Work_Archive/VPS-scripts_Web-V2
1
0
Fork 0
Code Issues 3 Pull Requests Packages Projects Releases 11 Wiki Activity

Compare commits

base: Work_Archive:Main-V2.0-Stable
Branches Tags
Work_Archive:main
Work_Archive:Main-V2.1 Work_Archive:Main-V2.0-Stable Work_Archive:Main-v1.2-Stable Work_Archive:Main-v1.1-Stable Work_Archive:Main-v1.0.1-Stable Work_Archive:Main-v1.0.0-Stable Work_Archive:Main-v0.1.1-Stable Work_Archive:Main-v0.1-Stable Work_Archive:Core-v1.2-Stable Work_Archive:Core-v1.1-Stable Work_Archive:Core-v1-Stable
...
compare: Work_Archive:Main-V2.1
Branches Tags
Work_Archive:main
Work_Archive:Main-V2.1 Work_Archive:Main-V2.0-Stable Work_Archive:Main-v1.2-Stable Work_Archive:Main-v1.1-Stable Work_Archive:Main-v1.0.1-Stable Work_Archive:Main-v1.0.0-Stable Work_Archive:Main-v0.1.1-Stable Work_Archive:Main-v0.1-Stable Work_Archive:Core-v1.2-Stable Work_Archive:Core-v1.1-Stable Work_Archive:Core-v1-Stable

18 Commits
Main-V2.0- ... Main-V2.1

Author SHA1 Message Date
Bram Prieshof
9b448938bf Sync 'Debian11Testing' to master 2021-09-08 14:54:55 +02:00
Bram Prieshof
429f75e5e3 Main, Prepair for sync to master branch 2021-09-08 14:42:29 +02:00
Bram Prieshof
c512a70477 Main:Inst added var:sshservice for el8 using sshd 
and deb based ssh
 2021-09-08 13:54:33 +02:00
Bram Prieshof
50c3561710 Main:Inst updated ssh service name sshd->ssh 
Since in Debian 11  `ssh` is more reliable then 'sshd'
 2021-09-08 10:35:21 +02:00
Bram Prieshof
668da644f3 Main, MariaDB & Deb11; CMS:Backend 
Main, MariaDB:
Switched form MariaDB back to MySQL since it is available for Deb11

Main, Debian 11
Enabled Debian 11  support, and removed warnings

CMS:Backend increased limits
PHP: post_max to 256M
Nginx: client_max_body to 256m and fcgi_timeout to 10 minutes
 2021-09-03 14:02:06 +02:00
Bram Prieshof
bbd91b4e9a Mod:php-fpm update script new version detection 
Updated detection for latested php version in repo for deb based
now using apt package list repo file instead of apt list command
 2021-08-27 15:21:18 +02:00
Bram Prieshof
4238e78ac1 Mod:Postfix Added basic SSL/TLS support 2021-08-26 15:20:31 +02:00
Bram Prieshof
98c5429f00 Added fix from #10 to all php versions 2021-08-19 14:54:47 +02:00
Bram Prieshof
c9abe992e0 Main: Added inital support for Debian 11 
Added Debian 11 as supported os
Added deb11 to all places were deb10 was in a if statement

Temporarily replaced MySQL with MariaDB,
since the MySQL repo is not yet avalible
 2021-08-19 12:47:01 +02:00
Bram Prieshof
02e644ba60 CMS:Nextcloud added missing semicolon 2021-08-11 13:20:41 +02:00
Bram Prieshof
b911388b85 Added fix for Nextcloud php8.x (see #10) 2021-08-11 13:05:17 +02:00
Bram Prieshof
ad5411b8cb Update 'CMS/none/conf.sh' 2021-05-27 12:49:17 +02:00
Bram Prieshof
b94a84bb84 CMS:Nextcloud added config option for trash clean 2021-05-06 11:55:11 +02:00
Bram Prieshof
73e168ff44 CMS:Nextcloud nginx added missing line 
Signed-off-by: Bram Prieshof <bprieshof@noreply@ictmaatwerk.com>
 2021-04-15 22:30:20 +02:00
Bram Prieshof
6ffae91431 CMS:Nextcloud Init.sh fixed typo 2021-04-15 13:46:13 +02:00
Bram Prieshof
dabb32845d CMS:Nextcloud fixes related to #15 2021-04-14 14:54:05 +02:00
Bram Prieshof
f27c55336e Main:AppendCMS added fix for #12, Forgotten this 2021-03-25 12:17:05 +01:00
Bram Prieshof
dda74005f5 Main: Added fix SSL issue described #12 2021-03-24 15:06:54 +01:00
29 changed files with 160 additions and 38 deletions
Expand all files Collapse all files

