virtubox
/
ubuntu-nginx-web-server
mirror of https://github.com/VirtuBox/ubuntu-nginx-web-server
1
0
Fork 0
Code Issues Releases Wiki Activity

add new conf

This commit is contained in:
VirtuBox 2018-08-03 12:40:15 +02:00
parent 5085d6c068
commit 65d70288ca
9 changed files with 446 additions and 298 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,2 +1,4 @@
\.vscode/
\.history/

4
docs/files/etc/fail2ban/filter.d/nginx-forbidden.conf Normal file
View File

@ -0,0 +1,4 @@
[Definition]
failregex = ^ \[error\] \d+#\d+: .* forbidden .*, client: <HOST>, .*$
ignoreregex =

8
docs/files/etc/fail2ban/jail.d/custom.conf
View File

@ -14,3 +14,11 @@ action = iptables-multiport[name="ee-wordpress", port="http,https"]
logpath = /var/log/nginx/*access.log
maxretry = 5
[nginx-forbidden]
enabled = true
filter = nginx-forbidden
port = http,https
logpath = /var/log/nginx/*error*.log
findtime = 60
bantime = 6000
maxretry = 3

2
docs/files/etc/nginx/common/locations-php7.conf
View File

@ -14,7 +14,7 @@ location = /robots.txt {
log_not_found off;
}
# Cache static files
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$ {
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|woff2|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp)$ {
add_header "Access-Control-Allow-Origin" "*";
access_log off;
log_not_found off;

40
docs/files/etc/nginx/conf.d/map-wp-cache.conf Normal file
View File

@ -0,0 +1,40 @@
map $http_x_requested_with $http_request_cache {
default 0;
XMLHttpRequest 1;
}
map $http_cookie $cookie_cache {
default 0;
~*wordpress_[a-f0-9]+ 1;
wp-postpass 1;
wordpress_logged_in 1;
wordpress_no_cache 1;
comment_author 1;
}
map $request_uri $uri_cache {
default 0;
~*\/wp-admin\/.* 1;
~*\/wp-[a-zA-Z0-9-]+\.php 1;
~*\/feed\/.* 1;
~*\/index.php.* 1;
~*\.*sitemap.*\.xml* 1;
~*\/xmlrpc.php 1;
}
map $request_method $request_cache {
default 0;
POST 1; #no caching on post
}
map $query_string $query_cache {
default 1;
"" 0;
}
map $http_request_cache$cookie_cache$uri_cache$request_cache$query_cache $skip_cache {
default 1;
00000 0;
}

4
etc/fail2ban/filter.d/nginx-forbidden.conf Normal file
View File

@ -0,0 +1,4 @@
[Definition]
failregex = ^ \[error\] \d+#\d+: .* forbidden .*, client: <HOST>, .*$
ignoreregex =

8
etc/fail2ban/jail.d/custom.conf
View File

@ -14,3 +14,11 @@ action = iptables-multiport[name="ee-wordpress", port="http,https"]
logpath = /var/log/nginx/*access.log
maxretry = 5
[nginx-forbidden]
enabled = true
filter = nginx-forbidden
port = http,https
logpath = /var/log/nginx/*error*.log
findtime = 60
bantime = 6000
maxretry = 3

52
etc/nginx/conf.d/map-wp-cache.conf Normal file
View File

@ -0,0 +1,52 @@
map $http_x_requested_with $http_request_cache {
default 0;
XMLHttpRequest 1;
}
map $http_cookie $cookie_cache {
default 0;
~*wordpress_[a-f0-9]+ 1;
~*wp-postpass 1;
~*wordpress_logged_in 1;
~*wordpress_no_cache 1;
~*comment_author 1;
~*woocommerce_items_in_cart 1;
~*woocommerce_cart_hash 1;
~*wptouch_switch_toogle 1;
~*comment_author_email_ 1;
}
map $request_uri $uri_cache {
default 0;
~*\/wp-admin\/.* 1;
~*\/wp-[a-zA-Z0-9-]+\.php 1;
~*\/feed\/.* 1;
~*\/index.php 1;
~*\.*sitemap.*\.xml* 1;
~*\/wp-comments-popup\.php 1;
~*\/wp-links-opml\.php 1;
~*\/wp-locations\.php 1;
~*\/wp-\.*\.php 1;
}
map $request_method $request_cache {
default 0;
POST 1; #no caching on post
}
map $query_string $query_cache {
default 1;
"" 0;
}
map $http_request_cache$cookie_cache$uri_cache$request_cache$query_cache $skip_cache {
default 1;
00000 0;
}

