#==============================================================================
#   UBUNTU 18.04 BASH SCRIPT
#   https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-as-a-web-server-and-reverse-proxy-for-apache-on-one-ubuntu-18-04-server
#==============================================================================    
#   apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y
#   do-release-upgrade -d
#
#==============================================================================

# Set server IP variable for apache access
server_ip=$(hostname -I|cut -f1 -d ' ')
# Block direct apache acces
ufw deny 8080/tcp
ufw allow from "$server_ip" proto tcp to any port 8080

#-------------------#
#  APACHE + PHP-FPM #
#-------------------#

apt install apache2 php-fpm -y
wget https://mirrors.edge.kernel.org/ubuntu/pool/multiverse/liba/libapache-mod-fastcgi/libapache2-mod-fastcgi_2.4.7~0910052141-1.2_amd64.deb
dpkg -i libapache2-mod-fastcgi_2.4.7~0910052141-1.2_amd64.deb
mv /etc/apache2/ports.conf /etc/apache2/ports.conf.default
echo "Listen 8080" | tee /etc/apache2/ports.conf
a2dissite 000-default
cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/001-default.conf
sed -i 's/:80/:8080/g' /etc/apache2/sites-available/001-default.conf
a2ensite 001-default
systemctl reload apache2
netstat -tlpn

#-------------------#
#       MYSQL       #
#-------------------#

apt install mysql-server-5.7 -y
mysql_secure_installation
mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
mysql -u root -p"$passwd" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$passwd"';"
mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;"
mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
apt install libapache2-mod-php php-fpm php-mysql php-cgi php-common php-pear php-mbstring php-curl php-gd php-intl php-soap php-xml php-xmlrpc php-zip -y

#-------------------#
#    MOD_FASTCGI    #
#-------------------#

a2dismod php7.2
a2enmod actions
mv /etc/apache2/mods-enabled/fastcgi.conf /etc/apache2/mods-enabled/fastcgi.conf.default
cat <<EOF > /etc/apache2/mods-enabled/fastcgi.conf
<IfModule mod_fastcgi.c>
  AddHandler fastcgi-script .fcgi
  FastCgiIpcDir /var/lib/apache2/fastcgi
  AddType application/x-httpd-fastphp .php
  Action application/x-httpd-fastphp /php-fcgi
  Alias /php-fcgi /usr/lib/cgi-bin/php-fcgi
  FastCgiExternalServer /usr/lib/cgi-bin/php-fcgi -socket /run/php/php7.2-fpm.sock -pass-header Authorization
  <Directory /usr/lib/cgi-bin>
    Require all granted
  </Directory>
</IfModule>
EOF
apachectl -t
systemctl reload apache2

#-------------------#
#   VHOST APACHE    #
#-------------------#

mkdir -p /var/www/"$domain"/public_html
cat <<EOF > /etc/apache2/sites-available/"$domain".conf
<VirtualHost *:8080>
    ServerAdmin $email
    ServerName $domain
    ServerAlias www.$domain
    DocumentRoot /var/www/$domain/public_html/
    ErrorLog \${APACHE_LOG_DIR}/error.log
    CustomLog \${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
EOF
a2ensite $domain.conf
systemctl reload apache2

#-------------------#
#    VHOST NGINX    #
#-------------------#

apt install nginx -y
rm /etc/nginx/sites-enabled/default
#mkdir -v /usr/share/nginx/$domain2
#echo "<?php phpinfo(); ?>" | tee /usr/share/nginx/$domain2/info.php
#cat <<EOF > /etc/nginx/sites-available/$domain2.conf
#server {
#    listen 80 default_server;
#
#    root /usr/share/nginx/$domain2;
#    index index.php index.html index.htm;
#
#    server_name $domain www.$domain2;
#    location / {
#        try_files \$uri \$uri/ /index.php;
#    }
#
#    location ~ \.php\$ {
#        fastcgi_pass unix:/run/php/php7.2-fpm.sock;
#        include snippets/fastcgi-php.conf;
#    }
#}
#EOF
#ln -s /etc/nginx/sites-available/$domain2 /etc/nginx/sites-enabled/$domain2
nginx -t

#-------------------#
#   REVERSE PROXY   # 
#-------------------#

cat <<EOF > /etc/nginx/sites-available/apache
server {
    listen 80;
    server_name $domain www.$domain;
    root /var/www/$domain/public_html/;
    index index.php index.htm index.html;
    
    location / {
        try_files \$uri \$uri/ /index.php;
    }

    location ~ \.php\$ {
        proxy_pass http://$server_ip:8080;
        proxy_set_header Host \$host;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto \$scheme;
    }
    
    location ~ /\.ht {
        deny all;
    }
    
    #listen 443 ssl;
    #ssl_certificate /etc/letsencrypt/live/$domain/fullchain.pem;
    #ssl_certificate_key /etc/letsencrypt/live/$domain/privkey.pem;
    #include /etc/letsencrypt/options-ssl-nginx.conf;
    #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
EOF
ln -s /etc/nginx/sites-available/apache /etc/nginx/sites-enabled/apache
nginx -t
systemctl reload nginx

#-------------------#
#     MOD_RPAF      #
#-------------------#

apt install unzip build-essential apache2-dev -y
wget https://github.com/gnif/mod_rpaf/archive/stable.zip
unzip stable.zip
cd mod_rpaf-stable
make
make install
cat <<EOF > /etc/apache2/mods-available/rpaf.load
LoadModule rpaf_module /usr/lib/apache2/modules/mod_rpaf.so
EOF
cat <<EOF > /etc/apache2/mods-available/rpaf.conf
    <IfModule mod_rpaf.c>
        RPAF_Enable             On
        RPAF_Header             X-Real-Ip
        RPAF_ProxyIPs           $server_ip 
        RPAF_SetHostName        On
        RPAF_SetHTTPS           On
        RPAF_SetPort            On
    </IfModule>
EOF
a2enmod rpaf
apachectl -t
systemctl reload apache2

