[ { "path": "README.md", "content": "### TuxLite Readme\r\n\r\nTuxLite is a free collection of shell scripts for rapid deployment of\r\nLAMP and LNMP stacks (Linux, Apache/Nginx, MySQL and PHP) for Debian and\r\nUbuntu. \r\n\r\nHave you considered upgrading from shared hosting to a VPS or dedicated\r\nserver but held off by the costly control panel licenses, or the fear of\r\nmanaging a Linux server? Now you can leave those worries behind!\r\n\r\nTuxLite scripts automate configuration of servers for web hosting,\r\nso your websites can be online within minutes! Ideal for those who\r\nprefer hosting sites on their own server without resorting to expensive\r\nand bloated control panels.\r\n\r\nThe following are installed:-\r\n\r\n- Apache2 with mpm\\_event or Nginx\r\n- MySQL, MariaDB or Percona\r\n- PHP-FPM + commonly used PHP modules\r\n- Postfix mail server (securely configured to be outgoing only)\r\n- Varnish cache (optional)\r\n\r\nFor more detailed explanation on the installation, usage and script features, \r\nkindly refer to these links:-\r\n\r\n[Installation](http://tuxlite.com/installation/)\r\n\r\n[Script features](http://tuxlite.com/script-details/)\r\n\r\n[Download](http://tuxlite.com/download/)\r\n\r\n### Quick Install (Git)\r\n\r\n # Install git and clone TuxLite\r\n apt-get -y install git\r\n git clone https://github.com/Mins/TuxLite.git\r\n cd TuxLite\r\n \r\n # Edit options to enter server IP, MySQL password etc.\r\n nano options.conf\r\n \r\n # Make all scripts executable.\r\n chmod 700 *.sh\r\n chmod 700 options.conf\r\n \r\n # Install LAMP or LNMP stack.\r\n ./install.sh\r\n \r\n # Add a new Linux user and add domains to the user.\r\n adduser johndoe\r\n ./domain.sh add johndoe yourdomain.com\r\n ./domain.sh add johndoe subdomain.yourdomain.com\r\n \r\n # Install Adminer or phpMyAdmin\r\n ./setup.sh dbgui\r\n \r\n # Enable/disable public viewing of Adminer/phpMyAdmin\r\n ./domain.sh dbgui on\r\n ./domain.sh dbgui off\r\n\r\n### Requirements\r\n\r\n- Supports Debian 6, 7 and 8, Ubuntu 12.04, 12.10, 13.04, 13.10 and 14.04.\r\n- A server with at least 80MB RAM. 256MB and above recommended.\r\n- Basic Linux knowledge. You will need know how to connect to your\r\n server remotely.\r\n- Basic text editor knowledge. For beginners, learning GNU nano is\r\n recommended.\r\n\r\nIf this is your first time with a Linux server, I suggest spending a day\r\nreading the \"getting started\" tutorials in Linode Library.\r\n\r\n### Why use TuxLite?\r\n\r\n- TuxLite LAMP stack configures Apache with mpm\\_event and PHP with\r\n fastcgi (PHP-FPM). This gives much higher performance and lower memory\r\n consumption than the regular LAMP tutorials/guides using mod\\_php.\r\n- Uses official distribution packages. You are not at the mercy of the\r\n script maintainer to keep your servers updated. All installed\r\n software are tuned, optimized and secured.\r\n- Minimal resource usage. Fresh install requires only 50-60MB RAM.\r\n- Free from unnecessary or custom changes to your server. Everything\r\n is configured according to Debian/Ubuntu standards.\r\n- Automatic virtualhost configuration with log rotation, AWStats\r\n traffic statistics and phpMyAdmin for managing MySQL.\r\n- Varnish cache script included to turbo charge your websites.\r\n- Free and open source! Coded in a human readable manner and\r\n modular, making custom modifications extremely easy.\r\n" }, { "path": "backup.sh", "content": "#!/bin/bash\n\nFIND_PATH=\"/home/*/domains/*\"\n# Used to filter database name from its full system path\n# (1)/var(2)/lib(3)/mysql(4)/dbname(5)\nAWK_DB_POS=\"5\"\n# Used to filter domain name from its full system path\n# E.g. (1)/home(2)/john(3)/domains(4)/johndomain.com(5)\nAWK_DOMAIN_POS=\"5\"\n\n\nsource ./options.conf\n\n\nfunction ask_interval {\n\n # Ask user how often do they want the backup jobs to run?\n echo \"How often do you want the backups/cleanups to run?\"\n echo \"1. Daily\"\n echo \"2. Weekly\"\n echo \"3. Monthly\"\n\n # Initialize variable with an alphabet\n SELECT_INTERVAL=\"a\"\n # Keep looping until user enters a number that is greater than 0 and less than 3\n until [[ \"$SELECT_INTERVAL\" =~ [0-9]+ ]] && [ $SELECT_INTERVAL -gt 0 ] && [ $SELECT_INTERVAL -le 3 ]; do\n echo -n \"Selection (integer) : \"\n read SELECT_INTERVAL\n done\n\n if [ $SELECT_INTERVAL -eq 1 ]; then\n INTERVAL=\"daily\"\n elif [ $SELECT_INTERVAL -eq 2 ]; then\n INTERVAL=\"weekly\"\n elif [ $SELECT_INTERVAL -eq 3 ]; then\n INTERVAL=\"monthly\"\n fi\n} # End of ask_interval\n\nfunction find_available_domains {\n\n # Initialize variable\n DOMAINS_AVAILABLE=0\n\n # First check to see if there are domains available. Suppress exit status.\n find $FIND_PATH -maxdepth 0 &> /dev/null\n\n # If exit status is 0, there are domains available\n # Collect available domains to a temporary file\n if [ $? -eq 0 ]; then\n find $FIND_PATH -maxdepth 0 > /tmp/domain.txt\n DOMAINS_AVAILABLE=`cat /tmp/domain.txt | wc -l`\n # Remove fcgi-bin directory as available domain. #Not used for multiuser scripts\n # sed -i '/\\/srv\\/www\\/fcgi-bin.d/ d' /tmp/domain.txt\n fi\n\n # Exit status of find command is 1, ask user to add domain first\n if [ $DOMAINS_AVAILABLE -eq 0 ]; then\n echo \"No domains available for backup. Please add a domain first.\"\n exit\n fi\n\n} # End of find_available_domains\n\nfunction find_available_databases {\n\n # Initialize variable\n DATABASES_AVAILABLE=0\n\n # First search for available mysql databases\n find /var/lib/mysql/* -maxdepth 0 -type d > /tmp/database.txt\n\n # Remove mysql and phpmyadmin as available databases\n sed -i '/\\/var\\/lib\\/mysql\\/mysql/ d' /tmp/database.txt\n sed -i '/\\/var\\/lib\\/mysql\\/phpmyadmin/ d' /tmp/database.txt\n DATABASES_AVAILABLE=`cat /tmp/database.txt | wc -l`\n\n # No databases found, ask user to add database first\n if [ $DATABASES_AVAILABLE -eq 0 ]; then\n echo \"No databases available for backup. Please add a database first.\"\n exit\n fi\n\n} # End of find_available_databases\n\n\nfunction create_backup_directory {\n\n # First check if Linux user exists\n # If yes, create backup folders\n if [ -d \"/home/$USER\" ]; then\n mkdir -p /home/$USER/backup/{databases,domains}\n chown -R $USER:$USER /home/$USER/backup\n echo -e \"\\033[35;1mBackup folders created in /home/$USER/backup.\\033[0m\"\n else\n # If not, exit and inform user\n echo -e \"\\033[35;1mERROR: User /home/$USER doesn't exist.\\033[0m\"\n exit 1\n fi\n\n} # End of create_backup_directory\n\nfunction cron_backupdb {\n\n # First check if backup location exists. Exit if not found.\n if [ ! -d \"/home/$USER/backup/databases\" ]; then\n echo -e \"\\033[35;1mERROR: Database folder /home/$USER/backup/databases doesn't exist, please create it first.\\033[0m\"\n exit 1\n fi\n\n # Initialize selection value when listing available databases to user\n counter=1\n # Check how many databases are available\n DB_AVAILABLE=`cat /tmp/database.txt | wc -l`\n\n # Print out available databases\n echo \"\"\n echo \"Select the database you want to backup, 1 to $DB_AVAILABLE\"\n while read LINE; do\n # For each domain path, use AWK to get only the domain name and leave out the full path\n data=`echo $LINE | awk -F\"/\" '{ print $'${AWK_DB_POS}' }'`\n echo \"$counter. $data\"\n # Increment counter for next iteration\n let counter+=1\n done < \"/tmp/database.txt\"\n\n # Reduce counter by 1 for next function\n let counter-=1\n\n # Ensure that the user inputs a valid integer\n # Initialize variable with a alphabet\n SELECTDB=\"a\"\n\n # Keep on looping until input is a number that is greater than 0 and less than the number of available databases\n until [[ \"$SELECTDB\" =~ [0-9]+ ]] && [ $SELECTDB -gt 0 ] && [ $SELECTDB -le $counter ]; do\n echo -n \"Selection (integer) : \"\n read SELECTDB\n done\n\n # Capture database name from its full path using AWK\n DATABASE=`cat /tmp/database.txt | awk NR==$SELECTDB | awk -F\"/\" '{ print $'${AWK_DB_POS}' }'`\n # Remove temporary file\n rm -rf /tmp/database.txt\n\n # Check to see if database is already backed up under cronjobs\n # First dump cron contents to temporary file\n crontab -l > /tmp/tmpcron.txt\n\n # Then search for existing string\n tmp=`grep -w \"@$INTERVAL mysqldump -hlocalhost -uroot -p$MYSQL_ROOT_PASSWORD $DATABASE\" /tmp/tmpcron.txt | wc -l`\n command rm /tmp/tmpcron.txt\n\n # If cron entry already exists, abort\n if [ $tmp -gt 0 ]; then\n echo -e \"\\033[35;1mERROR: Database backup already exists, please remove it from crontab -e before entering again.\\033[0m\"\n exit 1\n fi\n\n # If not, then append a cronjob for it\n crontab -l > /tmp/tmpcron.txt\n cat >> /tmp/tmpcron.txt < /home/$USER/backup/databases/$DATABASE.\\`/bin/date +\\%Y\\%m\\%d\\`.sql.gz; chown $USER:$USER /home/$USER/backup/databases/*\nEOF\n\n # Load job commands back to crontab\n crontab /tmp/tmpcron.txt\n # Remove temporary file\n command rm /tmp/tmpcron.txt\n echo -e \"\\033[35;1mDatabase $DATABASE will be backed up to /home/$USER/backup/databases/$DATABASE $INTERVAL.\\033[0m\"\n echo -e \"\\033[35;1mTo verify, enter crontab -e.\\033[0m\"\n\n} # End of cron_backupdb\n\n\nfunction cron_backupdomain {\n\n # First check if backup location exists. Exit if not found.\n if [ ! -d \"/home/$USER/backup/domains\" ]; then\n echo -e \"\\033[35;1mERROR: Backup folder /home/$USER/backup/domains doesn't exist, please create it first.\\033[0m\"\n exit 1\n fi\n\n # Print out available domains and\n # Ensure that the user inputs a valid integer\n\n # Initialize counter\n counter=1\n DOMAINS_AVAILABLE=`cat /tmp/domain.txt | wc -l`\n echo \"\"\n echo \"Select the domain you want to backup, 1 to $DOMAINS_AVAILABLE\"\n\n # Print out domains. Use AWK to filter out domain name from full paths\n while read LINE; do\n data=`echo $LINE | awk -F\"/\" '{ print $'${AWK_DOMAIN_POS}' }'`\n echo \"$counter. $data\"\n let counter+=1\n done < \"/tmp/domain.txt\"\n\n # Set counter for next function\n let counter-=1\n\n # Ensure that the user inputs a valid integer\n # Initialize variable with a alphabet\n SELECTDOMAIN=\"a\"\n\n # Keep on looping until input is a number that is greater than 0 and less than the number of available databases\n until [[ \"$SELECTDOMAIN\" =~ [0-9]+ ]] && [ $SELECTDOMAIN -gt 0 ] && [ $SELECTDOMAIN -le $counter ]; do\n echo -n \"Selection (integer) : \"\n read SELECTDOMAIN\n done\n\n # Get full path to domain e.g /home/user/domains/domain.com\n DOMAIN=`cat /tmp/domain.txt | awk NR==$SELECTDOMAIN`\n # Remove first forward slash so that tar doesn't output anything during backup\n DOMAIN=`echo $DOMAIN | cut -c2-`\n # Get domain name without its system path. Used for naming the backup file\n DOMAIN_URL=`cat /tmp/domain.txt | awk NR==$SELECTDOMAIN | awk -F\"/\" '{ print $'${AWK_DOMAIN_POS}' }'`\n rm -rf /tmp/domain.txt\n\n # Check to see if cronjob already exists\n # Load crontab contents into temporary file and grep the domain name\n crontab -l > /tmp/tmpcron.txt\n tmp=`grep -w \"$DOMAIN\" /tmp/tmpcron.txt | wc -l`\n command rm /tmp/tmpcron.txt\n\n # If cron entry already exists then exit\n if [ $tmp -gt 0 ]; then\n echo -e \"\\033[35;1mERROR: Domain backup cronjob already exists, please remove it from crontab -e before trying again.