virtubox
/
ubuntu-nginx-web-server
mirror of https://github.com/VirtuBox/ubuntu-nginx-web-server
1
0
Fork 0
Code Issues Releases Wiki Activity

rewrite script

This commit is contained in:
VirtuBox 2018-09-20 14:17:54 +02:00
parent 23333102e2
commit 9dfdf7510a
3 changed files with 343 additions and 281 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
README.md
View File

@ -4,29 +4,33 @@
## Server Stack
- Nginx 1.15/1.14 with [nginx-ee](https://virtubox.github.io/nginx-ee/)
- PHP-FPM 7/7.1/7.2
- Nginx 1.15.x/1.14 with [nginx-ee](https://virtubox.github.io/nginx-ee/)
- PHP-FPM 7.0/7.1/7.2
- MariaDB 10.1/10.2/10.3
- REDIS 4.0
- Fail2ban & UFW
- Fail2ban
- UFW Firewall
- ClamAV Antivirus
- Netdata
- Proftpd
- Acme.sh with [ee-acme-sh](https://virtubox.github.io/ee-acme-sh/)
* * *
**Documentation is still available here : [Ubuntu-Nginx-Web-Server](https://virtubox.github.io/ubuntu-nginx-web-server/docs/pages/documentation.md)**
**Documentation is still available here : [Ubuntu-Nginx-Web-Server](https://virtubox.github.io/ubuntu-nginx-web-server/pages/documentation)**
### Features
- Automated MariaDB install (10.1/10.2/10.3)
- Apply Linux server tweaks
- Install EasyEngine
- Install php7.1-fpm & php7.2-fpm
- Compile the latest Nginx release
- Install and configure UFW & Fail2ban
- Install Netdata and EasyEngine-Dashboard
- Install Proftpd
- Automated MariaDB server or client installation (10.1/10.2/10.3)
- Linux server tweaks
- [EasyEngine](https://github.com/EasyEngine/easyengine) v3.8.1 automated installation
- php7.1-fpm and/or php7.2-fpm installation & configuration
- Latest Nginx release compilation with [nginx-ee](https://virtubox.github.io/nginx-ee/)
- UFW configuration with custom SSH port
- Fail2ban Installation & Configuration
- [Netdata](https://github.com/firehol/netdata/) and [EasyEngine-Dashboard](https://virtubox.github.io/easyengine-dashboard/) installation
- Proftpd installation & configuration
-
### Compatibility

2
docs/README.md
View File

@ -15,7 +15,7 @@
* * *
**Documentation is still available here : [Ubuntu-Nginx-Web-Server](https://virtubox.github.io/ubuntu-nginx-web-server/docs/pages/documentation.md)**
**Documentation is still available here : [Ubuntu-Nginx-Web-Server](https://virtubox.github.io/ubuntu-nginx-web-server/pages/documentation)**
### Features

594
init.sh
View File

@ -40,6 +40,9 @@ echo ""
# Menu
##################################
echo ""
echo "What SSH port do you want to use ?"
read -p "Select a port between 1024 & 65536 : " ssh_port_select
echo ""
echo "Do you want to install MariaDB-server ? (y/n)"
while [[ $mariadb_server_install != "y" && $mariadb_server_install != "n" ]]; do
@ -114,126 +117,128 @@ echo ""
# Update packages
##################################
echo -ne ' Updating packages [..]\r'
{
apt-get update
apt-get upgrade -y
apt-get autoremove -y --purge
apt-get autoclean -y
} >>/tmp/ubuntu-nginx-web-server.log
echo "##########################################"
echo " Updating Packages"
echo "##########################################"
echo -ne " Updating packages [${CGREEN}OK${CEND}]\\r"
apt-get update
apt-get upgrade -y
apt-get autoremove -y --purge
apt-get autoclean -y
##################################
# UFW
##################################
echo ""
echo -ne ' Configuring UFW [..]\r'
{
if [ ! -d /etc/ufw ]; then
apt-get install ufw -y >>/tmp/ubuntu-nginx-web-server.log
fi
echo "##########################################"
echo " Configuring UFW"
echo "##########################################"
ufw logging low
ufw default allow outgoing
ufw default deny incoming
if [ ! -d /etc/ufw ]; then
apt-get install ufw -y
fi
# required
ufw allow 22
ufw allow 53
ufw allow http
ufw allow https
ufw allow 21
ufw allow 68
ufw allow 546