624
scripts/init.sh
View File

@ -21,10 +21,10 @@ REPO_PATH="/tmp/ubuntu-nginx-web-server"
##################################
if [ "$(id -u)" != "0" ]; then
echo "Error: You must be root to run this script, please use the root user to install the software."
echo ""
echo "Use 'sudo su - root' to login as root"
exit 1
echo "Error: You must be root to run this script, please use the root user to install the software."
echo ""
echo "Use 'sudo su - root' to login as root"
exit 1
fi
clear
@ -33,7 +33,6 @@ clear
# Welcome
##################################
echo ""
echo "Welcome to ubuntu-nginx-web-server install script."
echo ""
@ -45,51 +44,49 @@ echo ""
echo ""
echo "Do you want to install ufw (firewall) ? (y/n)"
while [[ $ufw != "y" && $ufw != "n" ]]; do
read -p "Select an option [y/n]: " ufw
read -p "Select an option [y/n]: " ufw
done
echo ""
echo ""
echo "Do you want to install fail2ban ? (y/n)"
while [[ $fail2ban != "y" && $fail2ban != "n" ]]; do
read -p "Select an option [y/n]: " fail2ban
read -p "Select an option [y/n]: " fail2ban
done
echo ""
echo "Do you want to install MariaDB-server 10.3 ? (y/n)"
while [[ $mariadb_server != "y" && $mariadb_server != "n" ]]; do
read -p "Select an option [y/n]: " mariadb_server
read -p "Select an option [y/n]: " mariadb_server
done
if [ "$mariadb_server" = "n" ]; then
echo ""
echo "Do you want to install MariaDB-client ? (y/n)"
while [[ $mariadb_client != "y" && $mariadb_client != "n" ]]; do
read -p "Select an option [y/n]: " mariadb_client
done
echo ""
echo "Do you want to install MariaDB-client ? (y/n)"
while [[ $mariadb_client != "y" && $mariadb_client != "n" ]]; do
read -p "Select an option [y/n]: " mariadb_client
done
fi
echo ""
echo "Do you want to compile the last nginx-ee ? (y/n)"
while [[ $nginxee != "y" && $nginxee != "n" ]]; do
read -p "Select an option [y/n]: " nginxee
read -p "Select an option [y/n]: " nginxee
done
echo ""
echo "Do you want php7.1-fpm ? (y/n)"
while [[ $phpfpm71 != "y" && $phpfpm71 != "n" ]]; do
read -p "Select an option [y/n]: " phpfpm71
read -p "Select an option [y/n]: " phpfpm71
done
echo ""
echo "Do you want php7.2-fpm ? (y/n)"
while [[ $phpfpm72 != "y" && $phpfpm72 != "n" ]]; do
read -p "Select an option [y/n]: " phpfpm72
read -p "Select an option [y/n]: " phpfpm72
done
echo ""
echo "Do you want proftpd ? (y/n)"
while [[ $proftpd != "y" && $proftpd != "n" ]]; do
read -p "Select an option [y/n]: " proftpd
read -p "Select an option [y/n]: " proftpd
done
echo ""
##################################
# Update packages
##################################
@ -102,34 +99,33 @@ sudo apt-get upgrade -y && apt-get autoremove -y && apt-get clean
##################################
ufw() {
if [ ! -d /etc/ufw ];
then
apt-get install ufw -y
fi
ufw logging low
ufw default allow outgoing
ufw default deny incoming
# required
ufw allow 22
ufw allow 53
ufw allow http
ufw allow https
ufw allow 21
ufw allow 68
ufw allow 546
ufw allow 873
ufw allow 123
ufw allow 22222
# optional for monitoring
ufw allow 161
ufw allow 6556
ufw allow 10050
if [ ! -d /etc/ufw ]; then
apt-get install ufw -y
fi
ufw logging low
