Main, reset branch to master after merge

Reviewed-on: https://git.ictmaatwerk.com/VPS-scripts/Web-V2/pulls/14

AppendCMS.sh

@@ -1,33 +1,47 @@
+#!/bin/bash
+
+###############################
+# @author: Bram Prieshof      #
+# @author: Branco van de Waal #
+###############################
+
+itype=AddCMS
+ScriptCompat=2
+
 ##-----------------##
 #   Fetching Vars   #
 ##-----------------##
 
 if [ ! -f "/etc/ICTM/selopts.list" ] || [ ! -f "/etc/ICTM/mainvar.list" ] ; then echo 'This system is not yet setup, please run the main installer first' && exit ; fi
 
-
 source /etc/ICTM/selopts.list
 source /etc/ICTM/mainvar.list
-source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/ModulesMenu.list)
+if  [ -z ${CompatVer} ] || [ "$CompatVer" -lt "$ScriptCompat" ]; then   echo "Web-V2 is outdated, Please run the Compat-V*.sh updater from the repo, Current version= $CompatVer" && exit ; fi
+
+if [ -z $shortdist ] ; then source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/MicroOSDetect.sh) ; fi
+if [ $webserv != nginx_nonphp ]; then
+    if [ ! -f "/etc/ICTM/phpvar.list" ] ; then bash <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/GeneratePhplist.sh) ; fi
+    source /etc/ICTM/phpvar.list
+fi
+if [ $webserv = apache ]; then
+    if [ ! -f "/etc/ICTM/apachevar.list" ] ; then bash <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/GenerateApacheList.sh) ; fi
+    source /etc/ICTM/apachevar.list
+fi
+rm /tmp/pkg.list > $OUTPUT 2>&1
+source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/ModulesMenu.list)
 
 #Setting Menulist to webserver
-if [[ $webserv = "apache" ]]; then
-#Apache Menulist
-CMSL=("${ApacheCMSL[@]}")
-options=("${ApacheOptions[@]}")
-fi
-if [[ $webserv = "nginx" ]]; then
-#Nginx Menulist
-CMSL=("${NginxCMSL[@]}")
-options=("${NginxOptions[@]}")
-fi
+declare -n CMSL="$webserv"CMSL
+declare -n options="$webserv"Options
 
 
 ##----------------##
 #    Static-Vars   #
 ##----------------##
 
-ignphpcms=1
-
+#Options var setup for enabled sub-modules
+EnOption="${SelectedOptions[@],,}" && EnOption="${EnOption// /}" && EnOption="${EnOption//:/ }" && EnOption="${EnOption//'"'}"
+EnOption="$EnOption""${EnabledAons[@]}"
 
 ##---------------##
 #    Functions    #
@@ -80,6 +94,19 @@ if [ $IMODE = n ]; then
     domain=$(whiptail --nocancel --inputbox "                        Enter the domain without WWW     " 11 82 --title "Config" 3>&1 1>&2 2>&3)
     [[ -d "/var/www/"$domain"/html" ]] && msg "              This domain already exists on this server, Exiting" 8 78 && exit;
     if (whiptail --title "Config" --yesno "                 Does www.${domain} exist in DNS" 8 78); then domainwww=1; else domainwww=0; fi
+    if (whiptail --title "Set sitename?" --yesno "Set sitename to ${domain//./_} ?" 8 78); then
+    sitename=${domain//./_}
+    else
+    while true; do
+      sitename=$(whiptail --nocancel --inputbox "Enter sitename, Must NOT contain special characters, except: _" 8 78 --title "Sitename" 3>&1 1>&2 2>&3)
+      if [[ $sitename == *['!'@#\$%^\&*()+,.]* ]] || [ -z "$sitename" ]
+      then
+         whiptail  --msgbox "   Site can't be empty, or contain a special character except for: _" 11 78
+      else 
+      break
+      fi
+    done
+    fi
     if (whiptail --title "Config" --yesno "                       Enable SSL on installation?" 11 78); then sslenable=1; else sslenable=0; fi
     PasswordQuest
     CMS=$(whiptail --title "What CMS should be installed?" --radiolist "Features" 11 118 5 "${CMSL[@]}" 3>&1 1>&2 2>&3)
@@ -101,6 +128,23 @@ if [ $IMODE = l ]; then
             * ) echo "Choose yes of no.";;
         esac
     done
+    read -p "Set sitename to ${domain//./_}? (y/n)" choice
+    case "$choice" in
+      y*|Y* ) sitename=${domain//./_};;
+      n*|N* ) echo "";
+      while true; do
+      echo "Please enter sitename, Must NOT contain special characters, except: _";read sitename
+      if [[ $sitename == *['!'@#\$%^\&*()+,.]* ]] || [ -z "$sitename" ]
+      then
+         echo "Site can't be empty, or contain a special character except for: _"
+      else 
+      break
+      fi
+    done
+      ;;
+      * ) echo "invalid";;
+    esac
+
     while true; do
         read -p "Enable SSL on installation? -> yes/no?" yn
         case $yn in
@@ -122,22 +166,37 @@ if [ $IMODE = l ]; then
     done
 fi
 
-#Cleaning options from menu
+#Cleaning CMS from menu
 CMS="${CMS//:}" && CMS="${CMS,,}"
 
+##-----------------##
+#   Storeing vars   #
+##-----------------##
+
+touch /etc/ICTM/sites/"$sitename"
+
 
 ##-----------##
 #   AptList   #
 ##-----------##
+msg "        Generating apt list for CMS"
 
-if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CMS/"$CMS"/apt.list >>/tmp/apt.list; then
-    curl "$repo"/raw/branch/"$branch"/CMS/"$CMS"/apt.list >>/tmp/apt.list
-    printf " " >>/tmp/apt.list
+if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/generic.pkg.list; then
+    curl -s "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/generic.pkg.list >>/tmp/pkg.list
+    printf " " >>/tmp/pkg.list
+fi
+if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/"$PKGLIST".pkg.list; then
+    curl -s "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/"$PKGLIST".pkg.list >>/tmp/pkg.list
+    printf " " >>/tmp/pkg.list
 fi
 
-if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CMS/"$CMS"/"$webserv"-apt.list; then
-    curl "$repo"/raw/branch/"$branch"/CMS/"$CMS"/"$webserv"-apt.list >>/tmp/apt.list
-    printf " " >>/tmp/apt.list
+if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/"$webserv"-generic.pkg.list; then
+    curl -s "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/"$webserv"-generic.pkg.list >>/tmp/pkg.list
+    printf " " >>/tmp/pkg.list
+fi
+if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/"$webserv"-"$PKGLIST".pkg.list; then
+    curl -s "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/"$webserv"-"$PKGLIST".pkg.list >>/tmp/pkg.list
+    printf " " >>/tmp/pkg.list
 fi
 
 
@@ -145,55 +204,129 @@ fi
 #   Preconf   #
 ##-----------##
 
-echo "Running preconf for Webserv"
-if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/appendCMS-preconf.sh; then
-    source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/appendCMS-preconf.sh)
+msg "           Running preconf for Webserv"
+if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/appendCMS-preconf.sh; then
+    source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/appendCMS-preconf.sh)
 fi
 
-echo "Running preconf for CMS"
-if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CMS/"$CMS"/preconf.sh; then
-    source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CMS/"$CMS"/preconf.sh)
+msg "            Running preconf for CMS"
+if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/preconf.sh; then
+    source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/preconf.sh)
 fi
 
-if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CMS/"$CMS"/"$webserv"-preconf.sh; then
-    source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CMS/"$CMS"/"$webserv"-preconf.sh)
+if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/"$webserv"-preconf.sh; then
+    source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/"$webserv"-preconf.sh)
 fi
 
+#Preconfiguring module For CMS
+for val1 in ${EnOption[*]}; do
+    modListed=$(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/extModules.list|grep "$val1")
+    #Checking
+    if test -z "$modListed"
+    then
+        #Fetching from local repo
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/CMSHook-preconf.sh; then
+            source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/CMSHook-preconf.sh)
+        fi
+    else
+        #Fetching from remote repo
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed"CMSHook-preconf.sh; then
+            source <(curl --retry 7 --retry-delay 5 -s "$modListed"CMSHook-preconf.sh)
+        fi
+    fi
+done
 
 ##-------------##
 #   Installer   #
 ##-------------##
 
-$PKGM update
-sed -i 's/PHPver/'$phpver'/g' /tmp/apt.list
-cat /tmp/apt.list | xargs $PKGI
+$PKGUC
+sed -i 's/PHPprefix/'$phpPkgName'/g' /tmp/pkg.list
+cat /tmp/pkg.list | xargs $PKGI
 
 
 ##---------------##
 #   Configuring   #
 ##---------------##
 
-echo "Running conf for Webserv"
-if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/appendCMS-conf.sh; then
-    source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/appendCMS-conf.sh)
+msg "           Running conf for Webserv"
+if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/appendCMS-conf.sh; then
+    source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/appendCMS-conf.sh)
 fi
 
-echo "Setting up SSL"
 if [ $sslenable = 1 ]; then
-    if [ $domainwww = 1 ]; then
-        certbot --"$webserv" -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
-    elif [ $domainwww = 0 ]; then
-        certbot --"$webserv" -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
+msg "                Setting up SSL"
+    if [ $webserv = nginx_nonphp ]; then
+        certwebserv=nginx
+    else
+        certwebserv=$webserv
     fi
+    site_ext=ssl
+    if [ $domainwww = 1 ]; then
+        /opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --"$certwebserv" --ocsp --keylength 'ec-384' -d "$domain" -d "www.$domain" > $OUTPUT 2>&1
+        certsatus=$?
+    elif [ $domainwww = 0 ]; then
+        /opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --"$certwebserv" --ocsp --keylength 'ec-384' -d "$domain" > $OUTPUT 2>&1
+        certsatus=$?
+    fi
+    if test $certsatus -eq 0
+    then
+        site_ext="ssl"
+    else
+        site_ext="nossl"
+        rm -rf /etc/acmesh/certs/$domain*
+    fi
+    unset certsatus
+    if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/ssl-handler.sh; then
+        source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/ssl-handler.sh)
+    fi
+elif [ $sslenable = 0 ]; then
+    site_ext=nossl
 fi
 
-wget -q -t7 "$repo"/raw/branch/"$branch"/Scripts/EnableSSL.sh -O ~/activateSSL-$domain.sh
-sed -i -e 's/DOMAINname/'$domain'/' -e 's/CONFname/'$domain'/' -e 's/DomainWWW/'$domainwww'/' -e 's/Email/'$email'/' -e 's/WebServer/'$webserv'/' ~/activateSSL-$domain.sh
-
-echo "Running conf for CMS"
-if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CMS/"$CMS"/conf.sh; then
-    source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CMS/"$CMS"/conf.sh)
+if [ $site_ext = nossl ]; then
+    curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/EnableSSL.sh -o ~/activateSSL-$domain.sh
+    sed -i -e 's/DOMAINname/'$domain'/' -e 's/CONFname/'$sitename'/' -e 's/DomainWWW/'$domainwww'/' -e 's/Email/'$email'/' -e 's/WebServer/'$webserv'/' ~/activateSSL-$domain.sh
 fi
-if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CMS/"$CMS"/"$webserv"-conf.sh; then
-    source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CMS/"$CMS"/"$webserv"-conf.sh)
-fi
+
+msg "              Running conf for CMS"
+if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/conf.sh; then
+    source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/conf.sh)
+fi
+if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/"$webserv"-conf.sh; then
+    source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/"$webserv"-conf.sh)
+fi
+
+#Configuring Module for CMS
+
+for val1 in ${EnOption[*]}; do
+    modListed=$(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/extModules.list|grep "$val1")
+    #Checking
+    if test -z "$modListed"
+    then
+        #Fetching from local repo
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/CMSHook-conf.sh; then
+            source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/CMSHook-conf.sh)
+        fi
+    else
+        #Fetching from remote repo
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed"CMSHook-conf.sh; then
+            source <(curl --retry 7 --retry-delay 5 -s "$modListed"CMSHook-conf.sh)
+        fi
+    fi
+done
+
+
+
+##------------##
+#   Services   #
+##------------##
+
+systemctl reload fail2ban
+
+##-------##
+#   Done  #
+##-------##
+
+msg "                Added CMS!"
+if stat --printf='' /etc/update-motd.d/51* 2>/dev/null; then for f in /etc/update-motd.d/51*; do bash $f; done; fi

AppendModule.sh

@@ -1,29 +1,38 @@
+#!/bin/bash
+
+###############################
+# @author: Bram Prieshof      #
+# @author: Branco van de Waal #
+###############################
+
+itype=AddMod
+ScriptCompat=2
+
 ##-----------------##
 #   Fetching Vars   #
 ##-----------------##
 
 if [ ! -f "/etc/ICTM/selopts.list" ] || [ ! -f "/etc/ICTM/mainvar.list" ] ; then echo 'This system is not yet setup, please run the main installer first' && exit ; fi
 
-
-##-----------------##
-#   Fetching Vars   #
-##-----------------##
-
 source /etc/ICTM/selopts.list
 source /etc/ICTM/mainvar.list
-source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/ModulesMenu.list)
+if  [ -z ${CompatVer} ] || [ "$CompatVer" -lt "$ScriptCompat" ]; then   echo "Web-V2 is outdated, Please run the Compat-V*.sh updater from the repo, Current version= $CompatVer" && exit ; fi
+
+if [ -z $shortdist ] ; then source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/MicroOSDetect.sh) ; fi
+if [ $webserv != nginx_nonphp ]; then
+    if [ ! -f "/etc/ICTM/phpvar.list" ] ; then bash <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/GeneratePhplist.sh) ; fi
+    source /etc/ICTM/phpvar.list
+fi
+if [ $webserv = apache ]; then
+    if [ ! -f "/etc/ICTM/apachevar.list" ] ; then bash <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/GenerateApacheList.sh) ; fi
+    source /etc/ICTM/apachevar.list
+fi
+rm /tmp/pkg.list
+source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/ModulesMenu.list)
 
 #Setting Menulist to webserver
-if [[ $webserv = "apache" ]]; then
-#Apache Menulist
-CMSL=("${ApacheCMSL[@]}")
-options=("${ApacheOptions[@]}")
-fi
-if [[ $webserv = "nginx" ]]; then
-#Nginx Menulist
-CMSL=("${NginxCMSL[@]}")
-options=("${NginxOptions[@]}")
-fi
+declare -n CMSL="$webserv"CMSL
+declare -n options="$webserv"Options
 
 #Filtering already installed modules
 for target in "${SelectedOptions[@]}"; do
@@ -92,7 +101,7 @@ fi
 
 if [ $IMODE = n ]; then
 	PasswordQuest
-	option=$(whiptail --title "Title" --checklist "Features" 11 110 5 "${options[@]}" 3>&1 1>&2 2>&3)
+	option=$(whiptail --title "Config" --checklist "Features" 11 110 5 "${options[@]}" 3>&1 1>&2 2>&3)
 	[[ "$?" = 1 ]] && msg "              Quiting installer" 8 78 && exit;
 fi
 
@@ -155,31 +164,46 @@ option="$option""$aonoption"
 ##-----------##
 
 
-echo "Generating apt list for Options"
+msg "        Generating apt list for Options"
 for val1 in ${option[*]}; do
-    echo "$val1" #TMP
-    modListed=$(wget -t7 -qO - "$repo"/raw/branch/master/extModules.list|grep "$val1")
+    modListed=$(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/extModules.list|grep "$val1")
     #Checking
     if test -z "$modListed"
     then
         #Fetching from local repo
-        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/SubModules/"$val1"/apt.list; then
-           curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/SubModules/"$val1"/apt.list >>/tmp/apt.list
-           printf " " >>/tmp/apt.list
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/generic.pkg.list; then
+           curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/generic.pkg.list >>/tmp/pkg.list
+           printf " " >>/tmp/pkg.list
         fi
-        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/SubModules/"$val1"/"$webserv"-apt.list; then
-           curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/SubModules/"$val1"/"$webserv"-apt.list >>/tmp/apt.list
-           printf " " >>/tmp/apt.list
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/"$webserv"-generic.pkg.list; then
+           curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/"$webserv"-generic.pkg.list >>/tmp/pkg.list
+           printf " " >>/tmp/pkg.list
+        fi
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/"$PKGLIST".pkg.list; then
+           curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/"$PKGLIST".pkg.list >>/tmp/pkg.list
+           printf " " >>/tmp/pkg.list
+        fi
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/"$webserv"-"$PKGLIST".pkg.list; then
+           curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/"$webserv"-"$PKGLIST".pkg.list >>/tmp/pkg.list
+           printf " " >>/tmp/pkg.list
         fi
     else
         #Fetching from remote repo
-        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed"apt.list; then
-           curl --retry 7 --retry-delay 5 -s "$modListed"apt.list >>/tmp/apt.list
-           printf " " >>/tmp/apt.list
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed"generic.pkg.list; then
+           curl --retry 7 --retry-delay 5 -s "$modListed"generic.pkg.list >>/tmp/pkg.list
+           printf " " >>/tmp/pkg.list
         fi
-        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed""$webserv"-apt.list; then
-           curl "$modListed""$webserv"-apt.list >>/tmp/apt.list
-           printf " " >>/tmp/apt.list
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed""$webserv"-generic.pkg.list; then
+           curl "$modListed""$webserv"-generic.pkg.list >>/tmp/pkg.list
+           printf " " >>/tmp/pkg.list
+        fi
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed""$PKGLIST".pkg.list; then
+           curl --retry 7 --retry-delay 5 -s "$modListed""$PKGLIST".pkg.list >>/tmp/pkg.list
+           printf " " >>/tmp/pkg.list
+        fi
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed""$webserv"-"$PKGLIST".pkg.list; then
+           curl "$modListed""$webserv"-"$PKGLIST".pkg.list >>/tmp/pkg.list
+           printf " " >>/tmp/pkg.list
         fi
     fi
 done
@@ -189,19 +213,19 @@ done
 #   Preconf   #
 ##-----------##
 