ufw allow 873
ufw allow 123
ufw allow 22222
ufw logging low
ufw default allow outgoing
ufw default deny incoming
# optional for monitoring
# required
ufw allow 22
ufw allow $ssh_port_select
ufw allow 53
ufw allow http
ufw allow https
ufw allow 21
ufw allow 68
ufw allow 546
ufw allow 873
ufw allow 123
ufw allow 22222
#fw allow 161
#ufw allow 6556
#ufw allow 10050
# optional for monitoring
} >>/tmp/ubuntu-nginx-web-server.log
#fw allow 161
#ufw allow 6556
#ufw allow 10050
echo -ne " Configuring UFW [${CGREEN}OK${CEND}]\\r"
##################################
# Useful packages
##################################
echo -ne ' Installing useful packages [..]\r'
{
echo "##########################################"
echo " Installing useful packages"
echo "##########################################"
apt-get install haveged curl git unzip zip fail2ban htop nload nmon ntp gnupg gnupg2 wget pigz tree ccze -y
# ntp time
systemctl enable ntp
apt-get install haveged curl git unzip zip fail2ban htop nload nmon ntp gnupg gnupg2 wget pigz tree ccze -y
# ntp time
systemctl enable ntp
# increase history size
export HISTSIZE=10000
# increase history size
export HISTSIZE=10000
} >>/tmp/ubuntu-nginx-web-server.log
echo -ne " Installing useful packages [${CGREEN}OK${CEND}]\\r"
##################################
# clone repository
##################################
echo ""
echo -ne ' Cloning ubuntu-nginx-web-server [..]\r'
{
cd /tmp || exit
rm -rf /tmp/ubuntu-nginx-web-server
git clone https://github.com/VirtuBox/ubuntu-nginx-web-server.git
echo "##########################################"
echo " Cloning Ubuntu-nginx-web-server repository"
echo "##########################################"
cd /tmp || exit
rm -rf /tmp/ubuntu-nginx-web-server
git clone https://github.com/VirtuBox/ubuntu-nginx-web-server.git
} >>/tmp/ubuntu-nginx-web-server.log
echo -ne " Cloning ubuntu-nginx-web-server [${CGREEN}OK${CEND}]\\r"
##################################
# Sysctl tweaks + open_files limits
##################################
echo ""
echo -ne ' Applying kernel tweaks [..]\r'
{
sudo modprobe tcp_htcp
cp -f $REPO_PATH/etc/sysctl.d/60-ubuntu-nginx-web-server.conf /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
sysctl -e -p /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
cp -f $REPO_PATH/etc/security/limits.conf /etc/security/limits.conf
echo "##########################################"
echo " Applying Linux Kernel tweaks"
echo "##########################################"
# Redis transparent_hugepage
echo never >/sys/kernel/mm/transparent_hugepage/enabled
sudo modprobe tcp_htcp
cp -f $REPO_PATH/etc/sysctl.d/60-ubuntu-nginx-web-server.conf /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
sysctl -e -p /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
cp -f $REPO_PATH/etc/security/limits.conf /etc/security/limits.conf
if [ ! -x /usr/bin/docker ]; then
# Redis transparent_hugepage
echo never >/sys/kernel/mm/transparent_hugepage/enabled
echo "" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "# Disables packet forwarding" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv4.ip_forward = 0" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv4.conf.all.forwarding = 0" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv4.conf.default.forwarding = 0" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv6.conf.all.forwarding = 0" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv6.conf.default.forwarding = 0" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
if [ ! -x /usr/bin/docker ]; then
