├── .gitignore ├── LICENSE ├── README.md ├── install.sh ├── nginx-ubuntu19.sh ├── nginx-ubuntu20.sh ├── nginx ├── default-backup.conf ├── proxy.conf └── ubuntu20.conf ├── php ├── php-fpm-1gb.sh └── php7.4-fpm-1gb.sh ├── sites-available ├── 000-default.conf ├── default-ssl.conf └── php_proxy.conf └── ubuntu18.sh /.gitignore: -------------------------------------------------------------------------------- 1 | /vendor 2 | composer.phar 3 | composer.lock 4 | .DS_Store 5 | Thumbs.db 6 | /phpunit.xml 7 | /.idea 8 | /.vscode 9 | .phpunit.result.cache -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | 23 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Install PHP-Proxy on your Server 2 | 3 | The idea here is to simplify the installation process to the point where one-line is all that's needed to install and configure this app. Paste this command onto your terminal, and make sure you're doing this on a fresh server because this may remove some of your files. 4 | 5 | 6 | Ubuntu 20 with nginx + SSL 7 | ```shell 8 | bash <(wget -O - https://raw.githubusercontent.com/Athlon1600/php-proxy-installer/master/nginx-ubuntu20.sh) 9 | 10 | ## Install SSL 11 | sudo certbot --nginx --agree-tos --register-unsafely-without-email --redirect 12 | ``` 13 | 14 | Ubuntu 19: 15 | ```shell 16 | bash <(wget -O - https://raw.githubusercontent.com/Athlon1600/php-proxy-installer/master/nginx-ubuntu19.sh) 17 | ``` 18 | 19 | Ubuntu 18: 20 | ```shell 21 | bash <(wget -O - https://raw.githubusercontent.com/Athlon1600/php-proxy-installer/master/ubuntu18.sh) 22 | ``` 23 | 24 | For Ubuntu 16.04: 25 | 26 | ```shell 27 | bash <(wget -O - https://raw.githubusercontent.com/Athlon1600/php-proxy-installer/master/install.sh) 28 | ``` 29 | 30 | For Ubuntu 14.04: 31 | 32 | ```shell 33 | bash <(wget -O - https://raw.githubusercontent.com/Athlon1600/php-proxy-installer/eeebc9acfbafc07001c4c1f91e837313609a4e77/install.sh) 34 | ``` 35 | 36 | Optional PHP config for servers with 1 GB of RAM: 37 | 38 | ```bash 39 | bash <(wget -O - https://raw.githubusercontent.com/Athlon1600/php-proxy-installer/master/php/php-fpm-1gb.sh) 40 | ``` 41 | 42 | 43 | ![This is what PHP-Proxy looks like when installed](http://i.imgur.com/BvhBPD0.png?2) 44 | 45 | ### What does it do? 46 | 47 | * apt-get update && apt-get upgrade 48 | * Install Apache + PHP + cURL 49 | * Enable mod_status, and automatically adjust Apache configuration based on the amount of RAM that server has. 50 | * Install Composer 51 | * Via Composer, Install [php-proxy-app](https://github.com/Athlon1600/php-proxy-app) 52 | * Cron job to restart Apache every 12 hours 53 | * Cron job to "composer update" the app every 24 hours. 54 | 55 | 56 | ### To-Do List 57 | 58 | * Automatically shut down the server once the bandwidth used exceeds XX terabytes/month. 59 | 60 | 61 | Feel free to fork this project, and add your own commands to fully customize this for your own individual use. 62 | 63 | ### Useful/Debug 64 | 65 | How much memory average php-fpm process uses: 66 | 67 | ```bash 68 | ps -ylC php-fpm7.3 --sort:rss 69 | ``` 70 | 71 | As a single number in megabytes: 72 | ```bash 73 | ps --no-headers -o "rss,cmd" -C php-fpm7.3 | awk '{ sum+=$1 } END { printf ("%d%s\n", sum/NR/1024,"Mb") }' 74 | ``` 75 | 76 | Nginx hangs at 100% CPU. 77 | 78 | > TCP: out of memory -- consider tuning tcp_mem 79 | 80 | Socket leaks. 