diff --git a/.env.dist b/.env.dist index 153d7bb4..f722504f 100644 --- a/.env.dist +++ b/.env.dist @@ -7,11 +7,11 @@ # Auto install, true for auto installation, # false for manual or guided installation. AUTO_INSTALL=true -FORCE_INSTALL=true +FORCE_INSTALL=false # Cleanup existing LEMP / LAMP stack installation. AUTO_REMOVE=true -FORCE_REMOVE=true +FORCE_REMOVE=false # Dry run install, true for testing only. DRYRUN=false @@ -26,7 +26,7 @@ ENABLE_SWAP=true LOGGING=true # Path to the install log file. -LOG_FILE="./lemper_install.log" +LOG_FILE="./install.log" # LEMPer build directorty, will be removed after installation. BUILD_DIR="/tmp/lemper" @@ -34,7 +34,7 @@ BUILD_DIR="/tmp/lemper" [lemper] # LEMP stack environment. # Use development for local environment or production for live environment. -ENVIRONMENT="production" +ENVIRONMENT="development" # In production, server hostname must be valid FQDN format (e.g. hostname.domain.ext). SERVER_HOSTNAME="" @@ -93,14 +93,14 @@ NGINX_WITH_CUSTOMSSL=false # Available custom SSL version: e.g. openssl-1.1.1g, libressl-3.0.0 # leave empty to use stack default OpenSSL. -NGINX_CUSTOMSSL_VERSION="openssl-1.1.1g" +NGINX_CUSTOMSSL_VERSION="openssl-1.1.1l" # Build with PCRE JIT. NGINX_WITH_PCRE=false -# PCRE JIT version (requires PCRE 8.20 and latest): e.g. pcre-8.44, pcre2-10.35 -# get the PCRE version from here https://ftp.pcre.org/pub/pcre/ -NGINX_PCRE_VERSION="pcre-8.44" +# PCRE JIT version (requires PCRE 8.20 and latest): e.g. 8.44, 8.45 +# get the PCRE version from here http://www.pcre.org/ +NGINX_PCRE_VERSION="8.45" # Extra parameters, # requires Nginx installation from source. @@ -120,15 +120,27 @@ NGX_HTTP_GEOIP=true # GeoIP2 with MaxMind GeoLite2 database. GeoLite2 license key is required, # Get it from here https://www.maxmind.com/en/geolite2/signup NGX_HTTP_GEOIP2=false -GEOLITE2_LICENSE_KEY="" +GEOLITE2_LICENSE_KEY="zHccSDDcvqS4A0Ps" NGX_HTTP_HEADERS_MORE=true NGX_HTTP_IMAGE_FILTER=true -NGX_HTTP_LUA=false NGX_HTTP_MEMCACHED=false NGX_HTTP_NAXSI=false NGX_HTTP_NDK=false NGX_HTTP_JS=false + +# Build with Lua JIT module. +NGX_HTTP_LUA=false + +# Lua JIT module requires LuaJIT 2.1 and latest: e.g. v2.1-20211210, v2.1-20220111 +# LuaJIT2 version from here https://github.com/openresty/luajit2/tags +# Lua Resty Core version from here https://github.com/openresty/lua-resty-core +# Lua Resty LRU Cache version from here https://github.com/openresty/lua-resty-lrucache +LUA_JIT_VERSION="v2.1-20220111" +LUA_NGINX_MODULE_VERSION="v0.10.20" +LUA_RESTY_CORE_VERSION="v0.1.22" +LUA_RESTY_LRUCACHE_VERSION="v0.11" + NGX_HTTP_PASSENGER=false NGX_HTTP_REDIS2=false NGX_HTTP_SUBS_FILTER=true @@ -148,17 +160,17 @@ NGINX_RATE_LIMIT_REQUESTS=100 [php] INSTALL_PHP=true -# It is highly recommended to install PHP version 7.4 or greater. +# It is highly recommended to install PHP version 7.4 or greater. # Installing multiple versions is supported, separate version by space. -PHP_VERSIONS="7.4 8.0" +PHP_VERSIONS="7.4 8.0 8.1" -# Additional PHP modules (extensions) to install. +# Additional PHP modules (extensions) to install. # Installing multiple extension is supported, separate version by space. # Type only the extension name (without php*-). -PHP_EXTENSIONS="geoip gnupg imagick igbinary json mcrypt memcache memcached msgpack openswoole libsodium" +PHP_EXTENSIONS="geoip gnupg imagick igbinary json mcrypt memcache memcached msgpack openswoole sodium" # DO NOT CHANGE -DEFAULT_PHP_VERSION="7.4" +DEFAULT_PHP_VERSION="8.0" [php-loader] # PHP Loader is a PHP extension (module) that enables PHP @@ -192,8 +204,8 @@ INSTALL_IMAGEMAGICK=true # Available ImageMagick & PHP module installer: repo | source IMAGEMAGICK_INSTALLER="repo" -# Available ImageMagick version: 6.9.10-62 | 7.1.0-8 | latest -IMAGEMAGICK_VERSION="7.1.0-8" +# Available ImageMagick version: 6.9.12-36 | 7.1.0-21 | latest +IMAGEMAGICK_VERSION="7.1.0-21" [mysql] INSTALL_MYSQL=true @@ -236,11 +248,11 @@ INSTALL_MONGODB=false MONGODB_VERSION="5.0" # MongoDB default admin account. -MONGODB_ADMIN_USER="lemperdb" +MONGODB_ADMIN_USER="lempermo" MONGODB_ADMIN_PASSWORD="" [redis] -INSTALL_REDIS=false +INSTALL_REDIS=true # Available installer: repo | source. REDIS_INSTALLER="repo" @@ -248,7 +260,7 @@ REDIS_INSTALLER="repo" # Available Redis version: 6.2.5 or stable. REDIS_VERSION="stable" -# Enable pass authentication. +# Enable password authentication. REDIS_REQUIRE_PASSWORD=false REDIS_PASSWORD="" @@ -261,20 +273,28 @@ VSFTPD_INSTALLER="source" # Available version: 3.0.5 or latest. VSFTPD_VERSION="3.0.5" +# Enable FTP over TLS. +VSFTPD_SSL_ENABLE=true + +# Range of passv ports. +FTP_MIN_PORT=45000 +FTP_MAX_PORT=45099 + [dns] # TODO: Install DNS server. [mailer] # Install basic Mailer based on Postfix & Dovecot. -INSTALL_MAILER=false -INSTALL_SPFDKIM=false +INSTALL_MAILER=true +INSTALL_SPFDKIM=true -# Sender domain is required, default sets to hostname. -# Ensure that the hostname/sender domain already pointed to this server IP address. -SENDER_DOMAIN="example.com" +# Sender domain is required, if left empty it will be sets to the default hostname domain. +# Ensure that the hostname or sender domain already pointed to this server IP address. +SENDER_DOMAIN="" [certbot] INSTALL_CERTBOT=true +HOSTNAME_CERT_PATH="" [firewall] INSTALL_FW=true diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 5383a97f..21640037 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -25,6 +25,7 @@ jobs: sed -i "s/SERVER_HOSTNAME=\"\"/SERVER_HOSTNAME=\"gh-ci.lemper.cloud\"/g" .env sed -i "s/SERVER_IP=\"\"/SERVER_IP=\"127.0.0.1\"/g" .env sed -i "s/AUTO_INSTALL=false/AUTO_INSTALL=true/g" .env + sed -i "s/FORCE_INSTALL=false/FORCE_INSTALL=true/g" .env sed -i "s/AUTO_REMOVE=false/AUTO_REMOVE=true/g" .env sed -i "s/FORCE_REMOVE=false/FORCE_REMOVE=true/g" .env sed -i "s/LEMPER_ADMIN_EMAIL=\"mail@example.com\"/LEMPER_ADMIN_EMAIL=\"me@masedi.net\"/g" .env @@ -57,15 +58,16 @@ jobs: TERM: xterm-256color run: | set -ex + shellcheck -s bash -x lemper.sh shellcheck -s bash -x install.sh shellcheck -s bash -x remove.sh shellcheck -s bash -x bin/lemper-*.sh shellcheck -s bash -x lib/lemper-*.sh - shellcheck -s bash -x scripts/cleanup_server.sh shellcheck -s bash -x scripts/helper.sh + shellcheck -s bash -x scripts/cleanup_server.sh + shellcheck -s bash -x scripts/secure_server.sh shellcheck -s bash -x scripts/install_*.sh shellcheck -s bash -x scripts/remove_*.sh - shellcheck -s bash -x scripts/secure_server.sh # Simple Unit Tests - name: Run unit testing env: diff --git a/.gitignore b/.gitignore index 876f07b0..c8900cc6 100644 --- a/.gitignore +++ b/.gitignore @@ -1,16 +1,18 @@ .env +.env~ +.env.bak .env.save .travis.yml +install.log lemper.log -lemper.sh -scripts/install_ffmpeg.sh -scripts/createssl.sh -scripts/mysqltuner.pl +lemper_install.log +LEMPer.wiki bin/lemper-cli-enc bin/lemper-cli-enc.sh bin/lemper-cli-enc.sh.x.c bin/lemperography.php -LEMPer.wiki -install.log #lib/lemper-create.sh -#lib/lemper-manage.sh \ No newline at end of file +#lib/lemper-manage.sh +scripts/install_ffmpeg.sh +scripts/createssl.sh +scripts/mysqltuner.pl diff --git a/README.md b/README.md index ddbcc141..ddc4ebca 100644 --- a/README.md +++ b/README.md @@ -19,40 +19,50 @@ LEMPer stands for Linux, Engine-X (Nginx), MariaDB and PHP installer written in ## Features -* Nginx from [Ondrej's](https://launchpad.net/~ondrej/+archive/ubuntu/nginx) repository. -* Nginx build from [source](https://github.com/nginx/nginx) with [Mod PageSpeed](https://github.com/apache/incubator-pagespeed-ngx) module. -* Nginx with FastCGI cache enable & disable feature (via LEMPer CLI). -* Nginx pre-configured optimization for low-end VPS/cloud server. Need reliable VPS/cloud server? Get one from [UpCloud](https://masedi.net/upcloud/) or [DigitalOcean](https://masedi.net/digitalocean/). -* Nginx virtual host (vhost) configuration optimized for WordPress, and several PHP Frameworks. -* Support HTTP/2 natively for your secure website. -* Free SSL certificates from [Let's Encrypt](https://letsencrypt.org/). -* Get an A+ grade on several SSL Security Test ([Qualys SSL Labs](https://www.ssllabs.com/ssltest/analyze.html?d=masedi.net), [ImmuniWeb](https://www.immuniweb.com/ssl/?id=bVrykFnK), and Wormly). -* Multiple PHP versions 5.6 [EOL], 7.0 [EOL], 7.1 [EOL], 7.2 [EOL], 7.3 [SFO], 7.4, 8.0, 8.1 from [Ondrej's repository](https://launchpad.net/~ondrej/+archive/ubuntu/php). -* Run PHP as user who own the file (Multi-user isolation via FPM pool). Feel the faster Nginx with secure multi-user environment like a top-notch shared hosting. -* Supported PHP Framework and CMS: - * Vanilla PHP: default, - * Framework: codeigniter, laravel, lumen, phalcon, symfony, - * CMS: drupal, mautic, roundcube, sendy, wordpress, wordpress-ms (multi-site), and - * more coming soon. -* PHP Zend OPcache. -* PHP Loader, ionCube & SourceGuardian. +* Nginx - A high performance web server and a reverse proxy server. + * Community package from [Ondrej's Nginx repository](https://launchpad.net/~ondrej/+archive/ubuntu/nginx). + * Custom build from [source](https://github.com/nginx/nginx) featured with : + * [Brotli module](https://github.com/google/ngx_brotli.git) an alternative compression to Gzip + * [Lua Nginx module](https://github.com/openresty/lua-nginx-module) with LuaJIT 2 library + * [PageSpeed module](https://github.com/apache/incubator-pagespeed-ngx) an automatic PageSpeed optimization + * FastCGI [cache purge module](https://github.com/nginx-modules/ngx_cache_purge.git) for atomic cache purging + * Customizable SSL library: OpenSSL (default), LibreSSL, and BoringSSL + * and much more useful 3rd-party modules. + * Pre-configured optimization for low-end VPS/cloud server. Need reliable VPS/cloud server? Get one from [UpCloud](https://masedi.net/upcloud/) or [DigitalOcean](https://masedi.net/digitalocean/). + * Nginx virtual host (vhost) configuration optimized for WordPress and several PHP Frameworks. + * Support HTTP/2 natively for your secure website. + * Free SSL certificates from [Let's Encrypt](https://letsencrypt.org/). + * Get an A+ grade on several SSL Security Test ([Qualys SSL Labs](https://www.ssllabs.com/ssltest/analyze.html?d=masedi.net), [ImmuniWeb](https://www.immuniweb.com/ssl/?id=bVrykFnK), and Wormly). +* PHP - Most used language that [powers 78.9% of all websites](https://w3techs.com/technologies/details/pl-php) around the universe. + * Community package from [Ondrej's PHP repository](https://launchpad.net/~ondrej/+archive/ubuntu/php). + * Multiple PHP versions 5.6 [EOL], 7.0 [EOL], 7.1 [EOL], 7.2 [EOL], 7.3 [EOL], 7.4 [SFO], 8.0, 8.1 (Latest). + * Run PHP as user who own the file (Multi-user isolation via FPM pool). + * Feel the faster Nginx with secure multi-user environment like a top-notch shared hosting. + * Supported PHP Framework and CMS: + * Vanilla PHP: default, + * Framework: codeigniter, laravel, lumen, phalcon, symfony, + * CMS: drupal, mautic, roundcube, sendy, wordpress, wordpress-ms (multi-site), and + * more coming soon. + * PHP Zend OPcache. + * PHP Loader, ionCube & SourceGuardian. * SQL database with MariaDB 10 (MySQL drop-in replacement). * NoSQL database with MongoDB. -* In-memory database with Redis. -* Memory cache with Memcached. -* FTP server with VSFTPD or Pure-FTPd. -* [Adminer](https://www.adminer.org/) web-based SQL & MongoDB database manager (PhpMyAdmin replacement). -* [phpRedisAdmin](https://github.com/erikdubbelboer/phpRedisAdmin) web-based Redis database manager. -* [phpMemcachedAdmin](https://github.com/elijaa/phpmemcachedadmin) web-based Memcached manager. -* [TinyFileManager](https://github.com/joglomedia/tinyfilemanager) alternative web-based filemanager (Experimental). +* Key-value store database with Redis. +* In-memory cache with Memcached. +* FTP server with VSFTPD or Pure-FTPd (_coming soon_). +* Web-based administration tools: + * [Adminer](https://www.adminer.org/) web-based SQL & MongoDB database manager (PhpMyAdmin replacement). + * [phpRedisAdmin](https://github.com/erikdubbelboer/phpRedisAdmin) web-based Redis database manager. + * [phpMemcachedAdmin](https://github.com/elijaa/phpmemcachedadmin) web-based Memcached manager. + * [TinyFileManager](https://github.com/joglomedia/tinyfilemanager) alternative web-based filemanager (Experimental). ## Setting Up * Ensure that you have git installed. -* Clone LEMPer Git repositroy, ```git clone https://github.com/joglomedia/LEMPer.git```. -* Enter LEMPer directory. -* Make a copy of .env.dist to .env ```cp .env.dist .env``` and replace the values. -* Execute install.sh file, ```sudo ./install.sh```. +* Clone LEMPer Git repositroy, ```git clone https://github.com/joglomedia/LEMPer.git``` +* Enter LEMPer directory +* Checkout to the desired version, ```git checkout 2.x.x``` +* Make a copy of .env.dist to .env ```cp .env.dist .env``` and replace the values ### Install LEMPer Stack @@ -81,22 +91,23 @@ Here are some examples of using LEMPer CLI. ##### LEMPer CLI add new vhost / website ```bash -sudo lemper-cli create -u ${USER} -d example.test -f wordpress -w ${HOME}/webapps/example.test --install-skeleton +lemper-cli site add -u ${USER} -d example.test -f wordpress \ +-w ${HOME}/webapps/example.test --install-app ``` :warning: For local/development environment, in order to make the test domain (e.g. example.test) working as expected, you need to do a small workaround by modifying the `/etc/hosts` file. By adding the local domain name to the hosts file and assign it with local/private IP address. -Since version 2.4.0 this workaround could be done via `lemper-cli` by passing `--ipv4` parameter and assign it with private IP address, as below: +Since version 2.4.0, this workaround could be done via `lemper-cli` by passing `--ipv4` parameter and assign it with private IP address, as below: ```bash -sudo lemper-cli create -u ${USER} -d example.test -f wordpress \ --w ${HOME}/webapps/example.test --ipv4=127.0.10.1 --install-skeleton +lemper-cli site add -u ${USER} -d example.test -f wordpress \ +-w ${HOME}/webapps/example.test --ipv4=127.0.10.1 --install-app ``` For more info ```bash -sudo lemper-cli create --help +lemper-cli site add --help ``` ##### LEMPer CLI manage vhost / website @@ -154,15 +165,18 @@ http://YOUR_DOMAIN_NAME:8082/lcp/filemanager * [x] Add network security (iptable rules, firewall configurator, else?) * [x] Add database backup tool (Mariabackup, Percona Xtrabackup, else?) * [x] Add enhanced security (AppArmor, cgroups, jailkit (chrooted/jail users), fail2ban, else?) +* [ ] Add CrowdSec a modern Host-based Intrusion Detection System (replacement option for Fail2ban) +* [ ] Add NodeJS installation to support modern web frontend development +* [ ] Add Pure-FTPd installation as an alternative option to VSFTPD * [ ] Add file backup tool (Borg, Duplicati, Rclone, Restic, Rsnapshot, else?) * [ ] Add server monitoring (Amplify, Monit, Nagios, else?) * [ ] Add user account & hosting package management -Add your feature [request here](https://github.com/joglomedia/LEMPer/issues/new) +Add your feature [request here](https://github.com/joglomedia/LEMPer/issues/new)! ## Security Vulnerabilities and Bugs -If you discover any security vulnerability or any bug within _LEMPer Stack_, please open an [issue](https://github.com/joglomedia/LEMPer/issues/new). +If you discover any security vulnerabilities or any bugs within _LEMPer Stack_, please open an [issue](https://github.com/joglomedia/LEMPer/issues/new). ## Contributing diff --git a/bin/lemper-cli.sh b/bin/lemper-cli.sh index 3f226017..70e31efa 100644 --- a/bin/lemper-cli.sh +++ b/bin/lemper-cli.sh @@ -3,7 +3,7 @@ # +-------------------------------------------------------------------------+ # | Lemper CLI - Simple LEMP Stack Manager | # +-------------------------------------------------------------------------+ -# | Copyright (c) 2014-2021 MasEDI.Net (https://masedi.net/lemper) | +# | Copyright (c) 2014-2022 MasEDI.Net (https://masedi.net/lemper) | # +-------------------------------------------------------------------------+ # | This source file is subject to the GNU General Public License | # | that is bundled with this package in the file LICENSE.md. | @@ -15,7 +15,9 @@ # | Authors: Edi Septriyanto | # +-------------------------------------------------------------------------+ -set -e +# Work even if somebody does "bash lemper-cli.sh". +#set -exv -o pipefail # For verbose output. +set -e -o pipefail # Version control. PROG_NAME=$(basename "$0") @@ -201,15 +203,15 @@ function init_lemper_cli() { . "${CLI_PLUGINS_DIR}/lemper-${CMD}" "$@" exit 0 else - echo "${PROG_NAME}: '${CMD}' is not ${PROG_NAME} command." - echo "See '${PROG_NAME} --help' for more information." + echo "${PROG_NAME}: '${CMD}' is not ${PROG_NAME} command" + echo "See '${PROG_NAME} --help' for more information" exit 1 fi ;; esac else - echo "${PROG_NAME}: missing required arguments." - echo "See '${PROG_NAME} --help' for more information." + echo "${PROG_NAME}: missing required arguments" + echo "See '${PROG_NAME} --help' for more information" exit 1 fi } diff --git a/etc/nginx/includes/compression_brotli.conf b/etc/nginx/includes/compression_brotli.conf index f3d6d3fe..92b0ee0f 100644 --- a/etc/nginx/includes/compression_brotli.conf +++ b/etc/nginx/includes/compression_brotli.conf @@ -66,9 +66,9 @@ brotli_buffers 16 8k; brotli_window 512k; # Up the minimum length a little to account for gzip overhead -# this means anything smaller than 50 bytes won't be compressed. +# this means anything smaller than 1024 bytes won't be compressed. # The default is 20 bytes, which is sooo tiny it's a waste to compress. -brotli_min_length 64; +brotli_min_length 1024; # Custom header. add_header X-Powered-By "LEMPer/Brotli"; diff --git a/etc/nginx/includes/compression_gzip.conf b/etc/nginx/includes/compression_gzip.conf index 30d0670c..f3086214 100644 --- a/etc/nginx/includes/compression_gzip.conf +++ b/etc/nginx/includes/compression_gzip.conf @@ -79,9 +79,9 @@ gzip_vary on; gzip_buffers 16 8k; # Up the minimum length a little to account for gzip overhead -# this means anything smaller than 50 bytes won't be compressed. +# this means anything smaller than 1024 bytes won't be compressed. # The default is 20 bytes, which is sooo tiny it's a waste to compress. -gzip_min_length 64; +gzip_min_length 1024; # Custom header. add_header X-Powered-By "LEMPer/Gzip"; diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf index 275d000c..879fbb24 100644 --- a/etc/nginx/nginx.conf +++ b/etc/nginx/nginx.conf @@ -23,6 +23,9 @@ http { # Override server name, requires headers-more-nginx-module enabled. #more_set_headers "Server: LEMPer"; + # Add necessary `lua_package_path` directive, requires lua-nginx-module enabled. + #lua_package_path "/usr/local/lib/lua/?.lua;;"; + # Default MIME types for files. include /etc/nginx/mime.types; default_type application/octet-stream; @@ -64,13 +67,15 @@ http { large_client_header_buffers 4 256k; client_max_body_size 20m; types_hash_max_size 2048; + variables_hash_bucket_size 128; + variables_hash_max_size 1024; # Connection tuning. reset_timedout_connection on; client_body_timeout 10s; client_header_timeout 10s; send_timeout 2s; - keepalive_timeout 30s; + keepalive_timeout 60s; keepalive_requests 100000; # Enable Compression. @@ -91,7 +96,7 @@ http { # SSL map. include /etc/nginx/fastcgi_https_map; - # Let NGiNX get the real client IP for its access logs. You can move this to server{} block. + # Let Nginx get the real client IP for its access logs. You can move this to server{} block. # Uncomment if you're using frontend http accelerator or loadbalancer such as haproxy/varnish. #include /etc/nginx/http_proxy_ips; diff --git a/etc/php/5.6/fpm/pool.d/lemper.conf b/etc/php/5.6/fpm/pool.d/lemper.conf index 3d50be59..c3ec932c 100644 --- a/etc/php/5.6/fpm/pool.d/lemper.conf +++ b/etc/php/5.6/fpm/pool.d/lemper.conf @@ -5,19 +5,22 @@ group = lemper listen = /run/php/php5.6-fpm.$pool.sock listen.owner = lemper listen.group = lemper -listen.mode = 0666 -;listen.allowed_clients = 127.0.0.1 +listen.mode = 0660 +;listen.allowed_clients = 125.6.0.1 -; Custom PHP-FPM optimization here -; adjust to meet your needs. +; Custom PHP-FPM optimization, adjust here to meet your specs. +; Default value here is optimized for a single CPU with at least 1GB RAM. pm = dynamic -pm.max_children = 5 -pm.start_servers = 2 -pm.min_spare_servers = 1 -pm.max_spare_servers = 3 -pm.process_idle_timeout = 30s; +pm.max_children = 30 +pm.start_servers = 5 +pm.min_spare_servers = 5 +pm.max_spare_servers = 20 +pm.process_idle_timeout = 30s pm.max_requests = 500 +pm.status_path = /status +ping.path = /ping + slowlog = /home/lemper/logs/php/php5.6-fpm_slow.log request_slowlog_timeout = 10s @@ -29,20 +32,29 @@ chdir = /home/lemper security.limit_extensions = .php .php5 .php56 -; Custom PHP ini settings. -php_flag[display_errors] = On -;php_admin_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT +; Custom PHP ini settings for LEMPer Stack. +php_admin_value[open_basedir] = /home/lemper ;php_admin_value[disable_functions] = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,passthru,popen,proc_open,shell_exec,system -php_admin_flag[log_errors] = On -;php_admin_value[error_log] = /var/log/php/php5.6-fpm.$pool.log +;php_admin_value[disable_classes] = +php_admin_flag[log_errors] = on php_admin_value[error_log] = /home/lemper/logs/php/php5.6-fpm.log -php_admin_value[date.timezone] = UTC -php_admin_value[memory_limit] = 128M -php_admin_value[opcache.file_cache] = /home/lemper/.lemper/php/opcache -php_admin_value[open_basedir] = /home/lemper -php_admin_value[session.save_path] = /home/lemper/.lemper/php/sessions php_admin_value[sys_temp_dir] = /home/lemper/.lemper/tmp php_admin_value[upload_tmp_dir] = /home/lemper/.lemper/tmp -php_admin_value[upload_max_filesize] = 20M -php_admin_value[post_max_size] = 20M -;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f you@yourmail.com +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +php_admin_value[opcache.file_cache] = /home/lemper/.lemper/tmp/php_opcache + +; Configuration below can be overwritten from PHP call 'ini_set'. +php_flag[short_open_tag] = off +php_value[max_execution_time] = 300 +php_value[max_input_time] = 60 +php_value[memory_limit] = 128M +php_value[post_max_size] = 50M +php_flag[file_uploads] = on +php_value[upload_max_filesize] = 50M +php_value[max_file_uploads] = 20 +php_value[default_socket_timeout] = 60 +php_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT +php_flag[display_errors] = on +php_flag[cgi.fix_pathinfo] = 1 +php_value[date.timezone] = UTC +php_value[session.save_path] = /home/lemper/.lemper/tmp/php_sessions diff --git a/etc/php/5.6/fpm/pool.d/www.conf b/etc/php/5.6/fpm/pool.d/www.conf index 0797a88e..a89d675e 100644 --- a/etc/php/5.6/fpm/pool.d/www.conf +++ b/etc/php/5.6/fpm/pool.d/www.conf @@ -368,18 +368,30 @@ security.limit_extensions = .php .php5 .php56 ; Default Value: nothing is defined by default except the values in php.ini and ; specified at startup with the -d argument -;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com -php_flag[display_errors] = On -;php_admin_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT + +; Custom PHP ini settings for LEMPer Stack. +php_admin_value[open_basedir] = /usr/share/nginx/html ;php_admin_value[disable_functions] = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,passthru,popen,proc_open,shell_exec,system -php_admin_flag[log_errors] = On +;php_admin_value[disable_classes] = +php_admin_flag[log_errors] = on php_admin_value[error_log] = /var/log/php/php5.6-fpm.$pool.log -php_admin_value[date.timezone] = UTC -php_admin_value[memory_limit] = 128M -php_admin_value[opcache.file_cache] = /usr/share/nginx/html/.lemper/php/opcache -php_admin_value[open_basedir] = /usr/share/nginx/html -php_admin_value[session.save_path] = /usr/share/nginx/html/.lemper/php/sessions php_admin_value[sys_temp_dir] = /usr/share/nginx/html/.lemper/tmp php_admin_value[upload_tmp_dir] = /usr/share/nginx/html/.lemper/tmp -php_admin_value[upload_max_filesize] = 20M -php_admin_value[post_max_size] = 20M +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +php_admin_value[opcache.file_cache] = /usr/share/nginx/html/.lemper/tmp/php_opcache + +; Configuration below can be overwritten from PHP call 'ini_set'. +php_flag[short_open_tag] = off +php_value[max_execution_time] = 300 +php_value[max_input_time] = 60 +php_value[memory_limit] = 128M +php_value[post_max_size] = 50M +php_flag[file_uploads] = on +php_value[upload_max_filesize] = 50M +php_value[max_file_uploads] = 20 +php_value[default_socket_timeout] = 60 +php_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT +php_flag[display_errors] = on +php_flag[cgi.fix_pathinfo] = 1 +php_value[date.timezone] = UTC +php_value[session.save_path] = /usr/share/nginx/html/.lemper/tmp/php_sessions diff --git a/etc/php/7.0/fpm/pool.d/lemper.conf b/etc/php/7.0/fpm/pool.d/lemper.conf index 923f3e2e..efc6e804 100644 --- a/etc/php/7.0/fpm/pool.d/lemper.conf +++ b/etc/php/7.0/fpm/pool.d/lemper.conf @@ -5,17 +5,17 @@ group = lemper listen = /run/php/php7.0-fpm.$pool.sock listen.owner = lemper listen.group = lemper -listen.mode = 0666 -;listen.allowed_clients = 127.0.0.1 +listen.mode = 0660 +;listen.allowed_clients = 127.1.0.1 -; Custom PHP-FPM optimization here -; adjust to meet your needs. +; Custom PHP-FPM optimization, adjust here to meet your specs. +; Default value here is optimized for a single CPU with at least 1GB RAM. pm = dynamic -pm.max_children = 5 -pm.start_servers = 2 -pm.min_spare_servers = 1 -pm.max_spare_servers = 3 -pm.process_idle_timeout = 30s; +pm.max_children = 30 +pm.start_servers = 5 +pm.min_spare_servers = 5 +pm.max_spare_servers = 20 +pm.process_idle_timeout = 30s pm.max_requests = 500 pm.status_path = /status @@ -32,20 +32,29 @@ chdir = /home/lemper security.limit_extensions = .php .php7 .php70 -; Custom PHP ini settings. -php_flag[display_errors] = On -;php_admin_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT +; Custom PHP ini settings for LEMPer Stack. +php_admin_value[open_basedir] = /home/lemper ;php_admin_value[disable_functions] = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,passthru,popen,proc_open,shell_exec,system -php_admin_flag[log_errors] = On -;php_admin_value[error_log] = /var/log/php/php8.1-fpm.