO_Wanted-Features.md

@@ -0,0 +1,10 @@
+# Webservers
+* Apache
+# Modules 
+* ~~Fail2Ban~~
+
+# Other
+* ~~detection if hostname(fqdn) is same as web domain~~
+* ~~Update tool for PHP (example 7.3 to 7.4)~~
+* ~~Auto cron disable Backend admin Ui~~
+* ~~Certbot chiphers & tls1.3~~

config/fail2ban/Filters/nextcloud.filter

@@ -0,0 +1,4 @@
+[Definition]
+_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
+failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
+datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"

config/fail2ban/Filters/phpapp-AD.filter

@@ -0,0 +1,2 @@
+[Definition]
+failregex =  Access Denied from <HOST>

config/fail2ban/Filters/phpapp-UA.filter

@@ -0,0 +1,2 @@
+[Definition]
+failregex = Unauthorized Access from <HOST>

config/fail2ban/Filters/phpmyadmin-authlog.filter

@@ -0,0 +1,11 @@
+# Fail2Ban filter for the phpMyAdmin-Authlog
+#
+
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+failregex = ^%(__prefix_line)suser denied: (?:\S+|.*?) \(mysql-denied\) from <HOST>\s*$
+

config/fail2ban/Jails/nextcloud_unconfigured

@@ -0,0 +1,9 @@
+[nextcloud_SITEname]
+enabled = true
+port     = http,https
+protocol = tcp
+filter = nextcloud
+maxretry = 15
+bantime = 900
+findtime = 900
+logpath = /var/log/nextcloud/SITEname

config/fail2ban/Jails/nginx-Basic-auth_unconfigured

@@ -0,0 +1,5 @@
+[nginx-auth-SITEname]
+enabled  = true
+filter   = nginx-http-auth
+port     = http,https
+logpath  = /var/log/nginx/SITEname-error.log

config/fail2ban/Jails/phpapp_unconfigured

@@ -0,0 +1,13 @@
+[PHP-AD_SITEname]
+enabled = true
+filter = phpapp-AD
+logpath = /var/log/PHPapp/SITEname
+port = http,https
+
+[PHP-UA_SITEname]
+enabled = true
+maxretry = 20
+bantime  = 8h
+filter = phpapp-UA
+logpath = /var/log/PHPapp/SITEname
+port = http,https

config/fail2ban/Jails/phpmyadmin.jail

@@ -0,0 +1,5 @@
+[phpmyadmin]
+enabled  = true
+port    = http,https
+filter   = phpmyadmin-authlog
+logpath  = /var/log/PhpMyAdmin/PhpMyAdmin_auth.log

config/fail2ban/Jails/sshd.jail

@@ -0,0 +1,10 @@
+[sshd]
+enable = false
+
+[ssh-server]
+enabled = true
+filter = sshd
+port    = ssh
+logpath = %(sshd_log)s
+backend = %(sshd_backend)s
+protocol = tcp

config/fail2ban/Jails/wordpress-syslog.jail

@@ -0,0 +1,11 @@
+[wordpress-hard]
+enabled = true
+filter = wordpress-hard
+logpath = /var/log/auth.log
+port = http,https
+
+[wordpress-soft]
+enabled = true
+filter = wordpress-soft
+logpath = /var/log/auth.log
+port = http,https