81 | http://alexhoffman.info/blog/tcp-out-of-memory/ 82 | 83 | > service php7.3-fpm restart 84 | 85 | During composer install 86 | 87 | ```shell 88 | The "http://repo.packagist.org/p/provider-archived%244b92d0c4ac54205e9b0eb60108508425c627dc43d63463d6800debb88af69674.json" file could not be downloaded: failed to open stream: Connection refused 89 | ``` 90 | -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # will throw https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728775 if run with | bash 4 | 5 | # debian forks only 6 | 7 | # Apache site settings 8 | SITE=php_proxy.conf 9 | 10 | # Apache file to where this will be written 11 | CONF_FILE=/etc/apache2/sites-available/$SITE 12 | 13 | # How much RAM should be allocated to each Apache process? This is measured in kB (kilobytes) because MemTotal below is given in kB 14 | # RSS for an average apache2 php-proxy instance is anywhere from 10-15 MB 15 | # Actual unique memory taken up by each is 2-5 MB. Factor in all the "shared memory", and the real average should be about 5 MB 16 | APACHE_PROCESS_MEM=5000 17 | 18 | function check_apache(){ 19 | 20 | # check if directory exist 21 | if [ -d /etc/apache2/ ]; then 22 | echo "Apache2 is already installed on this system. This installation only works on fresh systems" 23 | exit 24 | fi 25 | } 26 | 27 | function check_www(){ 28 | 29 | # check if directory exist 30 | if [ -d "/var/www/" ]; then 31 | echo "Contents of /var/www/ will be removed." 32 | read -p "Do you want to continue? [Y/n] " 33 | 34 | if [[ $REPLY =~ ^[Yy]$ ]]; then 35 | rm -rf /var/www/ 36 | else 37 | exit 38 | fi 39 | fi 40 | } 41 | 42 | function install_cron(){ 43 | 44 | # brackets = list of commands to be executed as one unit 45 | # restart apache every 12 hours 46 | crontab -l | { cat; echo "0 0,12 * * * /usr/sbin/service apache2 restart"; } | crontab - 47 | 48 | # update php-proxy-app everyday on midnight 49 | crontab -l | { cat; echo "0 0 * * * /usr/local/bin/composer update --working-dir=/var/www/"; } | crontab - 50 | } 51 | 52 | function update(){ 53 | 54 | # dist upgrades 55 | apt-get -qq update 56 | apt-get -qq -y upgrade 57 | } 58 | 59 | function install_composer(){ 60 | 61 | # install composer 62 | curl -sS https://getcomposer.org/installer | php -d suhosin.executor.include.whitelist=phar 63 | mv composer.phar /usr/local/bin/composer 64 | 65 | # preserve those command arguments for every composer call 66 | alias composer='php -d suhosin.executor.include.whitelist=phar /usr/local/bin/composer' 67 | } 68 | 69 | # should we even run this script? 70 | check_apache 71 | 72 | # does /var/www/ already exist? 73 | check_www 74 | 75 | ## fresh installations may need to update package locations 76 | update 77 | 78 | ## git for composer and bc for math operations - vnstat for bandwidth 79 | apt-get -y install git bc curl vnstat 80 | 81 | # How much RAM does this computer even have? This will be in kilobytes 82 | MEM_TOTAL=$( grep MemTotal /proc/meminfo | awk '{print $2}' ) 83 | 84 | # How much of that RAM should be set aside exclusively for Apache? 85 | APACHE_MEM=$( echo "$MEM_TOTAL * 0.90 / 1" | bc ) 86 | 87 | # MaxClients = Usable Memory / Memory per Apache process 88 | MAX_CLIENTS=$(( $APACHE_MEM / $APACHE_PROCESS_MEM )) 89 | 90 | 91 | # LAMP setup 92 | apt-get -qq -y install apache2 php libapache2-mod-php php-curl php-mbstring 93 | 94 | 95 | # We need youtube-dl too - this takes a while to install.... 