Main, reset branch to master after merge

Reviewed-on: https://git.ictmaatwerk.com/VPS-scripts/Web-V2/pulls/14

AppendCMS.sh

@@ -1,3 +1,13 @@
+#!/bin/bash
+
+###############################
+# @author: Bram Prieshof      #
+# @author: Branco van de Waal #
+###############################
+
+itype=AddCMS
+ScriptCompat=2
+
 ##-----------------##
 #   Fetching Vars   #
 ##-----------------##
@@ -6,6 +16,8 @@ if [ ! -f "/etc/ICTM/selopts.list" ] || [ ! -f "/etc/ICTM/mainvar.list" ] ; then
 
 source /etc/ICTM/selopts.list
 source /etc/ICTM/mainvar.list
+if  [ -z ${CompatVer} ] || [ "$CompatVer" -lt "$ScriptCompat" ]; then   echo "Web-V2 is outdated, Please run the Compat-V*.sh updater from the repo, Current version= $CompatVer" && exit ; fi
+
 if [ -z $shortdist ] ; then source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/MicroOSDetect.sh) ; fi
 if [ $webserv != nginx_nonphp ]; then
     if [ ! -f "/etc/ICTM/phpvar.list" ] ; then bash <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/GeneratePhplist.sh) ; fi
@@ -27,8 +39,9 @@ declare -n options="$webserv"Options
 #    Static-Vars   #
 ##----------------##
 
-ignphpcms=1
+#Options var setup for enabled sub-modules
-
+EnOption="${SelectedOptions[@],,}" && EnOption="${EnOption// /}" && EnOption="${EnOption//:/ }" && EnOption="${EnOption//'"'}"
+EnOption="$EnOption""${EnabledAons[@]}"
 
 ##---------------##
 #    Functions    #
@@ -153,9 +166,15 @@ if [ $IMODE = l ]; then
     done
 fi
 
-#Cleaning options from menu
+#Cleaning CMS from menu
 CMS="${CMS//:}" && CMS="${CMS,,}"
 
+##-----------------##
+#   Storeing vars   #
+##-----------------##
+
+touch /etc/ICTM/sites/"$sitename"
+
 
 ##-----------##
 #   AptList   #
@@ -199,6 +218,23 @@ if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$re
     source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/"$webserv"-preconf.sh)
 fi
 
+#Preconfiguring module For CMS
+for val1 in ${EnOption[*]}; do
+    modListed=$(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/extModules.list|grep "$val1")
+    #Checking
+    if test -z "$modListed"
+    then
+        #Fetching from local repo
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/CMSHook-preconf.sh; then
+            source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/CMSHook-preconf.sh)
+        fi
+    else
+        #Fetching from remote repo
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed"CMSHook-preconf.sh; then
+            source <(curl --retry 7 --retry-delay 5 -s "$modListed"CMSHook-preconf.sh)
+        fi
+    fi
+done
 
 ##-------------##
 #   Installer   #
@@ -261,15 +297,26 @@ if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$re
     source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/"$webserv"-conf.sh)
 fi
 
-##--------------------------##
+#Configuring Module for CMS
-#   Backup-util Site Setup   #
-##--------------------------##
 
-repobckutil=https://git.ictmaatwerk.com/VPS-scripts/Backup-Util
+for val1 in ${EnOption[*]}; do
-branchbckutil=master
+    modListed=$(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/extModules.list|grep "$val1")
-if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repobckutil"/raw/branch/"$branchbckutil"/cms-handeler.sh; then
+    #Checking
- source <(curl --retry 7 --retry-delay 5 -s "$repobckutil"/raw/branch/"$branchbckutil"/cms-handeler.sh)
+    if test -z "$modListed"
+    then
+        #Fetching from local repo
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/CMSHook-conf.sh; then
+            source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/CMSHook-conf.sh)
         fi
+    else
+        #Fetching from remote repo
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed"CMSHook-conf.sh; then
+            source <(curl --retry 7 --retry-delay 5 -s "$modListed"CMSHook-conf.sh)
+        fi
+    fi
+done
+
+
 
 ##------------##
 #   Services   #

AppendModule.sh

@@ -1,15 +1,23 @@
+#!/bin/bash
+
+###############################
+# @author: Bram Prieshof      #
+# @author: Branco van de Waal #
+###############################
+
+itype=AddMod
+ScriptCompat=2
+
 ##-----------------##
 #   Fetching Vars   #
 ##-----------------##
 
 if [ ! -f "/etc/ICTM/selopts.list" ] || [ ! -f "/etc/ICTM/mainvar.list" ] ; then echo 'This system is not yet setup, please run the main installer first' && exit ; fi
 
-##-----------------##
-#   Fetching Vars   #
-##-----------------##
-
 source /etc/ICTM/selopts.list
 source /etc/ICTM/mainvar.list
+if  [ -z ${CompatVer} ] || [ "$CompatVer" -lt "$ScriptCompat" ]; then   echo "Web-V2 is outdated, Please run the Compat-V*.sh updater from the repo, Current version= $CompatVer" && exit ; fi
+
 if [ -z $shortdist ] ; then source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/MicroOSDetect.sh) ; fi
 if [ $webserv != nginx_nonphp ]; then
     if [ ! -f "/etc/ICTM/phpvar.list" ] ; then bash <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/GeneratePhplist.sh) ; fi

