├── .gitignore ├── LICENSE ├── README.md ├── aliases.sh ├── brolit_lite.sh ├── config ├── borg │ ├── borgmatic.template-default.yml │ ├── borgmatic.template-docker.yml │ └── borgmatic.template.yml ├── brolit │ ├── brolit_conf.json │ ├── brolit_firewall_conf.json │ ├── brolit_project.json │ └── brolit_wp_defaults.json ├── cloud-init.cfg ├── docker-compose │ ├── php │ │ └── production-stack-proxy │ │ │ ├── .env │ │ │ ├── docker-compose.yml │ │ │ ├── php-7.4_docker │ │ │ ├── README.html │ │ │ ├── README.md │ │ │ ├── nginx │ │ │ │ └── nginx.conf │ │ │ └── php-fpm │ │ │ │ ├── Dockerfile │ │ │ │ ├── opcache-prod.ini │ │ │ │ ├── php-fpm-pool-prod.conf │ │ │ │ ├── php-ini-overrides.ini │ │ │ │ └── www.conf-overrides │ │ │ ├── php-8.0_docker │ │ │ ├── README.html │ │ │ ├── README.md │ │ │ ├── nginx │ │ │ │ └── nginx.conf │ │ │ └── php-fpm │ │ │ │ ├── Dockerfile │ │ │ │ ├── opcache-prod.ini │ │ │ │ ├── php-fpm-pool-prod.conf │ │ │ │ └── php-ini-overrides.ini │ │ │ ├── php-8.1_docker │ │ │ ├── README.html │ │ │ ├── README.md │ │ │ ├── nginx │ │ │ │ └── nginx.conf │ │ │ └── php-fpm │ │ │ │ ├── Dockerfile │ │ │ │ ├── opcache-prod.ini │ │ │ │ ├── php-fpm-pool-prod.conf │ │ │ │ ├── php-ini-overrides.ini │ │ │ │ └── www.conf-overrides │ │ │ └── php-8.2_docker │ │ │ ├── README.html │ │ │ ├── README.md │ │ │ ├── nginx │ │ │ └── nginx.conf │ │ │ └── php-fpm │ │ │ ├── Dockerfile │ │ │ ├── opcache-prod.ini │ │ │ ├── php-fpm-pool-prod.conf │ │ │ └── php-ini-overrides.ini │ └── wordpress │ │ └── production-stack-proxy │ │ ├── .env │ │ ├── docker-compose.yml │ │ ├── php-7.4_docker │ │ ├── README.html │ │ ├── README.md │ │ ├── nginx │ │ │ └── nginx.conf │ │ └── php-fpm │ │ │ ├── Dockerfile │ │ │ ├── opcache-prod.ini │ │ │ ├── php-fpm-pool-prod.conf │ │ │ └── php-ini-overrides.ini │ │ ├── php-8.0_docker │ │ ├── README.html │ │ ├── README.md │ │ ├── nginx │ │ │ └── nginx.conf │ │ └── php-fpm │ │ │ ├── Dockerfile │ │ │ ├── opcache-prod.ini │ │ │ ├── php-fpm-pool-prod.conf │ │ │ └── php-ini-overrides.ini │ │ ├── php-8.1_docker │ │ ├── README.html │ │ ├── README.md │ │ ├── nginx │ │ │ └── nginx.conf │ │ └── php-fpm │ │ │ ├── Dockerfile │ │ │ ├── opcache-prod.ini │ │ │ ├── php-fpm-pool-prod.conf │ │ │ └── php-ini-overrides.ini │ │ ├── php-8.2_docker │ │ ├── README.html │ │ ├── README.md │ │ ├── nginx │ │ │ └── nginx.conf │ │ └── php-fpm │ │ │ ├── Dockerfile │ │ │ ├── opcache-prod.ini │ │ │ ├── php-fpm-pool-prod.conf │ │ │ └── php-ini-overrides.ini │ │ └── ssh_docker │ │ ├── Dockerfile │ │ ├── entrypoint.sh │ │ ├── ssh_config │ │ ├── sshd_config │ │ └── user.sh ├── domain_extension-list ├── monit │ ├── docker-mysql │ ├── fail2ban │ ├── monitrc │ ├── mysql │ ├── nginx │ ├── phpfpm │ ├── postgresql │ ├── redis │ └── system ├── motd │ └── 00-header ├── mysql │ ├── mysql │ ├── override.conf │ └── tunned.cnf ├── netdata │ ├── health.d │ │ ├── anomalies.conf │ │ ├── cpu.conf │ │ ├── mysql.conf │ │ ├── php-fpm.conf │ │ └── web_log.conf │ ├── health_alarm_notify.conf │ └── python.d │ │ ├── apache.conf │ │ ├── fail2ban.conf │ │ ├── httpcheck.conf │ │ ├── memcached.conf │ │ ├── mongodb.conf │ │ ├── monit.conf │ │ ├── mysql.conf │ │ ├── nginx.conf │ │ ├── phpfpm.conf │ │ ├── postfix.conf │ │ ├── redis.conf │ │ ├── squid.conf │ │ ├── tomcat.conf │ │ ├── varnish.conf │ │ └── web_log.conf ├── networking │ ├── 60-floating-ip.yaml │ └── 60-my-floating-ip.cfg ├── nginx │ ├── conf.d │ │ └── webp.conf │ ├── globals │ │ ├── brotli.conf │ │ ├── cache_aggressive.conf │ │ ├── logs.conf │ │ ├── pagespeed.conf │ │ ├── php_fastcgi.conf │ │ ├── security.conf │ │ ├── wordpress_mu_subdirectory.conf │ │ ├── wordpress_mu_subdomain.conf │ │ ├── wordpress_rank_math.conf │ │ └── wordpress_sec.conf │ ├── mime.types │ ├── nginx.conf │ └── sites-available │ │ ├── cockpit_single │ │ ├── default │ │ ├── html_single │ │ ├── laravel_single │ │ ├── netdata_single │ │ ├── nodejs_single │ │ ├── php_root_domain │ │ ├── php_single │ │ ├── phpmyadmin_single │ │ ├── portainer_single │ │ ├── proxy_root_domain │ │ ├── proxy_single │ │ ├── wordpress_multi_domain │ │ ├── wordpress_root_domain │ │ ├── wordpress_single │ │ └── zabbix_single ├── php │ ├── php-fpm.conf │ └── php.ini ├── promtail │ ├── config-promtail.yml │ └── promtail.service ├── redis │ └── redis.conf ├── sftp │ └── sshd_config ├── teleport │ ├── teleport_client.yaml │ └── teleport_server.yaml └── wordpress │ ├── w3-total-cache_redis.json │ └── wp-rocket-config.json ├── cron ├── backups_tasks.sh ├── borgmatic_tasks.sh ├── brolit_ui_tasks.sh ├── optimizer_tasks.sh ├── security_tasks.sh ├── uptime_tasks.sh └── wordpress_tasks.sh ├── docs ├── CHANGELOG.md ├── CODE.md ├── DOC-flags.md └── TODO.md ├── libs ├── apps │ ├── certbot_helper.sh │ ├── cloudflare_helper.sh │ ├── discord_notification_helper.sh │ ├── docker_helper.sh │ ├── dropbox_uploader_helper.sh │ ├── firewall_helper.sh │ ├── ftp_helper.sh │ ├── mysql_helper.sh │ ├── netdata_helper.sh │ ├── nginx_helper.sh │ ├── ntfy_notification_helper.sh │ ├── php_helper.sh │ ├── postgres_helper.sh │ ├── sftp_local_helper.sh │ ├── telegram_notification_helper.sh │ ├── wordfencecli_helper.sh │ ├── wordpress_helper.sh │ └── wpcli_helper.sh ├── borg_storage_controller.sh ├── commons.sh ├── database_controller.sh ├── local │ ├── backup_helper.sh │ ├── domains_helper.sh │ ├── json_helper.sh │ ├── log_and_display_helper.sh │ ├── mail_notification_helper.sh │ ├── optimizations_helper.sh │ ├── packages_helper.sh │ ├── project_helper.sh │ ├── restore_backup_helper.sh │ ├── security_helper.sh │ ├── system_helper.sh │ ├── whiptail_helper.sh │ └── wordpress_installer.sh ├── notification_controller.sh └── storage_controller.sh ├── runner.sh ├── screenshot.png ├── templates └── emails │ └── default │ ├── backup_configuration-tpl.html │ ├── backup_databases-tpl.html │ ├── backup_files-tpl.html │ ├── certificates-tpl.html │ ├── footer-tpl.html │ ├── main-tpl.html │ ├── packages-tpl.html │ └── server_info-tpl.html ├── tests ├── assets │ └── brolit_conf.json ├── test_borg_helper.sh ├── test_cloudflare_helper.sh ├── test_common_functions.sh ├── test_display_functions.sh ├── test_docker_helper.sh ├── test_json_helper.sh ├── test_mail_functions.sh ├── test_mysql_helper.sh ├── test_nginx_helper.sh ├── test_php_helper.sh ├── test_project_helper.sh ├── test_wp_helper.sh └── tests_suite.sh ├── tools ├── monitor_docker_mysql.sh └── third-party │ ├── bench_scripts.sh │ ├── blacklist-checker │ ├── LICENSE │ ├── README.md │ └── bl.sh │ └── dropbox-uploader │ ├── CHANGELOG.md │ ├── Dockerfile │ ├── Dockerfile.pi │ ├── LICENSE │ ├── README.md │ ├── dropShell.sh │ ├── dropbox_uploader.sh │ └── testUnit.sh ├── updater.sh └── utils ├── backup_restore_manager.sh ├── brolit_configuration_manager.sh ├── certbot_manager.sh ├── cloudflare_manager.sh ├── database_manager.sh ├── installers ├── borg_installer.sh ├── certbot_installer.sh ├── cockpit_installer.sh ├── docker-compose │ ├── netdata_agent │ │ ├── .env │ │ └── docker-compose.yml │ ├── portainer │ │ ├── .env │ │ └── docker-compose.yml │ └── portainer_agent │ │ ├── .env │ │ └── docker-compose.yml ├── docker_installer.sh ├── monit_installer.sh ├── mysql_installer.sh ├── netdata_installer.sh ├── nginx_installer.sh ├── nodejs_installer.sh ├── php_installer.sh ├── portainer_agent_installer.sh ├── portainer_installer.sh ├── postgres_installer.sh ├── promtail_installer.sh ├── redis_installer.sh ├── wordfencecli_installer.sh ├── wpcli_installer.sh └── zabbix_installer.sh ├── installers_and_configurators.sh ├── it_utils_manager.sh ├── project_manager.sh ├── server_and_image_optimizations.sh ├── server_setup.sh └── wpcli_manager.sh /.gitignore: -------------------------------------------------------------------------------- 1 | .vscode/ 2 | .gitpod.yml 3 | settings.json 4 | res 5 | tmp/ 6 | log/ 7 | reports/ -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2020 Leandro Padula 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and 6 | associated documentation files (the "Software"), to deal in the Software without restriction, 7 | including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, 9 | subject to the following conditions: 10 | 11 | The above copyright notice and this permission notice shall be included in all copies or substantial 12 | portions of the Software. 13 | 14 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 15 | INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 17 | IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, 18 | DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, 19 | ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -------------------------------------------------------------------------------- /config/borg/borgmatic.template-docker.yml: -------------------------------------------------------------------------------- 1 | constants: 2 | project: domain-example.com # e.g: gauchocode.com 3 | group: group_server # e.g: broobe-hosts 4 | hostname: hostname_server # e.g: broobe-docker-host03-cmuse 5 | username: user 6 | server: server_or_IP 7 | port: port_to_connect 8 | ntfy_server: ntfy_server 9 | ntfy_username: ntfy_username 10 | ntfy_password: ntfy_password 11 | 12 | # List of source directories and files to back up. Globs and tildes 13 | # are expanded. Do not backslash spaces in path names. 14 | source_directories: 15 | - /var/www/{project} 16 | 17 | repositories: 18 | - path: ssh://{username}@{server}:{port}/./applications/{group}/{hostname}/projects-online/site/{project} 19 | label: "{project}" 20 | 21 | exclude_patterns: 22 | - '*.o' 23 | - '*.log' 24 | - '*.tmp' 25 | - '*.cache' 26 | - '*.git' 27 | # - '*.pyc' 28 | # - /home/*/.cache 29 | # - '*/.vim*.tmp' 30 | # - /etc/ssl 31 | # - /home/user/path with spaces 32 | 33 | archive_name_format: '{project}_site-files-{now:%Y-%m-%dT%H:%M:%S}' 34 | # Keep all archives within this time interval. 35 | keep_within: 1m #Equivale a 2 meses 36 | 37 | # Number of secondly archives to keep. 38 | # keep_secondly: 60 39 | 40 | # Number of minutely archives to keep. 41 | # keep_minutely: 60 42 | 43 | # Number of hourly archives to keep. 44 | # keep_hourly: 24 45 | 46 | # Number of daily archives to keep. 47 | # keep_daily: 7 48 | 49 | # Number of weekly archives to keep. 50 | # keep_weekly: 4 51 | 52 | # Number of monthly archives to keep. 53 | keep_monthly: 6 54 | 55 | # Number of yearly archives to keep. 56 | keep_yearly: 1 57 | 58 | checks: 59 | - name: archives 60 | - name: repository 61 | frequency: 2 weeks 62 | 63 | check_last: 3 64 | 65 | before_backup: 66 | - echo "Arrancando backup" 67 | 68 | after_backup: 69 | - echo "Backup terminado!" 70 | 71 | on_error: 72 | - echo Error during create/prune/compact/check. 73 | 74 | ntfy: 75 | # The topic to publish to. See https://ntfy.sh/docs/publish/ 76 | # for details. 77 | topic: broobe_backups 78 | 79 | # The address of your self-hosted ntfy.sh instance. 80 | server: "{ntfy_server}" 81 | 82 | # The username used for authentication. 83 | username: "{ntfy_username}" 84 | 85 | # The password used for authentication. 86 | password: "{ntfy_password}" 87 | 88 | start: 89 | # The title of the message. 90 | title: Arrancando backup! 91 | 92 | # The message body to publish. 93 | message: Proyecto {project} - Server {hostname} 94 | 95 | # The priority to set. 96 | priority: default 97 | 98 | # Tags to attach to the message. 99 | tags: rotating_light 100 | 101 | finish: 102 | # The title of the message. 103 | title: Backup terminado! 104 | 105 | # The message body to publish. 106 | message: Backup de {project} terminado! 107 | 108 | # The priority to set. 109 | priority: default 110 | 111 | # Tags to attach to the message. 112 | tags: white_check_mark 113 | 114 | fail: 115 | # The title of the message. 116 | title: Backup error! 117 | 118 | # The message body to publish. 119 | message: Los backups de {project} han fallado. Ver logs 120 | 121 | # The priority to set. 122 | priority: high 123 | 124 | # Tags to attach to the message. 125 | tags: x 126 | 127 | # List of one or more monitoring states to ping for: "start", 128 | # "finish", and/or "fail". Defaults to pinging for failure 129 | # only. 130 | states: 131 | - start 132 | - finish 133 | - fail -------------------------------------------------------------------------------- /config/brolit/brolit_firewall_conf.json: -------------------------------------------------------------------------------- 1 | { 2 | "ufw": [ 3 | { 4 | "status": "enabled", 5 | "config": [ 6 | { 7 | "ssh": "allow", 8 | "http": "allow", 9 | "https": "allow", 10 | "81": "", 11 | "88": "", 12 | "465": "", 13 | "587": "", 14 | "2812": "", 15 | "3022": "", 16 | "3000": "", 17 | "8000": "", 18 | "8006": "", 19 | "8080": "", 20 | "8088": "", 21 | "9000": "", 22 | "9001": "", 23 | "9443": "", 24 | "19999": "" 25 | } 26 | ] 27 | } 28 | ], 29 | "fail2ban": [ 30 | { 31 | "status": "enabled", 32 | "config": [ 33 | { 34 | "bandtime": "600", 35 | "findtime": "600", 36 | "maxretry": "3", 37 | "ignoreip": [ 38 | "127.0.0.1", 39 | "" 40 | ], 41 | "destemail": "", 42 | "sendername": "Fail2Ban", 43 | "banaction": "iptables-multiport", 44 | "mta": "sendmail", 45 | "protocol": "tcp" 46 | } 47 | ] 48 | } 49 | ] 50 | } -------------------------------------------------------------------------------- /config/brolit/brolit_project.json: -------------------------------------------------------------------------------- 1 | { 2 | "brolit_project_config_version": "1.4.0", 3 | "project": [ 4 | { 5 | "name": "", 6 | "stage": "", 7 | "type": "", 8 | "proxy_to_port": "", 9 | "primary_subdomain": "", 10 | "secondary_subdomains": [], 11 | "override_nginx_conf": "", 12 | "use_http2": "true", 13 | "ipv6_support": "false", 14 | "certbot_mode": "nginx", 15 | "files": [ 16 | { 17 | "status": "enabled", 18 | "config": [ 19 | { 20 | "path": "", 21 | "host": "localhost", 22 | "user": "", 23 | "pass": "", 24 | "git_repo": "", 25 | "git_branch": "", 26 | "git_user": "", 27 | "git_pass": "", 28 | "git_auto_pull_cron": "" 29 | } 30 | ] 31 | } 32 | ], 33 | "database": [ 34 | { 35 | "status": "enabled", 36 | "engine": "mysql", 37 | "config": [ 38 | { 39 | "name": "", 40 | "host": "localhost", 41 | "user": "", 42 | "pass": "" 43 | } 44 | ] 45 | } 46 | ] 47 | } 48 | ] 49 | } -------------------------------------------------------------------------------- /config/cloud-init.cfg: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | package_update: true 3 | package_upgrade: true 4 | packages: 5 | - git 6 | runcmd: 7 | - cd /root/ 8 | - git clone https://github.com/gauchocode/brolit-shell 9 | - chmod +x brolit-shell/runner.sh -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/.env: -------------------------------------------------------------------------------- 1 | # PHP .ENV 2 | # –––––––––––––––––––––––––––––––––––––––––– 3 | 4 | COMPOSE_PROJECT_NAME= 5 | 6 | ## PROJECT 7 | PROJECT_NAME= 8 | PROJECT_DOMAIN= 9 | 10 | ## PHP 11 | PHP_VERSION= 12 | 13 | # WEBSERVER 14 | WEBSERVER_PORT= 15 | WWW_DATA_DIR=./application 16 | 17 | ## MYSQL 18 | MYSQL_DATABASE= 19 | MYSQL_USER= 20 | MYSQL_PASSWORD= 21 | MYSQL_ROOT_PASSWORD= 22 | MYSQL_DATA_DIR=./mysql_data 23 | 24 | ## REDIS 25 | REDIS_DATA=./redis 26 | 27 | ## PHPMYADMIN 28 | #PHPMYADMIN_DOMAIN= 29 | #PHPMYADMIN_PORT= 30 | #PHPMYADMIN_DATA=./phpmyadmin -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | 3 | mysql: 4 | image: 'mariadb:10.6' 5 | container_name: ${PROJECT_NAME}_mysql 6 | restart: always 7 | command: --max_allowed_packet=256M 8 | environment: 9 | MYSQL_DATABASE: ${MYSQL_DATABASE} 10 | MYSQL_USER: ${MYSQL_USER} 11 | MYSQL_PASSWORD: ${MYSQL_PASSWORD} 12 | MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD} 13 | volumes: 14 | - ${MYSQL_DATA_DIR}:/var/lib/mysql 15 | networks: 16 | - internal 17 | healthcheck: 18 | test: ["CMD", "mysqladmin", "ping", "-h", "localhost"] 19 | interval: 60s 20 | timeout: 10s 21 | retries: 3 22 | 23 | webserver: 24 | image: 'nginx:alpine' 25 | container_name: ${PROJECT_NAME}_nginx 26 | restart: always 27 | security_opt: 28 | - no-new-privileges:true 29 | working_dir: /application 30 | volumes: 31 | - ${WWW_DATA_DIR}:/application 32 | - ./php-${PHP_VERSION}_docker/nginx/nginx.conf:/etc/nginx/conf.d/default.conf 33 | ports: 34 | - '${WEBSERVER_PORT}:80' 35 | networks: 36 | - internal 37 | healthcheck: 38 | test: ["CMD", "curl", "-f", "http://localhost"] 39 | interval: 60s 40 | timeout: 10s 41 | retries: 3 42 | 43 | php-fpm: 44 | build: php-${PHP_VERSION}_docker/php-fpm 45 | container_name: ${PROJECT_NAME}_php-fpm 46 | restart: always 47 | working_dir: /application 48 | volumes: 49 | - ${WWW_DATA_DIR}:/application 50 | - ./php-${PHP_VERSION}_docker/php-fpm/php-ini-overrides.ini:/etc/php/${PHP_VERSION}/fpm/conf.d/99-overrides.ini 51 | # - ./php-${PHP_VERSION}_docker/php-fpm/www.conf-overrides:/etc/php/${PHP_VERSION}/fpm/pool.d/z-optimised.conf 52 | networks: 53 | - internal 54 | healthcheck: 55 | test: ["CMD", "php-fpm", "-t"] 56 | interval: 60s 57 | timeout: 10s 58 | retries: 3 59 | 60 | redis: 61 | image: 'redis:6.0-alpine' 62 | container_name: ${PROJECT_NAME}_redis 63 | restart: unless-stopped 64 | volumes: 65 | - ${REDIS_DATA}:/data 66 | networks: 67 | - internal 68 | healthcheck: 69 | test: ["CMD", "redis-cli", "ping"] 70 | interval: 60s 71 | timeout: 10s 72 | retries: 3 73 | 74 | # phpmyadmin: 75 | # image: phpmyadmin/phpmyadmin 76 | # container_name: ${PROJECT_NAME}_phpmyadmin 77 | # restart: always 78 | # ports: 79 | # - ${PHPMYADMIN_PORT}:80 80 | # hostname: ${PHPMYADMIN_DOMAIN} 81 | # environment: 82 | # PMA_HOST: mysql 83 | # networks: 84 | # - internal 85 | # 86 | # server: 87 | # container_name: ${PROJECT_NAME}_ssh 88 | # build: 89 | # context: ./ssh_docker 90 | # args: 91 | # SSH_MASTER_USER: ${SSH_MASTER_USER} 92 | # SSH_MASTER_PASS: ${SSH_MASTER_PASS} 93 | # restart: always 94 | # hostname: ${PROJECT_DOMAIN} 95 | # working_dir: /home/${SSH_MASTER_USER}/application 96 | # volumes: 97 | # - ${WWW_DATA_DIR}:/home/${SSH_MASTER_USER}/application 98 | # ports: 99 | # - "${SSH_HOST_PORT}:22" 100 | # networks: 101 | # - internal 102 | 103 | networks: 104 | internal: 105 | name: ${PROJECT_NAME}_net 106 | driver: bridge 107 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-7.4_docker/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80 default; 4 | 5 | client_max_body_size 108M; 6 | keepalive_timeout 90; 7 | send_timeout 300; 8 | 9 | access_log /var/log/nginx/application.access.log; 10 | 11 | root /application/public; 12 | 13 | index index.php; 14 | 15 | # try to serve file directly, fallback to index.php 16 | location / { 17 | try_files $uri /index.php$is_args$args; 18 | } 19 | 20 | if (!-e $request_filename) { 21 | rewrite ^.*$ /index.php last; 22 | } 23 | 24 | location ~ \.php$ { 25 | fastcgi_pass php-fpm:9000; 26 | fastcgi_index index.php; 27 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 28 | fastcgi_param PHP_VALUE "error_log=/var/log/nginx/application.errors.log"; 29 | fastcgi_buffers 16 16k; 30 | fastcgi_buffer_size 32k; 31 | include fastcgi_params; 32 | } 33 | 34 | ## INC 35 | #include /application/nginx.conf; 36 | 37 | } 38 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-7.4_docker/php-fpm/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM phpdockerio/php:7.4-fpm 2 | WORKDIR "/application" 3 | 4 | RUN apt-get update; \ 5 | apt-get -y --no-install-recommends install \ 6 | vim \ 7 | git \ 8 | php7.4-bcmath \ 9 | php7.4-bz2 \ 10 | php7.4-intl \ 11 | php7.4-imap \ 12 | php7.4-imagick \ 13 | php7.4-mysql \ 14 | php7.4-yaml \ 15 | php7.4-gd \ 16 | php7.4-redis; \ 17 | apt-get clean; \ 18 | rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/* 19 | 20 | COPY php-ini-overrides.ini /etc/php/7.4/fpm/conf.d/z-overrides.ini 21 | COPY opcache-prod.ini /etc/php/7.4/fpm/conf.d/z-opcache.ini 22 | COPY php-fpm-pool-prod.conf /etc/php/7.4/fpm/pool.d/z-optimised.conf 23 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-7.4_docker/php-fpm/opcache-prod.ini: -------------------------------------------------------------------------------- 1 | ; Deployment-optimised opcache settings 2 | ; 3 | 4 | ;opcache.preload=/application/config/preload.php 5 | ;opcache.preload_user=www-data 6 | 7 | opcache.enable=0 8 | opcache.enable_cli=0 9 | 10 | ; Do not check for changes in files 11 | opcache.validate_timestamps=0 12 | opcache.consistency_checks=0 13 | 14 | ; Reduce opcache key sizes 15 | opcache.revalidate_path=0 16 | opcache.revalidate_freq=0 17 | opcache.use_cwd=0 18 | 19 | ; We use annotations for many things, ensure OPCache keeps them 20 | opcache.save_comments=1 21 | 22 | opcache.memory_consumption=32 23 | opcache.interned_strings_buffer=6 24 | 25 | ; 550 measured 26 | opcache.max_accelerated_files=2000 27 | 28 | ; Speeds up autoloader 29 | opcache.enable_file_override=1 30 | 31 | ; Speeds up freeing of workers 32 | opcache.fast_shutdown=1 33 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-7.4_docker/php-fpm/php-fpm-pool-prod.conf: -------------------------------------------------------------------------------- 1 | [www] 2 | ; Ensure dynamic child creation is off to avoid the overhead on the main fpm process 3 | pm = static 4 | 5 | pm.max_children = 8 6 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-7.4_docker/php-fpm/php-ini-overrides.ini: -------------------------------------------------------------------------------- 1 | upload_max_filesize = 100M 2 | post_max_size = 108M 3 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-7.4_docker/php-fpm/www.conf-overrides: -------------------------------------------------------------------------------- 1 | # DEFAULT 2 | PM_MAX_REQUESTS=500 3 | PM_PROCESS_IDDLE_TIMEOUT="10s" 4 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.0_docker/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80 default; 4 | 5 | client_max_body_size 108M; 6 | keepalive_timeout 90; 7 | send_timeout 300; 8 | 9 | access_log /var/log/nginx/application.access.log; 10 | 11 | root /application/public; 12 | 13 | index index.php; 14 | 15 | # try to serve file directly, fallback to index.php 16 | location / { 17 | try_files $uri /index.php$is_args$args; 18 | } 19 | 20 | if (!-e $request_filename) { 21 | rewrite ^.*$ /index.php last; 22 | } 23 | 24 | location ~ \.php$ { 25 | fastcgi_pass php-fpm:9000; 26 | fastcgi_index index.php; 27 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 28 | fastcgi_param PHP_VALUE "error_log=/var/log/nginx/application.errors.log"; 29 | fastcgi_buffers 16 16k; 30 | fastcgi_buffer_size 32k; 31 | include fastcgi_params; 32 | } 33 | 34 | ## INC 35 | #include /application/nginx.conf; 36 | 37 | } 38 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.0_docker/php-fpm/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM phpdockerio/php:8.0-fpm 2 | WORKDIR "/application" 3 | 4 | RUN apt-get update; \ 5 | apt-get -y --no-install-recommends install \ 6 | vim \ 7 | git \ 8 | php8.0-raphf \ 9 | php8.0-bz2 \ 10 | php8.0-gd \ 11 | php8.0-imagick \ 12 | php8.0-imap \ 13 | php8.0-intl \ 14 | php8.0-mcrypt \ 15 | php8.0-mysql \ 16 | php8.0-oauth \ 17 | php8.0-pgsql \ 18 | php8.0-redis \ 19 | php8.0-xdebug \ 20 | php8.0-xmlrpc; \ 21 | apt-get clean; \ 22 | rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/* 23 | 24 | COPY php-ini-overrides.ini /etc/php/8.0/fpm/conf.d/z-overrides.ini 25 | COPY opcache-prod.ini /etc/php/8.0/fpm/conf.d/z-opcache.ini 26 | COPY php-fpm-pool-prod.conf /etc/php/8.0/fpm/pool.d/z-optimised.conf 27 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.0_docker/php-fpm/opcache-prod.ini: -------------------------------------------------------------------------------- 1 | ; Deployment-optimised opcache settings 2 | ; 3 | 4 | ;opcache.preload=/application/config/preload.php 5 | ;opcache.preload_user=www-data 6 | 7 | opcache.enable=0 8 | opcache.enable_cli=0 9 | 10 | ; Do not check for changes in files 11 | opcache.validate_timestamps=0 12 | opcache.consistency_checks=0 13 | 14 | ; Reduce opcache key sizes 15 | opcache.revalidate_path=0 16 | opcache.revalidate_freq=0 17 | opcache.use_cwd=0 18 | 19 | ; We use annotations for many things, ensure OPCache keeps them 20 | opcache.save_comments=1 21 | 22 | opcache.memory_consumption=32 23 | opcache.interned_strings_buffer=6 24 | 25 | ; 550 measured 26 | opcache.max_accelerated_files=2000 27 | 28 | ; Speeds up autoloader 29 | opcache.enable_file_override=1 30 | 31 | ; Speeds up freeing of workers 32 | opcache.fast_shutdown=1 33 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.0_docker/php-fpm/php-fpm-pool-prod.conf: -------------------------------------------------------------------------------- 1 | [www] 2 | ; Ensure dynamic child creation is off to avoid the overhead on the main fpm process 3 | pm = static 4 | 5 | pm.max_children = 8 6 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.0_docker/php-fpm/php-ini-overrides.ini: -------------------------------------------------------------------------------- 1 | upload_max_filesize = 100M 2 | post_max_size = 108M 3 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.1_docker/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80 default; 4 | 5 | client_max_body_size 108M; 6 | keepalive_timeout 90; 7 | send_timeout 300; 8 | 9 | access_log /var/log/nginx/application.access.log; 10 | 11 | root /application/public; 12 | 13 | index index.php; 14 | 15 | # try to serve file directly, fallback to index.php 16 | location / { 17 | try_files $uri /index.php$is_args$args; 18 | } 19 | 20 | if (!-e $request_filename) { 21 | rewrite ^.