echo "" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "# Disables packet forwarding" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv4.ip_forward = 0" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv4.conf.all.forwarding = 0" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv4.conf.default.forwarding = 0" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv6.conf.all.forwarding = 0" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv6.conf.default.forwarding = 0" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
fi
# additional systcl configuration with network interface name
# get network interface names like eth0, ens18 or eno1
# for each interface found, add the following configuration to sysctl
NET_INTERFACES_LIST=$( ls /sys/class/net | grep -E "/(?:veth(.*))|eth(.*)|ens(.*)|eno(.*)/")
for NET_INTERFACE in $NET_INTERFACES_LIST; do
echo "" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "# do not autoconfigure IPv6 on $NET_INTERFACE" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv6.conf.$NET_INTERFACE.autoconf = 0" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv6.conf.$NET_INTERFACE.accept_ra = 0" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv6.conf.$NET_INTERFACE.accept_ra = 0" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv6.conf.$NET_INTERFACE.autoconf = 0" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv6.conf.$NET_INTERFACE.accept_ra_defrtr = 0" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
done
fi
# additional systcl configuration with network interface name
# get network interface names like eth0, ens18 or eno1
# for each interface found, add the following configuration to sysctl
NET_INTERFACES_LIST=$( ls /sys/class/net | grep -E "/(?:veth(.*))|eth(.*)|ens(.*)|eno(.*)/")
for NET_INTERFACE in $NET_INTERFACES_LIST; do
echo "" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "# do not autoconfigure IPv6 on $NET_INTERFACE" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv6.conf.$NET_INTERFACE.autoconf = 0" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv6.conf.$NET_INTERFACE.accept_ra = 0" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv6.conf.$NET_INTERFACE.accept_ra = 0" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv6.conf.$NET_INTERFACE.autoconf = 0" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv6.conf.$NET_INTERFACE.accept_ra_defrtr = 0" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
done
} >>/tmp/ubuntu-nginx-web-server.log 2>&1
echo -ne " Applying kernel tweaks [${CGREEN}OK${CEND}]\\r"
##################################
# Add MariaDB 10.3 repository
##################################
@ -241,12 +246,14 @@ echo -ne " Applying kernel tweaks [${CGREEN}OK${CEND}]\\r"
if [[ "$mariadb_server_install" == "y" || "$mariadb_client_install" == "y" ]]; then
if [ ! -f /etc/apt/sources.list.d/mariadb.list ]; then
echo ""
echo -ne ' Adding mariadb repository [..]\r'
{
bash <(wget -qO - https://downloads.mariadb.com/MariaDB/mariadb_repo_setup) --mariadb-server-version=$mariadb_version_install --skip-maxscale -y
apt-get update
} >>/tmp/ubuntu-nginx-web-server.log 2>&1
echo -ne " Adding mariadb repository [${CGREEN}OK${CEND}]\\r"
echo "##########################################"
echo " Adding MariaDB $mariadb_version_install repository"
echo "##########################################"
bash <(wget -qO - https://downloads.mariadb.com/MariaDB/mariadb_repo_setup) --mariadb-server-version=$mariadb_version_install --skip-maxscale -y
apt-get update
fi
fi
@ -259,60 +266,64 @@ fi
if [ "$mariadb_server_install" = "y" ]; then
if [ ! -d /etc/mysql ]; then
echo ""
echo -ne " Installing MariaDB $mariadb_version_install [..]\\r"
{
MYSQL_ROOT_PASS=$(date +%s | sha256sum | base64 | head -c 32)
export DEBIAN_FRONTEND=noninteractive # to avoid prompt during installation
echo "##########################################"
echo " Installing MariaDB server $mariadb_version_install"