96 | apt-get -qq -y install youtube-dl 97 | 98 | 99 | # we need these mods 100 | a2enmod status 101 | 102 | # we don't need these mods. -f to avoid "WARNING: The following essential module will be disabled" 103 | a2dismod -f deflate alias rewrite 104 | 105 | install_composer 106 | 107 | # remove default stuff from apache home directory 108 | # post 2.4: The default Ubuntu document root is /var/www/html. 109 | rm -rf /var/www/* 110 | 111 | ## remove old apache configurations 112 | rm -rf /etc/apache2/sites-available/* 113 | rm -rf /etc/apache2/sites-enabled/* 114 | 115 | ## create a new configuration file and write our own 116 | touch $CONF_FILE 117 | 118 | echo "Writing to a configuration file $CONF_FILE..."; 119 | 120 | cat > $CONF_FILE < 124 | DocumentRoot /var/www/ 125 | 126 | 127 | ServerLimit $MAX_CLIENTS 128 | 129 | 130 | StartServers 5 131 | MinSpareServers 5 132 | MaxSpareServers 10 133 | MaxClients $MAX_CLIENTS 134 | MaxRequestsPerChild 0 135 | 136 | 137 | ExtendedStatus On 138 | 139 | 140 | SetHandler server-status 141 | 142 | 143 | EOL 144 | 145 | 146 | ## enable our new site - sometimes it's SITE.conf and other times it's just SITE 147 | a2ensite $SITE 148 | service apache2 restart 149 | 150 | composer create-project athlon1600/php-proxy-app:dev-master /var/www/ --no-interaction 151 | 152 | # optimize composer 153 | composer dumpautoload -o --working-dir=/var/www/ 154 | 155 | install_cron 156 | -------------------------------------------------------------------------------- /nginx-ubuntu19.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | sudo apt-get update && sudo apt-get -y upgrade 4 | 5 | sudo apt-get -y install nginx 6 | 7 | # TODO: maybe go with just php-fpm? 8 | sudo apt-get -y install php7.3-fpm 9 | 10 | ## missing extensions 11 | sudo apt-get -y install php7.3-curl php7.3-mbstring 12 | 13 | ## TODO: change php.ini here 14 | sudo service php7.3-fpm restart 15 | 16 | ## Installation dir 17 | mkdir -p /var/www/proxy 18 | 19 | ## Installation 20 | sudo apt-get -y install composer 21 | composer create-project athlon1600/php-proxy-app:dev-master /var/www/proxy --no-interaction 22 | 23 | ## Download configuration 24 | wget https://raw.githubusercontent.com/Athlon1600/php-proxy-installer/master/nginx/proxy.conf -O /etc/nginx/sites-available/default 25 | 26 | # sudo ln -s /etc/nginx/sites-available/proxy.conf /etc/nginx/sites-enabled/ 27 | 28 | ## Enable status page for PHP-FPM at: /fpm_status 29 | sed -i -e "s/;pm.status_path = \/status/pm.status_path = \/fpm_status/g" /etc/php/7.3/fpm/pool.d/www.conf 30 | 31 | service php7.3-fpm restart 32 | 33 | sudo service nginx restart 34 | 35 | ## SSL tools 36 | sudo apt-get -y install software-properties-common 37 | sudo add-apt-repository -y universe 38 | sudo add-apt-repository -y ppa:certbot/certbot 39 | sudo apt-get update 40 | sudo apt-get -y install certbot python-certbot-nginx 41 | -------------------------------------------------------------------------------- /nginx-ubuntu20.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | sudo apt-get update && sudo apt-get -y upgrade 4 | 5 | sudo apt-get -y install nginx 6 | 7 | # TODO: maybe go with just php-fpm? 8 | sudo apt-get -y install php7.4-fpm 9 | 10 | ## missing extensions 11 | sudo apt-get -y install php7.4-curl php7.4-mbstring 12 | 13 | ## TODO: change php.ini here 14 | sudo service php7.4-fpm restart 15 | 16 | ## Installation dir 17 | mkdir -p /var/www/proxy 18 | 19 | ## Installation 20 | sudo apt-get -y install composer 21 | composer create-project athlon1600/php-proxy-app:dev-master /var/www/proxy --no-interaction 22 | 23 | ## Download configuration 24 | wget https://raw.githubusercontent.com/Athlon1600/php-proxy-installer/master/nginx/ubuntu20.conf -O /etc/nginx/sites-available/default 25 | 26 | ## Enable status page for PHP-FPM at: /fpm_status 27 | sed -i -e "s/;pm.status_path = \/status/pm.status_path = \/fpm_status/g" /etc/php/7.4/fpm/pool.d/www.conf 28 | 29 | sudo service php7.4-fpm restart 30 | sudo service nginx restart 31 | 32 | ## SSL tools 33 | sudo apt-get -y install certbot python3-certbot-nginx 34 | -------------------------------------------------------------------------------- /nginx/default-backup.conf: -------------------------------------------------------------------------------- 1 | ## 2 | # You should look at the following URL's in order to grasp a solid understanding 3 | # of Nginx configuration files in order to fully unleash the power of Nginx. 