-echo "Running preconf for Options"
+msg "          Running preconf for Options"
 for val1 in ${option[*]}; do
-    echo "$val1" #TMP
-    modListed=$(wget -t7 -qO - "$repo"/raw/branch/master/extModules.list|grep "$val1")
+    msg "Pre-configuring  $val1"
+    modListed=$(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/extModules.list|grep "$val1")
     #Checking
     if test -z "$modListed"
     then
         #Fetching from local repo
-        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/SubModules/"$val1"/preconf.sh; then
-        source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/SubModules/"$val1"/preconf.sh)
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/preconf.sh; then
+        source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/preconf.sh)
         fi
-        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/SubModules/"$val1"/"$webserv"-preconf.sh; then
-            source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/SubModules/"$val1"/"$webserv"-preconf.sh)
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/"$webserv"-preconf.sh; then
+            source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/"$webserv"-preconf.sh)
         fi
     else
         #Fetching from remote repo
@@ -219,28 +243,28 @@ done
 #   Installer   #
 ##-------------##
 
-$PKGM update
-sed -i 's/PHPver/'$phpver'/g' /tmp/apt.list
-cat /tmp/apt.list | xargs $PKGI
+$PKGUC
+sed -i 's/PHPprefix/'$phpPkgName'/g' /tmp/pkg.list
+cat /tmp/pkg.list | xargs $PKGI
 
 
 ##---------------##
 #   Configuring   #
 ##---------------##
 
-echo "Running conf for Options"
+msg "            Running conf for Options"
 for val1 in ${option[*]}; do
-    echo "$val1" #TMP
-    modListed=$(wget -t7 -qO - "$repo"/raw/branch/master/extModules.list|grep "$val1")
+    msg "Configuring  $val1"
+    modListed=$(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/extModules.list|grep "$val1")
     #Checking
     if test -z "$modListed" 
     then
         #Fetching from local repo
-        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/SubModules/"$val1"/conf.sh; then
-        source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/SubModules/"$val1"/conf.sh)
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/conf.sh; then
+        source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/conf.sh)
         fi
-        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/SubModules/"$val1"/"$webserv"-conf.sh; then
-            source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/SubModules/"$val1"/"$webserv"-conf.sh)
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/"$webserv"-conf.sh; then
+            source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/"$webserv"-conf.sh)
         fi
     else
         #Fetching from remote repo
@@ -252,3 +276,11 @@ for val1 in ${option[*]}; do
         fi
     fi
 done
+
+
+##-------##
+#   Done  #
+##-------##
+
+msg "                Added Module!"
+if stat --printf='' /etc/update-motd.d/51* 2>/dev/null; then for f in /etc/update-motd.d/51*; do bash $f; done; fi

CMS/Backend/Fpm-Pool.conf-unconfigured

@@ -0,0 +1,28 @@
+[Backend]
+user = Backend
+group = Backend
+listen = /var/run/php/phpPHPver-fpm-Backend.sock
+listen.owner = www-data
+listen.group = www-data
+php_admin_value[disable_functions] = exec,passthru,shell_exec,system
+php_admin_value[opcache.enable] = 0      
+php_admin_value[max_input_vars] = 5000                                                                                                                                                                                                                                         
+php_admin_value[upload_max_filesize] = 256M                                                                                                                                                                                                                                    
+php_admin_value[post_max_size] = 16M                                                                                                                                                                                                                                           
+php_admin_value[max_input_time] = 15                                                                                                                                                                                                                                           
+php_admin_value[cgi.fix_pathinfo] = 0                                                                                                                                                                                                                                          
+php_admin_value[allow_url_fopen] = Off                                                                                                                                                                                                                                         
+php_admin_value[file_uploads] = On                                                                                                                                                                                                                                   
+php_admin_value[open_basedir] = /var/log/PhpMyAdmin:/usr/share/phpmyadmin:/var/lib/phpmyadmin:/etc/phpmyadmin:/tmp                                                                                                                                                                                                                 
+php_admin_value[session.use_strict_mode] = 1                                                                                                                                                                                                                                   
+php_admin_value[session.cookie_httponly] = 1                                                                                                                                                                                                                                   
+;HTTPSONLY php_admin_value[session.cookie_samesite] = Strict                                                                                                                                                                                                                              
+;HTTPSONLY php_admin_value[session.cookie_secure] = 1                                                                                                                                                                                                                                     
+                                                                                                                                                                                                                                                                               
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+chdir = /
+

CMS/Backend/apache-conf.sh

@@ -0,0 +1,4 @@
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/Backend/apache-siteBackend-unconfigured -o /tmp/apache-siteconf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$hostname'/g' /tmp/apache-siteconf
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' "$apacheConfDir"/sites-available/Backend_"$siteBackend_ext".conf
+systemctl reload $apacheService

CMS/Backend/apache-siteBackend-unconfigured

@@ -0,0 +1,35 @@
+#beginConf
+
+ErrorLog ${APACHE_LOG_DIR}/Backend_error.log
+#CustomLog ${APACHE_LOG_DIR}/Backend_custom.log combined
+
+DirectoryIndex index.php index.html index.htm
+DocumentRoot /var/www/html
+
+Alias /backend/database /usr/share/phpmyadmin
+
+<Directory /usr/share/phpmyadmin>
+    #enables/disables PHPMyadmin
+    deny from all
+    Require all granted
+    Options FollowSymLinks
+    DirectoryIndex index.php
+<FilesMatch \.php$>
+    SetHandler "proxy:unix:/var/run/php/phpPHPver-fpm-Backend.sock|fcgi://localhost"
+</FilesMatch>
+
+</Directory>
+
+<Location /backend/monit>
+    RewriteEngine on
+    RewriteRule /backend/monit /backend/monit/$1 [R]
+</Location>
+<Location /backend/monit/>
+    #enables/disables monit-websocket
+    deny from all
+    ProxyPass unix:/var/run/monit/monit.sock|http://127.0.0.1/
+    ProxyPassReverse unix:/var/run/monit/monit.sock|http://127.0.0.1/
+</Location>
+
+
+#endConf

CMS/Backend/conf.sh

@@ -0,0 +1,15 @@
+#Backend PHP Pool
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/Backend/Fpm-Pool.conf-unconfigured -o "$phpPoolDir"/Backend.conf
+sed -i 's/PHPver/'$phpver'/' "$phpPoolDir"/Backend.conf
+groupadd Backend
+useradd -g Backend Backend
+#PHPMyAdmin configuration
+touch /var/log/PhpMyAdmin/PhpMyAdmin_auth.log
+chown Backend:Backend -R /usr/share/phpmyadmin
+chown Backend:Backend -R /var/lib/phpmyadmin/tmp
+chown Backend:Backend -R /var/log/PhpMyAdmin
+systemctl reload "$phpFPMService"
+#Auto disable backends at night
+echo "0 0 * * * root bash /opt/toggle/toggle-Netdata.sh -d > /dev/null 2>&1" >> /etc/cron.d/autodisablebackend
+echo "0 0 * * * root bash /opt/toggle/toggle-PhpMyAdmin.sh -d > /dev/null 2>&1" >> /etc/cron.d/autodisablebackend
+echo "0 0 * * * root bash /opt/toggle/toggle-MonitWebui.sh -d > /dev/null 2>&1" >> /etc/cron.d/autodisablebackend

CMS/Backend/nginx-conf.sh

@@ -1,4 +1,4 @@
-wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/Backend/nginx-siteBackend-unconfigured -O /tmp/nginx-backendconf
-sed -i -e 's/PHPver/'$phpver'/' -e 's/DOMAINname/'$hostname'/' /tmp/nginx-backendconf
-sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-backendconf' -e '/#ConfHere/c\' /etc/nginx/sites-enabled/Backend
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/Backend/nginx-siteBackend-unconfigured -o /tmp/nginx-backendconf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$hostname'/g' /tmp/nginx-backendconf
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-backendconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/Backend_"$siteBackend_ext"
 systemctl reload nginx

CMS/Backend/nginx-siteBackend-unconfigured

@@ -1,4 +1,8 @@
 #beginConf
+
+#access_log /var/log/nginx/Backend-access.log;
+error_log /var/log/nginx/Backend-error.log;
+
 location = /backend/netdata {
             return 301 /backend/netdata/;
         }
@@ -25,11 +29,16 @@ location = /backend/netdata {
             include fastcgi_params;
             fastcgi_param SCRIPT_FILENAME $request_filename;
             fastcgi_split_path_info ^(.+\.php)(/.+)$;
-            fastcgi_pass unix:/var/run/php/phpPHPver-fpm.sock;
+            fastcgi_pass unix:/var/run/php/phpPHPver-fpm-Backend.sock;
             fastcgi_index index.php;
         }
     }
     
+    location /backend/monit/ {
+        deny all; #enables/disables monit-websocket
+        proxy_pass http://unix:/var/run/monit/monit.sock:/;
+    }
+
     location ~ /\.ht {
         deny all;
     }

CMS/frontcontroller/Fpm-Pool.conf-unconfigured

@@ -0,0 +1,43 @@
+[SITEname]
+user = SITEname
+group = SITEname
+listen = /var/run/php/phpPHPver-fpm-SITEname.sock
+listen.owner = www-data
+listen.group = www-data
+php_admin_value[disable_functions] = exec,passthru,shell_exec,system
+php_admin_value[error_log] = /var/log/php-fpm/error-SITEname.log
+
+; OPCACHE SETTINGS
+php_admin_value[opcache.memory_consumption] = 256
+php_admin_value[opcache.enable] = 0
+php_admin_value[opcache.interned_strings_buffer] = 32
+php_admin_value[opcache.max_accelerated_files] = 50000
+php_admin_value[opcache.max_wasted_percentage] = 5
+php_admin_value[opcache.revalidate_freq] = 0
+php_admin_value[opcache.validate_timestamps] = 1
+
+; PERFORMANCE LIMITS
+php_admin_value[max_input_vars] = 100
+php_admin_value[upload_max_filesize] = 32M
+php_admin_value[post_max_size] = 32M
+php_admin_value[max_input_time] = 15
+php_admin_value[max_execution_time] = 150
+
+
+; SECURITY
+php_admin_value[cgi.fix_pathinfo] = 1
+php_admin_value[allow_url_fopen] = On
+php_admin_value[file_uploads] = On
+php_admin_value[open_basedir] = /var/www/DOMAINname
+;php_admin_value[open_basedir] = /var/www/DOMAINname:/tmp
+php_admin_value[session.use_strict_mode] = 1
+php_admin_value[session.cookie_httponly] = 1
+;HTTPSONLY php_admin_value[session.cookie_samesite] = Strict
+;HTTPSONLY php_admin_value[session.cookie_secure] = 1
+
+pm = dynamic
+pm.max_children = 11
+pm.start_servers = 3
+pm.min_spare_servers = 3
+pm.max_spare_servers = 11
+chdir = /

CMS/frontcontroller/Nginx-unconfigured

@@ -0,0 +1,30 @@
+#beginConf
+
+    #access_log /var/log/nginx/SITEname-access.log;
+    error_log /var/log/nginx/SITEname-error.log;
+
+    index index.php index.html;
+    root /var/www/DOMAINname/public;
+    gzip on;
+    gzip_proxied any;
+    gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript image/svg image/svg+xml application/xml image/x-icon;
+    gzip_comp_level 2;
+    gzip_disable "msie6";
+    gzip_buffers 16 8k;
+    
+    #include snippets/ngx-backendredir.conf;
+
+    location / {
+        try_files $uri $uri/ $uri.html /index.php$is_args$query_string;
+    }
+    
+    location ~ \.php$ {
+        include snippets/fastcgi-php.conf;
+        fastcgi_pass unix:/var/run/php/phpPHPver-fpm-SITEname.sock;
+    }
+
+    location ~ /\.ht {
+        deny all;
+    }
+    
+#endConf

CMS/frontcontroller/conf.sh

@@ -0,0 +1,40 @@
+#Creating DB
+db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1`
+db_name="fc_$db_suffix"
+db_user="fc_$db_suffix"
+db_pass=$(tr -dc 'A-Za-z0-9!#%()*+,-.:;<=>?@[]^_{|}~' </dev/urandom | head -c 30 ; echo)
+
+#Storing DB Credentials
+echo "Database Name $db_name" > ~/DB_"$sitename"
+echo "Database Username $db_user" >> ~/DB_"$sitename"
+echo "Database Password $db_pass" >> ~/DB_"$sitename"
+
+#Setting up Database
+mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;" > $OUTPUT 2>&1
+mysql -u root -p"$password" -e "CREATE USER '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';" > $OUTPUT 2>&1
+mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost';" > $OUTPUT 2>&1
+mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" > $OUTPUT 2>&1
+
+
+#Creating webfolder
+mkdir -p /var/www/"$domain"/public
+
+#Ceating content
+echo "<html><head></head><body>$webserv has been succsefully installed by the Wizard<br>Ready for FontControler installation</body></html>" > /var/www/$domain/public/index.html
+
+#Setup PHP Pool
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/frontcontroller/Fpm-Pool.conf-unconfigured -o "$phpPoolDir"/"$sitename".conf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/SITEname/'$sitename'/g' -e 's/DOMAINname/'$domain'/' "$phpPoolDir"/$sitename.conf
+groupadd "$sitename"
+useradd -g "$sitename" "$sitename"
+
+systemctl reload $phpFPMService
+
+#Setting Permsissions
+chown "$sitename":"$sitename" -R /var/www/"$domain"/
+
+if [ "$shortdist" = "el8" ]; then
+    #Setting SeLiux perms for centos
+    semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/$domain/(/.*)?" > $OUTPUT 2>&1
+    restorecon -r /var/www/ > $OUTPUT 2>&1
+fi

CMS/frontcontroller/nginx-conf.sh

@@ -0,0 +1,5 @@
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/frontcontroller/Nginx-unconfigured -o /tmp/nginx-siteconf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/nginx-siteconf
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"_"$site_ext"
+
+systemctl reload nginx

CMS/nextcloud/Apache-unconfigured

@@ -0,0 +1,31 @@
+#beginConf
+
+ErrorLog ${APACHE_LOG_DIR}/SITEname_error.log
+#CustomLog ${APACHE_LOG_DIR}/SITEname_custom.log combined
+
+DirectoryIndex index.php index.html index.htm
+DocumentRoot /var/www/DOMAINname/html
+
+Redirect 301 /.well-known/carddav /remote.php/dav
+Redirect 301 /.well-known/caldav /remote.php/dav
+
+<Directory /var/www/DOMAINname/html>
+  Require all granted
+  AllowOverride All
+  Options FollowSymLinks MultiViews
+  Satisfy Any
+  <IfModule mod_dav.c>
+    Dav off
+  </IfModule>
+
+</Directory>
+
+<Directory "/var/www/DOMAINname/html/data/">
+    Require all denied
+</Directory>
+
+<FilesMatch \.php$>
+    SetHandler "proxy:unix:/var/run/php/phpPHPver-fpm-SITEname.sock|fcgi://localhost"
+</FilesMatch>
+
+#endConf

CMS/nextcloud/Fpm-Pool.conf-unconfigured

@@ -0,0 +1,45 @@
+[SITEname]
+user = SITEname
+group = SITEname
+listen = /var/run/php/phpPHPver-fpm-SITEname.sock
+listen.owner = www-data
+listen.group = www-data
+php_admin_value[disable_functions] = exec,passthru,system
+php_admin_value[error_log] = /var/log/php-fpm/error-SITEname.log
+; OPCACHE SETTINGS
+php_admin_value[opcache.memory_consumption] = 256
+php_admin_value[opcache.enable] = 0
+php_admin_value[opcache.interned_strings_buffer] = 32
+php_admin_value[opcache.max_accelerated_files] = 50000
+php_admin_value[opcache.max_wasted_percentage] = 5
+php_admin_value[opcache.revalidate_freq] = 0
+php_admin_value[opcache.validate_timestamps] = 1
+
+; PERFORMANCE LIMITS
+php_admin_value[max_input_vars] = 1000
+php_admin_value[upload_max_filesize] = 1G
+php_admin_value[post_max_size] = 1G
+php_admin_value[max_input_time] = 60
+php_admin_value[memory_limit] = 512M
+
+; SECURITY
+php_admin_value[cgi.fix_pathinfo] = 0
+php_admin_value[allow_url_fopen] = Off
+php_admin_value[file_uploads] = on
+php_admin_value[open_basedir] = /var/www/DOMAINname/html:/var/run/php/phpPHPver-fpm-SITEname.sock:/var/lib/redis/redis.sock:/proc/meminfo:/proc/cpuinfo:/dev/urandom:/tmp
+php_admin_value[session.use_strict_mode] = 1
+php_admin_value[session.cookie_httponly] = 1
+;HTTPSONLY php_admin_value[session.cookie_samesite] = Strict
+;HTTPSONLY php_admin_value[session.cookie_secure] = 1
+
+pm = dynamic
+pm.max_children = 30
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 5
+chdir = /
+env[HOSTNAME] = $HOSTNAME
+env[PATH] = /usr/local/bin:/usr/bin:/bin
+env[TMP] = /tmp
+env[TMPDIR] = /tmp
+env[TEMP] = /tmp

CMS/nextcloud/MotdNextCloud

@@ -1,5 +1,5 @@
 #!/bin/sh
 red='\e[1;31m%s\e[0m\n'
 printf "\n"
-printf $red "Please run nextcloud-init.sh after the first nextcloud login"
+printf $red "Please run bash ~/NextcloudInit-SITEname.sh after the first nextcloud login"
 printf "\n"

