diff --git a/NGINX-Installer_V0.1.sh b/NGINX-Installer_V0.1.sh index e965047..391d220 100644 --- a/NGINX-Installer_V0.1.sh +++ b/NGINX-Installer_V0.1.sh @@ -1 +1,469 @@ -Hello +#============================================================================== +# UBUNTU 18.04 BASH SCRIPT +#============================================================================== +# top -o %MEM -> See Memory consumption +# apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y +# do-release-upgrade -d +# +#============================================================================== +ufw allow OpenSSH +ufw allow 443/tcp +ufw allow 80/tcp +ufw limit ssh +echo "y" | sudo ufw enable +#-------------------# +# LEMP # +#-------------------# +apt install nginx -y +ufw allow 'Nginx HTTP' +apt install mysql-server-5.7 -y +mysql_secure_installation +mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;" +mysql -u root -p"$passwd" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$passwd"';" +mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;" +mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;" +apt install php-fpm php-mysql php-cgi php-common php-pear php-mbstring php-curl php-gd php-intl php-soap php-xml php-xmlrpc php-zip -y +#-------------------# +# NGINX CONFIG # +#-------------------# +mkdir -p /var/www/"$domain"/html +chmod -R 755 /var/www +cat < /etc/nginx/sites-available/$domain +fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=MYAPP:100m max_size=10g inactive=1440m; + +server { + listen 80; + listen [::]:80; + root /var/www/$domain/html; + index index.php index.html index.htm index.nginx-debian.html; + server_name $domain www.$domain; + #return 301 \$scheme:/\$domain\$request_uri; Redirect to non-www + #return 301 https://domein.nl$request_uri; Redirect to other domain + + location = /netdata { + return 301 /netdata/; + } + + location ~ /netdata/(?.*) { + proxy_redirect off; + proxy_set_header Host \$host; + + proxy_set_header X-Forwarded-Host \$host; + proxy_set_header X-Forwarded-Server \$host; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_http_version 1.1; + proxy_pass_request_headers on; + proxy_set_header Connection "keep-alive"; + proxy_store off; + proxy_pass http://netdata/\$ndpath\$is_args\$args; + } + gzip on; + gzip_proxied any; + gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml; + gzip_min_length 1000; + gzip_comp_level 2; + gzip_disable "msie6"; + gzip_buffers 16 8k; + + + location / { + #try_files \$uri \$uri/ =404; + try_files \$uri \$uri/ /index.php\$is_args\$args; + } + + location = /favicon.ico { log_not_found off; access_log off; } + location = /robots.txt { log_not_found off; access_log off; allow all; } + location ~* \.(css|gif|ico|jpeg|jpg|js|png|svg|eot|otf|woff|woff2|ttf|ogg)$ { + expires max; + log_not_found off; + } + + location ~ \.php$ { + include snippets/fastcgi-php.conf; + fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 302 301 1m; + fastcgi_cache_valid 404 1m; + fastcgi_cache_bypass \$no_cache; + fastcgi_no_cache \$no_cache; + fastcgi_cache_revalidate on; + fastcgi_cache_background_update on; + fastcgi_cache_lock on; + fastcgi_cache_use_stale updating; + fastcgi_buffer_size 128k; + fastcgi_buffers 256 16k; + fastcgi_busy_buffers_size 256k; + fastcgi_temp_file_write_size 256k; + } + + location ~ /\.ht { + deny all; + } + + location /phpmyadmin { + index index.php; + } + + #Cache everything by default + set \$no_cache 0; + + #Don't cache POST requests + if (\$request_method = POST) + { + set \$no_cache 1; + } + + #Don't cache if the URL contains a query string + if (\$query_string != "") + { + set \$no_cache 1; + } + + #Don't cache the following URLs + if (\$request_uri ~* "/(administrator/|login.php)") + { + set \$no_cache 1; + } + + #Don't cache if there is a cookie called PHPSESSID + if (\$http_cookie = "PHPSESSID") + { + set \$no_cache 1; + } +} +EOF +cat < /etc/nginx/nginx.conf +user www-data; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 1024; +} + +http { + + fastcgi_cache_key \$scheme\$request_method\$host\$request_uri; + add_header