#!/bin/bash # Bash Menu Script Example #============================================================================== # UBUNTU 18.04 BASH SCRIPT #============================================================================== ##R1 V1.1## #===Chanches For V1===# #Added Vraiables and executes for them# #===Chanches For V1.1===# # Nginx, apache, certbot, phpmyadmin, php-fpm, postfix, netdata, Memcached, redis, wordpress & opcache# #install scripts ware added# #============================================================================== # UNDER DEVELOPMENT #============================================================================== # Mailserver -->> EXIM, DOVECOT, SPAMASSASSIN, CLAMAV # FTP backups -->> VSFTPD # Secure WP -->> NGINX RULES # WP backup & restore -->> SHELL or PHP # LAMP SETUP # APACHE, NGINX REVERSE PROXY #============================================================================== # CHECKEN! # > Postfix #============================================================================== #-------------------# # Preconfiguration # #-------------------# echo "UBUNTU 18.04 INSTALLATIE SCRIPT" echo Welk domein mag gekoppeld worden? Typ domein zonder www read domain echo Standaard wachtwoord read passwd echo administrator email read email apt-get update apt-get upgrade -y apt-get dist-upgrade -y apt-get clean apt-get autoremove -y hostnamectl set-hostname $domain sed -i 's/;preserve_hostname: false/preserve_hostname: true/g' /etc/cloud/cloud.cfg timedatectl set-timezone Europe/Amsterdam echo "Webserver:" PS3='Keuze:' options=("Apache" "Apache, Nginx reverse proxy" "Nginx, PHP-FPM" "Quit") select opt in "${options[@]}" do case $opt in "Apache") webserver=apache certbot_server=apache break ;; "Apache, Nginx reverse proxy") webserver=apache_nginx certbot_server=nginx break ;; "Nginx, PHP-FPM") webserver=nginx certbot_server=nginx break ;; "Quit") exit ;; *) echo "Fout antwoord $REPLY";; esac done while true; do read -p "Installeer PHPmyAdmin -> yes/no?" yn case $yn in [Yy]* ) phpmyadmin=1 break;; [Nn]* ) phpmyadmin=0 break;; * ) echo "Kies yes of no.";; esac done while true; do read -p "Installeer Postfix -> yes/no?" yn case $yn in [Yy]* ) postfix=1 break;; [Nn]* ) postfix=0 break;; * ) echo "Kies yes of no.";; esac done while true; do read -p "Installeer Netdata -> yes/no?" yn case $yn in [Yy]* ) netdata=1 break;; [Nn]* ) netdata=0 break;; * ) echo "Kies yes of no.";; esac done while true; do read -p "Installeer Memcached -> yes/no?" yn case $yn in [Yy]* ) memcached=1 break;; [Nn]* ) memcached=0 break;; * ) echo "Kies yes of no.";; esac done while true; do read -p "Installeer Redis Cache -> yes/no?" yn case $yn in [Yy]* ) redis=1 break;; [Nn]* ) redis=0 break;; * ) echo "Kies yes of no.";; esac done while true; do read -p "Installeer Let's Encrypt -> yes/no?" yn case $yn in [Yy]* ) certbot=1 break;; [Nn]* ) certbot=0 break;; * ) echo "Kies yes of no.";; esac done while true; do read -p "Installeer Wordpress -> yes/no?" yn case $yn in [Yy]* ) wordpress=1 break;; [Nn]* ) wordpress=0 break;; * ) echo "Kies yes of no.";; esac done #-------------------# # Install Phase # #-------------------# echo "***************************" sleep 0.5 echo "INSTALLATIE DUURT 5 Minuten" sleep 0.5 echo "***************************" sed -i 's/#/vm.swappiness=10/g' /etc/sysctl.conf sed -i 's/#/vm.vfs_cache_pressure=50/g' /etc/sysctl.conf apt install rsync grsync -y apt install sshpass -y #----------------------# # Apache Install # #----------------------# if [ $webserver = apache ] then echo "install apache" ufw allow OpenSSH ufw allow 443/tcp ufw allow 80/tcp ufw limit ssh echo "y" | sudo ufw enable #-------------------# # LAMP # #-------------------# install apache2 -y apt install mysql-server-5.7 -y echo "& y y abc abc y y y y" | ./usr/bin/mysql_secure_installation mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;" mysql -u root -p"$passwd" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$passwd"';" mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;" mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;" apt