Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Ubuntu 22.04 + Apache v2.4.56 + NGINX v1.22.1 + PHP v8.2 + SSL (Let's Encrypt)
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Ubuntu 22.04 + Apache v2.4.56 + NGINX v1.22.1 + PHP v8.2 + SSL (Let's Encrypt)

NewbieInTrainingNewbieInTraining Member
in Help

Can someone provide me a guide or setup script for setting up Apache v2.4.56 + NGINX v1.22.1 + PHP v8.2 + SSL (Let's Encrypt) on a Ubuntu 22.04 VPS?

I want the speed of NGINX, but I also require full .htaccess support so therefore I think I also need Apache. I am under the impression I can use NGINX to proxy certain requests to Apache?

I need to be able to easily generate Let's Encrypt SSL certificates that automatically renew.

I want this to be as fast and performance optimized as possible. I would prefer to host this on a small VPS without using a control panel.

Can someone point me to a guide, video or setup script that is as close to this as possible?

Thank you!

Comments

  • yoursunnyyoursunny Member, IPv6 Advocate

    Mentally strong people rewrite htaccess into nginx config.

    Thanked by 1ariq01
  • NewbieInTrainingNewbieInTraining Member

    Think I'll try to use https://github.com/VirtuBox/nginx-ee for NGINX.

    @yoursunny said:
    Mentally strong people rewrite htaccess into nginx config.

    I'm not mentally strong enough unless these htaccess to nginx config converters work.

  • abytecuriousabytecurious Member

    LOL @yoursunny

    Usually when I encounter a combination that is not straightforward to install, I piece together separate tutorials and get it done.

    PHP install - https://www.digitalocean.com/community/tutorials/how-to-install-php-8-1-and-set-up-a-local-development-environment-on-ubuntu-22-04
    Apache + Nginx Reverse Proxy - https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-as-a-web-server-and-reverse-proxy-for-apache-on-one-ubuntu-20-04-server

    Since port 80 will be used by Nginx, you can look up any certbot tutorial for Nginx + Ubuntu. https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-22-04

    Thanked by 2NewbieInTraining yoursunny
  • ipguruipguru Member

    This may be a good starting point also:

    https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu-22-04

  • 4pple5auc34pple5auc3 Member 
    #!/bin/bash
APACHE_LISTEN="127.0.0.1:8080"
NGINX_LISTEN="0.0.0.0:443"
function install_apache() { sudo apt-get update && sudo apt-get install -y apache2; }
function configure_apache() {
    sudo sed -i "s/^Listen .*/Listen ${APACHE_LISTEN}/" /etc/apache2/ports.conf
    sudo mkdir -p /var/www/${DOMAIN}/public_html
    sudo chown -R www-data:www-data /var/www/${DOMAIN}
    sudo chmod -R 755 /var/www/${DOMAIN}
    sudo bash -c "cat > /etc/apache2/sites-available/${DOMAIN}.conf << EOL
<VirtualHost ${APACHE_LISTEN}>
    ServerAdmin admin@${DOMAIN}
    ServerName ${DOMAIN}
    ServerAlias www.${DOMAIN}
    DocumentRoot /var/www/${DOMAIN}/public_html
    ErrorLog \${APACHE_LOG_DIR}/${DOMAIN}-error.log
    CustomLog \${APACHE_LOG_DIR}/${DOMAIN}-access.log combined

    <Directory /var/www/${DOMAIN}/public_html>
        Options -Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>
EOL"
    sudo a2ensite ${DOMAIN}
    sudo sed -i "s/ServerTokens .*/ServerTokens Prod/" /etc/apache2/conf-available/security.conf
    sudo systemctl restart apache2
}
function configure_php_fpm() {
    sudo apt-get update && sudo apt-get install -y php8.2-fpm php8.2-opcache
    sudo bash -c "cat > /etc/php/8.2/fpm/conf.d/10-opcache.ini << EOL
[opcache]
; Enable OPcache
opcache.enable=1

; Enable OPcache for CLI (command line interface)
opcache.enable_cli=1

; Maximum amount of memory in megabytes used for storing compiled PHP scripts in the shared memory
opcache.memory_consumption=256