config/fail2ban/jail.local

@@ -0,0 +1,53 @@
+[DEFAULT]
+# External command that will take an tagged arguments to ignore, e.g. <ip>,
+# and return true if the IP is to be ignored. False otherwise.
+#
+# ignorecommand = /path/to/command <ip>
+ignorecommand =
+
+# "bantime" is the number of seconds that a host is banned.
+bantime  = 10m
+
+# A host is banned if it has generated "maxretry" during the last "findtime"
+# seconds.
+findtime  = 10m
+
+# "maxretry" is the number of failures before a host get banned.
+maxretry = 5
+
+backend = auto
+
+
+
+#
+# ACTIONS
+#
+
+# Some options used for actions
+
+# Destination email address used solely for the interpolations in
+# jail.{conf,local,d/*} configuration files.
+destemail = root@localhost
+
+# Sender email address used solely for some actions
+sender = root@<fq-hostname>
+
+# E-mail action. Since 0.8.1 Fail2Ban uses sendmail MTA for the
+# mailing. Change mta configuration parameter to mail if you want to
+# revert to conventional 'mail'.
+mta = sendmail
+
+# Default protocol
+protocol = tcp
+
+# Specify chain where jumps would need to be added in ban-actions expecting parameter chain
+chain = <known/chain>
+
+# Format of user-agent https://tools.ietf.org/html/rfc7231#section-5.5.3
+fail2ban_agent = Fail2Ban/%(fail2ban_version)s
+
+#
+# Action shortcuts. To be used to define action parameter
+
+banaction = ufw
+banaction_allports = ufw

config/fail2ban/nextcloud.conf

@@ -1,4 +0,0 @@
-[Definition]
-failregex=^{"reqId":".<em>","remoteAddr":".</em>","app":"core","message":"Login failed: '.<em>' &#40;Remote IP: '<HOST>'&#41;","level":2,"time":".</em>"}$
-        ^{"reqId":".<em>","level":2,"time":".</em>","remoteAddr":".<em>","app":"core".</em>","message":"Login failed: '.<em>' &#40;Remote IP: '<HOST>'&#41;".</em>}$
-        ^.<em>\"remoteAddr\":\"<HOST>\".</em>Trusted domain error.*$

config/fail2ban/nextcloud.local

@@ -1,11 +0,0 @@
-[nextcloud]
-ignoreip = 192.168.1.0/24
-backend = auto
-enabled = true
-port = 80,443
-protocol = tcp
-filter = nextcloud
-maxretry = 3
-bantime = 36000
-findtime = 36000
-logpath = /var/nextcloud/data/nextcloud.log

config/fail2ban/sshd.local

@@ -1,6 +0,0 @@
-[sshd]
-enabled = true
-port = 4242
-filter = sshd
-logpath = /var/log/auth.log
-maxretry = 5

config/fail2ban/wordpress.conf

@@ -1,2 +0,0 @@
-[Definition]
-failregex = <HOST>.*POST.*(wp-login\.php|xmlrpc\.php).* 200

config/fail2ban/wordpress.local

@@ -1,7 +0,0 @@
-[wordpress]
-enabled = true
-port = http,https
-filter = wordpress
-logpath = /var/log/nginx/access.log
-maxretry = 10
-bantime = 3600

extModules.list

@@ -1,2 +1,3 @@
 https://git.ictmaatwerk.com/VPS-scripts/MySQL/raw/branch/master/
-https://git.ictmaatwerk.com/VPS-scripts/Unattended-Security-Updates/raw/branch/master/
+https://git.ictmaatwerk.com/VPS-scripts/Unattended-Security-Updates/raw/branch/master/
+https://git.ictmaatwerk.com/VPS-scripts/Backup-Util/raw/branch/master/

installer.sh

@@ -1,5 +1,6 @@
 #!/bin/bash
 
+
 ##--------------------##
 #   Legacy/Main Menu   #
 ##--------------------##
@@ -26,23 +27,21 @@ repo=https://git.ictmaatwerk.com/bprieshof/UBU-Web-V2
 branch=master
 #Installer-config
 phpver=7.4
-PHPMyadmin=1
-phpmyadminver="5.0.2"
+PHPMyadmin=1 #Overwriten by cms's without php
 sqlver=8.0
-cockpit=1
 TestMode=0
 #PackageManager-config
-PKGA="add-apt-repository"
-PKGI="${PKGM} install -y"
-#disable option menu
-OptMenu=D
+PKGA="add-apt-repository --no-update"
+PKGI="${PKGM} install -y --no-install-recommends"
 
