Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #! /bin/bash
- ####
- ## M2ADDON.SH
- ####
- #### ####
- ## Edit stuff below this point if you don't want defaults ##
- #### ####
- #Write your own domain in, just leave out the www
- #Can be left blank to use addon.com as a standin
- DOMAIN=$1
- #IP can be ext, int or write it in yourself
- IP="int"
- #Change SSL to "yes" if you want the nginx SSL section including
- SSL="no"
- #Check required PHP version (either 70 or 71)
- PHPV=""
- #### ####
- ## Don't edit stuff below here if you want the script to work ##
- #### ####
- unset HISTFILE
- ###
- # Variables 'n' shit
- ###
- if [ -z ${DOMAIN} ]
- then
- DOMAIN="addon.com"
- fi
- if [ "$IP" = "int" ]
- then
- IP=`ip a|egrep -m1 '(172\.|192.168\.|10\.0\.)'|awk '{print $2}'|sed -e 's_/.*__'`
- elif [ "$IP" = "ext" ]
- then
- IP=`curl -s icanhazip.com`
- fi
- ####
- # Pwgen to stop dependency issues with my broken sites
- ####
- yum install epel-release -y
- yum install pwgen --enablerepo=epel -y
- ####
- DOMNODOT=`echo $DOMAIN| sed 's/\.//g'`
- BACKEND=$(echo $(echo $DOMNODOT)backend)
- USERPASS=`pwgen -cn1`
- MYSQL=$(echo $DOMNODOT | sed -n 's/^\(......\).*/\1/p')
- MYSQL="${MYSQL}$(cat /dev/urandom | tr -dc '0-9a-zA-Z' | head -c 4)"
- MYSQLPASS=`pwgen -cn1`
- DBNAME=`echo $DOMNODOT|sed 's/-//g'`
- ###
- # Adding domain
- ###
- if [ "$SSL" = "no" ]; then
- echo "
- upstream $BACKEND {
- server unix:/var/run/php-fpm-$DOMNODOT.sock;
- }
- server {
- listen $IP:80;
- server_name $DOMAIN *.$DOMAIN;
- set \$MAGE_ROOT /var/www/vhosts/$DOMAIN/htdocs;
- include /etc/nginx/ssl_offloading.inc;
- root \$MAGE_ROOT/pub;
- index index.php;
- autoindex off;
- charset UTF-8;
- error_page 404 403 = /errors/404.php;
- #add_header \"X-UA-Compatible\" \"IE=Edge\";
- # PHP entry point for setup application
- location ~* ^/setup($|/) {
- root \$MAGE_ROOT;
- location ~ ^/setup/index.php {
- fastcgi_pass $BACKEND;
- fastcgi_index index.php;
- fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
- include fastcgi_params;
- }
- location ~ ^/setup/(?!pub/). {
- deny all;
- }
- location ~ ^/setup/pub/ {
- add_header X-Frame-Options \"SAMEORIGIN\";
- }
- }
- # PHP entry point for update application
- location ~* ^/update($|/) {
- root \$MAGE_ROOT;
- location ~ ^/update/index.php {
- fastcgi_split_path_info ^(/update/index.php)(/.+)$;
- fastcgi_pass $BACKEND;
- fastcgi_index index.php;
- fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
- fastcgi_param PATH_INFO \$fastcgi_path_info;
- include fastcgi_params;
- }
- # Deny everything but index.php
- location ~ ^/update/(?!pub/). {
- deny all;
- }
- location ~ ^/update/pub/ {
- add_header X-Frame-Options \"SAMEORIGIN\";
- }
- }
- location / {
- try_files \$uri \$uri/ /index.php?\$args;
- }
- # Block known bad bots
- if (\$http_user_agent ~* baidu|ahrefs|semrush|xovibot|360Spider|dotbot|genieo|megaindex\.ru|vagabondo|yandexbot|yelpspider|fatbot|tineye|blexbot|ascribebot|ia_archiver|moatbot|mixrankbot|orangebot|yoozbot|mj12bot|paperlibot|showyoubot|grapeshot|WeSee|haosouspider|spider|lexxebot|nutch) {
- return 403;
- }
- # Only allow GET - HEAD - POST requests
- if (\$request_method !~ ^(GET|HEAD|POST|PUT)$ ) {
- return 444;
- }
- location /pub/ {
- location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) {