$pool.log +;php_admin_value[disable_classes] = +php_admin_flag[log_errors] = on php_admin_value[error_log] = /home/lemper/logs/php/php7.0-fpm.log -php_admin_value[date.timezone] = UTC -php_admin_value[memory_limit] = 128M -php_admin_value[opcache.file_cache] = /home/lemper/.lemper/php/opcache -php_admin_value[open_basedir] = /home/lemper -php_admin_value[session.save_path] = /home/lemper/.lemper/php/sessions php_admin_value[sys_temp_dir] = /home/lemper/.lemper/tmp php_admin_value[upload_tmp_dir] = /home/lemper/.lemper/tmp -php_admin_value[upload_max_filesize] = 20M -php_admin_value[post_max_size] = 20M -;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f you@yourmail.com +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +php_admin_value[opcache.file_cache] = /home/lemper/.lemper/tmp/php_opcache + +; Configuration below can be overwritten from PHP call 'ini_set'. +php_flag[short_open_tag] = off +php_value[max_execution_time] = 300 +php_value[max_input_time] = 60 +php_value[memory_limit] = 128M +php_value[post_max_size] = 50M +php_flag[file_uploads] = on +php_value[upload_max_filesize] = 50M +php_value[max_file_uploads] = 20 +php_value[default_socket_timeout] = 60 +php_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT +php_flag[display_errors] = on +php_flag[cgi.fix_pathinfo] = 1 +php_value[date.timezone] = UTC +php_value[session.save_path] = /home/lemper/.lemper/tmp/php_sessions diff --git a/etc/php/7.0/fpm/pool.d/www.conf b/etc/php/7.0/fpm/pool.d/www.conf index 9eabad50..42026405 100644 --- a/etc/php/7.0/fpm/pool.d/www.conf +++ b/etc/php/7.0/fpm/pool.d/www.conf @@ -412,18 +412,30 @@ security.limit_extensions = .php .php7 .php70 ; Default Value: nothing is defined by default except the values in php.ini and ; specified at startup with the -d argument -;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com -php_flag[display_errors] = On -;php_admin_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT + +; Custom PHP ini settings for LEMPer Stack. +php_admin_value[open_basedir] = /usr/share/nginx/html ;php_admin_value[disable_functions] = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,passthru,popen,proc_open,shell_exec,system -php_admin_flag[log_errors] = On +;php_admin_value[disable_classes] = +php_admin_flag[log_errors] = on php_admin_value[error_log] = /var/log/php/php7.0-fpm.$pool.log -php_admin_value[date.timezone] = UTC -php_admin_value[memory_limit] = 128M -php_admin_value[opcache.file_cache] = /usr/share/nginx/html/.lemper/php/opcache -php_admin_value[open_basedir] = /usr/share/nginx/html -php_admin_value[session.save_path] = /usr/share/nginx/html/.lemper/php/sessions php_admin_value[sys_temp_dir] = /usr/share/nginx/html/.lemper/tmp php_admin_value[upload_tmp_dir] = /usr/share/nginx/html/.lemper/tmp -php_admin_value[upload_max_filesize] = 20M -php_admin_value[post_max_size] = 20M +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +php_admin_value[opcache.file_cache] = /usr/share/nginx/html/.lemper/tmp/php_opcache + +; Configuration below can be overwritten from PHP call 'ini_set'. +php_flag[short_open_tag] = off +php_value[max_execution_time] = 300 +php_value[max_input_time] = 60 +php_value[memory_limit] = 128M +php_value[post_max_size] = 50M +php_flag[file_uploads] = on +php_value[upload_max_filesize] = 50M +php_value[max_file_uploads] = 20 +php_value[default_socket_timeout] = 60 +php_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT +php_flag[display_errors] = on +php_flag[cgi.fix_pathinfo] = 1 +php_value[date.timezone] = UTC +php_value[session.save_path] = /usr/share/nginx/html/.lemper/tmp/php_sessions diff --git a/etc/php/7.1/fpm/pool.d/lemper.conf b/etc/php/7.1/fpm/pool.d/lemper.conf index 08a919be..39f3ef05 100644 --- a/etc/php/7.1/fpm/pool.d/lemper.conf +++ b/etc/php/7.1/fpm/pool.d/lemper.conf @@ -5,17 +5,17 @@ group = lemper listen = /run/php/php7.1-fpm.$pool.sock listen.owner = lemper listen.group = lemper -listen.mode = 0666 +listen.mode = 0660 ;listen.allowed_clients = 127.1.0.1 -; Custom PHP-FPM optimization here -; adjust to meet your needs. +; Custom PHP-FPM optimization, adjust here to meet your specs. +; Default value here is optimized for a single CPU with at least 1GB RAM. pm = dynamic -pm.max_children = 5 -pm.start_servers = 2 -pm.min_spare_servers = 1 -pm.max_spare_servers = 3 -pm.process_idle_timeout = 30s; +pm.max_children = 30 +pm.start_servers = 5 +pm.min_spare_servers = 5 +pm.max_spare_servers = 20 +pm.process_idle_timeout = 30s pm.max_requests = 500 pm.status_path = /status @@ -32,20 +32,29 @@ chdir = /home/lemper security.limit_extensions = .php .php7 .php71 -; Custom PHP ini settings. -php_flag[display_errors] = On -;php_admin_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT +; Custom PHP ini settings for LEMPer Stack. +php_admin_value[open_basedir] = /home/lemper ;php_admin_value[disable_functions] = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,passthru,popen,proc_open,shell_exec,system -php_admin_flag[log_errors] = On -;php_admin_value[error_log] = /var/log/php/php7.1-fpm.$pool.log +;php_admin_value[disable_classes] = +php_admin_flag[log_errors] = on php_admin_value[error_log] = /home/lemper/logs/php/php7.1-fpm.log -php_admin_value[date.timezone] = UTC -php_admin_value[memory_limit] = 128M -php_admin_value[opcache.file_cache] = /home/lemper/.lemper/php/opcache -php_admin_value[open_basedir] = /home/lemper -php_admin_value[session.save_path] = /home/lemper/.lemper/php/sessions php_admin_value[sys_temp_dir] = /home/lemper/.lemper/tmp php_admin_value[upload_tmp_dir] = /home/lemper/.lemper/tmp -php_admin_value[upload_max_filesize] = 20M -php_admin_value[post_max_size] = 20M -;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f you@yourmail.com +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +php_admin_value[opcache.file_cache] = /home/lemper/.lemper/tmp/php_opcache + +; Configuration below can be overwritten from PHP call 'ini_set'. +php_flag[short_open_tag] = off +php_value[max_execution_time] = 300 +php_value[max_input_time] = 60 +php_value[memory_limit] = 128M +php_value[post_max_size] = 50M +php_flag[file_uploads] = on +php_value[upload_max_filesize] = 50M +php_value[max_file_uploads] = 20 +php_value[default_socket_timeout] = 60 +php_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT +php_flag[display_errors] = on +php_flag[cgi.fix_pathinfo] = 1 +php_value[date.timezone] = UTC +php_value[session.save_path] = /home/lemper/.lemper/tmp/php_sessions diff --git a/etc/php/7.1/fpm/pool.d/www.conf b/etc/php/7.1/fpm/pool.d/www.conf index 616ecec0..604a35eb 100644 --- a/etc/php/7.1/fpm/pool.d/www.conf +++ b/etc/php/7.1/fpm/pool.d/www.conf @@ -412,18 +412,30 @@ security.limit_extensions = .php .php7 .php71 ; Default Value: nothing is defined by default except the values in php.ini and ; specified at startup with the -d argument -;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com -php_flag[display_errors] = On -;php_admin_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT + +; Custom PHP ini settings for LEMPer Stack. +php_admin_value[open_basedir] = /usr/share/nginx/html ;php_admin_value[disable_functions] = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,passthru,popen,proc_open,shell_exec,system -php_admin_flag[log_errors] = On +;php_admin_value[disable_classes] = +php_admin_flag[log_errors] = on php_admin_value[error_log] = /var/log/php/php7.1-fpm.$pool.log -php_admin_value[date.timezone] = UTC -php_admin_value[memory_limit] = 128M -php_admin_value[opcache.file_cache] = /usr/share/nginx/html/.lemper/php/opcache -php_admin_value[open_basedir] = /usr/share/nginx/html -php_admin_value[session.save_path] = /usr/share/nginx/html/.lemper/php/sessions php_admin_value[sys_temp_dir] = /usr/share/nginx/html/.lemper/tmp php_admin_value[upload_tmp_dir] = /usr/share/nginx/html/.lemper/tmp -php_admin_value[upload_max_filesize] = 20M -php_admin_value[post_max_size] = 20M +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +php_admin_value[opcache.file_cache] = /usr/share/nginx/html/.lemper/tmp/php_opcache + +; Configuration below can be overwritten from PHP call 'ini_set'. +php_flag[short_open_tag] = off +php_value[max_execution_time] = 300 +php_value[max_input_time] = 60 +php_value[memory_limit] = 128M +php_value[post_max_size] = 50M +php_flag[file_uploads] = on +php_value[upload_max_filesize] = 50M +php_value[max_file_uploads] = 20 +php_value[default_socket_timeout] = 60 +php_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT +php_flag[display_errors] = on +php_flag[cgi.fix_pathinfo] = 1 +php_value[date.timezone] = UTC +php_value[session.save_path] = /usr/share/nginx/html/.lemper/tmp/php_sessions diff --git a/etc/php/7.2/fpm/pool.d/lemper.conf b/etc/php/7.2/fpm/pool.d/lemper.conf index c876cb85..4bc564d2 100644 --- a/etc/php/7.2/fpm/pool.d/lemper.conf +++ b/etc/php/7.2/fpm/pool.d/lemper.conf @@ -5,17 +5,17 @@ group = lemper listen = /run/php/php7.2-fpm.$pool.sock listen.owner = lemper listen.group = lemper -listen.mode = 0666 +listen.mode = 0660 ;listen.allowed_clients = 127.1.0.1 -; Custom PHP-FPM optimization here -; adjust to meet your needs. +; Custom PHP-FPM optimization, adjust here to meet your specs. +; Default value here is optimized for a single CPU with at least 1GB RAM. pm = dynamic -pm.max_children = 5 -pm.start_servers = 2 -pm.min_spare_servers = 1 -pm.max_spare_servers = 3 -pm.process_idle_timeout = 30s; +pm.max_children = 30 +pm.start_servers = 5 +pm.min_spare_servers = 5 +pm.max_spare_servers = 20 +pm.process_idle_timeout = 30s pm.max_requests = 500 pm.status_path = /status @@ -32,20 +32,29 @@ chdir = /home/lemper security.limit_extensions = .php .php7 .php72 -; Custom PHP ini settings. -php_flag[display_errors] = On -;php_admin_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT +; Custom PHP ini settings for LEMPer Stack. +php_admin_value[open_basedir] = /home/lemper ;php_admin_value[disable_functions] = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,passthru,popen,proc_open,shell_exec,system -php_admin_flag[log_errors] = On -;php_admin_value[error_log] = /var/log/php/php7.2-fpm.$pool.log +;php_admin_value[disable_classes] = +php_admin_flag[log_errors] = on php_admin_value[error_log] = /home/lemper/logs/php/php7.2-fpm.log -php_admin_value[date.timezone] = UTC -php_admin_value[memory_limit] = 128M -php_admin_value[opcache.file_cache] = /home/lemper/.lemper/php/opcache -php_admin_value[open_basedir] = /home/lemper -php_admin_value[session.save_path] = /home/lemper/.lemper/php/sessions php_admin_value[sys_temp_dir] = /home/lemper/.lemper/tmp php_admin_value[upload_tmp_dir] = /home/lemper/.lemper/tmp -php_admin_value[upload_max_filesize] = 20M -php_admin_value[post_max_size] = 20M -;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f you@yourmail.com +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +php_admin_value[opcache.file_cache] = /home/lemper/.lemper/tmp/php_opcache + +; Configuration below can be overwritten from PHP call 'ini_set'. +php_flag[short_open_tag] = off +php_value[max_execution_time] = 300 +php_value[max_input_time] = 60 +php_value[memory_limit] = 128M +php_value[post_max_size] = 50M +php_flag[file_uploads] = on +php_value[upload_max_filesize] = 50M +php_value[max_file_uploads] = 20 +php_value[default_socket_timeout] = 60 +php_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT +php_flag[display_errors] = on +php_flag[cgi.fix_pathinfo] = 1 +php_value[date.timezone] = UTC +php_value[session.save_path] = /home/lemper/.lemper/tmp/php_sessions diff --git a/etc/php/7.2/fpm/pool.d/www.conf b/etc/php/7.2/fpm/pool.d/www.conf index 962db7a3..956350f0 100644 --- a/etc/php/7.2/fpm/pool.d/www.conf +++ b/etc/php/7.2/fpm/pool.d/www.conf @@ -412,18 +412,30 @@ security.limit_extensions = .php .php7 .php72 ; Default Value: nothing is defined by default except the values in php.ini and ; specified at startup with the -d argument -;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com -php_flag[display_errors] = On -;php_admin_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT + +; Custom PHP ini settings for LEMPer Stack. +php_admin_value[open_basedir] = /usr/share/nginx/html ;php_admin_value[disable_functions] = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,passthru,popen,proc_open,shell_exec,system -php_admin_flag[log_errors] = On +;php_admin_value[disable_classes] = +php_admin_flag[log_errors] = on php_admin_value[error_log] = /var/log/php/php7.2-fpm.$pool.log -php_admin_value[date.timezone] = UTC -php_admin_value[memory_limit] = 128M -php_admin_value[opcache.file_cache] = /usr/share/nginx/html/.lemper/php/opcache -php_admin_value[open_basedir] = /usr/share/nginx/html -php_admin_value[session.save_path] = /usr/share/nginx/html/.lemper/php/sessions php_admin_value[sys_temp_dir] = /usr/share/nginx/html/.lemper/tmp php_admin_value[upload_tmp_dir] = /usr/share/nginx/html/.lemper/tmp -php_admin_value[upload_max_filesize] = 20M -php_admin_value[post_max_size] = 20M +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +php_admin_value[opcache.file_cache] = /usr/share/nginx/html/.lemper/tmp/php_opcache + +; Configuration below can be overwritten from PHP call 'ini_set'. +php_flag[short_open_tag] = off +php_value[max_execution_time] = 300 +php_value[max_input_time] = 60 +php_value[memory_limit] = 128M +php_value[post_max_size] = 50M +php_flag[file_uploads] = on +php_value[upload_max_filesize] = 50M +php_value[max_file_uploads] = 20 +php_value[default_socket_timeout] = 60 +php_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT +php_flag[display_errors] = on +php_flag[cgi.fix_pathinfo] = 1 +php_value[date.timezone] = UTC +php_value[session.save_path] = /usr/share/nginx/html/.lemper/tmp/php_sessions diff --git a/etc/php/7.3/fpm/pool.d/lemper.conf b/etc/php/7.3/fpm/pool.d/lemper.conf index 538ed8e9..5064c21c 100644 --- a/etc/php/7.3/fpm/pool.d/lemper.conf +++ b/etc/php/7.3/fpm/pool.d/lemper.conf @@ -5,16 +5,16 @@ group = lemper listen = /run/php/php7.3-fpm.$pool.sock listen.owner = lemper listen.group = lemper -listen.mode = 0666 +listen.mode = 0660 ;listen.allowed_clients = 127.1.0.1 -; Custom PHP-FPM optimization -; adjust here to meet your needs. +; Custom PHP-FPM optimization, adjust here to meet your specs. +; Default value here is optimized for a single CPU with at least 1GB RAM. pm = dynamic -pm.max_children = 5 -pm.start_servers = 2 -pm.min_spare_servers = 1 -pm.max_spare_servers = 3 +pm.max_children = 30 +pm.start_servers = 5 +pm.min_spare_servers = 5 +pm.max_spare_servers = 20 pm.process_idle_timeout = 30s pm.max_requests = 500 @@ -32,20 +32,29 @@ chdir = /home/lemper security.limit_extensions = .php .php7 .php73 -; Custom PHP ini settings. -php_flag[display_errors] = On -;php_admin_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT +; Custom PHP ini settings for LEMPer Stack. +php_admin_value[open_basedir] = /home/lemper ;php_admin_value[disable_functions] = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,passthru,popen,proc_open,shell_exec,system -php_admin_flag[log_errors] = On -;php_admin_value[error_log] = /var/log/php/php7.3-fpm.$pool.log +;php_admin_value[disable_classes] = +php_admin_flag[log_errors] = on php_admin_value[error_log] = /home/lemper/logs/php/php7.3-fpm.log -php_admin_value[date.timezone] = UTC -php_admin_value[memory_limit] = 128M -php_admin_value[opcache.file_cache] = /home/lemper/.lemper/php/opcache -php_admin_value[open_basedir] = /home/lemper -php_admin_value[session.save_path] = /home/lemper/.lemper/php/sessions php_admin_value[sys_temp_dir] = /home/lemper/.lemper/tmp php_admin_value[upload_tmp_dir] = /home/lemper/.lemper/tmp -php_admin_value[upload_max_filesize] = 20M -php_admin_value[post_max_size] = 20M -;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f you@yourmail.com +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +php_admin_value[opcache.file_cache] = /home/lemper/.lemper/tmp/php_opcache + +; Configuration below can be overwritten from PHP call 'ini_set'. +php_flag[short_open_tag] = off +php_value[max_execution_time] = 300 +php_value[max_input_time] = 60 +php_value[memory_limit] = 128M +php_value[post_max_size] = 50M +php_flag[file_uploads] = on +php_value[upload_max_filesize] = 50M +php_value[max_file_uploads] = 20 +php_value[default_socket_timeout] = 60 +php_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT +php_flag[display_errors] = on +php_flag[cgi.fix_pathinfo] = 1 +php_value[date.timezone] = UTC +php_value[session.save_path] = /home/lemper/.lemper/tmp/php_sessions diff --git a/etc/php/7.3/fpm/pool.d/www.conf b/etc/php/7.3/fpm/pool.d/www.conf index 753001ec..c119cce7 100644 --- a/etc/php/7.3/fpm/pool.d/www.conf +++ b/etc/php/7.3/fpm/pool.d/www.conf @@ -428,18 +428,30 @@ security.limit_extensions = .php .php7 .php73 ; Default Value: nothing is defined by default except the values in php.ini and ; specified at startup with the -d argument -;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com -php_flag[display_errors] = On -;php_admin_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT + +; Custom PHP ini settings for LEMPer Stack. +php_admin_value[open_basedir] = /usr/share/nginx/html ;php_admin_value[disable_functions] = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,passthru,popen,proc_open,shell_exec,system -php_admin_flag[log_errors] = On +;php_admin_value[disable_classes] = +php_admin_flag[log_errors] = on php_admin_value[error_log] = /var/log/php/php7.3-fpm.$pool.log -php_admin_value[date.timezone] = UTC -php_admin_value[memory_limit] = 128M -php_admin_value[opcache.file_cache] = /usr/share/nginx/html/.lemper/php/opcache -php_admin_value[open_basedir] = /usr/share/nginx/html -php_admin_value[session.save_path] = /usr/share/nginx/html/.lemper/php/sessions php_admin_value[sys_temp_dir] = /usr/share/nginx/html/.lemper/tmp php_admin_value[upload_tmp_dir] = /usr/share/nginx/html/.lemper/tmp -php_admin_value[upload_max_filesize] = 20M -php_admin_value[post_max_size] = 20M +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +php_admin_value[opcache.file_cache] = /usr/share/nginx/html/.lemper/tmp/php_opcache + +; Configuration below can be overwritten from PHP call 'ini_set'. +php_flag[short_open_tag] = off +php_value[max_execution_time] = 300 +php_value[max_input_time] = 60 +php_value[memory_limit] = 128M +php_value[post_max_size] = 50M +php_flag[file_uploads] = on +php_value[upload_max_filesize] = 50M +php_value[max_file_uploads] = 20 +php_value[default_socket_timeout] = 60 +php_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT +php_flag[display_errors] = on +php_flag[cgi.fix_pathinfo] = 1 +php_value[date.timezone] = UTC +php_value[session.save_path] = /usr/share/nginx/html/.lemper/tmp/php_sessions diff --git a/etc/php/7.4/fpm/pool.d/lemper.conf b/etc/php/7.4/fpm/pool.d/lemper.conf index f74abd61..2d490ffb 100644 --- a/etc/php/7.4/fpm/pool.d/lemper.conf +++ b/etc/php/7.4/fpm/pool.d/lemper.conf @@ -5,16 +5,16 @@ group = lemper listen = /run/php/php7.4-fpm.$pool.sock listen.owner = lemper listen.group = lemper -listen.mode = 0666 +listen.mode = 0660 ;listen.allowed_clients = 127.1.0.1 -; Custom PHP-FPM optimization -; adjust here to meet your needs. +; Custom PHP-FPM optimization, adjust here to meet your specs. +; Default value here is optimized for a single CPU with at least 1GB RAM. pm = dynamic -pm.max_children = 5 -pm.start_servers = 2 -pm.min_spare_servers = 1 -pm.max_spare_servers = 3 +pm.max_children = 30 +pm.start_servers = 5 +pm.min_spare_servers = 5 +pm.max_spare_servers = 20 pm.process_idle_timeout = 30s pm.max_requests = 500 @@ -32,20 +32,29 @@ chdir = /home/lemper security.limit_extensions = .php .php7 .php74 -; Custom PHP ini settings. -php_flag[display_errors] = On -;php_admin_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT +; Custom PHP ini settings for LEMPer Stack. +php_admin_value[open_basedir] = /home/lemper ;php_admin_value[disable_functions] = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,passthru,popen,proc_open,shell_exec,system -php_admin_flag[log_errors] = On -;php_admin_value[error_log] = /var/log/php/php7.4-fpm.$pool.log +;php_admin_value[disable_classes] = +php_admin_flag[log_errors] = on php_admin_value[error_log] = /home/lemper/logs/php/php7.4-fpm.log -php_admin_value[date.timezone] = UTC -php_admin_value[memory_limit] = 128M -php_admin_value[opcache.file_cache] = /home/lemper/.lemper/php/opcache -php_admin_value[open_basedir] = /home/lemper -php_admin_value[session.save_path] = /home/lemper/.lemper/php/sessions php_admin_value[sys_temp_dir] = /home/lemper/.lemper/tmp php_admin_value[upload_tmp_dir] = /home/lemper/.lemper/tmp -php_admin_value[upload_max_filesize] = 20M -php_admin_value[post_max_size] = 20M -;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f you@yourmail.com +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +php_admin_value[opcache.file_cache] = /home/lemper/.lemper/tmp/php_opcache + +; Configuration below can be overwritten from PHP call 'ini_set'. +php_flag[short_open_tag] = off +php_value[max_execution_time] = 300 +php_value[max_input_time] = 60 +php_value[memory_limit] = 128M +php_value[post_max_size] = 50M +php_flag[file_uploads] = on +php_value[upload_max_filesize] = 50M +php_value[max_file_uploads] = 20 +php_value[default_socket_timeout] = 60 +php_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT +php_flag[display_errors] = on +php_flag[cgi.fix_pathinfo] = 1 +php_value[date.timezone] = UTC +php_value[session.save_path] = /home/lemper/.lemper/tmp/php_sessions diff --git a/etc/php/7.4/fpm/pool.d/www.conf b/etc/php/7.4/fpm/pool.d/www.conf index 698d0373..80a85d76 100644 --- a/etc/php/7.4/fpm/pool.d/www.conf +++ b/etc/php/7.4/fpm/pool.d/www.conf @@ -429,18 +429,30 @@ security.limit_extensions = .php .php7 .php74 ; Default Value: nothing is defined by default except the values in php.ini and ; specified at startup with the -d argument -;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com -php_flag[display_errors] = On -;php_admin_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT + +; Custom PHP ini settings for LEMPer Stack. +php_admin_value[open_basedir] = /usr/share/nginx/html ;php_admin_value[disable_functions] = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,passthru,popen,proc_open,shell_exec,system -php_admin_flag[log_errors] = On +;php_admin_value[disable_classes] = +php_admin_flag[log_errors] = on php_admin_value[error_log] = /var/log/php/php7.4-fpm.$pool.log -php_admin_value[date.timezone] = UTC -php_admin_value[memory_limit] = 128M -php_admin_value[opcache.file_cache] = /usr/share/nginx/html/.lemper/php/opcache -php_admin_value[open_basedir] = /usr/share/nginx/html -php_admin_value[session.save_path] = /usr/share/nginx/html/.lemper/php/sessions php_admin_value[sys_temp_dir] = /usr/share/nginx/html/.lemper/tmp php_admin_value[upload_tmp_dir] = /usr/share/nginx/html/.lemper/tmp -php_admin_value[upload_max_filesize] = 20M -php_admin_value[post_max_size] = 20M +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +php_admin_value[opcache.file_cache] = /usr/share/nginx/html/.lemper/tmp/php_opcache + +; Configuration below can be overwritten from PHP call 'ini_set'. +php_flag[short_open_tag] = off +php_value[max_execution_time] = 300 +php_value[max_input_time] = 60 +php_value[memory_limit] = 128M +php_value[post_max_size] = 50M +php_flag[file_uploads] = on +php_value[upload_max_filesize] = 50M +php_value[max_file_uploads] = 20 +php_value[default_socket_timeout] = 60 +php_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT +php_flag[display_errors] = on +php_flag[cgi.fix_pathinfo] = 1 +php_value[date.timezone] = UTC +php_value[session.save_path] = /usr/share/nginx/html/.lemper/tmp/php_sessions diff --git a/etc/php/8.0/fpm/pool.d/lemper.conf b/etc/php/8.0/fpm/pool.d/lemper.conf index 7242b11d..181ffd45 100644 --- a/etc/php/8.0/fpm/pool.d/lemper.conf +++ b/etc/php/8.0/fpm/pool.d/lemper.conf @@ -5,16 +5,16 @@ group = lemper listen = /run/php/php8.0-fpm.$pool.sock listen.owner = lemper listen.group = lemper -listen.mode = 0666 +listen.mode = 0660 ;listen.allowed_clients = 127.1.0.1 -; Custom PHP-FPM optimization -; adjust here to meet your needs. +; Custom PHP-FPM optimization, adjust here to meet your specs. +; Default value here is optimized for a single CPU with at least 1GB RAM. pm = dynamic -pm.max_children = 5 -pm.start_servers = 2 -pm.min_spare_servers = 1 -pm.max_spare_servers = 3 +pm.max_children = 30 +pm.start_servers = 5 +pm.min_spare_servers = 5 +pm.max_spare_servers = 20 pm.process_idle_timeout = 30s pm.max_requests = 500 @@ -32,20 +32,29 @@ chdir = /home/lemper security.limit_extensions = .php .php8 .php80 -; Custom PHP ini settings. -php_flag[display_errors] = On -;php_admin_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT +; Custom PHP ini settings for LEMPer Stack. +php_admin_value[open_basedir] = /home/lemper ;php_admin_value[disable_functions] = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,passthru,popen,proc_open,shell_exec,system -php_admin_flag[log_errors] = On -;php_admin_value[error_log] = /var/log/php/php8.0-fpm.$pool.log +;php_admin_value[disable_classes] = +php_admin_flag[log_errors] = on php_admin_value[error_log] = /home/lemper/logs/php/php8.0-fpm.log -php_admin_value[date.timezone] = UTC -php_admin_value[memory_limit] = 128M -php_admin_value[opcache.file_cache] = /home/lemper/.lemper/php/opcache -php_admin_value[open_basedir] = /home/lemper -php_admin_value[session.save_path] = /home/lemper/.lemper/php/sessions php_admin_value[sys_temp_dir] = /home/lemper/.lemper/tmp php_admin_value[upload_tmp_dir] = /home/lemper/.lemper/tmp -php_admin_value[upload_max_filesize] = 20M -php_admin_value[post_max_size] = 20M -;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f you@yourmail.com +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +php_admin_value[opcache.file_cache] = /home/lemper/.lemper/tmp/php_opcache + +; Configuration below can be overwritten from PHP call 'ini_set'. +php_flag[short_open_tag] = off +php_value[max_execution_time] = 300 +php_value[max_input_time] = 60 +php_value[memory_limit] = 128M +php_value[post_max_size] = 50M +php_flag[file_uploads] = on +php_value[upload_max_filesize] = 50M +php_value[max_file_uploads] = 20 +php_value[default_socket_timeout] = 60 +php_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT +php_flag[display_errors] = on +php_flag[cgi.fix_pathinfo] = 1 +php_value[date.timezone] = UTC +php_value[session.save_path] = /home/lemper/.lemper/tmp/php_sessions diff --git a/etc/php/8.0/fpm/pool.d/www.conf b/etc/php/8.0/fpm/pool.d/www.conf index 687bbc60..d25d3494 100644 --- a/etc/php/8.0/fpm/pool.d/www.conf +++ b/etc/php/8.0/fpm/pool.d/www.conf @@ -429,18 +429,30 @@ security.limit_extensions = .php .php8 .php80 ; Default Value: nothing is defined by default except the values in php.ini and ; specified at startup with the -d argument -;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com -php_flag[display_errors] = On -;php_admin_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT + +; Custom PHP ini settings for LEMPer Stack. +php_admin_value[open_basedir] = /usr/share/nginx/html ;php_admin_value[disable_functions] = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,passthru,popen,proc_open,shell_exec,system -php_admin_flag[log_errors] = On +;php_admin_value[disable_classes] = +php_admin_flag[log_errors] = on php_admin_value[error_log] = /var/log/php/php8.0-fpm.