add new conf

2 years ago · 65d70288ca
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,4 @@

 \.vscode/

 \.history/
--- a/docs/files/etc/fail2ban/filter.d/nginx-forbidden.conf
+++ b/docs/files/etc/fail2ban/filter.d/nginx-forbidden.conf
@ -0,0 +1,4 @@
 [Definition]
 failregex = ^ \[error\] \d+#\d+: .* forbidden .*, client: <HOST>, .*$

 ignoreregex = 
--- a/docs/files/etc/fail2ban/jail.d/custom.conf
+++ b/docs/files/etc/fail2ban/jail.d/custom.conf
@ -14,3 +14,11 @@ action = iptables-multiport[name="ee-wordpress", port="http,https"]
 logpath = /var/log/nginx/*access.log
 maxretry = 5

 [nginx-forbidden]
 enabled = true
 filter = nginx-forbidden
 port = http,https
 logpath = /var/log/nginx/*error*.log
 findtime = 60
 bantime = 6000
 maxretry = 3
--- a/docs/files/etc/nginx/common/locations-php7.conf
+++ b/docs/files/etc/nginx/common/locations-php7.conf
@ -14,7 +14,7 @@ location = /robots.txt {
  log_not_found off;
 }
 # Cache static files
 location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$ {
 location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|woff2|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$ {
  add_header "Access-Control-Allow-Origin" "*";
  access_log off;
  log_not_found off;
--- a/docs/files/etc/nginx/conf.d/map-wp-cache.conf
+++ b/docs/files/etc/nginx/conf.d/map-wp-cache.conf
@ -0,0 +1,40 @@
 map $http_x_requested_with $http_request_cache {
        default         0;
        XMLHttpRequest  1;
    }

 map $http_cookie $cookie_cache {
        default                     0;
        ~*wordpress_[a-f0-9]+       1;
        wp-postpass                 1;
        wordpress_logged_in         1;
        wordpress_no_cache          1;
        comment_author              1;
    }

 map $request_uri $uri_cache {
        default                    0;
        ~*\/wp-admin\/.*           1;
        ~*\/wp-[a-zA-Z0-9-]+\.php  1;
        ~*\/feed\/.*               1;
        ~*\/index.php.*            1;
        ~*\.*sitemap.*\.xml*       1;
        ~*\/xmlrpc.php             1;
 }

 map $request_method $request_cache {
    default 0;
    POST    1; #no caching on post
 }

 map $query_string $query_cache {
  default  1;
  ""       0;
 }

 map $http_request_cache$cookie_cache$uri_cache$request_cache$query_cache $skip_cache {
    default 1;
    00000 0;
 }


--- a/etc/fail2ban/filter.d/nginx-forbidden.conf
+++ b/etc/fail2ban/filter.d/nginx-forbidden.conf
@ -0,0 +1,4 @@
 [Definition]
 failregex = ^ \[error\] \d+#\d+: .* forbidden .*, client: <HOST>, .*$

 ignoreregex = 
--- a/etc/fail2ban/jail.d/custom.conf
+++ b/etc/fail2ban/jail.d/custom.conf
@ -14,3 +14,11 @@ action = iptables-multiport[name="ee-wordpress", port="http,https"]
 logpath = /var/log/nginx/*access.log
 maxretry = 5

 [nginx-forbidden]
 enabled = true
 filter = nginx-forbidden
 port = http,https
 logpath = /var/log/nginx/*error*.log
 findtime = 60
 bantime = 6000
 maxretry = 3
--- a/etc/nginx/conf.d/map-wp-cache.conf
+++ b/etc/nginx/conf.d/map-wp-cache.conf
@ -0,0 +1,52 @@
 map $http_x_requested_with $http_request_cache {
        default         0;
        XMLHttpRequest  1;
    }

 map $http_cookie $cookie_cache {
        default                     0;
        ~*wordpress_[a-f0-9]+       1;
        ~*wp-postpass               1;
        ~*wordpress_logged_in       1;
        ~*wordpress_no_cache        1;
        ~*comment_author            1;
        ~*woocommerce_items_in_cart 1;
        ~*woocommerce_cart_hash     1;
        ~*wptouch_switch_toogle     1;
        ~*comment_author_email_     1;
        
    }

 map $request_uri $uri_cache {
        default                    0;
        ~*\/wp-admin\/.*           1;
        ~*\/wp-[a-zA-Z0-9-]+\.php  1;
        ~*\/feed\/.*               1;
        ~*\/index.php              1;
        ~*\.*sitemap.*\.xml*       1;
        ~*\/wp-comments-popup\.php 1;
        ~*\/wp-links-opml\.php     1;
        ~*\/wp-locations\.php      1;
        ~*\/wp-\.*\.php            1;