\\033[0m\"\n exit 1\n fi\n\n # Dump out contents of crontab, and add new line to it\n crontab -l > /tmp/tmpcron.txt\n cat >> /tmp/tmpcron.txt < /tmp/tmpcron.txt\n cat >> /tmp/tmpcron.txt < /home/$USER/cleanbackup.log; chown $USER:$USER /home/$USER/cleanbackup.log\nEOF\n crontab /tmp/tmpcron.txt\n command rm /tmp/tmpcron.txt\n echo -e \"\\033[35;1mBackup files older than $DAYS days will be removed from /home/$USER/backup.\\033[0m\"\n echo -e \"\\033[35;1mTo verify, enter crontab -e.\\033[0m\"\n\n}\n\n\n# Start main program\nif [ ! -n \"$1\" ]; then\n echo \"\"\n echo -n \"$0\"\n echo -ne \"\\033[36m dir User\\033[0m\"\n echo \" - Create backup /home/User/backup/{domains,databases} directories to store backup files from cronjob.\"\n\n echo -n \"$0\"\n echo -ne \"\\033[36m db User\\033[0m\"\n echo \" - Set up cronjob to mysqldump a database to USER's backup directory.\"\n\n echo -n \"$0\"\n echo -ne \"\\033[36m site User\\033[0m\"\n echo \" - Set up cronjob to tar.gz a domain's public_html to User's backup directory.\"\n\n echo -n \"$0\"\n echo -ne \"\\033[36m cleanup Old User\\033[0m\"\n echo \" - Set up cronjob to remove backups files that are older than \\\"Old\\\"(integer) days from User's backup directory.\"\n\n echo \"\"\n exit\nfi\n\n\ncase $1 in\ndir)\n # Make sure user inputs all the backup command and the user\n if [ ! $# -eq 2 ]; then\n echo -e \"\\033[35;1mPlease enter all required parameters\\033[0m\"\n exit 1\n else\n USER=$2\n create_backup_directory\n fi\n ;;\ndb)\n # Make sure user inputs all the backup command and the user\n if [ ! $# -eq 2 ]; then\n echo -e \"\\033[35;1mPlease enter all required parameters\\033[0m\"\n exit 1\n else\n USER=$2\n find_available_databases\n ask_interval\n cron_backupdb\n fi\n ;;\nsite)\n # Make sure user inputs all the backup command and the user\n if [ ! $# -eq 2 ]; then\n echo -e \"\\033[35;1mPlease enter all required parameters\\033[0m\"\n exit 1\n else\n USER=$2\n find_available_domains\n ask_interval\n cron_backupdomain\n fi\n ;;\ncleanup)\n # Make sure user inputs all the backup command, the user and the days params\n if [ ! $# -eq 3 ]; then\n echo -e \"\\033[35;1mPlease enter all required parameters\\033[0m\"\n exit 1\n else\n USER=$3\n DAYS=$2\n ask_interval\n cron_cleanbackup\n fi\n ;;\nesac\n" }, { "path": "config/apache2.conf", "content": "# This is the main Apache server configuration file. It contains the\n# configuration directives that give the server its instructions.\n# See http://httpd.apache.org/docs/2.2/ for detailed information about\n# the directives and /usr/share/doc/apache2-common/README.Debian.gz about\n# Debian specific hints.\n#\n#\n# Summary of how the Apache 2 configuration works in Debian:\n# The Apache 2 web server configuration in Debian is quite different to\n# upstream's suggested way to configure the web server. This is because Debian's\n# default Apache2 installation attempts to make adding and removing modules,\n# virtual hosts, and extra configuration directives as flexible as possible, in\n# order to make automating the changes and administering the server as easy as\n# possible.\n\n# It is split into several files forming the configuration hierarchy outlined\n# below, all located in the /etc/apache2/ directory:\n#\n#\t/etc/apache2/\n#\t|-- apache2.conf\n#\t|\t`-- ports.conf\n#\t|-- mods-enabled\n#\t|\t|-- *.load\n#\t|\t`-- *.conf\n#\t|-- conf.d\n#\t|\t`-- *\n# \t`-- sites-enabled\n#\t \t`-- *\n#\n#\n# * apache2.conf is the main configuration file (this file). It puts the pieces\n# together by including all remaining configuration files when starting up the\n# web server.\n#\n# In order to avoid conflicts with backup files, the Include directive is\n# adapted to ignore files that:\n# - do not begin with a letter or number\n# - contain a character that is neither letter nor number nor _-:.\n# - contain .dpkg\n#\n# Yet we strongly suggest that all configuration files either end with a\n# .conf or .load suffix in the file name. The next Debian release will\n# ignore files not ending with .conf (or .load for mods-enabled).\n#\n# * ports.conf is always included from the main configuration file. It is\n# supposed to determine listening ports for incoming connections, and which\n# of these ports are used for name based virtual hosts.\n#\n# * Configuration files in the mods-enabled/ and sites-enabled/ directories\n# contain particular configuration snippets which manage modules or virtual\n# host configurations, respectively.\n#\n# They are activated by symlinking available configuration files from their\n# respective *-available/ counterparts. These should be managed by using our\n# helpers a2enmod/a2dismod, a2ensite/a2dissite. See\n# their respective man pages for detailed information.\n#\n# * Configuration files in the conf.d directory are either provided by other\n# packages or may be added by the local administrator. Local additions\n# should start with local- or end with .local.conf to avoid name clashes. All\n# files in conf.d are considered (excluding the exceptions noted above) by\n# the Apache 2 web server.\n#\n# * The binary is called apache2. Due to the use of environment variables, in\n# the default configuration, apache2 needs to be started/stopped with\n# /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not\n# work with the default configuration.\n\n\n# Global configuration\n#\n\n#\n# ServerRoot: The top of the directory tree under which the server's\n# configuration, error, and log files are kept.\n#\n# NOTE! If you intend to place this on an NFS (or otherwise network)\n# mounted filesystem then please read the LockFile documentation (available\n# at );\n# you will save yourself a lot of trouble.\n#\n# Do NOT add a slash at the end of the directory path.\n#\n#ServerRoot \"/etc/apache2\"\n\n#\n# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.\n#\nMutex file:${APACHE_LOCK_DIR} default\n\n#\n# PidFile: The file in which the server should record its process\n# identification number when it starts.\n# This needs to be set in /etc/apache2/envvars\n#\nPidFile ${APACHE_PID_FILE}\n\n#\n# Timeout: The number of seconds before receives and sends time out.\n#\nTimeout 300\n\n#\n# KeepAlive: Whether or not to allow persistent connections (more than\n# one request per connection). Set to \"Off\" to deactivate.\n#\nKeepAlive On\n\n#\n# MaxKeepAliveRequests: The maximum number of requests to allow\n# during a persistent connection. Set to 0 to allow an unlimited amount.\n# We recommend you leave this number high, for maximum performance.\n#\nMaxKeepAliveRequests 100\n\n#\n# KeepAliveTimeout: Number of seconds to wait for the next request from the\n# same client on the same connection.\n#\nKeepAliveTimeout 5\n\n##\n## Server-Pool Size Regulation (MPM specific)\n##\n\n# prefork MPM\n# StartServers: number of server processes to start\n# MinSpareServers: minimum number of server processes which are kept spare\n# MaxSpareServers: maximum number of server processes which are kept spare\n# MaxRequestWorkers: maximum number of server processes allowed to start\n# MaxConnectionsPerChild: maximum number of requests a server process serves\n\n StartServers 5\n MinSpareServers 5\n MaxSpareServers 10\n MaxRequestWorkers 150\n MaxConnectionsPerChild 0\n\n\n# worker MPM\n# StartServers: initial number of server processes to start\n# MinSpareThreads: minimum number of worker threads which are kept spare\n# MaxSpareThreads: maximum number of worker threads which are kept spare\n# ThreadLimit: ThreadsPerChild can be changed to this maximum value during a\n# graceful restart. ThreadLimit can only be changed by stopping\n# and starting Apache.\n# ThreadsPerChild: constant number of worker threads in each server process\n# MaxRequestWorkers: maximum number of simultaneous client connections\n# MaxConnectionsPerChild: maximum number of requests a server process serves\n\n StartServers 2\n MinSpareThreads 25\n MaxSpareThreads 75\n ThreadLimit 64\n ThreadsPerChild 25\n MaxRequestWorkers 150\n MaxConnectionsPerChild 0\n\n\n# event MPM\n# StartServers: initial number of server processes to start\n# MinSpareThreads: minimum number of worker threads which are kept spare\n# MaxSpareThreads: maximum number of worker threads which are kept spare\n# ThreadsPerChild: constant number of worker threads in each server process\n# MaxRequestWorkers: maximum number of simultaneous client connections\n# MaxConnectionsPerChild: maximum number of requests a server process serves\n\n StartServers 1\n MinSpareThreads 2\n MaxSpareThreads 5\n ThreadLimit 20\n ThreadsPerChild 20\n MaxRequestWorkers 60\n MaxConnectionsPerChild 5000\n\n\n# These need to be set in /etc/apache2/envvars\nUser ${APACHE_RUN_USER}\nGroup ${APACHE_RUN_GROUP}\n\n#\n# AccessFileName: The name of the file to look for in each directory\n# for additional configuration directives. See also the AllowOverride\n# directive.\n#\n\nAccessFileName .htaccess\n\n#\n# The following lines prevent .htaccess and .htpasswd files from being\n# viewed by Web clients.\n#\n\n Require all denied\n Satisfy all\n\n\n# TuxLite. Better to put this block here compared to Debian's default\n\n Options Indexes FollowSymLinks\n AllowOverride All\n Require all granted\n\n\n#\n# DefaultType is the default MIME type the server will use for a document\n# if it cannot otherwise determine one, such as from filename extensions.\n# If your server contains mostly text or HTML documents, \"text/plain\" is\n# a good value. If most of your content is binary, such as applications\n# or images, you may want to use \"application/octet-stream\" instead to\n# keep browsers from trying to display binary files as though they are\n# text.\n#\n# It is also possible to omit any default MIME type and let the\n# client's browser guess an appropriate action instead. Typically the\n# browser will decide based on the file's extension then. In cases\n# where no good assumption can be made, letting the default MIME type\n# unset is suggested instead of forcing the browser to accept\n# incorrect metadata.\n#\nDefaultType None\n\n\n#\n# HostnameLookups: Log the names of clients or just their IP addresses\n# e.g., www.apache.org (on) or 204.62.129.132 (off).\n# The default is off because it'd be overall better for the net if people\n# had to knowingly turn this feature on, since enabling it means that\n# each client request will result in AT LEAST one lookup request to the\n# nameserver.\n#\nHostnameLookups Off\n\n# ErrorLog: The location of the error log file.\n# If you do not specify an ErrorLog directive within a \n# container, error messages relating to that virtual host will be\n# logged here. If you *do* define an error logfile for a \n# container, that host's errors will be logged there and not here.