$pool.log -php_admin_value[date.timezone] = UTC -php_admin_value[memory_limit] = 128M -php_admin_value[opcache.file_cache] = /usr/share/nginx/html/.lemper/php/opcache -php_admin_value[open_basedir] = /usr/share/nginx/html -php_admin_value[session.save_path] = /usr/share/nginx/html/.lemper/php/sessions php_admin_value[sys_temp_dir] = /usr/share/nginx/html/.lemper/tmp php_admin_value[upload_tmp_dir] = /usr/share/nginx/html/.lemper/tmp -php_admin_value[upload_max_filesize] = 20M -php_admin_value[post_max_size] = 20M +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +php_admin_value[opcache.file_cache] = /usr/share/nginx/html/.lemper/tmp/php_opcache + +; Configuration below can be overwritten from PHP call 'ini_set'. +php_flag[short_open_tag] = off +php_value[max_execution_time] = 300 +php_value[max_input_time] = 60 +php_value[memory_limit] = 128M +php_value[post_max_size] = 50M +php_flag[file_uploads] = on +php_value[upload_max_filesize] = 50M +php_value[max_file_uploads] = 20 +php_value[default_socket_timeout] = 60 +php_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT +php_flag[display_errors] = on +php_flag[cgi.fix_pathinfo] = 1 +php_value[date.timezone] = UTC +php_value[session.save_path] = /usr/share/nginx/html/.lemper/tmp/php_sessions diff --git a/etc/php/8.1/fpm/pool.d/lemper.conf b/etc/php/8.1/fpm/pool.d/lemper.conf index 131d01d1..f5bd373a 100644 --- a/etc/php/8.1/fpm/pool.d/lemper.conf +++ b/etc/php/8.1/fpm/pool.d/lemper.conf @@ -5,16 +5,16 @@ group = lemper listen = /run/php/php8.1-fpm.$pool.sock listen.owner = lemper listen.group = lemper -listen.mode = 0666 +listen.mode = 0660 ;listen.allowed_clients = 127.1.0.1 -; Custom PHP-FPM optimization -; adjust here to meet your needs. +; Custom PHP-FPM optimization, adjust here to meet your specs. +; Default value here is optimized for a single CPU with at least 1GB RAM. pm = dynamic -pm.max_children = 5 -pm.start_servers = 2 -pm.min_spare_servers = 1 -pm.max_spare_servers = 3 +pm.max_children = 30 +pm.start_servers = 5 +pm.min_spare_servers = 5 +pm.max_spare_servers = 20 pm.process_idle_timeout = 30s pm.max_requests = 500 @@ -32,20 +32,29 @@ chdir = /home/lemper security.limit_extensions = .php .php8 .php81 -; Custom PHP ini settings. -php_flag[display_errors] = On -;php_admin_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT +; Custom PHP ini settings for LEMPer Stack. +php_admin_value[open_basedir] = /home/lemper ;php_admin_value[disable_functions] = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,passthru,popen,proc_open,shell_exec,system -php_admin_flag[log_errors] = On -;php_admin_value[error_log] = /var/log/php/php8.1-fpm.$pool.log +;php_admin_value[disable_classes] = +php_admin_flag[log_errors] = on php_admin_value[error_log] = /home/lemper/logs/php/php8.1-fpm.log -php_admin_value[date.timezone] = UTC -php_admin_value[memory_limit] = 128M -php_admin_value[opcache.file_cache] = /home/lemper/.lemper/php/opcache -php_admin_value[open_basedir] = /home/lemper -php_admin_value[session.save_path] = /home/lemper/.lemper/php/sessions php_admin_value[sys_temp_dir] = /home/lemper/.lemper/tmp php_admin_value[upload_tmp_dir] = /home/lemper/.lemper/tmp -php_admin_value[upload_max_filesize] = 20M -php_admin_value[post_max_size] = 20M -;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f you@yourmail.com +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +php_admin_value[opcache.file_cache] = /home/lemper/.lemper/tmp/php_opcache + +; Configuration below can be overwritten from PHP call 'ini_set'. +php_flag[short_open_tag] = off +php_value[max_execution_time] = 300 +php_value[max_input_time] = 60 +php_value[memory_limit] = 128M +php_value[post_max_size] = 50M +php_flag[file_uploads] = on +php_value[upload_max_filesize] = 50M +php_value[max_file_uploads] = 20 +php_value[default_socket_timeout] = 60 +php_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT +php_flag[display_errors] = on +php_flag[cgi.fix_pathinfo] = 1 +php_value[date.timezone] = UTC +php_value[session.save_path] = /home/lemper/.lemper/tmp/php_sessions diff --git a/etc/php/8.1/fpm/pool.d/www.conf b/etc/php/8.1/fpm/pool.d/www.conf index d3803b9e..8240fb83 100644 --- a/etc/php/8.1/fpm/pool.d/www.conf +++ b/etc/php/8.1/fpm/pool.d/www.conf @@ -429,18 +429,30 @@ security.limit_extensions = .php .php8 .php81 ; Default Value: nothing is defined by default except the values in php.ini and ; specified at startup with the -d argument -;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com -php_flag[display_errors] = On -;php_admin_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT + +; Custom PHP ini settings for LEMPer Stack. +php_admin_value[open_basedir] = /usr/share/nginx/html ;php_admin_value[disable_functions] = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,passthru,popen,proc_open,shell_exec,system -php_admin_flag[log_errors] = On +;php_admin_value[disable_classes] = +php_admin_flag[log_errors] = on php_admin_value[error_log] = /var/log/php/php8.1-fpm.$pool.log -php_admin_value[date.timezone] = UTC -php_admin_value[memory_limit] = 128M -php_admin_value[opcache.file_cache] = /usr/share/nginx/html/.lemper/php/opcache -php_admin_value[open_basedir] = /usr/share/nginx/html -php_admin_value[session.save_path] = /usr/share/nginx/html/.lemper/php/sessions php_admin_value[sys_temp_dir] = /usr/share/nginx/html/.lemper/tmp php_admin_value[upload_tmp_dir] = /usr/share/nginx/html/.lemper/tmp -php_admin_value[upload_max_filesize] = 20M -php_admin_value[post_max_size] = 20M +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +php_admin_value[opcache.file_cache] = /usr/share/nginx/html/.lemper/tmp/php_opcache + +; Configuration below can be overwritten from PHP call 'ini_set'. +php_flag[short_open_tag] = off +php_value[max_execution_time] = 300 +php_value[max_input_time] = 60 +php_value[memory_limit] = 128M +php_value[post_max_size] = 50M +php_flag[file_uploads] = on +php_value[upload_max_filesize] = 50M +php_value[max_file_uploads] = 20 +php_value[default_socket_timeout] = 60 +php_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT +php_flag[display_errors] = on +php_flag[cgi.fix_pathinfo] = 1 +php_value[date.timezone] = UTC +php_value[session.save_path] = /usr/share/nginx/html/.lemper/tmp/php_sessions diff --git a/etc/systemd/mariadb.service b/etc/systemd/mariadb.service index d6f6ddc5..6e03ee48 100644 --- a/etc/systemd/mariadb.service +++ b/etc/systemd/mariadb.service @@ -19,7 +19,7 @@ # (at your option) any later version. [Unit] -Description=MariaDB 10 database server +Description=MariaDB 10 database server installed using LEMPer Stack Documentation=man:mysqld(8) Documentation=https://mariadb.com/kb/en/library/systemd/ After=network.target diff --git a/etc/systemd/memcached.service b/etc/systemd/memcached.service index 7d80256d..e6246480 100644 --- a/etc/systemd/memcached.service +++ b/etc/systemd/memcached.service @@ -10,7 +10,7 @@ [Unit] -Description=memcached daemon +Description=Memcached daemon installed using LEMPer Stack After=network.target Documentation=man:memcached(1) diff --git a/etc/systemd/memcached@.service b/etc/systemd/memcached@.service index 9e43fb45..afa553a4 100644 --- a/etc/systemd/memcached@.service +++ b/etc/systemd/memcached@.service @@ -9,7 +9,7 @@ # Environment=OPTIONS="-l 127.0.0.1,::1" [Unit] -Description=memcached daemon for %i +Description=Memcached daemon for %i installed using LEMPer Stack After=network.target Documentation=man:memcached(1) diff --git a/etc/systemd/nginx.service b/etc/systemd/nginx.service index 334c2d6f..65c502d6 100644 --- a/etc/systemd/nginx.service +++ b/etc/systemd/nginx.service @@ -11,7 +11,7 @@ # http://nginx.org/en/docs/control.html # [Unit] -Description=A high performance web server and a reverse proxy server installed using LEMPer +Description=A high performance web server and a reverse proxy server installed using LEMPer Stack Documentation=man:nginx(8) After=syslog.target network.target remote-fs.target nss-lookup.target diff --git a/etc/systemd/redis-server.service b/etc/systemd/redis-server.service index 5f5945a2..95f2d5b3 100644 --- a/etc/systemd/redis-server.service +++ b/etc/systemd/redis-server.service @@ -1,5 +1,5 @@ [Unit] -Description=Advanced key-value store +Description=Advanced key-value store installed using LEMPer Stack After=network.target Documentation=http://redis.io/documentation, man:redis-server(1) diff --git a/etc/systemd/vsftpd.service b/etc/systemd/vsftpd.service index e37d7a43..006a1339 100644 --- a/etc/systemd/vsftpd.service +++ b/etc/systemd/vsftpd.service @@ -1,5 +1,5 @@ [Unit] -Description=vsftpd FTP server +Description=Very secure FTP server installed using LEMPer Stack After=network.target [Service] diff --git a/install.sh b/install.sh index 127fd2f9..5311899d 100755 --- a/install.sh +++ b/install.sh @@ -3,12 +3,12 @@ # +-------------------------------------------------------------------------+ # | LEMPer is a simple LEMP stack installer for Debian/Ubuntu Linux | # |-------------------------------------------------------------------------+ -# | Min requirement : GNU/Linux Debian 8, Ubuntu 16.04 or Linux Mint 17 | -# | Last Update : 18/12/2021 | +# | Min requirement : GNU/Linux Debian 8, Ubuntu 18.04 or Linux Mint 17 | +# | Last Update : 13/02/2022 | # | Author : MasEDI.Net (me@masedi.net) | # | Version : 2.x.x | # +-------------------------------------------------------------------------+ -# | Copyright (c) 2014-2021 MasEDI.Net (https://masedi.net/lemper) | +# | Copyright (c) 2014-2022 MasEDI.Net (https://masedi.net/lemper) | # +-------------------------------------------------------------------------+ # | This source file is subject to the GNU General Public License | # | that is bundled with this package in the file LICENSE.md. | @@ -20,8 +20,9 @@ # | Authors: Edi Septriyanto | # +-------------------------------------------------------------------------+ -# Work even if somebody does "bash lemper.sh". -set -e +# Work even if somebody does "bash install.sh". +#set -exv -o pipefail # For verbose output. +set -e -o pipefail # Try to re-export global path. export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" @@ -41,22 +42,19 @@ requires_root "$@" # Make sure only supported distribution can run this installer script. preflight_system_check - ## # Main LEMPer Installer # header_msg -echo "Starting LEMP stack installation..." +echo "Starting LEMPer Stack installation..." echo "Please ensure that you're on a fresh install!" -if ! "${AUTO_INSTALL}"; then +if [[ "${AUTO_INSTALL}" != true ]]; then echo "" read -t 60 -rp "Press [Enter] to continue..." | +# +-------------------------------------------------------------------------+ + +PROG_NAME=$(basename "$0") + +# Make sure only root can run this installer script. +if [[ "$(id -u)" -ne 0 ]]; then + if ! hash sudo 2>/dev/null; then + echo "Installer script must be run as 'root' or with sudo." + exit 1 + else + sudo -E "$0" "$@" + exit 0 + fi +fi + +# Try to re-export global path. +export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + +# Get installer base directory. +export BASE_DIR && \ +BASE_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd ) + +## +# Main LEMPer Installer +## +function lemper_install() { + echo "Starting LEMPer Stack installation..." + echo "Please ensure that you're on a fresh install!" + echo -e "\nPress [Ctrl+C] to abort the installation process." + + sleep 3 + + if [[ "${AUTO_INSTALL}" != true ]]; then + echo "" + read -t 60 -rp "Press [Enter] to continue..." +# +# COMMANDS: +# install +# uninstall | remove +# +# OPTIONS: +# --with-mysql-server : Install MySQL Server (MySQL or MariaDB) with specific version. +## +function init_lemper_install() { + START_TIME=$(date +%s) + + if [[ ! -f .env.dist ]]; then + echo "${PROG_NAME}: .env.dist file not found." + exit 1 + fi + + if [[ -f .env ]]; then + cp .env .env.bak + else + cp .env.dist .env + fi + + # Default args. + DEBUG_MODE=false + DRYRUN=false + + # Sub command. + CMD=${1} + shift + + # Options. + OPTS=$(getopt -o h:i:dgpDBF \ + -l debug,development,dry-run,fix-broken-install,force,guided,hostname:,ipv4:,production,unattended \ + -l with-nginx:,with-nginx-installer:,with-php:,with-php-extensions:,with-php-loader: \ + -l with-mysql-server:,with-memcached:,with-memcached-installer:,with-mongodb:,with-mongodb-admin: \ + -l with-redis:,with-redis-installer:,with-redis-requirepass:,with-ftp-server: \ + -n "${PROG_NAME}" -- "$@") + + eval set -- "${OPTS}" + + while true; do + case "${1}" in + # Usage: --with-nginx + --with-nginx) + exit_if_optarg_is_empty "${1}" "${2}" + shift + NGINX_VERSION=${1} + sed -i "s/INSTALL_NGINX=[a-zA-Z]*/INSTALL_NGINX=true/g" .env + sed -i "s/NGINX_VERSION=\"[0-9a-zA-Z.\ ]*\"/NGINX_VERSION=\"${NGINX_VERSION}\"/g" .env + shift + ;; + # Usage: --with-nginx-installer + --with-nginx-installer) + exit_if_optarg_is_empty "${1}" "${2}" + shift + NGINX_INSTALLER=${1} + case "${NGINX_INSTALLER}" in + source) + sed -i "s/NGINX_INSTALLER=\"[a-zA-Z.\ ]*\"/NGINX_INSTALLER=\"source\"/g" .env + ;; + *) + sed -i "s/NGINX_INSTALLER=\"[a-zA-Z]*\"/NGINX_INSTALLER=\"repo\"/g" .env + ;; + esac + shift + ;; + --with-nginx-pagespeed) + sed -i "s/NGX_PAGESPEED=[a-zA-Z]*/NGX_PAGESPEED=true/g" .env + shift + ;; + # Usage: --with-php + --with-php) + exit_if_optarg_is_empty "${1}" "${2}" + shift + PHP_VERSIONS=${1} + sed -i "s/INSTALL_PHP=[a-zA-Z]*/INSTALL_PHP=true/g" .env + sed -i "s/PHP_VERSIONS=\"[0-9.\ ]*\"/PHP_VERSIONS=\"${PHP_VERSIONS}\"/g" .env + shift + ;; + # Usage: --with-php-extensions= + --with-php-extensions) + exit_if_optarg_is_empty "${1}" "${2}" + shift + PHP_EXTENSIONS=$( echo "${1}" | tr '[:upper:]' '[:lower:]' ) + sed -i "s/PHP_EXTENSIONS=\"[a-zA-Z,\ ]*\"/PHP_EXTENSIONS=\"${PHP_EXTENSIONS}\"/g" .env + shift + ;; + # Usage: --with-php-loader + --with-php-loader) + exit_if_optarg_is_empty "${1}" "${2}" + shift + sed -i "s/INSTALL_PHP_LOADER=[a-zA-Z]*/INSTALL_PHP_LOADER=true/g" .env + PHP_LOADER=$( echo "${1}" | tr '[:upper:]' '[:lower:]' ) + case "${PHP_LOADER}" in + sg | sourceguardian) + sed -i "s/PHP_LOADER=\"[a-zA-Z]*\"/PHP_LOADER=\"sourceguardian\"/g" .env + ;; + ic | ioncube) + sed -i "s/PHP_LOADER=\"[a-zA-Z]*\"/PHP_LOADER=\"ioncube\"/g" .env + ;; + *) + echo "Selected PHP Loader: ${PHP_LOADER} is not supported." + sed -i "s/INSTALL_PHP_LOADER=[a-zA-Z]*/INSTALL_PHP_LOADER=false/g" .env + ;; + esac + shift + ;; + # Usage: --with-mysql-server + --with-mysql-server) + exit_if_optarg_is_empty "${1}" "${2}" + shift + sed -i "s/INSTALL_MYSQL=[a-zA-Z]*/INSTALL_MYSQL=true/g" .env + MYSQL_SERVER=$( echo "${1}" | tr '[:upper:]' '[:lower:]' ) + # Reserve default IFS + _IFS=${IFS} + IFS='-' read -r -a _MYSQL_SERVER <<< "${MYSQL_SERVER}" + MYSQL_SERVER_NAME="${_MYSQL_SERVER[0]}" + MYSQL_SERVER_VER="${_MYSQL_SERVER[1]}" + # Restore default IFS + IFS=${_IFS} + case "${MYSQL_SERVER_NAME}" in + mysql | mysql-server) + sed -i "s/MYSQL_SERVER=\"[a-zA-Z]*\"/MYSQL_SERVER=\"mysql\"/g" .env + ;; + mariadb) + sed -i "s/MYSQL_SERVER=\"[a-zA-Z]*\"/MYSQL_SERVER=\"mariadb\"/g" .env + ;; + *) + echo "Selected MySQL Server: ${MYSQL_SERVER} is not supported, fallback to MariaDB Server." + sed -i "s/MYSQL_SERVER=\"[a-zA-Z]*\"/MYSQL_SERVER=\"mariadb\"/g" .env + ;; + esac + if [ -n "${MYSQL_SERVER_VER}" ]; then + sed -i "s/MYSQL_VERSION=\"[0-9.\ ]*\"/MYSQL_VERSION=\"${MYSQL_SERVER_VER}\"/g" .env + fi + shift + ;; + # Usage: --with-memcached + --with-memcached) + exit_if_optarg_is_empty "${1}" "${2}" + shift + MEMCACHED_VERSION=${1} + sed -i "s/INSTALL_MEMCACHED=[a-zA-Z]*/INSTALL_MEMCACHED=true/g" .env + sed -i "s/MEMCACHED_VERSION=\"[0-9a-zA-Z.\ ]*\"/MEMCACHED_VERSION=\"${MEMCACHED_VERSION}\"/g" .env + shift + ;; + # Usage: --with-memcached-installer + --with-memcached-installer) + exit_if_optarg_is_empty "${1}" "${2}" + shift + MEMCACHED_INSTALLER=${1} + case "${MEMCACHED_INSTALLER}" in + source) + sed -i "s/MEMCACHED_INSTALLER=\"[a-zA-Z.\ ]*\"/MEMCACHED_INSTALLER=\"source\"/g" .env + ;; + *) + sed -i "s/MEMCACHED_INSTALLER=\"[a-zA-Z]*\"/MEMCACHED_INSTALLER=\"repo\"/g" .env + ;; + esac + shift + ;; + # Usage: --with-mongodb + --with-mongodb) + exit_if_optarg_is_empty "${1}" "${2}" + shift + MONGODB_VERSION=${1} + sed -i "s/INSTALL_MONGODB=[a-zA-Z]*/INSTALL_MONGODB=true/g" .env + sed -i "s/MONGODB_VERSION=\"[0-9a-zA-Z.\ ]*\"/MONGODB_VERSION=\"${MONGODB_VERSION}\"/g" .env + shift + ;; + # Usage: --with-mongodb-admin + --with-mongodb-admin) + exit_if_optarg_is_empty "${1}" "${2}" + shift + MONGODB_ADMIN="${1}" + # Reserve default IFS + _IFS=${IFS} + IFS=':' read -r -a MONGODB_ADMIN_AUTH <<< "${MONGODB_ADMIN}" + MONGODB_ADMIN_USER="${MONGODB_ADMIN_AUTH[0]}" + MONGODB_ADMIN_PASS="${MONGODB_ADMIN_AUTH[1]}" + # Restore default IFS + IFS=${_IFS} + sed -i "s/MONGODB_ADMIN_USER=\"[0-9a-zA-Z._-\ ]*\"/MONGODB_ADMIN_USER=\"${MONGODB_ADMIN_USER}\"/g" .env + sed -i "s/MONGODB_ADMIN_PASSWORD=\"[0-9a-zA-Z._-\ ]*\"/MONGODB_ADMIN_PASSWORD=\"${MONGODB_ADMIN_PASS}\"/g" .env + shift + ;; + # Usage: --with-redis + --with-redis) + exit_if_optarg_is_empty "${1}" "${2}" + shift + REDIS_VERSION=${1} + if [ -z "${REDIS_VERSION}" ]; then REDIS_VERSION="stable"; fi + sed -i "s/INSTALL_REDIS=[a-zA-Z]*/INSTALL_REDIS=true/g" .env + sed -i "s/REDIS_VERSION=\"[0-9a-zA-Z._-\ ]*\"/REDIS_VERSION=\"${REDIS_VERSION}\"/g" .env + shift + ;; + # Usage: --with-redis-installer + --with-redis-installer) + exit_if_optarg_is_empty "${1}" "${2}" + shift + REDIS_INSTALLER=${1} + case "${REDIS_INSTALLER}" in + source) + sed -i "s/REDIS_INSTALLER=\"[a-zA-Z.\ ]*\"/REDIS_INSTALLER=\"source\"/g" .env + ;; + *) + sed -i "s/REDIS_INSTALLER=\"[a-zA-Z]*\"/REDIS_INSTALLER=\"repo\"/g" .env + ;; + esac + shift + ;; + # Usage: --with-redis-requirepass + --with-redis-requirepass) + exit_if_optarg_is_empty "${1}" "${2}" + shift + REDIS_PASSWORD=${1} + sed -i "s/REDIS_REQUIRE_PASSWORD=[a-zA-Z]*/REDIS_REQUIRE_PASSWORD=true/g" .env + sed -i "s/REDIS_PASSWORD=\"[0-9a-zA-Z._-\ ]*\"/REDIS_PASSWORD=\"${REDIS_PASSWORD}\"/g" .env + shift + ;; + --with-ssh-port) + exit_if_optarg_is_empty "${1}" "${2}" + shift + SSH_PORT=${1} + if [[ ${SSH_PORT} =~ ^[0-9]+$ ]]; then + sed -i "s/SSH_PORT=[0-9]*/SSH_PORT=${SSH_PORT}/g" .env + else + sed -i "s/SSH_PORT=[0-9]*/SSH_PORT=2269/g" .env + fi + shift + ;; + --with-ssh-passwordless) + sed -i "s/SSH_ROOT_LOGIN=[a-zA-Z]*/SSH_ROOT_LOGIN=false/g" .env + sed -i "s/SSH_PASSWORDLESS=[a-zA-Z]*/SSH_PASSWORDLESS=true/g" .env + shift + ;; + -B | --fix-broken-install) + sed -i "s/FIX_BROKEN_INSTALL=[a-zA-Z]*/FIX_BROKEN_INSTALL=true/g" .env + shift + ;; + -d | --development) + sed -i "s/ENVIRONMENT=\"[a-zA-Z]*\"/ENVIRONMENT=\"development\"/g" .env + shift + ;; + -D | --debug) + DEBUG_MODE=true + shift + ;; + --dry-run) + DRYRUN=true + sed -i "s/DRYRUN=[a-zA-Z]*/DRYRUN=true/g" .env + shift + ;; + -F | --force) + sed -i "s/FORCE_INSTALL=[a-zA-Z]*/FORCE_INSTALL=true/g" .env + sed -i "s/FORCE_REMOVE=[a-zA-Z]*/FORCE_REMOVE=true/g" .env + shift + ;; + -g | --guided | --unattended) + sed -i "s/AUTO_INSTALL=[a-zA-Z]*/AUTO_INSTALL=false/g" .env + sed -i "s/AUTO_REMOVE=[a-zA-Z]*/AUTO_REMOVE=false/g" .env + shift + ;; + -h | --hostname) + exit_if_optarg_is_empty "${1}" "${2}" + shift + SERVER_HOSTNAME=${1} + sed -i "s/SERVER_HOSTNAME=\"[a-zA-Z0-9._-]*\"/SERVER_HOSTNAME=\"${SERVER_HOSTNAME}\"/g" .env + shift + ;; + -i | --ipv4) + exit_if_optarg_is_empty "${1}" "${2}" + shift + SERVER_IP=${1} + sed -i "s/SERVER_IP=\"[0-9.]*\"/SERVER_IP=\"${SERVER_IP}\"/g" .env + shift + ;; + -p | --production) + sed -i "s/ENVIRONMENT=\"[a-zA-Z]*\"/ENVIRONMENT=\"production\"/g" .env + shift + ;; + --) + shift + break + ;; + *) + echo "${PROG_NAME}: '${1}' is not valid argument" + echo "See '${PROG_NAME} --help' for more information" + exit 1 + ;; + esac + done + + # Set debug mode. + set_debug_mode "${DEBUG_MODE}" + set_dryrun_mode "${DRYRUN}" + + # Include helper functions. + if [[ "$(type -t run)" != "function" ]]; then + . "${BASE_DIR}/scripts/helper.sh" + fi + + # Make sure only supported distribution can run this installer script. + preflight_system_check + + # Go action. + case "${CMD}" in + --install | install) + #./install.sh + header_msg + lemper_install + final_time_result "${START_TIME}" + footer_msg + exit 0 + ;; + --uninstall | --remove | uninstall | remove) + #./remove.sh + header_msg + lemper_remove + final_time_result "${START_TIME}" + footer_msg + exit 0 + ;; + -h | --help | help) + echo "For more help please visit https://github.com/joglomedia/LEMPer" + exit 0 + ;; + *) + echo "${PROG_NAME}: '${CMD}' is not ${PROG_NAME} command" + echo "See '${PROG_NAME} --help' for more information" + exit 1 + ;; + esac +} + +# Start running things from a call at the end so if this script is executed +# after a partial download it doesn't do anything. +init_lemper_install "$@" diff --git a/lib/lemper-adduser.sh b/lib/lemper-adduser.sh index a923e844..84820b70 100755 --- a/lib/lemper-adduser.sh +++ b/lib/lemper-adduser.sh @@ -3,7 +3,7 @@ # +-------------------------------------------------------------------------+ # | Lemper Create - Simple LEMP Virtual Host Creator | # +-------------------------------------------------------------------------+ -# | Copyright (c) 2014-2021 MasEDI.Net (https://masedi.net/lemper) | +# | Copyright (c) 2014-2022 MasEDI.Net (https://masedi.net/lemper) | # +-------------------------------------------------------------------------+ # | This source file is subject to the GNU General Public License | # | that is bundled with this package in the file LICENSE.md. | @@ -15,8 +15,6 @@ # | Authors: Edi Septriyanto | # +-------------------------------------------------------------------------+ -set -e - # Version control. #PROG_NAME=$(basename "$0") #PROG_VER="2.x.x" diff --git a/lib/lemper-create.sh b/lib/lemper-create.sh index ff3b3e15..44267077 100755 --- a/lib/lemper-create.sh +++ b/lib/lemper-create.sh @@ -3,7 +3,7 @@ # +-------------------------------------------------------------------------+ # | Lemper Create - Simple LEMP Virtual Host Creator | # +-------------------------------------------------------------------------+ -# | Copyright (c) 2014-2021 MasEDI.Net (https://masedi.net/lemper) | +# | Copyright (c) 2014-2022 MasEDI.Net (https://masedi.net/lemper) | # +-------------------------------------------------------------------------+ # | This source file is subject to the GNU General Public License | # | that is bundled with this package in the file LICENSE.md. | @@ -15,8 +15,6 @@ # | Authors: Edi Septriyanto | # +-------------------------------------------------------------------------+ -set -e - # Version control. PROG_NAME=$(basename "$0") PROG_VER="2.x.x" @@ -55,7 +53,7 @@ fi function show_usage { cat <<- EOL ${CMD_PARENT} ${CMD_NAME} ${PROG_VER} -Creates NGiNX virtual host (vHost) configuration file. +Creates Nginx virtual host (vHost) configuration file. Requirements: * LEMP stack setup uses [LEMPer](https://github.com/joglomedia/LEMPer) @@ -94,7 +92,7 @@ Options: -s, --enable-ssl Enable HTTPS with Let's Encrypt free SSL certificate. -P, --enable-pagespeed - Enable NGiNX mod_pagespeed. + Enable Nginx mod_pagespeed. -W, --wildcard-domain Enable wildcard (*) domain. @@ -141,10 +139,10 @@ server { index index.php index.html index.htm; # Enable Compression. - # gzip (default) or brotli (requires NGiNX installed with brotli module). + # gzip (default) or brotli (requires Nginx installed with brotli module). #include /etc/nginx/includes/compression_gzip.conf; - ## Uncomment to enable Mod PageSpeed (NGiNX must be installed with mod PageSpeed). + ## Uncomment to enable Mod PageSpeed (Nginx must be installed with mod PageSpeed). #include /etc/nginx/includes/mod_pagespeed.conf; # Authorizing domain. @@ -260,10 +258,10 @@ server { index index.php index.html index.htm; # Enable Compression. - # gzip (default) or brotli (requires NGiNX installed with brotli module). + # gzip (default) or brotli (requires Nginx installed with brotli module). #include /etc/nginx/includes/compression_gzip.conf; - ## Uncomment to enable Mod PageSpeed (NGiNX must be installed with mod PageSpeed). + ## Uncomment to enable Mod PageSpeed (Nginx must be installed with mod PageSpeed). #include /etc/nginx/includes/mod_pagespeed.conf; # Authorizing domain. @@ -373,10 +371,10 @@ server { index index.php index.html index.htm; # Enable Compression. - # gzip (default) or brotli (requires NGiNX installed with brotli module). + # gzip (default) or brotli (requires Nginx installed with brotli module). #include /etc/nginx/includes/compression_gzip.conf; - ## Uncomment to enable Mod PageSpeed (NGiNX must be installed with mod PageSpeed). + ## Uncomment to enable Mod PageSpeed (Nginx must be installed with mod PageSpeed). #include /etc/nginx/includes/mod_pagespeed.conf; # Authorizing domain. @@ -487,10 +485,10 @@ server { index index.php index.html index.htm; # Enable Compression. - # gzip (default) or brotli (requires NGiNX installed with brotli module). + # gzip (default) or brotli (requires Nginx installed with brotli module). #include /etc/nginx/includes/compression_gzip.conf; - ## Uncomment to enable Mod PageSpeed (NGiNX must be installed with mod PageSpeed). + ## Uncomment to enable Mod PageSpeed (Nginx must be installed with mod PageSpeed). #include /etc/nginx/includes/mod_pagespeed.conf; # Authorizing domain. @@ -580,7 +578,7 @@ EOL # function prepare_vhost_wpms() { cat <<- EOL -# Wordpress Multisite Mapping for NGiNX (Requires NGiNX Helper plugin). +# Wordpress Multisite Mapping for Nginx (Requires Nginx Helper plugin). map \$http_host \$blogid { default 0; include ${WEBROOT}/wp-content/uploads/nginx-helper/[map].conf; @@ -672,57 +670,70 @@ EOL # To be outputted into new pool file in fpm/pool.d. # function create_fpm_pool_conf() { + local POOLNAME="${1}" + local PHPv="${2}" + cat <<- EOL -[${USERNAME}] -user = ${USERNAME} -group = ${USERNAME} - -listen = /run/php/php${PHP_VERSION}-fpm.\$pool.sock -listen.owner = ${USERNAME} -listen.group = ${USERNAME} -listen.mode = 0666 -;listen.allowed_clients = 127.0.0.1 - -; Custom PHP-FPM optimization here -; adjust to meet your needs. +[${POOLNAME}] +user = ${POOLNAME} +group = ${POOLNAME} + +listen = /run/php/php${PHPv}-fpm.