 }

 map $request_method $request_cache {
    default 0;
    POST    1; #no caching on post
 }

 map $query_string $query_cache {
  default  1;
  ""       0;
 }

 map $http_request_cache$cookie_cache$uri_cache$request_cache$query_cache $skip_cache {
    default 1;
    00000 0;
 }


--- a/scripts/init.sh
+++ b/scripts/init.sh
@ -21,10 +21,10 @@ REPO_PATH="/tmp/ubuntu-nginx-web-server"
 ##################################

 if [ "$(id -u)" != "0" ]; then
    echo "Error: You must be root to run this script, please use the root user to install the software."
    echo ""
    echo "Use 'sudo su - root' to login as root"
    exit 1
 	echo "Error: You must be root to run this script, please use the root user to install the software."
 	echo ""
 	echo "Use 'sudo su - root' to login as root"
 	exit 1
 fi

 clear
@ -33,7 +33,6 @@ clear
 # Welcome
 ##################################


 echo ""
 echo "Welcome to ubuntu-nginx-web-server install script."
 echo ""
@ -45,51 +44,49 @@ echo ""
 echo ""
 echo "Do you want to install ufw (firewall) ? (y/n)"
 while [[ $ufw != "y" && $ufw != "n" ]]; do
    read -p "Select an option [y/n]: " ufw
 	read -p "Select an option [y/n]: " ufw
 done
 echo ""
 echo ""
 echo "Do you want to install fail2ban ? (y/n)"
 while [[ $fail2ban != "y" && $fail2ban != "n" ]]; do
    read -p "Select an option [y/n]: " fail2ban
 	read -p "Select an option [y/n]: " fail2ban
 done
 echo ""
 echo "Do you want to install MariaDB-server 10.3 ? (y/n)"
 while [[ $mariadb_server != "y" && $mariadb_server != "n" ]]; do
    read -p "Select an option [y/n]: " mariadb_server
 	read -p "Select an option [y/n]: " mariadb_server
 done
 if [ "$mariadb_server" = "n" ]; then
    echo ""
    echo "Do you want to install MariaDB-client ? (y/n)"
    while [[ $mariadb_client != "y" && $mariadb_client != "n" ]]; do
        read -p "Select an option [y/n]: " mariadb_client
    done
 	echo ""
 	echo "Do you want to install MariaDB-client ? (y/n)"
 	while [[ $mariadb_client != "y" && $mariadb_client != "n" ]]; do
 		read -p "Select an option [y/n]: " mariadb_client
 	done
 fi
 echo ""
 echo "Do you want to compile the last nginx-ee ? (y/n)"
 while [[ $nginxee != "y" && $nginxee != "n" ]]; do
    read -p "Select an option [y/n]: " nginxee
 	read -p "Select an option [y/n]: " nginxee
 done
 echo ""
 echo "Do you want php7.1-fpm ? (y/n)"
 while [[ $phpfpm71 != "y" && $phpfpm71 != "n" ]]; do
    read -p "Select an option [y/n]: " phpfpm71
 	read -p "Select an option [y/n]: " phpfpm71
 done
 echo ""
 echo "Do you want php7.2-fpm ? (y/n)"
 while [[ $phpfpm72 != "y" && $phpfpm72 != "n" ]]; do
    read -p "Select an option [y/n]: " phpfpm72
 	read -p "Select an option [y/n]: " phpfpm72
 done
 echo ""
 echo "Do you want proftpd ? (y/n)"
 while [[ $proftpd != "y" && $proftpd != "n" ]]; do
    read -p "Select an option [y/n]: " proftpd
 	read -p "Select an option [y/n]: " proftpd
 done

 echo ""



 ##################################
 # Update packages
 ##################################
@ -102,34 +99,33 @@ sudo apt-get upgrade -y && apt-get autoremove -y && apt-get clean
 ##################################

 ufw() {
    
    if [ ! -d /etc/ufw ];
    then
        apt-get install ufw -y
    fi
    
    ufw logging low
    ufw default allow outgoing
    ufw default deny incoming
    
    # required
    ufw allow 22
    ufw allow 53
    ufw allow http
    ufw allow https
    ufw allow 21
    ufw allow 68
    ufw allow 546
    ufw allow 873
    ufw allow 123
    ufw allow 22222
    