\n#\nErrorLog ${APACHE_LOG_DIR}/error.log\n\n#\n# LogLevel: Control the number of messages logged to the error_log.\n# Possible values include: debug, info, notice, warn, error, crit,\n# alert, emerg.\n#\nLogLevel warn\n\n# Include module configuration:\nInclude mods-enabled/*.load\nInclude mods-enabled/*.conf\n\n# Include list of ports to listen on and which to use for name based vhosts\nInclude ports.conf\n\n#\n# The following directives define some format nicknames for use with\n# a CustomLog directive (see below).\n# If you are behind a reverse proxy, you might want to change %h into %{X-Forwarded-For}i\n#\nLogFormat \"%v:%p %h %l %u %t \\\"%r\\\" %>s %O \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\"\" vhost_combined\nLogFormat \"%h %l %u %t \\\"%r\\\" %>s %O \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\"\" combined\nLogFormat \"%h %l %u %t \\\"%r\\\" %>s %O\" common\nLogFormat \"%{Referer}i -> %U\" referer\nLogFormat \"%{User-agent}i\" agent\n\n# Include of directories ignores editors' and dpkg's backup files,\n# see the comments above for details.\n\n# Include generic snippets of statements\nIncludeOptional conf-enabled/\n\n# Include the virtual host configurations:\nIncludeOptional sites-enabled/\n" }, { "path": "config/apache2_ports.conf", "content": "# If you just change the port or add more ports here, you will likely also\n# have to change the VirtualHost statement in\n# /etc/apache2/sites-enabled/000-default\n# This is also true if you have upgraded from before 2.2.9-3 (i.e. from\n# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and\n# README.Debian.gz\n\nNameVirtualHost *:80\nListen 80\n\n\n # If you add NameVirtualHost *:443 here, you will also have to change\n # the VirtualHost statement in /etc/apache2/sites-available/default-ssl\n # to \n # Server Name Indication for SSL named virtual hosts is currently not\n # supported by MSIE on Windows XP.\n NameVirtualHost *:443\n Listen 443\n\n\n\n Listen 443\n" }, { "path": "config/fastcgi.conf", "content": "#Original fastcgi.conf contents\n#\n# AddHandler fastcgi-script .fcgi\n# #FastCgiWrapper /usr/lib/apache2/suexec\n# FastCgiIpcDir /var/lib/apache2/fastcgi\n#\n\n\n FastCgiIpcDir /var/lib/apache2/fastcgi\n FastCGIExternalServer /srv/www/fcgi-bin.d/php5-fpm -pass-header Authorization -idle-timeout 120 -socket /var/run/php5-fpm-www-data.sock\n\n Alias /php5-fcgi /srv/www/fcgi-bin.d\n AddType application/x-httpd-php5 .php\n\n \n SetHandler php-fpm\n \n Action php-fpm /php5-fcgi/php5-fpm\n\n \n Order deny,allow\n Deny from All\n Allow from env=REDIRECT_STATUS\n \n" }, { "path": "config/nginx.conf", "content": "user www-data;\nworker_processes 1;\npid /var/run/nginx.pid;\n\nevents {\n worker_connections 1024;\n # multi_accept on;\n}\n\nhttp {\n\n ## Basic Settings ##\n\n client_max_body_size 50m;\n client_header_timeout 5;\n keepalive_timeout 5;\n port_in_redirect off;\n sendfile on;\n server_name_in_redirect off;\n # server_names_hash_bucket_size 64;\n server_tokens off;\n tcp_nopush on;\n tcp_nodelay on;\n types_hash_max_size 2048;\n\n\n ## MIME ##\n\n include /etc/nginx/mime.types;\n default_type application/octet-stream;\n\n\n ## Logging Settings ##\n\n access_log /var/log/nginx/access.log;\n error_log /var/log/nginx/error.log;\n\n\n ## Gzip Settings ##\n\n gzip on;\n gzip_disable \"msie6\";\n gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;\n gzip_min_length 1400;\n # gzip_vary on;\n # gzip_proxied any;\n # gzip_comp_level 6;\n # gzip_buffers 16 8k;\n # gzip_http_version 1.1;\n\n\n ## nginx-naxsi config ##\n ## Uncomment it if you installed nginx-naxsi\n\n #include /etc/nginx/naxsi_core.rules;\n\n\n ## Virtual Host Configs ##\n\n include /etc/nginx/conf.d/*.conf;\n include /etc/nginx/sites-enabled/*;\n}\n\n" }, { "path": "config/nginx_default_vhost.conf", "content": "# You may add here your\n# server {\n# ...\n# }\n# statements for each of your virtual hosts to this file\n\n##\n# You should look at the following URL's in order to grasp a solid understanding\n# of Nginx configuration files in order to fully unleash the power of Nginx.\n# http://wiki.nginx.org/Pitfalls\n# http://wiki.nginx.org/QuickStart\n# http://wiki.nginx.org/Configuration\n#\n# Generally, you will want to move this file somewhere, and start with a clean\n# file but keep this around for reference. Or just disable in sites-enabled.\n#\n# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.\n##\n\nserver {\n listen 80 default_server; ## listen for ipv4; this line is default and implied\n #listen [::]:80 default_server ipv6only=on; ## listen for ipv6\n\n root /usr/share/nginx/www;\n index index.html index.htm;\n\n # Make site accessible from http://localhost/\n server_name localhost;\n\n location / {\n # First attempt to serve request as file, then\n # as directory, then fall back to displaying a 404.\n try_files $uri $uri/ /index.html;\n # Uncomment to enable naxsi on this location\n # include /etc/nginx/naxsi.rules\n }\n\n location /doc/ {\n alias /usr/share/doc/;\n autoindex on;\n allow 127.0.0.1;\n allow ::1;\n deny all;\n }\n\n # Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests\n #location /RequestDenied {\n # proxy_pass http://127.0.0.1:8080;\n #}\n\n #error_page 404 /404.html;\n\n # redirect server error pages to the static page /50x.html\n #\n #error_page 500 502 503 504 /50x.html;\n #location = /50x.html {\n # root /usr/share/nginx/www;\n #}\n\n # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000\n #\n #location ~ \\.php$ {\n # fastcgi_split_path_info ^(.+\\.php)(/.+)$;\n # # NOTE: You should have \"cgi.fix_pathinfo = 0;\" in php.ini\n #\n # # With php5-cgi alone:\n # fastcgi_pass 127.0.0.1:9000;\n # # With php5-fpm:\n # fastcgi_pass unix:/var/run/php5-fpm.sock;\n # fastcgi_index index.php;\n # include fastcgi_params;\n #}\n\n # deny access to .htaccess files, if Apache's document root\n # concurs with nginx's one\n #\n #location ~ /\\.ht {\n # deny all;\n #}\n}\n\n\n# another virtual host using mix of IP-, name-, and port-based configuration\n#\n#server {\n# listen 8000;\n# listen somename:8080;\n# server_name somename alias another.alias;\n# root html;\n# index index.html index.htm;\n#\n# location / {\n# try_files $uri $uri/ =404;\n# }\n#}\n\n\n# HTTPS server\n#\n#server {\n# listen 443;\n# server_name localhost;\n#\n# root html;\n# index index.html index.htm;\n#\n# ssl on;\n# ssl_certificate cert.pem;\n# ssl_certificate_key cert.key;\n#\n# ssl_session_timeout 5m;\n#\n# ssl_protocols SSLv3 TLSv1;\n# ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;\n# ssl_prefer_server_ciphers on;\n#\n# location / {\n# try_files $uri $uri/ =404;\n# }\n#}\n\n" }, { "path": "domain.sh", "content": "#!/bin/bash\n######################################################################\n# TuxLite virtualhost script #\n# Easily add/remove domains or subdomains #\n# Configures logrotate, AWStats and PHP5-FPM #\n# Enables/disables public viewing of AWStats and Adminer/phpMyAdmin #\n######################################################################\n\nsource ./options.conf\n\n# Seconds to wait before removing a domain/virtualhost\nREMOVE_DOMAIN_TIMER=10\n\n# Check domain to see if it contains invalid characters. Option = yes|no.\nDOMAIN_CHECK_VALIDITY=\"yes\"\n\n#### First initialize some static variables ####\n\n# Specify path to database management tool\nif [ $DB_GUI -eq 1 ]; then\n DB_GUI_PATH=\"/usr/local/share/phpmyadmin/\"\nelse\n DB_GUI_PATH=\"/usr/local/share/adminer/\"\nfi\n\n\n# Logrotate Postrotate for Nginx\n# From options.conf, nginx = 1, apache = 2\nif [ $WEBSERVER -eq 1 ]; then\n POSTROTATE_CMD='[ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid`'\nelse\n POSTROTATE_CMD='/etc/init.d/apache2 reload > /dev/null'\nfi\n\n# Variables for AWStats/Adminer|phpMyAdmin functions\n# The path to find for Adminer|phpMyAdmin and Awstats symbolic links\nPUBLIC_HTML_PATH=\"/home/*/domains/*/public_html\"\nVHOST_PATH=\"/home/*/domains/*\"\n\n#### Functions Begin ####\n\nfunction initialize_variables {\n\n # Initialize variables based on user input. For add/rem functions displayed by the menu\n DOMAINS_FOLDER=\"/home/$DOMAIN_OWNER/domains\"\n DOMAIN_PATH=\"/home/$DOMAIN_OWNER/domains/$DOMAIN\"\n GIT_PATH=\"/home/$DOMAIN_OWNER/repos/$DOMAIN.git\"\n\n # From options.conf, nginx = 1, apache = 2\n if [ $WEBSERVER -eq 1 ]; then\n DOMAIN_CONFIG_PATH=\"/etc/nginx/sites-available/$DOMAIN\"\n DOMAIN_ENABLED_PATH=\"/etc/nginx/sites-enabled/$DOMAIN\"\n else\n DOMAIN_CONFIG_PATH=\"/etc/apache2/sites-available/$DOMAIN\"\n DOMAIN_ENABLED_PATH=\"/etc/apache2/sites-enabled/$DOMAIN\"\n fi\n\n # Awstats command to be placed in logrotate file\n if [ $AWSTATS_ENABLE = 'yes' ]; then\n AWSTATS_CMD=\"/usr/share/awstats/tools/awstats_buildstaticpages.pl -update -config=$DOMAIN -dir=$DOMAIN_PATH/awstats -awstatsprog=/usr/lib/cgi-bin/awstats.pl > /dev/null\"\n else\n AWSTATS_CMD=\"\"\n fi\n\n # Name of the logrotate file\n LOGROTATE_FILE=\"domain-$DOMAIN\"\n\n}\n\n\nfunction reload_webserver {\n\n # From options.conf, nginx = 1, apache = 2\n if [ $WEBSERVER -eq 1 ]; then\n service nginx reload\n else\n apache2ctl graceful\n fi\n\n} # End function reload_webserver\n\n\nfunction php_fpm_add_user {\n\n # Copy over FPM template for this Linux user if it doesn't exist\n if [ ! -e /etc/php5/fpm/pool.d/$DOMAIN_OWNER.conf ]; then\n cp /etc/php5/fpm/pool.d/{www.conf,$DOMAIN_OWNER.conf}\n\n # Change pool user, group and socket to the domain owner\n sed -i 's/^\\[www\\]$/\\['${DOMAIN_OWNER}'\\]/' /etc/php5/fpm/pool.d/$DOMAIN_OWNER.conf\n sed -i 's/^listen =.*/listen = \\/var\\/run\\/php5-fpm-'${DOMAIN_OWNER}'.sock/' /etc/php5/fpm/pool.d/$DOMAIN_OWNER.conf\n sed -i 's/^user = www-data$/user = '${DOMAIN_OWNER}'/' /etc/php5/fpm/pool.d/$DOMAIN_OWNER.conf\n sed -i 's/^group = www-data$/group = '${DOMAIN_OWNER}'/' /etc/php5/fpm/pool.d/$DOMAIN_OWNER.conf\n sed -i 's/^;listen.mode =.*/listen.mode = 0660/' /etc/php5/fpm/pool.d/$DOMAIN_OWNER.conf\n\n if [ $USE_NGINX_ORG_REPO = \"yes\" ]; then\n sed -i 's/^;listen.owner =.*/listen.owner = nginx/' /etc/php5/fpm/pool.d/$DOMAIN_OWNER.conf\n sed -i 's/^;listen.group =.*/listen.group = nginx/' /etc/php5/fpm/pool.d/$DOMAIN_OWNER.conf\n else\n sed -i 's/^;listen.owner =.*/listen.owner = www-data/' /etc/php5/fpm/pool.d/$DOMAIN_OWNER.conf\n sed -i 's/^;listen.group =.*/listen.group = www-data/' /etc/php5/fpm/pool.d/$DOMAIN_OWNER.conf\n fi\n fi\n\n service php5-fpm restart\n\n} # End function php_fpm_add_user\n\n\nfunction add_domain {\n\n # Create public_html and log directories for domain\n mkdir -p $DOMAIN_PATH/{logs,public_html}\n touch $DOMAIN_PATH/logs/{access.log,error.log}\n\n cat > $DOMAIN_PATH/public_html/index.html <\n\nWelcome to $DOMAIN\n\n\n

Welcome to $DOMAIN

\n

This page is simply a placeholder for your domain. Place your content in the appropriate directory to see it here.

