Work_Archive/Vps-UBUNTU-SetupScripts
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

'NGINX-Installer.sh' updaten

Browse Source
This commit is contained in:
ictmaatwerk
2018-09-12 12:58:44 +00:00
parent 02601e4e62
commit f304a1e39d
1 changed files with 101 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

186
NGINX-Installer.sh
View File

@@ -12,14 +12,13 @@
# LEMP # # LEMP #
#-------------------# #-------------------#
apt install nginx mysql-server-5.7 -y apt install -y nginx mysql-server-5.7
ufw allow 'Nginx HTTP'
mysql_secure_installation mysql_secure_installation
mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;" mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
mysql -u root -p"$passwd" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$passwd"';" mysql -u root -p"$passwd" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$passwd"';"
mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;" mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;"
mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;" mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
apt install php-fpm php-mysql php-cgi php-common php-pear php-mbstring php-curl php-gd php-intl php-soap php-xml php-xmlrpc php-zip -y apt install -y php-fpm php-mysql php-cgi php-common php-pear php-mbstring php-curl php-gd php-intl php-soap php-xml php-xmlrpc php-zip
#-------------------# #-------------------#
# NGINX CONFIG # # NGINX CONFIG #
@@ -31,19 +30,19 @@ cat <<EOF > /etc/nginx/sites-available/$domain
fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=MYAPP:100m max_size=10g inactive=1440m; fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=MYAPP:100m max_size=10g inactive=1440m;
server { server {
listen 80; listen 80;
listen [::]:80; listen [::]:80;
root /var/www/$domain/html; root /var/www/$domain/html;
index index.php index.html index.htm index.nginx-debian.html; index index.php index.html index.htm index.nginx-debian.html;
server_name $domain www.$domain; server_name $domain www.$domain;
#return 301 \$scheme:/\$domain\$request_uri; Redirect to non-www #return 301 \$scheme:/\$domain\$request_uri; Redirect to non-www
#return 301 https://domein.nl$request_uri; Redirect to other domain #return 301 https://domein.nl$request_uri; Redirect to other domain
location = /netdata { location = /netdata {
return 301 /netdata/; return 301 /netdata/;
} }
location ~ /netdata/(?<ndpath>.*) { location ~ /netdata/(?<ndpath>.*) {
proxy_redirect off; proxy_redirect off;
proxy_set_header Host \$host; proxy_set_header Host \$host;
@@ -55,80 +54,76 @@ server {
proxy_set_header Connection "keep-alive"; proxy_set_header Connection "keep-alive";
proxy_store off; proxy_store off;
proxy_pass http://netdata/\$ndpath\$is_args\$args; proxy_pass http://netdata/\$ndpath\$is_args\$args;
} }
gzip on; gzip on;
gzip_proxied any; gzip_proxied any;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml; gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
gzip_min_length 1000; gzip_min_length 1000;
gzip_comp_level 2; gzip_comp_level 2;
gzip_disable "msie6"; gzip_disable "msie6";
gzip_buffers 16 8k; gzip_buffers 16 8k;
location / { location / {
#try_files \$uri \$uri/ =404; #try_files \$uri \$uri/ =404;
try_files \$uri \$uri/ /index.php\$is_args\$args; try_files \$uri \$uri/ /index.php\$is_args\$args;
} }
location = /favicon.ico { log_not_found off; access_log off; } location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; } location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png|svg|eot|otf|woff|woff2|ttf|ogg)$ { location ~* \.(css|gif|ico|jpeg|jpg|js|png|svg|eot|otf|woff|woff2|ttf|ogg)$ {
expires max; expires max;
log_not_found off; log_not_found off;
} }
location ~ \.php$ { location ~ \.php$ {
include snippets/fastcgi-php.conf; include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_cache MYAPP; fastcgi_cache MYAPP;
fastcgi_cache_valid 200 302 301 1m; fastcgi_cache_valid 200 302 301 1m;
fastcgi_cache_valid 404 1m; fastcgi_cache_valid 404 1m;
fastcgi_cache_bypass \$no_cache; fastcgi_cache_bypass \$no_cache;
fastcgi_no_cache \$no_cache; fastcgi_no_cache \$no_cache;
fastcgi_cache_revalidate on; fastcgi_cache_revalidate on;
fastcgi_cache_background_update on; fastcgi_cache_background_update on;
fastcgi_cache_lock on; fastcgi_cache_lock on;
fastcgi_cache_use_stale updating; fastcgi_cache_use_stale updating;
fastcgi_buffer_size 128k; fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k; fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k; fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k; fastcgi_temp_file_write_size 256k;
} }
location ~ /\.ht { location ~ /\.ht {
deny all; deny all;
} }
location /phpmyadmin { location /phpmyadmin {
index index.php; index index.php;
} }
#Cache everything by default #Cache everything by default
set \$no_cache 0; set \$no_cache 0;
#Don't cache POST requests #Don't cache POST requests
if (\$request_method = POST) if (\$request_method = POST) {
{ set \$no_cache 1;
set \$no_cache 1; }
}