CMS/nextcloud/Nginx-unconfigured

@@ -1,15 +1,18 @@
 #beginConf
+
+#access_log /var/log/nginx/SITEname-access.log;
+error_log /var/log/nginx/SITEname-error.log;
+
 root /var/www/DOMAINname/html;
 # Set max upload size
 client_max_body_size 1G;
 
 add_header Referrer-Policy "no-referrer" always;
-add_header X-Content-Type-Options "nosniff" always;
 add_header X-Download-Options "noopen" always;
-add_header X-Frame-Options "SAMEORIGIN" always;
 add_header X-Permitted-Cross-Domain-Policies "none" always;
 add_header X-Robots-Tag "none" always;
-add_header X-XSS-Protection "1; mode=block" always;
+fastcgi_send_timeout 300;
+fastcgi_read_timeout 300;
 fastcgi_hide_header X-Powered-By;
 fastcgi_buffers 64 4K;
 gzip on;
@@ -53,7 +56,7 @@ location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|u
     fastcgi_param HTTPS on;
     fastcgi_param modHeadersAvailable true;
     fastcgi_param front_controller_active true;
-    fastcgi_pass unix:/var/run/php/phpPHPver-fpm.sock;
+    fastcgi_pass unix:/var/run/php/phpPHPver-fpm-SITEname.sock;
     fastcgi_intercept_errors on;
     fastcgi_request_buffering off;
 }
@@ -67,12 +70,9 @@ location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
     try_files $uri /index.php$request_uri;
     add_header Cache-Control "public, max-age=15778463";
     add_header Referrer-Policy "no-referrer" always;
-    add_header X-Content-Type-Options "nosniff" always;
     add_header X-Download-Options "noopen" always;
-    add_header X-Frame-Options "SAMEORIGIN" always;
     add_header X-Permitted-Cross-Domain-Policies "none" always;
     add_header X-Robots-Tag "none" always;
-    add_header X-XSS-Protection "1; mode=block" always;
     access_log off;
 }
 

CMS/nextcloud/apache-conf.sh

@@ -0,0 +1,11 @@
+#Apache
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/nextcloud/Apache-unconfigured -o /tmp/apache-siteconf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/apache-siteconf
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' "$apacheConfDir"/sites-available/"$sitename"_"$site_ext".conf
+chown "$sitename":"$sitename" -R /var/www/"$domain"/html
+
+#PHP
+sed -i -e '/cgi.fix_pathinfo/c\php_admin_value[cgi.fix_pathinfo] = 1' "$phpPoolDir"/$sitename.conf
+sed -i -e '/security.limit_extensions/c\php_admin_value[security.limit_extensions] = .php' "$phpPoolDir"/$sitename.conf
+
+systemctl reload $apacheService $phpFPMService

CMS/nextcloud/apt.list

@@ -1 +0,0 @@
-libmagickcore-6.q16-3-extra libxml2 openssl zlib1g libpng-dev

CMS/nextcloud/apt.pkg.list

@@ -0,0 +1 @@
+libmagickcore-6.q16-3-extra zlib1g libpng-dev

CMS/nextcloud/conf.sh

@@ -0,0 +1,61 @@
+#PHP Pool
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/nextcloud/Fpm-Pool.conf-unconfigured -o "$phpPoolDir"/"$sitename".conf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/SITEname/'$sitename'/g' -e 's/DOMAINname/'$domain'/g' "$phpPoolDir"/$sitename.conf
+groupadd "$sitename"
+useradd -g "$sitename" "$sitename"
+mkdir -p /var/www/"$domain"/html/data
+
+#Getting Nextcloud
+curl --retry 7 --retry-delay 5 -s http://mirror.nxdi.nl/resources/nextcloud/latest.tar.bz2 -o /tmp/nextcloud.tar.bz2
+tar jxf /tmp/nextcloud.tar.bz2 -C /tmp
+cp -a /tmp/nextcloud/. /var/www/"$domain"/html
+touch /var/www/"$domain"/html/data/nextcloud.log > $OUTPUT 2>&1
+
+#Creating DB
+db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1`
+db_name="nextcloud_$db_suffix"
+db_user="nextcloud_$db_suffix"
+db_pass=$(tr -dc 'A-Za-z0-9!#%()*+,-.:;<=>?@[]^_{|}~' </dev/urandom | head -c 30 ; echo)
+mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;" > $OUTPUT 2>&1
+mysql -u root -p"$password" -e "CREATE USER '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';" > $OUTPUT 2>&1
+mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost';" > $OUTPUT 2>&1
+mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" > $OUTPUT 2>&1
+
+#Configuring Nextcloud
+cat <<EOF > /var/www/$domain/html/config/autoconfig.php
+<?php
+\$AUTOCONFIG = array(
+  "dbtype"        => "mysql",
+  "dbname"        => "${db_name}",
+  "dbuser"        => "${db_user}",
+  "dbpass"        => "${db_pass}",
+  "dbhost"        => "127.0.0.1",
+  "dbtableprefix" => "",
+  "simpleSignUpLink.shown" => false,
+  "directory"     => "/var/www/$domain/html/data",
+);
+EOF
+
+#Setting Permsissions
+chown "$sitename":"$sitename" -R /var/www/"$domain"/html
+
+if [ "$shortdist" = "el8" ]; then
+    #Setting SeLiux perms for centos
+    semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/$domain/html(/.*)?" > $OUTPUT 2>&1
+    restorecon -r /var/www/ > $OUTPUT 2>&1
+fi
+
+
+#Makeing nextcloud Finalize script and setting login Notice
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/nextcloud/nextcloud-init.sh -o ~/NextcloudInit-"$sitename".sh
+sed -i -e 's/DOMAINname/'$domain'/' -e 's/SITEname/'$sitename'/' ~/NextcloudInit-"$sitename".sh
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/nextcloud/MotdNextCloud -o /etc/update-motd.d/51-nextnotice-"${sitename//_}"
+sed -i -e 's/SITEname/'$sitename'/' /etc/update-motd.d/51-nextnotice-"${sitename//_}"
+chmod +x /etc/update-motd.d/51-nextnotice-"${sitename//_}"
+
+
+#fail2ban
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/nextcloud_unconfigured -o /etc/fail2ban/jail.d/"$sitename"-nextcloud.local
+sed -i 's/DOMain/'$domain'/' /etc/fail2ban/jail.d/"$sitename"-nextcloud.local
+
+systemctl reload "$phpFPMService"

CMS/nextcloud/dnf.pkg.list

@@ -0,0 +1 @@
+ImageMagick-libs zlib libpng

CMS/nextcloud/generic.pkg.list

@@ -0,0 +1 @@
+libxml2 openssl PHPprefix-bcmath PHPprefix-gmp bzip2

CMS/nextcloud/nextcloud-init.sh

@@ -1,4 +1,34 @@
-sudo -u www-data php /var/www/DOMAINname/html/occ db:convert-filecache-bigint
-sudo -u www-data php /var/www/DOMAINname/html/occ db:add-missing-indices
-echo "*/5  *  *  *  * www-data	php -f /var/www/DOMAINname/html/cron.php > /dev/null 2>&1" >> /etc/crontab
-rm -f /etc/update-motd.d/50-nextnotice
+sudo -u SITEname php /var/www/DOMAINname/html/occ db:convert-filecache-bigint
+sudo -u SITEname php /var/www/DOMAINname/html/occ db:add-missing-indices
+sudo -u SITEname php /var/www/DOMAINname/html/occ app:disable firstrunwizard
+
+sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set default_language --value=nl
+sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set default_locale --value=nl
+sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set skeletondirectory --value=
+sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set memcache.local --value='\OC\Memcache\APCu'
+
+if [ "$(systemctl is-active  redis-server)" = "active" ] || [ "$(systemctl is-active  redis)" = "active" ]; then
+    sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set memcache.distributed --value='\OC\Memcache\Redis'
+    sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set memcache.locking --value='\OC\Memcache\Redis'
+    sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set redis host --value=localhost
+    sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set redis port --value=6379
+else 
+    echo "Redis  running on this system" 
+fi
+
+echo "*/5  *  *  *  * SITEname	php -f /var/www/DOMAINname/html/cron.php > /dev/null 2>&1" >> /etc/crontab
+sn2=SITEname
+rm -f /etc/update-motd.d/51-nextnotice-${sn2//_}
+
+#Remove script
+while true; do
+    read -p "Remove this script -> yes/no?" yn
+    case $yn in
+        [Nn]* )
+        break;;
+        [Yy]* )
+        rm -- "$0"
+        break;;
+        * )echo "Choose yes or no.";;
+    esac
+done

CMS/nextcloud/nginx-conf.sh

@@ -1,60 +1,15 @@
 #Nextcloud major release version
-nxtVer=18
 
 #Configuring nginx
-wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/nextcloud/Nginx-unconfigured -O /tmp/nginx-siteconf
-sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/' /tmp/nginx-siteconf
-sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-enabled/"$domain"
-if [ $sslenable = 0 ]; then
-sed -i -e '/fastcgi_param HTTPS/c\#  fastcgi_param HTTPS' /etc/nginx/sites-enabled/"$domain"
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/nextcloud/Nginx-unconfigured -o /tmp/nginx-siteconf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/nginx-siteconf
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"_"$site_ext"
+if [ $site_ext = nossl ]; then
+  sed -i -e '/fastcgi_param HTTPS/c\#  fastcgi_param HTTPS' /etc/nginx/sites-available/"$sitename"_nossl
 fi
 
-mkdir -p /var/www/"$domain"/html
-
-#Configuring PHP
-if [ -z ${ignphpcms+x} ]; then ignphpcms=0;fi
-	if [ $ignphpcms != 1 ]; then
-		sed -i '/upload_max_filesize/c\upload_max_filesize = 1G' /etc/php/"$phpver"/fpm/php.ini
-		sed -i '/post_max_size/c\post_max_size = 1G' /etc/php/"$phpver"/fpm/php.ini
-		sed -i '/memory_limit/c\memory_limit = 512M' /etc/php/"$phpver"/fpm/php.ini
-fi
-
-#Getting Nextcloud
-wget -t7 https://download.nextcloud.com/server/releases/latest-"$nxtVer".tar.bz2 -O /tmp/nextcloud.tar.bz2
-tar jxf /tmp/nextcloud.tar.bz2 -C /tmp
-cp -a /tmp/nextcloud/. /var/www/"$domain"/html
-
-#Creating DB
-db_suffix=`expr $(ls -l /var/www | grep -c ^d)`
-db_name="nextcloud_$db_suffix"
-db_user="nextcloud_$db_suffix"
-db_pass=$(date +%s|sha256sum|base64|head -c 32)
-mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;" > $OUTPUT 2>&1
-mysql -u root -p"$password" -e "CREATE USER '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';" > $OUTPUT 2>&1
-mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost';" > $OUTPUT 2>&1
-mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" > $OUTPUT 2>&1
-
-#Configuring Nextcloud
-cat <<EOF > /var/www/$domain/html/config/autoconfig.php
-<?php
-\$AUTOCONFIG = array(
-  "dbtype"        => "mysql",
-  "dbname"        => "${db_name}",
-  "dbuser"        => "${db_user}",
-  "dbpass"        => "${db_pass}",
-  "dbhost"        => "localhost",
-  "dbtableprefix" => "",
-  "simpleSignUpLink.shown" => false,
-  "directory"     => "/var/www/$domain/html/data",
-);
-EOF
-
-chown www-data:www-data -R /var/www/"$domain"/html
-systemctl reload nginx php$phpver-fpm
+systemctl reload nginx 
+
+
 
 
-#Makeing nextcloud Finalize script and setting login Notice
-wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/nextcloud/nextcloud-init.sh -O ~/nextcloud-init.sh
-sed -i -e 's/DOMAINname/'$domain'/' ~/nextcloud-init.sh
-wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/nextcloud/MotdNextCloud -O /etc/update-motd.d/50-nextnotice
-chmod +x /etc/update-motd.d/50-nextnotice

CMS/none/Apache-unconfigured

@@ -0,0 +1,22 @@
+#beginConf
+
+ErrorLog ${APACHE_LOG_DIR}/SITEname_error.log
+#CustomLog ${APACHE_LOG_DIR}/SITEname_custom.log combined
+
+DirectoryIndex index.php index.html index.htm
+DocumentRoot /var/www/DOMAINname/html
+
+#Include snippets/apa-backendredir.conf
+
+<Directory /var/www/DOMAINname/html>
+    Options Indexes FollowSymLinks MultiViews
+    AllowOverride All
+    Order allow,deny
+    allow from all
+</Directory>
+
+<FilesMatch \.php$>
+    SetHandler "proxy:unix:/var/run/php/phpPHPver-fpm-SITEname.sock|fcgi://localhost"
+</FilesMatch>
+
+#endConf

CMS/none/Fpm-Pool.conf-unconfigured

@@ -0,0 +1,39 @@
+[SITEname]
+user = SITEname
+group = SITEname
+listen = /var/run/php/phpPHPver-fpm-SITEname.sock
+listen.owner = www-data
+listen.group = www-data
+php_admin_value[disable_functions] = exec,passthru,shell_exec,system
+php_admin_value[error_log] = /var/log/php-fpm/error-SITEname.log
+; OPCACHE SETTINGS
+php_admin_value[opcache.memory_consumption] = 256
+php_admin_value[opcache.enable] = 0
+php_admin_value[opcache.interned_strings_buffer] = 32
+php_admin_value[opcache.max_accelerated_files] = 50000
+php_admin_value[opcache.max_wasted_percentage] = 5
+php_admin_value[opcache.revalidate_freq] = 0
+php_admin_value[opcache.validate_timestamps] = 1
+
+; PERFORMANCE LIMITS
+php_admin_value[max_input_vars] = 100
+php_admin_value[upload_max_filesize] = 64
+php_admin_value[post_max_size] = 1
+php_admin_value[max_input_time] = 15
+
+; SECURITY
+php_admin_value[cgi.fix_pathinfo] = 0
+php_admin_value[allow_url_fopen] = Off
+php_admin_value[file_uploads] = Off
+php_admin_value[open_basedir] = /var/www/DOMAINname/html:/tmp
+php_admin_value[session.use_strict_mode] = 1
+php_admin_value[session.cookie_httponly] = 1
+;HTTPSONLY php_admin_value[session.cookie_samesite] = Strict
+;HTTPSONLY php_admin_value[session.cookie_secure] = 1
+
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+chdir = /

CMS/none/Nginx-unconfigured

@@ -1,4 +1,8 @@
 #beginConf
+
+    #access_log /var/log/nginx/SITEname-access.log;
+    error_log /var/log/nginx/SITEname-error.log;
+
     index index.php index.html index.htm index.nginx-debian.html;
     root /var/www/DOMAINname/html;
     gzip on;
@@ -7,6 +11,8 @@
     gzip_comp_level 2;
     gzip_disable "msie6";
     gzip_buffers 16 8k;
+    
+    #include snippets/ngx-backendredir.conf;
 
     location / {
         #try_files $uri $uri/ =404;
@@ -16,7 +22,7 @@
     
     location ~ \.php$ {
         include snippets/fastcgi-php.conf;
-        fastcgi_pass unix:/var/run/php/phpPHPver-fpm.sock;
+        fastcgi_pass unix:/var/run/php/phpPHPver-fpm-SITEname.sock;
     }
 
     location ~ /\.ht {

CMS/none/Nginx_nonphp-unconfigured

@@ -0,0 +1,27 @@
+#beginConf
+
+    #access_log /var/log/nginx/SITEname-access.log;
+    error_log /var/log/nginx/SITEname-error.log;
+
+    index index.php index.html index.htm index.nginx-debian.html;
+    root /var/www/DOMAINname/html;
+    gzip on;
+    gzip_proxied any;
+    gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript image/svg image/svg+xml application/xml image/x-icon;
+    gzip_comp_level 2;
+    gzip_disable "msie6";
+    gzip_buffers 16 8k;
+
+    location / {
+        #try_files $uri $uri/ =404;
+        try_files $uri $uri/ /index.php$is_args$args;
+        #try_files $uri $uri/ $uri.html $uri.php$is_args$query_string;
+        #'forPHP-FrondControler' try_files $uri $uri/ $uri.html /index.php$is_args$query_string;
+
+    }
+
+    location ~ /\.ht {
+        deny all;
+    }
+    
+#endConf

CMS/none/apache-conf.sh

@@ -0,0 +1,5 @@
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/none/Apache-unconfigured -o /tmp/apache-siteconf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/apache-siteconf
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' "$apacheConfDir"/sites-available/"$sitename"_"$site_ext".conf
+
+systemctl reload $apacheService 

CMS/none/conf.sh

@@ -0,0 +1,26 @@
+#Creating webfolder
+mkdir -p /var/www/"$domain"/html
+
+#Ceating content
+echo "<html><head></head><body>$webserv has been succsefully installed by the Wizard</body></html>" > /var/www/$domain/html/index.html
+
+#Do not generate php pool when php is not installed
+if [ $webserv != nginx_nonphp ]; then
+
+#Setup PHP Pool
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/none/Fpm-Pool.conf-unconfigured -o "$phpPoolDir"/"$sitename".conf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/SITEname/'$sitename'/g' -e 's/DOMAINname/'$domain'/' "$phpPoolDir"/$sitename.conf
+groupadd "$sitename"
+useradd -g "$sitename" "$sitename"
+
+systemctl reload $phpFPMService
+
+#Setting Permsissions
+chown "$sitename":"$sitename" -R /var/www/"$domain"/html
+fi
+
+if [ "$shortdist" = "el8" ]; then
+    #Setting SeLiux perms for centos
+    semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/$domain/html(/.*)?" > $OUTPUT 2>&1
+    restorecon -r /var/www/ > $OUTPUT 2>&1
+fi

CMS/none/nginx-conf.sh

@@ -1,7 +1,5 @@
-wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/none/Nginx-unconfigured -O /tmp/nginx-siteconf
-sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/' /tmp/nginx-siteconf
-sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-enabled/"$domain"
-mkdir -p /var/www/"$domain"/html
-chown www-data:www-data -R /var/www/"$domain"/html
-echo "<html><head></head><body>$webserv has been succsefully installed by the Wizard</body></html>" > /var/www/$domain/html/index.html
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/none/Nginx-unconfigured -o /tmp/nginx-siteconf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/nginx-siteconf
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"_"$site_ext"
+
 systemctl reload nginx

CMS/none/nginx_nonphp-conf.sh

@@ -0,0 +1,5 @@
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/none/Nginx_nonphp-unconfigured -o /tmp/nginx-siteconf
+sed -i -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/nginx-siteconf
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"_"$site_ext"
+
+systemctl reload nginx