echo "##########################################"
MYSQL_ROOT_PASS=$(date +%s | sha256sum | base64 | head -c 32)
export DEBIAN_FRONTEND=noninteractive # to avoid prompt during installation
sudo debconf-set-selections <<<"mariadb-server-$mariadb_version_install mysql-server/root_password password $MYSQL_ROOT_PASS"
sudo debconf-set-selections <<<"mariadb-server-$mariadb_version_install mysql-server/root_password_again password $MYSQL_ROOT_PASS"
# install mariadb server
DEBIAN_FRONTEND=noninteractive apt-get install -qq mariadb-server >>/tmp/ubuntu-nginx-web-server.log # -qq implies -y --force-yes
sudo bash -c 'echo -e "[client]\nuser = root" > $HOME/.my.cnf'
echo "password = $MYSQL_ROOT_PASS" >>$HOME/.my.cnf
cp $HOME/.my.cnf /etc/mysql/conf.d/my.cnf
# set password to the root user and grant privileges
#Q1="GRANT ALL PRIVILEGES on *.* to 'root'@'localhost' IDENTIFIED BY '$MYSQL_ROOT_PASS' WITH GRANT OPTION;"
#Q2="FLUSH PRIVILEGES;"
#SQL="${Q1}${Q2}"
#mysql -uroot -e "$SQL"
DEBIAN_FRONTEND=noninteractive apt-get install -qq mariadb-server # -qq implies -y --force-yes
sudo bash -c 'echo -e "[client]\nuser = root" > $HOME/.my.cnf'
echo "password = $MYSQL_ROOT_PASS" >>$HOME/.my.cnf
cp $HOME/.my.cnf /etc/mysql/conf.d/my.cnf
# set password to the root user and grant privileges
#Q1="GRANT ALL PRIVILEGES on *.* to 'root'@'localhost' IDENTIFIED BY '$MYSQL_ROOT_PASS' WITH GRANT OPTION;"
#Q2="FLUSH PRIVILEGES;"
#SQL="${Q1}${Q2}"
#mysql -uroot -e "$SQL"
## mysql_secure_installation non-interactive way
mysql -e "GRANT ALL PRIVILEGES on *.* to 'root'@'localhost' IDENTIFIED BY '$MYSQL_ROOT_PASS' WITH GRANT OPTION;"
# remove anonymous users
mysql -e "DROP USER ''@'localhost'"
mysql -e "DROP USER ''@'$(hostname)'"
# remove test database
mysql -e "DROP DATABASE test"
# flush privileges
mysql -e "FLUSH PRIVILEGES"
## mysql_secure_installation non-interactive way
mysql -e "GRANT ALL PRIVILEGES on *.* to 'root'@'localhost' IDENTIFIED BY '$MYSQL_ROOT_PASS' WITH GRANT OPTION;"
# remove anonymous users
mysql -e "DROP USER ''@'localhost'"
mysql -e "DROP USER ''@'$(hostname)'"
# remove test database
mysql -e "DROP DATABASE test"
# flush privileges
mysql -e "FLUSH PRIVILEGES"
} >>/tmp/ubuntu-nginx-web-server.log
echo -ne " Installing MariaDB $mariadb_version_install [${CGREEN}OK${CEND}]\\r"
fi
fi
##################################
# MariaDB tweaks
##################################
if [ "$mariadb_server_install" = "y" ]; then
echo "Configuring MariaDB tweaks"
{
cp -f $REPO_PATH/etc/mysql/my.cnf /etc/mysql/my.cnf
echo "##########################################"
echo " Optimizing MariaDB configuration"
echo "##########################################"
sudo service mysql stop
cp -f $REPO_PATH/etc/mysql/my.cnf /etc/mysql/my.cnf
sudo mv /var/lib/mysql/ib_logfile0 /var/lib/mysql/ib_logfile0.bak
sudo mv /var/lib/mysql/ib_logfile1 /var/lib/mysql/ib_logfile1.bak
sudo service mysql stop
cp -f $REPO_PATH/etc/systemd/system/mariadb.service.d/limits.conf /etc/systemd/system/mariadb.service.d/limits.conf
systemctl daemon-reload
sudo mv /var/lib/mysql/ib_logfile0 /var/lib/mysql/ib_logfile0.bak
sudo mv /var/lib/mysql/ib_logfile1 /var/lib/mysql/ib_logfile1.bak
cp -f $REPO_PATH/etc/systemd/system/mariadb.service.d/limits.conf /etc/systemd/system/mariadb.service.d/limits.conf
systemctl daemon-reload
service mysql start
service mysql start
} >>/tmp/ubuntu-nginx-web-server.log 2>&1
fi
if [ "$mariadb_client_install" = "y" ]; then
echo "installing mariadb-client"
apt-get install -y mariadb-client >>/tmp/ubuntu-nginx-web-server.log
apt-get install -y mariadb-client
echo "[client]" >>$HOME/.my.cnf
echo "host = $mariadb_remote_ip" >>$HOME/.my.cnf
echo "port = 3306" >>$HOME/.my.cnf
@ -331,12 +342,14 @@ if [ ! -f $HOME/.gitconfig ]; then