CMS/Backend/apache-siteBackend-unconfigured

@@ -20,4 +20,16 @@ Alias /backend/database /usr/share/phpmyadmin
 
 </Directory>
 
+<Location /backend/monit>
+    RewriteEngine on
+    RewriteRule /backend/monit /backend/monit/$1 [R]
+</Location>
+<Location /backend/monit/>
+    #enables/disables monit-websocket
+    deny from all
+    ProxyPass unix:/var/run/monit/monit.sock|http://127.0.0.1/
+    ProxyPassReverse unix:/var/run/monit/monit.sock|http://127.0.0.1/
+</Location>
+
+
 #endConf

CMS/Backend/conf.sh

@@ -10,5 +10,6 @@ chown Backend:Backend -R /var/lib/phpmyadmin/tmp
 chown Backend:Backend -R /var/log/PhpMyAdmin
 systemctl reload "$phpFPMService"
 #Auto disable backends at night
-echo "0 0 * * * root bash /opt/toggle/toggle-Netdata.sh -d > >/dev/null 2>&1" >> /etc/cron.d/autodisablebackend
+echo "0 0 * * * root bash /opt/toggle/toggle-Netdata.sh -d > /dev/null 2>&1" >> /etc/cron.d/autodisablebackend
-echo "0 0 * * * root bash /opt/toggle/toggle-PhpMyAdmin.sh -d > >/dev/null 2>&1" >> /etc/cron.d/autodisablebackend
+echo "0 0 * * * root bash /opt/toggle/toggle-PhpMyAdmin.sh -d > /dev/null 2>&1" >> /etc/cron.d/autodisablebackend
+echo "0 0 * * * root bash /opt/toggle/toggle-MonitWebui.sh -d > /dev/null 2>&1" >> /etc/cron.d/autodisablebackend

CMS/Backend/nginx-siteBackend-unconfigured

@@ -34,6 +34,11 @@ location = /backend/netdata {
         }
     }
     
+    location /backend/monit/ {
+        deny all; #enables/disables monit-websocket
+        proxy_pass http://unix:/var/run/monit/monit.sock:/;
+    }
+
     location ~ /\.ht {
         deny all;
     }

CMS/frontcontroller/Fpm-Pool.conf-unconfigured

@@ -0,0 +1,43 @@
+[SITEname]
+user = SITEname
+group = SITEname
+listen = /var/run/php/phpPHPver-fpm-SITEname.sock
+listen.owner = www-data
+listen.group = www-data
+php_admin_value[disable_functions] = exec,passthru,shell_exec,system
+php_admin_value[error_log] = /var/log/php-fpm/error-SITEname.log
+
+; OPCACHE SETTINGS
+php_admin_value[opcache.memory_consumption] = 256
+php_admin_value[opcache.enable] = 0
+php_admin_value[opcache.interned_strings_buffer] = 32
+php_admin_value[opcache.max_accelerated_files] = 50000
+php_admin_value[opcache.max_wasted_percentage] = 5
+php_admin_value[opcache.revalidate_freq] = 0
+php_admin_value[opcache.validate_timestamps] = 1
+
+; PERFORMANCE LIMITS
+php_admin_value[max_input_vars] = 100
+php_admin_value[upload_max_filesize] = 32M
+php_admin_value[post_max_size] = 32M
+php_admin_value[max_input_time] = 15
+php_admin_value[max_execution_time] = 150
+
+
+; SECURITY
+php_admin_value[cgi.fix_pathinfo] = 1
+php_admin_value[allow_url_fopen] = On
+php_admin_value[file_uploads] = On
+php_admin_value[open_basedir] = /var/www/DOMAINname
+;php_admin_value[open_basedir] = /var/www/DOMAINname:/tmp
+php_admin_value[session.use_strict_mode] = 1
+php_admin_value[session.cookie_httponly] = 1
+;HTTPSONLY php_admin_value[session.cookie_samesite] = Strict
+;HTTPSONLY php_admin_value[session.cookie_secure] = 1
+
+pm = dynamic
+pm.max_children = 11
+pm.start_servers = 3
+pm.min_spare_servers = 3
+pm.max_spare_servers = 11
+chdir = /

CMS/frontcontroller/Nginx-unconfigured

@@ -0,0 +1,30 @@
+#beginConf
+
+    #access_log /var/log/nginx/SITEname-access.log;
+    error_log /var/log/nginx/SITEname-error.log;
+
+    index index.php index.html;
+    root /var/www/DOMAINname/public;
+    gzip on;
+    gzip_proxied any;
+    gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript image/svg image/svg+xml application/xml image/x-icon;
+    gzip_comp_level 2;
+    gzip_disable "msie6";
+    gzip_buffers 16 8k;
+    
+    #include snippets/ngx-backendredir.conf;
+
+    location / {
+        try_files $uri $uri/ $uri.html /index.php$is_args$query_string;
+    }
+    
+    location ~ \.php$ {
+        include snippets/fastcgi-php.conf;
+        fastcgi_pass unix:/var/run/php/phpPHPver-fpm-SITEname.sock;
+    }
+
+    location ~ /\.ht {
+        deny all;
+    }
+    
+#endConf