ufw default allow outgoing
ufw default deny incoming
# required
ufw allow 22
ufw allow 53
ufw allow http
ufw allow https
ufw allow 21
ufw allow 68
ufw allow 546
ufw allow 873
ufw allow 123
ufw allow 22222
# optional for monitoring
ufw allow 161
ufw allow 6556
ufw allow 10050
}
##################################
@ -137,12 +133,12 @@ ufw() {
##################################
useful() {
apt-get install haveged curl git unzip zip fail2ban htop nload nmon ntp -y
# ntp time
systemctl enable ntp
apt-get install haveged curl git unzip zip fail2ban htop nload nmon ntp -y
# ntp time
systemctl enable ntp
}
##################################
@ -150,11 +146,11 @@ useful() {
##################################
dl_repo() {
cd /tmp || exit
rm -rf /tmp/ubuntu-nginx-web-server
git clone https://github.com/VirtuBox/ubuntu-nginx-web-server.git /tmp/ubuntu-nginx-web-server
cd /tmp || exit
rm -rf /tmp/ubuntu-nginx-web-server
git clone https://github.com/VirtuBox/ubuntu-nginx-web-server.git /tmp/ubuntu-nginx-web-server
}
##################################
@ -162,15 +158,15 @@ dl_repo() {
##################################
sysctl() {
sudo modprobe tcp_htcp
cp -f $REPO_PATH/etc/sysctl.conf /etc/sysctl.conf
sysctl -p
cp -f $REPO_PATH/etc/security/limits.conf /etc/security/limits.conf
# Redis transparent_hugepage
echo never > /sys/kernel/mm/transparent_hugepage/enabled
sudo modprobe tcp_htcp
cp -f $REPO_PATH/etc/sysctl.conf /etc/sysctl.conf
sysctl -p
cp -f $REPO_PATH/etc/security/limits.conf /etc/security/limits.conf
# Redis transparent_hugepage
echo never >/sys/kernel/mm/transparent_hugepage/enabled
}
##################################
@ -178,11 +174,11 @@ sysctl() {
##################################
mariadb_repo() {
curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup \
| sudo bash -s -- --mariadb-server-version=10.3 --skip-maxscale -y
sudo apt-get update
curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup |
sudo bash -s -- --mariadb-server-version=10.3 --skip-maxscale -y
sudo apt-get update
}
##################################
@ -190,15 +186,15 @@ mariadb_repo() {
##################################
mariadb_setup() {
sudo apt-get install -y mariadb-server
sudo apt-get install -y mariadb-server
}
mariadb_client() {
sudo apt-get install -y mariadb-client
sudo apt-get install -y mariadb-client
}
##################################
@ -206,19 +202,19 @@ mariadb_client() {
##################################
mariadb_tweaks() {
cp -f $REPO_PATH/etc/mysql/my.cnf /etc/mysql/my.cnf
sudo service mysql stop
sudo mv /var/lib/mysql/ib_logfile0 /var/lib/mysql/ib_logfile0.bak
sudo mv /var/lib/mysql/ib_logfile1 /var/lib/mysql/ib_logfile1.bak
cp -f $REPO_PATH/etc/systemd/system/mariadb.service.d/limits.conf /etc/systemd/system/mariadb.service.d/limits.conf
sudo systemctl daemon-reload
sudo service mysql start
cp -f $REPO_PATH/etc/mysql/my.cnf /etc/mysql/my.cnf
sudo service mysql stop
sudo mv /var/lib/mysql/ib_logfile0 /var/lib/mysql/ib_logfile0.bak
sudo mv /var/lib/mysql/ib_logfile1 /var/lib/mysql/ib_logfile1.bak
cp -f $REPO_PATH/etc/systemd/system/mariadb.service.d/limits.conf /etc/systemd/system/mariadb.service.d/limits.conf
