Migrated to VPS-scripts

they wil also be displayed at the end of installation

AppendCMS.sh

@@ -7,19 +7,12 @@ if [ ! -f "/etc/ICTM/selopts.list" ] || [ ! -f "/etc/ICTM/mainvar.list" ] ; then
 
 source /etc/ICTM/selopts.list
 source /etc/ICTM/mainvar.list
-source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/ModulesMenu.list)
+rm /tmp/pkg.list > $OUTPUT 2>&1
+source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/ModulesMenu.list)
 
 #Setting Menulist to webserver
-if [[ $webserv = "apache" ]]; then
-#Apache Menulist
-CMSL=("${apacheCMSL[@]}")
-options=("${apacheOptions[@]}")
-fi
-if [[ $webserv = "nginx" ]]; then
-#Nginx Menulist
-CMSL=("${nginxCMSL[@]}")
-options=("${nginxOptions[@]}")
-fi
+declare -n CMSL="$webserv"CMSL
+declare -n options="$webserv"Options
 
 
 ##----------------##
@@ -81,7 +74,6 @@ if [ $IMODE = n ]; then
     [[ -d "/var/www/"$domain"/html" ]] && msg "              This domain already exists on this server, Exiting" 8 78 && exit;
     if (whiptail --title "Config" --yesno "                 Does www.${domain} exist in DNS" 8 78); then domainwww=1; else domainwww=0; fi
     if (whiptail --title "Set sitename?" --yesno "Set sitename to ${domain//./_} ?" 8 78); then
-    echo "Yes"
     sitename=${domain//./_}
     else
     while true; do
@@ -117,8 +109,8 @@ if [ $IMODE = l ]; then
     done
     read -p "Set sitename to ${domain//./_}? (y/n)" choice
     case "$choice" in
-      y|Y ) echo "yes";sitename=${domain//./_};;
-      n|N ) echo "no";
+      y|Y ) sitename=${domain//./_};;
+      n|N ) echo "";
       while true; do
       echo "Please enter sitename, Must NOT contain special characters, except: _";read sitename
       if [[ $sitename == *['!'@#\$%^\&*()+,.]* ]] || [ -z "$sitename" ]
@@ -160,15 +152,24 @@ CMS="${CMS//:}" && CMS="${CMS,,}"
 ##-----------##
 #   AptList   #
 ##-----------##
+msg "        Generating apt list for CMS"
 
-if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CMS/"$CMS"/apt.list >>/tmp/apt.list; then
-    curl "$repo"/raw/branch/"$branch"/CMS/"$CMS"/apt.list >>/tmp/apt.list
-    printf " " >>/tmp/apt.list
+if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/generic.pkg.list; then
+    curl -s "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/generic.pkg.list >>/tmp/pkg.list
+    printf " " >>/tmp/pkg.list
+fi
+if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/"$PKGLIST".pkg.list; then
+    curl -s "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/"$PKGLIST".pkg.list >>/tmp/pkg.list
+    printf " " >>/tmp/pkg.list
 fi
 
-if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CMS/"$CMS"/"$webserv"-apt.list; then
-    curl "$repo"/raw/branch/"$branch"/CMS/"$CMS"/"$webserv"-apt.list >>/tmp/apt.list
-    printf " " >>/tmp/apt.list
+if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/"$webserv"-generic.pkg.list; then
+    curl -s "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/"$webserv"-generic.pkg.list >>/tmp/pkg.list
+    printf " " >>/tmp/pkg.list
+fi
+if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/"$webserv"-"$PKGLIST".pkg.list; then
+    curl -s "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/"$webserv"-"$PKGLIST".pkg.list >>/tmp/pkg.list
+    printf " " >>/tmp/pkg.list
 fi
 
 
@@ -176,18 +177,18 @@ fi
 #   Preconf   #
 ##-----------##
 
-echo "Running preconf for Webserv"
-if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/appendCMS-preconf.sh; then
-    source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/appendCMS-preconf.sh)
+msg "           Running preconf for Webserv"
+if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/appendCMS-preconf.sh; then
+    source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/appendCMS-preconf.sh)
 fi
 
-echo "Running preconf for CMS"
-if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CMS/"$CMS"/preconf.sh; then
-    source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CMS/"$CMS"/preconf.sh)
+msg "            Running preconf for CMS"
+if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/preconf.sh; then
+    source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/preconf.sh)
 fi
 
-if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CMS/"$CMS"/"$webserv"-preconf.sh; then
-    source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CMS/"$CMS"/"$webserv"-preconf.sh)
+if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/"$webserv"-preconf.sh; then
+    source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/"$webserv"-preconf.sh)
 fi
 
 
@@ -196,35 +197,81 @@ fi
 ##-------------##
 
 $PKGM update
-sed -i 's/PHPver/'$phpver'/g' /tmp/apt.list
-cat /tmp/apt.list | xargs $PKGI
+sed -i 's/PHPver/'$phpver'/g' /tmp/pkg.list
+cat /tmp/pkg.list | xargs $PKGI
 
 
 ##---------------##
 #   Configuring   #
 ##---------------##
 
-echo "Running conf for Webserv"
-if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/appendCMS-conf.sh; then
-    source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/appendCMS-conf.sh)
+msg "           Running conf for Webserv"
+if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/appendCMS-conf.sh; then
+    source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/appendCMS-conf.sh)
 fi
 
-echo "Setting up SSL"
 if [ $sslenable = 1 ]; then
-    if [ $domainwww = 1 ]; then
-        certbot --"$webserv" -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
-    elif [ $domainwww = 0 ]; then
-        certbot --"$webserv" -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
+msg "                Setting up SSL"
+    if [ $webserv = nginx_nonphp ]; then
+        certwebserv=nginx
+    else
+        certwebserv=$webserv
     fi
+    site_ext=ssl
+    if [ $domainwww = 1 ]; then
+        /opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --"$certwebserv" --ocsp --keylength 'ec-384' -d "$domain" -d "www.$domain" > $OUTPUT 2>&1
+        certsatus=$?
+    elif [ $domainwww = 0 ]; then
+        /opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --"$certwebserv" --ocsp --keylength 'ec-384' -d "$domain" > $OUTPUT 2>&1
+        certsatus=$?
+    fi
+    if test $certsatus -eq 0
+    then
+        site_ext="ssl"
+    else
+        site_ext="nossl"
+        rm -rf /etc/acmesh/certs/$domain*
+    fi
+    unset certsatus
+    if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/ssl-handler.sh; then
+        source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/ssl-handler.sh)
+    fi
+elif [ $sslenable = 0 ]; then
+    site_ext=nossl
 fi
 
-wget -q -t7 "$repo"/raw/branch/"$branch"/Scripts/EnableSSL.sh -O ~/activateSSL-$domain.sh
-sed -i -e 's/DOMAINname/'$domain'/' -e 's/CONFname/'$domain'/' -e 's/DomainWWW/'$domainwww'/' -e 's/Email/'$email'/' -e 's/WebServer/'$webserv'/' ~/activateSSL-$domain.sh
-
-echo "Running conf for CMS"
-if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CMS/"$CMS"/conf.sh; then
-    source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CMS/"$CMS"/conf.sh)
+if [ $site_ext = nossl ]; then
+    curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/EnableSSL.sh -o ~/activateSSL-$domain.sh
+    sed -i -e 's/DOMAINname/'$domain'/' -e 's/CONFname/'$sitename'/' -e 's/DomainWWW/'$domainwww'/' -e 's/Email/'$email'/' -e 's/WebServer/'$webserv'/' ~/activateSSL-$domain.sh
 fi
-if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CMS/"$CMS"/"$webserv"-conf.sh; then
-    source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CMS/"$CMS"/"$webserv"-conf.sh)
-fi
+
+msg "              Running conf for CMS"
+if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/conf.sh; then
+    source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/conf.sh)
+fi
+if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/"$webserv"-conf.sh; then
+    source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/"$webserv"-conf.sh)
+fi
+
+##--------------------------##
+#   Backup-util Site Setup   #
+##--------------------------##
+
+repobckutil=https://git.ictmaatwerk.com/VPS-scripts/Backup-Util
+branchbckutil=master
+if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repobckutil"/raw/branch/"$branchbckutil"/cms-handeler.sh; then
+ source <(curl --retry 7 --retry-delay 5 -s "$repobckutil"/raw/branch/"$branchbckutil"/cms-handeler.sh)
+fi
+
+##------------##
+#   Services   #
+##------------##
+
+systemctl reload fail2ban
+
+##-------##
+#   Done  #
+##-------##
+
+msg "                Added CMS!"
+for f in /etc/update-motd.d/51*; do bash $f; done

AppendModule.sh

@@ -11,19 +11,12 @@ if [ ! -f "/etc/ICTM/selopts.list" ] || [ ! -f "/etc/ICTM/mainvar.list" ] ; then
 
 source /etc/ICTM/selopts.list
 source /etc/ICTM/mainvar.list
-source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/ModulesMenu.list)
+rm /tmp/pkg.list
+source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/ModulesMenu.list)
 
 #Setting Menulist to webserver
-if [[ $webserv = "apache" ]]; then
-#Apache Menulist
-CMSL=("${apacheCMSL[@]}")
-options=("${apacheOptions[@]}")
-fi
-if [[ $webserv = "nginx" ]]; then
-#Nginx Menulist
-CMSL=("${nginxCMSL[@]}")
-options=("${nginxOptions[@]}")
-fi
+declare -n CMSL="$webserv"CMSL
+declare -n options="$webserv"Options
 
 #Filtering already installed modules
 for target in "${SelectedOptions[@]}"; do
@@ -92,7 +85,7 @@ fi
 
 if [ $IMODE = n ]; then
 	PasswordQuest
-	option=$(whiptail --title "Title" --checklist "Features" 11 110 5 "${options[@]}" 3>&1 1>&2 2>&3)
+	option=$(whiptail --title "Config" --checklist "Features" 11 110 5 "${options[@]}" 3>&1 1>&2 2>&3)
 	[[ "$?" = 1 ]] && msg "              Quiting installer" 8 78 && exit;
 fi
 
@@ -155,31 +148,46 @@ option="$option""$aonoption"
 ##-----------##
 
 
-echo "Generating apt list for Options"
+msg "        Generating apt list for Options"
 for val1 in ${option[*]}; do
-    echo "$val1" #TMP
-    modListed=$(wget -t7 -qO - "$repo"/raw/branch/master/extModules.list|grep "$val1")
+    modListed=$(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/extModules.list|grep "$val1")
     #Checking
     if test -z "$modListed"
     then
         #Fetching from local repo
-        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/SubModules/"$val1"/apt.list; then
-           curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/SubModules/"$val1"/apt.list >>/tmp/apt.list
-           printf " " >>/tmp/apt.list
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/generic.pkg.list; then
+           curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/generic.pkg.list >>/tmp/pkg.list
+           printf " " >>/tmp/pkg.list
         fi
-        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/SubModules/"$val1"/"$webserv"-apt.list; then
-           curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/SubModules/"$val1"/"$webserv"-apt.list >>/tmp/apt.list
-           printf " " >>/tmp/apt.list
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/"$webserv"-generic.pkg.list; then
+           curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/"$webserv"-generic.pkg.list >>/tmp/pkg.list
+           printf " " >>/tmp/pkg.list
+        fi
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/"$PKGLIST".pkg.list; then
+           curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/"$PKGLIST".pkg.list >>/tmp/pkg.list
+           printf " " >>/tmp/pkg.list
+        fi
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/"$webserv"-"$PKGLIST".pkg.list; then
+           curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/"$webserv"-"$PKGLIST".pkg.list >>/tmp/pkg.list
+           printf " " >>/tmp/pkg.list
         fi
     else
         #Fetching from remote repo
-        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed"apt.list; then
-           curl --retry 7 --retry-delay 5 -s "$modListed"apt.list >>/tmp/apt.list
-           printf " " >>/tmp/apt.list
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed"generic.pkg.list; then
+           curl --retry 7 --retry-delay 5 -s "$modListed"generic.pkg.list >>/tmp/pkg.list
+           printf " " >>/tmp/pkg.list
         fi
-        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed""$webserv"-apt.list; then
-           curl "$modListed""$webserv"-apt.list >>/tmp/apt.list
-           printf " " >>/tmp/apt.list
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed""$webserv"-generic.pkg.list; then
+           curl "$modListed""$webserv"-generic.pkg.list >>/tmp/pkg.list
+           printf " " >>/tmp/pkg.list
+        fi
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed""$PKGLIST".pkg.list; then
+           curl --retry 7 --retry-delay 5 -s "$modListed""$PKGLIST".pkg.list >>/tmp/pkg.list
+           printf " " >>/tmp/pkg.list
+        fi
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed""$webserv"-"$PKGLIST".pkg.list; then
+           curl "$modListed""$webserv"-"$PKGLIST".pkg.list >>/tmp/pkg.list
+           printf " " >>/tmp/pkg.list
         fi
     fi
 done
@@ -189,19 +197,19 @@ done
 #   Preconf   #
 ##-----------##
 
-echo "Running preconf for Options"
+msg "          Running preconf for Options"
 for val1 in ${option[*]}; do
-    echo "$val1" #TMP
-    modListed=$(wget -t7 -qO - "$repo"/raw/branch/master/extModules.list|grep "$val1")
+    msg "Pre-configuring  $val1"
+    modListed=$(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/extModules.list|grep "$val1")
     #Checking
     if test -z "$modListed"
     then
         #Fetching from local repo
-        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/SubModules/"$val1"/preconf.sh; then
-        source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/SubModules/"$val1"/preconf.sh)
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/preconf.sh; then
+        source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/preconf.sh)
         fi
-        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/SubModules/"$val1"/"$webserv"-preconf.sh; then
-            source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/SubModules/"$val1"/"$webserv"-preconf.sh)
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/"$webserv"-preconf.sh; then
+            source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/"$webserv"-preconf.sh)
         fi
     else
         #Fetching from remote repo
@@ -220,27 +228,27 @@ done
 ##-------------##
 
 $PKGM update
-sed -i 's/PHPver/'$phpver'/g' /tmp/apt.list
-cat /tmp/apt.list | xargs $PKGI
+sed -i 's/PHPver/'$phpver'/g' /tmp/pkg.list
+cat /tmp/pkg.list | xargs $PKGI
 
 
 ##---------------##
 #   Configuring   #
 ##---------------##
 
-echo "Running conf for Options"
+msg "            Running conf for Options"
 for val1 in ${option[*]}; do
-    echo "$val1" #TMP
-    modListed=$(wget -t7 -qO - "$repo"/raw/branch/master/extModules.list|grep "$val1")
+    msg "Configuring  $val1"
+    modListed=$(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/extModules.list|grep "$val1")
     #Checking
     if test -z "$modListed" 
     then
         #Fetching from local repo
-        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/SubModules/"$val1"/conf.sh; then
-        source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/SubModules/"$val1"/conf.sh)
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/conf.sh; then
+        source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/conf.sh)
         fi
-        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/SubModules/"$val1"/"$webserv"-conf.sh; then
-            source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/SubModules/"$val1"/"$webserv"-conf.sh)
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/"$webserv"-conf.sh; then
+            source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/"$webserv"-conf.sh)
         fi
     else
         #Fetching from remote repo
@@ -252,3 +260,11 @@ for val1 in ${option[*]}; do
         fi
     fi
 done
+
+
+##-------##
+#   Done  #
+##-------##
+
+msg "                Added Module!"
+for f in /etc/update-motd.d/51*; do bash $f; done

CMS/Backend/Fpm-Pool.conf-unconfigured

@@ -0,0 +1,28 @@
+[Backend]
+user = Backend
+group = Backend
+listen = /var/run/php/phpPHPver-fpm-Backend.sock
+listen.owner = www-data
+listen.group = www-data
+php_admin_value[disable_functions] = exec,passthru,shell_exec,system
+php_admin_value[opcache.enable] = 0      
+php_admin_value[max_input_vars] = 5000                                                                                                                                                                                                                                         
+php_admin_value[upload_max_filesize] = 256M                                                                                                                                                                                                                                    
+php_admin_value[post_max_size] = 16M                                                                                                                                                                                                                                           
+php_admin_value[max_input_time] = 15                                                                                                                                                                                                                                           
+php_admin_value[cgi.fix_pathinfo] = 0                                                                                                                                                                                                                                          
+php_admin_value[allow_url_fopen] = Off                                                                                                                                                                                                                                         
+php_admin_value[file_uploads] = Off                                                                                                                                                                                                                                   
+php_admin_value[open_basedir] = /var/log/PhpMyAdmin:/usr/share/phpmyadmin:/var/lib/phpmyadmin:/etc/phpmyadmin                                                                                                                                                                                                                 
+php_admin_value[session.use_strict_mode] = 1                                                                                                                                                                                                                                   
+php_admin_value[session.cookie_httponly] = 1                                                                                                                                                                                                                                   
+;HTTPSONLY php_admin_value[session.cookie_samesite] = Strict                                                                                                                                                                                                                              
+;HTTPSONLY php_admin_value[session.cookie_secure] = 1                                                                                                                                                                                                                                     
+                                                                                                                                                                                                                                                                               
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+chdir = /
+

