Sync 'Debian11Testing' to master

and deb based ssh

AppendCMS.sh

@@ -1,12 +1,32 @@
+#!/bin/bash
+
+###############################
+# @author: Bram Prieshof      #
+# @author: Branco van de Waal #
+###############################
+
+itype=AddCMS
+ScriptCompat=2
+
 ##-----------------##
 #   Fetching Vars   #
 ##-----------------##
 
 if [ ! -f "/etc/ICTM/selopts.list" ] || [ ! -f "/etc/ICTM/mainvar.list" ] ; then echo 'This system is not yet setup, please run the main installer first' && exit ; fi
 
-
 source /etc/ICTM/selopts.list
 source /etc/ICTM/mainvar.list
+if  [ -z ${CompatVer} ] || [ "$CompatVer" -lt "$ScriptCompat" ]; then   echo "Web-V2 is outdated, Please run the Compat-V*.sh updater from the repo, Current version= $CompatVer" && exit ; fi
+
+if [ -z $shortdist ] ; then source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/MicroOSDetect.sh) ; fi
+if [ $webserv != nginx_nonphp ]; then
+    if [ ! -f "/etc/ICTM/phpvar.list" ] ; then bash <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/GeneratePhplist.sh) ; fi
+    source /etc/ICTM/phpvar.list
+fi
+if [ $webserv = apache ]; then
+    if [ ! -f "/etc/ICTM/apachevar.list" ] ; then bash <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/GenerateApacheList.sh) ; fi
+    source /etc/ICTM/apachevar.list
+fi
 rm /tmp/pkg.list > $OUTPUT 2>&1
 source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/ModulesMenu.list)
 
@@ -19,8 +39,9 @@ declare -n options="$webserv"Options
 #    Static-Vars   #
 ##----------------##
 
-ignphpcms=1
+#Options var setup for enabled sub-modules
-
+EnOption="${SelectedOptions[@],,}" && EnOption="${EnOption// /}" && EnOption="${EnOption//:/ }" && EnOption="${EnOption//'"'}"
+EnOption="$EnOption""${EnabledAons[@]}"
 
 ##---------------##
 #    Functions    #
@@ -145,9 +166,15 @@ if [ $IMODE = l ]; then
     done
 fi
 
-#Cleaning options from menu
+#Cleaning CMS from menu
 CMS="${CMS//:}" && CMS="${CMS,,}"
 
+##-----------------##
+#   Storeing vars   #
+##-----------------##
+
+touch /etc/ICTM/sites/"$sitename"
+
 
 ##-----------##
 #   AptList   #
@@ -191,13 +218,30 @@ if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$re
     source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/"$webserv"-preconf.sh)
 fi
 
+#Preconfiguring module For CMS
+for val1 in ${EnOption[*]}; do
+    modListed=$(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/extModules.list|grep "$val1")
+    #Checking
+    if test -z "$modListed"
+    then
+        #Fetching from local repo
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/CMSHook-preconf.sh; then
+            source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/CMSHook-preconf.sh)
+        fi
+    else
+        #Fetching from remote repo
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed"CMSHook-preconf.sh; then
+            source <(curl --retry 7 --retry-delay 5 -s "$modListed"CMSHook-preconf.sh)
+        fi
+    fi
+done
 
 ##-------------##
 #   Installer   #
 ##-------------##
 
-$PKGM update
+$PKGUC
-sed -i 's/PHPver/'$phpver'/g' /tmp/pkg.list
+sed -i 's/PHPprefix/'$phpPkgName'/g' /tmp/pkg.list
 cat /tmp/pkg.list | xargs $PKGI
 
 
@@ -228,6 +272,8 @@ msg "                Setting up SSL"
     if test $certsatus -eq 0
     then
         site_ext="ssl"
+        mkdir -p /etc/acmesh/inst/$domain
+        /opt/acmesh/acme.sh  --config-home '/etc/acmesh/data' --install-cert --ecc --domain $domain --cert-file /etc/acmesh/inst/$domain/cert.pem --key-file /etc/acmesh/inst/$domain/key.pem --ca-file /etc/acmesh/inst/$domain/ca.cer --fullchain-file /etc/acmesh/inst/$domain/fullchain.pem --reloadcmd 'systemctl reload $(cat /etc/ICTM/SslServices)'
     else
         site_ext="nossl"
         rm -rf /etc/acmesh/certs/$domain*
@@ -253,15 +299,26 @@ if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$re
     source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/"$webserv"-conf.sh)
 fi
 
-##--------------------------##
+#Configuring Module for CMS
-#   Backup-util Site Setup   #
+
-##--------------------------##
+for val1 in ${EnOption[*]}; do
+    modListed=$(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/extModules.list|grep "$val1")
+    #Checking
+    if test -z "$modListed"
+    then
+        #Fetching from local repo
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/CMSHook-conf.sh; then
+            source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/CMSHook-conf.sh)
+        fi
+    else
+        #Fetching from remote repo
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed"CMSHook-conf.sh; then
+            source <(curl --retry 7 --retry-delay 5 -s "$modListed"CMSHook-conf.sh)
+        fi
+    fi
+done
+
 
-repobckutil=https://git.ictmaatwerk.com/VPS-scripts/Backup-Util
-branchbckutil=master
-if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repobckutil"/raw/branch/"$branchbckutil"/cms-handeler.sh; then
- source <(curl --retry 7 --retry-delay 5 -s "$repobckutil"/raw/branch/"$branchbckutil"/cms-handeler.sh)
-fi
 
 ##------------##
 #   Services   #
@@ -274,4 +331,4 @@ systemctl reload fail2ban
 ##-------##
 
 msg "                Added CMS!"
-for f in /etc/update-motd.d/51*; do bash $f; done
+if stat --printf='' /etc/update-motd.d/51* 2>/dev/null; then for f in /etc/update-motd.d/51*; do bash $f; done; fi

AppendModule.sh

@@ -1,16 +1,32 @@
+#!/bin/bash
+
+###############################
+# @author: Bram Prieshof      #
+# @author: Branco van de Waal #
+###############################
+
+itype=AddMod
+ScriptCompat=2
+
 ##-----------------##
 #   Fetching Vars   #
 ##-----------------##
 
 if [ ! -f "/etc/ICTM/selopts.list" ] || [ ! -f "/etc/ICTM/mainvar.list" ] ; then echo 'This system is not yet setup, please run the main installer first' && exit ; fi
 
-
-##-----------------##
-#   Fetching Vars   #
-##-----------------##
-
 source /etc/ICTM/selopts.list
 source /etc/ICTM/mainvar.list
+if  [ -z ${CompatVer} ] || [ "$CompatVer" -lt "$ScriptCompat" ]; then   echo "Web-V2 is outdated, Please run the Compat-V*.sh updater from the repo, Current version= $CompatVer" && exit ; fi
+
+if [ -z $shortdist ] ; then source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/MicroOSDetect.sh) ; fi
+if [ $webserv != nginx_nonphp ]; then
+    if [ ! -f "/etc/ICTM/phpvar.list" ] ; then bash <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/GeneratePhplist.sh) ; fi
+    source /etc/ICTM/phpvar.list
+fi
+if [ $webserv = apache ]; then
+    if [ ! -f "/etc/ICTM/apachevar.list" ] ; then bash <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/GenerateApacheList.sh) ; fi
+    source /etc/ICTM/apachevar.list
+fi
 rm /tmp/pkg.list
 source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/ModulesMenu.list)
 
@@ -227,8 +243,8 @@ done
 #   Installer   #
 ##-------------##
 
-$PKGM update
+$PKGUC
-sed -i 's/PHPver/'$phpver'/g' /tmp/pkg.list
+sed -i 's/PHPprefix/'$phpPkgName'/g' /tmp/pkg.list
 cat /tmp/pkg.list | xargs $PKGI
 
 
@@ -267,4 +283,4 @@ done
 ##-------##
 
 msg "                Added Module!"
-for f in /etc/update-motd.d/51*; do bash $f; done
+if stat --printf='' /etc/update-motd.d/51* 2>/dev/null; then for f in /etc/update-motd.d/51*; do bash $f; done; fi

CMS/Backend/Fpm-Pool.conf-unconfigured

@@ -8,12 +8,12 @@ php_admin_value[disable_functions] = exec,passthru,shell_exec,system
 php_admin_value[opcache.enable] = 0      
 php_admin_value[max_input_vars] = 5000                                                                                                                                                                                                                                         
 php_admin_value[upload_max_filesize] = 256M                                                                                                                                                                                                                                    
-php_admin_value[post_max_size] = 16M                                                                                                                                                                                                                                           
+php_admin_value[post_max_size] = 256M                                                                                                                                                                                                                                           
 php_admin_value[max_input_time] = 15                                                                                                                                                                                                                                           
 php_admin_value[cgi.fix_pathinfo] = 0                                                                                                                                                                                                                                          
 php_admin_value[allow_url_fopen] = Off                                                                                                                                                                                                                                         
-php_admin_value[file_uploads] = Off                                                                                                                                                                                                                                   
+php_admin_value[file_uploads] = On                                                                                                                                                                                                                                   
-php_admin_value[open_basedir] = /var/log/PhpMyAdmin:/usr/share/phpmyadmin:/var/lib/phpmyadmin:/etc/phpmyadmin                                                                                                                                                                                                                 
+php_admin_value[open_basedir] = /var/log/PhpMyAdmin:/usr/share/phpmyadmin:/var/lib/phpmyadmin:/etc/phpmyadmin:/tmp                                                                                                                                                                                                                 
 php_admin_value[session.use_strict_mode] = 1                                                                                                                                                                                                                                   
 php_admin_value[session.cookie_httponly] = 1                                                                                                                                                                                                                                   
 ;HTTPSONLY php_admin_value[session.cookie_samesite] = Strict                                                                                                                                                                                                                              

CMS/Backend/apache-conf.sh

@@ -1,4 +1,4 @@
 curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/Backend/apache-siteBackend-unconfigured -o /tmp/apache-siteconf
 sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$hostname'/g' /tmp/apache-siteconf
-sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' /etc/apache2/sites-available/Backend_"$siteBackend_ext".conf
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' "$apacheConfDir"/sites-available/Backend_"$siteBackend_ext".conf
-systemctl reload apache2
+systemctl reload $apacheService

CMS/Backend/apache-siteBackend-unconfigured

@@ -20,4 +20,16 @@ Alias /backend/database /usr/share/phpmyadmin
 
 </Directory>
 
+<Location /backend/monit>
+    RewriteEngine on
+    RewriteRule /backend/monit /backend/monit/$1 [R]
+</Location>
+<Location /backend/monit/>
+    #enables/disables monit-websocket
+    deny from all
+    ProxyPass unix:/var/run/monit/monit.sock|http://127.0.0.1/
+    ProxyPassReverse unix:/var/run/monit/monit.sock|http://127.0.0.1/
+</Location>
+
+
 #endConf

CMS/Backend/conf.sh

@@ -1,6 +1,6 @@
 #Backend PHP Pool
-curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/Backend/Fpm-Pool.conf-unconfigured -o /etc/php/"$phpver"/fpm/pool.d/Backend.conf
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/Backend/Fpm-Pool.conf-unconfigured -o "$phpPoolDir"/Backend.conf
-sed -i 's/PHPver/'$phpver'/' /etc/php/"$phpver"/fpm/pool.d/Backend.conf
+sed -i 's/PHPver/'$phpver'/' "$phpPoolDir"/Backend.conf
 groupadd Backend
 useradd -g Backend Backend
 #PHPMyAdmin configuration
@@ -8,7 +8,8 @@ touch /var/log/PhpMyAdmin/PhpMyAdmin_auth.log
 chown Backend:Backend -R /usr/share/phpmyadmin
 chown Backend:Backend -R /var/lib/phpmyadmin/tmp
 chown Backend:Backend -R /var/log/PhpMyAdmin
-systemctl reload php"$phpver"-fpm
+systemctl reload "$phpFPMService"
 #Auto disable backends at night
-echo "0 0 * * * root bash /opt/toggle/toggle-Netdata.sh -d > >/dev/null 2>&1" >> /etc/cron.d/autodisablebackend
+echo "0 0 * * * root bash /opt/toggle/toggle-Netdata.sh -d > /dev/null 2>&1" >> /etc/cron.d/autodisablebackend
-echo "0 0 * * * root bash /opt/toggle/toggle-PhpMyAdmin.sh -d > >/dev/null 2>&1" >> /etc/cron.d/autodisablebackend
+echo "0 0 * * * root bash /opt/toggle/toggle-PhpMyAdmin.sh -d > /dev/null 2>&1" >> /etc/cron.d/autodisablebackend
+echo "0 0 * * * root bash /opt/toggle/toggle-MonitWebui.sh -d > /dev/null 2>&1" >> /etc/cron.d/autodisablebackend

CMS/Backend/nginx-siteBackend-unconfigured

@@ -24,16 +24,23 @@ location = /backend/netdata {
     location /backend/database {
         deny all; #enables/disables PHPMyadmin
         index index.php index.html;
+        client_max_body_size 256m;
         alias /usr/share/phpmyadmin;
         location ~ \.php$ {
             include fastcgi_params;
             fastcgi_param SCRIPT_FILENAME $request_filename;
             fastcgi_split_path_info ^(.+\.php)(/.+)$;
             fastcgi_pass unix:/var/run/php/phpPHPver-fpm-Backend.sock;
+            fastcgi_read_timeout 10m;
             fastcgi_index index.php;
         }
     }
     
+    location /backend/monit/ {
+        deny all; #enables/disables monit-websocket
+        proxy_pass http://unix:/var/run/monit/monit.sock:/;
+    }
+
     location ~ /\.ht {
         deny all;
     }

CMS/frontcontroller/Fpm-Pool.conf-unconfigured

@@ -0,0 +1,43 @@
+[SITEname]
+user = SITEname
+group = SITEname
+listen = /var/run/php/phpPHPver-fpm-SITEname.sock
+listen.owner = www-data
+listen.group = www-data
+php_admin_value[disable_functions] = exec,passthru,shell_exec,system
+php_admin_value[error_log] = /var/log/php-fpm/error-SITEname.log
+
+; OPCACHE SETTINGS
+php_admin_value[opcache.memory_consumption] = 256
+php_admin_value[opcache.enable] = 0
+php_admin_value[opcache.interned_strings_buffer] = 32
+php_admin_value[opcache.max_accelerated_files] = 50000
+php_admin_value[opcache.max_wasted_percentage] = 5
+php_admin_value[opcache.revalidate_freq] = 0
+php_admin_value[opcache.validate_timestamps] = 1
+
+; PERFORMANCE LIMITS
+php_admin_value[max_input_vars] = 100
+php_admin_value[upload_max_filesize] = 32M
+php_admin_value[post_max_size] = 32M
+php_admin_value[max_input_time] = 15
+php_admin_value[max_execution_time] = 150
+
+
+; SECURITY
+php_admin_value[cgi.fix_pathinfo] = 1
+php_admin_value[allow_url_fopen] = On
+php_admin_value[file_uploads] = On
+php_admin_value[open_basedir] = /var/www/DOMAINname
+;php_admin_value[open_basedir] = /var/www/DOMAINname:/tmp
+php_admin_value[session.use_strict_mode] = 1
+php_admin_value[session.cookie_httponly] = 1
+;HTTPSONLY php_admin_value[session.cookie_samesite] = Strict
+;HTTPSONLY php_admin_value[session.cookie_secure] = 1
+
+pm = dynamic
+pm.max_children = 11
+pm.start_servers = 3
+pm.min_spare_servers = 3
+pm.max_spare_servers = 11
+chdir = /