sudo systemctl daemon-reload
sudo service mysql start
}
##################################
@ -226,12 +222,12 @@ mariadb_tweaks() {
##################################
ee_install() {
sudo bash -c 'echo -e "[user]\n\tname = $USER\n\temail = $USER@$HOSTNAME" > $HOME/.gitconfig'
sudo wget -qO ee rt.cx/ee && sudo bash ee
source /etc/bash_completion.d/ee_auto.rc
sudo bash -c 'echo -e "[user]\n\tname = $USER\n\temail = $USER@$HOSTNAME" > $HOME/.gitconfig'
sudo wget -qO ee rt.cx/ee && sudo bash ee
source /etc/bash_completion.d/ee_auto.rc
}
##################################
@ -239,10 +235,10 @@ ee_install() {
##################################
ee_setup() {
ee stack install
ee stack install --php7 --redis --admin --phpredisadmin
ee stack install
ee stack install --php7 --redis --admin --phpredisadmin
}
##################################
@ -250,14 +246,14 @@ ee_setup() {
##################################
ee_fix() {
cd ~/ || exit
curl -sS https://getcomposer.org/installer | php
mv composer.phar /usr/bin/composer
chown www-data:www-data /var/www
sudo -u www-data -H composer update -d /var/www/22222/htdocs/db/pma/
cd ~/ || exit
curl -sS https://getcomposer.org/installer | php
mv composer.phar /usr/bin/composer
chown www-data:www-data /var/www
sudo -u www-data -H composer update -d /var/www/22222/htdocs/db/pma/
}
##################################
@ -265,18 +261,18 @@ ee_fix() {
##################################
web_user() {
usermod -s /bin/bash www-data
wget -O /etc/bash_completion.d/wp-completion.bash https://raw.githubusercontent.com/wp-cli/wp-cli/master/utils/wp-completion.bash
cp -f /var/www/.profile $REPO_PATH/files/var/www/.profile
cp -f /var/www/.bashrc $REPO_PATH/files/var/www/.bashrc
chown www-data:www-data /var/www/.profile
chown www-data:www-data /var/www/.bashrc
sudo -u www-data -H wget https://raw.githubusercontent.com/scopatz/nanorc/files/install.sh -O- | sh
usermod -s /bin/bash www-data
wget -O /etc/bash_completion.d/wp-completion.bash https://raw.githubusercontent.com/wp-cli/wp-cli/master/utils/wp-completion.bash
cp -f /var/www/.profile $REPO_PATH/files/var/www/.profile
cp -f /var/www/.bashrc $REPO_PATH/files/var/www/.bashrc
chown www-data:www-data /var/www/.profile
chown www-data:www-data /var/www/.bashrc
sudo -u www-data -H wget https://raw.githubusercontent.com/scopatz/nanorc/files/install.sh -O- | sh
}
##################################
@ -284,31 +280,30 @@ web_user() {
##################################
php71() {
sudo apt-get install php7.1-fpm php7.1-cli php7.1-zip php7.1-opcache php7.1-mysql php7.1-mcrypt php7.1-mbstring php7.1-json php7.1-intl \
php7.1-gd php7.1-curl php7.1-bz2 php7.1-xml php7.1-tidy php7.1-soap php7.1-bcmath -y php7.1-xsl
sudo cp -f $REPO_PATH/etc/php/7.1/fpm/pool.d/www.conf /etc/php/7.1/fpm/pool.d/www.conf
sudo cp -f $REPO_PATH/etc/php/7.1/fpm/php.ini /etc/php/7.1/fpm/php.ini
cp -f $REPO_PATH/etc/php/7.1/cli/php.ini /etc/php/7.1/cli/php.ini
sudo service php7.1-fpm restart
}
sudo apt-get install php7.1-fpm php7.1-cli php7.1-zip php7.1-opcache php7.1-mysql php7.1-mcrypt php7.1-mbstring php7.1-json php7.1-intl \