CMS/Backend/apache-conf.sh

@@ -0,0 +1,4 @@
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/Backend/apache-siteBackend-unconfigured -o /tmp/apache-siteconf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$hostname'/g' /tmp/apache-siteconf
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' /etc/apache2/sites-available/Backend_"$siteBackend_ext".conf
+systemctl reload apache2

CMS/Backend/apache-siteBackend-unconfigured

@@ -0,0 +1,23 @@
+#beginConf
+
+ErrorLog ${APACHE_LOG_DIR}/Backend_error.log
+#CustomLog ${APACHE_LOG_DIR}/Backend_custom.log combined
+
+DirectoryIndex index.php index.html index.htm
+DocumentRoot /var/www/html
+
+Alias /backend/database /usr/share/phpmyadmin
+
+<Directory /usr/share/phpmyadmin>
+    #enables/disables PHPMyadmin
+    deny from all
+    Require all granted
+    Options FollowSymLinks
+    DirectoryIndex index.php
+<FilesMatch \.php$>
+    SetHandler "proxy:unix:/var/run/php/phpPHPver-fpm-Backend.sock|fcgi://localhost"
+</FilesMatch>
+
+</Directory>
+
+#endConf

CMS/Backend/conf.sh

@@ -0,0 +1,14 @@
+#Backend PHP Pool
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/Backend/Fpm-Pool.conf-unconfigured -o /etc/php/"$phpver"/fpm/pool.d/Backend.conf
+sed -i 's/PHPver/'$phpver'/' /etc/php/"$phpver"/fpm/pool.d/Backend.conf
+groupadd Backend
+useradd -g Backend Backend
+#PHPMyAdmin configuration
+touch /var/log/PhpMyAdmin/PhpMyAdmin_auth.log
+chown Backend:Backend -R /usr/share/phpmyadmin
+chown Backend:Backend -R /var/lib/phpmyadmin/tmp
+chown Backend:Backend -R /var/log/PhpMyAdmin
+systemctl reload php"$phpver"-fpm
+#Auto disable backends at night
+echo "0 0 * * * root bash /opt/toggle/toggle-Netdata.sh -d > >/dev/null 2>&1" >> /etc/cron.d/autodisablebackend
+echo "0 0 * * * root bash /opt/toggle/toggle-PhpMyAdmin.sh -d > >/dev/null 2>&1" >> /etc/cron.d/autodisablebackend

CMS/Backend/nginx-conf.sh

@@ -1,4 +1,4 @@
-wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/Backend/nginx-siteBackend-unconfigured -O /tmp/nginx-backendconf
-sed -i -e 's/PHPver/'$phpver'/' -e 's/DOMAINname/'$hostname'/' /tmp/nginx-backendconf
-sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-backendconf' -e '/#ConfHere/c\' /etc/nginx/sites-enabled/Backend
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/Backend/nginx-siteBackend-unconfigured -o /tmp/nginx-backendconf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$hostname'/g' /tmp/nginx-backendconf
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-backendconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/Backend_"$siteBackend_ext"
 systemctl reload nginx

CMS/Backend/nginx-siteBackend-unconfigured

@@ -1,4 +1,8 @@
 #beginConf
+
+#access_log /var/log/nginx/Backend-access.log;
+error_log /var/log/nginx/Backend-error.log;
+
 location = /backend/netdata {
             return 301 /backend/netdata/;
         }
@@ -25,7 +29,7 @@ location = /backend/netdata {
             include fastcgi_params;
             fastcgi_param SCRIPT_FILENAME $request_filename;
             fastcgi_split_path_info ^(.+\.php)(/.+)$;
-            fastcgi_pass unix:/var/run/php/phpPHPver-fpm.sock;
+            fastcgi_pass unix:/var/run/php/phpPHPver-fpm-Backend.sock;
             fastcgi_index index.php;
         }
     }

CMS/nextcloud/Apache-unconfigured

@@ -0,0 +1,31 @@
+#beginConf
+
+ErrorLog ${APACHE_LOG_DIR}/SITEname_error.log
+#CustomLog ${APACHE_LOG_DIR}/SITEname_custom.log combined
+
+DirectoryIndex index.php index.html index.htm
+DocumentRoot /var/www/DOMAINname/html
+
+Redirect 301 /.well-known/carddav /remote.php/dav
+Redirect 301 /.well-known/caldav /remote.php/dav
+
+<Directory /var/www/DOMAINname/html>
+  Require all granted
+  AllowOverride All
+  Options FollowSymLinks MultiViews
+  Satisfy Any
+  <IfModule mod_dav.c>
+    Dav off
+  </IfModule>
+
+</Directory>
+
+<Directory "/var/www/DOMAINname/html/data/">
+    Require all denied
+</Directory>
+
+<FilesMatch \.php$>
+    SetHandler "proxy:unix:/var/run/php/phpPHPver-fpm-SITEname.sock|fcgi://localhost"
+</FilesMatch>
+
+#endConf

CMS/nextcloud/Fpm-Pool.conf-unconfigured

@@ -0,0 +1,45 @@
+[SITEname]
+user = SITEname
+group = SITEname
+listen = /var/run/php/phpPHPver-fpm-SITEname.sock
+listen.owner = www-data
+listen.group = www-data
+php_admin_value[disable_functions] = exec,passthru,shell_exec,system
+php_admin_value[error_log] = /var/log/php-fpm/error-SITEname.log
+; OPCACHE SETTINGS
+php_admin_value[opcache.memory_consumption] = 256
+php_admin_value[opcache.enable] = 0
+php_admin_value[opcache.interned_strings_buffer] = 32
+php_admin_value[opcache.max_accelerated_files] = 50000
+php_admin_value[opcache.max_wasted_percentage] = 5
+php_admin_value[opcache.revalidate_freq] = 0
+php_admin_value[opcache.validate_timestamps] = 1
+
+; PERFORMANCE LIMITS
+php_admin_value[max_input_vars] = 1000
+php_admin_value[upload_max_filesize] = 1G
+php_admin_value[post_max_size] = 1G
+php_admin_value[max_input_time] = 60
+php_admin_value[memory_limit] = 512M
+
+; SECURITY
+php_admin_value[cgi.fix_pathinfo] = 0
+php_admin_value[allow_url_fopen] = Off
+php_admin_value[file_uploads] = on
+php_admin_value[open_basedir] = /var/www/DOMAINname/html:/var/run/php/phpPHPver-fpm-SITEname.sock:/var/lib/redis/redis.sock:/proc/meminfo:/proc/cpuinfo:/dev/urandom:/tmp
+php_admin_value[session.use_strict_mode] = 1
+php_admin_value[session.cookie_httponly] = 1
+;HTTPSONLY php_admin_value[session.cookie_samesite] = Strict
+;HTTPSONLY php_admin_value[session.cookie_secure] = 1
+
+pm = dynamic
+pm.max_children = 30
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 5
+chdir = /
+env[HOSTNAME] = $HOSTNAME
+env[PATH] = /usr/local/bin:/usr/bin:/bin
+env[TMP] = /tmp
+env[TMPDIR] = /tmp
+env[TEMP] = /tmp

CMS/nextcloud/MotdNextCloud

@@ -1,5 +1,5 @@
 #!/bin/sh
 red='\e[1;31m%s\e[0m\n'
 printf "\n"
-printf $red "Please run nextcloud-init.sh after the first nextcloud login"
+printf $red "Please run bash ~/NextcloudInit-SITEname.sh after the first nextcloud login"
 printf "\n"

CMS/nextcloud/Nginx-unconfigured

@@ -1,15 +1,16 @@
 #beginConf
+
+#access_log /var/log/nginx/SITEname-access.log;
+error_log /var/log/nginx/SITEname-error.log;
+
 root /var/www/DOMAINname/html;
 # Set max upload size
 client_max_body_size 1G;
 
 add_header Referrer-Policy "no-referrer" always;
-add_header X-Content-Type-Options "nosniff" always;
 add_header X-Download-Options "noopen" always;
-add_header X-Frame-Options "SAMEORIGIN" always;
 add_header X-Permitted-Cross-Domain-Policies "none" always;
 add_header X-Robots-Tag "none" always;
-add_header X-XSS-Protection "1; mode=block" always;
 fastcgi_send_timeout 300;
 fastcgi_read_timeout 300;
 fastcgi_hide_header X-Powered-By;
@@ -55,7 +56,7 @@ location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|u
     fastcgi_param HTTPS on;
     fastcgi_param modHeadersAvailable true;
     fastcgi_param front_controller_active true;
-    fastcgi_pass unix:/var/run/php/phpPHPver-fpm.sock;
+    fastcgi_pass unix:/var/run/php/phpPHPver-fpm-SITEname.sock;
     fastcgi_intercept_errors on;
     fastcgi_request_buffering off;
 }
@@ -69,12 +70,9 @@ location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
     try_files $uri /index.php$request_uri;
     add_header Cache-Control "public, max-age=15778463";
     add_header Referrer-Policy "no-referrer" always;
-    add_header X-Content-Type-Options "nosniff" always;
     add_header X-Download-Options "noopen" always;
-    add_header X-Frame-Options "SAMEORIGIN" always;
     add_header X-Permitted-Cross-Domain-Policies "none" always;
     add_header X-Robots-Tag "none" always;
-    add_header X-XSS-Protection "1; mode=block" always;
     access_log off;
 }
 

CMS/nextcloud/apache-conf.sh

@@ -0,0 +1,11 @@
+#Apache
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/nextcloud/Apache-unconfigured -o /tmp/apache-siteconf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/apache-siteconf
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' /etc/apache2/sites-available/"$sitename"_"$site_ext".conf
+chown "$sitename":"$sitename" -R /var/www/"$domain"/html
+
+#PHP
+sed -i -e '/cgi.fix_pathinfo/c\php_admin_value[cgi.fix_pathinfo] = 1' /etc/php/"$phpver"/fpm/pool.d/$sitename.conf
+sed -i -e '/security.limit_extensions/c\php_admin_value[security.limit_extensions] = .php' /etc/php/"$phpver"/fpm/pool.d/$sitename.conf
+
+systemctl reload apache2 php$phpver-fpm

CMS/nextcloud/apt.list

@@ -1 +0,0 @@
-libmagickcore-6.q16-3-extra libxml2 openssl zlib1g libpng-dev

CMS/nextcloud/conf.sh

@@ -0,0 +1,58 @@
+#PHP Pool
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/nextcloud/Fpm-Pool.conf-unconfigured -o /etc/php/"$phpver"/fpm/pool.d/"$sitename".conf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/SITEname/'$sitename'/g' -e 's/DOMAINname/'$domain'/g' /etc/php/"$phpver"/fpm/pool.d/$sitename.conf
+groupadd "$sitename"
+useradd -g "$sitename" "$sitename"
+mkdir -p /var/www/"$domain"/html/data
+
+#Getting Nextcloud
+curl --retry 7 --retry-delay 5 -s http://mirror.nxdi.nl/resources/nextcloud/latest.tar.bz2 -o /tmp/nextcloud.tar.bz2
+tar jxf /tmp/nextcloud.tar.bz2 -C /tmp
+cp -a /tmp/nextcloud/. /var/www/"$domain"/html
+touch /var/www/"$domain"/html/data/nextcloud.log > $OUTPUT 2>&1
+
+#Creating DB
+db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1`
+db_name="nextcloud_$db_suffix"
+db_user="nextcloud_$db_suffix"
+db_pass=$(date +%s|sha256sum|base64|head -c 32)
+mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;" > $OUTPUT 2>&1
+mysql -u root -p"$password" -e "CREATE USER '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';" > $OUTPUT 2>&1
+mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost';" > $OUTPUT 2>&1
+mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" > $OUTPUT 2>&1
+
+#Configuring Nextcloud
+cat <<EOF > /var/www/$domain/html/config/autoconfig.php
+<?php
+\$AUTOCONFIG = array(
+  "dbtype"        => "mysql",
+  "dbname"        => "${db_name}",
+  "dbuser"        => "${db_user}",
+  "dbpass"        => "${db_pass}",
+  "dbhost"        => "localhost",
+  "dbtableprefix" => "",
+  "simpleSignUpLink.shown" => false,
+  "directory"     => "/var/www/$domain/html/data",
+);
+EOF
+
+chown "$sitename":"$sitename" -R /var/www/"$domain"/html
+
+#Makeing nextcloud Finalize script and setting login Notice
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/nextcloud/nextcloud-init.sh -o ~/NextcloudInit-"$sitename".sh
+sed -i -e 's/DOMAINname/'$domain'/' -e 's/SITEname/'$sitename'/' ~/NextcloudInit-"$sitename".sh
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/nextcloud/MotdNextCloud -o /etc/update-motd.d/51-nextnotice-"${sitename//_}"
+sed -i -e 's/SITEname/'$sitename'/' /etc/update-motd.d/51-nextnotice-"${sitename//_}"
+chmod +x /etc/update-motd.d/51-nextnotice-"${sitename//_}"
+
+
+#Nextcloud logging location
+mkdir /var/log/nextcloud
+chmod 774 -R /var/log/nextcloud
+ln -s /var/www/"$domain"/html/data/nextcloud.log /var/log/nextcloud/"$sitename"
+
+#fail2ban
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/nextcloud_unconfigured -o /etc/fail2ban/jail.d/"$sitename"-nextcloud.local
+sed -i 's/SITEname/'$sitename'/' /etc/fail2ban/jail.d/"$sitename"-nextcloud.local
+
+systemctl reload php"$phpver"-fpm

CMS/nextcloud/generic.pkg.list

@@ -0,0 +1 @@
+libmagickcore-6.q16-3-extra libxml2 openssl zlib1g libpng-dev phpPHPver-bcmath phpPHPver-gmp

CMS/nextcloud/nextcloud-init.sh

@@ -1,20 +1,34 @@
-sudo -u www-data php /var/www/DOMAINname/html/occ db:convert-filecache-bigint
-sudo -u www-data php /var/www/DOMAINname/html/occ db:add-missing-indices
-sudo -u www-data php /var/www/DOMAINname/html/occ app:disable firstrunwizard
+sudo -u SITEname php /var/www/DOMAINname/html/occ db:convert-filecache-bigint
+sudo -u SITEname php /var/www/DOMAINname/html/occ db:add-missing-indices
+sudo -u SITEname php /var/www/DOMAINname/html/occ app:disable firstrunwizard
 
-sudo -u www-data php /var/www/DOMAINname/html/occ config:system:set default_language --value=nl
-sudo -u www-data php /var/www/DOMAINname/html/occ config:system:set default_locale --value=nl
-sudo -u www-data php /var/www/DOMAINname/html/occ config:system:set skeletondirectory --value=
-sudo -u www-data php /var/www/DOMAINname/html/occ config:system:set memcache.local --value='\OC\Memcache\APCu'
+sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set default_language --value=nl
+sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set default_locale --value=nl
+sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set skeletondirectory --value=
+sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set memcache.local --value='\OC\Memcache\APCu'
 
 if [ "$(systemctl is-active  redis-server)" = "active" ]; then
-    sudo -u www-data php /var/www/DOMAINname/html/occ config:system:set memcache.distributed --value='\OC\Memcache\Redis'
-    sudo -u www-data php /var/www/DOMAINname/html/occ config:system:set memcache.locking --value='\OC\Memcache\Redis'
-    sudo -u www-data php /var/www/DOMAINname/html/occ config:system:set redis host --value=localhost
-    sudo -u www-data php /var/www/DOMAINname/html/occ config:system:set redis port --value=6379
+    sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set memcache.distributed --value='\OC\Memcache\Redis'
+    sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set memcache.locking --value='\OC\Memcache\Redis'
+    sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set redis host --value=localhost
+    sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set redis port --value=6379
 else 
-    echo "Redis not installed or runing on this system" 
+    echo "Redis not installed or running on this system" 
 fi
 
-echo "*/5  *  *  *  * www-data	php -f /var/www/DOMAINname/html/cron.php > /dev/null 2>&1" >> /etc/crontab
-rm -f /etc/update-motd.d/50-nextnotice
+echo "*/5  *  *  *  * SITEname	php -f /var/www/DOMAINname/html/cron.php > /dev/null 2>&1" >> /etc/crontab
+sn2=SITEname
+rm -f /etc/update-motd.d/51-nextnotice-${sn2//_}
+
+#Remove script
+while true; do
+    read -p "Remove this script -> yes/no?" yn
+    case $yn in
+        [Nn]* )
+        break;;
+        [Yy]* )
+        rm -- "$0"
+        break;;
+        * )echo "Choose yes or no.";;
+    esac
+done