 ##-------------##
 #   Test-Vars   #
 ##-------------##
 
+syscheckoff=0
 if [ $TestMode = 1 ]; then
 domain=ict-dagbesteding.nl
+sitename=ict_DB_nl
 email=b.prieshof@ictmaatwerk.com
 password=MeiFerrieSekureTESTp@ssw0rd4213
 hostname=vdh001.nxdi.nl
@@ -57,6 +56,8 @@ fi
 
 aonoption="/MySQL/"
 aonoption="$aonoption /Unattended-Security-Updates/"
+aonoption="$aonoption /Backup-Util/"
+
 
 
 ##---------------##
@@ -130,6 +131,41 @@ else
 fi
 }
 
+function HostnameQuest {
+if (whiptail --title "Config" --yesno "                          Hostname with nxdi.nl" 11 78); then
+    hostname=$(whiptail --nocancel --inputbox "                      SystemID (eg: VCH001) without ".nxdi.nl"     " 11 82 --title "Config" 3>&1 1>&2 2>&3)
+    hostname=$hostname".nxdi.nl"
+else
+    hostname=$(whiptail --nocancel --inputbox "                              Hostname" 11 78 --title "Config" 3>&1 1>&2 2>&3)
+fi
+}
+
+function LegacyHostnameQuest {
+while true; do
+    read -p "Hostname with nxdi.nl -> yes/no?" yn
+    case $yn in
+        [Nn]* )
+        echo 'Enter full hostname:'
+        read hostname
+        break;;
+        [Yy]* )
+        echo 'Hostname (eg: VCH001) without ".nxdi.nl":'
+        read hostname
+        hostname=$hostname".nxdi.nl"
+        break;;
+        * )echo "Choose yes or no.";;
+    esac
+done
+}
+
+
+##----------------##
+#   System-Check   #
+##----------------##
+
+if [[ "$syscheckoff" -ne 1 ]] && [[ -d /etc/ICTM ]]; then msg "             This system has already been installed by Web-V2" && exit; fi
+if [[ "$syscheckoff" -ne 1 ]] && [[ ! -z $(dpkg -l | cut -d " " -f 3 | grep "^mysql-server") || ! -z $(dpkg -l | cut -d " " -f 3 | grep "nginx") || ! -z $(dpkg -l | cut -d " " -f 3 | grep "apache") || ! -z $(dpkg -l | cut -d " " -f 3 | grep "php") ]] ; then msg " This system has installed packages, Web-V2 is designed for clean systems" && exit; fi
+
 