\$pool.sock +listen.owner = ${POOLNAME} +listen.group = ${POOLNAME} +listen.mode = 0660 +;listen.allowed_clients = 127.1.0.1 + +; Custom PHP-FPM optimization, adjust here to meet your specs. +; Default value here is optimized for a single CPU with at least 1GB RAM. pm = dynamic -pm.max_children = 5 -pm.start_servers = 2 -pm.min_spare_servers = 1 -pm.max_spare_servers = 3 +pm.max_children = 30 +pm.start_servers = 5 +pm.min_spare_servers = 5 +pm.max_spare_servers = 20 pm.process_idle_timeout = 30s pm.max_requests = 500 -; PHP-FPM monitoring pm.status_path = /status ping.path = /ping -slowlog = /home/${USERNAME}/logs/php/php${PHP_VERSION}-fpm_slow.log -request_slowlog_timeout = 5s +slowlog = /home/${POOLNAME}/logs/php/php${PHPv}-fpm_slow.log +request_slowlog_timeout = 10s -chdir = /home/${USERNAME} +;chroot = /home/${POOLNAME} +chdir = /home/${POOLNAME} ;catch_workers_output = yes ;decorate_workers_output = no -security.limit_extensions = .php .php${PHP_VERSION//./} +security.limit_extensions = .php .php5 .php7 .php${PHPv//./} -; Custom PHP ini settings. -php_flag[display_errors] = On -;php_admin_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT & ~E_WARNING & ~E_NOTICE +; Custom PHP ini settings for LEMPer Stack. +php_admin_value[open_basedir] = /home/${POOLNAME} ;php_admin_value[disable_functions] = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,passthru,popen,proc_open,shell_exec,system -php_admin_flag[log_errors] = On -php_admin_value[error_log] = /home/${USERNAME}/logs/php/php${PHP_VERSION}-fpm.log -php_admin_value[date.timezone] = ${TIMEZONE} -php_admin_value[memory_limit] = 128M -php_admin_value[opcache.file_cache] = /home/${USERNAME}/.lemper/php/opcache -php_admin_value[open_basedir] = /home/${USERNAME} -php_admin_value[session.save_path] = /home/${USERNAME}/.lemper/php/sessions -php_admin_value[sys_temp_dir] = /home/${USERNAME}/.lemper/tmp -php_admin_value[upload_tmp_dir] = /home/${USERNAME}/.lemper/tmp -php_admin_value[upload_max_filesize] = 20M -php_admin_value[post_max_size] = 20M -;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f you@yourmail.com +;php_admin_value[disable_classes] = +php_admin_flag[log_errors] = on +php_admin_value[error_log] = /home/${POOLNAME}/logs/php/php${PHPv}-fpm.log +php_admin_value[sys_temp_dir] = /home/${POOLNAME}/.lemper/tmp +php_admin_value[upload_tmp_dir] = /home/${POOLNAME}/.lemper/tmp +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +php_admin_value[opcache.file_cache] = /home/${POOLNAME}/.lemper/tmp/php_opcache + +; Configuration below can be overwritten from PHP call 'ini_set'. +php_flag[short_open_tag] = off +php_value[max_execution_time] = 300 +php_value[max_input_time] = 60 +php_value[memory_limit] = 128M +php_value[post_max_size] = 50M +php_flag[file_uploads] = on +php_value[upload_max_filesize] = 50M +php_value[max_file_uploads] = 20 +php_value[default_socket_timeout] = 60 +php_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT +php_flag[display_errors] = on +php_flag[cgi.fix_pathinfo] = 1 +php_value[date.timezone] = UTC +php_value[session.save_path] = /home/${POOLNAME}/.lemper/tmp/php_sessions EOL } @@ -730,17 +741,18 @@ EOL # Get server IP Address. # function get_ip_addr() { - local IP_INTERNAL && \ - IP_INTERNAL=$(ip addr | grep 'inet' | grep -v inet6 | \ + local SERVER_IP_PRIVATE && \ + SERVER_IP_PRIVATE=$(ip addr | grep 'inet' | grep -v inet6 | \ grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | \ grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1) - local IP_EXTERNAL && \ - IP_EXTERNAL=$(curl -s https://ipecho.net/plain) + local SERVER_IP_PUBLIC && \ + SERVER_IP_PUBLIC=$(curl -s http://ipecho.net/plain) - if [[ "${IP_INTERNAL}" == "${IP_EXTERNAL}" ]]; then - echo "${IP_EXTERNAL}" + # Ugly hack to detect aws-lightsail public IP address. + if [[ "${SERVER_IP_PRIVATE}" == "${SERVER_IP_PUBLIC}" ]]; then + echo "${SERVER_IP_PRIVATE}" else - echo "${IP_INTERNAL}" + echo "${SERVER_IP_PUBLIC}" fi } @@ -995,7 +1007,7 @@ function init_lemper_create() { if [[ "${MAIN_ARGS}" -ge 1 ]]; then # Additional Check - ensure that Nginx's configuration meets the requirements. if [[ ! -d /etc/nginx/sites-available && ! -d /etc/nginx/vhost ]]; then - fail "It seems that your NGiNX installation doesn't meet LEMPer requirements. Aborting..." + fail "It seems that your Nginx installation doesn't meet LEMPer requirements. Aborting..." fi # Check domain parameter. @@ -1042,13 +1054,13 @@ function init_lemper_create() { echo "Creating new PHP-FPM pool '${USERNAME}' configuration..." # Create PHP FPM pool conf. - create_fpm_pool_conf > "/etc/php/${PHP_VERSION}/fpm/pool.d/${USERNAME}.conf" + create_fpm_pool_conf "${USERNAME}" "${PHP_VERSION}" > "/etc/php/${PHP_VERSION}/fpm/pool.d/${USERNAME}.conf" run touch "/var/log/php${PHP_VERSION}-fpm_slow.${USERNAME}.log" # Create default directories. run mkdir -p "/home/${USERNAME}/.lemper/tmp" - run mkdir -p "/home/${USERNAME}/.lemper/php/opcache" - run mkdir -p "/home/${USERNAME}/.lemper/php/sessions" + run mkdir -p "/home/${USERNAME}/.lemper/tmp/php_opcache" + run mkdir -p "/home/${USERNAME}/.lemper/tmp/php_sessions" run mkdir -p "/home/${USERNAME}/cgi-bin" run chown -hR "${USERNAME}:${USERNAME}" "/home/${USERNAME}/.lemper/" "/home/${USERNAME}/cgi-bin/" @@ -1388,7 +1400,7 @@ EOL # Enable sunrise. (insert new line before match) run sed -i "/\/*\ That/i define( 'SUNRISE', true );\n" "${WEBROOT}/wp-config.php" - # Pre-populate blog id mapping, used by NGiNX vhost config. + # Pre-populate blog id mapping, used by Nginx vhost config. if [[ ! -d "${WEBROOT}/wp-content/uploads/nginx-helper" ]]; then run mkdir -p "${WEBROOT}/wp-content/uploads/nginx-helper" fi @@ -1548,7 +1560,7 @@ EOL run sed -i "s|#pagespeed\ Disallow|pagespeed\ Disallow|g" "${VHOST_FILE}" run sed -i "s|#pagespeed\ Domain|pagespeed\ Domain|g" "${VHOST_FILE}" else - info "Mod PageSpeed is not enabled. NGiNX must be installed with PageSpeed module." + info "Mod PageSpeed is not enabled. Nginx must be installed with PageSpeed module." fi fi @@ -1599,18 +1611,18 @@ EOL fi # Reload Nginx - echo "Reloading NGiNX server configuration..." + echo "Reloading Nginx server configuration..." # Validate config, reload when validated. if nginx -t 2>/dev/null > /dev/null; then run systemctl reload nginx - echo "NGiNX server reloaded with new configuration." + echo "Nginx server reloaded with new configuration." else - info "Something went wrong with NGiNX configuration." + info "Something went wrong with Nginx configuration." fi if [[ -f "/etc/nginx/sites-enabled/${SERVERNAME}.conf" && -e /var/run/nginx.pid ]]; then - success "Your ${SERVERNAME} successfully added to NGiNX virtual host." + success "Your ${SERVERNAME} successfully added to Nginx virtual host." # Enable HTTPS. if [[ ${ENABLE_SSL} == true ]]; then @@ -1622,7 +1634,7 @@ EOL # WordPress MS notice. if [[ "${FRAMEWORK}" == "wordpress-ms" ]]; then echo "" - info -e "You're installing Wordpress Multisite.\nYou should activate NGiNX Helper plugin to work properly." + info -e "You're installing Wordpress Multisite.\nYou should activate Nginx Helper plugin to work properly." fi # Save app installation details. @@ -1647,7 +1659,7 @@ EOL if [[ ${DRYRUN} == true ]]; then info "Your ${SERVERNAME} successfully added in dry run mode." else - fail "An error occurred when adding ${SERVERNAME} to NGiNX virtual host." + fail "An error occurred when adding ${SERVERNAME} to Nginx virtual host." fi fi else diff --git a/lib/lemper-db.sh b/lib/lemper-db.sh index 838a213f..ee187bb8 100755 --- a/lib/lemper-db.sh +++ b/lib/lemper-db.sh @@ -3,7 +3,7 @@ # +-------------------------------------------------------------------------+ # | Lemper DB - Simple LEMP Database Manager | # +-------------------------------------------------------------------------+ -# | Copyright (c) 2014-2021 MasEDI.Net (https://masedi.net/lemper) | +# | Copyright (c) 2014-2022 MasEDI.Net (https://masedi.net/lemper) | # +-------------------------------------------------------------------------+ # | This source file is subject to the GNU General Public License | # | that is bundled with this package in the file LICENSE.md. | @@ -15,8 +15,6 @@ # | Authors: Edi Septriyanto | # +-------------------------------------------------------------------------+ -set -e - # Version control. PROG_NAME=$(basename "$0") PROG_VER="2.x.x" diff --git a/lib/lemper-manage.sh b/lib/lemper-manage.sh index 697088bc..ce5bffd8 100755 --- a/lib/lemper-manage.sh +++ b/lib/lemper-manage.sh @@ -3,7 +3,7 @@ # +-------------------------------------------------------------------------+ # | Lemper Manage - Simple LEMP Virtual Host Manager | # +-------------------------------------------------------------------------+ -# | Copyright (c) 2014-2021 MasEDI.Net (https://masedi.net/lemper) | +# | Copyright (c) 2014-2022 MasEDI.Net (https://masedi.net/lemper) | # +-------------------------------------------------------------------------+ # | This source file is subject to the GNU General Public License | # | that is bundled with this package in the file LICENSE.md. | @@ -15,8 +15,6 @@ # | Authors: Edi Septriyanto | # +-------------------------------------------------------------------------+ -set -e - # Version control. PROG_NAME=$(basename "$0") PROG_VER="2.x.x" @@ -40,8 +38,8 @@ fi function show_usage() { cat <<- EOL ${CMD_PARENT} ${CMD_NAME} ${PROG_VER} -Simple NGiNX virtual host (vHost) manager, -enable/disable/remove NGiNX vHost on Debian/Ubuntu Server. +Simple Nginx virtual host (vHost) manager, +enable/disable/remove Nginx vHost on Debian/Ubuntu Server. Requirements: * LEMP stack setup uses [LEMPer](https://github.com/joglomedia/LEMPer) @@ -388,7 +386,7 @@ function enable_mod_pagespeed() { # Reload Nginx. reload_nginx else - info "Mod PageSpeed is not enabled. NGiNX must be installed with PageSpeed module." + info "Mod PageSpeed is not enabled. Nginx must be installed with PageSpeed module." exit 1 fi } @@ -423,7 +421,7 @@ function disable_mod_pagespeed() { # Reload Nginx. reload_nginx else - info "Mod PageSpeed is not enabled. NGiNX must be installed with PageSpeed module." + info "Mod PageSpeed is not enabled. Nginx must be installed with PageSpeed module." exit 1 fi } @@ -639,8 +637,8 @@ function enable_brotli() { local DOMAIN=${1} verify_vhost "${DOMAIN}" - if [[ -f "/etc/nginx/sites-available/${DOMAIN}.conf" && -f /etc/nginx/modules-enabled/20-mod-http-brotli-static.conf ]]; then - echo "Enable NGiNX Brotli compression..." + if [[ -f "/etc/nginx/sites-available/${DOMAIN}.conf" && -f /etc/nginx/modules-enabled/30-mod-http-brotli-static.conf ]]; then + echo "Enable Nginx Brotli compression..." if grep -qwE "^\ include\ /etc/nginx/includes/compression_brotli.conf;" "/etc/nginx/sites-available/${DOMAIN}.conf"; then info "Brotli compression module already enabled." @@ -663,7 +661,7 @@ function enable_brotli() { reload_nginx else - error "Sorry, we can't find NGiNX and Brotli module config file" + error "Sorry, we can't find Nginx and Brotli module config file" echo "it should be located under /etc/nginx/ directory." exit 1 fi @@ -678,7 +676,7 @@ function enable_gzip() { verify_vhost "${DOMAIN}" if [[ -f "/etc/nginx/sites-available/${DOMAIN}.conf" && -f /etc/nginx/includes/compression_gzip.conf ]]; then - echo "Enable NGiNX Gzip compression..." + echo "Enable Nginx Gzip compression..." if grep -qwE "^\ include\ /etc/nginx/includes/compression_gzip.conf;" "/etc/nginx/sites-available/${DOMAIN}.conf"; then info "Gzip compression module already enabled." @@ -701,7 +699,7 @@ function enable_gzip() { reload_nginx else - error "Sorry, we can't find NGiNX config file" + error "Sorry, we can't find Nginx config file" echo "it should be located under /etc/nginx/ directory." exit 1 fi @@ -743,17 +741,17 @@ function verify_vhost() { fi if [[ ! -f "/etc/nginx/sites-available/${DOMAIN}.conf" ]]; then - error "Sorry, we couldn't find NGiNX virtual host: ${1}..." + error "Sorry, we couldn't find Nginx virtual host: ${1}..." exit 1 fi } ## -# Reload NGiNX safely. +# Reload Nginx safely. ## function reload_nginx() { # Reload Nginx - echo "Reloading NGiNX configuration..." + echo "Reloading Nginx configuration..." if [[ -e /var/run/nginx.pid ]]; then if nginx -t > /dev/null 2>&1; then @@ -763,7 +761,7 @@ function reload_nginx() { nginx -t exit 1 fi - # NGiNX service dead? Try to start it. + # Nginx service dead? Try to start it. else if [[ -n $(command -v nginx) ]]; then if nginx -t 2>/dev/null > /dev/null; then diff --git a/lib/lemper-site.sh b/lib/lemper-site.sh index 4c3363db..ae107961 100755 --- a/lib/lemper-site.sh +++ b/lib/lemper-site.sh @@ -3,7 +3,7 @@ # +-------------------------------------------------------------------------+ # | Lemper Site - Simple LEMPer Stack Site (vhost) Manager | # +-------------------------------------------------------------------------+ -# | Copyright (c) 2014-2021 MasEDI.Net (https://masedi.net/lemper) | +# | Copyright (c) 2014-2022 MasEDI.Net (https://masedi.net/lemper) | # +-------------------------------------------------------------------------+ # | This source file is subject to the GNU General Public License | # | that is bundled with this package in the file LICENSE.md. | @@ -15,8 +15,6 @@ # | Authors: Edi Septriyanto | # +-------------------------------------------------------------------------+ -set -e - # Make sure only root can access and not direct access. if [[ "$(type -t requires_root)" != "function" ]]; then echo "Direct access to this script is not permitted." @@ -75,15 +73,15 @@ function init_lemper_site() { . "${CLI_PLUGINS_DIR}/lemper-site-${CMD}" "$@" exit 0 else - echo "${CMD_PARENT} ${CMD_NAME}: '${CMD}' is not ${CMD_NAME} subcommand." - echo "See '${CMD_PARENT} ${CMD_NAME} --help' for more information." + echo "${CMD_PARENT} ${CMD_NAME}: '${CMD}' is not ${CMD_NAME} subcommand" + echo "See '${CMD_PARENT} ${CMD_NAME} --help' for more information" exit 1 fi ;; esac else - echo "${CMD_PARENT} ${CMD_NAME}: missing required arguments." - echo "See '${CMD_PARENT} ${CMD_NAME} --help' for more information." + echo "${CMD_PARENT} ${CMD_NAME}: missing required arguments" + echo "See '${CMD_PARENT} ${CMD_NAME} --help' for more information" exit 1 fi } diff --git a/remove.sh b/remove.sh index a93a6464..98f42f2b 100755 --- a/remove.sh +++ b/remove.sh @@ -3,12 +3,12 @@ # +-------------------------------------------------------------------------+ # | LEMPer is a simple LEMP stack installer for Debian/Ubuntu Linux | # |-------------------------------------------------------------------------+ -# | Min requirement : GNU/Linux Debian 8, Ubuntu 16.04 or Linux Mint 17 | -# | Last Update : 10/12/2021 | +# | Min requirement : GNU/Linux Debian 8, Ubuntu 18.04 or Linux Mint 17 | +# | Last Update : 13/02/2021 | # | Author : MasEDI.Net (me@masedi.net) | # | Version : 2.x.x | # +-------------------------------------------------------------------------+ -# | Copyright (c) 2014-2021 MasEDI.Net (https://masedi.net/lemper) | +# | Copyright (c) 2014-2022 MasEDI.Net (https://masedi.net/lemper) | # +-------------------------------------------------------------------------+ # | This source file is subject to the GNU General Public License | # | that is bundled with this package in the file LICENSE.md. | @@ -21,7 +21,8 @@ # +-------------------------------------------------------------------------+ # Work even if somebody does "bash remove.sh". -set -e +#set -exv -o pipefail # For verbose output. +set -e -o pipefail # Try to re-export global path. export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" @@ -41,7 +42,6 @@ requires_root "$@" # Make sure only supported distribution can run this installer script. preflight_system_check - ## # Main LEMPer Uninstaller # @@ -67,12 +67,6 @@ if [ -f ./scripts/remove_nginx.sh ]; then . ./scripts/remove_nginx.sh fi -### Remove PHP & FPM ### -if [ -f ./scripts/remove_php.sh ]; then - echo "" - . ./scripts/remove_php.sh -fi - ### Remove MySQL ### if [ -f ./scripts/remove_mariadb.sh ]; then echo "" @@ -80,9 +74,9 @@ if [ -f ./scripts/remove_mariadb.sh ]; then fi ### Remove PHP & FPM ### -if [ -f ./scripts/remove_memcached.sh ]; then +if [ -f ./scripts/remove_php.sh ]; then echo "" - . ./scripts/remove_memcached.sh + . ./scripts/remove_php.sh fi ### Remove Redis ### @@ -97,6 +91,12 @@ if [ -f ./scripts/remove_mongodb.sh ]; then . ./scripts/remove_mongodb.sh fi +### Remove PHP & FPM ### +if [ -f ./scripts/remove_memcached.sh ]; then + echo "" + . ./scripts/remove_memcached.sh +fi + ### Remove Certbot ### if [ -f ./scripts/remove_certbotle.sh ]; then echo "" @@ -172,11 +172,11 @@ run apt-get autoremove -qq -y && \ run apt-get autoclean -qq -y && \ run apt-get clean -qq -y -status -e "\nLEMP stack has been removed completely." +status -e "\nLEMPer Stack has been removed completely." warning -e "\nDid you know? that we're so sad to see you leave :'( -If you are not satisfied with LEMPer stack or have +If you are not satisfied with LEMPer Stack or have any other reasons to uninstall it, please let us know ^^ -Issues: https://github.com/joglomedia/LEMPer/issues" +Submit your issue here: https://github.com/joglomedia/LEMPer/issues" footer_msg diff --git a/scripts/cleanup_server.sh b/scripts/cleanup_server.sh index 32f5fdcc..6534bf6a 100755 --- a/scripts/cleanup_server.sh +++ b/scripts/cleanup_server.sh @@ -11,22 +11,15 @@ if [[ "$(type -t run)" != "function" ]]; then BASE_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd ) # shellcheck disable=SC1091 . "${BASE_DIR}/helper.sh" -fi -# Define scripts directory. -if grep -q "scripts" <<< "${BASE_DIR}"; then - SCRIPTS_DIR="${BASE_DIR}" -else - SCRIPTS_DIR="${BASE_DIR}/scripts" -fi + # Make sure only root can run this installer script. + requires_root "$@" -# Make sure only root can run this installer script. -requires_root "$@" - -# Make sure only supported distribution can run this installer script. -preflight_system_check + # Make sure only supported distribution can run this installer script. + preflight_system_check +fi -echo "Cleaning up server..." +echo "Cleaning up existing installation..." # Fix broken install, first? if [[ "${FIX_BROKEN_INSTALL}" == true ]]; then @@ -37,7 +30,7 @@ if [[ "${FIX_BROKEN_INSTALL}" == true ]]; then [ -f /var/cache/apt/archives/lock ] && run rm /var/cache/apt/archives/lock run dpkg --configure -a - run apt-get install -qq -y --fix-broken + run apt --fix-broken install -qq -y fi # Remove Apache2 service if exists. @@ -59,7 +52,6 @@ if [[ -n $(command -v apache2) || -n $(command -v httpd) ]]; then echo "Uninstall existing Apache/HTTPD server..." if [[ "${DRYRUN}" != true ]]; then - #run service apache2 stop run systemctl stop apache2 # shellcheck disable=SC2046 @@ -73,9 +65,9 @@ if [[ -n $(command -v apache2) || -n $(command -v httpd) ]]; then fi fi -# Remove NGiNX service if exists. +# Remove Nginx service if exists. if [[ -n $(command -v nginx) ]]; then - warning -e "\nNGiNX HTTP server already installed. Should we remove it?" + warning -e "\nNginx HTTP server already installed. Should we remove it?" echo "Backup your config and data before continue!" # shellchechk source=scripts/remove_nginx.sh @@ -84,20 +76,20 @@ if [[ -n $(command -v nginx) ]]; then fi # Remove PHP & FPM service if exists. -PHPv=${DEFAULT_PHP_VERSION:-"7.4"} +PHPv=${DEFAULT_PHP_VERSION:-"8.0"} if [[ -n $(command -v "php${PHPv}") ]]; then - warning -e "\nPHP & FPM already installed. Should we remove it?" + warning -e "\nPHP ${PHPv} already installed. Should we remove it?" echo "Backup your config and data before continue!" # shellchechk source=scripts/remove_php.sh # shellcheck disable=SC1091 - . "${SCRIPTS_DIR}/remove_php.sh" "${PHPv}" + . "${SCRIPTS_DIR}/remove_php.sh" --php-version="${PHPv}" fi # Remove Mysql service if exists. -if [[ -n $(command -v mysqld) ]]; then - warning -e "\nMariaDB (MySQL) database server already installed. Should we remove it?" +if [[ -n $(command -v mysqld) || -n $(command -v mariadb) ]]; then + warning -e "\nMySQL database server already installed. Should we remove it?" echo "Backup your database before continue!" # shellchechk source=scripts/remove_mariadb.sh diff --git a/scripts/helper.sh b/scripts/helper.sh index b1b1041b..de1eef54 100644 --- a/scripts/helper.sh +++ b/scripts/helper.sh @@ -2,12 +2,22 @@ # Helper Functions # Min. Requirement : GNU/Linux Ubuntu 18.04 -# Last Build : 11/12/2021 +# Last Build : 29/01/2022 # Author : MasEDI.Net (me@masedi.net) # Since Version : 1.0.0 -# Export environment variables. +# Define base directory. BASE_DIR=${BASE_DIR:-"$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"} + +# Define scripts directory. +export SCRIPTS_DIR +if grep -q "scripts" <<< "${BASE_DIR}"; then + SCRIPTS_DIR="${BASE_DIR}" +else + SCRIPTS_DIR="${BASE_DIR}/scripts" +fi + +# Export environment variables. ENVFILE=$(echo "${BASE_DIR}/.env" | sed '$ s|\/scripts\/.env$|\/.env|') if [[ -f "${ENVFILE}" ]]; then @@ -437,8 +447,33 @@ function get_release_name() { echo "${RELEASE_NAME}" } +# Get server private IP Address. +function get_ip_private() { + local SERVER_IP_PRIVATE && \ + SERVER_IP_PRIVATE=$(ip addr | grep 'inet' | grep -v inet6 | \ + grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | \ + grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1) + + echo "${SERVER_IP_PRIVATE}" +} + +# Get server public IP Address. +function get_ip_public() { + local SERVER_IP_PRIVATE && SERVER_IP_PRIVATE=$(get_ip_private) + local SERVER_IP_PUBLIC && \ + SERVER_IP_PUBLIC=$(curl -s http://ipecho.net/plain) + + # Ugly hack to detect aws-lightsail public IP address. + if [[ "${SERVER_IP_PRIVATE}" == "${SERVER_IP_PUBLIC}" ]]; then + echo "${SERVER_IP_PRIVATE}" + else + echo "${SERVER_IP_PUBLIC}" + fi +} + # Make sure only supported distribution can run LEMPer script. function preflight_system_check() { + # Set system distro version. export DISTRIB_NAME && DISTRIB_NAME=$(get_distrib_name) export RELEASE_NAME && RELEASE_NAME=$(get_release_name) @@ -447,30 +482,24 @@ function preflight_system_check() { fail -e "This Linux distribution isn't supported yet. \nIf you'd like it to be, let us know at https://github.com/joglomedia/LEMPer/issues" fi - # Create a temporary directory for the LEMPer installation. - BUILD_DIR=${BUILD_DIR:-"/tmp/lemper_build"} - [ ! -d "${BUILD_DIR}" ] && run mkdir -p "${BUILD_DIR}" -} - -# Verify system pre-requisites configuration. -function verify_prerequisites() { # Set system architecture. export ARCH && \ ARCH=$(uname -p) # Set default timezone. export TIMEZONE - if [[ -z "${TIMEZONE}" || "${TIMEZONE}" = "none" ]]; then + if [[ -z "${TIMEZONE}" || "${TIMEZONE}" == "none" ]]; then [ -f /etc/timezone ] && TIMEZONE=$(cat /etc/timezone) || TIMEZONE="UTC" fi # Set ethernet interface. export IFACE && \ - IFACE=$(find /sys/class/net -type l | grep -e "enp\|eth0" | cut -d'/' -f5) + IFACE=$(find /sys/class/net -type l | grep -e "eno\|ens\|enp\|eth0" | cut -d'/' -f5) # Set server IP. export SERVER_IP && \ - SERVER_IP=${SERVER_IP:-$(get_ip_addr)} + SERVER_IP=${SERVER_IP:-$(get_ip_public)} + SERVER_IP_LOCAL=$(get_ip_private) # Set server hostname. if [[ -n "${SERVER_HOSTNAME}" ]]; then @@ -478,9 +507,10 @@ function verify_prerequisites() { run bash -c "echo '${SERVER_HOSTNAME}' > /etc/hostname" if grep -q "${SERVER_HOSTNAME}" /etc/hosts; then - run sed -i".backup" "/${SERVER_HOSTNAME}/d" /etc/hosts + run sed -i".bak" "/${SERVER_HOSTNAME}/d" /etc/hosts + run bash -c "echo -e '${SERVER_IP_LOCAL}\t${SERVER_HOSTNAME}' >> /etc/hosts" else - run bash -c "echo -e '\n#LEMPer local hosts\n${SERVER_IP}\t${SERVER_HOSTNAME}' >> /etc/hosts" + run bash -c "echo -e '\n# LEMPer local hosts\n${SERVER_IP_LOCAL}\t${SERVER_HOSTNAME}' >> /etc/hosts" fi export HOSTNAME && \ @@ -498,11 +528,18 @@ function verify_prerequisites() { fi # Check if the hostname is pointed to server IP address. - #if [[ $(dig "${HOSTNAME}" +short) != "${SERVER_IP}" ]]; then - # error "It seems that your server's hostname is not yet pointed to your server's IP address." - # echo -n "In production environment you should add an DNS A record, points it to this server IP address "; status -n "${SERVER_IP}"; echo " !" - # exit 1 - #fi + if [[ $(dig "${HOSTNAME}" +short) != "${SERVER_IP}" && $(dig "${HOSTNAME}" +short) != "${SERVER_IP_LOCAL}" ]]; then + error "It seems that your server's hostname '${HOSTNAME}' is not yet pointed to your server's public IP address." + echo -n "In production environment you need to add an A record and point it to this IP address "; status -n "${SERVER_IP}"; echo " !" + exit 1 + fi + fi + + # Create a temporary directory for the LEMPer installation. + BUILD_DIR=${BUILD_DIR:-"/tmp/lemper_build"} + + if [ ! -d "${BUILD_DIR}" ]; then + run mkdir -p "${BUILD_DIR}" fi } @@ -558,8 +595,15 @@ function create_swap() { # around half RAM, for production servers you may need to set a lower value. if [[ $(cat /proc/sys/vm/swappiness) -gt 10 ]]; then if [[ ${DRYRUN} != true ]]; then - run sysctl vm.swappiness=10 - run echo "vm.swappiness=10" >> /etc/sysctl.conf + cat >> /etc/sysctl.conf </dev/null 2>&1 && pwd ) # shellcheck disable=SC1091 . "${BASE_DIR}/helper.sh" -fi -# Make sure only root can run this installer script. -requires_root "$@" + # Make sure only root can run this installer script. + requires_root "$@" -# Make sure only supported distribution can run this installer script. -preflight_system_check + # Make sure only supported distribution can run this installer script. + preflight_system_check +fi # Install Certbot Let's Encrypt. function init_certbotle_install() { @@ -90,23 +90,38 @@ function init_certbotle_install() { ${CRONCMD} EOL - run crontab lemper.cron - run rm -f lemper.cron - run service cron reload + crontab lemper.cron + rm -f lemper.cron + service cron reload else info "Certbot auto-renew command added to cronjob in dry run mode." fi # Register a new account. - local LE_EMAIL=${LEMPER_ADMIN_EMAIL:-"cert@lemper.sh"} + local LE_EMAIL=${LEMPER_ADMIN_EMAIL:-"cert@lemper.cloud"} - if [ -d /etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory ]; then + if [[ -d /etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory ]]; then run certbot update_account --email "${LE_EMAIL}" --no-eff-email --agree-tos else run certbot register --email "${LE_EMAIL}" --no-eff-email --agree-tos fi fi + # Generate a new certificate for the hostname domain. + if [[ "${ENVIRONMENT}" == "production" ]]; then + # Stop webserver first. + run systemctl stop nginx + + if [[ $(dig "${HOSTNAME}" +short) == "${SERVER_IP}" ]]; then + run certbot certonly --standalone --agree-tos --preferred-challenges http --webroot-path=/usr/share/nginx/html -d "${HOSTNAME}" + export HOSTNAME_CERT_PATH && \ + HOSTNAME_CERT_PATH="/etc/letsencrypt/live/${HOSTNAME}" + fi + + # Re-start webserver. + run systemctl start nginx + fi + if [[ "${DRYRUN}" != true ]]; then if certbot --version | grep -q "certbot"; then success "Certbot successfully installed." diff --git a/scripts/install_dependencies.sh b/scripts/install_dependencies.sh index b9138077..4811af6d 100755 --- a/scripts/install_dependencies.sh +++ b/scripts/install_dependencies.sh @@ -2,7 +2,7 @@ # Dependencies Installer # Min. Requirement : GNU/Linux Ubuntu 18.04 -# Last Build : 11/12/2021 +# Last Build : 12/02/2022 # Author : MasEDI.Net (me@masedi.net) # Since Version : 1.0.0 @@ -11,24 +11,16 @@ if [[ "$(type -t run)" != "function" ]]; then