update script
This commit is contained in:
parent
65d70288ca
commit
87e6733919
634
scripts/init.sh
634
scripts/init.sh
|
@ -14,17 +14,17 @@ CGREEN="${CSI}1;32m"
|
|||
|
||||
EXTPLORER_VER="2.1.10"
|
||||
BASH_SNIPPETS_VER="1.22.0"
|
||||
REPO_PATH="/tmp/ubuntu-nginx-web-server"
|
||||
REPO_PATH=/tmp/ubuntu-nginx-web-server
|
||||
|
||||
##################################
|
||||
# Check if user is root
|
||||
##################################
|
||||
|
||||
if [ "$(id -u)" != "0" ]; then
|
||||
echo "Error: You must be root to run this script, please use the root user to install the software."
|
||||
echo ""
|
||||
echo "Use 'sudo su - root' to login as root"
|
||||
exit 1
|
||||
echo "Error: You must be root to run this script, please use the root user to install the software."
|
||||
echo ""
|
||||
echo "Use 'sudo su - root' to login as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
clear
|
||||
|
@ -44,45 +44,45 @@ echo ""
|
|||
echo ""
|
||||
echo "Do you want to install ufw (firewall) ? (y/n)"
|
||||
while [[ $ufw != "y" && $ufw != "n" ]]; do
|
||||
read -p "Select an option [y/n]: " ufw
|
||||
read -p "Select an option [y/n]: " ufw
|
||||
done
|
||||
echo ""
|
||||
echo ""
|
||||
echo "Do you want to install fail2ban ? (y/n)"
|
||||
while [[ $fail2ban != "y" && $fail2ban != "n" ]]; do
|
||||
read -p "Select an option [y/n]: " fail2ban
|
||||
read -p "Select an option [y/n]: " fail2ban
|
||||
done
|
||||
echo ""
|
||||
echo "Do you want to install MariaDB-server 10.3 ? (y/n)"
|
||||
while [[ $mariadb_server != "y" && $mariadb_server != "n" ]]; do
|
||||
read -p "Select an option [y/n]: " mariadb_server
|
||||
read -p "Select an option [y/n]: " mariadb_server
|
||||
done
|
||||
if [ "$mariadb_server" = "n" ]; then
|
||||
echo ""
|
||||
echo "Do you want to install MariaDB-client ? (y/n)"
|
||||
while [[ $mariadb_client != "y" && $mariadb_client != "n" ]]; do
|
||||
read -p "Select an option [y/n]: " mariadb_client
|
||||
done
|
||||
echo ""
|
||||
echo "Do you want to install MariaDB-client ? (y/n)"
|
||||
while [[ $mariadb_client != "y" && $mariadb_client != "n" ]]; do
|
||||
read -p "Select an option [y/n]: " mariadb_client
|
||||
done
|
||||
fi
|
||||
echo ""
|
||||
echo "Do you want to compile the last nginx-ee ? (y/n)"
|
||||
while [[ $nginxee != "y" && $nginxee != "n" ]]; do
|
||||
read -p "Select an option [y/n]: " nginxee
|
||||
read -p "Select an option [y/n]: " nginxee
|
||||
done
|
||||
echo ""
|
||||
echo "Do you want php7.1-fpm ? (y/n)"
|
||||
while [[ $phpfpm71 != "y" && $phpfpm71 != "n" ]]; do
|
||||
read -p "Select an option [y/n]: " phpfpm71
|
||||
read -p "Select an option [y/n]: " phpfpm71
|
||||
done
|
||||
echo ""
|
||||
echo "Do you want php7.2-fpm ? (y/n)"
|
||||
while [[ $phpfpm72 != "y" && $phpfpm72 != "n" ]]; do
|
||||
read -p "Select an option [y/n]: " phpfpm72
|
||||
read -p "Select an option [y/n]: " phpfpm72
|
||||
done
|
||||
echo ""
|
||||
echo "Do you want proftpd ? (y/n)"
|
||||
while [[ $proftpd != "y" && $proftpd != "n" ]]; do
|
||||
read -p "Select an option [y/n]: " proftpd
|
||||
read -p "Select an option [y/n]: " proftpd
|
||||
done
|
||||
|
||||
echo ""
|
||||
|
@ -99,33 +99,33 @@ sudo apt-get upgrade -y && apt-get autoremove -y && apt-get clean
|
|||
##################################
|
||||
|
||||
ufw() {
|
||||
|
||||
if [ ! -d /etc/ufw ]; then
|
||||
apt-get install ufw -y
|
||||
fi
|
||||
|
||||
ufw logging low
|
||||
ufw default allow outgoing
|
||||
ufw default deny incoming
|
||||
|
||||
# required
|
||||
ufw allow 22
|
||||
ufw allow 53
|
||||
ufw allow http
|
||||
ufw allow https
|
||||
ufw allow 21
|
||||
ufw allow 68
|
||||
ufw allow 546
|
||||
ufw allow 873
|
||||
ufw allow 123