2
AppendCMS.sh
View File

@@ -272,6 +272,8 @@ msg " Setting up SSL"
if test $certsatus -eq 0 if test $certsatus -eq 0
then then
site_ext="ssl" site_ext="ssl"
mkdir -p /etc/acmesh/inst/$domain
/opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --install-cert --ecc --domain $domain --cert-file /etc/acmesh/inst/$domain/cert.pem --key-file /etc/acmesh/inst/$domain/key.pem --ca-file /etc/acmesh/inst/$domain/ca.cer --fullchain-file /etc/acmesh/inst/$domain/fullchain.pem --reloadcmd 'systemctl reload $(cat /etc/ICTM/SslServices)'
else else
site_ext="nossl" site_ext="nossl"
rm -rf /etc/acmesh/certs/$domain* rm -rf /etc/acmesh/certs/$domain*

2
CMS/Backend/Fpm-Pool.conf-unconfigured
View File

@@ -8,7 +8,7 @@ php_admin_value[disable_functions] = exec,passthru,shell_exec,system
php_admin_value[opcache.enable] = 0 php_admin_value[opcache.enable] = 0
php_admin_value[max_input_vars] = 5000 php_admin_value[max_input_vars] = 5000
php_admin_value[upload_max_filesize] = 256M php_admin_value[upload_max_filesize] = 256M
php_admin_value[post_max_size] = 16M php_admin_value[post_max_size] = 256M
php_admin_value[max_input_time] = 15 php_admin_value[max_input_time] = 15
php_admin_value[cgi.fix_pathinfo] = 0 php_admin_value[cgi.fix_pathinfo] = 0
php_admin_value[allow_url_fopen] = Off php_admin_value[allow_url_fopen] = Off

2
CMS/Backend/nginx-siteBackend-unconfigured
View File

@@ -24,12 +24,14 @@ location = /backend/netdata {
location /backend/database { location /backend/database {
deny all; #enables/disables PHPMyadmin deny all; #enables/disables PHPMyadmin
index index.php index.html; index index.php index.html;
client_max_body_size 256m;
alias /usr/share/phpmyadmin; alias /usr/share/phpmyadmin;
location ~ \.php$ { location ~ \.php$ {
include fastcgi_params; include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/phpPHPver-fpm-Backend.sock; fastcgi_pass unix:/var/run/php/phpPHPver-fpm-Backend.sock;
fastcgi_read_timeout 10m;
fastcgi_index index.php; fastcgi_index index.php;
} }
} }

22
CMS/nextcloud/Nginx-unconfigured
View File

@@ -28,13 +28,14 @@ location = /robots.txt {
access_log off; access_log off;
} }
location = /.well-known/carddav { location ^~ /.well-known {
return 301 $scheme://$host:$server_port/remote.php/dav; location = /.well-known/carddav { return 301 /remote.php/dav/; }
} location = /.well-known/caldav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { location ^~ /.well-known { return 301 /index.php$uri; }
return 301 $scheme://$host:$server_port/remote.php/dav; try_files $uri $uri/ =404;
} }
location / { location / {
rewrite ^ /index.php; rewrite ^ /index.php;
} }
@@ -80,4 +81,15 @@ location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /index.php$request_uri; try_files $uri /index.php$request_uri;
access_log off; access_log off;
} }
## Reverse proxy Config for 'Files High Performance Back-end'
#FHPBlocation ^~ /push/ {
#FHPB proxy_pass http://127.0.0.1:7867/;
#FHPB proxy_http_version 1.1;
#FHPB proxy_set_header Upgrade $http_upgrade;
#FHPB proxy_set_header Connection "Upgrade";
#FHPB proxy_set_header Host $host;
#FHPB proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#FHPB}
#endConf #endConf