CMS/frontcontroller/Nginx-unconfigured

@@ -0,0 +1,30 @@
+#beginConf
+
+    #access_log /var/log/nginx/SITEname-access.log;
+    error_log /var/log/nginx/SITEname-error.log;
+
+    index index.php index.html;
+    root /var/www/DOMAINname/public;
+    gzip on;
+    gzip_proxied any;
+    gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript image/svg image/svg+xml application/xml image/x-icon;
+    gzip_comp_level 2;
+    gzip_disable "msie6";
+    gzip_buffers 16 8k;
+    
+    #include snippets/ngx-backendredir.conf;
+
+    location / {
+        try_files $uri $uri/ $uri.html /index.php$is_args$query_string;
+    }
+    
+    location ~ \.php$ {
+        include snippets/fastcgi-php.conf;
+        fastcgi_pass unix:/var/run/php/phpPHPver-fpm-SITEname.sock;
+    }
+
+    location ~ /\.ht {
+        deny all;
+    }
+    
+#endConf

CMS/frontcontroller/conf.sh

@@ -0,0 +1,40 @@
+#Creating DB
+db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1`
+db_name="fc_$db_suffix"
+db_user="fc_$db_suffix"
+db_pass=$(tr -dc 'A-Za-z0-9!#%()*+,-.:;<=>?@[]^_{|}~' </dev/urandom | head -c 30 ; echo)
+
+#Storing DB Credentials
+echo "Database Name $db_name" > ~/DB_"$sitename"
+echo "Database Username $db_user" >> ~/DB_"$sitename"
+echo "Database Password $db_pass" >> ~/DB_"$sitename"
+
+#Setting up Database
+mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;" > $OUTPUT 2>&1
+mysql -u root -p"$password" -e "CREATE USER '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';" > $OUTPUT 2>&1
+mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost';" > $OUTPUT 2>&1
+mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" > $OUTPUT 2>&1
+
+
+#Creating webfolder
+mkdir -p /var/www/"$domain"/public
+
+#Ceating content
+echo "<html><head></head><body>$webserv has been succsefully installed by the Wizard<br>Ready for FontControler installation</body></html>" > /var/www/$domain/public/index.html
+
+#Setup PHP Pool
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/frontcontroller/Fpm-Pool.conf-unconfigured -o "$phpPoolDir"/"$sitename".conf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/SITEname/'$sitename'/g' -e 's/DOMAINname/'$domain'/' "$phpPoolDir"/$sitename.conf
+groupadd "$sitename"
+useradd -g "$sitename" "$sitename"
+
+systemctl reload $phpFPMService
+
+#Setting Permsissions
+chown "$sitename":"$sitename" -R /var/www/"$domain"/
+
+if [ "$shortdist" = "el8" ]; then
+    #Setting SeLiux perms for centos
+    semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/$domain/(/.*)?" > $OUTPUT 2>&1
+    restorecon -r /var/www/ > $OUTPUT 2>&1
+fi

CMS/frontcontroller/nginx-conf.sh

@@ -0,0 +1,5 @@
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/frontcontroller/Nginx-unconfigured -o /tmp/nginx-siteconf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/nginx-siteconf
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"_"$site_ext"
+
+systemctl reload nginx

CMS/nextcloud/Fpm-Pool.conf-unconfigured

@@ -4,7 +4,7 @@ group = SITEname
 listen = /var/run/php/phpPHPver-fpm-SITEname.sock
 listen.owner = www-data
 listen.group = www-data
-php_admin_value[disable_functions] = exec,passthru,shell_exec,system
+php_admin_value[disable_functions] = exec,passthru,system
 php_admin_value[error_log] = /var/log/php-fpm/error-SITEname.log
 ; OPCACHE SETTINGS
 php_admin_value[opcache.memory_consumption] = 256

CMS/nextcloud/Nginx-unconfigured

@@ -28,13 +28,14 @@ location = /robots.txt {
     access_log off;
 }
 
-location = /.well-known/carddav {
+location ^~ /.well-known {
-    return 301 $scheme://$host:$server_port/remote.php/dav;
+    location = /.well-known/carddav     { return 301 /remote.php/dav/; }
-}
+    location = /.well-known/caldav      { return 301 /remote.php/dav/; }
-location = /.well-known/caldav {
+    location ^~ /.well-known            { return 301 /index.php$uri; }
-    return 301 $scheme://$host:$server_port/remote.php/dav;
+    try_files $uri $uri/ =404;
 }
 
+
 location / {
     rewrite ^ /index.php;
 }
@@ -80,4 +81,15 @@ location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
     try_files $uri /index.php$request_uri;
     access_log off;
 }
+
+## Reverse proxy Config for 'Files High Performance Back-end'
+#FHPBlocation ^~ /push/ {
+#FHPB    proxy_pass http://127.0.0.1:7867/;
+#FHPB    proxy_http_version 1.1;
+#FHPB    proxy_set_header Upgrade $http_upgrade;
+#FHPB    proxy_set_header Connection "Upgrade";
+#FHPB    proxy_set_header Host $host;
+#FHPB    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+#FHPB}
+
 #endConf

CMS/nextcloud/apache-conf.sh

@@ -1,11 +1,11 @@
 #Apache
 curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/nextcloud/Apache-unconfigured -o /tmp/apache-siteconf
 sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/apache-siteconf
-sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' /etc/apache2/sites-available/"$sitename"_"$site_ext".conf
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' "$apacheConfDir"/sites-available/"$sitename"_"$site_ext".conf
 chown "$sitename":"$sitename" -R /var/www/"$domain"/html
 
 #PHP
-sed -i -e '/cgi.fix_pathinfo/c\php_admin_value[cgi.fix_pathinfo] = 1' /etc/php/"$phpver"/fpm/pool.d/$sitename.conf
+sed -i -e '/cgi.fix_pathinfo/c\php_admin_value[cgi.fix_pathinfo] = 1' "$phpPoolDir"/$sitename.conf
-sed -i -e '/security.limit_extensions/c\php_admin_value[security.limit_extensions] = .php' /etc/php/"$phpver"/fpm/pool.d/$sitename.conf
+sed -i -e '/security.limit_extensions/c\php_admin_value[security.limit_extensions] = .php' "$phpPoolDir"/$sitename.conf
 
-systemctl reload apache2 php$phpver-fpm
+systemctl reload $apacheService $phpFPMService

CMS/nextcloud/apt.pkg.list

@@ -0,0 +1 @@
+libmagickcore-6.q16-3-extra zlib1g libpng-dev

CMS/nextcloud/conf.sh

@@ -1,6 +1,6 @@
 #PHP Pool
-curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/nextcloud/Fpm-Pool.conf-unconfigured -o /etc/php/"$phpver"/fpm/pool.d/"$sitename".conf
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/nextcloud/Fpm-Pool.conf-unconfigured -o "$phpPoolDir"/"$sitename".conf
-sed -i -e 's/PHPver/'$phpver'/g' -e 's/SITEname/'$sitename'/g' -e 's/DOMAINname/'$domain'/g' /etc/php/"$phpver"/fpm/pool.d/$sitename.conf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/SITEname/'$sitename'/g' -e 's/DOMAINname/'$domain'/g' "$phpPoolDir"/$sitename.conf
 groupadd "$sitename"
 useradd -g "$sitename" "$sitename"
 mkdir -p /var/www/"$domain"/html/data
@@ -15,7 +15,7 @@ touch /var/www/"$domain"/html/data/nextcloud.log > $OUTPUT 2>&1
 db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1`
 db_name="nextcloud_$db_suffix"
 db_user="nextcloud_$db_suffix"
-db_pass=$(date +%s|sha256sum|base64|head -c 32)
+db_pass=$(tr -dc 'A-Za-z0-9!#%()*+,-.:;<=>?@[]^_{|}~' </dev/urandom | head -c 30 ; echo)
 mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;" > $OUTPUT 2>&1
 mysql -u root -p"$password" -e "CREATE USER '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';" > $OUTPUT 2>&1
 mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost';" > $OUTPUT 2>&1
@@ -29,15 +29,36 @@ cat <<EOF > /var/www/$domain/html/config/autoconfig.php
   "dbname"        => "${db_name}",
   "dbuser"        => "${db_user}",
   "dbpass"        => "${db_pass}",
-  "dbhost"        => "localhost",
+  "dbhost"        => "127.0.0.1",
   "dbtableprefix" => "",
   "simpleSignUpLink.shown" => false,
   "directory"     => "/var/www/$domain/html/data",
 );
 EOF
 
+#Setting Permsissions
 chown "$sitename":"$sitename" -R /var/www/"$domain"/html
 
+if [ "$shortdist" = "el8" ]; then
+    #Setting SeLiux perms for centos
+    semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/$domain/html(/.*)?" > $OUTPUT 2>&1
+    restorecon -r /var/www/ > $OUTPUT 2>&1
+fi
+
+#Enable PHP-ACPU on CLI
+if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then
+  if ! grep -Fxq "apc.enable_cli=1" /etc/php/${phpver}/mods-available/apcu.ini; then
+      echo "apc.enable_cli=1" >> /etc/php/${phpver}/mods-available/apcu.ini
+  fi
+elif [ "$shortdist" = "el8" ]; then
+  sed -i "/apc.enable_cli/c\apc.enable_cli=1" /etc/opt/remi/php${phpver//.}/php.d/40-apcu.ini
+fi
+
+#PHP 8.0 Settings
+if [ "$phpVerBranch" = "8x" ]; then  
+  sed -i "/opcache.enable/c\php_admin_value[opcache.enable] = 1" "$phpPoolDir"/"$sitename".conf
+fi
+
 #Makeing nextcloud Finalize script and setting login Notice
 curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/nextcloud/nextcloud-init.sh -o ~/NextcloudInit-"$sitename".sh
 sed -i -e 's/DOMAINname/'$domain'/' -e 's/SITEname/'$sitename'/' ~/NextcloudInit-"$sitename".sh
@@ -46,13 +67,8 @@ sed -i -e 's/SITEname/'$sitename'/' /etc/update-motd.d/51-nextnotice-"${sitename
 chmod +x /etc/update-motd.d/51-nextnotice-"${sitename//_}"
 
 
-#Nextcloud logging location
-mkdir /var/log/nextcloud
-chmod 774 -R /var/log/nextcloud
-ln -s /var/www/"$domain"/html/data/nextcloud.log /var/log/nextcloud/"$sitename"
-
 #fail2ban
 curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/nextcloud_unconfigured -o /etc/fail2ban/jail.d/"$sitename"-nextcloud.local
-sed -i 's/SITEname/'$sitename'/' /etc/fail2ban/jail.d/"$sitename"-nextcloud.local
+sed -i 's/DOMain/'$domain'/' /etc/fail2ban/jail.d/"$sitename"-nextcloud.local
 
-systemctl reload php"$phpver"-fpm
+systemctl reload "$phpFPMService"

CMS/nextcloud/dnf.pkg.list

@@ -0,0 +1 @@
+ImageMagick-libs zlib libpng

CMS/nextcloud/generic.pkg.list

@@ -1 +1 @@
-libmagickcore-6.q16-3-extra libxml2 openssl zlib1g libpng-dev phpPHPver-bcmath phpPHPver-gmp
+libxml2 openssl PHPprefix-bcmath PHPprefix-gmp bzip2

CMS/nextcloud/nextcloud-init.sh

@@ -4,16 +4,32 @@ sudo -u SITEname php /var/www/DOMAINname/html/occ app:disable firstrunwizard
 
 sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set default_language --value=nl
 sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set default_locale --value=nl
+sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set default_phone_region --value=nl
 sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set skeletondirectory --value=
 sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set memcache.local --value='\OC\Memcache\APCu'
+sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set trashbin_retention_obligation --value=30,30
 
-if [ "$(systemctl is-active  redis-server)" = "active" ]; then
+if [ "$(systemctl is-active  redis-server)" = "active" ] || [ "$(systemctl is-active  redis)" = "active" ]; then
     sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set memcache.distributed --value='\OC\Memcache\Redis'
     sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set memcache.locking --value='\OC\Memcache\Redis'
     sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set redis host --value=localhost
     sudo -u SITEname php /var/www/DOMAINname/html/occ config:system:set redis port --value=6379
+    while true; do
+    read -p "Prepair for Files High Performance Back-end (Only for nginx) -> yes/no?" yn
+    case $yn in
+        [Nn]* )
+        break;;
+        [Yy]* )
+        sudo -u SITEname php /var/www/DOMAINname/html/occ app:install notify_push
+        sed -i --follow-symlinks 's/#FHPB//g' /etc/nginx/sites-enabled/SITEname
+        systemctl reload nginx
+        echo -e "\e[96m Run: sudo -u SITEname php /var/www/DOMAINname/html/occ notify_push:setup\e[39m"
+        break;;
+        * )echo "Choose yes or no.";;
+        esac
+    done
 else 
-    echo "Redis not installed or running on this system" 
+    echo "Redis is not running on this system" 
 fi
 
 echo "*/5  *  *  *  * SITEname	php -f /var/www/DOMAINname/html/cron.php > /dev/null 2>&1" >> /etc/crontab

CMS/none/Fpm-Pool.conf-unconfigured

@@ -25,7 +25,7 @@ php_admin_value[max_input_time] = 15
 php_admin_value[cgi.fix_pathinfo] = 0
 php_admin_value[allow_url_fopen] = Off
 php_admin_value[file_uploads] = Off
-php_admin_value[open_basedir] = /var/www/DOMAINname/html
+php_admin_value[open_basedir] = /var/www/DOMAINname/html:/tmp
 php_admin_value[session.use_strict_mode] = 1
 php_admin_value[session.cookie_httponly] = 1
 ;HTTPSONLY php_admin_value[session.cookie_samesite] = Strict

CMS/none/Nginx_nonphp-unconfigured

@@ -16,6 +16,8 @@
         #try_files $uri $uri/ =404;
         try_files $uri $uri/ /index.php$is_args$args;
         #try_files $uri $uri/ $uri.html $uri.php$is_args$query_string;
+        #'forPHP-FrondControler' try_files $uri $uri/ $uri.html /index.php$is_args$query_string;
+
     }
 
     location ~ /\.ht {

CMS/none/apache-conf.sh

@@ -1,9 +1,5 @@
 curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/none/Apache-unconfigured -o /tmp/apache-siteconf
 sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/apache-siteconf
-sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' /etc/apache2/sites-available/"$sitename"_"$site_ext".conf
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' "$apacheConfDir"/sites-available/"$sitename"_"$site_ext".conf
-mkdir -p /var/www/"$domain"/html
 
-echo "<html><head></head><body>$webserv has been succsefully installed by the Wizard</body></html>" > /var/www/$domain/html/index.html
+systemctl reload $apacheService 
-
-chown "$sitename":"$sitename" -R /var/www/"$domain"/html
-systemctl reload apache2