sudo bash -c 'echo -e "[user]\n\tname = $USER\n\temail = $USER@$HOSTNAME" > $HOME/.gitconfig'
fi
if [ ! -x /usr/local/bin/ee ]; then
echo "installing easyengine"
{
wget -qO ee https://raw.githubusercontent.com/EasyEngine/easyengine/master/install
bash ee
source /etc/bash_completion.d/ee_auto.rc
} >>/tmp/ubuntu-nginx-web-server.log
echo "##########################################"
echo " Installing EasyEngine"
echo "##########################################"
wget -qO ee https://raw.githubusercontent.com/EasyEngine/easyengine/master/install
bash ee
source /etc/bash_completion.d/ee_auto.rc
fi
@ -348,44 +361,45 @@ if [ "$mariadb_client_install" = "y" ]; then
sudo sed -i 's/grant-host = localhost/grant-host = \%/' /etc/ee/ee.conf
fi
echo "Installing ee stack"
{
ee stack install
ee stack install --php7 --redis --admin --phpredisadmin
} >>/tmp/ubuntu-nginx-web-server.log 2>&1
echo "##########################################"
echo " Installing EasyEngine Stack"
echo "##########################################"
ee stack install
ee stack install --php7 --redis --admin --phpredisadmin
##################################
# Fix phpmyadmin install
##################################
echo "updating phpmyadmin"
{
cd ~/ || exit
curl -sS https://getcomposer.org/installer | php >>/tmp/ubuntu-nginx-web-server.log
mv composer.phar /usr/bin/composer
echo "##########################################"
echo " Updating phpmyadmin"
echo "##########################################"
chown www-data:www-data /var/www
sudo -u www-data -H composer update -d /var/www/22222/htdocs/db/pma/
cd ~/ || exit
curl -sS https://getcomposer.org/installer | php
mv composer.phar /usr/bin/composer
} >>/tmp/ubuntu-nginx-web-server.log 2>&1
chown www-data:www-data /var/www
sudo -u www-data -H composer update -d /var/www/22222/htdocs/db/pma/
##################################
# Allow www-data shell access for SFTP + add .bashrc settings et completion
##################################
echo "configuring www-data permissions"
{
echo "##########################################"
echo " Configuring www-data shell access"
echo "##########################################"
usermod -s /bin/bash www-data
usermod -s /bin/bash www-data
wget -qO /etc/bash_completion.d/wp-completion.bash https://raw.githubusercontent.com/wp-cli/wp-cli/master/utils/wp-completion.bash >>/tmp/ubuntu-nginx-web-server.log
cp -f $REPO_PATH/var/www/.profile /var/www/.profile
cp -f $REPO_PATH/var/www/.bashrc /var/www/.bashrc
wget -qO /etc/bash_completion.d/wp-completion.bash https://raw.githubusercontent.com/wp-cli/wp-cli/master/utils/wp-completion.bash
cp -f $REPO_PATH/var/www/.profile /var/www/.profile
cp -f $REPO_PATH/var/www/.bashrc /var/www/.bashrc
chown www-data:www-data /var/www/.profile
chown www-data:www-data /var/www/.bashrc
chown www-data:www-data /var/www/.profile
chown www-data:www-data /var/www/.bashrc
sudo -u www-data -H curl https://raw.githubusercontent.com/scopatz/nanorc/master/install.sh | sh
} >>/tmp/ubuntu-nginx-web-server.log
sudo -u www-data -H curl https://raw.githubusercontent.com/scopatz/nanorc/master/install.sh | sh
##################################
# Install php7.1-fpm
@ -393,14 +407,16 @@ echo "configuring www-data permissions"
if [ "$phpfpm71_install" = "y" ]; then
echo "installing php7.1-fpm"
{
apt-get install php7.1-fpm php7.1-cli php7.1-zip php7.1-opcache php7.1-mysql php7.1-mcrypt php7.1-mbstring php7.1-json php7.1-intl \
php7.1-gd php7.1-curl php7.1-bz2 php7.1-xml php7.1-tidy php7.1-soap php7.1-bcmath -y php7.1-xsl >>/tmp/ubuntu-nginx-web-server.log
echo "##########################################"
echo " Installing php7.1-fpm"
echo "##########################################"