BASE_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd ) # shellcheck disable=SC1091 . "${BASE_DIR}/helper.sh" -fi -# Make sure only root can run this installer script. -requires_root "$@" + # Make sure only root can run this installer script. + requires_root "$@" -# Make sure only supported distribution can run this installer script. -preflight_system_check + # Make sure only supported distribution can run this installer script. + preflight_system_check +fi echo "Installing required dependencies..." -# Update locale -run locale-gen --purge en_US.UTF-8 id_ID.UTF-8 - -# Attended locales reconfiguration causing Terraform provisioning stuck. -if ! "${AUTO_INSTALL}"; then - run dpkg-reconfigure locales -fi - # Fix broken install, first? if [[ "${FIX_BROKEN_INSTALL}" == true ]]; then run dpkg --configure -a @@ -43,12 +35,22 @@ run apt-get upgrade -qq -y # Install dependencies. echo "Installing packages, be patient..." run apt-get install -qq -y \ - apt-transport-https apt-utils apache2-utils autoconf automake bash build-essential ca-certificates \ + apt-transport-https apt-utils autoconf automake bash build-essential ca-certificates \ cmake cron curl dmidecode dnsutils gcc geoip-bin geoip-database gettext git gnupg2 \ htop iptables libc-bin libc6-dev libcurl4-openssl-dev libgd-dev libgeoip-dev libgpgme11-dev \ - libsodium-dev libssl-dev libxml2-dev libpcre3-dev libtool libxslt1-dev logrotate lsb-release make \ - openssh-server openssl pkg-config python python3 re2c rsync software-properties-common \ - sasl2-bin sendmail snmp sudo sysstat tar tzdata unzip wget whois zlib1g-dev + libsodium-dev libssl-dev libxml2-dev libpcre3-dev libtool libxslt1-dev locales logrotate lsb-release \ + make net-tools openssh-server openssl pkg-config python python3 re2c rsync software-properties-common \ + sasl2-bin sendmail snmp sudo sysstat tar tzdata unzip wget whois xz-utils zlib1g-dev + +# Update locale +echo "Reconfigure locale..." + +run locale-gen --purge en_US.UTF-8 id_ID.UTF-8 + +# Attended locales reconfiguration causing Terraform provisioning stuck. +if [[ "${AUTO_INSTALL}" != true ]]; then + run dpkg-reconfigure locales +fi # Configure server clock. echo "Reconfigure server clock..." @@ -63,7 +65,4 @@ if [[ -n ${TIMEZONE} && ${TIMEZONE} != "none" ]]; then save_config "TIMEZONE=${TIMEZONE}" fi -# Verify system pre-requisites. -verify_prerequisites - success "Required packages installation completed..." diff --git a/scripts/install_fail2ban.sh b/scripts/install_fail2ban.sh index 863b7835..ed440fd8 100755 --- a/scripts/install_fail2ban.sh +++ b/scripts/install_fail2ban.sh @@ -2,7 +2,7 @@ # Install Fail2ban # Min. Requirement : GNU/Linux Ubuntu 18.04 -# Last Build : 11/12/2021 +# Last Build : 12/02/2022 # Author : MasEDI.Net (me@masedi.net) # Since Version : 1.3.0 @@ -11,13 +11,13 @@ if [[ "$(type -t run)" != "function" ]]; then BASE_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd ) # shellcheck disable=SC1091 . "${BASE_DIR}/helper.sh" -fi -# Make sure only root can run this installer script. -requires_root "$@" + # Make sure only root can run this installer script. + requires_root "$@" -# Make sure only supported distribution can run this installer script. -preflight_system_check + # Make sure only supported distribution can run this installer script. + preflight_system_check +fi ## # Install Fail2ban. diff --git a/scripts/install_imagemagick.sh b/scripts/install_imagemagick.sh index e12dc848..7bd36a2f 100755 --- a/scripts/install_imagemagick.sh +++ b/scripts/install_imagemagick.sh @@ -2,7 +2,7 @@ # ImageMagick Installer # Min. Requirement : GNU/Linux Ubuntu 18.04 -# Last Build : 11/12/2021 +# Last Build : 12/02/2022 # Author : MasEDI.Net (me@masedi.net) # Since Version : 1.0.0 @@ -11,13 +11,13 @@ if [[ "$(type -t run)" != "function" ]]; then BASE_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd ) # shellcheck disable=SC1091 . "${BASE_DIR}/helper.sh" -fi -# Make sure only root can run this installer script. -requires_root "$@" + # Make sure only root can run this installer script. + requires_root "$@" -# Make sure only supported distribution can run this installer script. -preflight_system_check + # Make sure only supported distribution can run this installer script. + preflight_system_check +fi ## # Install ImageMagick. @@ -62,22 +62,26 @@ function init_imagemagick_install() { CURRENT_DIR=$(pwd) if [[ "${IMAGEMAGICK_VERSION}" == "latest" ]]; then - IMAGEMAGICK_FILENAME="ImageMagick.tar.gz" + IMAGEMAGICK_FILENAME="ImageMagick.tar.xz" IMAGEMAGICK_ZIP_URL="https://www.imagemagick.org/download/${IMAGEMAGICK_FILENAME}" else - IMAGEMAGICK_FILENAME="ImageMagick-${IMAGEMAGICK_VERSION}.tar.gz" + IMAGEMAGICK_FILENAME="ImageMagick-${IMAGEMAGICK_VERSION}.tar.xz" IMAGEMAGICK_ZIP_URL="https://download.imagemagick.org/ImageMagick/download/releases/${IMAGEMAGICK_FILENAME}" fi - run cd "${BUILD_DIR}" && \ - run wget -q "${IMAGEMAGICK_ZIP_URL}" && \ - run tar -zxf "${IMAGEMAGICK_FILENAME}" && \ - run cd ImageMagick-*/ && \ - run ./configure && \ - run make && \ - run make install && \ - run ldconfig /usr/local/lib && \ - run cd "${CURRENT_DIR}" || return 1 + if curl -sLI "${IMAGEMAGICK_ZIP_URL}" | grep -q "HTTP/[.12]* [2].."; then + run cd "${BUILD_DIR}" && \ + run wget -q "${IMAGEMAGICK_ZIP_URL}" && \ + run tar -xf "${IMAGEMAGICK_FILENAME}" && \ + run cd ImageMagick-*/ && \ + run ./configure && \ + run make && \ + run make install && \ + run ldconfig /usr/local/lib && \ + run cd "${CURRENT_DIR}" || return 1 + else + error "Something went wrong while downloading ImageMagick files." + fi ;; *) # Skip installation. diff --git a/scripts/install_mailer.sh b/scripts/install_mailer.sh index ebeee804..fd130347 100755 --- a/scripts/install_mailer.sh +++ b/scripts/install_mailer.sh @@ -2,7 +2,7 @@ # Mail Installer # Min. Requirement : GNU/Linux Ubuntu 18.04 -# Last Build : 18/07/2021 +# Last Build : 14/02/2022 # Author : MasEDI.Net (me@masedi.net) # Since Version : 1.0.0 @@ -11,13 +11,13 @@ if [[ "$(type -t run)" != "function" ]]; then BASE_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd ) # shellcheck disable=SC1091 . "${BASE_DIR}/helper.sh" -fi -# Make sure only root can run this installer script. -requires_root "$@" + # Make sure only root can run this installer script. + requires_root "$@" -# Make sure only supported distribution can run this installer script. -preflight_system_check + # Make sure only supported distribution can run this installer script. + preflight_system_check +fi ## # Install Postfix Mail Transfer Agent. @@ -37,60 +37,42 @@ function install_postfix() { fi if [[ ${DO_INSTALL_POSTFIX} == y* || ${DO_INSTALL_POSTFIX} == Y* ]]; then - echo "Installing Postfix..." + echo "Installing Postfix Mail-Transfer Agent..." run apt-get install -qq -y mailutils postfix # Configure Postfix. - echo "Configuring Postfix..." - - run postconf -e "inet_interfaces = all" - run postconf -e "inet_protocols = all" - run postconf -e "alias_maps = hash:/etc/aliases" - run postconf -e "alias_database = hash:/etc/aliases" - run postconf -e "home_mailbox = Maildir/" - run postconf -e "myhostname = ${HOSTNAME}" - #run postconf -e "mydomain = lemper.cloud" - run postconf -e "myorigin = localhost" - run postconf -e "mydestination = \$myhostname, localhost, localhost.localdomain" + echo "Configuring Postfix Mail-Transfer Agent..." + + run postconf -e "inet_interfaces=all" + run postconf -e "inet_protocols=all" + run postconf -e "alias_maps=hash:/etc/aliases" + run postconf -e "alias_database=hash:/etc/aliases" + run postconf -e "home_mailbox=Maildir/" + run postconf -e "myhostname=${HOSTNAME}" + run postconf -e "mydomain=${HOSTNAME}" + run postconf -e "myorigin=${HOSTNAME}" + run postconf -e "mydestination=\$myhostname, localhost, localhost.localdomain" + #run postconf -e "relayhost=" [smtp.gmail.com]:587 require login # Setting up SMTP authentication. - run postconf -e "smtpd_sasl_type = dovecot" - run postconf -e "smtpd_sasl_path = private/auth" - run postconf -e "smtpd_sasl_local_domain =" - run postconf -e "smtpd_sasl_security_options = noanonymous" - run postconf -e "broken_sasl_auth_clients = yes" - run postconf -e "smtpd_sasl_auth_enable = yes" - run postconf -e "smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,reject_invalid_hostname,reject_non_fqdn_hostname,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_sender_domain,reject_rbl_client sbl.spamhaus.org,reject_rbl_client cbl.abuseat.org" - - # Generating Let's Encrypt certificates. - local CERTPATH="" - - if [[ "${ENVIRONMENT}" == "production" ]]; then - # Stop webserver first - run systemctl stop nginx - - if [[ $(validate_fqdn "${SENDER_DOMAIN}") == true && $(dig "${SENDER_DOMAIN}" +short) == "${SERVER_IP}" ]]; then - run certbot certonly --standalone --agree-tos --preferred-challenges http -d "${SENDER_DOMAIN}" - CERTPATH="/etc/letsencrypt/live/${SENDER_DOMAIN}" - elif [[ $(dig "${HOSTNAME}" +short) == "${SERVER_IP}" ]]; then - run certbot certonly --standalone --agree-tos --preferred-challenges http --webroot-path=/usr/share/nginx/html -d "${HOSTNAME}" - CERTPATH="/etc/letsencrypt/live/${HOSTNAME}" - fi - - # Re-start webserver - run systemctl start nginx - fi + run postconf -e "smtpd_sasl_type=dovecot" + run postconf -e "smtpd_sasl_path=private/auth" + run postconf -e "smtpd_sasl_local_domain=localhost.localdomain" + run postconf -e "smtpd_sasl_security_options=noanonymous" + run postconf -e "broken_sasl_auth_clients=yes" + run postconf -e "smtpd_sasl_auth_enable=yes" + run postconf -e "smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,reject_invalid_hostname,reject_non_fqdn_hostname,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_sender_domain,reject_rbl_client sbl.spamhaus.org,reject_rbl_client cbl.abuseat.org" # Enable secure Postfix. - if [[ -n "${CERTPATH}" ]]; then - run postconf -e "smtpd_tls_cert_file = ${CERTPATH}/fullchain.pem" - run postconf -e "smtpd_tls_key_file = ${CERTPATH}/privkey.pem" - run postconf -e "smtp_tls_security_level = may" - run postconf -e "smtpd_tls_security_level = may" - run postconf -e "smtp_tls_note_starttls_offer = yes" - run postconf -e "smtpd_tls_loglevel = 1" - run postconf -e "smtpd_tls_received_header = yes" + if [[ -n "${MAILER_CERT_PATH}" ]]; then + run postconf -e "smtpd_tls_cert_file=${MAILER_CERT_PATH}/fullchain.pem" + run postconf -e "smtpd_tls_key_file=${MAILER_CERT_PATH}/privkey.pem" + run postconf -e "smtp_tls_security_level=may" + run postconf -e "smtpd_tls_security_level=may" + run postconf -e "smtp_tls_note_starttls_offer=yes" + run postconf -e "smtpd_tls_loglevel=1" + run postconf -e "smtpd_tls_received_header=yes" fi # TODO: Multiple domain, multiple user settings. @@ -109,7 +91,9 @@ root@${HOSTNAME} ${LEMPER_USERNAME} wordpress@${HOSTNAME} ${LEMPER_USERNAME} EOL - if [[ $(validate_fqdn "${SENDER_DOMAIN}") == true ]]; then + if [[ "${SENDER_DOMAIN}" == "${HOSTNAME}" ]]; then + run bash -c "echo '@${SENDER_DOMAIN} ${LEMPER_USERNAME}' >> /etc/postfix/virtual/addresses" + else cat >> /etc/postfix/virtual/addresses < /etc/postfix/virtual/domains" + [ ! -f /etc/postfix/virtual/domains ] && run touch /etc/postfix/virtual/domains - if [[ $(validate_fqdn "${SENDER_DOMAIN}") == true ]]; then + if [[ $(validate_fqdn "${SENDER_DOMAIN}") == true && "${SENDER_DOMAIN}" != "${HOSTNAME}" ]]; then run bash -c "echo '${SENDER_DOMAIN}' >> /etc/postfix/virtual/domains" fi - run postconf -e "virtual_alias_domains = /etc/postfix/virtual/domains" + run postconf -e "virtual_alias_domains=/etc/postfix/virtual/domains" + + # Enable Postfix on startup. + run systemctl enable postfix@-.service # Installation status. if [[ "${DRYRUN}" != true ]]; then @@ -172,12 +158,12 @@ function install_dovecot() { fi if [[ ${DO_INSTALL_DOVECOT} == y* || ${DO_INSTALL_DOVECOT} == Y* ]]; then - echo "Installing Dovecot..." + echo "Installing Dovecot IMAP & POP3 Server..." run apt-get install -qq -y dovecot-core dovecot-common dovecot-imapd dovecot-pop3d # Configure Dovecot. - echo "Configuring Dovecot..." + echo "Configuring Dovecot IMAP & POP3 Server..." run maildirmake.dovecot /etc/skel/Maildir run maildirmake.dovecot /etc/skel/Maildir/.Drafts @@ -192,8 +178,22 @@ function install_dovecot() { run adduser "${LEMPER_USERNAME}" mail # Include the Maildir location in terminal and mail profiles. - run bash -c "echo -e '\nexport MAIL=~/Maildir' >> /etc/bash.bashrc" - run bash -c "echo -e '\nexport MAIL=~/Maildir' >> /etc/profile.d/mail.sh" + #run bash -c "echo -e '\nexport MAIL=~/Maildir' >> /etc/bash.bashrc" + #run bash -c "echo -e '\nexport MAIL=~/Maildir' >> /etc/profile.d/mail.sh" + + if grep -q "MAIL=~/Maildir" /etc/bash.bashrc; then + run sed -i".bak" "/export\ MAIL=~\/Maildir/d" /etc/bash.bashrc + run bash -c "echo -e 'export MAIL=~/Maildir' >> /etc/bash.bashrc" + else + run bash -c "echo -e '\n# LEMPer Mailer\nexport MAIL=~/Maildir' >> /etc/bash.bashrc" + fi + + if grep -q "MAIL=~/Maildir" /etc/profile.d/mail.sh; then + run sed -i".bak" "/export\ MAIL=~\/Maildir/d" /etc/profile.d/mail.sh + run bash -c "echo -e 'export MAIL=~/Maildir' >> /etc/profile.d/mail.sh" + else + run bash -c "echo -e '\n# LEMPer Mailer\nexport MAIL=~/Maildir' >> /etc/profile.d/mail.sh" + fi # User authentication (with SASL). if [[ -f /etc/dovecot/conf.d/10-auth.conf ]]; then @@ -217,7 +217,7 @@ function install_dovecot() { fi # Set the mail directory to use the same format as Postfix. - if [ -f /etc/dovecot/conf.d/10-mail.conf ]; then + if [[ -f /etc/dovecot/conf.d/10-mail.conf ]]; then # Maildir. if grep -qwE "^mail_location\ =\ [^[:digit:]]*$" /etc/dovecot/conf.d/10-mail.conf; then run sed -i "s/^mail_location\ =\ [^[:digit:]]*$/mail_location\ =\ maildir:~\/Maildir/g" \ @@ -229,7 +229,7 @@ function install_dovecot() { fi # Enable IMAP and POP3 protocols for email clients. - if [ -f /etc/dovecot/conf.d/10-master.conf ]; then + if [[ -f /etc/dovecot/conf.d/10-master.conf ]]; then # IMAP run sed -i "s/#port\ =\ 143/port\ =\ 143/g" /etc/dovecot/conf.d/10-master.conf # IMAPS @@ -248,6 +248,30 @@ function install_dovecot() { run sed -i "s/#group\ =\ postfix/group\ =\ postfix/g" /etc/dovecot/conf.d/10-master.conf fi + # Let's Encrypt SSL certs. + if [[ -n "${MAILER_CERT_PATH}" && -f /etc/dovecot/conf.d/10-ssl.conf ]]; then + # SSL cert. + if grep -qwE "^ssl_cert\ =\ [^[:digit:]]*$" /etc/dovecot/conf.d/10-ssl.conf; then + run sed -i "s|^ssl_cert\ =\ [^[:digit:]]*$|ssl_cert\ =\ <${MAILER_CERT_PATH}/fullchain.pem|g" \ + /etc/dovecot/conf.d/10-ssl.conf + else + run sed -iE "/^#ssl_cert\ =\ [^[:digit:]]*$/a ssl_cert\ =\ <${MAILER_CERT_PATH}/fullchain.pem" \ + /etc/dovecot/conf.d/10-ssl.conf + fi + + # SSL key. + if grep -qwE "^ssl_key\ =\ [^[:digit:]]*$" /etc/dovecot/conf.d/10-ssl.conf; then + run sed -i "s|^ssl_key\ =\ [^[:digit:]]*$|ssl_key\ =\ ${MAILER_CERT_PATH}/privkey.pem|g" \ + /etc/dovecot/conf.d/10-ssl.conf + else + run sed -iE "/^#ssl_key\ =\ [^[:digit:]]*$/a ssl_key\ =\ ${MAILER_CERT_PATH}/privkey.pem" \ + /etc/dovecot/conf.d/10-ssl.conf + fi + fi + + # Enable Dovecot on startup. + run systemctl enable dovecot.service + # Installation status. if [[ "${DRYRUN}" != true ]]; then if [[ $(pgrep -c dovecot) -gt 0 ]]; then @@ -298,8 +322,10 @@ function install_spf_dkim() { echo "Configuring SPF + DKIM..." # Update postfix master conf. - run bash -c "echo 'policyd-spf unix - n n - 0 spawn -user=policyd-spf argv=/usr/bin/policyd-spf' >> /etc/postfix/master.cf" + if ! grep -qwE "^policyd-spf\ unix" /etc/postfix/master.cf; then + run bash -c "echo 'policyd-spf unix - n n - 0 spawn + user=policyd-spf argv=/usr/bin/policyd-spf' >> /etc/postfix/master.cf" + fi # Update postfix main conf. run postconf -e 'policyd-spf_time_limit = 3600' @@ -401,12 +427,10 @@ EOL run mkdir -p "/etc/opendkim/keys/${SENDER_DOMAIN}" # Generate keys using opendkim-genkey tool. - #opendkim-genkey -b 2048 -d your-domain.com -D /etc/opendkim/keys/your-domain.com -s default -v local KEY_HASH_LENGTH=${KEY_HASH_LENGTH:-2048} run opendkim-genkey -b "${KEY_HASH_LENGTH}" -d "${SENDER_DOMAIN}" -D "/etc/opendkim/keys/${SENDER_DOMAIN}" -s lemper -v # Make opendkim as the owner of the private key. - #chown opendkim:opendkim /etc/opendkim/keys/your-domain.com/default.private run chown opendkim:opendkim "/etc/opendkim/keys/${SENDER_DOMAIN}/lemper.private" # Publish Your Public Key in DNS Records. @@ -429,6 +453,27 @@ EOL echo "opendkim-testkey -d ${SENDER_DOMAIN} -s lemper -vvv" sleep 3 fi + + # Enable Dovecot on startup. + run systemctl enable opendkim + + # Installation status. + if [[ "${DRYRUN}" != true ]]; then + if [[ $(pgrep -c opendkim) -gt 0 ]]; then + run systemctl reload opendkim + success "OpenDKIM reloaded successfully." + elif [[ -n $(command -v opendkim) ]]; then + run systemctl start opendkim + + if [[ $(pgrep -c opendkim) -gt 0 ]]; then + success "OpenDKIM started successfully." + else + error "Something goes wrong with OpenDKIM + SPF installation." + fi + fi + else + info "OpenDKIM + SPF installed in dry run mode." + fi fi } @@ -436,8 +481,42 @@ EOL # Initialize the mail server installation. ## function init_mailer_install() { - [[ -z "${SENDER_DOMAIN}" && "${SENDER_DOMAIN}" == "example.com" ]] && \ - SENDER_DOMAIN="${SERVER_HOSTNAME}" + if [[ $(validate_fqdn "${SENDER_DOMAIN}") == false || "${SENDER_DOMAIN}" == "mail.example.com" ]]; then + # Hostname TLD. + #SENDER_DOMAIN=$(echo "${HOSTNAME}" | rev | cut -d "." -f1-2 | rev) + SENDER_DOMAIN="${HOSTNAME}" + fi + + # Generating Let's Encrypt certificates. + export MAILER_CERT_PATH + + if [[ "${ENVIRONMENT}" == "production" && "${DRYRUN}" != true ]]; then + # Stop webserver first. + run systemctl stop nginx + + if [[ $(validate_fqdn "${SENDER_DOMAIN}") == true && $(dig "${SENDER_DOMAIN}" +short) == "${SERVER_IP}" ]]; then + echo "Generating LE certificates for sender domain '${SENDER_DOMAIN}'..." + + if [[ ! -d "/etc/letsencrypt/live/${SENDER_DOMAIN}" ]]; then + run certbot certonly --standalone --agree-tos --preferred-challenges http -d "${SENDER_DOMAIN}" + fi + + MAILER_CERT_PATH="/etc/letsencrypt/live/${SENDER_DOMAIN}" + elif [[ $(dig "${HOSTNAME}" +short) == $(get_ip_private) ]]; then + echo "Generating LE certificates for sender domain '${HOSTNAME}'..." + + if [[ ! -d "/etc/letsencrypt/live/${HOSTNAME}" ]]; then + run certbot certonly --standalone --agree-tos --preferred-challenges http --webroot-path=/usr/share/nginx/html -d "${HOSTNAME}" + fi + + MAILER_CERT_PATH="/etc/letsencrypt/live/${HOSTNAME}" + else + MAILER_CERT_PATH="" + fi + + # Re-start webserver. + run systemctl start nginx + fi if [[ -n $(command -v postfix) && "${FORCE_INSTALL}" != true ]]; then info "Postfix already exists, installation skipped." diff --git a/scripts/install_mariadb.sh b/scripts/install_mariadb.sh index d1af2193..df25750d 100755 --- a/scripts/install_mariadb.sh +++ b/scripts/install_mariadb.sh @@ -2,7 +2,7 @@ # MariaDB Installer # Min. Requirement : GNU/Linux Ubuntu 18.04 -# Last Build : 24/10/2021 +# Last Build : 13/02/2022 # Author : MasEDI.Net (me@masedi.net) # Since Version : 1.0.0 @@ -11,13 +11,13 @@ if [[ "$(type -t run)" != "function" ]]; then BASE_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd ) # shellcheck disable=SC1091 . "${BASE_DIR}/helper.sh" -fi -# Make sure only root can run this installer script. -requires_root "$@" + # Make sure only root can run this installer script. + requires_root "$@" -# Make sure only supported distribution can run this installer script. -preflight_system_check + # Make sure only supported distribution can run this installer script. + preflight_system_check +fi ## # Add MariaDB Repository. @@ -25,16 +25,14 @@ preflight_system_check function add_mariadb_repo() { echo "Adding MariaDB repository..." - DISTRIB_NAME=${DISTRIB_NAME:-$(get_distrib_name)} - RELEASE_NAME=${RELEASE_NAME:-$(get_release_name)} MYSQL_SERVER=${MYSQL_SERVER:-"mariadb"} MYSQL_VERSION=${MYSQL_VERSION:-"10.6"} + # Fallback to oldest version if version is not supported. [ "${RELEASE_NAME}" == "jessie" ] && MYSQL_VERSION="10.5" # Add MariaDB official repo. # Ref: https://mariadb.com/kb/en/library/mariadb-package-repository-setup-and-usage/ - MARIADB_REPO_SETUP_URL="https://downloads.mariadb.com/MariaDB/mariadb_repo_setup" if curl -sLI "${MARIADB_REPO_SETUP_URL}" | grep -q "HTTP/[.12]* [2].."; then @@ -51,8 +49,6 @@ function add_mariadb_repo() { # Install MariaDB (MySQL drop-in). ## function init_mariadb_install() { - MYSQL_VERSION=${MYSQL_VERSION:-"10.5"} - if [[ "${AUTO_INSTALL}" == true ]]; then if [[ "${INSTALL_MYSQL}" == true ]]; then DO_INSTALL_MYSQL="y" @@ -82,6 +78,7 @@ function init_mariadb_install() { info "MariaDB server installed in dry run mode." else if [[ -n $(command -v mysql) ]]; then + [ ! -d /etc/mysql/conf.d ] && run mkdir -p /etc/mysql/conf.d [ ! -f /etc/mysql/my.cnf ] && run cp -f etc/mysql/my.cnf /etc/mysql/ [ ! -f /etc/mysql/mariadb.cnf ] && run cp -f etc/mysql/mariadb.cnf /etc/mysql/ [ ! -f /etc/mysql/debian.cnf ] && run cp -f etc/mysql/debian.cnf /etc/mysql/ @@ -254,20 +251,6 @@ open_files_limit=65535 run bash -c "echo -e '\n${MARIABACKUP_CNF}' >> /etc/mysql/my.cnf" fi - # Restart to take effect. - #systemctl restart mariadb - - #if [[ $(pgrep -c mysql) -gt 0 ]]; then - # success "Mariaback user '${MARIABACKUP_USER}' added successfully." - #elif [[ -n $(command -v mysql) ]]; then - # systemctl start mariadb - # if [[ $(pgrep -c mysql) -gt 0 ]]; then - # success "Mariaback user '${MARIABACKUP_USER}' added successfully." - # else - # info "Something went wrong with MariaDB server installation." - # fi - #fi - # Save config. save_config -e "MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}\nMARIABACKUP_USERNAME=${MARIABACKUP_USER}\nMARIABACKUP_PASSWORD=${MARIABACKUP_PASS}" @@ -315,20 +298,6 @@ skip-bind-address" else run bash -c "echo -e '\n${REMOTE_CLIENT_CNF}' >> /etc/mysql/my.cnf" fi - - # Restart to take effect. - #systemctl restart mariadb - - #if [[ $(pgrep -c mysql) -gt 0 ]]; then - # success "MySQL remote client access successfully enabled." - #elif [[ -n $(command -v mysql) ]]; then - # systemctl start mariadb - # if [[ $(pgrep -c mysql) -gt 0 ]]; then - # success "MySQL remote client access successfully enabled." - # else - # info "Something went wrong with MariaDB server installation." - # fi - #fi fi } diff --git a/scripts/install_memcached.sh b/scripts/install_memcached.sh index efa6cf8a..7668fa95 100755 --- a/scripts/install_memcached.sh +++ b/scripts/install_memcached.sh @@ -2,7 +2,7 @@ # Memcached Installer # Min. Requirement : GNU/Linux Ubuntu 18.04 -# Last Build : 11/12/2021 +# Last Build : 12/02/2022 # Author : MasEDI.Net (me@masedi.net) # Since Version : 1.0.0 @@ -11,13 +11,13 @@ if [[ "$(type -t run)" != "function" ]]; then BASE_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd ) # shellcheck disable=SC1091 . "${BASE_DIR}/helper.sh" -fi -# Make sure only root can run this installer script. -requires_root "$@" + # Make sure only root can run this installer script. + requires_root "$@" -# Make sure only supported distribution can run this installer script. -preflight_system_check + # Make sure only supported distribution can run this installer script. + preflight_system_check +fi ## # Initialize Memcached Installation. @@ -40,7 +40,7 @@ function init_memcached_install() { if [[ ${DO_INSTALL_MEMCACHED} == y* || ${DO_INSTALL_MEMCACHED} == Y* ]]; then # Install menu. - if ! "${AUTO_INSTALL}"; then + if [[ "${AUTO_INSTALL}" != true ]]; then echo "Available Memcached installation method:" echo " 1). Install from Repository (repo)" echo " 2). Compile from Source (source)" @@ -83,7 +83,7 @@ function init_memcached_install() { #fi # Memcached source. - if [[ ${MEMCACHED_VERSION} == "latest" ]]; then + if [[ "${MEMCACHED_VERSION}" == "latest" || "${MEMCACHED_VERSION}" == "stable" ]]; then MEMCACHED_DOWNLOAD_URL="http://memcached.org/latest" else MEMCACHED_DOWNLOAD_URL="https://memcached.org/files/memcached-${MEMCACHED_VERSION}.tar.gz" @@ -94,7 +94,7 @@ function init_memcached_install() { run tar -zxf memcached.tar.gz && \ run cd memcached-* && \ - if [[ ${MEMCACHED_SASL} == "enable" || ${MEMCACHED_SASL} == true ]]; then + if [[ "${MEMCACHED_SASL}" == "enable" || "${MEMCACHED_SASL}" == true ]]; then #run ./configure --enable-sasl --bindir=/usr/bin --with-libevent=/usr/local/libevent run ./configure --enable-sasl --bindir=/usr/bin else @@ -204,9 +204,11 @@ EOL fi fi - # Optimizing Memcached conf. + # Optimizing Memcached configurations. + local RAM_SIZE && \ RAM_SIZE=$(get_ram_size) + if [[ ${RAM_SIZE} -le 2048 ]]; then # If machine RAM less than / equal 2GiB, set Memcached to 1/16 of RAM size. local MEMCACHED_SIZE=$((RAM_SIZE / 16)) @@ -217,6 +219,7 @@ EOL # Otherwise, set Memcached to max of 2GiB. local MEMCACHED_SIZE=2048 fi + run sed -i "s/-m 64/-m ${MEMCACHED_SIZE}/g" /etc/memcached_memcache.conf run sed -i "s/-m 64/-m ${MEMCACHED_SIZE}/g" /etc/memcached_www-data.conf fi diff --git a/scripts/install_mongodb.sh b/scripts/install_mongodb.sh index ef8d27c6..b1cb796c 100755 --- a/scripts/install_mongodb.sh +++ b/scripts/install_mongodb.sh @@ -1,9 +1,8 @@ #!