CMS/nextcloud/nginx-apt.list

@@ -1 +0,0 @@
-phpPHPver-apcu phpPHPver-bcmath phpPHPver-gmp

CMS/nextcloud/nginx-conf.sh

@@ -1,60 +1,15 @@
 #Nextcloud major release version
 
 #Configuring nginx
-wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/nextcloud/Nginx-unconfigured -O /tmp/nginx-siteconf
-sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/' /tmp/nginx-siteconf
-sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-enabled/"$domain"
-if [ $sslenable = 0 ]; then
-sed -i -e '/fastcgi_param HTTPS/c\#  fastcgi_param HTTPS' /etc/nginx/sites-enabled/"$domain"
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/nextcloud/Nginx-unconfigured -o /tmp/nginx-siteconf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/nginx-siteconf
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"_"$site_ext"
+if [ $site_ext = nossl ]; then
+  sed -i -e '/fastcgi_param HTTPS/c\#  fastcgi_param HTTPS' /etc/nginx/sites-available/"$sitename"_nossl
 fi
 
-mkdir -p /var/www/"$domain"/html
-
-#Configuring PHP
-if [ -z ${ignphpcms+x} ]; then ignphpcms=0;fi
-	if [ $ignphpcms != 1 ]; then
-		sed -i '/upload_max_filesize/c\upload_max_filesize = 1G' /etc/php/"$phpver"/fpm/php.ini
-		sed -i '/post_max_size/c\post_max_size = 1G' /etc/php/"$phpver"/fpm/php.ini
-		sed -i '/memory_limit/c\memory_limit = 512M' /etc/php/"$phpver"/fpm/php.ini
-        echo "apc.enable_cli = 1" >> /etc/php/"$phpver"/fpm/php.ini
-fi
-
-#Getting Nextcloud
-wget -t7 http://mirror.nxdi.nl/resources/nextcloud/latest.tar.bz2 -O /tmp/nextcloud.tar.bz2
-tar jxf /tmp/nextcloud.tar.bz2 -C /tmp
-cp -a /tmp/nextcloud/. /var/www/"$domain"/html
-
-#Creating DB
-db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1`
-db_name="nextcloud_$db_suffix"
-db_user="nextcloud_$db_suffix"
-db_pass=$(date +%s|sha256sum|base64|head -c 32)
-mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;" > $OUTPUT 2>&1
-mysql -u root -p"$password" -e "CREATE USER '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';" > $OUTPUT 2>&1
-mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost';" > $OUTPUT 2>&1
-mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" > $OUTPUT 2>&1
-
-#Configuring Nextcloud
-cat <<EOF > /var/www/$domain/html/config/autoconfig.php
-<?php
-\$AUTOCONFIG = array(
-  "dbtype"        => "mysql",
-  "dbname"        => "${db_name}",
-  "dbuser"        => "${db_user}",
-  "dbpass"        => "${db_pass}",
-  "dbhost"        => "localhost",
-  "dbtableprefix" => "",
-  "simpleSignUpLink.shown" => false,
-  "directory"     => "/var/www/$domain/html/data",
-);
-EOF
-
-chown www-data:www-data -R /var/www/"$domain"/html
-systemctl reload nginx php$phpver-fpm
+systemctl reload nginx 
+
+
 
 
-#Makeing nextcloud Finalize script and setting login Notice
-wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/nextcloud/nextcloud-init.sh -O ~/nextcloud-init.sh
-sed -i -e 's/DOMAINname/'$domain'/' ~/nextcloud-init.sh
-wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/nextcloud/MotdNextCloud -O /etc/update-motd.d/50-nextnotice
-chmod +x /etc/update-motd.d/50-nextnotice

CMS/none/Apache-unconfigured

@@ -0,0 +1,22 @@
+#beginConf
+
+ErrorLog ${APACHE_LOG_DIR}/SITEname_error.log
+#CustomLog ${APACHE_LOG_DIR}/SITEname_custom.log combined
+
+DirectoryIndex index.php index.html index.htm
+DocumentRoot /var/www/DOMAINname/html
+
+#Include snippets/apa-backendredir.conf
+
+<Directory /var/www/DOMAINname/html>
+    Options Indexes FollowSymLinks MultiViews
+    AllowOverride All
+    Order allow,deny
+    allow from all
+</Directory>
+
+<FilesMatch \.php$>
+    SetHandler "proxy:unix:/var/run/php/phpPHPver-fpm-SITEname.sock|fcgi://localhost"
+</FilesMatch>
+
+#endConf

CMS/none/Fpm-Pool.conf-unconfigured

@@ -0,0 +1,39 @@
+[SITEname]
+user = SITEname
+group = SITEname
+listen = /var/run/php/phpPHPver-fpm-SITEname.sock
+listen.owner = www-data
+listen.group = www-data
+php_admin_value[disable_functions] = exec,passthru,shell_exec,system
+php_admin_value[error_log] = /var/log/php-fpm/error-SITEname.log
+; OPCACHE SETTINGS
+php_admin_value[opcache.memory_consumption] = 256
+php_admin_value[opcache.enable] = 0
+php_admin_value[opcache.interned_strings_buffer] = 32
+php_admin_value[opcache.max_accelerated_files] = 50000
+php_admin_value[opcache.max_wasted_percentage] = 5
+php_admin_value[opcache.revalidate_freq] = 0
+php_admin_value[opcache.validate_timestamps] = 1
+
+; PERFORMANCE LIMITS
+php_admin_value[max_input_vars] = 100
+php_admin_value[upload_max_filesize] = 64
+php_admin_value[post_max_size] = 1
+php_admin_value[max_input_time] = 15
+
+; SECURITY
+php_admin_value[cgi.fix_pathinfo] = 0
+php_admin_value[allow_url_fopen] = Off
+php_admin_value[file_uploads] = Off
+php_admin_value[open_basedir] = /var/www/DOMAINname/html
+php_admin_value[session.use_strict_mode] = 1
+php_admin_value[session.cookie_httponly] = 1
+;HTTPSONLY php_admin_value[session.cookie_samesite] = Strict
+;HTTPSONLY php_admin_value[session.cookie_secure] = 1
+
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+chdir = /

CMS/none/Nginx-unconfigured

@@ -1,4 +1,8 @@
 #beginConf
+
+    #access_log /var/log/nginx/SITEname-access.log;
+    error_log /var/log/nginx/SITEname-error.log;
+
     index index.php index.html index.htm index.nginx-debian.html;
     root /var/www/DOMAINname/html;
     gzip on;
@@ -7,6 +11,8 @@
     gzip_comp_level 2;
     gzip_disable "msie6";
     gzip_buffers 16 8k;
+    
+    #include snippets/ngx-backendredir.conf;
 
     location / {
         #try_files $uri $uri/ =404;
@@ -16,7 +22,7 @@
     
     location ~ \.php$ {
         include snippets/fastcgi-php.conf;
-        fastcgi_pass unix:/var/run/php/phpPHPver-fpm.sock;
+        fastcgi_pass unix:/var/run/php/phpPHPver-fpm-SITEname.sock;
     }
 
     location ~ /\.ht {

CMS/none/Nginx_nonphp-unconfigured

@@ -0,0 +1,25 @@
+#beginConf
+
+    #access_log /var/log/nginx/SITEname-access.log;
+    error_log /var/log/nginx/SITEname-error.log;
+
+    index index.php index.html index.htm index.nginx-debian.html;
+    root /var/www/DOMAINname/html;
+    gzip on;
+    gzip_proxied any;
+    gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript image/svg image/svg+xml application/xml image/x-icon;
+    gzip_comp_level 2;
+    gzip_disable "msie6";
+    gzip_buffers 16 8k;
+
+    location / {
+        #try_files $uri $uri/ =404;
+        try_files $uri $uri/ /index.php$is_args$args;
+        #try_files $uri $uri/ $uri.html $uri.php$is_args$query_string;
+    }
+
+    location ~ /\.ht {
+        deny all;
+    }
+    
+#endConf

CMS/none/apache-conf.sh

@@ -0,0 +1,9 @@
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/none/Apache-unconfigured -o /tmp/apache-siteconf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/apache-siteconf
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' /etc/apache2/sites-available/"$sitename"_"$site_ext".conf
+mkdir -p /var/www/"$domain"/html
+
+echo "<html><head></head><body>$webserv has been succsefully installed by the Wizard</body></html>" > /var/www/$domain/html/index.html
+
+chown "$sitename":"$sitename" -R /var/www/"$domain"/html
+systemctl reload apache2

CMS/none/conf.sh

@@ -0,0 +1,12 @@
+#Do not generate php pool when php is not installed
+if [ $webserv != nginx_nonphp ]; then
+
+#Setup PHP Pool
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/none/Fpm-Pool.conf-unconfigured -o /etc/php/"$phpver"/fpm/pool.d/"$sitename".conf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/SITEname/'$sitename'/g' -e 's/DOMAINname/'$domain'/' /etc/php/"$phpver"/fpm/pool.d/$sitename.conf
+groupadd "$sitename"
+useradd -g "$sitename" "$sitename"
+
+systemctl reload php"$phpver"-fpm
+
+fi

CMS/none/nginx-conf.sh

@@ -1,7 +1,9 @@
-wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/none/Nginx-unconfigured -O /tmp/nginx-siteconf
-sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/' /tmp/nginx-siteconf
-sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-enabled/"$domain"
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/none/Nginx-unconfigured -o /tmp/nginx-siteconf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/nginx-siteconf
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"_"$site_ext"
 mkdir -p /var/www/"$domain"/html
-chown www-data:www-data -R /var/www/"$domain"/html
+
 echo "<html><head></head><body>$webserv has been succsefully installed by the Wizard</body></html>" > /var/www/$domain/html/index.html
+
+chown "$sitename":"$sitename" -R /var/www/"$domain"/html
 systemctl reload nginx

CMS/none/nginx_nonphp-conf.sh

@@ -0,0 +1,9 @@
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/none/Nginx_nonphp-unconfigured -o /tmp/nginx-siteconf
+sed -i -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/nginx-siteconf
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"_"$site_ext"
+mkdir -p /var/www/"$domain"/html
+
+echo "<html><head></head><body>$webserv has been succsefully installed by the Wizard</body></html>" > /var/www/$domain/html/index.html
+
+chown www-data:www-data -R /var/www/"$domain"/html
+systemctl reload nginx

CMS/wordpress/Apache-unconfigured

@@ -0,0 +1,37 @@
+#beginConf
+
+ErrorLog ${APACHE_LOG_DIR}/SITEname_error.log
+#CustomLog ${APACHE_LOG_DIR}/SITEname_custom.log combined
+
+DirectoryIndex index.php index.html index.htm
+DocumentRoot /var/www/DOMAINname/html
+
+#Include snippets/apa-backendredir.conf
+
+<Directory /var/www/DOMAINname/html>
+    Options FollowSymLinks
+    AllowOverride Limit Options FileInfo
+    DirectoryIndex index.php
+    Order allow,deny
+    Allow from all
+    <IfModule mod_rewrite.c>
+	RewriteEngine On
+	RewriteBase /
+	RewriteCond %{REQUEST_FILENAME} !-f
+	RewriteCond %{REQUEST_FILENAME} !-d
+	RewriteRule . /index.php [L]
+     </IfModule>
+</Directory>
+
+<Directory /var/www/DOMAINname/wp-content>
+    Options FollowSymLinks
+    Order allow,deny
+    Allow from all
+</Directory>
+
+
+<FilesMatch \.php$>
+    SetHandler "proxy:unix:/var/run/php/phpPHPver-fpm-SITEname.sock|fcgi://localhost"
+</FilesMatch>
+
+#endConf

CMS/wordpress/Fpm-Pool.conf-unconfigured

@@ -0,0 +1,39 @@
+[SITEname]
+user = SITEname
+group = SITEname
+listen = /var/run/php/phpPHPver-fpm-SITEname.sock
+listen.owner = www-data
+listen.group = www-data
+php_admin_value[error_log] = /var/log/php-fpm/error-SITEname.log
+php_admin_value[disable_functions] = exec,passthru,shell_exec,system
+; OPCACHE SETTINGS
+php_admin_value[opcache.memory_consumption] = 256
+php_admin_value[opcache.enable] = 0
+php_admin_value[opcache.interned_strings_buffer] = 32
+php_admin_value[opcache.max_accelerated_files] = 50000
+php_admin_value[opcache.max_wasted_percentage] = 5
+php_admin_value[opcache.revalidate_freq] = 0
+php_admin_value[opcache.validate_timestamps] = 1
+
+; PERFORMANCE LIMITS
+php_admin_value[max_input_vars] = 5000
+php_admin_value[upload_max_filesize] = 128M
+php_admin_value[post_max_size] = 32M
+php_admin_value[max_input_time] = 30
+
+; SECURITY
+php_admin_value[cgi.fix_pathinfo] = 0
+php_admin_value[allow_url_fopen] = Off
+php_admin_value[file_uploads] = on
+php_admin_value[open_basedir] = "/var/www/DOMAINname/html"
+php_admin_value[session.use_strict_mode] = 1
+php_admin_value[session.cookie_httponly] = 1
+;HTTPSONLY php_admin_value[session.cookie_samesite] = Strict
+;HTTPSONLY php_admin_value[session.cookie_secure] = 1
+
+pm = dynamic
+pm.max_children = 20
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+chdir = /

CMS/wordpress/MotdWordpress

@@ -0,0 +1,5 @@
+#!/bin/sh
+red='\e[1;31m%s\e[0m\n'
+printf "\n"
+printf $red "Please run bash ~/WordpressInit-SITEname.sh after the first wordpress login"
+printf "\n"

CMS/wordpress/Nginx-unconfigured

@@ -1,4 +1,8 @@
 #beginConf
+
+#access_log /var/log/nginx/SITEname-access.log;
+error_log /var/log/nginx/SITEname-error.log;
+
 root /var/www/DOMAINname/html;
 index index.php index.htm index.html;
 
@@ -8,7 +12,8 @@ gzip_types text/plain text/css text/xml text/javascript application/javascript a
 gzip_comp_level 2;
 gzip_disable "msie6";
 gzip_buffers 16 8k;
-	
+
+#include snippets/ngx-backendredir.conf;	
 
 location / {
     try_files $uri $uri/ /index.php$is_args$args;
@@ -24,7 +29,7 @@ location ~* \.(css|gif|ico|jpeg|jpg|js|png|svg|webp|eot|otf|woff|woff2|ttf|ogg)$
 
 location ~ \.php$ {
     include snippets/fastcgi-php.conf;
-    fastcgi_pass unix:/var/run/php/phpPHPver-fpm.sock;
+    fastcgi_pass unix:/var/run/php/phpPHPver-fpm-SITEname.sock;
 }
 
 location ~ /\.ht {

CMS/wordpress/apache-conf.sh

@@ -0,0 +1,6 @@
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/wordpress/Apache-unconfigured -o /tmp/apache-siteconf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/apache-siteconf
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' /etc/apache2/sites-available/"$sitename"_"$site_ext".conf
+
+chown "$sitename":"$sitename" -R /var/www/"$domain"/html
+systemctl reload apache2 php$phpver-fpm

CMS/wordpress/conf.sh

@@ -1,9 +1,16 @@
+#WP-CLI
+if [ ! -f /usr/local/bin/wp ]; then
+   curl --retry 7 --retry-delay 5 -s https://raw.githubusercontent.com/wp-cli/wp-cli/v2.4.0/utils/wp-completion.bash -o /etc/bash_completion.d/wp
+   curl --retry 7 --retry-delay 5 -s https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -o /usr/local/bin/wp
+   chmod +x /usr/local/bin/wp
+fi
+
 #Creating DB
 db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1`
 db_name="wp_$db_suffix"
 db_user="wp_$db_suffix"
 db_pass=$(date +%s|sha256sum|base64|head -c 32)
-WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -)
+WPSalts=$(curl --retry 7 --retry-delay 5 -s https://api.wordpress.org/secret-key/1.1/salt/)
 
 #Setting up Database
 mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;" > $OUTPUT 2>&1
@@ -15,14 +22,34 @@ mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" > $OUTPUT 2>&1
 mkdir -p /var/www/"$domain"/html
 
 #Getting WordPress
-wget -q -t7 http://mirror.nxdi.nl/resources/wordpress/latest.tar.gz -O /tmp/wp.tar.gz
+curl --retry 7 --retry-delay 5 -s http://mirror.nxdi.nl/resources/wordpress/latest.tar.gz -o /tmp/wp.tar.gz
 tar -C /var/www/"$domain"/html -xzf /tmp/wp.tar.gz --strip 1
 rm /var/www/"$domain"/html/wp-config-sample.php 
 