|
||||
ufw allow 22222
|
||||
|
||||
# optional for monitoring
|
||||
|
||||
ufw allow 161
|
||||
ufw allow 6556
|
||||
ufw allow 10050
|
||||
|
||||
|
||||
if [ ! -d /etc/ufw ]; then
|
||||
apt-get install ufw -y
|
||||
fi
|
||||
|
||||
ufw logging low
|
||||
ufw default allow outgoing
|
||||
ufw default deny incoming
|
||||
|
||||
# required
|
||||
ufw allow 22
|
||||
ufw allow 53
|
||||
ufw allow http
|
||||
ufw allow https
|
||||
ufw allow 21
|
||||
ufw allow 68
|
||||
ufw allow 546
|
||||
ufw allow 873
|
||||
ufw allow 123
|
||||
ufw allow 22222
|
||||
|
||||
# optional for monitoring
|
||||
|
||||
ufw allow 161
|
||||
ufw allow 6556
|
||||
ufw allow 10050
|
||||
|
||||
}
|
||||
|
||||
##################################
|
||||
|
@ -133,12 +133,12 @@ ufw() {
|
|||
##################################
|
||||
|
||||
useful() {
|
||||
|
||||
apt-get install haveged curl git unzip zip fail2ban htop nload nmon ntp -y
|
||||
|
||||
# ntp time
|
||||
systemctl enable ntp
|
||||
|
||||
|
||||
apt-get install haveged curl git unzip zip fail2ban htop nload nmon ntp -y
|
||||
|
||||
# ntp time
|
||||
systemctl enable ntp
|
||||
|
||||
}
|
||||
|
||||
##################################
|
||||
|
@ -146,11 +146,11 @@ useful() {
|
|||
##################################
|
||||
|
||||
dl_repo() {
|
||||
|
||||
cd /tmp || exit
|
||||
rm -rf /tmp/ubuntu-nginx-web-server
|
||||
git clone https://github.com/VirtuBox/ubuntu-nginx-web-server.git /tmp/ubuntu-nginx-web-server
|
||||
|
||||
|
||||
cd /tmp || exit
|
||||
rm -rf /tmp/ubuntu-nginx-web-server
|
||||
git clone https://github.com/VirtuBox/ubuntu-nginx-web-server.git
|
||||
|
||||
}
|
||||
|
||||
##################################
|
||||
|
@ -158,15 +158,15 @@ dl_repo() {
|
|||
##################################
|
||||
|
||||
sysctl() {
|
||||
|
||||
sudo modprobe tcp_htcp
|
||||
cp -f $REPO_PATH/etc/sysctl.conf /etc/sysctl.conf
|
||||
sysctl -p
|
||||
cp -f $REPO_PATH/etc/security/limits.conf /etc/security/limits.conf
|
||||
|
||||
# Redis transparent_hugepage
|
||||
echo never >/sys/kernel/mm/transparent_hugepage/enabled
|
||||
|
||||
|
||||
sudo modprobe tcp_htcp
|
||||
cp -f $REPO_PATH/etc/sysctl.conf /etc/sysctl.conf
|
||||
sysctl -p
|
||||
cp -f $REPO_PATH/etc/security/limits.conf /etc/security/limits.conf
|
||||
|
||||
# Redis transparent_hugepage
|
||||
echo never >/sys/kernel/mm/transparent_hugepage/enabled
|
||||
|
||||
}
|
||||
|
||||
##################################
|
||||
|
@ -174,11 +174,11 @@ sysctl() {
|
|||
##################################
|
||||
|
||||
mariadb_repo() {
|
||||
|
||||
curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup |
|
||||
sudo bash -s -- --mariadb-server-version=10.3 --skip-maxscale -y
|
||||
sudo apt-get update
|
||||
|
||||
|
||||
curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup |
|
||||
sudo bash -s -- --mariadb-server-version=10.3 --skip-maxscale -y
|
||||
sudo apt-get update
|
||||
|
||||
}
|
||||
|
||||
##################################
|
||||
|
@ -186,15 +186,15 @@ mariadb_repo() {
|
|||
##################################
|
||||
|
||||
mariadb_setup() {
|
||||
|
||||
sudo apt-get install -y mariadb-server
|
||||
|
||||
|
||||
sudo apt-get install -y mariadb-server
|
||||
|
||||
}
|
||||
|
||||
mariadb_client() {
|
||||
|
||||
sudo apt-get install -y mariadb-client
|
||||
|
||||
|
||||
sudo apt-get install -y mariadb-client
|
||||
|
||||
}
|
||||
|
||||
##################################
|
||||
|
@ -202,19 +202,19 @@ mariadb_client() {
|
|||
##################################
|
||||
|
||||
mariadb_tweaks() {
|
||||
|
||||
cp -f $REPO_PATH/etc/mysql/my.cnf /etc/mysql/my.cnf
|
||||
|
||||
sudo service mysql stop
|
||||
|
||||