\n

Please replace or delete index.html when uploading or creating your site.

\n\n\nEOF\n\n # Setup awstats directories\n if [ $AWSTATS_ENABLE = 'yes' ]; then\n mkdir -p $DOMAIN_PATH/{awstats,awstats/.data}\n cd $DOMAIN_PATH/awstats/\n # Create a symbolic link to awstats generated report named index.html\n ln -s awstats.$DOMAIN.html index.html\n # Create link to the icons folder so that reports icons can be loaded\n ln -s /usr/share/awstats/icon awstats-icon\n cd - &> /dev/null\n fi\n\n # Set permissions\n chown $DOMAIN_OWNER:$DOMAIN_OWNER $DOMAINS_FOLDER\n chown -R $DOMAIN_OWNER:$DOMAIN_OWNER $DOMAIN_PATH\n # Allow execute permissions to group and other so that the webserver can serve files\n chmod 711 $DOMAINS_FOLDER\n chmod 711 $DOMAIN_PATH\n\n # Virtualhost entry\n # From options.conf, nginx = 1, apache = 2\n if [ $WEBSERVER -eq 1 ]; then\n # Nginx webserver. Use Nginx vHost config\n cat > $DOMAIN_CONFIG_PATH <\n\n\n\n\n\n ServerName $DOMAIN\n ServerAlias www.$DOMAIN\n ServerAdmin admin@$DOMAIN\n DocumentRoot $DOMAIN_PATH/public_html/\n ErrorLog $DOMAIN_PATH/logs/error.log\n CustomLog $DOMAIN_PATH/logs/access.log combined\n\n # With PHP5-FPM, you need to create another PHP5-FPM pool for SSL connections\n # Adding the same fastcgiexternalserver line here will result in an error\n Alias /php5-fcgi $DOMAIN_PATH\n\n SSLEngine on\n SSLCertificateFile /etc/ssl/localcerts/webserver.pem\n SSLCertificateKeyFile /etc/ssl/localcerts/webserver.key\n SSLProtocol all -SSLv3 -SSLv2\n\n \n SSLOptions +StdEnvVars\n \n\n BrowserMatch \"MSIE [2-6]\" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0\n BrowserMatch \"MSIE [17-9]\" ssl-unclean-shutdown\n\n\n\nEOF\n fi # End if $WEBSERVER -eq 1\n\n if [ $AWSTATS_ENABLE = 'yes' ]; then\n # Configure Awstats for domain\n cp /etc/awstats/awstats.conf /etc/awstats/awstats.$DOMAIN.conf\n sed -i 's/^SiteDomain=.*/SiteDomain=\"'${DOMAIN}'\"/' /etc/awstats/awstats.$DOMAIN.conf\n sed -i 's/^LogFile=.*/\\#Deleted LogFile parameter. Appended at the bottom of this config file instead./' /etc/awstats/awstats.$DOMAIN.conf\n sed -i 's/^LogFormat=.*/LogFormat=1/' /etc/awstats/awstats.$DOMAIN.conf\n sed -i 's/^DirData=.*/\\#Deleted DirData parameter. Appended at the bottom of this config file instead./' /etc/awstats/awstats.$DOMAIN.conf\n sed -i 's/^DirIcons=.*/DirIcons=\".\\/awstats-icon\"/' /etc/awstats/awstats.$DOMAIN.conf\n sed -i '/Include \\\"\\/etc\\/awstats\\/awstats\\.conf\\.local\\\"/ d' /etc/awstats/awstats.$DOMAIN.conf\n echo \"LogFile=\\\"$DOMAIN_PATH/logs/access.log\\\"\" >> /etc/awstats/awstats.$DOMAIN.conf\n echo \"DirData=\\\"$DOMAIN_PATH/awstats/.data\\\"\" >> /etc/awstats/awstats.$DOMAIN.conf\n fi\n\n # Add new logrotate entry for domain\n cat > /etc/logrotate.d/$LOGROTATE_FILE < hooks/post-receive < /dev/null\n\n # Set permissions\n chown -R $DOMAIN_OWNER:$DOMAIN_OWNER $GIT_PATH\n echo -e \"\\033[35;1mSuccesfully Created git repository \\033[0m\"\n echo -e \"\\033[35;1mgit remote add web ssh://$DOMAIN_OWNER@$HOSTNAME_FQDN:$SSHD_PORT/$GIT_PATH \\033[0m\"\n fi\n\n\n} # End function add_domain\n\n\nfunction remove_domain {\n\n echo -e \"\\033[31;1mWARNING: This will permanently delete everything related to $DOMAIN\\033[0m\"\n echo -e \"\\033[31mIf you wish to stop it, press \\033[1mCTRL+C\\033[0m \\033[31mto abort.\\033[0m\"\n sleep $REMOVE_DOMAIN_TIMER\n\n # First disable domain and reload webserver\n echo -e \"* Disabling domain: \\033[1m$DOMAIN\\033[0m\"\n sleep 1\n rm -rf $DOMAIN_ENABLED_PATH\n reload_webserver\n\n # Then delete all files and config files\n if [ $AWSTATS_ENABLE = 'yes' ]; then\n echo -e \"* Removing awstats config: \\033[1m/etc/awstats/awstats.$DOMAIN.conf\\033[0m\"\n sleep 1\n rm -rf /etc/awstats/awstats.$DOMAIN.conf\n fi\n\n echo -e \"* Removing domain files: \\033[1m$DOMAIN_PATH\\033[0m\"\n sleep 1\n rm -rf $DOMAIN_PATH\n\n echo -e \"* Removing vhost file: \\033[1m$DOMAIN_CONFIG_PATH\\033[0m\"\n sleep 1\n rm -rf $DOMAIN_CONFIG_PATH\n\n echo -e \"* Removing logrotate file: \\033[1m/etc/logrotate.d/$LOGROTATE_FILE\\033[0m\"\n sleep 1\n rm -rf /etc/logrotate.d/$LOGROTATE_FILE\n\n echo -e \"* Removing git repository: \\033[1m$GIT_PATH\\033[0m\"\n sleep 1\n rm -rf $GIT_PATH\n\n} # End function remove_domain\n\n\nfunction check_domain_exists {\n\n # If virtualhost config exists in /sites-available or the vhost directory exists,\n # Return 0 if files exists, otherwise return 1\n if [ -e \"$DOMAIN_CONFIG_PATH\" ] || [ -e \"$DOMAIN_PATH\" ]; then\n return 0\n else\n return 1\n fi\n\n} # End function check_domain_exists\n\n\nfunction check_domain_valid {\n\n # Check if the domain entered is actually valid as a domain name\n # NOTE: to disable, set \"DOMAIN_CHECK_VALIDITY\" to \"no\" at the start of this script\n if [ \"$DOMAIN_CHECK_VALIDITY\" = \"yes\" ]; then\n if [[ \"$DOMAIN\" =~ [\\~\\!\\@\\#\\$\\%\\^\\&\\*\\(\\)\\_\\+\\=\\{\\}\\|\\\\\\;\\:\\'\\\"\\<\\>\\?\\,\\/\\[\\]] ]]; then\n echo -e \"\\033[35;1mERROR: Domain check failed. Please enter a valid domain.\\033[0m\"\n echo -e \"\\033[35;1mERROR: If you are certain this domain is valid, then disable domain checking option at the beginning of the script.\\033[0m\"\n return 1\n else\n return 0\n fi\n else\n # If $DOMAIN_CHECK_VALIDITY is \"no\", simply exit\n return 0\n fi\n\n} # End function check_domain_valid\n\n\nfunction awstats_on {\n\n # Search virtualhost directory to look for \"stats\". In case the user created a stats folder, we do not want to overwrite it.\n stats_folder=`find $PUBLIC_HTML_PATH -maxdepth 1 -name \"stats\" -print0 | xargs -0 -I path echo path | wc -l`\n\n # If no stats folder found, find all available public_html folders and create symbolic link to the awstats folder\n if [ $stats_folder -eq 0 ]; then\n find $VHOST_PATH -maxdepth 1 -name \"public_html\" -type d | xargs -L1 -I path ln -sv ../awstats path/stats\n echo -e \"\\033[35;1mAwstats enabled.\\033[0m\"\n else\n echo -e \"\\033[35;1mERROR: Failed to enable AWStats for all domains. \\033[0m\"\n echo -e \"\\033[35;1mERROR: AWStats is already enabled for at least 1 domain. \\033[0m\"\n echo -e \"\\033[35;1mERROR: Turn AWStats off again before re-enabling. \\033[0m\"\n echo -e \"\\033[35;1mERROR: Also ensure that all your public_html(s) do not have a manually created \\\"stats\\\" folder. \\033[0m\"\n fi\n\n} # End function awstats_on\n\n\nfunction awstats_off {\n\n # Search virtualhost directory to look for \"stats\" symbolic links\n find $PUBLIC_HTML_PATH -maxdepth 1 -name \"stats\" -type l -print0 | xargs -0 -I path echo path > /tmp/awstats.txt\n\n # Remove symbolic links\n while read LINE; do\n rm -rfv $LINE\n done < \"/tmp/awstats.txt\"\n rm -rf /tmp/awstats.txt\n\n echo -e \"\\033[35;1mAwstats disabled. If you do not see any \\\"removed\\\" messages, it means it has already been disabled.\\033[0m\"\n\n} # End function awstats_off\n\n\nfunction dbgui_on {\n\n # Search virtualhost directory to look for \"dbgui\". In case the user created a \"dbgui\" folder, we do not want to overwrite it.\n dbgui_folder=`find $PUBLIC_HTML_PATH -maxdepth 1 -name \"dbgui\" -print0 | xargs -0 -I path echo path | wc -l`\n\n # If no \"dbgui\" folders found, find all available public_html folders and create \"dbgui\" symbolic link to /usr/local/share/adminer|phpmyadmin\n if [ $dbgui_folder -eq 0 ]; then\n find $VHOST_PATH -maxdepth 1 -name \"public_html\" -type d | xargs -L1 -I path ln -sv $DB_GUI_PATH path/dbgui\n echo -e \"\\033[35;1mAdminer or phpMyAdmin enabled.\\033[0m\"\n else\n echo -e \"\\033[35;1mERROR: Failed to enable Adminer or phpMyAdmin for all domains. \\033[0m\"\n echo -e \"\\033[35;1mERROR: It is already enabled for at least 1 domain. \\033[0m\"\n echo -e \"\\033[35;1mERROR: Turn it off again before re-enabling. \\033[0m\"\n echo -e \"\\033[35;1mERROR: Also ensure that all your public_html(s) do not have a manually created \\\"dbgui\\\" folder. \\033[0m\"\n fi\n\n} # End function dbgui_on\n\n\nfunction dbgui_off {\n\n # Search virtualhost directory to look for \"dbgui\" symbolic links\n find $PUBLIC_HTML_PATH -maxdepth 1 -name \"dbgui\" -type l -print0 | xargs -0 -I path echo path > /tmp/dbgui.txt\n\n # Remove symbolic links\n while read LINE; do\n rm -rfv $LINE\n done < \"/tmp/dbgui.txt\"\n rm -rf /tmp/dbgui.txt\n\n echo -e \"\\033[35;1mAdminer or phpMyAdmin disabled. If \\\"removed\\\" messages do not appear, it has been previously disabled.\\033[0m\"\n\n} # End function dbgui_off\n\n\n#### Main program begins ####\n\n# Show Menu\nif [ ! -n \"$1\" ]; then\n echo \"\"\n echo -e \"\\033[35;1mSelect from the options below to use this script:- \\033[0m\"\n echo -n \"$0\"\n echo -ne \"\\033[36m add user Domain.tld\\033[0m\"\n echo \" - Add specified domain to \\\"user's\\\" home directory. AWStats(optional) and log rotation will be configured.