13
CMS/nextcloud/conf.sh
View File

@@ -45,6 +45,19 @@ if [ "$shortdist" = "el8" ]; then
restorecon -r /var/www/ > $OUTPUT 2>&1 restorecon -r /var/www/ > $OUTPUT 2>&1
fi fi
#Enable PHP-ACPU on CLI
if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then
if ! grep -Fxq "apc.enable_cli=1" /etc/php/${phpver}/mods-available/apcu.ini; then
echo "apc.enable_cli=1" >> /etc/php/${phpver}/mods-available/apcu.ini
fi
elif [ "$shortdist" = "el8" ]; then
sed -i "/apc.enable_cli/c\apc.enable_cli=1" /etc/opt/remi/php${phpver//.}/php.d/40-apcu.ini
fi
#PHP 8.0 Settings
if [ "$phpVerBranch" = "8x" ]; then
sed -i "/opcache.enable/c\php_admin_value[opcache.enable] = 1" "$phpPoolDir"/"$sitename".conf
fi
#Makeing nextcloud Finalize script and setting login Notice #Makeing nextcloud Finalize script and setting login Notice
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/nextcloud/nextcloud-init.sh -o ~/NextcloudInit-"$sitename".sh curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/nextcloud/nextcloud-init.sh -o ~/NextcloudInit-"$sitename".sh

18
CMS/nextcloud/nextcloud-init.sh
View File

@@ -4,16 +4,32 @@ sudo -u SITEname php /var/www/DOMAINname/html/occ app:disable firstrunwizard
sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set default_language --value=nl sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set default_language --value=nl
sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set default_locale --value=nl sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set default_locale --value=nl
sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set default_phone_region --value=nl
sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set skeletondirectory --value= sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set skeletondirectory --value=
sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set memcache.local --value='\OC\Memcache\APCu' sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set memcache.local --value='\OC\Memcache\APCu'
sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set trashbin_retention_obligation --value=30,30
if [ "$(systemctl is-active redis-server)" = "active" ] || [ "$(systemctl is-active redis)" = "active" ]; then if [ "$(systemctl is-active redis-server)" = "active" ] || [ "$(systemctl is-active redis)" = "active" ]; then
sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set memcache.distributed --value='\OC\Memcache\Redis' sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set memcache.distributed --value='\OC\Memcache\Redis'
sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set memcache.locking --value='\OC\Memcache\Redis' sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set memcache.locking --value='\OC\Memcache\Redis'
sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set redis host --value=localhost sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set redis host --value=localhost
sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set redis port --value=6379 sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set redis port --value=6379
while true; do
read -p "Prepair for Files High Performance Back-end (Only for nginx) -> yes/no?" yn
case $yn in
[Nn]* )
break;;
[Yy]* )
sudo -u SITEname php /var/www/DOMAINname/html/occ app:install notify_push
sed -i --follow-symlinks 's/#FHPB//g' /etc/nginx/sites-enabled/SITEname
systemctl reload nginx
echo -e "\e[96m Run: sudo -u SITEname php /var/www/DOMAINname/html/occ notify_push:setup\e[39m"
break;;
* )echo "Choose yes or no.";;
esac
done
else else
echo "Redis running on this system" echo "Redis is not running on this system"
fi fi
echo "*/5 * * * * SITEname php -f /var/www/DOMAINname/html/cron.php > /dev/null 2>&1" >> /etc/crontab echo "*/5 * * * * SITEname php -f /var/www/DOMAINname/html/cron.php > /dev/null 2>&1" >> /etc/crontab

2
CMS/none/conf.sh
View File

@@ -14,10 +14,10 @@ groupadd "$sitename"
useradd -g "$sitename" "$sitename" useradd -g "$sitename" "$sitename"
systemctl reload $phpFPMService systemctl reload $phpFPMService
fi
#Setting Permsissions #Setting Permsissions
chown "$sitename":"$sitename" -R /var/www/"$domain"/html chown "$sitename":"$sitename" -R /var/www/"$domain"/html
fi
if [ "$shortdist" = "el8" ]; then if [ "$shortdist" = "el8" ]; then
#Setting SeLiux perms for centos #Setting SeLiux perms for centos