CMS/none/conf.sh

@@ -1,12 +1,26 @@
+#Creating webfolder
+mkdir -p /var/www/"$domain"/html
+
+#Ceating content
+echo "<html><head></head><body>$webserv has been succsefully installed by the Wizard</body></html>" > /var/www/$domain/html/index.html
+
 #Do not generate php pool when php is not installed
 if [ $webserv != nginx_nonphp ]; then
 
 #Setup PHP Pool
-curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/none/Fpm-Pool.conf-unconfigured -o /etc/php/"$phpver"/fpm/pool.d/"$sitename".conf
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/none/Fpm-Pool.conf-unconfigured -o "$phpPoolDir"/"$sitename".conf
-sed -i -e 's/PHPver/'$phpver'/g' -e 's/SITEname/'$sitename'/g' -e 's/DOMAINname/'$domain'/' /etc/php/"$phpver"/fpm/pool.d/$sitename.conf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/SITEname/'$sitename'/g' -e 's/DOMAINname/'$domain'/' "$phpPoolDir"/$sitename.conf
 groupadd "$sitename"
 useradd -g "$sitename" "$sitename"
 
-systemctl reload php"$phpver"-fpm
+systemctl reload $phpFPMService
+fi
 
+#Setting Permsissions
+chown "$sitename":"$sitename" -R /var/www/"$domain"/html
+
+if [ "$shortdist" = "el8" ]; then
+    #Setting SeLiux perms for centos
+    semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/$domain/html(/.*)?" > $OUTPUT 2>&1
+    restorecon -r /var/www/ > $OUTPUT 2>&1
 fi

CMS/none/nginx-conf.sh

@@ -1,9 +1,5 @@
 curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/none/Nginx-unconfigured -o /tmp/nginx-siteconf
 sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/nginx-siteconf
 sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"_"$site_ext"
-mkdir -p /var/www/"$domain"/html
 
-echo "<html><head></head><body>$webserv has been succsefully installed by the Wizard</body></html>" > /var/www/$domain/html/index.html
-
-chown "$sitename":"$sitename" -R /var/www/"$domain"/html
 systemctl reload nginx

CMS/none/nginx_nonphp-conf.sh

@@ -1,9 +1,5 @@
 curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/none/Nginx_nonphp-unconfigured -o /tmp/nginx-siteconf
 sed -i -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/nginx-siteconf
 sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"_"$site_ext"
-mkdir -p /var/www/"$domain"/html
 
-echo "<html><head></head><body>$webserv has been succsefully installed by the Wizard</body></html>" > /var/www/$domain/html/index.html
-
-chown www-data:www-data -R /var/www/"$domain"/html
 systemctl reload nginx

CMS/wordpress/Fpm-Pool.conf-unconfigured

@@ -25,7 +25,7 @@ php_admin_value[max_input_time] = 30
 php_admin_value[cgi.fix_pathinfo] = 0
 php_admin_value[allow_url_fopen] = Off
 php_admin_value[file_uploads] = on
-php_admin_value[open_basedir] = "/var/www/DOMAINname/html"
+php_admin_value[open_basedir] = /var/www/DOMAINname/html:/tmp
 php_admin_value[session.use_strict_mode] = 1
 php_admin_value[session.cookie_httponly] = 1
 ;HTTPSONLY php_admin_value[session.cookie_samesite] = Strict

CMS/wordpress/WordPress-unconfigured

@@ -2,7 +2,7 @@
 define('DB_NAME', 'DBName');
 define('DB_USER', 'DBUser');
 define('DB_PASSWORD', 'DBPass');
-define('DB_HOST', 'localhost');
+define('DB_HOST', '127.0.0.1');
 define('DB_CHARSET', 'utf8');
 define('DB_COLLATE', '');
 #define( 'WP_SITEURL', '' );

CMS/wordpress/apache-conf.sh

@@ -1,6 +1,6 @@
 curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/wordpress/Apache-unconfigured -o /tmp/apache-siteconf
 sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/apache-siteconf
-sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' /etc/apache2/sites-available/"$sitename"_"$site_ext".conf
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' "$apacheConfDir"/sites-available/"$sitename"_"$site_ext".conf
 
 chown "$sitename":"$sitename" -R /var/www/"$domain"/html
-systemctl reload apache2 php$phpver-fpm
+systemctl reload $apacheService $phpFPMService

CMS/wordpress/conf.sh

@@ -9,7 +9,7 @@ fi
 db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1`
 db_name="wp_$db_suffix"
 db_user="wp_$db_suffix"
-db_pass=$(date +%s|sha256sum|base64|head -c 32)
+db_pass=$(tr -dc 'A-Za-z0-9!#%()*+,-.:;<=>?@[]^_{|}~' </dev/urandom | head -c 30 ; echo)
 WPSalts=$(curl --retry 7 --retry-delay 5 -s https://api.wordpress.org/secret-key/1.1/salt/)
 
 #Setting up Database
@@ -33,21 +33,30 @@ printf '%s\n' "$WPSalts" >> /var/www/"$domain"/html/wp-config.php
 printf '%s\n' "require_once(ABSPATH . 'wp-settings.php');" >> /var/www/"$domain"/html/wp-config.php
 
 #PHP Pool
-curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/wordpress/Fpm-Pool.conf-unconfigured -o /etc/php/"$phpver"/fpm/pool.d/"$sitename".conf
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/wordpress/Fpm-Pool.conf-unconfigured -o "$phpPoolDir"/"$sitename".conf
-sed -i -e 's/PHPver/'$phpver'/g' -e 's/SITEname/'$sitename'/g' -e 's/DOMAINname/'$domain'/g' /etc/php/"$phpver"/fpm/pool.d/$sitename.conf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/SITEname/'$sitename'/g' -e 's/DOMAINname/'$domain'/g' "$phpPoolDir"/$sitename.conf
 groupadd "$sitename"
 useradd -g "$sitename" "$sitename"
 
-systemctl reload php"$phpver"-fpm
+systemctl reload $phpFPMService
 
 #fail2ban
 if [ ! -f /etc/fail2ban/jail.d/wordpress-syslog.local ]; then
     curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/wordpress-syslog.jail -o /etc/fail2ban/jail.d/wordpress-syslog.local
+    if [ "$shortdist" = "el8" ]; then
+        sed -i '/logpath/c\logpath = /var/log/messages' /etc/fail2ban/jail.d/wordpress-syslog.local
+    fi
 fi
 
 #Setting Permsissions
 chown "$sitename":"$sitename" -R /var/www/"$domain"/html
 
+if [ "$shortdist" = "el8" ]; then
+    #Setting SeLiux perms for centos
+    semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/$domain/html(/.*)?" > $OUTPUT 2>&1
+    restorecon -r /var/www/ > $OUTPUT 2>&1
+fi
+
 #Makeing wordpress Finalize script and setting login Notice
 curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/wordpress/wordpress-init.sh -o ~/WordpressInit-"$sitename".sh
 sed -i -e 's/DOMAINname/'$domain'/' -e 's/SITEname/'$sitename'/' ~/WordpressInit-"$sitename".sh

CMS/wordpress/nginx-conf.sh

@@ -4,4 +4,4 @@ sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$
 sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"_"$site_ext"
 
 #Reloading Services
-systemctl reload nginx php$phpver-fpm
+systemctl reload nginx $phpFPMService

CMS/wordpress/wordpress-init.sh

@@ -1,10 +1,10 @@
-sudo -u SITEname wp --path=/var/www/DOMAINname/html core update
+sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html core update
-sudo -u SITEname wp --path=/var/www/DOMAINname/html theme update --all
+sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html theme update --all
-sudo -u SITEname wp --path=/var/www/DOMAINname/html plugin install wp-fail2ban --activate
+sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html plugin install wp-fail2ban --activate
-sudo -u SITEname wp --path=/var/www/DOMAINname/html plugin install all-in-one-wp-migration --activate
+sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html plugin install all-in-one-wp-migration --activate
-sudo -u SITEname wp --path=/var/www/DOMAINname/html plugin install https://git.ictmaatwerk.com/downloads/wp/migrate.zip --activate
+sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html plugin install https://git.ictmaatwerk.com/downloads/wp/migrate.zip --activate
-sudo -u SITEname wp --path=/var/www/DOMAINname/html cron event run wp_update_plugins
+sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html cron event run wp_update_plugins
-sudo -u SITEname wp --path=/var/www/DOMAINname/html plugin update --all
+sudo -u SITEname /usr/local/bin/wp --path=/var/www/DOMAINname/html plugin update --all
 echo -e "\e[96m Please update all-in-one-wp-migration-unlimited plugin manually\e[39m"
 sn2=SITEname
 rm -f /etc/update-motd.d/51-wpnotice-${sn2//_}

CoreModules/apache/appendCMS-conf.sh

@@ -4,19 +4,19 @@
 
 if [ $domainwww = 1 ]; then
 	#non-ssl
-	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-wwwredir >> /etc/apache2/sites-available/"$sitename"_nossl.conf
+	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-wwwredir >> "$apacheConfDir"/sites-available/"$sitename"_nossl.conf
-	echo "" >> /etc/apache2/sites-available/"$sitename"_nossl.conf
+	echo "" >> "$apacheConfDir"/sites-available/"$sitename"_nossl.conf
 	#ssl 
-	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-wwwredir >> /etc/apache2/sites-available/"$sitename"_ssl.conf
+	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-wwwredir >> "$apacheConfDir"/sites-available/"$sitename"_ssl.conf
-	echo "" >> /etc/apache2/sites-available/"$sitename"_ssl.conf
+	echo "" >> "$apacheConfDir"/sites-available/"$sitename"_ssl.conf
 fi
 
 #non-ssl
-curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-unconfigured >> /etc/apache2/sites-available/"$sitename"_nossl.conf
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-unconfigured >> "$apacheConfDir"/sites-available/"$sitename"_nossl.conf
-sed -i -e 's/DOMAINname/'$domain'/g' /etc/apache2/sites-available/"$sitename"_nossl.conf 
+sed -i -e 's/DOMAINname/'$domain'/g' "$apacheConfDir"/sites-available/"$sitename"_nossl.conf 
-ln -s /etc/apache2/sites-available/"$sitename"_nossl.conf /etc/apache2/sites-enabled/010-"$sitename".conf
+ln -s "$apacheConfDir"/sites-available/"$sitename"_nossl.conf "$apacheConfDir"/sites-enabled/010-"$sitename".conf
 #ssl
-curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-unconfigured >> /etc/apache2/sites-available/"$sitename"_ssl.conf
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-unconfigured >> "$apacheConfDir"/sites-available/"$sitename"_ssl.conf
-sed -i -e 's/DOMAINname/'$domain'/g' /etc/apache2/sites-available/"$sitename"_ssl.conf
+sed -i -e 's/DOMAINname/'$domain'/g' "$apacheConfDir"/sites-available/"$sitename"_ssl.conf
 
-systemctl reload apache2
+systemctl reload $apacheService

CoreModules/apache/conf.sh

@@ -1,54 +1,76 @@
-systemctl stop apache2 > $OUTPUT 2>&1
+systemctl stop $apacheService > $OUTPUT 2>&1
 
 ##############
 #   Apache   #
 ##############
 
-a2dissite 000-default > $OUTPUT 2>&1
+if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then
-a2dismod mpm_prefork > $OUTPUT 2>&1
+	a2dissite 000-default > $OUTPUT 2>&1
-a2enmod actions fcgid alias proxy_fcgi ssl headers http2 setenvif socache_shmcb > $OUTPUT 2>&1
+	a2dismod mpm_prefork > $OUTPUT 2>&1
+	a2enmod actions fcgid alias proxy_fcgi proxy_http ssl headers http2 setenvif socache_shmcb rewrite > $OUTPUT 2>&1
+	mkdir -p "$apacheConfDir"/snippets/
+	monitconf=/etc/monit/monitrc
+elif [ "$shortdist" = "el8" ]; then
+	echo 'IncludeOptional conf-enabled/*.conf' >>/etc/httpd/conf/httpd.conf
+	echo 'IncludeOptional sites-enabled/*.conf' >>/etc/httpd/conf/httpd.conf
+	sed -i -e '/User apache/c\User www-data' -e '/Group apache/c\Group www-data' /etc/httpd/conf/httpd.conf
+	sed -i 's/^/#/g' /etc/httpd/conf.d/welcome.conf
+	#Creating directories
+    mkdir -p /etc/httpd/{sites-available,sites-enabled,conf-enabled,conf-available,snippets}
+	#getting aditional apache config for centos
+	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/conf-httpd-custom.conf -o "$apacheConfDir"/conf-enabled/zzz-Httpd-custom.conf
+	monitconf=/etc/monitrc
+fi
 
-mkdir -p /etc/apache2/snippets/
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/snippets-ssl.conf -o "$apacheConfDir"/snippets/apa-ssl.conf
-curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/snippets-ssl.conf -o /etc/apache2/snippets/apa-ssl.conf
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/snippets-backendredir.conf -o "$apacheConfDir"/snippets/apa-backendredir.conf
-curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/snippets-backendredir.conf -o /etc/apache2/snippets/apa-backendredir.conf
+sed -i -e 's/HOSTname/'$hostname'/' "$apacheConfDir"/snippets/apa-backendredir.conf
-sed -i -e 's/HOSTname/'$hostname'/' /etc/apache2/snippets/apa-backendredir.conf
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/conf-custom.conf -o "$apacheConfDir"/conf-enabled/zzz-custom.conf
-curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/conf-custom.conf -o /etc/apache2/conf-enabled/zzz-custom.conf
 
 #Catch all (ip and unconfigured domains)
-curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_CatchAll -o /etc/apache2/sites-available/CatchAll.conf
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_CatchAll -o "$apacheConfDir"/sites-available/CatchAll.conf
-ln -s /etc/apache2/sites-available/CatchAll.conf /etc/apache2/sites-enabled/999-CatchAll.conf
+ln -s "$apacheConfDir"/sites-available/CatchAll.conf "$apacheConfDir"/sites-enabled/999-CatchAll.conf
 
 
 if [ $domainwww = 1 ]; then
 	#non-ssl
-	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-wwwredir >> /etc/apache2/sites-available/"$sitename"_nossl.conf
+	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-wwwredir >> "$apacheConfDir"/sites-available/"$sitename"_nossl.conf
-	echo "" >> /etc/apache2/sites-available/"$sitename"_nossl.conf
+	echo "" >> "$apacheConfDir"/sites-available/"$sitename"_nossl.conf
 	#ssl 
-	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-wwwredir >> /etc/apache2/sites-available/"$sitename"_ssl.conf
+	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-wwwredir >> "$apacheConfDir"/sites-available/"$sitename"_ssl.conf
-	echo "" >> /etc/apache2/sites-available/"$sitename"_ssl.conf
+	echo "" >> "$apacheConfDir"/sites-available/"$sitename"_ssl.conf
 fi
 #non-ssl
-curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-unconfigured >> /etc/apache2/sites-available/"$sitename"_nossl.conf
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-unconfigured >> "$apacheConfDir"/sites-available/"$sitename"_nossl.conf
-sed -i -e 's/DOMAINname/'$domain'/g' /etc/apache2/sites-available/"$sitename"_nossl.conf 
+sed -i -e 's/DOMAINname/'$domain'/g' "$apacheConfDir"/sites-available/"$sitename"_nossl.conf 
-ln -s /etc/apache2/sites-available/"$sitename"_nossl.conf /etc/apache2/sites-enabled/010-"$sitename".conf
+ln -s "$apacheConfDir"/sites-available/"$sitename"_nossl.conf "$apacheConfDir"/sites-enabled/010-"$sitename".conf
 #ssl
-curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-unconfigured >> /etc/apache2/sites-available/"$sitename"_ssl.conf
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-unconfigured >> "$apacheConfDir"/sites-available/"$sitename"_ssl.conf
-sed -i -e 's/DOMAINname/'$domain'/g' /etc/apache2/sites-available/"$sitename"_ssl.conf
+sed -i -e 's/DOMAINname/'$domain'/g' "$apacheConfDir"/sites-available/"$sitename"_ssl.conf
 