\"\n\n echo -n \"$0\"\n echo -ne \"\\033[36m rem user Domain.tld\\033[0m\"\n echo \" - Remove everything for Domain.tld including stats and public_html. If necessary, backup domain files before executing!\"\n\n echo -n \"$0\"\n echo -ne \"\\033[36m dbgui on|off\\033[0m\"\n echo \" - Disable or enable public viewing of Adminer or phpMyAdmin.\"\n\n echo -n \"$0\"\n echo -ne \"\\033[36m stats on|off\\033[0m\"\n echo \" - Disable or enable public viewing of AWStats.\"\n\n echo \"\"\n exit 0\nfi\n# End Show Menu\n\n\ncase $1 in\nadd)\n # Add domain for user\n # Check for required parameters\n if [ $# -ne 3 ]; then\n echo -e \"\\033[31;1mERROR: Please enter the required parameters.\\033[0m\"\n exit 1\n fi\n\n # Set up variables\n DOMAIN_OWNER=$2\n DOMAIN=$3\n initialize_variables\n\n # Check if user exists on system\n if [ ! -d /home/$DOMAIN_OWNER ]; then\n echo -e \"\\033[31;1mERROR: User \\\"$DOMAIN_OWNER\\\" does not exist on this system.\\033[0m\"\n echo -e \" - \\033[34mUse \\033[1madduser\\033[0m \\033[34m to add the user to the system.\\033[0m\"\n echo -e \" - \\033[34mFor more information, please see \\033[1mman adduser\\033[0m\"\n exit 1\n fi\n\n # Check if domain is valid\n check_domain_valid\n if [ $? -ne 0 ]; then\n exit 1\n fi\n\n # Check if domain config files exist\n check_domain_exists\n if [ $? -eq 0 ]; then\n echo -e \"\\033[31;1mERROR: $DOMAIN_CONFIG_PATH or $DOMAIN_PATH already exists. Please remove before proceeding.\\033[0m\"\n exit 1\n fi\n\n add_domain\n php_fpm_add_user\n reload_webserver\n echo -e \"\\033[35;1mSuccesfully added \\\"${DOMAIN}\\\" to user \\\"${DOMAIN_OWNER}\\\" \\033[0m\"\n echo -e \"\\033[35;1mYou can now upload your site to $DOMAIN_PATH/public_html.\\033[0m\"\n echo -e \"\\033[35;1mAdminer/phpMyAdmin is DISABLED by default. URL = http://$DOMAIN/dbgui.\\033[0m\"\n echo -e \"\\033[35;1mAWStats is DISABLED by default. URL = http://$DOMAIN/stats.\\033[0m\"\n echo -e \"\\033[35;1mStats update daily. Allow 24H before viewing stats or you will be greeted with an error page. \\033[0m\"\n echo -e \"\\033[35;1mIf Varnish cache is enabled, please disable & enable it again to reconfigure this domain. \\033[0m\"\n ;;\nrem)\n # Add domain for user\n # Check for required parameters\n if [ $# -ne 3 ]; then\n echo -e \"\\033[31;1mERROR: Please enter the required parameters.\\033[0m\"\n exit 1\n fi\n\n # Set up variables\n DOMAIN_OWNER=$2\n DOMAIN=$3\n initialize_variables\n\n # Check if user exists on system\n if [ ! -d /home/$DOMAIN_OWNER ]; then\n echo -e \"\\033[31;1mERROR: User \\\"$DOMAIN_OWNER\\\" does not exist on this system.\\033[0m\"\n exit 1\n fi\n\n # Check if domain config files exist\n check_domain_exists\n # If domain doesn't exist\n if [ $? -ne 0 ]; then\n echo -e \"\\033[31;1mERROR: $DOMAIN_CONFIG_PATH and/or $DOMAIN_PATH does not exist, exiting.\\033[0m\"\n echo -e \" - \\033[34;1mNOTE:\\033[0m \\033[34mThere may be files left over. Please check manually to ensure everything is deleted.\\033[0m\"\n exit 1\n fi\n\n remove_domain\n ;;\ndbgui)\n if [ \"$2\" = \"on\" ]; then\n dbgui_on\n elif [ \"$2\" = \"off\" ]; then\n dbgui_off\n fi\n ;;\nstats)\n if [ \"$2\" = \"on\" ]; then\n awstats_on\n elif [ \"$2\" = \"off\" ]; then\n awstats_off\n fi\n ;;\nesac\n" }, { "path": "install.sh", "content": "#!/bin/bash\n\n# First uninstall any unnecessary packages.\napt-get update\napt-get -y install nano\napt-get -y install lsb-release\nservice apache2 stop\nservice sendmail stop\nservice bind9 stop\nservice nscd stop\napt-get -y purge nscd bind9 sendmail apache2 apache2.2-common\n\necho \"\"\necho \"Configuring /etc/apt/sources.list.\"\nsleep 5\n./setup.sh apt\n\necho \"\"\necho \"Installing updates & configuring SSHD / hostname.\"\nsleep 5\n./setup.sh basic\n\necho \"\"\necho \"Installing LAMP or LNMP stack.\"\nsleep 5\n./setup.sh install\n\necho \"\"\necho \"Optimizing AWStats, PHP, logrotate & webserver config.\"\nsleep 5\n./setup.sh optimize\n\n## Uncomment to secure /tmp folder\n#echo \"\"\n#echo \"Securing /tmp directory.\"\n## Use tmpdd here if your server has under 256MB memory. Tmpdd will consume a 1GB disk space for /tmp\n#./setup.sh tmpfs\n\necho \"\"\necho \"Installation complete!\"\necho \"Root login disabled.\"\necho \"Please add a normal user now using the \\\"adduser\\\" command.\"\n" }, { "path": "options.conf", "content": "# Hostname can be anything. E.g. \"vps\", \"zeus\", \"jupiter\"\n# FQDN can be any domain that you own and doesn't have to be hosted on this server\nHOSTNAME=srv1\nHOSTNAME_FQDN=srv1.yourdomain.com\nSERVER_IP=\"0.0.0.0\"\nSSHD_PORT=22\n\n# Set an admin email account to be used for various system notifications and alerts\nADMIN_EMAIL=\"admin@yourdomain.com\"\n\n# Choose whether you want to maintain 'root login' or not. Options = yes|no\nROOT_LOGIN=no\n\n# Configure /etc/apt/sources.list to use redirector/geolocation mirrors\n# Improves package download speeds. Options = yes|no\nCONFIGURE_APT=no\n\n# Nginx = 1, Apache = 2\nWEBSERVER=1\n\n# Oracle MySQL = 1, MariaDB = 2, Percona = 3\nDBSERVER=1\n\n# MariaDB 5.5 options\n# Generate preferred repo from https://downloads.mariadb.org/mariadb/repositories/\n# Specify repository's hostname if using another mirror. Required for APT pinning\nMARIADB_REPO='http://ftp.osuosl.org/pub/mariadb/repo/5.5/'\nMARIADB_REPO_HOSTNAME='ftp.osuosl.org'\n\n# Enable official nginx.org repository. Options = yes|no\n# Faster nginx updates, fewer compiled in modules\nUSE_NGINX_ORG_REPO=no\n\n# Root password for MySQL, MariaDB or Percona\nMYSQL_ROOT_PASSWORD=abcd1234\n\n# phpMyAdmin = 1, Adminer = 2\nDB_GUI=1\n\n# Set amount of RAM for Varnish cache\nVARNISH_CACHE_SIZE=50M\n# Varnish version. Only used for Debian stable or Ubuntu LTS.\nVARNISH_VER=3.0\n\n\n#########################################################\n# You may simply use the defaults for the options below #\n#########################################################\n\n# Enable or disable AWStats. Options = yes|no\nAWSTATS_ENABLE=yes\n\n# Enable or disable Git. Options = yes|no\nGIT_ENABLE=no\n\n# Any other packages that you wish to install. Leave empty if nothing more is needed\n# Eg. MISC_PACKAGES=\"htop dnsutils vim tmux imagemagick\"\nMISC_PACKAGES=\"\"\n\n# Configure PHP. Recommended to leave PHP_BASE unchanged\n# You may safely remove all the modules in PHP_EXTRAS\nPHP_BASE=\"php5-fpm php5-common php-apc php5-mysqlnd php5-dev\"\nPHP_EXTRAS=\"php5-memcache php5-curl php5-mcrypt php5-xsl php5-gd php5-imagick php5-snmp php5-xmlrpc\"\n\n# Settings for php.ini\nPHP_MEMORY_LIMIT=96M\nPHP_MAX_EXECUTION_TIME=120\nPHP_MAX_INPUT_TIME=300\nPHP_POST_MAX_SIZE=25M\nPHP_UPLOAD_MAX_FILESIZE=25M\n\n# Settings for PHP5-FPM's pool\nFPM_MAX_CHILDREN=5\nFPM_START_SERVERS=1\nFPM_MIN_SPARE_SERVERS=1\nFPM_MAX_SPARE_SERVERS=2\nFPM_MAX_REQUESTS=5000\n\n# Size of the /tmp folder if you use \"tmpdd\" instead of \"tmpfs\". Default is 1GB\n# Increase if you need larger but your free disk space will be reduced accordingly\nTMP_SIZE=1000000\n\n" }, { "path": "setup.sh", "content": "###############################################################################################\n# TuxLite - Complete LNMP/LAMP setup script for Debian/Ubuntu #\n# Nginx/Apache + PHP5-FPM + MySQL #\n# Stack is optimized/tuned for a 256MB server #\n# Email your questions to s@tuxlite.com #\n###############################################################################################\n\nsource ./options.conf\n\n# Detect distribution. Debian or Ubuntu\nDISTRO=`lsb_release -i -s`\n# Distribution's release. Squeeze, wheezy, precise etc\nRELEASE=`lsb_release -c -s`\nif [ $DISTRO = \"\" ]; then\n echo -e \"\\033[35;1mPlease run 'apt-get -y install lsb-release' before using this script.\\033[0m\"\n exit 1\nfi\n\n\n#### Functions Begin ####\n\nfunction basic_server_setup {\n\n apt-get update && apt-get -y safe-upgrade\n\n # Reconfigure sshd - change port and disable root login\n sed -i 's/^Port [0-9]*/Port '${SSHD_PORT}'/' /etc/ssh/sshd_config\n if [ $ROOT_LOGIN = \"no\" ]; then\n sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config\n fi;\n service ssh reload\n\n # Set hostname and FQDN\n sed -i 's/'${SERVER_IP}'.