    # optional for monitoring
    
    ufw allow 161
    ufw allow 6556
    ufw allow 10050
    

 	if [ ! -d /etc/ufw ]; then
 		apt-get install ufw -y
 	fi

 	ufw logging low
 	ufw default allow outgoing
 	ufw default deny incoming

 	# required
 	ufw allow 22
 	ufw allow 53
 	ufw allow http
 	ufw allow https
 	ufw allow 21
 	ufw allow 68
 	ufw allow 546
 	ufw allow 873
 	ufw allow 123
 	ufw allow 22222

 	# optional for monitoring

 	ufw allow 161
 	ufw allow 6556
 	ufw allow 10050

 }

 ##################################
@ -137,12 +133,12 @@ ufw() {
 ##################################

 useful() {
    
    apt-get install haveged curl git unzip zip fail2ban htop nload nmon ntp -y
    
    # ntp time
    systemctl enable ntp
    

 	apt-get install haveged curl git unzip zip fail2ban htop nload nmon ntp -y

 	# ntp time
 	systemctl enable ntp

 }

 ##################################
@ -150,11 +146,11 @@ useful() {
 ##################################

 dl_repo() {
    
    cd /tmp || exit
    rm -rf /tmp/ubuntu-nginx-web-server
    git clone https://github.com/VirtuBox/ubuntu-nginx-web-server.git /tmp/ubuntu-nginx-web-server
    

 	cd /tmp || exit
 	rm -rf /tmp/ubuntu-nginx-web-server
 	git clone https://github.com/VirtuBox/ubuntu-nginx-web-server.git /tmp/ubuntu-nginx-web-server

 }

 ##################################
@ -162,15 +158,15 @@ dl_repo() {
 ##################################

 sysctl() {
    
    sudo modprobe tcp_htcp
    cp -f $REPO_PATH/etc/sysctl.conf /etc/sysctl.conf
    sysctl -p
    cp -f  $REPO_PATH/etc/security/limits.conf /etc/security/limits.conf
    
    # Redis transparent_hugepage
    echo never > /sys/kernel/mm/transparent_hugepage/enabled
    

 	sudo modprobe tcp_htcp
 	cp -f $REPO_PATH/etc/sysctl.conf /etc/sysctl.conf
 	sysctl -p
 	cp -f $REPO_PATH/etc/security/limits.conf /etc/security/limits.conf

 	# Redis transparent_hugepage
 	echo never >/sys/kernel/mm/transparent_hugepage/enabled

 }

 ##################################
@ -178,11 +174,11 @@ sysctl() {
 ##################################

 mariadb_repo() {
    
    curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup \
    | sudo bash -s -- --mariadb-server-version=10.3 --skip-maxscale -y
    sudo apt-get update
    

 	curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup |
 		sudo bash -s -- --mariadb-server-version=10.3 --skip-maxscale -y
 	sudo apt-get update

 }

 ##################################
@ -190,15 +186,15 @@ mariadb_repo() {
 ##################################

 mariadb_setup() {
    
    sudo apt-get install -y mariadb-server
    

 	sudo apt-get install -y mariadb-server

 }

 mariadb_client() {
    
    sudo apt-get install -y mariadb-client
    

 	sudo apt-get install -y mariadb-client

 }

 ##################################
@ -206,19 +202,19 @@ mariadb_client() {
 ##################################

 mariadb_tweaks() {
    
    cp -f $REPO_PATH/etc/mysql/my.cnf /etc/mysql/my.cnf
    
    sudo service mysql stop
    
    sudo mv /var/lib/mysql/ib_logfile0 /var/lib/mysql/ib_logfile0.bak
    sudo mv /var/lib/mysql/ib_logfile1 /var/lib/mysql/ib_logfile1.bak
    
    cp -f  $REPO_PATH/etc/systemd/system/mariadb.service.d/limits.conf /etc/systemd/system/mariadb.service.d/limits.conf
    sudo systemctl daemon-reload
    
    sudo service mysql start
    

 	cp -f $REPO_PATH/etc/mysql/my.cnf /etc/mysql/my.cnf

 	sudo service mysql stop

 	sudo mv /var/lib/mysql/ib_logfile0 /var/lib/mysql/ib_logfile0.bak
 	sudo mv /var/lib/mysql/ib_logfile1 /var/lib/mysql/ib_logfile1.bak

 	cp -f $REPO_PATH/etc/systemd/system/mariadb.service.d/limits.conf /etc/systemd/system/mariadb.service.d/limits.conf
 	sudo systemctl daemon-reload

