Work_Archive/Vps-UBUNTU-SetupScripts
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update 'Main-Installer_V0.1.sh'

Browse Source
This commit is contained in:
Bram Prieshof
2018-09-07 09:17:49 +00:00
parent 5a5fa7667d
commit bcc244003b
1 changed files with 26 additions and 573 deletions
Download Patch File Download Diff File Expand all files Collapse all files

599
Main-Installer_V0.1.sh
View File

@@ -4,11 +4,11 @@
# UBUNTU 18.04 BASH SCRIPT # UBUNTU 18.04 BASH SCRIPT
#============================================================================== #==============================================================================
##R1 V1.1## ##R1 V1.1##
#===Chanches For V1===# #===Changes For V1===#
#Added Vraiables and executes for them# #Added Variables and executes for them#
#===Chanches For V1.1===# #===Chaghes For V1.1===#
# Nginx, apache, certbot, phpmyadmin, php-fpm, postfix, netdata, Memcached, redis, wordpress & opcache# # Nginx, apache, certbot, phpmyadmin, php-fpm, postfix, netdata, Memcached, redis, wordpress & opcache#
#install scripts ware added# #install scripts were added#
#============================================================================== #==============================================================================
# UNDER DEVELOPMENT # UNDER DEVELOPMENT
#============================================================================== #==============================================================================
@@ -27,6 +27,8 @@
# Preconfiguration # # Preconfiguration #
#-------------------# #-------------------#
cd /tmp
echo "UBUNTU 18.04 INSTALLATIE SCRIPT" echo "UBUNTU 18.04 INSTALLATIE SCRIPT"
echo Welk domein mag gekoppeld worden? Typ domein zonder www echo Welk domein mag gekoppeld worden? Typ domein zonder www
read domain read domain
@@ -42,6 +44,16 @@ apt-get autoremove -y
hostnamectl set-hostname $domain hostnamectl set-hostname $domain
sed -i 's/;preserve_hostname: false/preserve_hostname: true/g' /etc/cloud/cloud.cfg sed -i 's/;preserve_hostname: false/preserve_hostname: true/g' /etc/cloud/cloud.cfg
timedatectl set-timezone Europe/Amsterdam timedatectl set-timezone Europe/Amsterdam
sed -i 's/#/vm.swappiness=10/g' /etc/sysctl.conf
sed -i 's/#/vm.vfs_cache_pressure=50/g' /etc/sysctl.conf
apt install rsync grsync sshpass -y
touch /etc/cron.d/updates
cat <<EOF > /etc/cron.d/updates
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# m h dom mon dow command
0 0 * * * apt-get update -y && apt-get upgrade -y &&apt-get dist-upgrade -y
EOF
echo "Webserver:" echo "Webserver:"
PS3='Keuze:' PS3='Keuze:'
options=("Apache" "Apache, Nginx reverse proxy" "Nginx, PHP-FPM" "Quit") options=("Apache" "Apache, Nginx reverse proxy" "Nginx, PHP-FPM" "Quit")
@@ -49,49 +61,20 @@ select opt in "${options[@]}"
do do
case $opt in case $opt in
"Apache") "Apache")
webserver=apache script=https://trans.bprieshof.nl/gitea/ICT-Maatwerk/Vps-UBUNTU-SetupScrips/raw/branch/master/Apache-Installer_V0.1.sh
certbot_server=apache break;;
break
;;
"Apache, Nginx reverse proxy") "Apache, Nginx reverse proxy")
webserver=apache_nginx script=https://trans.bprieshof.nl/gitea/ICT-Maatwerk/Vps-UBUNTU-SetupScrips/raw/branch/master/Apache-RevProxNGINX-Installer_V0.1.sh
certbot_server=nginx break;;
break
;;
"Nginx, PHP-FPM") "Nginx, PHP-FPM")
webserver=nginx script=https://trans.bprieshof.nl/gitea/ICT-Maatwerk/Vps-UBUNTU-SetupScrips/raw/branch/master/NGINX-Installer_V0.1.sh
certbot_server=nginx break;;
break
;;
"Quit") "Quit")
exit exit;;
;;
*) echo "Fout antwoord $REPLY";; *) echo "Fout antwoord $REPLY";;
esac esac
done done
while true; do
read -p "Installeer PHPmyAdmin -> yes/no?" yn
case $yn in
[Yy]* ) phpmyadmin=1
break;;
[Nn]* ) phpmyadmin=0
break;;
* ) echo "Kies yes of no.";;
esac
done
while true; do
read -p "Installeer Postfix -> yes/no?" yn
case $yn in
[Yy]* ) postfix=1
break;;
[Nn]* ) postfix=0
break;;
* ) echo "Kies yes of no.";;
esac
done
while true; do while true; do
read -p "Installeer Netdata -> yes/no?" yn read -p "Installeer Netdata -> yes/no?" yn
case $yn in case $yn in
@@ -125,17 +108,6 @@ while true; do
esac esac
done done
while true; do
read -p "Installeer Let's Encrypt -> yes/no?" yn
case $yn in
[Yy]* ) certbot=1
break;;
[Nn]* ) certbot=0