/usr/bin/env bash # MongoDB installer -# Ref : https://www.linode.com/docs/databases/mongodb/install-mongodb-on-ubuntu-16-04 # Min. Requirement : GNU/Linux Ubuntu 18.04 -# Last Build : 24/12/2021 +# Last Build : 12/02/2022 # Author : MasEDI.Net (me@masedi.net) # Since Version : 1.0.0 @@ -12,18 +11,20 @@ if [[ "$(type -t run)" != "function" ]]; then BASE_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd ) # shellcheck disable=SC1091 . "${BASE_DIR}/helper.sh" -fi -# Make sure only root can run this installer script. -requires_root "$@" + # Make sure only root can run this installer script. + requires_root "$@" -# Make sure only supported distribution can run this installer script. -preflight_system_check + # Make sure only supported distribution can run this installer script. + preflight_system_check +fi -DISTRIB_NAME=${DISTRIB_NAME:-$(get_distrib_name)} -RELEASE_NAME=${RELEASE_NAME:-$(get_release_name)} -MONGODB_VERSION=${MONGODB_VERSION:-"5.0"} -[[ "${RELEASE_NAME}" == "jessie" || "${RELEASE_NAME}" == "xenial" ]] && MONGODB_VERSION="4.4" +# Set MongoDB version. +if [[ "${RELEASE_NAME}" == "jessie" || "${RELEASE_NAME}" == "xenial" ]]; then + MONGODB_VERSION="4.4" +else + MONGODB_VERSION=${MONGODB_VERSION:-"5.0"} +fi ## # Add MongoDB repository. @@ -133,7 +134,7 @@ function init_mongodb_install() { if [[ -n $(command -v mongosh) && $(pgrep -c mongod) -gt 0 ]]; then echo "Final test MongoDB service..." - sleep 3 # Wait for MongoDB to completely start. + sleep 3 # Wait for MongoDB to completely started. MONGODB_ADMIN_USER=${MONGODB_ADMIN_USER:-"lemperdb"} MONGODB_ADMIN_PASSWORD=${MONGODB_ADMIN_PASSWORD:-"$(openssl rand -base64 64 | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1)"} diff --git a/scripts/install_nginx.sh b/scripts/install_nginx.sh index 99176625..5d277fe3 100755 --- a/scripts/install_nginx.sh +++ b/scripts/install_nginx.sh @@ -2,7 +2,7 @@ # Nginx Installer # Min. Requirement : GNU/Linux Ubuntu 18.04 -# Last Build : 11/12/2021 +# Last Build : 12/02/2022 # Author : MasEDI.Net (me@masedi.net) # Since Version : 1.0.0 @@ -11,14 +11,17 @@ if [[ "$(type -t run)" != "function" ]]; then BASE_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd ) # shellcheck disable=SC1091 . "${BASE_DIR}/helper.sh" -fi -# Make sure only root can run this installer script. -requires_root "$@" + # Make sure only root can run this installer script. + requires_root "$@" -# Make sure only supported distribution can run this installer script. -preflight_system_check + # Make sure only supported distribution can run this installer script. + preflight_system_check +fi +## +# Add Nginx repository. +## function add_nginx_repo() { echo "Add Nginx repository..." @@ -66,6 +69,9 @@ function add_nginx_repo() { esac } +## +# Initialize Nginx installation. +## function init_nginx_install() { local SELECTED_INSTALLER="" @@ -300,10 +306,10 @@ function init_nginx_install() { NGINX_RELEASE_VERSION="${NGINX_VERSION}" fi - if [[ "${DRYRUN}" == true ]]; then - run "${BUILD_DIR}/build_nginx" -v latest-stable \ - -n "${NGINX_RELEASE_VERSION}" --dynamic-module --extra-modules -y --dryrun - else + #if [[ "${DRYRUN}" == true ]]; then + # run "${BUILD_DIR}/build_nginx" -v latest-stable \ + # -n "${NGINX_RELEASE_VERSION}" --dynamic-module --extra-modules -y --dryrun + #else # Nginx configure arguments. NGX_CONFIGURE_ARGS="" @@ -354,7 +360,7 @@ function init_nginx_install() { # Build with custom OpenSSL. if "${NGINX_WITH_CUSTOMSSL}"; then # Custom SSL version. - NGINX_CUSTOMSSL_VERSION=${NGINX_CUSTOMSSL_VERSION:-"openssl-1.1.1d"} + NGINX_CUSTOMSSL_VERSION=${NGINX_CUSTOMSSL_VERSION:-"openssl-1.1.1l"} echo "Build Nginx with custom SSL ${NGINX_CUSTOMSSL_VERSION^}..." @@ -451,7 +457,7 @@ function init_nginx_install() { run cp build/ssl/libssl.a .openssl/lib && \ # Back to extra module dir. - run cd "${EXTRA_MODULE_DIR}" && \ + run cd "${EXTRA_MODULE_DIR}" || return 1 #NGX_CONFIGURE_ARGS="--with-openssl=${BUILD_DIR}/${NGINX_CUSTOMSSL_VERSION} ${NGX_CONFIGURE_ARGS}" NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ @@ -469,19 +475,20 @@ function init_nginx_install() { # Build with PCRE. if "${NGINX_WITH_PCRE}"; then # Custom PCRE JIT source. - NGINX_PCRE_VERSION=${NGINX_PCRE_VERSION:-"pcre-8.43"} - SOURCE_PCRE="https://ftp.pcre.org/pub/pcre/${NGINX_PCRE_VERSION}.tar.gz" + NGINX_PCRE_VERSION=${NGINX_PCRE_VERSION:-"8.45"} + PCRE_SOURCE_URL="https://onboardcloud.dl.sourceforge.net/project/pcre/pcre/${NGINX_PCRE_VERSION}/pcre-${NGINX_PCRE_VERSION}.tar.gz" - echo "Build Nginx with PCRE-${NGINX_PCRE_VERSION} JIT..." + echo "Build Nginx with PCRE JIT ${NGINX_PCRE_VERSION}..." - if curl -sLI "${SOURCE_PCRE}" | grep -q "HTTP/[.12]* [2].."; then - run wget -q -O "${NGINX_PCRE_VERSION}.tar.gz" "${SOURCE_PCRE}" && \ + if curl -sLI "${PCRE_SOURCE_URL}" | grep -q "HTTP/[.12]* [2].."; then + run wget -q -O "${NGINX_PCRE_VERSION}.tar.gz" "${PCRE_SOURCE_URL}" && \ run tar -zxf "${NGINX_PCRE_VERSION}.tar.gz" - [ -d "${BUILD_DIR}/${NGINX_PCRE_VERSION}" ] && \ - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} --with-pcre=${BUILD_DIR}/${NGINX_PCRE_VERSION} --with-pcre-jit" + if [ -d "${BUILD_DIR}/${NGINX_PCRE_VERSION}" ]; then + NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} --with-pcre=${BUILD_DIR}/${NGINX_PCRE_VERSION} --with-pcre-jit" + fi else - error "Unable to determine PCRE-${NGINX_PCRE_VERSION} source." + error "Unable to determine PCRE JIT ${NGINX_PCRE_VERSION} source." fi fi @@ -490,22 +497,20 @@ function init_nginx_install() { local EXTRA_MODULE_DIR="${BUILD_DIR}/nginx_modules" - if [ ! -d "${EXTRA_MODULE_DIR}" ]; then - run mkdir -p "${EXTRA_MODULE_DIR}" - else - delete_if_already_exists "${EXTRA_MODULE_DIR}" - run mkdir -p "${EXTRA_MODULE_DIR}" + if [ -d "${EXTRA_MODULE_DIR}" ]; then + run rm -rf "${EXTRA_MODULE_DIR}" fi + run mkdir -p "${EXTRA_MODULE_DIR}" && \ run cd "${EXTRA_MODULE_DIR}" || return 1 # Auth PAM module. if "${NGX_HTTP_AUTH_PAM}"; then echo "Adding ngx-http-auth-pam module..." - run git clone -q https://github.com/sto/ngx_http_auth_pam_module.git + run git clone -q --branch="master" --single-branch https://github.com/sto/ngx_http_auth_pam_module.git - if "${NGINX_DYNAMIC_MODULE}"; then + if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ --add-dynamic-module=${EXTRA_MODULE_DIR}/ngx_http_auth_pam_module" else @@ -527,9 +532,9 @@ function init_nginx_install() { run cd ngx_brotli && \ run git checkout master -q && \ run git submodule update --init -q && \ - run cd ../ && \ + run cd ../ || return 1 - if "${NGINX_DYNAMIC_MODULE}"; then + if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ --add-dynamic-module=${EXTRA_MODULE_DIR}/ngx_brotli" else @@ -542,10 +547,10 @@ function init_nginx_install() { if "${NGX_HTTP_CACHE_PURGE}"; then echo "Adding ngx-http-cache-purge module..." - run git clone -q https://github.com/nginx-modules/ngx_cache_purge.git + run git clone -q --branch="master" --single-branch https://github.com/nginx-modules/ngx_cache_purge.git #run git clone -q https://github.com/joglomedia/ngx_cache_purge.git - if "${NGINX_DYNAMIC_MODULE}"; then + if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ --add-dynamic-module=${EXTRA_MODULE_DIR}/ngx_cache_purge" else @@ -558,9 +563,9 @@ function init_nginx_install() { if "${NGX_HTTP_DAV_EXT}"; then echo "Adding ngx-http-dav-ext module..." - run git clone -q https://github.com/arut/nginx-dav-ext-module.git + run git clone -q --branch="master" --single-branch https://github.com/arut/nginx-dav-ext-module.git - if "${NGINX_DYNAMIC_MODULE}"; then + if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ --add-dynamic-module=${EXTRA_MODULE_DIR}/nginx-dav-ext-module" else @@ -573,9 +578,9 @@ function init_nginx_install() { if "${NGX_HTTP_ECHO}"; then echo "Adding ngx-http-echo module..." - run git clone -q https://github.com/openresty/echo-nginx-module.git + run git clone -q --branch="master" --single-branch https://github.com/openresty/echo-nginx-module.git - if "${NGINX_DYNAMIC_MODULE}"; then + if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ --add-dynamic-module=${EXTRA_MODULE_DIR}/echo-nginx-module" else @@ -588,9 +593,9 @@ function init_nginx_install() { if "${NGX_HTTP_FANCYINDEX}"; then echo "Adding ngx-http-fancyindex module..." - run git clone -q https://github.com/aperezdc/ngx-fancyindex.git + run git clone -q --branch="master" --single-branch https://github.com/aperezdc/ngx-fancyindex.git - if "${NGINX_DYNAMIC_MODULE}"; then + if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ --add-dynamic-module=${EXTRA_MODULE_DIR}/ngx-fancyindex" else @@ -603,7 +608,7 @@ function init_nginx_install() { if "${NGX_HTTP_GEOIP}"; then echo "Adding ngx-http-geoip module..." - if "${NGINX_DYNAMIC_MODULE}"; then + if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ --with-http_geoip_module=dynamic" else @@ -616,9 +621,9 @@ function init_nginx_install() { if "${NGX_HTTP_GEOIP2}"; then echo "Adding ngx-http-geoip2 module..." - run git clone -q https://github.com/leev/ngx_http_geoip2_module.git + run git clone -q --branch="master" --single-branch https://github.com/leev/ngx_http_geoip2_module.git - if "${NGINX_DYNAMIC_MODULE}"; then + if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ --add-dynamic-module=${EXTRA_MODULE_DIR}/ngx_http_geoip2_module" else @@ -629,7 +634,7 @@ function init_nginx_install() { # install libmaxminddb echo "GeoIP2 module requires MaxMind GeoIP2 library, install now..." - run cd "${BUILD_DIR}" && \ + run cd "${BUILD_DIR}" || return 1 DISTRIB_NAME=${DISTRIB_NAME:-$(get_distrib_name)} @@ -650,19 +655,24 @@ function init_nginx_install() { run ./configure && \ run make -j"${NB_PROC}" && \ run make install && \ - run bash -c "echo /usr/local/lib >> /etc/ld.so.conf.d/local.conf" && \ + run bash -c "echo /usr/local/lib >> /etc/ld.so.conf.d/local.conf" && \ run ldconfig && \ run cd ../ || return 1 fi echo "Downloading MaxMind GeoIP2-GeoLite2 database..." + if [ -d geoip-db ]; then + run rm -rf geoip-db + fi + run mkdir -p geoip-db && \ run cd geoip-db && \ run mkdir -p /opt/geoip # Download MaxMind GeoLite2 database. GEOLITE2_COUNTRY_SRC="https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country&license_key=${GEOLITE2_LICENSE_KEY}&suffix=tar.gz" + if curl -sLI "${GEOLITE2_COUNTRY_SRC}" | grep -q "HTTP/[.12]* [2].."; then #run wget -q https://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.tar.gz && \ run wget -q "${GEOLITE2_COUNTRY_SRC}" -O GeoLite2-Country.tar.gz && \ @@ -673,6 +683,7 @@ function init_nginx_install() { fi GEOLITE2_CITY_SRC="https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key=${GEOLITE2_LICENSE_KEY}&suffix=tar.gz" + if curl -sLI "${GEOLITE2_CITY_SRC}" | grep -q "HTTP/[.12]* [2].."; then #run wget -q https://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz && \ run wget -q "${GEOLITE2_CITY_SRC}" -O GeoLite2-City.tar.gz && \ @@ -681,7 +692,7 @@ function init_nginx_install() { run mv GeoLite2-City.mmdb /opt/geoip/ fi - run cd "${EXTRA_MODULE_DIR}" && \ + run cd "${EXTRA_MODULE_DIR}" || return 1 if [[ -f /opt/geoip/GeoLite2-City.mmdb && -f /opt/geoip/GeoLite2-Country.mmdb ]]; then success "MaxMind GeoIP2-GeoLite2 database successfully installed." @@ -694,9 +705,9 @@ function init_nginx_install() { if "${NGX_HTTP_HEADERS_MORE}"; then echo "Adding ngx-http-headers-more-filter module..." - run git clone -q https://github.com/openresty/headers-more-nginx-module.git + run git clone -q --branch="master" --single-branch https://github.com/openresty/headers-more-nginx-module.git - if "${NGINX_DYNAMIC_MODULE}"; then + if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ --add-dynamic-module=${EXTRA_MODULE_DIR}/headers-more-nginx-module" else @@ -709,7 +720,7 @@ function init_nginx_install() { if "${NGX_HTTP_IMAGE_FILTER}"; then echo "Adding ngx-http-image-filter module..." - if "${NGINX_DYNAMIC_MODULE}"; then + if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ --with-http_image_filter_module=dynamic" else @@ -722,10 +733,14 @@ function init_nginx_install() { if "${NGX_HTTP_LUA}"; then echo "Adding ngx-http-lua module..." + LUA_JIT_VERSION=${LUA_JIT_VERSION:-"v2.1-20211210"} + LUA_RESTY_CORE_VERSION=${LUA_RESTY_CORE_VERSION:-"v0.1.22"} + LUA_RESTY_LRUCACHE_VERSION=${LUA_RESTY_LRUCACHE_VERSION:-"v0.11"} + # Requires ngx-devel-kit enabled NGX_HTTP_NDK=true - # Requires luajit lib + # Requires luajit library echo "Lua module requires LuaJIT 2.1 library, installing now..." run cd "${BUILD_DIR}" || return 1 @@ -735,36 +750,69 @@ function init_nginx_install() { run cd luajit2 || return 1 else run cd luajit2 && \ - run git pull -q + run git fetch -q --all --tags fi + run git checkout "tags/${LUA_JIT_VERSION}" && \ run make -j"${NB_PROC}" && \ run make install + # Requires lua core library + echo "Lua module requires Lua Resty Core library, installing now..." + + if [ ! -d lua-resty-core ]; then + run git clone -q https://github.com/openresty/lua-resty-core.git && \ + run cd lua-resty-core || return 1 + else + run cd lua-resty-core && \ + run git fetch -q --all --tags + fi + + run git checkout "tags/${LUA_RESTY_CORE_VERSION}" && \ + run make install && \ + run cd ../ || return 1 + + # Requires lua lru cache + echo "Lua module requires Lua-land LRU Cache library, installing now..." + + if [ ! -d lua-resty-lrucache ]; then + run git clone -q https://github.com/openresty/lua-resty-lrucache.git && \ + run cd lua-resty-lrucache || return 1 + else + run cd lua-resty-lrucache && \ + run git fetch -q --all --tags + fi + + run git checkout "tags/${LUA_RESTY_LRUCACHE_VERSION}" && \ + run make install && \ run cd "${EXTRA_MODULE_DIR}" || return 1 echo "Configuring Lua Nginx Module..." export LUAJIT_LIB=/usr/local/lib export LUAJIT_INC=/usr/local/include/luajit-2.1 - NGX_CONFIGURE_ARGS="--with-ld-opt=\"-Wl,-rpath,/usr/local/lib\"" + NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} --with-ld-opt=\"-Wl,-rpath,/usr/local/lib\"" - run git clone -q https://github.com/openresty/lua-nginx-module.git + run git clone -q --branch="${LUA_NGINX_MODULE_VERSION}" --single-branch \ + https://github.com/openresty/lua-nginx-module.git - if "${NGINX_DYNAMIC_MODULE}"; then + if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ --add-dynamic-module=${EXTRA_MODULE_DIR}/lua-nginx-module" else NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ --add-module=${EXTRA_MODULE_DIR}/lua-nginx-module" fi + fi # Openresty Memc - An extended version of the standard memcached module. if "${NGX_HTTP_MEMCACHED}"; then echo "Adding ngx-http-memcached module..." - run git clone -q https://github.com/openresty/memc-nginx-module.git - if "${NGINX_DYNAMIC_MODULE}"; then + + run git clone -q --branch="master" --single-branch https://github.com/openresty/memc-nginx-module.git + + if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ --add-dynamic-module=${EXTRA_MODULE_DIR}/memc-nginx-module" else @@ -776,8 +824,10 @@ function init_nginx_install() { # NAXSI is an open-source, high performance, low rules maintenance WAF for Nginx. if "${NGX_HTTP_NAXSI}"; then echo "Adding ngx-http-naxsi (Web Application Firewall) module..." - run git clone -q https://github.com/nbs-system/naxsi.git - if "${NGINX_DYNAMIC_MODULE}"; then + + run git clone -q --branch="master" --single-branch https://github.com/nbs-system/naxsi.git + + if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ --add-dynamic-module=${EXTRA_MODULE_DIR}/naxsi/naxsi_src" else @@ -789,8 +839,10 @@ function init_nginx_install() { # NDK adds additional generic tools that module developers can use in their own modules. if "${NGX_HTTP_NDK}"; then echo "Adding ngx-http-ndk Nginx Devel Kit module..." - run git clone https://github.com/vision5/ngx_devel_kit.git - if "${NGINX_DYNAMIC_MODULE}"; then + + run git clone -q --branch="master" --single-branch https://github.com/vision5/ngx_devel_kit.git + + if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ --add-dynamic-module=${EXTRA_MODULE_DIR}/ngx_devel_kit" else @@ -803,8 +855,10 @@ function init_nginx_install() { # shellcheck disable=SC2153 if "${NGX_HTTP_JS}"; then echo "Adding ngx-http-js module..." - run git clone https://github.com/nginx/njs.git - if "${NGINX_DYNAMIC_MODULE}"; then + + run git clone -q --branch="master" --single-branch https://github.com/nginx/njs.git + + if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ --add-dynamic-module=${EXTRA_MODULE_DIR}/njs/nginx" else @@ -818,7 +872,7 @@ function init_nginx_install() { echo "Adding ngx-http-passenger module..." if [[ -n $(command -v passenger-config) ]]; then - if "${NGINX_DYNAMIC_MODULE}"; then + if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ --add-dynamic-module=$(passenger-config --nginx-addon-dir)" else @@ -834,9 +888,9 @@ function init_nginx_install() { if "${NGX_HTTP_REDIS2}"; then echo "Adding ngx-http-redis2 module..." - run git clone -q https://github.com/openresty/redis2-nginx-module.git + run git clone -q --branch="master" --single-branch https://github.com/openresty/redis2-nginx-module.git - if "${NGINX_DYNAMIC_MODULE}"; then + if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ --add-dynamic-module=${EXTRA_MODULE_DIR}/redis2-nginx-module" else @@ -849,9 +903,9 @@ function init_nginx_install() { if "${NGX_HTTP_SUBS_FILTER}"; then echo "Adding ngx-http-subs-filter module..." - run git clone -q https://github.com/yaoweibin/ngx_http_substitutions_filter_module.git + run git clone -q --branch="master" --single-branch https://github.com/yaoweibin/ngx_http_substitutions_filter_module.git - if "${NGINX_DYNAMIC_MODULE}"; then + if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ --add-dynamic-module=${EXTRA_MODULE_DIR}/ngx_http_substitutions_filter_module" else @@ -865,16 +919,16 @@ function init_nginx_install() { echo "Adding ngx-http-nginx-upstream-fair module..." #run git clone -q https://github.com/gnosek/nginx-upstream-fair.git - run git clone --branch="lemper" -q https://github.com/joglomedia/nginx-upstream-fair + run git clone -q --branch="lemper" https://github.com/joglomedia/nginx-upstream-fair echo "Patch nginx-upstream-fair module with tengine-patches..." - run git clone -q https://github.com/alibaba/tengine-patches.git + run git clone -q --branch="master" --single-branch https://github.com/alibaba/tengine-patches.git run cd nginx-upstream-fair && \ - run patch -p1 < "${EXTRA_MODULE_DIR}/tengine-patches/nginx-upstream-fair/upstream-fair-upstream-check.patch" - run cd "${EXTRA_MODULE_DIR}" && \ + run bash -c "patch -p1 < '${EXTRA_MODULE_DIR}/tengine-patches/nginx-upstream-fair/upstream-fair-upstream-check.patch'" + run cd "${EXTRA_MODULE_DIR}" || return 1 - if "${NGINX_DYNAMIC_MODULE}"; then + if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then # Dynamic module not supported yet (testing lemper branch) NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ --add-dynamic-module=${EXTRA_MODULE_DIR}/nginx-upstream-fair" @@ -888,9 +942,9 @@ function init_nginx_install() { if "${NGX_HTTP_VTS}"; then echo "Add ngxx-http-module-vts (VHost traffic status) module..." - run git clone -q https://github.com/vozlt/nginx-module-vts.git + run git clone -q --branch="master" --single-branch https://github.com/vozlt/nginx-module-vts.git - if "${NGINX_DYNAMIC_MODULE}"; then + if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ --add-dynamic-module=${EXTRA_MODULE_DIR}/nginx-module-vts" else @@ -903,7 +957,7 @@ function init_nginx_install() { if "${NGX_HTTP_XSLT_FILTER}"; then echo "Adding ngx-http-xslt-filter module..." - if "${NGINX_DYNAMIC_MODULE}"; then + if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ --with-http_xslt_module=dynamic" else @@ -916,7 +970,7 @@ function init_nginx_install() { if "${NGX_MAIL}"; then echo "Adding ngx-mail module..." - if "${NGINX_DYNAMIC_MODULE}"; then + if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ --with-mail=dynamic \ --with-mail_ssl_module" @@ -931,9 +985,9 @@ function init_nginx_install() { if "${NGX_NCHAN}"; then echo "Adding ngx-nchan (Pub/Sub) module..." - run git clone -q https://github.com/slact/nchan.git + run git clone -q --branch="master" --single-branch https://github.com/slact/nchan.git - if "${NGINX_DYNAMIC_MODULE}"; then + if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ --add-dynamic-module=${EXTRA_MODULE_DIR}/nchan" else @@ -946,9 +1000,9 @@ function init_nginx_install() { if "${NGX_RTMP}"; then echo "Adding ngx-rtmp (Media Streaming Server) module..." - run git clone -q https://github.com/sergey-dryabzhinsky/nginx-rtmp-module.git + run git clone -q --branch="master" --single-branch https://github.com/arut/nginx-rtmp-module.git - if "${NGINX_DYNAMIC_MODULE}"; then + if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ --add-dynamic-module=${EXTRA_MODULE_DIR}/nginx-rtmp-module" else @@ -961,7 +1015,7 @@ function init_nginx_install() { if "${NGX_STREAM}"; then echo "Adding ngx-stream module..." - if "${NGINX_DYNAMIC_MODULE}"; then + if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ --with-stream=dynamic \ --with-stream_geoip_module=dynamic \ @@ -976,10 +1030,24 @@ function init_nginx_install() { --with-stream_ssl_module \ --with-stream_ssl_preread_module" fi + + if "${NGX_HTTP_LUA}"; then + echo "Adding ngx-stream-lua module..." + + run git clone -q --branch="master" --single-branch https://github.com/openresty/stream-lua-nginx-module.git + + if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then + NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ + --add-dynamic-module=${EXTRA_MODULE_DIR}/stream-lua-nginx-module" + else + NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ + --add-module=${EXTRA_MODULE_DIR}/stream-lua-nginx-module" + fi + fi fi fi - run cd "${CURRENT_DIR}" && \ + run cd "${CURRENT_DIR}" || return 1 # Build nginx from source installer. echo -e "\nBuilding Nginx from source..." @@ -988,13 +1056,19 @@ function init_nginx_install() { NGX_BUILD_URL="https://raw.githubusercontent.com/apache/incubator-pagespeed-ngx/master/scripts/build_ngx_pagespeed.sh" if curl -sLI "${NGX_BUILD_URL}" | grep -q "HTTP/[.12]* [2].."; then + if [[ "${DRYRUN}" == true ]]; then + DRYRUN_ARG="--dryrun" + else + DRYRUN_ARG="" + fi + run curl -sS -o "${BUILD_DIR}/build_nginx" "${NGX_BUILD_URL}" && \ run bash "${BUILD_DIR}/build_nginx" -v latest-stable -n "${NGINX_RELEASE_VERSION}" --dynamic-module \ - -b "${BUILD_DIR}" -a "${NGX_CONFIGURE_ARGS}" -y + -b "${BUILD_DIR}" -a "${NGX_CONFIGURE_ARGS}" -y "${DRYRUN_ARG}" else error "Nginx from source installer not found." fi - fi + #fi echo "Configuring Nginx extra modules..." @@ -1084,6 +1158,18 @@ function init_nginx_install() { > /etc/nginx/modules-available/mod-http-image-filter.conf" fi + if [[ -f /usr/lib/nginx/modules/ngx_http_js_module.so && \ + ! -f /etc/nginx/modules-available/mod-http-js.conf ]]; then + run bash -c "echo 'load_module \"/usr/lib/nginx/modules/ngx_http_js_module.so\";' \ + > /etc/nginx/modules-available/mod-http-js.conf" + fi + + if [[ -f /usr/lib/nginx/modules/ngx_http_lua_module.so && \ + ! -f /etc/nginx/modules-available/mod-http-lua.conf ]]; then + run bash -c "echo 'load_module \"/usr/lib/nginx/modules/ngx_http_lua_module.so\";' \ + > /etc/nginx/modules-available/mod-http-lua.conf" + fi + if [[ -f /usr/lib/nginx/modules/ngx_http_memc_module.so && \ ! -f /etc/nginx/modules-available/mod-http-memc.conf ]]; then run bash -c "echo 'load_module \"/usr/lib/nginx/modules/ngx_http_memc_module.so\";' \ @@ -1174,26 +1260,14 @@ function init_nginx_install() { > /etc/nginx/modules-available/mod-stream-geoip.conf" fi - if [[ -f /usr/lib/nginx/modules/ngx_stream_realip_module.so && \ - ! -f /etc/nginx/modules-available/mod-stream-realip-module.conf ]]; then - run bash -c "echo 'load_module \"/usr/lib/nginx/modules/ngx_stream_realip_module.so\";' \ - > /etc/nginx/modules-available/mod-stream-realip-module.conf" - fi - - if [[ -f /usr/lib/nginx/modules/ngx_stream_ssl_module.so && \ - ! -f /etc/nginx/modules-available/mod-stream-ssl-module.conf ]]; then - run bash -c "echo 'load_module \"/usr/lib/nginx/modules/ngx_stream_ssl_module.so\";' \ - > /etc/nginx/modules-available/mod-stream-ssl-module.conf" - fi - - if [[ -f /usr/lib/nginx/modules/ngx_stream_ssl_preread_module.so && \ - ! -f /etc/nginx/modules-available/mod-stream-ssl-preread-module.conf ]]; then - run bash -c "echo 'load_module \"/usr/lib/nginx/modules/ngx_stream_ssl_preread_module.so\";' \ - > /etc/nginx/modules-available/mod-stream-ssl-preread-module.conf" + if [[ -f /usr/lib/nginx/modules/ngx_stream_js_module.so && \ + ! -f /etc/nginx/modules-available/mod-stream-js.conf ]]; then + run bash -c "echo 'load_module \"/usr/lib/nginx/modules/ngx_stream_js_module.so\";' \ + > /etc/nginx/modules-available/mod-stream-js.conf" fi # Enable Nginx Dynamic Module. - if "${NGINX_DYNAMIC_MODULE}"; then + if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then ENABLE_NGXDM=y else echo "" @@ -1207,55 +1281,55 @@ function init_nginx_install() { if [[ "${NGX_HTTP_AUTH_PAM}" && \ -f /etc/nginx/modules-available/mod-http-auth-pam.conf ]]; then run ln -fs /etc/nginx/modules-available/mod-http-auth-pam.conf \ - /etc/nginx/modules-enabled/60-mod-http-auth-pam.conf + /etc/nginx/modules-enabled/50-mod-http-auth-pam.conf fi if [[ "${NGX_HTTP_BROTLI}" && \ -f /etc/nginx/modules-available/mod-http-brotli-filter.conf ]]; then run ln -fs /etc/nginx/modules-available/mod-http-brotli-filter.conf \ - /etc/nginx/modules-enabled/20-mod-http-brotli-filter.conf + /etc/nginx/modules-enabled/30-mod-http-brotli-filter.conf fi if [[ "${NGX_HTTP_BROTLI}" && \ -f /etc/nginx/modules-available/mod-http-brotli-static.conf ]]; then run ln -fs /etc/nginx/modules-available/mod-http-brotli-static.conf \ - /etc/nginx/modules-enabled/20-mod-http-brotli-static.conf + /etc/nginx/modules-enabled/30-mod-http-brotli-static.conf fi if [[ "${NGX_HTTP_CACHE_PURGE}" && \ -f /etc/nginx/modules-available/mod-http-cache-purge.conf ]]; then run ln -fs /etc/nginx/modules-available/mod-http-cache-purge.conf \ - /etc/nginx/modules-enabled/50-mod-http-cache-purge.conf + /etc/nginx/modules-enabled/40-mod-http-cache-purge.conf fi if [[ "${NGX_HTTP_DAV_EXT}" && \ -f /etc/nginx/modules-available/mod-http-dav-ext.conf ]]; then run ln -fs /etc/nginx/modules-available/mod-http-dav-ext.conf \ - /etc/nginx/modules-enabled/60-mod-http-dav-ext.conf + /etc/nginx/modules-enabled/50-mod-http-dav-ext.conf fi if [[ "${NGX_HTTP_ECHO}" && \ -f /etc/nginx/modules-available/mod-http-echo.conf ]]; then run ln -fs /etc/nginx/modules-available/mod-http-echo.conf \ - /etc/nginx/modules-enabled/60-mod-http-echo.conf + /etc/nginx/modules-enabled/50-mod-http-echo.conf fi if [[ "${NGX_HTTP_FANCYINDEX}" && \ -f /etc/nginx/modules-available/mod-http-fancyindex.conf ]]; then run ln -fs /etc/nginx/modules-available/mod-http-fancyindex.conf \ - /etc/nginx/modules-enabled/40-mod-http-fancyindex.conf + /etc/nginx/modules-enabled/50-mod-http-fancyindex.conf fi if [[ "${NGX_HTTP_GEOIP2}" && \ -f /etc/nginx/modules-available/mod-http-geoip2.conf ]]; then run ln -fs /etc/nginx/modules-available/mod-http-geoip2.conf \ - /etc/nginx/modules-enabled/50-mod-http-geoip2.conf + /etc/nginx/modules-enabled/30-mod-http-geoip2.conf fi if [[ "${NGX_HTTP_GEOIP}" && \ -f /etc/nginx/modules-available/mod-http-geoip.conf ]]; then run ln -fs /etc/nginx/modules-available/mod-http-geoip.conf \ - /etc/nginx/modules-enabled/50-mod-http-geoip.conf + /etc/nginx/modules-enabled/30-mod-http-geoip.conf fi if [[ "${NGX_HTTP_HEADERS_MORE}" && \ @@ -1267,7 +1341,19 @@ function init_nginx_install() { if [[ "${NGX_HTTP_IMAGE_FILTER}" && \ -f /etc/nginx/modules-available/mod-http-image-filter.conf ]]; then run ln -fs /etc/nginx/modules-available/mod-http-image-filter.conf \ - /etc/nginx/modules-enabled/50-mod-http-image-filter.conf + /etc/nginx/modules-enabled/40-mod-http-image-filter.conf + fi + + if [[ "${NGX_HTTP_JS}" && \ + -f /etc/nginx/modules-available/mod-http-js.conf ]]; then + run ln -fs /etc/nginx/modules-available/mod-http-js.conf \ + /etc/nginx/modules-enabled/30-mod-http-js.conf + fi + + if [[ "${NGX_HTTP_LUA}" && \ + -f /etc/nginx/modules-available/mod-http-lua.conf ]]; then + run ln -fs /etc/nginx/modules-available/mod-http-lua.conf \ + /etc/nginx/modules-enabled/30-mod-http-lua.conf fi if [[ "${NGX_HTTP_MEMCACHED}" && \ @@ -1282,6 +1368,12 @@ function init_nginx_install() { /etc/nginx/modules-enabled/50-mod-http-naxsi.conf fi + if [[ "${NGX_HTTP_NDK}" && \ + -f /etc/nginx/modules-available/mod-ndk-http.conf ]]; then + run ln -fs /etc/nginx/modules-available/mod-ndk-http.conf \ + /etc/nginx/modules-enabled/20-mod-ndk-http.conf + fi + if [[ "${NGX_HTTP_PASSENGER}" && \ -f /etc/nginx/modules-available/mod-http-passenger.conf ]]; then run ln -fs /etc/nginx/modules-available/mod-http-passenger.conf \ @@ -1315,62 +1407,54 @@ function init_nginx_install() { if [[ "${NGX_HTTP_XSLT_FILTER}" && \ -f /etc/nginx/modules-available/mod-http-xslt-filter.conf ]]; then run ln -fs /etc/nginx/modules-available/mod-http-xslt-filter.conf \ - /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf + /etc/nginx/modules-enabled/40-mod-http-xslt-filter.conf fi if [[ "${NGX_MAIL}" && \ -f /etc/nginx/modules-available/mod-mail.conf ]]; then run ln -fs /etc/nginx/modules-available/mod-mail.conf \ - /etc/nginx/modules-enabled/50-mod-mail.conf + /etc/nginx/modules-enabled/60-mod-mail.conf fi if [[ "${NGX_NCHAN}" && \ -f /etc/nginx/modules-available/mod-nchan.conf ]]; then run ln -fs /etc/nginx/modules-available/mod-nchan.conf \ - /etc/nginx/modules-enabled/50-mod-nchan.conf + /etc/nginx/modules-enabled/60-mod-nchan.conf fi if [[ "${NGX_PAGESPEED}" && \ -f /etc/nginx/modules-available/mod-pagespeed.conf ]]; then run ln -fs /etc/nginx/modules-available/mod-pagespeed.conf \ - /etc/nginx/modules-enabled/50-mod-pagespeed.conf + /etc/nginx/modules-enabled/60-mod-pagespeed.conf fi - local MOD_STREAM_ENABLED=0 + local MOD_STREAM_ENABLED=false if [[ "${NGX_STREAM}" && \ -f /etc/nginx/modules-available/mod-stream.conf ]]; then + # Enable mod-stream if it's not already enabled. run ln -fs /etc/nginx/modules-available/mod-stream.conf \ - /etc/nginx/modules-enabled/50-mod-stream.conf + /etc/nginx/modules-enabled/20-mod-stream.conf if [[ "${NGX_HTTP_GEOIP2}" && \ -f /etc/nginx/modules-available/mod-stream-geoip2.conf ]]; then run ln -fs /etc/nginx/modules-available/mod-stream-geoip2.conf \ - /etc/nginx/modules-enabled/60-mod-stream-geoip2.conf + /etc/nginx/modules-enabled/50-mod-stream-geoip2.conf fi if [[ "${NGX_HTTP_GEOIP}" && \ -f /etc/nginx/modules-available/mod-stream-geoip.conf ]]; then run ln -fs /etc/nginx/modules-available/mod-stream-geoip.conf \ - /etc/nginx/modules-enabled/60-mod-stream-geoip.conf - fi - - if [[ -f /etc/nginx/modules-available/mod-stream-realip.conf ]]; then - run ln -fs /etc/nginx/modules-available/mod-stream-realip.conf \ - /etc/nginx/modules-enabled/60-mod-stream-realip.conf + /etc/nginx/modules-enabled/50-mod-stream-geoip.conf fi - if [[ -f /etc/nginx/modules-available/mod-stream-ssl.conf ]]; then - run ln -fs /etc/nginx/modules-available/mod-stream-ssl.conf \ - /etc/nginx/modules-enabled/60-mod-stream-ssl.conf + if [[ "${NGX_HTTP_JS}" && \ + -f /etc/nginx/modules-available/mod-stream-js.conf ]]; then + run ln -fs /etc/nginx/modules-available/mod-stream-js.conf \ + /etc/nginx/modules-enabled/50-mod-stream-js.conf.conf fi - if [[ -f /etc/nginx/modules-available/mod-stream-ssl-preread.conf ]]; then - run ln -fs /etc/nginx/modules-available/mod-stream-ssl-preread.conf \ - /etc/nginx/modules-enabled/60-mod-stream-ssl-preread.conf - fi - - MOD_STREAM_ENABLED=1 + MOD_STREAM_ENABLED=true fi fi @@ -1412,13 +1496,16 @@ function init_nginx_install() { run cp -f etc/nginx/{fastcgi_cache,fastcgi_https_map,fastcgi_params,mod_pagespeed,proxy_cache,proxy_params} \ /etc/nginx/ run cp -f etc/nginx/{http_cloudflare_ips,http_proxy_ips,upstream} /etc/nginx/ - run cp -fr etc/nginx/{includes,vhost} /etc/nginx/ + run cp -fr etc/nginx/{conf.d,includes,vhost} /etc/nginx/ # Copy custom index & error pages. - [ ! -d /usr/share/nginx/html ] && run mkdir -p /usr/share/nginx/html + [ ! -d /usr/share/nginx/html ] && run mkdir -p /usr/share/nginx/html/ run cp -fr share/nginx/html/error-pages /usr/share/nginx/html/ run cp -f share/nginx/html/index.html /usr/share/nginx/html/ + # Let's Encrypt acme challenge directory. + [ ! -d /usr/share/nginx/html/.well-known ] && run mkdir -p /usr/share/nginx/html/.well-known/acme-challenge/ + # Create Nginx cache directory. [ ! -d /var/cache/nginx/fastcgi_cache ] && run mkdir -p /var/cache/nginx/fastcgi_cache [ ! -d /var/cache/nginx/proxy_cache ] && run mkdir -p /var/cache/nginx/proxy_cache @@ -1438,30 +1525,32 @@ function init_nginx_install() { run ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/00-default # TODO: Add stream support. - if [ "${MOD_STREAM_ENABLED}" ]; then + + if [[ "${MOD_STREAM_ENABLED}" == true ]]; then # Create Nginx stream vhost directory. [ ! -d /etc/nginx/streams-available ] && run mkdir -p /etc/nginx/streams-available [ ! -d /etc/nginx/streams-enabled ] && run mkdir -p /etc/nginx/streams-enabled # Copy custom stream vhost. cat >> /etc/nginx/nginx.conf </dev/null 2>&1 && pwd ) # shellcheck disable=SC1091 . "${BASE_DIR}/helper.sh" -fi -# Make sure only root can run this installer script. -requires_root "$@" + # Make sure only root can run this installer script. + requires_root "$@" -# Make sure only supported distribution can run this installer script. -preflight_system_check + # Make sure only supported distribution can run this installer script. + preflight_system_check +fi # Install Phalcon from source. function install_phalcon() { @@ -187,7 +187,7 @@ function enable_phalcon() { # PHP version. local PHPv="${1}" if [[ -z "${PHPv}" ]]; then - PHPv=${DEFAULT_PHP_VERSION:-"7.4"} + PHPv=${DEFAULT_PHP_VERSION:-"8.0"} fi if [[ "${DRYRUN}" == true ]]; then @@ -405,8 +405,8 @@ function init_phalcon_install() { echo " 2). PHP 7.0 (EOL)" echo " 3). PHP 7.1 (EOL)" echo " 4). PHP 7.2 (EOL)" - echo " 5). PHP 7.3 (SFO)" - echo " 6). PHP 7.4 (stable)" + echo " 5). PHP 7.3 (EOL)" + echo " 6). PHP 7.4 (SFO)" echo " 7). PHP 8.0 (Latest stable)" echo " 8). All available versions" echo "--------------------------------------------" diff --git a/scripts/install_php.sh b/scripts/install_php.sh index 9941d33d..83e46eb0 100755 --- a/scripts/install_php.sh +++ b/scripts/install_php.sh @@ -2,7 +2,7 @@ # PHP Installer # Min. Requirement : GNU/Linux Ubuntu 18.04 -# Last Build : 09/01/2022 +# Last Build : 13/02/2022 # Author : MasEDI.Net (me@masedi.net) # Since Version : 1.0.0 @@ -11,13 +11,13 @@ if [[ "$(type -t run)" != "function" ]]; then BASE_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd ) # shellcheck disable=SC1091 . "${BASE_DIR}/helper.sh" -fi -# Make sure only root can run this installer script. -requires_root "$@" + # Make sure only root can run this installer script. + requires_root "$@" -# Make sure only supported distribution can run this installer script. -preflight_system_check + # Make sure only supported distribution can run this installer script. + preflight_system_check +fi ## # Add PHP repository. @@ -34,6 +34,11 @@ function add_php_repo() { run touch "/etc/apt/sources.list.d/ondrej-php-${RELEASE_NAME}.list" run bash -c "echo 'deb https://packages.sury.org/php/ ${RELEASE_NAME} main' > /etc/apt/sources.list.d/ondrej-php-${RELEASE_NAME}.list" run wget -qO /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg + + # Add openswoole official repository. + if echo "${PHP_EXTENSIONS}" | grep -qwE "openswoole"; then + run add-apt-repository -y ppa:openswoole/ppa + fi else info "PHP package repository already exists." fi @@ -42,6 +47,11 @@ function add_php_repo() { if [[ ! -f "/etc/apt/sources.list.d/ondrej-php-${RELEASE_NAME}.list" ]]; then run apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 14AA40EC0831756756D7F66C4F4EA0AAE5267A6C run add-apt-repository -y ppa:ondrej/php + + # Add openswoole official repository. + if echo "${PHP_EXTENSIONS}" | grep -qwE "openswoole"; then + run add-apt-repository -y ppa:openswoole/ppa + fi else info "PHP package repository already exists." fi @@ -51,7 +61,7 @@ function add_php_repo() { ;; esac - info "Updating repository..." + info "Updating repository, please wait..." run apt-get update -qq -y } @@ -64,25 +74,26 @@ function install_php() { # PHP version. local PHPv="${1}" if [[ -z "${PHPv}" ]]; then - PHPv=${DEFAULT_PHP_VERSION:-"7.4"} + PHPv=${DEFAULT_PHP_VERSION:-"8.0"} fi # Checking if PHP already installed. - if [[ -n $(command -v "php${PHPv}") ]]; then + if [[ -n $(command -v "php${PHPv}") && -n $(command -v "php-fpm${PHPv}") ]]; then PHP_IS_INSTALLED="yes" info "PHP ${PHPv} and it's extensions already exists." else - echo "Installing PHP ${PHPv} and required extensions..." + echo "Preparing PHP ${PHPv} installation..." + local PHP_EXTS=() local PHP_REPO_EXTS=() local PHP_PECL_EXTS=() - local PHP_EXTS=() + local PHP_PECL_FLAG="" # Include user defined extensions from config file. read -r -a PHP_EXTS <<< "${PHP_EXTENSIONS}" PHP_EXTS+=("bcmath" "bz2" "cli" "common" "curl" "dev" "fpm" "gd" "gmp" "gnupg" \ - "imap" "intl" "mbstring" "mysql" "opcache" "pcov" "pgsql" "pspell" "readline" "redis" \ + "imap" "intl" "mbstring" "mysql" "opcache" "pcov" "pgsql" "pspell" "readline" \ "ldap" "snmp" "soap" "sqlite3" "tidy" "tokenizer" "xml" "xmlrpc" "xsl" "yaml" "zip") # Add PHP extensions. @@ -96,15 +107,9 @@ function install_php() { # Check additional PHP extensions availability. for EXT_NAME in "${PHP_EXTS[@]}"; do - echo -n "Checking extension: ${EXT_NAME}... " - - if [[ "${EXT_NAME}" == *sodium && "${PHPv//.}" -gt "72" ]]; then - echo "[pecl libsodium]" - #echo "not available for PHP ${PHPv}" - PHP_PECL_EXTS+=("libsodium") - continue - fi + echo -n "Checking extension ${EXT_NAME}... " + # Search extension from repository or PECL. if apt-cache search "php${PHPv}-${EXT_NAME}" | grep -c "php${PHPv}-${EXT_NAME}" > /dev/null; then echo "[php${PHPv}-${EXT_NAME}]" PHP_REPO_EXTS+=("php${PHPv}-${EXT_NAME}") @@ -112,46 +117,64 @@ function install_php() { echo "[php${PHPv}-${EXT_NAME}]" PHP_REPO_EXTS+=("php-${EXT_NAME}") else - echo "[pecl ${EXT_NAME}]" - PHP_PECL_EXTS+=("${EXT_NAME}") + # Fix PECL Sodium ext name. + if [[ "${EXT_NAME}" == "sodium" ]]; then + EXT_NAME="libsodium" + fi + + # Check PECL extension is available. + if curl -sLI "https://pecl.php.net/rest/r/${EXT_NAME}/allreleases.xml" | grep -q "HTTP/[.12]* [2].."; then + #if pecl list | grep -c "${EXT_NAME}" > /dev/null; then + echo "[pecl-${EXT_NAME}]" + PHP_PECL_EXTS+=("${EXT_NAME}") + + if [[ "${EXT_NAME}" == "openswoole" ]]; then + PHP_PECL_FLAG=' -D enable-sockets="no" enable-openssl="yes" enable-http2="yes" enable-mysqlnd="yes" enable-swoole-json="yes" enable-swoole-curl="yes" enable-cares="yes" with-postgres="no"' + fi + else + echo "Not found." + fi fi done # Install PHP and PHP extensions. + echo "Installing PHP ${PHPv} and it's extensions..." + if [[ "${#PHP_REPO_EXTS[@]}" -gt 0 ]]; then run apt-get install -qq -y "php${PHPv}" "${PHP_REPO_EXTS[@]}" \ dh-php php-common php-pear php-xml pkg-php-tools fcgiwrap spawn-fcgi fi # Install PHP extensions from PECL. - echo "Installing PHP extensions from PECL..." + echo "Installing PHP extensions from PECL repo..." # Sort PHP extensions. #shellcheck disable=SC2207 PHP_PECL_EXTS=($(printf "%s\n" "${PHP_PECL_EXTS[@]}" | sort -u | tr '\n' ' ')) # Remove json extension from PHP greater than 7.4. It is now always available. - if [[ $(bc -l <<< "${PHPv} > 7.4") == 1 ]]; then + if [[ $(bc -l <<< "${PHPv//.} > 74") == 1 ]]; then PHP_PECL_EXTS=("${PHP_PECL_EXTS[@]/json/}") fi run pecl channel-update pear.php.net if [[ "${#PHP_PECL_EXTS[@]}" -gt 0 ]]; then - run pecl -d "php_suffix=${PHPv}" install \ - -D 'enable-sockets="no" enable-openssl="yes" enable-http2="yes" enable-mysqlnd="yes" enable-swoole-json="yes" enable-swoole-curl="yes" enable-cares="yes" with-postgres="yes"' \ - "${PHP_PECL_EXTS[@]}" + run pecl -d "php_suffix=${PHPv}" install"${PHP_PECL_FLAG}" "${PHP_PECL_EXTS[@]}" fi # Install additional PHP extensions. [[ "${INSTALL_MEMCACHED}" == true ]] && install_php_memcached "${PHPv}" - [[ "${INSTALL_MONGODB}" == true ]] && install_php_mongodb "${PHPv}" + #[[ "${INSTALL_MONGODB}" == true ]] && install_php_mongodb "${PHPv}" if [[ -n $(command -v "php${PHPv}") ]]; then TOTAL_EXTS=$((${#PHP_EXTS[@]} + ${#PHP_PECL_EXTS[@]})) success "PHP ${PHPv} along with ${TOTAL_EXTS} extensions installed." fi + # Unset PHP extensions variables. + run unset PHP_EXTS PHP_REPO_EXTS PHP_PECL_EXTS PHP_PECL_FLAG + # Enable GeoIP module. if [[ "${PHP_PECL_EXTS[*]}" =~ "geoip" ]]; then echo "Updating PHP ini file with GeoIP extension..." @@ -215,7 +238,7 @@ function restart_php_fpm() { # PHP version. local PHPv="${1}" if [[ -z "${PHPv}" ]]; then - PHPv=${DEFAULT_PHP_VERSION:-"7.4"} + PHPv=${DEFAULT_PHP_VERSION:-"8.0"} fi echo "Restarting PHP-FPM service..." @@ -225,7 +248,7 @@ function restart_php_fpm() { if [[ $(pgrep -c "php-fpm${PHPv}") -gt 0 ]]; then run systemctl reload "php${PHPv}-fpm" success "php${PHPv}-fpm reloaded successfully." - elif [[ -n $(command -v "php${PHPv}") ]]; then + elif [[ -n $(command -v "php-fpm${PHPv}") ]]; then run systemctl start "php${PHPv}-fpm" if [[ $(pgrep -c "php-fpm${PHPv}") -gt 0 ]]; then @@ -246,7 +269,7 @@ function optimize_php_fpm() { # PHP version. local PHPv="${1}" if [[ -z "${PHPv}" ]]; then - PHPv=${DEFAULT_PHP_VERSION:-"7.4"} + PHPv=${DEFAULT_PHP_VERSION:-"8.0"} fi echo "Optimizing PHP ${PHPv} & FPM configuration..." @@ -363,20 +386,32 @@ EOL # Customize php ini settings. if [[ "${DRYRUN}" != true ]]; then cat >> "/etc/php/${PHPv}/fpm/pool.d/www.conf" </dev/null 2>&1 && pwd ) # shellcheck disable=SC1091 . "${BASE_DIR}/helper.sh" -fi -# Make sure only root can run this installer script. -requires_root "$@" + # Make sure only root can run this installer script. + requires_root "$@" -# Make sure only supported distribution can run this installer script. -preflight_system_check + # Make sure only supported distribution can run this installer script. + preflight_system_check +fi +## +# Add Redis repository. +## function add_redis_repo() { echo "Adding Redis repository..." - DISTRIB_NAME=${DISTRIB_NAME:-$(get_distrib_name)} - DISTRIB_REPO=${DISTRIB_REPO:-$(get_release_name)} - case ${DISTRIB_NAME} in debian) if [[ ! -f "/etc/apt/sources.list.d/dotdeb-stable.list" ]]; then @@ -41,12 +41,14 @@ function add_redis_repo() { run apt-get update -q -y ;; *) - fail "Unable to add Redis, this GNU/Linux distribution is not supported." + fail "Unable to add Redis repo, this GNU/Linux distribution is not supported." ;; esac } -# Install redis. +## +# Initialize Redis installation. +## function init_redis_install { local SELECTED_INSTALLER="" @@ -128,7 +130,7 @@ function init_redis_install { error "An error occured while downloading Redis source." fi - run cd "${CURRENT_DIR}" || error "Cannot change directory to ${CURRENT_DIR}" + run cd "${CURRENT_DIR}" || return 1 ;; *) # Skip unsupported installation mode. @@ -152,7 +154,7 @@ function init_redis_install { # set Redis max mem to 1/4 of RAM size. local REDISMEM_SIZE=$((RAM_SIZE / 4)) else - # Otherwise, set Memcached to max of 2048MiB. + # Otherwise, set to max of 2048MiB. local REDISMEM_SIZE=2048 fi @@ -182,26 +184,27 @@ EOL fi # Custom kernel optimization for Redis. - cat >> /etc/sysctl.conf <> /etc/sysctl.conf < /sys/kernel/mm/transparent_hugepage/enabled" + if [[ ! -f /etc/rc.local ]]; then run touch /etc/rc.local fi # Make the change persistent. cat >> /etc/rc.local < /sys/kernel/mm/transparent_hugepage/enabled EOL else @@ -229,13 +232,12 @@ EOL # Restart and enable Redis on system boot. echo "Starting Redis server..." - if [[ -f /etc/systemd/system/redis.service ]]; then - run systemctl restart redis-server.service + if [[ -f /etc/systemd/system/redis.service || -f /lib/systemd/system/redis-server.service ]]; then run systemctl enable redis-server.service - else - run systemctl restart redis-server fi + run systemctl restart redis-server.service + if [[ "${DRYRUN}" != true ]]; then if [[ $(pgrep -c redis-server) -gt 0 ]]; then success "Redis server started successfully." @@ -250,12 +252,12 @@ EOL fi } -echo "[Redis (Key-value) Server Installation]" +echo "[Redis Server Installation]" # Start running things from a call at the end so if this script is executed # after a partial download it doesn't do anything. if [[ -n $(command -v redis-server) && "${FORCE_INSTALL}" != true ]]; then - info "Redis key-value store server already exists, installation skipped." + info "Redis server already exists, installation skipped." else init_redis_install "$@" fi diff --git a/scripts/install_tools.sh b/scripts/install_tools.sh index 1518a3ac..a9d2a9bd 100755 --- a/scripts/install_tools.sh +++ b/scripts/install_tools.sh @@ -2,7 +2,7 @@ # LEMPer administration installer # Min. Requirement : GNU/Linux Ubuntu 18.04 -# Last Build : 11/12/2021 +# Last Build : 12/02/2022 # Author : MasEDI.Net (me@masedi.net) # Since Version : 1.0.0 @@ -11,13 +11,13 @@ if [[ "$(type -t run)" != "function" ]]; then BASE_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd ) # shellcheck disable=SC1091 . "${BASE_DIR}/helper.sh" -fi -# Make sure only root can run this installer script. -requires_root "$@" + # Make sure only root can run this installer script. + requires_root "$@" -# Make sure only supported distribution can run this installer script. -preflight_system_check + # Make sure only supported distribution can run this installer script. + preflight_system_check +fi ## # LEMPer CLI & web admin install. @@ -34,11 +34,17 @@ function init_tools_install() { run cp -f lib/lemper-adduser.sh /etc/lemper/cli-plugins/lemper-adduser && \ run chmod ugo+x /etc/lemper/cli-plugins/lemper-adduser + run cp -f lib/lemper-site.sh /etc/lemper/cli-plugins/lemper-site && \ + run chmod ugo+x /etc/lemper/cli-plugins/lemper-site + run cp -f lib/lemper-create.sh /etc/lemper/cli-plugins/lemper-create && \ run chmod ugo+x /etc/lemper/cli-plugins/lemper-create && \ - [ ! -x /etc/lemper/cli-plugins/lemper-vhost ] && \ - run ln -s /etc/lemper/cli-plugins/lemper-create /etc/lemper/cli-plugins/lemper-vhost + run cp -f lib/lemper-create.sh /etc/lemper/cli-plugins/lemper-site-add && \ + run chmod ugo+x /etc/lemper/cli-plugins/lemper-site-add + + #[ ! -x /etc/lemper/cli-plugins/lemper-vhost ] && \ + # run ln -s /etc/lemper/cli-plugins/lemper-create /etc/lemper/cli-plugins/lemper-vhost run cp -f lib/lemper-db.sh /etc/lemper/cli-plugins/lemper-db && \ run chmod ugo+x /etc/lemper/cli-plugins/lemper-db @@ -186,7 +192,6 @@ EOL [ -f /usr/share/nginx/html/lcp/memcadmin/index.php ] && echo_ok "OK" - # Install phpRedisAdmin Web Admin. echo -n "Installing PhpRedisAdmin panel..." diff --git a/scripts/install_vsftpd.sh b/scripts/install_vsftpd.sh index 9dd247e6..6d31734f 100755 --- a/scripts/install_vsftpd.sh +++ b/scripts/install_vsftpd.sh @@ -2,7 +2,7 @@ # VSFTPD Installer # Min. Requirement : GNU/Linux Ubuntu 18.04 -# Last Build : 24/10/2021 +# Last Build : 12/02/2022 # Author : MasEDI.Net (me@masedi.net) # Since Version : 1.0.0 @@ -11,13 +11,13 @@ if [[ "$(type -t run)" != "function" ]]; then BASE_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd ) # shellcheck disable=SC1091 . "${BASE_DIR}/helper.sh" -fi -# Make sure only root can run this installer script. -requires_root "$@" + # Make sure only root can run this installer script. + requires_root "$@" -# Make sure only supported distribution can run this installer script. -preflight_system_check + # Make sure only supported distribution can run this installer script. + preflight_system_check +fi ## # Install Vsftpd. @@ -60,11 +60,6 @@ function init_vsftpd_install() { 2 | "source") echo "Installing FTP server (VSFTPD) from source..." - #https://www.linuxfromscratch.org/blfs/view/svn/server/vsftpd.html - - DISTRIB_NAME=${DISTRIB_NAME:-$(get_distrib_name)} - RELEASE_NAME=${RELEASE_NAME:-$(get_release_name)} - # Install libraries. case "${DISTRIB_NAME}" in "debian") @@ -111,14 +106,16 @@ function init_vsftpd_install() { LIB_DIR="/lib" fi - if [[ -f "${LIB_GNU_DIR}/libcap.so.2" ]]; then - run ln -s "${LIB_GNU_DIR}/libcap.so.2" "${LIB_DIR}/libcap.so" - elif [[ -f "${LIB_GNU_DIR}/libcap.so.1" ]]; then - run ln -s "${LIB_GNU_DIR}/libcap.so.1" "${LIB_DIR}/libcap.so" - elif [[ -f "${LIB_GNU_DIR}/libcap.so" ]]; then - run ln -s "${LIB_GNU_DIR}/libcap.so" "${LIB_DIR}/libcap.so" - else - echo "Cannot find libcap.so file." + if [[ ! -f "${LIB_DIR}/libcap.so" ]]; then + if [[ -f "${LIB_GNU_DIR}/libcap.so.2" ]]; then + run ln -s "${LIB_GNU_DIR}/libcap.so.2" "${LIB_DIR}/libcap.so" + elif [[ -f "${LIB_GNU_DIR}/libcap.so.1" ]]; then + run ln -s "${LIB_GNU_DIR}/libcap.so.1" "${LIB_DIR}/libcap.so" + elif [[ -f "${LIB_GNU_DIR}/libcap.so" ]]; then + run ln -s "${LIB_GNU_DIR}/libcap.so" "${LIB_DIR}/libcap.so" + else + echo "Cannot find libcap.so file." + fi fi local CURRENT_DIR && \ @@ -142,6 +139,11 @@ function init_vsftpd_install() { run sed -i 's/\#undef\ VSF_BUILD_SSL/\#define\ VSF_BUILD_SSL/g' ./builddefs.h fi + # Fix error install: cannot create regular file. + run mkdir -p /usr/local/man/man8 && \ + run mkdir -p /usr/local/man/man5 + + # Make install. run make && \ run make install && \ run ldconfig /usr/local/lib && \ @@ -161,16 +163,20 @@ function init_vsftpd_install() { echo "Configuring FTP server (VSFTPD)..." if [[ "${DRYRUN}" != true ]]; then + FTP_MIN_PORT=${FTP_MIN_PORT:-45000} + FTP_MAX_PORT=${FTP_MAX_PORT:-45099} + # Backup default vsftpd conf. - [[ -f /etc/vsftpd.conf ]] && \ + if [[ -f /etc/vsftpd.conf ]]; then run mv /etc/vsftpd.conf /etc/vsftpd.conf.bak - + fi + run touch /etc/vsftpd.conf - # Enable jail + # Enable jail mode. cat > /etc/vsftpd.conf <> /etc/vsftpd.conf </dev/null 2>&1 && pwd ) # shellcheck disable=SC1091 . "${BASE_DIR}/helper.sh" -fi -# Make sure only root can run this installer script. -requires_root "$@" + # Make sure only root can run this installer script. + requires_root "$@" + + # Make sure only supported distribution can run this installer script. + preflight_system_check +fi function init_certbotle_removal() { if dpkg-query -l | awk '/certbot/ { print $2 }' | grep -qwE "^certbot$"; then diff --git a/scripts/remove_fail2ban.sh b/scripts/remove_fail2ban.sh index 989dfd80..25a6664d 100755 --- a/scripts/remove_fail2ban.sh +++ b/scripts/remove_fail2ban.sh @@ -2,7 +2,7 @@ # fail2ban Uninstaller # Min. Requirement : GNU/Linux Ubuntu 18.04 -# Last Build : 10/12/2021 +# Last Build : 12/02/2022 # Author : MasEDI.Net (me@masedi.net) # Since Version : 2.1.0 @@ -11,10 +11,13 @@ if [[ "$(type -t run)" != "function" ]]; then BASE_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd ) # shellcheck disable=SC1091 . "${BASE_DIR}/helper.sh" -fi -# Make sure only root can run this installer script. -requires_root "$@" + # Make sure only root can run this installer script. + requires_root "$@" + + # Make sure only supported distribution can run this installer script. + preflight_system_check +fi function init_fail2ban_removal() { # Stop fail2ban process. diff --git a/scripts/remove_mailer.sh b/scripts/remove_mailer.sh index ddd31377..e46f754f 100755 --- a/scripts/remove_mailer.sh +++ b/scripts/remove_mailer.sh @@ -2,7 +2,7 @@ # Mailer Uninstaller # Min. Requirement : GNU/Linux Ubuntu 18.04 -# Last Build : 18/12/2021 +# Last Build : 14/02/2022 # Author : MasEDI.Net (me@masedi.net) # Since Version : 1.0.0 @@ -11,7 +11,202 @@ if [[ "$(type -t run)" != "function" ]]; then BASE_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd ) # shellcheck disable=SC1091 . "${BASE_DIR}/helper.sh" + + # Make sure only root can run this installer script. + requires_root "$@" + + # Make sure only supported distribution can run this installer script. + preflight_system_check fi -# Make sure only root can run this installer script. -requires_root "$@" +function init_postfix_removal() { + if [[ $(pgrep -c postfix) -gt 0 ]]; then + run systemctl stop postfix + fi + + if dpkg-query -l | awk '/postfix/ { print $2 }' | grep -qwE "^postfix"; then + echo "Found Postfix Mail-Transfer Agent package installation. Removing..." + + # shellcheck disable=SC2046 + run apt-get purge -qq -y postfix mailutils + else + info "Postfix Mail-Transfer Agent package not found, possibly installed from source." + echo "Remove it manually!!" + + POSTFIX_BIN=$(command -v postfix) + + echo "Deleting Postfix binary executable: ${POSTFIX_BIN}" + + [[ -x "${POSTFIX_BIN}" ]] && run rm -f "${POSTFIX_BIN}" + fi + + warning "!! This action is not reversible !!" + + if [[ "${AUTO_REMOVE}" == true ]]; then + if [[ "${FORCE_REMOVE}" == true ]]; then + REMOVE_POSTFIX_CONFIG="y" + else + REMOVE_POSTFIX_CONFIG="n" + fi + else + while [[ "${REMOVE_POSTFIX_CONFIG}" != "y" && "${REMOVE_POSTFIX_CONFIG}" != "n" ]]; do + read -rp "Remove Postfix database and configuration files? [y/n]: " -e REMOVE_POSTFIX_CONFIG + done + fi + + if [[ "${REMOVE_POSTFIX_CONFIG}" == Y* || "${REMOVE_POSTFIX_CONFIG}" == y* ]]; then + if [[ -d /etc/postfix ]]; then + run rm -fr /etc/postfix/ + fi + + echo "All your Postfix configuration files deleted permanently." + fi + + if [[ "${DRYRUN}" != true ]]; then + if [[ -z $(command -v postfix) ]]; then + success "Postfix Mail-Transfer Agent removed succesfully." + else + info "Unable to remove Postfix Mail-Transfer Agent." + fi + else + info "Postfix Mail-Transfer Agent removed in dry run mode." + fi +} + +function init_dovecot_removal() { + if [[ $(pgrep -c dovecot) -gt 0 ]]; then + run systemctl stop dovecot + fi + + if dpkg-query -l | awk '/dovecot/ { print $2 }' | grep -qwE "^dovecot"; then + echo "Found Dovecot IMAP server package installation. Removing..." + + # shellcheck disable=SC2046 + run apt-get purge -qq -y dovecot-core dovecot-common dovecot-imapd dovecot-pop3d + else + info "Dovecot IMAP server package not found, possibly installed from source." + echo "Remove it manually!!" + + DOVECOT_BIN=$(command -v dovecot) + + echo "Deleting Dovecot IMAP server executable: ${DOVECOT_BIN}" + + [[ -x "${DOVECOT_BIN}" ]] && run rm -f "${DOVECOT_BIN}" + fi + + warning "!! This action is not reversible !!" + + if [[ "${AUTO_REMOVE}" == true ]]; then + if [[ "${FORCE_REMOVE}" == true ]]; then + REMOVE_DOVECOT_CONFIG="y" + else + REMOVE_DOVECOT_CONFIG="n" + fi + else + while [[ "${REMOVE_DOVECOT_CONFIG}" != "y" && "${REMOVE_DOVECOT_CONFIG}" != "n" ]]; do + read -rp "Remove Dovecot database and configuration files? [y/n]: " -e REMOVE_DOVECOT_CONFIG + done + fi + + if [[ "${REMOVE_DOVECOT_CONFIG}" == Y* || "${REMOVE_DOVECOT_CONFIG}" == y* ]]; then + if [[ -d /etc/dovecot ]]; then + run rm -fr /etc/dovecot/ + fi + + echo "All your Dovecot configuration files deleted permanently." + fi + + if [[ "${DRYRUN}" != true ]]; then + if [[ -z $(command -v dovecot) ]]; then + success "Dovecot IMAP server removed succesfully." + else + info "Unable to remove Dovecot IMAP server." + fi + else + info "Dovecot IMAP server removed in dry run mode." + fi +} + +function init_spfdkim_removal() { + if [[ $(pgrep -c opendkim) -gt 0 ]]; then + run systemctl stop opendkim + fi + + if dpkg-query -l | awk '/opendkim/ { print $2 }' | grep -qwE "^opendkim"; then + echo "Found OpenDKIM + SPF package installation. Removing..." + + # shellcheck disable=SC2046 + run apt-get purge -qq -y postfix-policyd-spf-python opendkim opendkim-tools + else + info "OpenDKIM + SPF package not found, possibly installed from source." + echo "Remove it