sudo mv /var/lib/mysql/ib_logfile0 /var/lib/mysql/ib_logfile0.bak
|
||||
sudo mv /var/lib/mysql/ib_logfile1 /var/lib/mysql/ib_logfile1.bak
|
||||
|
||||
cp -f $REPO_PATH/etc/systemd/system/mariadb.service.d/limits.conf /etc/systemd/system/mariadb.service.d/limits.conf
|
||||
sudo systemctl daemon-reload
|
||||
|
||||
sudo service mysql start
|
||||
|
||||
|
||||
cp -f $REPO_PATH/etc/mysql/my.cnf /etc/mysql/my.cnf
|
||||
|
||||
sudo service mysql stop
|
||||
|
||||
sudo mv /var/lib/mysql/ib_logfile0 /var/lib/mysql/ib_logfile0.bak
|
||||
sudo mv /var/lib/mysql/ib_logfile1 /var/lib/mysql/ib_logfile1.bak
|
||||
|
||||
cp -f $REPO_PATH/etc/systemd/system/mariadb.service.d/limits.conf /etc/systemd/system/mariadb.service.d/limits.conf
|
||||
sudo systemctl daemon-reload
|
||||
|
||||
sudo service mysql start
|
||||
|
||||
}
|
||||
|
||||
##################################
|
||||
|
@ -222,12 +222,12 @@ mariadb_tweaks() {
|
|||
##################################
|
||||
|
||||
ee_install() {
|
||||
|
||||
sudo bash -c 'echo -e "[user]\n\tname = $USER\n\temail = $USER@$HOSTNAME" > $HOME/.gitconfig'
|
||||
sudo wget -qO ee rt.cx/ee && sudo bash ee
|
||||
|
||||
source /etc/bash_completion.d/ee_auto.rc
|
||||
|
||||
|
||||
sudo bash -c 'echo -e "[user]\n\tname = $USER\n\temail = $USER@$HOSTNAME" > $HOME/.gitconfig'
|
||||
sudo wget -qO ee rt.cx/ee && sudo bash ee
|
||||
|
||||
source /etc/bash_completion.d/ee_auto.rc
|
||||
|
||||
}
|
||||
|
||||
##################################
|
||||
|
@ -235,10 +235,10 @@ ee_install() {
|
|||
##################################
|
||||
|
||||
ee_setup() {
|
||||
|
||||
ee stack install
|
||||
ee stack install --php7 --redis --admin --phpredisadmin
|
||||
|
||||
|
||||
ee stack install
|
||||
ee stack install --php7 --redis --admin --phpredisadmin
|
||||
|
||||
}
|
||||
|
||||
##################################
|
||||
|
@ -246,14 +246,14 @@ ee_setup() {
|
|||
##################################
|
||||
|
||||
ee_fix() {
|
||||
|
||||
cd ~/ || exit
|
||||
curl -sS https://getcomposer.org/installer | php
|
||||
mv composer.phar /usr/bin/composer
|
||||
|
||||
chown www-data:www-data /var/www
|
||||
sudo -u www-data -H composer update -d /var/www/22222/htdocs/db/pma/
|
||||
|
||||
|
||||
cd ~/ || exit
|
||||
curl -sS https://getcomposer.org/installer | php
|
||||
mv composer.phar /usr/bin/composer
|
||||
|
||||
chown www-data:www-data /var/www
|
||||
sudo -u www-data -H composer update -d /var/www/22222/htdocs/db/pma/
|
||||
|
||||
}
|
||||
|
||||
##################################
|
||||
|
@ -261,18 +261,18 @@ ee_fix() {
|
|||
##################################
|
||||
|
||||
web_user() {
|
||||
|
||||
usermod -s /bin/bash www-data
|
||||
|
||||
wget -O /etc/bash_completion.d/wp-completion.bash https://raw.githubusercontent.com/wp-cli/wp-cli/master/utils/wp-completion.bash
|
||||
cp -f /var/www/.profile $REPO_PATH/files/var/www/.profile
|
||||
cp -f /var/www/.bashrc $REPO_PATH/files/var/www/.bashrc
|
||||
|
||||
chown www-data:www-data /var/www/.profile
|
||||
chown www-data:www-data /var/www/.bashrc
|
||||
|
||||
sudo -u www-data -H wget https://raw.githubusercontent.com/scopatz/nanorc/files/install.sh -O- | sh
|
||||
|
||||
|
||||
usermod -s /bin/bash www-data
|
||||
|
||||
wget -O /etc/bash_completion.d/wp-completion.bash https://raw.githubusercontent.com/wp-cli/wp-cli/master/utils/wp-completion.bash
|
||||
cp -f /var/www/.profile $REPO_PATH/files/var/www/.profile
|
||||
cp -f /var/www/.bashrc $REPO_PATH/files/var/www/.bashrc
|
||||
|
||||
chown www-data:www-data /var/www/.profile
|
||||
chown www-data:www-data /var/www/.bashrc
|
||||
|
||||
sudo -u www-data -H wget https://raw.githubusercontent.com/scopatz/nanorc/files/install.sh -O- | sh
