#!/bin/bash source /opt/webinoly/lib/general server_version() { conf_write server-version 1.0 } # Remove Intallation Files app_purge() { sudo rm $HOME/webinoly.tar sudo rm -rf /opt/webinoly/plugins } linux_optim() { if [[ $(conf_read linux-optim) == "true" ]]; then exit 1 fi if [[ -n $(conf_read fd-ratio) && $(conf_read fd-ratio) =~ ^[0-9]+$ && $(conf_read fd-ratio) -le "100" ]]; then local fdratio=$(conf_read fd-ratio) else local fdratio="30" fi if [[ -n $(conf_read nginx-fd-ratio) && $(conf_read nginx-fd-ratio) =~ ^[0-9]+$ && $(conf_read nginx-fd-ratio) -le "100" ]]; then local nginxfdratio=$(conf_read nginx-fd-ratio) else local nginxfdratio="65" fi if [[ -n $(conf_read max-mb-uploads) && $(conf_read max-mb-uploads) =~ ^[0-9]+$ ]]; then local maxuploads=$(conf_read max-mb-uploads) else local maxuploads="100" fi local ramkb=$(grep MemTotal /proc/meminfo | cut -f 2 -d ':' | tr -d ' ' | cut -f 1 -d 'k') local newfd=$((($ramkb*$fdratio)/100)) local nginxfd=$((($newfd*$nginxfdratio)/100)) local cachefd=$(($nginxfd/3)) local cacheram=$(($nginxfd/1024)) sudo sysctl -w fs.file-max=$newfd [ -d /etc/systemd/system/nginx.service.d ] || sudo mkdir /etc/systemd/system/nginx.service.d [ -a /etc/systemd/system/nginx.service.d/nofile_limit.conf ] || sudo touch /etc/systemd/system/nginx.service.d/nofile_limit.conf sudo echo "[Service] LimitNOFILE=$nginxfd" | tee -a /etc/systemd/system/nginx.service.d/nofile_limit.conf sudo sed -i "/worker_rlimit_nofile/c \worker_rlimit_nofile $nginxfd;" /etc/nginx/nginx.conf sudo sed -i "/client_max_body_size/c \ client_max_body_size ${maxuploads}m;" /etc/nginx/nginx.conf sudo sed -i "/open_file_cache max/c \ open_file_cache max=$cachefd inactive=5m;" /etc/nginx/nginx.conf sudo sed -i "/fastcgi_cache_path/c \fastcgi_cache_path /var/run/nginx-cache levels=1:2 keys_zone=WORDPRESS:50m max_size=${cacheram}m inactive=7d;" /etc/nginx/conf.d/fastcgi.conf #mkdir -p /var/run/nginx-cache #echo "tmpfs /var/run/nginx-cache tmpfs size=${cacheram}M,mode=0744,uid=www-data,gid=www-data 0 0" | sudo tee -a /etc/fstab #sudo mount /var/run/nginx-cache # Linux Optimization - https://www.linode.com/docs/web-servers/nginx/configure-nginx-for-optimized-performance sudo echo "# WebinolyStart - Don't delete fs.file-max = $newfd net.core.somaxconn = 65536 net.ipv4.tcp_max_tw_buckets = 1440000 net.ipv4.ip_local_port_range = 1024 65000 net.ipv4.tcp_fin_timeout = 20 net.ipv4.tcp_window_scaling = 1 net.ipv4.tcp_max_syn_backlog = 3240000 # WebinolyEnd" | tee -a /etc/sysctl.conf # https://www.cyberciti.biz/faq/linux-increase-the-maximum-number-of-open-files/ # https://ospi.fi/blog/centos-7-raise-nofile-limit-for-nginx.html # https://www.masv.io/boost-nginx-connection-limits/ # https://underyx.me/2015/05/18/raising-the-maximum-number-of-file-descriptors # sudo cat /proc/$(cat /run/nginx.pid)/limits - ver los recursos actuales del proceso main de nginx # sudo ps aux | grep nginx --- ver todos lo procesos corriendo con nginx user sudo sed -i "/End of file/i \# WebinolyStart - Don't delete" /etc/security/limits.conf sudo sed -i '/End of file/i \root - nofile 4096' /etc/security/limits.conf sudo sed -i '/End of file/i \* - nofile 4096' /etc/security/limits.conf sudo sed -i "/End of file/i \# WebinolyEnd" /etc/security/limits.conf swap_create sudo sysctl -p sudo systemctl daemon-reload sudo kill $(cat /run/nginx.pid) conf_write linux-optim true sudo nginx -t && sudo service nginx start } linux_purge() { if [[ $(conf_read linux-optim) == "true" ]]; then sudo sed -i '/WebinolyStart/,/WebinolyEnd/{/.*/d}' /etc/security/limits.conf sudo sed -i '/WebinolyStart/,/WebinolyEnd/{/.