*/'${SERVER_IP}' '${HOSTNAME_FQDN}' '${HOSTNAME}'/' /etc/hosts\n echo \"$HOSTNAME\" > /etc/hostname\n\n if [ $DISTRO = \"Debian\" ]; then\n # Debian system, use hostname.sh\n service hostname.sh start\n else\n # Ubuntu system, use hostname\n service hostname start\n fi\n\n # Basic hardening of sysctl.conf\n sed -i 's/^#net.ipv4.conf.all.accept_source_route = 0/net.ipv4.conf.all.accept_source_route = 0/' /etc/sysctl.conf\n sed -i 's/^net.ipv4.conf.all.accept_source_route = 1/net.ipv4.conf.all.accept_source_route = 0/' /etc/sysctl.conf\n sed -i 's/^#net.ipv6.conf.all.accept_source_route = 0/net.ipv6.conf.all.accept_source_route = 0/' /etc/sysctl.conf\n sed -i 's/^net.ipv6.conf.all.accept_source_route = 1/net.ipv6.conf.all.accept_source_route = 0/' /etc/sysctl.conf\n if [ $ROOT_LOGIN = \"no\" ]; then\n echo -e \"\\033[35;1m Root login disabled, SSH port set to $SSHD_PORT. Hostname set to $HOSTNAME and FQDN to $HOSTNAME_FQDN. \\033[0m\"\n echo -e \"\\033[35;1m Remember to create a normal user account for login or you will be locked out from your box! \\033[0m\"\n else\n echo -e \"\\033[35;1m Root login active, SSH port set to $SSHD_PORT. Hostname set to $HOSTNAME and FQDN to $HOSTNAME_FQDN. \\033[0m\"\n fi\n\n} # End function basic_server_setup\n\n\nfunction setup_apt {\n\n # If user enables apt option in options.conf\n if [ $CONFIGURE_APT = \"yes\" ]; then\n cp /etc/apt/{sources.list,sources.list.bak}\n\n if [ $DISTRO = \"Debian\" ]; then\n # Debian system, use Debian sources.list\n echo -e \"\\033[35;1mConfiguring APT for Debian. \\033[0m\"\n cat > /etc/apt/sources.list < /etc/apt/sources.list < /etc/apt/sources.list.d/dotdeb.list < /etc/apt/sources.list.d/nginx.list < /etc/apt/preferences.d/Nginx < /etc/apt/sources.list.d/MariaDB.list < /etc/apt/preferences.d/MariaDB < /etc/apt/sources.list.d/Percona.list < /etc/apt/preferences.d/Percona < /etc/nginx/sites-available/default\n\n # Change default vhost root directory to /usr/share/nginx/html;\n sed -i 's/\\(root \\/usr\\/share\\/nginx\\/\\).*/\\1html;/' /etc/nginx/sites-available/default\n\n # Create common SSL config file\n cat > /etc/nginx/ssl.conf < /etc/apache2/mods-available/fastcgi.conf\n\n # Create the virtual directory for the external server\n mkdir -p /srv/www/fcgi-bin.d\n fi\n\n} # End function install_webserver\n\n\nfunction install_php {\n\n # Install PHP packages and extensions specified in options.conf\n apt-get -y install $PHP_BASE\n apt-get -y install $PHP_EXTRAS\n\n} # End function install_php\n\n\nfunction install_extras {\n\n if [ $AWSTATS_ENABLE = 'yes' ]; then\n apt-get -y install awstats\n fi\n\n # Install any other packages specified in options.conf\n apt-get -y install $MISC_PACKAGES\n\n} # End function install_extras\n\n\nfunction install_mysql {\n\n if [ $DBSERVER = 3 ]; then\n echo \"percona-server-server-5.6 percona-server-server/root_password password $MYSQL_ROOT_PASSWORD\" | debconf-set-selections\n echo \"percona-server-server-5.6 percona-server-server/root_password_again password $MYSQL_ROOT_PASSWORD\" | debconf-set-selections\n else\n echo \"mysql-server mysql-server/root_password password $MYSQL_ROOT_PASSWORD\" | debconf-set-selections\n echo \"mysql-server mysql-server/root_password_again password $MYSQL_ROOT_PASSWORD\" | debconf-set-selections\n fi\n\n if [ $DBSERVER = 2 ]; then\n apt-get -y install mariadb-server mariadb-client\n elif [ $DBSERVER = 3 ]; then\n apt-get -y install percona-server-server-5.6 percona-server-client-5.6\n else\n apt-get -y install mysql-server mysql-client\n fi\n\n echo -e \"\\033[35;1m Securing MySQL... \\033[0m\"\n sleep 5\n\n apt-get -y install expect\n\n SECURE_MYSQL=$(expect -c \"\n set timeout 10\n spawn mysql_secure_installation\n expect \\\"Enter current password for root (enter for none):\\\"\n send \\\"$MYSQL_ROOT_PASSWORD\\r\\\"\n expect \\\"Change the root password?\\\"\n send \\\"n\\r\\\"\n expect \\\"Remove anonymous users?\\\"\n send \\\"y\\r\\\"\n expect \\\"Disallow root login remotely?\\\"\n send \\\"y\\r\\\"\n expect \\\"Remove test database and access to it?\\\"\n send \\\"y\\r\\\"\n expect \\\"Reload privilege tables now?\\\"\n send \\\"y\\r\\\"\n expect eof\n \")\n\n echo \"$SECURE_MYSQL\"\n apt-get -y purge expect\n\n} # End function install_mysql\n\n\nfunction optimize_stack {\n\n # If using Nginx, copy over nginx.conf\n if [ $WEBSERVER = 1 ]; then\n cat ./config/nginx.conf > /etc/nginx/nginx.conf\n\n # Change nginx user from \"www-data\" to \"nginx\". Not really necessary\n # because \"www-data\" user is created when installing PHP5-FPM\n if [ $USE_NGINX_ORG_REPO = \"yes\" ]; then\n sed -i 's/^user\\s*www-data/user nginx/' /etc/nginx/nginx.conf\n fi\n\n # Change logrotate for nginx log files to keep 10 days worth of logs\n nginx_file=`find /etc/logrotate.d/ -maxdepth 1 -name \"nginx*\"`\n sed -i 's/\\trotate .*/\\trotate 10/' $nginx_file\n\n # If using Apache, copy over apache2.conf\n else\n cat ./config/apache2.conf > /etc/apache2/apache2.conf\n\n # Change logrotate for Apache2 log files to keep 10 days worth of logs\n sed -i 's/\\tweekly/\\tdaily/' /etc/logrotate.d/apache2\n sed -i 's/\\trotate .*/\\trotate 10/' /etc/logrotate.d/apache2\n\n # Remove Apache server information from headers.\n sed -i 's/ServerTokens .*/ServerTokens Prod/' /etc/apache2/conf.d/security\n sed -i 's/ServerSignature .*/ServerSignature Off/' /etc/apache2/conf.d/security\n\n # Add *:443 to ports.conf\n cat ./config/apache2_ports.conf > /etc/apache2/ports.conf\n fi\n\n if [ $AWSTATS_ENABLE = 'yes' ]; then\n # Configure AWStats\n temp=`grep -i sitedomain /etc/awstats/awstats.conf.local | wc -l`\n if [ $temp -lt 1 ]; then\n echo SiteDomain=\"$HOSTNAME_FQDN\" >> /etc/awstats/awstats.conf.local\n fi\n # Disable Awstats from executing every 10 minutes. Put a hash in front of any line.\n sed -i 's/^[^#]/#&/' /etc/cron.d/awstats\n fi\n\n service php5-fpm stop\n php_fpm_conf=\"/etc/php5/fpm/pool.d/www.conf\"\n # Limit FPM processes\n sed -i 's/^pm.max_children.*/pm.max_children = '${FPM_MAX_CHILDREN}'/' $php_fpm_conf\n sed -i 's/^pm.start_servers.*/pm.start_servers = '${FPM_START_SERVERS}'/' $php_fpm_conf\n sed -i 's/^pm.min_spare_servers.*/pm.min_spare_servers = '${FPM_MIN_SPARE_SERVERS}'/' $php_fpm_conf\n sed -i 's/^pm.max_spare_servers.*/pm.max_spare_servers = '${FPM_MAX_SPARE_SERVERS}'/' $php_fpm_conf\n sed -i 's/\\;pm.max_requests.*/pm.max_requests = '${FPM_MAX_REQUESTS}'/' $php_fpm_conf\n # Change to socket connection for better performance\n sed -i 's/^listen =.*/listen = \\/var\\/run\\/php5-fpm-www-data.sock/' $php_fpm_conf\n\n php_ini_dir=\"/etc/php5/fpm/php.ini\"\n # Tweak php.ini based on input in options.conf\n sed -i 's/^max_execution_time.*/max_execution_time = '${PHP_MAX_EXECUTION_TIME}'/' $php_ini_dir\n sed -i 's/^memory_limit.*/memory_limit = '${PHP_MEMORY_LIMIT}'/' $php_ini_dir\n sed -i 's/^max_input_time.*/max_input_time = '${PHP_MAX_INPUT_TIME}'/' $php_ini_dir\n sed -i 's/^post_max_size.*/post_max_size = '${PHP_POST_MAX_SIZE}'/' $php_ini_dir\n sed -i 's/^upload_max_filesize.*/upload_max_filesize = '${PHP_UPLOAD_MAX_FILESIZE}'/' $php_ini_dir\n sed -i 's/^expose_php.*/expose_php = Off/' $php_ini_dir\n sed -i 's/^disable_functions.*/disable_functions = exec,system,passthru,shell_exec,escapeshellarg,escapeshellcmd,proc_close,proc_open,dl,popen,show_source/' $php_ini_dir\n\n # Generating self signed SSL certs for securing phpMyAdmin, script logins etc\n echo -e \" \"\n echo -e \"\\033[35;1m Generating self signed SSL cert... \\033[0m\"\n mkdir /etc/ssl/localcerts\n\n apt-get -y install expect\n\n GENERATE_CERT=$(expect -c \"\n set timeout 10\n spawn openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/localcerts/webserver.pem -keyout /etc/ssl/localcerts/webserver.key\n expect \\\"Country Name (2 letter code) \\[AU\\]:\\\"\n send \\\"\\r\\\"\n expect \\\"State or Province Name (full name) \\[Some-State\\]:\\\"\n send \\\"\\r\\\"\n expect \\\"Locality Name (eg, city) \\[\\]:\\\"\n send \\\"\\r\\\"\n expect \\\"Organization Name (eg, company) \\[Internet Widgits Pty Ltd\\]:\\\"\n send \\\"\\r\\\"\n expect \\\"Organizational Unit Name (eg, section) \\[\\]:\\\"\n send \\\"\\r\\\"\n expect \\\"Common Name (eg, YOUR name) \\[\\]:\\\"\n send \\\"\\r\\\"\n expect \\\"Email Address \\[\\]:\\\"\n send \\\"\\r\\\"\n expect eof\n \")\n\n echo \"$GENERATE_CERT\"\n apt-get -y purge expect\n\n # Tweak my.cnf. Commented out. Best to let users configure my.cnf on their own\n #cp /etc/mysql/{my.cnf,my.cnf.bak}\n #if [ -e /usr/share/doc/mysql-server-5.1/examples/my-medium.cnf.gz ]; then\n #gunzip /usr/share/doc/mysql-server-5.1/examples/my-medium.cnf.gz\n #cp /usr/share/doc/mysql-server-5.1/examples/my-medium.cnf /etc/mysql/my.cnf\n #else\n #gunzip /usr/share/doc/mysql-server-5.0/examples/my-medium.cnf.gz\n #cp /usr/share/doc/mysql-server-5.0/examples/my-medium.cnf /etc/mysql/my.cnf\n #fi\n #sed -i '/myisam_sort_buffer_size/ a\\skip-innodb' /etc/mysql/my.cnf\n #sleep 1\n #service mysql restart\n\n restart_webserver\n sleep 2\n service php5-fpm start\n sleep 2\n service php5-fpm restart\n echo -e \"\\033[35;1m Optimize complete! \\033[0m\"\n\n} # End function optimize\n\n\nfunction install_postfix {\n\n # Install postfix\n echo \"postfix postfix/main_mailer_type select Internet Site\" | debconf-set-selections\n echo \"postfix postfix/mailname string $HOSTNAME_FQDN\" | debconf-set-selections\n echo \"postfix postfix/destinations string localhost.localdomain, localhost\" | debconf-set-selections\n apt-get -y install postfix\n\n # Allow mail delivery from localhost only\n /usr/sbin/postconf -e \"inet_interfaces = loopback-only\"\n\n sleep 1\n postfix stop\n sleep 1\n postfix start\n\n} # End function install_postfix\n\n\n\nfunction install_dbgui {\n\n # If user selected phpMyAdmin in options.conf\n if [ $DB_GUI = 1 ]; then\n mkdir /tmp/phpmyadmin\n PMA_VER=\"`wget -q -O - https://www.phpmyadmin.net/downloads/|grep -m 1 '