 	sudo service mysql start

 }

 ##################################
@ -226,12 +222,12 @@ mariadb_tweaks() {
 ##################################

 ee_install() {
    
    sudo bash -c 'echo -e "[user]\n\tname = $USER\n\temail = $USER@$HOSTNAME" > $HOME/.gitconfig'
    sudo wget -qO ee rt.cx/ee && sudo bash ee
    
    source /etc/bash_completion.d/ee_auto.rc
    

 	sudo bash -c 'echo -e "[user]\n\tname = $USER\n\temail = $USER@$HOSTNAME" > $HOME/.gitconfig'
 	sudo wget -qO ee rt.cx/ee && sudo bash ee

 	source /etc/bash_completion.d/ee_auto.rc

 }

 ##################################
@ -239,10 +235,10 @@ ee_install() {
 ##################################

 ee_setup() {
    
    ee stack install
    ee stack install --php7 --redis --admin --phpredisadmin
    

 	ee stack install
 	ee stack install --php7 --redis --admin --phpredisadmin

 }

 ##################################
@ -250,14 +246,14 @@ ee_setup() {
 ##################################

 ee_fix() {
    
    cd ~/ || exit
    curl -sS https://getcomposer.org/installer | php
    mv composer.phar /usr/bin/composer
    
    chown www-data:www-data /var/www
    sudo -u www-data -H composer update -d /var/www/22222/htdocs/db/pma/
    

 	cd ~/ || exit
 	curl -sS https://getcomposer.org/installer | php
 	mv composer.phar /usr/bin/composer

 	chown www-data:www-data /var/www
 	sudo -u www-data -H composer update -d /var/www/22222/htdocs/db/pma/

 }

 ##################################
@ -265,18 +261,18 @@ ee_fix() {
 ##################################

 web_user() {
    
    usermod -s /bin/bash www-data
    
    wget -O /etc/bash_completion.d/wp-completion.bash https://raw.githubusercontent.com/wp-cli/wp-cli/master/utils/wp-completion.bash
    cp -f  /var/www/.profile $REPO_PATH/files/var/www/.profile
    cp -f  /var/www/.bashrc $REPO_PATH/files/var/www/.bashrc
    
    chown www-data:www-data /var/www/.profile
    chown www-data:www-data /var/www/.bashrc
    
    sudo -u www-data -H wget https://raw.githubusercontent.com/scopatz/nanorc/files/install.sh -O- | sh
    

 	usermod -s /bin/bash www-data

 	wget -O /etc/bash_completion.d/wp-completion.bash https://raw.githubusercontent.com/wp-cli/wp-cli/master/utils/wp-completion.bash
 	cp -f /var/www/.profile $REPO_PATH/files/var/www/.profile
 	cp -f /var/www/.bashrc $REPO_PATH/files/var/www/.bashrc

 	chown www-data:www-data /var/www/.profile
 	chown www-data:www-data /var/www/.bashrc

 	sudo -u www-data -H wget https://raw.githubusercontent.com/scopatz/nanorc/files/install.sh -O- | sh

 }

 ##################################
@ -284,31 +280,30 @@ web_user() {
 ##################################

 php71() {
    
    sudo apt-get install php7.1-fpm php7.1-cli php7.1-zip php7.1-opcache php7.1-mysql php7.1-mcrypt php7.1-mbstring php7.1-json php7.1-intl \
    php7.1-gd php7.1-curl php7.1-bz2 php7.1-xml php7.1-tidy php7.1-soap php7.1-bcmath -y php7.1-xsl
    
    sudo cp -f $REPO_PATH/etc/php/7.1/fpm/pool.d/www.conf /etc/php/7.1/fpm/pool.d/www.conf
    
    sudo cp -f  $REPO_PATH/etc/php/7.1/fpm/php.ini /etc/php/7.1/fpm/php.ini
    cp -f  $REPO_PATH/etc/php/7.1/cli/php.ini /etc/php/7.1/cli/php.ini
    sudo service php7.1-fpm restart
    
 }

 	sudo apt-get install php7.1-fpm php7.1-cli php7.1-zip php7.1-opcache php7.1-mysql php7.1-mcrypt php7.1-mbstring php7.1-json php7.1-intl \
 		php7.1-gd php7.1-curl php7.1-bz2 php7.1-xml php7.1-tidy php7.1-soap php7.1-bcmath -y php7.1-xsl

 	sudo cp -f $REPO_PATH/etc/php/7.1/fpm/pool.d/www.conf /etc/php/7.1/fpm/pool.d/www.conf

 	sudo cp -f $REPO_PATH/etc/php/7.1/fpm/php.ini /etc/php/7.1/fpm/php.ini
 	cp -f $REPO_PATH/etc/php/7.1/cli/php.ini /etc/php/7.1/cli/php.ini
 	sudo service php7.1-fpm restart