CMS/frontcontroller/conf.sh

@@ -0,0 +1,40 @@
+#Creating DB
+db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1`
+db_name="fc_$db_suffix"
+db_user="fc_$db_suffix"
+db_pass=$(tr -dc 'A-Za-z0-9!#%()*+,-.:;<=>?@[]^_{|}~' </dev/urandom | head -c 30 ; echo)
+
+#Storing DB Credentials
+echo "Database Name $db_name" > ~/DB_"$sitename"
+echo "Database Username $db_user" >> ~/DB_"$sitename"
+echo "Database Password $db_pass" >> ~/DB_"$sitename"
+
+#Setting up Database
+mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;" > $OUTPUT 2>&1
+mysql -u root -p"$password" -e "CREATE USER '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';" > $OUTPUT 2>&1
+mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost';" > $OUTPUT 2>&1
+mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" > $OUTPUT 2>&1
+
+
+#Creating webfolder
+mkdir -p /var/www/"$domain"/public
+
+#Ceating content
+echo "<html><head></head><body>$webserv has been succsefully installed by the Wizard<br>Ready for FontControler installation</body></html>" > /var/www/$domain/public/index.html
+
+#Setup PHP Pool
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/frontcontroller/Fpm-Pool.conf-unconfigured -o "$phpPoolDir"/"$sitename".conf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/SITEname/'$sitename'/g' -e 's/DOMAINname/'$domain'/' "$phpPoolDir"/$sitename.conf
+groupadd "$sitename"
+useradd -g "$sitename" "$sitename"
+
+systemctl reload $phpFPMService
+
+#Setting Permsissions
+chown "$sitename":"$sitename" -R /var/www/"$domain"/
+
+if [ "$shortdist" = "el8" ]; then
+    #Setting SeLiux perms for centos
+    semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/$domain/(/.*)?" > $OUTPUT 2>&1
+    restorecon -r /var/www/ > $OUTPUT 2>&1
+fi

CMS/frontcontroller/nginx-conf.sh

@@ -0,0 +1,5 @@
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/frontcontroller/Nginx-unconfigured -o /tmp/nginx-siteconf
+sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/g' -e 's/SITEname/'$sitename'/g' /tmp/nginx-siteconf
+sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"_"$site_ext"
+
+systemctl reload nginx

CMS/nextcloud/conf.sh

@@ -42,7 +42,7 @@ chown "$sitename":"$sitename" -R /var/www/"$domain"/html
 if [ "$shortdist" = "el8" ]; then
     #Setting SeLiux perms for centos
     semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/$domain/html(/.*)?" > $OUTPUT 2>&1
-    restorecon -vr /var/www/ > $OUTPUT 2>&1
+    restorecon -r /var/www/ > $OUTPUT 2>&1
 fi
 
 

CMS/none/conf.sh

@@ -22,5 +22,5 @@ fi
 if [ "$shortdist" = "el8" ]; then
     #Setting SeLiux perms for centos
     semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/$domain/html(/.*)?" > $OUTPUT 2>&1
-    restorecon -vr /var/www/ > $OUTPUT 2>&1
+    restorecon -r /var/www/ > $OUTPUT 2>&1
 fi

CMS/wordpress/conf.sh

@@ -54,7 +54,7 @@ chown "$sitename":"$sitename" -R /var/www/"$domain"/html
 if [ "$shortdist" = "el8" ]; then
     #Setting SeLiux perms for centos
     semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/$domain/html(/.*)?" > $OUTPUT 2>&1
-    restorecon -vr /var/www/ > $OUTPUT 2>&1
+    restorecon -r /var/www/ > $OUTPUT 2>&1
 fi
 
 #Makeing wordpress Finalize script and setting login Notice

CoreModules/apache/conf.sh

@@ -7,8 +7,9 @@ systemctl stop $apacheService > $OUTPUT 2>&1
 if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then
 	a2dissite 000-default > $OUTPUT 2>&1
 	a2dismod mpm_prefork > $OUTPUT 2>&1
-	a2enmod actions fcgid alias proxy_fcgi ssl headers http2 setenvif socache_shmcb > $OUTPUT 2>&1
+	a2enmod actions fcgid alias proxy_fcgi proxy_http ssl headers http2 setenvif socache_shmcb rewrite > $OUTPUT 2>&1
 	mkdir -p "$apacheConfDir"/snippets/
+	monitconf=/etc/monit/monitrc
 elif [ "$shortdist" = "el8" ]; then
 	echo 'IncludeOptional conf-enabled/*.conf' >>/etc/httpd/conf/httpd.conf
 	echo 'IncludeOptional sites-enabled/*.conf' >>/etc/httpd/conf/httpd.conf
@@ -18,6 +19,7 @@ elif [ "$shortdist" = "el8" ]; then
     mkdir -p /etc/httpd/{sites-available,sites-enabled,conf-enabled,conf-available,snippets}
 	#getting aditional apache config for centos
 	curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/conf-httpd-custom.conf -o "$apacheConfDir"/conf-enabled/zzz-Httpd-custom.conf
+	monitconf=/etc/monitrc
 fi
 
 curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/snippets-ssl.conf -o "$apacheConfDir"/snippets/apa-ssl.conf
@@ -54,12 +56,15 @@ ln -s "$apacheConfDir"/sites-available/Backend_nossl.conf "$apacheConfDir"/sites
 curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/apache/config/apache2/site_ssl-unconfigured >> "$apacheConfDir"/sites-available/Backend_ssl.conf
 sed -i -e 's/DOMAINname/'$hostname'/g' "$apacheConfDir"/sites-available/Backend_ssl.conf
 
