├── .travis.yml ├── LICENSE ├── README.md ├── config.inc.example ├── docs ├── README.md └── _config.yml └── wo-nginx-setup.sh /.travis.yml: -------------------------------------------------------------------------------- 1 | language: bash 2 | 3 | dist: xenial 4 | 5 | cache: 6 | directories: 7 | - /usr/local/src 8 | 9 | before_install: 10 | - rm -rf ~/.gnupg 11 | 12 | before_script: 13 | - sudo rm -rf /etc/mysql/ 14 | - sudo apt-get -qq purge mysql* graphviz* 15 | - sudo apt-get -qq autoremove 16 | - sudo apt-get update -q 17 | 18 | script: 19 | - lsb_release -a 20 | - sudo echo "Travis Banch = $TRAVIS_BRANCH" 21 | - sudo bash wo-nginx-setup.sh --travis $TRAVIS_BRANCH || sudo tail -n 100 /var/log/wo/wordops.log 22 | - sudo wo site create wordops.org --wp || sudo tail -n 100 /var/log/wo/wordops.log 23 | - sudo wo site create wordops.io --mysql || sudo tail -n 100 /var/log/wo/wordops.log 24 | - sudo nginx -t 25 | - sudo chown -R travis /usr/local/src 26 | - sudo chmod 755 /usr/local/src 27 | 28 | 29 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 VirtuBox 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Bash script to automate optimized WordOps setup 2 | 3 | --- 4 | 5 | ## :warning: Not maintained 6 | 7 | --- 8 | 9 | ![commits](https://img.shields.io/github/last-commit/virtubox/wo-nginx-setup.svg?style=flat) 10 | 11 | * * * 12 | 13 | ## Server Stack 14 | 15 | - Nginx 1.16.x/1.15 with [nginx-ee](https://virtubox.github.io/nginx-ee/) 16 | - PHP-FPM 7.2/7.3 17 | - MariaDB 10.1/10.2/10.3 18 | - REDIS 5.0 19 | - Fail2ban 20 | - UFW Firewall 21 | - ClamAV Antivirus 22 | - Netdata 23 | - Proftpd 24 | 25 | * * * 26 | 27 | **Documentation available here : [Ubuntu-Nginx-Web-Server](https://virtubox.github.io/ubuntu-nginx-web-server/)** 28 | 29 | ### Features 30 | 31 | - Automated MariaDB server or client installation (10.1/10.2/10.3) 32 | - Linux server tweaks 33 | - [WordOps](https://github.com/WordOps/WordOps) automated installation 34 | - Latest Nginx release compiled with [nginx-ee](https://virtubox.github.io/nginx-ee/) 35 | - UFW configuration with custom SSH port 36 | - Fail2ban Installation & Configuration 37 | - Cloudflare visitor real IP configuration 38 | - [WordOps-Dashboard](https://github.com/WordOps/wordops-dashboard) installation 39 | - Proftpd installation & configuration 40 | 41 | ### Compatibility 42 | 43 | - Ubuntu 16.04 LTS 44 | - Ubuntu 18.04 LTS 45 | 46 | ### Requirements 47 | 48 | - login as root 49 | - ssh connection with ssh keys (Recommended SSH software on Windows : [Mobaxterm](https://mobaxterm.mobatek.net/)) 50 | - VPS or dedicated server with at least 2GB RAM (Recommended Proviers : Hetzner, OVH, DigitalOcean, Linode, Vultr, Scaleway) 51 | 52 | ### Usage 53 | 54 | #### Interactive install in a single command 55 | 56 | ```bash 57 | bash <(wget -O - vtb.cx/wo-nginx-setup || curl -sL vtb.cx/wo-nginx-setup) -i 58 | ``` 59 | 60 | #### Alternative method : Clone the repository 61 | 62 | ```bash 63 | git clone https://github.com/VirtuBox/wo-nginx-setup.git $HOME/wo-nginx-setup 64 | cd $HOME/wo-nginx-setup 65 | ``` 66 | 67 | Make wo-nginx-setup executable 68 | 69 | ```bash 70 | chmod +x $HOME/wo-nginx-setup 71 | ``` 72 | 73 | Launch install 74 | 75 | ```bash 76 | $HOME/wo-nginx-setup 77 | ``` 78 | 79 | 80 | #### Set configuration with config.inc file 81 | 82 | Clone the repository 83 | 84 | ```bash 85 | git clone https://github.com/VirtuBox/wo-nginx-setup.git $HOME/wo-nginx-setup 86 | cd $HOME/wo-nginx-setup 87 | ``` 88 | 89 | Copy config.inc.example into config.inc and edit it 90 | 91 | ```bash 92 | cp config.inc.example config.inc 93 | nano config.inc 94 | ``` 95 | 96 | Set "y" or "n" to enable or disable features and then run the script 97 | 98 | ```bash 99 | chmod +x wo-nginx-setup.sh && ./wo-nginx-setup.sh 100 | ``` 101 | 102 | Published & maintained by [VirtuBox](https://virtubox.net) 103 | -------------------------------------------------------------------------------- /config.inc.example: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ################################## 4 | # WordOps Setup Config 5 | ################################## 6 | 7 | # n = disabled 8 | # y = enabled 9 | 10 | ################################## 11 | # MariaDB Config 12 | ################################## 13 | 14 | # install MariaDB server 15 | 16 | MARIADB_SERVER_INSTALL="y" 17 | 18 | # MariaDB server release 19 | MARIADB_VERSION_INSTALL="10.3" 20 | 21 | ################################## 22 | # Remote MySQL Config 23 | ################################## 24 | 25 | # Remote MySQL server 26 | 27 | MARIADB_CLIENT_INSTALL="n" 28 | 29 | # Remote MySQL server credentials 30 | # required only if MARIADB_CLIENT_INSTALL="y" 31 | # leave empty if you do not want to use a remote MySQL server 32 | 33 | MARIADB_REMOTE_IP="" 34 | MARIADB_REMOTE_USER="" 35 | MARIADB_REMOTE_PASSWORD="" 36 | 37 | ################################## 38 | # PHP 39 | ################################## 40 | 41 | # Install php7.3 42 | PHP73_INSTALL="y" 43 | 44 | ################################## 45 | # Additional software 46 | ################################## 47 | 48 | # proftpd FTP server 49 | PROFTPD_INSTALL="n" 50 | 51 | # ClamAV Antivirus 52 | CLAMAV_INSTALL="n" 53 | 54 | # Wordops-Dashboard (WordOps-dashboard : https://github.com/WordOps/wordops-dashboard) 55 | WO_DASHBOARD_INSTALL="y" 56 | -------------------------------------------------------------------------------- /docs/README.md: -------------------------------------------------------------------------------- 1 | # Bash script to automate optimized WordOps setup 2 | 3 | [![Build Status](https://travis-ci.com/VirtuBox/wo-nginx-setup.svg?branch=master)](https://travis-ci.com/VirtuBox/wo-nginx-setup) ![wo-nginx-setup](https://img.shields.io/github/license/VirtuBox/wo-nginx-setup.svg?style=flat) ![](https://img.shields.io/github/last-commit/virtubox/wo-nginx-setup.svg?style=flat) 4 | 5 | * * * 6 | 7 | ## Server Stack 8 | 9 | - Nginx 1.15.x/1.14 with [nginx-ee](https://virtubox.github.io/nginx-ee/) 10 | - PHP-FPM 7.2/7.3 11 | - MariaDB 10.1/10.2/10.3 12 | - REDIS 5.0 13 | - Fail2ban 14 | - UFW Firewall 15 | - ClamAV Antivirus 16 | - Netdata 17 | - Proftpd 18 | - Acme.sh with [ee-acme-sh](https://virtubox.github.io/ee-acme-sh/) 19 | 20 | * * * 21 | 22 | **Documentation available here : [Ubuntu-Nginx-Web-Server](https://virtubox.github.io/ubuntu-nginx-web-server/)** 23 | 24 | ### Features 25 | 26 | - Automated MariaDB server or client installation (10.1/10.2/10.3) 27 | - Linux server tweaks 28 | - [WordOps](https://github.com/WordOps/WordOps) automated installation 29 | - php7.2-fpm/php7.3-fpm installation & configuration 30 | - Latest Nginx release compiled with [nginx-ee](https://virtubox.github.io/nginx-ee/) 31 | - UFW configuration with custom SSH port 32 | - Fail2ban Installation & Configuration 33 | - Cloudflare visitor real IP configuration 34 | - [Netdata](https://github.com/firehol/netdata/) and [EasyEngine-Dashboard](https://virtubox.github.io/easyengine-dashboard/) installation 35 | - Proftpd installation & configuration 36 | 37 | ### Compatibility 38 | 39 | - Ubuntu 16.04 LTS 40 | - Ubuntu 18.04 LTS 41 | 42 | ### Requirements 43 | 44 | - login as root 45 | - ssh connection with ssh keys (Recommended SSH software on Windows : [Mobaxterm](https://mobaxterm.mobatek.net/)) 46 | - VPS or dedicated server with at least 2GB RAM (Recommended Proviers : Hetzner, OVH, DigitalOcean, Linode, Vultr, Scaleway) 47 | 48 | ### Usage 49 | 50 | ### Interactive install in a single command 51 | 52 | ```bash 53 | bash <(wget -O - virtubox.net/wo-nginx-setup || curl -sL virtubox.net/wo-nginx-setup) -i 54 | ``` 55 | 56 | ### Install configuration with config.inc file 57 | 58 | Clone the repository 59 | 60 | ```bash 61 | git clone https://github.com/VirtuBox/wo-nginx-setup.git $HOME/wo-nginx-setup 62 | cd $HOME/wo-nginx-setup 63 | ``` 64 | 65 | Copy config.inc.example into config.inc and edit it 66 | 67 | ```bash 68 | cp config.inc.example config.inc 69 | nano config.inc 70 | ``` 71 | 72 | Set "y" or "n" to enable or disable features and then run the script 73 | 74 | ```bash 75 | chmod +x wo-nginx-setup.sh && ./wo-nginx-setup.sh 76 | ``` 77 | 78 | Published & maintained by [VirtuBox](https://virtubox.net) 79 | -------------------------------------------------------------------------------- /docs/_config.yml: -------------------------------------------------------------------------------- 1 | theme: jekyll-theme-cayman -------------------------------------------------------------------------------- /wo-nginx-setup.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # ------------------------------------------------------------------------- 3 | # WO-NGINX-SETUP - automated WordOps server setup script 4 | # ------------------------------------------------------------------------- 5 | # Website: https://virtubox.net 6 | # GitHub: https://github.com/VirtuBox/ee-nginx-setup 7 | # Copyright (c) 2018 VirtuBox 8 | # This script is licensed under M.I.T 9 | # ------------------------------------------------------------------------- 10 | # Version 1.0 - 2019-02-19 11 | # ------------------------------------------------------------------------- 12 | 13 | CSI='\033[' 14 | CEND="${CSI}0m" 15 | CGREEN="${CSI}1;32m" 16 | 17 | ################################## 18 | # Variables 19 | ################################## 20 | 21 | WO_DASHBOARD_INSTALL="y" 22 | MARIADB_SERVER_INSTALL="y" 23 | 24 | 25 | ################################## 26 | # Check if user is root 27 | ################################## 28 | 29 | [ "$(id -u)" != "0" ] && { 30 | echo "Error: You must be root to run this script, please use the root user to install the software." 31 | echo "" 32 | echo "Use 'sudo su - root' to login as root" 33 | exit 1 34 | } 35 | 36 | ### Make Sure Sudo available ### 37 | 38 | [ -z "$(command -v sudo)" ] && { apt-get -y install sudo >>/dev/null 2>&1; } 39 | [ -z "$(command -v curl)" ] && { apt-get -y install curl >>/dev/null 2>&1; } 40 | 41 | 42 | 43 | ################################## 44 | # help 45 | ################################## 46 | 47 | _help() { 48 | echo "WO-NGINX-SETUP - automated WordOps server setup script" 49 | echo "Usage: ./wo-nginx-setup.sh [options]" 50 | echo " Options:" 51 | echo " --remote-mysql ..... install mysql-client for remote mysql access" 52 | echo " -i | --interactive ..... interactive installation mode" 53 | echo " --proftpd ..... install proftpd" 54 | echo " --mariadb ..... set mariadb version manually (default 10.3)" 55 | echo " Other options :" 56 | echo " -h, --help, help ... displays this help information" 57 | echo "" 58 | return 0 59 | } 60 | 61 | ################################## 62 | # SSH Keys check 63 | ################################## 64 | 65 | if [ -d $HOME/.ssh ]; then 66 | ecdsa_keys_check=$(grep "ecdsa-sha2" -r $HOME/.ssh) 67 | rsa_keys_check=$(grep "ssh-rsa" -r $HOME/.ssh) 68 | ed25519_keys_check=$(grep "ssh-ed25519" -r $HOME/.ssh) 69 | if [ -z "$ecdsa_keys_check" ] && [ -z "$rsa_keys_check" ] && [ -z "$ed25519_keys_check" ]; then 70 | echo "This script require to use ssh keys authentification. Please make sure you have properly added your public ssh keys into .ssh/authorized_keys" 71 | exit 1 72 | fi 73 | else 74 | echo "This script require to use ssh keys authentification. Please make sure you have properly added your public ssh keys into .ssh/authorized_keys" 75 | exit 1 76 | fi 77 | 78 | ################################## 79 | # Arguments Parsing 80 | ################################## 81 | 82 | ### Read config 83 | if [ -f ./config.inc ]; then 84 | { 85 | # shellcheck disable=SC1091 86 | . ./config.inc 87 | } 88 | else 89 | { 90 | while [ "$#" -gt 0 ]; do 91 | case "$1" in 92 | -i | --interactive) 93 | INTERACTIVE_SETUP="y" 94 | ;; 95 | --proftpd) 96 | PROFTPD_INSTALL="y" 97 | ;; 98 | --remote-mysql) 99 | MARIADB_CLIENT_INSTALL="y" 100 | ;; 101 | --mariadb) 102 | MARIADB_VERSION_INSTALL="$2" 103 | shift 104 | ;; 105 | --clamav) 106 | CLAMAV_INSTALL="y" 107 | ;; 108 | --ee-cleanup) 109 | EE_CLEANUP="y" 110 | ;; 111 | --travis) 112 | TRAVIS_BUILD="y" 113 | ;; 114 | -h|--help) 115 | _help 116 | exit 1 117 | ;; 118 | *) ;; 119 | esac 120 | shift 121 | done 122 | } 123 | fi 124 | 125 | ################################## 126 | # Welcome 127 | ################################## 128 | 129 | echo "" 130 | echo "Welcome to Wo-Nginx-setup script." 131 | echo "" 132 | 133 | [ -d /etc/ee ] && { 134 | EE_PREVIOUS_INSTALL=1 135 | } 136 | 137 | [ -d /etc/wo ] && { 138 | WO_PREVIOUS_INSTALL=1 139 | } 140 | 141 | ################################## 142 | # Menu 143 | ################################## 144 | 145 | 146 | 147 | if [ "$INTERACTIVE_SETUP" = "y" ]; then 148 | if [ -z "$(command -v mysqladmin)" ]; then 149 | echo "#####################################" 150 | echo "MariaDB server" 151 | echo "#####################################" 152 | echo "" 153 | echo "Do you want to install MariaDB-server ? (y/n)" 154 | while [[ $MARIADB_SERVER_INSTALL != "y" && $MARIADB_SERVER_INSTALL != "n" ]]; do 155 | read -p "Select an option [y/n]: " MARIADB_SERVER_INSTALL 156 | done 157 | if [ "$MARIADB_SERVER_INSTALL" = "n" ]; then 158 | echo "" 159 | echo "Do you want to install MariaDB-client for a remote database ? (y/n)" 160 | while [[ $MARIADB_CLIENT_INSTALL != "y" && $MARIADB_CLIENT_INSTALL != "n" ]]; do 161 | read -p "Select an option [y/n]: " MARIADB_CLIENT_INSTALL 162 | done 163 | fi 164 | if [ "$MARIADB_CLIENT_INSTALL" = "y" ]; then 165 | echo "" 166 | echo "What is the IP of your remote database ?" 167 | read -p "IP : " MARIADB_REMOTE_IP 168 | echo "" 169 | echo "What is the user of your remote database ?" 170 | read -p "User : " MARIADB_REMOTE_USER 171 | echo "" 172 | echo "What is the password of your remote database ?" 173 | read -s -p "password [hidden] : " MARIADB_REMOTE_PASSWORD 174 | fi 175 | if [[ "$MARIADB_SERVER_INSTALL" == "y" || "$MARIADB_CLIENT_INSTALL" == "y" ]]; then 176 | echo "" 177 | echo "What version of MariaDB Client/Server do you want to install, 10.1, 10.2 or 10.3 ?" 178 | while [[ $MARIADB_VERSION_INSTALL != "10.1" && $MARIADB_VERSION_INSTALL != "10.2" && $MARIADB_VERSION_INSTALL != "10.3" ]]; do 179 | read -p "Select an option [10.1 / 10.2 / 10.3]: " MARIADB_VERSION_INSTALL 180 | done 181 | fi 182 | sleep 1 183 | fi 184 | # if [ ! -d /etc/php/7.3/fpm/pool.d ]; then 185 | # echo "" 186 | # echo "#####################################" 187 | # echo "PHP" 188 | # echo "#####################################" 189 | # echo "" 190 | # echo "Do you want to install PHP 7.3 ? (y/n)" 191 | # while [[ $PHP73_INSTALL != "y" && $PHP73_INSTALL != "n" ]]; do 192 | # read -p "Select an option [y/n]: " PHP73_INSTALL 193 | # done 194 | # fi 195 | # sleep 1 196 | echo "" 197 | if [ ! -d /etc/proftpd ]; then 198 | echo "" 199 | echo "#####################################" 200 | echo "FTP" 201 | echo "#####################################" 202 | echo "Do you want to install proftpd ? (y/n)" 203 | while [[ $PROFTPD_INSTALL != "y" && $PROFTPD_INSTALL != "n" ]]; do 204 | read -p "Select an option [y/n]: " PROFTPD_INSTALL 205 | done 206 | fi 207 | if [ -z "$(command -v clamscan)" ]; then 208 | echo "" 209 | echo "#####################################" 210 | echo "FTP" 211 | echo "#####################################" 212 | echo "Do you want to install ClamAV ? (y/n)" 213 | while [[ $CLAMAV_INSTALL != "y" && $CLAMAV_INSTALL != "n" ]]; do 214 | read -p "Select an option [y/n]: " CLAMAV_INSTALL 215 | done 216 | fi 217 | echo "" 218 | echo "#####################################" 219 | echo "FTP" 220 | echo "#####################################" 221 | echo "Do you want to install WordOps Dashboard ? (y/n)" 222 | while [[ $WO_DASHBOARD_INSTALL != "y" && $WO_DASHBOARD_INSTALL != "n" ]]; do 223 | read -p "Select an option [y/n]: " WO_DASHBOARD_INSTALL 224 | done 225 | echo "" 226 | if [ "$EE_PREVIOUS_INSTALL" = "1" ]; then 227 | echo "#####################################" 228 | echo "EasyEngine Cleanup" 229 | echo "#####################################" 230 | echo "Do you want to cleanup previous EasyEngine install ? (y/n)" 231 | while [[ $EE_CLEANUP != "y" && $EE_CLEANUP != "n" ]]; do 232 | read -p "Select an option [y/n]: " EE_CLEANUP 233 | done 234 | echo "" 235 | fi 236 | echo "#####################################" 237 | echo "Starting server setup in 5 seconds" 238 | echo "use CTRL + C if you want to cancel installation" 239 | echo "#####################################" 240 | sleep 5 241 | else 242 | if [ "$MARIADB_CLIENT_INSTALL" = "y" ]; then 243 | echo "" 244 | echo "What is the IP of your remote database ?" 