*$ /index.php last; 22 | } 23 | 24 | location ~ \.php$ { 25 | fastcgi_pass php-fpm:9000; 26 | fastcgi_index index.php; 27 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 28 | fastcgi_param PHP_VALUE "error_log=/var/log/nginx/application.errors.log"; 29 | fastcgi_buffers 16 16k; 30 | fastcgi_buffer_size 32k; 31 | include fastcgi_params; 32 | } 33 | 34 | ## INC 35 | #include /application/nginx.conf; 36 | 37 | } 38 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.1_docker/php-fpm/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM phpdockerio/php:8.1-fpm 2 | WORKDIR "/application" 3 | 4 | RUN apt-get update; \ 5 | apt-get -y --no-install-recommends install \ 6 | vim \ 7 | git \ 8 | php8.1-bcmath \ 9 | php8.1-raphf \ 10 | php8.1-bz2 \ 11 | php8.1-cgi \ 12 | php8.1-gd \ 13 | php8.1-grpc \ 14 | php8.1-http \ 15 | php8.1-intl \ 16 | php8.1-imagick \ 17 | php8.1-imap \ 18 | php8.1-inotify \ 19 | php8.1-mcrypt \ 20 | php8.1-mysql \ 21 | php8.1-redis \ 22 | php8.1-xmlrpc \ 23 | php8.1-yaml \ 24 | php8.1-zstd; \ 25 | apt-get clean; \ 26 | rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/* 27 | 28 | COPY php-ini-overrides.ini /etc/php/8.1/fpm/conf.d/z-overrides.ini 29 | COPY opcache-prod.ini /etc/php/8.1/fpm/conf.d/z-opcache.ini 30 | COPY php-fpm-pool-prod.conf /etc/php/8.1/fpm/pool.d/z-optimised.conf 31 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.1_docker/php-fpm/opcache-prod.ini: -------------------------------------------------------------------------------- 1 | ; Deployment-optimised opcache settings 2 | ; 3 | 4 | ;opcache.preload=/application/config/preload.php 5 | ;opcache.preload_user=www-data 6 | 7 | opcache.enable=0 8 | opcache.enable_cli=0 9 | 10 | ; Do not check for changes in files 11 | opcache.validate_timestamps=0 12 | opcache.consistency_checks=0 13 | 14 | ; Reduce opcache key sizes 15 | opcache.revalidate_path=0 16 | opcache.revalidate_freq=0 17 | opcache.use_cwd=0 18 | 19 | ; We use annotations for many things, ensure OPCache keeps them 20 | opcache.save_comments=1 21 | 22 | opcache.memory_consumption=32 23 | opcache.interned_strings_buffer=6 24 | 25 | ; 550 measured 26 | opcache.max_accelerated_files=2000 27 | 28 | ; Speeds up autoloader 29 | opcache.enable_file_override=1 30 | 31 | ; Speeds up freeing of workers 32 | opcache.fast_shutdown=1 33 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.1_docker/php-fpm/php-fpm-pool-prod.conf: -------------------------------------------------------------------------------- 1 | [www] 2 | ; Ensure dynamic child creation is off to avoid the overhead on the main fpm process 3 | pm = static 4 | 5 | pm.max_children = 8 6 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.1_docker/php-fpm/php-ini-overrides.ini: -------------------------------------------------------------------------------- 1 | upload_max_filesize = 100M 2 | post_max_size = 108M 3 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.1_docker/php-fpm/www.conf-overrides: -------------------------------------------------------------------------------- 1 | # DEFAULT 2 | PM_MAX_REQUESTS=500 3 | PM_PROCESS_IDDLE_TIMEOUT="10s" 4 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.2_docker/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80 default; 4 | 5 | client_max_body_size 108M; 6 | keepalive_timeout 90; 7 | send_timeout 300; 8 | 9 | access_log /var/log/nginx/application.access.log; 10 | 11 | root /application/public; 12 | 13 | index index.php; 14 | 15 | # try to serve file directly, fallback to index.php 16 | location / { 17 | try_files $uri /index.php$is_args$args; 18 | } 19 | 20 | if (!-e $request_filename) { 21 | rewrite ^.*$ /index.php last; 22 | } 23 | 24 | location ~ \.php$ { 25 | fastcgi_pass php-fpm:9000; 26 | fastcgi_index index.php; 27 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 28 | fastcgi_param PHP_VALUE "error_log=/var/log/nginx/application.errors.log"; 29 | fastcgi_buffers 16 16k; 30 | fastcgi_buffer_size 32k; 31 | include fastcgi_params; 32 | } 33 | 34 | ## INC 35 | #include /application/nginx.conf; 36 | 37 | } 38 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.2_docker/php-fpm/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM phpdockerio/php:8.2-fpm 2 | WORKDIR "/application" 3 | 4 | RUN apt-get update; \ 5 | apt-get -y --no-install-recommends install \ 6 | vim \ 7 | git \ 8 | php8.2-raphf \ 9 | php8.2-bcmath \ 10 | php8.2-bz2 \ 11 | php8.2-gd \ 12 | php8.2-gmagick \ 13 | php8.2-gmp \ 14 | php8.2-grpc \ 15 | php8.2-imap \ 16 | php8.2-mysql \ 17 | php8.2-pgsql \ 18 | php8.2-redis \ 19 | php8.2-tidy \ 20 | php8.2-xdebug \ 21 | php8.2-xmlrpc \ 22 | php8.2-yaml \ 23 | php8.2-zstd; \ 24 | apt-get clean; \ 25 | rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/* 26 | 27 | COPY php-ini-overrides.ini /etc/php/8.2/fpm/conf.d/z-overrides.ini 28 | COPY opcache-prod.ini /etc/php/8.2/fpm/conf.d/z-opcache.ini 29 | COPY php-fpm-pool-prod.conf /etc/php/8.2/fpm/pool.d/z-optimised.conf 30 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.2_docker/php-fpm/opcache-prod.ini: -------------------------------------------------------------------------------- 1 | ; Deployment-optimised opcache settings 2 | ; 3 | 4 | ;opcache.preload=/application/config/preload.php 5 | ;opcache.preload_user=www-data 6 | 7 | opcache.enable=0 8 | opcache.enable_cli=0 9 | 10 | ; Do not check for changes in files 11 | opcache.validate_timestamps=0 12 | opcache.consistency_checks=0 13 | 14 | ; Reduce opcache key sizes 15 | opcache.revalidate_path=0 16 | opcache.revalidate_freq=0 17 | opcache.use_cwd=0 18 | 19 | ; We use annotations for many things, ensure OPCache keeps them 20 | opcache.save_comments=1 21 | 22 | opcache.memory_consumption=32 23 | opcache.interned_strings_buffer=6 24 | 25 | ; 550 measured 26 | opcache.max_accelerated_files=2000 27 | 28 | ; Speeds up autoloader 29 | opcache.enable_file_override=1 30 | 31 | ; Speeds up freeing of workers 32 | opcache.fast_shutdown=1 33 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.2_docker/php-fpm/php-fpm-pool-prod.conf: -------------------------------------------------------------------------------- 1 | [www] 2 | ; Ensure dynamic child creation is off to avoid the overhead on the main fpm process 3 | pm = static 4 | 5 | pm.max_children = 8 6 | -------------------------------------------------------------------------------- /config/docker-compose/php/production-stack-proxy/php-8.2_docker/php-fpm/php-ini-overrides.ini: -------------------------------------------------------------------------------- 1 | upload_max_filesize = 100M 2 | post_max_size = 108M 3 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/.env: -------------------------------------------------------------------------------- 1 | # WORDPRESS .ENV 2 | # –––––––––––––––––––––––––––––––––––––––––– 3 | 4 | COMPOSE_PROJECT_NAME= 5 | 6 | ## PROJECT 7 | PROJECT_NAME= 8 | PROJECT_DOMAIN= 9 | 10 | ## PHPMYADMIN 11 | PHPMYADMIN_DOMAIN= 12 | PHPMYADMIN_PORT= 13 | PHPMYADMIN_DATA=./phpmyadmin 14 | 15 | ## WEBSERVER 16 | WP_PORT= 17 | WWW_DATA_DIR=./wordpress 18 | WORDPRESS_TABLE_PREFIX=wp_ 19 | 20 | ## PHP 21 | PHP_VERSION=8.1 22 | 23 | ## MYSQL 24 | MYSQL_DATABASE=db_name 25 | MYSQL_USER=db_user 26 | MYSQL_PASSWORD=db_user_pass 27 | MYSQL_ROOT_PASSWORD='root_pass' 28 | MYSQL_DATA_DIR=./mysql_data 29 | 30 | ## REDIS 31 | REDIS_DATA=./redis 32 | 33 | ## SSH 34 | SSH_HOST_PORT= 35 | SSH_MASTER_USER= 36 | SSH_MASTER_PASS= -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-7.4_docker/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80 default; 4 | 5 | client_max_body_size 108M; 6 | keepalive_timeout 90; 7 | send_timeout 300; 8 | 9 | access_log /var/log/nginx/wordpress.access.log; 10 | 11 | root /wordpress; 12 | 13 | index index.php; 14 | 15 | # WORDPRESS : Rewrite rules, sends everything through index.php and keeps the appended query string intact 16 | location / { 17 | try_files $uri $uri/ /index.php?q=$uri&$args; 18 | } 19 | 20 | # SECURITY : Deny all attempts to access PHP Files in the uploads directory 21 | location ~* /(?:uploads|files)/.*\.php$ { 22 | deny all; 23 | } 24 | 25 | # REQUIREMENTS : Enable PHP Support 26 | location ~ \.php$ { 27 | fastcgi_pass php-fpm:9000; 28 | fastcgi_index index.php; 29 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 30 | fastcgi_param PHP_VALUE "error_log=/var/log/nginx/wordpress.errors.log"; 31 | fastcgi_buffers 16 16k; 32 | fastcgi_buffer_size 32k; 33 | include fastcgi_params; 34 | } 35 | 36 | ## INC 37 | #include /wordpress/nginx.conf; 38 | 39 | } 40 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-7.4_docker/php-fpm/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM phpdockerio/php:7.4-fpm 2 | WORKDIR "/wordpress" 3 | 4 | RUN apt-get update; \ 5 | apt-get -y --no-install-recommends install \ 6 | vim \ 7 | git \ 8 | php7.4-bcmath \ 9 | php7.4-bz2 \ 10 | php7.4-intl \ 11 | php7.4-imap \ 12 | php7.4-imagick \ 13 | php7.4-mysql \ 14 | php7.4-yaml \ 15 | php7.4-gd \ 16 | php7.4-redis; \ 17 | apt-get clean; \ 18 | rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/* 19 | 20 | COPY php-ini-overrides.ini /etc/php/7.4/fpm/conf.d/z-overrides.ini 21 | COPY opcache-prod.ini /etc/php/7.4/fpm/conf.d/z-opcache.ini 22 | COPY php-fpm-pool-prod.conf /etc/php/7.4/fpm/pool.d/z-optimised.conf 23 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-7.4_docker/php-fpm/opcache-prod.ini: -------------------------------------------------------------------------------- 1 | ; Deployment-optimised opcache settings 2 | ; 3 | 4 | ;opcache.preload=/application/config/preload.php 5 | ;opcache.preload_user=www-data 6 | 7 | opcache.enable=0 8 | opcache.enable_cli=0 9 | 10 | ; Do not check for changes in files 11 | opcache.validate_timestamps=0 12 | opcache.consistency_checks=0 13 | 14 | ; Reduce opcache key sizes 15 | opcache.revalidate_path=0 16 | opcache.revalidate_freq=0 17 | opcache.use_cwd=0 18 | 19 | ; We use annotations for many things, ensure OPCache keeps them 20 | opcache.save_comments=1 21 | 22 | opcache.memory_consumption=32 23 | opcache.interned_strings_buffer=6 24 | 25 | ; 550 measured 26 | opcache.max_accelerated_files=2000 27 | 28 | ; Speeds up autoloader 29 | opcache.enable_file_override=1 30 | 31 | ; Speeds up freeing of workers 32 | opcache.fast_shutdown=1 33 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-7.4_docker/php-fpm/php-fpm-pool-prod.conf: -------------------------------------------------------------------------------- 1 | [www] 2 | ; Ensure dynamic child creation is off to avoid the overhead on the main fpm process 3 | pm = static 4 | 5 | pm.max_children = 8 6 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-7.4_docker/php-fpm/php-ini-overrides.ini: -------------------------------------------------------------------------------- 1 | upload_max_filesize = 100M 2 | post_max_size = 108M 3 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.0_docker/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80 default; 4 | 5 | client_max_body_size 108M; 6 | keepalive_timeout 90; 7 | send_timeout 300; 8 | 9 | access_log /var/log/nginx/wordpress.access.log; 10 | 11 | root /wordpress; 12 | 13 | index index.php; 14 | 15 | # WORDPRESS : Rewrite rules, sends everything through index.php and keeps the appended query string intact 16 | location / { 17 | try_files $uri $uri/ /index.php?q=$uri&$args; 18 | } 19 | 20 | # SECURITY : Deny all attempts to access PHP Files in the uploads directory 21 | location ~* /(?:uploads|files)/.*\.php$ { 22 | deny all; 23 | } 24 | 25 | # REQUIREMENTS : Enable PHP Support 26 | location ~ \.php$ { 27 | fastcgi_pass php-fpm:9000; 28 | fastcgi_index index.php; 29 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 30 | fastcgi_param PHP_VALUE "error_log=/var/log/nginx/wordpress.errors.log"; 31 | fastcgi_buffers 16 16k; 32 | fastcgi_buffer_size 32k; 33 | include fastcgi_params; 34 | } 35 | 36 | ## INC 37 | #include /wordpress/nginx.conf; 38 | 39 | } 40 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.0_docker/php-fpm/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM phpdockerio/php:8.0-fpm 2 | WORKDIR "/wordpress" 3 | 4 | RUN apt-get update; \ 5 | apt-get -y --no-install-recommends install \ 6 | vim \ 7 | git \ 8 | php8.0-bz2 \ 9 | php8.0-gd \ 10 | php8.0-imagick \ 11 | php8.0-imap \ 12 | php8.0-intl \ 13 | php8.0-mcrypt \ 14 | php8.0-mysql \ 15 | php8.0-oauth \ 16 | php8.0-pgsql \ 17 | php8.0-redis \ 18 | php8.0-xdebug \ 19 | php8.0-xmlrpc; \ 20 | apt-get clean; \ 21 | rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/* 22 | 23 | COPY php-ini-overrides.ini /etc/php/8.0/fpm/conf.d/z-overrides.ini 24 | COPY opcache-prod.ini /etc/php/8.0/fpm/conf.d/z-opcache.ini 25 | COPY php-fpm-pool-prod.conf /etc/php/8.0/fpm/pool.d/z-optimised.conf 26 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.0_docker/php-fpm/opcache-prod.ini: -------------------------------------------------------------------------------- 1 | ; Deployment-optimised opcache settings 2 | ; 3 | 4 | ;opcache.preload=/application/config/preload.php 5 | ;opcache.preload_user=www-data 6 | 7 | opcache.enable=0 8 | opcache.enable_cli=0 9 | 10 | ; Do not check for changes in files 11 | opcache.validate_timestamps=0 12 | opcache.consistency_checks=0 13 | 14 | ; Reduce opcache key sizes 15 | opcache.revalidate_path=0 16 | opcache.revalidate_freq=0 17 | opcache.use_cwd=0 18 | 19 | ; We use annotations for many things, ensure OPCache keeps them 20 | opcache.save_comments=1 21 | 22 | opcache.memory_consumption=32 23 | opcache.interned_strings_buffer=6 24 | 25 | ; 550 measured 26 | opcache.max_accelerated_files=2000 27 | 28 | ; Speeds up autoloader 29 | opcache.enable_file_override=1 30 | 31 | ; Speeds up freeing of workers 32 | opcache.fast_shutdown=1 33 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.0_docker/php-fpm/php-fpm-pool-prod.conf: -------------------------------------------------------------------------------- 1 | [www] 2 | ; Ensure dynamic child creation is off to avoid the overhead on the main fpm process 3 | pm = static 4 | 5 | pm.max_children = 8 6 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.0_docker/php-fpm/php-ini-overrides.ini: -------------------------------------------------------------------------------- 1 | upload_max_filesize = 100M 2 | post_max_size = 108M 3 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.1_docker/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80 default; 4 | 5 | client_max_body_size 108M; 6 | keepalive_timeout 90; 7 | send_timeout 300; 8 | 9 | access_log /var/log/nginx/wordpress.access.log; 10 | 11 | root /wordpress; 12 | 13 | index index.php; 14 | 15 | # WORDPRESS : Rewrite rules, sends everything through index.php and keeps the appended query string intact 16 | location / { 17 | try_files $uri $uri/ /index.php?q=$uri&$args; 18 | } 19 | 20 | # SECURITY : Deny all attempts to access PHP Files in the uploads directory 21 | location ~* /(?:uploads|files)/.*\.php$ { 22 | deny all; 23 | } 24 | 25 | # REQUIREMENTS : Enable PHP Support 26 | location ~ \.php$ { 27 | fastcgi_pass php-fpm:9000; 28 | fastcgi_index index.php; 29 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 30 | fastcgi_param PHP_VALUE "error_log=/var/log/nginx/wordpress.errors.log"; 31 | fastcgi_buffers 16 16k; 32 | fastcgi_buffer_size 32k; 33 | include fastcgi_params; 34 | } 35 | 36 | ## INC 37 | #include /wordpress/nginx.conf; 38 | 39 | } 40 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.1_docker/php-fpm/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM phpdockerio/php:8.1-fpm 2 | WORKDIR "/wordpress" 3 | 4 | RUN apt-get update; \ 5 | apt-get -y --no-install-recommends install \ 6 | vim \ 7 | git \ 8 | php8.1-bcmath \ 9 | php8.1-raphf \ 10 | php8.1-bz2 \ 11 | php8.1-cgi \ 12 | php8.1-gd \ 13 | php8.1-grpc \ 14 | php8.1-http \ 15 | php8.1-intl \ 16 | php8.1-imagick \ 17 | php8.1-imap \ 18 | php8.1-inotify \ 19 | php8.1-mcrypt \ 20 | php8.1-mysql \ 21 | php8.1-redis \ 22 | php8.1-xmlrpc \ 23 | php8.1-yaml \ 24 | php8.1-zstd; \ 25 | apt-get clean; \ 26 | rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/* 27 | 28 | COPY php-ini-overrides.ini /etc/php/8.1/fpm/conf.d/z-overrides.ini 29 | COPY opcache-prod.ini /etc/php/8.1/fpm/conf.d/z-opcache.ini 30 | COPY php-fpm-pool-prod.conf /etc/php/8.1/fpm/pool.d/z-optimised.conf 31 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.1_docker/php-fpm/opcache-prod.ini: -------------------------------------------------------------------------------- 1 | ; Deployment-optimised opcache settings 2 | ; 3 | 4 | ;opcache.preload=/application/config/preload.php 5 | ;opcache.preload_user=www-data 6 | 7 | opcache.enable=0 8 | opcache.enable_cli=0 9 | 10 | ; Do not check for changes in files 11 | opcache.validate_timestamps=0 12 | opcache.consistency_checks=0 13 | 14 | ; Reduce opcache key sizes 15 | opcache.revalidate_path=0 16 | opcache.revalidate_freq=0 17 | opcache.use_cwd=0 18 | 19 | ; We use annotations for many things, ensure OPCache keeps them 20 | opcache.save_comments=1 21 | 22 | opcache.memory_consumption=32 23 | opcache.interned_strings_buffer=6 24 | 25 | ; 550 measured 26 | opcache.max_accelerated_files=2000 27 | 28 | ; Speeds up autoloader 29 | opcache.enable_file_override=1 30 | 31 | ; Speeds up freeing of workers 32 | opcache.fast_shutdown=1 33 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.1_docker/php-fpm/php-fpm-pool-prod.conf: -------------------------------------------------------------------------------- 1 | [www] 2 | ; Ensure dynamic child creation is off to avoid the overhead on the main fpm process 3 | pm = static 4 | 5 | pm.max_children = 8 6 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.1_docker/php-fpm/php-ini-overrides.ini: -------------------------------------------------------------------------------- 1 | upload_max_filesize = 100M 2 | post_max_size = 108M 3 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.2_docker/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80 default; 4 | 5 | client_max_body_size 108M; 6 | keepalive_timeout 90; 7 | send_timeout 300; 8 | 9 | access_log /var/log/nginx/wordpress.access.log; 10 | 11 | root /wordpress; 12 | 13 | index index.php; 14 | 15 | # WORDPRESS : Rewrite rules, sends everything through index.php and keeps the appended query string intact 16 | location / { 17 | try_files $uri $uri/ /index.php?q=$uri&$args; 18 | } 19 | 20 | # SECURITY : Deny all attempts to access PHP Files in the uploads directory 21 | location ~* /(?:uploads|files)/.*\.php$ { 22 | deny all; 23 | } 24 | 25 | # REQUIREMENTS : Enable PHP Support 26 | location ~ \.php$ { 27 | fastcgi_pass php-fpm:9000; 28 | fastcgi_index index.php; 29 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 30 | fastcgi_param PHP_VALUE "error_log=/var/log/nginx/wordpress.errors.log"; 31 | fastcgi_buffers 16 16k; 32 | fastcgi_buffer_size 32k; 33 | include fastcgi_params; 34 | } 35 | 36 | ## INC 37 | #include /wordpress/nginx.conf; 38 | 39 | } 40 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.2_docker/php-fpm/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM phpdockerio/php:8.2-fpm 2 | WORKDIR "/wordpress" 3 | 4 | # This image use the composer v2 5 | # If for whatever reason you need to roll back to v1, uncomment the following line: 6 | # COPY --from=composer:1 /usr/bin/composer /usr/bin/composer 7 | 8 | # Extensions already included on base image: 9 | # APC, cURL, JSON, Sodium, MBString, OPCache, Readline, XML and Zip 10 | RUN apt-get update; \ 11 | apt-get -y --no-install-recommends install \ 12 | vim \ 13 | git \ 14 | php8.2-bcmath \ 15 | php8.2-raphf \ 16 | php8.2-bz2 \ 17 | php8.2-gd \ 18 | php8.2-gmagick \ 19 | php8.2-gmp \ 20 | php8.2-grpc \ 21 | php8.2-imap \ 22 | php8.2-mysql \ 23 | php8.2-pgsql \ 24 | php8.2-redis \ 25 | php8.2-tidy \ 26 | php8.2-xdebug \ 27 | php8.2-xmlrpc \ 28 | php8.2-yaml \ 29 | php8.2-zstd; \ 30 | apt-get clean; \ 31 | rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/* 32 | 33 | COPY php-ini-overrides.ini /etc/php/8.2/fpm/conf.d/z-overrides.ini 34 | COPY opcache-prod.ini /etc/php/8.2/fpm/conf.d/z-opcache.ini 35 | COPY php-fpm-pool-prod.conf /etc/php/8.2/fpm/pool.d/z-optimised.conf 36 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.2_docker/php-fpm/opcache-prod.ini: -------------------------------------------------------------------------------- 1 | ; Deployment-optimised opcache settings 2 | ; 3 | 4 | ;opcache.preload=/application/config/preload.php 5 | ;opcache.preload_user=www-data 6 | 7 | opcache.enable=0 8 | opcache.enable_cli=0 9 | 10 | ; Do not check for changes in files 11 | opcache.validate_timestamps=0 12 | opcache.consistency_checks=0 13 | 14 | ; Reduce opcache key sizes 15 | opcache.revalidate_path=0 16 | opcache.revalidate_freq=0 17 | opcache.use_cwd=0 18 | 19 | ; We use annotations for many things, ensure OPCache keeps them 20 | opcache.save_comments=1 21 | 22 | opcache.memory_consumption=32 23 | opcache.interned_strings_buffer=6 24 | 25 | ; 550 measured 26 | opcache.max_accelerated_files=2000 27 | 28 | ; Speeds up autoloader 29 | opcache.enable_file_override=1 30 | 31 | ; Speeds up freeing of workers 32 | opcache.fast_shutdown=1 33 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.2_docker/php-fpm/php-fpm-pool-prod.conf: -------------------------------------------------------------------------------- 1 | [www] 2 | ; Ensure dynamic child creation is off to avoid the overhead on the main fpm process 3 | pm = static 4 | 5 | pm.max_children = 8 6 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/php-8.2_docker/php-fpm/php-ini-overrides.ini: -------------------------------------------------------------------------------- 1 | upload_max_filesize = 100M 2 | post_max_size = 108M 3 | -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/ssh_docker/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:10.13-slim 2 | 3 | ARG SSH_MASTER_USER 4 | ARG SSH_MASTER_PASS 5 | 6 | RUN apt-get update \ 7 | && apt-get install -y --no-install-recommends \ 8 | vim \ 9 | sudo \ 10 | openssh-server 11 | 12 | COPY ssh_config /etc/ssh/ssh_config 13 | COPY sshd_config /etc/ssh/sshd_config 14 | 15 | COPY user.sh /usr/local/bin/user.sh 16 | RUN chmod +x /usr/local/bin/user.sh 17 | RUN /usr/local/bin/user.sh 18 | RUN rm /usr/local/bin/user.sh 19 | 20 | COPY entrypoint.sh /usr/local/bin/entrypoint.sh 21 | RUN chmod +x /usr/local/bin/entrypoint.sh 22 | 23 | ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] 24 | 25 | CMD tail -f /dev/null -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/ssh_docker/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | printf "\n\033[0;44m---> Starting the SSH server.\033[0m\n" 5 | 6 | service ssh start 7 | service ssh status 8 | 9 | exec "$@" -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/ssh_docker/ssh_config: -------------------------------------------------------------------------------- 1 | # Prevents "Are you sure you want to continue connecting (yes/no)?" question while connecting to the server. 2 | # The host IP below is the client machine where the ssh command is issued from. 3 | # Host 192.168.99.* 4 | # StrictHostKeyChecking no 5 | # UserKnownHostsFile=/dev/null 6 | 7 | Host * 8 | HashKnownHosts yes 9 | GSSAPIAuthentication yes -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/ssh_docker/sshd_config: -------------------------------------------------------------------------------- 1 | ChallengeResponseAuthentication no 2 | UsePAM no 3 | PrintMotd no 4 | X11Forwarding no 5 | AllowTcpForwarding no 6 | AllowAgentForwarding no 7 | PermitTunnel no 8 | 9 | Subsystem sftp internal-sftp 10 | Match Group sftp 11 | ChrootDirectory %h 12 | X11Forwarding no 13 | AllowTcpForwarding no 14 | AllowAgentForwarding no 15 | PermitTunnel no 16 | ForceCommand internal-sftp -------------------------------------------------------------------------------- /config/docker-compose/wordpress/production-stack-proxy/ssh_docker/user.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | printf "\n\033[0;44m---> Creating SSH master user.