|
||||
|
||||
}
|
||||
|
||||
##################################
|
||||
|
@ -280,16 +280,16 @@ web_user() {
|
|||
##################################
|
||||
|
||||
php71() {
|
||||
|
||||
sudo apt-get install php7.1-fpm php7.1-cli php7.1-zip php7.1-opcache php7.1-mysql php7.1-mcrypt php7.1-mbstring php7.1-json php7.1-intl \
|
||||
php7.1-gd php7.1-curl php7.1-bz2 php7.1-xml php7.1-tidy php7.1-soap php7.1-bcmath -y php7.1-xsl
|
||||
|
||||
sudo cp -f $REPO_PATH/etc/php/7.1/fpm/pool.d/www.conf /etc/php/7.1/fpm/pool.d/www.conf
|
||||
|
||||
sudo cp -f $REPO_PATH/etc/php/7.1/fpm/php.ini /etc/php/7.1/fpm/php.ini
|
||||
cp -f $REPO_PATH/etc/php/7.1/cli/php.ini /etc/php/7.1/cli/php.ini
|
||||
sudo service php7.1-fpm restart
|
||||
|
||||
|
||||
sudo apt-get install php7.1-fpm php7.1-cli php7.1-zip php7.1-opcache php7.1-mysql php7.1-mcrypt php7.1-mbstring php7.1-json php7.1-intl \
|
||||
php7.1-gd php7.1-curl php7.1-bz2 php7.1-xml php7.1-tidy php7.1-soap php7.1-bcmath -y php7.1-xsl
|
||||
|
||||
sudo cp -f $REPO_PATH/etc/php/7.1/fpm/pool.d/www.conf /etc/php/7.1/fpm/pool.d/www.conf
|
||||
|
||||
sudo cp -f $REPO_PATH/etc/php/7.1/fpm/php.ini /etc/php/7.1/fpm/php.ini
|
||||
cp -f $REPO_PATH/etc/php/7.1/cli/php.ini /etc/php/7.1/cli/php.ini
|
||||
sudo service php7.1-fpm restart
|
||||
|
||||
}
|
||||
|
||||
##################################
|
||||
|
@ -297,13 +297,13 @@ php71() {
|
|||
##################################
|
||||
|
||||
php72() {
|
||||
|
||||
sudo apt-get install php7.2-fpm php7.2-xml php7.2-bz2 php7.2-zip php7.2-mysql php7.2-intl php7.2-gd php7.2-curl php7.2-soap php7.2-mbstring -y
|
||||
|
||||
cp -f $REPO_PATH/etc/php/7.2/fpm/pool.d/www.conf /etc/php/7.2/fpm/pool.d/www.conf
|
||||
cp -f $REPO_PATH/etc/php/7.2/cli/php.ini /etc/php/7.2/cli/php.ini
|
||||
service php7.2-fpm restart
|
||||
|
||||
|
||||
sudo apt-get install php7.2-fpm php7.2-xml php7.2-bz2 php7.2-zip php7.2-mysql php7.2-intl php7.2-gd php7.2-curl php7.2-soap php7.2-mbstring -y
|
||||
|
||||
cp -f $REPO_PATH/etc/php/7.2/fpm/pool.d/www.conf /etc/php/7.2/fpm/pool.d/www.conf
|
||||
cp -f $REPO_PATH/etc/php/7.2/cli/php.ini /etc/php/7.2/cli/php.ini
|
||||
service php7.2-fpm restart
|
||||
|
||||
}
|
||||
|
||||
##################################
|
||||
|
@ -311,14 +311,14 @@ php72() {
|
|||
##################################
|
||||
|
||||
php7_conf() {
|
||||
|
||||
if [ ! -d /etc/php/7.0 ]; then
|
||||
|
||||
cp -f $REPO_PATH/etc/php/7.0/cli/php.ini /etc/php/7.0/cli/php.ini
|
||||
cp -f $REPO_PATH/etc/php/7.0/fpm/php.ini /etc/php/7.0/fpm/php.ini
|
||||
|
||||
fi
|
||||
|
||||
|
||||
if [ ! -d /etc/php/7.0 ]; then
|
||||
|
||||
cp -f $REPO_PATH/etc/php/7.0/cli/php.ini /etc/php/7.0/cli/php.ini
|
||||
cp -f $REPO_PATH/etc/php/7.0/fpm/php.ini /etc/php/7.0/fpm/php.ini
|
||||
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
##################################
|
||||
|
@ -326,11 +326,11 @@ php7_conf() {
|
|||
##################################
|
||||
|
||||
nginx_ee() {
|
||||
|
||||
wget https://raw.githubusercontent.com/VirtuBox/nginx-ee/master/nginx-build.sh
|
||||
chmod +x nginx-build.sh
|
||||
./nginx-build.sh
|
||||
|
||||
|
||||
wget https://raw.githubusercontent.com/VirtuBox/nginx-ee/master/nginx-build.sh
|
||||
chmod +x nginx-build.sh
|
||||
./nginx-build.sh
|
||||
|
||||
}
|
||||
|
||||
##################################
|
||||
|
@ -338,40 +338,40 @@ nginx_ee() {
|
|||
##################################
|
||||
|
||||
nginx_conf() {
|
||||
|
||||
# php7.1 & 7.2 common configurations
|
||||
|
||||
cp -rf $REPO_PATH/etc/nginx/common/* /etc/nginx/common/
|
||||
|
||||
# optimized nginx.config
|
||||
cp -f $REPO_PATH/etc/nginx/nginx.conf /etc/nginx/nginx.conf