install libapache2-mod-php php-fpm php-mysql php-cgi php-common php-pear php-mbstring php-curl php-gd php-intl php-soap php-xml php-xmlrpc php-zip -y cat < /etc/apache2/mods-enabled/dir.conf DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm EOF systemctl restart apache2 systemctl status apache2 #-------------------# # VIRTUAL HOST # #-------------------# rm /var/www/html mkdir -p /var/www/"$domain"/public_html chmod -R 755 /var/www cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/"$domain".conf cat < /etc/apache2/sites-available/"$domain".conf ServerAdmin $email ServerName $domain ServerAlias www.$domain DocumentRoot /var/www/$domain/public_html ErrorLog \${APACHE_LOG_DIR}/error.log CustomLog \${APACHE_LOG_DIR}/access.log combined EOF a2ensite $domain.conf a2dissite 000-default.conf systemctl restart apache2 fi #----------------------# # Apache_Nginx Install # #----------------------# if [ $webserver = apache_nginx ] then echo "install apache_nginx" ufw allow OpenSSH ufw allow 443/tcp ufw allow 80/tcp ufw limit ssh echo "y" | sudo ufw enable fi #-------------------# # Nginx Install # #-------------------# if [ $webserver = nginx ] then echo "install NGINX" ufw allow OpenSSH ufw allow 443/tcp ufw allow 80/tcp ufw limit ssh echo "y" | sudo ufw enable #-------------------# # LEMP # #-------------------# apt install nginx -y ufw allow 'Nginx HTTP' apt install mysql-server-5.7 -y mysql_secure_installation mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;" mysql -u root -p"$passwd" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$passwd"';" mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;" mysql -u root -p"$passwd" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;" apt install php-fpm php-mysql php-cgi php-common php-pear php-mbstring php-curl php-gd php-intl php-soap php-xml php-xmlrpc php-zip -y #-------------------# # NGINX CONFIG # #-------------------# mkdir -p /var/www/"$domain"/html chmod -R 755 /var/www cat < /etc/nginx/sites-available/$domain fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=MYAPP:100m max_size=10g inactive=1440m; server { listen 80; listen [::]:80; root /var/www/$domain/html; index index.php index.html index.htm index.nginx-debian.html; server_name $domain www.$domain; #return 301 \$scheme:/\$domain\$request_uri; Redirect to non-www #return 301 https://domein.nl$request_uri; Redirect to other domain location = /netdata { return 301 /netdata/; } location ~ /netdata/(?.*) { proxy_redirect off; proxy_set_header Host \$host; proxy_set_header X-Forwarded-Host \$host; proxy_set_header X-Forwarded-Server \$host; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_pass_request_headers on; proxy_set_header Connection "keep-alive"; proxy_store off; proxy_pass http://netdata/\$ndpath\$is_args\$args; } gzip on; gzip_proxied any; gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml; gzip_min_length 1000; gzip_comp_level 2; gzip_disable "msie6"; gzip_buffers 16 8k; location / { #try_files \$uri \$uri/ =404; try_files \$uri \$uri/ /index.php\$is_args\$args; } location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { log_not_found off; access_log off; allow all; } location ~* \.(css|gif|ico|jpeg|jpg|js|png|svg|eot|otf|woff|woff2|ttf|ogg)$ { expires max; log_not_found off; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; fastcgi_cache MYAPP; fastcgi_cache_valid 200 302 301 1m; fastcgi_cache_valid 404 1m; fastcgi_cache_bypass \$no_cache; fastcgi_no_cache \$no_cache; fastcgi_cache_revalidate on; fastcgi_cache_background_update on; fastcgi_cache_lock on; fastcgi_cache_use_stale updating; fastcgi_buffer_size 128k; fastcgi_buffers 256 16k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; } location ~ /\.ht { deny all; } location /phpmyadmin { index index.php; } #Cache everything by default set \$no_cache 0; #Don't cache POST requests if (\$request_method = POST) { set \$no_cache 1; } #Don't cache if the URL contains a query string if (\$query_string != "") { set \$no_cache 1; } #Don't cache the following URLs if (\$request_uri ~* "/(administrator/|login.php)") { set \$no_cache 1; } #Don't cache if there is a cookie called PHPSESSID if (\$http_cookie = "PHPSESSID") { set \$no_cache 1; } } EOF cat < /etc/nginx/nginx.conf user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; events { worker_connections 1024; } http { fastcgi_cache_key \$scheme\$request_method\$host\$request_uri; add_header X-Cache "\$upstream_cache_status"; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; # server_tokens off; client_body_buffer_size 10K; client_header_buffer_size 1k; client_max_body_size 8m; large_client_header_buffers 4 4k; server_names_hash_bucket_size 64; include /etc/nginx/mime.types; default_type text/html; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; ssl_session_cache shared:SSL:20m; ssl_session_timeout 180m; #access_log /var/log/nginx/access.log; access_log off; error_log /var/log/nginx/error.log; gzip on; gzip_proxied any; gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml; gzip_min_length 1000; gzip_comp_level 2; gzip_disable "msie6"; gzip_buffers 16 8k; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; } EOF echo " #fastcgi_cache_key \$scheme\$request_method\$host\$request_uri; #add_header X-Cache "\$upstream_cache_status"; #add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; ssl_session_cache shared:SSL:20m; ssl_session_timeout 180m; client_body_buffer_size 10K; client_header_buffer_size 1k; client_max_body_size 8m; large_client_header_buffers 4 4k; access_log off; upstream netdata { server 127.0.0.1:19999; keepalive 64; } server { listen 80 default_server; listen [::]:80 default_server; location = /netdata { return 301 /netdata/; } location ~ /netdata/(?.*) { proxy_redirect off; proxy_set_header Host "\$host"; proxy_set_header X-Forwarded-Host "\$host"; proxy_set_header X-Forwarded-Server "\$host"; proxy_set_header X-Forwarded-For "\$proxy_add_x_forwarded_for"; proxy_http_version 1.1; proxy_pass_request_headers on; proxy_set_header Connection "keep-alive"; proxy_store off; proxy_pass http://netdata/"\$ndpath""\$is_args""\$args"; gzip on; gzip_proxied any; gzip_types *; } root /var/www/html; index index.php index.html index.htm index.nginx-debian.html; server_name _; location / { try_files "\$uri" "\$uri"/ =404; } # pass PHP scripts to FastCGI server location ~ \.php$ { include snippets/fastcgi-php.conf; # With php-fpm (or other unix sockets): fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; # With php-cgi (or other tcp sockets): #fastcgi_pass 127.0.0.1:9000; } }" > /etc/nginx/sites-available/default ln -s /etc/nginx/sites-available/$domain /etc/nginx/sites-enabled/ sed -i 's/#cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/7.2/fpm/php.ini systemctl reload nginx fi #-------------------# # PHPMYADMIN # #-------------------# ln -s /usr/share/phpmyadmin /home/admin/web/"$domain"/public_html cd /home/admin/web/"$domain"/public_html ls -l mv phpmyadmin database fi #--------------------# # PHPmyAdmin Install # #--------------------# if [ $phpmyadmin = 1 ] then echo "install php myadmin" apt-get install phpmyadmin -y ln -s /usr/share/phpmyadmin /var/www/"$domain"/html systemctl restart php7.2-fpm # Redirect phpmyadmin -> database cd /var/www/"$domain"/html/ ls -l mv phpmyadmin database fi #-----------------# # Postfix Install # #-----------------# if [ $postfix = 1 ] then echo "install postfix" apt install mailutils -y sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf sed -i 's/relayhost =/mydestination = '$domain', localhost.'