6
CoreModules/apache/conf.sh
View File

@@ -4,7 +4,7 @@ systemctl stop $apacheService > $OUTPUT 2>&1
# Apache # # Apache #
############## ##############
if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then
a2dissite 000-default > $OUTPUT 2>&1 a2dissite 000-default > $OUTPUT 2>&1
a2dismod mpm_prefork > $OUTPUT 2>&1 a2dismod mpm_prefork > $OUTPUT 2>&1
a2enmod actions fcgid alias proxy_fcgi proxy_http ssl headers http2 setenvif socache_shmcb rewrite > $OUTPUT 2>&1 a2enmod actions fcgid alias proxy_fcgi proxy_http ssl headers http2 setenvif socache_shmcb rewrite > $OUTPUT 2>&1
@@ -66,9 +66,11 @@ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/to
sed -i -e 's#MONITCONF#'$monitconf'#' -e 's/APASRV/'$apacheService'/' -e 's#APADIR#'$apacheConfDir'#' /opt/toggle/toggle-MonitWebui.sh sed -i -e 's#MONITCONF#'$monitconf'#' -e 's/APASRV/'$apacheService'/' -e 's#APADIR#'$apacheConfDir'#' /opt/toggle/toggle-MonitWebui.sh
unset monitconf unset monitconf
# custom Welcome page # custom Welcome page
echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /var/www/html/index.html echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /var/www/html/index.html
#Add Apache as SSL service
echo "$apacheService" >> /etc/ICTM/SslServices
systemctl start $apacheService > $OUTPUT 2>&1 systemctl start $apacheService > $OUTPUT 2>&1
systemctl enable $apacheService > $OUTPUT 2>&1 systemctl enable $apacheService > $OUTPUT 2>&1

4
CoreModules/apache/config/apache2/site_ssl-unconfigured
View File

@@ -6,8 +6,8 @@
<VirtualHost *:443> <VirtualHost *:443>
ServerName DOMAINname ServerName DOMAINname
SSLEngine on SSLEngine on
SSLCertificateFile /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer SSLCertificateFile /etc/acmesh/inst/DOMAINname/fullchain.pem
SSLCertificateKeyFile /etc/acmesh/certs/DOMAINname_ecc/DOMAINname.key SSLCertificateKeyFile /etc/acmesh/inst/DOMAINname/key.pem
Include snippets/apa-ssl.conf Include snippets/apa-ssl.conf
#ConfHere #ConfHere

4
CoreModules/apache/config/apache2/site_ssl-wwwredir
View File

@@ -6,8 +6,8 @@
<VirtualHost *:443> <VirtualHost *:443>
ServerName www.DOMAINname ServerName www.DOMAINname
SSLEngine on SSLEngine on
SSLCertificateFile /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer SSLCertificateFile /etc/acmesh/inst/DOMAINname/fullchain.pem
SSLCertificateKeyFile /etc/acmesh/certs/DOMAINname_ecc/DOMAINname.key SSLCertificateKeyFile /etc/acmesh/inst/DOMAINname/key.pem
Include snippets/apa-ssl.conf Include snippets/apa-ssl.conf
Redirect permanent / https://DOMAINname/ Redirect permanent / https://DOMAINname/
</VirtualHost> </VirtualHost>

2
CoreModules/apache/preconf.sh
View File

@@ -1,4 +1,4 @@
if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then
# Debian/Ubunbtu apache variables # Debian/Ubunbtu apache variables
apacheConfDir=/etc/apache2 apacheConfDir=/etc/apache2
apacheService=apache2 apacheService=apache2

2
CoreModules/generic/preconf.sh
View File

@@ -1,4 +1,4 @@
if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then
######################## ########################
# Debian/Ubunbtu # # Debian/Ubunbtu #
######################## ########################

6
CoreModules/nginx/conf.sh
View File

@@ -42,7 +42,7 @@ mkdir -p /opt/toggle
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/toggles/toggle-Netdata_NGINX.sh -o /opt/toggle/toggle-Netdata.sh curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/toggles/toggle-Netdata_NGINX.sh -o /opt/toggle/toggle-Netdata.sh
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/toggles/toggle-PhpMyAdmin_NGINX.sh -o /opt/toggle/toggle-PhpMyAdmin.sh curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/toggles/toggle-PhpMyAdmin_NGINX.sh -o /opt/toggle/toggle-PhpMyAdmin.sh
##monit toggle ##monit toggle
if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then
monitconf=/etc/monit/monitrc monitconf=/etc/monit/monitrc
elif [ "$shortdist" = "el8" ]; then elif [ "$shortdist" = "el8" ]; then
monitconf=/etc/monitrc monitconf=/etc/monitrc
@@ -51,9 +51,11 @@ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/to
sed -i -e 's#MONITCONF#'$monitconf'#' /opt/toggle/toggle-MonitWebui.sh sed -i -e 's#MONITCONF#'$monitconf'#' /opt/toggle/toggle-MonitWebui.sh
unset monitconf unset monitconf
# custom Welcome page # custom Welcome page
echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /usr/share/nginx/html/index.html echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /usr/share/nginx/html/index.html
#Add Nginx as SSL service
echo "nginx" >> /etc/ICTM/SslServices
systemctl start nginx > $OUTPUT 2>&1 systemctl start nginx > $OUTPUT 2>&1
systemctl enable nginx > $OUTPUT 2>&1 systemctl enable nginx > $OUTPUT 2>&1