phpMyAdmin'|sed -r 's/^[^3-9]*([0-9.]*).*/\\1/'`\"\n wget -O - \"https://files.phpmyadmin.net/phpMyAdmin/${PMA_VER}/phpMyAdmin-${PMA_VER}-all-languages.tar.gz\" | tar zxf - -C /tmp/phpmyadmin\n\n # Check exit status to see if download is successful\n if [ $? = 0 ]; then\n mkdir /usr/local/share/phpmyadmin\n rm -rf /usr/local/share/phpmyadmin/*\n cp -Rpf /tmp/phpmyadmin/*/* /usr/local/share/phpmyadmin\n cp /usr/local/share/phpmyadmin/{config.sample.inc.php,config.inc.php}\n rm -rf /tmp/phpmyadmin\n\n # Generate random blowfish string\n LENGTH=\"20\"\n MATRIX=\"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz\"\n while [ \"${n:=1}\" -le \"$LENGTH\" ]; do\n BLOWFISH=\"$BLOWFISH${MATRIX:$(($RANDOM%${#MATRIX})):1}\"\n let n+=1\n done\n\n # Configure phpmyadmin blowfish variable\n sed -i \"s/blowfish_secret'] = ''/blowfish_secret'] = \\'$BLOWFISH\\'/\" /usr/local/share/phpmyadmin/config.inc.php\n echo -e \"\\033[35;1mphpMyAdmin installed/upgraded.\\033[0m\"\n else\n echo -e \"\\033[35;1mInstall/upgrade failed. Perhaps phpMyAdmin download link is temporarily down. Update link in options.conf and try again.\\033[0m\"\n fi\n\n else # User selected Adminer\n\n mkdir -p /usr/local/share/adminer\n cd /usr/local/share/adminer\n rm -rf /usr/local/share/adminer/*\n wget http://www.adminer.org/latest.php\n if [ $? = 0 ]; then\n mv latest.php index.php\n echo -e \"\\033[35;1m Adminer installed. \\033[0m\"\n else\n echo -e \"\\033[35;1mInstall/upgrade failed. Perhaps http://adminer.org is down. Try again later.\\033[0m\"\n fi\n cd - &> /dev/null\n fi # End if DB_GUI\n\n} # End function install_dbgui\n\n\nfunction check_tmp_secured {\n\n temp1=`grep -w \"/var/tempFS /tmp ext3 loop,nosuid,noexec,rw 0 0\" /etc/fstab | wc -l`\n temp2=`grep -w \"tmpfs /tmp tmpfs rw,noexec,nosuid 0 0\" /etc/fstab | wc -l`\n\n if [ $temp1 -gt 0 ] || [ $temp2 -gt 0 ]; then\n return 1\n else\n return 0\n fi\n\n} # End function check_tmp_secured\n\n\nfunction secure_tmp_tmpfs {\n\n cp /etc/fstab /etc/fstab.bak\n # Backup /tmp\n cp -Rpf /tmp /tmpbackup\n\n rm -rf /tmp\n mkdir /tmp\n\n mount -t tmpfs -o rw,noexec,nosuid tmpfs /tmp\n chmod 1777 /tmp\n echo \"tmpfs /tmp tmpfs rw,noexec,nosuid 0 0\" >> /etc/fstab\n\n # Restore /tmp\n cp -Rpf /tmpbackup/* /tmp/ >/dev/null 2>&1\n\n #Remove old tmp dir\n rm -rf /tmpbackup\n\n # Backup /var/tmp and link it to /tmp\n mv /var/tmp /var/tmpbackup\n ln -s /tmp /var/tmp\n\n # Copy the old data back\n cp -Rpf /var/tmpold/* /tmp/ >/dev/null 2>&1\n # Remove old tmp dir\n rm -rf /var/tmpbackup\n\n echo -e \"\\033[35;1m /tmp and /var/tmp secured using tmpfs. \\033[0m\"\n\n} # End function secure_tmp_tmpfs\n\n\nfunction secure_tmp_dd {\n\n cp /etc/fstab /etc/fstab.bak\n\n # Create 1GB space for /tmp, change count if you want smaller/larger size\n dd if=/dev/zero of=/var/tempFS bs=1024 count=$TMP_SIZE\n # Make space as a ext3 filesystem\n /sbin/mkfs.ext3 /var/tempFS\n\n # Backup /tmp\n cp -Rpf /tmp /tmpbackup\n\n # Secure /tmp\n mount -o loop,noexec,nosuid,rw /var/tempFS /tmp\n chmod 1777 /tmp\n echo \"/var/tempFS /tmp ext3 loop,nosuid,noexec,rw 0 0\" >> /etc/fstab\n\n # Restore /tmp\n cp -Rpf /tmpbackup/* /tmp/ >/dev/null 2>&1\n\n # Remove old tmp dir\n rm -rf /tmpbackup\n\n # Backup /var/tmp and link it to /tmp\n mv /var/tmp /var/tmpbackup\n ln -s /tmp /var/tmp\n\n # Copy the old data back\n cp -Rpf /var/tmpold/* /tmp/ >/dev/null 2>&1\n # Remove old tmp dir\n rm -rf /var/tmpbackup\n\n echo -e \"\\033[35;1m /tmp and /var/tmp secured using file created using dd. \\033[0m\"\n\n} # End function secure_tmp_tmpdd\n\n\nfunction restart_webserver {\n\n # From options.conf, nginx = 1, apache = 2\n if [ $WEBSERVER = 1 ]; then\n service nginx restart\n else\n apache2ctl graceful\n fi\n\n} # End function restart_webserver\n\n\n\n#### Main program begins ####\n\n# Show Menu\nif [ ! -n \"$1\" ]; then\n echo \"\"\n echo -e \"\\033[35;1mNOTICE: Edit options.conf before using\\033[0m\"\n echo -e \"\\033[35;1mA standard setup would be: apt + basic + install + optimize\\033[0m\"\n echo \"\"\n echo -e \"\\033[35;1mSelect from the options below to use this script:- \\033[0m\"\n\n echo -n \"$0\"\n echo -ne \"\\033[36m apt\\033[0m\"\n echo \" - Reconfigure or reset /etc/apt/sources.list.\"\n\n echo -n \"$0\"\n echo -ne \"\\033[36m basic\\033[0m\"\n echo \" - Disable root SSH logins, change SSH port and set hostname.\"\n\n echo -n \"$0\"\n echo -ne \"\\033[36m install\\033[0m\"\n echo \" - Installs LNMP or LAMP stack. Also installs Postfix MTA.\"\n\n echo -n \"$0\"\n echo -ne \"\\033[36m optimize\\033[0m\"\n echo \" - Optimizes webserver.conf, php.ini, AWStats & logrotate. Also generates self signed SSL certs.\"\n\n echo -n \"$0\"\n echo -ne \"\\033[36m dbgui\\033[0m\"\n echo \" - Installs or updates Adminer/phpMyAdmin.\"\n\n echo -n \"$0\"\n echo -ne \"\\033[36m tmpfs\\033[0m\"\n echo \" - Secures /tmp and /var/tmp using tmpfs. Not recommended for servers with less than 512MB dedicated RAM.\"\n\n echo -n \"$0\"\n echo -ne \"\\033[36m tmpdd\\033[0m\"\n echo \" - Secures /tmp and /var/tmp using a file created on disk. Tmp size is defined in options.conf.\"\n\n echo \"\"\n exit\nfi\n# End Show Menu\n\n\ncase $1 in\napt)\n setup_apt\n ;;\nbasic)\n basic_server_setup\n ;;\ninstall)\n install_webserver\n install_mysql\n install_php\n install_extras\n install_postfix\n restart_webserver\n service php5-fpm restart\n echo -e \"\\033[35;1m Webserver + PHP-FPM + MySQL install complete! \\033[0m\"\n ;;\noptimize)\n optimize_stack\n ;;\ndbgui)\n install_dbgui\n ;;\ntmpdd)\n check_tmp_secured\n if [ $? = 0 ]; then\n secure_tmp_dd\n else\n echo -e \"\\033[35;1mFunction canceled. /tmp already secured. \\033[0m\"\n fi\n ;;\ntmpfs)\n check_tmp_secured\n if [ $? = 0 ]; then\n secure_tmp_tmpfs\n else\n echo -e \"\\033[35;1mFunction canceled. /tmp already secured. \\033[0m\"\n fi\n ;;\nesac\n\n\n" }, { "path": "varnish.sh", "content": "#!/bin/bash\n\nsource ./options.conf\n\n# Detect distribution. Debian or Ubuntu\nDISTRO=`lsb_release -i -s`\n# Distribution's release. Squeeze, wheezy, precise etc\nRELEASE=`lsb_release -c -s`\nif [ $DISTRO = \"\" ]; then\n echo -e \"\\033[35;1mPlease run 'apt-get -y install lsb-release' before using this script.\\033[0m\"\n exit 1\nfi\n\nfunction setup_varnish {\n\n # Use official varnish-cache.org repo for Debian stable and Ubuntu LTS.\n # Otherwise, install from distro's repo\n if [ $DISTRO = \"Debian\" ]; then\n if [ $RELEASE = \"squeeze\" ] || [ $RELEASE = \"wheezy\" ]; then\n apt-get update && apt-get -y install curl\n curl http://repo.varnish-cache.org/debian/GPG-key.txt | apt-key add -\n echo \"deb http://repo.varnish-cache.org/debian/ ${RELEASE} varnish-${VARNISH_VER}\" > /etc/apt/sources.list.d/varnish.list\n fi\n fi\n\n if [ $DISTRO = \"Ubuntu\" ]; then\n if [ $RELEASE = \"lucid\" ] || [ $RELEASE = \"precise\" ]; then\n apt-get update && apt-get -y install curl\n curl http://repo.varnish-cache.org/debian/GPG-key.txt | apt-key add -\n echo \"deb http://repo.varnish-cache.org/ubuntu/ ${RELEASE} varnish-${VARNISH_VER}\" > /etc/apt/sources.list.d/varnish.list\n fi\n fi\n\n apt-get update\n apt-get -y install varnish\n\n # If using Apache, install mod_rpaf to get remote IP of forwarded requests\n if [ $WEBSERVER -eq 2 ]; then\n apt-get -y install libapache2-mod-rpaf\n fi\n\n # Create a backup copy of the original config file. Don't do anything if file exists\n if [ ! -e /etc/default/varnish_original.backup ]; then\n cp /etc/default/{varnish,varnish_original.backup}\n fi\n\n # Clear config file\n > /etc/default/varnish\n\n # Configure varnish to listen on port 80, with user specified cache size in options.conf\n cat > /etc/default/varnish <$/:8080>/' /etc/apache2/sites-available/*\n\n apache2ctl restart\n sleep 2\n service varnish start\n fi\n\n\n} # End function varnish_on\n\n\nfunction varnish_off {\n\n # Deny Varnish from starting\n sed -i 's/START=yes/START=no/' /etc/default/varnish\n\n # From options.conf, nginx = 1, apache = 2\n if [ $WEBSERVER -eq 1 ]; then\n # Revert Nginx virtualhost ports to 80\n echo 'Changing \"Listen 8080;\" to \"Listen 80;\" for vhosts in /etc/nginx/sites-available/'\n sed -i 's/listen\\s*8080;/listen 80;/' /etc/nginx/sites-available/*\n # TuxLite optimized default vhost uses a catch-all (default_server) listen directive.