$domain', '$domain'/g' /etc/postfix/main.cf systemctl restart postfix cat < /etc/aliases # See man 5 aliases for format postmaster: root root: $email EOF newaliases fi #-----------------# # Netdata Install # #-----------------# if [ $netdata = 1 ] then echo "install netdata" bash <(curl -Ss https://my-netdata.io/kickstart.sh) ufw allow 19999/tcp iptables -A INPUT -p tcp --dport 19999 -j ACCEPT fi #-------------------# # Memcached Install # #-------------------# if [ $memcached = 1 ] then echo "install memcached" apt-get install memcached -y systemctl restart memcached fi #---------------# # Redis Install # #---------------# if [ $redis = 1 ] then echo "install redis" apt install redis-server -y sed -i 's/supervised no/supervised systemd/g' /etc/redis/redis.conf sed -i 's/# bind 127.0.0.1 ::1/bind 127.0.0.1 ::1/g' /etc/redis/redis.conf sed -i 's/# requirepass foobared/requirepass '$passwd'/g' /etc/redis/redis.conf systemctl restart redis systemctl restart redis.service fi #-----------------# # Certbot Install # #-----------------# if [ $certbot = 1 ] then echo "install Let's Encrypt Certbot" add-apt-repository ppa:certbot/certbot apt install python-certbot-$certbot_server -y #certbot --$certbot_server -d $domain -d www.$domain fi #-------------------# # Wordpress Install # #-------------------# # # if [ $wordpress = 1 ] # then # echo "install wordpress" # db_name="wp_1" # db_user="wp_1" # db_pass=$(date +%s|sha256sum|base64|head -c 32) # mysql -u root -p"$passwd" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;" mysql -u root -p"$passwd" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';" mysql -u root -p"$passwd" -e "FLUSH PRIVILEGES;" cd /tmp curl -LO https://wordpress.org/latest.tar.gz tar xzvf latest.tar.gz cp /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php path="$domain" cp -a /tmp/wordpress/. /var/www/"$path"/html chown -R www-data:www-data /var/www/"$path"/html WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -) cat < /var/www/"$domain"/html/wp-config.php /var/www/"$domain"/html/wp-config.php array( # '127.0.0.1:11211' # ) #); #define('WP_REDIS_HOST', '127.0.0.1'); #define('WP_REDIS_PASSWORD', '$passwd'); #define('WP_REDIS_PORT', '6379'); require_once(ABSPATH . 'wp-settings.php'); EOF #define( 'WP_SITEURL', '' ); #define( 'WP_HOME', '' ); #define( 'ALTERNATE_WP_CRON', true ); #define('DISABLE_WP_CRON', 'true'); #define('WP_CRON_LOCK_TIMEOUT', 900); #define('AUTOSAVE_INTERVAL', 300); define( 'WP_MEMORY_LIMIT', '256M' ); define( 'DISALLOW_FILE_EDIT', true ); #define( 'EMPTY_TRASH_DAYS', 7 ); define( 'NOBLOGREDIRECT', 'https://$domain' ); #define( 'FS_CHMOD_DIR', ( 0755 & ~ umask() ) ); #define( 'FS_CHMOD_FILE', ( 0644 & ~ umask() ) ); #define( 'WP_ALLOW_REPAIR', true ); #define( 'FORCE_SSL_ADMIN', true ); #define( 'AUTOMATIC_UPDATER_DISABLED', true ); #define( 'WP_AUTO_UPDATE_CORE', false ); $WPSalts \$table_prefix = '$db_name'; define('WP_DEBUG', false); if ( !defined('ABSPATH') ) define('ABSPATH', dirname(__FILE__) . '/'); #\$memcached_servers = array( # 'default' => array( # '127.0.0.1:11211' # ) #); #define('WP_REDIS_HOST', '127.0.0.1'); #define('WP_REDIS_PASSWORD', '$passwd'); #define('WP_REDIS_PORT', '6379'); require_once(ABSPATH . 'wp-settings.php'); EOF fi fi #----------------------# # Generic end commands # #----------------------# #----------------# # OPCACHE # #----------------# sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=256/g' /etc/php/7.2/fpm/php.ini sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/7.2/fpm/php.ini sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/7.2/fpm/php.ini sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=50000/g' /etc/php/7.2/fpm/php.ini sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/7.2/fpm/php.ini sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=0/g' /etc/php/7.2/fpm/php.ini sed -i 's/; max_input_vars = 1000/max_input_vars = 10000/g' /etc/php/7.2/fpm/php.ini systemctl restart php7.2-fpm.service #-------------------# # OPCACHE GUI # #-------------------# cd /tmp curl -LO https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php cp /tmp/index.php /tmp/opcache.php cp -a /tmp/opcache.php /var/www/"$domain"/html cat > /var/www/"$domain"/html/info.php <<- "EOF" EOF #-------------------# # SYS UPDATE CRON # #-------------------# cd /etc/cron.d touch updates cat < /etc/cron.d/updates SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin # m h dom mon dow command 0 0 * * * apt-get update -y && apt-get upgrade -y &&apt-get dist-upgrade -y EOF echo "Install Succes" echo "Reboot system in:" sleep 1 echo "3"a sleep 1 echo "2" sleep 1 echo "1" reboot exit