\033[0m\n" 5 | 6 | useradd -m -d /home/${SSH_MASTER_USER} -G ssh ${SSH_MASTER_USER} -s /bin/bash 7 | echo "${SSH_MASTER_USER}:${SSH_MASTER_PASS}" | chpasswd 8 | echo 'PATH="/usr/local/bin:/usr/bin:/bin:/usr/sbin"' >> /home/${SSH_MASTER_USER}/.profile 9 | 10 | echo "${SSH_MASTER_USER} ALL=NOPASSWD:/bin/rm" >> /etc/sudoers 11 | echo "${SSH_MASTER_USER} ALL=NOPASSWD:/bin/mkdir" >> /etc/sudoers 12 | echo "${SSH_MASTER_USER} ALL=NOPASSWD:/bin/chown" >> /etc/sudoers 13 | echo "${SSH_MASTER_USER} ALL=NOPASSWD:/usr/sbin/useradd" >> /etc/sudoers 14 | echo "${SSH_MASTER_USER} ALL=NOPASSWD:/usr/sbin/deluser" >> /etc/sudoers 15 | echo "${SSH_MASTER_USER} ALL=NOPASSWD:/usr/sbin/chpasswd" >> /etc/sudoers 16 | 17 | addgroup sftp 18 | 19 | exec "$@" -------------------------------------------------------------------------------- /config/domain_extension-list: -------------------------------------------------------------------------------- 1 | # Countries 2 | .ae # United Arab Emirates 3 | .africa # Africa 4 | .al # Albania 5 | .ai # Anguilla 6 | .ag # Antigua 7 | .ar # Argentina 8 | .com.ar # Argentina 9 | .edu.ar # Argentina 10 | .org.ar # Argentina 11 | .net.ar # Argentina 12 | .tur.ar # Argentina 13 | .gob.ar # Argentina 14 | .asia # Asia 15 | .com.au # Australia 16 | .at # Austria 17 | .bb # Barbados 18 | .be # Belgium 19 | .bo # Bolivia 20 | .com.br # Brazil 21 | .io # British Indian Ocean Territory 22 | .bg # Bulgaria 23 | .cm # Cameroon 24 | .ca # Canada 25 | .cl # Chile 26 | .cn # China 27 | .com.cn # China 28 | .com.co # Colombia 29 | .cg # Congo Republic 30 | .co.cr # Costa Rica 31 | .com.hr # Croatia 32 | .hr # Croatia 33 | .cz # Czech Republic 34 | .dk # Denmark 35 | .ec # Ecuador 36 | .com.eg # Egypt 37 | .eg # Egypt 38 | .eu # European Union 39 | .fi # Finland 40 | .fr # France 41 | .de # Germany 42 | .gr # Greece 43 | .ht # Haiti 44 | .com.hk # Hong Kong 45 | .hk # Hong Kong 46 | .is # Iceland 47 | .in # India 48 | .co.id # Indonesia 49 | .ie # Ireland 50 | .it # Italy 51 | .jp # Japan 52 | .jo # Jordan 53 | .la # Laos 54 | .lv # Latvia 55 | .ly # Libya 56 | .my # Malaysia 57 | .mr # Mauritania 58 | .com.mx # Mexico 59 | .mx # Mexico 60 | .me # Montenegro 61 | .nl # Netherlands 62 | .no # Norway 63 | .pk # Pakistan 64 | .ps # Palestine 65 | .com.pa # Panama 66 | .com.py # Paraguay 67 | .pe # Peru 68 | .ph # Philippines 69 | .pl # Poland 70 | .pt # Portugal 71 | .com.pr # Puerto Rico 72 | .qa # Qatar 73 | .ro # Romania 74 | .ru # Russian Federation 75 | .sl # Sierra Leone 76 | .sg # Singapore 77 | .sk # Slovakia 78 | .si # Slovenia 79 | .kr # South Korea 80 | .es # Spain 81 | .se # Sweden 82 | .ch # Switzerland 83 | .tw # Taiwan 84 | .com.tr # Turkey 85 | .tv # Tuvalu 86 | .ua # Ukraine 87 | .co.uk # United Kingdom 88 | .uk # United Kingdom 89 | .com.uy # Uruguay 90 | .uy # Uruguay 91 | .us # USA 92 | .uz # Uzbekistan 93 | .com.ve # Venezuela 94 | .vn # Vietnam 95 | 96 | # Generic 97 | .com 98 | .net 99 | .org 100 | .dev 101 | .app 102 | .co 103 | .club 104 | .biz 105 | .info 106 | .int 107 | .mobi 108 | .pw 109 | .tel 110 | .travel 111 | .tv 112 | .media 113 | .agency 114 | .xxx 115 | .host 116 | .hosting 117 | .live 118 | .studio 119 | .team 120 | .top 121 | .icu 122 | .us 123 | .website 124 | .xyz 125 | 126 | # TLDs 127 | https://data.iana.org/TLD/tlds-alpha-by-domain.txt 128 | -------------------------------------------------------------------------------- /config/monit/docker-mysql: -------------------------------------------------------------------------------- 1 | # Docker MySQL container monitoring 2 | check program mysql-container with path "/root/brolit-shell/tools/monitor_docker_mysql.sh" 3 | if status != 0 then alert 4 | if 3 restarts within 5 cycles then timeout 5 | -------------------------------------------------------------------------------- /config/monit/fail2ban: -------------------------------------------------------------------------------- 1 | # Fail2ban 2 | check process fail2ban with pidfile /var/run/fail2ban/fail2ban.pid 3 | start program = "/usr/bin/systemctl start fail2ban" 4 | stop program = "/usr/bin/systemctl stop fail2ban" 5 | if failed unixsocket /var/run/fail2ban/fail2ban.sock protocol fail2ban then alert 6 | -------------------------------------------------------------------------------- /config/monit/mysql: -------------------------------------------------------------------------------- 1 | # MySQL 2 | check process mysql with pidfile /var/run/mysqld/mysqld.pid 3 | start program = "/usr/bin/systemctl start mysql" 4 | stop program = "/usr/bin/systemctl stop mysql" 5 | if failed unixsocket /var/run/mysqld/mysqld.sock then restart 6 | if cpu > 90% for 5 cycles then alert 7 | if cpu > 90% for 5 cycles then restart 8 | if 5 restarts within 5 cycles then timeout 9 | -------------------------------------------------------------------------------- /config/monit/nginx: -------------------------------------------------------------------------------- 1 | # Nginx 2 | check process nginx with pidfile /var/run/nginx.pid 3 | group www-data 4 | start program = "/usr/bin/systemctl start nginx" 5 | stop program = "/usr/bin/systemctl stop nginx" 6 | if cpu > 90% for 5 cycles then restart 7 | if 3 restarts within 5 cycles then timeout 8 | -------------------------------------------------------------------------------- /config/monit/phpfpm: -------------------------------------------------------------------------------- 1 | # PHP-FPM 2 | check process phpPHP_V-fpm with pidfile /var/run/php/phpPHP_V-fpm.pid 3 | start program = "/usr/bin/systemctl start phpPHP_V-fpm" 4 | stop program = "/usr/bin/systemctl stop phpPHP_V-fpm" 5 | if failed unixsocket /var/run/php/phpPHP_V-fpm.sock then restart 6 | if cpu > 90% for 5 cycles then alert 7 | if memory usage > 90% for 5 cycles then restart 8 | if 5 restarts within 5 cycles then timeout 9 | -------------------------------------------------------------------------------- /config/monit/postgresql: -------------------------------------------------------------------------------- 1 | # PostgreSQL 2 | check process postgresql with pidfile /var/run/postgresql/postgresql.pid 3 | start program = "/usr/bin/systemctl start postgres" 4 | restart program = "/usr/bin/systemctl start postgres" 5 | stop program = "/usr/bin/systemctl stop postgres" 6 | if failed unixsocket /var/run/postgresql/.s.PGSQL.5432 then restart 7 | if cpu > 90% for 5 cycles then alert 8 | if 5 restarts within 5 cycles then timeout 9 | -------------------------------------------------------------------------------- /config/monit/redis: -------------------------------------------------------------------------------- 1 | # Redis 2 | check process redis-server 3 | with pidfile "/var/run/redis.pid" 4 | start program = "/etc/init.d/redis-server start" 5 | stop program = "/etc/init.d/redis-server stop" 6 | if totalmem > 100 Mb then alert 7 | if children > 255 for 5 cycles then stop 8 | if cpu usage > 95% for 3 cycles then restart 9 | if failed host 127.0.0.1 port 6379 then restart 10 | if 5 restarts within 5 cycles then timeout -------------------------------------------------------------------------------- /config/monit/system: -------------------------------------------------------------------------------- 1 | #System Monitoring 2 | 3 | #check system HOSTNAME 4 | # if memory usage > 80% for 2 cycles then alert 5 | # if cpu usage > 95% for 10 cycles then alert 6 | # if cpu usage (user) > 70% for 2 cycles then alert 7 | # if cpu usage (system) > 30% then alert 8 | # if cpu usage (wait) > 20% then alert 9 | # if loadavg (5min) > 4 for 2 cycles then alert 10 | # if swap usage > 5% then alert 11 | # if cpu usage > 95% for 10 cycles then alert 12 | # if swap usage > 25% then alert 13 | 14 | # Alert if low on disk space. 15 | check filesystem rootfs with path / 16 | if space usage > 60% then alert 17 | 18 | #Event queue 19 | set eventqueue 20 | basedir /var/lib/monit/events # set the base directory where events will be stored 21 | slots 100 # optionally limit the queue size 22 | 23 | #Mail settings 24 | set mail-format { 25 | from: NOTIFICATION_EMAIL_SMTP_USER 26 | subject: $HOST - Monit Alert: $EVENT 27 | message: $EVENT Service $SERVICE 28 | Date: $DATE 29 | Action: $ACTION 30 | Host: $HOST 31 | Description: $DESCRIPTION 32 | 33 | Monit } 34 | set mailserver NOTIFICATION_EMAIL_SMTP_SERVER port NOTIFICATION_EMAIL_SMTP_PORT 35 | username NOTIFICATION_EMAIL_SMTP_USER password "NOTIFICATION_EMAIL_SMTP_UPASS" 36 | using TLSV12 with timeout 30 seconds 37 | set alert NOTIFICATION_EMAIL_MAILA 38 | 39 | #http settings 40 | set httpd port 2812 address 0.0.0.0 # allow connections on all adapters 41 | -------------------------------------------------------------------------------- /config/motd/00-header: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Foreground Colours 4 | cyan='36' 5 | 6 | [ -r /etc/lsb-release ] && . /etc/lsb-release 7 | 8 | if [ -z "${DISTRIB_DESCRIPTION}" ] && [ -x /usr/bin/lsb_release ]; then 9 | # Fall back to using the very slow lsb_release utility 10 | DISTRIB_DESCRIPTION="$(lsb_release -s -d)" 11 | fi 12 | 13 | # If exists, clear MOTD 14 | [ -f /etc/motd ] && echo "" > /etc/motd 15 | 16 | # Print message 17 | ## Ref: http://patorjk.com/software/taag/ 18 | printf '\n%s' "" 19 | printf "\033[0;%sm%40s\033[0m\n" "${cyan}" " .aMMMMP .aMMMb dMP dMP .aMMMb dMP dMP .aMMMb .aMMMb .aMMMb dMMMMb dMMMMMP " 20 | printf "\033[0;%sm%40s\033[0m\n" "${cyan}" " dMP' dMP'dMP dMP dMP dMP'VMP dMP dMP dMP'dMP dMP'VMP dMP'dMP dMP VMP dMP " 21 | printf "\033[0;%sm%40s\033[0m\n" "${cyan}" " dMP MMP'dMMMMMP dMP dMP dMP dMMMMMP dMP dMP dMP dMP dMP dMP dMP dMMMP " 22 | printf "\033[0;%sm%40s\033[0m\n" "${cyan}" "dMP.dMP dMP dMP dMP.aMP dMP.aMP dMP dMP dMP.aMP dMP.aMP dMP.aMP dMP.aMP dMP " 23 | printf "\033[0;%sm%40s\033[0m\n" "${cyan}" "VMMMP' dMP dMP VMMMP' VMMMP' dMP dMP VMMMP' VMMMP' VMMMP' dMMMMP' dMMMMMP " 24 | printf '\n%s' "" 25 | 26 | # if it is non-root user, skip 27 | [ "$(id -u)" -ne 0 ] && exit 0 28 | 29 | printf "%40s\n" "You are loggedin as root, please don't do anything stupid..." 30 | -------------------------------------------------------------------------------- /config/mysql/override.conf: -------------------------------------------------------------------------------- 1 | [Service] 2 | LimitNOFILE=max_open_files (ex: 102400) 3 | PIDFile=/path/to/pid/file (ex: /var/lib/mysql/mysql.pid) 4 | Nice=nice_level (ex: -10) 5 | Environment="LD_PRELOAD=/path/to/malloc/library" Environment="TZ=time_zone_setting" 6 | -------------------------------------------------------------------------------- /config/mysql/tunned.cnf: -------------------------------------------------------------------------------- 1 | [mysqld] 2 | 3 | # InnoDB Settings 4 | default_storage_engine = InnoDB 5 | innodb_buffer_pool_instances = 2 # Use 1 instance per 1GB of InnoDB pool size 6 | innodb_buffer_pool_size = 2G # Use up to 70-80% of RAM & optionally check if /proc/sys/vm/swappiness is set to 0 7 | innodb_file_per_table = 1 8 | innodb_flush_log_at_trx_commit = 0 9 | innodb_flush_method = O_DIRECT 10 | innodb_log_buffer_size = 16M 11 | innodb_log_file_size = 512M 12 | innodb_stats_on_metadata = 0 13 | 14 | #innodb_temp_data_file_path = ibtmp1:64M:autoextend:max:20G # Control the maximum size for the ibtmp1 file 15 | #innodb_thread_concurrency = 4 # Optional: Set to the number of CPUs on your system (minus 1 or 2) to better 16 | # contain CPU usage. E.g. if your system has 8 CPUs, try 6 or 7 and check 17 | # the overall load produced by MySQL/MariaDB. 18 | innodb_read_io_threads = 64 19 | innodb_write_io_threads = 64 20 | 21 | # MyISAM Settings 22 | query_cache_limit = 4M # UPD - Option supported up to MySQL v5.7 23 | query_cache_size = 48M # UPD - Option supported up to MySQL v5.7 24 | query_cache_type = 1 # Option supported up to MySQL v5.7 25 | 26 | key_buffer_size = 48M # UPD 27 | 28 | low_priority_updates = 1 29 | concurrent_insert = 2 30 | 31 | # Connection Settings 32 | max_connections = 100 # UPD 33 | 34 | back_log = 512 35 | thread_cache_size = 100 36 | thread_stack = 192K 37 | 38 | interactive_timeout = 180 39 | wait_timeout = 180 40 | 41 | # Buffer Settings 42 | join_buffer_size = 4M # UPD 43 | read_buffer_size = 3M # UPD 44 | read_rnd_buffer_size = 4M # UPD 45 | sort_buffer_size = 4M # UPD 46 | 47 | max_heap_table_size = 128M 48 | tmp_table_size = 128M 49 | 50 | # Search Settings 51 | ft_min_word_len = 3 # Minimum length of words to be indexed for search results 52 | -------------------------------------------------------------------------------- /config/netdata/health.d/anomalies.conf: -------------------------------------------------------------------------------- 1 | # raise a warning alarm if an anomaly probability is consistently above 70% 2 | 3 | template: anomalies_anomaly_probabilities 4 | on: anomalies.probability 5 | class: Errors 6 | type: Netdata 7 | component: ML 8 | lookup: average -30m foreach * 9 | every: 15m 10 | warn: $this > 70 11 | info: average anomaly probability over the last 30 minutes 12 | 13 | # raise a warning alarm if an anomaly flag is consistently firing 14 | 15 | template: anomalies_anomaly_flags 16 | on: anomalies.anomaly 17 | class: Errors 18 | type: Netdata 19 | component: ML 20 | lookup: sum -30m foreach * 21 | every: 15m 22 | warn: $this > 10 23 | info: number of anomalies in the last 30 minutes 24 | -------------------------------------------------------------------------------- /config/netdata/health.d/cpu.conf: -------------------------------------------------------------------------------- 1 | 2 | # you can disable an alarm notification by setting the 'to' line to: silent 3 | 4 | template: 10min_cpu_usage 5 | on: system.cpu 6 | class: Utilization 7 | type: System 8 | component: CPU 9 | os: linux 10 | hosts: * 11 | lookup: average -10m unaligned of user,system,softirq,irq,guest 12 | units: % 13 | every: 1m 14 | warn: $this > (($status >= $WARNING) ? (75) : (85)) 15 | crit: $this > (($status == $CRITICAL) ? (85) : (95)) 16 | delay: down 15m multiplier 1.5 max 1h 17 | info: average CPU utilization over the last 10 minutes (excluding iowait, nice and steal) 18 | to: sysadmin 19 | 20 | template: 10min_cpu_iowait 21 | on: system.cpu 22 | class: Utilization 23 | type: System 24 | component: CPU 25 | os: linux 26 | hosts: * 27 | lookup: average -10m unaligned of iowait 28 | units: % 29 | every: 1m 30 | warn: $this > (($status >= $WARNING) ? (20) : (40)) 31 | crit: $this > (($status == $CRITICAL) ? (40) : (50)) 32 | delay: down 15m multiplier 1.5 max 1h 33 | info: average CPU iowait time over the last 10 minutes 34 | to: sysadmin 35 | 36 | template: 20min_steal_cpu 37 | on: system.cpu 38 | class: Latency 39 | type: System 40 | component: CPU 41 | os: linux 42 | hosts: * 43 | lookup: average -20m unaligned of steal 44 | units: % 45 | every: 5m 46 | warn: $this > (($status >= $WARNING) ? (5) : (10)) 47 | crit: $this > (($status == $CRITICAL) ? (20) : (30)) 48 | delay: down 1h multiplier 1.5 max 2h 49 | info: average CPU steal time over the last 20 minutes 50 | to: sysadmin 51 | -------------------------------------------------------------------------------- /config/netdata/health.d/php-fpm.conf: -------------------------------------------------------------------------------- 1 | template: phpfpm_max_children_reached 2 | on: phpfpm.performance 3 | calc: $max_children_reached 4 | units: times 5 | every: 5m 6 | crit: $this > 0 7 | info: number of times phpfmp has reached max children 8 | to: webmaster 9 | 10 | template: phpfpm_local_requests 11 | on: phpfpm_local.requests 12 | calc: $phpfpm_local_requests 13 | units: times 14 | every: 5m 15 | crit: $this > 0 16 | info: number of times phpfmp has reached max children 17 | to: webmaster -------------------------------------------------------------------------------- /config/netdata/python.d/apache.conf: -------------------------------------------------------------------------------- 1 | # netdata python.d.plugin configuration for apache 2 | # 3 | # This file is in YaML format. Generally the format is: 4 | # 5 | # name: value 6 | # 7 | # There are 2 sections: 8 | # - global variables 9 | # - one or more JOBS 10 | # 11 | # JOBS allow you to collect values from multiple sources. 12 | # Each source will have its own set of charts. 13 | # 14 | # JOB parameters have to be indented (using spaces only, example below). 15 | 16 | # ---------------------------------------------------------------------- 17 | # Global Variables 18 | # These variables set the defaults for all JOBs, however each JOB 19 | # may define its own, overriding the defaults. 20 | 21 | # update_every sets the default data collection frequency. 22 | # If unset, the python.d.plugin default is used. 23 | # update_every: 1 24 | 25 | # priority controls the order of charts at the netdata dashboard. 26 | # Lower numbers move the charts towards the top of the page. 27 | # If unset, the default for python.d.plugin is used. 28 | # priority: 60000 29 | 30 | # penalty indicates whether to apply penalty to update_every in case of failures. 31 | # Penalty will increase every 5 failed updates in a row. Maximum penalty is 10 minutes. 32 | # penalty: yes 33 | 34 | # autodetection_retry sets the job re-check interval in seconds. 35 | # The job is not deleted if check fails. 36 | # Attempts to start the job are made once every autodetection_retry. 37 | # This feature is disabled by default. 38 | # autodetection_retry: 0 39 | 40 | # ---------------------------------------------------------------------- 41 | # JOBS (data collection sources) 42 | # 43 | # The default JOBS share the same *name*. JOBS with the same name 44 | # are mutually exclusive. Only one of them will be allowed running at 45 | # any time. This allows autodetection to try several alternatives and 46 | # pick the one that works. 47 | # 48 | # Any number of jobs is supported. 49 | # 50 | # All python.d.plugin JOBS (for all its modules) support a set of 51 | # predefined parameters. These are: 52 | # 53 | # job_name: 54 | # name: myname # the JOB's name as it will appear at the 55 | # # dashboard (by default is the job_name) 56 | # # JOBs sharing a name are mutually exclusive 57 | # update_every: 1 # the JOB's data collection frequency 58 | # priority: 60000 # the JOB's order on the dashboard 59 | # penalty: yes # the JOB's penalty 60 | # autodetection_retry: 0 # the JOB's re-check interval in seconds 61 | # 62 | # Additionally to the above, apache also supports the following: 63 | # 64 | # url: 'URL' # the URL to fetch apache's mod_status stats 65 | # 66 | # if the URL is password protected, the following are supported: 67 | # 68 | # user: 'username' 69 | # pass: 'password' 70 | 71 | # ---------------------------------------------------------------------- 72 | # AUTO-DETECTION JOBS 73 | # only one of them will run (they have the same name) 74 | 75 | localhost: 76 | name : 'local' 77 | url : 'http://localhost/server-status?auto' 78 | 79 | localipv4: 80 | name : 'local' 81 | url : 'http://127.0.0.1/server-status?auto' 82 | 83 | localipv6: 84 | name : 'local' 85 | url : 'http://[::1]/server-status?auto' 86 | -------------------------------------------------------------------------------- /config/netdata/python.d/fail2ban.conf: -------------------------------------------------------------------------------- 1 | # netdata python.d.plugin configuration for fail2ban 2 | # 3 | # This file is in YaML format. Generally the format is: 4 | # 5 | # name: value 6 | # 7 | # There are 2 sections: 8 | # - global variables 9 | # - one or more JOBS 10 | # 11 | # JOBS allow you to collect values from multiple sources. 12 | # Each source will have its own set of charts. 13 | # 14 | # JOB parameters have to be indented (using spaces only, example below). 15 | 16 | # ---------------------------------------------------------------------- 17 | # Global Variables 18 | # These variables set the defaults for all JOBs, however each JOB 19 | # may define its own, overriding the defaults. 20 | 21 | # update_every sets the default data collection frequency. 22 | # If unset, the python.d.plugin default is used. 23 | # update_every: 1 24 | 25 | # priority controls the order of charts at the netdata dashboard. 26 | # Lower numbers move the charts towards the top of the page. 27 | # If unset, the default for python.d.plugin is used. 28 | # priority: 60000 29 | 30 | # penalty indicates whether to apply penalty to update_every in case of failures. 31 | # Penalty will increase every 5 failed updates in a row. Maximum penalty is 10 minutes. 32 | # penalty: yes 33 | 34 | # autodetection_retry sets the job re-check interval in seconds. 35 | # The job is not deleted if check fails. 36 | # Attempts to start the job are made once every autodetection_retry. 37 | # This feature is disabled by default. 38 | # autodetection_retry: 0 39 | 40 | # ---------------------------------------------------------------------- 41 | # JOBS (data collection sources) 42 | # 43 | # The default JOBS share the same *name*. JOBS with the same name 44 | # are mutually exclusive. Only one of them will be allowed running at 45 | # any time. This allows autodetection to try several alternatives and 46 | # pick the one that works. 47 | # 48 | # Any number of jobs is supported. 49 | # 50 | # All python.d.plugin JOBS (for all its modules) support a set of 51 | # predefined parameters. These are: 52 | # 53 | # job_name: 54 | # name: myname # the JOB's name as it will appear at the 55 | # # dashboard (by default is the job_name) 56 | # # JOBs sharing a name are mutually exclusive 57 | # update_every: 1 # the JOB's data collection frequency 58 | # priority: 60000 # the JOB's order on the dashboard 59 | # penalty: yes # the JOB's penalty 60 | # autodetection_retry: 0 # the JOB's re-check interval in seconds 61 | # 62 | # Additionally to the above, fail2ban also supports the following: 63 | # 64 | # log_path: 'path to fail2ban.log' # Default: '/var/log/fail2ban.log' 65 | # conf_path: 'path to jail.local/jail.conf' # Default: '/etc/fail2ban/jail.local' 66 | # conf_dir: 'path to jail.d/' # Default: '/etc/fail2ban/jail.d/' 67 | # exclude: 'jails you want to exclude from autodetection' # Default: none 68 | #------------------------------------------------------------------------------------------------------------------ 69 | -------------------------------------------------------------------------------- /config/netdata/python.d/memcached.conf: -------------------------------------------------------------------------------- 1 | # netdata python.d.plugin configuration for memcached 2 | # 3 | # This file is in YaML format. Generally the format is: 4 | # 5 | # name: value 6 | # 7 | # There are 2 sections: 8 | # - global variables 9 | # - one or more JOBS 10 | # 11 | # JOBS allow you to collect values from multiple sources. 12 | # Each source will have its own set of charts. 13 | # 14 | # JOB parameters have to be indented (using spaces only, example below). 15 | 16 | # ---------------------------------------------------------------------- 17 | # Global Variables 18 | # These variables set the defaults for all JOBs, however each JOB 19 | # may define its own, overriding the defaults. 20 | 21 | # update_every sets the default data collection frequency. 22 | # If unset, the python.d.plugin default is used. 23 | # update_every: 1 24 | 25 | # priority controls the order of charts at the netdata dashboard. 26 | # Lower numbers move the charts towards the top of the page. 27 | # If unset, the default for python.d.plugin is used. 28 | # priority: 60000 29 | 30 | # penalty indicates whether to apply penalty to update_every in case of failures. 31 | # Penalty will increase every 5 failed updates in a row. Maximum penalty is 10 minutes. 32 | # penalty: yes 33 | 34 | # autodetection_retry sets the job re-check interval in seconds. 35 | # The job is not deleted if check fails. 36 | # Attempts to start the job are made once every autodetection_retry. 37 | # This feature is disabled by default. 38 | # autodetection_retry: 0 39 | 40 | # ---------------------------------------------------------------------- 41 | # JOBS (data collection sources) 42 | # 43 | # The default JOBS share the same *name*. JOBS with the same name 44 | # are mutually exclusive. Only one of them will be allowed running at 45 | # any time. This allows autodetection to try several alternatives and 46 | # pick the one that works. 47 | # 48 | # Any number of jobs is supported. 49 | # 50 | # All python.d.plugin JOBS (for all its modules) support a set of 51 | # predefined parameters. These are: 52 | # 53 | # job_name: 54 | # name: myname # the JOB's name as it will appear at the 55 | # # dashboard (by default is the job_name) 56 | # # JOBs sharing a name are mutually exclusive 57 | # update_every: 1 # the JOB's data collection frequency 58 | # priority: 60000 # the JOB's order on the dashboard 59 | # penalty: yes # the JOB's penalty 60 | # autodetection_retry: 0 # the JOB's re-check interval in seconds 61 | # 62 | # Additionally to the above, memcached also supports the following: 63 | # 64 | # socket: 'path/to/memcached.sock' 65 | # 66 | # or 67 | # host: 'IP or HOSTNAME' # the host to connect to 68 | # port: PORT # the port to connect to 69 | # 70 | # 71 | 72 | # ---------------------------------------------------------------------- 73 | # AUTO-DETECTION JOBS 74 | # only one of them will run (they have the same name) 75 | 76 | localhost: 77 | name : 'local' 78 | host : 'localhost' 79 | port : 11211 80 | 81 | localipv4: 82 | name : 'local' 83 | host : '127.0.0.1' 84 | port : 11211 85 | 86 | localipv6: 87 | name : 'local' 88 | host : '::1' 89 | port : 11211 90 | 91 | -------------------------------------------------------------------------------- /config/netdata/python.d/mongodb.conf: -------------------------------------------------------------------------------- 1 | # netdata python.d.plugin configuration for mongodb 2 | # 3 | # This file is in YaML format. Generally the format is: 4 | # 5 | # name: value 6 | # 7 | # There are 2 sections: 8 | # - global variables 9 | # - one or more JOBS 10 | # 11 | # JOBS allow you to collect values from multiple sources. 12 | # Each source will have its own set of charts. 13 | # 14 | # JOB parameters have to be indented (using spaces only, example below). 15 | 16 | # ---------------------------------------------------------------------- 17 | # Global Variables 18 | # These variables set the defaults for all JOBs, however each JOB 19 | # may define its own, overriding the defaults. 20 | 21 | # update_every sets the default data collection frequency. 22 | # If unset, the python.d.plugin default is used. 23 | # update_every: 1 24 | 25 | # priority controls the order of charts at the netdata dashboard. 26 | # Lower numbers move the charts towards the top of the page. 27 | # If unset, the default for python.d.plugin is used. 28 | # priority: 60000 29 | 30 | # penalty indicates whether to apply penalty to update_every in case of failures. 31 | # Penalty will increase every 5 failed updates in a row. Maximum penalty is 10 minutes. 32 | # penalty: yes 33 | 34 | # autodetection_retry sets the job re-check interval in seconds. 35 | # The job is not deleted if check fails. 36 | # Attempts to start the job are made once every autodetection_retry. 37 | # This feature is disabled by default. 38 | # autodetection_retry: 0 39 | 40 | # ---------------------------------------------------------------------- 41 | # JOBS (data collection sources) 42 | # 43 | # The default JOBS share the same *name*. JOBS with the same name 44 | # are mutually exclusive. Only one of them will be allowed running at 45 | # any time. This allows autodetection to try several alternatives and 46 | # pick the one that works. 47 | # 48 | # Any number of jobs is supported. 49 | # 50 | # All python.d.plugin JOBS (for all its modules) support a set of 51 | # predefined parameters. These are: 52 | # 53 | # job_name: 54 | # name: myname # the JOB's name as it will appear at the 55 | # # dashboard (by default is the job_name) 56 | # # JOBs sharing a name are mutually exclusive 57 | # update_every: 1 # the JOB's data collection frequency 58 | # priority: 60000 # the JOB's order on the dashboard 59 | # penalty: yes # the JOB's penalty 60 | # autodetection_retry: 0 # the JOB's re-check interval in seconds 61 | # 62 | # Additionally to the above, mongodb also supports the following: 63 | # 64 | # host: 'IP or HOSTNAME' # type the host to connect to 65 | # port: PORT # type the port to connect to 66 | # 67 | # in all cases, the following can also be set: 68 | # 69 | # authdb: 'dbname' # database to authenticate the user against, 70 | # # defaults to "admin". 71 | # user: 'username' # the mongodb username to use 72 | # pass: 'password' # the mongodb password to use 73 | # 74 | 75 | # ---------------------------------------------------------------------- 76 | # to connect to the mongodb on localhost, without a password: 77 | # ---------------------------------------------------------------------- 78 | # AUTO-DETECTION JOBS 79 | # only one of them will run (they have the same name) 80 | 81 | local: 82 | name : 'local' 83 | host : '127.0.0.1' 84 | port : 27017 85 | 86 | # authsample: 87 | # name : 'secure' 88 | # host : 'mongodb.example.com' 89 | # port : 27017 90 | # authdb : 'admin' 91 | # user : 'monitor' 92 | # password : 'supersecret' 93 | -------------------------------------------------------------------------------- /config/netdata/python.d/monit.conf: -------------------------------------------------------------------------------- 1 | # netdata python.d.plugin configuration for monit 2 | # 3 | # This file is in YaML format. Generally the format is: 4 | # 5 | # name: value 6 | # 7 | # There are 2 sections: 8 | # - global variables 9 | # - one or more JOBS 10 | # 11 | # JOBS allow you to collect values from multiple sources. 12 | # Each source will have its own set of charts. 13 | # 14 | # JOB parameters have to be indented (using spaces only, example below). 