 #non-ssl-Backend
-curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-unconfigured >> /etc/apache2/sites-available/Backend_nossl.conf
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site-unconfigured >> "$apacheConfDir"/sites-available/Backend_nossl.conf
-sed -i -e 's/DOMAINname/'$hostname'/g' /etc/apache2/sites-available/Backend_nossl.conf 
+sed -i -e 's/DOMAINname/'$hostname'/g' "$apacheConfDir"/sites-available/Backend_nossl.conf 
-ln -s /etc/apache2/sites-available/Backend_nossl.conf /etc/apache2/sites-enabled/010-Backend.conf
+ln -s "$apacheConfDir"/sites-available/Backend_nossl.conf "$apacheConfDir"/sites-enabled/010-Backend.conf
 #ssl-Backend
-curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-unconfigured >> /etc/apache2/sites-available/Backend_ssl.conf
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-unconfigured >> "$apacheConfDir"/sites-available/Backend_ssl.conf
-sed -i -e 's/DOMAINname/'$hostname'/g' /etc/apache2/sites-available/Backend_ssl.conf
+sed -i -e 's/DOMAINname/'$hostname'/g' "$apacheConfDir"/sites-available/Backend_ssl.conf
-
 
+#BackendToggle
 mkdir -p /opt/toggle
+##Phpmyadmin
 curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/toggles/toggle-PhpMyAdmin_APACHE.sh -o /opt/toggle/toggle-PhpMyAdmin.sh
-
+sed -i -e 's/APASRV/'$apacheService'/' -e 's#APADIR#'$apacheConfDir'#'  /opt/toggle/toggle-PhpMyAdmin.sh
+##monit
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/toggles/toggle-Monit_APACHE.sh -o /opt/toggle/toggle-MonitWebui.sh
+sed -i -e 's#MONITCONF#'$monitconf'#' -e 's/APASRV/'$apacheService'/' -e 's#APADIR#'$apacheConfDir'#' /opt/toggle/toggle-MonitWebui.sh
+unset monitconf
 
 # custom Welcome page
 echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /var/www/html/index.html
 
-systemctl start apache2 > $OUTPUT 2>&1
+#Add Apache as SSL service
+echo "$apacheService" >> /etc/ICTM/SslServices
+
+systemctl start $apacheService > $OUTPUT 2>&1
+systemctl enable $apacheService > $OUTPUT 2>&1

CoreModules/apache/config/apache2/conf-httpd-custom.conf

@@ -0,0 +1 @@
+Define APACHE_LOG_DIR /var/log/httpd

CoreModules/apache/config/apache2/site_ssl-unconfigured

@@ -6,8 +6,8 @@
 <VirtualHost *:443>
     ServerName DOMAINname
     SSLEngine on
-    SSLCertificateFile       /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer
+    SSLCertificateFile       /etc/acmesh/inst/DOMAINname/fullchain.pem
-    SSLCertificateKeyFile   /etc/acmesh/certs/DOMAINname_ecc/DOMAINname.key
+    SSLCertificateKeyFile   /etc/acmesh/inst/DOMAINname/key.pem
     Include snippets/apa-ssl.conf
 
 #ConfHere

CoreModules/apache/config/apache2/site_ssl-wwwredir

@@ -6,8 +6,8 @@
 <VirtualHost *:443>
     ServerName www.DOMAINname
     SSLEngine on
-    SSLCertificateFile       /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer
+    SSLCertificateFile       /etc/acmesh/inst/DOMAINname/fullchain.pem
-    SSLCertificateKeyFile   /etc/acmesh/certs/DOMAINname_ecc/DOMAINname.key
+    SSLCertificateKeyFile   /etc/acmesh/inst/DOMAINname/key.pem
     Include snippets/apa-ssl.conf
     Redirect permanent / https://DOMAINname/
 </VirtualHost>

CoreModules/apache/dnf.pkg.list

@@ -0,0 +1 @@
+httpd mod_fcgid mod_ssl

CoreModules/apache/phpupdate-handeler.sh

@@ -1,4 +1,7 @@
-for f in /etc/apache2/sites-available/*; do
+if [ ! -f "/etc/ICTM/apachevar.list" ] ; then bash <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/GenerateApacheList.sh) ; fi
+source /etc/ICTM/apachevar.list
+
+for f in $apacheConfDir/sites-available/*; do
     if [ $IMODE = n ] && [ $PhpPurge = 0 ]; then
         if (whiptail --title "Update apache config ?" --yesno "Update php version in apache site: ${f##*/}  ?" 8 78); then
             sed -i  "s/$phpver/$newphpver/" $f
@@ -21,4 +24,4 @@ for f in /etc/apache2/sites-available/*; do
     fi
 done
  
-systemctl reload apache2
+systemctl reload $apacheService

CoreModules/apache/preconf.sh

@@ -1 +1,17 @@
+if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then
+# Debian/Ubunbtu apache variables
+    apacheConfDir=/etc/apache2
+    apacheService=apache2
+
+elif [ "$shortdist" = "el8" ]; then
+# Centos Php variable
+    apacheConfDir=/etc/httpd
+    apacheService=httpd
+fi
+
+#Storing vars to config
+for storeme in apacheService apacheConfDir; do
+    declare -p $storeme | cut -d ' ' -f 3- >> /etc/ICTM/apachevar.list
+done
+
 curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=apache osrel=$shortdist bash > $OUTPUT 2>&1 > $OUTPUT 2>&1

CoreModules/apache/ssl-handler.sh

@@ -1,9 +1,9 @@
-rm /etc/apache2/sites-enabled/010-"$sitename".conf
+rm "$apacheConfDir"/sites-enabled/010-"$sitename".conf
-ln -s /etc/apache2/sites-available/"$sitename"_"$site_ext".conf /etc/apache2/sites-enabled/010-"$sitename".conf
+ln -s "$apacheConfDir"/sites-available/"$sitename"_"$site_ext".conf "$apacheConfDir"/sites-enabled/010-"$sitename".conf
 
 if [ -n "$sslfr" ]; then
-rm /etc/apache2/sites-enabled/010-Backend.conf
+rm "$apacheConfDir"/sites-enabled/010-Backend.conf
-ln -s /etc/apache2/sites-available/Backend_"$siteBackend_ext".conf /etc/apache2/sites-enabled/010-Backend.conf
+ln -s "$apacheConfDir"/sites-available/Backend_"$siteBackend_ext".conf "$apacheConfDir"/sites-enabled/010-Backend.conf
 fi
 
-systemctl reload apache2
+systemctl reload $apacheService

CoreModules/generic/conf.sh

@@ -1,7 +1,26 @@
+##----------##
+#   Centos   #
+##----------##
+if [ "$shortdist" = "el8" ]; then
+    #SeLinux
+    semanage port -a -t ssh_port_t -p tcp 4242
+    systemctl enable ufw > $OUTPUT 2>&1
+    #Motd
+    mkdir /etc/update-motd.d
+    echo 'if stat --printf="" /etc/update-motd.d/51* 2>/dev/null; then for f in /etc/update-motd.d/51*; do bash $f; done; fi' >> /etc/profile
+fi
+
 ##-------##
 #   UFW   #
 ##-------##
 
+if [ "$shortdist" = "el8" ]; then
+    sed -i -e '/tuple/d' -e '/dapp/d' /usr/share/ufw/iptables/user.rules
+    sed -i -e '/tuple/d' -e '/dapp/d' /usr/share/ufw/iptables/user6.rules
+    echo "y" | ufw reset > $OUTPUT 2>&1
+    systemctl enable ufw > $OUTPUT 2>&1
+fi
+
 sed -i '/IPV6=/c\IPV6=yes' /etc/default/ufw
 ufw default deny incoming > $OUTPUT 2>&1
 ufw default allow outgoing > $OUTPUT 2>&1
@@ -23,6 +42,18 @@ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fai
 curl --retry 7 --retry-delay 5 -s https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-hard.conf -o /etc/fail2ban/filter.d/wordpress-hard.local
 curl --retry 7 --retry-delay 5 -s https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-soft.conf -o /etc/fail2ban/filter.d/wordpress-soft.local
 
+if [ "$shortdist" = "el8" ]; then
+    curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/action.d/ufw.conf -o /etc/fail2ban/action.d/ufw.conf
+    curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/selinux/policies/fail2ban-allowhttpd.te -o /tmp/fail2ban-allowhttpd.te
+    checkmodule -M -m -o /tmp/fail2ban-allowhttpd.mod /tmp/fail2ban-allowhttpd.te
+    semodule_package -o /tmp/fail2ban-allowhttpd.pp -m /tmp/fail2ban-allowhttpd.mod
+    semodule -i /tmp/fail2ban-allowhttpd.pp
+fi
+
+#Start fail2ban service
+systemctl start fail2ban
+systemctl enable fail2ban
+
 #General jails
 rm /etc/fail2ban/jail.d/*
 curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/config/fail2ban/Jails/sshd.jail -o /etc/fail2ban/jail.d/sshd.local

CoreModules/generic/dnf.pkg.list

@@ -1 +1 @@
-cronie
+cronie policycoreutils-python-utils

CoreModules/generic/generic.pkg.list

@@ -1 +1 @@
-htop ufw nload fail2ban sudo bash-completion
+nano htop ufw nload fail2ban sudo bash-completion

CoreModules/generic/preconf.sh

@@ -1,24 +1,78 @@
+if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then
+########################
+#    Debian/Ubunbtu    #
+########################
+    ##--------------##
+    #  Repositories  #
+    ##--------------##
+
+    curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=universe osrel=$shortdist bash > $OUTPUT 2>&1
+    ##------------##
+    #    System    #
+    ##------------##
+    
+    sed -i -e '/XKBLAYOUT=/c\XKBLAYOUT=us' -e '/XKBVARIANT=/c\XKBVARIANT="intl"' /etc/default/keyboard > $OUTPUT 2>&1
+
+
+    ##-------------##
+    #    Updates    #
+    ##-------------##
+
+    debconf-set-selections <<< 'libssl1.1:amd64 libraries/restart-without-asking boolean true'
+    $PKGUC
+    $PKGUP
+
+
+    ##-------------##
+    #    Postfix    #
+    ##-------------##
+
+    #Checking if postfix exists on this system and if so it wil be removed to prevent config conflicts
+    if dpkg-query -Wf'${db:Status-abbrev}' postfix 2>/dev/null | grep -q '^i'; then apt purge -y postfix > $OUTPUT 2>&1; fi
+
+
+elif [ "$shortdist" = "el8" ]; then
+################
+#    Centos    #
+################
+    ##--------------##
+    #  Repositories  #
+    ##--------------##
+
+    curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=epel osrel=$shortdist bash > $OUTPUT 2>&1
+
+    ##------------##
+    #    System    #
+    ##------------##
+
+    localectl set-keymap us > $OUTPUT 2>&1
+    useradd -r -U -s /usr/sbin/nologin -d /var/www  www-data > $OUTPUT 2>&1
+    systemctl disable firewalld --now > $OUTPUT 2>&1
+
+    ##-------------##
+    #    Postfix    #
+    ##-------------##
+
+    if dnf list installed postfix >/dev/null 2>&1; then dnf remove postfix -y; fi
+    
+fi
+
+
+#################
+#    General    #
+#################
 ##-----------------------##
 #  Prerequisite packages  #
 ##-----------------------##
 
 curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=init osrel=$shortdist bash > $OUTPUT 2>&1
 
+
 ##--------------##
 #  Repositories  #
 ##--------------##
-
-curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=universe osrel=$shortdist bash > $OUTPUT 2>&1
 curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=php osrel=$shortdist bash > $OUTPUT 2>&1
 
-##-------------##
-#    Updates    #
-##-------------##
-
-debconf-set-selections <<< 'libssl1.1:amd64 libraries/restart-without-asking boolean true'
-$PKGM update
-$PKGM upgrade -y
-
 
 ##------------##
 #    System    #
@@ -30,12 +84,6 @@ timedatectl set-timezone Europe/Amsterdam > $OUTPUT 2>&1
 sed -i -e '/Port 22/c\Port 4242' -e 's/PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config > $OUTPUT 2>&1
 
 
-if [ "$osrel" = "ubu1804" ] || [ "$osrel" = "ubu2004" ] || [ "$osrel" = "deb10" ] ; then
-    sed -i -e '/XKBLAYOUT=/c\XKBLAYOUT=us' -e '/XKBVARIANT=/c\XKBVARIANT="intl"' /etc/default/keyboard > $OUTPUT 2>&1
-elif [ "$osrel" = "cent8" ]; then
-    localectl set-keymap us-int
-fi
-
 ##----------##
 #    Swap    #
 ##----------##
@@ -51,12 +99,3 @@ else
 fi
 echo "vm.swappiness=10" >> /etc/sysctl.conf
 echo "vm.vfs_cache_pressure=50" >> /etc/sysctl.conf
-
-
-##-------------##
-#    Postfix    #
-##-------------##
-
-#Checking if postfix exists on this system and if so it wil be removed to prevent config conflicts
-if dpkg-query -Wf'${db:Status-abbrev}' postfix 2>/dev/null | grep -q '^i'; then apt purge -y postfix > $OUTPUT 2>&1; fi
-

CoreModules/nginx/apt.pkg.list

@@ -0,0 +1 @@
+apache2-utils

CoreModules/nginx/conf.sh

@@ -36,11 +36,26 @@ ln -s /etc/nginx/sites-available/Backend_nossl /etc/nginx/sites-enabled/Backend
 curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site_ssl-unconfigured >> /etc/nginx/sites-available/Backend_ssl 
 sed -i -e 's/DOMAINname/'$hostname'/g' /etc/nginx/sites-available/Backend_ssl 
 
+#toggles
 mkdir -p /opt/toggle
+##phpmyadmin toggle
 curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/toggles/toggle-Netdata_NGINX.sh -o  /opt/toggle/toggle-Netdata.sh
 curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/toggles/toggle-PhpMyAdmin_NGINX.sh -o  /opt/toggle/toggle-PhpMyAdmin.sh
+##monit toggle
+if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then
+    monitconf=/etc/monit/monitrc
+elif [ "$shortdist" = "el8" ]; then
+    monitconf=/etc/monitrc
+fi
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/toggles/toggle-Monit_NGINX.sh -o /opt/toggle/toggle-MonitWebui.sh
+sed -i -e 's#MONITCONF#'$monitconf'#' /opt/toggle/toggle-MonitWebui.sh
+unset monitconf
 