 ##--------------------------##
 #   Installer-Requirements   #
@@ -150,13 +186,29 @@ source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/ModulesM
 if [ $IMODE = n ]; then
 if [ $TestMode = 0 ]; then
 domain=$(whiptail --nocancel --inputbox "                        Enter the domain without WWW     " 11 82 --title "Config" 3>&1 1>&2 2>&3)
-if (whiptail --title "Config" --yesno "                 Does www.${domain} exist in DNS" 8 78); then domainwww=1; else domainwww=0; fi
-if (whiptail --title "Config" --yesno "                          Hostname with nxdi.nl" 11 78); then
-    hostname=$(whiptail --nocancel --inputbox "                      SystemID (eg: VCH001) without ".nxdi.nl"     " 11 82 --title "Config" 3>&1 1>&2 2>&3)
-    hostname=$hostname".nxdi.nl"
+if (whiptail --title "Set sitename?" --yesno "Set sitename to ${domain//./_} ?" 8 78); then
+    sitename=${domain//./_}
 else
-    hostname=$(whiptail --nocancel --inputbox "                              Hostname" 11 78 --title "Config" 3>&1 1>&2 2>&3)
+while true; do
+  sitename=$(whiptail --nocancel --inputbox "Enter sitename, Must NOT contain special characters, except: _" 8 78 --title "Sitename" 3>&1 1>&2 2>&3)
+  if [[ $sitename == *['!'@#\$%^\&*()+,.]* ]] || [ -z "$sitename" ]
+  then
+     whiptail  --msgbox "   Site can't be empty, or contain a special character except for: _" 11 78
+  else 
+  break
+  fi
+done
 fi
+while true; do
+  HostnameQuest
+  if [[ "$hostname" == "$domain" ]] || [ -z "$hostname" ]
+  then
+     whiptail  --msgbox "   Hostname can't be empty, or be the same as the domain" 11 78
+  else 
+  break
+
+  fi
+done
 if (whiptail --title "Config" --yesno "                       Enable SSL on installation?" 11 78); then
    sslenable=1
 else
@@ -182,23 +234,35 @@ while true; do
         break;;
         [Nn]* ) domainwww=0
         break;;
-        * ) echo "Choose yes of no.";;
+        * ) echo "Choose yes or no.";;
     esac
 done
+read -p "Set sitename to ${domain//./_}? (y/n)" choice
+case "$choice" in
+  y|Y ) sitename=${domain//./_};;
+  n|N ) echo "";
+  while true; do
+  echo "Please enter sitename, Must NOT contain special characters, except: _";read sitename
+  if [[ $sitename == *['!'@#\$%^\&*()+,.]* ]] || [ -z "$sitename" ]
+  then
+     echo "Site can't be empty, or contain a special character except for: _"
+  else 
+  break
+  fi
+done
+  ;;
+  * ) echo "invalid";;
+esac
 while true; do
-    read -p "Hostname with nxdi.nl -> yes/no?" yn
-    case $yn in
-        [Nn]* )
-        echo 'Enter full hostname:'
-        read hostname
-        break;;
-        [Yy]* )
-        echo 'Hostname (eg: VCH001) without ".nxdi.nl":'
-        read hostname
-        hostname=$hostname".nxdi.nl"
-        break;;
-        * )echo "Choose yes or no.";;
-    esac
+  LegacyHostnameQuest
+  
+  if [[ "$hostname" == "$domain" ]] || [ -z "$hostname" ]
+  then
+     echo "Hostname can't be empty, or be the same as the domain"
+  else 
+  break
+
+  fi
 done
 while true; do
     read -p "Enable SSL on installation? -> yes/no?" yn
@@ -207,7 +271,7 @@ while true; do
         break;;
         [Nn]* ) sslenable=0
         break;;
-        * ) echo "Choose yes of no.";;
+        * ) echo "Choose yes or no.";;
     esac
 done
 LegacyPasswordQuest
@@ -244,18 +308,18 @@ printf " " >>/tmp/apt.list
 #   Storeing vars   #
 ##-----------------##
 
-mkdir /etc/ICTM
+mkdir -p /etc/ICTM/sites
 echo "InstDate=$(date "+%d-%B-%Y")" >> /etc/ICTM/mainvar.list
 for storeme in PKGM PKGA PKGI OUTPUT IMODE repo branch webserv phpver sqlver PHPMyadmin email hostname; do
     declare -p $storeme | cut -d ' ' -f 3- >> /etc/ICTM/mainvar.list
 done
 
+touch /etc/ICTM/sites/"$sitename"
 
 ##----------##
 #   Addons   #
 ##----------##
 ##DisableOPtionMenu
-if [ $OptMenu != D ]; then
 if [ $IMODE = n ]; then
 option=$(whiptail --nocancel --title "Additional modules" --checklist "Features" 11 110 5 "${options[@]}" 3>&1 1>&2 2>&3)
 fi
@@ -269,14 +333,13 @@ topt=${opt//+/}
 topt="${topt%"${topt##*[![:space:]]}"}"  
 topt=\"$topt\"
 option=${option//"$topt"/}
-unset $topt
+unset topt
 else
 opts[choice]=+
 opt="${opt%"${opt##*[![:space:]]}"}"   
 option+="\"$opt\" "
 fi
 }
-echo "The first selection will always return invalid option, please enter the first option twice"
 PS3='Which addons should be installed?'
 while :
 do
@@ -302,13 +365,17 @@ done
 done 
 option="${option%"${option##*[![:space:]]}"}"
 fi
-##DisableOPtionMenu
-fi
 #saving selected modules
 echo 'SelectedOptions=('$option')' > /etc/ICTM/selopts.list
 