 #Configuring WordPress
-wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/wordpress/WordPress-unconfigured -O /var/www/"$domain"/html/wp-config.php
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/wordpress/WordPress-unconfigured -o /var/www/"$domain"/html/wp-config.php
 sed -i -e 's/DBPass/'$db_pass'/' -e 's/DBUser/'$db_user'/'  -e 's/DBName/'$db_name'/' -e 's/DOMAINname/'$domain'/' /var/www/"$domain"/html/wp-config.php
 printf '%s\n' "g/WPsalty/d" a "$WPSalts" . w | ed -s /var/www/"$domain"/html/wp-config.php
 
+#PHP Pool
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/wordpress/Fpm-Pool.conf-unconfigured -o /etc/php/"$phpver"/fpm/pool.d/"$sitename".conf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/SITEname/'$sitename'/g' -e 's/DOMAINname/'$domain'/g' /etc/php/"$phpver"/fpm/pool.d/$sitename.conf
+groupadd "$sitename"
+useradd -g "$sitename" "$sitename"
+
+systemctl reload php"$phpver"-fpm
+
+#fail2ban
+if [ ! -f /etc/fail2ban/jail.d/wordpress-syslog.local ]; then
+    curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/wordpress-syslog.jail -o /etc/fail2ban/jail.d/wordpress-syslog.local
+fi
+
 #Setting Permsissions
-chown www-data:www-data -R /var/www/"$domain"/html
+chown "$sitename":"$sitename" -R /var/www/"$domain"/html
+
+#Makeing wordpress Finalize script and setting login Notice
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/wordpress/wordpress-init.sh -o ~/WordpressInit-"$sitename".sh
+sed -i -e 's/DOMAINname/'$domain'/' -e 's/SITEname/'$sitename'/' ~/WordpressInit-"$sitename".sh
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/wordpress/MotdWordpress -o /etc/update-motd.d/51-wpnotice-"${sitename//_}"
+sed -i -e 's/SITEname/'$sitename'/' /etc/update-motd.d/51-wpnotice-"${sitename//_}"
+chmod +x /etc/update-motd.d/51-wpnotice-"${sitename//_}"

CMS/wordpress/nginx-conf.sh

@@ -1,15 +1,7 @@
-#Configuring PHP
-if [ -z ${ignphpcms+x} ]; then ignphpcms=0;fi
-	if [ $ignphpcms != 1 ]; then
-		sed -i '/upload_max_filesize/c\upload_max_filesize = 1G' /etc/php/"$phpver"/fpm/php.ini
-		sed -i '/post_max_size/c\post_max_size = 512M' /etc/php/"$phpver"/fpm/php.ini
-		sed -i '/memory_limit/c\memory_limit = 512M' /etc/php/"$phpver"/fpm/php.ini
-fi
-
 #Configuring nginx
-wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/wordpress/Nginx-unconfigured -O /tmp/nginx-siteconf
-sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/' /tmp/nginx-siteconf
-sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-enabled/"$domain"
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/wordpress/Nginx-unconfigured -o /tmp/nginx-siteconf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/nginx-siteconf
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"_"$site_ext"
 
 #Reloading Services
 systemctl reload nginx php$phpver-fpm

CMS/wordpress/wordpress-init.sh

@@ -0,0 +1,23 @@
+sudo -u SITEname wp --path=/var/www/DOMAINname/html core update
+sudo -u SITEname wp --path=/var/www/DOMAINname/html theme update --all
+sudo -u SITEname wp --path=/var/www/DOMAINname/html plugin install wp-fail2ban --activate
+sudo -u SITEname wp --path=/var/www/DOMAINname/html plugin install all-in-one-wp-migration --activate
+sudo -u SITEname wp --path=/var/www/DOMAINname/html plugin install https://git.ictmaatwerk.com/downloads/wp/migrate.zip --activate
+sudo -u SITEname wp --path=/var/www/DOMAINname/html cron event run wp_update_plugins
+sudo -u SITEname wp --path=/var/www/DOMAINname/html plugin update --all
+echo -e "\e[96m Please update all-in-one-wp-migration-unlimited plugin manually\e[39m"
+sn2=SITEname
+rm -f /etc/update-motd.d/51-wpnotice-${sn2//_}
+
+#Remove script
+while true; do
+    read -p "Remove this script -> yes/no?" yn
+    case $yn in
+        [Nn]* )
+        break;;
+        [Yy]* )
+        rm -- "$0"
+        break;;
+        * )echo "Choose yes or no.";;
+    esac
+done

CoreModules/apache/appendCMS-conf.sh

@@ -0,0 +1,22 @@
+##############
+#   Apache   #
+##############
+
+if [ $domainwww = 1 ]; then
+	#non-ssl
+	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-wwwredir >> /etc/apache2/sites-available/"$sitename"_nossl.conf
+	echo "" >> /etc/apache2/sites-available/"$sitename"_nossl.conf
+	#ssl 
+	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-wwwredir >> /etc/apache2/sites-available/"$sitename"_ssl.conf
+	echo "" >> /etc/apache2/sites-available/"$sitename"_ssl.conf
+fi
+
+#non-ssl
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-unconfigured >> /etc/apache2/sites-available/"$sitename"_nossl.conf
+sed -i -e 's/DOMAINname/'$domain'/g' /etc/apache2/sites-available/"$sitename"_nossl.conf 
+ln -s /etc/apache2/sites-available/"$sitename"_nossl.conf /etc/apache2/sites-enabled/010-"$sitename".conf
+#ssl
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-unconfigured >> /etc/apache2/sites-available/"$sitename"_ssl.conf
+sed -i -e 's/DOMAINname/'$domain'/g' /etc/apache2/sites-available/"$sitename"_ssl.conf
+
+systemctl reload apache2

CoreModules/apache/apt.list

@@ -1 +0,0 @@
-apache2 php-pear libapache2-mod-php phpPHPver-mysql phpPHPver-cgi phpPHPver-common phpPHPver-mbstring phpPHPver-curl phpPHPver-gd phpPHPver-intl phpPHPver-soap phpPHPver-xml phpPHPver-xmlrpc phpPHPver-zip python-certbot-apache

CoreModules/apache/conf.sh

@@ -0,0 +1,54 @@
+systemctl stop apache2 > $OUTPUT 2>&1
+
+##############
+#   Apache   #
+##############
+
+a2dissite 000-default > $OUTPUT 2>&1
+a2dismod mpm_prefork > $OUTPUT 2>&1
+a2enmod actions fcgid alias proxy_fcgi ssl headers http2 setenvif socache_shmcb > $OUTPUT 2>&1
+
+mkdir -p /etc/apache2/snippets/
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/snippets-ssl.conf -o /etc/apache2/snippets/apa-ssl.conf
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/snippets-backendredir.conf -o /etc/apache2/snippets/apa-backendredir.conf
+sed -i -e 's/HOSTname/'$hostname'/' /etc/apache2/snippets/apa-backendredir.conf
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/conf-custom.conf -o /etc/apache2/conf-enabled/zzz-custom.conf
+
+#Catch all (ip and unconfigured domains)
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_CatchAll -o /etc/apache2/sites-available/CatchAll.conf
+ln -s /etc/apache2/sites-available/CatchAll.conf /etc/apache2/sites-enabled/999-CatchAll.conf
+
+
+if [ $domainwww = 1 ]; then
+	#non-ssl
+	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-wwwredir >> /etc/apache2/sites-available/"$sitename"_nossl.conf
+	echo "" >> /etc/apache2/sites-available/"$sitename"_nossl.conf
+	#ssl 
+	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-wwwredir >> /etc/apache2/sites-available/"$sitename"_ssl.conf
+	echo "" >> /etc/apache2/sites-available/"$sitename"_ssl.conf
+fi
+#non-ssl
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-unconfigured >> /etc/apache2/sites-available/"$sitename"_nossl.conf
+sed -i -e 's/DOMAINname/'$domain'/g' /etc/apache2/sites-available/"$sitename"_nossl.conf 
+ln -s /etc/apache2/sites-available/"$sitename"_nossl.conf /etc/apache2/sites-enabled/010-"$sitename".conf
+#ssl
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-unconfigured >> /etc/apache2/sites-available/"$sitename"_ssl.conf
+sed -i -e 's/DOMAINname/'$domain'/g' /etc/apache2/sites-available/"$sitename"_ssl.conf
+
+#non-ssl-Backend
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-unconfigured >> /etc/apache2/sites-available/Backend_nossl.conf
+sed -i -e 's/DOMAINname/'$hostname'/g' /etc/apache2/sites-available/Backend_nossl.conf 
+ln -s /etc/apache2/sites-available/Backend_nossl.conf /etc/apache2/sites-enabled/010-Backend.conf
+#ssl-Backend
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-unconfigured >> /etc/apache2/sites-available/Backend_ssl.conf
+sed -i -e 's/DOMAINname/'$hostname'/g' /etc/apache2/sites-available/Backend_ssl.conf
+
+
+mkdir -p /opt/toggle
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/toggles/toggle-PhpMyAdmin_APACHE.sh -o /opt/toggle/toggle-PhpMyAdmin.sh
+
+
+# custom Welcome page
+echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /var/www/html/index.html
+
+systemctl start apache2 > $OUTPUT 2>&1

CoreModules/apache/config/apache2/conf-custom.conf

@@ -0,0 +1,3 @@
+SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
+ServerTokens Prod
+ServerSignature Off

CoreModules/apache/config/apache2/site-unconfigured

@@ -0,0 +1,6 @@
+<VirtualHost *:80>
+    ServerName DOMAINname 
+
+#ConfHere
+
+</VirtualHost>

CoreModules/apache/config/apache2/site-wwwredir

@@ -0,0 +1,4 @@
+<VirtualHost *:80>
+    ServerName www.DOMAINname
+    Redirect permanent / http://DOMAINname/
+</VirtualHost>

CoreModules/apache/config/apache2/site_CatchAll

@@ -0,0 +1,8 @@
+<VirtualHost *:80>
+    DocumentRoot /var/www/html
+    ServerName localhost
+    ServerAlias "*"
+    ErrorLog /dev/null
+    CustomLog /dev/null common
+</VirtualHost>
+

CoreModules/apache/config/apache2/site_ssl-unconfigured

@@ -0,0 +1,15 @@
+<VirtualHost *:80>
+    ServerName DOMAINname 
+    Redirect permanent / https://DOMAINname/
+</VirtualHost>
+
+<VirtualHost *:443>
+    ServerName DOMAINname
+    SSLEngine on
+    SSLCertificateFile       /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer
+    SSLCertificateKeyFile   /etc/acmesh/certs/DOMAINname_ecc/DOMAINname.key
+    Include snippets/apa-ssl.conf
+
+#ConfHere
+
+</VirtualHost>

CoreModules/apache/config/apache2/site_ssl-wwwredir

@@ -0,0 +1,13 @@
+<VirtualHost *:80>
+    ServerName www.DOMAINname
+    Redirect permanent / https://DOMAINname/
+</VirtualHost>
+
+<VirtualHost *:443>
+    ServerName www.DOMAINname
+    SSLEngine on
+    SSLCertificateFile       /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer
+    SSLCertificateKeyFile   /etc/acmesh/certs/DOMAINname_ecc/DOMAINname.key
+    Include snippets/apa-ssl.conf
+    Redirect permanent / https://DOMAINname/
+</VirtualHost>

CoreModules/apache/config/apache2/snippets-backendredir.conf

@@ -0,0 +1 @@
+Redirect 301 /database http://HOSTname/backend/database

CoreModules/apache/config/apache2/snippets-ssl.conf

@@ -0,0 +1,8 @@
+Protocols h2 http/1.1
+Header always set Strict-Transport-Security "max-age=63072000"
+SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
+SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+SSLHonorCipherOrder     on
+SSLOpenSSLConfCmd       Curves secp384r1
+SSLSessionTickets       off
+SSLUseStapling On

CoreModules/apache/generic.pkg.list

@@ -0,0 +1 @@
+apache2 libapache2-mod-fcgid

CoreModules/apache/phpupdate-handeler.sh

@@ -0,0 +1,24 @@
+for f in /etc/apache2/sites-available/*; do
+    if [ $IMODE = n ] && [ $PhpPurge = 0 ]; then
+        if (whiptail --title "Update apache config ?" --yesno "Update php version in apache site: ${f##*/}  ?" 8 78); then
+            sed -i  "s/$phpver/$newphpver/" $f
+        fi
+    fi
+    if [ $IMODE = l ] && [ $PhpPurge = 0 ]; then
+            while true; do
+                read -p "Update php version in apache site: ${f##*/} ? -> yes/no?" yn
+                case $yn in
+                [Yy]* ) sed -i  "s/$phpver/$newphpver/" $f
+                break;;
+                [Nn]* ) echo ""
+                break;;
+                * ) echo "Choose yes of no.";;
+            esac
+        done    
+    fi
+    if [ $PhpPurge = 1 ]; then
+        sed -i  "s/$phpver/$newphpver/" $f
+    fi
+done
+ 
+systemctl reload apache2

CoreModules/apache/preconf.sh

@@ -0,0 +1 @@
+curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=apache osrel=$shortdist bash > $OUTPUT 2>&1 > $OUTPUT 2>&1

CoreModules/apache/reqmodules.sh

@@ -0,0 +1 @@
+aonoption="$aonoption php-fpm"

CoreModules/apache/ssl-handler.sh

@@ -0,0 +1,9 @@
+rm /etc/apache2/sites-enabled/010-"$sitename".conf
+ln -s /etc/apache2/sites-available/"$sitename"_"$site_ext".conf /etc/apache2/sites-enabled/010-"$sitename".conf
+
+if [ -n "$sslfr" ]; then
+rm /etc/apache2/sites-enabled/010-Backend.conf
+ln -s /etc/apache2/sites-available/Backend_"$siteBackend_ext".conf /etc/apache2/sites-enabled/010-Backend.conf
+fi
+
+systemctl reload apache2

CoreModules/generic/apt.list

@@ -1 +0,0 @@
-mailutils htop ufw nload

CoreModules/generic/conf.sh

@@ -1,36 +1,3 @@
-##-------------##
-#    Postfix    #
-##-------------##
-
-sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf
-sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf
-sed -i 's/relayhost =/mydestination = '$hostname', localhost.'$hostname', '$hostname'/g' /etc/postfix/main.cf
-echo "bounce_notice_recipient = info@$domain" >> /etc/postfix/main.cf
-cat <<EOF > /etc/aliases
-# See man 5 aliases for format
-postmaster:    root
-root:          $email
-EOF
-newaliases
-
-
-##------------##
-#   Fail2Ban   #
-##------------##
-
-##Disabled
-#sed -i 's/root@localhost/'$email'/g' /etc/fail2ban/jail.conf
-#wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/sshd.local -O /etc/fail2ban/jail.d/sshd.local
-#if [[ $CMS == "Nextcloud" ]]; then
-#wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/nextcloud.conf -O /etc/fail2ban/filter.d/nextcloud.conf
-#wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/nextcloud.local -O /etc/fail2ban/jail.d/nextcloud.local
-#fi
-#if [[ $CMS == "Wordpress" ]]; then
-#wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/wordpress.conf -O /etc/fail2ban/filter.d/wordpress.conf
-#wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/wordpress.local -O /etc/fail2ban/jail.d/wordpress.local
-#fi
-
-
 ##-------##
 #   UFW   #
 ##-------##
@@ -41,4 +8,25 @@ ufw default allow outgoing > $OUTPUT 2>&1
 ufw allow 80/tcp > $OUTPUT 2>&1
 ufw allow 443/tcp > $OUTPUT 2>&1
 ufw limit 4242/tcp > $OUTPUT 2>&1
-echo "y" | ufw enable > $OUTPUT 2>&1
+echo "y" | ufw enable > $OUTPUT 2>&1
+
+##------------##
+#   Fail2Ban   #
+##------------##
+
+#General config
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/jail.local -o /etc/fail2ban/jail.local
+
+#Custom Fiters
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Filters/nextcloud.filter -o /etc/fail2ban/filter.d/nextcloud.local
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Filters/phpmyadmin-authlog.filter -o /etc/fail2ban/filter.d/phpmyadmin-authlog.local
+curl --retry 7 --retry-delay 5 -s https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-hard.conf -o /etc/fail2ban/filter.d/wordpress-hard.local
+curl --retry 7 --retry-delay 5 -s https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-soft.conf -o /etc/fail2ban/filter.d/wordpress-soft.local
+
+#General jails
+rm /etc/fail2ban/jail.d/*
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/sshd.jail -o /etc/fail2ban/jail.d/sshd.local
+if [ -z $disbackendcms ]; then
+ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/phpmyadmin.jail -o /etc/fail2ban/jail.d/phpmyadmin.local
+fi
+