CMS/wordpress/Apache-unconfigured

@@ -0,0 +1,37 @@
+#beginConf
+
+ErrorLog ${APACHE_LOG_DIR}/SITEname_error.log
+#CustomLog ${APACHE_LOG_DIR}/SITEname_custom.log combined
+
+DirectoryIndex index.php index.html index.htm
+DocumentRoot /var/www/DOMAINname/html
+
+#Include snippets/apa-backendredir.conf
+
+<Directory /var/www/DOMAINname/html>
+    Options FollowSymLinks
+    AllowOverride Limit Options FileInfo
+    DirectoryIndex index.php
+    Order allow,deny
+    Allow from all
+    <IfModule mod_rewrite.c>
+	RewriteEngine On
+	RewriteBase /
+	RewriteCond %{REQUEST_FILENAME} !-f
+	RewriteCond %{REQUEST_FILENAME} !-d
+	RewriteRule . /index.php [L]
+     </IfModule>
+</Directory>
+
+<Directory /var/www/DOMAINname/wp-content>
+    Options FollowSymLinks
+    Order allow,deny
+    Allow from all
+</Directory>
+
+
+<FilesMatch \.php$>
+    SetHandler "proxy:unix:/var/run/php/phpPHPver-fpm-SITEname.sock|fcgi://localhost"
+</FilesMatch>
+
+#endConf

CMS/wordpress/Fpm-Pool.conf-unconfigured

@@ -0,0 +1,39 @@
+[SITEname]
+user = SITEname
+group = SITEname
+listen = /var/run/php/phpPHPver-fpm-SITEname.sock
+listen.owner = www-data
+listen.group = www-data
+php_admin_value[error_log] = /var/log/php-fpm/error-SITEname.log
+php_admin_value[disable_functions] = exec,passthru,shell_exec,system
+; OPCACHE SETTINGS
+php_admin_value[opcache.memory_consumption] = 256
+php_admin_value[opcache.enable] = 0
+php_admin_value[opcache.interned_strings_buffer] = 32
+php_admin_value[opcache.max_accelerated_files] = 50000
+php_admin_value[opcache.max_wasted_percentage] = 5
+php_admin_value[opcache.revalidate_freq] = 0
+php_admin_value[opcache.validate_timestamps] = 1
+
+; PERFORMANCE LIMITS
+php_admin_value[max_input_vars] = 5000
+php_admin_value[upload_max_filesize] = 128M
+php_admin_value[post_max_size] = 32M
+php_admin_value[max_input_time] = 30
+
+; SECURITY
+php_admin_value[cgi.fix_pathinfo] = 0
+php_admin_value[allow_url_fopen] = Off
+php_admin_value[file_uploads] = on
+php_admin_value[open_basedir] = /var/www/DOMAINname/html:/tmp
+php_admin_value[session.use_strict_mode] = 1
+php_admin_value[session.cookie_httponly] = 1
+;HTTPSONLY php_admin_value[session.cookie_samesite] = Strict
+;HTTPSONLY php_admin_value[session.cookie_secure] = 1
+
+pm = dynamic
+pm.max_children = 20
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+chdir = /

CMS/wordpress/MotdWordpress

@@ -0,0 +1,5 @@
+#!/bin/sh
+red='\e[1;31m%s\e[0m\n'
+printf "\n"
+printf $red "Please run bash ~/WordpressInit-SITEname.sh after the first wordpress login"
+printf "\n"

CMS/wordpress/Nginx-unconfigured

@@ -1,4 +1,8 @@
 #beginConf
+
+#access_log /var/log/nginx/SITEname-access.log;
+error_log /var/log/nginx/SITEname-error.log;
+
 root /var/www/DOMAINname/html;
 index index.php index.htm index.html;
 
@@ -8,7 +12,8 @@ gzip_types text/plain text/css text/xml text/javascript application/javascript a
 gzip_comp_level 2;
 gzip_disable "msie6";
 gzip_buffers 16 8k;
-	
+
+#include snippets/ngx-backendredir.conf;	
 
 location / {
     try_files $uri $uri/ /index.php$is_args$args;
@@ -24,7 +29,7 @@ location ~* \.(css|gif|ico|jpeg|jpg|js|png|svg|webp|eot|otf|woff|woff2|ttf|ogg)$
 
 location ~ \.php$ {
     include snippets/fastcgi-php.conf;
-    fastcgi_pass unix:/var/run/php/phpPHPver-fpm.sock;
+    fastcgi_pass unix:/var/run/php/phpPHPver-fpm-SITEname.sock;
 }
 
 location ~ /\.ht {

CMS/wordpress/WordPress-unconfigured

@@ -2,7 +2,7 @@
 define('DB_NAME', 'DBName');
 define('DB_USER', 'DBUser');
 define('DB_PASSWORD', 'DBPass');
-define('DB_HOST', 'localhost');
+define('DB_HOST', '127.0.0.1');
 define('DB_CHARSET', 'utf8');
 define('DB_COLLATE', '');
 #define( 'WP_SITEURL', '' );
@@ -25,8 +25,6 @@ define('FS_METHOD','direct');
 #$table_prefix = 'DBName';
 $table_prefix = 'wp';
 
-WPsalty
-
 define('WP_DEBUG', false);
 if ( !defined('ABSPATH') )
 	define('ABSPATH', dirname(__FILE__) . '/');
@@ -39,4 +37,4 @@ if ( !defined('ABSPATH') )
 #define('WP_REDIS_HOST', '127.0.0.1');
 #define('WP_REDIS_PASSWORD', '<RedisPassword>');
 #define('WP_REDIS_PORT', '6379');
-require_once(ABSPATH . 'wp-settings.php');
+

CMS/wordpress/apache-conf.sh

@@ -0,0 +1,6 @@
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/wordpress/Apache-unconfigured -o /tmp/apache-siteconf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/apache-siteconf
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' "$apacheConfDir"/sites-available/"$sitename"_"$site_ext".conf
+
+chown "$sitename":"$sitename" -R /var/www/"$domain"/html
+systemctl reload $apacheService $phpFPMService

CMS/wordpress/conf.sh

@@ -1,9 +1,16 @@
+#WP-CLI
+if [ ! -f /usr/local/bin/wp ]; then
+   curl --retry 7 --retry-delay 5 -s https://raw.githubusercontent.com/wp-cli/wp-cli/v2.4.0/utils/wp-completion.bash -o /etc/bash_completion.d/wp
+   curl --retry 7 --retry-delay 5 -s https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -o /usr/local/bin/wp
+   chmod +x /usr/local/bin/wp
+fi
+
 #Creating DB
 db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1`
 db_name="wp_$db_suffix"
 db_user="wp_$db_suffix"
-db_pass=$(date +%s|sha256sum|base64|head -c 32)
-WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -)
+db_pass=$(tr -dc 'A-Za-z0-9!#%()*+,-.:;<=>?@[]^_{|}~' </dev/urandom | head -c 30 ; echo)
+WPSalts=$(curl --retry 7 --retry-delay 5 -s https://api.wordpress.org/secret-key/1.1/salt/)
 
 #Setting up Database
 mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;" > $OUTPUT 2>&1
@@ -15,14 +22,44 @@ mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" > $OUTPUT 2>&1
 mkdir -p /var/www/"$domain"/html
 
 #Getting WordPress
-wget -q -t7 https://wordpress.org/latest.tar.gz -O /tmp/wp.tar.gz
+curl --retry 7 --retry-delay 5 -s http://mirror.nxdi.nl/resources/wordpress/latest.tar.gz -o /tmp/wp.tar.gz
 tar -C /var/www/"$domain"/html -xzf /tmp/wp.tar.gz --strip 1
 rm /var/www/"$domain"/html/wp-config-sample.php 
 
 #Configuring WordPress
-wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/wordpress/WordPress-unconfigured -O /var/www/"$domain"/html/wp-config.php
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/wordpress/WordPress-unconfigured -o /var/www/"$domain"/html/wp-config.php
 sed -i -e 's/DBPass/'$db_pass'/' -e 's/DBUser/'$db_user'/'  -e 's/DBName/'$db_name'/' -e 's/DOMAINname/'$domain'/' /var/www/"$domain"/html/wp-config.php
-printf '%s\n' "g/WPsalty/d" a "$WPSalts" . w | ed -s /var/www/"$domain"/html/wp-config.php
+printf '%s\n' "$WPSalts" >> /var/www/"$domain"/html/wp-config.php
+printf '%s\n' "require_once(ABSPATH . 'wp-settings.php');" >> /var/www/"$domain"/html/wp-config.php
+
+#PHP Pool
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/wordpress/Fpm-Pool.conf-unconfigured -o "$phpPoolDir"/"$sitename".conf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/SITEname/'$sitename'/g' -e 's/DOMAINname/'$domain'/g' "$phpPoolDir"/$sitename.conf
+groupadd "$sitename"
+useradd -g "$sitename" "$sitename"
+
+systemctl reload $phpFPMService
+
+#fail2ban
+if [ ! -f /etc/fail2ban/jail.d/wordpress-syslog.local ]; then
+    curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/wordpress-syslog.jail -o /etc/fail2ban/jail.d/wordpress-syslog.local
+    if [ "$shortdist" = "el8" ]; then
+        sed -i '/logpath/c\logpath = /var/log/messages' /etc/fail2ban/jail.d/wordpress-syslog.local
+    fi
+fi
 
 #Setting Permsissions
-chown www-data:www-data -R /var/www/"$domain"/html
+chown "$sitename":"$sitename" -R /var/www/"$domain"/html
+
+if [ "$shortdist" = "el8" ]; then
+    #Setting SeLiux perms for centos
+    semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/$domain/html(/.*)?" > $OUTPUT 2>&1
+    restorecon -r /var/www/ > $OUTPUT 2>&1
+fi
+
+#Makeing wordpress Finalize script and setting login Notice
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/wordpress/wordpress-init.sh -o ~/WordpressInit-"$sitename".sh
+sed -i -e 's/DOMAINname/'$domain'/' -e 's/SITEname/'$sitename'/' ~/WordpressInit-"$sitename".sh
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/wordpress/MotdWordpress -o /etc/update-motd.d/51-wpnotice-"${sitename//_}"
+sed -i -e 's/SITEname/'$sitename'/' /etc/update-motd.d/51-wpnotice-"${sitename//_}"
+chmod +x /etc/update-motd.d/51-wpnotice-"${sitename//_}"

CMS/wordpress/nginx-conf.sh

@@ -1,15 +1,7 @@
-#Configuring PHP
-if [ -z ${ignphpcms+x} ]; then ignphpcms=0;fi
-	if [ $ignphpcms != 1 ]; then
-		sed -i '/upload_max_filesize/c\upload_max_filesize = 1G' /etc/php/"$phpver"/fpm/php.ini
-		sed -i '/post_max_size/c\post_max_size = 512M' /etc/php/"$phpver"/fpm/php.ini
-		sed -i '/memory_limit/c\memory_limit = 512M' /etc/php/"$phpver"/fpm/php.ini
-fi
-
 #Configuring nginx
-wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/wordpress/Nginx-unconfigured -O /tmp/nginx-siteconf
-sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/' /tmp/nginx-siteconf
-sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-enabled/"$domain"
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/wordpress/Nginx-unconfigured -o /tmp/nginx-siteconf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/nginx-siteconf
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"_"$site_ext"
 
 #Reloading Services
-systemctl reload nginx php$phpver-fpm
+systemctl reload nginx $phpFPMService

CMS/wordpress/wordpress-init.sh

@@ -0,0 +1,23 @@
+sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html core update
+sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html theme update --all
+sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html plugin install wp-fail2ban --activate
+sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html plugin install all-in-one-wp-migration --activate
+sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html plugin install https://git.ictmaatwerk.com/downloads/wp/migrate.zip --activate
+sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html cron event run wp_update_plugins
+sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html plugin update --all
+echo -e "\e[96m Please update all-in-one-wp-migration-unlimited plugin manually\e[39m"
+sn2=SITEname
+rm -f /etc/update-motd.d/51-wpnotice-${sn2//_}
+
+#Remove script
+while true; do
+    read -p "Remove this script -> yes/no?" yn
+    case $yn in
+        [Nn]* )
+        break;;
+        [Yy]* )
+        rm -- "$0"
+        break;;
+        * )echo "Choose yes or no.";;
+    esac
+done

CoreModules/apache/appendCMS-conf.sh

@@ -0,0 +1,22 @@
+##############
+#   Apache   #
+##############
+
+if [ $domainwww = 1 ]; then
+	#non-ssl
+	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-wwwredir >> "$apacheConfDir"/sites-available/"$sitename"_nossl.conf
+	echo "" >> "$apacheConfDir"/sites-available/"$sitename"_nossl.conf
+	#ssl 
+	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-wwwredir >> "$apacheConfDir"/sites-available/"$sitename"_ssl.conf
+	echo "" >> "$apacheConfDir"/sites-available/"$sitename"_ssl.conf
+fi
+
+#non-ssl
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-unconfigured >> "$apacheConfDir"/sites-available/"$sitename"_nossl.conf
+sed -i -e 's/DOMAINname/'$domain'/g' "$apacheConfDir"/sites-available/"$sitename"_nossl.conf 
+ln -s "$apacheConfDir"/sites-available/"$sitename"_nossl.conf "$apacheConfDir"/sites-enabled/010-"$sitename".conf
+#ssl
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-unconfigured >> "$apacheConfDir"/sites-available/"$sitename"_ssl.conf
+sed -i -e 's/DOMAINname/'$domain'/g' "$apacheConfDir"/sites-available/"$sitename"_ssl.conf
+
+systemctl reload $apacheService

CoreModules/apache/apt.list

@@ -1 +0,0 @@
-apache2 php-pear libapache2-mod-php phpPHPver-mysql phpPHPver-cgi phpPHPver-common phpPHPver-mbstring phpPHPver-curl phpPHPver-gd phpPHPver-intl phpPHPver-soap phpPHPver-xml phpPHPver-xmlrpc phpPHPver-zip python-certbot-apache

CoreModules/apache/apt.pkg.list

@@ -0,0 +1 @@
+apache2 libapache2-mod-fcgid

CoreModules/apache/conf.sh

@@ -0,0 +1,74 @@
+systemctl stop $apacheService > $OUTPUT 2>&1
+
+##############
+#   Apache   #
+##############
+
+if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then
+	a2dissite 000-default > $OUTPUT 2>&1
+	a2dismod mpm_prefork > $OUTPUT 2>&1
+	a2enmod actions fcgid alias proxy_fcgi proxy_http ssl headers http2 setenvif socache_shmcb rewrite > $OUTPUT 2>&1
+	mkdir -p "$apacheConfDir"/snippets/
+	monitconf=/etc/monit/monitrc
+elif [ "$shortdist" = "el8" ]; then
+	echo 'IncludeOptional conf-enabled/*.conf' >>/etc/httpd/conf/httpd.conf
+	echo 'IncludeOptional sites-enabled/*.conf' >>/etc/httpd/conf/httpd.conf
+	sed -i -e '/User apache/c\User www-data' -e '/Group apache/c\Group www-data' /etc/httpd/conf/httpd.conf
+	sed -i 's/^/#/g' /etc/httpd/conf.d/welcome.conf
+	#Creating directories
+    mkdir -p /etc/httpd/{sites-available,sites-enabled,conf-enabled,conf-available,snippets}
+	#getting aditional apache config for centos
+	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/conf-httpd-custom.conf -o "$apacheConfDir"/conf-enabled/zzz-Httpd-custom.conf
+	monitconf=/etc/monitrc
+fi
+
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/snippets-ssl.conf -o "$apacheConfDir"/snippets/apa-ssl.conf
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/snippets-backendredir.conf -o "$apacheConfDir"/snippets/apa-backendredir.conf
+sed -i -e 's/HOSTname/'$hostname'/' "$apacheConfDir"/snippets/apa-backendredir.conf
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/conf-custom.conf -o "$apacheConfDir"/conf-enabled/zzz-custom.conf
+
+#Catch all (ip and unconfigured domains)
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_CatchAll -o "$apacheConfDir"/sites-available/CatchAll.conf
+ln -s "$apacheConfDir"/sites-available/CatchAll.conf "$apacheConfDir"/sites-enabled/999-CatchAll.conf
+
+
+if [ $domainwww = 1 ]; then
+	#non-ssl
+	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-wwwredir >> "$apacheConfDir"/sites-available/"$sitename"_nossl.conf
+	echo "" >> "$apacheConfDir"/sites-available/"$sitename"_nossl.conf
+	#ssl 
+	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-wwwredir >> "$apacheConfDir"/sites-available/"$sitename"_ssl.conf
+	echo "" >> "$apacheConfDir"/sites-available/"$sitename"_ssl.conf
+fi
+#non-ssl
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-unconfigured >> "$apacheConfDir"/sites-available/"$sitename"_nossl.conf
+sed -i -e 's/DOMAINname/'$domain'/g' "$apacheConfDir"/sites-available/"$sitename"_nossl.conf 
+ln -s "$apacheConfDir"/sites-available/"$sitename"_nossl.conf "$apacheConfDir"/sites-enabled/010-"$sitename".conf
+#ssl
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-unconfigured >> "$apacheConfDir"/sites-available/"$sitename"_ssl.conf
+sed -i -e 's/DOMAINname/'$domain'/g' "$apacheConfDir"/sites-available/"$sitename"_ssl.conf
+
+#non-ssl-Backend
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-unconfigured >> "$apacheConfDir"/sites-available/Backend_nossl.conf
+sed -i -e 's/DOMAINname/'$hostname'/g' "$apacheConfDir"/sites-available/Backend_nossl.conf 
+ln -s "$apacheConfDir"/sites-available/Backend_nossl.conf "$apacheConfDir"/sites-enabled/010-Backend.conf
+#ssl-Backend
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-unconfigured >> "$apacheConfDir"/sites-available/Backend_ssl.conf
+sed -i -e 's/DOMAINname/'$hostname'/g' "$apacheConfDir"/sites-available/Backend_ssl.conf
+
+#BackendToggle
+mkdir -p /opt/toggle
+##Phpmyadmin
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/toggles/toggle-PhpMyAdmin_APACHE.sh -o /opt/toggle/toggle-PhpMyAdmin.sh
+sed -i -e 's/APASRV/'$apacheService'/' -e 's#APADIR#'$apacheConfDir'#'  /opt/toggle/toggle-PhpMyAdmin.sh
+##monit
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/toggles/toggle-Monit_APACHE.sh -o /opt/toggle/toggle-MonitWebui.sh
+sed -i -e 's#MONITCONF#'$monitconf'#' -e 's/APASRV/'$apacheService'/' -e 's#APADIR#'$apacheConfDir'#' /opt/toggle/toggle-MonitWebui.sh
+unset monitconf
+
+
+# custom Welcome page
+echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /var/www/html/index.html
+
+systemctl start $apacheService > $OUTPUT 2>&1
+systemctl enable $apacheService > $OUTPUT 2>&1