; The maximum number of keys (scripts) in the OPcache hash table
opcache.max_accelerated_files=10000

; The maximum percentage of wasted memory until a restart is scheduled
opcache.max_wasted_percentage=5

; If enabled, a fast shutdown sequence is used
opcache.fast_shutdown=1

; OPcache revalidate frequency (seconds)
opcache.revalidate_freq=60

; How long to wait (in seconds) for a scheduled restart if the cache is not being accessed
opcache.force_restart_timeout=180

; Disable file timestamps validation
opcache.validate_timestamps=0

; Enables or disables copying of PHP code (text segment) into the shared memory storage allocated by opcache.memory_consumption
opcache.interned_strings_buffer=16

; When disabled, all PHPDoc comments are dropped from the opcode cache to reduce the shared memory size
opcache.save_comments=0

; If disabled, all PHPDoc comments are loaded from disk on each file access, may slow down performance
opcache.load_comments=0
EOL"
    sudo bash -c "cat > /etc/php/8.2/fpm/conf.d/99-custom.ini << EOL
display_errors = Off
max_execution_time = 600
max_input_time = 120
max_input_vars = 5000
memory_limit = 1024M
post_max_size = 128M
upload_max_filesize = 128M
zlib.output_compression = Off
EOL"
    sudo systemctl enable php8.2-fpm
    sudo systemctl start php8.2-fpm
}
function install_nginx_ee() { bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --stable --pagespeed; }
function configure_nginx() {
    sudo sed -i '/http {/a \    server_tokens off;' /etc/nginx/nginx.conf
    sudo bash -c "cat > /etc/nginx/sites-available/${DOMAIN}.conf << EOL
server {
    listen 80;
    server_name ${DOMAIN} www.${DOMAIN};
    return 301 https://${DOMAIN}\$request_uri;
}

server {
    listen 80;
    server_name www.${DOMAIN};
    return 301 https://${DOMAIN}\$request_uri;
}

server {
    listen ${NGINX_LISTEN} ssl http2;
    server_name www.${DOMAIN};
    return 301 https://${DOMAIN}\$request_uri;
}

server {
    listen ${NGINX_LISTEN} ssl http2;
    server_name ${DOMAIN};

    ssl_certificate /etc/letsencrypt/live/${DOMAIN}/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/${DOMAIN}/privkey.pem;
    include /etc/nginx/snippets/ssl-params.conf;

    location / {
        proxy_pass http://${APACHE_LISTEN};
        proxy_set_header Host \$host;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto \$scheme;
    }
}
EOL"
    sudo ln -s /etc/nginx/sites-available/${DOMAIN}.conf /etc/nginx/sites-enabled/ && sudo systemctl restart nginx
}
function get_certbot_ssl() { sudo apt-get install -y certbot python3-certbot-nginx && sudo certbot --nginx -d ${DOMAIN} -d www.${DOMAIN} --agree-tos --no-eff-email --email admin@${DOMAIN}; }
function configure_certbot_renewal() {
    sudo bash -c "cat > /etc/cron.daily/certbot-renew << EOL
#!/bin/sh
certbot renew --quiet --post-hook 'systemctl reload nginx'
EOL"
    sudo chmod +x /etc/cron.daily/certbot-renew
}
echo "Enter the domain name:"
read DOMAIN
if [ -z "${DOMAIN}" ]; then echo "Domain name cannot be empty." && exit 1; fi
install_apache
configure_apache
configure_php_fpm
install_nginx_ee
configure_nginx
get_certbot_ssl
configure_certbot_renewal
echo "Installation and configuration of nginx-ee reverse proxy, Apache 2.4, PHP-FPM 8.2, and Let's Encrypt SSL for ${DOMAIN} completed."
  • suutsuut Member