245 | read -p "IP : " MARIADB_REMOTE_IP 246 | echo "" 247 | echo "What is the user of your remote database ?" 248 | read -p "User : " MARIADB_REMOTE_USER 249 | echo "" 250 | echo "What is the password of your remote database ?" 251 | read -s -p "password [hidden] : " MARIADB_REMOTE_PASSWORD 252 | fi 253 | 254 | fi 255 | 256 | ################################## 257 | # Update packages 258 | ################################## 259 | 260 | echo "##########################################" 261 | echo " Updating Packages" 262 | echo "##########################################" 263 | 264 | [ -z "$TRAVIS_BUILD" ] && { 265 | 266 | apt-get update 267 | apt-get dist-upgrade -y 268 | apt-get autoremove -y --purge 269 | apt-get autoclean -y 270 | 271 | } 272 | 273 | echo "##########################################" 274 | echo " Updating Packages [OK]" 275 | echo "##########################################" 276 | 277 | ################################## 278 | # Useful packages 279 | ################################## 280 | 281 | echo "##########################################" 282 | echo " Installing useful packages" 283 | echo "##########################################" 284 | 285 | apt-get install haveged curl git unzip zip fail2ban htop nload nmon tar gzip ntp gnupg gnupg2 wget pigz tree ccze mycli screen tmux -y 286 | 287 | # ntp time 288 | systemctl enable ntp 289 | 290 | # increase history size 291 | export HISTSIZE=10000 292 | 293 | ################################## 294 | # clone repository 295 | ################################## 296 | echo "###########################################" 297 | echo " Cloning Ubuntu-nginx-web-server repository" 298 | echo "###########################################" 299 | 300 | if [ ! -d $HOME/ubuntu-nginx-web-server ]; then 301 | git clone https://github.com/VirtuBox/ubuntu-nginx-web-server.git $HOME/ubuntu-nginx-web-server 302 | else 303 | git -C $HOME/ubuntu-nginx-web-server pull origin master 304 | fi 305 | 306 | ################################## 307 | # Secure SSH server 308 | ################################## 309 | 310 | # get current ssh port 311 | CURRENT_SSH_PORT=$(grep "Port" /etc/ssh/sshd_config | awk -F " " '{print $2}') 312 | 313 | # download secure sshd_config 314 | cp -f $HOME/ubuntu-nginx-web-server/etc/ssh/sshd_config /etc/ssh/sshd_config 315 | 316 | # change ssh default port 317 | sed -i "s/Port 22/Port $CURRENT_SSH_PORT/" /etc/ssh/sshd_config 318 | 319 | # restart ssh service 320 | service ssh restart 321 | 322 | ################################## 323 | # ufw 324 | ################################## 325 | 326 | echo "##########################################" 327 | echo " Configuring ufw" 328 | echo "##########################################" 329 | 330 | if [ ! -d /etc/ufw ]; then 331 | apt-get install ufw -y 332 | fi 333 | 334 | # define firewall rules 335 | 336 | ufw logging low 337 | ufw default allow outgoing 338 | ufw default deny incoming 339 | 340 | # default ssh port 341 | ufw allow 22 342 | 343 | # custom ssh port 344 | if [ "$CURRENT_SSH_PORT" != "22" ];then 345 | ufw allow "$CURRENT_SSH_PORT" 346 | fi 347 | 348 | # dns 349 | ufw allow 53 350 | 351 | # nginx 352 | ufw allow http 353 | ufw allow https 354 | 355 | # ntp 356 | ufw allow 123 357 | 358 | # dhcp client 359 | ufw allow 68 360 | 361 | # dhcp ipv6 client 362 | ufw allow 546 363 | 364 | # rsync 365 | ufw allow 873 366 | 367 | # easyengine backend 368 | ufw allow 22222 369 | 370 | # optional for monitoring 371 | 372 | # SNMP UDP port 373 | #ufw allow 161 374 | 375 | # Netdata web interface 376 | #ufw allow 1999 377 | 378 | # Librenms linux agent 379 | #ufw allow 6556 380 | 381 | # Zabbix-agent 382 | #ufw allow 10050 383 | 384 | ################################## 385 | # Sysctl tweaks + open_files limits 386 | ################################## 387 | 388 | echo "##########################################" 389 | echo " Applying Linux Kernel tweaks" 390 | echo "##########################################" 391 | 392 | cp -f $HOME/ubuntu-nginx-web-server/etc/sysctl.d/60-ubuntu-nginx-web-server.conf /etc/sysctl.d/60-ubuntu-nginx-web-server.conf 393 | cp -f $HOME/ubuntu-nginx-web-server/etc/security/limits.conf /etc/security/limits.conf 394 | 395 | # Redis transparent_hugepage 396 | echo never >/sys/kernel/mm/transparent_hugepage/enabled 397 | 398 | # disable ip forwarding if docker is not installed 399 | if [ ! -x /usr/bin/docker ]; then 400 | 401 | echo "" >>/etc/sysctl.d/60-ubuntu-nginx-web-server.conf 402 | { 403 | echo "# Disables packet forwarding" 404 | echo "net.ipv4.ip_forward = 0" 405 | echo "net.ipv4.conf.all.forwarding = 0" 406 | echo "net.ipv4.conf.default.forwarding = 0" 407 | echo "net.ipv6.conf.all.forwarding = 0" 408 | echo "net.ipv6.conf.default.forwarding = 0" 409 | } >>/etc/sysctl.d/60-ubuntu-nginx-web-server.conf 410 | 411 | fi 412 | 413 | # additional systcl configuration with network interface name 414 | # get network interface names like eth0, ens18 or eno1 415 | # for each interface found, add the following configuration to sysctl 416 | 417 | NET_INTERFACES_WAN=$(ip -4 route get 8.8.8.8 | grep -oP "dev [^[:space:]]+ " | cut -d ' ' -f 2) 418 | echo "" >>/etc/sysctl.d/60-ubuntu-nginx-web-server.conf 419 | { 420 | echo "# do not autoconfigure IPv6 on $NET_INTERFACES_WAN" 421 | echo "net.ipv6.conf.