CoreModules/apache/config/apache2/conf-custom.conf

@@ -0,0 +1,3 @@
+SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
+ServerTokens Prod
+ServerSignature Off

CoreModules/apache/config/apache2/conf-httpd-custom.conf

@@ -0,0 +1 @@
+Define APACHE_LOG_DIR /var/log/httpd

CoreModules/apache/config/apache2/site-unconfigured

@@ -0,0 +1,6 @@
+<VirtualHost *:80>
+    ServerName DOMAINname 
+
+#ConfHere
+
+</VirtualHost>

CoreModules/apache/config/apache2/site-wwwredir

@@ -0,0 +1,4 @@
+<VirtualHost *:80>
+    ServerName www.DOMAINname
+    Redirect permanent / http://DOMAINname/
+</VirtualHost>

CoreModules/apache/config/apache2/site_CatchAll

@@ -0,0 +1,8 @@
+<VirtualHost *:80>
+    DocumentRoot /var/www/html
+    ServerName localhost
+    ServerAlias "*"
+    ErrorLog /dev/null
+    CustomLog /dev/null common
+</VirtualHost>
+

CoreModules/apache/config/apache2/site_ssl-unconfigured

@@ -0,0 +1,15 @@
+<VirtualHost *:80>
+    ServerName DOMAINname 
+    Redirect permanent / https://DOMAINname/
+</VirtualHost>
+
+<VirtualHost *:443>
+    ServerName DOMAINname
+    SSLEngine on
+    SSLCertificateFile       /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer
+    SSLCertificateKeyFile   /etc/acmesh/certs/DOMAINname_ecc/DOMAINname.key
+    Include snippets/apa-ssl.conf
+
+#ConfHere
+
+</VirtualHost>

CoreModules/apache/config/apache2/site_ssl-wwwredir

@@ -0,0 +1,13 @@
+<VirtualHost *:80>
+    ServerName www.DOMAINname
+    Redirect permanent / https://DOMAINname/
+</VirtualHost>
+
+<VirtualHost *:443>
+    ServerName www.DOMAINname
+    SSLEngine on
+    SSLCertificateFile       /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer
+    SSLCertificateKeyFile   /etc/acmesh/certs/DOMAINname_ecc/DOMAINname.key
+    Include snippets/apa-ssl.conf
+    Redirect permanent / https://DOMAINname/
+</VirtualHost>

CoreModules/apache/config/apache2/snippets-backendredir.conf

@@ -0,0 +1 @@
+Redirect 301 /database http://HOSTname/backend/database

CoreModules/apache/config/apache2/snippets-ssl.conf

@@ -0,0 +1,8 @@
+Protocols h2 http/1.1
+Header always set Strict-Transport-Security "max-age=63072000"
+SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
+SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+SSLHonorCipherOrder     on
+SSLOpenSSLConfCmd       Curves secp384r1
+SSLSessionTickets       off
+SSLUseStapling On

CoreModules/apache/dnf.pkg.list

@@ -0,0 +1 @@
+httpd mod_fcgid mod_ssl

CoreModules/apache/phpupdate-handeler.sh

@@ -0,0 +1,27 @@
+if [ ! -f "/etc/ICTM/apachevar.list" ] ; then bash <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/GenerateApacheList.sh) ; fi
+source /etc/ICTM/apachevar.list
+
+for f in $apacheConfDir/sites-available/*; do
+    if [ $IMODE = n ] && [ $PhpPurge = 0 ]; then
+        if (whiptail --title "Update apache config ?" --yesno "Update php version in apache site: ${f##*/}  ?" 8 78); then
+            sed -i  "s/$phpver/$newphpver/" $f
+        fi
+    fi
+    if [ $IMODE = l ] && [ $PhpPurge = 0 ]; then
+            while true; do
+                read -p "Update php version in apache site: ${f##*/} ? -> yes/no?" yn
+                case $yn in
+                [Yy]* ) sed -i  "s/$phpver/$newphpver/" $f
+                break;;
+                [Nn]* ) echo ""
+                break;;
+                * ) echo "Choose yes of no.";;
+            esac
+        done    
+    fi
+    if [ $PhpPurge = 1 ]; then
+        sed -i  "s/$phpver/$newphpver/" $f
+    fi
+done
+ 
+systemctl reload $apacheService

CoreModules/apache/preconf.sh

@@ -0,0 +1,17 @@
+if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then
+# Debian/Ubunbtu apache variables
+    apacheConfDir=/etc/apache2
+    apacheService=apache2
+
+elif [ "$shortdist" = "el8" ]; then
+# Centos Php variable
+    apacheConfDir=/etc/httpd
+    apacheService=httpd
+fi
+
+#Storing vars to config
+for storeme in apacheService apacheConfDir; do
+    declare -p $storeme | cut -d ' ' -f 3- >> /etc/ICTM/apachevar.list
+done
+
+curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=apache osrel=$shortdist bash > $OUTPUT 2>&1 > $OUTPUT 2>&1

CoreModules/apache/reqmodules.sh

@@ -0,0 +1 @@
+aonoption="$aonoption php-fpm"

CoreModules/apache/ssl-handler.sh

@@ -0,0 +1,9 @@
+rm "$apacheConfDir"/sites-enabled/010-"$sitename".conf
+ln -s "$apacheConfDir"/sites-available/"$sitename"_"$site_ext".conf "$apacheConfDir"/sites-enabled/010-"$sitename".conf
+
+if [ -n "$sslfr" ]; then
+rm "$apacheConfDir"/sites-enabled/010-Backend.conf
+ln -s "$apacheConfDir"/sites-available/Backend_"$siteBackend_ext".conf "$apacheConfDir"/sites-enabled/010-Backend.conf
+fi
+
+systemctl reload $apacheService

CoreModules/generic/apt.list

@@ -1 +0,0 @@
-mailutils htop ufw

CoreModules/generic/apt.pkg.list

@@ -0,0 +1 @@
+cron

CoreModules/generic/conf.sh

@@ -1,43 +1,63 @@
-##-------------##
-#    Postfix    #
-##-------------##
-
-sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf
-sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf
-sed -i 's/relayhost =/mydestination = '$hostname', localhost.'$hostname', '$hostname'/g' /etc/postfix/main.cf
-cat <<EOF > /etc/aliases
-# See man 5 aliases for format
-postmaster:    root
-root:          $email
-EOF
-newaliases
-
-
-##------------##
-#   Fail2Ban   #
-##------------##
-
-##Disabled
-#sed -i 's/root@localhost/'$email'/g' /etc/fail2ban/jail.conf
-#wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/sshd.local -O /etc/fail2ban/jail.d/sshd.local
-#if [[ $CMS == "Nextcloud" ]]; then
-#wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/nextcloud.conf -O /etc/fail2ban/filter.d/nextcloud.conf
-#wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/nextcloud.local -O /etc/fail2ban/jail.d/nextcloud.local
-#fi
-#if [[ $CMS == "Wordpress" ]]; then
-#wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/wordpress.conf -O /etc/fail2ban/filter.d/wordpress.conf
-#wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/wordpress.local -O /etc/fail2ban/jail.d/wordpress.local
-#fi
-
+##----------##
+#   Centos   #
+##----------##
+if [ "$shortdist" = "el8" ]; then
+    #SeLinux
+    semanage port -a -t ssh_port_t -p tcp 4242
+    systemctl enable ufw > $OUTPUT 2>&1
+    #Motd
+    mkdir /etc/update-motd.d
+    echo 'if stat --printf="" /etc/update-motd.d/51* 2>/dev/null; then for f in /etc/update-motd.d/51*; do bash $f; done; fi' >> /etc/profile
+fi
 
 ##-------##
 #   UFW   #
 ##-------##
 
+if [ "$shortdist" = "el8" ]; then
+    sed -i -e '/tuple/d' -e '/dapp/d' /usr/share/ufw/iptables/user.rules
+    sed -i -e '/tuple/d' -e '/dapp/d' /usr/share/ufw/iptables/user6.rules
+    echo "y" | ufw reset > $OUTPUT 2>&1
+    systemctl enable ufw > $OUTPUT 2>&1
+fi
+
 sed -i '/IPV6=/c\IPV6=yes' /etc/default/ufw
 ufw default deny incoming > $OUTPUT 2>&1
 ufw default allow outgoing > $OUTPUT 2>&1
 ufw allow 80/tcp > $OUTPUT 2>&1
 ufw allow 443/tcp > $OUTPUT 2>&1
 ufw limit 4242/tcp > $OUTPUT 2>&1
-echo "y" | ufw enable > $OUTPUT 2>&1
+echo "y" | ufw enable > $OUTPUT 2>&1
+
+##------------##
+#   Fail2Ban   #
+##------------##
+
+#General config
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/jail.local -o /etc/fail2ban/jail.local
+
+#Custom Fiters
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Filters/nextcloud.filter -o /etc/fail2ban/filter.d/nextcloud.local
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Filters/phpmyadmin-authlog.filter -o /etc/fail2ban/filter.d/phpmyadmin-authlog.local
+curl --retry 7 --retry-delay 5 -s https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-hard.conf -o /etc/fail2ban/filter.d/wordpress-hard.local
+curl --retry 7 --retry-delay 5 -s https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-soft.conf -o /etc/fail2ban/filter.d/wordpress-soft.local
+
+if [ "$shortdist" = "el8" ]; then
+    curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/action.d/ufw.conf -o /etc/fail2ban/action.d/ufw.conf
+    curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/selinux/policies/fail2ban-allowhttpd.te -o /tmp/fail2ban-allowhttpd.te
+    checkmodule -M -m -o /tmp/fail2ban-allowhttpd.mod /tmp/fail2ban-allowhttpd.te
+    semodule_package -o /tmp/fail2ban-allowhttpd.pp -m /tmp/fail2ban-allowhttpd.mod
+    semodule -i /tmp/fail2ban-allowhttpd.pp
+fi
+
+#Start fail2ban service
+systemctl start fail2ban
+systemctl enable fail2ban
+
+#General jails
+rm /etc/fail2ban/jail.d/*
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/sshd.jail -o /etc/fail2ban/jail.d/sshd.local
+if [ -z $disbackendcms ]; then
+ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/phpmyadmin.jail -o /etc/fail2ban/jail.d/phpmyadmin.local
+fi
+

CoreModules/generic/dnf.pkg.list

@@ -0,0 +1 @@
+cronie policycoreutils-python-utils

CoreModules/generic/generic.pkg.list

@@ -0,0 +1 @@
+nano htop ufw nload fail2ban sudo bash-completion

CoreModules/generic/preconf.sh

@@ -1,26 +1,77 @@
+if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then
+########################
+#    Debian/Ubunbtu    #
+########################
+    ##--------------##
+    #  Repositories  #
+    ##--------------##
+
+    curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=universe osrel=$shortdist bash > $OUTPUT 2>&1
+    ##------------##
+    #    System    #
+    ##------------##
+    
+    sed -i -e '/XKBLAYOUT=/c\XKBLAYOUT=us' -e '/XKBVARIANT=/c\XKBVARIANT="intl"' /etc/default/keyboard > $OUTPUT 2>&1
+
+
+    ##-------------##
+    #    Updates    #
+    ##-------------##
+
+    debconf-set-selections <<< 'libssl1.1:amd64 libraries/restart-without-asking boolean true'
+    $PKGUC
+    $PKGUP
+
+
+    ##-------------##
+    #    Postfix    #
+    ##-------------##
+
+    #Checking if postfix exists on this system and if so it wil be removed to prevent config conflicts
+    if dpkg-query -Wf'${db:Status-abbrev}' postfix 2>/dev/null | grep -q '^i'; then apt purge -y postfix > $OUTPUT 2>&1; fi
+
+
+elif [ "$shortdist" = "el8" ]; then
+################
+#    Centos    #
+################
+    ##--------------##
+    #  Repositories  #
+    ##--------------##
+
+    curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=epel osrel=$shortdist bash > $OUTPUT 2>&1
+
+    ##------------##
+    #    System    #
+    ##------------##
+
+    localectl set-keymap us > $OUTPUT 2>&1
+    useradd -r -U -s /usr/sbin/nologin -d /var/www  www-data > $OUTPUT 2>&1
+    systemctl disable firewalld --now > $OUTPUT 2>&1
+
+    ##-------------##
+    #    Postfix    #
+    ##-------------##
+
+    if dnf list installed postfix >/dev/null 2>&1; then dnf remove postfix -y; fi
+    
+fi
+
+
+#################
+#    General    #
+#################
 ##-----------------------##
 #  Prerequisite packages  #
 ##-----------------------##
 
-$PKGI software-properties-common gnupg > $OUTPUT 2>&1
+curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=init osrel=$shortdist bash > $OUTPUT 2>&1
+
 
 ##--------------##
 #  Repositories  #
 ##--------------##
-
-$PKGA universe -y > $OUTPUT 2>&1
-$PKGA ppa:ondrej/php -y -n > $OUTPUT 2>&1
-$PKGA ppa:certbot/certbot -y -n > $OUTPUT 2>&1
-$PKGA ppa:chris-lea/redis-server -y -n > $OUTPUT 2>&1
-
-
-##-------------##
-#    Updates    #
-##-------------##
-
-debconf-set-selections <<< 'libssl1.1:amd64 libraries/restart-without-asking boolean true'
-$PKGM update
-$PKGM upgrade -y
+curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=php osrel=$shortdist bash > $OUTPUT 2>&1
 
 
 ##------------##
@@ -28,9 +79,9 @@ $PKGM upgrade -y
 ##------------##
 
 hostnamectl set-hostname $hostname
-sed -i 's/;preserve_hostname: false/preserve_hostname: true/g' /etc/cloud/cloud.cfg
-timedatectl set-timezone Europe/Amsterdam
-sed -i -e '/Port 22/c\Port 4242' -e 's/PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
+sed -i 's/;preserve_hostname: false/preserve_hostname: true/g' /etc/cloud/cloud.cfg > $OUTPUT 2>&1
+timedatectl set-timezone Europe/Amsterdam > $OUTPUT 2>&1
+sed -i -e '/Port 22/c\Port 4242' -e 's/PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config > $OUTPUT 2>&1
 
 
 ##----------##
@@ -48,14 +99,3 @@ else
 fi
 echo "vm.swappiness=10" >> /etc/sysctl.conf
 echo "vm.vfs_cache_pressure=50" >> /etc/sysctl.conf
-
-
-##-------------##
-#    Postfix    #
-##-------------##
-
-#Checking if postfix exists on this system and if so it wil be removed to prevent config conflicts
-if dpkg-query -Wf'${db:Status-abbrev}' postfix 2>/dev/null | grep -q '^i'; then apt purge -y postfix > $OUTPUT 2>&1; fi
-
-debconf-set-selections <<< "postfix postfix/mailname string $domain"
-debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"

CoreModules/nginx/appendCMS-conf.sh

@@ -2,8 +2,21 @@
 #   Nginx   #
 #############
 
-wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-unconfigured -O /etc/nginx/sites-available/"$domain"
-sed -i -e 's/DOMAINname/'$domain'/' /etc/nginx/sites-available/"$domain"
-ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/
+if [ $domainwww = 1 ]; then
+	#non-ssl
+	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site-wwwredir >> /etc/nginx/sites-available/"$sitename"_nossl
+	echo "" >> /etc/nginx/sites-available/"$sitename"_nossl
+	#ssl 
+	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site_ssl-wwwredir >> /etc/nginx/sites-available/"$sitename"_ssl
+	echo "" >> /etc/nginx/sites-available/"$sitename"_ssl 
+fi
+
+#non-ssl
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site-unconfigured >> /etc/nginx/sites-available/"$sitename"_nossl 
+sed -i -e 's/DOMAINname/'$domain'/g' /etc/nginx/sites-available/"$sitename"_nossl 
+ln -s /etc/nginx/sites-available/"$sitename"_nossl /etc/nginx/sites-enabled/"$sitename"
+#ssl
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site_ssl-unconfigured >> /etc/nginx/sites-available/"$sitename"_ssl 
+sed -i -e 's/DOMAINname/'$domain'/g' /etc/nginx/sites-available/"$sitename"_ssl 
 
 systemctl reload nginx

CoreModules/nginx/apt.list

@@ -1 +0,0 @@
-nginx phpPHPver-imagick php-pear phpPHPver-cli  phpPHPver-fpm phpPHPver-mysql phpPHPver-cgi phpPHPver-common phpPHPver-mbstring phpPHPver-curl phpPHPver-gd phpPHPver-intl phpPHPver-soap phpPHPver-xml phpPHPver-xmlrpc phpPHPver-zip python-certbot-nginx