4 | # https://www.nginx.com/resources/wiki/start/ 5 | # https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ 6 | # https://wiki.debian.org/Nginx/DirectoryStructure 7 | # 8 | # In most cases, administrators will remove this file from sites-enabled/ and 9 | # leave it as reference inside of sites-available where it will continue to be 10 | # updated by the nginx packaging team. 11 | # 12 | # This file will automatically load configuration files provided by other 13 | # applications, such as Drupal or Wordpress. These applications will be made 14 | # available underneath a path with that package name, such as /drupal8. 15 | # 16 | # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. 17 | ## 18 | 19 | # Default server configuration 20 | # 21 | server { 22 | listen 80 default_server; 23 | listen [::]:80 default_server; 24 | 25 | # SSL configuration 26 | # 27 | # listen 443 ssl default_server; 28 | # listen [::]:443 ssl default_server; 29 | # 30 | # Note: You should disable gzip for SSL traffic. 31 | # See: https://bugs.debian.org/773332 32 | # 33 | # Read up on ssl_ciphers to ensure a secure configuration. 34 | # See: https://bugs.debian.org/765782 35 | # 36 | # Self signed certs generated by the ssl-cert package 37 | # Don't use them in a production server! 38 | # 39 | # include snippets/snakeoil.conf; 40 | 41 | root /var/www/html; 42 | 43 | # Add index.php to the list if you are using PHP 44 | index index.html index.htm index.nginx-debian.html; 45 | 46 | server_name _; 47 | 48 | location / { 49 | # First attempt to serve request as file, then 50 | # as directory, then fall back to displaying a 404. 51 | try_files $uri $uri/ =404; 52 | } 53 | 54 | # pass PHP scripts to FastCGI server 55 | # 56 | #location ~ \.php$ { 57 | # include snippets/fastcgi-php.conf; 58 | # 59 | # # With php-fpm (or other unix sockets): 60 | # fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; 61 | # # With php-cgi (or other tcp sockets): 62 | # fastcgi_pass 127.0.0.1:9000; 63 | #} 64 | 65 | # deny access to .htaccess files, if Apache's document root 66 | # concurs with nginx's one 67 | # 68 | #location ~ /\.ht { 69 | # deny all; 70 | #} 71 | } 72 | 73 | 74 | # Virtual Host configuration for example.com 75 | # 76 | # You can move that to a different file under sites-available/ and symlink that 77 | # to sites-enabled/ to enable it. 78 | # 79 | #server { 80 | # listen 80; 81 | # listen [::]:80; 82 | # 83 | # server_name example.com; 84 | # 85 | # root /var/www/example.com; 86 | # index index.html; 87 | # 88 | # location / { 89 | # try_files $uri $uri/ =404; 90 | # } 91 | #} 92 | -------------------------------------------------------------------------------- /nginx/proxy.conf: -------------------------------------------------------------------------------- 1 | # Default server configuration 2 | # 3 | server { 4 | listen 80 default_server; 5 | listen [::]:80 default_server; 6 | 7 | root /var/www/proxy; 8 | 9 | index index.php; 10 | 11 | server_name _; 12 | 13 | location = /server_status { 14 | stub_status on; 15 | access_log off; 16 | } 17 | 18 | location = /fpm_status { 19 | access_log off; 20 | 21 | include fastcgi_params; 22 | fastcgi_index index.php; 23 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 24 | fastcgi_pass unix:/var/run/php/php7.3-fpm.sock; 25 | } 26 | 27 | location / { 28 | # First attempt to serve request as file, then 29 | # as directory, then fall back to displaying a 404. 