$NET_INTERFACES_WAN.autoconf = 0" 422 | echo "net.ipv6.conf.$NET_INTERFACES_WAN.accept_ra = 0" 423 | echo "net.ipv6.conf.$NET_INTERFACES_WAN.accept_ra = 0" 424 | echo "net.ipv6.conf.$NET_INTERFACES_WAN.autoconf = 0" 425 | echo "net.ipv6.conf.$NET_INTERFACES_WAN.accept_ra_defrtr = 0" 426 | } >>/etc/sysctl.d/60-ubuntu-nginx-web-server.conf 427 | 428 | sysctl -e -p /etc/sysctl.d/60-ubuntu-nginx-web-server.conf 429 | 430 | ################################## 431 | # Add MariaDB 10.3 repository 432 | ################################## 433 | 434 | if [ "$MARIADB_SERVER_INSTALL" = "y" ]; then 435 | [ -z "$MARIADB_VERSION_INSTALL" ] && { 436 | MARIADB_VERSION_INSTALL="10.3" 437 | } 438 | if [ ! -f /etc/apt/sources.list.d/mariadb.list ]; then 439 | echo "" 440 | echo "##########################################" 441 | echo " Adding MariaDB $MARIADB_VERSION_INSTALL repository" 442 | echo "##########################################" 443 | 444 | wget -O mariadb_repo_setup https://downloads.mariadb.com/MariaDB/mariadb_repo_setup 445 | chmod +x mariadb_repo_setup 446 | ./mariadb_repo_setup --mariadb-server-version="$MARIADB_VERSION_INSTALL" --skip-maxscale -y 447 | rm mariadb_repo_setup 448 | apt-get update 449 | 450 | fi 451 | 452 | ################################## 453 | # MariaDB 10.3 install 454 | ################################## 455 | 456 | # install mariadb server non-interactive way 457 | if [ ! -d /etc/mysql ]; then 458 | echo "" 459 | echo "##########################################" 460 | echo " Installing MariaDB server $MARIADB_VERSION_INSTALL" 461 | echo "##########################################" 462 | 463 | # generate random password 464 | MYSQL_ROOT_PASS="$(date +%s | sha256sum | base64 | head -c 32)" 465 | export DEBIAN_FRONTEND=noninteractive # to avoid prompt during installation 466 | debconf-set-selections <<<"mariadb-server-${MARIADB_VERSION_INSTALL} mysql-server/root_password password ${MYSQL_ROOT_PASS}" 467 | debconf-set-selections <<<"mariadb-server-${MARIADB_VERSION_INSTALL} mysql-server/root_password_again password ${MYSQL_ROOT_PASS}" 468 | # install mariadb server 469 | DEBIAN_FRONTEND=noninteractive apt-get install -qq mariadb-server # -qq implies -y --force-yes 470 | # save credentials in .my.cnf and copy it in /etc/mysql/conf.d for easyengine 471 | echo -e '[client]\nuser = root' > $HOME/.my.cnf 472 | echo "password = $MYSQL_ROOT_PASS" >>$HOME/.my.cnf 473 | cp -f $HOME/.my.cnf /etc/mysql/conf.d/my.cnf 474 | 475 | ## mysql_secure_installation non-interactive way 476 | mysql -e "GRANT ALL PRIVILEGES on *.* to 'root'@'localhost' IDENTIFIED BY '$MYSQL_ROOT_PASS' WITH GRANT OPTION;" 477 | # remove anonymous users 478 | mysql -e "DROP USER ''@'localhost'" > /dev/null 2>&1 479 | mysql -e "DROP USER ''@'$(hostname)'" > /dev/null 2>&1 480 | # remove test database 481 | mysql -e "DROP DATABASE test" > /dev/null 2>&1 482 | # flush privileges 483 | mysql -e "FLUSH PRIVILEGES" 484 | 485 | 486 | ################################## 487 | # MariaDB tweaks 488 | ################################## 489 | 490 | echo "##########################################" 491 | echo " Optimizing MariaDB configuration" 492 | echo "##########################################" 493 | 494 | cp -f $HOME/ubuntu-nginx-web-server/etc/mysql/my.cnf /etc/mysql/my.cnf 495 | 496 | # AVAILABLE_MEMORY=$(awk '/MemTotal/ {print int($2/1024)}' /proc/meminfo) 497 | # PERCENT="40" 498 | # MYSQL_MEMORY_USAGE=$((MEM*PERCENT/100)) 499 | 500 | # sed -i -e "/\[mysqld\]/,/\[.*\]/s/^innodb_buffer_pool_size/#innodb_buffer_pool_size/" /etc/mysql/my.cnf 501 | 502 | # sed -i -e 's/innodb_buffer_pool_size = [0-9]\+M/innodb_buffer_pool_size = 512M/' /etc/mysql/my.cnf 503 | 504 | # AVAILABLE_MEMORY=$(grep MemTotal /proc/meminfo | awk '{print $2}') 505 | # BUFFER_POOL_SIZE=$(( $AVAILABLE_MEMORY / 2000 )) 506 | # LOG_FILE_SIZE=$(( $AVAILABLE_MEMORY / 16000 )) 507 | # LOG_BUFFER_SIZE=$(( $AVAILABLE_MEMORY / 8000 )) 508 | 509 | # sed -i "s/innodb_buffer_pool_size = 2G/innodb_buffer_pool_size = $BUFFER_POOL_SIZE\\M/" /etc/mysql/my.cnf 510 | # sed -i "s/innodb_log_file_size = 256M/innodb_log_file_size = $LOG_FILE_SIZE\\M/" /etc/mysql/my.cnf 511 | # sed -i "s/innodb_log_buffer_size = 512M/innodb_log_buffer_size = $LOG_BUFFER_SIZE\\M/" /etc/mysql/my.cnf 512 | 513 | # stop mysql service to apply new InnoDB log file size 514 | service mysql stop 515 | 516 | # mv previous log file 517 | mv /var/lib/mysql/ib_logfile0 /var/lib/mysql/ib_logfile0.bak 518 | mv /var/lib/mysql/ib_logfile1 /var/lib/mysql/ib_logfile1.bak 