manually!!" + + OPENDKIM_BIN=$(command -v opendkim) + + echo "Deleting OpenDKIM executable: ${OPENDKIM_BIN}" + + [[ -x "${OPENDKIM_BIN}" ]] && run rm -f "${OPENDKIM_BIN}" + fi + + warning "!! This action is not reversible !!" + + if [[ "${AUTO_REMOVE}" == true ]]; then + if [[ "${FORCE_REMOVE}" == true ]]; then + REMOVE_OPENDKIM_CONFIG="y" + else + REMOVE_OPENDKIM_CONFIG="n" + fi + else + while [[ "${REMOVE_OPENDKIM_CONFIG}" != "y" && "${REMOVE_OPENDKIM_CONFIG}" != "n" ]]; do + read -rp "Remove OpenDKIM + SPF configuration files? [y/n]: " -e REMOVE_OPENDKIM_CONFIG + done + fi + + if [[ "${REMOVE_OPENDKIM_CONFIG}" == Y* || "${REMOVE_OPENDKIM_CONFIG}" == y* ]]; then + if [[ -d /etc/opendkim ]]; then + run rm -fr /etc/opendkim + fi + + if [[ -f /etc/default/opendkim ]]; then + run rm -f /etc/default/opendkim + fi + + if [[ -f /etc/opendkim.conf ]]; then + run rm -f /etc/opendkim.conf + fi + + echo "All your OpenDKIM + SPF configuration files deleted permanently." + fi + + if [[ "${DRYRUN}" != true ]]; then + if [[ -z $(command -v opendkim) ]]; then + success "OpenDKIM + SPF package removed succesfully." + else + info "Unable to remove OpenDKIM + SPF package." + fi + else + info "OpenDKIM + SPF package removed in dry run mode." + fi +} + +echo "Uninstalling Mailer (Postfix and Dovecot)..." + +if [[ -n $(command -v postfix) || -n $(command -v dovecot) || -n $(command -v opendkim) ]]; then + if [[ "${AUTO_REMOVE}" == true ]]; then + REMOVE_MAILER="y" + else + while [[ "${REMOVE_MAILER}" != "y" && "${REMOVE_MAILER}" != "n" ]]; do + read -rp "Are you sure to remove mail server (Postfix + Dovecot)? [y/n]: " -e REMOVE_MAILER + done + fi + + if [[ "${REMOVE_MAILER}" == y* || "${REMOVE_MAILER}" == Y* ]]; then + init_postfix_removal "$@" + init_dovecot_removal "$@" + init_spfdkim_removal "$@" + else + echo "Found mail server (Postfix + Dovecot), but not removed." + fi +else + info "Oops, mail server (Postfix + Dovecot) installation not found." +fi diff --git a/scripts/remove_mariadb.sh b/scripts/remove_mariadb.sh index a334f9a0..5bd9d816 100755 --- a/scripts/remove_mariadb.sh +++ b/scripts/remove_mariadb.sh @@ -2,7 +2,7 @@ # MariaDB server Uninstaller # Min. Requirement : GNU/Linux Ubuntu 18.04 -# Last Build : 10/12/2021 +# Last Build : 12/02/2022 # Author : MasEDI.Net (me@masedi.net) # Since Version : 1.0.0 @@ -11,10 +11,13 @@ if [[ "$(type -t run)" != "function" ]]; then BASE_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd ) # shellcheck disable=SC1091 . "${BASE_DIR}/helper.sh" -fi -# Make sure only root can run this installer script. -requires_root "$@" + # Make sure only root can run this installer script. + requires_root "$@" + + # Make sure only supported distribution can run this installer script. + preflight_system_check +fi function mariadb_remove_config() { # Remove MariaDB server config files. diff --git a/scripts/remove_memcached.sh b/scripts/remove_memcached.sh index da1ebdaf..eaea0029 100755 --- a/scripts/remove_memcached.sh +++ b/scripts/remove_memcached.sh @@ -2,7 +2,7 @@ # Memcached Uninstaller # Min. Requirement : GNU/Linux Ubuntu 18.04 -# Last Build : 10/12/2021 +# Last Build : 12/02/2022 # Author : MasEDI.Net (me@masedi.net) # Since Version : 1.0.0 @@ -11,10 +11,13 @@ if [[ "$(type -t run)" != "function" ]]; then BASE_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd ) # shellcheck disable=SC1091 . "${BASE_DIR}/helper.sh" -fi -# Make sure only root can run this installer script. -requires_root "$@" + # Make sure only root can run this installer script. + requires_root "$@" + + # Make sure only supported distribution can run this installer script. + preflight_system_check +fi function init_memcached_removal() { # Stop Memcached server process. @@ -109,6 +112,8 @@ function init_memcached_removal() { # Final test. if [[ "${DRYRUN}" != true ]]; then + run systemctl daemon-reload + if [[ -z $(command -v memcached) ]]; then success "Memcached server removed succesfully." else diff --git a/scripts/remove_mongodb.sh b/scripts/remove_mongodb.sh index 5c398fdf..b7054343 100755 --- a/scripts/remove_mongodb.sh +++ b/scripts/remove_mongodb.sh @@ -2,7 +2,7 @@ # MongoDB Uninstaller # Min. Requirement : GNU/Linux Ubuntu 18.04 -# Last Build : 24/12/2021 +# Last Build : 12/02/2022 # Author : MasEDI.Net (me@masedi.net) # Since Version : 1.0.0 @@ -11,18 +11,20 @@ if [[ "$(type -t run)" != "function" ]]; then BASE_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd ) # shellcheck disable=SC1091 . "${BASE_DIR}/helper.sh" -fi -# Make sure only root can run this installer script. -requires_root "$@" + # Make sure only root can run this installer script. + requires_root "$@" -# Make sure only supported distribution can run this installer script. -preflight_system_check + # Make sure only supported distribution can run this installer script. + preflight_system_check +fi -DISTRIB_NAME=${DISTRIB_NAME:-$(get_distrib_name)} -RELEASE_NAME=${RELEASE_NAME:-$(get_release_name)} -MONGODB_VERSION=${MONGODB_VERSION:-"5.0"} -[[ "${RELEASE_NAME}" == "jessie" || "${RELEASE_NAME}" == "xenial" ]] && MONGODB_VERSION="4.4" +# Set MongoDB version. +if [[ "${RELEASE_NAME}" == "jessie" || "${RELEASE_NAME}" == "xenial" ]]; then + MONGODB_VERSION="4.4" +else + MONGODB_VERSION=${MONGODB_VERSION:-"5.0"} +fi function remove_mongodb_repo() { echo "Removing MongoDB repository..." @@ -99,7 +101,7 @@ function init_mongodb_removal() { fi } -echo "[MongoDB ${MONGODB_VERSION} Server Removal]" +echo "Uninstalling MongoDB ${MONGODB_VERSION} server..." if [[ -n $(command -v mongod) ]]; then if [[ "${AUTO_REMOVE}" == true ]]; then diff --git a/scripts/remove_nginx.sh b/scripts/remove_nginx.sh index 71b74569..d8928fa7 100755 --- a/scripts/remove_nginx.sh +++ b/scripts/remove_nginx.sh @@ -1,8 +1,8 @@ #!/usr/bin/env bash -# NGiNX uninstaller +# Nginx uninstaller # Min. Requirement : GNU/Linux Ubuntu 18.04 -# Last Build : 10/12/2021 +# Last Build : 12/02/2022 # Author : MasEDI.Net (me@masedi.net) # Since Version : 1.0.0 @@ -11,10 +11,13 @@ if [[ "$(type -t run)" != "function" ]]; then BASE_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd ) # shellcheck disable=SC1091 . "${BASE_DIR}/helper.sh" -fi -# Make sure only root can run this installer script. -requires_root "$@" + # Make sure only root can run this installer script. + requires_root "$@" + + # Make sure only supported distribution can run this installer script. + preflight_system_check +fi # Remove nginx. function init_nginx_removal() { @@ -55,30 +58,32 @@ function init_nginx_removal() { run add-apt-repository -y --remove "ppa:ondrej/${NGINX_REPO}" fi else - info "NGiNX package not found, possibly installed from source." + info "Nginx package not found, possibly installed from source." echo "Remove it manually!!" NGINX_BIN=$(command -v nginx) if [[ -n "${NGINX_BIN}" ]]; then - echo "NGiNX binary executable: ${NGINX_BIN}" + echo "Nginx binary executable: ${NGINX_BIN}" # Disable systemctl. - echo "Disable NGiNX service." + echo "Disable Nginx service." [ -f /etc/systemd/system/multi-user.target.wants/nginx.service ] && run systemctl disable nginx [ -f /etc/systemd/system/multi-user.target.wants/nginx.service ] && \ run unlink /etc/systemd/system/multi-user.target.wants/nginx.service [ -f /lib/systemd/system/nginx.service ] && run rm -f /lib/systemd/system/nginx.service # Remove Nginx files. + echo "Removing Nginx libraries & modules." [ -f /etc/init.d/nginx ] && run rm -f /etc/init.d/nginx [ -d /usr/lib/nginx ] && run rm -fr /usr/lib/nginx + [ -d /usr/local/nginx ] && run rm -fr /usr/local/nginx [ -d /etc/nginx/modules-enabled ] && run rm -fr /etc/nginx/modules-enabled [ -d /etc/nginx/modules-available ] && run rm -fr /etc/nginx/modules-available # Remove binary executable file. if [[ -x "${NGINX_BIN}" ]]; then - echo "Remove NGiNX binary executable file." + echo "Remove Nginx binary executable file." run rm -f "${NGINX_BIN}" fi @@ -88,7 +93,7 @@ function init_nginx_removal() { run sed -i "/^${USERNAME}:/d" /srv/.htpasswd fi else - error "Sorry, we couldn't find any NGiNX binary executable file." + error "Sorry, we couldn't find any Nginx binary executable file." fi fi @@ -103,7 +108,7 @@ function init_nginx_removal() { fi else while [[ "${REMOVE_NGX_CONFIG}" != "y" && "${REMOVE_NGX_CONFIG}" != "n" ]]; do - read -rp "Remove all NGiNX configuration files? [y/n]: " -e REMOVE_NGX_CONFIG + read -rp "Remove all Nginx configuration files? [y/n]: " -e REMOVE_NGX_CONFIG done fi @@ -112,37 +117,39 @@ function init_nginx_removal() { run rm -fr /var/cache/nginx run rm -fr /usr/share/nginx - echo "All your NGiNX configuration files deleted permanently." + echo "All your Nginx configuration files deleted permanently." fi - + # Final test. if [[ "${DRYRUN}" != true ]]; then + run systemctl daemon-reload + if [[ -z $(command -v nginx) ]]; then - success "NGiNX HTTP server removed succesfully." + success "Nginx HTTP server removed succesfully." else - info "Unable to remove NGiNX HTTP server." + info "Unable to remove Nginx HTTP server." fi else - info "NGiNX HTTP server removed in dry run mode." + info "Nginx HTTP server removed in dry run mode." fi } -echo "Uninstalling NGiNX HTTP server..." +echo "Uninstalling Nginx HTTP server..." if [[ -n $(command -v nginx) || -x /usr/sbin/nginx ]]; then if [[ "${AUTO_REMOVE}" == true ]]; then REMOVE_NGINX="y" else while [[ "${REMOVE_NGINX}" != "y" && "${REMOVE_NGINX}" != "n" ]]; do - read -rp "Are you sure to remove NGiNX HTTP server? [y/n]: " -e REMOVE_NGINX + read -rp "Are you sure to remove Nginx HTTP server? [y/n]: " -e REMOVE_NGINX done fi if [[ "${REMOVE_NGINX}" == Y* || "${REMOVE_NGINX}" == y* ]]; then init_nginx_removal "$@" else - echo "Found NGiNX HTTP server, but not removed." + echo "Found Nginx HTTP server, but not removed." fi else - info "Oops, NGiNX installation not found." + info "Oops, Nginx installation not found." fi diff --git a/scripts/remove_php.sh b/scripts/remove_php.sh index c94caa60..d563a254 100755 --- a/scripts/remove_php.sh +++ b/scripts/remove_php.sh @@ -2,7 +2,7 @@ # PHP & FPM Uninstaller # Min. Requirement : GNU/Linux Ubuntu 18.04 -# Last Build : 18/12/2021 +# Last Build : 12/02/2022 # Author : MasEDI.Net (me@masedi.net) # Since Version : 1.0.0 @@ -11,10 +11,13 @@ if [[ "$(type -t run)" != "function" ]]; then BASE_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd ) # shellcheck disable=SC1091 . "${BASE_DIR}/helper.sh" -fi -# Make sure only root can run this installer script. -requires_root "$@" + # Make sure only root can run this installer script. + requires_root "$@" + + # Make sure only supported distribution can run this installer script. + preflight_system_check +fi ## # Remove PHP & FPM installation from system. @@ -22,8 +25,10 @@ requires_root "$@" function remove_php_fpm() { # PHP version. local PHPv="${1}" + local REMOVED_PHP_LOADER="${2}" + if [ -z "${PHPv}" ]; then - PHPv=${DEFAULT_PHP_VERSION:-"7.4"} + PHPv=${DEFAULT_PHP_VERSION:-"8.0"} fi # Stop default PHP FPM process. @@ -34,51 +39,31 @@ function remove_php_fpm() { if dpkg-query -l | awk '/php/ { print $2 }' | grep -qwE "^php${PHPv}"; then echo "Removing PHP ${PHPv} packages installation..." - # Remove geoip extension. - if "php${PHPv}" -m | grep -qw geoip; then - # Uninstall geoip pecl. - #run pecl uninstall geoip - - # Unlink enabled extension. - [ -f "/etc/php/${PHPv}/cli/conf.d/20-geoip.ini" ] && \ - run unlink "/etc/php/${PHPv}/cli/conf.d/20-geoip.ini" - - [ -f "/etc/php/${PHPv}/fpm/conf.d/20-geoip.ini" ] && \ - run unlink "/etc/php/${PHPv}/fpm/conf.d/20-geoip.ini" - - # Remove extension. - run rm -f "/etc/php/${PHPv}/mods-available/geoip.ini" - fi - - # Remove mcrypt extension. - #if [[ "${PHPv//.}" -lt "72" ]]; then - # if "php${PHPv}" -m | grep -qw mcrypt; then - # run apt-get purge -y "php${PHPv}-mcrypt" - # fi - #elif [[ "${PHPv}" == "7.2" ]]; then - # if "php${PHPv}" -m | grep -qw mcrypt; then - # Uninstall mcrypt pecl. - #run pecl uninstall mcrypt + if [[ -n $(command -v "php${PHPv}") ]]; then + # Remove geoip extension. + if "php${PHPv}" -m | grep -qw geoip; then + # Uninstall geoip pecl. + #run pecl uninstall geoip # Unlink enabled extension. - # [ -f "/etc/php/${PHPv}/cli/conf.d/20-mcrypt.ini" ] && \ - # run unlink "/etc/php/${PHPv}/cli/conf.d/20-mcrypt.ini" + [ -f "/etc/php/${PHPv}/cli/conf.d/20-geoip.ini" ] && \ + run unlink "/etc/php/${PHPv}/cli/conf.d/20-geoip.ini" - # [ -f "/etc/php/${PHPv}/fpm/conf.d/20-mcrypt.ini" ] && \ - # run unlink "/etc/php/${PHPv}/fpm/conf.d/20-mcrypt.ini" + [ -f "/etc/php/${PHPv}/fpm/conf.d/20-geoip.ini" ] && \ + run unlink "/etc/php/${PHPv}/fpm/conf.d/20-geoip.ini" # Remove extension. - # run rm -f "/etc/php/${PHPv}/mods-available/mcrypt.ini" - # fi - #else - # Use libsodium? remove separately. - # info "If you're installing Libsodium extension, then remove it separately." - #fi + run rm -f "/etc/php/${PHPv}/mods-available/geoip.ini" + fi + fi # Remove PHP packages. # shellcheck disable=SC2046 run apt-get purge -qq -y $(dpkg-query -l | awk '/php/ { print $2 }' | grep -wE "^php${PHPv}") + # Remove PHP loaders. + remove_php_loader "${PHPv}" "${REMOVED_PHP_LOADER}" + # Remove PHP & FPM config files. warning "!! This action is not reversible !!" @@ -117,16 +102,18 @@ function disable_ioncube_loader() { # PHP version. local PHPv="${1}" if [ -z "${PHPv}" ]; then - PHPv=${DEFAULT_PHP_VERSION:-"7.4"} + PHPv=${DEFAULT_PHP_VERSION:-"8.0"} fi - echo "Disable ionCube PHP ${PHPv} loader." + echo "Disable ionCube loader for PHP ${PHPv}." - [[ -f "/etc/php/${PHPv}/fpm/conf.d/05-ioncube.ini" ]] && \ - run unlink "/etc/php/${PHPv}/fpm/conf.d/05-ioncube.ini" + if [[ -f "/etc/php/${PHPv}/fpm/conf.d/05-ioncube.ini" ]]; then + run unlink "/etc/php/${PHPv}/fpm/conf.d/05-ioncube.ini" + fi - [[ -f "/etc/php/${PHPv}/cli/conf.d/05-ioncube.ini" ]] && \ - run unlink "/etc/php/${PHPv}/cli/conf.d/05-ioncube.ini" + if [[ -f "/etc/php/${PHPv}/cli/conf.d/05-ioncube.ini" ]]; then + run unlink "/etc/php/${PHPv}/cli/conf.d/05-ioncube.ini" + fi } ## @@ -136,18 +123,18 @@ function remove_ioncube_loader() { # PHP version. local PHPv="${1}" if [ -z "${PHPv}" ]; then - PHPv=${DEFAULT_PHP_VERSION:-"7.4"} + PHPv=${DEFAULT_PHP_VERSION:-"8.0"} fi - echo "Uninstalling ionCube PHP ${PHPv} loader..." + echo "Uninstalling ionCube loader for PHP ${PHPv}..." disable_ioncube_loader "${PHPv}" if [[ -d /usr/lib/php/loaders/ioncube ]]; then run rm -fr /usr/lib/php/loaders/ioncube - success "ionCube PHP ${PHPv} loader has been removed." + success "ionCube loader for PHP ${PHPv} has been removed." else - info "ionCube PHP ${PHPv} loader couldn't be found." + info "ionCube loader for PHP ${PHPv} couldn't be found." fi } @@ -158,16 +145,18 @@ function disable_sourceguardian_loader() { # PHP version. local PHPv="${1}" if [ -z "${PHPv}" ]; then - PHPv=${DEFAULT_PHP_VERSION:-"7.4"} + PHPv=${DEFAULT_PHP_VERSION:-"8.0"} fi - echo "Disable SourceGuardian PHP ${PHPv} loader." + echo "Disable SourceGuardian loader for PHP ${PHPv}." - [[ -f "/etc/php/${PHPv}/fpm/conf.d/05-sourceguardian.ini" ]] && \ - run unlink "/etc/php/${PHPv}/fpm/conf.d/05-sourceguardian.ini" + if [[ -f "/etc/php/${PHPv}/fpm/conf.d/05-sourceguardian.ini" ]]; then + run unlink "/etc/php/${PHPv}/fpm/conf.d/05-sourceguardian.ini" + fi - [[ -f "/etc/php/${PHPv}/cli/conf.d/05-sourceguardian.ini" ]] && \ - run unlink "/etc/php/${PHPv}/cli/conf.d/05-sourceguardian.ini" + if [[ -f "/etc/php/${PHPv}/cli/conf.d/05-sourceguardian.ini" ]]; then + run unlink "/etc/php/${PHPv}/cli/conf.d/05-sourceguardian.ini" + fi } ## @@ -177,18 +166,18 @@ function remove_sourceguardian_loader() { # PHP version. local PHPv="${1}" if [ -z "${PHPv}" ]; then - PHPv=${DEFAULT_PHP_VERSION:-"7.4"} + PHPv=${DEFAULT_PHP_VERSION:-"8.0"} fi - echo "Uninstalling SourceGuardian PHP ${PHPv} loader..." + echo "Uninstalling SourceGuardian loader for PHP ${PHPv}..." disable_sourceguardian_loader "${PHPv}" if [[ -d /usr/lib/php/loaders/sourceguardian ]]; then run rm -fr /usr/lib/php/loaders/sourceguardian - success "SourceGuardian PHP ${PHPv} loader has been removed." + success "SourceGuardian loader for PHP ${PHPv} has been removed." else - info "SourceGuardian PHP ${PHPv} loader couldn't be found." + info "SourceGuardian loader for PHP ${PHPv} couldn't be found." fi } @@ -200,7 +189,7 @@ function remove_php_loader() { local REMOVED_PHP_LOADER="${2}" if [[ -z "${PHPv}" ]]; then - PHPv=${DEFAULT_PHP_VERSION:-"7.4"} + PHPv=${DEFAULT_PHP_VERSION:-"8.0"} fi if [[ -z "${REMOVED_PHP_LOADER}" ]]; then @@ -222,7 +211,7 @@ function remove_php_loader() { fi if [[ ${DO_REMOVE_PHP_LOADER} == y* || ${DO_REMOVE_PHP_LOADER} == Y* ]]; then - if ! "${AUTO_INSTALL}"; then + if [[ "${AUTO_INSTALL}" != true ]]; then echo "" echo "Available PHP Loaders:" echo " 1). ionCube Loader (latest stable)" @@ -273,18 +262,25 @@ function init_php_fpm_removal() { eval set -- "${OPTS}" - while true - do + while true; do case "${1}" in - -p | --php-version) shift - OPT_PHP_VERSIONS+=("${1}") + -p | --php-version) + shift + if [[ "${1}" == "all" ]]; then + # Include versions from config file. + read -r -a OPT_PHP_VERSIONS <<< "${PHP_VERSIONS}" + else + OPT_PHP_VERSIONS+=("${1}") + fi shift ;; - -l | --php-loader) shift + -l | --php-loader) + shift OPT_PHP_LOADER="${1}" shift ;; - --) shift + --) + shift break ;; *) @@ -294,9 +290,6 @@ function init_php_fpm_removal() { esac done - # Include versions from config file. - read -r -a REMOVED_PHP_VERSIONS <<< "${PHP_VERSIONS}" - if [[ "${#OPT_PHP_VERSIONS[@]}" -gt 0 ]]; then REMOVED_PHP_VERSIONS+=("${OPT_PHP_VERSIONS[@]}") else @@ -308,8 +301,8 @@ function init_php_fpm_removal() { echo " 2). PHP 7.0 (EOL)" echo " 3). PHP 7.1 (EOL)" echo " 4). PHP 7.2 (EOL)" - echo " 5). PHP 7.3 (SFO)" - echo " 6). PHP 7.4 (Stable)" + echo " 5). PHP 7.3 (EOL)" + echo " 6). PHP 7.4 (SFO)" echo " 7). PHP 8.0 (Stable)" echo " 8). PHP 8.1 (Latest Stable)" echo " 9). All installed versions" @@ -357,7 +350,7 @@ function init_php_fpm_removal() { ;; 9 | "all") # Select all PHP versions (except EOL & Beta). - REMOVED_PHP_VERSIONS=("5.6" "7.0" "7.1" "7.2" "7.3" "7.4" "8.0") + REMOVED_PHP_VERSIONS=("5.6" "7.0" "7.1" "7.2" "7.3" "7.4" "8.0" "8.1") ;; 10 | n*) info "No PHP version will be removed." @@ -373,7 +366,7 @@ function init_php_fpm_removal() { # If FORCE_REMOVE, then remove all installed PHP versions include the default. if [[ "${FORCE_REMOVE}" == true ]]; then # Also remove default LEMPer PHP. - DEFAULT_PHP_VERSION=${DEFAULT_PHP_VERSION:-"7.4"} + DEFAULT_PHP_VERSION=${DEFAULT_PHP_VERSION:-"8.0"} REMOVED_PHP_VERSIONS+=("${DEFAULT_PHP_VERSION}") fi @@ -383,9 +376,8 @@ function init_php_fpm_removal() { # Remove all selected PHP versions. if [[ "${#REMOVED_PHP_VERSIONS[@]}" -gt 0 ]]; then - for PHPV in "${REMOVED_PHP_VERSIONS[@]}"; do - remove_php_fpm "${PHPV}" - remove_php_loader "${PHPV}" "${OPT_PHP_LOADER}" + for PHP_VER in "${REMOVED_PHP_VERSIONS[@]}"; do + remove_php_fpm "${PHP_VER}" "${OPT_PHP_LOADER}" echo "" done @@ -393,14 +385,19 @@ function init_php_fpm_removal() { if [[ "${DRYRUN}" != true ]]; then # New logic for multiple PHP removal in batch. PHP_IS_EXISTS=false - for PHPV in "${REMOVED_PHP_VERSIONS[@]}"; do - [[ -n $(command -v "${PHPV}") ]] && PHP_IS_EXISTS=true + for PHP_VER in "${REMOVED_PHP_VERSIONS[@]}"; do + [[ -n $(command -v "${PHP_VER}") ]] && PHP_IS_EXISTS=true done if [[ "${PHP_IS_EXISTS}" == false ]]; then echo "Removing additional unused PHP packages..." run apt-get purge -qq -y dh-php php-common php-pear php-xml pkg-php-tools fcgiwrap spawn-fcgi + # Remove openswoole official repository. + if echo "${PHP_EXTENSIONS}" | grep -qwE "openswoole"; then + run add-apt-repository -y ppa:openswoole/ppa + fi + # Remove PHP repository. run add-apt-repository -y --remove ppa:ondrej/php @@ -441,8 +438,8 @@ if [[ -n $(command -v php5.6) || \ if [[ "${REMOVE_PHP}" == Y* || "${REMOVE_PHP}" == y* ]]; then init_php_fpm_removal "$@" else - echo "Found PHP package, but not removed." + echo "Found PHP packages, but not removed." fi else - info "Oops, PHP package installation not found." + info "Oops, PHP packages installation not found." fi diff --git a/scripts/remove_redis.sh b/scripts/remove_redis.sh index 246618a5..7f2a6d98 100755 --- a/scripts/remove_redis.sh +++ b/scripts/remove_redis.sh @@ -2,7 +2,7 @@ # Redis Uninstaller # Min. Requirement : GNU/Linux Ubuntu 18.04 -# Last Build : 10/12/2021 +# Last Build : 12/02/2022 # Author : MasEDI.Net (me@masedi.net) # Since Version : 1.0.0 @@ -11,10 +11,13 @@ if [[ "$(type -t run)" != "function" ]]; then BASE_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd ) # shellcheck disable=SC1091 . "${BASE_DIR}/helper.sh" -fi -# Make sure only root can run this installer script. -requires_root "$@" + # Make sure only root can run this installer script. + requires_root "$@" + + # Make sure only supported distribution can run this installer script. + preflight_system_check +fi function init_redis_removal() { # Stop Redis server process. @@ -68,18 +71,21 @@ function init_redis_removal() { fi # Final test. - if [[ "${DRYRUN}" == true ]]; then - info "Redis server removed in dry run mode." - else + if [[ "${DRYRUN}" != true ]]; then + run systemctl daemon-reload + if [[ -z $(command -v redis-server) ]]; then success "Redis server removed succesfully." else info "Unable to remove Redis server." fi + else + info "Redis server removed in dry run mode." fi } echo "Uninstalling Redis server..." + if [[ -n $(command -v redis-server) ]]; then if [[ "${AUTO_REMOVE}" == true ]]; then REMOVE_REDIS="y" diff --git a/scripts/remove_vsftpd.sh b/scripts/remove_vsftpd.sh index 73777ae6..a62c7d50 100755 --- a/scripts/remove_vsftpd.sh +++ b/scripts/remove_vsftpd.sh @@ -2,7 +2,7 @@ # VSFTPD Uninstaller # Min. Requirement : GNU/Linux Ubuntu 18.04 -# Last Build : 10/12/2021 +# Last Build : 12/02/2022 # Author : MasEDI.Net (me@masedi.net) # Since Version : 2.5.0 @@ -11,10 +11,13 @@ if [[ "$(type -t run)" != "function" ]]; then BASE_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd ) # shellcheck disable=SC1091 . "${BASE_DIR}/helper.sh" -fi -# Make sure only root can run this installer script. -requires_root "$@" + # Make sure only root can run this installer script. + requires_root "$@" + + # Make sure only supported distribution can run this installer script. + preflight_system_check +fi function init_vsftpd_removal() { # Stop VSFTPD process. @@ -58,11 +61,15 @@ function init_vsftpd_removal() { if [[ "${REMOVE_VSFTPD_CONFIG}" == y* || "${REMOVE_VSFTPD_CONFIG}" == Y* ]]; then [[ -f /etc/vsftpd.conf ]] && run rm -f /etc/vsftpd.conf [[ -f /etc/vsftpd.conf.bak ]] && run rm -f /etc/vsftpd.conf.bak + [[ -f /etc/vsftpd.userlist ]] && run rm -f /etc/vsftpd.userlist + echo "All configuration files deleted permanently." fi # Final test. if [[ "${DRYRUN}" != true ]]; then + run systemctl daemon-reload + if [[ -z $(command -v vsftpd) ]]; then success "FTP server (VSFTPD) removed succesfully." else diff --git a/scripts/secure_server.sh b/scripts/secure_server.sh index beae00b9..ead45c79 100755 --- a/scripts/secure_server.sh +++ b/scripts/secure_server.sh @@ -2,7 +2,7 @@ # Basic Server Security Hardening # Min. Requirement : GNU/Linux Ubuntu 18.04 -# Last Build : 01/07/2019 +# Last Build : 12/02/2022 # Author : MasEDI.Net (me@masedi.net) # Since Version : 1.0.0 @@ -11,10 +11,13 @@ if [[ "$(type -t run)" != "function" ]]; then BASE_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd ) # shellcheck disable=SC1091 . "${BASE_DIR}/helper.sh" -fi -# Make sure only root can run this installer script. -requires_root "$@" + # Make sure only root can run this installer script. + requires_root "$@" + + # Make sure only supported distribution can run this installer script. + preflight_system_check +fi ## # Securing SSH server. @@ -23,7 +26,7 @@ function securing_ssh() { LEMPER_USERNAME=${LEMPER_USERNAME:-"lemper"} SSH_PASSWORDLESS=${SSH_PASSWORDLESS:-false} - if "${SSH_PASSWORDLESS}"; then + if [[ "${SSH_PASSWORDLESS}" == true ]]; then echo " Before starting, let's create a pair of keys that some hosts ask for during installation of the server. @@ -77,11 +80,12 @@ EOL run chmod 600 "/home/${LEMPER_USERNAME}/.ssh/authorized_keys" echo -e "\nEnable SSH password-less login..." + run bash -c "echo -e '\n\n#LEMPer custom config' >> /etc/ssh/sshd_config" # Restrict root login directly, use sudo user instead. SSH_ROOT_LOGIN=${SSH_ROOT_LOGIN:-false} - if ! "${SSH_ROOT_LOGIN}"; then + if [[ "${SSH_ROOT_LOGIN}" == false ]]; then echo "Restricting SSH root login..." if grep -qwE "^PermitRootLogin\ [a-z]*" /etc/ssh/sshd_config; then @@ -134,6 +138,7 @@ EOL # Securing the SSH server. echo "Securing your SSH server with custom port..." + SSH_PORT=${SSH_PORT:-""} while ! [[ ${SSH_PORT} =~ ^[0-9]+$ ]]; do read -rp "Custom SSH port (default SSH port is 22): " -e SSH_PORT @@ -182,6 +187,7 @@ function install_ufw() { # Install UFW run apt-get install -qq -y ufw + # UFW app rules is here /etc/ufw/applications.d if [[ -n $(command -v ufw) ]]; then echo "Configuring UFW firewall rules..." @@ -203,30 +209,36 @@ function install_ufw() { run ufw allow 8083 #LEMPer port # Open MySQL port. - [[ "${MYSQL_ALLOW_REMOTE}" == true ]] && \ - run ufw allow 3306 + if [[ "${MYSQL_ALLOW_REMOTE}" == true ]]; then + run ufw allow 3306 + fi # Open FTP ports. if [[ "${INSTALL_VSFTPD}" == true ]]; then + FTP_MIN_PORT=${FTP_MIN_PORT:-45000} + FTP_MAX_PORT=${FTP_MAX_PORT:-45099} + run ufw allow 20/tcp run ufw allow 21/tcp - run ufw allow 990/tcp # For TLS enabled. - run ufw allow 40000:50000/tcp # The range of passive ports. + # For TLS enabled. + run ufw allow 990/tcp + # The range of passive ports. + run ufw allow "${FTP_MIN_PORT}:${FTP_MAX_PORT}/tcp" fi - # Open SMTPs port. - run ufw allow 25 - run ufw allow 465 - run ufw allow 587 - if [[ "${INSTALL_MAILER}" == true ]]; then + # Open SMTPs port. + run ufw allow 25/tcp + run ufw allow 465/tcp + run ufw allow 587/tcp + # Open IMAPs ports. - run ufw allow 143 - run ufw allow 993 + run ufw allow 143/tcp + run ufw allow 993/tcp # Open POP3s ports. - run ufw allow 110 - run ufw allow 995 + run ufw allow 110/tcp + run ufw allow 995/tcp fi # Open DNS port. @@ -312,7 +324,9 @@ function install_csf() { # Open FTP ports. if [[ "${INSTALL_VSFTPD}" == true ]]; then - CSF_ALLOW_PORTS="${CSF_ALLOW_PORTS},20,21,990,40000:50000" + FTP_MIN_PORT=${FTP_MIN_PORT:-45000} + FTP_MAX_PORT=${FTP_MAX_PORT:-45099} + CSF_ALLOW_PORTS="${CSF_ALLOW_PORTS},20,21,990,${FTP_MIN_PORT}:${FTP_MAX_PORT}" fi # Allowed incoming TCP ports. @@ -390,6 +404,7 @@ function install_apf() { run cd "${BUILD_DIR}" || return 1 echo "Installing APF+BFD firewall..." + if curl -sLI "https://github.com/rfxn/advanced-policy-firewall/archive/${APF_VERSION}.tar.gz" \ | grep -q "HTTP/[.12]* [2].."; then run wget -q "https://github.com/rfxn/advanced-policy-firewall/archive/${APF_VERSION}.tar.gz" && \