15 | 16 | # ---------------------------------------------------------------------- 17 | # Global Variables 18 | # These variables set the defaults for all JOBs, however each JOB 19 | # may define its own, overriding the defaults. 20 | 21 | # update_every sets the default data collection frequency. 22 | # If unset, the python.d.plugin default is used. 23 | # update_every: 1 24 | 25 | # priority controls the order of charts at the netdata dashboard. 26 | # Lower numbers move the charts towards the top of the page. 27 | # If unset, the default for python.d.plugin is used. 28 | # priority: 60000 29 | 30 | # penalty indicates whether to apply penalty to update_every in case of failures. 31 | # Penalty will increase every 5 failed updates in a row. Maximum penalty is 10 minutes. 32 | # penalty: yes 33 | 34 | # autodetection_retry sets the job re-check interval in seconds. 35 | # The job is not deleted if check fails. 36 | # Attempts to start the job are made once every autodetection_retry. 37 | # This feature is disabled by default. 38 | # autodetection_retry: 0 39 | 40 | # ---------------------------------------------------------------------- 41 | # JOBS (data collection sources) 42 | # 43 | # The default JOBS share the same *name*. JOBS with the same name 44 | # are mutually exclusive. Only one of them will be allowed running at 45 | # any time. This allows autodetection to try several alternatives and 46 | # pick the one that works. 47 | # 48 | # Any number of jobs is supported. 49 | # 50 | # All python.d.plugin JOBS (for all its modules) support a set of 51 | # predefined parameters. These are: 52 | # 53 | # job_name: 54 | # name: myname # the JOB's name as it will appear at the 55 | # # dashboard (by default is the job_name) 56 | # # JOBs sharing a name are mutually exclusive 57 | # update_every: 1 # the JOB's data collection frequency 58 | # priority: 60000 # the JOB's order on the dashboard 59 | # penalty: yes # the JOB's penalty 60 | # autodetection_retry: 0 # the JOB's re-check interval in seconds 61 | # 62 | # Additionally to the above, this plugin also supports the following: 63 | # 64 | # url: 'URL' # the URL to fetch monit's status stats 65 | # 66 | # if the URL is password protected, the following are supported: 67 | # 68 | # user: 'username' 69 | # pass: 'password' 70 | # 71 | # Example 72 | # 73 | # local: 74 | # name : 'Local Monit' 75 | # url : 'http://localhost:2812' 76 | # 77 | # "local" will show up in Netdata logs. "Reverse Proxy" will show up in the menu 78 | # in the monit section. 79 | 80 | # ---------------------------------------------------------------------- 81 | # AUTO-DETECTION JOBS 82 | # only one of them will run (they have the same name) 83 | 84 | localhost: 85 | name : 'local' 86 | url : 'http://localhost:2812' 87 | user : 'MONIT_USER' 88 | pass : 'MONIT_PASSWORD' 89 | -------------------------------------------------------------------------------- /config/netdata/python.d/phpfpm.conf: -------------------------------------------------------------------------------- 1 | # netdata python.d.plugin configuration for PHP-FPM 2 | # 3 | # This file is in YaML format. Generally the format is: 4 | # 5 | # name: value 6 | # 7 | # There are 2 sections: 8 | # - global variables 9 | # - one or more JOBS 10 | # 11 | # JOBS allow you to collect values from multiple sources. 12 | # Each source will have its own set of charts. 13 | # 14 | # JOB parameters have to be indented (using spaces only, example below). 15 | 16 | # ---------------------------------------------------------------------- 17 | # Global Variables 18 | # These variables set the defaults for all JOBs, however each JOB 19 | # may define its own, overriding the defaults. 20 | 21 | # update_every sets the default data collection frequency. 22 | # If unset, the python.d.plugin default is used. 23 | # update_every: 1 24 | 25 | # priority controls the order of charts at the netdata dashboard. 26 | # Lower numbers move the charts towards the top of the page. 27 | # If unset, the default for python.d.plugin is used. 28 | # priority: 60000 29 | 30 | # penalty indicates whether to apply penalty to update_every in case of failures. 31 | # Penalty will increase every 5 failed updates in a row. Maximum penalty is 10 minutes. 32 | # penalty: yes 33 | 34 | # autodetection_retry sets the job re-check interval in seconds. 35 | # The job is not deleted if check fails. 36 | # Attempts to start the job are made once every autodetection_retry. 37 | # This feature is disabled by default. 38 | # autodetection_retry: 0 39 | 40 | # ---------------------------------------------------------------------- 41 | # JOBS (data collection sources) 42 | # 43 | # The default JOBS share the same *name*. JOBS with the same name 44 | # are mutually exclusive. Only one of them will be allowed running at 45 | # any time. This allows autodetection to try several alternatives and 46 | # pick the one that works. 47 | # 48 | # Any number of jobs is supported. 49 | # 50 | # All python.d.plugin JOBS (for all its modules) support a set of 51 | # predefined parameters. These are: 52 | # 53 | # job_name: 54 | # name: myname # the JOB's name as it will appear at the 55 | # # dashboard (by default is the job_name) 56 | # # JOBs sharing a name are mutually exclusive 57 | # update_every: 1 # the JOB's data collection frequency 58 | # priority: 60000 # the JOB's order on the dashboard 59 | # penalty: yes # the JOB's penalty 60 | # autodetection_retry: 0 # the JOB's re-check interval in seconds 61 | # 62 | # Additionally to the above, PHP-FPM also supports the following: 63 | # 64 | # url: 'URL' # the URL to fetch nginx's status stats 65 | # # Be sure and include ?full&status at the end of the url 66 | # 67 | # if the URL is password protected, the following are supported: 68 | # 69 | # user: 'username' 70 | # pass: 'password' 71 | # 72 | 73 | # ---------------------------------------------------------------------- 74 | # AUTO-DETECTION JOBS 75 | # only one of them will run (they have the same name) 76 | 77 | localhost: 78 | name : 'local' 79 | url : "http://localhost/status?full&json" 80 | 81 | localipv4: 82 | name : 'local' 83 | url : "http://127.0.0.1/status?full&json" 84 | 85 | localipv6: 86 | name : 'local' 87 | url : "http://[::1]/status?full&json" 88 | 89 | -------------------------------------------------------------------------------- /config/netdata/python.d/postfix.conf: -------------------------------------------------------------------------------- 1 | # netdata python.d.plugin configuration for postfix 2 | # 3 | # This file is in YaML format. Generally the format is: 4 | # 5 | # name: value 6 | # 7 | # There are 2 sections: 8 | # - global variables 9 | # - one or more JOBS 10 | # 11 | # JOBS allow you to collect values from multiple sources. 12 | # Each source will have its own set of charts. 13 | # 14 | # JOB parameters have to be indented (using spaces only, example below). 15 | 16 | # ---------------------------------------------------------------------- 17 | # Global Variables 18 | # These variables set the defaults for all JOBs, however each JOB 19 | # may define its own, overriding the defaults. 20 | 21 | # update_every sets the default data collection frequency. 22 | # If unset, the python.d.plugin default is used. 23 | # postfix is slow, so once every 10 seconds 24 | update_every: 10 25 | 26 | # priority controls the order of charts at the netdata dashboard. 27 | # Lower numbers move the charts towards the top of the page. 28 | # If unset, the default for python.d.plugin is used. 29 | # priority: 60000 30 | 31 | # penalty indicates whether to apply penalty to update_every in case of failures. 32 | # Penalty will increase every 5 failed updates in a row. Maximum penalty is 10 minutes. 33 | # penalty: yes 34 | 35 | # autodetection_retry sets the job re-check interval in seconds. 36 | # The job is not deleted if check fails. 37 | # Attempts to start the job are made once every autodetection_retry. 38 | # This feature is disabled by default. 39 | # autodetection_retry: 0 40 | 41 | # ---------------------------------------------------------------------- 42 | # JOBS (data collection sources) 43 | # 44 | # The default JOBS share the same *name*. JOBS with the same name 45 | # are mutually exclusive. Only one of them will be allowed running at 46 | # any time. This allows autodetection to try several alternatives and 47 | # pick the one that works. 48 | # 49 | # Any number of jobs is supported. 50 | # 51 | # All python.d.plugin JOBS (for all its modules) support a set of 52 | # predefined parameters. These are: 53 | # 54 | # job_name: 55 | # name: myname # the JOB's name as it will appear at the 56 | # # dashboard (by default is the job_name) 57 | # # JOBs sharing a name are mutually exclusive 58 | # update_every: 1 # the JOB's data collection frequency 59 | # priority: 60000 # the JOB's order on the dashboard 60 | # penalty: yes # the JOB's penalty 61 | # autodetection_retry: 0 # the JOB's re-check interval in seconds 62 | # 63 | # Additionally to the above, postfix also supports the following: 64 | # 65 | # command: 'postqueue -p' # the command to run 66 | # 67 | 68 | # ---------------------------------------------------------------------- 69 | # AUTO-DETECTION JOBS 70 | 71 | local: 72 | command: 'postqueue -p' 73 | -------------------------------------------------------------------------------- /config/netdata/python.d/redis.conf: -------------------------------------------------------------------------------- 1 | # netdata python.d.plugin configuration for redis 2 | # 3 | # This file is in YaML format. Generally the format is: 4 | # 5 | # name: value 6 | # 7 | # There are 2 sections: 8 | # - global variables 9 | # - one or more JOBS 10 | # 11 | # JOBS allow you to collect values from multiple sources. 12 | # Each source will have its own set of charts. 13 | # 14 | # JOB parameters have to be indented (using spaces only, example below). 15 | 16 | # ---------------------------------------------------------------------- 17 | # Global Variables 18 | # These variables set the defaults for all JOBs, however each JOB 19 | # may define its own, overriding the defaults. 20 | 21 | # update_every sets the default data collection frequency. 22 | # If unset, the python.d.plugin default is used. 23 | # update_every: 1 24 | 25 | # priority controls the order of charts at the netdata dashboard. 26 | # Lower numbers move the charts towards the top of the page. 27 | # If unset, the default for python.d.plugin is used. 28 | # priority: 60000 29 | 30 | # penalty indicates whether to apply penalty to update_every in case of failures. 31 | # Penalty will increase every 5 failed updates in a row. Maximum penalty is 10 minutes. 32 | # penalty: yes 33 | 34 | # autodetection_retry sets the job re-check interval in seconds. 35 | # The job is not deleted if check fails. 36 | # Attempts to start the job are made once every autodetection_retry. 37 | # This feature is disabled by default. 38 | # autodetection_retry: 0 39 | 40 | # ---------------------------------------------------------------------- 41 | # JOBS (data collection sources) 42 | # 43 | # The default JOBS share the same *name*. JOBS with the same name 44 | # are mutually exclusive. Only one of them will be allowed running at 45 | # any time. This allows autodetection to try several alternatives and 46 | # pick the one that works. 47 | # 48 | # Any number of jobs is supported. 49 | # 50 | # All python.d.plugin JOBS (for all its modules) support a set of 51 | # predefined parameters. These are: 52 | # 53 | # job_name: 54 | # name: myname # the JOB's name as it will appear at the 55 | # # dashboard (by default is the job_name) 56 | # # JOBs sharing a name are mutually exclusive 57 | # update_every: 1 # the JOB's data collection frequency 58 | # priority: 60000 # the JOB's order on the dashboard 59 | # penalty: yes # the JOB's penalty 60 | # autodetection_retry: 0 # the JOB's re-check interval in seconds 61 | # 62 | # Additionally to the above, redis also supports the following: 63 | # 64 | # socket: 'path/to/redis.sock' 65 | # 66 | # or 67 | # host: 'IP or HOSTNAME' # the host to connect to 68 | # port: PORT # the port to connect to 69 | # 70 | # and 71 | # pass: 'password' # the redis password to use for AUTH command 72 | # 73 | 74 | # ---------------------------------------------------------------------- 75 | # AUTO-DETECTION JOBS 76 | # only one of them will run (they have the same name) 77 | 78 | socket1: 79 | name : 'local' 80 | socket : '/tmp/redis.sock' 81 | # pass : '' 82 | 83 | socket2: 84 | name : 'local' 85 | socket : '/var/run/redis/redis.sock' 86 | # pass : '' 87 | 88 | socket3: 89 | name : 'local' 90 | socket : '/var/lib/redis/redis.sock' 91 | # pass : '' 92 | 93 | localhost: 94 | name : 'local' 95 | host : 'localhost' 96 | port : 6379 97 | # pass : '' 98 | 99 | localipv4: 100 | name : 'local' 101 | host : '127.0.0.1' 102 | port : 6379 103 | # pass : '' 104 | 105 | localipv6: 106 | name : 'local' 107 | host : '::1' 108 | port : 6379 109 | # pass : '' 110 | 111 | -------------------------------------------------------------------------------- /config/netdata/python.d/tomcat.conf: -------------------------------------------------------------------------------- 1 | # netdata python.d.plugin configuration for tomcat 2 | # 3 | # This file is in YaML format. Generally the format is: 4 | # 5 | # name: value 6 | # 7 | # There are 2 sections: 8 | # - global variables 9 | # - one or more JOBS 10 | # 11 | # JOBS allow you to collect values from multiple sources. 12 | # Each source will have its own set of charts. 13 | # 14 | # JOB parameters have to be indented (using spaces only, example below). 15 | 16 | # ---------------------------------------------------------------------- 17 | # Global Variables 18 | # These variables set the defaults for all JOBs, however each JOB 19 | # may define its own, overriding the defaults. 20 | 21 | # update_every sets the default data collection frequency. 22 | # If unset, the python.d.plugin default is used. 23 | # update_every: 1 24 | 25 | # priority controls the order of charts at the netdata dashboard. 26 | # Lower numbers move the charts towards the top of the page. 27 | # If unset, the default for python.d.plugin is used. 28 | # priority: 60000 29 | 30 | # penalty indicates whether to apply penalty to update_every in case of failures. 31 | # Penalty will increase every 5 failed updates in a row. Maximum penalty is 10 minutes. 32 | # penalty: yes 33 | 34 | # autodetection_retry sets the job re-check interval in seconds. 35 | # The job is not deleted if check fails. 36 | # Attempts to start the job are made once every autodetection_retry. 37 | # This feature is disabled by default. 38 | # autodetection_retry: 0 39 | 40 | # ---------------------------------------------------------------------- 41 | # JOBS (data collection sources) 42 | # 43 | # The default JOBS share the same *name*. JOBS with the same name 44 | # are mutually exclusive. Only one of them will be allowed running at 45 | # any time. This allows autodetection to try several alternatives and 46 | # pick the one that works. 47 | # 48 | # Any number of jobs is supported. 49 | # 50 | # All python.d.plugin JOBS (for all its modules) support a set of 51 | # predefined parameters. These are: 52 | # 53 | # job_name: 54 | # name: myname # the JOB's name as it will appear at the 55 | # # dashboard (by default is the job_name) 56 | # # JOBs sharing a name are mutually exclusive 57 | # update_every: 1 # the JOB's data collection frequency 58 | # priority: 60000 # the JOB's order on the dashboard 59 | # penalty: yes # the JOB's penalty 60 | # autodetection_retry: 0 # the JOB's re-check interval in seconds 61 | # 62 | # Additionally to the above, tomcat also supports the following: 63 | # 64 | # url: 'URL' # the URL to fetch nginx's status stats 65 | # 66 | # if the URL is password protected, the following are supported: 67 | # 68 | # user: 'username' 69 | # pass: 'password' 70 | # 71 | # if you have multiple connectors, the following are supported: 72 | # 73 | # connector_name: 'ajp-bio-8009' # default is null, which use first connector in status XML 74 | # 75 | # ---------------------------------------------------------------------- 76 | # AUTO-DETECTION JOBS 77 | # only one of them will run (they have the same name) 78 | 79 | localhost: 80 | name : 'local' 81 | url : 'http://localhost:8080/manager/status?XML=true' 82 | 83 | localipv4: 84 | name : 'local' 85 | url : 'http://127.0.0.1:8080/manager/status?XML=true' 86 | 87 | localipv6: 88 | name : 'local' 89 | url : 'http://[::1]:8080/manager/status?XML=true' 90 | -------------------------------------------------------------------------------- /config/netdata/python.d/varnish.conf: -------------------------------------------------------------------------------- 1 | # netdata python.d.plugin configuration for varnish 2 | # 3 | # This file is in YaML format. Generally the format is: 4 | # 5 | # name: value 6 | # 7 | # There are 2 sections: 8 | # - global variables 9 | # - one or more JOBS 10 | # 11 | # JOBS allow you to collect values from multiple sources. 12 | # Each source will have its own set of charts. 13 | # 14 | # JOB parameters have to be indented (using spaces only, example below). 15 | 16 | # ---------------------------------------------------------------------- 17 | # Global Variables 18 | # These variables set the defaults for all JOBs, however each JOB 19 | # may define its own, overriding the defaults. 20 | 21 | # update_every sets the default data collection frequency. 22 | # If unset, the python.d.plugin default is used. 23 | # update_every: 1 24 | 25 | # priority controls the order of charts at the netdata dashboard. 26 | # Lower numbers move the charts towards the top of the page. 27 | # If unset, the default for python.d.plugin is used. 28 | # priority: 60000 29 | 30 | # penalty indicates whether to apply penalty to update_every in case of failures. 31 | # Penalty will increase every 5 failed updates in a row. Maximum penalty is 10 minutes. 32 | # penalty: yes 33 | 34 | # autodetection_retry sets the job re-check interval in seconds. 35 | # The job is not deleted if check fails. 36 | # Attempts to start the job are made once every autodetection_retry. 37 | # This feature is disabled by default. 38 | # autodetection_retry: 0 39 | 40 | # ---------------------------------------------------------------------- 41 | # JOBS (data collection sources) 42 | # 43 | # The default JOBS share the same *name*. JOBS with the same name 44 | # are mutually exclusive. Only one of them will be allowed running at 45 | # any time. This allows autodetection to try several alternatives and 46 | # pick the one that works. 47 | # 48 | # Any number of jobs is supported. 49 | # 50 | # All python.d.plugin JOBS (for all its modules) support a set of 51 | # predefined parameters. These are: 52 | # 53 | # job_name: 54 | # name: myname # the JOB's name as it will appear at the 55 | # # dashboard (by default is the job_name) 56 | # # JOBs sharing a name are mutually exclusive 57 | # update_every: 1 # the JOB's data collection frequency 58 | # priority: 60000 # the JOB's order on the dashboard 59 | # penalty: yes # the JOB's penalty 60 | # autodetection_retry: 0 # the JOB's re-check interval in seconds 61 | # 62 | # Additionally to the above, varnish also supports the following: 63 | # 64 | # instance_name: 'name' # the name of the varnishd instance to get logs from. If not specified, the host name is used. 65 | # 66 | # ---------------------------------------------------------------------- 67 | -------------------------------------------------------------------------------- /config/networking/60-floating-ip.yaml: -------------------------------------------------------------------------------- 1 | network: 2 | version: 2 3 | ethernets: 4 | eth0: 5 | addresses: 6 | - your.float.ing.ip/32 -------------------------------------------------------------------------------- /config/networking/60-my-floating-ip.cfg: -------------------------------------------------------------------------------- 1 | auto eth0:1 2 | iface eth0:1 inet static 3 | address your.float.ing.ip 4 | netmask 32 -------------------------------------------------------------------------------- /config/nginx/conf.d/webp.conf: -------------------------------------------------------------------------------- 1 | ## Chrome/65 accept : image/webp,image/apng,image/*,*/*;q=0.8 2 | ## Firefox/58 accept: */* 3 | ## iPhone5s accept: */* 4 | map $http_accept $img_suffix { 5 | "~*webp" ".webp"; 6 | "~*jxr" ".jxr"; 7 | } 8 | ## https://github.com/cdowdy/Nginx-Content-Negotiation/blob/master/nginx.conf 9 | map $msie $cache_control { 10 | "1" "private"; 11 | } 12 | map $msie $vary_header { 13 | default "Accept"; 14 | "1" ""; 15 | } -------------------------------------------------------------------------------- /config/nginx/globals/brotli.conf: -------------------------------------------------------------------------------- 1 | brotli on; 2 | brotli_comp_level 6; 3 | brotli_static on; 4 | brotli_types text/plain text/css application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon image/vnd.microsoft.icon image/bmp image/svg+xml; -------------------------------------------------------------------------------- /config/nginx/globals/cache_aggressive.conf: -------------------------------------------------------------------------------- 1 | # BEGIN Browser Cache 2 | gzip on; 3 | gzip_types text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js image/bmp application/java application/msword application/vnd.ms-fontobject application/x-msdownload image/x-icon application/json application/vnd.ms-access video/webm application/vnd.ms-project application/x-font-otf application/vnd.ms-opentype application/vnd.oasis.opendocument.database application/vnd.oasis.opendocument.chart application/vnd.oasis.opendocument.formula application/vnd.oasis.opendocument.graphics application/vnd.oasis.opendocument.spreadsheet application/vnd.oasis.opendocument.text audio/ogg application/pdf application/vnd.ms-powerpoint image/svg+xml application/x-shockwave-flash image/tiff application/x-font-ttf audio/wav application/vnd.ms-write application/font-woff application/font-woff2 application/vnd.ms-excel; 4 | location ~ \.(css|htc|less|js|js2|js3|js4)$ { 5 | expires 31536000s; 6 | etag on; 7 | if_modified_since exact; 8 | add_header Pragma "public"; 9 | add_header Cache-Control "public"; 10 | add_header Referrer-Policy "no-referrer-when-downgrade"; 11 | try_files $uri $uri/ /index.php?$args; 12 | } 13 | location ~ \.(html|htm|rtf|rtx|txt|xsd|xsl|xml)$ { 14 | expires 86400s; 15 | etag on; 16 | if_modified_since exact; 17 | add_header Pragma "public"; 18 | add_header Cache-Control "public"; 19 | add_header Referrer-Policy "no-referrer-when-downgrade"; 20 | try_files $uri $uri/ /index.php?$args; 21 | } 22 | location ~ \.(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|webp|json|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|webm|mpp|_otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|_ttf|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip)$ { 23 | expires 31536000s; 24 | etag on; 25 | if_modified_since exact; 26 | add_header Pragma "public"; 27 | add_header Cache-Control "public"; 28 | add_header Referrer-Policy "no-referrer-when-downgrade"; 29 | try_files $uri $uri/ /index.php?$args; 30 | } 31 | add_header Referrer-Policy "no-referrer-when-downgrade"; 32 | # END Browser Cache -------------------------------------------------------------------------------- /config/nginx/globals/logs.conf: -------------------------------------------------------------------------------- 1 | log_format main '$remote_addr - $remote_user [$time_local] ' 2 | '"$request" $status $body_bytes_sent "$http_referer" ' 3 | '"$http_user_agent" "$http_x_forwarded_for"'; 4 | # access_log /var/log/nginx/access.log main; 5 | 6 | log_format netdata '$remote_addr - $remote_user [$time_local] ' 7 | '"$request" $status $body_bytes_sent ' 8 | '$request_length $request_time $upstream_response_time ' 9 | '"$http_referer" "$http_user_agent" "$http_x_forwarded_for"'; 10 | # access_log /var/log/nginx/access.log netdata; 11 | 12 | ## cache is just a copy of netdata 13 | log_format cache '$remote_addr - $remote_user [$time_local] ' 14 | '"$request" $status $body_bytes_sent ' 15 | '$request_length $request_time $upstream_response_time ' 16 | '"$http_referer" "$http_user_agent" "$http_x_forwarded_for" $upstream_cache_status'; 17 | # access_log /var/log/nginx/access.log cache; 18 | 19 | ## debug log to catch browser capabilities for webp/jxr 20 | log_format accept 21 | '$remote_addr [$time_local] ' 22 | '"$uri" $status "$http_user_agent" "$http_accept"'; 23 | # access_log /var/log/nginx/access.log accept; 24 | 25 | ## https://kx.cloudingenium.com/technologies/web/nginx/measure-nginx-cache-performance-using-upstream_cache_status-custom-cache-log/ 26 | # log_format cache '$remote_addr – $upstream_cache_status [$time_local] $status ' 27 | # '"$request" $body_bytes_sent "$http_referer"' 28 | # '"$http_user_agent" - "$cookie_nocache" – "$arg_nocache" – "$arg_comment" – "$http_pragma" – "$http_authorization" – "$skip_cache"'; 29 | # access_log /var/log/nginx/access.log cache; 30 | 31 | error_log /var/log/nginx/error.log info; ## [ debug | info | notice | warn | error | crit ] 32 | access_log /var/log/nginx/access.log netdata; -------------------------------------------------------------------------------- /config/nginx/globals/pagespeed.conf: -------------------------------------------------------------------------------- 1 | # enable pagespeed module on this server block 2 | pagespeed on; 3 | 4 | # Needs to exist and be writable by nginx. Use tmpfs for best performance. 