CoreModules/nginx/apt.pkg.list

@@ -0,0 +1 @@
+apache2-utils

CoreModules/nginx/conf.sh

@@ -1,47 +1,59 @@
-systemctl stop php${phpver}-fpm nginx
+systemctl stop nginx
 
 #############
 #   Nginx   #
 #############
 
-mkdir -p /etc/nginx/sites-available /etc/nginx/sites-enabled /etc/nginx/snippets /etc/nginx/modules-available /etc/nginx/modules-enabled /etc/nginx/snippets/
-wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/fastcgi.conf -O /etc/nginx/fastcgi.conf
-wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/fastcgi-php.conf -O /etc/nginx/snippets/fastcgi-php.conf
-wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/nginx-default.conf -O /etc/nginx/nginx.conf
+mkdir -p /var/www/html /etc/nginx/sites-available /etc/nginx/sites-enabled /etc/nginx/snippets /etc/nginx/modules-available /etc/nginx/modules-enabled /etc/nginx/snippets/
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/fastcgi.conf -o /etc/nginx/fastcgi.conf
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/fastcgi-php.conf -o /etc/nginx/snippets/fastcgi-php.conf
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/snippets-ssl.conf -o /etc/nginx/snippets/ngx-ssl.conf
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/snippets-backendredir.conf -o /etc/nginx/snippets/ngx-backendredir.conf
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/nginx-default.conf -o /etc/nginx/nginx.conf
 
 if [ $domainwww = 1 ]; then
-	wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-wwwredir >> /etc/nginx/sites-available/"$domain"
-	echo "" >> /etc/nginx/sites-available/"$domain" 
+	#non-ssl
+	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site-wwwredir >> /etc/nginx/sites-available/"$sitename"_nossl
+	echo "" >> /etc/nginx/sites-available/"$sitename"_nossl
+	#ssl 
+	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site_ssl-wwwredir >> /etc/nginx/sites-available/"$sitename"_ssl
+	echo "" >> /etc/nginx/sites-available/"$sitename"_ssl 
 fi
-wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-unconfigured >> /etc/nginx/sites-available/"$domain"
-sed -i -e 's/DOMAINname/'$domain'/' /etc/nginx/sites-available/"$domain"
-ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/
+#non-ssl
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site-unconfigured >> /etc/nginx/sites-available/"$sitename"_nossl 
+sed -i -e 's/DOMAINname/'$domain'/g' /etc/nginx/sites-available/"$sitename"_nossl 
+ln -s /etc/nginx/sites-available/"$sitename"_nossl /etc/nginx/sites-enabled/"$sitename"
+#ssl
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site_ssl-unconfigured >> /etc/nginx/sites-available/"$sitename"_ssl 
+sed -i -e 's/DOMAINname/'$domain'/g' /etc/nginx/sites-available/"$sitename"_ssl 
 
-wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-unconfigured -O /etc/nginx/sites-available/Backend
-sed -i -e 's/DOMAINname/'$hostname'/' /etc/nginx/sites-available/Backend
-ln -s /etc/nginx/sites-available/Backend /etc/nginx/sites-enabled/
+#Backend
+##non-ssl
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site-unconfigured >> /etc/nginx/sites-available/Backend_nossl 
+sed -i -e 's/DOMAINname/'$hostname'/g' /etc/nginx/sites-available/Backend_nossl 
+ln -s /etc/nginx/sites-available/Backend_nossl /etc/nginx/sites-enabled/Backend
+##ssl
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site_ssl-unconfigured >> /etc/nginx/sites-available/Backend_ssl 
+sed -i -e 's/DOMAINname/'$hostname'/g' /etc/nginx/sites-available/Backend_ssl 
 
+#toggles
 mkdir -p /opt/toggle
-wget -q -t7 "$repo"/raw/branch/"$branch"/Scripts/toggles/toggle-Netdata_NGINX.sh -O  /opt/toggle/toggle-Netdata.sh
-wget -q -t7 "$repo"/raw/branch/"$branch"/Scripts/toggles/toggle-PhpMyAdmin_NGINX.sh -O  /opt/toggle/toggle-PhpMyAdmin.sh
+##phpmyadmin toggle
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/toggles/toggle-Netdata_NGINX.sh -o  /opt/toggle/toggle-Netdata.sh
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/toggles/toggle-PhpMyAdmin_NGINX.sh -o  /opt/toggle/toggle-PhpMyAdmin.sh
+##monit toggle
+if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then
+    monitconf=/etc/monit/monitrc
+elif [ "$shortdist" = "el8" ]; then
+    monitconf=/etc/monitrc
+fi
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/toggles/toggle-Monit_NGINX.sh -o /opt/toggle/toggle-MonitWebui.sh
+sed -i -e 's#MONITCONF#'$monitconf'#' /opt/toggle/toggle-MonitWebui.sh
+unset monitconf
+
 
 # custom Welcome page
-echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /var/www/html/index.html
-###############
-#   PHP-FPM   #
-###############
+echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /usr/share/nginx/html/index.html
 
-sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/"$phpver"/fpm/php.ini
-sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' /etc/php/"$phpver"/fpm/php.ini
-sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/"$phpver"/fpm/php.ini
-sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/"$phpver"/fpm/php.ini
-sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=50000/g' /etc/php/"$phpver"/fpm/php.ini
-sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/"$phpver"/fpm/php.ini
-sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/"$phpver"/fpm/php.ini
-sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/"$phpver"/fpm/php.ini
-sed -i 's/upload_max_filesize = 2/upload_max_filesize = 128/g' /etc/php/"$phpver"/fpm/php.ini
-sed -i 's/post_max_size = 8/post_max_size = 64/g' /etc/php/"$phpver"/fpm/php.ini
-wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/PHP-FPM/www.confg -O /etc/php/"$phpver"/fpm/pool.d/www.conf
-sed -i 's/'rtag'/'"${phpver}"'/g' /etc/php/"$phpver"/fpm/pool.d/www.conf
-
-systemctl start php${phpver}-fpm nginx
+systemctl start nginx > $OUTPUT 2>&1
+systemctl enable nginx > $OUTPUT 2>&1

CoreModules/nginx/config/PHP-FPM/www.confg

@@ -1,423 +0,0 @@
-; Start a new pool named 'www'.
-; the variable $pool can be used in any directive and will be replaced by the
-; pool name ('www' here)
-[www]
-
-; Per pool prefix
-; It only applies on the following directives:
-; - 'access.log'
-; - 'slowlog'
-; - 'listen' (unixsocket)
-; - 'chroot'
-; - 'chdir'
-; - 'php_values'
-; - 'php_admin_values'
-; When not set, the global prefix (or /usr) applies instead.
-; Note: This directive can also be relative to the global prefix.
-; Default Value: none
-;prefix = /path/to/pools/$pool
-
-; Unix user/group of processes
-; Note: The user is mandatory. If the group is not set, the default user's group
-;       will be used.
-user = www-data
-group = www-data
-
-; The address on which to accept FastCGI requests.
-; Valid syntaxes are:
-;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific IPv4 address on
-;                            a specific port;
-;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
-;                            a specific port;
-;   'port'                 - to listen on a TCP socket to all addresses
-;                            (IPv6 and IPv4-mapped) on a specific port;
-;   '/path/to/unix/socket' - to listen on a unix socket.
-; Note: This value is mandatory.
-listen = /run/php/phprtag-fpm.sock
-
-; Set listen(2) backlog.
-; Default Value: 511 (-1 on FreeBSD and OpenBSD)
-;listen.backlog = 511
-
-; Set permissions for unix socket, if one is used. In Linux, read/write
-; permissions must be set in order to allow connections from a web server. Many
-; BSD-derived systems allow connections regardless of permissions.
-; Default Values: user and group are set as the running user
-;                 mode is set to 0660
-listen.owner = www-data
-listen.group = www-data
-;listen.mode = 0660
-; When POSIX Access Control Lists are supported you can set them using
-; these options, value is a comma separated list of user/group names.
-; When set, listen.owner and listen.group are ignored
-;listen.acl_users =
-;listen.acl_groups =
-
-; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
-; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
-; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
-; must be separated by a comma. If this value is left blank, connections will be
-; accepted from any ip address.
-; Default Value: any
-;listen.allowed_clients = 127.0.0.1
-
-; Specify the nice(2) priority to apply to the pool processes (only if set)
-; The value can vary from -19 (highest priority) to 20 (lower priority)
-; Note: - It will only work if the FPM master process is launched as root
-;       - The pool processes will inherit the master process priority
-;         unless it specified otherwise
-; Default Value: no set
-; process.priority = -19
-
-; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user
-; or group is differrent than the master process user. It allows to create process
-; core dump and ptrace the process for the pool user.
-; Default Value: no
-; process.dumpable = yes
-
-; Choose how the process manager will control the number of child processes.
-; Possible Values:
-;   static  - a fixed number (pm.max_children) of child processes;
-;   dynamic - the number of child processes are set dynamically based on the
-;             following directives. With this process management, there will be
-;             always at least 1 children.
-;             pm.max_children      - the maximum number of children that can
-;                                    be alive at the same time.
-;             pm.start_servers     - the number of children created on startup.
-;             pm.min_spare_servers - the minimum number of children in 'idle'
-;                                    state (waiting to process). If the number
-;                                    of 'idle' processes is less than this
-;                                    number then some children will be created.
-;             pm.max_spare_servers - the maximum number of children in 'idle'
-;                                    state (waiting to process). If the number
-;                                    of 'idle' processes is greater than this
-;                                    number then some children will be killed.
-;  ondemand - no children are created at startup. Children will be forked when
-;             new requests will connect. The following parameter are used:
-;             pm.max_children           - the maximum number of children that
-;                                         can be alive at the same time.
-;             pm.process_idle_timeout   - The number of seconds after which
-;                                         an idle process will be killed.
-; Note: This value is mandatory.
-pm = dynamic
-
-; The number of child processes to be created when pm is set to 'static' and the
-; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
-; This value sets the limit on the number of simultaneous requests that will be
-; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
-; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
-; CGI. The below defaults are based on a server without much resources. Don't
-; forget to tweak pm.* to fit your needs.
-; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
-; Note: This value is mandatory.
-pm.max_children = 5
-
-; The number of child processes created on startup.
-; Note: Used only when pm is set to 'dynamic'
-; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
-pm.start_servers = 2
-
-; The desired minimum number of idle server processes.
-; Note: Used only when pm is set to 'dynamic'
-; Note: Mandatory when pm is set to 'dynamic'
-pm.min_spare_servers = 1
-
-; The desired maximum number of idle server processes.
-; Note: Used only when pm is set to 'dynamic'
-; Note: Mandatory when pm is set to 'dynamic'
-pm.max_spare_servers = 3
-
-; The number of seconds after which an idle process will be killed.
-; Note: Used only when pm is set to 'ondemand'
-; Default Value: 10s
-;pm.process_idle_timeout = 10s;
-
-; The number of requests each child process should execute before respawning.
-; This can be useful to work around memory leaks in 3rd party libraries. For
-; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
-; Default Value: 0
-;pm.max_requests = 500
-
-; The URI to view the FPM status page. If this value is not set, no URI will be
-; recognized as a status page. It shows the following informations:
-;   pool                 - the name of the pool;
-;   process manager      - static, dynamic or ondemand;
-;   start time           - the date and time FPM has started;
-;   start since          - number of seconds since FPM has started;
-;   accepted conn        - the number of request accepted by the pool;
-;   listen queue         - the number of request in the queue of pending
-;                          connections (see backlog in listen(2));
-;   max listen queue     - the maximum number of requests in the queue
-;                          of pending connections since FPM has started;
-;   listen queue len     - the size of the socket queue of pending connections;
-;   idle processes       - the number of idle processes;
-;   active processes     - the number of active processes;
-;   total processes      - the number of idle + active processes;
-;   max active processes - the maximum number of active processes since FPM
-;                          has started;
-;   max children reached - number of times, the process limit has been reached,
-;                          when pm tries to start more children (works only for
-;                          pm 'dynamic' and 'ondemand');
-; Value are updated in real time.
-; Example output:
-;   pool:                 www
-;   process manager:      static
-;   start time:           01/Jul/2011:17:53:49 +0200
-;   start since:          62636
-;   accepted conn:        190460
-;   listen queue:         0
-;   max listen queue:     1
-;   listen queue len:     42
-;   idle processes:       4
-;   active processes:     11
-;   total processes:      15
-;   max active processes: 12
-;   max children reached: 0
-;
-; By default the status page output is formatted as text/plain. Passing either
-; 'html', 'xml' or 'json' in the query string will return the corresponding
-; output syntax. Example:
-;   http://www.foo.bar/status
-;   http://www.foo.bar/status?json
-;   http://www.foo.bar/status?html
-;   http://www.foo.bar/status?xml
-;
-; By default the status page only outputs short status. Passing 'full' in the
-; query string will also return status for each pool process.
-; Example:
-;   http://www.foo.bar/status?full
-;   http://www.foo.bar/status?json&full
-;   http://www.foo.bar/status?html&full
-;   http://www.foo.bar/status?xml&full
-; The Full status returns for each process:
-;   pid                  - the PID of the process;
-;   state                - the state of the process (Idle, Running, ...);
-;   start time           - the date and time the process has started;
-;   start since          - the number of seconds since the process has started;
-;   requests             - the number of requests the process has served;
-;   request duration     - the duration in µs of the requests;
-;   request method       - the request method (GET, POST, ...);
-;   request URI          - the request URI with the query string;
-;   content length       - the content length of the request (only with POST);
-;   user                 - the user (PHP_AUTH_USER) (or '-' if not set);
-;   script               - the main script called (or '-' if not set);
-;   last request cpu     - the %cpu the last request consumed
-;                          it's always 0 if the process is not in Idle state
-;                          because CPU calculation is done when the request
-;                          processing has terminated;
-;   last request memory  - the max amount of memory the last request consumed
-;                          it's always 0 if the process is not in Idle state
-;                          because memory calculation is done when the request
-;                          processing has terminated;
-; If the process is in Idle state, then informations are related to the
-; last request the process has served. Otherwise informations are related to
-; the current request being served.
-; Example output:
-;   ************************
-;   pid:                  31330
-;   state:                Running
-;   start time:           01/Jul/2011:17:53:49 +0200
-;   start since:          63087
-;   requests:             12808
-;   request duration:     1250261
-;   request method:       GET
-;   request URI:          /test_mem.php?N=10000
-;   content length:       0
-;   user:                 -
-;   script:               /home/fat/web/docs/php/test_mem.php
-;   last request cpu:     0.00
-;   last request memory:  0
-;
-; Note: There is a real-time FPM status monitoring sample web page available
-;       It's available in: /usr/share/php/rtag/fpm/status.html
-;
-; Note: The value must start with a leading slash (/). The value can be
-;       anything, but it may not be a good idea to use the .php extension or it
-;       may conflict with a real PHP file.
-; Default Value: not set
-;pm.status_path = /status
-
-; The ping URI to call the monitoring page of FPM. If this value is not set, no
-; URI will be recognized as a ping page. This could be used to test from outside
-; that FPM is alive and responding, or to
-; - create a graph of FPM availability (rrd or such);
-; - remove a server from a group if it is not responding (load balancing);
-; - trigger alerts for the operating team (24/7).
-; Note: The value must start with a leading slash (/). The value can be
-;       anything, but it may not be a good idea to use the .php extension or it
-;       may conflict with a real PHP file.
-; Default Value: not set
-;ping.path = /ping
-
-; This directive may be used to customize the response of a ping request. The
-; response is formatted as text/plain with a 200 response code.
-; Default Value: pong
-;ping.response = pong
-
-; The access log file
-; Default: not set
-;access.log = log/$pool.access.log
-
-; The access log format.
-; The following syntax is allowed
-;  %%: the '%' character
-;  %C: %CPU used by the request
-;      it can accept the following format:
-;      - %{user}C for user CPU only
-;      - %{system}C for system CPU only
-;      - %{total}C  for user + system CPU (default)
-;  %d: time taken to serve the request
-;      it can accept the following format:
-;      - %{seconds}d (default)
-;      - %{miliseconds}d
-;      - %{mili}d
-;      - %{microseconds}d
-;      - %{micro}d
-;  %e: an environment variable (same as $_ENV or $_SERVER)
-;      it must be associated with embraces to specify the name of the env
-;      variable. Some exemples:
-;      - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
-;      - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
-;  %f: script filename
-;  %l: content-length of the request (for POST request only)
-;  %m: request method
-;  %M: peak of memory allocated by PHP
-;      it can accept the following format:
-;      - %{bytes}M (default)
-;      - %{kilobytes}M
-;      - %{kilo}M
-;      - %{megabytes}M
-;      - %{mega}M
-;  %n: pool name
-;  %o: output header
-;      it must be associated with embraces to specify the name of the header:
-;      - %{Content-Type}o
-;      - %{X-Powered-By}o
-;      - %{Transfert-Encoding}o
-;      - ....
-;  %p: PID of the child that serviced the request
-;  %P: PID of the parent of the child that serviced the request
-;  %q: the query string
-;  %Q: the '?' character if query string exists
-;  %r: the request URI (without the query string, see %q and %Q)
-;  %R: remote IP address
-;  %s: status (response code)
-;  %t: server time the request was received
-;      it can accept a strftime(3) format:
-;      %d/%b/%Y:%H:%M:%S %z (default)
-;      The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
-;      e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
-;  %T: time the log has been written (the request has finished)
-;      it can accept a strftime(3) format:
-;      %d/%b/%Y:%H:%M:%S %z (default)
-;      The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
-;      e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
-;  %u: remote user
-;
-; Default: "%R - %u %t \"%m %r\" %s"
-;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
-
-; The log file for slow requests
-; Default Value: not set
-; Note: slowlog is mandatory if request_slowlog_timeout is set
-;slowlog = log/$pool.log.slow
-
-; The timeout for serving a single request after which a PHP backtrace will be
-; dumped to the 'slowlog' file. A value of '0s' means 'off'.
-; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
-; Default Value: 0
-;request_slowlog_timeout = 0
-
-; Depth of slow log stack trace.
-; Default Value: 20
-;request_slowlog_trace_depth = 20
-
-; The timeout for serving a single request after which the worker process will
-; be killed. This option should be used when the 'max_execution_time' ini option
-; does not stop script execution for some reason. A value of '0' means 'off'.
-; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
-; Default Value: 0
-;request_terminate_timeout = 0
-
-; Set open file descriptor rlimit.
-; Default Value: system defined value
-;rlimit_files = 1024
-
-; Set max core size rlimit.
-; Possible Values: 'unlimited' or an integer greater or equal to 0
-; Default Value: system defined value
-;rlimit_core = 0
-
-; Chroot to this directory at the start. This value must be defined as an
-; absolute path. When this value is not set, chroot is not used.
-; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
-; of its subdirectories. If the pool prefix is not set, the global prefix
-; will be used instead.
-; Note: chrooting is a great security feature and should be used whenever
-;       possible. However, all PHP paths will be relative to the chroot
-;       (error_log, sessions.save_path, ...).
-; Default Value: not set
-;chroot =
-
-; Chdir to this directory at the start.
-; Note: relative path can be used.
-; Default Value: current directory or / when chroot
-;chdir = /var/www
-
-; Redirect worker stdout and stderr into main error log. If not set, stdout and
-; stderr will be redirected to /dev/null according to FastCGI specs.
-; Note: on highloaded environement, this can cause some delay in the page
-; process time (several ms).
-; Default Value: no
-;catch_workers_output = yes
-
-; Clear environment in FPM workers
-; Prevents arbitrary environment variables from reaching FPM worker processes
-; by clearing the environment in workers before env vars specified in this
-; pool configuration are added.
-; Setting to "no" will make all environment variables available to PHP code
-; via getenv(), $_ENV and $_SERVER.
-; Default Value: yes
-;clear_env = no
-
-; Limits the extensions of the main script FPM will allow to parse. This can
-; prevent configuration mistakes on the web server side. You should only limit
-; FPM to .php extensions to prevent malicious users to use other extensions to
-; execute php code.
-; Note: set an empty value to allow all extensions.
-; Default Value: .php
-;security.limit_extensions = .php .php3 .php4 .php5 .php7
-
-; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
-; the current environment.
-; Default Value: clean env
-env[HOSTNAME] = $HOSTNAME
-env[PATH] = /usr/local/bin:/usr/bin:/bin
-env[TMP] = /tmp
-env[TMPDIR] = /tmp
-env[TEMP] = /tmp
-
-; Additional php.ini defines, specific to this pool of workers. These settings
-; overwrite the values previously defined in the php.ini. The directives are the
-; same as the PHP SAPI:
-;   php_value/php_flag             - you can set classic ini defines which can
-;                                    be overwritten from PHP call 'ini_set'.
-;   php_admin_value/php_admin_flag - these directives won't be overwritten by
-;                                     PHP call 'ini_set'
-; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
-
-; Defining 'extension' will load the corresponding shared extension from
-; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
-; overwrite previously defined php.ini values, but will append the new value
-; instead.
-
-; Note: path INI options can be relative and will be expanded with the prefix
-; (pool, global or /usr)
-
-; Default Value: nothing is defined by default except the values in php.ini and
-;                specified at startup with the -d argument
-;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
-;php_flag[display_errors] = off
-;php_admin_value[error_log] = /var/log/fpm-php.www.log
-;php_admin_flag[log_errors] = on
-;php_admin_value[memory_limit] = 32M