- deny all;
- }
- alias \$MAGE_ROOT/pub/;
- add_header X-Frame-Options \"SAMEORIGIN\";
- }
- location /static/ {
- expires max;
- # Remove signature of the static files that is used to overcome the browser cache
- location ~ ^/static/version {
- rewrite ^/static/(version\d*/)?(.*)$ /static/\$2 last;
- }
- location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
- add_header Cache-Control \"public\";
- add_header X-Frame-Options \"SAMEORIGIN\";
- expires +1y;
- if (!-f \$request_filename) {
- rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=\$2 last;
- }
- }
- location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
- add_header Cache-Control \"no-store\";
- add_header X-Frame-Options \"SAMEORIGIN\";
- expires off;
- if (!-f \$request_filename) {
- rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=\$2 last;
- }
- }
- if (!-f \$request_filename) {
- rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=\$2 last;
- }
- add_header X-Frame-Options \"SAMEORIGIN\";
- }
- location /media/ {
- try_files \$uri \$uri/ /get.php?\$args;
- location ~ ^/media/theme_customization/.*\.xml {
- deny all;
- }
- location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
- add_header Cache-Control \"public\";
- add_header X-Frame-Options \"SAMEORIGIN\";
- expires +1y;
- try_files \$uri \$uri/ /get.php?\$args;
- }
- location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
- add_header Cache-Control \"no-store\";
- add_header X-Frame-Options \"SAMEORIGIN\";
- expires off;
- try_files \$uri \$uri/ /get.php?\$args;
- }
- add_header X-Frame-Options \"SAMEORIGIN\";
- }
- location /media/customer/ {
- deny all;
- }
- location /media/downloadable/ {
- deny all;
- }
- location /media/import/ {
- deny all;
- }
- # PHP entry point for main application
- location ~ (index|get|static|report|404|503)\.php$ {
- try_files \$uri =404;
- fastcgi_pass $BACKEND;
- fastcgi_buffers 1024 4k;
- fastcgi_param PHP_FLAG \"session.auto_start=off \\n suhosin.session.cryptua=off\";
- fastcgi_param PHP_VALUE \"memory_limit=768M \\n max_execution_time=600\";
- fastcgi_read_timeout 600s;
- fastcgi_connect_timeout 600s;
- #Uncomment the below to set multistore MAGE_RUN_CODE and MAGE_RUN_TYPE
- #fastcgi_param MAGE_RUN_CODE default;
- #fastcgi_param MAGE_RUN_TYPE store;
- fastcgi_index index.php;
- fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
- include fastcgi_params;
- }
- gzip on;
- gzip_disable \"msie6\";
- gzip_comp_level 6;
- gzip_min_length 1100;
- gzip_buffers 16 8k;
- gzip_proxied any;
- gzip_types
- text/plain
- text/css
- text/js
- text/xml
- text/javascript
- application/javascript
- application/x-javascript
- application/json
- application/xml
- application/xml+rss
- image/svg+xml;
- gzip_vary on;
- # Banned locations (only reached if the earlier PHP entry point regexes don't match)
- location ~* (\.php$|\.htaccess$|\.git) {
- deny all;
- }
- }
- " >> /etc/nginx/conf.d/$DOMAIN.conf
- else
- echo "
- upstream $BACKEND {
- server unix:/var/run/php-fpm-$DOMNODOT.sock;
- }
- server {
- listen $IP:80;
- listen $IP:443 ssl http2;
- server_name $DOMAIN *.$DOMAIN;
- set \$MAGE_ROOT /var/www/vhosts/$DOMAIN/htdocs;
- ssl_certificate /etc/nginx/ssl/$DOMAIN.crt;
- ssl_certificate_key /etc/nginx/ssl/$DOMAIN.key;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
