From 5a5fa7667d778db2aa59dfa0311808abcb00b67c Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Fri, 7 Sep 2018 08:53:23 +0000 Subject: [PATCH] Update 'Main-Installer_V0.1.sh' --- Main-Installer_V0.1.sh | 694 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 693 insertions(+), 1 deletion(-) diff --git a/Main-Installer_V0.1.sh b/Main-Installer_V0.1.sh index e965047..8056c9e 100644 --- a/Main-Installer_V0.1.sh +++ b/Main-Installer_V0.1.sh @@ -1 +1,693 @@ -Hello +#!/bin/bash +# Bash Menu Script Example +#============================================================================== +# UBUNTU 18.04 BASH SCRIPT +#============================================================================== +##R1 V1.1## +#===Chanches For V1===# +#Added Vraiables and executes for them# +#===Chanches For V1.1===# +# Nginx, apache, certbot, phpmyadmin, php-fpm, postfix, netdata, Memcached, redis, wordpress & opcache# +#install scripts ware added# +#============================================================================== +# UNDER DEVELOPMENT +#============================================================================== +# Mailserver -->> EXIM, DOVECOT, SPAMASSASSIN, CLAMAV +# FTP backups -->> VSFTPD +# Secure WP -->> NGINX RULES +# WP backup & restore -->> SHELL or PHP +# LAMP SETUP +# APACHE, NGINX REVERSE PROXY +#============================================================================== +# CHECKEN! +# > Postfix +#============================================================================== + +#-------------------# +# Preconfiguration # +#-------------------# + +echo "UBUNTU 18.04 INSTALLATIE SCRIPT" +echo Welk domein mag gekoppeld worden? Typ domein zonder www +read domain +echo Standaard wachtwoord +read passwd +echo administrator email +read email +apt-get update +apt-get upgrade -y +apt-get dist-upgrade -y +apt-get clean +apt-get autoremove -y +hostnamectl set-hostname $domain +sed -i 's/;preserve_hostname: false/preserve_hostname: true/g' /etc/cloud/cloud.cfg +timedatectl set-timezone Europe/Amsterdam +echo "Webserver:" +PS3='Keuze:' +options=("Apache" "Apache, Nginx reverse proxy" "Nginx, PHP-FPM" "Quit") +select opt in "${options[@]}" +do + case $opt in + "Apache") + webserver=apache + certbot_server=apache + break + ;; + "Apache, Nginx reverse proxy") + webserver=apache_nginx + certbot_server=nginx + break + ;; + "Nginx, PHP-FPM") + webserver=nginx + certbot_server=nginx + break + ;; + "Quit") + exit + ;; + *) echo "Fout antwoord $REPLY";; + esac +done + +while true; do + read -p "Installeer PHPmyAdmin -> yes/no?" yn + case $yn in + [Yy]* ) phpmyadmin=1 + break;; + [Nn]* ) phpmyadmin=0 + break;; + * ) echo "Kies yes of no.";; + esac +done + +while true; do + read -p "Installeer Postfix -> yes/no?" yn + case $yn in + [Yy]* ) postfix=1 + break;; + [Nn]* ) postfix=0 + break;; + * ) echo "Kies yes of no.";; + esac +done + +while true; do + read -p "Installeer Netdata -> yes/no?" yn + case $yn in + [Yy]* ) netdata=1 + break;; + [Nn]* ) netdata=0 + break;; + * ) echo "Kies yes of no.";; + esac +done + +while true; do + read -p "Installeer Memcached -> yes/no?" yn + case $yn in + [Yy]* ) memcached=1 + break;; + [Nn]* ) memcached=0 + break;; + * ) echo "Kies yes of no.";; + esac +done + +while true; do + read -p "Installeer Redis Cache -> yes/no?" yn + case $yn in + [Yy]* ) redis=1 + break;; + [Nn]* ) redis=0 + break;; + * ) echo "Kies yes of no.";; + esac +done + +while true; do + read -p "Installeer Let's Encrypt -> yes/no?" yn + case $yn in + [Yy]* ) certbot=1 + break;; + [Nn]* ) certbot=0 + break;; + * ) echo "Kies yes of no.";; + esac +done + +while true; do + read -p "Installeer Wordpress -> yes/no?" yn + case $yn in + [Yy]* ) wordpress=1 + break;; + [Nn]* ) wordpress=0 + break;; + * ) echo "Kies yes of no.";; + esac +done + +#-------------------# +# Install Phase # +#-------------------# + +echo "***************************" +sleep 0.5 +echo "INSTALLATIE DUURT 5 Minuten" +sleep 0.5 +echo "***************************" +sed -i 's/#/vm.swappiness=10/g' /etc/sysctl.conf +sed -i 's/#/vm.vfs_cache_pressure=50/g' /etc/sysctl.conf +apt install rsync grsync -y +apt install sshpass -y + +#----------------------# +# Apache Install # +#----------------------# + +if [ $webserver = apache ] + then + echo "install apache" + ufw allow OpenSSH + ufw allow 443/tcp + ufw allow 80/tcp + ufw limit ssh + echo "y" | sudo ufw enable +#-------------------# +# LAMP # +#-------------------# +install apache2 -y +apt install mysql-server-5.7 -y +echo "& y y abc abc y y y y" | ./usr/bin/mysql_secure_installation +mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;" +mysql -u root -p"$passwd" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$passwd"';" +mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;" +mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;" +apt install libapache2-mod-php php-fpm php-mysql php-cgi php-common php-pear php-mbstring php-curl php-gd php-intl php-soap php-xml php-xmlrpc php-zip -y +cat < /etc/apache2/mods-enabled/dir.conf + + DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm + +EOF +systemctl restart apache2 +systemctl status apache2 +#-------------------# +# VIRTUAL HOST # +#-------------------# +rm /var/www/html +mkdir -p /var/www/"$domain"/public_html +chmod -R 755 /var/www +cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/"$domain".conf +cat < /etc/apache2/sites-available/"$domain".conf + + ServerAdmin $email + ServerName $domain + ServerAlias www.$domain + DocumentRoot /var/www/$domain/public_html + ErrorLog \${APACHE_LOG_DIR}/error.log + CustomLog \${APACHE_LOG_DIR}/access.log combined + +EOF +a2ensite $domain.conf +a2dissite 000-default.conf +systemctl restart apache2 +fi + +#----------------------# +# Apache_Nginx Install # +#----------------------# + +if [ $webserver = apache_nginx ] + then + echo "install apache_nginx" + ufw allow OpenSSH + ufw allow 443/tcp + ufw allow 80/tcp + ufw limit ssh + echo "y" | sudo ufw enable + fi + +#-------------------# +# Nginx Install # +#-------------------# + +if [ $webserver = nginx ] + then + echo "install NGINX" + ufw allow OpenSSH + ufw allow 443/tcp + ufw allow 80/tcp + ufw limit ssh + echo "y" | sudo ufw enable +#-------------------# +# LEMP # +#-------------------# +apt install nginx -y +ufw allow 'Nginx HTTP' +apt install mysql-server-5.7 -y +mysql_secure_installation +mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;" +mysql -u root -p"$passwd" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$passwd"';" +mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;" +mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;" +apt install php-fpm php-mysql php-cgi php-common php-pear php-mbstring php-curl php-gd php-intl php-soap php-xml php-xmlrpc php-zip -y +#-------------------# +# NGINX CONFIG # +#-------------------# +mkdir -p /var/www/"$domain"/html +chmod -R 755 /var/www +cat < /etc/nginx/sites-available/$domain +fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=MYAPP:100m max_size=10g inactive=1440m; + +server { + listen 80; + listen [::]:80; + root /var/www/$domain/html; + index index.php index.html index.htm index.nginx-debian.html; + server_name $domain www.$domain; + #return 301 \$scheme:/\$domain\$request_uri; Redirect to non-www + #return 301 https://domein.nl$request_uri; Redirect to other domain + + location = /netdata { + return 301 /netdata/; + } + + location ~ /netdata/(?.*) { + proxy_redirect off; + proxy_set_header Host \$host; + + proxy_set_header X-Forwarded-Host \$host; + proxy_set_header X-Forwarded-Server \$host; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_http_version 1.1; + proxy_pass_request_headers on; + proxy_set_header Connection "keep-alive"; + proxy_store off; + proxy_pass http://netdata/\$ndpath\$is_args\$args; + } + gzip on; + gzip_proxied any; + gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml; + gzip_min_length 1000; + gzip_comp_level 2; + gzip_disable "msie6"; + gzip_buffers 16 8k; + + + location / { + #try_files \$uri \$uri/ =404; + try_files \$uri \$uri/ /index.php\$is_args\$args; + } + + location = /favicon.ico { log_not_found off; access_log off; } + location = /robots.txt { log_not_found off; access_log off; allow all; } + location ~* \.