-
+#BackendToggle
 mkdir -p /opt/toggle
+##Phpmyadmin
 curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/toggles/toggle-PhpMyAdmin_APACHE.sh -o /opt/toggle/toggle-PhpMyAdmin.sh
 sed -i -e 's/APASRV/'$apacheService'/' -e 's#APADIR#'$apacheConfDir'#'  /opt/toggle/toggle-PhpMyAdmin.sh
-
+##monit
- 
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/toggles/toggle-Monit_APACHE.sh -o /opt/toggle/toggle-MonitWebui.sh
+sed -i -e 's#MONITCONF#'$monitconf'#' -e 's/APASRV/'$apacheService'/' -e 's#APADIR#'$apacheConfDir'#' /opt/toggle/toggle-MonitWebui.sh
+unset monitconf
 
 
 # custom Welcome page

CoreModules/nginx/conf.sh

@@ -36,9 +36,21 @@ ln -s /etc/nginx/sites-available/Backend_nossl /etc/nginx/sites-enabled/Backend
 curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/nginx/config/nginx/site_ssl-unconfigured >> /etc/nginx/sites-available/Backend_ssl 
 sed -i -e 's/DOMAINname/'$hostname'/g' /etc/nginx/sites-available/Backend_ssl 
 
+#toggles
 mkdir -p /opt/toggle
+##phpmyadmin toggle
 curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/toggles/toggle-Netdata_NGINX.sh -o  /opt/toggle/toggle-Netdata.sh
 curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/toggles/toggle-PhpMyAdmin_NGINX.sh -o  /opt/toggle/toggle-PhpMyAdmin.sh
+##monit toggle
+if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then
+    monitconf=/etc/monit/monitrc
+elif [ "$shortdist" = "el8" ]; then
+    monitconf=/etc/monitrc
+fi
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/toggles/toggle-Monit_NGINX.sh -o /opt/toggle/toggle-MonitWebui.sh
+sed -i -e 's#MONITCONF#'$monitconf'#' /opt/toggle/toggle-MonitWebui.sh
+unset monitconf
+
 
 # custom Welcome page
 echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /usr/share/nginx/html/index.html

Docs/docs/Dev-Adding-Modules.md

@@ -14,6 +14,8 @@ In both cases the file structure is expected as shown below
 * `<Webserver>`-apt.pkg.list
 * `<Webserver>`-dnf.pkg.list
 * config/*
+* CMSHook-preconf.sh
+* CMSHook-conf.sh
 
 ## The internal module location
 SubModules/`<ModuleName>`
@@ -32,7 +34,8 @@ SubModules/`<ModuleName>`
 | `<Webserver>`-apt.pkg.list | packagelist for specified webserver for distro's that use apt|
 | `<Webserver>`-dnf.pkg.list | packagelist for specified webserver for distro's that use dnf/yum|
 | config/* | Directory for config files | 
-
+| CMSHook-conf.sh  | Will run as addtional preconf when CSM is installed|
+| CMSHook-conf.sh  | Will run after a CSM is installed|
 
 # Defining in the menu
 ### Add the following to ModulesMenu.list

ModulesMenu.list

@@ -13,6 +13,7 @@ webservers+=("Apache:" "Will install Apache Webserver." OFF)
 nginxCMSL=("None:" "A plain webserver will be setup." OFF)
 nginxCMSL+=("Wordpress:" "WordPress is a content management system based on PHP." OFF)
 nginxCMSL+=("Nextcloud:" "Nextcloud is a suite of client-server software for creating and using file hosting services." OFF)
+nginxCMSL+=("FrontController:" "Will prepair enviroment for frontcontroller." OFF)
 #Options
 nginxOptions=("Redis:" "Redis caching" OFF)
 nginxOptions+=("Postfix:" "Mail MTA" OFF)
@@ -40,7 +41,7 @@ webservers=("Nginx" "Nginx_nonphp"  "Apache" "Quit")
 
 ##Nginx
 #CMSList
-nginxCMSL=("None" "Wordpress" "Nextcloud")
+nginxCMSL=("None" "Wordpress" "Nextcloud" "FrontController")
 #Options
 nginxOptions=("Redis:" "Postfix:")
 

PhpUpdater.sh

@@ -92,6 +92,7 @@ if [ $IMODE = n ]; then
        $PKGP -y $phpPkgName*
     else
        PhpPurge=0
+       echo "$PKGP -y $phpPkgName*" > ~/remove-PHP-$phpver 
     fi
 fi
 