5 | pagespeed FileCachePath /var/ngx_pagespeed_cache; 6 | 7 | # Ensure requests for pagespeed optimized resources go to the pagespeed handler 8 | # and no extraneous headers get set. 9 | location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" { 10 | add_header "" ""; 11 | } 12 | 13 | location ~ "^/pagespeed_static/" { } 14 | location ~ "^/ngx_pagespeed_beacon$" { } 15 | 16 | pagespeed RewriteLevel CoreFilters; 17 | 18 | pagespeed EnableFilters collapse_whitespace; 19 | pagespeed EnableFilters lazyload_images; 20 | pagespeed EnableFilters insert_dns_prefetch; 21 | pagespeed EnableFilters prioritize_critical_css; -------------------------------------------------------------------------------- /config/nginx/globals/php_fastcgi.conf: -------------------------------------------------------------------------------- 1 | # 404 2 | try_files $fastcgi_script_name =404; 3 | 4 | # default fastcgi_params 5 | include fastcgi_params; 6 | 7 | # fastcgi settings 8 | fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; 9 | fastcgi_index index.php; 10 | fastcgi_buffers 8 16k; 11 | fastcgi_buffer_size 32k; 12 | 13 | # fastcgi params 14 | fastcgi_param DOCUMENT_ROOT $realpath_root; 15 | fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; 16 | fastcgi_param PHP_ADMIN_VALUE "open_basedir=$base/:/usr/lib/php/:/tmp/"; -------------------------------------------------------------------------------- /config/nginx/globals/security.conf: -------------------------------------------------------------------------------- 1 | # Generic security enhancements. Use https://securityheaders.io to test 2 | # and recommend further improvements. 3 | 4 | # Hide Nginx version in error messages and reponse headers. 5 | server_tokens off; 6 | 7 | # Don't allow pages to be rendered in an iframe on external domains. 8 | add_header X-Frame-Options "SAMEORIGIN" always; 9 | 10 | # MIME sniffing prevention 11 | add_header X-Content-Type-Options "nosniff" always; 12 | 13 | # Enable cross-site scripting filter in supported browsers. 14 | add_header X-Xss-Protection "1; mode=block" always; 15 | 16 | # Whitelist sources which are allowed to load assets (JS, CSS, etc). The following will block 17 | # only none HTTPS assets, but check out https://scotthelme.co.uk/content-security-policy-an-introduction/ 18 | # for an in-depth guide on creating a more restrictive policy. 19 | # add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always; 20 | 21 | location /.git { deny all; } 22 | location /.htaccess { deny all; } 23 | location /.htpasswd { deny all; } 24 | location /.user.ini { deny all; } 25 | 26 | # . files 27 | location ~ /\.(?!well-known) { 28 | deny all; 29 | } -------------------------------------------------------------------------------- /config/nginx/globals/wordpress_mu_subdirectory.conf: -------------------------------------------------------------------------------- 1 | # WordPress multisite subdirectory rules. 2 | # Designed to be included in any server {} block. 3 | 4 | map $uri $blogname{ 5 | ~^(?P/[^/]+/)files/(.*) $blogpath ; 6 | } 7 | 8 | map $blogname $blogid{ 9 | default -999; 10 | 11 | #Ref: https://wordpress.org/extend/plugins/nginx-helper/ 12 | #include /var/www/wordpress/wp-content/plugins/nginx-helper/map.conf ; 13 | } 14 | 15 | server { 16 | 17 | server_name domain.com ; 18 | 19 | root /var/www/domain.com/htdocs; 20 | index index.php; 21 | 22 | location ~ ^(/[^/]+/)?files/(.+) { 23 | try_files /wp-content/blogs.dir/$blogid/files/$2 /wp-includes/ms-files.php?file=$2 ; 24 | access_log off; log_not_found off; expires max; 25 | } 26 | 27 | #avoid php readfile() 28 | location ^~ /blogs.dir { 29 | internal; 30 | alias /var/www/domain.com/htdocs/wp-content/blogs.dir ; 31 | access_log off; log_not_found off; expires max; 32 | } 33 | 34 | if (!-e $request_filename) { 35 | rewrite /wp-admin$ $scheme://$host$uri/ permanent; 36 | rewrite ^(/[^/]+)?(/wp-.*) $2 last; 37 | rewrite ^(/[^/]+)?(/.*\.php) $2 last; 38 | } 39 | 40 | location / { 41 | try_files $uri $uri/ /index.php?$args ; 42 | } 43 | 44 | location ~ \.php$ { 45 | try_files $uri =404; 46 | include fastcgi_params; 47 | fastcgi_pass php; 48 | } 49 | 50 | #add some rules for static content expiry-headers here 51 | } -------------------------------------------------------------------------------- /config/nginx/globals/wordpress_mu_subdomain.conf: -------------------------------------------------------------------------------- 1 | map $http_host $blogid { 2 | default -999; 3 | 4 | #Ref: https://wordpress.org/extend/plugins/nginx-helper/ 5 | #include /var/www/wordpress/wp-content/plugins/nginx-helper/map.conf ; 6 | 7 | } 8 | 9 | server { 10 | server_name domain.com *.domain.com ; 11 | 12 | root /var/www/domain.com/htdocs; 13 | index index.php; 14 | 15 | location / { 16 | try_files $uri $uri/ /index.php?$args ; 17 | } 18 | 19 | location ~ \.php$ { 20 | try_files $uri =404; 21 | include fastcgi_params; 22 | fastcgi_pass php; 23 | } 24 | 25 | #WPMU Files 26 | location ~ ^/files/(.*)$ { 27 | try_files /wp-content/blogs.dir/$blogid/$uri /wp-includes/ms-files.php?file="${1}" ; 28 | access_log off; log_not_found off; expires max; 29 | } 30 | 31 | #WPMU x-sendfile to avoid php readfile() 32 | location ^~ /blogs.dir { 33 | internal; 34 | alias /var/www/domain.com/htdocs/wp-content/blogs.dir; 35 | access_log off; log_not_found off; expires max; 36 | } 37 | 38 | #add some rules for static content expiry-headers here 39 | } -------------------------------------------------------------------------------- /config/nginx/globals/wordpress_rank_math.conf: -------------------------------------------------------------------------------- 1 | # START Nginx Rewrites for Rank Math Sitemaps 2 | rewrite ^/sitemap_index.xml$ /index.php?sitemap=1 last; 3 | rewrite ^/([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?sitemap="${1}"&sitemap_n=$2 last; 4 | # END Nginx Rewrites for Rank Math Sitemaps -------------------------------------------------------------------------------- /config/nginx/globals/wordpress_sec.conf: -------------------------------------------------------------------------------- 1 | # Wordpress security enhancements. Use https://securityheaders.io to test 2 | 3 | # Disable xmlrpc 4 | location = /xmlrpc.php { 5 | deny all; 6 | access_log off; 7 | log_not_found off; 8 | } 9 | 10 | # Disable php on wp-content/uploads 11 | location ~ ^/wp\-content/uploads/.*\.(?:php[1-7]?|pht|phtml?|phps)$ { 12 | deny all; 13 | access_log off; 14 | log_not_found off; 15 | } 16 | 17 | # Disable PHP in Plugins 18 | location ~ ^/wp\-content/plugins/.*\.(?:php[1-7]?|pht|phtml?|phps)$ { deny all; } 19 | 20 | # Disable PHP in Themes 21 | location ~ ^/wp\-content/themes/.*\.(?:php[1-7]?|pht|phtml?|phps)$ { deny all; } 22 | 23 | # Throttle wp-admin requests 24 | location /wp-admin/ { 25 | limit_req zone=one burst=3 nodelay; 26 | limit_req_status 444; 27 | include fastcgi_params; 28 | fastcgi_pass unix:/run/php/phpPHP_V-fpm.sock; 29 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 30 | fastcgi_index index.php; 31 | try_files $uri $uri/ /wp-admin/index.php?q=$uri&$args; 32 | } 33 | 34 | # Throttle wp-login.php 35 | location = /wp-login.php { 36 | limit_req zone=login burst=2 nodelay; 37 | #include /etc/nginx/globals/php_fastcgi.conf; 38 | include snippets/fastcgi-php.conf; 39 | } 40 | 41 | # Reduce spam on comments 42 | location = /wp-comments-post.php { 43 | limit_except POST { deny all; } 44 | if ($http_user_agent ~ "^$") { return 403; } 45 | valid_referers server_names jetpack.wordpress.com/jetpack-comment/; 46 | if ($invalid_referer) { return 403; } 47 | } 48 | 49 | # Restrict direct access to cached content 50 | location /wp-content/cache/ { deny all; } 51 | 52 | # Protect system files 53 | location = /wp-admin/install.php { deny all; } 54 | location = /nginx.conf { deny all; } 55 | 56 | # Hide any hidden files 57 | location ~ /\. { deny all; } 58 | 59 | # Hide any backup or SQL dump files 60 | location ~ ^.+\.(sql|bak|php~|php#|php.save|php.swp|php.swo)$ { 61 | return 404; 62 | } 63 | 64 | location ~ /readme\.html$ { deny all; } 65 | location ~ /readme\.txt$ { deny all; } 66 | location ~ /wp-config.php$ { deny all; } 67 | location ~ ^/wp-admin/includes/ { deny all; } 68 | location ~ ^/wp-includes/[^/]+\.php$ { deny all; } 69 | location ~ ^/wp-includes/js/tinymce/langs/.+\.php$ { deny all; } 70 | location ~ ^/wp-includes/theme-compat/ { deny all; } 71 | location ~ ^.*/\.git/.*$ { deny all; } 72 | location ~ ^.*/\.svn/.*$ { deny all; } 73 | location ~* /wp-content/.*.php$ { 74 | deny all; 75 | access_log off; 76 | log_not_found off; 77 | } -------------------------------------------------------------------------------- /config/nginx/sites-available/cockpit_single: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80; 4 | 5 | server_name domain.com; 6 | 7 | location / { 8 | # Required to proxy the connection to Cockpit 9 | proxy_pass https://127.0.0.1:PROXY_PORT; 10 | proxy_set_header Host $host; 11 | proxy_set_header X-Forwarded-Proto $scheme; 12 | 13 | # Required for web sockets to function 14 | proxy_http_version 1.1; 15 | proxy_buffering off; 16 | proxy_set_header Upgrade $http_upgrade; 17 | proxy_set_header Connection "upgrade"; 18 | 19 | # Pass ETag header from Cockpit to clients. 20 | # See: https://github.com/cockpit-project/cockpit/issues/5239 21 | gzip off; 22 | } 23 | 24 | } -------------------------------------------------------------------------------- /config/nginx/sites-available/default: -------------------------------------------------------------------------------- 1 | # Catch-all server block, resulting in a 444 response for unknown domains. 2 | 3 | server { 4 | listen 80 default_server; 5 | listen [::]:80 default_server; 6 | server_name _; 7 | 8 | return 444; 9 | } -------------------------------------------------------------------------------- /config/nginx/sites-available/html_single: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80; 4 | 5 | server_name domain.com; 6 | 7 | root /var/www/domain.com; 8 | 9 | index index.html; 10 | 11 | # Log 12 | error_log /var/log/nginx/domain.com-error.log; 13 | 14 | ### INC 15 | #include /var/www/domain.com/nginx.conf; 16 | 17 | ### PERF 18 | #gzip_static on; 19 | 20 | ### SEC 21 | #include /etc/nginx/globals/security.conf; 22 | 23 | server_tokens off; 24 | 25 | #### SECURITY HEADERS 26 | add_header X-Frame-Options SAMEORIGIN; 27 | add_header Strict-Transport-Security "max-age=31536000"; 28 | add_header X-Content-Type-Options nosniff; 29 | add_header X-XSS-Protection "1; mode=block"; 30 | add_header Referrer-Policy "same-origin"; 31 | add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"; 32 | #add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' static.cloudflareinsights.com ajax.cloudflare.com; connect-src 'self' cloudflareinsights.com; img-src 'self'; style-src 'self';"; 33 | 34 | } -------------------------------------------------------------------------------- /config/nginx/sites-available/laravel_single: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | charset utf-8; 4 | 5 | listen 80; 6 | 7 | server_name domain.com; 8 | 9 | root /var/www/domain.com/public; 10 | 11 | index index.html index.htm index.php; 12 | 13 | error_log /var/log/nginx/domain.com-error.log; 14 | 15 | error_page 404 /index.php; 16 | 17 | location / { 18 | try_files $uri $uri/ /index.php?q=$uri&$args; 19 | } 20 | 21 | location ~ \.php$ { 22 | include snippets/fastcgi-php.conf; 23 | fastcgi_pass unix:/run/php/phpPHP_V-fpm.sock; 24 | fastcgi_buffering off; 25 | } 26 | 27 | ### INC 28 | #include /var/www/domain.com/nginx.conf; 29 | 30 | ### PERF 31 | gzip_static on; 32 | 33 | ### SEC 34 | #include /etc/nginx/globals/security.conf; 35 | 36 | server_tokens off; 37 | 38 | #### SECURITY HEADERS 39 | add_header X-Frame-Options SAMEORIGIN; 40 | add_header Strict-Transport-Security "max-age=31536000"; 41 | add_header X-Content-Type-Options nosniff; 42 | add_header X-XSS-Protection "1; mode=block"; 43 | add_header Referrer-Policy "same-origin"; 44 | add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"; 45 | #add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' static.cloudflareinsights.com ajax.cloudflare.com; connect-src 'self' cloudflareinsights.com; img-src 'self'; style-src 'self';"; 46 | 47 | } -------------------------------------------------------------------------------- /config/nginx/sites-available/netdata_single: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80; 4 | 5 | server_name domain.com; 6 | 7 | auth_basic "Protected"; 8 | auth_basic_user_file /etc/nginx/.passwords; 9 | 10 | access_log off; 11 | #error_log /var/log/nginx/domain.com.error.log error; 12 | 13 | location / { 14 | proxy_set_header X-Real-IP $remote_addr; 15 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 16 | proxy_set_header Host $host; 17 | proxy_set_header X-NginX-Proxy true; 18 | proxy_pass http://127.0.0.1:19999/; 19 | proxy_redirect http://127.0.0.1:19999/ https://$server_name/; 20 | } 21 | 22 | } 23 | server { 24 | 25 | listen 80; 26 | 27 | server_name localhost 127.0.0.1; 28 | 29 | access_log off; 30 | #error_log /var/log/nginx/php.error.log error; 31 | 32 | location /stub_status { 33 | stub_status on; 34 | #access_log off; 35 | #allow 127.0.0.1; 36 | #allow 138.201.174.125; 37 | #deny all; 38 | } 39 | location ~ ^/(status|ping)$ { 40 | #access_log off; 41 | #allow 127.0.0.1; 42 | #deny all; 43 | include /etc/nginx/fastcgi_params; 44 | fastcgi_pass unix:/run/php/phpPHP_V-fpm.sock; 45 | fastcgi_index index.php; 46 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 47 | } 48 | 49 | } 50 | -------------------------------------------------------------------------------- /config/nginx/sites-available/nodejs_single: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | server_name domain.com; 4 | 5 | proxy_redirect off; 6 | proxy_set_header X-Real-IP $remote_addr; 7 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 8 | proxy_set_header Host $http_host; 9 | 10 | location / { 11 | proxy_pass http://localhost:NODE_PORT; 12 | } 13 | 14 | listen 80; 15 | 16 | } -------------------------------------------------------------------------------- /config/nginx/sites-available/php_root_domain: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | charset utf-8; 4 | 5 | listen 80; 6 | 7 | server_name domain.com; 8 | 9 | root /var/www/root_domain.com; 10 | 11 | index index.php; 12 | 13 | error_log /var/log/nginx/root_domain.com-error.log; 14 | 15 | location / { 16 | try_files $uri $uri/ /index.php?q=$uri&$args; 17 | } 18 | 19 | location ~ \.php$ { 20 | include snippets/fastcgi-php.conf; 21 | fastcgi_pass unix:/run/php/phpPHP_V-fpm.sock; 22 | fastcgi_buffering off; 23 | } 24 | 25 | ### INC 26 | #include /var/www/root_domain.com/nginx.conf; 27 | 28 | ### PERF 29 | gzip_static on; 30 | 31 | ### SEC 32 | #include /etc/nginx/globals/security.conf; 33 | 34 | server_tokens off; 35 | 36 | #### SECURITY HEADERS 37 | add_header X-Frame-Options SAMEORIGIN; 38 | add_header Strict-Transport-Security "max-age=31536000"; 39 | add_header X-Content-Type-Options nosniff; 40 | add_header X-XSS-Protection "1; mode=block"; 41 | add_header Referrer-Policy "same-origin"; 42 | add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"; 43 | #add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' static.cloudflareinsights.com ajax.cloudflare.com; connect-src 'self' cloudflareinsights.com; img-src 'self'; style-src 'self';"; 44 | 45 | } 46 | 47 | server { 48 | 49 | listen 80; 50 | 51 | server_name root_domain.com; 52 | 53 | return 301 http://domain.com$request_uri; 54 | 55 | } -------------------------------------------------------------------------------- /config/nginx/sites-available/php_single: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80; 4 | 5 | server_name domain.com; 6 | 7 | root /var/www/domain.com; 8 | 9 | index index.php; 10 | 11 | # Log 12 | error_log /var/log/nginx/domain.com-error.log; 13 | 14 | # Handle .php 15 | location / { 16 | try_files $uri $uri/ /index.php?q=$uri&$args; 17 | } 18 | 19 | location ~ \.php$ { 20 | include snippets/fastcgi-php.conf; 21 | fastcgi_pass unix:/run/php/phpPHP_V-fpm.sock; 22 | } 23 | 24 | ### INC 25 | #include /var/www/domain.com/nginx.conf; 26 | 27 | ### PERF 28 | #gzip_static on; 29 | 30 | ### SEC 31 | #include /etc/nginx/globals/security.conf; 32 | 33 | server_tokens off; 34 | 35 | #### SECURITY HEADERS 36 | add_header X-Frame-Options SAMEORIGIN; 37 | add_header Strict-Transport-Security "max-age=31536000"; 38 | add_header X-Content-Type-Options nosniff; 39 | add_header X-XSS-Protection "1; mode=block"; 40 | add_header Referrer-Policy "same-origin"; 41 | add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"; 42 | #add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' static.cloudflareinsights.com ajax.cloudflare.com; connect-src 'self' cloudflareinsights.com; img-src 'self'; style-src 'self';"; 43 | 44 | } -------------------------------------------------------------------------------- /config/nginx/sites-available/phpmyadmin_single: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | charset utf-8; 4 | listen 80; 5 | 6 | root /var/www/domain.com; 7 | index index.php index.html index.htm; 8 | 9 | server_name domain.com; 10 | 11 | location / { 12 | try_files $uri $uri/ /index.php?q=$uri&$args; 13 | } 14 | 15 | location ~ \.php$ { 16 | include snippets/fastcgi-php.conf; 17 | fastcgi_pass unix:/run/php/phpPHP_V-fpm.sock; 18 | } 19 | 20 | } 21 | -------------------------------------------------------------------------------- /config/nginx/sites-available/portainer_single: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80; 4 | 5 | server_name domain.com; 6 | 7 | access_log off; 8 | #error_log /var/log/nginx/portainer.error.log error; 9 | 10 | keepalive_timeout 70; 11 | client_max_body_size 50m; 12 | 13 | location / { 14 | proxy_pass http://127.0.0.1:PROXY_PORT; 15 | proxy_http_version 1.1; 16 | proxy_set_header Upgrade $http_upgrade; 17 | proxy_set_header Connection "Upgrade"; 18 | proxy_set_header Host $host; 19 | } 20 | location /api/websocket/ { 21 | proxy_pass http://127.0.0.1:PROXY_PORT/api/websocket/; 22 | proxy_http_version 1.1; 23 | proxy_set_header Upgrade $http_upgrade; 24 | proxy_set_header Connection "Upgrade"; 25 | proxy_set_header Host $host; 26 | } 27 | 28 | } -------------------------------------------------------------------------------- /config/nginx/sites-available/proxy_root_domain: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80; 4 | 5 | server_name domain.com; 6 | 7 | # Log 8 | access_log off; 9 | error_log /var/log/nginx/domain.com.error.log; 10 | 11 | keepalive_timeout 70; 12 | client_max_body_size 50m; 13 | 14 | location / { 15 | 16 | proxy_pass http://127.0.0.1:PROXY_PORT; 17 | 18 | proxy_http_version 1.1; 19 | proxy_redirect off; 20 | 21 | #### PROXY HEADERS 22 | proxy_set_header Host $host; # required for docker client's sake 23 | proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP 24 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 25 | proxy_set_header X-Forwarded-Host $server_name; 26 | proxy_set_header X-Forwarded-Proto https; 27 | proxy_set_header Upgrade $http_upgrade; 28 | proxy_set_header Connection ""; 29 | #proxy_set_header Connection "upgrade"; 30 | 31 | #proxy_pass_header Access-Control-Allow-Origin; 32 | #proxy_pass_header Access-Control-Allow-Methods; 33 | #proxy_pass_header Access-Control-Allow-Headers; 34 | 35 | #### SECURITY HEADERS 36 | add_header X-Frame-Options SAMEORIGIN; 37 | add_header Strict-Transport-Security "max-age=31536000"; 38 | add_header X-Content-Type-Options nosniff; 39 | add_header X-XSS-Protection "1; mode=block"; 40 | add_header Referrer-Policy "same-origin"; 41 | add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"; 42 | #add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' static.cloudflareinsights.com ajax.cloudflare.com; connect-src 'self' cloudflareinsights.com; img-src 'self'; style-src 'self';"; 43 | 44 | proxy_read_timeout 86400; 45 | 46 | } 47 | 48 | } 49 | server { 50 | 51 | listen 80; 52 | 53 | server_name root_domain.com; 54 | 55 | return 301 http://domain.com$request_uri; 56 | 57 | } -------------------------------------------------------------------------------- /config/nginx/sites-available/proxy_single: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80; 4 | 5 | server_name domain.com; 6 | 7 | # Log 8 | access_log off; 9 | error_log /var/log/nginx/domain.com.error.log; 10 | 11 | keepalive_timeout 70; 12 | client_max_body_size 50m; 13 | 14 | location / { 15 | 16 | proxy_pass http://127.0.0.1:PROXY_PORT; 17 | 18 | proxy_http_version 1.1; 19 | proxy_redirect off; 20 | 21 | #### PROXY HEADERS 22 | proxy_set_header Host $host; # required for docker client's sake 23 | proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP 24 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 25 | proxy_set_header X-Forwarded-Host $server_name; 26 | proxy_set_header X-Forwarded-Proto https; 27 | proxy_set_header Upgrade $http_upgrade; 28 | proxy_set_header Connection ""; 29 | #proxy_set_header Connection "upgrade"; 30 | 31 | #proxy_pass_header Access-Control-Allow-Origin; 32 | #proxy_pass_header Access-Control-Allow-Methods; 33 | #proxy_pass_header Access-Control-Allow-Headers; 34 | 35 | #### SECURITY HEADERS 36 | add_header X-Frame-Options SAMEORIGIN; 37 | add_header Strict-Transport-Security "max-age=31536000"; 38 | add_header X-Content-Type-Options nosniff; 39 | add_header X-XSS-Protection "1; mode=block"; 40 | add_header Referrer-Policy "same-origin"; 41 | add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"; 42 | #add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' static.cloudflareinsights.com ajax.cloudflare.com; connect-src 'self' cloudflareinsights.com; img-src 'self'; style-src 'self';"; 43 | 44 | proxy_read_timeout 86400; 45 | 46 | } 47 | 48 | } -------------------------------------------------------------------------------- /config/nginx/sites-available/wordpress_multi_domain: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | charset utf-8; 4 | listen 80; 5 | 6 | server_name www.domain.com; 7 | 8 | root /var/www/domain.com; 9 | index index.php; 10 | 11 | ### BROLIT_LOG_FILE 12 | error_log /var/log/nginx/domain.com-error.log; 13 | 14 | location / { 15 | try_files $uri $uri/ /index.php?q=$uri&$args; 16 | } 17 | 18 | location ~ \.php$ { 19 | include snippets/fastcgi-php.conf; 20 | fastcgi_pass unix:/run/php/phpPHP_V-fpm.sock; 21 | fastcgi_buffering off; 22 | } 23 | 24 | ## INC 25 | #include /var/www/domain.com/nginx.conf; 26 | 27 | ### PERF 28 | gzip_static on; 29 | 30 | ### WP-SEC 31 | #include /etc/nginx/globals/wordpress_sec.conf; 32 | 33 | server_tokens off; 34 | 35 | #### SECURITY HEADERS 36 | add_header X-Frame-Options SAMEORIGIN; 37 | add_header Strict-Transport-Security "max-age=31536000"; 38 | add_header X-Content-Type-Options nosniff; 39 | add_header X-XSS-Protection "1; mode=block"; 40 | add_header Referrer-Policy "same-origin"; 41 | add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"; 42 | #add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' static.cloudflareinsights.com ajax.cloudflare.com; connect-src 'self' cloudflareinsights.com; img-src 'self'; style-src 'self';"; 43 | 44 | } 45 | 46 | server { 47 | 48 | listen 80; 49 | 50 | server_name domain.com; 51 | 52 | return 301 http://www.domain.com$request_uri; 53 | 54 | } -------------------------------------------------------------------------------- /config/nginx/sites-available/wordpress_root_domain: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | charset utf-8; 4 | listen 80; 5 | 6 | server_name domain.com; 7 | 8 | root /var/www/root_domain.com; 9 | index index.php; 10 | 11 | error_log /var/log/nginx/root_domain.com-error.log; 12 | 13 | location / { 14 | try_files $uri $uri/ /index.php?q=$uri&$args; 15 | } 16 | 17 | location ~ \.php$ { 18 | include snippets/fastcgi-php.conf; 19 | fastcgi_pass unix:/run/php/phpPHP_V-fpm.sock; 20 | fastcgi_buffering off; 21 | } 22 | 23 | ### INC 24 | #include /var/www/root_domain.com/nginx.conf; 25 | 26 | ### PERF 27 | gzip_static on; 28 | 29 | ### WP-SEC 30 | #include /etc/nginx/globals/wordpress_sec.conf; 31 | 32 | server_tokens off; 33 | 34 | #### SECURITY HEADERS 35 | add_header X-Frame-Options SAMEORIGIN; 36 | add_header Strict-Transport-Security "max-age=31536000"; 37 | add_header X-Content-Type-Options nosniff; 38 | add_header X-XSS-Protection "1; mode=block"; 39 | add_header Referrer-Policy "same-origin"; 40 | add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"; 41 | #add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' static.cloudflareinsights.com ajax.cloudflare.com; connect-src 'self' cloudflareinsights.com; img-src 'self'; style-src 'self';"; 42 | 43 | } 44 | 45 | server { 46 | 47 | listen 80; 48 | 49 | server_name root_domain.com; 50 | 51 | return 301 http://domain.com$request_uri; 52 | 53 | } -------------------------------------------------------------------------------- /config/nginx/sites-available/wordpress_single: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80; 4 | root /var/www/domain.com; 5 | 6 | index index.php; 7 | server_name domain.com; 8 | 9 | # BROLIT_LOG_FILE 10 | error_log /var/log/nginx/domain.com-error.log; 11 | 12 | 13 | location / { 14 | try_files $uri $uri/ /index.php?q=$uri&$args; 15 | } 16 | 17 | # PHP-FPM 18 | location ~ \.php$ { 19 | include snippets/fastcgi-php.conf; 20 | fastcgi_pass unix:/run/php/phpPHP_V-fpm.sock; 21 | fastcgi_buffering off; 22 | } 23 | 24 | # CORS headers 25 | location ~* \.(eot|otf|ttf|woff|woff2)$ { 26 | add_header Access-Control-Allow-Origin *; 27 | } 28 | 29 | ### INC 30 | #include /var/www/domain.com/nginx.conf; 31 | 32 | ### PERF 33 | gzip_static on; 34 | 35 | ### WP-SEC 36 | #include /etc/nginx/globals/wordpress_sec.conf; 37 | 38 | server_tokens off; 39 | 40 | #### SECURITY HEADERS 41 | add_header X-Frame-Options SAMEORIGIN; 42 | add_header Strict-Transport-Security "max-age=31536000"; 43 | add_header X-Content-Type-Options nosniff; 44 | add_header X-XSS-Protection "1; mode=block"; 45 | add_header Referrer-Policy "same-origin"; 46 | add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"; 47 | #add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' static.cloudflareinsights.com ajax.cloudflare.com; connect-src 'self' cloudflareinsights.com; img-src 'self'; style-src 'self';"; 48 | 49 | } -------------------------------------------------------------------------------- /config/nginx/sites-available/zabbix_single: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80; 4 | 5 | server_name domain.com; 6 | 7 | root /usr/share/zabbix; 8 | 9 | index index.php; 10 | 11 | location = /favicon.ico { 12 | log_not_found off; 13 | } 14 | 15 | location / { 16 | try_files $uri $uri/ =404; 17 | } 18 | 19 | location /assets { 20 | access_log off; 21 | expires 10d; 22 | } 23 | 24 | location ~ /\.ht { 25 | deny all; 26 | } 27 | 28 | location ~ /(api\/|conf[^\.]|include|locale) { 29 | deny all; 30 | return 404; 31 | } 32 | 33 | location /vendor { 34 | deny all; 35 | return 404; 36 | } 37 | 38 | location ~ [^/]\.php(/|$) { 39 | fastcgi_pass unix:/var/run/php/zabbix.sock; 40 | fastcgi_split_path_info ^(.+\.php)(/.