CoreModules/generic/generic.pkg.list

@@ -0,0 +1 @@
+htop ufw nload fail2ban

CoreModules/generic/preconf.sh

@@ -2,16 +2,14 @@
 #  Prerequisite packages  #
 ##-----------------------##
 
-$PKGI software-properties-common gnupg > $OUTPUT 2>&1
+curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=init osrel=$shortdist bash > $OUTPUT 2>&1
 
 ##--------------##
 #  Repositories  #
 ##--------------##
 
-$PKGA universe -y > $OUTPUT 2>&1
-$PKGA ppa:ondrej/php -y -n > $OUTPUT 2>&1
-$PKGA ppa:certbot/certbot -y -n > $OUTPUT 2>&1
-
+curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=universe osrel=$shortdist bash > $OUTPUT 2>&1
+curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=php osrel=$shortdist bash > $OUTPUT 2>&1
 
 ##-------------##
 #    Updates    #
@@ -27,9 +25,9 @@ $PKGM upgrade -y
 ##------------##
 
 hostnamectl set-hostname $hostname
-sed -i 's/;preserve_hostname: false/preserve_hostname: true/g' /etc/cloud/cloud.cfg
-timedatectl set-timezone Europe/Amsterdam
-sed -i -e '/Port 22/c\Port 4242' -e 's/PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
+sed -i 's/;preserve_hostname: false/preserve_hostname: true/g' /etc/cloud/cloud.cfg > $OUTPUT 2>&1
+timedatectl set-timezone Europe/Amsterdam > $OUTPUT 2>&1
+sed -i -e '/Port 22/c\Port 4242' -e 's/PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config > $OUTPUT 2>&1
 
 
 ##----------##
@@ -56,5 +54,3 @@ echo "vm.vfs_cache_pressure=50" >> /etc/sysctl.conf
 #Checking if postfix exists on this system and if so it wil be removed to prevent config conflicts
 if dpkg-query -Wf'${db:Status-abbrev}' postfix 2>/dev/null | grep -q '^i'; then apt purge -y postfix > $OUTPUT 2>&1; fi
 
-debconf-set-selections <<< "postfix postfix/mailname string $domain"
-debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"

CoreModules/nginx/appendCMS-conf.sh

@@ -2,8 +2,21 @@
 #   Nginx   #
 #############
 
-wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-unconfigured -O /etc/nginx/sites-available/"$domain"
-sed -i -e 's/DOMAINname/'$domain'/' /etc/nginx/sites-available/"$domain"
-ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/
+if [ $domainwww = 1 ]; then
+	#non-ssl
+	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site-wwwredir >> /etc/nginx/sites-available/"$sitename"_nossl
+	echo "" >> /etc/nginx/sites-available/"$sitename"_nossl
+	#ssl 
+	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site_ssl-wwwredir >> /etc/nginx/sites-available/"$sitename"_ssl
+	echo "" >> /etc/nginx/sites-available/"$sitename"_ssl 
+fi
+
+#non-ssl
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site-unconfigured >> /etc/nginx/sites-available/"$sitename"_nossl 
+sed -i -e 's/DOMAINname/'$domain'/g' /etc/nginx/sites-available/"$sitename"_nossl 
+ln -s /etc/nginx/sites-available/"$sitename"_nossl /etc/nginx/sites-enabled/"$sitename"
+#ssl
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site_ssl-unconfigured >> /etc/nginx/sites-available/"$sitename"_ssl 
+sed -i -e 's/DOMAINname/'$domain'/g' /etc/nginx/sites-available/"$sitename"_ssl 
 
 systemctl reload nginx

CoreModules/nginx/apt.list

@@ -1 +0,0 @@
-nginx phpPHPver-imagick php-pear phpPHPver-cli  phpPHPver-fpm phpPHPver-mysql phpPHPver-cgi phpPHPver-common phpPHPver-mbstring phpPHPver-curl phpPHPver-gd phpPHPver-intl phpPHPver-soap phpPHPver-xml phpPHPver-xmlrpc phpPHPver-zip python-certbot-nginx

CoreModules/nginx/conf.sh

@@ -1,47 +1,46 @@
-systemctl stop php${phpver}-fpm nginx
+systemctl stop nginx
 
 #############
 #   Nginx   #
 #############
 
-mkdir -p /etc/nginx/sites-available /etc/nginx/sites-enabled /etc/nginx/snippets /etc/nginx/modules-available /etc/nginx/modules-enabled /etc/nginx/snippets/
-wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/fastcgi.conf -O /etc/nginx/fastcgi.conf
-wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/fastcgi-php.conf -O /etc/nginx/snippets/fastcgi-php.conf
-wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/nginx-default.conf -O /etc/nginx/nginx.conf
+mkdir -p /var/www/html /etc/nginx/sites-available /etc/nginx/sites-enabled /etc/nginx/snippets /etc/nginx/modules-available /etc/nginx/modules-enabled /etc/nginx/snippets/
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/fastcgi.conf -o /etc/nginx/fastcgi.conf
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/fastcgi-php.conf -o /etc/nginx/snippets/fastcgi-php.conf
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/snippets-ssl.conf -o /etc/nginx/snippets/ngx-ssl.conf
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/snippets-backendredir.conf -o /etc/nginx/snippets/ngx-backendredir.conf
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/nginx-default.conf -o /etc/nginx/nginx.conf
 
 if [ $domainwww = 1 ]; then
-	wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-wwwredir >> /etc/nginx/sites-available/"$domain"
-	echo "" >> /etc/nginx/sites-available/"$domain" 
+	#non-ssl
+	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site-wwwredir >> /etc/nginx/sites-available/"$sitename"_nossl
+	echo "" >> /etc/nginx/sites-available/"$sitename"_nossl
+	#ssl 
+	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site_ssl-wwwredir >> /etc/nginx/sites-available/"$sitename"_ssl
+	echo "" >> /etc/nginx/sites-available/"$sitename"_ssl 
 fi
-wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-unconfigured >> /etc/nginx/sites-available/"$domain"
-sed -i -e 's/DOMAINname/'$domain'/' /etc/nginx/sites-available/"$domain"
-ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/
+#non-ssl
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site-unconfigured >> /etc/nginx/sites-available/"$sitename"_nossl 
+sed -i -e 's/DOMAINname/'$domain'/g' /etc/nginx/sites-available/"$sitename"_nossl 
+ln -s /etc/nginx/sites-available/"$sitename"_nossl /etc/nginx/sites-enabled/"$sitename"
+#ssl
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site_ssl-unconfigured >> /etc/nginx/sites-available/"$sitename"_ssl 
+sed -i -e 's/DOMAINname/'$domain'/g' /etc/nginx/sites-available/"$sitename"_ssl 
 
-wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-unconfigured -O /etc/nginx/sites-available/Backend
-sed -i -e 's/DOMAINname/'$hostname'/' /etc/nginx/sites-available/Backend
-ln -s /etc/nginx/sites-available/Backend /etc/nginx/sites-enabled/
+#Backend
+##non-ssl
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site-unconfigured >> /etc/nginx/sites-available/Backend_nossl 
+sed -i -e 's/DOMAINname/'$hostname'/g' /etc/nginx/sites-available/Backend_nossl 
+ln -s /etc/nginx/sites-available/Backend_nossl /etc/nginx/sites-enabled/Backend
+##ssl
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site_ssl-unconfigured >> /etc/nginx/sites-available/Backend_ssl 
+sed -i -e 's/DOMAINname/'$hostname'/g' /etc/nginx/sites-available/Backend_ssl 
 
 mkdir -p /opt/toggle
-wget -q -t7 "$repo"/raw/branch/"$branch"/Scripts/toggles/toggle-Netdata_NGINX.sh -O  /opt/toggle/toggle-Netdata.sh
-wget -q -t7 "$repo"/raw/branch/"$branch"/Scripts/toggles/toggle-PhpMyAdmin_NGINX.sh -O  /opt/toggle/toggle-PhpMyAdmin.sh
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/toggles/toggle-Netdata_NGINX.sh -o  /opt/toggle/toggle-Netdata.sh
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/toggles/toggle-PhpMyAdmin_NGINX.sh -o  /opt/toggle/toggle-PhpMyAdmin.sh
 
 # custom Welcome page
-echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /var/www/html/index.html
-###############
-#   PHP-FPM   #
-###############
+echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /usr/share/nginx/html/index.html
 
-sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/"$phpver"/fpm/php.ini
-sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' /etc/php/"$phpver"/fpm/php.ini
-sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/"$phpver"/fpm/php.ini
-sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/"$phpver"/fpm/php.ini
-sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=50000/g' /etc/php/"$phpver"/fpm/php.ini
-sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/"$phpver"/fpm/php.ini
-sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/"$phpver"/fpm/php.ini
-sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/"$phpver"/fpm/php.ini
-sed -i 's/upload_max_filesize = 2/upload_max_filesize = 128/g' /etc/php/"$phpver"/fpm/php.ini
-sed -i 's/post_max_size = 8/post_max_size = 64/g' /etc/php/"$phpver"/fpm/php.ini
-wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/PHP-FPM/www.confg -O /etc/php/"$phpver"/fpm/pool.d/www.conf
-sed -i 's/'rtag'/'"${phpver}"'/g' /etc/php/"$phpver"/fpm/pool.d/www.conf
-
-systemctl start php${phpver}-fpm nginx
+systemctl start nginx