*/d}' /etc/sysctl.conf sudo rm -rf /etc/systemd/system/nginx.service.d sudo sed -i '/\/var\/run\/nginx-cache/d' /etc/fstab #sudo umount /var/run/nginx-cache sudo sysctl -p sudo systemctl daemon-reload conf_write linux-optim purged fi } messagend_install() { echo "${gre}" echo "" echo "*****************************************************************************************" echo "************ INSTALLATION HAS FINISHED SUCCESSFULLY ************" echo "*****************************************************************************************${end}" if [[ $1 == "dbpass" ]]; then local rootpass=$( echo $(conf_read mysql-root) | openssl enc -d -a -salt ) local adminpass=$( echo $(conf_read mysql-admin) | openssl enc -d -a -salt ) echo "${gre}*****************************************************************************************" echo "************ Save your DB access password in a secure place: ************" echo "************ root: ${rootpass} admin: ${adminpass} ************" echo "*****************************************************************************************" echo "${end}" fi } nginx_install() { if [[ ($(conf_read nginx-ppa) == "mainline" || $value == "mainline") && $value != "stable" ]]; then echo | sudo add-apt-repository ppa:nginx/development conf_write nginx-ppa mainline else echo | sudo add-apt-repository ppa:nginx/stable conf_write nginx-ppa stable fi pre_install sudo apt-get -y install nginx if [[ $(conf_read login-www-data) == "true" ]]; then sudo chown -R www-data:www-data /var/www sudo chown root:root /var/www fi sudo nginx -t && sudo service nginx start conf_write nginx true echo "${gre}Nginx has been installed successfully! ${end}" } php_install() { if [[ -n $(conf_read php-ver) && ($(conf_read php-ver) == "7.2" || $(conf_read php-ver) == "7.1" || $(conf_read php-ver) == "7.0" || $(conf_read php-ver) == "5.6") ]]; then echo "${gre} Custom PHP version '$(conf_read php-ver)' detected!${end}" else # Default PHP version conf_write php-ver 7.2 fi ver=$(conf_read php-ver) # Fix ondrej issue - https://github.com/oerdnj/deb.sury.org/issues/56 sudo apt-get install -y language-pack-en-base sudo LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php pre_install sudo apt-get -y install php${ver}-common php${ver}-cli php${ver}-fpm php${ver}-curl php${ver}-gd php${ver}-imap php${ver}-readline php${ver}-recode php${ver}-mysql php${ver}-mbstring php${ver}-bcmath php${ver}-mysql php${ver}-opcache php${ver}-zip php${ver}-xml php${ver}-soap php-imagick graphviz php-pear php-msgpack if [[ -n $ver && ($ver == "7.1" || $ver == "7.0" || $ver == "5.6") ]]; then # mcrypt deprecated in 7.2 sudo apt-get -y install php${ver}-mcrypt fi if [[ -n $ver && ($ver == "7.2" || $ver == "7.1" || $ver == "7.0") ]]; then # xdebug deprecated in 5.6 sudo apt-get -y install php-xdebug fi sudo cp /etc/php/$(conf_read php-ver)/fpm/php.ini /opt/webinoly/templates/source/ sudo cp /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf /opt/webinoly/templates/source/ conf_write php true echo "${gre}PHP has been installed successfully! ${end}" } mysql_install() { [[ $(conf_read mysql-client) != "true" ]] && mysql_client_install pre_install # debconf-utils for unattended scripts # debconf-get-selections | grep phpmyadmin <<-- list conf variables sudo apt-get -y install debconf-utils # Generate mysql user passwords local AUTOGENPASS_ROOT=`pwgen -s -1` local AUTOGENPASS_ADMIN=`pwgen -s -1` local enc_pass_root=$( echo $AUTOGENPASS_ROOT | openssl enc -a -salt ) local enc_pass_admin=$( echo $AUTOGENPASS_ADMIN | openssl enc -a -salt ) conf_write mysql-root $enc_pass_root conf_write mysql-admin $enc_pass_admin # MariaDB Installation echo "mariadb-server-10.2 