    @4pple5auc3 said:
    #!/bin/bash
    APACHE_LISTEN="127.0.0.1:8080"
    NGINX_LISTEN="0.0.0.0:443"
    function install_apache() { sudo apt-get update && sudo apt-get install -y apache2; }
    function configure_apache() {
    sudo sed -i "s/^Listen ./Listen ${APACHE_LISTEN}/" /etc/apache2/ports.conf
    sudo mkdir -p /var/www/${DOMAIN}/public_html
    sudo chown -R www-data:www-data /var/www/${DOMAIN}
    sudo chmod -R 755 /var/www/${DOMAIN}
    sudo bash -c "cat > /etc/apache2/sites-available/${DOMAIN}.conf << EOL

    ServerAdmin admin@${DOMAIN}
    ServerName ${DOMAIN}
    ServerAlias www.${DOMAIN}
    DocumentRoot /var/www/${DOMAIN}/public_html
    ErrorLog \${APACHE_LOG_DIR}/${DOMAIN}-error.log
    CustomLog \${APACHE_LOG_DIR}/${DOMAIN}-access.log combined


    Options -Indexes FollowSymLinks
    AllowOverride All
    Require all granted


    EOL"
    sudo a2ensite ${DOMAIN}
    sudo sed -i "s/ServerTokens .    /ServerTokens Prod/" /etc/apache2/conf-available/security.conf
    sudo systemctl restart apache2
    }
    function configure_php_fpm() {
    sudo apt-get update && sudo apt-get install -y php8.2-fpm php8.2-opcache
    sudo bash -c "cat > /etc/php/8.2/fpm/conf.d/10-opcache.ini << EOL
    [opcache]
    ; Enable OPcache
    opcache.enable=1

    ; Enable OPcache for CLI (command line interface)
    opcache.enable_cli=1

    ; Maximum amount of memory in megabytes used for storing compiled PHP scripts in the shared memory
    opcache.memory_consumption=256

    ; The maximum number of keys (scripts) in the OPcache hash table
    opcache.max_accelerated_files=10000

    ; The maximum percentage of wasted memory until a restart is scheduled
    opcache.max_wasted_percentage=5

    ; If enabled, a fast shutdown sequence is used
    opcache.fast_shutdown=1

    ; OPcache revalidate frequency (seconds)
    opcache.revalidate_freq=60

    ; How long to wait (in seconds) for a scheduled restart if the cache is not being accessed
    opcache.force_restart_timeout=180

    ; Disable file timestamps validation
    opcache.validate_timestamps=0

    ; Enables or disables copying of PHP code (text segment) into the shared memory storage allocated by opcache.memory_consumption
    opcache.interned_strings_buffer=16

    ; When disabled, all PHPDoc comments are dropped from the opcode cache to reduce the shared memory size
    opcache.save_comments=0

    ; If disabled, all PHPDoc comments are loaded from disk on each file access, may slow down performance
    opcache.load_comments=0
    EOL"
    sudo bash -c "cat > /etc/php/8.2/fpm/conf.d/99-custom.ini << EOL
    display_errors = Off
    max_execution_time = 600
    max_input_time = 120
    max_input_vars = 5000
    memory_limit = 1024M
    post_max_size = 128M
    upload_max_filesize = 128M
    zlib.output_compression = Off
    EOL"
    sudo systemctl enable php8.2-fpm
    sudo systemctl start php8.2-fpm
    }
    function install_nginx_ee() { bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --stable --pagespeed; }
    function configure_nginx() {
    sudo sed -i '/http {/a \ server_tokens off;' /etc/nginx/nginx.conf
    sudo bash -c "cat > /etc/nginx/sites-available/${DOMAIN}.conf << EOL
    server {
    listen 80;
    server_name ${DOMAIN} www.${DOMAIN};
    return 301 https://${DOMAIN}\$request_uri;
    }

    server {
    listen 80;
    server_name www.${DOMAIN};
    return 301 https://${DOMAIN}\$request_uri;
    }

    server {
    listen ${NGINX_LISTEN} ssl http2;
    server_name www.${DOMAIN};
    return 301 https://${DOMAIN}\$request_uri;
    }

    server {
    listen ${NGINX_LISTEN} ssl http2;
    server_name ${DOMAIN};