CoreModules/nginx/config/PHP-FPM/www.confg

@@ -1,423 +0,0 @@
-; Start a new pool named 'www'.
-; the variable $pool can be used in any directive and will be replaced by the
-; pool name ('www' here)
-[www]
-
-; Per pool prefix
-; It only applies on the following directives:
-; - 'access.log'
-; - 'slowlog'
-; - 'listen' (unixsocket)
-; - 'chroot'
-; - 'chdir'
-; - 'php_values'
-; - 'php_admin_values'
-; When not set, the global prefix (or /usr) applies instead.
-; Note: This directive can also be relative to the global prefix.
-; Default Value: none
-;prefix = /path/to/pools/$pool
-
-; Unix user/group of processes
-; Note: The user is mandatory. If the group is not set, the default user's group
-;       will be used.
-user = www-data
-group = www-data
-
-; The address on which to accept FastCGI requests.
-; Valid syntaxes are:
-;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific IPv4 address on
-;                            a specific port;
-;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
-;                            a specific port;
-;   'port'                 - to listen on a TCP socket to all addresses
-;                            (IPv6 and IPv4-mapped) on a specific port;
-;   '/path/to/unix/socket' - to listen on a unix socket.
-; Note: This value is mandatory.
-listen = /run/php/phprtag-fpm.sock
-
-; Set listen(2) backlog.
-; Default Value: 511 (-1 on FreeBSD and OpenBSD)
-;listen.backlog = 511
-
-; Set permissions for unix socket, if one is used. In Linux, read/write
-; permissions must be set in order to allow connections from a web server. Many
-; BSD-derived systems allow connections regardless of permissions.
-; Default Values: user and group are set as the running user
-;                 mode is set to 0660
-listen.owner = www-data
-listen.group = www-data
-;listen.mode = 0660
-; When POSIX Access Control Lists are supported you can set them using
-; these options, value is a comma separated list of user/group names.
-; When set, listen.owner and listen.group are ignored
-;listen.acl_users =
-;listen.acl_groups =
-
-; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
-; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
-; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
-; must be separated by a comma. If this value is left blank, connections will be
-; accepted from any ip address.
-; Default Value: any
-;listen.allowed_clients = 127.0.0.1
-
-; Specify the nice(2) priority to apply to the pool processes (only if set)
-; The value can vary from -19 (highest priority) to 20 (lower priority)
-; Note: - It will only work if the FPM master process is launched as root
-;       - The pool processes will inherit the master process priority
-;         unless it specified otherwise
-; Default Value: no set
-; process.priority = -19
-
-; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user
-; or group is differrent than the master process user. It allows to create process
-; core dump and ptrace the process for the pool user.
-; Default Value: no
-; process.dumpable = yes
-
-; Choose how the process manager will control the number of child processes.
-; Possible Values:
-;   static  - a fixed number (pm.max_children) of child processes;
-;   dynamic - the number of child processes are set dynamically based on the
-;             following directives. With this process management, there will be
-;             always at least 1 children.
-;             pm.max_children      - the maximum number of children that can
-;                                    be alive at the same time.
-;             pm.start_servers     - the number of children created on startup.
-;             pm.min_spare_servers - the minimum number of children in 'idle'
-;                                    state (waiting to process). If the number
-;                                    of 'idle' processes is less than this
-;                                    number then some children will be created.
-;             pm.max_spare_servers - the maximum number of children in 'idle'
-;                                    state (waiting to process). If the number
-;                                    of 'idle' processes is greater than this
-;                                    number then some children will be killed.
-;  ondemand - no children are created at startup. Children will be forked when
-;             new requests will connect. The following parameter are used:
-;             pm.max_children           - the maximum number of children that
-;                                         can be alive at the same time.
-;             pm.process_idle_timeout   - The number of seconds after which
-;                                         an idle process will be killed.
-; Note: This value is mandatory.
-pm = dynamic
-
-; The number of child processes to be created when pm is set to 'static' and the
-; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
-; This value sets the limit on the number of simultaneous requests that will be
-; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
-; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
-; CGI. The below defaults are based on a server without much resources. Don't
-; forget to tweak pm.* to fit your needs.
-; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
-; Note: This value is mandatory.
-pm.max_children = 5
-
-; The number of child processes created on startup.
-; Note: Used only when pm is set to 'dynamic'
-; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
-pm.start_servers = 2
-
-; The desired minimum number of idle server processes.
-; Note: Used only when pm is set to 'dynamic'
-; Note: Mandatory when pm is set to 'dynamic'
-pm.min_spare_servers = 1
-
-; The desired maximum number of idle server processes.
-; Note: Used only when pm is set to 'dynamic'
-; Note: Mandatory when pm is set to 'dynamic'
-pm.max_spare_servers = 3
-
-; The number of seconds after which an idle process will be killed.
-; Note: Used only when pm is set to 'ondemand'
-; Default Value: 10s
-;pm.process_idle_timeout = 10s;
-
-; The number of requests each child process should execute before respawning.
-; This can be useful to work around memory leaks in 3rd party libraries. For
-; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
-; Default Value: 0
-;pm.max_requests = 500
-
-; The URI to view the FPM status page. If this value is not set, no URI will be
-; recognized as a status page. It shows the following informations:
-;   pool                 - the name of the pool;
-;   process manager      - static, dynamic or ondemand;
-;   start time           - the date and time FPM has started;
-;   start since          - number of seconds since FPM has started;
-;   accepted conn        - the number of request accepted by the pool;
-;   listen queue         - the number of request in the queue of pending
-;                          connections (see backlog in listen(2));
-;   max listen queue     - the maximum number of requests in the queue
-;                          of pending connections since FPM has started;
-;   listen queue len     - the size of the socket queue of pending connections;
-;   idle processes       - the number of idle processes;
-;   active processes     - the number of active processes;
-;   total processes      - the number of idle + active processes;
-;   max active processes - the maximum number of active processes since FPM
-;                          has started;
-;   max children reached - number of times, the process limit has been reached,
-;                          when pm tries to start more children (works only for
-;                          pm 'dynamic' and 'ondemand');
-; Value are updated in real time.
-; Example output:
-;   pool:                 www
-;   process manager:      static
-;   start time:           01/Jul/2011:17:53:49 +0200
-;   start since:          62636
-;   accepted conn:        190460
-;   listen queue:         0
-;   max listen queue:     1
-;   listen queue len:     42
-;   idle processes:       4
-;   active processes:     11
-;   total processes:      15
-;   max active processes: 12
-;   max children reached: 0
-;
-; By default the status page output is formatted as text/plain. Passing either
-; 'html', 'xml' or 'json' in the query string will return the corresponding
-; output syntax. Example:
-;   http://www.foo.bar/status
-;   http://www.foo.bar/status?json
-;   http://www.foo.bar/status?html
-;   http://www.foo.bar/status?xml
-;
-; By default the status page only outputs short status. Passing 'full' in the
-; query string will also return status for each pool process.
-; Example:
-;   http://www.foo.bar/status?full
-;   http://www.foo.bar/status?json&full
-;   http://www.foo.bar/status?html&full
-;   http://www.foo.bar/status?xml&full
-; The Full status returns for each process:
-;   pid                  - the PID of the process;
-;   state                - the state of the process (Idle, Running, ...);
-;   start time           - the date and time the process has started;
-;   start since          - the number of seconds since the process has started;
-;   requests             - the number of requests the process has served;
-;   request duration     - the duration in µs of the requests;
-;   request method       - the request method (GET, POST, ...);
-;   request URI          - the request URI with the query string;
-;   content length       - the content length of the request (only with POST);
-;   user                 - the user (PHP_AUTH_USER) (or '-' if not set);
-;   script               - the main script called (or '-' if not set);
-;   last request cpu     - the %cpu the last request consumed
-;                          it's always 0 if the process is not in Idle state
-;                          because CPU calculation is done when the request
-;                          processing has terminated;
-;   last request memory  - the max amount of memory the last request consumed
-;                          it's always 0 if the process is not in Idle state
-;                          because memory calculation is done when the request
-;                          processing has terminated;
-; If the process is in Idle state, then informations are related to the
-; last request the process has served. Otherwise informations are related to
-; the current request being served.
-; Example output:
-;   ************************
-;   pid:                  31330
-;   state:                Running
-;   start time:           01/Jul/2011:17:53:49 +0200
-;   start since:          63087
-;   requests:             12808
-;   request duration:     1250261
-;   request method:       GET
-;   request URI:          /test_mem.php?N=10000
-;   content length:       0
-;   user:                 -
-;   script:               /home/fat/web/docs/php/test_mem.php
-;   last request cpu:     0.00
-;   last request memory:  0
-;
-; Note: There is a real-time FPM status monitoring sample web page available
-;       It's available in: /usr/share/php/rtag/fpm/status.html
-;
-; Note: The value must start with a leading slash (/). The value can be
-;       anything, but it may not be a good idea to use the .php extension or it
-;       may conflict with a real PHP file.
-; Default Value: not set
-;pm.status_path = /status
-
-; The ping URI to call the monitoring page of FPM. If this value is not set, no
-; URI will be recognized as a ping page. This could be used to test from outside
-; that FPM is alive and responding, or to
-; - create a graph of FPM availability (rrd or such);
-; - remove a server from a group if it is not responding (load balancing);
-; - trigger alerts for the operating team (24/7).
-; Note: The value must start with a leading slash (/). The value can be
-;       anything, but it may not be a good idea to use the .php extension or it
-;       may conflict with a real PHP file.
-; Default Value: not set
-;ping.path = /ping
-
-; This directive may be used to customize the response of a ping request. The
-; response is formatted as text/plain with a 200 response code.
-; Default Value: pong
-;ping.response = pong
-
-; The access log file
-; Default: not set
-;access.log = log/$pool.access.log
-
-; The access log format.
-; The following syntax is allowed
-;  %%: the '%' character
-;  %C: %CPU used by the request
-;      it can accept the following format:
-;      - %{user}C for user CPU only
-;      - %{system}C for system CPU only
-;      - %{total}C  for user + system CPU (default)
-;  %d: time taken to serve the request
-;      it can accept the following format:
-;      - %{seconds}d (default)
-;      - %{miliseconds}d
-;      - %{mili}d
-;      - %{microseconds}d
-;      - %{micro}d
-;  %e: an environment variable (same as $_ENV or $_SERVER)
-;      it must be associated with embraces to specify the name of the env
-;      variable. Some exemples:
-;      - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
-;      - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
-;  %f: script filename
-;  %l: content-length of the request (for POST request only)
-;  %m: request method
-;  %M: peak of memory allocated by PHP
-;      it can accept the following format:
-;      - %{bytes}M (default)
-;      - %{kilobytes}M
-;      - %{kilo}M
-;      - %{megabytes}M
-;      - %{mega}M
-;  %n: pool name
-;  %o: output header
-;      it must be associated with embraces to specify the name of the header:
-;      - %{Content-Type}o
-;      - %{X-Powered-By}o
-;      - %{Transfert-Encoding}o
-;      - ....
-;  %p: PID of the child that serviced the request
-;  %P: PID of the parent of the child that serviced the request
-;  %q: the query string
-;  %Q: the '?' character if query string exists
-;  %r: the request URI (without the query string, see %q and %Q)
-;  %R: remote IP address
-;  %s: status (response code)
-;  %t: server time the request was received
-;      it can accept a strftime(3) format:
-;      %d/%b/%Y:%H:%M:%S %z (default)
-;      The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
-;      e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
-;  %T: time the log has been written (the request has finished)
-;      it can accept a strftime(3) format:
-;      %d/%b/%Y:%H:%M:%S %z (default)
-;      The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
-;      e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
-;  %u: remote user
-;
-; Default: "%R - %u %t \"%m %r\" %s"
-;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
-
-; The log file for slow requests
-; Default Value: not set
-; Note: slowlog is mandatory if request_slowlog_timeout is set
-;slowlog = log/$pool.log.slow
-
-; The timeout for serving a single request after which a PHP backtrace will be
-; dumped to the 'slowlog' file. A value of '0s' means 'off'.
-; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
-; Default Value: 0
-;request_slowlog_timeout = 0
-
-; Depth of slow log stack trace.
-; Default Value: 20
-;request_slowlog_trace_depth = 20
-
-; The timeout for serving a single request after which the worker process will
-; be killed. This option should be used when the 'max_execution_time' ini option
-; does not stop script execution for some reason. A value of '0' means 'off'.
-; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
-; Default Value: 0
-;request_terminate_timeout = 0
-
-; Set open file descriptor rlimit.
-; Default Value: system defined value
-;rlimit_files = 1024
-
-; Set max core size rlimit.
-; Possible Values: 'unlimited' or an integer greater or equal to 0
-; Default Value: system defined value
-;rlimit_core = 0
-
-; Chroot to this directory at the start. This value must be defined as an
-; absolute path. When this value is not set, chroot is not used.
-; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
-; of its subdirectories. If the pool prefix is not set, the global prefix
-; will be used instead.
-; Note: chrooting is a great security feature and should be used whenever
-;       possible. However, all PHP paths will be relative to the chroot
-;       (error_log, sessions.save_path, ...).
-; Default Value: not set
-;chroot =
-
-; Chdir to this directory at the start.
-; Note: relative path can be used.
-; Default Value: current directory or / when chroot
-;chdir = /var/www
-
-; Redirect worker stdout and stderr into main error log. If not set, stdout and
-; stderr will be redirected to /dev/null according to FastCGI specs.
-; Note: on highloaded environement, this can cause some delay in the page
-; process time (several ms).
-; Default Value: no
-;catch_workers_output = yes
-
-; Clear environment in FPM workers
-; Prevents arbitrary environment variables from reaching FPM worker processes
-; by clearing the environment in workers before env vars specified in this
-; pool configuration are added.
-; Setting to "no" will make all environment variables available to PHP code
-; via getenv(), $_ENV and $_SERVER.
-; Default Value: yes
-;clear_env = no
-
-; Limits the extensions of the main script FPM will allow to parse. This can
-; prevent configuration mistakes on the web server side. You should only limit
-; FPM to .php extensions to prevent malicious users to use other extensions to
-; execute php code.
-; Note: set an empty value to allow all extensions.
-; Default Value: .php
-;security.limit_extensions = .php .php3 .php4 .php5 .php7
-
-; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
-; the current environment.
-; Default Value: clean env
-env[HOSTNAME] = $HOSTNAME
-env[PATH] = /usr/local/bin:/usr/bin:/bin
-env[TMP] = /tmp
-env[TMPDIR] = /tmp
-env[TEMP] = /tmp
-
-; Additional php.ini defines, specific to this pool of workers. These settings
-; overwrite the values previously defined in the php.ini. The directives are the
-; same as the PHP SAPI:
-;   php_value/php_flag             - you can set classic ini defines which can
-;                                    be overwritten from PHP call 'ini_set'.
-;   php_admin_value/php_admin_flag - these directives won't be overwritten by
-;                                     PHP call 'ini_set'
-; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
-
-; Defining 'extension' will load the corresponding shared extension from
-; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
-; overwrite previously defined php.ini values, but will append the new value
-; instead.
-
-; Note: path INI options can be relative and will be expanded with the prefix
-; (pool, global or /usr)
-
-; Default Value: nothing is defined by default except the values in php.ini and
-;                specified at startup with the -d argument
-;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
-;php_flag[display_errors] = off
-;php_admin_value[error_log] = /var/log/fpm-php.www.log
-;php_admin_flag[log_errors] = on
-;php_admin_value[memory_limit] = 32M

CoreModules/nginx/config/nginx/nginx-default.conf

@@ -25,20 +25,11 @@ http {
 
 	server_names_hash_bucket_size 64;
 
+    root   /usr/share/nginx/html;
+
 	include /etc/nginx/mime.types;
 	default_type application/octet-stream;
 
-	ssl_protocols TLSv1.3 TLSv1.2;
-	ssl_prefer_server_ciphers on;
-    ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
-    ssl_session_cache shared:SSL:20m;
-    ssl_session_timeout 180m;
-    ssl_ecdh_curve secp384r1;
-    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
-	add_header X-Frame-Options sameorigin;
-    add_header X-Content-Type-Options nosniff;
-    add_header X-Xss-Protection "1; mode=block";
-
     #access_log /var/log/nginx/access.log;
     access_log off;
     error_log /var/log/nginx/error.log;
@@ -50,6 +41,7 @@ http {
     gzip_disable "msie6";
     gzip_buffers 16 8k;
 
+    include /etc/nginx/snippets/ngx-ssl.conf;
 	include /etc/nginx/conf.d/*.conf;
 	include /etc/nginx/sites-enabled/*;
 }

CoreModules/nginx/config/nginx/site_ssl-unconfigured

@@ -0,0 +1,25 @@
+server {
+    listen 80;
+    listen [::]:80;
+	server_name   DOMAINname;
+    
+    location / {
+        return 301 https://$host$request_uri;
+    }
+    
+}
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2; 
+    server_name   DOMAINname;
+    ssl_certificate /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer;
+    ssl_certificate_key /etc/acmesh/certs/DOMAINname_ecc/DOMAINname.key;
+    ssl_trusted_certificate /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer;
+    include snippets/ngx-ssl.conf; 
+    
+    
+
+#ConfHere
+
+}

CoreModules/nginx/config/nginx/site_ssl-wwwredir

@@ -0,0 +1,19 @@
+server {
+	#www.domain > domain redirect
+    listen       80;
+    listen       [::]:80;
+    server_name   www.DOMAINname;
+    return       301 http://DOMAINname$request_uri;
+}
+
+server {
+    #SSL www.domain > domain redirect
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2; 
+    server_name   www.DOMAINname;
+    ssl_certificate /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer;
+    ssl_certificate_key /etc/acmesh/certs/DOMAINname_ecc/DOMAINname.key;
+    ssl_trusted_certificate /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer; 
+    include snippets/ngx-ssl.conf; 
+    return       301 https://DOMAINname$request_uri;
+}

CoreModules/nginx/config/nginx/snippets-backendredir.conf

@@ -0,0 +1,3 @@
+    location /database {
+        return 301 http://$hostname/backend/database;
+    }

CoreModules/nginx/config/nginx/snippets-ssl.conf

@@ -0,0 +1,14 @@
+resolver 8.8.8.8;
+ssl_ecdh_curve secp384r1;
+ssl_session_cache shared:le_nginx_SSL:1m;
+ssl_session_timeout 1440m;
+ssl_stapling on;
+ssl_stapling_verify on;
+ssl_prefer_server_ciphers on;
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
+add_header X-Frame-Options sameorigin;
+add_header X-Content-Type-Options nosniff;
+add_header X-Xss-Protection "1; mode=block";
+add_header Strict-Transport-Security "max-age=31536000" always;
+ssl_dhparam /etc/acmesh/certs/ssl-dhparams.pem;

CoreModules/nginx/generic.pkg.list

@@ -0,0 +1 @@
+nginx apache2-utils

CoreModules/nginx/phpupdate-handeler.sh

@@ -0,0 +1,24 @@
+for f in /etc/nginx/sites-available/*; do
+    if [ $IMODE = n ] && [ $PhpPurge = 0 ]; then
+        if (whiptail --title "Update Nginx config ?" --yesno "Update php version in nginx site: ${f##*/}  ?" 8 78); then
+            sed -i  "s/$phpver/$newphpver/" $f
+        fi
+    fi
+    if [ $IMODE = l ] && [ $PhpPurge = 0 ]; then
+            while true; do
+                read -p "Update php version in nginx site: ${f##*/} ? -> yes/no?" yn
+                case $yn in
+                [Yy]* ) sed -i  "s/$phpver/$newphpver/" $f
+                break;;
+                [Nn]* ) echo ""
+                break;;
+                * ) echo "Choose yes of no.";;
+            esac
+        done    
+    fi
+    if [ $PhpPurge = 1 ]; then
+        sed -i  "s/$phpver/$newphpver/" $f
+    fi
+done
+ 
+systemctl reload nginx

CoreModules/nginx/preconf.sh

@@ -1 +1 @@
-$PKGA ppa:nginx/stable -y > $OUTPUT 2>&1
+curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=nginx osrel=$shortdist bash > $OUTPUT 2>&1

CoreModules/nginx/reqmodules.sh

@@ -0,0 +1 @@
+aonoption="$aonoption php-fpm"

CoreModules/nginx/ssl-handler.sh

@@ -0,0 +1,9 @@
+rm /etc/nginx/sites-enabled/"$sitename"
+ln -s /etc/nginx/sites-available/"$sitename"_"$site_ext" /etc/nginx/sites-enabled/"$sitename"
+
+if [ -n "$sslfr" ]; then
+    rm /etc/nginx/sites-enabled/Backend
+    ln -s /etc/nginx/sites-available/Backend_"$siteBackend_ext" /etc/nginx/sites-enabled/Backend
+fi
+
+systemctl reload nginx

CoreModules/nginx_nonphp/appendCMS-conf.sh

@@ -0,0 +1,22 @@
+#############
+#   Nginx   #
+#############
+
+if [ $domainwww = 1 ]; then
+	#non-ssl
+	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site-wwwredir >> /etc/nginx/sites-available/"$sitename"_nossl
+	echo "" >> /etc/nginx/sites-available/"$sitename"_nossl
+	#ssl 
+	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site_ssl-wwwredir >> /etc/nginx/sites-available/"$sitename"_ssl
+	echo "" >> /etc/nginx/sites-available/"$sitename"_ssl 
+fi
+
+#non-ssl
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site-unconfigured >> /etc/nginx/sites-available/"$sitename"_nossl 
+sed -i -e 's/DOMAINname/'$domain'/g' /etc/nginx/sites-available/"$sitename"_nossl 
+ln -s /etc/nginx/sites-available/"$sitename"_nossl /etc/nginx/sites-enabled/"$sitename"
+#ssl
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site_ssl-unconfigured >> /etc/nginx/sites-available/"$sitename"_ssl 
+sed -i -e 's/DOMAINname/'$domain'/g' /etc/nginx/sites-available/"$sitename"_ssl 
+
+systemctl reload nginx

CoreModules/nginx_nonphp/conf.sh

@@ -0,0 +1,31 @@
+systemctl stop nginx
+
+#############
+#   Nginx   #
+#############
+
+mkdir -p /var/www/html /etc/nginx/sites-available /etc/nginx/sites-enabled /etc/nginx/snippets /etc/nginx/modules-available /etc/nginx/modules-enabled /etc/nginx/snippets/
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/fastcgi.conf -o /etc/nginx/fastcgi.conf
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/snippets-ssl.conf -o /etc/nginx/snippets/ngx-ssl.conf
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/nginx-default.conf -o /etc/nginx/nginx.conf
+
+if [ $domainwww = 1 ]; then
+	#non-ssl
+	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site-wwwredir >> /etc/nginx/sites-available/"$sitename"_nossl
+	echo "" >> /etc/nginx/sites-available/"$sitename"_nossl
+	#ssl 
+	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site_ssl-wwwredir >> /etc/nginx/sites-available/"$sitename"_ssl
+	echo "" >> /etc/nginx/sites-available/"$sitename"_ssl 
+fi
+#non-ssl
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site-unconfigured >> /etc/nginx/sites-available/"$sitename"_nossl 
+sed -i -e 's/DOMAINname/'$domain'/g' /etc/nginx/sites-available/"$sitename"_nossl 
+ln -s /etc/nginx/sites-available/"$sitename"_nossl /etc/nginx/sites-enabled/"$sitename"
+#ssl
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site_ssl-unconfigured >> /etc/nginx/sites-available/"$sitename"_ssl 
+sed -i -e 's/DOMAINname/'$domain'/g' /etc/nginx/sites-available/"$sitename"_ssl 
+
+# custom Welcome page
+echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /usr/share/nginx/html/index.html
+
+systemctl start nginx

CoreModules/nginx_nonphp/generic.pkg.list

@@ -0,0 +1 @@
+nginx apache2-utils

CoreModules/nginx_nonphp/preconf.sh

@@ -0,0 +1,5 @@
+curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=nginx osrel=$shortdist bash > $OUTPUT 2>&1
+
+#Disable PhpMyadmin and Backend cms
+disbackendcms=1
+PHPMyadmin=1