|
||||
|
||||
# check nginx configuration
|
||||
CONF_22222=$(grep -c netdata /etc/nginx/sites-available/22222)
|
||||
CONF_UPSTREAM=$(grep -c netdata /etc/nginx/conf.d/upstream.conf)
|
||||
CONF_DEFAULT=$(grep -c status /etc/nginx/sites-available/default)
|
||||
|
||||
if [ "$CONF_22222" = 0 ]; then
|
||||
# add nginx reverse-proxy for netdata on https://yourserver.hostname:22222/netdata/
|
||||
sudo cp -f $REPO_PATH/etc/nginx/sites-available/22222 /etc/nginx/sites-available/22222
|
||||
fi
|
||||
|
||||
if [ "$CONF_UPSTREAM" = 0 ]; then
|
||||
# add netdata, php7.1 and php7.2 upstream
|
||||
sudo cp -f $REPO_PATH/etc/nginx/conf.d/upstream.conf /etc/nginx/conf.d/upstream.conf
|
||||
fi
|
||||
|
||||
if [ "$CONF_DEFAULT" = 0 ]; then
|
||||
# additional nginx locations for monitoring
|
||||
sudo cp -f $REPO_PATH/etc/nginx/sites-available/default /etc/nginx/sites-available/default
|
||||
fi
|
||||
|
||||
# 1) add webp mapping
|
||||
cp -f $REPO_PATH/etc/nginx/conf.d/webp.conf /etc/nginx/conf.d/webp.conf
|
||||
|
||||
nginx -t
|
||||
service nginx reload
|
||||
|
||||
|
||||
# php7.1 & 7.2 common configurations
|
||||
|
||||
cp -rf $REPO_PATH/etc/nginx/common/* /etc/nginx/common/
|
||||
|
||||
# optimized nginx.config
|
||||
cp -f $REPO_PATH/etc/nginx/nginx.conf /etc/nginx/nginx.conf
|
||||
|
||||
# check nginx configuration
|
||||
CONF_22222=$(grep -c netdata /etc/nginx/sites-available/22222)
|
||||
CONF_UPSTREAM=$(grep -c netdata /etc/nginx/conf.d/upstream.conf)
|
||||
CONF_DEFAULT=$(grep -c status /etc/nginx/sites-available/default)
|
||||
|
||||
if [ "$CONF_22222" = 0 ]; then
|
||||
# add nginx reverse-proxy for netdata on https://yourserver.hostname:22222/netdata/
|
||||
sudo cp -f $REPO_PATH/etc/nginx/sites-available/22222 /etc/nginx/sites-available/22222
|
||||
fi
|
||||
|
||||
if [ "$CONF_UPSTREAM" = 0 ]; then
|
||||
# add netdata, php7.1 and php7.2 upstream
|
||||
sudo cp -f $REPO_PATH/etc/nginx/conf.d/upstream.conf /etc/nginx/conf.d/upstream.conf
|
||||
fi
|
||||
|
||||
if [ "$CONF_DEFAULT" = 0 ]; then
|
||||
# additional nginx locations for monitoring
|
||||
sudo cp -f $REPO_PATH/etc/nginx/sites-available/default /etc/nginx/sites-available/default
|
||||
fi
|
||||
|
||||
# 1) add webp mapping
|
||||
cp -f $REPO_PATH/etc/nginx/conf.d/webp.conf /etc/nginx/conf.d/webp.conf
|
||||
|
||||
nginx -t
|
||||
service nginx reload
|
||||
|
||||
}
|
||||
|
||||
##################################
|
||||
|
@ -379,14 +379,14 @@ nginx_conf() {
|
|||
##################################
|
||||
|
||||
f2b() {
|
||||
|
||||
cp -f $REPO_PATH/etc/fail2ban/filter.d/ddos.conf /etc/fail2ban/filter.d/ddos.conf
|
||||
cp -f $REPO_PATH/etc/fail2ban/filter.d/ee-wordpress.conf /etc/fail2ban/filter.d/ee-wordpress.conf
|
||||
cp -f $REPO_PATH/etc/fail2ban/jail.d/custom.conf /etc/fail2ban/jail.d/custom.conf
|
||||
cp -f $REPO_PATH/etc/fail2ban/jail.d/ddos.conf /etc/fail2ban/jail.d/ddos.conf
|
||||
|
||||
sudo fail2ban-client reload
|
||||
|
||||
|
||||
cp -f $REPO_PATH/etc/fail2ban/filter.d/ddos.conf /etc/fail2ban/filter.d/ddos.conf
|
||||
cp -f $REPO_PATH/etc/fail2ban/filter.d/ee-wordpress.conf /etc/fail2ban/filter.d/ee-wordpress.conf
|
||||
cp -f $REPO_PATH/etc/fail2ban/jail.d/custom.conf /etc/fail2ban/jail.d/custom.conf
|
||||
cp -f $REPO_PATH/etc/fail2ban/jail.d/ddos.conf /etc/fail2ban/jail.d/ddos.conf
|
||||
|
||||
sudo fail2ban-client reload
|
||||
|
||||
}
|
||||
|
||||
##################################
|
||||
|
@ -394,14 +394,14 @@ f2b() {
|
|||
##################################
|
||||
|
||||
bashrc_extra() {
|
||||
|
||||
git clone https://github.com/alexanderepstein/Bash-Snippets .Bash-Snippets
|
||||
cd .Bash-Snippets || exit
|
||||