    ssl_certificate /etc/letsencrypt/live/${DOMAIN}/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/${DOMAIN}/privkey.pem;
    include /etc/nginx/snippets/ssl-params.conf;

    location / {
    proxy_pass http://${APACHE_LISTEN};
    proxy_set_header Host \$host;
    proxy_set_header X-Real-IP \$remote_addr;
    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto \$scheme;
    }
    }
    EOL"
    sudo ln -s /etc/nginx/sites-available/${DOMAIN}.conf /etc/nginx/sites-enabled/ && sudo systemctl restart nginx
    }
    function get_certbot_ssl() { sudo apt-get install -y certbot python3-certbot-nginx && sudo certbot --nginx -d ${DOMAIN} -d www.${DOMAIN} --agree-tos --no-eff-email --email admin@${DOMAIN}; }
    function configure_certbot_renewal() {
    sudo bash -c "cat > /etc/cron.daily/certbot-renew << EOL
    #!/bin/sh
    certbot renew --quiet --post-hook 'systemctl reload nginx'
    EOL"
    sudo chmod +x /etc/cron.daily/certbot-renew
    }
    echo "Enter the domain name:"
    read DOMAIN
    if [ -z "${DOMAIN}" ]; then echo "Domain name cannot be empty." && exit 1; fi
    install_apache
    configure_apache
    configure_php_fpm
    install_nginx_ee
    configure_nginx
    get_certbot_ssl
    configure_certbot_renewal
    echo "Installation and configuration of nginx-ee reverse proxy, Apache 2.4, PHP-FPM 8.2, and Let's Encrypt SSL for ${DOMAIN} completed."

    Good job!

  • 4pple5auc34pple5auc3 Member

    2nd Attempt...

    #!/bin/bash
# This script installs and configures nginx-ee reverse proxy, Apache 2.4, PHP-FPM 8.2, and Let's Encrypt SSL for a given domain.

# Exit if any command fails
set -e

# Variables
APACHE_LISTEN="127.0.0.1:8080"
NGINX_LISTEN="0.0.0.0:443"

# Updates the package list on the system
function update_package_list() {
    sudo apt-get update
}

# Installs Apache 2.4 on the system
function install_apache() {
    sudo apt-get install -y apache2
}

# Configures Apache with a virtual host for the specified domain
function configure_apache() {
    sudo sed -i "s/^Listen .*/Listen ${APACHE_LISTEN}/" /etc/apache2/ports.conf
    sudo mkdir -p /var/www/${DOMAIN}/public_html
    sudo chown -R www-data:www-data /var/www/${DOMAIN}
    sudo chmod -R 755 /var/www/${DOMAIN}
    sudo bash -c "cat > /etc/apache2/sites-available/${DOMAIN}.conf << EOL
<VirtualHost ${APACHE_LISTEN}>
    ServerAdmin admin@${DOMAIN}
    ServerName ${DOMAIN}
    ServerAlias www.${DOMAIN}
    DocumentRoot /var/www/${DOMAIN}/public_html
    ErrorLog \${APACHE_LOG_DIR}/${DOMAIN}-error.log
    CustomLog \${APACHE_LOG_DIR}/${DOMAIN}-access.log combined
    <Directory /var/www/${DOMAIN}/public_html>
        Options -Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>
EOL"
    sudo a2ensite ${DOMAIN}
    sudo sed -i "s/ServerTokens .*/ServerTokens Prod/" /etc/apache2/conf-available/security.conf
    sudo systemctl restart apache2
}