CoreModules/nginx_nonphp/ssl-handler.sh

@@ -0,0 +1,4 @@
+rm /etc/nginx/sites-enabled/"$sitename"
+ln -s /etc/nginx/sites-available/"$sitename"_"$site_ext" /etc/nginx/sites-enabled/"$sitename"
+
+systemctl reload nginx

Docs/docs/Dev-Adding-CMS.md

@@ -3,10 +3,14 @@
 * CMS/`<NewCmsName>`/
     * conf.sh
     * preconf.sh
-    * apt.list
+    * generic.pkg.list
+	* apt.pkg.list
+	* dnf.pkg.list    
     * `<Webserver>`-conf.sh
     * `<Webserver>`-preconf.sh
-    * `<Webserver>`-apt.list
+    * `<Webserver>`-generic.pkg.list
+    * `<Webserver>`-apt.pkg.list
+    * `<Webserver>`-dnf.pkg.list
     * `<Webserver>`-unconfigured
 
 # File Explanation
@@ -14,10 +18,14 @@
 | -------- | ------------ |
 | preconf.sh  | Pre config/apt install commands runs for all web servers |
 | conf.sh  | Configuration runs for all webservers |
-| apt.list  | packagelist for all webservers |
+| generic.pkg.list | packagelist for this webserver and php for all distro's | 
+| apt.pkg.list | packagelist for this webserver and php for distro's that use apt |   
+| dnf.pkg.list | packagelist for this webserver and php for distro's that use dnf/yum |   
 | `<Webserver>`-preconf.sh  | Pre config/apt install commands runs for specified webserver |
 | `<Webserver>`-conf.sh  | Configuration runs for specified webserver |
-| `<Webserver>`-apt.list | packagelist for specified webserver |
+| `<Webserver>`-generic.pkg.list | packagelist for specified webserver for all distro's|
+| `<Webserver>`-apt.pkg.list | packagelist for specified webserver for distro's that use apt|
+| `<Webserver>`-dnf.pkg.list | packagelist for specified webserver for distro's that use dnf/yum|
 | `<Webserver>`-unconfigured | webserver(vhost) config | 
 
 
@@ -26,7 +34,7 @@
 ## nginx-conf.sh
 ```
 #Getting Nginx SiteConfig
-wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/<CMSName>/Nginx-unconfigured -O /tmp/nginx-siteconf
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CMS/<CMSName>/Nginx-unconfigured -o /tmp/nginx-siteconf
 
 #Configuring Nginx SiteConfig
 sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/' /tmp/nginx-siteconf
@@ -43,7 +51,7 @@ systemctl reload nginx
 
 ```
 #Getting Nginx SiteConfig
-wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/<CMSName>/Nginx-unconfigured -O /tmp/nginx-siteconf
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CMS/<CMSName>/Nginx-unconfigured -o /tmp/nginx-siteconf
 
 #Configuring Nginx SiteConfig
 sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/' /tmp/nginx-siteconf

Docs/docs/Dev-Adding-Modules.md

@@ -5,10 +5,14 @@ In both cases the file structure is expected as shown below
 # List of possible Files and expected Structure
 * conf.sh
 * preconf.sh
-* apt.list
+* generic.pkg.list
+* apt.pkg.list
+* dnf.pkg.list
 * `<webserver>`-conf.sh
 * `<webserver>`-preconf.sh
-* `<webserver>`-apt.list
+* `<Webserver>`-generic.pkg.list
+* `<Webserver>`-apt.pkg.list
+* `<Webserver>`-dnf.pkg.list
 * config/*
 
 ## The internal module location
@@ -19,10 +23,14 @@ SubModules/`<ModuleName>`
 | -------- | ------------ |
 | preconf.sh | Pre config/apt install commands runs for all web servers | 
 | conf.sh| Configuration runs for all webservers | 
-| apt.list | packagelist for all webservers | 
+| generic.pkg.list | packagelist for this webserver and php for all distro's | 
+| apt.pkg.list | packagelist for this webserver and php for distro's that use apt |   
+| dnf.pkg.list | packagelist for this webserver and php for distro's that use dnf/yum |   
 | `<Webserver>`-preconf.sh | Pre config/apt install commands runs for specified webserver |
 | `<Webserver>`-conf.sh | Configuration runs for specified webserver | 
-| `<Webserver>`-apt.list | packagelist for specified webserver | 
+| `<Webserver>`-generic.pkg.list | packagelist for specified webserver for all distro's|
+| `<Webserver>`-apt.pkg.list | packagelist for specified webserver for distro's that use apt|
+| `<Webserver>`-dnf.pkg.list | packagelist for specified webserver for distro's that use dnf/yum|
 | config/* | Directory for config files | 
 
 

Docs/docs/Dev-Adding-Webserver.md

@@ -2,7 +2,9 @@
 * CoreModules/`<webserverName>`/
     * conf.sh
 	* preconf.sh
-	* apt.list
+	* generic.pkg.list
+	* apt.pkg.list
+	* dnf.pkg.list
 	* appendCMS-conf.sh
 	* config/*
 # File Explanation
@@ -10,7 +12,9 @@
 | -------- | ------------ |
 | preconf.sh | Pre config/apt install commands (ex: repo setup) |
 | conf.sh | Configuration for webserver and php | 
-| apt.list | packagelist for this webserver and php |  
+| generic.pkg.list | packagelist for this webserver and php for all distro's | 
+| apt.pkg.list | packagelist for this webserver and php for distro's that use apt |   
+| dnf.pkg.list | packagelist for this webserver and php for distro's that use dnf/yum |   
 | appendCMS-conf.sh | Runs when a domain gets added after inital install by appendCMS.sh | 
 
 # Defining in the menu

Docs/mkdocs.yml

@@ -1,7 +1,7 @@
 site_name: Web-V2
 theme: slate
 repo_name: 'Git Repo'
-repo_url: https://git.ictmaatwerk.com/bprieshof/UBU-Web-V2/src/branch/master
+repo_url: https://git.ictmaatwerk.com/VPS-scripts/Web-V2/src/branch/master
 nav:
     - User: 'User-MainInfo.md'
     - Development:

ModulesMenu.list

@@ -5,6 +5,7 @@
 if [ $IMODE = n ]; then
 #WebServers
 webservers=("Nginx:" "Will install NGINX Webserver." ON)
+webservers+=("Nginx_nonphp:" "Will install NGINX Webserver without php-fpm." OFF)
 webservers+=("Apache:" "Will install Apache Webserver." OFF)
 
 ##Nginx
@@ -14,27 +15,45 @@ nginxCMSL+=("Wordpress:" "WordPress is a content management system based on PHP.
 nginxCMSL+=("Nextcloud:" "Nextcloud is a suite of client-server software for creating and using file hosting services." OFF)
 #Options
 nginxOptions=("Redis:" "Redis caching" OFF)
+nginxOptions+=("Postfix:" "Mail MTA" OFF)
+
+##Nginx
+#CMSList
+nginx_nonphpCMSL=("None:" "A plain webserver will be setup." OFF)
+#Options
+nginx_nonphpOptions=("Redis:" "Redis caching" OFF)
+nginx_nonphpOptions+=("Postfix:" "Mail MTA" OFF)
 
 ##Apache
 #CMSList
 apacheCMSL=("None:" "A plain webserver will be setup." OFF)
 apacheCMSL+=("Wordpress:" "WordPress is a content management system based on PHP." OFF)
+apacheCMSL+=("Nextcloud:" "Nextcloud is a suite of client-server software for creating and using file hosting services." OFF)
 #Options
 apacheOptions=("Redis:" "Redis caching" OFF)
+apacheOptions+=("Postfix:" "Mail MTA" OFF)
+
 fi
 if [ $IMODE = l ]; then
 #WebServers
-webservers=("Nginx" "Apache" "Quit")
+webservers=("Nginx" "Nginx_nonphp"  "Apache" "Quit")
+
 ##Nginx
 #CMSList
-nginxCMSL=("Wordpress" "Nextcloud" "None")
+nginxCMSL=("None" "Wordpress" "Nextcloud")
 #Options
-nginxOptions=("Redis:")
+nginxOptions=("Redis:" "Postfix:")
 
+##Nginx-nonphp
+#CMSList
+nginx_nonphpCMSL=("None")
+#Options
+nginx_nonphpOptions=("Redis:" "Postfix:")
 
 ##Apache
 #CMSList
-apacheCMSL=("Wordpress" "Nextcloud" "None")
+apacheCMSL=("None" "Wordpress" "Nextcloud")
 #Options
-apacheOptions=("Redis:")
+apacheOptions=("Redis:" "Postfix:")
+
 fi

Notes.md

@@ -1,2 +0,0 @@
-### Apache config 
-set `IncludeOptional sites-enabled/*.conf` to `IncludeOptional sites-enabled/*`

PhpUpdater.sh

@@ -0,0 +1,91 @@
+#sysCheck
+if [ ! -f "/etc/ICTM/selopts.list" ] || [ ! -f "/etc/ICTM/mainvar.list" ] ; then echo 'This system is not yet setup, please run the main installer first' && exit ; fi
+
+PKGI="${PKGM} install -y --no-install-recommends"
+#Getting variables
+source /etc/ICTM/mainvar.list
+PPAversion=`apt list php | egrep -o "([0-9]{1,}.)+[0-9]{1,}" | cut -c 3-` && PPAversion=`echo $PPAversion | awk '{print $1; }'  | cut -f1 -d"+"`
+
+msg () {
+    if [ $IMODE = n ]; then
+        TERM=ansi whiptail --title "Info" --msgbox "$1" 8 52
+    fi
+    if [ $IMODE = l ]; then
+        echo "$1"
+    fi
+}
+
+msg "Current php version: $phpver"
+
+if [ $IMODE = n ]; then
+    # Legacy/Main Menu
+    PKGP="debconf-apt-progress -- apt purge -y"
+
+    #Menu
+    if (whiptail --title "Set new php version?" --yesno "Install php version $PPAversion ?" 8 78); then
+        newphpver=$PPAversion
+    else
+        newphpver=$(whiptail --inputbox "Please enter the version to install" --title "Custom" 8 39 3>&1 1>&2 2>&3)
+    fi
+
+    #Install
+     apt list --installed | less | grep php$phpver | cut -f1 -d"/" | sed "s/$phpver/$newphpver/"  | xargs $PKGI
+
+    #Config
+    cp /etc/php/$phpver/fpm/pool.d/* /etc/php/$newphpver/fpm/pool.d/
+
+    #Purge
+    if (whiptail --title "Set new php version?" --yesno "Remove php $phpver ?" 8 78); then
+       PhpPurge=1
+       $PKGP -y php$phpver*
+    else
+       PhpPurge=0
+    fi
+fi
+
+if [ $IMODE = l ]; then
+    # Legacy/Main Menu
+    PKGP="apt purge -y"
+
+    #Menu    
+    while true; do
+        read -p "Set phpversion to version $PPAversion ? -> yes/no?" yn
+        case $yn in
+            [Yy]* ) newphpver=$PPAversion
+            break;;
+            [Nn]* ) echo "";
+            echo "Please enter php version to install:";read newphpver
+            break;;
+            * ) echo "Choose yes or no.";;
+        esac
+    done
+    
+    #Install
+    apt list --installed | less | grep php$phpver | cut -f1 -d"/" | sed "s/$phpver/$newphpver/"  | xargs $PKGI
+
+    #Config
+    cp /etc/php/$phpver/fpm/pool.d/* /etc/php/$newphpver/fpm/pool.d/
+    
+    #Purge
+    while true; do
+        read -p "Remove php $phpver ? -> yes/no?" yn
+        case $yn in
+            [Yy]* ) PhpPurge=1 ; $PKGP php$phpver*
+            break;;
+            [Nn]* ) PhpPurge=0 ; echo ""
+            break;;
+            * ) echo "Choose yes or no.";;
+        esac
+    done    
+fi
+
+for f in /etc/php/$newphpver/fpm/pool.d/*; do
+    sed -i  "s/$phpver/$newphpver/" $f
+done
+systemctl reload php$newphpver-fpm
+
+sed -i "/phpver/c\phpver=\"$newphpver\"" /etc/ICTM/mainvar.list
+
+if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/phpupdate-handeler.sh; then
+ source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/phpupdate-handeler.sh)
+fi

README.md

@@ -1,17 +1,31 @@
-# Ubuntu-Web-V2
+# Web-V2
 **Get Started with the graphical installer**:  
+Using curl
 ```
-wget https://git.ictmaatwerk.com/bprieshof/UBU-Web-V2/raw/branch/master/installer.sh -O /tmp/installer.sh  
+curl https://git.ictmaatwerk.com/VPS-scripts/Web-V2/raw/branch/master/installer.sh -o /tmp/installer.sh  
 bash /tmp/installer.sh
 ```  
 
-**Legacy Installer for developing and debugging**:
-```
-wget https://git.ictmaatwerk.com/bprieshof/UBU-Web-V2/raw/branch/master/installer.sh -O /tmp/installer.sh  
-bash /tmp/installer.sh -l 2>&1 | tee ~/output.log 
+Using wget
 ```
+wget https://git.ictmaatwerk.com/VPS-scripts/Web-V2/raw/branch/master/installer.sh -O /tmp/installer.sh  
+bash /tmp/installer.sh
+```  
 
-#### This script uses the following repo's as dependencies:
+**Legacy Installer for developing and debugging**:  
+Using curl
+```
+curl https://git.ictmaatwerk.com/VPS-scripts/Web-V2/raw/branch/master/installer.sh -o /tmp/installer.sh  
+bash /tmp/installer.sh -l 2>&1 | tee ~/output.log 
+```  
+
+Using wget
+```
+wget https://git.ictmaatwerk.com/VPS-scripts/Web-V2/raw/branch/master/installer.sh -O /tmp/installer.sh  
+bash /tmp/installer.sh -l 2>&1 | tee ~/output.log 
+```  
+
+### This script uses the following repo's as dependencies:
 ```
 * VPS-scripts/Unattended-Security-Updates 
 * VPS-scripts/Ubuntu-MySQL

Scripts/EnableSSL.sh

@@ -1,29 +1,52 @@
+#loading install vars
+source /etc/ICTM/mainvar.list
 #Setting Vars
-confname=CONFname
+sitename=CONFname
 domain=DOMAINname
 domainwww=DomainWWW
-email=Email
 webserv=WebServer
 webservice=WebServer
 
 #Correcting service name for Apache
 if [ $webservice = apache ]; then
     webservice=apache2
+    ext=.conf
+fi
+
+#Correcting service name for nginx_nonphp
+if [ $webservice = nginx_nonphp ]; then
+    webservice=nginx
+    webserv=nginx
 fi
 
 #Backing-up and removing current config
-sed -n '/#beginConf/,/#endConf/p' /etc/"$webservice"/sites-enabled/"$confname" > /tmp/"$confname"-config
-sed -n -i '/#beginConf/{:a;N;/#endConf/!ba;N;s/.*\n/#ConfHere\n/};p' /etc/"$webservice"/sites-enabled/"$confname"
+sed -n '/#beginConf/,/#endConf/p' /etc/"$webservice"/sites-available/"$sitename"_nossl"$ext" > /tmp/"$sitename"-config
+sed -n -i '/#beginConf/{:a;N;/#endConf/!ba;N;s/.*\n/#ConfHere\n/};p' /etc/"$webservice"/sites-available/"$sitename"_nossl"$ext"
 systemctl reload $webservice
 
 #Enabling SSL
 if [ $domainwww = 1 ]; then
-   certbot --"$webserv" -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
+    /opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --"$webserv" --ocsp --keylength 'ec-384' -d "$domain" -d "www.$domain"
+    certsatus=$?
 elif [ $domainwww = 0 ]; then
-   certbot --"$webserv" -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
-fi  
+    /opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --"$webserv" --ocsp --keylength 'ec-384' -d "$domain"
+    certsatus=$?
+fi
+  
+if test $certsatus -eq 0
+then
+	site_ext="ssl"
+else
+	site_ext="nossl"
+    rm -rf /etc/acmesh/certs/$domain*
+    echo "LE failed, restoring configuration"
+fi
+unset certsatus
 
 #Restoring config
-sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e "/#ConfHere1/ r /tmp/"$confname"-config" -e '/#ConfHere/c\' /etc/"$webservice"/sites-enabled/"$confname"
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e "/#ConfHere1/ r /tmp/"$sitename"-config" -e '/#ConfHere/c\' /etc/"$webservice"/sites-available/"$sitename"_"$site_ext""$ext"
+source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/ssl-handler.sh)
 