apt-get install php7.1-fpm php7.1-cli php7.1-zip php7.1-opcache php7.1-mysql php7.1-mcrypt php7.1-mbstring php7.1-json php7.1-intl \
php7.1-gd php7.1-curl php7.1-bz2 php7.1-xml php7.1-tidy php7.1-soap php7.1-bcmath -y php7.1-xsl
sudo cp -rf $REPO_PATH/etc/php/7.1/* /etc/php/7.1/
sudo service php7.1-fpm restart
sudo cp -rf $REPO_PATH/etc/php/7.1/* /etc/php/7.1/
sudo service php7.1-fpm restart
} >>/tmp/ubuntu-nginx-web-server.log
fi
@ -409,28 +425,32 @@ fi
##################################
if [ "$phpfpm72_install" = "y" ]; then
echo "installing php7.2-fpm"
{
apt-get install php7.2-fpm php7.2-xml php7.2-bz2 php7.2-zip php7.2-mysql php7.2-intl php7.2-gd php7.2-curl php7.2-soap php7.2-mbstring -y >>/tmp/ubuntu-nginx-web-server.log
echo "##########################################"
echo " Installing php7.2-fpm"
echo "##########################################"
apt-get install php7.2-fpm php7.2-xml php7.2-bz2 php7.2-zip php7.2-mysql php7.2-intl php7.2-gd php7.2-curl php7.2-soap php7.2-mbstring -y
cp -rf $REPO_PATH/etc/php/7.2/* /etc/php/7.2/
service php7.2-fpm restart
cp -rf $REPO_PATH/etc/php/7.2/* /etc/php/7.2/
service php7.2-fpm restart
}>>/tmp/ubuntu-nginx-web-server.log
fi
##################################
# Update php7.0-fpm config
##################################
echo "updating php7.0 configuration"
{
echo "##########################################"
echo " Configuring php7.0-fpm"
echo "##########################################"
if [ -d /etc/php/7.0 ]; then
cp -rf $REPO_PATH/etc/php/7.0/* /etc/php/7.0/
if [ -d /etc/php/7.0 ]; then
cp -rf $REPO_PATH/etc/php/7.0/* /etc/php/7.0/
fi
fi
} >>/tmp/ubuntu-nginx-web-server.log
##################################
# Compile latest nginx release from source
@ -461,6 +481,10 @@ else
BUILD_RTMP=''
fi
echo "##########################################"
echo " Compiling Nginx with nginx-ee"
echo "##########################################"
wget -q https://raw.githubusercontent.com/VirtuBox/nginx-ee/master/nginx-build.sh
chmod +x nginx-build.sh
@ -470,73 +494,97 @@ chmod +x nginx-build.sh
##################################
# Add nginx additional conf
##################################
echo "optimizing nginx configuration"
{
echo "##########################################"
echo " Configuring Nginx"
echo "##########################################"
# php7.1 & 7.2 common configurations
cp -rf $REPO_PATH/etc/nginx/common/* /etc/nginx/common/
# php7.1 & 7.2 common configurations
# optimized nginx.config
cp -f $REPO_PATH/etc/nginx/nginx.conf /etc/nginx/nginx.conf
cp -rf $REPO_PATH/etc/nginx/common/* /etc/nginx/common/
# check nginx configuration
CONF_22222=$(grep -c netdata /etc/nginx/sites-available/22222)
CONF_UPSTREAM=$(grep -c netdata /etc/nginx/conf.d/upstream.conf)
CONF_DEFAULT=$(grep -c status /etc/nginx/sites-available/default)
# optimized nginx.config
cp -f $REPO_PATH/etc/nginx/nginx.conf /etc/nginx/nginx.conf
if [ "$CONF_22222" = "0" ]; then
# add nginx reverse-proxy for netdata on https://yourserver.hostname:22222/netdata/
sudo cp -f $REPO_PATH/etc/nginx/sites-available/22222 /etc/nginx/sites-available/22222
fi
# check nginx configuration
CONF_22222=$(grep -c netdata /etc/nginx/sites-available/22222)
CONF_UPSTREAM=$(grep -c netdata /etc/nginx/conf.d/upstream.conf)
CONF_DEFAULT=$(grep -c status /etc/nginx/sites-available/default)
if [ "$CONF_UPSTREAM" = "0" ]; then
# add netdata, php7.1 and php7.2 upstream
sudo cp -f $REPO_PATH/etc/nginx/conf.d/upstream.conf /etc/nginx/conf.d/upstream.conf
fi
if [ "$CONF_22222" = "0" ]; then
# add nginx reverse-proxy for netdata on https://yourserver.hostname:22222/netdata/
sudo cp -f $REPO_PATH/etc/nginx/sites-available/22222 /etc/nginx/sites-available/22222
fi
if [ "$CONF_DEFAULT" = "0" ]; then