php7.1-gd php7.1-curl php7.1-bz2 php7.1-xml php7.1-tidy php7.1-soap php7.1-bcmath -y php7.1-xsl
sudo cp -f $REPO_PATH/etc/php/7.1/fpm/pool.d/www.conf /etc/php/7.1/fpm/pool.d/www.conf
sudo cp -f $REPO_PATH/etc/php/7.1/fpm/php.ini /etc/php/7.1/fpm/php.ini
cp -f $REPO_PATH/etc/php/7.1/cli/php.ini /etc/php/7.1/cli/php.ini
sudo service php7.1-fpm restart
}
##################################
# Install php7.2-fpm
##################################
php72() {
sudo apt-get install php7.2-fpm php7.2-xml php7.2-bz2 php7.2-zip php7.2-mysql php7.2-intl php7.2-gd php7.2-curl php7.2-soap php7.2-mbstring -y
cp -f $REPO_PATH/etc/php/7.2/fpm/pool.d/www.conf /etc/php/7.2/fpm/pool.d/www.conf
cp -f $REPO_PATH/etc/php/7.2/cli/php.ini /etc/php/7.2/cli/php.ini
service php7.2-fpm restart
sudo apt-get install php7.2-fpm php7.2-xml php7.2-bz2 php7.2-zip php7.2-mysql php7.2-intl php7.2-gd php7.2-curl php7.2-soap php7.2-mbstring -y
cp -f $REPO_PATH/etc/php/7.2/fpm/pool.d/www.conf /etc/php/7.2/fpm/pool.d/www.conf
cp -f $REPO_PATH/etc/php/7.2/cli/php.ini /etc/php/7.2/cli/php.ini
service php7.2-fpm restart
}
##################################
@ -316,15 +311,14 @@ php72() {
##################################
php7_conf() {
if [ ! -d /etc/php/7.0 ];
then
cp -f $REPO_PATH/etc/php/7.0/cli/php.ini /etc/php/7.0/cli/php.ini
cp -f $REPO_PATH/etc/php/7.0/fpm/php.ini /etc/php/7.0/fpm/php.ini
fi
if [ ! -d /etc/php/7.0 ]; then
cp -f $REPO_PATH/etc/php/7.0/cli/php.ini /etc/php/7.0/cli/php.ini
cp -f $REPO_PATH/etc/php/7.0/fpm/php.ini /etc/php/7.0/fpm/php.ini
fi
}
##################################
@ -332,11 +326,11 @@ php7_conf() {
##################################
nginx_ee() {
wget https://raw.githubusercontent.com/VirtuBox/nginx-ee/master/nginx-build.sh
chmod +x nginx-build.sh
./nginx-build.sh
wget https://raw.githubusercontent.com/VirtuBox/nginx-ee/master/nginx-build.sh
chmod +x nginx-build.sh
./nginx-build.sh
}
##################################
@ -345,42 +339,38 @@ nginx_ee() {
nginx_conf() {
# php7.1 & 7.2 common configurations
# php7.1 & 7.2 common configurations
cp -rf $REPO_PATH/etc/nginx/common/* /etc/nginx/common/
cp -rf $REPO_PATH/etc/nginx/common/* /etc/nginx/common/
# optimized nginx.config
cp -f $REPO_PATH/etc/nginx/nginx.conf /etc/nginx/nginx.conf
# optimized nginx.config
cp -f $REPO_PATH/etc/nginx/nginx.conf /etc/nginx/nginx.conf
# check nginx configuration
CONF_22222=$(grep -c netdata /etc/nginx/sites-available/22222)
CONF_UPSTREAM=$(grep -c netdata /etc/nginx/conf.d/upstream.conf)
CONF_DEFAULT=$(grep -c status /etc/nginx/sites-available/default)
# check nginx configuration
CONF_22222=$(grep -c netdata /etc/nginx/sites-available/22222)
CONF_UPSTREAM=$(grep -c netdata /etc/nginx/conf.d/upstream.conf)
CONF_DEFAULT=$(grep -c status /etc/nginx/sites-available/default)
if [ "$CONF_22222" = 0 ]; then
# add nginx reverse-proxy for netdata on https://yourserver.hostname:22222/netdata/
sudo cp -f $REPO_PATH/etc/nginx/sites-available/22222 /etc/nginx/sites-available/22222
fi
if [ "$CONF_22222" = 0 ]
then