Scripts/Compat/Compat-V2.sh

@@ -0,0 +1,23 @@
+if [ ! -f "/etc/ICTM/selopts.list" ] || [ ! -f "/etc/ICTM/mainvar.list" ] ; then echo 'This system is not yet setup, please run the main installer first' && exit ; fi
+
+#Getting information and vars
+source /etc/ICTM/mainvar.list
+
+#CompatUpdater Setup
+UpdaterCompatTo=2
+if  [ -z ${CompatVer} ]; then CompatVer=1 ; fi
+if  [ "$CompatVer" -ge "$UpdaterCompatTo" ]; then echo "Web-V2 is update to-date,Update scipt version= $UpdaterCompatTo, Current version= $CompatVer" && exit ; fi
+
+printf '%s' "Updating Web-V2..."
+#NewCompat var
+CompatVer=$UpdaterCompatTo
+
+#Updating mod lists
+aonoption="/MySQL/"
+aonoption="$aonoption /Unattended-Security-Updates/"
+aonoption="$aonoption /Backup-Util/"
+aonoption="$aonoption /AcmeSH/"
+echo 'EnabledAons=('$aonoption')' >> /etc/ICTM/selopts.list
+declare -p CompatVer | cut -d ' ' -f 3- >> /etc/ICTM/mainvar.list
+
+printf " [\033[0;32mok\033[0m]\n"

Scripts/toggles/toggle-Monit_APACHE.sh

@@ -0,0 +1,39 @@
+function usage {
+    echo "Usage: $0 [option...]" >&2
+    echo
+    echo "   -e,    Enable MonitWebui"
+    echo "   -d,    Disable MonitWebui"
+    echo "   -h,    Shows this information"
+    echo
+}
+if [ -n "$1" ]; then
+    if [[ ! -f /etc/ICTM/toggle.conf ]]; then
+        echo "Creating File"
+        touch /etc/ICTM/toggle.conf
+    fi
+    source /etc/ICTM/toggle.conf
+    if [ -z "$MonitWeb" ]; then
+        echo "Creating Var"
+        echo "MonitWeb=3" >> /etc/ICTM/toggle.conf
+        MonitWeb=3
+    fi
+    if [[ "$1" = "-d" && "$MonitWeb" != 0 ]]; then
+        echo "Disable MonitWebui"
+        sed -i '/MonitWeb=/c\MonitWeb=0' /etc/ICTM/toggle.conf
+        sed -i --follow-symlinks '/#enables\/disables monit-websocket/!b;n;cdeny from all' /APADIR/sites-enabled/010-Backend.conf
+        sed -i '/#enables\/disables monit-websocket/ s/^#*/#/' MONITCONF
+        systemctl reload APASRV monit
+    elif [[ "$1" = "-e" && "$MonitWeb" !=  1 ]]; then
+        echo "Enable MonitWebui"
+        sed -i '/MonitWeb=/c\MonitWeb=1' /etc/ICTM/toggle.conf
+        sed -i --follow-symlinks '/#enables\/disables monit-websocket/!b;n;c#deny from all' /APADIR/sites-enabled/010-Backend.conf
+        sed -i '/#enables\/disables monit-websocket/ s/^.//' MONITCONF
+        systemctl reload APASRV monit
+    elif [[ "$1" = "-h" ]]; then
+        usage
+    else
+        echo "Oopsie!"
+    fi
+else
+ usage
+fi

Scripts/toggles/toggle-Monit_NGINX.sh

@@ -0,0 +1,39 @@
+function usage {
+    echo "Usage: $0 [option...]" >&2
+    echo
+    echo "   -e,    Enable MonitWebui"
+    echo "   -d,    Disable MonitWebui"
+    echo "   -h,    Shows this information"
+    echo
+}
+if [ -n "$1" ]; then
+    if [[ ! -f /etc/ICTM/toggle.conf ]]; then
+        echo "Creating File"
+        touch /etc/ICTM/toggle.conf
+    fi
+    source /etc/ICTM/toggle.conf
+    if [ -z "$MonitWeb" ]; then
+        echo "Creating Var"
+        echo "MonitWeb=3" >> /etc/ICTM/toggle.conf
+        MonitWeb=3
+    fi
+    if [[ "$1" = "-d" && "$MonitWeb" != 0 ]]; then
+        echo "Disable MonitWebui"
+        sed -i '/MonitWeb=/c\MonitWeb=0' /etc/ICTM/toggle.conf
+        sed -i --follow-symlinks '/deny all; #enables\/disables monit-websocket/c\        deny all; #enables\/disables monit-websocket' /etc/nginx/sites-enabled/Backend
+        sed -i '/#enables\/disables monit-websocket/ s/^#*/#/' MONITCONF
+        systemctl reload nginx monit
+    elif [[ "$1" = "-e" && "$MonitWeb" !=  1 ]]; then
+        echo "Enable MonitWebui"
+        sed -i '/MonitWeb=/c\MonitWeb=1' /etc/ICTM/toggle.conf
+        sed -i --follow-symlinks '/deny all; #enables\/disables monit-websocket/c\        #deny all; #enables\/disables monit-websocket' /etc/nginx/sites-enabled/Backend
+        sed -i '/#enables\/disables monit-websocket/ s/^.//' MONITCONF
+        systemctl reload nginx monit
+    elif [[ "$1" = "-h" ]]; then
+        usage
+    else
+        echo "Oopsie!"
+    fi
+else
+ usage
+fi