- ssl_prefer_server_ciphers on;
- root \$MAGE_ROOT/pub;
- index index.php;
- autoindex off;
- charset UTF-8;
- error_page 404 403 = /errors/404.php;
- #add_header \"X-UA-Compatible\" \"IE=Edge\";
- # Block known bad bots
- if (\$http_user_agent ~* baidu|ahrefs|semrush|xovibot|360Spider|dotbot|genieo|megaindex\.ru|vagabondo|yandexbot|yelpspider|fatbot|tineye|blexbot|ascribebot|ia_archiver|moatbot|mixrankbot|orangebot|yoozbot|mj12bot|paperlibot|showyoubot|grapeshot|WeSee|haosouspider|spider|lexxebot|nutch) {
- return 403;
- }
- # PHP entry point for setup application
- location ~* ^/setup($|/) {
- root \$MAGE_ROOT;
- location ~ ^/setup/index.php {
- fastcgi_pass $BACKEND;
- fastcgi_index index.php;
- fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
- include fastcgi_params;
- }
- location ~ ^/setup/(?!pub/). {
- deny all;
- }
- location ~ ^/setup/pub/ {
- add_header X-Frame-Options \"SAMEORIGIN\";
- }
- }
- # PHP entry point for update application
- location ~* ^/update($|/) {
- root \$MAGE_ROOT;
- location ~ ^/update/index.php {
- fastcgi_split_path_info ^(/update/index.php)(/.+)$;
- fastcgi_pass $BACKEND;
- fastcgi_index index.php;
- fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
- fastcgi_param PATH_INFO \$fastcgi_path_info;
- include fastcgi_params;
- }
- # Deny everything but index.php
- location ~ ^/update/(?!pub/). {
- deny all;
- }
- location ~ ^/update/pub/ {
- add_header X-Frame-Options \"SAMEORIGIN\";
- }
- }
- location / {
- try_files \$uri \$uri/ /index.php?\$args;
- }
- location /pub/ {
- location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) {
- deny all;
- }
- alias \$MAGE_ROOT/pub/;
- add_header X-Frame-Options \"SAMEORIGIN\";
- }
- location /static/ {
- expires max;
- # Remove signature of the static files that is used to overcome the browser cache
- location ~ ^/static/version {
- rewrite ^/static/(version\d*/)?(.*)$ /static/\$2 last;
- }
- location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
- add_header Cache-Control \"public\";
- add_header X-Frame-Options \"SAMEORIGIN\";
- expires +1y;
- if (!-f \$request_filename) {
- rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=\$2 last;
- }
- }
- location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
- add_header Cache-Control \"no-store\";
- add_header X-Frame-Options \"SAMEORIGIN\";
- expires off;
- if (!-f \$request_filename) {
- rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=\$2 last;
- }
- }
- if (!-f \$request_filename) {
- rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=\$2 last;
- }
- add_header X-Frame-Options \"SAMEORIGIN\";
- }
- location /media/ {
- try_files \$uri \$uri/ /get.php?\$args;
- location ~ ^/media/theme_customization/.*\.xml {
- deny all;
- }
- location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
- add_header Cache-Control \"public\";
- add_header X-Frame-Options \"SAMEORIGIN\";
- expires +1y;
- try_files \$uri \$uri/ /get.php?\$args;
- }
- location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
- add_header Cache-Control \"no-store\";
- add_header X-Frame-Options \"SAMEORIGIN\";
- expires off;
- try_files \$uri \$uri/ /get.php?\$args;
- }
- add_header X-Frame-Options \"SAMEORIGIN\";
- }
- location /media/customer/ {