mysql-server/root_password password $AUTOGENPASS_ROOT" | debconf-set-selections echo "mariadb-server-10.2 mysql-server/root_password_again password $AUTOGENPASS_ROOT" | debconf-set-selections sudo apt-get -y install mariadb-server #Instead of mysql_secure_installation we do this: (same but manually, because not acept unattended) #ALTER USER 'root'@'localhost' IDENTIFIED BY '${AUTOGENPASS_ROOT}'; <<<--- For MySQL 5.7.6 and newer as well as MariaDB 10.1.20 and newer instead of UPDATE sudo mysql --user=root -p$AUTOGENPASS_ROOT <<_EOF_ UPDATE mysql.user SET authentication_string = PASSWORD('${AUTOGENPASS_ROOT}') WHERE User = 'root' AND Host = 'localhost'; DELETE FROM mysql.user WHERE User=''; DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1'); DROP DATABASE IF EXISTS test; DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'; CREATE USER IF NOT EXISTS 'admin'@'localhost' IDENTIFIED BY '${AUTOGENPASS_ADMIN}'; GRANT ALL PRIVILEGES ON *.* TO 'admin'@'localhost' WITH GRANT OPTION; FLUSH PRIVILEGES; _EOF_ conf_write mysql true echo "${gre}MySQL has been installed successfully! ${end}" } #NGINX OPTIM nginx_optim() { sudo cp -R /opt/webinoly/templates/nginx/common /etc/nginx/common sudo cp -R /opt/webinoly/templates/nginx/conf.d/* /etc/nginx/conf.d/ sudo cat /opt/webinoly/templates/nginx/nginx.conf > /etc/nginx/nginx.conf sudo sed -i '/REQUEST_SCHEME/c \fastcgi_param SCRIPT_FILENAME $request_filename;' /etc/nginx/fastcgi_params sudo sed -i '/REDIRECT_STATUS/a \fastcgi_param HTTP_PROXY "";' /etc/nginx/fastcgi_params # Create Direct Access for easy navigation [ -L $HOME/sites-available ] || ln -s /etc/nginx/sites-available $HOME [ -L $HOME/www ] || ln -s /var/www $HOME # www-data sftp default uploads permissions 755 and 644, instead of 775 and 664. sudo sed -i '/USERGROUPS_ENAB/c \USERGROUPS_ENAB no' /etc/login.defs if [[ ! -a /etc/ssl/dhparam.pem ]]; then sudo openssl dhparam -out /etc/ssl/dhparam.pem 2048 sudo chmod 600 /etc/ssl/dhparam.pem fi linux_optim server_version conf_write nginx-optim true } # PHP OPTIM php_optim() { if [[ -n $(conf_read max-mb-uploads) && $(conf_read max-mb-uploads) =~ ^[0-9]+$ ]]; then local maxuploads=$(conf_read max-mb-uploads) else local maxuploads="100" fi sudo sed -i '/cgi.fix_pathinfo=/c\cgi.fix_pathinfo=0' /etc/php/$(conf_read php-ver)/fpm/php.ini sudo sed -i '/memory_limit =/c\memory_limit = 128M' /etc/php/$(conf_read php-ver)/fpm/php.ini sudo sed -i '/max_execution_time =/c\max_execution_time = 300' /etc/php/$(conf_read php-ver)/fpm/php.ini sudo sed -i '/expose_php =/c\expose_php = Off' /etc/php/$(conf_read php-ver)/fpm/php.ini sudo sed -i "/upload_max_filesize =/c\upload_max_filesize = ${maxuploads}M" /etc/php/$(conf_read php-ver)/fpm/php.ini sudo sed -i "/post_max_size =/c\post_max_size = ${maxuploads}M" /etc/php/$(conf_read php-ver)/fpm/php.ini sudo sed -i '/max_file_uploads =/c\max_file_uploads = 20' /etc/php/$(conf_read php-ver)/fpm/php.ini sudo sed -i '/date.timezone =/c\date.timezone = America/Mexico_City' /etc/php/$(conf_read php-ver)/fpm/php.ini sudo mkdir -p /var/log/php/$(conf_read php-ver) sudo touch /var/log/php/$(conf_read php-ver)/fpm.log sudo sed -i "/error_log =/c\error_log = /var/log/php/$(conf_read php-ver)/fpm.log" /etc/php/$(conf_read php-ver)/fpm/php-fpm.conf sudo sed -i '/log_level =/c\log_level = notice' /etc/php/$(conf_read php-ver)/fpm/php-fpm.conf sudo sed -i '/pm =/c\pm = ondemand' /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf sudo sed -i '/request_terminate_timeout =/c\request_terminate_timeout = 300' /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf sudo sed -i '/pm.max_spare_servers =/c\pm.max_spare_servers = 30' /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf sudo sed -i '/pm.min_spare_servers =/c\pm.min_spare_servers = 10' /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf sudo sed -i '/pm.start_servers =/c\pm.start_servers = 20' /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf sudo sed -i '/pm.max_children =/c\pm.max_children = 100' /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf sudo sed -i '/pm.max_requests =/c\pm.max_requests = 500' /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf sudo sed -i '/pm.status_path =/c\pm.status_path = /status' /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf sudo sed -i '/ping.path =/c\ping.path = /ping' /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf sudo sed -i '/listen = /c\listen = 127.0.0.1:9000' /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf sudo touch /var/log/php/$(conf_read php-ver)/slow.log sudo cp /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf /etc/php/$(conf_read php-ver)/fpm/pool.d/debug.conf sudo sed -i '/\[www\]/c\[debug]' /etc/php/$(conf_read php-ver)/fpm/pool.d/debug.conf sudo sed -i '/rlimit_core =/c\rlimit_core = unlimited' /etc/php/$(conf_read php-ver)/fpm/pool.d/debug.conf sudo sed -i "/slowlog =/c\slowlog = /var/log/php/$(conf_read php-ver)/slow.log" /etc/php/$(conf_read php-ver)/fpm/pool.d/debug.conf sudo sed -i '/request_slowlog_timeout =/c\request_slowlog_timeout = 10s' /etc/php/$(conf_read php-ver)/fpm/pool.d/debug.conf sudo sed -i '/listen = /c\listen = 127.0.0.1:9001' /etc/php/$(conf_read php-ver)/fpm/pool.d/debug.conf if [[ -n $ver && ($ver == "7.2" || $ver == "7.1" || $ver == "7.0") ]]; then # xdebug deprecated in 5.6 sudo echo 'php_admin_flag[xdebug.profiler_enable] = off' >> /etc/php/$(conf_read php-ver)/fpm/pool.d/debug.conf sudo echo 'php_admin_flag[xdebug.profiler_enable_trigger] = on' >> /etc/php/$(conf_read php-ver)/fpm/pool.d/debug.conf sudo echo 'php_admin_value[xdebug.profiler_output_name] = cachegrind.out.%p-%H-%R' >> /etc/php/$(conf_read php-ver)/fpm/pool.d/debug.conf sudo echo 'php_admin_value[xdebug.profiler_output_dir] = /tmp/' >> /etc/php/$(conf_read php-ver)/fpm/pool.d/debug.conf sudo sed -i '/zend_extension=/c\;zend_extension=xdebug.so' /etc/php/$(conf_read php-ver)/mods-available/xdebug.ini fi conf_write php-optim true sudo service php*-fpm reload } nginx_tool_site() { # Port 22222 tools site sudo site $(conf_read tools-port) -php sudo cp /opt/webinoly/templates/nginx/22222 /etc/nginx/sites-available/$(conf_read tools-port) sudo sed -i "s/22222/$(conf_read tools-port)/g" /etc/nginx/sites-available/$(conf_read tools-port) sudo service nginx reload } nginx_tool() { [[ -z $(conf_read tools-port) ]] && tools_port 22222 [[ $(conf_read php) == "true" ]] && nginx_tool_site # in case php was installed before nginx [[ $(conf_read php-tool) == "true" && ! -a /var/www/$(conf_read tools-port)/htdocs/php/index.php ]] && php_tool_site # Instalar Duply & Duplicity pre_install sudo apt-get -y install python-boto duplicity duply # Install LetsEncrypt sudo apt-get -y install letsencrypt conf_write web-tool true conf_write nginx-tool true } php_tool_site() { # Status pages sudo mkdir -p /var/www/$(conf_read tools-port)/htdocs/fpm/status sudo touch /var/www/$(conf_read tools-port)/htdocs/fpm/status/php sudo touch /var/www/$(conf_read tools-port)/htdocs/fpm/status/debug #PHP info site sudo mkdir -p /var/www/$(conf_read tools-port)/htdocs/php sudo touch /var/www/$(conf_read tools-port)/htdocs/php/index.php sudo echo '' >> /var/www/$(conf_read tools-port)/htdocs/php/index.php } php_tool() { # in case nginx was installed before php if [[ $(conf_read