519 | 520 | # increase mariadb open_files_limit 521 | cp -f $HOME/ubuntu-nginx-web-server/etc/systemd/system/mariadb.service.d/limits.conf /etc/systemd/system/mariadb.service.d/limits.conf 522 | 523 | # reload daemon 524 | systemctl daemon-reload 525 | 526 | # restart mysql 527 | service mysql start 528 | 529 | fi 530 | fi 531 | 532 | if [ "$MARIADB_CLIENT_INSTALL" = "y" ]; then 533 | 534 | echo "installing mariadb-client" 535 | 536 | # install mariadb-client 537 | apt-get install -y mariadb-client 538 | 539 | # set mysql credentials in .my.cnf 540 | echo "[client]" >>$HOME/.my.cnf 541 | echo "host = $MARIADB_REMOTE_IP" >>$HOME/.my.cnf 542 | echo "port = 3306" >>$HOME/.my.cnf 543 | echo "user = $MARIADB_REMOTE_USER" >>$HOME/.my.cnf 544 | echo "password = $MARIADB_REMOTE_PASSWORD" >>$HOME/.my.cnf 545 | 546 | # copy .my.cnf in /etc/mysql/conf.d/ for easyengine 547 | cp $HOME/.my.cnf /etc/mysql/conf.d/my.cnf 548 | fi 549 | 550 | ################################## 551 | # WordOps automated install 552 | ################################## 553 | 554 | if [ -z "$WO_PREVIOUS_INSTALL" ]; then 555 | 556 | if [ ! -f $HOME/.gitconfig ]; then 557 | # define git username and email for non-interactive install 558 | sudo bash -c 'echo -e "[user]\n\tname = $USER\n\temail = $USER@$HOSTNAME" > $HOME/.gitconfig' 559 | fi 560 | if [ ! -x /usr/local/bin/wo ]; then 561 | echo "##########################################" 562 | echo " Installing WordOps" 563 | echo "##########################################" 564 | 565 | wget -O wo https://raw.githubusercontent.com/WordOps/WordOps/master/install 566 | chmod +x wo 567 | ./wo 568 | source /etc/bash_completion.d/wo_auto.rc 569 | rm wo 570 | 571 | fi 572 | 573 | ################################## 574 | # WordOps stacks install 575 | ################################## 576 | 577 | if [ "$MARIADB_CLIENT_INSTALL" = "y" ]; then 578 | # change MySQL host to % in case of remote MySQL server 579 | sed -i 's/grant-host = localhost/grant-host = \%/' /etc/wo/wo.conf 580 | fi 581 | 582 | echo "##########################################" 583 | echo " Installing WordOps Stack" 584 | echo "##########################################" 585 | 586 | /usr/local/bin/wo stack install 587 | 588 | ################################## 589 | # Fix phpmyadmin install 590 | ################################## 591 | # echo "##########################################" 592 | # echo " Updating phpmyadmin" 593 | # echo "##########################################" 594 | 595 | # # install composer 596 | # cd ~/ || exit 597 | # curl -sS https://getcomposer.org/installer | php 598 | # mv composer.phar /usr/bin/composer 599 | 600 | # # change owner of /var/www to allow composer cache 601 | # chown www-data:www-data /var/www 602 | # # update phpmyadmin with composer 603 | # if [ -d /var/www/22222/htdocs/db/pma ]; then 604 | # -u www-data -H composer update -d /var/www/22222/htdocs/db/pma/ 605 | # fi 606 | 607 | ################################## 608 | # Allow www-data shell access for SFTP + add .bashrc settings et completion 609 | ################################## 610 | echo "##########################################" 611 | echo " Configuring www-data shell access" 612 | echo "##########################################" 613 | 614 | # change www-data shell 615 | usermod -s /bin/bash www-data 616 | 617 | if [ ! -f /etc/bash_completion.d/wp-completion.bash ]; then 618 | # download wp-cli bash-completion 619 | wget -qO /etc/bash_completion.d/wp-completion.bash https://raw.githubusercontent.com/wp-cli/wp-cli/master/utils/wp-completion.bash 620 | fi 621 | if [ ! -f /var/www/.profile ] && [ ! -f /var/www/.bashrc ]; then 622 | # create .profile & .bashrc for www-data user 623 | cp -f $HOME/ubuntu-nginx-web-server/var/www/.profile /var/www/.profile 624 | cp -f $HOME/ubuntu-nginx-web-server/var/www/.bashrc /var/www/.bashrc 625 | 626 | # set www-data as owner 627 | chown www-data:www-data /var/www/.profile 628 | chown www-data:www-data /var/www/.bashrc 629 | fi 630 | 631 | # install nanorc for www-data 632 | sudo -u www-data -H curl https://raw.githubusercontent.com/scopatz/nanorc/master/install.sh | sh 633 | fi 634 | 635 | # ################################## 636 | # # Install php7.2-fpm 637 | # ################################## 638 | 639 | # echo "##########################################" 640 | # echo " Installing php7.2-fpm" 641 | # echo "##########################################" 642 | 643 | # apt-get install php7.2-fpm php7.2-xml php7.2-bz2 php7.2-zip php7.2-mysql php7.2-intl php7.2-gd \ 644 | # php7.2-curl php7.2-soap php7.2-mbstring php7.2-xsl php7.2-bcmath -y 645 | 646 | # # copy php7.2 config files 647 | # cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.2/* /etc/php/7.2/ 648 | # service php7.2-fpm restart 649 | 650 | # # commit changes 651 | # git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.2 configuration" 652 | 653 | # if [ "$PHP73_INSTALL" = "y" ]; then 654 | 655 | # ################################## 656 | # # Install php7.3-fpm 657 | # ################################## 658 | 659 | # echo "##########################################" 660 | # echo " Installing php7.3-fpm" 661 | # echo "##########################################" 662 | 663 | # apt-get install php7.3-fpm php7.3-xml php7.3-bz2 