30 | try_files $uri $uri/ =404; 31 | } 32 | 33 | # pass PHP scripts to FastCGI server 34 | location ~ \.php$ { 35 | include snippets/fastcgi-php.conf; 36 | fastcgi_pass unix:/var/run/php/php7.3-fpm.sock; 37 | } 38 | } 39 | 40 | -------------------------------------------------------------------------------- /nginx/ubuntu20.conf: -------------------------------------------------------------------------------- 1 | # Default server configuration 2 | # 3 | server { 4 | listen 80 default_server; 5 | listen [::]:80 default_server; 6 | 7 | root /var/www/proxy; 8 | 9 | index index.php; 10 | 11 | server_name _; 12 | 13 | location = /server_status { 14 | stub_status on; 15 | access_log off; 16 | } 17 | 18 | location = /fpm_status { 19 | access_log off; 20 | 21 | include fastcgi_params; 22 | fastcgi_index index.php; 23 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 24 | fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; 25 | } 26 | 27 | location / { 28 | # First attempt to serve request as file, then 29 | # as directory, then fall back to displaying a 404. 30 | try_files $uri $uri/ =404; 31 | } 32 | 33 | # pass PHP scripts to FastCGI server 34 | location ~ \.php$ { 35 | include snippets/fastcgi-php.conf; 36 | fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; 37 | } 38 | } 39 | 40 | -------------------------------------------------------------------------------- /php/php-fpm-1gb.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | ## Assume each php-proxy process uses ~25 MB RAM 4 | ## Assume 1 GB ram, and we are using 80% of it 5 | 6 | # default: 5 7 | sed -i 's/pm.max_children = [0-9]\+/pm.max_children = 40/' /etc/php/7.3/fpm/pool.d/www.conf 8 | 9 | ## default: 2 10 | sed -i 's/pm.start_servers = [0-9]\+/pm.start_servers = 10/' /etc/php/7.3/fpm/pool.d/www.conf 11 | 12 | ## default: 1 13 | sed -i 's/pm.min_spare_servers = [0-9]\+/pm.min_spare_servers = 10/' /etc/php/7.3/fpm/pool.d/www.conf 14 | 15 | ## default: 3 16 | sed -i 's/pm.max_spare_servers = [0-9]\+/pm.max_spare_servers = 20/' /etc/php/7.3/fpm/pool.d/www.conf 17 | 18 | ## Apply new settings 19 | sudo service php7.3-fpm restart 20 | sudo service nginx restart 21 | -------------------------------------------------------------------------------- /php/php7.4-fpm-1gb.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | ## Assume each php-proxy process uses ~25 MB RAM 4 | ## Assume 1 GB ram, and we are using 80% of it 5 | 6 | # default: 5 7 | sed -i 's/pm.max_children = [0-9]\+/pm.max_children = 40/' /etc/php/7.4/fpm/pool.d/www.conf 8 | 9 | ## default: 2 10 | sed -i 's/pm.start_servers = [0-9]\+/pm.start_servers = 10/' /etc/php/7.4/fpm/pool.d/www.conf 11 | 12 | ## default: 1 13 | sed -i 's/pm.min_spare_servers = [0-9]\+/pm.min_spare_servers = 10/' /etc/php/7.4/fpm/pool.d/www.conf 14 | 15 | ## default: 3 16 | sed -i 's/pm.max_spare_servers = [0-9]\+/pm.max_spare_servers = 20/' /etc/php/7.4/fpm/pool.d/www.conf 17 | 18 | ## Apply new settings 19 | sudo service php7.4-fpm restart 20 | sudo service nginx restart 21 | -------------------------------------------------------------------------------- /sites-available/000-default.conf: -------------------------------------------------------------------------------- 1 | 2 | # The ServerName directive sets the request scheme, hostname and port that 3 | # the server uses to identify itself. This is used when creating 4 | # redirection URLs. In the context of virtual hosts, the ServerName 5 | # specifies what hostname must appear in the request's Host: header to 6 | # match this virtual host. For the default virtual host (this file) this 7 | # value is not decisive as it is used as a last resort host regardless. 