 # custom Welcome page
 echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /usr/share/nginx/html/index.html
 
-systemctl start nginx
+#Add Nginx as SSL service
+echo "nginx" >> /etc/ICTM/SslServices
+
+systemctl start nginx > $OUTPUT 2>&1
+systemctl enable nginx > $OUTPUT 2>&1

CoreModules/nginx/config/nginx/site_ssl-unconfigured

@@ -13,9 +13,9 @@ server {
     listen 443 ssl http2;
     listen [::]:443 ssl http2; 
     server_name   DOMAINname;
-    ssl_certificate /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer;
+    ssl_certificate /etc/acmesh/inst/DOMAINname/fullchain.pem;
-    ssl_certificate_key /etc/acmesh/certs/DOMAINname_ecc/DOMAINname.key;
+    ssl_certificate_key /etc/acmesh/inst/DOMAINname/key.pem;
-    ssl_trusted_certificate /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer;
+    ssl_trusted_certificate /etc/acmesh/inst/DOMAINname/fullchain.pem;
     include snippets/ngx-ssl.conf; 
     
     

CoreModules/nginx/config/nginx/site_ssl-wwwredir

@@ -11,9 +11,9 @@ server {
     listen 443 ssl http2;
     listen [::]:443 ssl http2; 
     server_name   www.DOMAINname;
-    ssl_certificate /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer;
+    ssl_certificate /etc/acmesh/inst/DOMAINname/fullchain.pem;
-    ssl_certificate_key /etc/acmesh/certs/DOMAINname_ecc/DOMAINname.key;
+    ssl_certificate_key /etc/acmesh/inst/DOMAINname/key.pem;
-    ssl_trusted_certificate /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer; 
+    ssl_trusted_certificate /etc/acmesh/inst/DOMAINname/fullchain.pem; 
     include snippets/ngx-ssl.conf; 
     return       301 https://DOMAINname$request_uri;
 }

CoreModules/nginx/dnf.pkg.list

@@ -0,0 +1 @@
+httpd-tools

CoreModules/nginx/generic.pkg.list

@@ -1 +1 @@
-nginx apache2-utils
+nginx

CoreModules/nginx_nonphp/apt.pkg.list

@@ -0,0 +1 @@
+apache2-utils

CoreModules/nginx_nonphp/conf.sh

@@ -28,4 +28,8 @@ sed -i -e 's/DOMAINname/'$domain'/g' /etc/nginx/sites-available/"$sitename"_ssl
 # custom Welcome page
 echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /usr/share/nginx/html/index.html
 
-systemctl start nginx
+#Add Nginx as SSL service
+echo "nginx" >> /etc/ICTM/SslServices
+
+systemctl start nginx > $OUTPUT 2>&1
+systemctl enable nginx > $OUTPUT 2>&1

CoreModules/nginx_nonphp/dnf.pkg.list

@@ -0,0 +1 @@
+httpd-tools

CoreModules/nginx_nonphp/generic.pkg.list

@@ -1 +1 @@
-nginx apache2-utils
+nginx

Docs/docs/Dev-Adding-Modules.md

@@ -14,6 +14,8 @@ In both cases the file structure is expected as shown below
 * `<Webserver>`-apt.pkg.list
 * `<Webserver>`-dnf.pkg.list
 * config/*
+* CMSHook-preconf.sh
+* CMSHook-conf.sh
 
 ## The internal module location
 SubModules/`<ModuleName>`
@@ -32,7 +34,8 @@ SubModules/`<ModuleName>`
 | `<Webserver>`-apt.pkg.list | packagelist for specified webserver for distro's that use apt|
 | `<Webserver>`-dnf.pkg.list | packagelist for specified webserver for distro's that use dnf/yum|
 | config/* | Directory for config files | 
-
+| CMSHook-conf.sh  | Will run as addtional preconf when CSM is installed|
+| CMSHook-conf.sh  | Will run after a CSM is installed|
 
 # Defining in the menu
 ### Add the following to ModulesMenu.list

ModulesMenu.list

@@ -13,6 +13,7 @@ webservers+=("Apache:" "Will install Apache Webserver." OFF)
 nginxCMSL=("None:" "A plain webserver will be setup." OFF)
 nginxCMSL+=("Wordpress:" "WordPress is a content management system based on PHP." OFF)
 nginxCMSL+=("Nextcloud:" "Nextcloud is a suite of client-server software for creating and using file hosting services." OFF)
+nginxCMSL+=("FrontController:" "Will prepair enviroment for frontcontroller." OFF)
 #Options
 nginxOptions=("Redis:" "Redis caching" OFF)
 nginxOptions+=("Postfix:" "Mail MTA" OFF)
@@ -40,7 +41,7 @@ webservers=("Nginx" "Nginx_nonphp"  "Apache" "Quit")
 
 ##Nginx
 #CMSList
-nginxCMSL=("None" "Wordpress" "Nextcloud")
+nginxCMSL=("None" "Wordpress" "Nextcloud" "FrontController")
 #Options
 nginxOptions=("Redis:" "Postfix:")
 

PhpUpdater.sh

@@ -1,11 +1,26 @@
 #sysCheck
 if [ ! -f "/etc/ICTM/selopts.list" ] || [ ! -f "/etc/ICTM/mainvar.list" ] ; then echo 'This system is not yet setup, please run the main installer first' && exit ; fi
-
+rm /tmp/pkg.list
-PKGI="${PKGM} install -y --no-install-recommends"
 #Getting variables
 source /etc/ICTM/mainvar.list
-PPAversion=`apt list php | egrep -o "([0-9]{1,}.)+[0-9]{1,}" | cut -c 3-` && PPAversion=`echo $PPAversion | awk '{print $1; }'  | cut -f1 -d"+"`
+if [ -z $shortdist ] ; then source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/MicroOSDetect.sh) ; fi
-
+if [ ! -f "/etc/ICTM/phpvar.list" ] ; then bash <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/GeneratePhplist.sh) ; fi
+source /etc/ICTM/phpvar.list
+if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ]; then
+    # Ubuntu Php variable
+    apt update
+    if ! ls /var/lib/apt/lists/ppa.launchpad.net_ondrej_php*_Packages > /dev/null 2>&1 ; then echo 'PHP(Sury) repo not installed' && echo 'Install using: curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=php bash' && exit ; fi
+    RepoVersion=`grep -h '^Package: php' /var/lib/apt/lists/ppa.launchpad.net_ondrej_php*_Packages | cut -f1 -d"-" | sort | tail -1| sed -e 's/Package: php//'`
+elif [ "$shortdist" = "deb10" ]|| [ "$shortdist" = "deb11" ]; then
+    # Debian Php variable
+    apt update
+    if ! ls /var/lib/apt/lists/packages.sury.org_php*_Packages > /dev/null 2>&1 ; then echo 'PHP(Sury) repo not installed' && echo 'Install using: curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=php bash' && exit ; fi
+    RepoVersion=`grep -h '^Package: php' /var/lib/apt/lists/packages.sury.org*_Packages| cut -f1 -d"-" | sort | tail -1| sed -e 's/Package: php//'`
+fi
+elif [ "$shortdist" = "el8" ]; then
+    dnf check-update --refresh
+    RepoVersion=`dnf list php* | awk '{print $1; }' | cut -f1 -d"-"| tail -1 |sed 's/php//' | sed 's/./&./1'`
+fi
 msg () {
     if [ $IMODE = n ]; then
         TERM=ansi whiptail --title "Info" --msgbox "$1" 8 52
@@ -19,39 +34,25 @@ msg "Current php version: $phpver"
 
 if [ $IMODE = n ]; then
     # Legacy/Main Menu
-    PKGP="debconf-apt-progress -- apt purge -y"
+    PKGD="debconf-apt-progress -- apt purge -y"
 
     #Menu
-    if (whiptail --title "Set new php version?" --yesno "Install php version $PPAversion ?" 8 78); then
+    if (whiptail --title "Set new php version?" --yesno "Install php version $RepoVersion ?" 8 78); then
-        newphpver=$PPAversion
+        newphpver=$RepoVersion
     else
-        newphpver=$(whiptail --inputbox "Please enter the version to install" --title "Custom" 8 39 3>&1 1>&2 2>&3)
+        newphpver=$(whiptail --inputbox "Please enter the version to install" --nocancel --title "Custom" 8 39 3>&1 1>&2 2>&3)
-    fi
-
-    #Install
-     apt list --installed | less | grep php$phpver | cut -f1 -d"/" | sed "s/$phpver/$newphpver/"  | xargs $PKGI
-
-    #Config
-    cp /etc/php/$phpver/fpm/pool.d/* /etc/php/$newphpver/fpm/pool.d/
-
-    #Purge
-    if (whiptail --title "Set new php version?" --yesno "Remove php $phpver ?" 8 78); then
-       PhpPurge=1
-       $PKGP -y php$phpver*
-    else
-       PhpPurge=0
     fi
 fi
 
 if [ $IMODE = l ]; then
     # Legacy/Main Menu
-    PKGP="apt purge -y"
+    PKGD="apt purge -y"
 
     #Menu    
     while true; do
-        read -p "Set phpversion to version $PPAversion ? -> yes/no?" yn
+        read -p "Set phpversion to version $RepoVersion ? -> yes/no?" yn
         case $yn in
-            [Yy]* ) newphpver=$PPAversion
+            [Yy]* ) newphpver=$RepoVersion
             break;;
             [Nn]* ) echo "";
             echo "Please enter php version to install:";read newphpver
@@ -59,18 +60,57 @@ if [ $IMODE = l ]; then
             * ) echo "Choose yes or no.";;
         esac
     done
-    
+ fi   
+
+    #Genereating vars for new php version
+    if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then
+    # Debian/Ubunbtu Php variables
+        newphpPoolDir=/etc/php/${newphpver}/fpm/pool.d
+        newphpPkgName=php${newphpver}
+        newphpMainConf=/etc/php/${newphpver}/fpm/php.ini
+        newphpFPMService=php${newphpver}-fpm
+        PKGP=$PKGD
+        apt list --installed | less | grep php$phpver | cut -f1 -d"/" | sed "s/$phpPkgName/$newphpPkgName/" > /tmp/pkg.list
+    elif [ "$shortdist" = "el8" ]; then
+    # Centos Php variable
+        newphpPoolDir=/etc/opt/remi/php${newphpver//.}/php-fpm.d/
+        newphpPkgName=php${newphpver//.}-php
+        newphpMainConf=/etc/opt/remi/php${newphpver//.}/php.ini
+        newphpFPMService=php${newphpver//.}-php-fpm
+        PKGP="dnf remove -y"
+        dnf list --installed | sort | grep $phpPkgName | awk '{print $1;}' | cut -f1 -d"." | sed "s/$phpPkgName/$newphpPkgName/" > /tmp/pkg.list
+    fi
+
     #Install
-    apt list --installed | less | grep php$phpver | cut -f1 -d"/" | sed "s/$phpver/$newphpver/"  | xargs $PKGI
+    
+    if [ ${newphpver//.} -ge 80 ] && [ ${newphpver//.}  -lt 90 ]; then
+        sed -i -e "s/$newphpPkgName-xmlrpc//g" -e "s/$newphpPkgName-json//g" /tmp/pkg.list
+    fi
+    cat /tmp/pkg.list | xargs $PKGI
 
     #Config
-    cp /etc/php/$phpver/fpm/pool.d/* /etc/php/$newphpver/fpm/pool.d/
+    systemctl stop $newphpFPMService
+    cp $phpPoolDir/* $newphpPoolDir 
     
+
+if [ $IMODE = n ]; then
+    #Purge
+    if (whiptail --title "Set new php version?" --yesno "Remove php $phpver ?" 8 78); then
+       PhpPurge=1
+       $PKGP -y $phpPkgName*
+    else
+       PhpPurge=0
+       echo "$PKGP -y $phpPkgName*" > ~/remove-PHP-$phpver 
+    fi
+fi
+
+
+if [ $IMODE = l ]; then    
     #Purge
     while true; do
         read -p "Remove php $phpver ? -> yes/no?" yn
         case $yn in
-            [Yy]* ) PhpPurge=1 ; $PKGP php$phpver*
+            [Yy]* ) PhpPurge=1 ; $PKGP $phpPkgName*
             break;;
             [Nn]* ) PhpPurge=0 ; echo ""
             break;;
@@ -79,13 +119,23 @@ if [ $IMODE = l ]; then
     done    
 fi
 
-for f in /etc/php/$newphpver/fpm/pool.d/*; do
+for f in $newphpPoolDir/*; do
     sed -i  "s/$phpver/$newphpver/" $f
+    sed -i  "s/${phpver//.}/${newphpver//.}/" $f
 done
-systemctl reload php$newphpver-fpm
+
+systemctl start $newphpFPMService
+systemctl enable $newphpFPMService
+
 
 sed -i "/phpver/c\phpver=\"$newphpver\"" /etc/ICTM/mainvar.list
 
+mv /etc/ICTM/phpvar.list /etc/ICTM/phpvar"$phpver".list
+for storeme in newphpPoolDir newphpPkgName newphpMainConf newphpFPMService; do
+    declare -p $storeme | cut -d ' ' -f 3- >> /etc/ICTM/phpvar.list
+done
+sed -i 's/new//' /etc/ICTM/phpvar.list
+
 if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/phpupdate-handeler.sh; then
  source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/phpupdate-handeler.sh)
 fi

Scripts/Compat/Compat-V2.sh

@@ -0,0 +1,23 @@
+if [ ! -f "/etc/ICTM/selopts.list" ] || [ ! -f "/etc/ICTM/mainvar.list" ] ; then echo 'This system is not yet setup, please run the main installer first' && exit ; fi
+
+#Getting information and vars
+source /etc/ICTM/mainvar.list
+
+#CompatUpdater Setup
+UpdaterCompatTo=2
+if  [ -z ${CompatVer} ]; then CompatVer=1 ; fi
+if  [ "$CompatVer" -ge "$UpdaterCompatTo" ]; then echo "Web-V2 is update to-date,Update scipt version= $UpdaterCompatTo, Current version= $CompatVer" && exit ; fi
+
+printf '%s' "Updating Web-V2..."
+#NewCompat var
+CompatVer=$UpdaterCompatTo
+
+#Updating mod lists
+aonoption="/MySQL/"
+aonoption="$aonoption /Unattended-Security-Updates/"
+aonoption="$aonoption /Backup-Util/"
+aonoption="$aonoption /AcmeSH/"
+echo 'EnabledAons=('$aonoption')' >> /etc/ICTM/selopts.list
+declare -p CompatVer | cut -d ' ' -f 3- >> /etc/ICTM/mainvar.list
+
+printf " [\033[0;32mok\033[0m]\n"

Scripts/EnableSSL.sh

@@ -8,8 +8,9 @@ webserv=WebServer
 webservice=WebServer
 
 #Correcting service name for Apache
-if [ $webservice = apache ]; then
+if [ $webservice = apache ]; then\
-    webservice=apache2
+    source /etc/ICTM/apachevar.list
+    webservice="$apacheService"
     ext=.conf
 fi
 
@@ -36,6 +37,8 @@ fi
 if test $certsatus -eq 0
 then
 	site_ext="ssl"
+    mkdir -p /etc/acmesh/inst/$domain
+    /opt/acmesh/acme.sh  --config-home '/etc/acmesh/data' --install-cert --ecc --domain $domain --cert-file /etc/acmesh/inst/$domain/cert.pem --key-file /etc/acmesh/inst/$domain/key.pem --ca-file /etc/acmesh/inst/$domain/ca.cer --fullchain-file /etc/acmesh/inst/$domain/fullchain.pem --reloadcmd 'systemctl reload $(cat /etc/ICTM/SslServices)'
 else
 	site_ext="nossl"
     rm -rf /etc/acmesh/certs/$domain*