break;;
* ) echo "Kies yes of no.";;
esac
done
while true; do while true; do
read -p "Installeer Wordpress -> yes/no?" yn read -p "Installeer Wordpress -> yes/no?" yn
case $yn in case $yn in
@@ -156,530 +128,11 @@ sleep 0.5
echo "INSTALLATIE DUURT 5 Minuten" echo "INSTALLATIE DUURT 5 Minuten"
sleep 0.5 sleep 0.5
echo "***************************" echo "***************************"
sed -i 's/#/vm.swappiness=10/g' /etc/sysctl.conf
sed -i 's/#/vm.vfs_cache_pressure=50/g' /etc/sysctl.conf
apt install rsync grsync -y
apt install sshpass -y
#----------------------# wget $script -O script.sh
# Apache Install # source script.sh
#----------------------#
if [ $webserver = apache ]
then
echo "install apache"
ufw allow OpenSSH
ufw allow 443/tcp
ufw allow 80/tcp
ufw limit ssh
echo "y" | sudo ufw enable
#-------------------#
# LAMP #
#-------------------#
install apache2 -y
apt install mysql-server-5.7 -y
echo "& y y abc abc y y y y" | ./usr/bin/mysql_secure_installation
mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
mysql -u root -p"$passwd" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$passwd"';"
mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;"
mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
apt install libapache2-mod-php php-fpm php-mysql php-cgi php-common php-pear php-mbstring php-curl php-gd php-intl php-soap php-xml php-xmlrpc php-zip -y
cat <<EOF > /etc/apache2/mods-enabled/dir.conf
<IfModule mod_dir.c>
DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm
</IfModule>
EOF
systemctl restart apache2
systemctl status apache2
#-------------------#
# VIRTUAL HOST #
#-------------------#
rm /var/www/html
mkdir -p /var/www/"$domain"/public_html
chmod -R 755 /var/www
cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/"$domain".conf
cat <<EOF > /etc/apache2/sites-available/"$domain".conf
<VirtualHost *:80>
ServerAdmin $email
ServerName $domain
ServerAlias www.$domain
DocumentRoot /var/www/$domain/public_html
ErrorLog \${APACHE_LOG_DIR}/error.log
CustomLog \${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
EOF
a2ensite $domain.conf
a2dissite 000-default.conf
systemctl restart apache2
fi
#----------------------#
# Apache_Nginx Install #
#----------------------#
if [ $webserver = apache_nginx ]
then
echo "install apache_nginx"
ufw allow OpenSSH
ufw allow 443/tcp
ufw allow 80/tcp
ufw limit ssh
echo "y" | sudo ufw enable
fi
#-------------------#
# Nginx Install #
#-------------------#
if [ $webserver = nginx ]
then
echo "install NGINX"
ufw allow OpenSSH
ufw allow 443/tcp
ufw allow 80/tcp
ufw limit ssh
echo "y" | sudo ufw enable
#-------------------#
# LEMP #
#-------------------#
apt install nginx -y
ufw allow 'Nginx HTTP'
apt install mysql-server-5.7 -y
mysql_secure_installation
mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
mysql -u root -p"$passwd" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$passwd"';"
mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;"
mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
apt install php-fpm php-mysql php-cgi php-common php-pear php-mbstring php-curl php-gd php-intl php-soap php-xml php-xmlrpc php-zip -y
#-------------------#
# NGINX CONFIG #
#-------------------#
mkdir -p /var/www/"$domain"/html
chmod -R 755 /var/www
cat <<EOF > /etc/nginx/sites-available/$domain
fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=MYAPP:100m max_size=10g inactive=1440m;
server {
listen 80;
listen [::]:80;
root /var/www/$domain/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name $domain www.$domain;
#return 301 \$scheme:/\$domain\$request_uri; Redirect to non-www
#return 301 https://domein.nl$request_uri; Redirect to other domain
location = /netdata {
return 301 /netdata/;
}
location ~ /netdata/(?<ndpath>.*) {
proxy_redirect off;
proxy_set_header Host \$host;
proxy_set_header X-Forwarded-Host \$host;
proxy_set_header X-Forwarded-Server \$host;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_pass_request_headers on;
proxy_set_header Connection "keep-alive";
proxy_store off;
proxy_pass http://netdata/\$ndpath\$is_args\$args;
}
gzip on;
gzip_proxied any;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
gzip_min_length 1000;
gzip_comp_level 2;
gzip_disable "msie6";