# Installs and configures PHP-FPM 8.2 and the OPcache extension
function configure_php_fpm() {
    sudo apt-get install -y php8.2-fpm php8.2-opcache
    sudo bash -c "cat > /etc/php/8.2/fpm/conf.d/10-opcache.ini << EOL
[opcache]
; Enable OPcache
opcache.enable=1
; Maximum amount of memory in megabytes used for storing compiled PHP scripts in the shared memory
opcache.memory_consumption=256
; The maximum number of keys (scripts) in the OPcache hash table
opcache.max_accelerated_files=20000
; The maximum percentage of wasted memory until a restart is scheduled
opcache.max_wasted_percentage=15
; OPcache revalidate frequency (seconds)
opcache.revalidate_freq=60
; How long to wait (in seconds) for a scheduled restart if the cache is not being accessed
opcache.force_restart_timeout=300
; Disable file timestamps validation
opcache.validate_timestamps=0
; Enables or disables copying of PHP code (text segment) into the shared memory storage allocated by opcache.memory_consumption
opcache.interned_strings_buffer=32
; When disabled, all PHPDoc comments are dropped from the opcode cache to reduce the shared memory size
opcache.save_comments=0
EOL"
    sudo bash -c "cat > /etc/php/8.2/fpm/conf.d/99-custom.ini << EOL
display_errors = Off
max_execution_time = 600
max_input_time = 120
max_input_vars = 5000
memory_limit = 1024M
post_max_size = 128M
upload_max_filesize = 128M
zlib.output_compression = Off
EOL"
    sudo systemctl enable php8.2-fpm
    sudo systemctl start php8.2-fpm
}

# Installs nginx-ee with the stable version and PageSpeed module
function install_nginx_ee() {
    bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --stable --pagespeed
}

# Configures nginx as a reverse proxy for the specified domain
function configure_nginx() {
    sudo sed -i '/http {/a \    server_tokens off;' /etc/nginx/nginx.conf
    sudo bash -c "cat > /etc/nginx/sites-available/${DOMAIN}.conf << EOL
server {
    listen 80;
    server_name ${DOMAIN} www.${DOMAIN};
    return 301 https://${DOMAIN}\$request_uri;
}
server {
    listen ${NGINX_LISTEN} ssl http2;
    server_name www.${DOMAIN};
    return 301 https://${DOMAIN}\$request_uri;
}
server {
    listen ${NGINX_LISTEN} ssl http2;
    server_name ${DOMAIN};
    ssl_certificate /etc/letsencrypt/live/${DOMAIN}/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/${DOMAIN}/privkey.pem;
    include /etc/nginx/snippets/ssl-params.conf;
    location / {
        proxy_pass http://${APACHE_LISTEN};
        proxy_set_header Host \$host;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto \$scheme;
    }
}
EOL"
    sudo ln -s /etc/nginx/sites-available/${DOMAIN}.conf /etc/nginx/sites-enabled/ && sudo systemctl restart nginx
}

# Obtains an SSL certificate for the domain using Certbot and the Nginx plugin
function get_certbot_ssl() {
    sudo apt-get install -y certbot python3-certbot-nginx && sudo certbot --nginx -d ${DOMAIN} -d www.${DOMAIN} --agree-tos --no-eff-email --email admin@${DOMAIN}
}

# Configures the daily renewal of SSL certificates using Certbot
function configure_certbot_renewal() {
    sudo bash -c "cat > /etc/cron.daily/certbot-renew << EOL
#!/bin/sh
certbot renew --quiet --post-hook 'systemctl reload nginx'
EOL"
    sudo chmod +x /etc/cron.daily/certbot-renew
}

# Validates the specified domain name, ensuring it is not empty and is properly formatted
function validate_domain() {
    if [[ -z "${DOMAIN}" ]]; then
        echo "Domain name cannot be empty."
        exit 1
    fi

    if ! [[ "${DOMAIN}" =~ ^[A-Za-z0-9.-]+\.[A-Za-z]{2,}$ ]]; then
        echo "Invalid domain name."
        exit 1
    fi
}

# Main function that handles user input, domain validation, and runs all necessary functions
function main() {
    if [ -z "$1" ]; then
        echo "Enter the domain name:"
        read DOMAIN
    else
        DOMAIN="$1"
    fi

    validate_domain

    update_package_list
    install_apache
    configure_apache
    configure_php_fpm
    install_nginx_ee
    configure_nginx
    get_certbot_ssl
    configure_certbot_renewal

    echo "Installation and configuration of nginx-ee reverse proxy, Apache 2.4, PHP-FPM 8.2, and Let's Encrypt SSL for ${DOMAIN} completed."
}

main "$@"

    Sorry in advance if there are bugs or something, but this should get you most of the way there. Open to anyone fixing errors, making suggestions, improving it, etc. Tried to comment it this time.

