diff --git a/.env.dist b/.env.dist index 4a435a15..8c7f310b 100644 --- a/.env.dist +++ b/.env.dist @@ -136,10 +136,11 @@ NGX_HTTP_LUA=false # LuaJIT2 version from here https://github.com/openresty/luajit2/tags # Lua Resty Core version from here https://github.com/openresty/lua-resty-core # Lua Resty LRU Cache version from here https://github.com/openresty/lua-resty-lrucache -LUA_JIT_VERSION="v2.1-20220111" -LUA_NGINX_MODULE_VERSION="v0.10.20" -LUA_RESTY_CORE_VERSION="v0.1.22" -LUA_RESTY_LRUCACHE_VERSION="v0.11" +LUA_JIT_VERSION="v2.1-20240626" +LUA_RESTY_CORE_VERSION="v0.1.28" +LUA_RESTY_LRUCACHE_VERSION="v0.13" +LUA_NGINX_MODULE_VERSION="v0.10.26" +LUA_NGINX_STREAM_MODULE_VERSION="master" NGX_HTTP_PASSENGER=false NGX_HTTP_REDIS2=false @@ -351,4 +352,4 @@ INSTALL_FAIL2BAN=false # Available installer: repo | source. FAIL2BAN_INSTALLER="repo" -FAIL2BAN_VERSION="1.0.2" +FAIL2BAN_VERSION="1.1.0" diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 7cbdf048..ed131430 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -28,7 +28,7 @@ jobs: sed -i "s/FORCE_REMOVE=false/FORCE_REMOVE=true/g" .env sed -i "s/LEMPER_ADMIN_EMAIL=\"mail@example.com\"/LEMPER_ADMIN_EMAIL=\"me@masedi.net\"/g" .env sed -i "s/NGINX_INSTALLER=\"source\"/NGINX_INSTALLER=\"repo\"/g" .env - sed -i "s/NGX_PAGESPEED=false/NGINX_INSTALLER=true/g" .env + sed -i "s/NGX_PAGESPEED=true/NGX_PAGESPEED=false/g" .env sed -i "s/INSTALL_PHP_LOADER=false/INSTALL_PHP_LOADER=true/g" .env sed -i "s/PHP_LOADER=\"none\"/PHP_LOADER=\"ioncube\"/g" .env sed -i "s/IMAGEMAGICK_INSTALLER=\"source\"/IMAGEMAGICK_INSTALLER=\"repo\"/g" .env @@ -94,7 +94,7 @@ jobs: sed -i "s/FORCE_REMOVE=false/FORCE_REMOVE=true/g" .env sed -i "s/LEMPER_ADMIN_EMAIL=\"mail@example.com\"/LEMPER_ADMIN_EMAIL=\"me@masedi.net\"/g" .env sed -i "s/NGINX_INSTALLER=\"source\"/NGINX_INSTALLER=\"repo\"/g" .env - sed -i "s/NGX_PAGESPEED=false/NGINX_INSTALLER=true/g" .env + sed -i "s/NGX_PAGESPEED=true/NGX_PAGESPEED=false/g" .env sed -i "s/INSTALL_PHP_LOADER=false/INSTALL_PHP_LOADER=true/g" .env sed -i "s/PHP_LOADER=\"none\"/PHP_LOADER=\"ioncube\"/g" .env sed -i "s/IMAGEMAGICK_INSTALLER=\"source\"/IMAGEMAGICK_INSTALLER=\"repo\"/g" .env diff --git a/bin/lemper-cli.sh b/bin/lemper-cli.sh index 8b5857f9..9995212b 100644 --- a/bin/lemper-cli.sh +++ b/bin/lemper-cli.sh @@ -162,9 +162,12 @@ Usage: ${PROG_NAME} [--version] [--help] [] These are common ${PROG_NAME} commands used in various situations: - create Create new virtual host (add new domain to LEMPer stack). - db Wrapper for managing SQL database (MySQL and MariaDB). - manage Manage existing virtual host (enable, disable, delete, etc). + create Create new virtual host (add new domain to LEMPer stack). + add An aliases of 'create' sub command. + database Wrapper for managing SQL database (MySQL and MariaDB). + db An aliases of 'databases' sub command. + manage Manage existing virtual host (enable, disable, delete, etc). + mod An aliases of 'manage' sub command. For help with each command run: ${PROG_NAME} -h | --help diff --git a/etc/init.d/mariadb b/etc/init.d/mariadb new file mode 100755 index 00000000..ff94ec5c --- /dev/null +++ b/etc/init.d/mariadb @@ -0,0 +1,243 @@ +#!/bin/bash +# +### BEGIN INIT INFO +# Provides: mariadb +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Should-Start: $network $named $time +# Should-Stop: $network $named $time +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start and stop the mysql database server daemon +# Description: Controls the main MariaDB database server daemon "mariadbd" +# and its wrapper script "mysqld_safe". +### END INIT INFO +# +set -e +set -u +${DEBIAN_SCRIPT_DEBUG:+ set -v -x} + +test -x /usr/sbin/mariadbd || exit 0 + +. /lib/lsb/init-functions + +SELF=$(cd "$(dirname $0)"; pwd -P)/$(basename $0) + +if [ -f /usr/bin/mariadb-admin ] +then + MYADMIN="/usr/bin/mariadb-admin --defaults-file=/etc/mysql/debian.cnf" +elif [ -f /usr/bin/mysqladmin ] +then + MYADMIN="/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf" +else + log_failure_msg "Command mariadb-admin/mysqladmin not found! This SysV init script depends on it." + exit -1 +fi + +if [ ! -x /usr/bin/mariadbd-safe ] +then + log_failure_msg "/usr/bin/mariadbd-safe not found or executable! This SysV init script depends on it." + exit -1 +fi + +# priority can be overridden and "-s" adds output to stderr +ERR_LOGGER="logger -p daemon.err -t /etc/init.d/mariadb -i" + +if [ -f /etc/default/mysql ]; then + . /etc/default/mysql +fi + +# Also source default/mariadb in case the installation was upgraded from +# packages originally installed from MariaDB.org repositories, which have +# had support for reading /etc/default/mariadb since March 2016. +if [ -f /etc/default/mariadb ]; then + . /etc/default/mariadb +fi + +# Safeguard (relative paths, core dumps..) +cd / +umask 077 + +# mysqladmin likes to read /root/.my.cnf. This is usually not what I want +# as many admins e.g. only store a password without a username there and +# so break my scripts. +export HOME=/etc/mysql/ + +## Fetch a particular option from mysql's invocation. +# +# Usage: void mariadbd_get_param option +mariadbd_get_param() { + /usr/sbin/mariadbd --print-defaults \ + | tr " " "\n" \ + | grep -- "--$1" \ + | tail -n 1 \ + | cut -d= -f2 +} + +## Do some sanity checks before even trying to start mariadbd. +sanity_checks() { + # check for config file + if [ ! -r /etc/mysql/my.cnf ]; then + log_warning_msg "$0: WARNING: /etc/mysql/my.cnf cannot be read. See README.Debian.gz" + echo "WARNING: /etc/mysql/my.cnf cannot be read. See README.Debian.gz" | $ERR_LOGGER + fi + + # check for diskspace shortage + datadir=`mariadbd_get_param datadir` + + # If datadir location is not changed int configuration + # then it's not printed with /usr/sbin/mariadbd --print-defaults + # then we use 'sane' default. + if [ -z "$datadir" ] + then + datadir="/var/lib/mysql" + fi + + # Check if there datadir location is available and + # fail if it's not + if [ ! -d "$datadir" ] + then + log_failure_msg "$0: ERROR: Can't locate MariaDB installation location $datadir" + echo "ERROR: Can't locate MariaDB installation location $datadir" | $ERR_LOGGER + exit 1 + fi + + # As preset blocksize of GNU df is 1024 then available bytes is $df_available_blocks * 1024 + # 4096 blocks is then lower than 4 MB + df_available_blocks="$(LC_ALL=C BLOCKSIZE='' df --output=avail "$datadir" | tail -n 1)" + if [ "$df_available_blocks" -lt "4096" ]; then + log_failure_msg "$0: ERROR: The partition with $datadir is too full!" + echo "ERROR: The partition with $datadir is too full!" | $ERR_LOGGER + exit 1 + fi +} + +## Checks if there is a server running and if so if it is accessible. +# +# check_alive insists on a pingable server +# check_dead also fails if there is a lost mariadbd in the process list +# +# Usage: boolean mariadbd_status [check_alive|check_dead] [warn|nowarn] +mariadbd_status () { + ping_output=`$MYADMIN ping 2>&1`; ping_alive=$(( ! $? )) + + ps_alive=0 + pidfile=`mariadbd_get_param pid-file` + if [ -f "$pidfile" ] && ps `cat $pidfile` >/dev/null 2>&1; then ps_alive=1; fi + + if [ "$1" = "check_alive" -a $ping_alive = 1 ] || + [ "$1" = "check_dead" -a $ping_alive = 0 -a $ps_alive = 0 ]; then + return 0 # EXIT_SUCCESS + else + if [ "$2" = "warn" ]; then + echo -e "$ps_alive processes alive and '$MYADMIN ping' resulted in\n$ping_output\n" | $ERR_LOGGER -p daemon.debug + fi + return 1 # EXIT_FAILURE + fi +} + +# +# main() +# + +case "${1:-''}" in + + 'start') + sanity_checks; + # Start daemon + log_daemon_msg "Starting MariaDB database server" "mariadbd" + if mariadbd_status check_alive nowarn; then + log_progress_msg "already running" + log_end_msg 0 + else + # Could be removed during boot + test -e /run/mysqld || install -m 755 -o mysql -g root -d /run/mysqld + + # Start MariaDB! + /usr/bin/mariadbd-safe "${@:2}" 2>&1 >/dev/null | $ERR_LOGGER & + + for i in $(seq 1 "${MYSQLD_STARTUP_TIMEOUT:-30}"); do + sleep 1 + if mariadbd_status check_alive nowarn ; then break; fi + log_progress_msg "." + done + if mariadbd_status check_alive warn; then + log_end_msg 0 + # Now start mysqlcheck or whatever the admin wants. + output=$(/etc/mysql/debian-start) + if [ -n "$output" ]; then + log_action_msg "$output" + fi + else + log_end_msg 1 + log_failure_msg "Please take a look at the syslog" + fi + fi + ;; + + 'stop') + # * As a passwordless mysqladmin (e.g. via ~/.my.cnf) must be possible + # at least for cron, we can rely on it here, too. (although we have + # to specify it explicit as e.g. sudo environments points to the normal + # users home and not /root) + log_daemon_msg "Stopping MariaDB database server" "mariadbd" + if ! mariadbd_status check_dead nowarn; then + set +e + shutdown_out=`$MYADMIN shutdown 2>&1`; r=$? + set -e + if [ "$r" -ne 0 ]; then + log_end_msg 1 + [ "$VERBOSE" != "no" ] && log_failure_msg "Error: $shutdown_out" + log_daemon_msg "Killing MariaDB database server by signal" "mariadbd" + killall -15 mariadbd + server_down= + for i in `seq 1 600`; do + sleep 1 + if mariadbd_status check_dead nowarn; then server_down=1; break; fi + done + if test -z "$server_down"; then killall -9 mariadbd; fi + fi + fi + + if ! mariadbd_status check_dead warn; then + log_end_msg 1 + log_failure_msg "Please stop MariaDB manually and read /usr/share/doc/mariadb-server-10.6/README.Debian.gz!" + exit -1 + else + log_end_msg 0 + fi + ;; + + 'restart') + set +e; $SELF stop; set -e + shift + $SELF start "${@}" + ;; + + 'reload'|'force-reload') + log_daemon_msg "Reloading MariaDB database server" "mariadbd" + $MYADMIN reload + log_end_msg 0 + ;; + + 'status') + if mariadbd_status check_alive nowarn; then + log_action_msg "$($MYADMIN version)" + else + log_action_msg "MariaDB is stopped." + exit 3 + fi + ;; + + 'bootstrap') + # Bootstrap the cluster, start the first node + # that initiates the cluster + log_daemon_msg "Bootstrapping the cluster" "mariadbd" + $SELF start "${@:2}" --wsrep-new-cluster + ;; + + *) + echo "Usage: $SELF start|stop|restart|reload|force-reload|status" + exit 1 + ;; +esac diff --git a/etc/nginx/fastcgi_cache b/etc/nginx/fastcgi_cache index 9f1b1f76..9abeaf6a 100644 --- a/etc/nginx/fastcgi_cache +++ b/etc/nginx/fastcgi_cache @@ -1,13 +1,16 @@ ## Include this file if you want to use fastcgi_cache across many sites. # Designed to be included in /etc/nginx/nginx.conf http {} block. -fastcgi_cache_path /var/cache/nginx/fastcgi_cache levels=1:2 keys_zone=LEMPERCACHE:200m max_size=10g inactive=2h; +# TODO: move fastcgi_cache_path to fastcgi_cache_path.config (for multi vhost cache path key). +#fastcgi_cache_path /var/cache/nginx/fastcgi_cache levels=1:2 keys_zone=LEMPERCACHE:100m max_size=1g inactive=60m use_temp_path=off; +include /etc/nginx/includes/fastcgi_cache_path.conf; + fastcgi_cache_key "$scheme$request_method$host$request_uri"; fastcgi_cache_revalidate on; -fastcgi_cache_background_update on; +fastcgi_cache_use_stale error timeout invalid_header updating http_500 http_503; -# FastCGI Log Format -log_format cache '$remote_addr - $upstream_cache_status [$time_local] ' +# FastCGI Log Format. +log_format lp_cache '$remote_addr - X-FastCGI-Cache $upstream_cache_status [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent"'; @@ -15,15 +18,17 @@ log_format cache '$remote_addr - $upstream_cache_status [$time_local] ' ## Initialize default caching conditions. ## # Purge cache for request method. +# Ref: https://github.com/nginx-modules/ngx_cache_purge?tab=readme-ov-file#uwsgi_cache_purge map $request_method $purge_method { - default 0; - PURGE 1; + default off; + PURGE on; } # Skip caching for request method. map $request_method $skip_cache { default 0; POST 1; + PURGE 1; } # Skip caching for mobile device. @@ -39,4 +44,5 @@ map $http_user_agent $is_mobile { map $request_method $cache_uri { default $request_uri; POST "null cache"; + PURGE "null cache"; } diff --git a/etc/nginx/includes/fastcgi.conf b/etc/nginx/includes/fastcgi.conf index 27aa5e17..de1e2094 100644 --- a/etc/nginx/includes/fastcgi.conf +++ b/etc/nginx/includes/fastcgi.conf @@ -3,9 +3,9 @@ fastcgi_intercept_errors on; fastcgi_ignore_client_abort off; -fastcgi_connect_timeout 120s; -fastcgi_send_timeout 120s; -fastcgi_read_timeout 120s; +fastcgi_connect_timeout 300s; +fastcgi_send_timeout 300s; +fastcgi_read_timeout 300s; fastcgi_buffer_size 128k; fastcgi_buffers 128 128k; fastcgi_busy_buffers_size 128k; diff --git a/etc/nginx/includes/fastcgi_cache.conf b/etc/nginx/includes/fastcgi_cache.conf index 7b14c68e..ea3c368e 100644 --- a/etc/nginx/includes/fastcgi_cache.conf +++ b/etc/nginx/includes/fastcgi_cache.conf @@ -1,11 +1,14 @@ ## FastCGI cache. -# Designed to be included in any http, server, location block. +# Designed