gzip_buffers 16 8k;
location / {
#try_files \$uri \$uri/ =404;
try_files \$uri \$uri/ /index.php\$is_args\$args;
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png|svg|eot|otf|woff|woff2|ttf|ogg)$ {
expires max;
log_not_found off;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_cache MYAPP;
fastcgi_cache_valid 200 302 301 1m;
fastcgi_cache_valid 404 1m;
fastcgi_cache_bypass \$no_cache;
fastcgi_no_cache \$no_cache;
fastcgi_cache_revalidate on;
fastcgi_cache_background_update on;
fastcgi_cache_lock on;
fastcgi_cache_use_stale updating;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
}
location ~ /\.ht {
deny all;
}
location /phpmyadmin {
index index.php;
}
#Cache everything by default
set \$no_cache 0;
#Don't cache POST requests
if (\$request_method = POST)
{
set \$no_cache 1;
}
#Don't cache if the URL contains a query string
if (\$query_string != "")
{
set \$no_cache 1;
}
#Don't cache the following URLs
if (\$request_uri ~* "/(administrator/|login.php)")
{
set \$no_cache 1;
}
#Don't cache if there is a cookie called PHPSESSID
if (\$http_cookie = "PHPSESSID")
{
set \$no_cache 1;
}
}
EOF
cat <<EOF > /etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 1024;
}
http {
fastcgi_cache_key \$scheme\$request_method\$host\$request_uri;
add_header X-Cache "\$upstream_cache_status";
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
client_body_buffer_size 10K;
client_header_buffer_size 1k;
client_max_body_size 8m;
large_client_header_buffers 4 4k;
server_names_hash_bucket_size 64;
include /etc/nginx/mime.types;
default_type text/html;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 180m;
#access_log /var/log/nginx/access.log;
access_log off;
error_log /var/log/nginx/error.log;
gzip on;
gzip_proxied any;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
gzip_min_length 1000;
gzip_comp_level 2;
gzip_disable "msie6";
gzip_buffers 16 8k;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
EOF
cat <<EOF > /etc/nginx/sites-available/default
#fastcgi_cache_key \$scheme\$request_method\$host\$request_uri;
#add_header X-Cache "\$upstream_cache_status";
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
upstream netdata {
server 127.0.0.1:19999;
keepalive 64;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
location = /netdata {
return 301 /netdata/;
}
location ~ /netdata/(?<ndpath>.*) {
proxy_redirect off;
proxy_set_header Host \$host;
proxy_set_header X-Forwarded-Host \$host;
proxy_set_header X-Forwarded-Server \$host;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_pass_request_headers on;
proxy_set_header Connection "keep-alive";
proxy_store off;
proxy_pass http://netdata/\$ndpath\$is_args\$args;
gzip on;
gzip_proxied any;
gzip_types *;
}
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name _;
location / {
try_files \$uri \$uri/ =404;
}
# pass PHP scripts to FastCGI server
location ~ \.php\$ {
include snippets/fastcgi-php.conf;
# With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
# With php-cgi (or other tcp sockets):
#fastcgi_pass 127.0.0.1:9000;
}
}
EOF
ln -s /etc/nginx/sites-available/$domain /etc/nginx/sites-enabled/
sed -i 's/#cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/7.2/fpm/php.ini
systemctl reload nginx
fi
#--------------------#
# PHPmyAdmin Install #
#--------------------#
if [ $phpmyadmin = 1 ]
then
echo "install php myadmin"
apt-get install phpmyadmin -y
ln -s /usr/share/phpmyadmin /var/www/"$domain"/html
systemctl restart php7.2-fpm
# Redirect phpmyadmin -> database
cd /var/www/"$domain"/html/
ls -l
mv phpmyadmin database
fi
#-----------------#
# Postfix Install #
#-----------------#
if [ $postfix = 1 ]
then
echo "install postfix"
apt install mailutils -y
sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf
sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf
sed -i 's/relayhost =/mydestination = '$domain', localhost.'$domain', '$domain'/g' /etc/postfix/main.cf
systemctl restart postfix
cat <<EOF > /etc/aliases
# See man 5 aliases for format
postmaster: root
root: $email
EOF
newaliases
fi
#-----------------#
# Netdata Install #
#-----------------#
if [ $netdata = 1 ]
then
echo "install netdata"
bash <(curl -Ss https://my-netdata.io/kickstart.sh)
ufw allow 19999/tcp
iptables -A INPUT -p tcp --dport 19999 -j ACCEPT