+)$; 41 | fastcgi_index index.php; 42 | 43 | fastcgi_param DOCUMENT_ROOT /usr/share/zabbix; 44 | fastcgi_param SCRIPT_FILENAME /usr/share/zabbix$fastcgi_script_name; 45 | fastcgi_param PATH_TRANSLATED /usr/share/zabbix$fastcgi_script_name; 46 | 47 | include fastcgi_params; 48 | fastcgi_param QUERY_STRING $query_string; 49 | fastcgi_param REQUEST_METHOD $request_method; 50 | fastcgi_param CONTENT_TYPE $content_type; 51 | fastcgi_param CONTENT_LENGTH $content_length; 52 | 53 | fastcgi_intercept_errors on; 54 | fastcgi_ignore_client_abort off; 55 | fastcgi_connect_timeout 60; 56 | fastcgi_send_timeout 180; 57 | fastcgi_read_timeout 180; 58 | fastcgi_buffer_size 128k; 59 | fastcgi_buffers 4 256k; 60 | fastcgi_busy_buffers_size 256k; 61 | fastcgi_temp_file_write_size 256k; 62 | } 63 | 64 | } 65 | -------------------------------------------------------------------------------- /config/promtail/config-promtail.yml: -------------------------------------------------------------------------------- 1 | server: 2 | http_listen_port: PROMTAIL_PORT 3 | grpc_listen_port: 0 4 | 5 | positions: 6 | filename: /tmp/positions.yml 7 | 8 | clients: 9 | - url: LOKI_HOST_URL:LOKI_PORT_URL/loki/api/v1/push 10 | 11 | scrape_configs: 12 | # system logs 13 | - job_name: system 14 | # system logs 15 | static_configs: 16 | - targets: 17 | - localhost 18 | labels: 19 | job: varlogs 20 | __path__: /var/log/*log 21 | host: ${HOSTNAME} 22 | - job_name: nginx_host 23 | # nginx logs 24 | static_configs: 25 | - targets: 26 | - localhost 27 | labels: 28 | job: nginx_host 29 | __path__: /var/log/nginx/*.log 30 | host: ${HOSTNAME} 31 | - job_name: mysql_host 32 | # mysql logs 33 | static_configs: 34 | - targets: 35 | - localhost 36 | labels: 37 | job: mysql_host 38 | __path__: /var/log/mysql/*log 39 | host: ${HOSTNAME} 40 | - job_name: docker 41 | # docker logs 42 | pipeline_stages: 43 | - docker: {} 44 | static_configs: 45 | - labels: 46 | job: docker 47 | __path__: /var/lib/docker/containers/*/*-json.log 48 | host: ${HOSTNAME} -------------------------------------------------------------------------------- /config/promtail/promtail.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Promtail service 3 | After=network.target 4 | 5 | [Service] 6 | Type=simple 7 | User=promtail 8 | ExecStart=/opt/promtail/promtail-linux-amd64 -config.file /opt/promtail/config-promtail.yml 9 | 10 | [Install] 11 | WantedBy=multi-user.target -------------------------------------------------------------------------------- /config/redis/redis.conf: -------------------------------------------------------------------------------- 1 | maxmemory 256mb 2 | maxmemory-policy allkeys-lru 3 | requirepass "TO_CHANGE" 4 | -------------------------------------------------------------------------------- /config/sftp/sshd_config: -------------------------------------------------------------------------------- 1 | # $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ 2 | 3 | # This is the sshd server system-wide configuration file. See 4 | # sshd_config(5) for more information. 5 | 6 | # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin 7 | 8 | # The strategy used for options in the default sshd_config shipped with 9 | # OpenSSH is to specify options with their default value where 10 | # possible, but leave them commented. Uncommented options override the 11 | # default value. 12 | 13 | Include /etc/ssh/sshd_config.d/*.conf 14 | 15 | #Port 22 16 | #AddressFamily any 17 | #ListenAddress 0.0.0.0 18 | #ListenAddress :: 19 | 20 | #HostKey /etc/ssh/ssh_host_rsa_key 21 | #HostKey /etc/ssh/ssh_host_ecdsa_key 22 | #HostKey /etc/ssh/ssh_host_ed25519_key 23 | 24 | # Ciphers and keying 25 | #RekeyLimit default none 26 | 27 | # Logging 28 | #SyslogFacility AUTH 29 | #LogLevel INFO 30 | 31 | # Authentication: 32 | 33 | #LoginGraceTime 2m 34 | PermitRootLogin yes 35 | #StrictModes yes 36 | #MaxAuthTries 6 37 | #MaxSessions 10 38 | 39 | #PubkeyAuthentication yes 40 | 41 | # Expect .ssh/authorized_keys2 to be disregarded by default in future. 42 | #AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 43 | 44 | #AuthorizedPrincipalsFile none 45 | 46 | #AuthorizedKeysCommand none 47 | #AuthorizedKeysCommandUser nobody 48 | 49 | # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 50 | #HostbasedAuthentication no 51 | # Change to yes if you don't trust ~/.ssh/known_hosts for 52 | # HostbasedAuthentication 53 | #IgnoreUserKnownHosts no 54 | # Don't read the user's ~/.rhosts and ~/.shosts files 55 | #IgnoreRhosts yes 56 | 57 | # To disable tunneled clear text passwords, change to no here! 58 | #PasswordAuthentication yes 59 | #PermitEmptyPasswords no 60 | 61 | # Change to yes to enable challenge-response passwords (beware issues with 62 | # some PAM modules and threads) 63 | ChallengeResponseAuthentication no 64 | 65 | # Kerberos options 66 | #KerberosAuthentication no 67 | #KerberosOrLocalPasswd yes 68 | #KerberosTicketCleanup yes 69 | #KerberosGetAFSToken no 70 | 71 | # GSSAPI options 72 | #GSSAPIAuthentication no 73 | #GSSAPICleanupCredentials yes 74 | #GSSAPIStrictAcceptorCheck yes 75 | #GSSAPIKeyExchange no 76 | 77 | # Set this to 'yes' to enable PAM authentication, account processing, 78 | # and session processing. If this is enabled, PAM authentication will 79 | # be allowed through the ChallengeResponseAuthentication and 80 | # PasswordAuthentication. Depending on your PAM configuration, 81 | # PAM authentication via ChallengeResponseAuthentication may bypass 82 | # the setting of "PermitRootLogin yes 83 | # If you just want the PAM account and session checks to run without 84 | # PAM authentication, then enable this but set PasswordAuthentication 85 | # and ChallengeResponseAuthentication to 'no'. 86 | UsePAM yes 87 | 88 | #AllowAgentForwarding yes 89 | #AllowTcpForwarding yes 90 | #GatewayPorts no 91 | X11Forwarding yes 92 | #X11DisplayOffset 10 93 | #X11UseLocalhost yes 94 | #PermitTTY yes 95 | PrintMotd no 96 | #PrintLastLog yes 97 | #TCPKeepAlive yes 98 | #PermitUserEnvironment no 99 | #Compression delayed 100 | #ClientAliveInterval 0 101 | #ClientAliveCountMax 3 102 | #UseDNS no 103 | #PidFile /var/run/sshd.pid 104 | #MaxStartups 10:30:100 105 | #PermitTunnel no 106 | #ChrootDirectory none 107 | #VersionAddendum none 108 | 109 | # no default banner path 110 | #Banner none 111 | 112 | # Allow client to pass locale environment variables 113 | AcceptEnv LANG LC_* 114 | 115 | # override default of no subsystems 116 | #Subsystem sftp /usr/lib/openssh/sftp-server 117 | Subsystem sftp internal-sftp 118 | 119 | # Example of overriding settings on a per-user basis 120 | Match User SFTP_U 121 | ChrootDirectory /home/%u 122 | X11Forwarding no 123 | AllowTcpForwarding no 124 | PermitTTY SHELL_ACCESS 125 | ForceCommand internal-sftp 126 | PasswordAuthentication yes 127 | -------------------------------------------------------------------------------- /config/teleport/teleport_client.yaml: -------------------------------------------------------------------------------- 1 | # By default, this file should be stored in /etc/teleport.yaml 2 | 3 | # This section of the configuration file applies to all teleport 4 | # services. 5 | teleport: 6 | # nodename allows to assign an alternative name this node can be reached by. 7 | # by default it's equal to hostname 8 | nodename: TELEPORT_NODENAME 9 | 10 | # Data directory where Teleport keeps its data, like keys/users for 11 | # authentication (if using the default BoltDB back-end) 12 | data_dir: /var/lib/teleport 13 | 14 | # one-time invitation token used to join a cluster. it is not used on 15 | # subsequent starts 16 | auth_token: AUTH_TOKEN 17 | 18 | # when running in multi-homed or NATed environments Teleport nodes need 19 | # to know which IP it will be reachable at by other nodes 20 | advertise_ip: TELEPORT_ADVERTISE_IP 21 | 22 | # list of auth servers in a cluster. you will have more than one auth server 23 | # if you configure teleport auth to run in HA configuration 24 | auth_servers: 25 | - TELEPORT_CLUSTER_DOMAIN:3025 26 | 27 | # Teleport throttles all connections to avoid abuse. These settings allow 28 | # you to adjust the default limits 29 | connection_limits: 30 | max_connections: 1000 31 | max_users: 250 32 | 33 | # Logging configuration. Possible output values are 'stdout', 'stderr' and 34 | # 'syslog'. Possible severity values are INFO, WARN and ERROR (default). 35 | log: 36 | output: stderr 37 | severity: ERROR 38 | 39 | ca_pin: CA_PIN 40 | 41 | # Type of storage used for keys. You need to configure this to use etcd 42 | # backend if you want to run Teleport in HA configuration. 43 | storage: 44 | type: bolt 45 | 46 | # This section configures the 'auth service': 47 | auth_service: 48 | # Turns 'auth' role on. Default is 'yes' 49 | enabled: no 50 | 51 | # This section configures the 'node service': 52 | ssh_service: 53 | # Turns 'ssh' role on. Default is 'yes' 54 | enabled: yes 55 | 56 | # IP and the port for SSH service to bind to. 57 | listen_addr: 0.0.0.0:3022 58 | # See explanation of labels in "Labeling Nodes" section below 59 | labels: 60 | env: SERVER_ENV 61 | type: SERVER_TYPE 62 | role: SERVER_ROLE 63 | # List (YAML array) of commands to periodically execute and use 64 | # their output as labels. 65 | # See explanation of how this works in "Labeling Nodes" section below 66 | commands: 67 | - name: hostname 68 | command: [/bin/hostname] 69 | period: 1m0s 70 | - name: arch 71 | command: [/bin/uname, -p] 72 | period: 1h0m0s 73 | 74 | # This section configures the 'proxy servie' 75 | proxy_service: 76 | # Turns 'proxy' role on. Default is 'yes' 77 | enabled: no -------------------------------------------------------------------------------- /config/teleport/teleport_server.yaml: -------------------------------------------------------------------------------- 1 | version: v2 2 | teleport: 3 | nodename: TELEPORT_NODENAME 4 | data_dir: /var/lib/teleport 5 | log: 6 | output: stderr 7 | severity: INFO 8 | format: 9 | output: text 10 | ca_pin: [] 11 | diag_addr: "" 12 | auth_service: 13 | enabled: "yes" 14 | listen_addr: 0.0.0.0:3025 15 | cluster_name: TELEPORT_CLUSTER_NAME 16 | proxy_listener_mode: multiplex 17 | ssh_service: 18 | enabled: "yes" 19 | labels: 20 | env: SERVER_ENV 21 | type: SERVER_TYPE 22 | role: SERVER_ROLE 23 | commands: 24 | - name: hostname 25 | command: [hostname] 26 | period: 1m0s 27 | proxy_service: 28 | enabled: "yes" 29 | web_listen_addr: 0.0.0.0:443 30 | public_addr: TELEPORT_CLUSTER_DOMAIN:443 31 | https_keypairs: [] 32 | acme: 33 | enabled: "yes" 34 | email: TELEPORT_EMAIL 35 | -------------------------------------------------------------------------------- /config/wordpress/wp-rocket-config.json: -------------------------------------------------------------------------------- 1 | { 2 | "cache_mobile": 1, 3 | "purge_cron_interval": 24, 4 | "purge_cron_unit": "HOUR_IN_SECONDS", 5 | "minify_css": 1, 6 | "exclude_css": [], 7 | "async_css": 1, 8 | "critical_css": "", 9 | "remove_unused_css_safelist": [], 10 | "minify_js": 1, 11 | "exclude_inline_js": [], 12 | "exclude_js": [], 13 | "defer_all_js": 1, 14 | "exclude_defer_js": [], 15 | "delay_js": 1, 16 | "delay_js_exclusions": [], 17 | "lazyload": 1, 18 | "lazyload_iframes": 1, 19 | "exclude_lazyload": [], 20 | "image_dimensions": 1, 21 | "manual_preload": 1, 22 | "sitemaps": [], 23 | "preload_links": "1", 24 | "dns_prefetch": [], 25 | "preload_fonts": [], 26 | "cache_reject_uri": [], 27 | "cache_reject_cookies": [], 28 | "cache_reject_ua": [], 29 | "cache_purge_pages": [], 30 | "cache_query_strings": [], 31 | "database_auto_drafts": 1, 32 | "database_trashed_posts": 1, 33 | "database_spam_comments": 1, 34 | "database_trashed_comments": 1, 35 | "database_expired_transients": 1, 36 | "database_optimize_tables": 1, 37 | "automatic_cleanup_frequency": "", 38 | "cdn_cnames": [], 39 | "cdn_zone": [], 40 | "cdn_reject_files": [], 41 | "control_heartbeat": 1, 42 | "heartbeat_admin_behavior": "reduce_periodicity", 43 | "heartbeat_editor_behavior": "reduce_periodicity", 44 | "heartbeat_site_behavior": "reduce_periodicity", 45 | "do_cloudflare": 1, 46 | "cloudflare_api_key": "", 47 | "cloudflare_email": "", 48 | "cloudflare_zone_id": "", 49 | "cloudflare_devmode": 1, 50 | "sucury_waf_api_key": "", 51 | "consumer_key": "", 52 | "consumer_email": "", 53 | "secret_key": "", 54 | "license": "", 55 | "secret_cache_key": "60b172f59e6e0888663157", 56 | "minify_css_key": "60b1a19b1a7da213990821", 57 | "minify_js_key": "60b1a19d71f54344546959", 58 | "version": "3.9", 59 | "cloudflare_old_settings": "", 60 | "sitemap_preload_url_crawl": "500000", 61 | "cache_ssl": 1, 62 | "minify_google_fonts": 1, 63 | "emoji": 1, 64 | "async_css_mobile": "1", 65 | "cache_logged_user": 0, 66 | "do_caching_mobile_files": 0, 67 | "minify_concatenate_css": 0, 68 | "minify_concatenate_js": 0, 69 | "embeds": 0, 70 | "lazyload_youtube": 0, 71 | "database_revisions": 0, 72 | "database_all_transients": 0, 73 | "schedule_automatic_cleanup": 0, 74 | "sitemap_preload": 0, 75 | "cloudflare_auto_settings": 0, 76 | "cloudflare_protocol_rewrite": 0, 77 | "sucury_waf_cache_sync": 0, 78 | "cdn": 0, 79 | "varnish_auto_purge": 0, 80 | "remove_unused_css": 0 81 | } -------------------------------------------------------------------------------- /cron/brolit_ui_tasks.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.3.10 5 | ################################################################################ 6 | 7 | ### Main dir check 8 | BROLIT_MAIN_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) 9 | BROLIT_MAIN_DIR=$(cd "$(dirname "${BROLIT_MAIN_DIR}")" && pwd) 10 | if [[ -z ${BROLIT_MAIN_DIR} ]]; then 11 | exit 1 # error; the path is not accessible 12 | fi 13 | 14 | # shellcheck source=${BROLIT_MAIN_DIR}/brolit_lite.sh 15 | source "${BROLIT_MAIN_DIR}/brolit_lite.sh" 16 | 17 | ################################################################################ 18 | 19 | show_server_data "true" 20 | dropbox_get_sites_backups "true" 21 | firewall_get_apps_details "true" 22 | list_packages_ready_to_upgrade "true" 23 | show_backup_information "true" 24 | retrieve_cron_jobs "true" -------------------------------------------------------------------------------- /cron/optimizer_tasks.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.3.10 5 | ################################################################################ 6 | 7 | ### Main dir check 8 | BROLIT_MAIN_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) 9 | BROLIT_MAIN_DIR=$(cd "$(dirname "${BROLIT_MAIN_DIR}")" && pwd) 10 | if [[ -z "${BROLIT_MAIN_DIR}" ]]; then 11 | exit 1 # error; the path is not accessible 12 | fi 13 | 14 | # shellcheck source=${BROLIT_MAIN_DIR}/libs/commons.sh 15 | source "${BROLIT_MAIN_DIR}/libs/commons.sh" 16 | 17 | ################################################################################ 18 | 19 | # Script Initialization 20 | script_init "true" 21 | 22 | # Running from cron 23 | log_event "info" "Running optimizer_tasks.sh from cron ..." "false" 24 | 25 | # If NETDATA is installed, disabled alarms 26 | if [[ ${PACKAGES_NETDATA_STATUS} == "enabled" ]]; then 27 | netdata_alerts_disable 28 | fi 29 | 30 | # Running scripts 31 | optimize_images_complete 32 | 33 | optimize_pdfs 34 | 35 | delete_old_logs 36 | 37 | packages_remove_old 38 | 39 | optimize_ram_usage 40 | 41 | #DB_MAIL="${BROLIT_TMP_DIR}/databases-bk-${NOW}.mail" 42 | #DB_MAIL_VAR=$(<"${DB_MAIL}") 43 | 44 | #ONFIG_MAIL="${BROLIT_TMP_DIR}/configuration-bk-${NOW}.mail" 45 | #CONFIG_MAIL_VAR=$(<"${CONFIG_MAIL}") 46 | 47 | #FILE_MAIL="${BROLIT_TMP_DIR}/files-bk-${NOW}.mail" 48 | #FILE_MAIL_VAR=$(<"${FILE_MAIL}") 49 | 50 | #MAIL_FOOTER=$(mail_footer "${SCRIPT_V}") 51 | 52 | # Checking result status for mail subject 53 | #EMAIL_STATUS=$(mail_subject_status "${STATUS_BACKUP_DBS}" "${STATUS_BACKUP_FILES}" "${STATUS_SERVER}" "${OUTDATED_PACKAGES}") 54 | 55 | # Preparing email to send 56 | #log_event "info" "Sending Email to ${NOTIFICATION_EMAIL_MAILA} ..." "true" 57 | 58 | #EMAIL_SUBJECT="${EMAIL_STATUS} on ${SERVER_NAME} Complete Backup - [${NOWDISPLAY}]" 59 | #EMAIL_CONTENT="${HTMLOPEN} ${BODY_SRV} ${PKG_MAIL_VAR} ${CERT_MAIL_VAR} ${CONFIG_MAIL_VAR} ${DB_MAIL_VAR} ${FILE_MAIL_VAR} ${MAIL_FOOTER}" 60 | 61 | # If NETDATA is installed, enable alarms 62 | if [[ ${PACKAGES_NETDATA_STATUS} == "enabled" ]]; then 63 | netdata_alerts_enable 64 | fi 65 | 66 | # Sending email notification 67 | #mail_send_notification "${EMAIL_SUBJECT}" "${EMAIL_CONTENT}" 68 | -------------------------------------------------------------------------------- /cron/uptime_tasks.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.3.10 5 | ################################################################################ 6 | 7 | ### Main dir check 8 | BROLIT_MAIN_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) 9 | BROLIT_MAIN_DIR=$(cd "$(dirname "${BROLIT_MAIN_DIR}")" && pwd) 10 | if [ -z "${BROLIT_MAIN_DIR}" ]; then 11 | exit 1 # error; the path is not accessible 12 | fi 13 | 14 | # shellcheck source=${BROLIT_MAIN_DIR}/libs/commons.sh 15 | source "${BROLIT_MAIN_DIR}/libs/commons.sh" 16 | 17 | ################################################################################ 18 | 19 | # Running from cron 20 | log_event "info" "Running uptime_tasks.sh from cron ..." "false" 21 | 22 | # Script Initialization 23 | script_init "true" 24 | 25 | #Log 26 | log_section "Uptime Checker" 27 | 28 | # Get all directories 29 | all_sites="$(get_all_directories "${PROJECTS_PATH}")" 30 | 31 | ## Get length of $all_sites 32 | count_all_sites=$(find "${PROJECTS_PATH}" -maxdepth 1 -type d -printf '.' | wc -c) 33 | count_all_sites=$((count_all_sites - 1)) 34 | 35 | log_event "info" "Found ${count_all_sites} directories" "false" 36 | display --indent 6 --text "- Directories found" --result "${count_all_sites}" --color WHITE 37 | 38 | # GLOBALS 39 | keyword="wp-content" 40 | #file_index=0 41 | 42 | # Folder blacklist 43 | blacklist=".wp-cli,phpmyadmin,html" 44 | 45 | for site in ${all_sites}; do 46 | 47 | project_name="$(basename "${site}")" 48 | 49 | if [[ ${blacklist} != *"${project_name}"* ]]; then 50 | 51 | log_event "info" "Project name: ${project_name}" "false" 52 | 53 | curl --silent -L "${project_name}" 2>&1 | grep -q "${keyword}" 54 | curl_output=$? 55 | 56 | if [[ ${curl_output} -eq 0 ]]; then 57 | 58 | log_event "info" "Website ${project_name} is online" "false" 59 | display --indent 2 --text "- Testing ${project_name}" --result "UP" --color GREEN 60 | 61 | else 62 | 63 | log_event "error" "Website ${project_name} is offline" "false" 64 | display --indent 2 --text "- Testing ${project_name}" --result "DOWN" --color RED 65 | 66 | # Send notification 67 | send_notification "${SERVER_NAME}" "Website ${project_name} is offline" 68 | 69 | fi 70 | 71 | else 72 | 73 | log_event "error" "Found ${project_name} on blacklist, skipping ..." "false" 74 | 75 | fi 76 | 77 | done 78 | 79 | # Running scripts 80 | #"${BROLIT_MAIN_DIR}/utils/server_and_image_optimizations.sh" 81 | 82 | #DB_MAIL="${BROLIT_TMP_DIR}/databases-bk-${NOW}.mail" 83 | #DB_MAIL_VAR=$(<"${DB_MAIL}") 84 | 85 | #ONFIG_MAIL="${BROLIT_TMP_DIR}/configuration-bk-${NOW}.mail" 86 | #CONFIG_MAIL_VAR=$(<"${CONFIG_MAIL}") 87 | 88 | #FILE_MAIL="${BROLIT_TMP_DIR}/files-bk-${NOW}.mail" 89 | #FILE_MAIL_VAR=$(<"${FILE_MAIL}") 90 | 91 | #MAIL_FOOTER=$(mail_footer "${SCRIPT_V}") 92 | 93 | # Checking result status for mail subject 94 | #EMAIL_STATUS=$(mail_subject_status "${STATUS_BACKUP_DBS}" "${STATUS_BACKUP_FILES}" "${STATUS_SERVER}" "${OUTDATED_PACKAGES}") 95 | 96 | # Preparing email to send 97 | #log_event "info" "Sending Email to ${NOTIFICATION_EMAIL_MAILA} ..." "true" 98 | 99 | #EMAIL_SUBJECT="${EMAIL_STATUS} on ${SERVER_NAME} Complete Backup - [${NOWDISPLAY}]" 100 | #EMAIL_CONTENT="${HTMLOPEN} ${BODY_SRV} ${PKG_MAIL_VAR} ${CERT_MAIL_VAR} ${CONFIG_MAIL_VAR} ${DB_MAIL_VAR} ${FILE_MAIL_VAR} ${MAIL_FOOTER}" 101 | 102 | # Sending email notification 103 | #mail_send_notification "${EMAIL_SUBJECT}" "${EMAIL_CONTENT}" 104 | -------------------------------------------------------------------------------- /docs/CHANGELOG.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gauchocode/brolit-shell/57e22a03eaca668396dd908851199838c4b03dfa/docs/CHANGELOG.md -------------------------------------------------------------------------------- /libs/apps/discord_notification_helper.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.3.10 5 | ################################################################################ 6 | # 7 | # Discord Notification Helper: Perform Discord actions. 8 | # 9 | ################################################################################ 10 | 11 | ################################################################################ 12 | # Discord send notification 13 | # 14 | # Arguments: 15 | # ${1} = {notification_title} 16 | # ${2} = {notification_content} 17 | # ${3} = {notification_type} 18 | # 19 | # Outputs: 20 | # 0 if ok, 1 on error. 21 | ################################################################################ 22 | # 23 | 24 | function discord_send_notification() { 25 | 26 | local notification_title="${1}" 27 | local notification_content="${2}" 28 | local notification_type="${3}" 29 | 30 | # Format title based on notification type 31 | case "${notification_type}" in 32 | 33 | "alert") 34 | notification_title=":warning: ${notification_title}" 35 | ;; 36 | "info") 37 | notification_title=":information_source: ${notification_title}" 38 | ;; 39 | "success") 40 | notification_title=":white_check_mark: ${notification_title}" 41 | ;; 42 | *) 43 | # Default format 44 | ;; 45 | 46 | esac 47 | 48 | # Replace all
occurrences with "\n" 49 | notification_content="${notification_content///\\n}" 50 | # Replace all occurrences with "*" (bold) 51 | notification_content="${notification_content///**}" 52 | # Replace all occurrences with "*" (bold) 53 | notification_content="${notification_content//<\/em>/**}" 54 | 55 | # Check ${notification_content} length 56 | if [[ ${#notification_content} -gt 900 ]]; then 57 | 58 | # Log 59 | log_event "warning" "Discord notification content too long, truncating ..." "false" 60 | 61 | # Truncate 62 | notification_content="${notification_content:0:120}" 63 | 64 | fi 65 | 66 | # Log 67 | log_event "info" "Sending Discord notification ..." "false" 68 | log_event "debug" "Running: ${CURL} -H \"Content-Type: application/json\" -X POST -d '{\"content\":\"'\"${notification_title} : ${notification_content}\"'\"}' \"${NOTIFICATION_DISCORD_WEBHOOK}\"" "false" 69 | 70 | # Discord command 71 | ${CURL} -H "Content-Type: application/json" -X POST -d '{"content":"'"**${notification_title}**: ${notification_content}"'"}' "${NOTIFICATION_DISCORD_WEBHOOK}" 72 | 73 | exitstatus=$? 74 | if [[ ${exitstatus} -eq 0 ]]; then 75 | 76 | # Log on success 77 | log_event "info" "Discord notification sent!" 78 | display --indent 6 --text "- Sending Discord notification" --result "DONE" --color GREEN 79 | 80 | return 0 81 | 82 | else 83 | # Log on failure 84 | log_event "error" "Discord notification error." "false" 85 | log_event "error" "Please, check webhook url on .brolit_conf.json" "false" 86 | display --indent 6 --text "- Sending Discord notification" --result "FAIL" --color RED 87 | display --indent 8 --text "Check webhook url on .brolit_conf.json" --tcolor YELLOW 88 | 89 | return 1 90 | 91 | fi 92 | 93 | } 94 | -------------------------------------------------------------------------------- /libs/apps/ftp_helper.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.3.10 5 | ############################################################################# 6 | # 7 | # SFTP Local Helper: Local sftp configuration functions 8 | # 9 | ################################################################################ 10 | 11 | ################################################################################ 12 | # Download from ftp 13 | # 14 | # Arguments: 15 | # ${1} = ftp_ip 16 | # ${2} = ftp_path 17 | # ${3} = ftp_user 18 | # ${4} = ftp_pass 19 | # 20 | # Outputs: 21 | # 0 if ok, 1 on error. 22 | ################################################################################ 23 | 24 | function ftp_download() { 25 | 26 | local ftp_ip="${1}" 27 | local ftp_path="${2}" 28 | local ftp_user="${3}" 29 | local ftp_pass="${4}" 30 | local local_directory="${5}" 31 | #local excluded_dirs="${6}" 32 | 33 | log_event "debug" "Running: wget -r -l 0 --reject=log,.ftpquota ftp://${ftp_ip}/${ftp_path} --ftp-user=\"${ftp_user}\" --ftp-password=\"${ftp_pass}\" -nH --cut-dirs=1 --directory-prefix=\"${local_directory}\"" "false" 34 | 35 | # wget -r -l 0 --reject=log,.ftpquota --exclude-directories=/public_html/cgi-bin,/public_html/.well-known ftp://"${ftp_ip}/${ftp_path}" --ftp-user="${ftp_user}" --ftp-password="${ftp_pass}" -nH --cut-dirs=1 36 | wget -r -l 0 --reject="log,.ftpquota" ftp://"${ftp_ip}/${ftp_path}" --ftp-user="${ftp_user}" --ftp-password="${ftp_pass}" -nH --cut-dirs=1 --directory-prefix="${local_directory}" 37 | 38 | exitstatus=$? 39 | if [[ ${exitstatus} -eq 0 ]]; then 40 | 41 | # Log 42 | log_event "info" "Download from FTP server done." "false" 43 | display --indent 6 --text "- Downloading from FTP" --result "DONE" --color GREEN 44 | 45 | return 0 46 | 47 | else 48 | 49 | # Log 50 | log_event "error" "Failed to download from FTP server." "false" 51 | display --indent 6 --text "- Downloading from FTP" --result "FAIL" --color RED 52 | 53 | return 1 54 | 55 | fi 56 | 57 | } 58 | -------------------------------------------------------------------------------- /libs/apps/netdata_helper.