to be included in any server, location block. +# TODO: move fastcgi_cache to vhost config directly (for multi vhost cache path key). fastcgi_cache LEMPERCACHE; -fastcgi_cache_valid 200 301 302 2h; -fastcgi_cache_valid 404 1m; -fastcgi_cache_valid any 2h; -fastcgi_cache_use_stale error timeout invalid_header updating http_500 http_503; + +fastcgi_cache_background_update on; +fastcgi_cache_valid 200 60m; +fastcgi_cache_valid 301 302 10m; +#fastcgi_cache_valid 404 10m; +fastcgi_cache_valid any 60m; fastcgi_cache_min_uses 1; fastcgi_cache_lock on; @@ -14,14 +17,15 @@ fastcgi_cache_bypass $http_pragma $http_authorization; fastcgi_no_cache $skip_cache $is_mobile; fastcgi_no_cache $http_pragma $http_authorization; +# Ref: https://github.com/nginx-modules/ngx_cache_purge?tab=readme-ov-file#uwsgi_cache_purge fastcgi_cache_purge $purge_method; # Ignore header (Added Pragma, crosscheck first) -fastcgi_ignore_headers Cache-Control Expires Set-Cookie; - -# Header status -add_header X-FastCGI-Cache $upstream_cache_status; +fastcgi_ignore_headers Cache-Control Expires Set-Cookie X-Accel-Expires Vary; # Designed to be used with Nginx Cache Controller WP plugin #fastcgi_pass_header "X-Accel-Redirect"; #fastcgi_pass_header "X-Accel-Expires"; + +# Header status +add_header X-FastCGI-Cache $upstream_cache_status; diff --git a/etc/nginx/includes/fastcgi_cache_path.conf b/etc/nginx/includes/fastcgi_cache_path.conf new file mode 100644 index 00000000..569531d9 --- /dev/null +++ b/etc/nginx/includes/fastcgi_cache_path.conf @@ -0,0 +1,7 @@ +## Include this file if you want to use fastcgi_cache across many sites. +# Designed to be included in /etc/nginx/includes/fastcgi_cache.conf http {} block. + +# Default FastCGI cache path. +fastcgi_cache_path /var/cache/nginx/fastcgi_cache levels=1:2 keys_zone=LEMPERCACHE:100m max_size=1g inactive=60m use_temp_path=off; + +## Add your vhost specific FastCGI cache path here ## diff --git a/etc/nginx/includes/rules_fastcgi_cache.conf b/etc/nginx/includes/rules_fastcgi_cache.conf index ed64781f..8f92f7b8 100644 --- a/etc/nginx/includes/rules_fastcgi_cache.conf +++ b/etc/nginx/includes/rules_fastcgi_cache.conf @@ -7,12 +7,6 @@ # WP Supercache related stuff. #set $cache_uri $request_uri; -# POST requests and urls with a query string should always go to PHP. -#if ($request_method = POST) { -# set $skip_cache 1; -# set $cache_uri "null cache"; -#} - # Skip caching if query string not empty. if ($query_string != "") { set $skip_cache 1; @@ -58,7 +52,7 @@ if ($request_uri ~* "^(/addons.*|/basket.*|/cart.*|/checkout.*|/my-account.*|/sh } # Skip caching for logged in users or recent commenters. -if ($http_cookie ~* "(comment_author|wp-postpass|wordpress_no_cache|wordpress_logged_in|users_login_cookie|wordpress_[a-f0-9]+)") { +if ($http_cookie ~* "(comment_author|wp-postpass|wordpress_no_cache|wordpress_logged_in|users_login_cookie|wordpress_[a-f0-9]+|edd_items_in_cart|woocommerce_items_in_cart)") { set $skip_cache 1; set $cache_uri "null cache"; } @@ -77,15 +71,33 @@ if ($cookie_woocommerce_items_in_cart = "1") { ## Purging FastCGI cache ## -# Purge uri. -location ~ ^/(.*)/purge { +# Purge URI. +# Usage: curl -X GET $scheme://$host/$1/purge +location ~ /purge(/.*) { allow 127.0.0.1; - #allow SERVER_IP; + #allow SERVER_IPV4; + allow ::1; + #allow SERVER_IPV6; deny all; access_log off; log_not_found off; + cache_purge_response_type json; fastcgi_cache_purge LEMPERCACHE "$scheme$request_method$host$1"; - return 301 $scheme://$host/$1; + #return 301 $scheme://$host/$1; +} + +# Purge all URIs. +location ~* ^/purge-all { + allow 127.0.0.1; + #allow SERVER_IPV4; + allow ::1; + #allow SERVER_IPV6; + deny all; + access_log off; + log_not_found off; + cache_purge_response_type json; + fastcgi_cache LEMPERCACHE; + #fastcgi_cache_purge PURGE purge_all from 127.0.0.1 ::1 allow_SERVER_IP; } ## You may add your own FastCGI cache rules here... diff --git a/etc/nginx/includes/rules_security.conf b/etc/nginx/includes/rules_security.conf index fec579ce..7812d14e 100644 --- a/etc/nginx/includes/rules_security.conf +++ b/etc/nginx/includes/rules_security.conf @@ -4,7 +4,7 @@ # Add Security Headers. add_header X-Content-Type-Options "nosniff" always; add_header X-Frame-Options "SAMEORIGIN" always; -add_header X-Xss-Protection "1; mode=block" always; +add_header X-XSS-Protection "1; mode=block" always; # Limit request limit_req_status 444; diff --git a/etc/nginx/includes/rules_staticfiles.conf b/etc/nginx/includes/rules_staticfiles.conf index e7137d87..ead4ff67 100644 --- a/etc/nginx/includes/rules_staticfiles.conf +++ b/etc/nginx/includes/rules_staticfiles.conf @@ -3,6 +3,8 @@ # Header setting for favicon. location ~* favicon.ico { + add_header Pragma "public"; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; access_log off; log_not_found off; expires 30d; @@ -10,6 +12,8 @@ location ~* favicon.ico { # Header setting for robots.txt. location ~* robots.txt { + add_header Pragma "public"; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; access_log off; log_not_found off; expires 30d; diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf index 3870d261..b7860ff1 100644 --- a/etc/nginx/nginx.conf +++ b/etc/nginx/nginx.conf @@ -74,9 +74,9 @@ http { # Connection tuning. reset_timedout_connection on; - client_body_timeout 10s; - client_header_timeout 10s; - send_timeout 2s; + client_body_timeout 30s; + client_header_timeout 30s; + send_timeout 10s; keepalive_timeout 60s; keepalive_requests 100000; diff --git a/etc/nginx/proxy_cache b/etc/nginx/proxy_cache index 263f56a2..f7ee7d6a 100644 --- a/etc/nginx/proxy_cache +++ b/etc/nginx/proxy_cache @@ -1,13 +1,13 @@ ## Include this file if you want to use Nginx as transparent proxy cache # Designed to be included in /etc/nginx/nginx.conf http{} block -proxy_cache_path /var/cache/nginx/proxy_cache levels=1:2 keys_zone=PROXYCACHE:100m max_size=1g inactive=60m use_temp_path=off; +proxy_cache_path /var/cache/nginx/proxy_cache levels=1:2 keys_zone=PROXYCACHE:100m max_size=10g inactive=60m use_temp_path=off; # use stale cache on backend fault proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; # Ignore header -proxy_ignore_headers Expires Cache-Control; +proxy_ignore_headers Cache-Control Expires Set-Cookie X-Accel-Expires; # Header status add_header X-Cache-Status $upstream_cache_status; diff --git a/etc/nginx/sites-available/default b/etc/nginx/sites-available/default index ae73cb9a..ba6913b8 100644 --- a/etc/nginx/sites-available/default +++ b/etc/nginx/sites-available/default @@ -6,12 +6,13 @@ server { server_name localhost.localdomain; - #include /etc/nginx/includes/ssl.conf; + ## SSL configuration. #ssl_certificate /etc/letsencrypt/live/localhost.localdomain/fullchain.pem; #ssl_certificate_key /etc/letsencrypt/live/localhost.localdomain/privkey.pem; #ssl_trusted_certificate /etc/letsencrypt/live/localhost.localdomain/fullchain.pem; + #include /etc/nginx/includes/ssl.conf; - access_log /var/log/nginx/localhost.access.log combined buffer=32k; + access_log /var/log/nginx/localhost.access.log lp_cache buffer=32k; error_log /var/log/nginx/localhost.error.log error; root /usr/share/nginx/html; @@ -46,6 +47,17 @@ server { log_not_found off; } + location ~ \.php83$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + include /etc/nginx/includes/fastcgi.conf; + # Uncomment to Enable PHP FastCGI cache. + #include /etc/nginx/includes/fastcgi_cache.conf; + fastcgi_pass unix:/run/php/php8.3-fpm.sock; + } + location ~ \.php82$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; @@ -154,7 +166,7 @@ server { index index.php index.html index.htm; # Log Settings. - access_log /var/log/nginx/localhost.access.log combined buffer=32k; + access_log /var/log/nginx/localhost.access.log lp_cache buffer=32k; error_log /var/log/nginx/localhost.error.log error; location /lcp { diff --git a/etc/nginx/sites-available/default-ssl b/etc/nginx/sites-available/default-ssl index 6c69834e..8b51e75a 100644 --- a/etc/nginx/sites-available/default-ssl +++ b/etc/nginx/sites-available/default-ssl @@ -13,7 +13,7 @@ server { ssl_trusted_certificate HOSTNAME_CERT_PATH/fullchain.pem; include /etc/nginx/includes/ssl.conf; - access_log /var/log/nginx/localhost.access.log combined buffer=32k; + access_log /var/log/nginx/localhost.access.log lp_cache buffer=32k; error_log /var/log/nginx/localhost.error.log error; root /usr/share/nginx/html; @@ -48,6 +48,17 @@ server { log_not_found off; } + location ~ \.php83$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + include /etc/nginx/includes/fastcgi.conf; + # Uncomment to Enable PHP FastCGI cache. + #include /etc/nginx/includes/fastcgi_cache.conf; + fastcgi_pass unix:/run/php/php8.3-fpm.sock; + } + location ~ \.php82$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; @@ -163,7 +174,7 @@ server { index index.php index.html index.htm; # Log Settings. - access_log /var/log/nginx/localhost.access.log combined buffer=32k; + access_log /var/log/nginx/localhost.access.log lp_cache buffer=32k; error_log /var/log/nginx/localhost.error.log error; location /lcp { @@ -301,7 +312,7 @@ server { ## Automatically redirect site to HTTPS protocol. location / { - return 301 https://$server_name:443$request_uri; + return 301 https://$server_name$request_uri; } } diff --git a/lib/lemper-account.sh b/lib/lemper-account.sh new file mode 100644 index 00000000..d62340a0 --- /dev/null +++ b/lib/lemper-account.sh @@ -0,0 +1,79 @@ +#!/usr/bin/env bash + +# +-------------------------------------------------------------------------+ +# | LEMPer CLI - System's User Account Generator | +# +-------------------------------------------------------------------------+ +# | Copyright (c) 2014-2024 MasEDI.Net (https://masedi.net/lemper) | +# +-------------------------------------------------------------------------+ +# | This source file is subject to the GNU General Public License | +# | that is bundled with this package in the file LICENSE.md. | +# | | +# | If you did not receive a copy of the license and are unable to | +# | obtain it through the world-wide-web, please send an email | +# | to license@lemper.cloud so we can send you a copy immediately. | +# +-------------------------------------------------------------------------+ +# | Authors: Edi Septriyanto | +# +-------------------------------------------------------------------------+ + +# Create default system account. +function create_account() { + export USERNAME=${1:-"lemper"} + export PASSWORD && \ + PASSWORD=${LEMPER_PASSWORD:-$(openssl rand -base64 64 | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1)} + + echo "Add new system account..." + + if [[ -z $(getent passwd "${USERNAME}") ]]; then + if [[ ${DRYRUN} != true ]]; then + useradd -d "/home/${USERNAME}" -m -s /bin/bash "${USERNAME}" + echo "${USERNAME}:${PASSWORD}" | chpasswd + usermod -aG sudo "${USERNAME}" + + # Create default directories. + mkdir -p "/home/${USERNAME}/webapps" && \ + mkdir -p "/home/${USERNAME}/logs" && \ + mkdir -p "/home/${USERNAME}/logs/nginx" && \ + mkdir -p "/home/${USERNAME}/logs/php" && \ + mkdir -p "/home/${USERNAME}/.lemper" && \ + mkdir -p "/home/${USERNAME}/.ssh" && \ + chmod 700 "/home/${USERNAME}/.ssh" && \ + touch "/home/${USERNAME}/.ssh/authorized_keys" && \ + chmod 600 "/home/${USERNAME}/.ssh/authorized_keys" && \ + chown -hR "${USERNAME}:${USERNAME}" "/home/${USERNAME}" + + # Add account credentials to /srv/.htpasswd. + [ ! -f "/srv/.htpasswd" ] && touch /srv/.htpasswd + + # Protect .htpasswd file. + chmod 0600 /srv/.htpasswd + chown www-data:www-data /srv/.htpasswd + + # Generate password hash. + if [[ -n $(command -v mkpasswd) ]]; then + PASSWORD_HASH=$(mkpasswd --method=sha-256 "${PASSWORD}") + sed -i "/^${USERNAME}:/d" /srv/.htpasswd + echo "${USERNAME}:${PASSWORD_HASH}" >> /srv/.htpasswd + elif [[ -n $(command -v htpasswd) ]]; then + htpasswd -b /srv/.htpasswd "${USERNAME}" "${PASSWORD}" + else + PASSWORD_HASH=$(openssl passwd -1 "${PASSWORD}") + sed -i "/^${USERNAME}:/d" /srv/.htpasswd + echo "${USERNAME}:${PASSWORD_HASH}" >> /srv/.htpasswd + fi + + # Save config. + echo -e "LEMPER_USERNAME=${USERNAME}\nLEMPER_PASSWORD=${PASSWORD}\nLEMPER_ADMIN_EMAIL=${LEMPER_ADMIN_EMAIL}" + + # Save data to log file. + echo -e "Your default system account information:\nUsername: ${USERNAME}\nPassword: ${PASSWORD}" + + echo "Username ${USERNAME} created." + else + echo "Create ${USERNAME} account in dry mode." + fi + else + echo "Unable to create account, username ${USERNAME} already exists." + fi +} + +create_account "$@" diff --git a/lib/lemper-adduser.sh b/lib/lemper-adduser.sh index 0c528b2a..b8429da5 100755 --- a/lib/lemper-adduser.sh +++ b/lib/lemper-adduser.sh @@ -1,9 +1,9 @@ #!