#-------------------#
#      CERTBOT      #
#-------------------#

add-apt-repository ppa:certbot/certbot -y
apt update
apt install python-certbot-nginx -y
#certbot --nginx -d $domain -d www.$domain

#-------------------#
#     PHPMYADMIN    #
#-------------------#

apt-get install phpmyadmin -y
ln -s /usr/share/phpmyadmin /var/www/"$domain"/public_html
systemctl restart php7.2-fpm
# Redirect phpmyadmin -> database
mv /var/www/"$domain"/public_html/phpmyadmin /var/www/"$domain"/public_html/database
a2disconf phpmyadmin.conf
systemctl restart apache2

#-------------------#
#      POSTFIX      #
#-------------------#

apt install mailutils -y
sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf
sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf
sed -i 's/relayhost =/mydestination = '$domain', localhost.'$domain', '$domain'/g' /etc/postfix/main.cf
systemctl restart postfix
cat <<EOF > /etc/aliases
# See man 5 aliases for format
postmaster:    root
root:          $email
EOF
newaliases

#-------------------#
#      NETDATA      #
#-------------------#

if [ $netdata = 1 ]
    then
	apt install netdata -y
	ufw allow 19999/tcp
	# systemctl stop netdata
	# systemctl disable netdata
fi

#-------------------#
#     MEMCACHED     #
#  127.0.0.1:11211  #
#-------------------#

if [ $memcached = 1 ]
    then
	apt-get install memcached -y
	systemctl restart memcached
	# systemctl stop memcached
	# systemctl disable memcached
fi

#-------------------#
#       REDIS       #
#  127.0.0.1:6379   #
#-------------------#

if [ $redis = 1 ]
    then
	apt install redis-server -y
	sed -i 's/supervised no/supervised systemd/g' /etc/redis/redis.conf
	sed -i 's/# bind 127.0.0.1 ::1/bind 127.0.0.1 ::1/g' /etc/redis/redis.conf
	sed -i 's/# requirepass foobared/requirepass '$passwd'/g' /etc/redis/redis.conf
	systemctl restart redis
	systemctl restart redis.service
	# systemctl stop redis
	# systemctl stop redis.service
	# systemctl disable redis
	# systemctl disable redis.service
fi

#-------------------#
#      PHP.ini      #
#-------------------#

sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=50000/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/7.2/fpm/php.ini
sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/7.2/fpm/php.ini
sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/7.2/fpm/php.ini
systemctl restart php7.2-fpm.service

#-------------------#
#    WP - INSTALL   #
#-------------------#

if [ $wordpress = 1 ]
	then
    db_name="wp_1"
    db_user="wp_1"
    db_pass=$(date +%s|sha256sum|base64|head -c 32)
    mysql -u root -p"$passwd" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
    mysql -u root -p"$passwd" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';"
	mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;"
    wget https://wordpress.org/latest.tar.gz -O /tmp/wp.tar.gz
   	tar xzvf /tmp/wp.tar.gz -C /tmp
   	mv /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php
    cp -a /tmp/wordpress/. /var/www/"$domain"/public_html
    chown -R www-data:www-data /var/www/"$domain"/public_html
    WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -)
cat <<EOF > /var/www/"$domain"/public_html/wp-config.php
<?php
define('DB_NAME', '$db_name');
define('DB_USER', '$db_user');
define('DB_PASSWORD', '$db_pass');
define('DB_HOST', 'localhost');
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');
#define( 'WP_SITEURL', '' );
#define( 'WP_HOME', '' );
#define( 'ALTERNATE_WP_CRON', true );
#define('DISABLE_WP_CRON', 'true');
#define('WP_CRON_LOCK_TIMEOUT', 900);
#define('AUTOSAVE_INTERVAL', 300);
define( 'WP_MEMORY_LIMIT', '256M' );
define( 'DISALLOW_FILE_EDIT', true );
#define( 'EMPTY_TRASH_DAYS', 7 );
define( 'NOBLOGREDIRECT', 'https://$domain' );
#define( 'FS_CHMOD_DIR', ( 0755 & ~ umask() ) );
#define( 'FS_CHMOD_FILE', ( 0644 & ~ umask() ) );
#define( 'WP_ALLOW_REPAIR', true );
#define( 'FORCE_SSL_ADMIN', true );
#define( 'AUTOMATIC_UPDATER_DISABLED', true );
#define( 'WP_AUTO_UPDATE_CORE', false );
$WPSalts
\$table_prefix = '$db_name';

define('WP_DEBUG', false);
if ( !defined('ABSPATH') )
	define('ABSPATH', dirname(__FILE__) . '/');

#\$memcached_servers = array(
#    'default' => array(
#        '127.0.0.1:11211'
#    )
#);
#define('WP_REDIS_HOST', '127.0.0.1');
#define('WP_REDIS_PASSWORD', '$passwd');
#define('WP_REDIS_PORT', '6379');
require_once(ABSPATH . 'wp-settings.php');
EOF
fi

#--------------------#
#  WWW Folder Perms  #
#--------------------#

chown -R www-data:www-data /var/www/"$domain"/public_html

#-------------------#
#    OPCACHE GUI    #
#-------------------#

wget https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php -O /var/www/"$domain"/public_html/opcache.php

#----------------#
#    PHP.info    #
#----------------#

cat > /var/www/"$domain"/public_html/info.php <<- "EOF"
<?php
phpinfo();
EOF