SubModules/postfix/CMSHook-conf.sh

@@ -0,0 +1,24 @@
+#ADD DOMAIN
+sudo --user opendkim mkdir /etc/opendkim.d/keys/"$maildomain"
+sudo --user opendkim opendkim-genkey -r -D /etc/opendkim.d/keys/"$maildomain" -d "$maildomain" -s "$odkdomsec"
+echo "$maildomain" >> /etc/opendkim.d/TrustedHosts
+echo "$odkdomsec._domainkey."$maildomain" "$maildomain":"$odkdomsec":/etc/opendkim.d/keys/"$maildomain"/"$odkdomsec".private" >> /etc/opendkim.d/KeyTable
+
+if [ $webserv != nginx_nonphp ]; then
+    echo "" >> "$phpPoolDir"/"$sitename".conf
+    echo "php_admin_value[mail.force_extra_parameters] = \"-f$mailas -F'$maildomain'\"" >> "$phpPoolDir"/"$sitename".conf
+fi
+
+
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/postfix/opendkim-init.sh -o ~/OpenDKIMInit-$sitename.sh
+sed -i -e 's/DOMAINname/'$maildomain'/g' -e 's/SITEName/'${sitename//_}'/g' -e 's/ODKSec/'$odkdomsec'/g' ~/OpenDKIMInit-$sitename.sh
+
+cat << EOF > /etc/update-motd.d/51-opendkim-"${sitename//_}"
+#!/bin/sh
+red='\e[1;31m%s\e[0m\n'
+printf "\n"
+printf \$red "To enable mail for $domain please run please run bash ~/OpenDKIMInit-$sitename.sh"
+printf "\n"
+EOF
+chmod +x /etc/update-motd.d/51-opendkim-"${sitename//_}"
+systemctl reload opendkim $phpFPMService

SubModules/postfix/CMSHook-preconf.sh

@@ -0,0 +1,46 @@
+if [ -z "${sitename}" ]; then sitename=${domain//./_};fi
+if [ $IMODE = n ]; then
+    if (whiptail --title "Config" --yesno "                Send mail as info@$domain for $domain?" 11 78); then
+        mailas=info@$domain
+        maildomain=$domain
+    else
+        mailas=$(whiptail --nocancel --inputbox "                   Enter mail addres for sending mail?" 11 78 --title "Config" 3>&1 1>&2 2>&3)
+        maildomain=$(sed -e 's/[^@]*@//' <<< "$mail")
+    fi
+    if (whiptail --title "Config" --yesno "                     Use default DKIM selector [vps]?" 11 78); then
+        odkdomsec=vps
+    else
+        odkdomsec=$(whiptail --nocancel --inputbox "                           Enter DKIM selector" 11 78 --title "Config" 3>&1 1>&2 2>&3)
+    fi
+fi
+
+if [ $IMODE = l ]; then
+    while true; do
+        read -p "Send mail as info@$domain for $domain? (y/n)" yn
+        case $yn in
+            [Yy]* )
+                mailas=info@$domain
+                maildomain=$domain
+            break;;            
+            [Nn]* )
+                echo 'Enter mail addres for sending mail? '
+                read mailas
+                maildomain=$(sed -e 's/[^@]*@//' <<< "$mailas")
+            break;;
+            * )echo "Choose yes or no.";;
+        esac
+    done
+    while true; do
+        read -p "Use default DKIM selector [vps]? (y/n)" yn
+        case $yn in
+            [Yy]* )
+                odkdomsec=vps
+            break;;            
+            [Nn]* )
+                echo 'Enter DKIM selector? '
+                read odkdomsec
+            break;;
+            * )echo "Choose yes or no.";;
+        esac
+    done
+fi

SubModules/postfix/apt.pkg.list

@@ -1 +1 @@
-mailutils
+mailutils opendkim-tools

SubModules/postfix/conf.sh

@@ -1,11 +1,20 @@
+
+systemctl stop postfix opendkim
+
+
 ##-------------##
 #    Postfix    #
 ##-------------##
 
-sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf
+sed -i "/^inet_interfaces =/c\inet_interfaces = loopback-only" /etc/postfix/main.cf
-sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf
+sed -i "/recipient_delimiter =/c\recipient_delimiter = +" /etc/postfix/main.cf
-sed -i 's/relayhost =/mydestination = '$hostname', localhost.'$hostname', '$hostname'/g' /etc/postfix/main.cf
+sed -i "/^mydestination =/c\mydestination = \"$hostname\", localhost.\"$hostname\", \"$hostname\"" /etc/postfix/main.cf
-echo "bounce_notice_recipient = info@$domain" >> /etc/postfix/main.cf
+echo "$hostname" > /etc/mailname
+if [ "$(echo "$hostname" | grep -o "\." | wc -l)" -eq 1 ]; then
+  echo "bounce_notice_recipient = admin@$hostname" >> /etc/postfix/main.cf
+else
+ echo "bounce_notice_recipient = admin@$(sed 's/.*\.\(.*\..*\)/\1/' <<< $hostname)" >> /etc/postfix/main.cf
+fi
 cat <<EOF > /etc/aliases
 # See man 5 aliases for format
 postmaster:    root
@@ -13,6 +22,80 @@ root:          $email
 EOF
 newaliases
 