/usr/bin/env bash # +-------------------------------------------------------------------------+ -# | Lemper Create - Simple LEMP Virtual Host Creator | +# | LEMPer CLI - Adduser Wrapper | # +-------------------------------------------------------------------------+ -# | Copyright (c) 2014-2022 MasEDI.Net (https://masedi.net/lemper) | +# | Copyright (c) 2014-2024 MasEDI.Net (https://masedi.net/lemper) | # +-------------------------------------------------------------------------+ # | This source file is subject to the GNU General Public License | # | that is bundled with this package in the file LICENSE.md. | diff --git a/lib/lemper-app.sh b/lib/lemper-app.sh deleted file mode 100644 index e69de29b..00000000 diff --git a/lib/lemper-bench.sh b/lib/lemper-bench.sh index 5bfdb286..4d2a7758 100755 --- a/lib/lemper-bench.sh +++ b/lib/lemper-bench.sh @@ -1,4 +1,19 @@ -#!/bin/bash +#!/usr/bin/env bash + +# +-------------------------------------------------------------------------+ +# | LEMPer CLI - Simple Hardware & Network Benhcmark | +# +-------------------------------------------------------------------------+ +# | Copyright (c) 2014-2024 MasEDI.Net (https://masedi.net/lemper) | +# +-------------------------------------------------------------------------+ +# | This source file is subject to the GNU General Public License | +# | that is bundled with this package in the file LICENSE.md. | +# | | +# | If you did not receive a copy of the license and are unable to | +# | obtain it through the world-wide-web, please send an email | +# | to license@lemper.cloud so we can send you a copy immediately. | +# +-------------------------------------------------------------------------+ +# | Authors: Edi Septriyanto | +# +-------------------------------------------------------------------------+ # Hardware benchmark. echo "### Hardware Informations ###" diff --git a/lib/lemper-create.sh b/lib/lemper-create.sh index 87b83bcc..fb8afbaf 100755 --- a/lib/lemper-create.sh +++ b/lib/lemper-create.sh @@ -1,9 +1,9 @@ #!/usr/bin/env bash # +-------------------------------------------------------------------------+ -# | Lemper Create - Simple LEMP Virtual Host Creator | +# | LEMPer CLI - Virtual Host (Site) Generator | # +-------------------------------------------------------------------------+ -# | Copyright (c) 2014-2022 MasEDI.Net (https://masedi.net/lemper) | +# | Copyright (c) 2014-2024 MasEDI.Net (https://masedi.net/lemper) | # +-------------------------------------------------------------------------+ # | This source file is subject to the GNU General Public License | # | that is bundled with this package in the file LICENSE.md. | @@ -131,7 +131,7 @@ server { #include /etc/nginx/includes/ssl.conf; ## Log Settings. - access_log /home/${USERNAME}/logs/nginx/access_log combined buffer=32k; + access_log /home/${USERNAME}/logs/nginx/access_log lp_cache buffer=32k; error_log /home/${USERNAME}/logs/nginx/error_log error; ## Virtual host root directory. @@ -251,7 +251,7 @@ server { #include /etc/nginx/includes/ssl.conf; ## Log Settings. - access_log /home/${USERNAME}/logs/nginx/access_log combined buffer=32k; + access_log /home/${USERNAME}/logs/nginx/access_log lp_cache buffer=32k; error_log /home/${USERNAME}/logs/nginx/error_log error; ## Virtual host root directory. @@ -365,7 +365,7 @@ server { #include /etc/nginx/includes/ssl.conf; ## Log Settings. - access_log /home/${USERNAME}/logs/nginx/access_log combined buffer=32k; + access_log /home/${USERNAME}/logs/nginx/access_log lp_cache buffer=32k; error_log /home/${USERNAME}/logs/nginx/error_log error; ## Virtual host root directory. @@ -480,7 +480,7 @@ server { #include /etc/nginx/includes/ssl.conf; ## Log Settings. - access_log /home/${USERNAME}/logs/nginx/access_log combined buffer=32k; + access_log /home/${USERNAME}/logs/nginx/access_log lp_cache buffer=32k; error_log /home/${USERNAME}/logs/nginx/error_log error; ## Virtual host root directory. @@ -1638,9 +1638,10 @@ EOL # Enable HTTPS. if [[ ${ENABLE_SSL} == true ]]; then - echo "" - echo "You can enable HTTPS from lemper-cli after this setup!" - echo "command: lemper-cli manage --enable-ssl ${SERVERNAME}" + echo "Enable HTTPS protocol utilizing Let's Encrypt SSL for ${SERVERNAME}..." + #echo "You can enable HTTPS from lemper-cli after this setup!" + #echo "command: lemper-cli site mod --enable-ssl ${SERVERNAME}" + run lemper-cli site mod --enable-ssl "${SERVERNAME}" fi # WordPress MS notice. diff --git a/lib/lemper-db.sh b/lib/lemper-db.sh index ee187bb8..9b5c1185 100755 --- a/lib/lemper-db.sh +++ b/lib/lemper-db.sh @@ -1,9 +1,9 @@ #!/usr/bin/env bash # +-------------------------------------------------------------------------+ -# | Lemper DB - Simple LEMP Database Manager | +# | LEMPer CLI - MySQL / MariDB Database Manager | # +-------------------------------------------------------------------------+ -# | Copyright (c) 2014-2022 MasEDI.Net (https://masedi.net/lemper) | +# | Copyright (c) 2014-2024 MasEDI.Net (https://masedi.net/lemper) | # +-------------------------------------------------------------------------+ # | This source file is subject to the GNU General Public License | # | that is bundled with this package in the file LICENSE.md. | @@ -78,6 +78,7 @@ These are common ${CMD_PARENT} ${CMD_NAME} subcommands used in various situation drop Deletes the database. export Exports a database to a file or to STDOUT. import Imports a database from a file or from STDIN. + list An aliases of databases sub command. optimize Optimizes the database. query Executes a SQL query against the database. repair Repairs the database. @@ -209,6 +210,10 @@ function cmd_show() { cmd_databases "$@" } +function cmd_list() { + cmd_databases "$@" +} + function cmd_size() { echo "Displays the database name and size." db_ops "--action=size" "$@" @@ -263,22 +268,22 @@ EOL # Grant access privileges. function cmd_account_access() { - if [ -z "${DBUSER}" ]; then + if [[ -z "${DBUSER}" ]]; then fail "Please specify the account's username using --dbuser parameter." fi - if [ -z "${DBNAME}" ]; then + if [[ -z "${DBNAME}" ]]; then fail "Please specify the database name using --dbname parameter." fi - if [ -z "${DBPRIVILEGES}" ]; then + if [[ -z "${DBPRIVILEGES}" ]]; then DBPRIVILEGES="ALL PRIVILEGES" fi #if [ -d "/var/lib/mysql/${DBNAME}" ]; then - if mysql -u root -p"${MYSQL_ROOT_PASSWORD}" -e "SHOW DATABASES;" | grep -qwE "${DBNAME}"; then + if "${MYSQLCLI}" -u root -p"${MYSQL_ROOT_PASSWORD}" -e "SHOW DATABASES;" | grep -qwE "${DBNAME}"; then echo "Grants database '${DBNAME}' privileges to '${DBUSER}'@'${DBHOST}'" - run mysql -u root -p"${MYSQL_ROOT_PASSWORD}" -e "GRANT ${DBPRIVILEGES} ON ${DBNAME}.* TO '${DBUSER}'@'${DBHOST}'; FLUSH PRIVILEGES;" + run "${MYSQLCLI}" -u root -p"${MYSQL_ROOT_PASSWORD}" -e "GRANT ${DBPRIVILEGES} ON ${DBNAME}.* TO '${DBUSER}'@'${DBHOST}'; FLUSH PRIVILEGES;" else error "Specified database '${DBNAME}' does not exist." exit 1 @@ -292,15 +297,15 @@ EOL DBPASS=${DBPASS:-"$(openssl rand -base64 64 | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1)"} # Create database account. - if mysql -u root -p"${MYSQL_ROOT_PASSWORD}" -e "SELECT User FROM mysql.user WHERE user='${DBUSER}';" | grep -qwE "${DBUSER}"; then + if "${MYSQLCLI}" -u root -p"${MYSQL_ROOT_PASSWORD}" -e "SELECT User FROM mysql.user WHERE user='${DBUSER}';" | grep -qwE "${DBUSER}"; then error "MySQL account ${DBUSER} is already exist. Please use another one!" exit 1 else echo "Creating new MySQL account '${DBUSER}'@'${DBHOST}' using password ${DBPASS}..." - run mysql -u root -p"${MYSQL_ROOT_PASSWORD}" -e "CREATE USER '${DBUSER}'@'${DBHOST}' IDENTIFIED BY '${DBPASS}';" + run "${MYSQLCLI}" -u root -p"${MYSQL_ROOT_PASSWORD}" -e "CREATE USER '${DBUSER}'@'${DBHOST}' IDENTIFIED BY '${DBPASS}';" - if mysql -u root -p"${MYSQL_ROOT_PASSWORD}" -e "SELECT User FROM mysql.user WHERE user='${DBUSER}';" | grep -qwE "${DBUSER}"; then + if "${MYSQLCLI}" -u root -p"${MYSQL_ROOT_PASSWORD}" -e "SELECT User FROM mysql.user WHERE user='${DBUSER}';" | grep -qwE "${DBUSER}"; then success "MySQL account ${DBUSER} has been created." [[ ${VERBOSE} == true ]] && echo -e "Below the account details:\nUsername: ${DBUSER}\nPassword: ${DBPASS}\nHost: ${DBHOST}" fi @@ -326,7 +331,7 @@ EOL local SQL_QUERY="DROP USER '${DBUSER}'@'${DBHOST}';" if ! "${DRYRUN}"; then - if mysql -u root -p"${MYSQL_ROOT_PASSWORD}" -e "${SQL_QUERY}"; then + if "${MYSQLCLI}" -u root -p"${MYSQL_ROOT_PASSWORD}" -e "${SQL_QUERY}"; then success "The database's account '${DBUSER}'@'${DBHOST}' has been deleted." else error "Unable to delete database account '${DBUSER}'@'${DBHOST}'." @@ -355,7 +360,7 @@ EOL local SQL_QUERY="UPDATE mysql.user SET Password=PASSWORD('${DBPASS2}') WHERE USER='${DBUSER}' AND Host='${DBHOST}';" if ! "${DRYRUN}"; then - if mysql -u root -p"${MYSQL_ROOT_PASSWORD}" -e "${SQL_QUERY}"; then + if "${MYSQLCLI}" -u root -p"${MYSQL_ROOT_PASSWORD}" -e "${SQL_QUERY}"; then success "Password for account '${DBUSER}'@'${DBHOST}' has been updated to '${DBPASS2}'." else error "Unable to update password for '${DBUSER}'@'${DBHOST}'." @@ -389,7 +394,7 @@ EOL error "You are not allowed to rename this account." exit 1 else - if mysql -u root -p"${DBROOT_PASS}" -e "${SQL_QUERY}"; then + if "${MYSQLCLI}" -u root -p"${DBROOT_PASS}" -e "${SQL_QUERY}"; then success "Database account '${DBUSER}'@'${DBHOST}' has been renamed to '${DBUSER2}'@'${DBHOST2}'." else error "Unable to rename database account '${DBUSER}'@'${DBHOST}'." @@ -409,7 +414,7 @@ EOL echo "List all existing database users." - run mysql -u "${DBUSER}" -p"${DBPASS}" -e "SELECT user,host FROM mysql.user;" + run "${MYSQLCLI}" -u "${DBUSER}" -p"${DBPASS}" -e "SELECT user,host FROM mysql.user;" } # Aliases to create. @@ -612,9 +617,13 @@ function db_ops() { done fi - # Ensure mysql command is available before performing database operations. - if [[ -z $(command -v mysql) ]]; then - fail "MySQL is required to perform database operations, but not available on your stack. Please install it first!" + # Ensure mariadb / mysql command is available before performing database operations. + if [[ -n $(command -v mariadb) ]]; then + MYSQLCLI=$(command -v mariadb) + elif [[ -n $(command -v mysql) ]]; then + MYSQLCLI=$(command -v mysql) + else + fail "MariaDB / MySQL is required to perform database operations, but not available on your stack. Please install it first!" fi # Database operations based on supplied action argument. @@ -633,16 +642,16 @@ function db_ops() { # Create database name. echo "Creating new MySQL database '${DBNAME}' grants access to '${DBUSER}'@'${DBHOST}'..." - until ! mysql -u root -p"${DBPASS}" -e "SHOW DATABASES;" | grep -qwE "${DBNAME}"; do + until ! "${MYSQLCLI}" -u root -p"${DBPASS}" -e "SHOW DATABASES;" | grep -qwE "${DBNAME}"; do echo "Database ${DBNAME} already exist, try another one..." DBNAME="${LEMPER_USERNAME}_db$(openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | fold -w 6 | head -n 1)" echo "New auto-generated MySQL database '${DBNAME}'" done local SQL_QUERY="CREATE DATABASE ${DBNAME}; GRANT ALL PRIVILEGES ON ${DBNAME}.* TO '${DBUSER}'@'${DBHOST}'; FLUSH PRIVILEGES;" - run mysql -u root -p"${DBPASS}" -e "${SQL_QUERY}" + run "${MYSQLCLI}" -u root -p"${DBPASS}" -e "${SQL_QUERY}" - if mysql -u root -p"${DBPASS}" -e "SHOW DATABASES LIKE '${DBNAME}';" | grep -qwE "${DBNAME}"; then + if "${MYSQLCLI}" -u root -p"${DBPASS}" -e "SHOW DATABASES LIKE '${DBNAME}';" | grep -qwE "${DBNAME}"; then success "MySQL database '${DBNAME}' has been created." exit 0 else @@ -699,12 +708,12 @@ function db_ops() { [[ "${DBUSER}" = "root" && -z "${DBPASS}" ]] && DBPASS="${MYSQL_ROOT_PASSWORD}" #if [ -d "/var/lib/mysql/${DBNAME}" ]; then - if mysql -u root -p"${DBPASS}" -e "SHOW DATABASES;" | grep -qwE "${DBNAME}"; then + if "${MYSQLCLI}" -u root -p"${DBPASS}" -e "SHOW DATABASES;" | grep -qwE "${DBNAME}"; then echo "Deleting database ${DBNAME}..." - run mysql -u "${DBUSER}" -p"${DBPASS}" -e "DROP DATABASE ${DBNAME};" + run "${MYSQLCLI}" -u "${DBUSER}" -p"${DBPASS}" -e "DROP DATABASE ${DBNAME};" - if ! mysql -u root -p"${DBPASS}" -e "SHOW DATABASES LIKE '${DBNAME}';" | grep -qwE "${DBNAME}"; then + if ! "${MYSQLCLI}" -u root -p"${DBPASS}" -e "SHOW DATABASES LIKE '${DBNAME}';" | grep -qwE "${DBNAME}"; then success "Database '${DBNAME}' has been dropped." else error "Failed deleting database '${DBNAME}'." @@ -730,7 +739,7 @@ function db_ops() { echo "Exporting database ${DBNAME}'s tables..." if [[ -n $(command -v mysqldump) ]]; then - if mysql -u "${DBUSER}" -p"${DBPASS}" -e "SHOW DATABASES;" | grep -qwE "${DBNAME}"; then + if "${MYSQLCLI}" -u "${DBUSER}" -p"${DBPASS}" -e "SHOW DATABASES;" | grep -qwE "${DBNAME}"; then run mysqldump -u "${DBUSER}" -p"${DBPASS}" --databases "${DBNAME}" > "${DBFILE}" [ -f "${DBFILE}" ] && success "database ${DBNAME} exported to ${DBFILE}." else @@ -754,8 +763,8 @@ function db_ops() { if [[ -n "${DBFILE}" && -e "${DBFILE}" ]]; then echo "Importing '${DBNAME}' database's tables..." - if mysql -u "${DBUSER}" -p"${DBPASS}" -e "SHOW DATABASES;" | grep -qwE "${DBNAME}"; then - run mysql -u "${DBUSER}" -p"${DBPASS}" "${DBNAME}" < "${DBFILE}" + if "${MYSQLCLI}" -u "${DBUSER}" -p"${DBPASS}" -e "SHOW DATABASES;" | grep -qwE "${DBNAME}"; then + run "${MYSQLCLI}" -u "${DBUSER}" -p"${DBPASS}" "${DBNAME}" < "${DBFILE}" echo "Database file '${DBFILE}' imported to '${DBNAME}'." else error "Specified database '${DBNAME}' does not exist." @@ -779,7 +788,7 @@ function db_ops() { local SQL_QUERY=${DBQUERY:-""} if ! "${DRYRUN}"; then - if mysql -u "${DBUSER}" -p"${DBPASS}" -D "${DBNAME}" -e "${SQL_QUERY}"; then + if "${MYSQLCLI}" -u "${DBUSER}" -p"${DBPASS}" -D "${DBNAME}" -e "${SQL_QUERY}"; then success "SQL query applied to ${DBNAME} as '${DBUSER}'@'${DBHOST}'." else error "Unable to execute SQL query on ${DBNAME} as '${DBUSER}'@'${DBHOST}'." diff --git a/lib/lemper-fixpermission.sh b/lib/lemper-fixpermission.sh index f42592fb..4cb3cd00 100755 --- a/lib/lemper-fixpermission.sh +++ b/lib/lemper-fixpermission.sh @@ -1,10 +1,19 @@ #!