- deny all;
- }
- location /media/downloadable/ {
- deny all;
- }
- location /media/import/ {
- deny all;
- }
- # PHP entry point for main application
- location ~ (index|get|static|report|404|503)\.php$ {
- try_files \$uri =404;
- fastcgi_pass $BACKEND;
- fastcgi_buffers 1024 4k;
- fastcgi_param PHP_FLAG \"session.auto_start=off \\n suhosin.session.cryptua=off\";
- fastcgi_param PHP_VALUE \"memory_limit=768M \\n max_execution_time=600\";
- fastcgi_read_timeout 600s;
- fastcgi_connect_timeout 600s;
- #Uncomment the below to set multistore MAGE_RUN_CODE and MAGE_RUN_TYPE
- #fastcgi_param MAGE_RUN_CODE default;
- #fastcgi_param MAGE_RUN_TYPE store;
- fastcgi_index index.php;
- fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
- include fastcgi_params;
- }
- gzip on;
- gzip_disable \"msie6\";
- gzip_comp_level 6;
- gzip_min_length 1100;
- gzip_buffers 16 8k;
- gzip_proxied any;
- gzip_types
- text/plain
- text/css
- text/js
- text/xml
- text/javascript
- application/javascript
- application/x-javascript
- application/json
- application/xml
- application/xml+rss
- image/svg+xml;
- gzip_vary on;
- # Banned locations (only reached if the earlier PHP entry point regexes don't match)
- location ~* (\.php$|\.htaccess$|\.git) {
- deny all;
- }
- }
- " >> /etc/nginx/conf.d/$DOMAIN.conf
- mkdir -p /etc/nginx/ssl
- #generate self signed for placeholder
- openssl genrsa 1024 > /etc/nginx/ssl/$DOMAIN.key
- openssl req -new -key /etc/nginx/ssl/$DOMAIN.key -x509 -days 365 -out /etc/nginx/ssl/$DOMAIN.crt -batch
- fi
- mkdir -p /var/www/vhosts/$DOMAIN/htdocs
- mkdir -p /var/www/vhosts/$DOMAIN/htdocs/pub
- useradd -d /var/www/vhosts/$DOMAIN -s /sbin/nologin $DOMAIN
- usermod -a -G $DOMAIN $(ps awux | grep nginx | egrep -v "grep|master" | awk '{print $1}' | sort | uniq)
- echo $USERPASS|passwd --stdin $DOMAIN
- touch /var/www/vhosts/$DOMAIN/phpfpm-slow.log
- touch /var/www/vhosts/$DOMAIN/phpfpm-error.log
- chown -R $DOMAIN:$DOMAIN /var/www/vhosts/$DOMAIN
- ###
- # PHP time
- ###
- echo "
- [$DOMNODOT]
- listen = '/var/run/php-fpm-$DOMNODOT.sock'
- ;listen.backlog = -1
- listen.allowed_clients = 127.0.0.1
- listen.owner = nginx
- listen.group = nginx
- ;listen.mode = 0666
- user = $DOMAIN
- group = $DOMAIN
- pm = dynamic
- pm.max_children = 100
- pm.start_servers = 5
- pm.min_spare_servers = 5
- pm.max_spare_servers = 20
- pm.max_requests = 500
- ;pm.status_path = /status
- ;request_terminate_timeout = 0
- ;request_slowlog_timeout = 0
- slowlog = /var/www/vhosts/$DOMAIN/phpfpm-slow.log
- php_admin_value[error_log] = /var/www/vhosts/$DOMAIN/phpfpm-error.log
- php_admin_flag[log_errors] = on
- " >> /etc/php-fpm.d/$DOMNODOT.conf
- ###
- # Create backups of php before doing install/upgrade
- ###
- mkdir /root/php_upgrade_backup/
- php -v > /root/php_upgrade_backup/version
- php -m > /root/php_upgrade_backup/modules
- php -i > /root/php_upgrade_backup/info
- rpm -qa | grep -i php > /root/php_upgrade_backup/rpms
- cp -r /etc/php.d/ /root/php_upgrade_backup/
- cp -r /etc/php-fpm.conf /root/php_upgrade_backup/
- cp -r /etc/php-fpm.d/ /root/php_upgrade_backup/
- cp /etc/php.ini /root/php_upgrade_backup/
- ###
- # Installing/upgrading PHP to required version
- ###
- if [ "$PHPV" = "70" ];
- then