fi
#-------------------#
# Memcached Install #
#-------------------#
if [ $memcached = 1 ]
then
echo "install memcached"
apt-get install memcached -y
systemctl restart memcached
fi
#---------------#
# Redis Install #
#---------------#
if [ $redis = 1 ]
then
echo "install redis"
apt install redis-server -y
sed -i 's/supervised no/supervised systemd/g' /etc/redis/redis.conf
sed -i 's/# bind 127.0.0.1 ::1/bind 127.0.0.1 ::1/g' /etc/redis/redis.conf
sed -i 's/# requirepass foobared/requirepass '$passwd'/g' /etc/redis/redis.conf
systemctl restart redis
systemctl restart redis.service
fi
#-----------------#
# Certbot Install #
#-----------------#
if [ $certbot = 1 ]
then
echo "install Let's Encrypt Certbot"
add-apt-repository ppa:certbot/certbot
apt install python-certbot-$certbot_server -y
#certbot --$certbot_server -d $domain -d www.$domain
fi
#-------------------#
# Wordpress Install #
#-------------------#
if [ $wordpress = 1 ]
then
echo "install wordpress"
#-------------------#
# MYSQL CONFIG #
#-------------------#
db_name="wp_1"
db_user="wp_1"
db_pass=$(date +%s|sha256sum|base64|head -c 32)
mysql -u root -p"$passwd" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
mysql -u root -p"$passwd" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';"
mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;"
#-------------------#
# WP - INSTALL #
#-------------------#
cd /tmp
curl -LO https://wordpress.org/latest.tar.gz
tar xzvf latest.tar.gz
cp /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php
cp -a /tmp/wordpress/. /var/www/"$domain"/html
chown -R www-data:www-data /var/www/"$domain"/html
WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -)
cat <<EOF > /var/www/"$domain"/html/wp-config.php
<?php
define('DB_NAME', '$db_name');
define('DB_USER', '$db_user');
define('DB_PASSWORD', '$db_pass');
define('DB_HOST', 'localhost');
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');
#define( 'WP_SITEURL', '' );
#define( 'WP_HOME', '' );
#define( 'ALTERNATE_WP_CRON', true );
#define('DISABLE_WP_CRON', 'true');
#define('WP_CRON_LOCK_TIMEOUT', 900);
#define('AUTOSAVE_INTERVAL', 300);
define( 'WP_MEMORY_LIMIT', '256M' );
#define( 'FS_CHMOD_DIR', ( 0755 & ~ umask() ) );
#define( 'FS_CHMOD_FILE', ( 0644 & ~ umask() ) );
#define( 'WP_ALLOW_REPAIR', true );
#define( 'FORCE_SSL_ADMIN', true );
#define( 'AUTOMATIC_UPDATER_DISABLED', true );
#define( 'WP_AUTO_UPDATE_CORE', false );
$WPSalts
\$table_prefix = '$db_name';
define('WP_DEBUG', false);
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
#\$memcached_servers = array(
# 'default' => array(
# '127.0.0.1:11211'
# )
#);
#define('WP_REDIS_HOST', '127.0.0.1');
#define('WP_REDIS_PASSWORD', '$passwd');
#define('WP_REDIS_PORT', '6379');
require_once(ABSPATH . 'wp-settings.php');
EOF
#-------------------#
# OPCACHE GUI #
#-------------------#
cd /tmp
curl -LO https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php
cp /tmp/index.php /tmp/opcache.php
cp -a /tmp/opcache.php /var/www/"$domain"/html
cat > /var/www/"$domain"/html/info.php <<- "EOF"
<?php
phpinfo();
?>
EOF
fi
#----------------------#
# Generic end commands #
#----------------------#
#----------------#
# OPCACHE #
#----------------#
sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=50000/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/7.2/fpm/php.ini
sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/7.2/fpm/php.ini
systemctl restart php7.2-fpm.service
#-------------------#
# OPCACHE GUI #
#-------------------#
cd /tmp
curl -LO https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php
cp /tmp/index.php /tmp/opcache.php
cp -a /tmp/opcache.php /var/www/"$domain"/html
cat > /var/www/"$domain"/html/info.php <<- "EOF"
<?php
phpinfo();
?>
EOF
#-------------------#
# SYS UPDATE CRON #
#-------------------#
cd /etc/cron.d
touch updates
cat <<EOF > /etc/cron.d/updates
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# m h dom mon dow command
0 0 * * * apt-get update -y && apt-get upgrade -y &&apt-get dist-upgrade -y
EOF
echo "Install Succes" echo "Install Succes"
echo "Reboot system in:" echo "Reboot system in:"
@@ -689,5 +142,5 @@ sleep 1
echo "2" echo "2"
sleep 1 sleep 1
echo "1" echo "1"
reboot #reboot
exit exit