#Don't cache if the URL contains a query string #Don't cache if the URL contains a query string
if (\$query_string != "") if (\$query_string != "") {
{ set \$no_cache 1;
set \$no_cache 1; }
}
#Don't cache the following URLs #Don't cache the following URLs
if (\$request_uri ~* "/(administrator/|login.php)") if (\$request_uri ~* "/(administrator/|login.php)") {
{ set \$no_cache 1;
set \$no_cache 1; }
}
#Don't cache if there is a cookie called PHPSESSID #Don't cache if there is a cookie called PHPSESSID
if (\$http_cookie = "PHPSESSID") if (\$http_cookie = "PHPSESSID") {
{ set \$no_cache 1;
set \$no_cache 1; }
}
} }
EOF EOF
cat <<EOF > /etc/nginx/nginx.conf cat <<EOF > /etc/nginx/nginx.conf
@@ -186,24 +181,24 @@ http {
} }
EOF EOF
cat <<EOF > /etc/nginx/sites-available/default cat <<EOF > /etc/nginx/sites-available/default
#fastcgi_cache_key \$scheme\$request_method\$host\$request_uri; #fastcgi_cache_key \$scheme\$request_method\$host\$request_uri;
#add_header X-Cache "\$upstream_cache_status"; #add_header X-Cache "\$upstream_cache_status";
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; #add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#ssl_session_cache shared:SSL:20m; #ssl_session_cache shared:SSL:20m;
#ssl_session_timeout 180m; #ssl_session_timeout 180m;
#client_body_buffer_size 10K; #client_body_buffer_size 10K;
#client_header_buffer_size 1k; #client_header_buffer_size 1k;
#client_max_body_size 8m; #client_max_body_size 8m;
#large_client_header_buffers 4 4k; #large_client_header_buffers 4 4k;
#access_log off; #access_log off;
upstream netdata { upstream netdata {
server 127.0.0.1:19999; server 127.0.0.1:19999;
keepalive 64; keepalive 64;
} }
server { server {
listen 80 default_server; listen 80 default_server;
listen [::]:80 default_server; listen [::]:80 default_server;
@@ -239,7 +234,7 @@ cat <<EOF > /etc/nginx/sites-available/default
} }
# pass PHP scripts to FastCGI server # pass PHP scripts to FastCGI server
location ~ \.php$ { location ~ \.php\$ {
include snippets/fastcgi-php.conf; include snippets/fastcgi-php.conf;
# With php-fpm (or other unix sockets): # With php-fpm (or other unix sockets):
@@ -257,7 +252,7 @@ systemctl reload nginx
# PHPMYADMIN # # PHPMYADMIN #
#-------------------# #-------------------#
apt-get install phpmyadmin -y apt install -y phpmyadmin
ln -s /usr/share/phpmyadmin /var/www/"$domain"/html ln -s /usr/share/phpmyadmin /var/www/"$domain"/html
systemctl restart php7.2-fpm systemctl restart php7.2-fpm
# Redirect phpmyadmin -> database # Redirect phpmyadmin -> database
@@ -267,7 +262,9 @@ mv /var/www/"$domain"/html/phpmyadmin /var/www/"$domain"/html/database
# POSTFIX # # POSTFIX #
#-------------------# #-------------------#
apt install mailutils -y debconf-set-selections <<< "postfix postfix/mailname string $domain"
debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"
apt install -y mailutils
sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf
sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf
sed -i 's/relayhost =/mydestination = '$domain', localhost.'$domain', '$domain'/g' /etc/postfix/main.cf sed -i 's/relayhost =/mydestination = '$domain', localhost.'$domain', '$domain'/g' /etc/postfix/main.cf
@@ -284,7 +281,7 @@ newaliases
#-------------------# #-------------------#
if [ $netdata = 1 ] if [ $netdata = 1 ]
then then
bash <(curl -Ss https://my-netdata.io/kickstart.sh) apt install -y netdata
ufw allow 19999/tcp ufw allow 19999/tcp
# systemctl stop netdata # systemctl stop netdata
# systemctl disable netdata # systemctl disable netdata
@@ -296,7 +293,7 @@ fi
#-------------------# #-------------------#
if [ $memcached = 1 ] if [ $memcached = 1 ]
then then
apt-get install memcached -y apt install -y memcached
systemctl restart memcached systemctl restart memcached
# systemctl stop memcached # systemctl stop memcached
# systemctl disable memcached # systemctl disable memcached
@@ -307,7 +304,7 @@ fi
#-------------------# #-------------------#
if [ $redis = 1 ] if [ $redis = 1 ]
then then
apt install redis-server -y apt install -y redis-server
sed -i 's/supervised no/supervised systemd/g' /etc/redis/redis.conf sed -i 's/supervised no/supervised systemd/g' /etc/redis/redis.conf
sed -i 's/# bind 127.0.0.1 ::1/bind 127.0.0.1 ::1/g' /etc/redis/redis.conf sed -i 's/# bind 127.0.0.1 ::1/bind 127.0.0.1 ::1/g' /etc/redis/redis.conf
sed -i 's/# requirepass foobared/requirepass '$passwd'/g' /etc/redis/redis.conf sed -i 's/# requirepass foobared/requirepass '$passwd'/g' /etc/redis/redis.conf
@@ -322,8 +319,9 @@ fi
# CERTBOT # # CERTBOT #
#-------------------# #-------------------#
add-apt-repository ppa:certbot/certbot add-apt-repository -y ppa:certbot/certbot
apt install python-certbot-nginx -y apt update
apt install -y python-certbot-nginx
#certbot --nginx -d $domain -d www.$domain #certbot --nginx -d $domain -d www.$domain
#sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain" #sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
#sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain" #sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"