6
CoreModules/nginx/config/nginx/site_ssl-unconfigured
View File

@@ -13,9 +13,9 @@ server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name DOMAINname; server_name DOMAINname;
ssl_certificate /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer; ssl_certificate /etc/acmesh/inst/DOMAINname/fullchain.pem;
ssl_certificate_key /etc/acmesh/certs/DOMAINname_ecc/DOMAINname.key; ssl_certificate_key /etc/acmesh/inst/DOMAINname/key.pem;
ssl_trusted_certificate /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer; ssl_trusted_certificate /etc/acmesh/inst/DOMAINname/fullchain.pem;
include snippets/ngx-ssl.conf; include snippets/ngx-ssl.conf;

6
CoreModules/nginx/config/nginx/site_ssl-wwwredir
View File

@@ -11,9 +11,9 @@ server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name www.DOMAINname; server_name www.DOMAINname;
ssl_certificate /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer; ssl_certificate /etc/acmesh/inst/DOMAINname/fullchain.pem;
ssl_certificate_key /etc/acmesh/certs/DOMAINname_ecc/DOMAINname.key; ssl_certificate_key /etc/acmesh/inst/DOMAINname/key.pem;
ssl_trusted_certificate /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer; ssl_trusted_certificate /etc/acmesh/inst/DOMAINname/fullchain.pem;
include snippets/ngx-ssl.conf; include snippets/ngx-ssl.conf;
return 301 https://DOMAINname$request_uri; return 301 https://DOMAINname$request_uri;
} }

3
CoreModules/nginx_nonphp/conf.sh
View File

@@ -28,5 +28,8 @@ sed -i -e 's/DOMAINname/'$domain'/g' /etc/nginx/sites-available/"$sitename"_ssl
# custom Welcome page # custom Welcome page
echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /usr/share/nginx/html/index.html echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /usr/share/nginx/html/index.html
#Add Nginx as SSL service
echo "nginx" >> /etc/ICTM/SslServices
systemctl start nginx > $OUTPUT 2>&1 systemctl start nginx > $OUTPUT 2>&1
systemctl enable nginx > $OUTPUT 2>&1 systemctl enable nginx > $OUTPUT 2>&1

16
PhpUpdater.sh
View File

@@ -6,9 +6,17 @@ source /etc/ICTM/mainvar.list
if [ -z $shortdist ] ; then source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/MicroOSDetect.sh) ; fi if [ -z $shortdist ] ; then source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/MicroOSDetect.sh) ; fi
if [ ! -f "/etc/ICTM/phpvar.list" ] ; then bash <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/GeneratePhplist.sh) ; fi if [ ! -f "/etc/ICTM/phpvar.list" ] ; then bash <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/GeneratePhplist.sh) ; fi
source /etc/ICTM/phpvar.list source /etc/ICTM/phpvar.list
if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ]; then
# Ubuntu Php variable
apt update apt update
RepoVersion=`apt list |grep php | grep deb.sury.org| cut -f1 -d"-"| tail -1 |sed 's/php//'` if ! ls /var/lib/apt/lists/ppa.launchpad.net_ondrej_php*_Packages > /dev/null 2>&1 ; then echo 'PHP(Sury) repo not installed' && echo 'Install using: curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=php bash' && exit ; fi
RepoVersion=`grep -h '^Package: php' /var/lib/apt/lists/ppa.launchpad.net_ondrej_php*_Packages | cut -f1 -d"-" | sort | tail -1| sed -e 's/Package: php//'`
elif [ "$shortdist" = "deb10" ]|| [ "$shortdist" = "deb11" ]; then
# Debian Php variable
apt update
if ! ls /var/lib/apt/lists/packages.sury.org_php*_Packages > /dev/null 2>&1 ; then echo 'PHP(Sury) repo not installed' && echo 'Install using: curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=php bash' && exit ; fi
RepoVersion=`grep -h '^Package: php' /var/lib/apt/lists/packages.sury.org*_Packages| cut -f1 -d"-" | sort | tail -1| sed -e 's/Package: php//'`
fi
elif [ "$shortdist" = "el8" ]; then elif [ "$shortdist" = "el8" ]; then
dnf check-update --refresh dnf check-update --refresh
RepoVersion=`dnf list php* | awk '{print $1; }' | cut -f1 -d"-"| tail -1 |sed 's/php//' | sed 's/./&./1'` RepoVersion=`dnf list php* | awk '{print $1; }' | cut -f1 -d"-"| tail -1 |sed 's/php//' | sed 's/./&./1'`
@@ -32,7 +40,7 @@ if [ $IMODE = n ]; then
if (whiptail --title "Set new php version?" --yesno "Install php version $RepoVersion ?" 8 78); then if (whiptail --title "Set new php version?" --yesno "Install php version $RepoVersion ?" 8 78); then
newphpver=$RepoVersion newphpver=$RepoVersion
else else
newphpver=$(whiptail --inputbox "Please enter the version to install" --title "Custom" 8 39 3>&1 1>&2 2>&3) newphpver=$(whiptail --inputbox "Please enter the version to install" --nocancel --title "Custom" 8 39 3>&1 1>&2 2>&3)
fi fi
fi fi
@@ -55,7 +63,7 @@ if [ $IMODE = l ]; then
fi fi
#Genereating vars for new php version #Genereating vars for new php version
if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then
# Debian/Ubunbtu Php variables # Debian/Ubunbtu Php variables
newphpPoolDir=/etc/php/${newphpver}/fpm/pool.d newphpPoolDir=/etc/php/${newphpver}/fpm/pool.d
newphpPkgName=php${newphpver} newphpPkgName=php${newphpver}