 #Cleaning options from menu
 option="${option,,}" && option="${option// /}" && option="${option//:/ }" && option="${option//'"'}"
+
+#enableing modules wanted by webserver
+if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/reqmodules.sh; then
+ source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/reqmodules.sh)
+fi
+
 #Combining selected option with always-on options
 option="$option""$aonoption"
 
@@ -473,23 +540,36 @@ for val1 in ${option[*]}; do
 done
 
 
-msg "                Setting up SSL" 8 78
 if [ $sslenable = 1 ]; then
-if [ $domainwww = 1 ]; then
-    certbot --"$webserv" -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
-elif [ $domainwww = 0 ]; then
-    certbot --"$webserv" -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
-fi
-    certbot --"$webserv" -n -d "$hostname" -m "$email" --hsts --redirect --no-eff-email --agree-tos
+    msg "                Setting up SSL" 8 78
+    if [ $webserv = nginx_nonphp ]; then
+        certwebserv=nginx
+    else
+        certwebserv=$webserv
+    fi
+    site_ext=ssl
+    if [ $domainwww = 1 ]; then
+        certbot --"$certwebserv" certonly -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
+    elif [ $domainwww = 0 ]; then
+        certbot --"$certwebserv" certonly -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
+    fi
+    certbot --"$certwebserv" certonly -n -d "$hostname" -m "$email" --hsts --redirect --no-eff-email --agree-tos
+    if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/ssl-handler.sh; then
+        sslfr=1 source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/ssl-handler.sh)
+    fi
+elif [ $sslenable = 0 ]; then
+    site_ext=nossl
 fi
 
 wget -q -t7 "$repo"/raw/branch/"$branch"/Scripts/EnableSSL.sh -O ~/activateSSL-$domain.sh
-sed -i -e 's/DOMAINname/'$domain'/' -e 's/CONFname/'$domain'/' -e 's/DomainWWW/'$domainwww'/' -e 's/Email/'$email'/' -e 's/WebServer/'$webserv'/' ~/activateSSL-$domain.sh
+sed -i -e 's/DOMAINname/'$domain'/' -e 's/CONFname/'$sitename'/' -e 's/DomainWWW/'$domainwww'/' -e 's/Email/'$email'/' -e 's/WebServer/'$webserv'/' ~/activateSSL-$domain.sh
 
+if [ -z $disbackendcms ]; then
 wget -q -t7 "$repo"/raw/branch/"$branch"/Scripts/EnableSSL.sh -O ~/activateSSL-Backend.sh
 sed -i -e 's/DOMAINname/'$hostname'/' -e 's/CONFname/'Backend'/' -e 's/DomainWWW/'0'/' -e 's/Email/'$email'/' -e 's/WebServer/'$webserv'/' ~/activateSSL-Backend.sh
+fi
 
-#Configuring CMS
+msg "                Configuring CMS"
 if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CMS/"$CMS"/conf.sh; then
  source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CMS/"$CMS"/conf.sh)
 fi
@@ -497,20 +577,25 @@ if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$re
  source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CMS/"$CMS"/"$webserv"-conf.sh)
 fi
 
+if [ -z $disbackendcms ]; then
+if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CMS/Backend/conf.sh; then
+ source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CMS/Backend/conf.sh)
+fi
 if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CMS/Backend/"$webserv"-conf.sh; then
  source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CMS/Backend/"$webserv"-conf.sh)
 fi
-
+fi
 
 ##------------##
 #   Services   #
 ##------------##
 
-systemctl restart sshd
+systemctl reload sshd fail2ban postfix postfix@- 
 
 
 ##-------##
 #   Done  #
 ##-------##
 
-msg "                Done installing!"
+msg "                Done installing!"
+for f in /etc/update-motd.d/51*; do bash $f; done