CoreModules/nginx/config/nginx/nginx-default.conf

@@ -25,19 +25,10 @@ http {
 
 	server_names_hash_bucket_size 64;
 
-	include /etc/nginx/mime.types;
-	default_type text/html;
+    root   /usr/share/nginx/html;
 
-	ssl_protocols TLSv1.3 TLSv1.2;
-	ssl_prefer_server_ciphers on;
-    ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
-    ssl_session_cache shared:SSL:20m;
-    ssl_session_timeout 180m;
-    ssl_ecdh_curve secp384r1;
-    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
-	add_header X-Frame-Options sameorigin;
-    add_header X-Content-Type-Options nosniff;
-    add_header X-Xss-Protection "1; mode=block";
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
 
     #access_log /var/log/nginx/access.log;
     access_log off;
@@ -50,6 +41,7 @@ http {
     gzip_disable "msie6";
     gzip_buffers 16 8k;
 
+    include /etc/nginx/snippets/ngx-ssl.conf;
 	include /etc/nginx/conf.d/*.conf;
 	include /etc/nginx/sites-enabled/*;
 }

CoreModules/nginx/config/nginx/site_ssl-unconfigured

@@ -0,0 +1,25 @@
+server {
+    listen 80;
+    listen [::]:80;
+	server_name   DOMAINname;
+    
+    location / {
+        return 301 https://$host$request_uri;
+    }
+    
+}
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2; 
+    server_name   DOMAINname;
+    ssl_certificate /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer;
+    ssl_certificate_key /etc/acmesh/certs/DOMAINname_ecc/DOMAINname.key;
+    ssl_trusted_certificate /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer;
+    include snippets/ngx-ssl.conf; 
+    
+    
+
+#ConfHere
+
+}

CoreModules/nginx/config/nginx/site_ssl-wwwredir

@@ -0,0 +1,19 @@
+server {
+	#www.domain > domain redirect
+    listen       80;
+    listen       [::]:80;
+    server_name   www.DOMAINname;
+    return       301 http://DOMAINname$request_uri;
+}
+
+server {
+    #SSL www.domain > domain redirect
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2; 
+    server_name   www.DOMAINname;
+    ssl_certificate /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer;
+    ssl_certificate_key /etc/acmesh/certs/DOMAINname_ecc/DOMAINname.key;
+    ssl_trusted_certificate /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer; 
+    include snippets/ngx-ssl.conf; 
+    return       301 https://DOMAINname$request_uri;
+}

CoreModules/nginx/config/nginx/snippets-backendredir.conf

@@ -0,0 +1,3 @@
+    location /database {
+        return 301 http://$hostname/backend/database;
+    }

CoreModules/nginx/config/nginx/snippets-ssl.conf

@@ -0,0 +1,14 @@
+resolver 8.8.8.8;
+ssl_ecdh_curve secp384r1;
+ssl_session_cache shared:le_nginx_SSL:1m;
+ssl_session_timeout 1440m;
+ssl_stapling on;
+ssl_stapling_verify on;
+ssl_prefer_server_ciphers on;
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
+add_header X-Frame-Options sameorigin;
+add_header X-Content-Type-Options nosniff;
+add_header X-Xss-Protection "1; mode=block";
+add_header Strict-Transport-Security "max-age=31536000" always;
+ssl_dhparam /etc/acmesh/certs/ssl-dhparams.pem;

CoreModules/nginx/dnf.pkg.list

@@ -0,0 +1 @@
+httpd-tools

CoreModules/nginx/generic.pkg.list

@@ -0,0 +1 @@
+nginx

CoreModules/nginx/phpupdate-handeler.sh

@@ -0,0 +1,24 @@
+for f in /etc/nginx/sites-available/*; do
+    if [ $IMODE = n ] && [ $PhpPurge = 0 ]; then
+        if (whiptail --title "Update Nginx config ?" --yesno "Update php version in nginx site: ${f##*/}  ?" 8 78); then
+            sed -i  "s/$phpver/$newphpver/" $f
+        fi
+    fi
+    if [ $IMODE = l ] && [ $PhpPurge = 0 ]; then
+            while true; do
+                read -p "Update php version in nginx site: ${f##*/} ? -> yes/no?" yn
+                case $yn in
+                [Yy]* ) sed -i  "s/$phpver/$newphpver/" $f
+                break;;
+                [Nn]* ) echo ""
+                break;;
+                * ) echo "Choose yes of no.";;
+            esac
+        done    
+    fi
+    if [ $PhpPurge = 1 ]; then
+        sed -i  "s/$phpver/$newphpver/" $f
+    fi
+done
+ 
+systemctl reload nginx

CoreModules/nginx/preconf.sh

@@ -1 +1 @@
-$PKGA ppa:nginx/stable -y > $OUTPUT 2>&1
+curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=nginx osrel=$shortdist bash > $OUTPUT 2>&1

CoreModules/nginx/reqmodules.sh

@@ -0,0 +1 @@
+aonoption="$aonoption php-fpm"

CoreModules/nginx/ssl-handler.sh

@@ -0,0 +1,9 @@
+rm /etc/nginx/sites-enabled/"$sitename"
+ln -s /etc/nginx/sites-available/"$sitename"_"$site_ext" /etc/nginx/sites-enabled/"$sitename"
+
+if [ -n "$sslfr" ]; then
+    rm /etc/nginx/sites-enabled/Backend
+    ln -s /etc/nginx/sites-available/Backend_"$siteBackend_ext" /etc/nginx/sites-enabled/Backend
+fi
+
+systemctl reload nginx

CoreModules/nginx_nonphp/appendCMS-conf.sh

@@ -0,0 +1,22 @@
+#############
+#   Nginx   #
+#############
+
+if [ $domainwww = 1 ]; then
+	#non-ssl
+	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site-wwwredir >> /etc/nginx/sites-available/"$sitename"_nossl
+	echo "" >> /etc/nginx/sites-available/"$sitename"_nossl
+	#ssl 
+	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site_ssl-wwwredir >> /etc/nginx/sites-available/"$sitename"_ssl
+	echo "" >> /etc/nginx/sites-available/"$sitename"_ssl 
+fi
+
+#non-ssl
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site-unconfigured >> /etc/nginx/sites-available/"$sitename"_nossl 
+sed -i -e 's/DOMAINname/'$domain'/g' /etc/nginx/sites-available/"$sitename"_nossl 
+ln -s /etc/nginx/sites-available/"$sitename"_nossl /etc/nginx/sites-enabled/"$sitename"
+#ssl
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site_ssl-unconfigured >> /etc/nginx/sites-available/"$sitename"_ssl 
+sed -i -e 's/DOMAINname/'$domain'/g' /etc/nginx/sites-available/"$sitename"_ssl 
+
+systemctl reload nginx

CoreModules/nginx_nonphp/apt.pkg.list

@@ -0,0 +1 @@
+apache2-utils

CoreModules/nginx_nonphp/conf.sh

@@ -0,0 +1,32 @@
+systemctl stop nginx
+
+#############
+#   Nginx   #
+#############
+
+mkdir -p /var/www/html /etc/nginx/sites-available /etc/nginx/sites-enabled /etc/nginx/snippets /etc/nginx/modules-available /etc/nginx/modules-enabled /etc/nginx/snippets/
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/fastcgi.conf -o /etc/nginx/fastcgi.conf
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/snippets-ssl.conf -o /etc/nginx/snippets/ngx-ssl.conf
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/nginx-default.conf -o /etc/nginx/nginx.conf
+
+if [ $domainwww = 1 ]; then
+	#non-ssl
+	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site-wwwredir >> /etc/nginx/sites-available/"$sitename"_nossl
+	echo "" >> /etc/nginx/sites-available/"$sitename"_nossl
+	#ssl 
+	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site_ssl-wwwredir >> /etc/nginx/sites-available/"$sitename"_ssl
+	echo "" >> /etc/nginx/sites-available/"$sitename"_ssl 
+fi
+#non-ssl
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site-unconfigured >> /etc/nginx/sites-available/"$sitename"_nossl 
+sed -i -e 's/DOMAINname/'$domain'/g' /etc/nginx/sites-available/"$sitename"_nossl 
+ln -s /etc/nginx/sites-available/"$sitename"_nossl /etc/nginx/sites-enabled/"$sitename"
+#ssl
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site_ssl-unconfigured >> /etc/nginx/sites-available/"$sitename"_ssl 
+sed -i -e 's/DOMAINname/'$domain'/g' /etc/nginx/sites-available/"$sitename"_ssl 
+
+# custom Welcome page
+echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /usr/share/nginx/html/index.html
+
+systemctl start nginx > $OUTPUT 2>&1
+systemctl enable nginx > $OUTPUT 2>&1

CoreModules/nginx_nonphp/dnf.pkg.list

@@ -0,0 +1 @@
+httpd-tools

CoreModules/nginx_nonphp/generic.pkg.list

@@ -0,0 +1 @@
+nginx

CoreModules/nginx_nonphp/preconf.sh

@@ -0,0 +1,5 @@
+curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=nginx osrel=$shortdist bash > $OUTPUT 2>&1
+
+#Disable PhpMyadmin and Backend cms
+disbackendcms=1
+PHPMyadmin=1

CoreModules/nginx_nonphp/ssl-handler.sh

@@ -0,0 +1,4 @@
+rm /etc/nginx/sites-enabled/"$sitename"
+ln -s /etc/nginx/sites-available/"$sitename"_"$site_ext" /etc/nginx/sites-enabled/"$sitename"
+
+systemctl reload nginx

Docs/docs/Dev-Adding-CMS.md

@@ -3,10 +3,14 @@
 * CMS/`<NewCmsName>`/
     * conf.sh
     * preconf.sh
-    * apt.list
+    * generic.pkg.list
+	* apt.pkg.list
+	* dnf.pkg.list    
     * `<Webserver>`-conf.sh
     * `<Webserver>`-preconf.sh
-    * `<Webserver>`-apt.list
+    * `<Webserver>`-generic.pkg.list
+    * `<Webserver>`-apt.pkg.list
+    * `<Webserver>`-dnf.pkg.list
     * `<Webserver>`-unconfigured
 
 # File Explanation
@@ -14,10 +18,14 @@
 | -------- | ------------ |
 | preconf.sh  | Pre config/apt install commands runs for all web servers |
 | conf.sh  | Configuration runs for all webservers |
-| apt.list  | packagelist for all webservers |
+| generic.pkg.list | packagelist for this webserver and php for all distro's | 
+| apt.pkg.list | packagelist for this webserver and php for distro's that use apt |   
+| dnf.pkg.list | packagelist for this webserver and php for distro's that use dnf/yum |   
 | `<Webserver>`-preconf.sh  | Pre config/apt install commands runs for specified webserver |
 | `<Webserver>`-conf.sh  | Configuration runs for specified webserver |
-| `<Webserver>`-apt.list | packagelist for specified webserver |
+| `<Webserver>`-generic.pkg.list | packagelist for specified webserver for all distro's|
+| `<Webserver>`-apt.pkg.list | packagelist for specified webserver for distro's that use apt|
+| `<Webserver>`-dnf.pkg.list | packagelist for specified webserver for distro's that use dnf/yum|
 | `<Webserver>`-unconfigured | webserver(vhost) config | 
 
 
@@ -26,7 +34,7 @@
 ## nginx-conf.sh
 ```
 #Getting Nginx SiteConfig
-wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/<CMSName>/Nginx-unconfigured -O /tmp/nginx-siteconf
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CMS/<CMSName>/Nginx-unconfigured -o /tmp/nginx-siteconf
 
 #Configuring Nginx SiteConfig
 sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/' /tmp/nginx-siteconf
@@ -43,7 +51,7 @@ systemctl reload nginx
 
 ```
 #Getting Nginx SiteConfig
-wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/<CMSName>/Nginx-unconfigured -O /tmp/nginx-siteconf
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CMS/<CMSName>/Nginx-unconfigured -o /tmp/nginx-siteconf
 
 #Configuring Nginx SiteConfig
 sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/' /tmp/nginx-siteconf

Docs/docs/Dev-Adding-Modules.md

@@ -1,30 +1,41 @@
 # Module modes
-A module can be external(in other/external git repo) or internal(Modules/<ModuleName>).  
+A module can be external(in other/external git repo) or internal(SubModules/<ModuleName>).  
 In both cases the file structure is expected as shown below
 
 # List of possible Files and expected Structure
 * conf.sh
 * preconf.sh
-* apt.list
+* generic.pkg.list
+* apt.pkg.list
+* dnf.pkg.list
 * `<webserver>`-conf.sh
 * `<webserver>`-preconf.sh
-* `<webserver>`-apt.list
+* `<Webserver>`-generic.pkg.list
+* `<Webserver>`-apt.pkg.list
+* `<Webserver>`-dnf.pkg.list
 * config/*
+* CMSHook-preconf.sh
+* CMSHook-conf.sh
 
 ## The internal module location
-Modules/`<ModuleName>`
+SubModules/`<ModuleName>`
 
 # File Explanation
 | File Name | Description     |
 | -------- | ------------ |
 | preconf.sh | Pre config/apt install commands runs for all web servers | 
 | conf.sh| Configuration runs for all webservers | 
-| apt.list | packagelist for all webservers | 
+| generic.pkg.list | packagelist for this webserver and php for all distro's | 
+| apt.pkg.list | packagelist for this webserver and php for distro's that use apt |   
+| dnf.pkg.list | packagelist for this webserver and php for distro's that use dnf/yum |   
 | `<Webserver>`-preconf.sh | Pre config/apt install commands runs for specified webserver |
 | `<Webserver>`-conf.sh | Configuration runs for specified webserver | 
-| `<Webserver>`-apt.list | packagelist for specified webserver | 
+| `<Webserver>`-generic.pkg.list | packagelist for specified webserver for all distro's|
+| `<Webserver>`-apt.pkg.list | packagelist for specified webserver for distro's that use apt|
+| `<Webserver>`-dnf.pkg.list | packagelist for specified webserver for distro's that use dnf/yum|
 | config/* | Directory for config files | 
-
+| CMSHook-conf.sh  | Will run as addtional preconf when CSM is installed|
+| CMSHook-conf.sh  | Will run after a CSM is installed|
 
 # Defining in the menu
 ### Add the following to ModulesMenu.list

Docs/docs/Dev-Adding-Webserver.md

@@ -2,7 +2,9 @@
 * CoreModules/`<webserverName>`/
     * conf.sh
 	* preconf.sh
-	* apt.list
+	* generic.pkg.list
+	* apt.pkg.list
+	* dnf.pkg.list
 	* appendCMS-conf.sh
 	* config/*
 # File Explanation
@@ -10,7 +12,9 @@
 | -------- | ------------ |
 | preconf.sh | Pre config/apt install commands (ex: repo setup) |
 | conf.sh | Configuration for webserver and php | 
-| apt.list | packagelist for this webserver and php |  
+| generic.pkg.list | packagelist for this webserver and php for all distro's | 
+| apt.pkg.list | packagelist for this webserver and php for distro's that use apt |   
+| dnf.pkg.list | packagelist for this webserver and php for distro's that use dnf/yum |   
 | appendCMS-conf.sh | Runs when a domain gets added after inital install by appendCMS.sh | 
 
 # Defining in the menu

Docs/docs/User-MainInfo.md

@@ -1,26 +1,37 @@
 # Getting/using the Normal installer (installer.sh):
 
+Using curl
 ```
-#Get installer.sh from the repo and store it at: /tmp/installer.sh    
+curl https://git.ictmaatwerk.com/VPS-scripts/Web-V2/raw/branch/master/installer.sh -o /tmp/installer.sh  
+bash /tmp/installer.sh
+```  
+
+Using wget
+```
+wget https://git.ictmaatwerk.com/VPS-scripts/Web-V2/raw/branch/master/installer.sh -O /tmp/installer.sh  
 bash /tmp/installer.sh
 ```
 # Getting/using the Legacy installer (installer.sh):
+Using curl
 ```
-#Get installer.sh from the repo and store it at: /tmp/installer.sh  
+curl https://git.ictmaatwerk.com/VPS-scripts/Web-V2/raw/branch/master/installer.sh -o /tmp/installer.sh  
 bash /tmp/installer.sh -l 2>&1 | tee ~/output.log 
-```
+```  
 
+Using wget
+```
+wget https://git.ictmaatwerk.com/VPS-scripts/Web-V2/raw/branch/master/installer.sh -O /tmp/installer.sh  
+bash /tmp/installer.sh -l 2>&1 | tee ~/output.log 
+```  
 # Adding a Domain (AppendCMS.sh):
 The script wil get most information it need from stored config, only the new domain and the mysql root password need to be entered.  
 