/usr/bin/env bash -# Fix file permission -# Min. Requirement : GNU/Linux Ubuntu 18.04 -# Last Build : 07/07/2024 -# Author : MasEDI.Net (me@masedi.net) -# Since Version : 1.0.0 +# +-------------------------------------------------------------------------+ +# | LEMPer CLI - Fix File & Directory Permission | +# +-------------------------------------------------------------------------+ +# | Copyright (c) 2014-2024 MasEDI.Net (https://masedi.net/lemper) | +# +-------------------------------------------------------------------------+ +# | This source file is subject to the GNU General Public License | +# | that is bundled with this package in the file LICENSE.md. | +# | | +# | If you did not receive a copy of the license and are unable to | +# | obtain it through the world-wide-web, please send an email | +# | to license@lemper.cloud so we can send you a copy immediately. | +# +-------------------------------------------------------------------------+ +# | Authors: Edi Septriyanto | +# +-------------------------------------------------------------------------+ # Make sure only root can access and not direct access. if [[ "$(type -t requires_root)" != "function" ]]; then diff --git a/lib/lemper-manage.sh b/lib/lemper-manage.sh index 7aa84ffb..eea26f4d 100755 --- a/lib/lemper-manage.sh +++ b/lib/lemper-manage.sh @@ -1,9 +1,9 @@ #!/usr/bin/env bash # +-------------------------------------------------------------------------+ -# | Lemper Manage - Simple LEMP Virtual Host Manager | +# | LEMPer CLI - Virtual Host (Site) Manager | # +-------------------------------------------------------------------------+ -# | Copyright (c) 2014-2022 MasEDI.Net (https://masedi.net/lemper) | +# | Copyright (c) 2014-2024 MasEDI.Net (https://masedi.net/lemper) | # +-------------------------------------------------------------------------+ # | This source file is subject to the GNU General Public License | # | that is bundled with this package in the file LICENSE.md. | diff --git a/lib/lemper-sslgen.sh b/lib/lemper-selfssl.sh similarity index 97% rename from lib/lemper-sslgen.sh rename to lib/lemper-selfssl.sh index 2dfca971..0b1aa6b4 100755 --- a/lib/lemper-sslgen.sh +++ b/lib/lemper-selfssl.sh @@ -1,9 +1,9 @@ #!/usr/bin/env bash # +-------------------------------------------------------------------------+ -# | Lemper Manage - Simple LEMP Virtual Host Manager | +# | LEMPer CLI - Self-signed SSL Generator | # +-------------------------------------------------------------------------+ -# | Copyright (c) 2014-2022 MasEDI.Net (https://masedi.net/lemper) | +# | Copyright (c) 2014-2024 MasEDI.Net (https://masedi.net/lemper) | # +-------------------------------------------------------------------------+ # | This source file is subject to the GNU General Public License | # | that is bundled with this package in the file LICENSE.md. | diff --git a/lib/lemper-site.sh b/lib/lemper-site.sh index 87cbae50..998a39f5 100755 --- a/lib/lemper-site.sh +++ b/lib/lemper-site.sh @@ -1,9 +1,9 @@ #!/usr/bin/env bash # +-------------------------------------------------------------------------+ -# | Lemper Site - Simple LEMPer Stack Site (vhost) Manager | +# | LEMPer CLI - Virtual Host (Site) Wrapper | # +-------------------------------------------------------------------------+ -# | Copyright (c) 2014-2022 MasEDI.Net (https://masedi.net/lemper) | +# | Copyright (c) 2014-2024 MasEDI.Net (https://masedi.net/lemper) | # +-------------------------------------------------------------------------+ # | This source file is subject to the GNU General Public License | # | that is bundled with this package in the file LICENSE.md. | diff --git a/scripts/build_nginx.sh b/scripts/build_nginx.sh index 1e47f3ce..6e48bba4 100755 --- a/scripts/build_nginx.sh +++ b/scripts/build_nginx.sh @@ -768,7 +768,12 @@ function build_ngx_pagespeed() { fi run cd "$nginx_dir" - configure=("$configure_location/configure" "${configure_args[@]}") + if [[ ${configure_args[@]} ]]; then + configure=("$configure_location/configure" "${configure_args[@]}") + else + configure=("$configure_location/configure") + fi + additional_configure_args="" if [ -z "${ADDITIONAL_NGINX_CONFIGURE_ARGUMENTS+x}" ]; then if ! "$ASSUME_YES"; then @@ -779,13 +784,13 @@ function build_ngx_pagespeed() { read -p "> " additional_configure_args fi else - additional_configure_args="$ADDITIONAL_NGINX_CONFIGURE_ARGUMENTS" + additional_configure_args="${ADDITIONAL_NGINX_CONFIGURE_ARGUMENTS}" fi if [ -n "$additional_configure_args" ]; then # Split additional_configure_args respecting any internal quotation. # Otherwise things like --with-cc-opt='-foo -bar' won't work. - eval additional_configure_args=("${additional_configure_args}") + eval additional_configure_args=(${additional_configure_args}) configure=("${configure[@]}" "${additional_configure_args[@]}") fi diff --git a/scripts/install_certbotle.sh b/scripts/install_certbotle.sh index 642137c2..550132d1 100755 --- a/scripts/install_certbotle.sh +++ b/scripts/install_certbotle.sh @@ -70,7 +70,7 @@ function init_certbotle_install() { # Add Certbot auto renew command to cronjob. if [[ "${DRYRUN}" != true ]]; then export EDITOR=nano - CRONCMD='0 */6 * * * /usr/bin/certbot renew --quiet --pre-hook "/usr/sbin/service nginx stop" --post-hook "/usr/sbin/service nginx start"' + CRONCMD='0 */6 * * * /usr/bin/certbot renew --quiet --renew-hook "/usr/sbin/service nginx reload -s"' touch lemper.cron crontab -u root lemper.cron crontab -l > lemper.cron diff --git a/scripts/install_dependencies.sh b/scripts/install_dependencies.sh index f0cd6f64..215c0aa3 100755 --- a/scripts/install_dependencies.sh +++ b/scripts/install_dependencies.sh @@ -45,7 +45,7 @@ run apt-get install -q -y \ libcurl4-openssl-dev libgpgme11-dev libssl-dev libpcre3-dev libxml2-dev libxslt1-dev \ libtool locales logrotate lsb-release make net-tools openssh-server openssl pkg-config \ re2c rsync software-properties-common sasl2-bin snap snmp sudo sysstat tar tzdata unzip wget \ - whois xz-utils zlib1g-dev geoip-bin geoip-database gettext libgeoip-dev libpthread-stubs0-dev uuid-dev + whois xz-utils zlib1g-dev geoip-bin geoip-database gettext gettext-base libgeoip-dev libpthread-stubs0-dev uuid-dev if [[ ! -d /root/.gnupg ]]; then run mkdir /root/.gnupg diff --git a/scripts/install_fail2ban.sh b/scripts/install_fail2ban.sh index 7aa3775d..3681044a 100755 --- a/scripts/install_fail2ban.sh +++ b/scripts/install_fail2ban.sh @@ -58,7 +58,7 @@ function init_fail2ban_install() { 2 | "source") echo "Installing Fail2ban from source..." - FAIL2BAN_VERSION=${FAIL2BAN_VERSION:-"1.0.2"} + FAIL2BAN_VERSION=${FAIL2BAN_VERSION:-"1.1.0"} if [[ "${FAIL2BAN_VERSION}" == "latest" ]]; then FAIL2BAN_VERSION="master" diff --git a/scripts/install_mariadb.sh b/scripts/install_mariadb.sh index eb9c20aa..535b2074 100755 --- a/scripts/install_mariadb.sh +++ b/scripts/install_mariadb.sh @@ -122,12 +122,18 @@ function init_mariadb_install() { run chmod ugo+x /etc/mysql/debian-start fi - # Init script. + # MySQL init script. if [[ ! -f /etc/init.d/mysql ]]; then run cp etc/init.d/mysql /etc/init.d/ run chmod ugo+x /etc/init.d/mysql fi + # MariaDB init script. + if [[ ! -f /etc/init.d/mariadb ]]; then + run cp etc/init.d/mariadb /etc/init.d/ + run chmod ugo+x /etc/init.d/mariadb + fi + # Systemd script. [[ ! -f /lib/systemd/system/mariadb.service ]] && \ run cp etc/systemd/mariadb.service /lib/systemd/system/ @@ -142,9 +148,14 @@ function init_mariadb_install() { run ln -sf /lib/systemd/system/mariadb.service /etc/systemd/system/mysql.service # Install default table. - if [[ -n $(command -v mysql_install_db) ]]; then + if [[ -n $(command -v mariadb-install-db) ]]; then + run mariadb-install-db && \ + run chown -hR mysql:mysql /var/lib/mysql + elif [[ -n $(command -v mysql_install_db) ]]; then run mysql_install_db && \ run chown -hR mysql:mysql /var/lib/mysql + else + error "Unable to secure MariaDB installation." fi # Trying to reload daemon. @@ -205,10 +216,10 @@ function init_mariadb_install() { done if [[ "${DO_MYSQL_SECURE_INSTALL}" == y* || "${DO_MYSQL_SECURE_INSTALL}" == Y* ]]; then - if [[ -n $(command -v mysql_secure_installation) ]]; then - run mysql_secure_installation - elif [[ -n $(command -v mariadb-secure-installation) ]]; then + if [[ -n $(command -v mariadb-secure-installation) ]]; then run mariadb-secure-installation + elif [[ -n $(command -v mysql_secure_installation) ]]; then + run mysql_secure_installation else error "Unable to secure MariaDB installation." fi diff --git a/scripts/install_nginx.sh b/scripts/install_nginx.sh index ade3c461..04dfb8ea 100755 --- a/scripts/install_nginx.sh +++ b/scripts/install_nginx.sh @@ -17,6 +17,8 @@ if [[ "$(type -t run)" != "function" ]]; then # Make sure only supported distribution can run this installer script. preflight_system_check + + #set -exv -o pipefail fi ## @@ -145,10 +147,10 @@ function init_nginx_install() { case "${SELECTED_INSTALLER}" in 1 | "repo") - if [[ "${SELECTED_REPO}" == "myguard" ]]; then - add_nginx_repo_myguard - else + if [[ "${SELECTED_REPO}" == "ondrej" ]]; then add_nginx_repo_ondrej + else + add_nginx_repo_myguard fi echo "Installing Nginx from ${SELECTED_REPO} repository..." @@ -225,9 +227,9 @@ function init_nginx_install() { echo "Adding ngx-http-lua module..." if [[ "${SELECTED_REPO}" == "myguard" ]]; then - EXTRA_MODULE_PKGS=("${EXTRA_MODULE_PKGS[@]}" "lua-resty" "lua-resty-lrucache" "libnginx-mod-http-lua") + EXTRA_MODULE_PKGS=("${EXTRA_MODULE_PKGS[@]}" "luarocks" "lua-cjson" "lua-resty" "lua-resty-core" "lua-resty-lrucache" "libnginx-mod-http-lua") else - EXTRA_MODULE_PKGS=("${EXTRA_MODULE_PKGS[@]}" "luajit" "libluajit" "libnginx-mod-http-lua") + EXTRA_MODULE_PKGS=("${EXTRA_MODULE_PKGS[@]}" "luajit" "luarocks" "lua-cjson" "lua-resty-core" "lua-resty-lrucache" "libnginx-mod-http-lua") fi fi @@ -256,9 +258,10 @@ function init_nginx_install() { # shellcheck disable=SC2153 if "${NGX_HTTP_NJS}"; then echo "Adding ngx-http-njs module..." - #EXTRA_MODULE_PKGS=("${EXTRA_MODULE_PKGS[@]}" "libnginx-mod-http-njs") if [[ "${SELECTED_REPO}" == "myguard" ]]; then EXTRA_MODULE_PKGS=("${EXTRA_MODULE_PKGS[@]}" "libnginx-mod-http-njs") + else + error "{$SELECTED_REPO} doesn't have libnginx-mod-http-njs module. Skipped..." fi fi @@ -277,9 +280,11 @@ function init_nginx_install() { # Nginx upstream module for the Redis 2.0 protocol. if "${NGX_HTTP_REDIS2}"; then echo "Adding ngx-http-redis module..." - #EXTRA_MODULE_PKGS=("${EXTRA_MODULE_PKGS[@]}" "libnginx-mod-http-redis2") + if [[ "${SELECTED_REPO}" == "myguard" ]]; then EXTRA_MODULE_PKGS=("${EXTRA_MODULE_PKGS[@]}" "libnginx-mod-http-redis2") + else + error "{$SELECTED_REPO} doesn't have libnginx-mod-http-redis2 module. Skipped..." fi fi @@ -298,9 +303,11 @@ function init_nginx_install() { # Nginx virtual host traffic status module if "${NGX_HTTP_VTS}"; then echo "Adding ngx-http-module-vts (VHost traffic status) module..." - #EXTRA_MODULE_PKGS=("${EXTRA_MODULE_PKGS[@]}" "libnginx-mod-http-vts") + if [[ "${SELECTED_REPO}" == "myguard" ]]; then EXTRA_MODULE_PKGS=("${EXTRA_MODULE_PKGS[@]}" "libnginx-mod-http-vhost-traffic-status") + else + error "{$SELECTED_REPO} doesn't have libnginx-mod-http-vhost-traffic-status module. Skipped..." fi fi @@ -325,16 +332,21 @@ function init_nginx_install() { # Nginx mod PageSpeed. if "${NGX_PAGESPEED}"; then echo "Adding ngx-pagespeed module..." - #EXTRA_MODULE_PKGS=("${EXTRA_MODULE_PKGS[@]}" "libnginx-mod-pagespeed") if [[ "${SELECTED_REPO}" == "myguard" ]]; then EXTRA_MODULE_PKGS=("${EXTRA_MODULE_PKGS[@]}" "libnginx-mod-pagespeed") + else + error "{$SELECTED_REPO} doesn't have libnginx-mod-pagespeed module. Skipped..." fi fi # NGINX-based Media Streaming Server. if "${NGX_RTMP}"; then echo "Adding ngx-rtmp (Media Streaming Server) module..." - EXTRA_MODULE_PKGS=("${EXTRA_MODULE_PKGS[@]}" "libnginx-mod-rtmp") + if [[ "${SELECTED_REPO}" == "myguard" ]]; then + EXTRA_MODULE_PKGS=("${EXTRA_MODULE_PKGS[@]}" "libnginx-mod-http-flv-live") + else + EXTRA_MODULE_PKGS=("${EXTRA_MODULE_PKGS[@]}" "libnginx-mod-rtmp") + fi fi # Stream module. @@ -373,49 +385,40 @@ function init_nginx_install() { NGINX_RELEASE_VERSION="${NGINX_VERSION}" fi - # Nginx configure arguments. - NGX_CONFIGURE_ARGS="" - - # Is gcc > 8.x? - #if gcc --version | grep -q "\ [8.]"; then - # NGX_CONFIGURE_ARGS="CFLAGS=\"-Wno-stringop-truncation -Wno-stringop-overflow -Wno-size-of-pointer-memaccess\"" - #fi - - # Additional configure arguments. - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --prefix=/usr/share/nginx \ - --sbin-path=/usr/sbin/nginx \ - --modules-path=/usr/lib/nginx/modules \ - --conf-path=/etc/nginx/nginx.conf \ - --error-log-path=/var/log/nginx/error.log \ - --http-log-path=/var/log/nginx/access.log \ - --pid-path=/run/nginx.pid \ - --lock-path=/var/lock/nginx.lock \ - --user=www-data \ - --group=www-data \ - --with-compat \ - --with-debug \ - --with-file-aio \ - --with-http_addition_module \ - --with-http_auth_request_module \ - --with-http_dav_module \ - --with-http_degradation_module \ - --with-http_flv_module \ - --with-http_gunzip_module \ - --with-http_gzip_static_module \ - --with-http_mp4_module \ - --with-http_random_index_module \ - --with-http_realip_module \ - --with-http_secure_link_module \ - --with-http_slice_module \ - --with-http_ssl_module \ - --with-http_stub_status_module \ - --with-http_sub_module \ - --with-http_v2_module \ - --with-threads" + # Nginx's configure arguments. + NGX_CONFIGURE_ARGS=("--prefix=/usr/share/nginx" + "--sbin-path=/usr/sbin/nginx" + "--modules-path=/usr/lib/nginx/modules" + "--conf-path=/etc/nginx/nginx.conf" + "--error-log-path=/var/log/nginx/error.log" + "--http-log-path=/var/log/nginx/access.log" + "--pid-path=/run/nginx.pid" + "--lock-path=/var/lock/nginx.lock" + "--user=www-data" + "--group=www-data" + "--with-compat" + "--with-debug" + "--with-file-aio" + "--with-http_addition_module" + "--with-http_auth_request_module" + "--with-http_dav_module" + "--with-http_degradation_module" + "--with-http_flv_module" + "--with-http_gunzip_module" + "--with-http_gzip_static_module" + "--with-http_mp4_module" + "--with-http_random_index_module" + "--with-http_realip_module" + "--with-http_secure_link_module" + "--with-http_slice_module" + "--with-http_ssl_module" + "--with-http_stub_status_module" + "--with-http_sub_module" + "--with-http_v2_module" + "--with-threads") # Custom build name. - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} --build=LEMPer" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" "--build=LEMPer") local CURRENT_DIR && \ CURRENT_DIR=$(pwd) @@ -438,12 +441,13 @@ function init_nginx_install() { run wget -O "${NGINX_CUSTOMSSL_VERSION}.tar.gz" "${OPENSSL_SOURCE_URL}" && \ run tar -zxf "${NGINX_CUSTOMSSL_VERSION}.tar.gz" - [[ -d "${BUILD_DIR}/${NGINX_CUSTOMSSL_VERSION}" ]] && \ - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --with-openssl=${BUILD_DIR}/${NGINX_CUSTOMSSL_VERSION} \ - --with-openssl-opt=enable-ec_nistp_64_gcc_128 \ - --with-openssl-opt=no-nextprotoneg \ - --with-openssl-opt=no-weak-ssl-ciphers" + if [[ -d "${BUILD_DIR}/${NGINX_CUSTOMSSL_VERSION}" ]]; then + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--with-openssl=${BUILD_DIR}/${NGINX_CUSTOMSSL_VERSION}" + "--with-openssl-opt=enable-ec_nistp_64_gcc_128" + "--with-openssl-opt=no-nextprotoneg" + "--with-openssl-opt=no-weak-ssl-ciphers") + fi else error "Unable to determine OpenSSL source page." fi @@ -457,9 +461,9 @@ function init_nginx_install() { run tar -zxf "${NGINX_CUSTOMSSL_VERSION}.tar.gz" [[ -d "${BUILD_DIR}/${NGINX_CUSTOMSSL_VERSION}" ]] && \ - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --with-openssl=${BUILD_DIR}/${NGINX_CUSTOMSSL_VERSION} \ - --with-openssl-opt=no-weak-ssl-ciphers" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--with-openssl=${BUILD_DIR}/${NGINX_CUSTOMSSL_VERSION}" + "--with-openssl-opt=no-weak-ssl-ciphers") else error "Unable to determine LibreSSL source page." fi @@ -527,9 +531,9 @@ function init_nginx_install() { # Back to extra module dir. run cd "${EXTRA_MODULE_DIR}" || return 1 - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --with-cc-opt=\"-I${BUILD_DIR}/${NGINX_CUSTOMSSL_VERSION}/.openssl/include\" \ - --with-ld-opt=\"-L${BUILD_DIR}/${NGINX_CUSTOMSSL_VERSION}/.openssl/lib\"" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--with-cc-opt=\"-I${BUILD_DIR}/${NGINX_CUSTOMSSL_VERSION}/.openssl/include\"" + "--with-ld-opt=\"-L${BUILD_DIR}/${NGINX_CUSTOMSSL_VERSION}/.openssl/lib\"") else info "Unable to determine BoringSSL source page." fi @@ -552,7 +556,7 @@ function init_nginx_install() { run tar -zxf "${NGINX_PCRE_VERSION}.tar.gz" if [ -d "${BUILD_DIR}/${NGINX_PCRE_VERSION}" ]; then - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} --with-pcre=${BUILD_DIR}/${NGINX_PCRE_VERSION} --with-pcre-jit" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" "--with-pcre=${BUILD_DIR}/${NGINX_PCRE_VERSION}" "--with-pcre-jit") fi else error "Unable to determine PCRE JIT ${NGINX_PCRE_VERSION} source." @@ -575,14 +579,20 @@ function init_nginx_install() { if "${NGX_HTTP_AUTH_PAM}"; then echo "Adding ngx-http-auth-pam module..." - run git clone --branch="master" --single-branch https://github.com/sto/ngx_http_auth_pam_module.git + if [[ -d ngx_http_auth_pam_module ]]; then + run cd ngx_http_auth_pam_module && \ + run git pull && \ + run cd "${EXTRA_MODULE_DIR}" || return 1 + else + run git clone --branch="master" --single-branch https://github.com/sto/ngx_http_auth_pam_module.git + fi if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-dynamic-module=${EXTRA_MODULE_DIR}/ngx_http_auth_pam_module" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-dynamic-module=${EXTRA_MODULE_DIR}/ngx_http_auth_pam_module") else - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-module=${EXTRA_MODULE_DIR}/ngx_http_auth_pam_module" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-module=${EXTRA_MODULE_DIR}/ngx_http_auth_pam_module") fi # Requires libpam-dev @@ -595,18 +605,26 @@ function init_nginx_install() { if "${NGX_HTTP_BROTLI}"; then echo "Adding ngx-http-brotli module..." - run git clone https://github.com/google/ngx_brotli.git && \ - run cd ngx_brotli && \ - run git checkout master -q && \ - run git submodule update --init -q && \ - run cd ../ || return 1 + if [[ -d ngx_brotli ]]; then + run cd ngx_brotli && \ + run git pull && \ + run git checkout master -q && \ + run git submodule update --init -q && \ + run cd "${EXTRA_MODULE_DIR}" || return 1 + else + run git clone https://github.com/google/ngx_brotli.git && \ + run cd ngx_brotli && \ + run git checkout master -q && \ + run git submodule update --init -q && \ + run cd ../ || return 1 + fi if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-dynamic-module=${EXTRA_MODULE_DIR}/ngx_brotli" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-dynamic-module=${EXTRA_MODULE_DIR}/ngx_brotli") else - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-module=${EXTRA_MODULE_DIR}/ngx_brotli" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-module=${EXTRA_MODULE_DIR}/ngx_brotli") fi fi @@ -614,15 +632,20 @@ function init_nginx_install() { if "${NGX_HTTP_CACHE_PURGE}"; then echo "Adding ngx-http-cache-purge module..." - run git clone --branch="master" --single-branch https://github.com/nginx-modules/ngx_cache_purge.git - #run git clone https://github.com/joglomedia/ngx_cache_purge.git + if [[ -d ngx_cache_purge ]]; then + run cd ngx_cache_purge && \ + run git pull && \ + run cd "${EXTRA_MODULE_DIR}" || return 1 + else + run git clone --branch="master" --single-branch https://github.com/nginx-modules/ngx_cache_purge.git + fi if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-dynamic-module=${EXTRA_MODULE_DIR}/ngx_cache_purge" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-dynamic-module=${EXTRA_MODULE_DIR}/ngx_cache_purge") else - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-module=${EXTRA_MODULE_DIR}/ngx_cache_purge" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-module=${EXTRA_MODULE_DIR}/ngx_cache_purge") fi fi @@ -630,14 +653,20 @@ function init_nginx_install() { if "${NGX_HTTP_DAV_EXT}"; then echo "Adding ngx-http-dav-ext module..." - run git clone --branch="master" --single-branch https://github.com/arut/nginx-dav-ext-module.git + if [[ -d nginx-dav-ext-module ]]; then + run cd nginx-dav-ext-module && \ + run git pull && \ + run cd "${EXTRA_MODULE_DIR}" || return 1 + else + run git clone --branch="master" --single-branch https://github.com/arut/nginx-dav-ext-module.git + fi if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-dynamic-module=${EXTRA_MODULE_DIR}/nginx-dav-ext-module" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-dynamic-module=${EXTRA_MODULE_DIR}/nginx-dav-ext-module") else - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-module=${EXTRA_MODULE_DIR}/nginx-dav-ext-module" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-module=${EXTRA_MODULE_DIR}/nginx-dav-ext-module") fi fi @@ -645,14 +674,20 @@ function init_nginx_install() { if "${NGX_HTTP_ECHO}"; then echo "Adding ngx-http-echo module..." - run git clone --branch="master" --single-branch https://github.com/openresty/echo-nginx-module.git + if [[ -d echo-nginx-module ]]; then + run cd echo-nginx-module && \ + run git pull && \ + run cd "${EXTRA_MODULE_DIR}" || return 1 + else + run git clone --branch="master" --single-branch https://github.com/openresty/echo-nginx-module.git + fi if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-dynamic-module=${EXTRA_MODULE_DIR}/echo-nginx-module" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-dynamic-module=${EXTRA_MODULE_DIR}/echo-nginx-module") else - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-module=${EXTRA_MODULE_DIR}/echo-nginx-module" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-module=${EXTRA_MODULE_DIR}/echo-nginx-module") fi fi @@ -660,14 +695,20 @@ function init_nginx_install() { if "${NGX_HTTP_FANCYINDEX}"; then echo "Adding ngx-http-fancyindex module..." - run git clone --branch="master" --single-branch https://github.com/aperezdc/ngx-fancyindex.git + if [[ -d ngx-fancyindex ]]; then + run cd ngx-fancyindex && \ + run git pull && \ + run cd "${EXTRA_MODULE_DIR}" || return 1 + else + run git clone --branch="master" --single-branch https://github.com/aperezdc/ngx-fancyindex.git + fi if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-dynamic-module=${EXTRA_MODULE_DIR}/ngx-fancyindex" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-dynamic-module=${EXTRA_MODULE_DIR}/ngx-fancyindex") else - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-module=${EXTRA_MODULE_DIR}/ngx-fancyindex" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-module=${EXTRA_MODULE_DIR}/ngx-fancyindex") fi fi @@ -676,11 +717,11 @@ function init_nginx_install() { echo "Adding ngx-http-geoip module..." if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --with-http_geoip_module=dynamic" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--with-http_geoip_module=dynamic") else - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --with-http_geoip_module" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--with-http_geoip_module") fi fi @@ -688,14 +729,20 @@ function init_nginx_install() { if "${NGX_HTTP_GEOIP2}"; then echo "Adding ngx-http-geoip2 module..." - run git clone --branch="master" --single-branch https://github.com/leev/ngx_http_geoip2_module.git + if [[ -d ngx_http_geoip2_module ]]; then + run cd ngx_http_geoip2_module && \ + run git pull && \ + run cd "${EXTRA_MODULE_DIR}" || return 1 + else + run git clone --branch="master" --single-branch https://github.com/leev/ngx_http_geoip2_module.git + fi if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-dynamic-module=${EXTRA_MODULE_DIR}/ngx_http_geoip2_module" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-dynamic-module=${EXTRA_MODULE_DIR}/ngx_http_geoip2_module") else - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-module=${EXTRA_MODULE_DIR}/ngx_http_geoip2_module" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-module=${EXTRA_MODULE_DIR}/ngx_http_geoip2_module") fi # install