 }

 ##################################
 # Install php7.2-fpm
 ##################################

 php72() {
    
    sudo apt-get install php7.2-fpm php7.2-xml php7.2-bz2  php7.2-zip php7.2-mysql  php7.2-intl php7.2-gd php7.2-curl php7.2-soap php7.2-mbstring -y
    
    cp -f  $REPO_PATH/etc/php/7.2/fpm/pool.d/www.conf /etc/php/7.2/fpm/pool.d/www.conf
    cp -f  $REPO_PATH/etc/php/7.2/cli/php.ini /etc/php/7.2/cli/php.ini
    service php7.2-fpm restart
    

 	sudo apt-get install php7.2-fpm php7.2-xml php7.2-bz2 php7.2-zip php7.2-mysql php7.2-intl php7.2-gd php7.2-curl php7.2-soap php7.2-mbstring -y

 	cp -f $REPO_PATH/etc/php/7.2/fpm/pool.d/www.conf /etc/php/7.2/fpm/pool.d/www.conf
 	cp -f $REPO_PATH/etc/php/7.2/cli/php.ini /etc/php/7.2/cli/php.ini
 	service php7.2-fpm restart

 }

 ##################################
@ -316,15 +311,14 @@ php72() {
 ##################################

 php7_conf() {
    
    if [ ! -d /etc/php/7.0 ];
    then
        
        cp -f  $REPO_PATH/etc/php/7.0/cli/php.ini /etc/php/7.0/cli/php.ini
        cp -f  $REPO_PATH/etc/php/7.0/fpm/php.ini /etc/php/7.0/fpm/php.ini
        
    fi
    

 	if [ ! -d /etc/php/7.0 ]; then

 		cp -f $REPO_PATH/etc/php/7.0/cli/php.ini /etc/php/7.0/cli/php.ini
 		cp -f $REPO_PATH/etc/php/7.0/fpm/php.ini /etc/php/7.0/fpm/php.ini

 	fi

 }

 ##################################
@ -332,11 +326,11 @@ php7_conf() {
 ##################################

 nginx_ee() {
    
    wget https://raw.githubusercontent.com/VirtuBox/nginx-ee/master/nginx-build.sh
    chmod +x nginx-build.sh
    ./nginx-build.sh
    

 	wget https://raw.githubusercontent.com/VirtuBox/nginx-ee/master/nginx-build.sh
 	chmod +x nginx-build.sh
 	./nginx-build.sh

 }

 ##################################
@ -345,42 +339,38 @@ nginx_ee() {

 nginx_conf() {

 # php7.1 & 7.2 common configurations
 	# php7.1 & 7.2 common configurations

 cp -rf $REPO_PATH/etc/nginx/common/* /etc/nginx/common/
 	cp -rf $REPO_PATH/etc/nginx/common/* /etc/nginx/common/

 # optimized nginx.config
 cp -f  $REPO_PATH/etc/nginx/nginx.conf /etc/nginx/nginx.conf
 	# optimized nginx.config
 	cp -f $REPO_PATH/etc/nginx/nginx.conf /etc/nginx/nginx.conf

 	# check nginx configuration
 	CONF_22222=$(grep -c netdata /etc/nginx/sites-available/22222)
 	CONF_UPSTREAM=$(grep -c netdata /etc/nginx/conf.d/upstream.conf)
 	CONF_DEFAULT=$(grep -c status /etc/nginx/sites-available/default)

 # check nginx configuration
 CONF_22222=$(grep -c netdata /etc/nginx/sites-available/22222)
 CONF_UPSTREAM=$(grep -c netdata /etc/nginx/conf.d/upstream.conf)
 CONF_DEFAULT=$(grep -c status /etc/nginx/sites-available/default)
 	if [ "$CONF_22222" = 0 ]; then
 		# add nginx reverse-proxy for netdata on https://yourserver.hostname:22222/netdata/
 		sudo cp -f $REPO_PATH/etc/nginx/sites-available/22222 /etc/nginx/sites-available/22222
 	fi