git checkout v$BASH_SNIPPETS_VER
|
||||
./install.sh cheat
|
||||
|
||||
wget https://raw.githubusercontent.com/scopatz/nanorc/files/install.sh -O- | sh
|
||||
|
||||
|
||||
git clone https://github.com/alexanderepstein/Bash-Snippets .Bash-Snippets
|
||||
cd .Bash-Snippets || exit
|
||||
git checkout v$BASH_SNIPPETS_VER
|
||||
./install.sh cheat
|
||||
|
||||
wget https://raw.githubusercontent.com/scopatz/nanorc/files/install.sh -O- | sh
|
||||
|
||||
}
|
||||
|
||||
##################################
|
||||
|
@ -409,11 +409,11 @@ bashrc_extra() {
|
|||
##################################
|
||||
|
||||
ucaresystem() {
|
||||
|
||||
sudo add-apt-repository ppa:utappia/stable -y
|
||||
sudo apt-get update
|
||||
sudo apt-get install ucaresystem-core -y
|
||||
|
||||
|
||||
sudo add-apt-repository ppa:utappia/stable -y
|
||||
sudo apt-get update
|
||||
sudo apt-get install ucaresystem-core -y
|
||||
|
||||
}
|
||||
|
||||
##################################
|
||||
|
@ -421,49 +421,51 @@ ucaresystem() {
|
|||
##################################
|
||||
|
||||
proftpd_setup() {
|
||||
|
||||
sudo apt install proftpd -y
|
||||
|
||||
# secure proftpd and enable PassivePorts
|
||||
|
||||
sed -i 's/# DefaultRoot/DefaultRoot/' /etc/proftpd/proftpd.conf
|
||||
sed -i 's/# RequireValidShell/RequireValidShell/' /etc/proftpd/proftpd.conf
|
||||
sed -i 's/# PassivePorts 49152 65534/PassivePorts 49000 50000/' /etc/proftpd/proftpd.conf
|
||||
|
||||
sudo service proftpd restart
|
||||
|
||||
if [ "$ufw" = "y" ]; then
|
||||
|
||||
# ftp passive ports
|
||||
ufw allow 49000:50000/tcp
|
||||
fi
|
||||
|
||||
|
||||
sudo apt install proftpd -y
|
||||
|
||||
# secure proftpd and enable PassivePorts
|
||||
|
||||
sed -i 's/# DefaultRoot/DefaultRoot/' /etc/proftpd/proftpd.conf
|
||||
sed -i 's/# RequireValidShell/RequireValidShell/' /etc/proftpd/proftpd.conf
|
||||
sed -i 's/# PassivePorts 49152 65534/PassivePorts 49000 50000/' /etc/proftpd/proftpd.conf
|
||||
|
||||
sudo service proftpd restart
|
||||
|
||||
if [ "$ufw" = "y" ]; then
|
||||
|
||||
# ftp passive ports
|
||||
ufw allow 49000:50000/tcp
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
##################################
|
||||
# Install Netdata
|
||||
##################################
|
||||
|
||||
netdata() {
|
||||
|
||||
if [ ! -d /etc/netdata ]; then
|
||||
|
||||
## install dependencies
|
||||
sudo apt-get install autoconf autoconf-archive autogen automake gcc libmnl-dev lm-sensors make nodejs pkg-config python python-mysqldb python-psycopg2 python-pymongo python-yaml uuid-dev zlib1g-dev -y
|
||||
|
||||
## install nedata
|
||||
bash <(curl -Ss https://my-netdata.io/kickstart.sh) all --dont-wait
|
||||
|
||||
## optimize netdata resources usage
|
||||
echo 1 >/sys/kernel/mm/ksm/run
|
||||
echo 1000 >/sys/kernel/mm/ksm/sleep_millisecs
|
||||
|
||||
## disable email notifigrep -cions
|
||||
sudo sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/' /etc/netdata/health_alarm_notify.conf
|
||||
sudo service netdata restart
|
||||
|
||||
fi
|
||||
|
||||
netdata_install() {
|
||||
|
||||
if [ ! -d /etc/netdata ]; then
|
||||
|
||||
## install dependencies
|
||||
sudo apt-get install autoconf autoconf-archive autogen automake gcc libmnl-dev lm-sensors make nodejs pkg-config python python-mysqldb python-psycopg2 python-pymongo python-yaml uuid-dev zlib1g-dev -y
|
||||
|
||||
## install nedata
|
||||
wget https://my-netdata.io/kickstart.sh
|
||||
chmod +x kickstart.sh
|
||||
./kickstart.sh all --dont-wait
|
||||
|
||||
## optimize netdata resources usage
|
||||
echo 1 >/sys/kernel/mm/ksm/run
|
||||
echo 1000 >/sys/kernel/mm/ksm/sleep_millisecs
|
||||
|
||||
## disable email notifigrep -cions
|