-systemctl start postfix 
+cat <<EOF >> /etc/postfix/main.cf
-systemctl enable postfix
+
-systemctl reload postfix
+#openDKIM
+milter_default_action = accept
+milter_protocol = 2
+smtpd_milters = unix:/var/run/opendkim/opendkim.sock
+non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock
+EOF
+
+
+##--------------##
+#    OpenDKIM    #
+##--------------##
+
+usermod -aG opendkim postfix
+rm -rf /etc/opendkim.d
+mkdir -p /etc/opendkim.d/keys
+chown opendkim:opendkim /etc/opendkim.d/keys -R
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/postfix/config/opendkim.conf -o /etc/opendkim.conf
+touch /etc/opendkim.d/SigningTable
+cat <<EOF > /etc/opendkim.d/TrustedHosts
+127.0.0.1
+::1
+localhost
+$(curl -s -4 icanhazip.com)
+$(curl -s -6 icanhazip.com)
+${hostname}
+EOF
+
+
+if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then
+    mkdir -p /var/spool/postfix/var/run/opendkim
+    sudo chown opendkim:postfix /var/spool/postfix/var/run/opendkim
+    sed -i "/^RUNDIR=/c\RUNDIR=/var/spool/postfix/var/run/opendkim" /etc/default/opendkim
+    echo "TrustAnchorFile       /usr/share/dns/root.key" >> /etc/opendkim.conf
+    bash /lib/opendkim/opendkim.service.generate
+    systemctl daemon-reload
+fi
+
+odkhsec=$(sed 's/\..*$//'  <<< $hostname)
+sudo --user opendkim mkdir /etc/opendkim.d/keys/"$hostname"
+sudo --user opendkim opendkim-genkey -r -D /etc/opendkim.d/keys/"$hostname" -d "$hostname" -s $odkhsec
+echo ""$odkhsec"._domainkey."$hostname" "$hostname":"$odkhsec":/etc/opendkim.d/keys/"$hostname"/"$odkhsec".private" >> /etc/opendkim.d/KeyTable
+curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/postfix/opendkim-init.sh -o ~/OpenDKIMInit-host.sh
+sed -i -e 's/DOMAINname/'$hostname'/g' -e 's/SITEName/'host'/g' -e 's/ODKSec/'$odkhsec'/g' ~/OpenDKIMInit-host.sh
+unset odkhsec
+
+
+cat << EOF > /etc/update-motd.d/51-generalspf
+#!/bin/sh
+red='\e[1;31m%s\e[0m\n'
+printf "\n"
+printf \$red "To enable mail for this server add the folling Records for $hostname:"
+printf \$red "A record: \$(curl -s -4 icanhazip.com)"
+printf \$red "AAA record: \$(curl -s -6 icanhazip.com)"
+printf \$red "MX record: '0 mail'"
+printf \$red "SPF record: '\"v=spf1 a mx -all\"'"
+printf \$red "Check Blacklist using the following url: 'https://www.debouncer.com/blacklistlookup?t=$hostname'"
+printf "\n"
+printf \$red "Optionally, to enable DKIM for the hostname run bash ~/OpenDKIMInit-host.sh"
+printf \$red "Remove notice this by running \"rm /etc/update-motd.d/51-generalspf\""
+printf "\n"
+EOF
+chmod +x /etc/update-motd.d/51-generalspf
+
+systemctl start postfix opendkim 
+systemctl enable postfix opendkim
+
+#if using Append module run for existing cms/sites
+if [  "$itype" = "AddMod" ]; then
+   for file in /etc/ICTM/sites/*; do
+        sitename="${file##*/}"
+        domain=${sitename//_/.}
+        source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/postfix/CMSHook-preconf.sh)
+        source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/postfix/CMSHook-conf.sh)
+    done
+fi

SubModules/postfix/config/opendkim.conf

@@ -0,0 +1,12 @@
+Syslog               yes
+UMask                007
+Socket               local:/var/run/opendkim/opendkim.sock
+PidFile              /var/run/opendkim/opendkim.pid
+OversignHeaders      From
+UserID               opendkim
+Canonicalization     relaxed/simple
+Mode                 s
+KeyTable             refile:/etc/opendkim.d/KeyTable
+SigningTable         refile:/etc/opendkim.d/SigningTable
+ExternalIgnoreList   refile:/etc/opendkim.d/TrustedHosts
+InternalHosts        refile:/etc/opendkim.d/TrustedHosts

SubModules/postfix/dnf.pkg.list

@@ -0,0 +1 @@
+perl-Getopt-Long

SubModules/postfix/generic.pkg.list

@@ -1 +1 @@
-postfix
+postfix opendkim

SubModules/postfix/opendkim-init.sh

@@ -0,0 +1,39 @@
+if [ -n "$1" ]; then
+    if [[ "$1" = "--enable" ]]; then
+        echo "Enableing DKIM"
+
+        echo "*@DOMAINname ODKSec._domainkey.DOMAINname" >>/etc/opendkim.d/SigningTable
+        systemctl reload opendkim
+        #Remove script
+        while true; do
+            read -p "Remove this script -> yes/no?" yn
+            case $yn in
+                [Nn]* )
+                break;;
+                [Yy]* )
+                rm -- "$0"
+                break;;
+                * )echo "Choose yes or no.";;
+            esac
+        done
+        exit
+    fi
+fi
+echo "Required to enable mailing for this system"
+echo "Please make sure a valid MX record, and A/AAA are set for DOMAINname,"
+echo "Please add the folloing to your SPF Record in the DNS of DOMAINname,"
+echo "ip4:$(curl -s -4 icanhazip.com) ip6:$(curl -s -6 icanhazip.com)"
+echo ""
+echo "Alternatively use the 'a' and 'mx' in the SPF record just make sure the server has an 'A' and 'AAA' record pointing to it"
+echo ""
+echo ""
+echo "Optionally to enable dkim" 
+echo "Add the folloing TXT Record to the DNS of DOMAINname"
+echo "WARNING the output is split, please combine key before inserting into DNS" 
+cat /etc/opendkim.d/keys/DOMAINname/ODKSec.txt
+
+echo ""
+echo "If DNS is propegated then run \"bash $0 --enable\""
+
+rm -f /etc/update-motd.d/51-opendkim-SITEName
+