2
Scripts/EnableSSL.sh
View File

@@ -37,6 +37,8 @@ fi
if test $certsatus -eq 0 if test $certsatus -eq 0
then then
site_ext="ssl" site_ext="ssl"
mkdir -p /etc/acmesh/inst/$domain
/opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --install-cert --ecc --domain $domain --cert-file /etc/acmesh/inst/$domain/cert.pem --key-file /etc/acmesh/inst/$domain/key.pem --ca-file /etc/acmesh/inst/$domain/ca.cer --fullchain-file /etc/acmesh/inst/$domain/fullchain.pem --reloadcmd 'systemctl reload $(cat /etc/ICTM/SslServices)'
else else
site_ext="nossl" site_ext="nossl"
rm -rf /etc/acmesh/certs/$domain* rm -rf /etc/acmesh/certs/$domain*

2
Scripts/GenerateApacheList.sh
View File

@@ -2,7 +2,7 @@ if [ ! -f "/etc/ICTM/mainvar.list" ] ; then echo 'This system is not yet setup,
source /etc/ICTM/mainvar.list source /etc/ICTM/mainvar.list
if [ -z $shortdist ] ; then source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/MicroOSDetect.sh) ; fi if [ -z $shortdist ] ; then source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/MicroOSDetect.sh) ; fi
if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then
# Debian/Ubunbtu apache variables # Debian/Ubunbtu apache variables
apacheConfDir=/etc/apache2 apacheConfDir=/etc/apache2
apacheService=apache2 apacheService=apache2

2
Scripts/GeneratePhplist.sh
View File

@@ -2,7 +2,7 @@ if [ ! -f "/etc/ICTM/mainvar.list" ] ; then echo 'This system is not yet setup,
source /etc/ICTM/mainvar.list source /etc/ICTM/mainvar.list
if [ -z $shortdist ] ; then source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/MicroOSDetect.sh) ; fi if [ -z $shortdist ] ; then source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/MicroOSDetect.sh) ; fi
if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then
# Debian/Ubunbtu Php variables # Debian/Ubunbtu Php variables
phpPoolDir=/etc/php/${phpver}/fpm/pool.d phpPoolDir=/etc/php/${phpver}/fpm/pool.d
phpPkgName=php${phpver} phpPkgName=php${phpver}

2
Scripts/MicroOSDetect.sh
View File

@@ -7,6 +7,8 @@ if [[ "${dist}" == *"ubuntu"* ]] && [[ "${dist_ver}" == *"18.04"* ]]; then
shortdist=ubu2004 shortdist=ubu2004
elif [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"10"* ]]; then elif [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"10"* ]]; then
shortdist=deb10 shortdist=deb10
elif [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"11"* ]]; then
shortdist=deb11
elif [[ "${dist}" == *"centos"* ]] && [[ "${dist_ver}" == *"8"* ]]; then elif [[ "${dist}" == *"centos"* ]] && [[ "${dist_ver}" == *"8"* ]]; then
shortdist=el8 shortdist=el8
else else