nginx-tool) == "true" && ! -a /etc/nginx/sites-available/$(conf_read tools-port) ]]; then nginx_tool_site fi if [[ $(conf_read nginx) == "true" ]]; then php_tool_site fi # Redis (Object Cache) echo | sudo add-apt-repository ppa:chris-lea/redis-server pre_install sudo apt-get -y install redis-server php-redis # Memcached (Object Cache) sudo apt-get -y install php-memcached php-memcache memcached # Postfix mail echo "postfix postfix/main_mailer_type select Internet Site" | debconf-set-selections echo "postfix postfix/mailname string $hostname" | debconf-set-selections sudo apt-get -y install postfix sudo service php*-fpm reload conf_write web-tool true conf_write php-tool true } mysql_tool() { #PhpMyAdmin unattended script installation local AUTOGENPASS_PMA=`pwgen -s -1` echo "phpmyadmin phpmyadmin/dbconfig-install boolean true" | debconf-set-selections echo "phpmyadmin phpmyadmin/reconfigure-webserver multiselect" | debconf-set-selections echo "phpmyadmin phpmyadmin/mysql/app-pass password $AUTOGENPASS_PMA" | debconf-set-selections echo "phpmyadmin phpmyadmin/app-password-confirm password $AUTOGENPASS_PMA" | debconf-set-selections #PhpMyAdmin Installation pre_install sudo apt-get -y install phpmyadmin [[ -d /usr/share/phpmyadmin ]] && sudo mv /usr/share/phpmyadmin /var/www/$(conf_read tools-port)/htdocs/pma conf_write mysql-tool true echo "${gre}PhpMyAdmin has been installed successfully! ${end}" } swap_delete() { local swapkb=$(grep SwapTotal /proc/meminfo | cut -f 2 -d ':' | tr -d ' ' | cut -f 1 -d 'k') if [[ -n $swapkb && $swapkb =~ ^[0-9]+$ && $swapkb -gt 0 && $(conf_read swap-owner) == "webinoly" ]]; then sudo swapoff -a -v > /dev/null sudo rm /swapfile sudo sed -i '/\/swapfile/d' /etc/fstab sudo sed -i '/vm.swappiness/d' /etc/sysctl.conf conf_delete swap-owner fi } swap_create() { local swapkb=$(grep SwapTotal /proc/meminfo | cut -f 2 -d ':' | tr -d ' ' | cut -f 1 -d 'k') local swap=$(($swapkb/1048000)) local ramkb=$(grep MemTotal /proc/meminfo | cut -f 2 -d ':' | tr -d ' ' | cut -f 1 -d 'k') local ram=$(($ramkb/1048000)) # Delete if new custom swap is found. if [[ -n $(conf_read swap-mem) && $(conf_read swap-mem) =~ ^[0-9]+$ && $(conf_read swap-mem) != $swapkb ]]; then swap_delete swapkb=$(grep SwapTotal /proc/meminfo | cut -f 2 -d ':' | tr -d ' ' | cut -f 1 -d 'k') fi if [[ -z $swapkb || $swapkb == "0" ]]; then if [[ -n $(conf_read swap-mem) && $(conf_read swap-mem) =~ ^[0-9]+$ ]]; then local newswap=$(conf_read swap-mem) elif [[ $ram -le 2 ]]; then local newswap="1" elif [[ $ram -le 6 ]]; then local newswap="2" elif [[ $ram -le 12 ]]; then local newswap="3" elif [[ $ram -le 16 ]]; then local newswap="4" elif [[ $ram -le 24 ]]; then local newswap="5" elif [[ $ram -le 32 ]]; then local newswap="6" elif [[ $ram -le 64 ]]; then local newswap="8" elif [[ $ram -le 128 ]]; then local newswap="11" else local newswap="0" fi if [[ -z $newswap || $newswap == 0 ]]; then echo "${red} [ERROR] Webinoly could not create a new Swap Partition! ${end}" else # Create SWAP Partition sudo dd if=/dev/zero of=/swapfile bs=${newswap}M count=1024 sudo chown root:root /swapfile sudo chmod 0600 /swapfile sudo mkswap /swapfile sudo swapon /swapfile sudo sed -i "/LABEL.*/a \/swapfile none swap sw 0 0" /etc/fstab echo 10 | sudo tee /proc/sys/vm/swappiness echo vm.swappiness = 10 | sudo tee -a /etc/sysctl.conf # Swap created by Webinoly - so we should remove it in uninstall conf_write swap-owner webinoly echo "${gre} A new SWAP Partion (${newswap}Gb) has been created! ${end}" fi else if [[ $(conf_read swap-owner) != "webinoly" ]]; then conf_write swap-owner system fi echo "${gre} SWAP Memory (${swap}Gb) detected!${end}" fi }