libmaxminddb @@ -706,11 +753,15 @@ function init_nginx_install() { DISTRIB_NAME=${DISTRIB_NAME:-$(get_distrib_name)} if [[ "${DISTRIB_NAME}" == "ubuntu" ]]; then - run add-apt-repository -y ppa:maxmind/ppa && \ - run apt-get update -q -y && \ - run apt-get install -q -y libmaxminddb0 libmaxminddb-dev mmdb-bin + if dpkg-query -l | awk '/libmaxminddb0/ { print $2 }' | grep -qwE "^libmaxminddb0"; then + echo "MaxMind GeoIP2 library is already installed." + else + run add-apt-repository -y ppa:maxmind/ppa && \ + run apt-get update -q -y && \ + run apt-get install -q -y libmaxminddb0 libmaxminddb-dev mmdb-bin + fi else - if [ ! -d libmaxminddb ]; then + if [[ ! -d libmaxminddb ]]; then run git clone --recursive https://github.com/maxmind/libmaxminddb.git && \ run cd libmaxminddb || return 1 else @@ -729,7 +780,7 @@ function init_nginx_install() { echo "Downloading MaxMind GeoIP2-GeoLite2 database..." - if [ -d geoip-db ]; then + if [[ -d geoip-db ]]; then run rm -rf geoip-db fi @@ -778,14 +829,20 @@ function init_nginx_install() { if "${NGX_HTTP_HEADERS_MORE}"; then echo "Adding ngx-http-headers-more-filter module..." - run git clone --branch="master" --single-branch https://github.com/openresty/headers-more-nginx-module.git + if [[ -d headers-more-nginx-module ]]; then + run cd headers-more-nginx-module && \ + run git pull && \ + run cd "${EXTRA_MODULE_DIR}" || return 1 + else + run git clone --branch="master" --single-branch https://github.com/openresty/headers-more-nginx-module.git + fi if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-dynamic-module=${EXTRA_MODULE_DIR}/headers-more-nginx-module" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-dynamic-module=${EXTRA_MODULE_DIR}/headers-more-nginx-module") else - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-module=${EXTRA_MODULE_DIR}/headers-more-nginx-module" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-module=${EXTRA_MODULE_DIR}/headers-more-nginx-module") fi fi @@ -794,11 +851,11 @@ function init_nginx_install() { echo "Adding ngx-http-image-filter module..." if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --with-http_image_filter_module=dynamic" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--with-http_image_filter_module=dynamic") else - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --with-http_image_filter_module" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--with-http_image_filter_module") fi fi @@ -818,63 +875,69 @@ function init_nginx_install() { run cd "${BUILD_DIR}" || return 1 - if [ ! -d luajit2 ]; then - run git clone https://github.com/openresty/luajit2.git && \ - run cd luajit2 || return 1 - else + if [[ -d luajit2 ]]; then run cd luajit2 && \ - run git fetch -q --all --tags + run git pull + else + run git clone --branch="${LUA_JIT_VERSION}" --single-branch https://github.com/openresty/luajit2.git && \ + run cd luajit2 || return 1 fi - run git checkout "tags/${LUA_JIT_VERSION}" && \ + #run git checkout "tags/${LUA_JIT_VERSION}" && \ run make -j"${NB_PROC}" && \ - run make install + run make install && \ + run cd "${BUILD_DIR}" || return 1 # Requires lua core library echo "Lua module requires Lua Resty Core library, installing now..." - if [ ! -d lua-resty-core ]; then - run git clone https://github.com/openresty/lua-resty-core.git && \ - run cd lua-resty-core || return 1 - else + if [[ -d lua-resty-core ]]; then run cd lua-resty-core && \ - run git fetch -q --all --tags + run git pull + else + run git clone --branch="${LUA_RESTY_CORE_VERSION}" --single-branch https://github.com/openresty/lua-resty-core.git && \ + run cd lua-resty-core || return 1 fi - run git checkout "tags/${LUA_RESTY_CORE_VERSION}" && \ + #run git checkout "tags/${LUA_RESTY_CORE_VERSION}" && \ run make install && \ - run cd ../ || return 1 + run cd "${BUILD_DIR}" || return 1 # Requires lua lru cache echo "Lua module requires Lua-land LRU Cache library, installing now..." - if [ ! -d lua-resty-lrucache ]; then - run git clone https://github.com/openresty/lua-resty-lrucache.git && \ - run cd lua-resty-lrucache || return 1 - else + if [[ -d lua-resty-lrucache ]]; then run cd lua-resty-lrucache && \ - run git fetch -q --all --tags + run git pull + else + run git clone --branch="${LUA_RESTY_LRUCACHE_VERSION}" --single-branch https://github.com/openresty/lua-resty-lrucache.git && \ + run cd lua-resty-lrucache || return 1 fi - run git checkout "tags/${LUA_RESTY_LRUCACHE_VERSION}" && \ + #run git checkout "tags/${LUA_RESTY_LRUCACHE_VERSION}" && \ run make install && \ run cd "${EXTRA_MODULE_DIR}" || return 1 echo "Configuring Lua Nginx Module..." - export LUAJIT_LIB=/usr/local/lib - export LUAJIT_INC=/usr/local/include/luajit-2.1 - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} --with-ld-opt=\"-Wl,-rpath,/usr/local/lib\"" + export LUAJIT_LIB="/usr/local/lib" + export LUAJIT_INC="/usr/local/include/luajit-2.1" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" "--with-ld-opt=\"-Wl,-rpath,/usr/local/lib\"") - run git clone --branch="${LUA_NGINX_MODULE_VERSION}" --single-branch \ - https://github.com/openresty/lua-nginx-module.git + if [[ -d lua-nginx-module ]]; then + run cd lua-nginx-module && \ + run git pull && \ + run cd "${EXTRA_MODULE_DIR}" || return 1 + else + run git clone --branch="${LUA_NGINX_MODULE_VERSION}" --single-branch https://github.com/openresty/lua-nginx-module.git + fi if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-dynamic-module=${EXTRA_MODULE_DIR}/lua-nginx-module" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-dynamic-module=${EXTRA_MODULE_DIR}/lua-nginx-module") else - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-module=${EXTRA_MODULE_DIR}/lua-nginx-module" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-module=${EXTRA_MODULE_DIR}/lua-nginx-module") fi fi @@ -883,14 +946,20 @@ function init_nginx_install() { if "${NGX_HTTP_MEMCACHED}"; then echo "Adding ngx-http-memcached module..." - run git clone --branch="master" --single-branch https://github.com/openresty/memc-nginx-module.git + if [[ -d memc-nginx-module ]]; then + run cd memc-nginx-module && \ + run git pull && \ + run cd "${EXTRA_MODULE_DIR}" || return 1 + else + run git clone --branch="master" --single-branch https://github.com/openresty/memc-nginx-module.git + fi if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-dynamic-module=${EXTRA_MODULE_DIR}/memc-nginx-module" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-dynamic-module=${EXTRA_MODULE_DIR}/memc-nginx-module") else - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-module=${EXTRA_MODULE_DIR}/memc-nginx-module" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-module=${EXTRA_MODULE_DIR}/memc-nginx-module") fi fi @@ -898,14 +967,20 @@ function init_nginx_install() { if "${NGX_HTTP_NAXSI}"; then echo "Adding ngx-http-naxsi (Web Application Firewall) module..." - run git clone --branch="master" --single-branch https://github.com/nbs-system/naxsi.git + if [[ -d naxsi ]]; then + run cd naxsi && \ + run git pull && \ + run cd "${EXTRA_MODULE_DIR}" || return 1 + else + run git clone --branch="main" --single-branch --recurse-submodules https://github.com/wargio/naxsi.git + fi if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-dynamic-module=${EXTRA_MODULE_DIR}/naxsi/naxsi_src" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-dynamic-module=${EXTRA_MODULE_DIR}/naxsi/naxsi_src") else - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-module=${EXTRA_MODULE_DIR}/naxsi/naxsi_src" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-module=${EXTRA_MODULE_DIR}/naxsi/naxsi_src") fi fi @@ -913,14 +988,20 @@ function init_nginx_install() { if "${NGX_HTTP_NDK}"; then echo "Adding ngx-http-ndk Nginx Devel Kit module..." - run git clone --branch="master" --single-branch https://github.com/vision5/ngx_devel_kit.git + if [[ -d ngx_devel_kit ]]; then + run cd ngx_devel_kit && \ + run git pull && \ + run cd "${EXTRA_MODULE_DIR}" || return 1 + else + run git clone --branch="master" --single-branch https://github.com/vision5/ngx_devel_kit.git + fi if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-dynamic-module=${EXTRA_MODULE_DIR}/ngx_devel_kit" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-dynamic-module=${EXTRA_MODULE_DIR}/ngx_devel_kit") else - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-module=${EXTRA_MODULE_DIR}/ngx_devel_kit" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-module=${EXTRA_MODULE_DIR}/ngx_devel_kit") fi fi @@ -929,14 +1010,20 @@ function init_nginx_install() { if "${NGX_HTTP_NJS}"; then echo "Adding ngx-http-js module..." - run git clone --branch="master" --single-branch https://github.com/nginx/njs.git + if [[ -d njs ]]; then + run cd njs && \ + run git pull && \ + run cd "${EXTRA_MODULE_DIR}" || return 1 + else + run git clone --branch="master" --single-branch https://github.com/nginx/njs.git + fi if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-dynamic-module=${EXTRA_MODULE_DIR}/njs/nginx" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-dynamic-module=${EXTRA_MODULE_DIR}/njs/nginx") else - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-module=${EXTRA_MODULE_DIR}/njs/nginx" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-module=${EXTRA_MODULE_DIR}/njs/nginx") fi fi @@ -946,11 +1033,11 @@ function init_nginx_install() { if [[ -n $(command -v passenger-config) ]]; then if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-dynamic-module=$(passenger-config --nginx-addon-dir)" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-dynamic-module=$(passenger-config --nginx-addon-dir)") else - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-module=$(passenger-config --nginx-addon-dir)" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-module=$(passenger-config --nginx-addon-dir)") fi else error "Passenger module not found, skipped..." @@ -961,14 +1048,20 @@ function init_nginx_install() { if "${NGX_HTTP_REDIS2}"; then echo "Adding ngx-http-redis2 module..." - run git clone --branch="master" --single-branch https://github.com/openresty/redis2-nginx-module.git + if [[ -d redis2-nginx-module ]]; then + run cd redis2-nginx-module && \ + run git pull && \ + run cd "${EXTRA_MODULE_DIR}" || return 1 + else + run git clone --branch="master" --single-branch https://github.com/openresty/redis2-nginx-module.git + fi if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-dynamic-module=${EXTRA_MODULE_DIR}/redis2-nginx-module" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-dynamic-module=${EXTRA_MODULE_DIR}/redis2-nginx-module") else - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-module=${EXTRA_MODULE_DIR}/redis2-nginx-module" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-module=${EXTRA_MODULE_DIR}/redis2-nginx-module") fi fi @@ -976,14 +1069,20 @@ function init_nginx_install() { if "${NGX_HTTP_SUBS_FILTER}"; then echo "Adding ngx-http-subs-filter module..." - run git clone --branch="master" --single-branch https://github.com/yaoweibin/ngx_http_substitutions_filter_module.git + if [[ -d ngx_http_substitutions_filter_module ]]; then + run cd ngx_http_substitutions_filter_module && \ + run git pull && \ + run cd "${EXTRA_MODULE_DIR}" || return 1 + else + run git clone --branch="master" --single-branch https://github.com/yaoweibin/ngx_http_substitutions_filter_module.git + fi if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-dynamic-module=${EXTRA_MODULE_DIR}/ngx_http_substitutions_filter_module" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-dynamic-module=${EXTRA_MODULE_DIR}/ngx_http_substitutions_filter_module") else - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-module=${EXTRA_MODULE_DIR}/ngx_http_substitutions_filter_module" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-module=${EXTRA_MODULE_DIR}/ngx_http_substitutions_filter_module") fi fi @@ -991,23 +1090,36 @@ function init_nginx_install() { if "${NGX_HTTP_UPSTREAM_FAIR}"; then echo "Adding ngx-http-nginx-upstream-fair module..." - #run git clone https://github.com/gnosek/nginx-upstream-fair.git - run git clone --branch="lemper" https://github.com/joglomedia/nginx-upstream-fair + if [[ -d nginx-upstream-fair ]]; then + run cd nginx-upstream-fair && \ + run git pull && \ + run cd "${EXTRA_MODULE_DIR}" || return 1 + else + #run git clone --branch="master" --single-branch https://github.com/gnosek/nginx-upstream-fair.git + run git clone --branch="lemper" --single-branch https://github.com/joglomedia/nginx-upstream-fair.git - echo "Patch nginx-upstream-fair module with tengine-patches..." - run git clone --branch="master" --single-branch https://github.com/alibaba/tengine-patches.git + echo "Patch nginx-upstream-fair module with tengine-patches..." - run cd