# additional nginx locations for monitoring
sudo cp -f $REPO_PATH/etc/nginx/sites-available/default /etc/nginx/sites-available/default
fi
if [ "$CONF_UPSTREAM" = "0" ]; then
# add netdata, php7.1 and php7.2 upstream
sudo cp -f $REPO_PATH/etc/nginx/conf.d/upstream.conf /etc/nginx/conf.d/upstream.conf
fi
# 1) add webp mapping
cp -f $REPO_PATH/etc/nginx/conf.d/webp.conf /etc/nginx/conf.d/webp.conf
if [ "$CONF_DEFAULT" = "0" ]; then
# additional nginx locations for monitoring
sudo cp -f $REPO_PATH/etc/nginx/sites-available/default /etc/nginx/sites-available/default
fi
# 1) add webp mapping
cp -f $REPO_PATH/etc/nginx/conf.d/webp.conf /etc/nginx/conf.d/webp.conf
nginx -t
service nginx reload
nginx -t
service nginx reload
} >>/tmp/ubuntu-nginx-web-server.log
##################################
# Add fail2ban configurations
##################################
echo "configuring fail2ban"
{
echo "##########################################"
echo " Configuring Fail2Ban"
echo "##########################################"
cp -rf $REPO_PATH/etc/fail2ban/filter.d/* /etc/fail2ban/filter.d/
cp -rf $REPO_PATH/etc/fail2ban/jail.d/* /etc/fail2ban/jail.d/
fail2ban-client reload
cp -rf $REPO_PATH/etc/fail2ban/filter.d/* /etc/fail2ban/filter.d/
cp -rf $REPO_PATH/etc/fail2ban/jail.d/* /etc/fail2ban/jail.d/
} >>/tmp/ubuntu-nginx-web-server.log
fail2ban-client reload
##################################
# Add fail2ban configurations
##################################
echo "##########################################"
echo " Installing ClamAV"
echo "##########################################"
apt-get install clamav -y
##################################
# Add fail2ban configurations
##################################
echo "##########################################"
echo " Updating ClamAV signature database"
echo "##########################################"
/etc/init.d/clamav-freshclam stop
freshclam
/etc/init.d/clamav-freshclam start
##################################
# Install cheat & nanorc
##################################
echo "installing cheat & nanorc"
{
echo "##########################################"
echo " Installing cheat.sh & nanorc"
echo "##########################################"
curl https://cht.sh/:cht.sh >/usr/bin/cht.sh
chmod +x /usr/bin/cht.sh
cd || exit
echo "alias cheat='cht.sh'" >>.bashrc
source $HOME/.bashrc
curl https://cht.sh/:cht.sh >/usr/bin/cht.sh
chmod +x /usr/bin/cht.sh
cd || exit
echo "alias cheat='cht.sh'" >>.bashrc
source $HOME/.bashrc
wget https://raw.githubusercontent.com/scopatz/nanorc/master/install.sh -qO- | sh
wget https://raw.githubusercontent.com/scopatz/nanorc/master/install.sh -qO- | sh
} >>/tmp/ubuntu-nginx-web-server.log
##################################
# Install ProFTPd
@ -544,18 +592,20 @@ echo "installing cheat & nanorc"
if [ "$proftpd_install" = "y" ]; then
echo "installing proftpd"
{
apt-get install proftpd -y
echo "##########################################"
echo " Installing Proftpd"
echo "##########################################"
# secure proftpd and enable PassivePorts
apt-get install proftpd -y
sed -i 's/# DefaultRoot/DefaultRoot/' /etc/proftpd/proftpd.conf
sed -i 's/# RequireValidShell/RequireValidShell/' /etc/proftpd/proftpd.conf
sed -i 's/# PassivePorts 49152 65534/PassivePorts 49000 50000/' /etc/proftpd/proftpd.conf
# secure proftpd and enable PassivePorts
sed -i 's/# DefaultRoot/DefaultRoot/' /etc/proftpd/proftpd.conf
sed -i 's/# RequireValidShell/RequireValidShell/' /etc/proftpd/proftpd.conf
sed -i 's/# PassivePorts 49152 65534/PassivePorts 49000 50000/' /etc/proftpd/proftpd.conf
sudo service proftpd restart
sudo service proftpd restart
} >>/tmp/ubuntu-nginx-web-server.log
if [ -d /etc/ufw ]; then
# ftp passive ports
ufw allow 49000:50000/tcp
@ -568,68 +618,74 @@ fi