8
Scripts/SMI.sh
View File

@@ -45,14 +45,18 @@ elif [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"10"* ]]; then
PKGI="${PKGM} install -y --no-install-recommends" PKGI="${PKGM} install -y --no-install-recommends"
PKGLIST="apt" PKGLIST="apt"
shortdist=deb10 shortdist=deb10
elif [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"11"* ]]; then
echo "Debian 11 Detected"
PKGM="$APTMODE"
PKGI="${PKGM} install -y --no-install-recommends"
PKGLIST="apt"
shortdist=deb11
elif [[ "${dist}" == *"centos"* ]] && [[ "${dist_ver}" == *"8"* ]]; then elif [[ "${dist}" == *"centos"* ]] && [[ "${dist_ver}" == *"8"* ]]; then
echo "Centos 8 Detected" echo "Centos 8 Detected"
PKGM="dnf" PKGM="dnf"
PKGI="${PKGM} install --setopt=install_weak_deps=False --best -y" PKGI="${PKGM} install --setopt=install_weak_deps=False --best -y"
PKGLIST="dnf" PKGLIST="dnf"
shortdist=el8 shortdist=el8
echo "This OS is not supported"
exit
else else
echo "This OS is not supported" echo "This OS is not supported"
exit exit

2
SubModules/php-fpm/preconf.sh
View File

@@ -1,4 +1,4 @@
if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then
# Debian/Ubunbtu Php variables # Debian/Ubunbtu Php variables
phpPoolDir=/etc/php/${phpver}/fpm/pool.d phpPoolDir=/etc/php/${phpver}/fpm/pool.d
phpPkgName=php${phpver} phpPkgName=php${phpver}

32
SubModules/postfix/Postfix-EnableSSL.sh Normal file
View File

@@ -0,0 +1,32 @@
#Sript for setting up SSL/TLS for Postfix (Web-V2)
##Loading install vars
source /etc/ICTM/mainvar.list
##Checking if hostname cert exists
if [ ! -f "/etc/acmesh/inst/$hostname/cert.pem" ] || [ ! -f "/etc/acmesh/inst/$hostname/key.pem" ] ; then echo 'SSL Certificate for $hostname is not installed' && exit ; fi
##Updating Postix config
printf "Updating Postfix config"
systemctl stop postfix
sed -i "/smtpd_tls_cert_file=/c\ssmtpd_tls_cert_file=/etc/acmesh/inst/$hostname/cert.pem" /etc/postfix/main.cf
sed -i "/smtpd_tls_key_file=/c\smtpd_tls_key_file=/etc/acmesh/inst/$hostname/key.pem" /etc/postfix/main.cf
systemctl start postfix
printf " [\e[1;32m Ok \e[0m]\n"
##Adding postfix to SSL services (so it gets reloaded when a the cert is renewd)
printf "Updating SSL services list"
echo "postfix" >> /etc/ICTM/SslServices
printf " [\e[1;32m Ok \e[0m]\n"
##Remove script
while true; do
read -p "Remove this script -> yes/no?" yn
case $yn in
[Nn]* )
break;;
[Yy]* )
rm -- "$0"
break;;
* )echo "Choose yes or no.";;
esac
done

5
SubModules/postfix/conf.sh
View File

@@ -52,7 +52,7 @@ ${hostname}
EOF EOF
if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then
mkdir -p /var/spool/postfix/var/run/opendkim mkdir -p /var/spool/postfix/var/run/opendkim
sudo chown opendkim:postfix /var/spool/postfix/var/run/opendkim sudo chown opendkim:postfix /var/spool/postfix/var/run/opendkim
sed -i "/^RUNDIR=/c\RUNDIR=/var/spool/postfix/var/run/opendkim" /etc/default/opendkim sed -i "/^RUNDIR=/c\RUNDIR=/var/spool/postfix/var/run/opendkim" /etc/default/opendkim
@@ -90,6 +90,9 @@ chmod +x /etc/update-motd.d/51-generalspf
systemctl start postfix opendkim systemctl start postfix opendkim
systemctl enable postfix opendkim systemctl enable postfix opendkim
#Getting script for enableling ssl on Postfix
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/postfix/Postfix-EnableSSL.sh -o ~/Postfix-EnableSSL.sh
#if using Append module run for existing cms/sites #if using Append module run for existing cms/sites
if [ "$itype" = "AddMod" ]; then if [ "$itype" = "AddMod" ]; then
for file in /etc/ICTM/sites/*; do for file in /etc/ICTM/sites/*; do