-systemctl reload $webservice
+if [ $site_ext = ssl ]; then
+rm -- "$0"
+fi

Scripts/SMI.sh

@@ -12,7 +12,7 @@ SMI_config=no
 SMI_ModuleName=<ModuleName>
 
 #Enforcing Legacy Mode
-PKGM="apt"
+APTMODE="apt"
 OUTPUT='/dev/tty'
 IMODE=l
 
@@ -23,20 +23,63 @@ sslenable=1
 password=TestP@ssword123
 email=test@mail.local
 webserv=nginx
+#PackageManager-config
+
+dist_ver=$(grep --color=never -Po "^VERSION_ID=\K.*" "/etc/os-release")
+dist=$(grep --color=never -Po "^ID=\K.*" "/etc/os-release")
+
+if [[ "${dist}" == *"ubuntu"* ]] && [[ "${dist_ver}" == *"18.04"* ]]; then
+ echo "Ubuntu 18.04 Detected"
+ PKGM="$APTMODE"
+ PKGI="${PKGM} install -y --no-install-recommends"
+ PKGLIST="apt"
+ shortdist=ubu1804
+elif [[ "${dist}" == *"ubuntu"* ]] && [[ "${dist_ver}" == *"20.04"* ]]; then
+ echo "Ubuntu 20.04 Detected"
+ PKGM="$APTMODE"
+ PKGI="${PKGM} install -y --no-install-recommends"
+ PKGLIST="apt"
+ echo "This OS is not supported"
+ exit
+ shortdist=ubu2004 
+elif [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"10"* ]]; then
+ echo "Debian 10 Detected"
+ PKGM="$APTMODE"
+ PKGI="${PKGM} install -y --no-install-recommends"
+ PKGLIST="apt"
+ shortdist=deb10
+ echo "This OS is not supported"
+ exit
+elif [[ "${dist}" == *"centos"* ]] && [[ "${dist_ver}" == *"8"* ]]; then
+ echo "Centos 8 Detected"
+ PKGM="dnf"
+ PKGI="${PKGM} install --setopt=install_weak_deps=False --best -y"
+ PKGLIST="dnf"
+ shortdist=cent8
+ echo "This OS is not supported"
+ exit
+else
+ echo "This OS is not supported"
+ exit
+fi
+
+unset dist_ver dist APTMODE
+
 
 #Repo Vars
-repo=https://git.ictmaatwerk.com/bprieshof/UBU-Web-V2
+repo=https://git.ictmaatwerk.com/VPS-scripts/Web-V2
 branch=master
+branchtype=branch
 
 ###Select Module type
 ##Uncomment for CoreModules
-mtype=""$repo"/raw/branch/"$branch"/CoreModules/"$SMI_ModuleName""
+mtype=""$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$SMI_ModuleName""
 ##Uncomment for SubModules
-#mtype=""$repo"/raw/branch/"$branch"/SubModules/"$SMI_ModuleName""
+#mtype=""$repo"/raw/"$branchtype"/"$branch"/SubModules/"$SMI_ModuleName""
 ##Uncomment for CMS
-#mtype=""$repo"/raw/branch/"$branch"/CMS/"$SMI_ModuleName""
+#mtype=""$repo"/raw/"$branchtype"/"$branch"/CMS/"$SMI_ModuleName""
 ##Uncomment for External Module
-#mtype=""$repo"/raw/branch/"$branch""
+#mtype=""$repo"/raw/"$branchtype"/"$branch""
 
 #SelfBuilding Vars
 PKGI="${PKGM} install -y"
@@ -70,21 +113,27 @@ $PKGI curl > $OUTPUT 2>&1
 #    Generating APT list    #
 ##-------------------------##
 #General aptList
-if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$mtype"/"$webserv"-apt.list; then
- curl "$mtype"/"$webserv"-apt.list >>/tmp/apt.list
+if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$mtype"/generic.pkg.list; then
+ curl "$mtype"/generic.pkg.list >>/tmp/pkg.list
 fi
-#Webserver specific aptList
-if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$mtype"/apt.list; then
- curl "$mtype"/apt.list >>/tmp/apt.list
+if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$mtype"/"$PKGLIST".pkg.list; then
+ curl "$mtype"/"$PKGLIST".pkg.list >>/tmp/pkg.list
 fi
 
+#Webserver specific aptList
+if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$mtype"/"$webserv"-generic.pkg.list; then
+ curl "$mtype"/"$webserv"-generic.pkg.list >>/tmp/pkg.list
+fi
+if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$mtype"/"$webserv"-"$PKGLIST".pkg.list; then
+ curl "$mtype"/"$webserv"-"$PKGLIST".pkg.list >>/tmp/pkg.list
+fi
 
 ##--------------------##
 #   Pre-Requirements   #
 ##--------------------## 
 
 msg "                Preconfiguring"
-$PKGI software-properties-common gnupg > $OUTPUT 2>&1
+curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=init osrel=$shortdist bash > $OUTPUT 2>&1
 $PKGM update
 $PKGM upgrade -y
 
@@ -107,8 +156,8 @@ fi
 ##-------------##
 
 $PKGM update
-sed -i 's/PHPver/'$phpver'/g' /tmp/apt.list
-cat /tmp/apt.list | xargs $PKGI
+sed -i 's/PHPver/'$phpver'/g' /tmp/pkg.list
+cat /tmp/pkg.list | xargs $PKGI
 
 
 ##---------------##

Scripts/toggles/toggle-Netdata_NGINX.sh

@@ -1,29 +1,41 @@
 function usage {
- echo "Usage: $0 [option...]" >&2
- echo
- echo "   -e,    Enable Netdata"
- echo "   -d,    Disable Netdata"
- echo
+    echo "Usage: $0 [option...]" >&2
+    echo
+    echo "   -e,    Enable Netdata"
+    echo "   -d,    Disable Netdata"
+    echo "   -h,    Shows this information"
+    echo
 }
-
-
 if [ -n "$1" ]; then
-
-if [ "$1" = "-d" ]; then
- echo "Disable Netdata"
- sed -i '/deny all; #enables\/disables Netdata/c\        deny all; #enables\/disables Netdata' /etc/nginx/sites-available/Backend
- systemctl stop netdata
- systemctl disable netdata > /dev/null 2>&1
- systemctl reload nginx
-elif [ "$1" = "-e" ]; then
- echo "Enable Netdata"
- sed -i '/deny all; #enables\/disables Netdata/c\        #deny all; #enables\/disables Netdata' /etc/nginx/sites-available/Backend
- systemctl start netdata
- systemctl enable netdata > /dev/null 2>&1
- systemctl reload nginx
+    if [[ ! -f /etc/ICTM/toggle.conf ]]; then
+        echo "Creating File"
+        touch /etc/ICTM/toggle.conf
+    fi
+    source /etc/ICTM/toggle.conf
+    if [ -z "$NetDa" ]; then
+        echo "Creating Var"
+        echo "NetDa=3" >> /etc/ICTM/toggle.conf
+        NetDa=3
+    fi
+    if [[ "$1" = "-d" && "$NetDa" != 0 ]]; then
+        echo "Disable Netdata"
+        sed -i '/NetDa=/c\NetDa=0' /etc/ICTM/toggle.conf
+        sed -i --follow-symlinks '/deny all; #enables\/disables Netdata/c\        deny all; #enables\/disables Netdata' /etc/nginx/sites-enabled/Backend
+        systemctl stop netdata
+        systemctl disable netdata > /dev/null 2>&1
+        systemctl reload nginx
+    elif [[ "$1" = "-e" && "$NetDa" !=  1 ]]; then
+        echo "Enable Netdata"
+        sed -i '/NetDa=/c\NetDa=1' /etc/ICTM/toggle.conf
+        sed -i --follow-symlinks '/deny all; #enables\/disables Netdata/c\        #deny all; #enables\/disables Netdata' /etc/nginx/sites-enabled/Backend
+        systemctl start netdata
+        systemctl enable netdata > /dev/null 2>&1
+        systemctl reload nginx
+    elif [[ "$1" = "-h" ]]; then
+        usage
+    else
+        echo "Oopsie!"
+    fi
 else
  usage
-fi
-else
- usage
-fi
+fi

Scripts/toggles/toggle-PhpMyAdmin_APACHE.sh

@@ -0,0 +1,37 @@
+function usage {
+    echo "Usage: $0 [option...]" >&2
+    echo
+    echo "   -e,    Enable PhpMyadmin"
+    echo "   -d,    Disable PhpMyadmin"
+    echo "   -h,    Shows this information"
+    echo
+}
+if [ -n "$1" ]; then
+    if [[ ! -f /etc/ICTM/toggle.conf ]]; then
+        echo "Creating File"
+        touch /etc/ICTM/toggle.conf
+    fi
+    source /etc/ICTM/toggle.conf
+    if [ -z "$PhpMA" ]; then
+        echo "Creating Var"
+        echo "PhpMA=3" >> /etc/ICTM/toggle.conf
+        PhpMA=3
+    fi
+    if [[ "$1" = "-d" && "$PhpMA" != 0 ]]; then
+        echo "Disable PhpMyadmin"
+        sed -i '/PhpMA=/c\PhpMA=0' /etc/ICTM/toggle.conf
+        sed -i --follow-symlinks '/#enables\/disables PHPMyadmin/!b;n;cdeny from all' /etc/apache2/sites-enabled/010-Backend.conf
+        systemctl reload apache2
+    elif [[ "$1" = "-e" && "$PhpMA" !=  1 ]]; then
+        echo "Enable PhpMyadmin"
+        sed -i '/PhpMA=/c\PhpMA=1' /etc/ICTM/toggle.conf
+        sed -i --follow-symlinks '/#enables\/disables PHPMyadmin/!b;n;c#deny from all' /etc/apache2/sites-enabled/010-Backend.conf
+        systemctl reload apache2
+    elif [[ "$1" = "-h" ]]; then
+        usage
+    else
+        echo "Oopsie!"
+    fi
+else
+ usage
+fi

Scripts/toggles/toggle-PhpMyAdmin_NGINX.sh

@@ -1,25 +1,37 @@
 function usage {
- echo "Usage: $0 [option...]" >&2
- echo
- echo "   -e,    Enable PhpMyadmin"
- echo "   -d,    Disable PhpMyadmin"
- echo
+    echo "Usage: $0 [option...]" >&2
+    echo
+    echo "   -e,    Enable PhpMyadmin"
+    echo "   -d,    Disable PhpMyadmin"
+    echo "   -h,    Shows this information"
+    echo
 }
-
-
 if [ -n "$1" ]; then
-
-if [ "$1" = "-d" ]; then
- echo "Disable PhpMyadmin"
- sed -i '/deny all; #enables\/disables PHPMyadmin/c\        deny all; #enables\/disables PHPMyadmin' /etc/nginx/sites-available/Backend
- systemctl reload nginx
-elif [ "$1" = "-e" ]; then
- echo "Enable PhpMyadmin"
- sed -i '/deny all; #enables\/disables PHPMyadmin/c\        #deny all; #enables\/disables PHPMyadmin' /etc/nginx/sites-available/Backend
- systemctl reload nginx
+    if [[ ! -f /etc/ICTM/toggle.conf ]]; then
+        echo "Creating File"
+        touch /etc/ICTM/toggle.conf
+    fi
+    source /etc/ICTM/toggle.conf
+    if [ -z "$PhpMA" ]; then
+        echo "Creating Var"
+        echo "PhpMA=3" >> /etc/ICTM/toggle.conf
+        PhpMA=3
+    fi
+    if [[ "$1" = "-d" && "$PhpMA" != 0 ]]; then
+        echo "Disable PhpMyadmin"
+        sed -i '/PhpMA=/c\PhpMA=0' /etc/ICTM/toggle.conf
+        sed -i --follow-symlinks '/deny all; #enables\/disables PHPMyadmin/c\        deny all; #enables\/disables PHPMyadmin' /etc/nginx/sites-enabled/Backend
+        systemctl reload nginx
+    elif [[ "$1" = "-e" && "$PhpMA" !=  1 ]]; then
+        echo "Enable PhpMyadmin"
+        sed -i '/PhpMA=/c\PhpMA=1' /etc/ICTM/toggle.conf
+        sed -i --follow-symlinks '/deny all; #enables\/disables PHPMyadmin/c\        #deny all; #enables\/disables PHPMyadmin' /etc/nginx/sites-enabled/Backend
+        systemctl reload nginx
+    elif [[ "$1" = "-h" ]]; then
+        usage
+    else
+        echo "Oopsie!"
+    fi
 else
  usage
-fi
-else
- usage
-fi
+fi

SubModules/php-fpm/conf.sh

@@ -0,0 +1,17 @@
+systemctl stop php${phpver}-fpm 
+###############
+#   PHP-FPM   #
+###############
+
+sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/"$phpver"/fpm/php.ini
+sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' /etc/php/"$phpver"/fpm/php.ini
+sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/"$phpver"/fpm/php.ini
+sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/"$phpver"/fpm/php.ini
+sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=50000/g' /etc/php/"$phpver"/fpm/php.ini
+sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/"$phpver"/fpm/php.ini
+sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/"$phpver"/fpm/php.ini
+sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/"$phpver"/fpm/php.ini
+sed -i 's/upload_max_filesize = 2/upload_max_filesize = 128/g' /etc/php/"$phpver"/fpm/php.ini
+sed -i 's/post_max_size = 8/post_max_size = 64/g' /etc/php/"$phpver"/fpm/php.ini
+
+systemctl start php${phpver}-fpm

SubModules/php-fpm/generic.pkg.list

@@ -0,0 +1 @@
+phpPHPver-imagick php-pear phpPHPver-cli phpPHPver-apcu phpPHPver-fpm phpPHPver-mysql phpPHPver-cgi phpPHPver-common phpPHPver-mbstring phpPHPver-curl phpPHPver-gd phpPHPver-intl phpPHPver-soap phpPHPver-xml phpPHPver-xmlrpc phpPHPver-zip 

SubModules/postfix/apt.pkg.list

@@ -0,0 +1 @@
+mailutils

SubModules/postfix/conf.sh

@@ -0,0 +1,16 @@
+##-------------##
+#    Postfix    #
+##-------------##
+
+sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf
+sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf
+sed -i 's/relayhost =/mydestination = '$hostname', localhost.'$hostname', '$hostname'/g' /etc/postfix/main.cf
+echo "bounce_notice_recipient = info@$domain" >> /etc/postfix/main.cf
+cat <<EOF > /etc/aliases
+# See man 5 aliases for format
+postmaster:    root
+root:          $email
+EOF
+newaliases
+
+systemctl reload postfix postfix@- 

SubModules/postfix/generic.pkg.list

@@ -0,0 +1 @@
+postfix

SubModules/postfix/preconf.sh

@@ -0,0 +1,11 @@
+if [ -z "${domain}" ]; then
+    if [ $IMODE = n ]; then
+        domain=$(whiptail --nocancel --inputbox "                        Enter the domain without WWW     " 11 82 --title "Config" 3>&1 1>&2 2>&3)
+    elif [ $IMODE = l ]; then
+        echo "Enter the domain without WWW:"
+        read domain
+    fi
+fi
+
+debconf-set-selections <<< "postfix postfix/mailname string $domain"
+debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"

SubModules/redis/preconf.sh

@@ -1,3 +1,3 @@
 #!/bin/bash
 
-$PKGA ppa:chris-lea/redis-server -y -n > $OUTPUT 2>&1
+curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=redis osrel=$shortdist bash > $OUTPUT 2>&1

TO-DO\FIX-CHECK

@@ -1,2 +0,0 @@
-# Menu Legacy
-Options enable/disable

TO-DO\Wanted-Features.md

@@ -1,8 +0,0 @@
-# Webservers
-* Apache
-# Modules 
-* Fail2Ban
-
-# Other
-* detection if hostname(fqdn) is same as web domain
-* Update tool for PHP (example 7.3 to 7.4)

TO-DO_FIX-CHECK.md

@@ -0,0 +1,6 @@
+# Menu Legacy
+~~Options enable/disable~~
+# Other  
+WordPress hardening  
+~~DH-key length~~  
+~~Switch to curl instead of wget~~

TO-DO_Wanted-Features.md

@@ -0,0 +1,11 @@
+# Webservers
+* ~~Apache~~
+# Modules 
+* ~~Fail2Ban~~
+
+# Other
+* ~~detection if hostname(fqdn) is same as web domain~~
+* ~~Update tool for PHP (example 7.3 to 7.4)~~
+* ~~Auto cron disable Backend admin Ui~~
+* ~~Certbot chiphers & tls1.3~~
+* ~~Ability to set the git url to use */tag/* instead of */branch/*, for ease of use while installing a release version~~

config/fail2ban/Filters/nextcloud.filter

@@ -0,0 +1,4 @@
+[Definition]
+_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
+failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
+datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"