##################################
if [ ! -d /etc/netdata ]; then
echo "installing netdata"
{
## install nedata
wget -q https://my-netdata.io/kickstart.sh >>/tmp/ubuntu-nginx-web-server.log
chmod +x kickstart.sh
./kickstart.sh all --dont-wait
echo "##########################################"
echo " Installing Netdata"
echo "##########################################"
## optimize netdata resources usage
echo 1 >/sys/kernel/mm/ksm/run
echo 1000 >/sys/kernel/mm/ksm/sleep_millisecs
## install nedata
wget -q https://my-netdata.io/kickstart.sh
chmod +x kickstart.sh
./kickstart.sh all --dont-wait
## optimize netdata resources usage
echo 1 >/sys/kernel/mm/ksm/run
echo 1000 >/sys/kernel/mm/ksm/sleep_millisecs
## disable email notifigrep -cions
sudo sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/' /etc/netdata/health_alarm_notify.conf
sudo service netdata restart
## disable email notifigrep -cions
sudo sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/' /etc/netdata/health_alarm_notify.conf
sudo service netdata restart
} >>/tmp/ubuntu-nginx-web-server.log
fi
##################################
# Install EasyEngine Dashboard
##################################
echo "installing easyengine-dashboard"
{
if [ ! -d /var/www/22222/htdocs/files ]; then
echo "##########################################"
echo " Installing EasyEngine Dashboard"
echo "##########################################"
mkdir /var/www/22222/htdocs/files
wget http://extplorer.net/attachments/download/74/eXtplorer_$EXTPLORER_VER.zip -O /var/www/22222/htdocs/files/ex.zip
cd /var/www/22222/htdocs/files || exit 1
unzip ex.zip
rm ex.zip
fi
if [ ! -d /var/www/22222/htdocs/files ]; then
cd /var/www/22222 || exit
mkdir /var/www/22222/htdocs/files
wget http://extplorer.net/attachments/download/74/eXtplorer_$EXTPLORER_VER.zip -O /var/www/22222/htdocs/files/ex.zip
cd /var/www/22222/htdocs/files || exit 1
unzip ex.zip
rm ex.zip
fi
cd /var/www/22222 || exit
## download latest version of EasyEngine-dashboard
cd /tmp || exit
git clone https://github.com/VirtuBox/easyengine-dashboard.git
cp -rf /tmp/easyengine-dashboard/* /var/www/22222/htdocs/
chown -R www-data:www-data /var/www/22222/htdocs
## download latest version of EasyEngine-dashboard
cd /tmp || exit
git clone https://github.com/VirtuBox/easyengine-dashboard.git
cp -rf /tmp/easyengine-dashboard/* /var/www/22222/htdocs/
chown -R www-data:www-data /var/www/22222/htdocs
} >>/tmp/ubuntu-nginx-web-server.log
##################################
# Install Acme.sh
##################################
echo "installing acme.sh"
{
echo "##########################################"
echo " Installing Acme.sh"
echo "##########################################"
# install acme.sh if needed
# install acme.sh if needed
echo ""
echo "checking if acme.sh is already installed"
echo ""
if [ ! -f $HOME/.acme.sh/acme.sh ]; then
echo ""
echo "checking if acme.sh is already installed"
echo ""
if [ ! -f $HOME/.acme.sh/acme.sh ]; then
echo ""
wget -O - https://get.acme.sh | sh
cd || exit
source .bashrc
fi
echo ""
wget -O - https://get.acme.sh | sh
cd || exit
source .bashrc
fi
} >>/tmp/ubuntu-nginx-web-server.log
##################################
# Secure EasyEngine Dashboard with Acme.sh
@ -640,9 +696,11 @@ MY_IP=$(curl -s v4.vtbox.net)
MY_HOSTNAME_IP=$(dig +short @8.8.8.8 "$MY_HOSTNAME")
if [[ "$MY_IP" == "$MY_HOSTNAME_IP" ]]; then
echo "securing easyengine backend"
echo "##########################################"
echo " Securing EasyEngine Backend"
echo "##########################################"
if [ ! -f /etc/systemd/system/multi-user.target.wants/nginx.service ]; then
systemctl enable nginx.service >>/tmp/ubuntu-nginx-web-server.log
systemctl enable nginx.service
service nginx start
fi