\n sed -i 's/listen\\s*8080\\s*default_server;/listen 80 default_server;/' /etc/nginx/sites-available/*\n\n # Remove IP forwarding.\n sed -i '/set_real_ip_from 127.0.0.1\\;/ d' /etc/nginx/nginx.conf\n sed -i '/real_ip_header X-Forwarded-For\\;/ d' /etc/nginx/nginx.conf\n\n service varnish stop\n sleep 2\n service nginx restart\n else\n #Revert Apache virtualhost ports to 80\n echo 'Changing port 8080 to 80 for vhosts in /etc/apache2/sites-available/'\n sed -i 's/:8080$/:80/' /etc/apache2/ports.conf\n sed -i 's/Listen 8080/Listen 80/' /etc/apache2/ports.conf\n sed -i 's/:8080>$/:80>/' /etc/apache2/sites-available/*\n\n service varnish stop\n sleep 2\n apache2ctl restart\n fi\n\n} # End function varnish_off\n\n# Start main program\nif [ ! -n \"$1\" ]; then\n echo \"\"\n\n echo -n \"$0\"\n echo -ne \"\\033[36m install\\033[0m\"\n echo \" - Installs and configures Varnish cache.\"\n\n echo -n \"$0\"\n echo -ne \"\\033[36m on\\033[0m\"\n echo \" - Starts Varnish. Changes vhost ports to 8080.\"\n\n echo -n \"$0\"\n echo -ne \"\\033[36m off\\033[0m\"\n echo \" - Stops Varnish. Reverts vhost ports back to 80.\"\n\n echo \"\"\n exit\nfi\n\ncase $1 in\ninstall)\n setup_varnish\n echo -e \"\\033[35;1m Varnish now installed and configured with a ${VARNISH_CACHE_SIZE} cache size. \\033[0m\"\n ;;\non)\n varnish_on\n echo -e \"\\033[35;1m Varnish now enabled. \\033[0m\"\n ;;\noff)\n varnish_off\n echo -e \"\\033[35;1m Varnish disabled. \\033[0m\"\n ;;\nesac\n" }, { "path": "wordpress.sh", "content": "#!/bin/bash\n\nsource ./options.conf\n\nFIND_PATH=\"/home/*/domains/*/public_html/\"\nAWK_DOMAIN_POS=\"5\"\n\n# Used variables\nDB_NAME=\"\"\nDB_USER=\"\"\nDB_USER_PASS=\"\"\nWP_FOLDER=\"\"\nDOMAIN=\"\"\nDOMAIN_OWNER=\"\"\nINSTALL_PATH=\"${DOMAIN}${WP_FOLDER}\"\nDOMAIN_URL=\"\"\n\nfunction check_mysql_installed {\n\n mysql=`which mysql`\n if [ -x $mysql ]; then\n echo \"MySQL server installed. OK.\"\n return 0\n else\n return 1\n fi\n\n} # End function check_mysql_installed\n\n\nfunction check_wordpress_exists {\n\n # Need to check if existing wordpress is installed on the desired path\n\n if [ -e $INSTALL_PATH/wp-config.php ]; then\n return 1\n else\n return 0\n fi\n\n} # End function check_wordpress_exists\n\nfunction check_database_exists {\n\n # Check if database already exists\n\n if [ -d /var/lib/mysql/$DB_NAME ]; then\n return 1\n else\n return 0\n fi\n\n} # End function check_database_exists\n\nfunction get_latest_wordpress {\n\n # Downlod latest wordpress version to tmp and extract\n mkdir /tmp/wordpress\n wget -O - http://wordpress.org/latest.tar.gz | tar zxf - -C /tmp/wordpress &> /dev/null\n\n # Create new path for wordpress and copy files to it\n mkdir $INSTALL_PATH &> /dev/null\n mv /tmp/wordpress/wordpress/* $INSTALL_PATH\n\n # Create wp-config.php file\n cp $INSTALL_PATH/{wp-config-sample.php,wp-config.php}\n chown -R $DOMAIN_OWNER:$DOMAIN_OWNER $DOMAIN\n\n # Edit wp-config.php file with mysql data\n sed -i 's/database_name_here/'${DB_NAME}'/' $INSTALL_PATH/wp-config.php\n sed -i 's/username_here/'${DB_USER}'/' $INSTALL_PATH/wp-config.php\n sed -i ' s/password_here/'${DB_USER_PASS}'/' $INSTALL_PATH/wp-config.php\n\n rm -rf /tmp/wordpress\n\n} # End function get_latest_wordpress\n\n\nfunction add_mysqldb_and_user {\n\n # Form SQL query string\n Q1=\"CREATE DATABASE IF NOT EXISTS $DB_NAME;\"\n Q2=\"GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost' IDENTIFIED BY '$DB_USER_PASS';\"\n Q3=\"FLUSH PRIVILEGES;\"\n SQL=\"${Q1}${Q2}${Q3}\"\n\n # Execute the query\n mysql -uroot -p$MYSQL_ROOT_PASSWORD -e \"$SQL\"\n\n} # End function add_mysqldb_and_user\n\n\nfunction find_available_domains {\n\n DOMAINS_AVAILABLE=0\n find $FIND_PATH -maxdepth 0 &> /dev/null\n\n # First check to see if there are domains available. Suppress exit status.\n if [ $? -eq 0 ]; then\n find $FIND_PATH -maxdepth 0 > /tmp/domain.txt\n DOMAINS_AVAILABLE=`cat /tmp/domain.txt | wc -l`\n fi\n\n if [ $DOMAINS_AVAILABLE -eq 0 ]; then\n echo \"No domains available for install. Please add a domain first.\"\n exit\n fi\n\n} # End function find_available_domains\n\nfunction new_or_existing_domain {\n\n echo \"Would you like to install wordpress on a new domain or an existing one?\"\n echo \"1. Existing\"\n echo \"2. New\"\n\n ADD_DOMAIN=\"a\"\n until [[ $ADD_DOMAIN =~ [0-9]+ ]]; do\n echo -n \"Selection :\"\n read ADD_DOMAIN\n done\n\n if [[ \"$ADD_DOMAIN\" = 2 ]]; then\n echo \"Please enter the domain you wish to add. Format is domain.tld.\"\n echo -n \"Domain : \"\n read DOMAIN_TO_BE_ADDED\n `/root/domainsetup.sh add $DOMAIN_TO_BE_ADDED &> /dev/null`\n fi\n\n} # End function new_or_existing_domain\n\n\nfunction generate_random_pass {\n\n LENGTH=\"10\"\n MATRIX=\"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz\"\n\n while [ \"${n:=1}\" -le \"$LENGTH\" ]; do\n PASS=\"$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}\"\n let n+=1\n done\n\n DB_USER_PASS=$PASS\n\n} # End function generate_random_pass\n\n\nfunction user_input {\n\n # Ask user which domain to install WP\n\n counter=1\n DOMAINS_AVAILABLE=`cat /tmp/domain.txt | wc -l`\n echo \"\"\n echo \"Select the domain you want to install wordpress on, 1 to $DOMAINS_AVAILABLE\"\n while read LINE; do\n data=`echo $LINE | awk -F\"/\" '{ print $'${AWK_DOMAIN_POS}' }'`\n echo \"$counter. $data\"\n let counter+=1\n done < \"/tmp/domain.txt\"\n\n let counter-=1\n\n # Make sure user inputs a valid domain\n SELECTDOMAIN=\"a\"\n until [[ \"$SELECTDOMAIN\" =~ [0-9]+ ]] && [ $SELECTDOMAIN -gt 0 ] && [ $SELECTDOMAIN -le $counter ]; do\n echo -n \"Selection (integer) : \"\n read SELECTDOMAIN\n done\n\n # Get full system path to domain\n DOMAIN=`cat /tmp/domain.txt | awk NR==$SELECTDOMAIN`\n\n # Get domain URL\n DOMAIN_URL=`cat /tmp/domain.txt | awk NR==$SELECTDOMAIN | awk -F\"/\" '{ print $'${AWK_DOMAIN_POS}' }'`\n\n # Get domain owner\n DOMAIN_OWNER=`cat /tmp/domain.txt | awk NR==$SELECTDOMAIN | awk -F\"/\" '{ print $3 }'`\n rm -rf /tmp/domain.txt\n\n # Ask database name for Wordpress\n echo \"\"\n echo \"Enter a database name for the wordpress install. E.g domainwp, wordpress, wpdomain\"\n DB_NAME=\"\"\n until [[ \"$DB_NAME\" =~ [0-9a-zA-Z]+ ]]; do\n echo -n \"Database name : \"\n read DB_NAME\n done\n\n # Ask folder name for Wordpress\n echo \"\"\n echo \"Specify a folder name if you wish to install wordpress to its own folder, \\\"wordpress\\\" is recommended. Leave blank to install to root directory.\"\n echo \"The root directory for your selected domain = $DOMAIN\"\n\n echo \"\"\n echo -n \"Folder name : \"\n read WP_FOLDER\n\n\n # Set database user the same as the database name\n DB_USER=$DB_NAME\n # Get full system path for installation\n INSTALL_PATH=\"${DOMAIN}${WP_FOLDER}\"\n\n} # End function user_input\n\n\n### Main Program Begins ###\n\n# First generate a random password for the mysql database\ngenerate_random_pass\n# Check to see if any domains are available, or exit\nfind_available_domains\n# Ask user database and folder settings\nuser_input\n\necho \"\"\necho \"\"\necho \"Wordpress setup is ready to begin. Please check to see if the entered details are correct.\"\necho \"\"\necho \"Install path = $INSTALL_PATH\"\necho \"Database name = $DB_NAME\"\necho \"Database user = $DB_USER\"\necho \"Database Password = $DB_USER_PASS (randomly generated)\"\necho \"\"\necho -n \"Is everything correct [y/n] : \"\n\nread DECISION\n\nif [[ \"$DECISION\" = [yY] ]]; then\n\n check_wordpress_exists\n if [ $? -eq 1 ]; then\n echo \"Wordpress already installed in your specified path. Exiting.\"\n exit\n fi\n\n check_database_exists\n if [ $? -eq 1 ]; then\n echo \"Database \\\"$DB_NAME\\\" already exists. Exiting.\"\n exit\n fi\n\n check_mysql_installed\n if [ $? -eq 1 ]; then\n echo \"MySQL is not installed. Exiting.\"\n exit\n fi\n\n echo \"\"\n echo \"Downloading latest version of wordpress...\"\n get_latest_wordpress\n echo \"Done.\"\n\n echo \"Setting up MySQL...\"\n add_mysqldb_and_user\n echo \"Done.\"\n echo \"\"\n\n echo \"Wordpress installed successfully!\"\n echo \"Please browse http://$DOMAIN_URL/$WP_FOLDER to complete the installation.\"\n\nelif [[ \"$DECISION\" = [nN] ]]; then\n echo \"Install aborted. Please run the script again if you want to restart the setup.\"\nfi\n" } ]