X-Cache "\$upstream_cache_status"; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + # server_tokens off; + + client_body_buffer_size 10K; + client_header_buffer_size 1k; + client_max_body_size 8m; + large_client_header_buffers 4 4k; + + server_names_hash_bucket_size 64; + + include /etc/nginx/mime.types; + default_type text/html; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + ssl_session_cache shared:SSL:20m; + ssl_session_timeout 180m; + + #access_log /var/log/nginx/access.log; + access_log off; + error_log /var/log/nginx/error.log; + + gzip on; + gzip_proxied any; + gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml; + gzip_min_length 1000; + gzip_comp_level 2; + gzip_disable "msie6"; + gzip_buffers 16 8k; + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} +EOF +cat < /etc/nginx/sites-available/default + #fastcgi_cache_key \$scheme\$request_method\$host\$request_uri; + #add_header X-Cache "\$upstream_cache_status"; + + #add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + #ssl_session_cache shared:SSL:20m; + #ssl_session_timeout 180m; + #client_body_buffer_size 10K; + #client_header_buffer_size 1k; + #client_max_body_size 8m; + #large_client_header_buffers 4 4k; + #access_log off; + + upstream netdata { + server 127.0.0.1:19999; + keepalive 64; +} + + server { + listen 80 default_server; + listen [::]:80 default_server; + + location = /netdata { + return 301 /netdata/; + } + + location ~ /netdata/(?.*) { + proxy_redirect off; + proxy_set_header Host \$host; + + proxy_set_header X-Forwarded-Host \$host; + proxy_set_header X-Forwarded-Server \$host; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_http_version 1.1; + proxy_pass_request_headers on; + proxy_set_header Connection "keep-alive"; + proxy_store off; + proxy_pass http://netdata/\$ndpath\$is_args\$args; + + gzip on; + gzip_proxied any; + gzip_types *; + } + + root /var/www/html; + index index.php index.html index.htm index.nginx-debian.html; + + server_name _; + + location / { + try_files \$uri \$uri/ =404; + } + + # pass PHP scripts to FastCGI server + location ~ \.php$ { + include snippets/fastcgi-php.conf; + + # With php-fpm (or other unix sockets): + fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; + # With php-cgi (or other tcp sockets): + #fastcgi_pass 127.0.0.1:9000; + } +} +EOF +ln -s /etc/nginx/sites-available/$domain /etc/nginx/sites-enabled/ +sed -i 's/#cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/7.2/fpm/php.ini +systemctl reload nginx +#-------------------# +# PHPMYADMIN # +#-------------------# +apt-get install phpmyadmin -y +ln -s /usr/share/phpmyadmin /var/www/"$domain"/html +systemctl restart php7.2-fpm +# Redirect phpmyadmin -> database +cd /var/www/"$domain"/html/ +ls -l +mv phpmyadmin database +#-------------------# +# POSTFIX # +#-------------------# +apt install mailutils -y +sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf +sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf +sed -i 's/relayhost =/mydestination = '$domain', localhost.'$domain', '$domain'/g' /etc/postfix/main.cf +systemctl restart postfix +cat < /etc/aliases +# See man 5 aliases for format +postmaster: root +root: $email +EOF +newaliases +#-------------------# +# NETDATA # +#-------------------# +bash <(curl -Ss https://my-netdata.io/kickstart.sh) +ufw allow 19999/tcp +# systemctl stop netdata +# systemctl disable netdata +#-------------------# +# MEMCACHED # +# 127.0.0.1:11211 # +#-------------------# +#apt-get install memcached -y +#systemctl restart memcached +# systemctl stop memcached +# systemctl disable memcached +#-------------------# +# REDIS # +# 127.0.0.1:6379 # +#-------------------# +#apt install redis-server -y +#sed -i 's/supervised no/supervised systemd/g' /etc/redis/redis.conf +#sed -i 's/# bind 127.0.0.1 ::1/bind 127.0.0.1 ::1/g' /etc/redis/redis.conf +#sed -i 's/# requirepass foobared/requirepass '$passwd'/g' /etc/redis/redis.conf +#systemctl restart redis +#systemctl restart redis.service +# systemctl stop redis +# systemctl stop redis.service +# systemctl disable redis +# systemctl disable redis.service +#-------------------# +# CERTBOT # +#-------------------# +add-apt-repository ppa:certbot/certbot +apt install python-certbot-nginx -y +ufw allow 443/tcp +#certbot --nginx -d $domain -d www.