(css|gif|ico|jpeg|jpg|js|png|svg|eot|otf|woff|woff2|ttf|ogg)$ { + expires max; + log_not_found off; + } + + location ~ \.php$ { + include snippets/fastcgi-php.conf; + fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; + fastcgi_cache MYAPP; + fastcgi_cache_valid 200 302 301 1m; + fastcgi_cache_valid 404 1m; + fastcgi_cache_bypass \$no_cache; + fastcgi_no_cache \$no_cache; + fastcgi_cache_revalidate on; + fastcgi_cache_background_update on; + fastcgi_cache_lock on; + fastcgi_cache_use_stale updating; + fastcgi_buffer_size 128k; + fastcgi_buffers 256 16k; + fastcgi_busy_buffers_size 256k; + fastcgi_temp_file_write_size 256k; + } + + location ~ /\.ht { + deny all; + } + + location /phpmyadmin { + index index.php; + } + + #Cache everything by default + set \$no_cache 0; + + #Don't cache POST requests + if (\$request_method = POST) + { + set \$no_cache 1; + } + + #Don't cache if the URL contains a query string + if (\$query_string != "") + { + set \$no_cache 1; + } + + #Don't cache the following URLs + if (\$request_uri ~* "/(administrator/|login.php)") + { + set \$no_cache 1; + } + + #Don't cache if there is a cookie called PHPSESSID + if (\$http_cookie = "PHPSESSID") + { + set \$no_cache 1; + } +} +EOF +cat < /etc/nginx/nginx.conf +user www-data; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 1024; +} + +http { + + fastcgi_cache_key \$scheme\$request_method\$host\$request_uri; + add_header X-Cache "\$upstream_cache_status"; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + # server_tokens off; + + client_body_buffer_size 10K; + client_header_buffer_size 1k; + client_max_body_size 8m; + large_client_header_buffers 4 4k; + + server_names_hash_bucket_size 64; + + include /etc/nginx/mime.types; + default_type text/html; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + ssl_session_cache shared:SSL:20m; + ssl_session_timeout 180m; + + #access_log /var/log/nginx/access.log; + access_log off; + error_log /var/log/nginx/error.log; + + gzip on; + gzip_proxied any; + gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml; + gzip_min_length 1000; + gzip_comp_level 2; + gzip_disable "msie6"; + gzip_buffers 16 8k; + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} +EOF +cat < /etc/nginx/sites-available/default + #fastcgi_cache_key \$scheme\$request_method\$host\$request_uri; + #add_header X-Cache "\$upstream_cache_status"; + + #add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + upstream netdata { + server 127.0.0.1:19999; + keepalive 64; +} + + server { + listen 80 default_server; + listen [::]:80 default_server; + + location = /netdata { + return 301 /netdata/; + } + + location ~ /netdata/(?.*) { + proxy_redirect off; + proxy_set_header Host \$host; + + proxy_set_header X-Forwarded-Host \$host; + proxy_set_header X-Forwarded-Server \$host; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_http_version 1.1; + proxy_pass_request_headers on; + proxy_set_header Connection "keep-alive"; + proxy_store off; + proxy_pass http://netdata/\$ndpath\$is_args\$args; + + gzip on; + gzip_proxied any; + gzip_types *; + } + + root /var/www/html; + index index.php index.html index.htm index.nginx-debian.html; + + server_name _; + + location / { + try_files \$uri \$uri/ =404; + } + + # pass PHP scripts to FastCGI server + location ~ \.php\$ { + include snippets/fastcgi-php.conf; + + # With php-fpm (or other unix sockets): + fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; + # With php-cgi (or other tcp sockets): + #fastcgi_pass 127.0.0.1:9000; + } +} +EOF +ln -s /etc/nginx/sites-available/$domain /etc/nginx/sites-enabled/ +sed -i 's/#cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/7.2/fpm/php.ini +systemctl reload nginx + +fi + +#--------------------# +# PHPmyAdmin Install # +#--------------------# + +if [ $phpmyadmin = 1 ] +then + echo "install php myadmin" + apt-get install phpmyadmin -y +ln -s /usr/share/phpmyadmin /var/www/"$domain"/html +systemctl restart php7.2-fpm +# Redirect phpmyadmin -> database +cd /var/www/"$domain"/html/ +ls -l +mv phpmyadmin database +fi + +#-----------------# +# Postfix Install # +#-----------------# + +if [ $postfix = 1 ] +then + echo "install postfix" + apt install mailutils -y +sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf +sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf +sed -i 's/relayhost =/mydestination = '$domain', localhost.'