 if [ "$CONF_22222" = 0 ]
 then
    # add nginx reverse-proxy for netdata on https://yourserver.hostname:22222/netdata/
    sudo cp -f  $REPO_PATH/etc/nginx/sites-available/22222 /etc/nginx/sites-available/22222
 fi
 	if [ "$CONF_UPSTREAM" = 0 ]; then
 		# add netdata, php7.1 and php7.2 upstream
 		sudo cp -f $REPO_PATH/etc/nginx/conf.d/upstream.conf /etc/nginx/conf.d/upstream.conf
 	fi

 if [ "$CONF_UPSTREAM" = 0 ]
 then
    # add netdata, php7.1 and php7.2 upstream
    sudo cp -f  $REPO_PATH/etc/nginx/conf.d/upstream.conf /etc/nginx/conf.d/upstream.conf
 fi

 if [ "$CONF_DEFAULT" = 0 ]
 then
    # additional nginx locations for monitoring
    sudo cp -f  $REPO_PATH/etc/nginx/sites-available/default /etc/nginx/sites-available/default
 fi
 	if [ "$CONF_DEFAULT" = 0 ]; then
 		# additional nginx locations for monitoring
 		sudo cp -f $REPO_PATH/etc/nginx/sites-available/default /etc/nginx/sites-available/default
 	fi

 # 1) add webp mapping
 cp -f $REPO_PATH/etc/nginx/conf.d/webp.conf /etc/nginx/conf.d/webp.conf
 	# 1) add webp mapping
 	cp -f $REPO_PATH/etc/nginx/conf.d/webp.conf /etc/nginx/conf.d/webp.conf

 nginx -t
 service nginx reload
 	nginx -t
 	service nginx reload

 }

@ -389,14 +379,14 @@ service nginx reload
 ##################################

 f2b() {
    
    cp -f $REPO_PATH/etc/fail2ban/filter.d/ddos.conf /etc/fail2ban/filter.d/ddos.conf
    cp -f $REPO_PATH/etc/fail2ban/filter.d/ee-wordpress.conf /etc/fail2ban/filter.d/ee-wordpress.conf
    cp -f $REPO_PATH/etc/fail2ban/jail.d/custom.conf /etc/fail2ban/jail.d/custom.conf
    cp -f $REPO_PATH/etc/fail2ban/jail.d/ddos.conf  /etc/fail2ban/jail.d/ddos.conf
    
    sudo fail2ban-client reload
    

 	cp -f $REPO_PATH/etc/fail2ban/filter.d/ddos.conf /etc/fail2ban/filter.d/ddos.conf
 	cp -f $REPO_PATH/etc/fail2ban/filter.d/ee-wordpress.conf /etc/fail2ban/filter.d/ee-wordpress.conf
 	cp -f $REPO_PATH/etc/fail2ban/jail.d/custom.conf /etc/fail2ban/jail.d/custom.conf
 	cp -f $REPO_PATH/etc/fail2ban/jail.d/ddos.conf /etc/fail2ban/jail.d/ddos.conf

 	sudo fail2ban-client reload

 }

 ##################################
@ -404,14 +394,14 @@ f2b() {
 ##################################

 bashrc_extra() {
    
    git clone https://github.com/alexanderepstein/Bash-Snippets .Bash-Snippets
    cd .Bash-Snippets || exit
    git checkout v$BASH_SNIPPETS_VER
    ./install.sh cheat
    
    wget https://raw.githubusercontent.com/scopatz/nanorc/files/install.sh -O- | sh
    

 	git clone https://github.com/alexanderepstein/Bash-Snippets .Bash-Snippets
 	cd .Bash-Snippets || exit
 	git checkout v$BASH_SNIPPETS_VER
 	./install.sh cheat

 	wget https://raw.githubusercontent.com/scopatz/nanorc/files/install.sh -O- | sh

 }

 ##################################
@ -419,11 +409,11 @@ bashrc_extra() {
 ##################################

 ucaresystem() {
    
    sudo add-apt-repository ppa:utappia/stable -y
    sudo apt-get update
    sudo apt-get install ucaresystem-core -y
    

 	sudo add-apt-repository ppa:utappia/stable -y
 	sudo apt-get update
 	sudo apt-get install ucaresystem-core -y