# add nginx reverse-proxy for netdata on https://yourserver.hostname:22222/netdata/
sudo cp -f $REPO_PATH/etc/nginx/sites-available/22222 /etc/nginx/sites-available/22222
fi
if [ "$CONF_UPSTREAM" = 0 ]; then
# add netdata, php7.1 and php7.2 upstream
sudo cp -f $REPO_PATH/etc/nginx/conf.d/upstream.conf /etc/nginx/conf.d/upstream.conf
fi
if [ "$CONF_UPSTREAM" = 0 ]
then
# add netdata, php7.1 and php7.2 upstream
sudo cp -f $REPO_PATH/etc/nginx/conf.d/upstream.conf /etc/nginx/conf.d/upstream.conf
fi
if [ "$CONF_DEFAULT" = 0 ]; then
# additional nginx locations for monitoring
sudo cp -f $REPO_PATH/etc/nginx/sites-available/default /etc/nginx/sites-available/default
fi
if [ "$CONF_DEFAULT" = 0 ]
then
# additional nginx locations for monitoring
sudo cp -f $REPO_PATH/etc/nginx/sites-available/default /etc/nginx/sites-available/default
fi
# 1) add webp mapping
cp -f $REPO_PATH/etc/nginx/conf.d/webp.conf /etc/nginx/conf.d/webp.conf
# 1) add webp mapping
cp -f $REPO_PATH/etc/nginx/conf.d/webp.conf /etc/nginx/conf.d/webp.conf
nginx -t
service nginx reload
nginx -t
service nginx reload
}
@ -389,14 +379,14 @@ service nginx reload
##################################
f2b() {
cp -f $REPO_PATH/etc/fail2ban/filter.d/ddos.conf /etc/fail2ban/filter.d/ddos.conf
cp -f $REPO_PATH/etc/fail2ban/filter.d/ee-wordpress.conf /etc/fail2ban/filter.d/ee-wordpress.conf
cp -f $REPO_PATH/etc/fail2ban/jail.d/custom.conf /etc/fail2ban/jail.d/custom.conf
cp -f $REPO_PATH/etc/fail2ban/jail.d/ddos.conf /etc/fail2ban/jail.d/ddos.conf
sudo fail2ban-client reload
cp -f $REPO_PATH/etc/fail2ban/filter.d/ddos.conf /etc/fail2ban/filter.d/ddos.conf
cp -f $REPO_PATH/etc/fail2ban/filter.d/ee-wordpress.conf /etc/fail2ban/filter.d/ee-wordpress.conf
cp -f $REPO_PATH/etc/fail2ban/jail.d/custom.conf /etc/fail2ban/jail.d/custom.conf
cp -f $REPO_PATH/etc/fail2ban/jail.d/ddos.conf /etc/fail2ban/jail.d/ddos.conf
sudo fail2ban-client reload
}
##################################
@ -404,14 +394,14 @@ f2b() {
##################################
bashrc_extra() {
git clone https://github.com/alexanderepstein/Bash-Snippets .Bash-Snippets
cd .Bash-Snippets || exit
git checkout v$BASH_SNIPPETS_VER
./install.sh cheat
wget https://raw.githubusercontent.com/scopatz/nanorc/files/install.sh -O- | sh
git clone https://github.com/alexanderepstein/Bash-Snippets .Bash-Snippets
cd .Bash-Snippets || exit
git checkout v$BASH_SNIPPETS_VER
./install.sh cheat
wget https://raw.githubusercontent.com/scopatz/nanorc/files/install.sh -O- | sh
}
##################################
@ -419,11 +409,11 @@ bashrc_extra() {
##################################
ucaresystem() {
sudo add-apt-repository ppa:utappia/stable -y
sudo apt-get update
sudo apt-get install ucaresystem-core -y
sudo add-apt-repository ppa:utappia/stable -y
sudo apt-get update
sudo apt-get install ucaresystem-core -y
}
##################################
@ -431,24 +421,23 @@ ucaresystem() {
##################################
proftpd_setup() {
sudo apt install proftpd -y
# secure proftpd and enable PassivePorts
sed -i 's/# DefaultRoot/DefaultRoot/' /etc/proftpd/proftpd.conf
sed -i 's/# RequireValidShell/RequireValidShell/' /etc/proftpd/proftpd.conf