8 | # However, you must set it for any further virtual host explicitly. 9 | #ServerName www.example.com 10 | 11 | ServerAdmin webmaster@localhost 12 | DocumentRoot /var/www/html 13 | 14 | # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, 15 | # error, crit, alert, emerg. 16 | # It is also possible to configure the loglevel for particular 17 | # modules, e.g. 18 | #LogLevel info ssl:warn 19 | 20 | ErrorLog ${APACHE_LOG_DIR}/error.log 21 | CustomLog ${APACHE_LOG_DIR}/access.log combined 22 | 23 | # For most configuration files from conf-available/, which are 24 | # enabled or disabled at a global level, it is possible to 25 | # include a line for only one particular virtual host. For example the 26 | # following line enables the CGI configuration for this host only 27 | # after it has been globally disabled with "a2disconf". 28 | #Include conf-available/serve-cgi-bin.conf 29 | 30 | 31 | # vim: syntax=apache ts=4 sw=4 sts=4 sr noet 32 | -------------------------------------------------------------------------------- /sites-available/default-ssl.conf: -------------------------------------------------------------------------------- 1 | 2 | 3 | ServerAdmin webmaster@localhost 4 | 5 | DocumentRoot /var/www/html 6 | 7 | # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, 8 | # error, crit, alert, emerg. 9 | # It is also possible to configure the loglevel for particular 10 | # modules, e.g. 11 | #LogLevel info ssl:warn 12 | 13 | ErrorLog ${APACHE_LOG_DIR}/error.log 14 | CustomLog ${APACHE_LOG_DIR}/access.log combined 15 | 16 | # For most configuration files from conf-available/, which are 17 | # enabled or disabled at a global level, it is possible to 18 | # include a line for only one particular virtual host. For example the 19 | # following line enables the CGI configuration for this host only 20 | # after it has been globally disabled with "a2disconf". 21 | #Include conf-available/serve-cgi-bin.conf 22 | 23 | # SSL Engine Switch: 24 | # Enable/Disable SSL for this virtual host. 25 | SSLEngine on 26 | 27 | # A self-signed (snakeoil) certificate can be created by installing 28 | # the ssl-cert package. See 29 | # /usr/share/doc/apache2/README.Debian.gz for more info. 30 | # If both key and certificate are stored in the same file, only the 31 | # SSLCertificateFile directive is needed. 32 | SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem 33 | SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key 34 | 35 | # Server Certificate Chain: 36 | # Point SSLCertificateChainFile at a file containing the 37 | # concatenation of PEM encoded CA certificates which form the 38 | # certificate chain for the server certificate. Alternatively 39 | # the referenced file can be the same as SSLCertificateFile 40 | # when the CA certificates are directly appended to the server 41 | # certificate for convinience. 42 | #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt 43 | 44 | # Certificate Authority (CA): 45 | # Set the CA certificate verification path where to find CA 46 | # certificates for client authentication or alternatively one 47 | # huge file containing all of them (file must be PEM encoded) 48 | # Note: Inside SSLCACertificatePath you need hash symlinks 49 | # to point to the certificate files. Use the provided 50 | # Makefile to update the hash symlinks after changes. 