2
SubModules/postfix/preconf.sh
View File

@@ -1,4 +1,4 @@
if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then
debconf-set-selections <<< "postfix postfix/mailname string $hostname" debconf-set-selections <<< "postfix postfix/mailname string $hostname"
debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'" debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"
fi fi

2
SubModules/redis/preconf.sh
View File

@@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then
# Debian/Ubunbtu redis variables # Debian/Ubunbtu redis variables
redisService=redis-server redisService=redis-server

3
extModules.list
View File

@@ -1,4 +1,5 @@
https://git.ictmaatwerk.com/VPS-scripts/MySQL/raw/branch/master/ https://git.ictmaatwerk.com/VPS-scripts/MySQL/raw/branch/master/
https://git.ictmaatwerk.com/VPS-scripts/Unattended-Security-Updates/raw/branch/master/ https://git.ictmaatwerk.com/VPS-scripts/Unattended-Security-Updates/raw/branch/master/
https://git.ictmaatwerk.com/VPS-scripts/Backup-Util/raw/branch/master/ https://git.ictmaatwerk.com/VPS-scripts/Backup-Util/raw/branch/master/
https://git.ictmaatwerk.com/VPS-scripts/AcmeSH/raw/branch/main/ https://git.ictmaatwerk.com/VPS-scripts/AcmeSH/raw/branch/main/
https://git.ictmaatwerk.com/VPS-scripts/MariaDB/raw/branch/master/

20
installer.sh
View File

@@ -64,6 +64,13 @@ elif [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"10"* ]]; then
PKGI="${PKGM} install -y --no-install-recommends" PKGI="${PKGM} install -y --no-install-recommends"
PKGLIST="apt" PKGLIST="apt"
shortdist=deb10 shortdist=deb10
elif [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"11"* ]]; then
PKGM="$APTMODE"
PKGUC="$PKGM update"
PKGUP="$PKGM upgrade -y"
PKGI="${PKGM} install -y --no-install-recommends"
PKGLIST="apt"
shortdist=deb11
elif [ "$(grep -oP '(?<=^PLATFORM_ID=).+' /etc/os-release | tr -d '"')" = "platform:el8" ]; then elif [ "$(grep -oP '(?<=^PLATFORM_ID=).+' /etc/os-release | tr -d '"')" = "platform:el8" ]; then
PKGM="dnf" PKGM="dnf"
PKGUC="$PKGM check-update --refresh" PKGUC="$PKGM check-update --refresh"
@@ -671,6 +678,8 @@ if [ $sslenable = 1 ]; then
if test $certsatus -eq 0 if test $certsatus -eq 0
then then
site_ext="ssl" site_ext="ssl"
mkdir -p /etc/acmesh/inst/$domain
/opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --install-cert --ecc --domain $domain --cert-file /etc/acmesh/inst/$domain/cert.pem --key-file /etc/acmesh/inst/$domain/key.pem --ca-file /etc/acmesh/inst/$domain/ca.cer --fullchain-file /etc/acmesh/inst/$domain/fullchain.pem --reloadcmd 'systemctl reload $(cat /etc/ICTM/SslServices)'
else else
site_ext="nossl" site_ext="nossl"
rm -rf /etc/acmesh/certs/$domain* rm -rf /etc/acmesh/certs/$domain*
@@ -682,6 +691,8 @@ if [ $sslenable = 1 ]; then
if test $certsatusBackend -eq 0 if test $certsatusBackend -eq 0
then then
siteBackend_ext="ssl" siteBackend_ext="ssl"
mkdir -p /etc/acmesh/inst/$hostname
/opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --install-cert --ecc --domain $hostname --cert-file /etc/acmesh/inst/$hostname/cert.pem --key-file /etc/acmesh/inst/$hostname/key.pem --ca-file /etc/acmesh/inst/$hostname/ca.cer --fullchain-file /etc/acmesh/inst/$hostname/fullchain.pem --reloadcmd 'systemctl reload $(cat /etc/ICTM/SslServices)'
else else
siteBackend_ext="nossl" siteBackend_ext="nossl"
rm -rf /etc/acmesh/certs/$hostname* rm -rf /etc/acmesh/certs/$hostname*
@@ -746,7 +757,14 @@ done
# Services # # Services #
##------------## ##------------##
systemctl reload sshd fail2ban #Set ssh service for distro
if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then
SSHService=ssh
elif [ "$shortdist" = "el8" ]; then
SSHService=sshd
fi
systemctl reload $SSHService fail2ban
##-------## ##-------##