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.3.10 5 | ################################################################################ 6 | # 7 | # Netdata Helper 8 | # 9 | # Ref: https://github.com/nextcloud/vm/blob/master/apps/netdata.sh 10 | # 11 | ################################################################################ 12 | 13 | function netdata_alerts_disable() { 14 | 15 | local netdata_api_key 16 | 17 | # Doc: https://learn.netdata.cloud/docs/agent/web/api/health 18 | 19 | # The API is available by default, but it is protected by an api authorization token 20 | # that is stored in the file you will see in the following entry of http://NODE:19999/netdata.conf: 21 | # netdata management api key file = /var/lib/netdata/netdata.api.key 22 | 23 | netdata_api_key="$(cat /var/lib/netdata/netdata.api.key)" 24 | 25 | ## If all you need is temporarily disable all health checks, then you issue the following before your maintenance period starts: 26 | #curl "http://NODE:19999/api/v1/manage/health?cmd=DISABLE ALL" -H "X-Auth-Token: Mytoken" 27 | 28 | ## If you want the health checks to be running but to not receive any notifications during your maintenance period, you can instead use this: 29 | curl "http://localhost:19999/api/v1/manage/health?cmd=SILENCE%20ALL" -H "X-Auth-Token: ${netdata_api_key}" 30 | 31 | # Log 32 | log_event "info" "Disabling netdata alarms ..." "false" 33 | log_event "info" "Running: curl \"http://localhost:19999/api/v1/manage/health?cmd=SILENCE ALL\" -H \"X-Auth-Token: ${netdata_api_key}\"" "false" 34 | 35 | } 36 | 37 | function netdata_alerts_enable() { 38 | 39 | local netdata_api_key 40 | 41 | # Doc: https://learn.netdata.cloud/docs/agent/web/api/health 42 | 43 | # The API is available by default, but it is protected by an api authorization token 44 | # that is stored in the file you will see in the following entry of http://NODE:19999/netdata.conf: 45 | # netdata management api key file = /var/lib/netdata/netdata.api.key 46 | 47 | netdata_api_key="$(cat /var/lib/netdata/netdata.api.key)" 48 | 49 | ## If all you need is temporarily disable all health checks, then you issue the following before your maintenance period starts: 50 | #curl "http://NODE:19999/api/v1/manage/health?cmd=DISABLE ALL" -H "X-Auth-Token: Mytoken" 51 | 52 | ## If you want the health checks to be running but to not receive any notifications during your maintenance period, you can instead use this: 53 | curl "http://localhost:19999/api/v1/manage/health?cmd=RESET" -H "X-Auth-Token: ${netdata_api_key}" 54 | 55 | # Log 56 | log_event "info" "Restoring netdata alarms status..." "false" 57 | log_event "info" "Running: curl \"http://localhost:19999/api/v1/manage/health?cmd=RESET\" -H \"X-Auth-Token: ${netdata_api_key}\"" "false" 58 | 59 | } 60 | -------------------------------------------------------------------------------- /libs/apps/ntfy_notification_helper.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.3.10 5 | ################################################################################ 6 | 7 | ################################################################################ 8 | # Ntfy Send Notification 9 | # 10 | # Arguments: 11 | # ${1} = {notification_title} 12 | # ${2} = {notification_content} 13 | # ${3} = {notification_type} 14 | # 15 | # Outputs: 16 | # 0 if it utils were installed, 1 on error. 17 | ################################################################################ 18 | 19 | function ntfy_send_notification() { 20 | 21 | local notification_title="${1}" 22 | local notification_content="${2}" 23 | local notification_type="${3}" 24 | 25 | # Determine notification priority based on type 26 | local priority 27 | 28 | case "${notification_type}" in 29 | 30 | "alert") 31 | priority="urgent" 32 | ;; 33 | "info") 34 | priority="default" 35 | ;; 36 | "success") 37 | priority="min" 38 | ;; 39 | *) 40 | priority="default" 41 | ;; 42 | 43 | esac 44 | 45 | # Log 46 | log_event "info" "Sending Ntfy notification ..." "false" 47 | log_event "debug" "${CURL} -H 'Title: ${notification_title}' -H 'Priority: ${priority}' -d '${notification_content}' -u '${NOTIFICATION_NTFY_USERNAME}:${NOTIFICATION_NTFY_PASSWORD}' '${NOTIFICATION_NTFY_SERVER}/${NOTIFICATION_NTFY_TOPIC}'" "false" 48 | 49 | # Ntfy command with priority 50 | ${CURL} -H "Title: ${notification_title}" -H "Priority: ${priority}" -d "${notification_content}" -u "${NOTIFICATION_NTFY_USERNAME}:${NOTIFICATION_NTFY_PASSWORD}" "${NOTIFICATION_NTFY_SERVER}/${NOTIFICATION_NTFY_TOPIC}" > /dev/null 2>&1 51 | 52 | exitstatus=$? 53 | if [[ ${exitstatus} -eq 0 ]]; then 54 | 55 | # Log on success 56 | log_event "info" "Ntfy notification sent!" 57 | display --indent 6 --text "- Sending ntfy notification" --result "DONE" --color GREEN 58 | 59 | return 0 60 | 61 | else 62 | # Log on failure 63 | log_event "error" "Ntfy notification error." "false" 64 | log_event "error" "Please, check server url on .brolit_conf.json" "false" 65 | display --indent 6 --text "- Sending ntfy notification" --result "FAIL" --color RED 66 | display --indent 8 --text "Check server url on .brolit_conf.json" --tcolor YELLOW 67 | 68 | return 1 69 | 70 | fi 71 | 72 | } 73 | -------------------------------------------------------------------------------- /libs/apps/telegram_notification_helper.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.3.10 5 | ################################################################################ 6 | # 7 | # Telegram Notification Helper: Perform Telegram actions. 8 | # 9 | ################################################################################ 10 | 11 | ################################################################################ 12 | # Telegram send notification 13 | # 14 | # Arguments: 15 | # ${1} = {notification_title} 16 | # ${2} = {notification_content} 17 | # ${3} = {notification_type} 18 | # 19 | # Outputs: 20 | # 0 if ok, 1 on error. 21 | ################################################################################ 22 | 23 | function telegram_send_notification() { 24 | 25 | local notification_title="${1}" 26 | local notification_content="${2}" 27 | local notification_type="${3}" 28 | 29 | local timeout 30 | local notif_sound 31 | local notif_text 32 | local notif_url 33 | local display_mode 34 | 35 | # Display mode 36 | display_mode="HTML" 37 | 38 | # API timeout 39 | timeout="10" 40 | 41 | # API URL 42 | notif_url="https://api.telegram.org/bot${NOTIFICATION_TELEGRAM_BOT_TOKEN}/sendMessage" 43 | 44 | # notif_sound = 1 for silent notification (without sound) 45 | notif_sound=0 46 | [[ ${notification_type} -eq 1 ]] && notif_sound=1 47 | 48 | # Replace all
occurrences with "%0A" 49 | notification_content="${notification_content///%0A}" 50 | # Replace all \n occurrences with "%0A" 51 | notification_content="${notification_content//\\n/%0A}" 52 | 53 | # Check ${notification_content} length 54 | if [[ ${#notification_content} -gt 60 ]]; then 55 | 56 | # Log 57 | log_event "warning" "Telegram notification content too long, truncating ..." "false" 58 | 59 | # Truncate 90 characters 60 | notification_content="${notification_content:0:90}" 61 | 62 | fi 63 | 64 | # Notification text 65 | notif_text="${notification_title}:${notification_content}" 66 | 67 | # Log 68 | log_event "info" "Sending Telegram notification ..." "false" 69 | 70 | # Telegram command 71 | telegram_notif_response="$(curl --silent --insecure --max-time "${timeout}" --data chat_id="${NOTIFICATION_TELEGRAM_CHAT_ID}" --data "disable_notification=${notif_sound}" --data "parse_mode=${display_mode}" --data "text=${notif_text}" "${notif_url}")" 72 | 73 | # Check Result 74 | telegram_notif_result="$(echo "${telegram_notif_response}" | grep "ok" | cut -d ":" -f2 | cut -d "," -f1)" 75 | if [[ ${telegram_notif_result} == "true" ]]; then 76 | 77 | # Log on success 78 | log_event "info" "Telegram notification sent." "false" 79 | display --indent 6 --text "- Sending Telegram notification" --result "DONE" --color GREEN 80 | 81 | return 0 82 | 83 | else 84 | 85 | # Log on failure 86 | log_event "error" "Telegram notification error!" "false" 87 | log_event "debug" "Telegram api call: curl --silent --insecure --max-time ${timeout} --data chat_id=${NOTIFICATION_TELEGRAM_CHAT_ID} --data disable_notification=${notif_sound} --data parse_mode=${display_mode} --data text=${notif_text} ${notif_url}" "false" 88 | log_event "debug" "Telegram notification result: ${telegram_notif_result}" "false" 89 | log_event "debug" "Telegram notification response: ${telegram_notif_response}" "false" 90 | display --indent 6 --text "- Sending Telegram notification" --result "FAIL" --color RED 91 | 92 | return 1 93 | 94 | fi 95 | 96 | } 97 | -------------------------------------------------------------------------------- /libs/local/whiptail_helper.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.3.10 5 | ################################################################################ 6 | # 7 | # Whiptail Helper: whiptail functions. 8 | # 9 | # Ref: https://www.redhat.com/sysadmin/use-whiptail 10 | # 11 | ################################################################################ 12 | 13 | ################################################################################ 14 | # Whiptail standard message 15 | # 16 | # Arguments: 17 | # ${1} = {whip_title} 18 | # ${2} = {whip_message} 19 | # 20 | # Outputs: 21 | # 0 if ok, 1 on error. 22 | ################################################################################ 23 | 24 | function whiptail_message() { 25 | 26 | local whip_title="${1}" 27 | local whip_message="${2}" 28 | 29 | whiptail --title "${whip_title}" --msgbox "${whip_message}" 15 60 3>&1 1>&2 2>&3 30 | exitstatus=$? 31 | [[ ${exitstatus} -eq 0 ]] && return 0 || return 1 32 | 33 | } 34 | 35 | ################################################################################ 36 | # Whiptail message with skip option 37 | # 38 | # Arguments: 39 | # ${1} = {whip_title} 40 | # ${2} = {whip_message} 41 | # 42 | # Outputs: 43 | # 0 if ok, 1 on error. 44 | ################################################################################ 45 | 46 | function whiptail_message_with_skip_option() { 47 | 48 | local whip_title="${1}" 49 | local whip_message="${2}" 50 | 51 | whiptail --title "${whip_title}" --yesno "${whip_message}" 15 60 3>&1 1>&2 2>&3 52 | exitstatus=$? 53 | [[ ${exitstatus} -eq 0 ]] && return 0 54 | return 1 55 | 56 | } 57 | 58 | ################################################################################ 59 | # Whiptail input 60 | # 61 | # Arguments: 62 | # ${1} = {whip_title} 63 | # ${2} = {whip_message} 64 | # 65 | # Outputs: 66 | # ${whip_return} if ok, 1 on error. 67 | ################################################################################ 68 | 69 | function whiptail_input() { 70 | 71 | local whip_title="${1}" 72 | local whip_message="${2}" 73 | local whip_default="${3}" 74 | 75 | local whip_return 76 | 77 | whip_return="$(whiptail --title "${whip_title}" --inputbox "${whip_message}" 15 60 "${whip_default}" 3>&1 1>&2 2>&3)" 78 | 79 | exitstatus=$? 80 | if [[ ${exitstatus} -eq 0 ]]; then 81 | 82 | # Return 83 | echo "${whip_return}" && return 0 84 | 85 | else 86 | 87 | # Log 88 | log_event "error" "Executing: whiptail --title \"${whip_title}\" --inputbox \"${whip_message}\" 15 60 \"${whip_default}\" 3>&1 1>&2 2>&3" "false" 89 | 90 | return 1 91 | 92 | fi 93 | 94 | } 95 | 96 | ################################################################################ 97 | # Whiptail selection menu 98 | # 99 | # Arguments: 100 | # ${1} = {whip_title} 101 | # ${2} = {whip_message} 102 | # 103 | # Outputs: 104 | # ${whip_return} if ok, 1 on error. 105 | ################################################################################ 106 | 107 | function whiptail_selection_menu() { 108 | 109 | local whip_title="${1}" 110 | local whip_message="${2}" 111 | local whip_options="${3}" 112 | local default_item="${4}" 113 | 114 | local whip_return 115 | 116 | whip_return="$(whiptail --title "${whip_title}" --menu "${whip_message}" 20 78 10 $(for x in ${whip_options}; do echo "${x} [X]"; done) --default-item "${default_item}" 3>&1 1>&2 2>&3)" 117 | 118 | exitstatus=$? 119 | if [[ ${exitstatus} -eq 0 ]]; then 120 | 121 | # Return 122 | echo "${whip_return}" && return 0 123 | 124 | else 125 | 126 | return 1 127 | 128 | fi 129 | 130 | } 131 | -------------------------------------------------------------------------------- /libs/notification_controller.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.3.10 5 | ################################################################################ 6 | # 7 | # Notification Controller: Send notification to configured apps. 8 | # 9 | ################################################################################ 10 | 11 | ################################################################################ 12 | # Send Notification: send notification to configured apps. 13 | # 14 | # Arguments: 15 | # ${1} = {notification_title} 16 | # ${2} = {notification_content} 17 | # ${3} = {notification_type} - Options: "alert", "info", "success" 18 | # 19 | # Outputs: 20 | # 0 if it utils were installed, 1 on error. 21 | ################################################################################ 22 | 23 | function send_notification() { 24 | 25 | local notification_title="${1}" 26 | local notification_content="${2}" 27 | local notification_type="${3}" 28 | 29 | if [[ ${NOTIFICATION_TELEGRAM_STATUS} == "enabled" ]]; then 30 | 31 | telegram_send_notification "${notification_title}" "${notification_content}" "${notification_type}" 32 | 33 | fi 34 | 35 | if [[ ${NOTIFICATION_DISCORD_STATUS} == "enabled" ]]; then 36 | 37 | discord_send_notification "${notification_title}" "${notification_content}" "${notification_type}" 38 | 39 | fi 40 | 41 | if [[ ${NOTIFICATION_NTFY_STATUS} == "enabled" ]]; then 42 | 43 | ntfy_send_notification "${notification_title}" "${notification_content}" "${notification_type}" 44 | 45 | fi 46 | 47 | } 48 | -------------------------------------------------------------------------------- /runner.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Script Name: BROLIT Shell 5 | # Version: 3.3.10 6 | ################################################################################ 7 | 8 | ### Environment checks 9 | [ "${BASH_VERSINFO:-0}" -lt 4 ] && { 10 | echo "At least BASH version 4 is required. Aborting..." >&2 11 | exit 2 12 | } 13 | 14 | ### Main dir check 15 | BROLIT_MAIN_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd -P) 16 | if [[ -z "${BROLIT_MAIN_DIR}" ]]; then 17 | exit 1 # error; the path is not accessible 18 | fi 19 | 20 | ### Load Main library 21 | chmod +x "${BROLIT_MAIN_DIR}/libs/commons.sh" 22 | # shellcheck source=/root/brolit-shell/libs/commons.sh 23 | source "${BROLIT_MAIN_DIR}/libs/commons.sh" 24 | 25 | ### Init ####################################################################### 26 | 27 | if [[ $# -eq 0 ]]; then 28 | 29 | # Script initialization 30 | script_init "true" 31 | 32 | # RUNNING MAIN MENU 33 | menu_main_options 34 | 35 | else 36 | 37 | # RUNNING WITH FLAGS 38 | flags_handler $* #$* stores all arguments received when the script is runned 39 | 40 | fi 41 | 42 | # Script cleanup 43 | cleanup 44 | 45 | # Log End 46 | log_event "info" "Exiting script ..." "false" "1" -------------------------------------------------------------------------------- /screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gauchocode/brolit-shell/57e22a03eaca668396dd908851199838c4b03dfa/screenshot.png -------------------------------------------------------------------------------- /templates/emails/default/backup_configuration-tpl.html: -------------------------------------------------------------------------------- 1 |
2 |
4 | Config Backup: {{backup_status}} {{backup_status_icon}}
5 |
7 | Backup files includes:
8 |
9 | {{backup_list}} 10 |
11 |
12 |
-------------------------------------------------------------------------------- /templates/emails/default/backup_databases-tpl.html: -------------------------------------------------------------------------------- 1 |
2 |
4 | Database Backup: {{backup_status}} {{backup_status_icon}}
5 |
7 | Backup files includes:
8 |
9 | {{backup_list}} 10 |
11 |
12 |
13 | -------------------------------------------------------------------------------- /templates/emails/default/backup_files-tpl.html: -------------------------------------------------------------------------------- 1 |
2 |
4 | Files Backup: {{backup_status}} {{backup_status_icon}}
5 |
7 | Backup files includes:
8 |
9 | {{backup_list}} 10 |
11 |
12 |
-------------------------------------------------------------------------------- /templates/emails/default/certificates-tpl.html: -------------------------------------------------------------------------------- 1 |
2 |
4 | Certificates on server: {{certificates_status}} {{certificates_status_icon}}
5 |
7 | Sites certificate expiration days:
8 |
9 | {{certificates_list}} 10 |
11 |
12 |
-------------------------------------------------------------------------------- /templates/emails/default/footer-tpl.html: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /templates/emails/default/main-tpl.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | BROLIT BACKUP 8 | 9 | 53 | 54 | 55 | 56 | 57 | 58 |
60 | 61 |
62 | 63 |
64 | 65 | 66 | {{server_info}} 67 | 68 | 69 | {{packages_section}} 70 | 71 | 72 | {{certificates_section}} 73 | 74 | 75 | {{configs_backup_section}} 76 | 77 | 78 | {{databases_backup_section}} 79 | 80 | 81 | {{files_backup_section}} 82 | 83 | 84 | {{footer}} 85 | 86 |
87 | 88 |
89 | 90 |
91 | 92 | -------------------------------------------------------------------------------- /templates/emails/default/packages-tpl.html: -------------------------------------------------------------------------------- 1 |
3 | Packages Status: {{packages_status}} {{packages_status_icon}}
4 |
6 |
{{packages_status_details}}
7 |
-------------------------------------------------------------------------------- /templates/emails/default/server_info-tpl.html: -------------------------------------------------------------------------------- 1 |
2 |
4 | Server Status: {{server_status}} {{server_status_icon}}
5 |
7 | Server IPv4: {{server_ipv4}}
8 | Server IPv6: {{server_ipv6}}
9 | Disk usage: {{disk_usage}}
10 |
11 |
-------------------------------------------------------------------------------- /tests/test_cloudflare_helper.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.3.10 5 | ############################################################################# 6 | 7 | function test_cloudflare_funtions() { 8 | 9 | test_cloudflare_domain_exists 10 | test_cloudflare_set_record 11 | test_cloudflare_get_record_details 12 | test_cloudflare_delete_record 13 | test_cloudflare_clear_cache 14 | 15 | } 16 | 17 | function test_cloudflare_domain_exists() { 18 | 19 | log_subsection "Test: test_cloudflare_domain_exists" 20 | 21 | cloudflare_domain_exists "pacientesenred.com.ar" 22 | cf_result=$? 23 | if [[ ${cf_result} -eq 0 ]]; then 24 | display --indent 6 --text "- cloudflare_domain_exists" --result "PASS" --color WHITE 25 | else 26 | display --indent 6 --text "- cloudflare_domain_exists" --result "FAIL" --color RED 27 | fi 28 | log_break "true" 29 | 30 | cloudflare_domain_exists "www.pacientesenred.com.ar" 31 | cf_result=$? 32 | if [[ ${cf_result} -eq 1 ]]; then 33 | display --indent 6 --text "- cloudflare_domain_exists" --result "PASS" --color WHITE 34 | else 35 | display --indent 6 --text "- cloudflare_domain_exists" --result "FAIL" --color RED 36 | fi 37 | log_break "true" 38 | 39 | cloudflare_domain_exists "machupichu.com" 40 | cf_result=$? 41 | if [[ ${cf_result} -eq 1 ]]; then 42 | display --indent 6 --text "- cloudflare_domain_exists" --result "PASS" --color WHITE 43 | else 44 | display --indent 6 --text "- cloudflare_domain_exists" --result "FAIL" --color RED 45 | fi 46 | 47 | } 48 | 49 | function test_cloudflare_set_record() { 50 | 51 | log_subsection "Test: test_cloudflare_set_record" 52 | 53 | cloudflare_set_record "gauchocode.hosting" "bash.gauchocode.hosting" "A" "false" "${SERVER_IP}" 54 | cf_result=$? 55 | if [[ ${cf_result} -eq 0 ]]; then 56 | display --indent 6 --text "- test_cloudflare_set_record" --result "PASS" --color WHITE 57 | else 58 | display --indent 6 --text "- test_cloudflare_set_record" --result "FAIL" --color RED 59 | fi 60 | 61 | } 62 | 63 | function test_cloudflare_delete_record() { 64 | 65 | log_subsection "Test: test_cloudflare_delete_record" 66 | 67 | cloudflare_delete_record "gauchocode.hosting" "bash.gauchocode.hosting" 68 | cf_result=$? 69 | if [[ ${cf_result} -eq 0 ]]; then 70 | display --indent 6 --text "- test_cloudflare_delete_record" --result "PASS" --color WHITE 71 | else 72 | display --indent 6 --text "- test_cloudflare_delete_record" --result "FAIL" --color RED 73 | fi 74 | 75 | } 76 | 77 | function test_cloudflare_clear_cache() { 78 | 79 | log_subsection "Test: test_cloudflare_clear_cache" 80 | 81 | cloudflare_clear_cache "gauchocode.hosting" 82 | cf_result=$? 83 | if [[ ${cf_result} -eq 0 ]]; then 84 | display --indent 6 --text "- test_cloudflare_clear_cache" --result "PASS" --color WHITE 85 | else 86 | display --indent 6 --text "- test_cloudflare_clear_cache" --result "FAIL" --color RED 87 | fi 88 | 89 | } 90 | 91 | function test_cloudflare_get_record_details() { 92 | 93 | log_subsection "Test: test_cloudflare_get_record_details" 94 | 95 | cloudflare_get_record_details "gauchocode.hosting" "bash.gauchocode.hosting" "id" 96 | cloudflare_get_record_details "gauchocode.hosting" "bash.gauchocode.hosting" "type" 97 | cloudflare_get_record_details "gauchocode.hosting" "bash.gauchocode.hosting" "content" 98 | cloudflare_get_record_details "gauchocode.hosting" "bash.gauchocode.hosting" "proxied" 99 | cloudflare_get_record_details "gauchocode.hosting" "bash.gauchocode.hosting" "created_on" 100 | cloudflare_get_record_details "gauchocode.hosting" "bash.gauchocode.hosting" "modified_on" 101 | 102 | } -------------------------------------------------------------------------------- /tests/test_display_functions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.3.10 5 | ############################################################################# 6 | 7 | function test_display_functions() { 8 | 9 | test_display 10 | test_string_remove_color_chars 11 | 12 | } 13 | 14 | function test_display() { 15 | 16 | log_subsection "Testing display 1" 17 | 18 | display --indent 6 --text "- Testing message DONE" --result "DONE" --color WHITE 19 | display --indent 6 --text "- Testing message WARNING" --result "WARNING" --color YELLOW 20 | display --indent 6 --text "- Testing message ERROR" --result "ERROR" --color RED 21 | display --indent 8 --text "Testing output ERROR" --tcolor RED 22 | 23 | log_subsection "Testing display 2" 24 | 25 | display --indent 6 --text "- Testing message with color" --result "DONE" --color WHITE 26 | display --indent 8 --text "Testing output DONE" --tcolor WHITE --tstyle CURSIVE 27 | display --indent 6 --text "- Testing message with color" --result "DONE" --color WHITE 28 | display --indent 8 --text "Testing output WHITE in ITALIC" --tcolor WHITE --tstyle ITALIC 29 | display --indent 6 --text "- Testing message with color" --result "WARNING" --color YELLOW 30 | display --indent 8 --text "Testing output WARNING" --tcolor YELLOW 31 | 32 | log_subsection "Testing display with spinner" 33 | 34 | spinner_start "Testing spinner for 3 seconds" 35 | sleep 3 36 | spinner_stop $? 37 | display --indent 6 --text "- Testing spinner" --result "DONE" --color WHITE 38 | 39 | } 40 | 41 | function test_string_remove_color_chars() { 42 | 43 | # Test 1 44 | message1="${YELLOW}- Testing colored message${ENDCOLOR}" 45 | echo "${message1}" 46 | colored_test_1=$(_string_remove_color_chars "${message1}") 47 | echo "${colored_test_1}" 48 | 49 | # Test 2 50 | message2="- Testing message with colored ${YELLOW}word${ENDCOLOR}" 51 | echo "${message2}" 52 | colored_test_2=$(_string_remove_color_chars "${message2}") 53 | echo "${colored_test_2}" 54 | 55 | } 56 | -------------------------------------------------------------------------------- /tests/test_json_helper.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.3.10 5 | ############################################################################# 6 | 7 | function test_json_helper_funtions() { 8 | 9 | local brolit_config="assets/brolit_conf.json" 10 | 11 | NETDATA_CONFIG_STATUS="$(json_read_field "${brolit_config}" "SUPPORT.netdata[].status")" 12 | 13 | echo "NETDATA_CONFIG_STATUS=${NETDATA_CONFIG_STATUS}" 14 | 15 | json_write_field "${brolit_config}" "SUPPORT.netdata[].status" "enabled" 16 | 17 | NETDATA_CONFIG_STATUS="$(json_read_field "${brolit_config}" "SUPPORT.netdata[].status")" 18 | 19 | echo "NETDATA_CONFIG_STATUS=${NETDATA_CONFIG_STATUS}" 20 | 21 | if [[ "${NETDATA_CONFIG_STATUS}" == "enabled" ]]; then 22 | echo "PASSED" 23 | else 24 | echo "FAILED" 25 | fi 26 | 27 | #MONIT_CONFIG_SERVICES="$(json_read_field "${brolit_config}" "SUPPORT.monit[].config[].monit_services")" 28 | 29 | #echo "MONIT_CONFIG_SERVICES=${MONIT_CONFIG_SERVICES}" 30 | 31 | MONIT_CONFIG_SERVICES_REDIS="$(json_read_field "${brolit_config}" "SUPPORT.monit[].config[].monit_services[].redis")" 32 | 33 | echo "MONIT_CONFIG_SERVICES_REDIS=${MONIT_CONFIG_SERVICES_REDIS}" 34 | 35 | json_write_field "${brolit_config}" "SUPPORT.monit[].config[].monit_services[].redis" "enabled" 36 | 37 | MONIT_CONFIG_SERVICES_REDIS="$(json_read_field "${brolit_config}" "SUPPORT.monit[].config[].monit_services[].redis")" 38 | 39 | echo "MONIT_CONFIG_SERVICES_REDIS=${MONIT_CONFIG_SERVICES_REDIS}" 40 | 41 | if [[ "${MONIT_CONFIG_SERVICES_REDIS}" == "enabled" ]]; then 42 | echo "PASSED" 43 | else 44 | echo "FAILED" 45 | fi 46 | 47 | json_write_field "${brolit_config}" "SUPPORT.monit[].config[].monit_services[]" "\"test\": \"disabled\"" 48 | 49 | json_write_field "${brolit_config}" "SUPPORT.monit[].config[].monit_services[].test" "enabled" 50 | 51 | MONIT_CONFIG_SERVICES_TEST="$(json_read_field "${brolit_config}" "SUPPORT.monit[].config[].monit_services[].test")" 52 | 53 | if [[ "${MONIT_CONFIG_SERVICES_TEST}" == "enabled" ]]; then 54 | echo "PASSED" 55 | else 56 | echo "FAILED" 57 | fi 58 | 59 | } 60 | -------------------------------------------------------------------------------- /tests/test_mail_functions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.3.10 5 | ############################################################################# 6 | 7 | function test_mail_certificates_section() { 8 | 9 | local email_subject 10 | local email_content 11 | 12 | log_subsection "Test: test_mail_certificates_section" 13 | 14 | mail_certificates_section 15 | 16 | CERT_MAIL="${BROLIT_TMP_DIR}/cert-${NOW}.mail" 17 | CERT_MAIL_VAR=$(<"${CERT_MAIL}") 18 | 19 | # Preparing email to send 20 | log_event "info" "Sending Email to ${NOTIFICATION_EMAIL_MAILA} ..." "false" 21 | 22 | email_subject="${STATUS_ICON_D} [${NOWDISPLAY}] - Cert Expiration Info on ${SERVER_NAME}" 23 | email_content="${HTMLOPEN} ${BODY_SRV} ${CERT_MAIL_VAR} ${MAIL_FOOTER}" 24 | 25 | # Sending email notification 26 | mail_send_notification "${email_subject}" "${email_content}" 27 | 28 | clear_previous_lines "1" 29 | display --indent 6 --text "- test_mail_certificates_section" --result "DONE" --color WHITE 30 | 31 | } 32 | 33 | function test_mail_package_section() { 34 | 35 | log_subsection "Test: test_mail_package_section" 36 | 37 | # Compare package versions 38 | mail_package_status_section 39 | 40 | # Preparing email to send 41 | log_event "info" "Sending Email to ${NOTIFICATION_EMAIL_MAILA} ..." "false" 42 | 43 | email_subject="${EMAIL_STATUS} [${NOWDISPLAY}] Packages Status Info on ${SERVER_NAME}" 44 | email_content="${HTMLOPEN} ${BODY_SRV} ${PKG_MAIL_VAR} ${MAIL_FOOTER}" 45 | 46 | # Sending email notification 47 | mail_send_notification "${email_subject}" "${email_content}" 48 | 49 | clear_previous_lines "1" 50 | display --indent 6 --text "- test_mail_package_section" --result "DONE" --color WHITE 51 | 52 | } -------------------------------------------------------------------------------- /tests/test_nginx_helper.