51 | #SSLCACertificatePath /etc/ssl/certs/ 52 | #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt 53 | 54 | # Certificate Revocation Lists (CRL): 55 | # Set the CA revocation path where to find CA CRLs for client 56 | # authentication or alternatively one huge file containing all 57 | # of them (file must be PEM encoded) 58 | # Note: Inside SSLCARevocationPath you need hash symlinks 59 | # to point to the certificate files. Use the provided 60 | # Makefile to update the hash symlinks after changes. 61 | #SSLCARevocationPath /etc/apache2/ssl.crl/ 62 | #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl 63 | 64 | # Client Authentication (Type): 65 | # Client certificate verification type and depth. Types are 66 | # none, optional, require and optional_no_ca. Depth is a 67 | # number which specifies how deeply to verify the certificate 68 | # issuer chain before deciding the certificate is not valid. 69 | #SSLVerifyClient require 70 | #SSLVerifyDepth 10 71 | 72 | # SSL Engine Options: 73 | # Set various options for the SSL engine. 74 | # o FakeBasicAuth: 75 | # Translate the client X.509 into a Basic Authorisation. This means that 76 | # the standard Auth/DBMAuth methods can be used for access control. The 77 | # user name is the `one line' version of the client's X.509 certificate. 78 | # Note that no password is obtained from the user. Every entry in the user 79 | # file needs this password: `xxj31ZMTZzkVA'. 80 | # o ExportCertData: 81 | # This exports two additional environment variables: SSL_CLIENT_CERT and 82 | # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the 83 | # server (always existing) and the client (only existing when client 84 | # authentication is used). This can be used to import the certificates 85 | # into CGI scripts. 86 | # o StdEnvVars: 87 | # This exports the standard SSL/TLS related `SSL_*' environment variables. 88 | # Per default this exportation is switched off for performance reasons, 89 | # because the extraction step is an expensive operation and is usually 90 | # useless for serving static content. So one usually enables the 91 | # exportation for CGI and SSI requests only. 92 | # o OptRenegotiate: 93 | # This enables optimized SSL connection renegotiation handling when SSL 94 | # directives are used in per-directory context. 95 | #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire 96 | 97 | SSLOptions +StdEnvVars 98 | 99 | 100 | SSLOptions +StdEnvVars 101 | 102 | 103 | # SSL Protocol Adjustments: 104 | # The safe and default but still SSL/TLS standard compliant shutdown 105 | # approach is that mod_ssl sends the close notify alert but doesn't wait for 106 | # the close notify alert from client. When you need a different shutdown 107 | # approach you can use one of the following variables: 108 | # o ssl-unclean-shutdown: 109 | # This forces an unclean shutdown when the connection is closed, i.e. no 110 | # SSL close notify alert is send or allowed to received. This violates 111 | # the SSL/TLS standard but is needed for some brain-dead browsers. Use 112 | # this when you receive I/O errors because of the standard approach where 113 | # mod_ssl sends the close notify alert. 114 | # o ssl-accurate-shutdown: 115 | # This forces an accurate shutdown when the connection is closed, i.e. a 116 | # SSL close notify alert is send and mod_ssl waits for the close notify 117 | # alert of the client. This is 100% SSL/TLS standard compliant, but in 118 | # practice often causes hanging connections with brain-dead browsers. Use 119 | # this only for browsers where you know that their SSL implementation 120 | # works correctly. 