nginx-upstream-fair && \ - run bash -c "patch -p1 < '${EXTRA_MODULE_DIR}/tengine-patches/nginx-upstream-fair/upstream-fair-upstream-check.patch'" - run cd "${EXTRA_MODULE_DIR}" || return 1 + if [[ -d tengine-patches ]]; then + run cd tengine-patches && \ + run git pull && \ + run cd "${EXTRA_MODULE_DIR}" || return 1 + else + run git clone --branch="master" --single-branch https://github.com/alibaba-archive/tengine-patches.git + fi + + run cd "${EXTRA_MODULE_DIR}/nginx-upstream-fair" && \ + run bash -c "patch -p1 < '${EXTRA_MODULE_DIR}/tengine-patches/nginx-upstream-fair/upstream-fair-upstream-check.patch'" && \ + run cd "${EXTRA_MODULE_DIR}" || return 1 + fi if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then # Dynamic module not supported yet (testing lemper branch) - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-dynamic-module=${EXTRA_MODULE_DIR}/nginx-upstream-fair" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-dynamic-module=${EXTRA_MODULE_DIR}/nginx-upstream-fair") else - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-module=${EXTRA_MODULE_DIR}/nginx-upstream-fair" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-module=${EXTRA_MODULE_DIR}/nginx-upstream-fair") fi fi @@ -1015,14 +1127,20 @@ function init_nginx_install() { if "${NGX_HTTP_VTS}"; then echo "Add ngxx-http-module-vts (VHost traffic status) module..." - run git clone --branch="master" --single-branch https://github.com/vozlt/nginx-module-vts.git + if [[ -d nginx-module-vts ]]; then + run cd nginx-module-vts && \ + run git pull && \ + run cd "${EXTRA_MODULE_DIR}" || return 1 + else + run git clone --branch="master" --single-branch https://github.com/vozlt/nginx-module-vts.git + fi if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-dynamic-module=${EXTRA_MODULE_DIR}/nginx-module-vts" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-dynamic-module=${EXTRA_MODULE_DIR}/nginx-module-vts") else - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-module=${EXTRA_MODULE_DIR}/nginx-module-vts" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-module=${EXTRA_MODULE_DIR}/nginx-module-vts") fi fi @@ -1031,11 +1149,11 @@ function init_nginx_install() { echo "Adding ngx-http-xslt-filter module..." if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --with-http_xslt_module=dynamic" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--with-http_xslt_module=dynamic") else - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --with-http_xslt_module" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--with-http_xslt_module") fi fi @@ -1044,13 +1162,9 @@ function init_nginx_install() { echo "Adding ngx-mail module..." if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --with-mail=dynamic \ - --with-mail_ssl_module" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" "--with-mail=dynamic" "--with-mail_ssl_module") else - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --with-mail \ - --with-mail_ssl_module" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" "--with-mail" "--with-mail_ssl_module") fi fi @@ -1058,14 +1172,20 @@ function init_nginx_install() { if "${NGX_NCHAN}"; then echo "Adding ngx-nchan (Pub/Sub) module..." - run git clone --branch="master" --single-branch https://github.com/slact/nchan.git + if [[ -d nchan ]]; then + run cd nchan && \ + run git pull && \ + run cd "${EXTRA_MODULE_DIR}" || return 1 + else + run git clone --branch="master" --single-branch https://github.com/slact/nchan.git + fi if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-dynamic-module=${EXTRA_MODULE_DIR}/nchan" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-dynamic-module=${EXTRA_MODULE_DIR}/nchan") else - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-module=${EXTRA_MODULE_DIR}/nchan" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-module=${EXTRA_MODULE_DIR}/nchan") fi fi @@ -1073,14 +1193,22 @@ function init_nginx_install() { if "${NGX_RTMP}"; then echo "Adding ngx-rtmp (Media Streaming Server) module..." - run git clone --branch="master" --single-branch https://github.com/arut/nginx-rtmp-module.git + if [[ -d nginx-http-flv-module ]]; then + run cd nginx-http-flv-module && \ + run git pull && \ + run cd "${EXTRA_MODULE_DIR}" || return 1 + else + #run git clone --branch="master" --single-branch https://github.com/arut/nginx-rtmp-module.git + # Move to enhanced features nginx-http-flv-module + run git clone --branch="master" --single-branch https://github.com/winshining/nginx-http-flv-module.git + fi if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-dynamic-module=${EXTRA_MODULE_DIR}/nginx-rtmp-module" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-dynamic-module=${EXTRA_MODULE_DIR}/nginx-http-flv-module") else - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-module=${EXTRA_MODULE_DIR}/nginx-rtmp-module" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-module=${EXTRA_MODULE_DIR}/nginx-http-flv-module") fi fi @@ -1089,32 +1217,40 @@ function init_nginx_install() { echo "Adding ngx-stream module..." if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --with-stream=dynamic \ - --with-stream_geoip_module=dynamic \ - --with-stream_realip_module \ - --with-stream_ssl_module \ - --with-stream_ssl_preread_module" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--with-stream=dynamic" + "--with-stream_geoip_module=dynamic" + "--with-stream_realip_module" + "--with-stream_ssl_module" + "--with-stream_ssl_preread_module") else - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --with-stream \ - --with-stream_geoip_module \ - --with-stream_realip_module \ - --with-stream_ssl_module \ - --with-stream_ssl_preread_module" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--with-stream" + "--with-stream_geoip_module" + "--with-stream_realip_module" + "--with-stream_ssl_module" + "--with-stream_ssl_preread_module") fi if "${NGX_HTTP_LUA}"; then - echo "Adding ngx-stream-lua module..." + echo "Adding stream-lua-nginx-module module..." - run git clone --branch="master" --single-branch https://github.com/openresty/stream-lua-nginx-module.git + if [[ -d stream-lua-nginx-module ]]; then + run cd stream-lua-nginx-module && \ + run git pull && \ + run cd "${EXTRA_MODULE_DIR}" || return 1 + else + # Get available branch (tag version) here https://github.com/openresty/stream-lua-nginx-module/tags + run git clone --branch="${LUA_NGINX_STREAM_MODULE_VERSION}" --single-branch \ + https://github.com/openresty/stream-lua-nginx-module.git + fi if [[ "${NGINX_DYNAMIC_MODULE}" == true ]]; then - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-dynamic-module=${EXTRA_MODULE_DIR}/stream-lua-nginx-module" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-dynamic-module=${EXTRA_MODULE_DIR}/stream-lua-nginx-module") else - NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \ - --add-module=${EXTRA_MODULE_DIR}/stream-lua-nginx-module" + NGX_CONFIGURE_ARGS=("${NGX_CONFIGURE_ARGS[@]}" + "--add-module=${EXTRA_MODULE_DIR}/stream-lua-nginx-module") fi fi fi @@ -1125,8 +1261,6 @@ function init_nginx_install() { # Build nginx from source installer. echo -e "\nBuilding Nginx from source..." - NGX_BUILD_URL="https://raw.githubusercontent.com/apache/incubator-pagespeed-ngx/master/scripts/build_ngx_pagespeed.sh" - if [[ -f "${BUILD_DIR}/build_nginx.sh" ]]; then echo "Using cached build_nginx script..." else @@ -1136,6 +1270,8 @@ function init_nginx_install() { else echo "Downloading build_nginx script..." + NGX_BUILD_URL="https://raw.githubusercontent.com/apache/incubator-pagespeed-ngx/master/scripts/build_ngx_pagespeed.sh" + if curl -sLI "${NGX_BUILD_URL}" | grep -q "HTTP/[.12]* [2].."; then run curl -sS -o "${BUILD_DIR}/build_nginx.sh" "${NGX_BUILD_URL}" else @@ -1171,18 +1307,18 @@ function init_nginx_install() { # Build Nginx from source. run bash "${BUILD_DIR}/build_nginx.sh" -y "${NGX_BUILD_EXTRA_ARGS[@]}" -b "${BUILD_DIR}" \ --ngx-pagespeed-version="${NGX_PAGESPEED_VERSION}" \ - --nginx-version="${NGINX_RELEASE_VERSION}" --additional-nginx-configure-arguments="${NGX_CONFIGURE_ARGS}" + --nginx-version="${NGINX_RELEASE_VERSION}" --additional-nginx-configure-arguments="${NGX_CONFIGURE_ARGS[*]}" echo "Configuring Nginx extra modules..." # Create Nginx modules directory. - if [ ! -d /etc/nginx/modules-available ]; then + if [[ ! -d /etc/nginx/modules-available ]]; then run mkdir -p /etc/nginx/modules-available run chmod 755 /etc/nginx/modules-available fi - if [ ! -d /etc/nginx/modules-enabled ]; then + if [[ ! -d /etc/nginx/modules-enabled ]]; then run mkdir -p /etc/nginx/modules-enabled run chmod 755 /etc/nginx/modules-enabled fi @@ -1202,15 +1338,15 @@ function init_nginx_install() { fi if [[ -f /usr/lib/nginx/modules/ngx_http_brotli_filter_module.so && \ - ! -f /etc/nginx/modules-available/mod-http-brotli-filter.conf ]]; then + ! -f /etc/nginx/modules-available/mod-http-brotli.conf ]]; then run bash -c "echo 'load_module \"/usr/lib/nginx/modules/ngx_http_brotli_filter_module.so\";' \ - > /etc/nginx/modules-available/mod-http-brotli-filter.conf" + > /etc/nginx/modules-available/mod-http-brotli.conf" fi if [[ -f /usr/lib/nginx/modules/ngx_http_brotli_static_module.so && \ - ! -f /etc/nginx/modules-available/mod-http-brotli.conf ]]; then + -f /etc/nginx/modules-available/mod-http-brotli.conf ]]; then run bash -c "echo 'load_module \"/usr/lib/nginx/modules/ngx_http_brotli_static_module.so\";' \ - > /etc/nginx/modules-available/mod-http-brotli.conf" + >> /etc/nginx/modules-available/mod-http-brotli.conf" fi if [[ -f /usr/lib/nginx/modules/ngx_http_cache_purge_module.so && \ @@ -1339,9 +1475,15 @@ function init_nginx_install() { > /etc/nginx/modules-available/mod-pagespeed.conf" fi - if [[ -f /usr/lib/nginx/modules/ngx_rtmp_module.so && \ + #if [[ -f /usr/lib/nginx/modules/ngx_rtmp_module.so && \ + # ! -f /etc/nginx/modules-available/mod-rtmp.conf ]]; then + # run bash -c "echo 'load_module \"/usr/lib/nginx/modules/ngx_rtmp_module.so\";' \ + # > /etc/nginx/modules-available/mod-rtmp.conf" + #fi + + if [[ -f /usr/lib/nginx/modules/ngx_http_flv_live_module.so && \ ! -f /etc/nginx/modules-available/mod-rtmp.conf ]]; then - run bash -c "echo 'load_module \"/usr/lib/nginx/modules/ngx_rtmp_module.so\";' \ + run bash -c "echo 'load_module \"/usr/lib/nginx/modules/ngx_http_flv_live_module.so\";' \ > /etc/nginx/modules-available/mod-rtmp.conf" fi @@ -1387,11 +1529,11 @@ function init_nginx_install() { /etc/nginx/modules-enabled/50-mod-http-auth-pam.conf fi - if [[ "${NGX_HTTP_BROTLI}" && \ - -f /etc/nginx/modules-available/mod-http-brotli-filter.conf ]]; then - run ln -fs /etc/nginx/modules-available/mod-http-brotli-filter.conf \ - /etc/nginx/modules-enabled/50-mod-http-brotli-filter.conf - fi + #if [[ "${NGX_HTTP_BROTLI}" && \ + # -f /etc/nginx/modules-available/mod-http-brotli-filter.conf ]]; then + # run ln -fs /etc/nginx/modules-available/mod-http-brotli-filter.conf \ + # /etc/nginx/modules-enabled/50-mod-http-brotli-filter.conf + #fi if [[ "${NGX_HTTP_BROTLI}" && \ -f /etc/nginx/modules-available/mod-http-brotli.conf ]]; then @@ -1402,7 +1544,7 @@ function init_nginx_install() { if [[ "${NGX_HTTP_CACHE_PURGE}" && \ -f /etc/nginx/modules-available/mod-http-cache-purge.conf ]]; then run ln -fs /etc/nginx/modules-available/mod-http-cache-purge.conf \ - /etc/nginx/modules-enabled/40-mod-http-cache-purge.conf + /etc/nginx/modules-enabled/50-mod-http-cache-purge.conf fi if [[ "${NGX_HTTP_DAV_EXT}" && \ @@ -1426,37 +1568,37 @@ function init_nginx_install() { if [[ "${NGX_HTTP_GEOIP2}" && \ -f /etc/nginx/modules-available/mod-http-geoip2.conf ]]; then run ln -fs /etc/nginx/modules-available/mod-http-geoip2.conf \ - /etc/nginx/modules-enabled/30-mod-http-geoip2.conf + /etc/nginx/modules-enabled/50-mod-http-geoip2.conf fi if [[ "${NGX_HTTP_GEOIP}" && \ -f /etc/nginx/modules-available/mod-http-geoip.conf ]]; then run ln -fs /etc/nginx/modules-available/mod-http-geoip.conf \ - /etc/nginx/modules-enabled/30-mod-http-geoip.conf + /etc/nginx/modules-enabled/50-mod-http-geoip.conf fi if [[ "${NGX_HTTP_HEADERS_MORE}" && \ -f /etc/nginx/modules-available/mod-http-headers-more-filter.conf ]]; then run ln -fs /etc/nginx/modules-available/mod-http-headers-more-filter.conf \ - /etc/nginx/modules-enabled/40-mod-http-headers-more-filter.conf + /etc/nginx/modules-enabled/50-mod-http-headers-more-filter.conf fi if [[ "${NGX_HTTP_IMAGE_FILTER}" && \ -f /etc/nginx/modules-available/mod-http-image-filter.conf ]]; then run ln -fs /etc/nginx/modules-available/mod-http-image-filter.conf \ - /etc/nginx/modules-enabled/40-mod-http-image-filter.conf + /etc/nginx/modules-enabled/50-mod-http-image-filter.conf fi if [[ "${NGX_HTTP_NJS}" && \ -f /etc/nginx/modules-available/mod-http-njs.conf ]]; then run