$domain', '$domain'/g' /etc/postfix/main.cf +systemctl restart postfix +cat < /etc/aliases +# See man 5 aliases for format +postmaster: root +root: $email +EOF +newaliases +fi + +#-----------------# +# Netdata Install # +#-----------------# + +if [ $netdata = 1 ] +then + echo "install netdata" + bash <(curl -Ss https://my-netdata.io/kickstart.sh) + ufw allow 19999/tcp + iptables -A INPUT -p tcp --dport 19999 -j ACCEPT +fi + +#-------------------# +# Memcached Install # +#-------------------# + +if [ $memcached = 1 ] +then + echo "install memcached" + apt-get install memcached -y + systemctl restart memcached +fi + +#---------------# +# Redis Install # +#---------------# + +if [ $redis = 1 ] +then + echo "install redis" + apt install redis-server -y + sed -i 's/supervised no/supervised systemd/g' /etc/redis/redis.conf + sed -i 's/# bind 127.0.0.1 ::1/bind 127.0.0.1 ::1/g' /etc/redis/redis.conf + sed -i 's/# requirepass foobared/requirepass '$passwd'/g' /etc/redis/redis.conf + systemctl restart redis + systemctl restart redis.service +fi + +#-----------------# +# Certbot Install # +#-----------------# + +if [ $certbot = 1 ] +then + echo "install Let's Encrypt Certbot" + add-apt-repository ppa:certbot/certbot + apt install python-certbot-$certbot_server -y + #certbot --$certbot_server -d $domain -d www.$domain +fi + + +#-------------------# +# Wordpress Install # +#-------------------# + + if [ $wordpress = 1 ] + then + echo "install wordpress" +#-------------------# +# MYSQL CONFIG # +#-------------------# +db_name="wp_1" +db_user="wp_1" +db_pass=$(date +%s|sha256sum|base64|head -c 32) +mysql -u root -p"$passwd" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;" +mysql -u root -p"$passwd" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';" +mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;" +#-------------------# +# WP - INSTALL # +#-------------------# +cd /tmp +curl -LO https://wordpress.org/latest.tar.gz +tar xzvf latest.tar.gz +cp /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php +cp -a /tmp/wordpress/. /var/www/"$domain"/html +chown -R www-data:www-data /var/www/"$domain"/html +WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -) +cat < /var/www/"$domain"/html/wp-config.php + array( +# '127.0.0.1:11211' +# ) +#); +#define('WP_REDIS_HOST', '127.0.0.1'); +#define('WP_REDIS_PASSWORD', '$passwd'); +#define('WP_REDIS_PORT', '6379'); +require_once(ABSPATH . 'wp-settings.php'); +EOF +#-------------------# +# OPCACHE GUI # +#-------------------# +cd /tmp +curl -LO https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php +cp /tmp/index.php /tmp/opcache.php +cp -a /tmp/opcache.php /var/www/"$domain"/html +cat > /var/www/"$domain"/html/info.php <<- "EOF" + +EOF +fi + +#----------------------# +# Generic end commands # +#----------------------# + +#----------------# +# OPCACHE # +#----------------# + +sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' /etc/php/7.2/fpm/php.ini +sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/7.2/fpm/php.ini +sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/7.2/fpm/php.ini +sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=50000/g' /etc/php/7.2/fpm/php.ini +sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/7.2/fpm/php.ini +sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/7.2/fpm/php.ini +sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/7.2/fpm/php.ini +systemctl restart php7.2-fpm.service +#-------------------# +# OPCACHE GUI # +#-------------------# +cd /tmp +curl -LO https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php +cp /tmp/index.php /tmp/opcache.php +cp -a /tmp/opcache.php /var/www/"$domain"/html +cat > /var/www/"$domain"/html/info.php <<- "EOF" + +EOF +#-------------------# +# SYS UPDATE CRON # +#-------------------# +cd /etc/cron.d +touch updates +cat < /etc/cron.d/updates +SHELL=/bin/sh +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +# m h dom mon dow command +0 0 * * * apt-get update -y && apt-get upgrade -y &&apt-get dist-upgrade -y +EOF + +echo "Install Succes" +echo "Reboot system in:" +sleep 1 +echo "3"a +sleep 1 +echo "2" +sleep 1 +echo "1" +reboot +exit \ No newline at end of file