Scripts/GenerateApacheList.sh

@@ -0,0 +1,19 @@
+if [ ! -f "/etc/ICTM/mainvar.list" ] ; then echo 'This system is not yet setup, please run the main installer first' && exit ; fi
+source /etc/ICTM/mainvar.list
+if [ -z $shortdist ] ; then source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/MicroOSDetect.sh) ; fi
+
+if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then
+# Debian/Ubunbtu apache variables
+    apacheConfDir=/etc/apache2
+    apacheService=apache2
+
+elif [ "$shortdist" = "el8" ]; then
+# Centos Php variable
+    apacheConfDir=/etc/httpd
+    apacheService=httpd
+fi
+
+#Storing vars to config
+for storeme in apacheService apacheConfDir; do
+    declare -p $storeme | cut -d ' ' -f 3- >> /etc/ICTM/apachevar.list
+done

Scripts/GeneratePhplist.sh

@@ -0,0 +1,23 @@
+if [ ! -f "/etc/ICTM/mainvar.list" ] ; then echo 'This system is not yet setup, please run the main installer first' && exit ; fi
+source /etc/ICTM/mainvar.list
+if [ -z $shortdist ] ; then source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/MicroOSDetect.sh) ; fi
+
+if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ]  ; then
+# Debian/Ubunbtu Php variables
+    phpPoolDir=/etc/php/${phpver}/fpm/pool.d
+    phpPkgName=php${phpver}
+    phpMainConf=/etc/php/${phpver}/fpm/php.ini
+    phpFPMService=php${phpver}-fpm
+
+elif [ "$shortdist" = "el8" ]; then
+# Centos Php variable
+    phpPoolDir=/etc/opt/remi/php${phpver//.}/php-fpm.d/
+    phpPkgName=php${phpver//.}-php
+    phpMainConf=/etc/opt/remi/php${phpver//.}/php.ini
+    phpFPMService=php${phpver//.}-php-fpm
+fi
+
+#Storing vars to config
+for storeme in phpPoolDir phpPkgName phpMainConf phpFPMService; do
+    declare -p $storeme | cut -d ' ' -f 3- >> /etc/ICTM/phpvar.list
+done

Scripts/MicroOSDetect.sh

@@ -0,0 +1,16 @@
+dist_ver=$(grep --color=never -Po "^VERSION_ID=\K.*" "/etc/os-release")
+dist=$(grep --color=never -Po "^ID=\K.*" "/etc/os-release")
+    
+if [[ "${dist}" == *"ubuntu"* ]] && [[ "${dist_ver}" == *"18.04"* ]]; then
+    shortdist=ubu1804
+    elif [[ "${dist}" == *"ubuntu"* ]] && [[ "${dist_ver}" == *"20.04"* ]]; then
+    shortdist=ubu2004 
+elif [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"10"* ]]; then
+    shortdist=deb10
+elif [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"11"* ]]; then
+    shortdist=deb11    
+elif [[ "${dist}" == *"centos"* ]] && [[ "${dist_ver}" == *"8"* ]]; then
+    shortdist=el8
+else
+    echo "This os in known"
+fi

Scripts/SMI.sh

@@ -45,14 +45,18 @@ elif [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"10"* ]]; then
  PKGI="${PKGM} install -y --no-install-recommends"
  PKGLIST="apt"
  shortdist=deb10
+elif [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"11"* ]]; then
+ echo "Debian 11 Detected"
+ PKGM="$APTMODE"
+ PKGI="${PKGM} install -y --no-install-recommends"
+ PKGLIST="apt"
+ shortdist=deb11 
 elif [[ "${dist}" == *"centos"* ]] && [[ "${dist_ver}" == *"8"* ]]; then
  echo "Centos 8 Detected"
  PKGM="dnf"
  PKGI="${PKGM} install --setopt=install_weak_deps=False --best -y"
  PKGLIST="dnf"
- shortdist=cent8
+ shortdist=el8
- echo "This OS is not supported"
- exit
 else
  echo "This OS is not supported"
  exit
@@ -100,14 +104,17 @@ fi
 ##--------------------------##
 
 msg "              Starting installer" 8 78
-$PKGM update > $OUTPUT 2>&1
+$PKGUC > $OUTPUT 2>&1
 $PKGI curl > $OUTPUT 2>&1
 
 
 ##-------------------------##
 #    Generating APT list    #
 ##-------------------------##
-#General aptList
+#Remove existing pkgList
+rm -f /tmp/pkg.list
+
+#General pkgList
 if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$mtype"/generic.pkg.list; then
  curl "$mtype"/generic.pkg.list >>/tmp/pkg.list
 fi
@@ -115,12 +122,14 @@ if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$mt
  curl "$mtype"/"$PKGLIST".pkg.list >>/tmp/pkg.list
 fi
 
-#Webserver specific aptList
+#Webserver specific pkgList
 if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$mtype"/"$webserv"-generic.pkg.list; then
  curl "$mtype"/"$webserv"-generic.pkg.list >>/tmp/pkg.list
+ printf " " >>/tmp/pkg.list
 fi
 if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$mtype"/"$webserv"-"$PKGLIST".pkg.list; then
  curl "$mtype"/"$webserv"-"$PKGLIST".pkg.list >>/tmp/pkg.list
+ printf " " >>/tmp/pkg.list
 fi
 
 ##--------------------##
@@ -129,8 +138,8 @@ fi
 
 msg "                Preconfiguring"
 curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=init osrel=$shortdist bash > $OUTPUT 2>&1
-$PKGM update
+$PKGUC
-$PKGM upgrade -y
+$PKGUP
 
 
 ##-------------------##
@@ -150,8 +159,8 @@ fi
 #   Installer   #
 ##-------------##
 
-$PKGM update
+$PKGUC
-sed -i 's/PHPver/'$phpver'/g' /tmp/pkg.list
+sed -i 's/PHPprefix/'$phpPkgName'/g' /tmp/pkg.list
 cat /tmp/pkg.list | xargs $PKGI
 
 

Scripts/toggles/toggle-Monit_APACHE.sh

@@ -0,0 +1,39 @@
+function usage {
+    echo "Usage: $0 [option...]" >&2
+    echo
+    echo "   -e,    Enable MonitWebui"
+    echo "   -d,    Disable MonitWebui"
+    echo "   -h,    Shows this information"
+    echo
+}
+if [ -n "$1" ]; then
+    if [[ ! -f /etc/ICTM/toggle.conf ]]; then
+        echo "Creating File"
+        touch /etc/ICTM/toggle.conf
+    fi
+    source /etc/ICTM/toggle.conf
+    if [ -z "$MonitWeb" ]; then
+        echo "Creating Var"
+        echo "MonitWeb=3" >> /etc/ICTM/toggle.conf
+        MonitWeb=3
+    fi
+    if [[ "$1" = "-d" && "$MonitWeb" != 0 ]]; then
+        echo "Disable MonitWebui"
+        sed -i '/MonitWeb=/c\MonitWeb=0' /etc/ICTM/toggle.conf
+        sed -i --follow-symlinks '/#enables\/disables monit-websocket/!b;n;cdeny from all' /APADIR/sites-enabled/010-Backend.conf
+        sed -i '/#enables\/disables monit-websocket/ s/^#*/#/' MONITCONF
+        systemctl reload APASRV monit
+    elif [[ "$1" = "-e" && "$MonitWeb" !=  1 ]]; then
+        echo "Enable MonitWebui"
+        sed -i '/MonitWeb=/c\MonitWeb=1' /etc/ICTM/toggle.conf
+        sed -i --follow-symlinks '/#enables\/disables monit-websocket/!b;n;c#deny from all' /APADIR/sites-enabled/010-Backend.conf
+        sed -i '/#enables\/disables monit-websocket/ s/^.//' MONITCONF
+        systemctl reload APASRV monit
+    elif [[ "$1" = "-h" ]]; then
+        usage
+    else
+        echo "Oopsie!"
+    fi
+else
+ usage
+fi

Scripts/toggles/toggle-Monit_NGINX.sh

@@ -0,0 +1,39 @@
+function usage {
+    echo "Usage: $0 [option...]" >&2
+    echo
+    echo "   -e,    Enable MonitWebui"
+    echo "   -d,    Disable MonitWebui"
+    echo "   -h,    Shows this information"
+    echo
+}
+if [ -n "$1" ]; then
+    if [[ ! -f /etc/ICTM/toggle.conf ]]; then
+        echo "Creating File"
+        touch /etc/ICTM/toggle.conf
+    fi
+    source /etc/ICTM/toggle.conf
+    if [ -z "$MonitWeb" ]; then
+        echo "Creating Var"
+        echo "MonitWeb=3" >> /etc/ICTM/toggle.conf
+        MonitWeb=3
+    fi
+    if [[ "$1" = "-d" && "$MonitWeb" != 0 ]]; then
+        echo "Disable MonitWebui"
+        sed -i '/MonitWeb=/c\MonitWeb=0' /etc/ICTM/toggle.conf
+        sed -i --follow-symlinks '/deny all; #enables\/disables monit-websocket/c\        deny all; #enables\/disables monit-websocket' /etc/nginx/sites-enabled/Backend
+        sed -i '/#enables\/disables monit-websocket/ s/^#*/#/' MONITCONF
+        systemctl reload nginx monit
+    elif [[ "$1" = "-e" && "$MonitWeb" !=  1 ]]; then
+        echo "Enable MonitWebui"
+        sed -i '/MonitWeb=/c\MonitWeb=1' /etc/ICTM/toggle.conf
+        sed -i --follow-symlinks '/deny all; #enables\/disables monit-websocket/c\        #deny all; #enables\/disables monit-websocket' /etc/nginx/sites-enabled/Backend
+        sed -i '/#enables\/disables monit-websocket/ s/^.//' MONITCONF
+        systemctl reload nginx monit
+    elif [[ "$1" = "-h" ]]; then
+        usage
+    else
+        echo "Oopsie!"
+    fi
+else
+ usage
+fi

Scripts/toggles/toggle-PhpMyAdmin_APACHE.sh

@@ -20,13 +20,13 @@ if [ -n "$1" ]; then
     if [[ "$1" = "-d" && "$PhpMA" != 0 ]]; then
         echo "Disable PhpMyadmin"
         sed -i '/PhpMA=/c\PhpMA=0' /etc/ICTM/toggle.conf
-        sed -i --follow-symlinks '/#enables\/disables PHPMyadmin/!b;n;cdeny from all' /etc/apache2/sites-enabled/010-Backend.conf
+        sed -i --follow-symlinks '/#enables\/disables PHPMyadmin/!b;n;cdeny from all' /APADIR/sites-enabled/010-Backend.conf
-        systemctl reload apache2
+        systemctl reload APASRV
     elif [[ "$1" = "-e" && "$PhpMA" !=  1 ]]; then
         echo "Enable PhpMyadmin"
         sed -i '/PhpMA=/c\PhpMA=1' /etc/ICTM/toggle.conf
-        sed -i --follow-symlinks '/#enables\/disables PHPMyadmin/!b;n;c#deny from all' /etc/apache2/sites-enabled/010-Backend.conf
+        sed -i --follow-symlinks '/#enables\/disables PHPMyadmin/!b;n;c#deny from all' /APADIR/sites-enabled/010-Backend.conf
-        systemctl reload apache2
+        systemctl reload APASRV
     elif [[ "$1" = "-h" ]]; then
         usage
     else

SubModules/php-fpm/conf.sh

@@ -1,17 +1,32 @@
-systemctl stop php${phpver}-fpm 
+systemctl stop $phpFPMService
 ###############
 #   PHP-FPM   #
 ###############
 
-sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/"$phpver"/fpm/php.ini
+sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' "$phpMainConf"
-sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' /etc/php/"$phpver"/fpm/php.ini
+sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' "$phpMainConf"
-sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/"$phpver"/fpm/php.ini
+sed -i 's/;opcache.enable=1/opcache.enable=1/g' "$phpMainConf"
-sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/"$phpver"/fpm/php.ini
+sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' "$phpMainConf"
-sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=50000/g' /etc/php/"$phpver"/fpm/php.ini
+sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=50000/g' "$phpMainConf"
-sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/"$phpver"/fpm/php.ini
+sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' "$phpMainConf"
-sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/"$phpver"/fpm/php.ini
+sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' "$phpMainConf"
-sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/"$phpver"/fpm/php.ini
+sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' "$phpMainConf"
-sed -i 's/upload_max_filesize = 2/upload_max_filesize = 128/g' /etc/php/"$phpver"/fpm/php.ini
+sed -i 's/upload_max_filesize = 2/upload_max_filesize = 128/g' "$phpMainConf"
-sed -i 's/post_max_size = 8/post_max_size = 64/g' /etc/php/"$phpver"/fpm/php.ini
+sed -i 's/post_max_size = 8/post_max_size = 64/g' "$phpMainConf"
+
+
+if [ "$shortdist" = "el8" ]; then
+# Centos Mysql config
+echo "pdo_mysql.default_socket = '/var/run/mysqld/mysqld.sock'" >> /etc/opt/remi/php${phpver//.}/php.d/60-mysql_sock.ini
+echo "mysql.default_socket = '/var/run/mysqld/mysqld.sock'" >> /etc/opt/remi/php${phpver//.}/php.d/60-mysql_sock.ini
+echo "mysqli.default_socket = '/var/run/mysqld/mysqld.sock'" >> /etc/opt/remi/php${phpver//.}/php.d/60-mysql_sock.ini
+echo "d /run/php              0755 www-data www-data -   -" > /usr/lib/tmpfiles.d/php-custom.conf
+#Centos php Bin 
+sudo ln -s /usr/bin/php${phpver//.} /usr/bin/php
+#Centos SeLinux
+setsebool -P httpd_can_network_connect 1
+fi
+
+systemctl start $phpFPMService
+systemctl enable $phpFPMService
 
-systemctl start php${phpver}-fpm

SubModules/php-fpm/generic.pkg.list

@@ -1 +0,0 @@
-phpPHPver-imagick php-pear phpPHPver-cli phpPHPver-apcu phpPHPver-fpm phpPHPver-mysql phpPHPver-cgi phpPHPver-common phpPHPver-mbstring phpPHPver-curl phpPHPver-gd phpPHPver-intl phpPHPver-soap phpPHPver-xml phpPHPver-xmlrpc phpPHPver-zip 

SubModules/php-fpm/php7x/apt.php.pkg.list

@@ -0,0 +1 @@
+php-pear PHPprefix-mysql

SubModules/php-fpm/php7x/dnf.php.pkg.list

@@ -0,0 +1 @@
+PHPprefix-pear PHPprefix PHPprefix-mysqlnd

SubModules/php-fpm/php7x/generic.php.pkg.list

@@ -0,0 +1 @@
+PHPprefix-imagick PHPprefix-cli PHPprefix-apcu PHPprefix-fpm PHPprefix-cgi PHPprefix-common PHPprefix-mbstring PHPprefix-curl PHPprefix-gd PHPprefix-intl PHPprefix-soap PHPprefix-xml PHPprefix-xmlrpc PHPprefix-zip 