sed -i 's/# PassivePorts 49152 65534/PassivePorts 49000 50000/' /etc/proftpd/proftpd.conf
sudo service proftpd restart
if [ "$ufw" = "y" ];
then
# ftp passive ports
ufw allow 49000:50000/tcp
fi
sudo apt install proftpd -y
# secure proftpd and enable PassivePorts
sed -i 's/# DefaultRoot/DefaultRoot/' /etc/proftpd/proftpd.conf
sed -i 's/# RequireValidShell/RequireValidShell/' /etc/proftpd/proftpd.conf
sed -i 's/# PassivePorts 49152 65534/PassivePorts 49000 50000/' /etc/proftpd/proftpd.conf
sudo service proftpd restart
if [ "$ufw" = "y" ]; then
# ftp passive ports
ufw allow 49000:50000/tcp
fi
}
##################################
@ -456,26 +445,25 @@ proftpd_setup() {
##################################
netdata() {
if [ ! -d /etc/netdata ];
then
## install dependencies
sudo apt-get install autoconf autoconf-archive autogen automake gcc libmnl-dev lm-sensors make nodejs pkg-config python python-mysqldb python-psycopg2 python-pymongo python-yaml uuid-dev zlib1g-dev -y
## install nedata
bash <(curl -Ss https://my-netdata.io/kickstart.sh) all --dont-wait
## optimize netdata resources usage
echo 1 >/sys/kernel/mm/ksm/run
echo 1000 >/sys/kernel/mm/ksm/sleep_millisecs
## disable email notifigrep -cions
sudo sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/' /etc/netdata/health_alarm_notify.conf
sudo service netdata restart
fi
if [ ! -d /etc/netdata ]; then
## install dependencies
sudo apt-get install autoconf autoconf-archive autogen automake gcc libmnl-dev lm-sensors make nodejs pkg-config python python-mysqldb python-psycopg2 python-pymongo python-yaml uuid-dev zlib1g-dev -y
## install nedata
bash <(curl -Ss https://my-netdata.io/kickstart.sh) all --dont-wait
## optimize netdata resources usage
echo 1 >/sys/kernel/mm/ksm/run
echo 1000 >/sys/kernel/mm/ksm/sleep_millisecs
## disable email notifigrep -cions
sudo sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/' /etc/netdata/health_alarm_notify.conf
sudo service netdata restart
fi
}
##################################
@ -483,15 +471,14 @@ netdata() {
##################################
extplorer() {
if [ ! -d /var/www/22222/htdocs/files ];
then
mkdir /var/www/22222/htdocs/files
wget http://extplorer.net/attachments/download/74/eXtplorer_$EXTPLORER_VER.zip -O /var/www/22222/htdocs/files/ex.zip
cd /var/www/22222/htdocs/files && unzip ex.zip && rm ex.zip
fi
if [ ! -d /var/www/22222/htdocs/files ]; then
mkdir /var/www/22222/htdocs/files
wget http://extplorer.net/attachments/download/74/eXtplorer_$EXTPLORER_VER.zip -O /var/www/22222/htdocs/files/ex.zip
cd /var/www/22222/htdocs/files && unzip ex.zip && rm ex.zip
fi
}
##################################
@ -499,43 +486,100 @@ extplorer() {
##################################
ee_dashboard() {
cd /var/www/22222 || exit
## download latest version of EasyEngine-dashboard
cd /tmp || exit
git clone https://github.com/VirtuBox/easyengine-dashboard.git
sudo cp -rf /tmp/easyengine-dashboard/* /var/www/22222/htdocs/
sudo chown -R www-data:www-data /var/www/22222/htdocs
cd /var/www/22222 || exit
## download latest version of EasyEngine-dashboard
cd /tmp || exit