 }

 ##################################
@ -431,24 +421,23 @@ ucaresystem() {
 ##################################

 proftpd_setup() {
    
    sudo apt install proftpd -y
    
    # secure proftpd and enable PassivePorts
    
    sed -i 's/# DefaultRoot/DefaultRoot/' /etc/proftpd/proftpd.conf
    sed -i 's/# RequireValidShell/RequireValidShell/' /etc/proftpd/proftpd.conf
    sed -i 's/# PassivePorts                  49152 65534/PassivePorts                  49000 50000/' /etc/proftpd/proftpd.conf
    
    sudo service proftpd restart
    
    if [ "$ufw" = "y" ];
    then
        
        # ftp passive ports
        ufw allow 49000:50000/tcp
    fi
    

 	sudo apt install proftpd -y

 	# secure proftpd and enable PassivePorts

 	sed -i 's/# DefaultRoot/DefaultRoot/' /etc/proftpd/proftpd.conf
 	sed -i 's/# RequireValidShell/RequireValidShell/' /etc/proftpd/proftpd.conf
 	sed -i 's/# PassivePorts                  49152 65534/PassivePorts                  49000 50000/' /etc/proftpd/proftpd.conf

 	sudo service proftpd restart

 	if [ "$ufw" = "y" ]; then

 		# ftp passive ports
 		ufw allow 49000:50000/tcp
 	fi

 }

 ##################################
@ -456,26 +445,25 @@ proftpd_setup() {
 ##################################

 netdata() {
    
    if [ ! -d /etc/netdata ];
    then
        
        ## install dependencies
        sudo apt-get install autoconf autoconf-archive autogen automake gcc libmnl-dev lm-sensors make nodejs pkg-config python python-mysqldb python-psycopg2 python-pymongo python-yaml uuid-dev zlib1g-dev -y
        
        ## install nedata
        bash <(curl -Ss https://my-netdata.io/kickstart.sh) all --dont-wait
        
        ## optimize netdata resources usage
        echo 1 >/sys/kernel/mm/ksm/run
        echo 1000 >/sys/kernel/mm/ksm/sleep_millisecs
        
        ## disable email notifigrep -cions
        sudo sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/' /etc/netdata/health_alarm_notify.conf
        sudo service netdata restart
        
    fi
    

 	if [ ! -d /etc/netdata ]; then

 		## install dependencies
 		sudo apt-get install autoconf autoconf-archive autogen automake gcc libmnl-dev lm-sensors make nodejs pkg-config python python-mysqldb python-psycopg2 python-pymongo python-yaml uuid-dev zlib1g-dev -y

 		## install nedata
 		bash <(curl -Ss https://my-netdata.io/kickstart.sh) all --dont-wait

 		## optimize netdata resources usage
 		echo 1 >/sys/kernel/mm/ksm/run
 		echo 1000 >/sys/kernel/mm/ksm/sleep_millisecs

 		## disable email notifigrep -cions
 		sudo sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/' /etc/netdata/health_alarm_notify.conf
 		sudo service netdata restart

 	fi

 }

 ##################################
@ -483,15 +471,14 @@ netdata() {
 ##################################

 extplorer() {
    
    if [ ! -d /var/www/22222/htdocs/files ];
    then
        
        mkdir /var/www/22222/htdocs/files
        wget http://extplorer.net/attachments/download/74/eXtplorer_$EXTPLORER_VER.zip -O /var/www/22222/htdocs/files/ex.zip
        cd /var/www/22222/htdocs/files && unzip ex.zip && rm ex.zip
    fi
    

 	if [ ! -d /var/www/22222/htdocs/files ]; then

 		mkdir /var/www/22222/htdocs/files
 		wget http://extplorer.net/attachments/download/74/eXtplorer_$EXTPLORER_VER.zip -O /var/www/22222/htdocs/files/ex.zip
 		cd /var/www/22222/htdocs/files && unzip ex.zip && rm ex.zip
 	fi

 }

 ##################################
@ -499,43 +486,100 @@ extplorer() {
 ##################################

 ee_dashboard() {
    
    cd /var/www/22222 || exit
    
    ## download latest version of EasyEngine-dashboard
    cd /tmp || exit
    git clone https://github.com/VirtuBox/easyengine-dashboard.git
    sudo cp -rf /tmp/easyengine-dashboard/* /var/www/22222/htdocs/
    sudo chown -R www-data:www-data /var/www/22222/htdocs
    

 	cd /var/www/22222 || exit

 	## download latest version of EasyEngine-dashboard
 	cd /tmp || exit
 	git clone https://github.com/VirtuBox/easyengine-dashboard.git
 	sudo cp -rf /tmp/easyengine-dashboard/* /var/www/22222/htdocs/
 	sudo chown -R www-data:www-data /var/www/22222/htdocs