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.3.10 5 | ############################################################################# 6 | 7 | function test_nginx_helper_functions() { 8 | 9 | test_nginx_server_change_phpv 10 | 11 | } 12 | 13 | function test_nginx_server_change_phpv() { 14 | 15 | local nginx_server_file 16 | 17 | log_subsection "Test: test_nginx_server_change_phpv" 18 | 19 | nginx_server_file="wordpress_single.conf" 20 | 21 | cp "${BROLIT_MAIN_DIR}/config/nginx/sites-available/wordpress_single" "${BROLIT_MAIN_DIR}/tmp/${nginx_server_file}" 22 | 23 | # First, we need to set a PHPV on file 24 | php_set_version_on_config "7.2" "${BROLIT_MAIN_DIR}/tmp/${nginx_server_file}" 25 | 26 | # Function to test 27 | nginx_server_change_phpv "${BROLIT_MAIN_DIR}/tmp/${nginx_server_file}" "7.4" 28 | 29 | # Get php version 30 | current_php_v=$(nginx_server_get_current_phpv "${BROLIT_MAIN_DIR}/tmp/${nginx_server_file}") 31 | if [[ ${current_php_v} == "7.4" ]]; then 32 | display --indent 6 --text "- test_nginx_server_change_phpv" --result "PASS" --color WHITE 33 | else 34 | display --indent 6 --text "- test_nginx_server_change_phpv" --result "FAIL" --color RED 35 | fi 36 | 37 | } -------------------------------------------------------------------------------- /tests/test_php_helper.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.3.10 5 | ############################################################################# 6 | 7 | function test_php_helper_funtions() { 8 | 9 | test_php_set_version_on_config 10 | test_php_opcode_config 11 | 12 | } 13 | 14 | function test_php_set_version_on_config() { 15 | 16 | local current_phpv 17 | 18 | log_subsection "Test: php_set_version_on_config" 19 | 20 | # test file 21 | cp "${BROLIT_MAIN_DIR}/config/nginx/sites-available/wordpress_single" "/etc/nginx/sites-available/domain.com.conf" 22 | 23 | php_set_version_on_config "7.4" "/etc/nginx/sites-available/domain.com.conf" 24 | 25 | current_phpv=$(nginx_server_get_current_phpv "/etc/nginx/sites-available/domain.com.conf") 26 | if [[ ${current_phpv} = "7.4" ]]; then 27 | display --indent 6 --text "- php_set_version_on_config result ${current_phpv}" --result "PASS" --color WHITE 28 | else 29 | display --indent 6 --text "- php_set_version_on_config" --result "FAIL" --color RED 30 | display --indent 6 --text "current_phpv: ${current_phpv}" --tcolor RED 31 | fi 32 | 33 | # Clean 34 | rm "/etc/nginx/sites-available/domain.com.conf" 35 | 36 | } 37 | 38 | function test_php_opcode_config() { 39 | 40 | log_subsection "Test: php_opcode_config" 41 | 42 | cp "/etc/php/7.4/fpm/php.ini" "${BROLIT_MAIN_DIR}/tmp/php_op1.ini" 43 | php_opcode_config "enable" "${BROLIT_MAIN_DIR}/tmp/php_op1.ini" 44 | 45 | cp "${BROLIT_MAIN_DIR}/tmp/php_op1.ini" "${BROLIT_MAIN_DIR}/tmp/php_op2.ini" 46 | php_opcode_config "disable" "${BROLIT_MAIN_DIR}/tmp/php_op2.ini" 47 | 48 | } 49 | -------------------------------------------------------------------------------- /tests/test_project_helper.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.3.10 5 | ############################################################################# 6 | 7 | function test_project_helper_funtions() { 8 | 9 | local project_domain="dev.gauchocode.com" 10 | 11 | #test_project_install "${PROJECTS_PATH}" "wordpress" 12 | test_project_set_brolit_config_var "${PROJECTS_PATH}/${project_domain}" "project_db" "broobe_dev" 13 | 14 | } 15 | 16 | function test_project_install() { 17 | 18 | local project_path 19 | local project_type 20 | local project_domain 21 | local project_name 22 | local project_stage 23 | 24 | project_path="${PROJECTS_PATH}" 25 | project_type="wordpress" 26 | project_domain="test.domain.com" 27 | project_name="domain" 28 | project_stage="test" 29 | 30 | project_install "${project_path}" "${project_type}" "${project_domain}" "${project_name}" "${project_stage}" 31 | 32 | project_delete "${project_domain}" "true" 33 | 34 | } 35 | 36 | function test_project_set_brolit_config_var() { 37 | 38 | local project_path="${1}" 39 | local config_field="${2}" 40 | local config_value="${3}" 41 | 42 | project_set_brolit_config_var "${project_path}" "${config_field}" "${config_value}" 43 | 44 | } -------------------------------------------------------------------------------- /tools/monitor_docker_mysql.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Get a list of all running containers with "mysql" in their name 4 | running_containers=$(docker ps --filter "ancestor=mysql" --format "{{.Names}}") 5 | 6 | if [[ -z "$running_containers" ]]; then 7 | #echo "No MySQL containers are running." 8 | exit 1 9 | else 10 | # Loop through each container and check its status 11 | for container in $running_containers; do 12 | # Chequear si el contenedor responde a un simple query 13 | if ! docker exec "$container" mysqladmin ping -h 127.0.0.1 --silent; then 14 | #echo "MySQL container $container is not responding." 15 | exit 1 16 | fi 17 | done 18 | fi 19 | 20 | #echo "All MySQL containers are running and responding." 21 | exit 0 22 | -------------------------------------------------------------------------------- /tools/third-party/bench_scripts.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.2-alpha16 5 | ################################################################################ 6 | # 7 | # Ref: https://github.com/haydenjames/bench-scripts 8 | # 9 | 10 | log_event "info" "Running Benchmark ..." "true" 11 | 12 | (curl -s wget.racing/nench.sh | bash; curl -s wget.racing/nench.sh | bash) 2>&1 | tee benchmark_nench.log 13 | 14 | log_event "info" "Benchmark finished" "true" 15 | 16 | menu_main_options -------------------------------------------------------------------------------- /tools/third-party/blacklist-checker/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015 Anders Aarvik 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | 23 | -------------------------------------------------------------------------------- /tools/third-party/dropbox-uploader/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.5 2 | MAINTAINER peez@stiffi.de 3 | 4 | RUN apk add --no-cache bash curl 5 | COPY / /opt/dropbox_uploader 6 | RUN mkdir -p /config && mkdir -p /workdir 7 | 8 | VOLUME /config /workdir 9 | 10 | WORKDIR /workdir 11 | 12 | ENTRYPOINT ["/opt/dropbox_uploader/dropbox_uploader.sh", "-f", "/config/dropbox_uploader.conf"] -------------------------------------------------------------------------------- /tools/third-party/dropbox-uploader/Dockerfile.pi: -------------------------------------------------------------------------------- 1 | FROM hypriot/rpi-alpine-scratch 2 | MAINTAINER github@vanefferenonline.nl 3 | 4 | RUN apk update && apk add bash curl 5 | COPY *.sh /opt/dropbox_uploader/ 6 | RUN mkdir -p /config && mkdir -p /workdir 7 | 8 | VOLUME /config /workdir 9 | 10 | WORKDIR /workdir 11 | 12 | ENTRYPOINT ["/opt/dropbox_uploader/dropbox_uploader.sh", "-f", "/config/dropbox_uploader.conf"] 13 | -------------------------------------------------------------------------------- /tools/third-party/dropbox-uploader/testUnit.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | DU=./dropbox_uploader.sh 4 | 5 | function check_exit 6 | { 7 | if [ $? -ne 0 ]; then 8 | echo " Error!!!" 9 | exit 1 10 | else 11 | echo " Passed" 12 | fi 13 | } 14 | 15 | #Creating garbage data 16 | echo -ne " - Creating garbage data...\n" 17 | rm -fr "testData" 18 | mkdir -p "testData" 19 | dd if=/dev/urandom of="testData/file 1.txt" bs=1M count=3 20 | dd if=/dev/urandom of="testData/file 2 ù.txt" bs=1M count=5 21 | mkdir -p "testData/recurse" 22 | dd if=/dev/urandom of="testData/recurse/file 3.txt" bs=1M count=1 23 | dd if=/dev/urandom of="testData/recurse/test_Ü.txt" bs=1M count=1 24 | dd if=/dev/urandom of="testData/recurse/test%20test.txt" bs=1M count=1 25 | mkdir -p "testData/recurse/dir 1/" 26 | dd if=/dev/urandom of="testData/recurse/dir 1/file 4.txt" bs=1M count=1 27 | mkdir -p "testData/recurse/dir 1/dir 3/" 28 | dd if=/dev/urandom of="testData/recurse/dir 1/dir 3/file 5.txt" bs=1M count=1 29 | mkdir -p "testData/recurse/dir 2/" 30 | 31 | dd if=/dev/urandom of="testData/file%20file.txt" bs=1M count=1 32 | 33 | rm -fr recurse 34 | 35 | #Rmdir 36 | echo -ne " - Remove remote directory..." 37 | $DU -q remove du_tests 38 | echo "" 39 | 40 | #Mkdir 41 | echo -ne " - Make remote directory..." 42 | $DU -q mkdir du_tests 43 | check_exit 44 | 45 | #Simple upload 46 | echo -ne " - Simple file upload..." 47 | $DU -q upload "testData/file 1.txt" du_tests 48 | check_exit 49 | 50 | #Checking with list 51 | echo -ne " - Checking file..." 52 | $DU -q list du_tests | grep "file 1.txt" > /dev/null 53 | check_exit 54 | 55 | #Simple upload 2 56 | echo -ne " - Simple file upload with unicode chars..." 57 | $DU -q upload testData/file\ 2* du_tests 58 | check_exit 59 | 60 | #Checking with list 61 | echo -ne " - Checking file..." 62 | $DU -q list du_tests | grep "file 2 ù.txt" > /dev/null 63 | check_exit 64 | 65 | #Simple upload 3 66 | echo -ne " - Simple file upload with printf formats..." 67 | $DU -q upload "testData/file%20file.txt" du_tests 68 | check_exit 69 | 70 | #Checking with list 71 | echo -ne " - Checking file..." 72 | $DU -q list du_tests | grep "file%20file.txt" > /dev/null 73 | check_exit 74 | 75 | #Recursive directory upload 76 | echo -ne " - Recursive directory upload..." 77 | $DU -q upload testData/recurse du_tests 78 | check_exit 79 | 80 | #Recursive directory download 81 | echo -ne " - Recursive directory download..." 82 | $DU -q download du_tests/recurse 83 | check_exit 84 | 85 | #Checking the downloaded dir 86 | echo -ne " - Checking the downloaded dir..." 87 | diff -r recurse testData/recurse/ 88 | check_exit 89 | 90 | #Again, recursive directory download 91 | echo -ne " - Again recursive directory download..." 92 | $DU -q download du_tests/recurse 93 | check_exit 94 | 95 | #Again, checking the downloaded dir 96 | echo -ne " - Checking the downloaded dir..." 97 | diff -r recurse testData/recurse/ 98 | check_exit 99 | 100 | rm -fr "recurse" 101 | rm -fr "testData" 102 | 103 | #Rmdir 104 | echo -ne " - Remove remote directory..." 105 | $DU -q remove du_tests 106 | check_exit 107 | -------------------------------------------------------------------------------- /updater.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.3.10 5 | ############################################################################# 6 | 7 | SCRIPT="$(readlink -f "$0")" 8 | SCRIPTFILE="$(basename "${SCRIPT}")" 9 | #SCRIPTPATH="$(dirname "${SCRIPT}")" 10 | BRANCH="master" 11 | 12 | # Foreground/Text Colours 13 | GREEN='\E[32;40m' 14 | YELLOW='\E[33;40m' 15 | CYAN='\E[36;40m' 16 | ENDCOLOR='\033[0m' 17 | 18 | function _self_update() { 19 | 20 | # Store credentials on first git pull 21 | git config --global credential.helper store 22 | 23 | git fetch 24 | 25 | if git diff --name-only "origin/${BRANCH}" | grep -q "${SCRIPTFILE}"; then 26 | 27 | echo -e "${GREEN}Found a new version of BROLIT Shell, updating ...${ENDCOLOR}" 28 | 29 | git checkout --quiet "${BRANCH}" 30 | git reset --hard --quiet origin/master 31 | git pull --ff-only --force --quiet 32 | 33 | echo -e "${GREEN}Running chmod ...${ENDCOLOR}" 34 | find ./ -name "*.sh" -exec chmod +x {} \; 35 | 36 | echo -e "${CYAN}Now you can run the runner.sh, enjoy!${ENDCOLOR}" 37 | 38 | exit 1 39 | 40 | else 41 | 42 | echo -e "${YELLOW}Already the latest version.${ENDCOLOR}" 43 | 44 | fi 45 | 46 | } 47 | 48 | ############################################################################# 49 | 50 | _self_update 51 | -------------------------------------------------------------------------------- /utils/certbot_manager.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.3.10 5 | ############################################################################# 6 | # 7 | # Ref: https://certbot.eff.org/docs/using.html 8 | # 9 | ############################################################################# 10 | 11 | # Manager should only contains: 12 | # 1- Menus functions 13 | # 2- Sub-task handler function 14 | # 3- User imput functions 15 | # 16 | # All other things should be on *_helper.sh 17 | 18 | function certbot_manager_menu() { 19 | 20 | local domains 21 | local certbot_options 22 | local chosen_cb_options 23 | 24 | certbot_options=( 25 | "01)" "INSTALL CERTIFICATE" 26 | "02)" "EXPAND CERTIFICATE" 27 | "03)" "TEST RENEW ALL CERTIFICATES" 28 | "04)" "FORCE RENEW CERTIFICATE" 29 | "05)" "DELETE CERTIFICATE" 30 | "06)" "SHOW INSTALLED CERTIFICATES" 31 | ) 32 | chosen_cb_options="$(whiptail --title "CERTBOT MANAGER" --menu " " 20 78 10 "${certbot_options[@]}" 3>&1 1>&2 2>&3)" 33 | 34 | exitstatus=$? 35 | if [[ ${exitstatus} -eq 0 ]]; then 36 | 37 | if [[ ${chosen_cb_options} == *"01"* ]]; then 38 | 39 | # INSTALL-CERTIFICATE 40 | domains="$(certbot_helper_ask_domains)" 41 | exitstatus=$? 42 | if [[ ${exitstatus} -eq 0 ]]; then 43 | certbot_helper_installer_menu "${NOTIFICATION_EMAIL_MAILA}" "${domains}" 44 | fi 45 | 46 | fi 47 | 48 | if [[ ${chosen_cb_options} == *"02"* ]]; then 49 | # EXPAND-CERTIFICATE 50 | domains="$(certbot_helper_ask_domains)" 51 | exitstatus=$? 52 | if [[ ${exitstatus} -eq 0 ]]; then 53 | certbot_certificate_expand "${NOTIFICATION_EMAIL_MAILA}" "${domains}" 54 | fi 55 | 56 | fi 57 | 58 | if [[ ${chosen_cb_options} == *"03"* ]]; then 59 | # TEST-RENEW-ALL-CERTIFICATES 60 | certbot_certificate_renew_test 61 | 62 | fi 63 | 64 | if [[ ${chosen_cb_options} == *"04"* ]]; then 65 | # FORCE-RENEW-CERTIFICATE 66 | domains="$(certbot_helper_ask_domains)" 67 | exitstatus=$? 68 | if [[ ${exitstatus} -eq 0 ]]; then 69 | certbot_certificate_force_renew "${domains}" 70 | fi 71 | 72 | fi 73 | 74 | if [[ ${chosen_cb_options} == *"05"* ]]; then 75 | # DELETE-CERTIFICATE 76 | certbot_certificate_delete "${domains}" 77 | 78 | fi 79 | 80 | if [[ ${chosen_cb_options} == *"06"* ]]; then 81 | # SHOW-INSTALLED-CERTIFICATES 82 | certbot_show_certificates_info 83 | 84 | fi 85 | 86 | prompt_return_or_finish 87 | certbot_manager_menu 88 | 89 | fi 90 | 91 | menu_main_options 92 | 93 | } 94 | 95 | function certbot_tasks_handler() { 96 | 97 | echo "TODO" 98 | 99 | } -------------------------------------------------------------------------------- /utils/installers/docker-compose/netdata_agent/.env: -------------------------------------------------------------------------------- 1 | # NETDATA AGENT .ENV 2 | # –––––––––––––––––––––––––––––––––––––––––– 3 | 4 | ## NETDATA REQUIRED 5 | NETDATA_DOMAIN= 6 | NETDATA_CLAIM_TOKEN= 7 | 8 | ## NETDATA OPTIONAL 9 | NETDATA_VERSION=latest 10 | NETDATA_PORT=19999 11 | NETDATA_DATA=./netdata_data 12 | NETDATA_CLAIM_ROOMS= -------------------------------------------------------------------------------- /utils/installers/docker-compose/netdata_agent/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | 5 | netdata: 6 | image: netdata/netdata:${NETDATA_VERSION} 7 | container_name: agent_netdata 8 | hostname: ${NETDATA_DOMAIN} # set to fqdn of host 9 | ports: 10 | - ${NETDATA_PORT}:19999 11 | restart: unless-stopped 12 | cap_add: 13 | - SYS_PTRACE 14 | security_opt: 15 | - apparmor:unconfined 16 | volumes: 17 | - netdataconfig:/etc/netdata 18 | - netdatalib:/var/lib/netdata 19 | - netdatacache:/var/cache/netdata 20 | - /etc/passwd:/host/etc/passwd:ro 21 | - /etc/group:/host/etc/group:ro 22 | - /proc:/host/proc:ro 23 | - /sys:/host/sys:ro 24 | - /etc/os-release:/host/etc/os-release:ro 25 | environment: 26 | - NETDATA_CLAIM_TOKEN=${NETDATA_CLAIM_TOKEN} 27 | - NETDATA_CLAIM_URL=https://app.netdata.cloud 28 | - NETDATA_CLAIM_ROOMS=${NETDATA_CLAIM_ROOMS} 29 | 30 | volumes: 31 | netdataconfig: 32 | netdatalib: 33 | netdatacache: -------------------------------------------------------------------------------- /utils/installers/docker-compose/portainer/.env: -------------------------------------------------------------------------------- 1 | # PORTAINER .ENV 2 | # –––––––––––––––––––––––––––––––––––––––––– 3 | 4 | ## HOST 5 | VIRTUAL_HOST= 6 | 7 | ## PORTAINER 8 | PORTAINER_PORT=9000 9 | PORTAINER_DATA=./portainer_data -------------------------------------------------------------------------------- /utils/installers/docker-compose/portainer/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "2" 2 | 3 | services: 4 | 5 | portainer: 6 | image: portainer/portainer-ce 7 | container_name: portainer 8 | command: -H unix:///var/run/docker.sock 9 | restart: unless-stopped 10 | environment: 11 | - VIRTUAL_HOST=${VIRTUAL_HOST} 12 | - VIRTUAL_PORT=${PORTAINER_PORT} 13 | ports: 14 | - ${PORTAINER_PORT}:9000 15 | volumes: 16 | - /var/run/docker.sock:/var/run/docker.sock 17 | - ${PORTAINER_DATA}:/data 18 | 19 | volumes: 20 | portainer_data: -------------------------------------------------------------------------------- /utils/installers/docker-compose/portainer_agent/.env: -------------------------------------------------------------------------------- 1 | # PORTAINER AGENT 2 | PORTAINER_AGENT_PORT=9001 -------------------------------------------------------------------------------- /utils/installers/docker-compose/portainer_agent/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3.2' 2 | 3 | services: 4 | 5 | agent: 6 | image: portainer/agent:2.6.3 7 | container_name: agent_portainer 8 | security_opt: 9 | - no-new-privileges:true 10 | restart: always 11 | volumes: 12 | - /var/run/docker.sock:/var/run/docker.sock 13 | - /var/lib/docker/volumes:/var/lib/docker/volumes 14 | ports: 15 | - "${PORTAINER_AGENT_PORT}:9001" 16 | -------------------------------------------------------------------------------- /utils/installers/postgres_installer.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.3.10 5 | ############################################################################# 6 | 7 | function postgres_default_installer() { 8 | 9 | postgresql_bin="$(package_is_installed "postgresql")" 10 | 11 | exitstatus=$? 12 | if [ ${exitstatus} -eq 0 ]; then 13 | log_event "info" "Postgres is already installed" "false" 14 | return 1 15 | 16 | else 17 | 18 | log_subsection "Postgres Installer" 19 | 20 | apt-get --yes install postgresql postgresql-contrib -qq >/dev/null 21 | 22 | display --indent 6 --text "- Postgres default installation" --result "DONE" --color GREEN 23 | 24 | return 0 25 | 26 | fi 27 | 28 | } 29 | 30 | function postgres_purge_installation() { 31 | 32 | # Log 33 | display --indent 6 --text "- Purging MySQL packages" 34 | log_event "info" "Purging postgresql-* packages ..." "false" 35 | 36 | # Apt 37 | apt-get --yes purge postgresql postgresql-common postgresql-contrib -qq >/dev/null 38 | 39 | # Remove old packages 40 | packages_remove_old 41 | 42 | # Log 43 | clear_previous_lines "1" 44 | display --indent 6 --text "- Purging Postgres packages" --result "DONE" --color GREEN 45 | log_event "info" "postgresql packages purged" "false" 46 | 47 | } 48 | 49 | function postgres_check_if_installed() { 50 | 51 | POSTGRES="$(which psql)" 52 | if [[ ! -x "${POSTGRES}" ]]; then 53 | postgres_installed="false" 54 | fi 55 | 56 | } 57 | 58 | function postgres_check_installed_version() { 59 | 60 | psql --version | awk '{ print $5 }' | awk -F\, '{ print $1 }' 61 | 62 | } 63 | -------------------------------------------------------------------------------- /utils/installers/redis_installer.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.3.10 5 | ################################################################################ 6 | 7 | function redis_installer() { 8 | 9 | log_subsection "Redis Installer" 10 | 11 | # Install redis 12 | package_install "redis" 13 | package_install "redis-server" 14 | 15 | systemctl enable redis-server.service --quiet 16 | 17 | # Creating config file 18 | cp "${BROLIT_MAIN_DIR}/config/redis/redis.conf" "/etc/redis/redis.conf" 19 | 20 | # Service restart 21 | service redis-server restart 22 | 23 | } 24 | 25 | function redis_configure() { 26 | 27 | local redis_conf 28 | local redis_pass 29 | 30 | redis_conf="/etc/redis/redis.conf" 31 | 32 | redis_pass="$(openssl rand 10 | openssl base64 -A)" 33 | 34 | # Write redis_pass on redis.conf 35 | sed -i "s/TO_CHANGE/${redis_pass}/g" "${redis_conf}" 36 | 37 | # Log 38 | log_event "info" "Configuring redis-server" "false" 39 | log_event "info" "Redis server config on ${redis_conf}" "false" 40 | display --indent 6 --text "- Configuring redis-server" --result "DONE" --color GREEN 41 | display --indent 8 --text "Password set on ${redis_conf}" --tcolor yellow 42 | 43 | # Service restart 44 | service redis-server restart 45 | 46 | } 47 | 48 | function redis_purge() { 49 | 50 | local redis_conf 51 | 52 | log_subsection "Redis Installer" 53 | 54 | # Remove redis.conf 55 | redis_conf="/etc/redis/redis.conf" 56 | rm "${redis_conf}" 57 | 58 | # Remove packages 59 | package_purge "redis" 60 | package_purge "redis-server" 61 | package_purge "redis-tools" 62 | 63 | return $? 64 | 65 | } 66 | -------------------------------------------------------------------------------- /utils/installers/wpcli_installer.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.3.10 5 | ################################################################################ 6 | 7 | function wpcli_installer_menu() { 8 | 9 | WPCLI_INSTALLED="$(wpcli_check_if_installed)" 10 | 11 | if [[ ${WPCLI_INSTALLED} == "true" ]]; then 12 | 13 | wpcli_options_title="WP-CLI INSTALLER" 14 | 15 | wp_cli_installer_options=( 16 | "01)" "UPDATE WP-CLI" 17 | "02)" "UNINSTALL WP-CLI" 18 | ) 19 | 20 | chosen_wp_cli_installer_option="$(whiptail --title "${wpcli_options_title}" --menu "Choose an option:" 20 78 10 $(for x in ${wp_cli_installer_options}; do echo "$x"; done) 3>&1 1>&2 2>&3)" 21 | 22 | exitstatus=$? 23 | if [[ ${exitstatus} -eq 0 ]]; then 24 | 25 | if [[ ${chosen_wp_cli_installer_option} == *"01"* ]]; then 26 | wpcli_update 27 | 28 | fi 29 | if [[ ${chosen_wp_cli_installer_option} == *"02"* ]]; then 30 | wpcli_uninstall 31 | 32 | fi 33 | 34 | else 35 | log_event "info" "Operation cancelled ..." "true" 36 | return 1 37 | 38 | fi 39 | 40 | else 41 | 42 | wpcli_install 43 | 44 | fi 45 | 46 | } 47 | -------------------------------------------------------------------------------- /utils/installers_and_configurators.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.3.10 5 | ################################################################################ 6 | 7 | # Installers directory path 8 | installers_path="${BROLIT_MAIN_DIR}/utils/installers" 9 | 10 | # Source all installers 11 | installers="$(find "${installers_path}" -maxdepth 1 -name '*.sh' -type f -print)" 12 | for f in ${installers}; do source "${f}"; done 13 | 14 | ################################################################################ 15 | 16 | function installers_and_configurators() { 17 | 18 | local installer_options 19 | local installer_options_title 20 | local installer_type 21 | 22 | log_section "Installers and Configurators" 23 | 24 | installer_options_title="INSTALLERS AND CONFIGURATORS" 25 | 26 | installer_options=( 27 | "01)" "PHP-FPM" 28 | "02)" "NGINX" 29 | "03)" "MONIT" 30 | ) 31 | 32 | installer_type="$(whiptail --title "${installer_options_title}" --menu "\nPlease select the utility or programs you want to install or config: \n" 20 78 10 "${installer_options[@]}" 3>&1 1>&2 2>&3)" 33 | exitstatus=$? 34 | if [[ ${exitstatus} -eq 0 ]]; then 35 | 36 | if [[ ${installer_type} == *"01"* ]]; then 37 | php_installer_menu 38 | 39 | fi 40 | if [[ ${installer_type} == *"02"* ]]; then 41 | nginx_installer_menu 42 | 43 | fi 44 | if [[ ${installer_type} == *"03"* ]]; then 45 | monit_installer_menu 46 | 47 | fi 48 | 49 | prompt_return_or_finish 50 | installers_and_configurators 51 | 52 | fi 53 | 54 | menu_main_options 55 | 56 | } 57 | -------------------------------------------------------------------------------- /utils/server_and_image_optimizations.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Author: GauchoCode - A Software Development Agency - https://gauchocode.com 4 | # Version: 3.3.10 5 | ################################################################################ 6 | # 7 | # Server and image optimizations Manager. 8 | # 9 | ################################################################################ 10 | 11 | ################################################################################ 12 | # Menu for server optimizations 13 | # 14 | # Arguments: 15 | # none 16 | # 17 | # Outputs: 18 | # nothing 19 | ################################################################################ 20 | 21 | function server_optimizations_menu() { 22 | 23 | local server_optimizations_options 24 | local chosen_server_optimizations_options 25 | 26 | server_optimizations_options=( 27 | "01)" "IMAGE OPTIMIZATION" 28 | "02)" "DELETE OLD LOGS" 29 | "03)" "REMOVE OLD PACKAGES" 30 | "04)" "REDUCE RAM USAGE" 31 | #"05)" "PDF OPTIMIZATION" 32 | ) 33 | chosen_server_optimizations_options=$(whiptail --title "SERVER OPTIMIZATIONS" --menu "\n" 20 78 10 "${server_optimizations_options[@]}" 3>&1 1>&2 2>&3) 34 | exitstatus=$? 35 | if [[ ${exitstatus} -eq 0 ]]; then 36 | 37 | [[ ${chosen_server_optimizations_options} == *"01"* ]] && optimize_images_complete 38 | 39 | [[ ${chosen_server_optimizations_options} == *"02"* ]] && delete_old_logs 40 | 41 | [[ ${chosen_server_optimizations_options} == *"03"* ]] && packages_remove_old 42 | 43 | [[ ${chosen_server_optimizations_options} == *"04"* ]] && optimize_ram_usage 44 | 45 | if [[ ${chosen_server_optimizations_options} == *"05"* ]]; then 46 | # TODO: pdf optimization 47 | # Ref: https://github.com/or-yarok/reducepdf 48 | 49 | optimize_pdfs 50 | 51 | fi 52 | 53 | fi 54 | 55 | } 56 | --------------------------------------------------------------------------------