121 | # Notice: Most problems of broken clients are also related to the HTTP 122 | # keep-alive facility, so you usually additionally want to disable 123 | # keep-alive for those clients, too. Use variable "nokeepalive" for this. 124 | # Similarly, one has to force some clients to use HTTP/1.0 to workaround 125 | # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and 126 | # "force-response-1.0" for this. 127 | # BrowserMatch "MSIE [2-6]" \ 128 | # nokeepalive ssl-unclean-shutdown \ 129 | # downgrade-1.0 force-response-1.0 130 | 131 | 132 | 133 | 134 | # vim: syntax=apache ts=4 sw=4 sts=4 sr noet 135 | -------------------------------------------------------------------------------- /sites-available/php_proxy.conf: -------------------------------------------------------------------------------- 1 | # Assumes 8 GB RAM 2 | # How much RAM should be allocated to each Apache process? This is measured in kB (kilobytes) because MemTotal below is given in kB 3 | # RSS for an average apache2 php-proxy instance is anywhere from 10-15 MB 4 | # Actual unique memory taken up by each is 2-5 MB. Factor in all the "shared memory", and the real average should be about 5 MB 5 | 6 | ServerName localhost 7 | 8 | 9 | DocumentRoot /var/www/ 10 | 11 | 12 | ServerLimit 512 13 | 14 | 15 | StartServers 5 16 | MinSpareServers 5 17 | MaxSpareServers 10 18 | MaxClients 512 19 | MaxRequestsPerChild 0 20 | 21 | 22 | ExtendedStatus On 23 | 24 | 25 | SetHandler server-status 26 | 27 | -------------------------------------------------------------------------------- /ubuntu18.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | sudo apt-get update && sudo apt-get -y upgrade 4 | 5 | ## git for composer and bc for math operations - vnstat for bandwidth 6 | sudo apt-get -y install git bc curl vnstat 7 | 8 | # LAMP setup 9 | sudo apt-get -y install apache2 php libapache2-mod-php php-curl php-mbstring 10 | 11 | # We need composer 12 | sudo apt-get -y install composer 13 | 14 | # We need youtube-dl too - this takes a while to install.... 15 | ## sudo apt-get -y install youtube-dl 16 | 17 | sudo wget https://yt-dl.org/latest/youtube-dl -O /usr/local/bin/youtube-dl 18 | sudo chmod a+x /usr/local/bin/youtube-dl 19 | 20 | # Apache2 optimization - install what's needed - disable what's not needed. 21 | # -f to avoid "WARNING: The following essential module will be disabled" 22 | a2enmod status 23 | a2dismod -f deflate alias rewrite 24 | 25 | sudo systemctl restart apache2 26 | # sudo service apache2 restart 27 | 28 | ## Download the php_proxy.conf 29 | wget https://raw.githubusercontent.com/Athlon1600/php-proxy-installer/master/sites-available/php_proxy.conf -O /etc/apache2/sites-available/php_proxy.conf 30 | 31 | a2dissite 000-default 32 | a2ensite php_proxy 33 | 34 | # restart again 35 | sudo systemctl restart apache2 36 | 37 | # remove default stuff from apache home directory 38 | # post 2.4: The default Ubuntu document root is /var/www/html. 39 | rm -rf /var/www/* 40 | 41 | # Otherwise you cannot install to non-empty dir 42 | composer create-project athlon1600/php-proxy-app:dev-master /var/www/ --no-interaction 43 | 44 | 45 | ## Enable SSL now 46 | 47 | sudo apt-get -y install software-properties-common 48 | sudo add-apt-repository -y universe 49 | sudo add-apt-repository -y ppa:certbot/certbot 50 | sudo apt-get update 51 | sudo apt-get -y install certbot python-certbot-apache 52 | 53 | # https://certbot.eff.org/docs/using.html#certbot-command-line-options 54 | ## Will ask for an email. Optional: --email email@email.com 55 | ## Will ask for domain. Optional: --domain domain.com 56 | ## Make it non-interactive: -n 57 | sudo certbot --apache --agree-tos --register-unsafely-without-email --redirect 58 | 59 | --------------------------------------------------------------------------------