git clone https://github.com/VirtuBox/easyengine-dashboard.git
sudo cp -rf /tmp/easyengine-dashboard/* /var/www/22222/htdocs/
sudo chown -R www-data:www-data /var/www/22222/htdocs
}
##################################
# Install Acme.sh
##################################
acme_sh() {
# install acme.sh if needed
echo ""
echo "checking if acme.sh is already installed"
echo ""
if [ ! -f $HOME/.acme.sh/acme.sh ]; then
echo ""
echo "installing acme.sh"
echo ""
wget -O - https://get.acme.sh | sh
source $HOME/.bashrc
fi
}
##################################
# Functions
# Secure EasyEngine Dashboard with Acme.sh
##################################
ee-acme-22222() {
MY_HOSTNAME=$(hostname -f)
MY_IP=$(curl -s v4.vtbox.net)
MY_HOSTNAME_IP=$(dig +short @8.8.8.8 "$MY_HOSTNAME")
if [[ "$MY_IP" == "$MY_HOSTNAME_IP" ]]; then
if [ ! -f /etc/systemd/system/multi-user.target.wants/nginx.service ]; then
sudo systemctl enable nginx.service
fi
if [ ! -d $HOME/.acme.sh/${MY_HOSTNAME}_ecc ]; then
$HOME/.acme.sh/acme.sh --issue -d $MY_HOSTNAME --keylength ec-384 --standalone --pre-hook "service nginx stop " --post-hook "service nginx start"
fi
if [ -d /etc/letsencrypt/live/$MY_HOSTNAME ]; then
rm -rf /etc/letsencrypt/live/$MY_HOSTNAME/*
else
mkdir -p /etc/letsencrypt/live/$MY_HOSTNAME
fi
# install the cert and reload nginx
$HOME/.acme.sh/acme.sh --install-cert -d ${MY_HOSTNAME} --ecc \
--cert-file /etc/letsencrypt/live/${MY_HOSTNAME}/cert.pem \
--key-file /etc/letsencrypt/live/${MY_HOSTNAME}/key.pem \
--fullchain-file /etc/letsencrypt/live/${MY_HOSTNAME}/fullchain.pem \
--reloadcmd "systemctl reload nginx.service"
if [ -f /etc/letsencrypt/live/${MY_HOSTNAME}/fullchain.pem ] && [ -f /etc/letsencrypt/live/${MY_HOSTNAME}/key.pem ]; then
sed -i "s/ssl_certificate \/var\/www\/22222\/cert\/22222.crt;/ssl_certificate \/etc\/letsencrypt\/live\/${MY_HOSTNAME}\/fullchain.pem;/" /etc/nginx/sites-available/22222
sed -i "s/ssl_certificate_key \/var\/www\/22222\/cert\/22222.key;/ssl_certificate_key \/etc\/letsencrypt\/live\/${MY_HOSTNAME}\/key.pem;/" /etc/nginx/sites-available/22222
fi
service nginx reload
fi
}
##################################
# Functions
##################################
useful
dl_repo
sysctl
if [ "$ufw" = "y" ]
then
ufw
if [ "$ufw" = "y" ]; then
ufw
fi
mariadb_repo
if [ "$mariadb_server" = "y" ]
then
mariadb_setup
mariadb_tweaks
if [ "$mariadb_server" = "y" ]; then
mariadb_setup
mariadb_tweaks
fi
if [ "$mariadb_client" = "y" ]
then
mariadb_client
if [ "$mariadb_client" = "y" ]; then
mariadb_client
fi
ee_install
@ -544,30 +588,25 @@ ee_fix
web_user
php7_conf
if [ "$phpfpm71" = "y" ]
then
php71
if [ "$phpfpm71" = "y" ]; then
php71
fi
if [ "$phpfpm72" = "y" ]
then
php72
if [ "$phpfpm72" = "y" ]; then
php72
fi
if [ "$nginxee" = "y" ]
then
nginx_ee
nginx_conf
if [ "$nginxee" = "y" ]; then
nginx_ee
nginx_conf
fi
if [ "$fail2ban" = "y" ]
then
f2b
if [ "$fail2ban" = "y" ]; then
f2b
fi
if [ "$proftpd" = "y" ]
then
proftpd_setup
if [ "$proftpd" = "y" ]; then
proftpd_setup
fi
bashrc_extra
@ -577,14 +616,5 @@ netdata
extplorer
ee_dashboard
acme_sh
ee-acme-22222