SubModules/postfix/preconf.sh

@@ -1,13 +1,4 @@
-if [ -z "${domain}" ]; then
-    if [ $IMODE = n ]; then
-        domain=$(whiptail --nocancel --inputbox "                        Enter the domain without WWW     " 11 82 --title "Config" 3>&1 1>&2 2>&3)
-    elif [ $IMODE = l ]; then
-        echo "Enter the domain without WWW:"
-        read domain
-    fi
-fi
-
 if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then
-    debconf-set-selections <<< "postfix postfix/mailname string $domain"
+    debconf-set-selections <<< "postfix postfix/mailname string $hostname"
     debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"
 fi

installer.sh

@@ -1,5 +1,11 @@
 #!/bin/bash
 
+###############################
+# @author: Bram Prieshof      #
+# @author: Branco van de Waal #
+###############################
+
+itype=Main
 
 ##--------------------##
 #   Legacy/Main Menu   #
@@ -26,6 +32,7 @@ fi
 repo=https://git.ictmaatwerk.com/VPS-scripts/Web-V2
 branch=master
 branchtype=branch #=branch for branch and =tag for release
+CompatVer=2
 #Installer-config
 phpver=7.4
 PHPMyadmin=1 #Overwriten by cms's without php
@@ -57,14 +64,13 @@ elif [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"10"* ]]; then
  PKGI="${PKGM} install -y --no-install-recommends"
  PKGLIST="apt"
  shortdist=deb10
-elif [[ "${dist}" == *"centos"* ]] && [[ "${dist_ver}" == *"8"* ]]; then
+elif [ "$(grep -oP '(?<=^PLATFORM_ID=).+' /etc/os-release | tr -d '"')" = "platform:el8" ]; then
  PKGM="dnf"
  PKGUC="$PKGM check-update --refresh"
  PKGUP="$PKGM update -y"
  PKGI="${PKGM} install --setopt=install_weak_deps=False --best -y"
  PKGLIST="dnf"
  shortdist=el8
- echo "The support for this os is being worked on"
 else
  echo "This os in not supported"
  exit
@@ -369,7 +375,7 @@ fi
 mkdir -p /etc/ICTM/sites
 echo "InstDate=$(date "+%d-%B-%Y")" >> /etc/ICTM/mainvar.list
 
-for storeme in PKGM PKGI PKGUC PKGUP PKGLIST OUTPUT IMODE shortdist repo branch branchtype webserv email shortdist hostname; do
+for storeme in PKGM PKGI PKGUC PKGUP PKGLIST OUTPUT IMODE shortdist repo branch branchtype webserv email shortdist hostname CompatVer; do
     declare -p $storeme | cut -d ' ' -f 3- >> /etc/ICTM/mainvar.list
 done
 
@@ -436,6 +442,9 @@ if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$re
  source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/reqmodules.sh)
 fi
 
+#saving enabled Allways on modules
+echo 'EnabledAons=('$aonoption')' >> /etc/ICTM/selopts.list
+
 #Combining selected option with always-on options
 option="$option""$aonoption"
 
@@ -574,6 +583,24 @@ if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$re
  source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/"$CMS"/"$webserv"-preconf.sh)
 fi
 
+#Preconfiguring module For CMS
+for val1 in ${option[*]}; do
+    modListed=$(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/extModules.list|grep "$val1")
+    #Checking
+    if test -z "$modListed"
+    then
+        #Fetching from local repo
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/CMSHook-preconf.sh; then
+            source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/CMSHook-preconf.sh)
+        fi
+    else
+        #Fetching from remote repo
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed"CMSHook-preconf.sh; then
+            source <(curl --retry 7 --retry-delay 5 -s "$modListed"CMSHook-preconf.sh)
+        fi
+    fi
+done
+
 #Saving updated vars
 for storeme in phpver sqlver PHPMyadmin; do
     declare -p $storeme | cut -d ' ' -f 3- >> /etc/ICTM/mainvar.list
@@ -696,6 +723,25 @@ if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$re
 fi
 fi
 
+#Configuring Module for CMS
+
+for val1 in ${option[*]}; do
+    modListed=$(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/extModules.list|grep "$val1")
+    #Checking
+    if test -z "$modListed"
+    then
+        #Fetching from local repo
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/CMSHook-conf.sh; then
+            source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/SubModules/"$val1"/CMSHook-conf.sh)
+        fi
+    else
+        #Fetching from remote repo
+        if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed"CMSHook-conf.sh; then
+            source <(curl --retry 7 --retry-delay 5 -s "$modListed"CMSHook-conf.sh)
+        fi
+    fi
+done
+
 ##------------##
 #   Services   #
 ##------------##