    Thanked by 1fazar
  • 4pple5auc34pple5auc3 Member

    Also I'm not an OPCache expert, so I'd like some input on these values if performance is the focus. I'm also concerned about the cache not updating unless you restart it.

    ; The maximum percentage of wasted memory until a restart is scheduled
    opcache.max_wasted_percentage=15
    ; OPcache revalidate frequency (seconds)
    opcache.revalidate_freq=60
    ; How long to wait (in seconds) for a scheduled restart if the cache is not being accessed
    opcache.force_restart_timeout=300
    ; Disable file timestamps validation
    opcache.validate_timestamps=0
    ; Enables or disables copying of PHP code (text segment) into the shared memory storage allocated by opcache.memory_consumption
    opcache.interned_strings_buffer=32
    ; When disabled, all PHPDoc comments are dropped from the opcode cache to reduce the shared memory size
    opcache.save_comments=0

    Can someone smarter than me shed some light on these?

  • 4pple5auc34pple5auc3 Member 
    #!/bin/bash
# This script installs and configures nginx-ee reverse proxy, Apache 2.4, PHP-FPM 8.2, and Let's Encrypt SSL for a given domain.

# Exit if any command fails
set -e

# Variables
APACHE_LISTEN="127.0.0.1:8080"
NGINX_LISTEN="0.0.0.0:443"

# Updates the package list on the system
function update_package_list() {
    sudo apt-get update
}

# Installs Apache 2.4 on the system
function install_apache() {
    sudo apt-get install -y apache2
}

# Configures Apache with a virtual host for the specified domain
function configure_apache() {
    sudo sed -i "s/^Listen .*/Listen ${APACHE_LISTEN}/" /etc/apache2/ports.conf
    sudo mkdir -p /var/www/${DOMAIN}/public_html
    sudo chown -R www-data:www-data /var/www/${DOMAIN}
    sudo chmod -R 755 /var/www/${DOMAIN}
    sudo bash -c "cat > /etc/apache2/sites-available/${DOMAIN}.conf << EOL
<VirtualHost ${APACHE_LISTEN}>
    ServerAdmin admin@${DOMAIN}
    ServerName ${DOMAIN}
    ServerAlias www.${DOMAIN}
    DocumentRoot /var/www/${DOMAIN}/public_html
    ErrorLog \${APACHE_LOG_DIR}/${DOMAIN}-error.log
    CustomLog \${APACHE_LOG_DIR}/${DOMAIN}-access.log combined
    <Directory /var/www/${DOMAIN}/public_html>
        Options -Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>
EOL"
    sudo a2ensite ${DOMAIN}
    sudo sed -i "s/ServerTokens .*/ServerTokens Prod/" /etc/apache2/conf-available/security.conf
    sudo systemctl restart apache2
}

# Installs and configures PHP-FPM 8.2 and the OPcache extension
function configure_php_fpm() {
    sudo apt-get install -y php8.2-fpm php8.2-opcache
    sudo bash -c "cat > /etc/php/8.2/fpm/conf.d/10-opcache.ini << EOL
[opcache]
; Enable OPcache
opcache.enable=1
; Maximum amount of memory in megabytes used for storing compiled PHP scripts in the shared memory
opcache.memory_consumption=256
; The maximum number of keys (scripts) in the OPcache hash table
opcache.max_accelerated_files=20000
; The maximum percentage of wasted memory until a restart is scheduled
opcache.max_wasted_percentage=15
; OPcache revalidate frequency (seconds)
opcache.revalidate_freq=60
; How long to wait (in seconds) for a scheduled restart if the cache is not being accessed
opcache.force_restart_timeout=300
; Disable file timestamps validation
opcache.validate_timestamps=0
; Enables or disables copying of PHP code (text segment) into the shared memory storage allocated by opcache.memory_consumption
opcache.interned_strings_buffer=32
; When disabled, all PHPDoc comments are dropped from the opcode cache to reduce the shared memory size
opcache.save_comments=0
EOL"
    sudo bash -c "cat > /etc/php/8.2/fpm/conf.d/99-custom.ini << EOL
display_errors = Off
max_execution_time = 600
max_input_time = 120
max_input_vars = 5000
memory_limit = 1024M
post_max_size = 128M
upload_max_filesize = 128M
zlib.output_compression = Off
EOL"
    sudo systemctl enable php8.2-fpm
    sudo systemctl start php8.2-fpm
}