$domain +#check certbot auto-renewal -> certbot renew --dry-run +#-------------------# +# PHP.ini # +#-------------------# +sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' /etc/php/7.2/fpm/php.ini +sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/7.2/fpm/php.ini +sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/7.2/fpm/php.ini +sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=50000/g' /etc/php/7.2/fpm/php.ini +sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/7.2/fpm/php.ini +sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/7.2/fpm/php.ini +sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/7.2/fpm/php.ini +systemctl restart php7.2-fpm.service +#-------------------# +# MYSQL SETTINGS # +#-------------------# +cd /etc/mysql +rm /etc/mysql/my.cnf +cat > /etc/mysql/my.cnf <<- "EOF" +# - "/etc/mysql/my.cnf" to set global options, +[mysqld_safe] +socket = /var/run/mysqld/mysqld.sock +nice = 0 + +[mysqld] +user = mysql +pid-file = /var/run/mysqld/mysqld.pid +socket = /var/run/mysqld/mysqld.sock +port = 3306 +basedir = /usr +datadir = /var/lib/mysql +tmpdir = /tmp +lc-messages-dir = /usr/share/mysql +skip-external-locking + +innodb_buffer_pool_size = 1G # (adjust value here, 50%-70% of total RAM) +innodb_log_file_size = 256M +innodb_flush_log_at_trx_commit = 1 # may change to 2 or 0 +innodb_flush_method = O_DIRECT +bind-address = 127.0.0.1 +key_buffer_size = 16M +max_allowed_packet = 16M +thread_stack = 192K +thread_cache_size = 8 +myisam-recover-options = BACKUP +#max_connections = 100 +#table_open_cache = 64 +#thread_concurrency = 10 +query_cache_limit = 1M +query_cache_size = 16M +log_error = /var/log/mysql/error.log +expire_logs_days = 10 +max_binlog_size = 100M +EOF +#-------------------# +# WP - INSTALL # +#-------------------# +db_name="wp_1" +db_user="wp_1" +db_pass=$(date +%s|sha256sum|base64|head -c 32) +mysql -u root -p"$passwd" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;" +mysql -u root -p"$passwd" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';" +mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;" +cd /tmp +curl -LO https://wordpress.org/latest.tar.gz +tar xzvf latest.tar.gz +cp /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php +path="$domain" +cp -a /tmp/wordpress/. /var/www/"$path"/html +chown -R www-data:www-data /var/www/"$path"/html +WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -) +cat < /var/www/"$domain"/html/wp-config.php + array( +# '127.0.0.1:11211' +# ) +#); +#define('WP_REDIS_HOST', '127.0.0.1'); +#define('WP_REDIS_PASSWORD', '$passwd'); +#define('WP_REDIS_PORT', '6379'); +require_once(ABSPATH . 'wp-settings.php'); +EOF +#-------------------# +# OPCACHE GUI # +#-------------------# +cd /tmp +curl -LO https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php +cp /tmp/index.php /tmp/opcache.php +cp -a /tmp/opcache.php /var/www/"$domain"/html +cat > /var/www/"$domain"/html/info.php <<- "EOF" + +EOF +#-------------------# +# UPDATE CRON # +#-------------------# +cd /etc/cron.d +touch updates +cat < /etc/cron.d/updates +SHELL=/bin/sh +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +# m h dom mon dow command +0 0 * * * apt-get update -y && apt-get upgrade -y &&apt-get dist-upgrade -y +EOF +#-------------------# +# BACKUP CRON # +#-------------------# +cd /home +touch backup.sh +cd /etc/cron.d +touch backup +cat < /etc/cron.d/backup +SHELL=/bin/sh +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +# m h dom mon dow command +0 1 * * * /bin/bash /home/backup.sh +EOF +#-------------------# +# SSL & HTTP/2 # +#-------------------# +#certbot --nginx -d $domain -d www.$domain +#sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain" +#sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain" +#sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"