 }

 ##################################
 # Install Acme.sh
 ##################################

 acme_sh() {

 	# install acme.sh if needed
 	echo ""
 	echo "checking if acme.sh is already installed"
 	echo ""
 	if [ ! -f $HOME/.acme.sh/acme.sh ]; then
 		echo ""
 		echo "installing acme.sh"
 		echo ""
 		wget -O - https://get.acme.sh | sh
 		source $HOME/.bashrc
 	fi

 }

 ##################################
 # Functions 
 # Secure EasyEngine Dashboard with Acme.sh
 ##################################

 ee-acme-22222() {

 	MY_HOSTNAME=$(hostname -f)
 	MY_IP=$(curl -s v4.vtbox.net)
 	MY_HOSTNAME_IP=$(dig +short @8.8.8.8 "$MY_HOSTNAME")

 	if [[ "$MY_IP" == "$MY_HOSTNAME_IP" ]]; then

 		if [ ! -f /etc/systemd/system/multi-user.target.wants/nginx.service ]; then
 			sudo systemctl enable nginx.service
 		fi

 		if [ ! -d $HOME/.acme.sh/${MY_HOSTNAME}_ecc ]; then
 			$HOME/.acme.sh/acme.sh --issue -d $MY_HOSTNAME --keylength ec-384 --standalone --pre-hook "service nginx stop " --post-hook "service nginx start"
 		fi

 		if [ -d /etc/letsencrypt/live/$MY_HOSTNAME ]; then
 			rm -rf /etc/letsencrypt/live/$MY_HOSTNAME/*
 		else
 			mkdir -p /etc/letsencrypt/live/$MY_HOSTNAME
 		fi

 		# install the cert and reload nginx
 		$HOME/.acme.sh/acme.sh --install-cert -d ${MY_HOSTNAME} --ecc \
 			--cert-file /etc/letsencrypt/live/${MY_HOSTNAME}/cert.pem \
 			--key-file /etc/letsencrypt/live/${MY_HOSTNAME}/key.pem \
 			--fullchain-file /etc/letsencrypt/live/${MY_HOSTNAME}/fullchain.pem \
 			--reloadcmd "systemctl reload nginx.service"

 		if [ -f /etc/letsencrypt/live/${MY_HOSTNAME}/fullchain.pem ] && [ -f /etc/letsencrypt/live/${MY_HOSTNAME}/key.pem ]; then
 			sed -i "s/ssl_certificate \/var\/www\/22222\/cert\/22222.crt;/ssl_certificate \/etc\/letsencrypt\/live\/${MY_HOSTNAME}\/fullchain.pem;/" /etc/nginx/sites-available/22222
 			sed -i "s/ssl_certificate_key \/var\/www\/22222\/cert\/22222.key;/ssl_certificate_key    \/etc\/letsencrypt\/live\/${MY_HOSTNAME}\/key.pem;/" /etc/nginx/sites-available/22222
 		fi
 		service nginx reload

 	fi
 }

 ##################################
 # Functions
 ##################################

 useful
 dl_repo
 sysctl


 if [ "$ufw" = "y" ]
 then
    ufw
 if [ "$ufw" = "y" ]; then
 	ufw
 fi

 mariadb_repo

 if [ "$mariadb_server" = "y" ]
 then
    mariadb_setup
    mariadb_tweaks
 if [ "$mariadb_server" = "y" ]; then
 	mariadb_setup
 	mariadb_tweaks
 fi

 if [ "$mariadb_client" = "y" ]
 then
    mariadb_client
 if [ "$mariadb_client" = "y" ]; then
 	mariadb_client
 fi

 ee_install
@ -544,30 +588,25 @@ ee_fix
 web_user
 php7_conf

 if [ "$phpfpm71" = "y" ]
 then
    php71
 if [ "$phpfpm71" = "y" ]; then
 	php71
 fi

 if [ "$phpfpm72" = "y" ]
 then
    php72
 if [ "$phpfpm72" = "y" ]; then
 	php72
 fi

 if [ "$nginxee" = "y" ]
 then
    nginx_ee
    nginx_conf
 if [ "$nginxee" = "y" ]; then
 	nginx_ee
 	nginx_conf
 fi

 if [ "$fail2ban" = "y" ]
 then
    f2b
 if [ "$fail2ban" = "y" ]; then
 	f2b
 fi

 if [ "$proftpd" = "y" ]
 then
    proftpd_setup
 if [ "$proftpd" = "y" ]; then
 	proftpd_setup
 fi

 bashrc_extra
@ -577,14 +616,5 @@ netdata
 extplorer
 ee_dashboard












 acme_sh
 ee-acme-22222