php7.3-zip php7.3-mysql php7.3-intl php7.3-gd php7.3-curl php7.3-soap php7.3-mbstring php7.3-bcmath -y 664 | 665 | # cp -rf $HOME/ubuntu-nginx-web-server/etc/php/7.3/* /etc/php/7.3/ 666 | # service php7.3-fpm restart 667 | 668 | # git -C /etc/php/ add /etc/php/ && git -C /etc/php/ commit -m "add php7.3 configuration" 669 | 670 | # fi 671 | 672 | ################################## 673 | # Compile latest nginx release from source 674 | ################################## 675 | 676 | echo "##########################################" 677 | echo " Compiling Nginx with nginx-ee" 678 | echo "##########################################" 679 | 680 | wget -O $HOME/nginx-build.sh vtb.cx/nginx-ee 681 | chmod +x $HOME/nginx-build.sh 682 | 683 | $HOME/nginx-build.sh 684 | 685 | ################################## 686 | # Add nginx additional conf 687 | ################################## 688 | 689 | echo "##########################################" 690 | echo " Configuring Nginx" 691 | echo "##########################################" 692 | 693 | # optimized nginx.config 694 | cp -f $HOME/ubuntu-nginx-web-server/etc/nginx/nginx.conf /etc/nginx/nginx.conf 695 | 696 | # commit changes 697 | git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update conf.d configurations" 698 | 699 | # reduce nginx logs rotation 700 | sed -i 's/size 10M/weekly/' /etc/logrotate.d/nginx 701 | sed -i 's/rotate 52/rotate 4/' /etc/logrotate.d/nginx 702 | 703 | wget -O $HOME/nginx-cloudflare-real-ip.sh https://raw.githubusercontent.com/VirtuBox/nginx-cloudflare-real-ip/master/nginx-cloudflare-real-ip.sh 704 | chmod +x $HOME/nginx-cloudflare-real-ip.sh 705 | $HOME/nginx-cloudflare-real-ip.sh 706 | rm $HOME/nginx-cloudflare-real-ip.sh 707 | 708 | # commit changes 709 | git -C /etc/nginx/ add /etc/nginx/ && git -C /etc/nginx/ commit -m "update nginx.conf and setup cloudflare visitor real IP restore" 710 | 711 | # # check nginx configuration 712 | # CONF_22222=$(grep netdata /etc/nginx/sites-available/22222) 713 | # CONF_UPSTREAM=$(grep netdata /etc/nginx/conf.d/upstream.conf) 714 | 715 | # if [ -z "$CONF_22222" ]; then 716 | # # add nginx reverse-proxy for netdata on https://yourserver.hostname:22222/netdata/ 717 | # cp -f $HOME/ubuntu-nginx-web-server/etc/nginx/sites-available/22222 /etc/nginx/sites-available/22222 718 | # fi 719 | 720 | # if [ -z "$CONF_UPSTREAM" ]; then 721 | # # add netdata, php7.1 and php7.2 upstream 722 | # cp -f $HOME/ubuntu-nginx-web-server/etc/nginx/conf.d/upstream.conf /etc/nginx/conf.d/upstream.conf 723 | # fi 724 | 725 | VERIFY_NGINX_CONFIG=$(nginx -t 2>&1 | grep failed) 726 | echo "##########################################" 727 | echo "Checking Nginx configuration" 728 | echo "##########################################" 729 | if [ -z "$VERIFY_NGINX_CONFIG" ]; then 730 | echo "##########################################" 731 | echo "Reloading Nginx" 732 | echo "##########################################" 733 | service nginx reload 734 | else 735 | echo "##########################################" 736 | echo "Nginx configuration is not correct" 737 | echo "##########################################" 738 | fi 739 | 740 | ################################## 741 | # Add fail2ban configurations 742 | ################################## 743 | echo "##########################################" 744 | echo " Configuring Fail2Ban" 745 | echo "##########################################" 746 | 747 | cp -rf $HOME/ubuntu-nginx-web-server/etc/fail2ban/filter.d/* /etc/fail2ban/filter.d/ 748 | cp -rf $HOME/ubuntu-nginx-web-server/etc/fail2ban/jail.d/* /etc/fail2ban/jail.d/ 749 | 750 | fail2ban-client reload 751 | 752 | if [ $CLAMAV_INSTALL = "y" ]; then 753 | 754 | ################################## 755 | # Install ClamAV 756 | ################################## 757 | echo "##########################################" 758 | echo " Installing ClamAV" 759 | echo "##########################################" 760 | 761 | if [ -z "$(command -v clamscan)" ]; then 762 | apt-get install clamav -y 763 | fi 764 | 765 | ################################## 766 | # Update ClamAV database fail2ban configurations 767 | ################################## 768 | echo "##########################################" 769 | echo " Updating ClamAV signature database" 770 | echo "##########################################" 771 | 772 | /etc/init.d/clamav-freshclam stop 773 | freshclam 774 | /etc/init.d/clamav-freshclam start 775 | fi 776 | 777 | ################################## 778 | # Install nanorc & mysqldump script 779 | ################################## 780 | 781 | echo "##########################################" 782 | echo " Installing nanorc & mysqldump script" 783 | echo "##########################################" 784 | 785 | wget -O nanorc.sh https://raw.githubusercontent.com/scopatz/nanorc/master/install.sh 786 | chmod +x nanorc.sh 787 | ./nanorc.sh 788 | 789 | wget -O mysqldump.sh virtubox.net/mysqldump 790 | chmod +x mysqldump.sh 791 | 792 | ################################## 793 | # Install ProFTPd 794 | ################################## 795 | 796 | if [ "$PROFTPD_INSTALL" = "y" ]; then 797 | 798 | echo "##########################################" 799 | echo " Installing Proftpd" 800 | echo "##########################################" 801 | 802 | apt-get