ln -fs /etc/nginx/modules-available/mod-http-njs.conf \ - /etc/nginx/modules-enabled/30-mod-http-njs.conf + /etc/nginx/modules-enabled/40-mod-http-njs.conf fi if [[ "${NGX_HTTP_LUA}" && \ -f /etc/nginx/modules-available/mod-http-lua.conf ]]; then run ln -fs /etc/nginx/modules-available/mod-http-lua.conf \ - /etc/nginx/modules-enabled/30-mod-http-lua.conf + /etc/nginx/modules-enabled/40-mod-http-lua.conf fi if [[ "${NGX_HTTP_MEMCACHED}" && \ @@ -1474,7 +1616,7 @@ function init_nginx_install() { if [[ "${NGX_HTTP_NDK}" && \ -f /etc/nginx/modules-available/mod-http-ndk.conf ]]; then run ln -fs /etc/nginx/modules-available/mod-http-ndk.conf \ - /etc/nginx/modules-enabled/20-mod-http-ndk.conf + /etc/nginx/modules-enabled/15-mod-http-ndk.conf fi if [[ "${NGX_HTTP_PASSENGER}" && \ @@ -1492,25 +1634,25 @@ function init_nginx_install() { if [[ "${NGX_HTTP_SUBS_FILTER}" && \ -f /etc/nginx/modules-available/mod-http-subs-filter.conf ]]; then run ln -fs /etc/nginx/modules-available/mod-http-subs-filter.conf \ - /etc/nginx/modules-enabled/40-mod-http-subs-filter.conf + /etc/nginx/modules-enabled/50-mod-http-subs-filter.conf fi if [[ "${NGX_HTTP_UPSTREAM_FAIR}" && \ -f /etc/nginx/modules-available/mod-http-upstream-fair.conf ]]; then run ln -fs /etc/nginx/modules-available/mod-http-upstream-fair.conf \ - /etc/nginx/modules-enabled/40-mod-http-upstream-fair.conf + /etc/nginx/modules-enabled/50-mod-http-upstream-fair.conf fi if [[ "${NGX_HTTP_VTS}" && \ -f /etc/nginx/modules-available/mod-http-vhost-traffic-status.conf ]]; then run ln -fs /etc/nginx/modules-available/mod-http-vhost-traffic-status.conf \ - /etc/nginx/modules-enabled/40-mod-http-vhost-traffic-status.conf + /etc/nginx/modules-enabled/50-mod-http-vhost-traffic-status.conf fi if [[ "${NGX_HTTP_XSLT_FILTER}" && \ -f /etc/nginx/modules-available/mod-http-xslt-filter.conf ]]; then run ln -fs /etc/nginx/modules-available/mod-http-xslt-filter.conf \ - /etc/nginx/modules-enabled/40-mod-http-xslt-filter.conf + /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf fi if [[ "${NGX_MAIL}" && \ @@ -1537,7 +1679,7 @@ function init_nginx_install() { -f /etc/nginx/modules-available/mod-stream.conf ]]; then # Enable mod-stream if it's not already enabled. run ln -fs /etc/nginx/modules-available/mod-stream.conf \ - /etc/nginx/modules-enabled/20-mod-stream.conf + /etc/nginx/modules-enabled/15-mod-stream.conf if [[ "${NGX_HTTP_GEOIP2}" && \ -f /etc/nginx/modules-available/mod-stream-geoip2.conf ]]; then @@ -1554,7 +1696,7 @@ function init_nginx_install() { if [[ "${NGX_HTTP_NJS}" && \ -f /etc/nginx/modules-available/mod-stream-js.conf ]]; then run ln -fs /etc/nginx/modules-available/mod-stream-js.conf \ - /etc/nginx/modules-enabled/50-mod-stream-js.conf.conf + /etc/nginx/modules-enabled/50-mod-stream-js.conf fi MOD_STREAM_ENABLED=true @@ -1661,14 +1803,14 @@ EOL # Enable more headers setting. if [[ "${NGX_HTTP_HEADERS_MORE}" == true && \ - -f /etc/nginx/modules-enabled/40-mod-http-headers-more-filter.conf ]]; then + -f /etc/nginx/modules-enabled/50-mod-http-headers-more-filter.conf ]]; then run sed -i "s|#more_set_headers|more_set_headers|g" \ /etc/nginx/nginx.conf fi # Enable Lua package path. if [[ "${NGX_HTTP_LUA}" == true && \ - -f /etc/nginx/modules-enabled/30-mod-http-lua.conf ]]; then + -f /etc/nginx/modules-enabled/40-mod-http-lua.conf ]]; then run sed -i "s|#lua_package_path|lua_package_path|g" \ /etc/nginx/nginx.conf fi @@ -1680,8 +1822,18 @@ EOL /etc/nginx/nginx.conf fi - # Allow server IP to fastCGI cache purge rule. - run sed -i "s/#allow\ SERVER_IP/allow\ ${SERVER_IP}/g" /etc/nginx/includes/rules_fastcgi_cache.conf + # Allow server IP to fastCGI cache purge remotely. + ALLOWED_SERVER_IP=$(get_ip_private) + run sed -i "s|#allow\ SERVER_IPV4|allow\ ${ALLOWED_SERVER_IP}|g" /etc/nginx/includes/rules_fastcgi_cache.conf + + ALLOWED_SERVER_IPV6=$(get_ipv6_private) + if [[ "${ALLOWED_SERVER_IPV6}x" != "x" ]]; then + run sed -i "s|#allow\ SERVER_IPV6|allow\ ${ALLOWED_SERVER_IPV6}|g" /etc/nginx/includes/rules_fastcgi_cache.conf + ALLOWED_SERVER_IP="${ALLOWED_SERVER_IP} ${ALLOWED_SERVER_IPV6}" + fi + + run sed -i "s|allow_SERVER_IP|${ALLOWED_SERVER_IP}|g" /etc/nginx/includes/rules_fastcgi_cache.conf + run sed -i "s|#fastcgi_cache_purge\ PURGE|fastcgi_cache_purge\ PURGE|g" /etc/nginx/includes/rules_fastcgi_cache.conf # Generate Diffie-Hellman parameters. local DH_LENGTH=${KEY_HASH_LENGTH:-2048} @@ -1692,9 +1844,6 @@ EOL run openssl dhparam -out "/etc/nginx/ssl/dhparam-${DH_LENGTH}.pem" "${DH_LENGTH}" fi - # Generate default hostname SSL cert. - generate_hostname_cert - # Nginx init script. if [ ! -f /etc/init.d/nginx ]; then run cp etc/init.d/nginx /etc/init.d/ @@ -1718,6 +1867,9 @@ EOL # Enable in start up. run systemctl enable nginx.service + # Generate default hostname SSL cert. + generate_hostname_cert + # Final test. if [[ "${DRYRUN}" != true ]]; then # Copy custom default vhost. @@ -1781,6 +1933,8 @@ EOL function generate_hostname_cert() { # Generate a new certificate for the hostname domain. + echo "Generate SSL certificate for default hostname ${HOSTNAME}" + if [[ "${ENVIRONMENT}" == prod* && $(dig "${HOSTNAME}" +short) == "${SERVER_IP}" ]]; then # Stop webserver first. run systemctl stop nginx.service diff --git a/scripts/install_php.sh b/scripts/install_php.sh index b861da7d..ec4b9b7f 100755 --- a/scripts/install_php.sh +++ b/scripts/install_php.sh @@ -1072,9 +1072,13 @@ function init_php_install() { if [[ "${IS_PKG_AVAIL}" -gt 0 ]]; then # Install PHP + default extensions. - install_php "${PHPV}" - install_php_loader "${PHPV}" "${OPT_PHP_LOADER}" - restart_php_fpm "${PHPV}" + if [[ -z $(command -v "php${PHPV}") ]]; then + install_php "${PHPV}" + install_php_loader "${PHPV}" "${OPT_PHP_LOADER}" + restart_php_fpm "${PHPV}" + else + info "PHP version ${PHPV} and it's extensions already exists, installation skipped." + fi else error "PHP ${PHPV} package is not available for your operating system." fi @@ -1098,25 +1102,15 @@ echo "[PHP & Extensions Installation]" # Start running things from a call at the end so if this script is executed # after a partial download it doesn't do anything. -if [[ -n $(command -v php7.1) || \ - -n $(command -v php7.2) || \ - -n $(command -v php7.3) || \ - -n $(command -v php7.4) || \ - -n $(command -v php8.0) || \ - -n $(command -v php8.1) || \ - -n $(command -v php8.2) || \ - -n $(command -v php8.3) -]]; then - info "All available PHP version already exists, installation skipped." -else - init_php_install "$@" - - # Set default PHP. - if [[ -n $(command -v "php${DEFAULT_PHP_VERSION}") ]]; then - run update-alternatives --set php "$(command -v "php${DEFAULT_PHP_VERSION}")" - run update-alternatives --set phar "$(command -v "phar${DEFAULT_PHP_VERSION}")" - run update-alternatives --set phar.phar "$(command -v "phar.phar${DEFAULT_PHP_VERSION}")" - run update-alternatives --set php-config "$(command -v "php-config${DEFAULT_PHP_VERSION}")" - run update-alternatives --set phpize "$(command -v "phpize${DEFAULT_PHP_VERSION}")" - fi -fi \ No newline at end of file +init_php_install "$@" + +# Set default PHP. +if [[ -n $(command -v "php${DEFAULT_PHP_VERSION}") ]]; then + echo "Set default PHP command line to version ${DEFAULT_PHP_VERSION}..." + + run update-alternatives --set php "$(command -v "php${DEFAULT_PHP_VERSION}")" + run update-alternatives --set phar "$(command -v "phar${DEFAULT_PHP_VERSION}")" + run update-alternatives --set phar.phar "$(command -v "phar.phar${DEFAULT_PHP_VERSION}")" + run update-alternatives --set php-config "$(command -v "php-config${DEFAULT_PHP_VERSION}")" + run update-alternatives --set phpize "$(command -v "phpize${DEFAULT_PHP_VERSION}")" +fi diff --git a/scripts/install_tools.sh b/scripts/install_tools.sh index c2dbc63d..2d3dfde9 100755 --- a/scripts/install_tools.sh +++ b/scripts/install_tools.sh @@ -32,28 +32,34 @@ function init_tools_install() { [ ! -d /etc/lemper/cli-plugins ] && run mkdir -p /etc/lemper/cli-plugins + run cp -f lib/lemper-account.sh /etc/lemper/cli-plugins/lemper-account && \ + run chmod ugo+x /etc/lemper/cli-plugins/lemper-account + run cp -f lib/lemper-adduser.sh /etc/lemper/cli-plugins/lemper-adduser && \ run chmod ugo+x /etc/lemper/cli-plugins/lemper-adduser run cp -f lib/lemper-site.sh /etc/lemper/cli-plugins/lemper-site && \ run chmod ugo+x /etc/lemper/cli-plugins/lemper-site - #run cp -f lib/lemper-create.sh /etc/lemper/cli-plugins/lemper-create && \ - #run chmod ugo+x /etc/lemper/cli-plugins/lemper-create && \ + run cp -f lib/lemper-create.sh /etc/lemper/cli-plugins/lemper-site-create && \ + run chmod ugo+x /etc/lemper/cli-plugins/lemper-site-create - run cp -f lib/lemper-create.sh /etc/lemper/cli-plugins/lemper-site-add && \ - run chmod ugo+x /etc/lemper/cli-plugins/lemper-site-add + [ -f /etc/lemper/cli-plugins/lemper-site-create ] && \ + run ln -fs /etc/lemper/cli-plugins/lemper-site-create /etc/lemper/cli-plugins/lemper-site-add - #run cp -f lib/lemper-manage.sh /etc/lemper/cli-plugins/lemper-manage && \ - #run chmod ugo+x /etc/lemper/cli-plugins/lemper-manage + run cp -f lib/lemper-manage.sh /etc/lemper/cli-plugins/lemper-site-manage && \ + run chmod ugo+x /etc/lemper/cli-plugins/lemper-site-manage - run cp -f lib/lemper-manage.sh /etc/lemper/cli-plugins/lemper-site-mod && \ - run chmod ugo+x /etc/lemper/cli-plugins/lemper-site-mod + [ -f /etc/lemper/cli-plugins/lemper-site-manage ] && \ + run ln -fs /etc/lemper/cli-plugins/lemper-site-manage /etc/lemper/cli-plugins/lemper-site-mod run cp -f lib/lemper-db.sh /etc/lemper/cli-plugins/lemper-db && \ run chmod ugo+x /etc/lemper/cli-plugins/lemper-db - run cp -f lib/lemper-sslgen.sh /etc/lemper/cli-plugins/lemper-selfssl && \ + [ -f /etc/lemper/cli-plugins/lemper-site-db ] && \ + run ln -fs /etc/lemper/cli-plugins/lemper-site-db /etc/lemper/cli-plugins/lemper-site-database + + run cp -f lib/lemper-selfssl.sh /etc/lemper/cli-plugins/lemper-selfssl && \ run chmod ugo+x /etc/lemper/cli-plugins/lemper-selfssl run cp -f lib/lemper-fixpermission.sh /etc/lemper/cli-plugins/lemper-fixpermission && \ @@ -116,7 +122,6 @@ function init_tools_install() { local CURRENT_DIR && \ CURRENT_DIR=$(pwd) run cd /usr/share/nginx/html/lcp/filemanager && \ - #run git pull run wget -q https://raw.githubusercontent.com/joglomedia/tinyfilemanager/lemperfm_1.3.0/index.php \ -O /usr/share/nginx/html/lcp/filemanager/index.php && \ run cd "${CURRENT_DIR}" || return 1 @@ -150,7 +155,7 @@ function init_tools_install() { CURRENT_DIR=$(pwd) run cd /usr/share/nginx/html/lcp/memcadmin && \ run git config --global --add safe.directory /usr/share/nginx/html/lcp/memcadmin && \ - run git pull && \ + run git pull -q && \ run cd "${CURRENT_DIR}" || return 1 fi @@ -224,6 +229,7 @@ EOL fi else run cd redisadmin && \ + run mv composer.lock composer.lock~ run "${COMPOSER_BIN}" -q update fi diff --git a/scripts/remove_nginx.sh b/scripts/remove_nginx.sh index 39bddacf..683b63a6 100755 --- a/scripts/remove_nginx.sh +++ b/scripts/remove_nginx.sh @@ -124,11 +124,20 @@ function init_nginx_removal() { fi if [[ "${REMOVE_NGX_CONFIG}" == Y* || "${REMOVE_NGX_CONFIG}" == y* ]]; then + run rm -fr /var/cache/nginx + run rm -fr /usr/share/nginx + run rm -fr /usr/lib/nginx run rm -fr /etc/nginx + + echo "All your Nginx installation and configuration files deleted permanently." + else run rm -fr /var/cache/nginx run rm -fr /usr/share/nginx + run rm -fr /usr/lib/nginx + run rm -fr /etc/nginx/modules-enabled/* + run rm -fr /etc/nginx/modules-available/* - echo "All your Nginx configuration files deleted permanently." + echo "All your Nginx installation files deleted permanently, configuration file preserved." fi # Final test. diff --git a/scripts/utils.sh b/scripts/utils.sh index 4e9c23d3..e2b38e05 100755 --- a/scripts/utils.sh +++ b/scripts/utils.sh @@ -523,6 +523,29 @@ function get_ip_public() { fi } +# Get server private IPv6 Address. +function get_ipv6_private() { + local SERVER_IPV6_PRIVATE && \ + SERVER_IPV6_PRIVATE=$(ip addr | grep 'inet6' | \ + grep -oE '(::)?[0-9a-fA-F]{1,4}(::?[0-9a-fA-F]{1,4}){1,7}(::)?' | head -1) + + echo "${SERVER_IPV6_PRIVATE}" +} + +# Get server public IPv6 Address. +function get_ipv6_public() { + local SERVER_IPV6_PRIVATE && SERVER_IPV6_PRIVATE=$(get_ipv6_private) + local SERVER_IPV6_PUBLIC && \ + SERVER_IPV6_PUBLIC=$(curl -sk --ipv6 --connect-timeout 10 --retry 3 --retry-delay 0 https://ipecho.net/plain) + + # Ugly hack to detect aws-lightsail public IP address. + if [[ "${SERVER_IPV6_PRIVATE}" == "${SERVER_IPV6_PUBLIC}" ]]; then + echo "${SERVER_IPV6_PRIVATE}" + else + echo "${SERVER_IPV6_PUBLIC}" + fi +} + # Make sure only supported distribution can run LEMPer script. function preflight_system_check() { # Set system distro version.