||||
sudo sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/' /etc/netdata/health_alarm_notify.conf
|
||||
sudo service netdata restart
|
||||
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
##################################
|
||||
|
@ -471,14 +473,14 @@ netdata() {
|
|||
##################################
|
||||
|
||||
extplorer() {
|
||||
|
||||
if [ ! -d /var/www/22222/htdocs/files ]; then
|
||||
|
||||
mkdir /var/www/22222/htdocs/files
|
||||
wget http://extplorer.net/attachments/download/74/eXtplorer_$EXTPLORER_VER.zip -O /var/www/22222/htdocs/files/ex.zip
|
||||
cd /var/www/22222/htdocs/files && unzip ex.zip && rm ex.zip
|
||||
fi
|
||||
|
||||
|
||||
if [ ! -d /var/www/22222/htdocs/files ]; then
|
||||
|
||||
mkdir /var/www/22222/htdocs/files
|
||||
wget http://extplorer.net/attachments/download/74/eXtplorer_$EXTPLORER_VER.zip -O /var/www/22222/htdocs/files/ex.zip
|
||||
cd /var/www/22222/htdocs/files && unzip ex.zip && rm ex.zip
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
##################################
|
||||
|
@ -486,15 +488,15 @@ extplorer() {
|
|||
##################################
|
||||
|
||||
ee_dashboard() {
|
||||
|
||||
cd /var/www/22222 || exit
|
||||
|
||||
## download latest version of EasyEngine-dashboard
|
||||
cd /tmp || exit
|
||||
git clone https://github.com/VirtuBox/easyengine-dashboard.git
|
||||
sudo cp -rf /tmp/easyengine-dashboard/* /var/www/22222/htdocs/
|
||||
sudo chown -R www-data:www-data /var/www/22222/htdocs
|
||||
|
||||
|
||||
cd /var/www/22222 || exit
|
||||
|
||||
## download latest version of EasyEngine-dashboard
|
||||
cd /tmp || exit
|
||||
git clone https://github.com/VirtuBox/easyengine-dashboard.git
|
||||
sudo cp -rf /tmp/easyengine-dashboard/* /var/www/22222/htdocs/
|
||||
sudo chown -R www-data:www-data /var/www/22222/htdocs
|
||||
|
||||
}
|
||||
|
||||
##################################
|
||||
|
@ -502,19 +504,19 @@ ee_dashboard() {
|
|||
##################################
|
||||
|
||||
acme_sh() {
|
||||
|
||||
# install acme.sh if needed
|
||||
echo ""
|
||||
echo "checking if acme.sh is already installed"
|
||||
echo ""
|
||||
if [ ! -f $HOME/.acme.sh/acme.sh ]; then
|
||||
echo ""
|
||||
echo "installing acme.sh"
|
||||
echo ""
|
||||
wget -O - https://get.acme.sh | sh
|
||||
source $HOME/.bashrc
|
||||
fi
|
||||
|
||||
|
||||
# install acme.sh if needed
|
||||
echo ""
|
||||
echo "checking if acme.sh is already installed"
|
||||
echo ""
|
||||
if [ ! -f $HOME/.acme.sh/acme.sh ]; then
|
||||
echo ""
|
||||
echo "installing acme.sh"
|
||||
echo ""
|
||||
wget -O - https://get.acme.sh | sh
|
||||
source $HOME/.bashrc
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
##################################
|
||||
|
@ -522,41 +524,41 @@ acme_sh() {
|
|||
##################################
|
||||
|
||||
ee-acme-22222() {
|
||||
|
||||
MY_HOSTNAME=$(hostname -f)
|
||||
MY_IP=$(curl -s v4.vtbox.net)
|
||||
MY_HOSTNAME_IP=$(dig +short @8.8.8.8 "$MY_HOSTNAME")
|
||||
|
||||
if [[ "$MY_IP" == "$MY_HOSTNAME_IP" ]]; then
|
||||
|
||||
if [ ! -f /etc/systemd/system/multi-user.target.wants/nginx.service ]; then
|
||||
sudo systemctl enable nginx.service
|
||||
fi
|
||||
|
||||
if [ ! -d $HOME/.acme.sh/${MY_HOSTNAME}_ecc ]; then
|
||||
$HOME/.acme.sh/acme.sh --issue -d $MY_HOSTNAME --keylength ec-384 --standalone --pre-hook "service nginx stop " --post-hook "service nginx start"
|
||||
fi
|
||||
|
||||
if [ -d /etc/letsencrypt/live/$MY_HOSTNAME ]; then
|
||||
rm -rf /etc/letsencrypt/live/$MY_HOSTNAME/*
|
||||
else
|
||||
mkdir -p /etc/letsencrypt/live/$MY_HOSTNAME
|
||||
fi
|
||||
|
||||
# install the cert and reload nginx
|
||||
$HOME/.acme.sh/acme.sh --install-cert -d ${MY_HOSTNAME} --ecc \
|
||||
--cert-file /etc/letsencrypt/live/${MY_HOSTNAME}/cert.pem \
|
||||
--key-file /etc/letsencrypt/live/${MY_HOSTNAME}/key.pem \
|
||||
--fullchain-file /etc/letsencrypt/live/${MY_HOSTNAME}/fullchain.pem \
|
||||
--reloadcmd "systemctl reload nginx.service"
|
||||
|
||||
if [ -f /etc/letsencrypt/live/${MY_HOSTNAME}/fullchain.pem ] && [ -f /etc/letsencrypt/live/${MY_HOSTNAME}/key.pem ]; then
|
||||
sed -i "s/ssl_certificate \/var\/www\/22222\/cert\/22222.crt;/ssl_certificate \/etc\/letsencrypt\/live\/${MY_HOSTNAME}\/fullchain.pem;/" /etc/nginx/sites-available/22222
|
||||
sed -i "s/ssl_certificate_key \/var\/www\/22222\/cert\/22222.key;/ssl_certificate_key \/etc\/letsencrypt\/live\/${MY_HOSTNAME}\/key.pem;/" /etc/nginx/sites-available/22222
|
||||
fi
|
||||
service nginx reload
|
||||
|
||||
fi
|
||||
|
||||
MY_HOSTNAME=$(hostname -f)
|
||||
MY_IP=$(curl -s v4.vtbox.net)
|
||||
MY_HOSTNAME_IP=$(dig +short @8.8.8.8 "$MY_HOSTNAME")
|
||||
|
||||
if [[ "$MY_IP" == "$MY_HOSTNAME_IP" ]]; then
|
||||
|
||||
if [ ! -f /etc/systemd/system/multi-user.target.wants/nginx.service ]; then
|
||||
sudo systemctl enable nginx.service
|
||||
fi
|
||||
|
||||
if [ ! -d $HOME/.acme.sh/${MY_HOSTNAME}_ecc ]; then
|
||||
$HOME/.acme.sh/acme.sh --issue -d $MY_HOSTNAME --keylength ec-384 --standalone --pre-hook "service nginx stop " --post-hook "service nginx start"
|
||||
fi
|
||||
|
||||
if [ -d /etc/letsencrypt/live/$MY_HOSTNAME ]; then
|
||||
rm -rf /etc/letsencrypt/live/$MY_HOSTNAME/*
|
||||
else
|
||||
mkdir -p /etc/letsencrypt/live/$MY_HOSTNAME
|
||||
fi
|
||||
|
||||
# install the cert and reload nginx
|
||||
$HOME/.acme.sh/acme.sh --install-cert -d ${MY_HOSTNAME} --ecc \
|
||||
--cert-file /etc/letsencrypt/live/${MY_HOSTNAME}/cert.pem \
|
||||
--key-file /etc/letsencrypt/live/${MY_HOSTNAME}/key.pem \
|
||||
--fullchain-file /etc/letsencrypt/live/${MY_HOSTNAME}/fullchain.pem \
|
||||
--reloadcmd "systemctl reload nginx.service"
|
||||
|
||||
if [ -f /etc/letsencrypt/live/${MY_HOSTNAME}/fullchain.pem ] && [ -f /etc/letsencrypt/live/${MY_HOSTNAME}/key.pem ]; then
|
||||
sed -i "s/ssl_certificate \/var\/www\/22222\/cert\/22222.crt;/ssl_certificate \/etc\/letsencrypt\/live\/${MY_HOSTNAME}\/fullchain.pem;/" /etc/nginx/sites-available/22222
|
||||
sed -i "s/ssl_certificate_key \/var\/www\/22222\/cert\/22222.key;/ssl_certificate_key \/etc\/letsencrypt\/live\/${MY_HOSTNAME}\/key.pem;/" /etc/nginx/sites-available/22222
|
||||
fi
|
||||
service nginx reload
|
||||
|
||||
fi
|
||||
}
|
||||
|
||||
##################################
|
||||
|
@ -568,18 +570,18 @@ dl_repo
|
|||
sysctl
|
||||
|
||||
if [ "$ufw" = "y" ]; then
|
||||
ufw
|
||||
ufw
|
||||
fi
|
||||
|
||||
mariadb_repo
|
||||
|
||||
if [ "$mariadb_server" = "y" ]; then
|
||||
mariadb_setup
|
||||
mariadb_tweaks
|
||||
mariadb_setup
|
||||
mariadb_tweaks
|
||||
fi
|
||||
|
||||
if [ "$mariadb_client" = "y" ]; then
|
||||
mariadb_client
|
||||
mariadb_client
|
||||
fi
|
||||
|
||||
ee_install
|
||||
|
@ -589,30 +591,30 @@ web_user
|
|||
php7_conf
|
||||
|
||||
if [ "$phpfpm71" = "y" ]; then
|
||||
php71
|
||||
php71
|
||||
fi
|
||||
|
||||
if [ "$phpfpm72" = "y" ]; then
|
||||
php72
|
||||
php72
|
||||
fi
|
||||
|
||||
if [ "$nginxee" = "y" ]; then
|
||||
nginx_ee
|
||||
nginx_conf
|
||||
nginx_ee
|
||||
nginx_conf
|
||||
fi
|
||||
|
||||
if [ "$fail2ban" = "y" ]; then
|
||||
f2b
|
||||
f2b
|
||||
fi
|
||||
|
||||
if [ "$proftpd" = "y" ]; then
|
||||
proftpd_setup
|
||||
proftpd_setup
|
||||
fi
|
||||
|
||||
bashrc_extra
|
||||
#ucaresystem
|
||||
|
||||
netdata
|
||||
netdata_install
|
||||
extplorer
|
||||
ee_dashboard
|
||||
|
||||
|
|
Loading…
Reference in New Issue