- wget http://rpms.remirepo.net/enterprise/remi-release-7.rpm && rpm -Uvh remi-release-7.rpm && rm -f remi-release-7.rpm
- sed -i 's/enabled\=1/enabled\=0/g' /etc/yum.repos.d/ius.repo
- yum remove '*php*' -y
- yum install --enablerepo=remi-php70,remi,epel php php-pdo php-mysqlnd php-opcache php-xml php-mcrypt php-gd php-devel php-mysql php-intl php-mbstring php-bcmath php-json php-iconv php-pecl-redis php-fpm php-zip php-soap -y
- elif [ "$PHPV" = "71" ]
- then
- wget http://rpms.remirepo.net/enterprise/remi-release-7.rpm && rpm -Uvh remi-release-7.rpm && rm -f remi-release-7.rpm
- sed -i 's/enabled\=1/enabled\=0/g' /etc/yum.repos.d/ius.repo
- yum remove '*php*' -y
- yum install --enablerepo=remi-php71,remi,epel php php-pdo php-mysqlnd php-opcache php-xml php-mcrypt php-gd php-devel php-mysql php-intl php-mbstring php-bcmath php-json php-iconv php-pecl-redis php-fpm php-zip php-soap -y
- fi
- #Configure opcache for Magento 2+
- sed -i 's/opcache.memory_consumption=128/opcache.memory_consumption=512/g' /etc/php.d/*opcache.ini
- sed -i 's/opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=12/g' /etc/php.d/*opcache.ini
- sed -i 's/opcache.max_accelerated_files=4000/opcache.max_accelerated_files=60000/g' /etc/php.d/*opcache.ini
- sed -i 's/;opcache.save_comments=0/opcache.save_comments=1/g' /etc/php.d/*opcache.ini
- sed -i 's/;opcache.load_comments=1/opcache.load_comments=1/g' /etc/php.d/*opcache.ini
- sed -i 's/;opcache.enable_file_override=0/opcache.enable_file_override=1/g' /etc/php.d/*opcache.ini
- #php.ini
- cp /etc/php.ini /root/php.ini.default
- sed -ie "s_;date.timezone =_date.timezone = \"Europe/London\"_g" /etc/php.ini
- sed -ie "s/memory_limit = 128M/memory_limit = 512M/" /etc/php.ini
- sed -ie "s/max_execution_time = 30/max_execution_time = 1800/" /etc/php.ini
- sed -ie "s/max_input_time = 60/max_input_time = 90/" /etc/php.ini
- sed -ie "s/short_open_tag = Off/short_open_tag = On/" /etc/php.ini
- sed -ie "s/;always_populate_raw_post_data = On/always_populate_raw_post_data = -1/" /etc/php.ini
- sed -ie "s/expose_php = On/expose_php = Off/" /etc/php.ini
- sed -ie "s/upload_max_filesize = 2M/upload_max_filesize = 8M/" /etc/php.ini
- #Stopping the default PHP pool from running and enabling php-fpm
- echo ";Default file, please don't remove" > /etc/php-fpm.d/www.conf
- ###
- # Create a default DB
- ###
- echo "CREATE DATABASE $DBNAME;" | mysql
- echo "GRANT ALL PRIVILEGES ON $DBNAME.* TO '$MYSQL'@'localhost' IDENTIFIED BY '$MYSQLPASS';" | mysql
- echo "FLUSH PRIVILEGES;" | mysql
- ###
- # Start it all up
- ###
- service nginx reload
- service php-fpm reload
- ###
- # Installing Composer
- ###
- curl -sS https://getcomposer.org/installer | php
- mv composer.phar /usr/local/bin/composer
- echo "
- # $DOMAIN now set up
- # Their username is $DOMAIN
- # Their password is $USERPASS
- #
- # Their database name is $DBNAME
- # Their DB username is $MYSQL
- # Their DB password is $MYSQLPASS
- " >> /root/finished$DOMAIN
- cat /root/finished$DOMAIN
- if [ "$SSL" = "yes" ]
- then
- echo "
- # Self signed SSL certificates generated in the following location:
- # /etc/nginx/ssl/$DOMNODOT.key
- # /etc/nginx/ssl/$DOMNODOT.crt
- # So don't forget to replace them with legit ones
- " >> /root/finished$DOMAIN
- fi
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement