From 928e3ae04cd604ff4b0dfca2e72c9086fc7df79f Mon Sep 17 00:00:00 2001 From: Joby Elliott Date: Tue, 22 Oct 2024 20:32:46 -0600 Subject: [PATCH] bug fixes --- install.sh | 0 install/00-update-install.sh | 0 install/01-nginx-default-root.sh | 0 install/certbot.sh | 0 install/fail2ban-nginx.sh | 0 install/mysql.sh | 0 install/nginx-conf.sh | 0 install/nginx-conf/40-gzip.conf | 6 ---- install/nginx-conf/40-php-config.conf | 10 ------ install/nginx-snippets.sh | 32 +++++++++++++++++++ .../ssl.conf} | 0 install/sshd_websftpusers.sh | 0 install/swap.sh | 0 install/unattended-upgrades.sh | 0 site-config.conf | 14 +++++++- 15 files changed, 45 insertions(+), 17 deletions(-) mode change 100644 => 100755 install.sh mode change 100644 => 100755 install/00-update-install.sh mode change 100644 => 100755 install/01-nginx-default-root.sh mode change 100644 => 100755 install/certbot.sh mode change 100644 => 100755 install/fail2ban-nginx.sh mode change 100644 => 100755 install/mysql.sh mode change 100644 => 100755 install/nginx-conf.sh delete mode 100644 install/nginx-conf/40-gzip.conf delete mode 100644 install/nginx-conf/40-php-config.conf create mode 100755 install/nginx-snippets.sh rename install/{nginx-conf/10-ssl-config.conf => nginx-snippets/ssl.conf} (100%) mode change 100644 => 100755 install/sshd_websftpusers.sh mode change 100644 => 100755 install/swap.sh mode change 100644 => 100755 install/unattended-upgrades.sh diff --git a/install.sh b/install.sh old mode 100644 new mode 100755 diff --git a/install/00-update-install.sh b/install/00-update-install.sh old mode 100644 new mode 100755 diff --git a/install/01-nginx-default-root.sh b/install/01-nginx-default-root.sh old mode 100644 new mode 100755 diff --git a/install/certbot.sh b/install/certbot.sh old mode 100644 new mode 100755 diff --git a/install/fail2ban-nginx.sh b/install/fail2ban-nginx.sh old mode 100644 new mode 100755 diff --git a/install/mysql.sh b/install/mysql.sh old mode 100644 new mode 100755 diff --git a/install/nginx-conf.sh b/install/nginx-conf.sh old mode 100644 new mode 100755 diff --git a/install/nginx-conf/40-gzip.conf b/install/nginx-conf/40-gzip.conf deleted file mode 100644 index 0b2abcb..0000000 --- a/install/nginx-conf/40-gzip.conf +++ /dev/null @@ -1,6 +0,0 @@ -# Turn on gzip compression -gzip on; -gzip_vary on; -gzip_proxied any; -gzip_comp_level 6; -gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml; \ No newline at end of file diff --git a/install/nginx-conf/40-php-config.conf b/install/nginx-conf/40-php-config.conf deleted file mode 100644 index e50dd6f..0000000 --- a/install/nginx-conf/40-php-config.conf +++ /dev/null @@ -1,10 +0,0 @@ -# Basic PHP configuration -location ~ \.php$ { - limit_req zone=php burst=20 nodelay; - try_files $uri =404; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass unix:/var/run/php/php-fpm.sock; - fastcgi_index index.php; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; -} \ No newline at end of file diff --git a/install/nginx-snippets.sh b/install/nginx-snippets.sh new file mode 100755 index 0000000..f3df5f9 --- /dev/null +++ b/install/nginx-snippets.sh @@ -0,0 +1,32 @@ +#!/bin/bash + +# Check if script is run as root +if [ "$EUID" -ne 0 ]; then + echo "Please run as root or with sudo" + exit 1 +fi + +# Get the directory where this script is located +SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +# Define source and destination directories using absolute path +SRC_DIR="$SCRIPT_DIR/nginx-snippets" +DEST_DIR="/etc/nginx/snippets" + +# Check if source directory exists +if [ ! -d "$SRC_DIR" ]; then + echo "Source directory '$SRC_DIR' not found" + exit 1 +fi + +# Create destination directory if it doesn't exist +mkdir -p "$DEST_DIR" + +# Copy all .conf files +echo "Copying configuration files..." +cp -v "$SRC_DIR"/*.conf "$DEST_DIR/" + +# Set proper permissions +echo "Setting permissions..." +chown root:root "$DEST_DIR"/*.conf +chmod 644 "$DEST_DIR"/*.conf diff --git a/install/nginx-conf/10-ssl-config.conf b/install/nginx-snippets/ssl.conf similarity index 100% rename from install/nginx-conf/10-ssl-config.conf rename to install/nginx-snippets/ssl.conf diff --git a/install/sshd_websftpusers.sh b/install/sshd_websftpusers.sh old mode 100644 new mode 100755 diff --git a/install/swap.sh b/install/swap.sh old mode 100644 new mode 100755 diff --git a/install/unattended-upgrades.sh b/install/unattended-upgrades.sh old mode 100644 new mode 100755 diff --git a/site-config.conf b/site-config.conf index c1a16ef..f4191b2 100644 --- a/site-config.conf +++ b/site-config.conf @@ -12,9 +12,10 @@ server { listen [::]:443 ssl http2; server_name .$DOMAIN; - # SSL certificates + # SSL configuration ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem; + include snippets/ssl.conf; # Apply general rate limit limit_req zone=general burst=100 nodelay; @@ -72,6 +73,17 @@ server { fastcgi_param SCRIPT_FILENAME $document_root/router.php; } + # Basic PHP configuration + location ~ \.php$ { + limit_req zone=php burst=20 nodelay; + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/var/run/php/php-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + # Static file handling location ~* ^.+\.((?!php).)*$ { expires 30d;