install proftpd -y 803 | 804 | # secure proftpd and enable PassivePorts 805 | 806 | sed -i 's/# DefaultRoot/DefaultRoot/' /etc/proftpd/proftpd.conf 807 | sed -i 's/# RequireValidShell/RequireValidShell/' /etc/proftpd/proftpd.conf 808 | sed -i 's/# PassivePorts 49152 65534/PassivePorts 49000 50000/' /etc/proftpd/proftpd.conf 809 | 810 | service proftpd restart 811 | 812 | if [ -d /etc/ufw ]; then 813 | # ftp active port 814 | ufw allow 21 815 | # ftp passive ports 816 | ufw allow 49000:50000/tcp 817 | fi 818 | 819 | if [ -d /etc/fail2ban ]; then 820 | echo -e '\n[proftpd]\nenabled = true\n' >> /etc/fail2ban/jail.d/custom.conf 821 | fail2ban-client reload 822 | 823 | fi 824 | fi 825 | 826 | # if [ "$WO_DASHBOARD_INSTALL" = "y" ]; then 827 | 828 | # ################################## 829 | # # Install EasyEngine Dashboard 830 | # ################################## 831 | 832 | # echo "##########################################" 833 | # echo " Installing EasyEngine Dashboard" 834 | # echo "##########################################" 835 | 836 | 837 | 838 | # if [ ! -d /var/www/22222/htdocs/files ]; then 839 | 840 | # mkdir -p /var/www/22222/htdocs/files 841 | # wget -qO /var/www/22222/htdocs/files/ex.zip https://extplorer.net/attachments/download/78/eXtplorer_2.1.12.zip 842 | # cd /var/www/22222/htdocs/files || exit 1 843 | # unzip ex.zip 844 | # rm ex.zip 845 | # fi 846 | 847 | # cd /var/www/22222 || exit 848 | 849 | # ## download latest version of Wordops-dashboard 850 | # cd /tmp || exit 851 | # git clone https://github.com/WordOps/wordops-dashboard.git 852 | # cp -rf /tmp/wordops-dashboard/* /var/www/22222/htdocs/ 853 | # mv /tmp/wordops-dashboard/.gitignore /var/www/22222/htdocs/.gitignore 854 | # mv /tmp/wordops-dashboard/.git /var/www/22222/htdocs/.git 855 | # chown -R www-data:www-data /var/www/22222/htdocs 856 | # rm -rf /tmp/wordops-dashboard 857 | 858 | # fi 859 | 860 | ################################## 861 | # Install cheat.sh 862 | ################################## 863 | 864 | if [ -z "$(command -v cht.sh)" ]; then 865 | echo "##########################################" 866 | echo " Installing cheat.sh" 867 | echo "##########################################" 868 | 869 | curl https://cht.sh/:cht.sh > /usr/local/bin/cht.sh || wget -qO /usr/local/bin/cht.sh https://cht.sh/:cht.sh 870 | chmod +x /usr/local/bin/cht.sh 871 | echo 'alias cheat="cht.sh"' >> $HOME/.bashrc 872 | 873 | fi 874 | 875 | ################################## 876 | # Secure WordOps Dashboard with Acme.sh 877 | ################################## 878 | 879 | # if [ "$SECURE_22222" = "y" ]; then 880 | 881 | # MY_HOSTNAME=$(/bin/hostname -f) 882 | # MY_IP=$(curl -s v4.vtbox.net) 883 | # MY_HOSTNAME_IP=$(/usr/bin/dig +short @8.8.8.8 "$MY_HOSTNAME") 884 | 885 | # if [ "$MY_IP" = "$MY_HOSTNAME_IP" ]; then 886 | # echo "##########################################" 887 | # echo " Securing EasyEngine Backend" 888 | # echo "##########################################" 889 | # apt-get install -y socat 890 | 891 | 892 | # if [ ! -d $HOME/.acme.sh/${MY_HOSTNAME}_ecc ]; then 893 | # /etc/letsencrypt/acme.sh --config-home /etc/letsencrypt/config --issue -d "$MY_HOSTNAME" -k ec-384 --standalone --pre-hook "service nginx stop" --post-hook "service nginx start" 894 | # fi 895 | 896 | # if [ -d /etc/letsencrypt/live/$MY_HOSTNAME ]; then 897 | # rm -rf /etc/letsencrypt/live/$MY_HOSTNAME/* 898 | # else 899 | # mkdir -p /etc/letsencrypt/live/$MY_HOSTNAME 900 | # fi 901 | 902 | # # install the cert and reload nginx 903 | # if [ -f $HOME/.acme.sh/${MY_HOSTNAME}_ecc/fullchain.cer ]; then 904 | # /etc/letsencrypt/acme.sh --config-home /etc/letsencrypt/config --install-cert -d ${MY_HOSTNAME} --ecc \ 905 | # --cert-file /etc/letsencrypt/live/${MY_HOSTNAME}/cert.pem \ 906 | # --key-file /etc/letsencrypt/live/${MY_HOSTNAME}/key.pem \ 907 | # --fullchain-file /etc/letsencrypt/live/${MY_HOSTNAME}/fullchain.pem \ 908 | # --reloadcmd "service nginx restart" 909 | # fi 910 | 911 | # if [ -f /etc/letsencrypt/live/${MY_HOSTNAME}/fullchain.pem ] && [ -f /etc/letsencrypt/live/${MY_HOSTNAME}/key.pem ]; then 912 | # sed -i "s/ssl_certificate \\/var\\/www\\/22222\\/cert\\/22222.crt;/ssl_certificate \\/etc\\/letsencrypt\\/live\\/${MY_HOSTNAME}\\/fullchain.pem;/" /etc/nginx/sites-available/22222 913 | # sed -i "s/ssl_certificate_key \\/var\\/www\\/22222\\/cert\\/22222.key;/ssl_certificate_key \\/etc\\/letsencrypt\\/live\\/${MY_HOSTNAME}\\/key.pem;/" /etc/nginx/sites-available/22222 914 | # fi 915 | # service nginx reload 916 | 917 | # fi 918 | # fi 919 | 920 | ################################## 921 | # Cleanup previous EasyEngine install 922 | ################################## 923 | 924 | if [ "$EE_CLEANUP" = "y" ]; then 925 | echo "##########################################" 926 | echo " Cleaning up previous EasyEngine installation" 927 | echo "##########################################" 928 | 929 | apt-get -y autoremove php5.6-fpm php5.6-common --purge 930 | apt-get -y autoremove php7.0-fpm php7.0-common --purge 931 | apt-get -y autoremove php7.1-fpm php7.1-common --purge 932 | fi 933 | 934 | echo "" 935 | echo -e " ${CGREEN}Optimized Wordops was setup successfully !${CEND}" 936 | echo "" 937 | --------------------------------------------------------------------------------