 ```
-#Get the AppendCMS.sh from the repo and store it at: /tmp/AppendCMS.sh
-bash /tmp/AppendCMS.sh
+bash <(curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/Web-V2/raw/branch/master/AppendCMS.sh)
 ```
 
 # Adding a Module/Option (AppendModule.sh):
 The script wil get most information it need from stored config
 ```
-#Get the AppendCMS.sh from the repo and store it at: /tmp/AppendModule.sh 
-bash /tmp/AppendModule.sh 
+bash <(curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/Web-V2/raw/branch/master/AppendModule.sh)
 ```

Docs/mkdocs.yml

@@ -1,7 +1,7 @@
 site_name: Web-V2
 theme: slate
 repo_name: 'Git Repo'
-repo_url: https://git.ictmaatwerk.com/bprieshof/UBU-Web-V2/src/branch/master
+repo_url: https://git.ictmaatwerk.com/VPS-scripts/Web-V2/src/branch/master
 nav:
     - User: 'User-MainInfo.md'
     - Development:

ModulesMenu.list

@@ -5,6 +5,7 @@
 if [ $IMODE = n ]; then
 #WebServers
 webservers=("Nginx:" "Will install NGINX Webserver." ON)
+webservers+=("Nginx_nonphp:" "Will install NGINX Webserver without php-fpm." OFF)
 webservers+=("Apache:" "Will install Apache Webserver." OFF)
 
 ##Nginx
@@ -12,32 +13,48 @@ webservers+=("Apache:" "Will install Apache Webserver." OFF)
 nginxCMSL=("None:" "A plain webserver will be setup." OFF)
 nginxCMSL+=("Wordpress:" "WordPress is a content management system based on PHP." OFF)
 nginxCMSL+=("Nextcloud:" "Nextcloud is a suite of client-server software for creating and using file hosting services." OFF)
+nginxCMSL+=("FrontController:" "Will prepair enviroment for frontcontroller." OFF)
 #Options
-nginxOptions=("Option 1:" "Option 1 Desription" OFF)
-nginxOptions+=("Option 2:" "Option 2 Desription" OFF)
-nginxOptions+=("Option 3:" "Option 3 Desription" OFF)
+nginxOptions=("Redis:" "Redis caching" OFF)
+nginxOptions+=("Postfix:" "Mail MTA" OFF)
+
+##Nginx
+#CMSList
+nginx_nonphpCMSL=("None:" "A plain webserver will be setup." OFF)
+#Options
+nginx_nonphpOptions=("Redis:" "Redis caching" OFF)
+nginx_nonphpOptions+=("Postfix:" "Mail MTA" OFF)
 
 ##Apache
 #CMSList
 apacheCMSL=("None:" "A plain webserver will be setup." OFF)
 apacheCMSL+=("Wordpress:" "WordPress is a content management system based on PHP." OFF)
+apacheCMSL+=("Nextcloud:" "Nextcloud is a suite of client-server software for creating and using file hosting services." OFF)
 #Options
-apacheOptions=("Option 1:" "Option 1 Desription" OFF)
-apacheOptions+=("Option 2: " "Option 2 Desription" OFF)
+apacheOptions=("Redis:" "Redis caching" OFF)
+apacheOptions+=("Postfix:" "Mail MTA" OFF)
+
 fi
 if [ $IMODE = l ]; then
 #WebServers
-webservers=("Nginx" "Apache" "Quit")
+webservers=("Nginx" "Nginx_nonphp"  "Apache" "Quit")
+
 ##Nginx
 #CMSList
-nginxCMSL=("Wordpress" "Nextcloud" "None")
+nginxCMSL=("None" "Wordpress" "Nextcloud" "FrontController")
 #Options
-nginxOptions=("Ngx Option 1:" "Ngx Option 2:" "Ngx Option 3:")
+nginxOptions=("Redis:" "Postfix:")
 
+##Nginx-nonphp
+#CMSList
+nginx_nonphpCMSL=("None")
+#Options
+nginx_nonphpOptions=("Redis:" "Postfix:")
 
 ##Apache
 #CMSList
-apacheCMSL=("Wordpress" "Nextcloud" "None")
+apacheCMSL=("None" "Wordpress" "Nextcloud")
 #Options
-apacheOptions=("Apa Option 1:" "Apa Option 2:" "Apa Option 3:")
+apacheOptions=("Redis:" "Postfix:")
+
 fi

Notes.md

@@ -1,2 +0,0 @@
-### Apache config 
-set `IncludeOptional sites-enabled/*.conf` to `IncludeOptional sites-enabled/*`

PhpUpdater.sh

@@ -0,0 +1,133 @@
+#sysCheck
+if [ ! -f "/etc/ICTM/selopts.list" ] || [ ! -f "/etc/ICTM/mainvar.list" ] ; then echo 'This system is not yet setup, please run the main installer first' && exit ; fi
+rm /tmp/pkg.list
+#Getting variables
+source /etc/ICTM/mainvar.list
+if [ -z $shortdist ] ; then source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/MicroOSDetect.sh) ; fi
+if [ ! -f "/etc/ICTM/phpvar.list" ] ; then bash <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/GeneratePhplist.sh) ; fi
+source /etc/ICTM/phpvar.list
+if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then
+    apt update
+    RepoVersion=`apt list |grep php | grep deb.sury.org| cut -f1 -d"-"| tail -1 |sed 's/php//'`
+elif [ "$shortdist" = "el8" ]; then
+    dnf check-update --refresh
+    RepoVersion=`dnf list php* | awk '{print $1; }' | cut -f1 -d"-"| tail -1 |sed 's/php//' | sed 's/./&./1'`
+fi
+msg () {
+    if [ $IMODE = n ]; then
+        TERM=ansi whiptail --title "Info" --msgbox "$1" 8 52
+    fi
+    if [ $IMODE = l ]; then
+        echo "$1"
+    fi
+}
+
+msg "Current php version: $phpver"
+
+if [ $IMODE = n ]; then
+    # Legacy/Main Menu
+    PKGD="debconf-apt-progress -- apt purge -y"
+
+    #Menu
+    if (whiptail --title "Set new php version?" --yesno "Install php version $RepoVersion ?" 8 78); then
+        newphpver=$RepoVersion
+    else
+        newphpver=$(whiptail --inputbox "Please enter the version to install" --title "Custom" 8 39 3>&1 1>&2 2>&3)
+    fi
+fi
+
+if [ $IMODE = l ]; then
+    # Legacy/Main Menu
+    PKGD="apt purge -y"
+
+    #Menu    
+    while true; do
+        read -p "Set phpversion to version $RepoVersion ? -> yes/no?" yn
+        case $yn in
+            [Yy]* ) newphpver=$RepoVersion
+            break;;
+            [Nn]* ) echo "";
+            echo "Please enter php version to install:";read newphpver
+            break;;
+            * ) echo "Choose yes or no.";;
+        esac
+    done
+ fi   
+
+    #Genereating vars for new php version
+    if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then
+    # Debian/Ubunbtu Php variables
+        newphpPoolDir=/etc/php/${newphpver}/fpm/pool.d
+        newphpPkgName=php${newphpver}
+        newphpMainConf=/etc/php/${newphpver}/fpm/php.ini
+        newphpFPMService=php${newphpver}-fpm
+        PKGP=$PKGD
+        apt list --installed | less | grep php$phpver | cut -f1 -d"/" | sed "s/$phpPkgName/$newphpPkgName/" > /tmp/pkg.list
+    elif [ "$shortdist" = "el8" ]; then
+    # Centos Php variable
+        newphpPoolDir=/etc/opt/remi/php${newphpver//.}/php-fpm.d/
+        newphpPkgName=php${newphpver//.}-php
+        newphpMainConf=/etc/opt/remi/php${newphpver//.}/php.ini
+        newphpFPMService=php${newphpver//.}-php-fpm
+        PKGP="dnf remove -y"
+        dnf list --installed | sort | grep $phpPkgName | awk '{print $1;}' | cut -f1 -d"." | sed "s/$phpPkgName/$newphpPkgName/" > /tmp/pkg.list
+    fi
+
+    #Install
+    
+    if [ ${newphpver//.} -ge 80 ] && [ ${newphpver//.}  -lt 90 ]; then
+        sed -i -e "s/$newphpPkgName-xmlrpc//g" -e "s/$newphpPkgName-json//g" /tmp/pkg.list
+    fi
+    cat /tmp/pkg.list | xargs $PKGI
+
+    #Config
+    systemctl stop $newphpFPMService
+    cp $phpPoolDir/* $newphpPoolDir 
+    
+
+if [ $IMODE = n ]; then
+    #Purge
+    if (whiptail --title "Set new php version?" --yesno "Remove php $phpver ?" 8 78); then
+       PhpPurge=1
+       $PKGP -y $phpPkgName*
+    else
+       PhpPurge=0
+       echo "$PKGP -y $phpPkgName*" > ~/remove-PHP-$phpver 
+    fi
+fi
+
+
+if [ $IMODE = l ]; then    
+    #Purge
+    while true; do
+        read -p "Remove php $phpver ? -> yes/no?" yn
+        case $yn in
+            [Yy]* ) PhpPurge=1 ; $PKGP $phpPkgName*
+            break;;
+            [Nn]* ) PhpPurge=0 ; echo ""
+            break;;
+            * ) echo "Choose yes or no.";;
+        esac
+    done    
+fi
+
+for f in $newphpPoolDir/*; do
+    sed -i  "s/$phpver/$newphpver/" $f
+    sed -i  "s/${phpver//.}/${newphpver//.}/" $f
+done
+
+systemctl start $newphpFPMService
+systemctl enable $newphpFPMService
+
+
+sed -i "/phpver/c\phpver=\"$newphpver\"" /etc/ICTM/mainvar.list
+
+mv /etc/ICTM/phpvar.list /etc/ICTM/phpvar"$phpver".list
+for storeme in newphpPoolDir newphpPkgName newphpMainConf newphpFPMService; do
+    declare -p $storeme | cut -d ' ' -f 3- >> /etc/ICTM/phpvar.list
+done
+sed -i 's/new//' /etc/ICTM/phpvar.list
+
+if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/phpupdate-handeler.sh; then
+ source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/phpupdate-handeler.sh)
+fi

README.md

@@ -1,17 +1,41 @@
-# Ubuntu-Web-V2
-**Get Started with the graphical installer**:  
+# Web-V2
+## Geting started
+**Default/Graphical installer**:  
+Using curl
 ```
-wget https://git.ictmaatwerk.com/bprieshof/UBU-Web-V2/raw/branch/master/installer.sh -O /tmp/installer.sh  
+curl https://git.ictmaatwerk.com/VPS-scripts/Web-V2/raw/branch/master/installer.sh -o /tmp/installer.sh  
 bash /tmp/installer.sh
 ```  
 
-**Legacy Installer for developing and debugging**:
+Using wget
 ```
-wget https://git.ictmaatwerk.com/bprieshof/UBU-Web-V2/raw/branch/master/installer.sh -O /tmp/installer.sh  
+wget https://git.ictmaatwerk.com/VPS-scripts/Web-V2/raw/branch/master/installer.sh -O /tmp/installer.sh  
+bash /tmp/installer.sh
+```  
+
+**Legacy Installer for developing and debugging**:  
+Using curl
+```
+curl https://git.ictmaatwerk.com/VPS-scripts/Web-V2/raw/branch/master/installer.sh -o /tmp/installer.sh  
 bash /tmp/installer.sh -l 2>&1 | tee ~/output.log 
+```  
+
+Using wget
+```
+wget https://git.ictmaatwerk.com/VPS-scripts/Web-V2/raw/branch/master/installer.sh -O /tmp/installer.sh  
+bash /tmp/installer.sh -l 2>&1 | tee ~/output.log 
+```  
+## Adding extra CMS/Site after instalation
+```
+bash <(curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/Web-V2/raw/branch/master/AppendCMS.sh)
 ```
 
-#### This script uses the following repo's as dependencies:
+## Adding extra Module after instalation
+```
+bash <(curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/Web-V2/raw/branch/master/AppendModule.sh)
+```
+
+### This script uses the following repo's as dependencies:
 ```
 * VPS-scripts/Unattended-Security-Updates 
 * VPS-scripts/Ubuntu-MySQL

Scripts/Compat/Compat-V2.sh

@@ -0,0 +1,23 @@
+if [ ! -f "/etc/ICTM/selopts.list" ] || [ ! -f "/etc/ICTM/mainvar.list" ] ; then echo 'This system is not yet setup, please run the main installer first' && exit ; fi
+
+#Getting information and vars
+source /etc/ICTM/mainvar.list
+
+#CompatUpdater Setup
+UpdaterCompatTo=2
+if  [ -z ${CompatVer} ]; then CompatVer=1 ; fi
+if  [ "$CompatVer" -ge "$UpdaterCompatTo" ]; then echo "Web-V2 is update to-date,Update scipt version= $UpdaterCompatTo, Current version= $CompatVer" && exit ; fi
+
+printf '%s' "Updating Web-V2..."
+#NewCompat var
+CompatVer=$UpdaterCompatTo
+
+#Updating mod lists
+aonoption="/MySQL/"
+aonoption="$aonoption /Unattended-Security-Updates/"
+aonoption="$aonoption /Backup-Util/"
+aonoption="$aonoption /AcmeSH/"
+echo 'EnabledAons=('$aonoption')' >> /etc/ICTM/selopts.list
+declare -p CompatVer | cut -d ' ' -f 3- >> /etc/ICTM/mainvar.list
+
+printf " [\033[0;32mok\033[0m]\n"

Scripts/EnableSSL.sh

@@ -1,29 +1,53 @@
+#loading install vars
+source /etc/ICTM/mainvar.list
 #Setting Vars
-confname=CONFname
+sitename=CONFname
 domain=DOMAINname
 domainwww=DomainWWW
-email=Email
 webserv=WebServer
 webservice=WebServer
 
 #Correcting service name for Apache
-if [ $webservice = apache ]; then
-    webservice=apache2
+if [ $webservice = apache ]; then\
+    source /etc/ICTM/apachevar.list
+    webservice="$apacheService"
+    ext=.conf
+fi
+
+#Correcting service name for nginx_nonphp
+if [ $webservice = nginx_nonphp ]; then
+    webservice=nginx
+    webserv=nginx
 fi
 
 #Backing-up and removing current config
-sed -n '/#beginConf/,/#endConf/p' /etc/"$webservice"/sites-enabled/"$confname" > /tmp/"$confname"-config
-sed -n -i '/#beginConf/{:a;N;/#endConf/!ba;N;s/.*\n/#ConfHere\n/};p' /etc/"$webservice"/sites-enabled/"$confname"
+sed -n '/#beginConf/,/#endConf/p' /etc/"$webservice"/sites-available/"$sitename"_nossl"$ext" > /tmp/"$sitename"-config
+sed -n -i '/#beginConf/{:a;N;/#endConf/!ba;N;s/.*\n/#ConfHere\n/};p' /etc/"$webservice"/sites-available/"$sitename"_nossl"$ext"
 systemctl reload $webservice
 
 #Enabling SSL
 if [ $domainwww = 1 ]; then
-   certbot --"$webserv" -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
+    /opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --"$webserv" --ocsp --keylength 'ec-384' -d "$domain" -d "www.$domain"
+    certsatus=$?
 elif [ $domainwww = 0 ]; then
-   certbot --"$webserv" -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
-fi  
+    /opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --"$webserv" --ocsp --keylength 'ec-384' -d "$domain"
+    certsatus=$?
+fi
+  
+if test $certsatus -eq 0
+then
+	site_ext="ssl"
+else
+	site_ext="nossl"
+    rm -rf /etc/acmesh/certs/$domain*
+    echo "LE failed, restoring configuration"
+fi
+unset certsatus
 
 #Restoring config
-sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e "/#ConfHere1/ r /tmp/"$confname"-config" -e '/#ConfHere/c\' /etc/"$webservice"/sites-enabled/"$confname"
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e "/#ConfHere1/ r /tmp/"$sitename"-config" -e '/#ConfHere/c\' /etc/"$webservice"/sites-available/"$sitename"_"$site_ext""$ext"
+source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/ssl-handler.sh)
 
-systemctl reload $webservice
+if [ $site_ext = ssl ]; then
+rm -- "$0"
+fi

Scripts/GenerateApacheList.sh

@@ -0,0 +1,19 @@
+if [ ! -f "/etc/ICTM/mainvar.list" ] ; then echo 'This system is not yet setup, please run the main installer first' && exit ; fi
+source /etc/ICTM/mainvar.list
+if [ -z $shortdist ] ; then source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/MicroOSDetect.sh) ; fi
+
+if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then
+# Debian/Ubunbtu apache variables
+    apacheConfDir=/etc/apache2
+    apacheService=apache2
+
+elif [ "$shortdist" = "el8" ]; then
+# Centos Php variable
+    apacheConfDir=/etc/httpd
+    apacheService=httpd
+fi
+
+#Storing vars to config
+for storeme in apacheService apacheConfDir; do
+    declare -p $storeme | cut -d ' ' -f 3- >> /etc/ICTM/apachevar.list
+done