SubModules/php-fpm/php8x/apt.php.pkg.list

@@ -0,0 +1 @@
+php-pear PHPprefix-mysql

SubModules/php-fpm/php8x/dnf.php.pkg.list

@@ -0,0 +1 @@
+PHPprefix-pear PHPprefix PHPprefix-mysqlnd

SubModules/php-fpm/php8x/generic.php.pkg.list

@@ -0,0 +1 @@
+PHPprefix-imagick PHPprefix-cli PHPprefix-apcu PHPprefix-fpm PHPprefix-cgi PHPprefix-common PHPprefix-mbstring PHPprefix-curl PHPprefix-gd PHPprefix-intl PHPprefix-soap PHPprefix-xml PHPprefix-zip 

SubModules/php-fpm/preconf.sh

@@ -0,0 +1,39 @@
+if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then
+# Debian/Ubunbtu Php variables
+    phpPoolDir=/etc/php/${phpver}/fpm/pool.d
+    phpPkgName=php${phpver}
+    phpMainConf=/etc/php/${phpver}/fpm/php.ini
+    phpFPMService=php${phpver}-fpm
+
+elif [ "$shortdist" = "el8" ]; then
+# Centos Php variable
+    phpPoolDir=/etc/opt/remi/php${phpver//.}/php-fpm.d/
+    phpPkgName=php${phpver//.}-php
+    phpMainConf=/etc/opt/remi/php${phpver//.}/php.ini
+    phpFPMService=php${phpver//.}-php-fpm
+#Creating Socket directory
+    mkdir -p /var/run/php
+fi
+
+#Setting php version branch 
+if [ ${phpver//.} -ge 70 ] && [ ${phpver//.} -lt 80 ]  ; then
+ phpVerBranch=7x
+elif [ ${phpver//.} -ge 80 ] && [ ${phpver//.}  -lt 90 ]; then
+ phpVerBranch=8x
+fi
+
+#Getting php pkglist
+if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/SubModules/php-fpm/php"$phpVerBranch"/generic.php.pkg.list; then
+    curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/php-fpm/php"$phpVerBranch"/generic.php.pkg.list >>/tmp/pkg.list
+    printf " " >>/tmp/pkg.list
+fi
+
+if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/SubModules/php-fpm/php"$phpVerBranch"/"$PKGLIST".php.pkg.list; then
+    curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/php-fpm/php"$phpVerBranch"/"$PKGLIST".php.pkg.list >>/tmp/pkg.list
+    printf " " >>/tmp/pkg.list
+fi
+
+#Storing vars to config
+for storeme in phpPoolDir phpPkgName phpMainConf phpFPMService phpVerBranch; do
+    declare -p $storeme | cut -d ' ' -f 3- >> /etc/ICTM/phpvar.list
+done

SubModules/postfix/CMSHook-conf.sh

@@ -0,0 +1,24 @@
+#ADD DOMAIN
+sudo --user opendkim mkdir /etc/opendkim.d/keys/"$maildomain"
+sudo --user opendkim opendkim-genkey -r -D /etc/opendkim.d/keys/"$maildomain" -d "$maildomain" -s "$odkdomsec"
+echo "$maildomain" >> /etc/opendkim.d/TrustedHosts
+echo "$odkdomsec._domainkey."$maildomain" "$maildomain":"$odkdomsec":/etc/opendkim.d/keys/"$maildomain"/"$odkdomsec".private" >> /etc/opendkim.d/KeyTable
+
+if [ $webserv != nginx_nonphp ]; then
+    echo "" >> "$phpPoolDir"/"$sitename".conf
+    echo "php_admin_value[mail.force_extra_parameters] = \"-f$mailas -F'$maildomain'\"" >> "$phpPoolDir"/"$sitename".conf
+fi
+
+
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/postfix/opendkim-init.sh -o ~/OpenDKIMInit-$sitename.sh
+sed -i -e 's/DOMAINname/'$maildomain'/g' -e 's/SITEName/'${sitename//_}'/g' -e 's/ODKSec/'$odkdomsec'/g' ~/OpenDKIMInit-$sitename.sh
+
+cat << EOF > /etc/update-motd.d/51-opendkim-"${sitename//_}"
+#!/bin/sh
+red='\e[1;31m%s\e[0m\n'
+printf "\n"
+printf \$red "To enable mail for $domain please run please run bash ~/OpenDKIMInit-$sitename.sh"
+printf "\n"
+EOF
+chmod +x /etc/update-motd.d/51-opendkim-"${sitename//_}"
+systemctl reload opendkim $phpFPMService

SubModules/postfix/CMSHook-preconf.sh

@@ -0,0 +1,46 @@
+if [ -z "${sitename}" ]; then sitename=${domain//./_};fi
+if [ $IMODE = n ]; then
+    if (whiptail --title "Config" --yesno "                Send mail as info@$domain for $domain?" 11 78); then
+        mailas=info@$domain
+        maildomain=$domain
+    else
+        mailas=$(whiptail --nocancel --inputbox "                   Enter mail addres for sending mail?" 11 78 --title "Config" 3>&1 1>&2 2>&3)
+        maildomain=$(sed -e 's/[^@]*@//' <<< "$mail")
+    fi
+    if (whiptail --title "Config" --yesno "                     Use default DKIM selector [vps]?" 11 78); then
+        odkdomsec=vps
+    else
+        odkdomsec=$(whiptail --nocancel --inputbox "                           Enter DKIM selector" 11 78 --title "Config" 3>&1 1>&2 2>&3)
+    fi
+fi
+
+if [ $IMODE = l ]; then
+    while true; do
+        read -p "Send mail as info@$domain for $domain? (y/n)" yn
+        case $yn in
+            [Yy]* )
+                mailas=info@$domain
+                maildomain=$domain
+            break;;            
+            [Nn]* )
+                echo 'Enter mail addres for sending mail? '
+                read mailas
+                maildomain=$(sed -e 's/[^@]*@//' <<< "$mailas")
+            break;;
+            * )echo "Choose yes or no.";;
+        esac
+    done
+    while true; do
+        read -p "Use default DKIM selector [vps]? (y/n)" yn
+        case $yn in
+            [Yy]* )
+                odkdomsec=vps
+            break;;            
+            [Nn]* )
+                echo 'Enter DKIM selector? '
+                read odkdomsec
+            break;;
+            * )echo "Choose yes or no.";;
+        esac
+    done
+fi

SubModules/postfix/Postfix-EnableSSL.sh

@@ -0,0 +1,32 @@
+#Sript for setting up SSL/TLS for Postfix (Web-V2)
+
+##Loading install vars
+source /etc/ICTM/mainvar.list
+##Checking if hostname cert exists
+if [ ! -f "/etc/acmesh/inst/$hostname/cert.pem" ] || [ ! -f "/etc/acmesh/inst/$hostname/key.pem" ] ; then echo 'SSL Certificate for $hostname is not installed' && exit ; fi
+
+##Updating Postix config
+printf "Updating Postfix config"
+systemctl stop postfix
+sed -i "/smtpd_tls_cert_file=/c\ssmtpd_tls_cert_file=/etc/acmesh/inst/$hostname/cert.pem" /etc/postfix/main.cf
+sed -i "/smtpd_tls_key_file=/c\smtpd_tls_key_file=/etc/acmesh/inst/$hostname/key.pem" /etc/postfix/main.cf
+systemctl start postfix
+printf " [\e[1;32m Ok \e[0m]\n"
+
+##Adding postfix to SSL services (so it gets reloaded when a the cert is renewd)
+printf "Updating SSL services list"
+echo "postfix" >> /etc/ICTM/SslServices
+printf " [\e[1;32m Ok \e[0m]\n"
+
+##Remove script
+while true; do
+    read -p "Remove this script -> yes/no?" yn
+    case $yn in
+        [Nn]* )
+        break;;
+        [Yy]* )
+        rm -- "$0"
+        break;;
+        * )echo "Choose yes or no.";;
+    esac
+done

SubModules/postfix/apt.pkg.list

@@ -1 +1 @@
-mailutils
+mailutils opendkim-tools

SubModules/postfix/conf.sh

@@ -1,11 +1,20 @@
+
+systemctl stop postfix opendkim
+
+
 ##-------------##
 #    Postfix    #
 ##-------------##
 
-sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf
+sed -i "/^inet_interfaces =/c\inet_interfaces = loopback-only" /etc/postfix/main.cf
-sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf
+sed -i "/recipient_delimiter =/c\recipient_delimiter = +" /etc/postfix/main.cf
-sed -i 's/relayhost =/mydestination = '$hostname', localhost.'$hostname', '$hostname'/g' /etc/postfix/main.cf
+sed -i "/^mydestination =/c\mydestination = \"$hostname\", localhost.\"$hostname\", \"$hostname\"" /etc/postfix/main.cf
-echo "bounce_notice_recipient = info@$domain" >> /etc/postfix/main.cf
+echo "$hostname" > /etc/mailname
+if [ "$(echo "$hostname" | grep -o "\." | wc -l)" -eq 1 ]; then
+  echo "bounce_notice_recipient = admin@$hostname" >> /etc/postfix/main.cf
+else
+ echo "bounce_notice_recipient = admin@$(sed 's/.*\.\(.*\..*\)/\1/' <<< $hostname)" >> /etc/postfix/main.cf
+fi
 cat <<EOF > /etc/aliases
 # See man 5 aliases for format
 postmaster:    root
@@ -13,4 +22,83 @@ root:          $email
 EOF
 newaliases
 
-systemctl reload postfix postfix@- 
+cat <<EOF >> /etc/postfix/main.cf
+
+#openDKIM
+milter_default_action = accept
+milter_protocol = 2
+smtpd_milters = unix:/var/run/opendkim/opendkim.sock
+non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock
+EOF
+
+
+##--------------##
+#    OpenDKIM    #
+##--------------##
+
+usermod -aG opendkim postfix
+rm -rf /etc/opendkim.d
+mkdir -p /etc/opendkim.d/keys
+chown opendkim:opendkim /etc/opendkim.d/keys -R
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/postfix/config/opendkim.conf -o /etc/opendkim.conf
+touch /etc/opendkim.d/SigningTable
+cat <<EOF > /etc/opendkim.d/TrustedHosts
+127.0.0.1
+::1
+localhost
+$(curl -s -4 icanhazip.com)
+$(curl -s -6 icanhazip.com)
+${hostname}
+EOF
+
+
+if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then
+    mkdir -p /var/spool/postfix/var/run/opendkim
+    sudo chown opendkim:postfix /var/spool/postfix/var/run/opendkim
+    sed -i "/^RUNDIR=/c\RUNDIR=/var/spool/postfix/var/run/opendkim" /etc/default/opendkim
+    echo "TrustAnchorFile       /usr/share/dns/root.key" >> /etc/opendkim.conf
+    bash /lib/opendkim/opendkim.service.generate
+    systemctl daemon-reload
+fi
+
+odkhsec=$(sed 's/\..*$//'  <<< $hostname)
+sudo --user opendkim mkdir /etc/opendkim.d/keys/"$hostname"
+sudo --user opendkim opendkim-genkey -r -D /etc/opendkim.d/keys/"$hostname" -d "$hostname" -s $odkhsec
+echo ""$odkhsec"._domainkey."$hostname" "$hostname":"$odkhsec":/etc/opendkim.d/keys/"$hostname"/"$odkhsec".private" >> /etc/opendkim.d/KeyTable
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/postfix/opendkim-init.sh -o ~/OpenDKIMInit-host.sh
+sed -i -e 's/DOMAINname/'$hostname'/g' -e 's/SITEName/'host'/g' -e 's/ODKSec/'$odkhsec'/g' ~/OpenDKIMInit-host.sh
+unset odkhsec
+
+
+cat << EOF > /etc/update-motd.d/51-generalspf
+#!/bin/sh
+red='\e[1;31m%s\e[0m\n'
+printf "\n"
+printf \$red "To enable mail for this server add the folling Records for $hostname:"
+printf \$red "A record: \$(curl -s -4 icanhazip.com)"
+printf \$red "AAA record: \$(curl -s -6 icanhazip.com)"
+printf \$red "MX record: '0 mail'"
+printf \$red "SPF record: '\"v=spf1 a mx -all\"'"
+printf \$red "Check Blacklist using the following url: 'https://www.debouncer.com/blacklistlookup?t=$hostname'"
+printf "\n"
+printf \$red "Optionally, to enable DKIM for the hostname run bash ~/OpenDKIMInit-host.sh"
+printf \$red "Remove notice this by running \"rm /etc/update-motd.d/51-generalspf\""
+printf "\n"
+EOF
+chmod +x /etc/update-motd.d/51-generalspf
+
+systemctl start postfix opendkim 
+systemctl enable postfix opendkim
+
+#Getting script for enableling ssl on Postfix
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/postfix/Postfix-EnableSSL.sh -o ~/Postfix-EnableSSL.sh
+
+#if using Append module run for existing cms/sites
+if [  "$itype" = "AddMod" ]; then
+   for file in /etc/ICTM/sites/*; do
+        sitename="${file##*/}"
+        domain=${sitename//_/.}
+        source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/postfix/CMSHook-preconf.sh)
+        source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/postfix/CMSHook-conf.sh)
+    done
+fi

SubModules/postfix/config/opendkim.conf

@@ -0,0 +1,12 @@
+Syslog               yes
+UMask                007
+Socket               local:/var/run/opendkim/opendkim.sock
+PidFile              /var/run/opendkim/opendkim.pid
+OversignHeaders      From
+UserID               opendkim
+Canonicalization     relaxed/simple
+Mode                 s
+KeyTable             refile:/etc/opendkim.d/KeyTable
+SigningTable         refile:/etc/opendkim.d/SigningTable
+ExternalIgnoreList   refile:/etc/opendkim.d/TrustedHosts
+InternalHosts        refile:/etc/opendkim.d/TrustedHosts

SubModules/postfix/dnf.pkg.list

@@ -0,0 +1 @@
+perl-Getopt-Long

SubModules/postfix/generic.pkg.list

@@ -1 +1 @@
-postfix
+postfix opendkim

SubModules/postfix/opendkim-init.sh

@@ -0,0 +1,39 @@
+if [ -n "$1" ]; then
+    if [[ "$1" = "--enable" ]]; then
+        echo "Enableing DKIM"
+
+        echo "*@DOMAINname ODKSec._domainkey.DOMAINname" >>/etc/opendkim.d/SigningTable
+        systemctl reload opendkim
+        #Remove script
+        while true; do
+            read -p "Remove this script -> yes/no?" yn
+            case $yn in
+                [Nn]* )
+                break;;
+                [Yy]* )
+                rm -- "$0"
+                break;;
+                * )echo "Choose yes or no.";;
+            esac
+        done
+        exit
+    fi
+fi
+echo "Required to enable mailing for this system"
+echo "Please make sure a valid MX record, and A/AAA are set for DOMAINname,"
+echo "Please add the folloing to your SPF Record in the DNS of DOMAINname,"
+echo "ip4:$(curl -s -4 icanhazip.com) ip6:$(curl -s -6 icanhazip.com)"
+echo ""
+echo "Alternatively use the 'a' and 'mx' in the SPF record just make sure the server has an 'A' and 'AAA' record pointing to it"
+echo ""
+echo ""
+echo "Optionally to enable dkim" 
+echo "Add the folloing TXT Record to the DNS of DOMAINname"
+echo "WARNING the output is split, please combine key before inserting into DNS" 
+cat /etc/opendkim.d/keys/DOMAINname/ODKSec.txt
+
+echo ""
+echo "If DNS is propegated then run \"bash $0 --enable\""
+
+rm -f /etc/update-motd.d/51-opendkim-SITEName
+

SubModules/postfix/preconf.sh

@@ -1,11 +1,4 @@
-if [ -z "${domain}" ]; then
+if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then
-    if [ $IMODE = n ]; then
+    debconf-set-selections <<< "postfix postfix/mailname string $hostname"
-        domain=$(whiptail --nocancel --inputbox "                        Enter the domain without WWW     " 11 82 --title "Config" 3>&1 1>&2 2>&3)
+    debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"
-    elif [ $IMODE = l ]; then
+fi
-        echo "Enter the domain without WWW:"
-        read domain
-    fi
-fi
-
-debconf-set-selections <<< "postfix postfix/mailname string $domain"
-debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"

SubModules/redis/apt.pkg.list

@@ -0,0 +1 @@
+redis-server 

SubModules/redis/conf.sh

@@ -1,3 +1,3 @@
 #!/bin/bash
 
-systemctl enable --now redis-server
+systemctl enable --now $redisService

SubModules/redis/dnf.pkg.list

@@ -0,0 +1 @@
+redis

SubModules/redis/generic.pkg.list

@@ -1 +1 @@
-redis-server phpPHPver-redis
+PHPprefix-redis

SubModules/redis/preconf.sh

@@ -1,3 +1,13 @@
 #!/bin/bash
 
+if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then
+# Debian/Ubunbtu redis variables
+    redisService=redis-server
+
+elif [ "$shortdist" = "el8" ]; then
+# Centos redis variable
+    redisService=redis
+fi
+
+
 curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=redis osrel=$shortdist bash > $OUTPUT 2>&1

config/fail2ban/Jails/nextcloud_unconfigured

@@ -6,4 +6,4 @@ filter = nextcloud
 maxretry = 15
 bantime = 900
 findtime = 900
-logpath = /var/log/nextcloud/SITEname
+logpath = /var/www/DOMain/html/data/nextcloud.log

config/fail2ban/action.d/ufw.conf

@@ -0,0 +1,42 @@
+# Fail2Ban action configuration file for ufw
+#
+# You are required to run "ufw enable" before this will have any effect.
+#
+# The insert position should be appropriate to block the required traffic.
+# A number after an allow rule to the application won't be of much use.
+
+[Definition]
+
+actionstart = 
+
+actionstop = 
+
+actioncheck = 
+
+actionban = [ -n "<application>" ] && app="app <application>"
+            ufw insert <insertpos> <blocktype> from <ip> to <destination> $app
+
+actionunban = [ -n "<application>" ] && app="app <application>"
+              ufw delete <blocktype> from <ip> to <destination> $app
+
+[Init]
+# Option: insertpos
+# Notes.:  The position number in the firewall list to insert the block rule
+insertpos = 1
+
+# Option: blocktype
+# Notes.: reject or deny
+blocktype = reject
+
+# Option: destination
+# Notes.: The destination address to block in the ufw rule
+destination = any
+
+# Option: application
+# Notes.: application from sudo ufw app list
+application = 
+
+# DEV NOTES:
+# 
+# Author: Guilhem Lettron
+# Enhancements: Daniel Black

config/selinux/policies/fail2ban-allowhttpd.te

@@ -0,0 +1,21 @@
+module fail2ban-allowhttpd 1.1;
+
+require {
+	type httpd_sys_rw_content_t;
+        type fail2ban_t;
+        type syslogd_var_run_t;
+        type fail2ban_client_t;
+        class capability dac_override;
+        class dir { read getattr search ioctl };
+        class file { getattr read open search ioctl };
+}
+
+#============= fail2ban_client_t ==============
+allow fail2ban_client_t httpd_sys_rw_content_t:file getattr;
+allow fail2ban_client_t self:capability dac_override;
+
+#============= fail2ban_t ==============
+allow fail2ban_t httpd_sys_rw_content_t:dir { read getattr search ioctl };
+allow fail2ban_t httpd_sys_rw_content_t:file { read getattr open search ioctl };
+allow fail2ban_t syslogd_var_run_t:dir read;
+allow fail2ban_t syslogd_var_run_t:file { read getattr open };

extModules.list

@@ -1,4 +1,5 @@
 https://git.ictmaatwerk.com/VPS-scripts/MySQL/raw/branch/master/
 https://git.ictmaatwerk.com/VPS-scripts/Unattended-Security-Updates/raw/branch/master/
 https://git.ictmaatwerk.com/VPS-scripts/Backup-Util/raw/branch/master/
-https://git.ictmaatwerk.com/VPS-scripts/AcmeSH/raw/branch/main/
+https://git.ictmaatwerk.com/VPS-scripts/AcmeSH/raw/branch/main/
+https://git.ictmaatwerk.com/VPS-scripts/MariaDB/raw/branch/master/

installer.sh

@@ -1,5 +1,11 @@
 #!/bin/bash
 
+###############################
+# @author: Bram Prieshof      #
+# @author: Branco van de Waal #
+###############################
+
+itype=Main
 
 ##--------------------##
 #   Legacy/Main Menu   #
@@ -26,6 +32,7 @@ fi
 repo=https://git.ictmaatwerk.com/VPS-scripts/Web-V2
 branch=master
 branchtype=branch #=branch for branch and =tag for release
+CompatVer=2
 #Installer-config
 phpver=7.4
 PHPMyadmin=1 #Overwriten by cms's without php
@@ -38,29 +45,39 @@ dist=$(grep --color=never -Po "^ID=\K.*" "/etc/os-release")
 
 if [[ "${dist}" == *"ubuntu"* ]] && [[ "${dist_ver}" == *"18.04"* ]]; then
  PKGM="$APTMODE"
+ PKGUC="$PKGM update"
+ PKGUP="$PKGM upgrade -y"
  PKGI="${PKGM} install -y --no-install-recommends"
  PKGLIST="apt"
  shortdist=ubu1804
 elif [[ "${dist}" == *"ubuntu"* ]] && [[ "${dist_ver}" == *"20.04"* ]]; then
- echo "Ubuntu 20.04 is not yet fully tested, not recommended for production server"
  PKGM="$APTMODE"
+ PKGUC="$PKGM update"
+ PKGUP="$PKGM upgrade -y"
  PKGI="${PKGM} install -y --no-install-recommends"
  PKGLIST="apt"
  shortdist=ubu2004 
 elif [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"10"* ]]; then
- echo "Debian 10 Detected"
  PKGM="$APTMODE"
+ PKGUC="$PKGM update"
+ PKGUP="$PKGM upgrade -y"
  PKGI="${PKGM} install -y --no-install-recommends"
  PKGLIST="apt"
  shortdist=deb10
-elif [[ "${dist}" == *"centos"* ]] && [[ "${dist_ver}" == *"8"* ]]; then
+elif [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"11"* ]]; then
- echo "Centos 8 Detected"
+ PKGM="$APTMODE"
+ PKGUC="$PKGM update"
+ PKGUP="$PKGM upgrade -y"
+ PKGI="${PKGM} install -y --no-install-recommends"
+ PKGLIST="apt"
+ shortdist=deb11
+elif [ "$(grep -oP '(?<=^PLATFORM_ID=).+' /etc/os-release | tr -d '"')" = "platform:el8" ]; then
  PKGM="dnf"
+ PKGUC="$PKGM check-update --refresh"
+ PKGUP="$PKGM update -y"
  PKGI="${PKGM} install --setopt=install_weak_deps=False --best -y"
  PKGLIST="dnf"
- shortdist=cent8
+ shortdist=el8
- echo "This os in not supported"
- exit
 else
  echo "This os in not supported"
  exit
@@ -199,7 +216,8 @@ done
 ##----------------##
 
 if [[ "$syscheckoff" -ne 1 ]] && [[ -d /etc/ICTM ]]; then msg "             This system has already been installed by Web-V2" && exit; fi
-if [[ "$syscheckoff" -ne 1 ]] && [[ ! -z $(dpkg -l | cut -d " " -f 3 | grep "^mysql-server") || ! -z $(dpkg -l | cut -d " " -f 3 | grep "nginx") || ! -z $(dpkg -l | cut -d " " -f 3 | grep "apache") || ! -z $(dpkg -l | cut -d " " -f 3 | grep "php") ]] ; then msg " This system has installed packages, Web-V2 is designed for clean systems" && exit; fi
+##Check for pkgs, not yet setup for Centos
+# if [[ "$syscheckoff" -ne 1 ]] && [[ ! -z $(dpkg -l | cut -d " " -f 3 | grep "^mysql-server") || ! -z $(dpkg -l | cut -d " " -f 3 | grep "nginx") || ! -z $(dpkg -l | cut -d " " -f 3 | grep "apache") || ! -z $(dpkg -l | cut -d " " -f 3 | grep "php") ]] ; then msg " This system has installed packages, Web-V2 is designed for clean systems" && exit; fi
 
 
 ##--------------------------##
@@ -207,8 +225,8 @@ if [[ "$syscheckoff" -ne 1 ]] && [[ ! -z $(dpkg -l | cut -d " " -f 3 | grep "^my
 ##--------------------------##
 
 msg "              Starting installer" 8 78
-$PKGM update > $OUTPUT 2>&1
+$PKGUC > $OUTPUT 2>&1
-$PKGI curl wget > $OUTPUT 2>&1
+$PKGI curl wget tar > $OUTPUT 2>&1
 
 
 ##--------##
@@ -364,7 +382,7 @@ fi
 mkdir -p /etc/ICTM/sites
 echo "InstDate=$(date "+%d-%B-%Y")" >> /etc/ICTM/mainvar.list
 
-for storeme in PKGM PKGI PKGLIST OUTPUT IMODE shortdist repo branch branchtype webserv email shortdist hostname; do
+for storeme in PKGM PKGI PKGUC PKGUP PKGLIST OUTPUT IMODE shortdist repo branch branchtype webserv email shortdist hostname CompatVer; do
     declare -p $storeme | cut -d ' ' -f 3- >> /etc/ICTM/mainvar.list
 done
 
@@ -431,6 +449,9 @@ if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$re
  source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/reqmodules.sh)
 fi
 
+#saving enabled Allways on modules
+echo 'EnabledAons=('$aonoption')' >> /etc/ICTM/selopts.list
+
 #Combining selected option with always-on options
 option="$option""$aonoption"
 
@@ -468,7 +489,7 @@ for val1 in ${option[*]}; do
            printf " " >>/tmp/pkg.list
         fi
         if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed""$PKGLIST".pkg.list; then
-           curl --retry 7 --retry-delay 5 -s "$modListed""$PKGLIST" >>/tmp/pkg.list
+           curl --retry 7 --retry-delay 5 -s "$modListed""$PKGLIST".pkg.list >>/tmp/pkg.list
            printf " " >>/tmp/pkg.list
         fi
         if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed""$webserv"-"$PKGLIST".pkg.list; then
@@ -569,6 +590,24 @@ if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$re
  source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/"$webserv"-preconf.sh)
 fi
 
+#Preconfiguring module For CMS
+for val1 in ${option[*]}; do
+    modListed=$(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/extModules.list|grep "$val1")
+    #Checking
+    if test -z "$modListed"
+    then
+        #Fetching from local repo
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/CMSHook-preconf.sh; then
+            source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/CMSHook-preconf.sh)
+        fi
+    else
+        #Fetching from remote repo
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed"CMSHook-preconf.sh; then
+            source <(curl --retry 7 --retry-delay 5 -s "$modListed"CMSHook-preconf.sh)
+        fi
+    fi
+done
+
 #Saving updated vars
 for storeme in phpver sqlver PHPMyadmin; do
     declare -p $storeme | cut -d ' ' -f 3- >> /etc/ICTM/mainvar.list
@@ -578,8 +617,8 @@ done
 #   Installer   #
 ##-------------##
 
-$PKGM update
+$PKGM update -y
-sed -i 's/PHPver/'$phpver'/g' /tmp/pkg.list
+sed -i 's/PHPprefix/'$phpPkgName'/g' /tmp/pkg.list
 cat /tmp/pkg.list | xargs $PKGI
 
 
@@ -639,6 +678,8 @@ if [ $sslenable = 1 ]; then
     if test $certsatus -eq 0
     then
         site_ext="ssl"
+        mkdir -p /etc/acmesh/inst/$domain
+        /opt/acmesh/acme.sh  --config-home '/etc/acmesh/data' --install-cert --ecc --domain $domain --cert-file /etc/acmesh/inst/$domain/cert.pem --key-file /etc/acmesh/inst/$domain/key.pem --ca-file /etc/acmesh/inst/$domain/ca.cer --fullchain-file /etc/acmesh/inst/$domain/fullchain.pem --reloadcmd 'systemctl reload $(cat /etc/ICTM/SslServices)'
     else
         site_ext="nossl"
         rm -rf /etc/acmesh/certs/$domain*
@@ -650,6 +691,8 @@ if [ $sslenable = 1 ]; then
     if test $certsatusBackend -eq 0
     then
         siteBackend_ext="ssl"
+        mkdir -p /etc/acmesh/inst/$hostname
+        /opt/acmesh/acme.sh  --config-home '/etc/acmesh/data' --install-cert --ecc --domain $hostname --cert-file /etc/acmesh/inst/$hostname/cert.pem --key-file /etc/acmesh/inst/$hostname/key.pem --ca-file /etc/acmesh/inst/$hostname/ca.cer --fullchain-file /etc/acmesh/inst/$hostname/fullchain.pem --reloadcmd 'systemctl reload $(cat /etc/ICTM/SslServices)'
     else
         siteBackend_ext="nossl"
         rm -rf /etc/acmesh/certs/$hostname*
@@ -691,11 +734,37 @@ if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$re
 fi
 fi
 
+#Configuring Module for CMS
+
+for val1 in ${option[*]}; do
+    modListed=$(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/extModules.list|grep "$val1")
+    #Checking
+    if test -z "$modListed"
+    then
+        #Fetching from local repo
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/CMSHook-conf.sh; then
+            source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/CMSHook-conf.sh)
+        fi
+    else
+        #Fetching from remote repo
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed"CMSHook-conf.sh; then
+            source <(curl --retry 7 --retry-delay 5 -s "$modListed"CMSHook-conf.sh)
+        fi
+    fi
+done
+
 ##------------##
 #   Services   #
 ##------------##
 
-systemctl reload sshd fail2ban 
+#Set ssh service for distro
+if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] || [ "$shortdist" = "deb11" ] ; then
+   SSHService=ssh
+elif [ "$shortdist" = "el8" ]; then
+    SSHService=sshd
+fi
+
+systemctl reload $SSHService fail2ban 
 
 
 ##-------##
@@ -703,4 +772,4 @@ systemctl reload sshd fail2ban
 ##-------##
 
 msg "                Done installing!"
-for f in /etc/update-motd.d/51*; do bash $f; done
+if stat --printf='' /etc/update-motd.d/51* 2>/dev/null; then for f in /etc/update-motd.d/51*; do bash $f; done; fi