# Installs nginx-ee with the stable version and PageSpeed module
function install_nginx_ee() {
    bash <(wget -O - vtb.cx/nginx-ee || curl -sL vtb.cx/nginx-ee) --stable --pagespeed
}

# Configures nginx as a reverse proxy for the specified domain
function configure_nginx() {
    sudo sed -i '/http {/a \    server_tokens off;' /etc/nginx/nginx.conf
    sudo bash -c "cat > /etc/nginx/sites-available/${DOMAIN}.conf << EOL
server {
    listen 80;
    server_name ${DOMAIN} www.${DOMAIN};
    return 301 https://${DOMAIN}\$request_uri;
}
server {
    listen ${NGINX_LISTEN} ssl http2;
    server_name www.${DOMAIN};
    return 301 https://${DOMAIN}\$request_uri;
}
server {
    listen ${NGINX_LISTEN} ssl http2;
    server_name ${DOMAIN};
    ssl_certificate /etc/letsencrypt/live/${DOMAIN}/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/${DOMAIN}/privkey.pem;
    include /etc/nginx/snippets/ssl-params.conf;

    location ~ \.htaccess {
        deny all;
    }

    location / {
        autoindex off;
        try_files \$uri \$uri/ @apache;
    }

    location ~ \.php\$ {
        proxy_pass http://${APACHE_LISTEN};
        proxy_set_header Host \$host;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto \$scheme;
    }

    location @apache {
        proxy_pass http://${APACHE_LISTEN};
        proxy_set_header Host \$host;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto \$scheme;
    }
}
EOL"
    sudo ln -s /etc/nginx/sites-available/${DOMAIN}.conf /etc/nginx/sites-enabled/ && sudo systemctl restart nginx
}

# Obtains an SSL certificate for the domain using Certbot and the Nginx plugin
function get_certbot_ssl() {
    sudo apt-get install -y certbot python3-certbot-nginx && sudo certbot --nginx -d ${DOMAIN} -d www.${DOMAIN} --agree-tos --no-eff-email --email admin@${DOMAIN}
}

# Configures the daily renewal of SSL certificates using Certbot
function configure_certbot_renewal() {
    sudo bash -c "cat > /etc/cron.daily/certbot-renew << EOL
#!/bin/sh
certbot renew --quiet --post-hook 'systemctl reload nginx'
EOL"
    sudo chmod +x /etc/cron.daily/certbot-renew
}

# Validates the specified domain name, ensuring it is not empty and is properly formatted
function validate_domain() {
    if [[ -z "${DOMAIN}" ]]; then
        echo "Domain name cannot be empty."
        exit 1
    fi

    if ! [[ "${DOMAIN}" =~ ^[A-Za-z0-9.-]+\.[A-Za-z]{2,}$ ]]; then
        echo "Invalid domain name."
        exit 1
    fi
}

# Main function that handles user input, domain validation, and runs all necessary functions
function main() {
    if [ -z "$1" ]; then
        echo "Enter the domain name:"
        read DOMAIN
    else
        DOMAIN="$1"
    fi

    validate_domain

    update_package_list
    install_apache
    configure_apache
    configure_php_fpm
    install_nginx_ee
    configure_nginx
    get_certbot_ssl
    configure_certbot_renewal

    echo "Installation and configuration of nginx-ee reverse proxy, Apache 2.4, PHP-FPM 8.2, and Let's Encrypt SSL for ${DOMAIN} completed."
}

main "$@"

    Making it so Apache handles php and htaccess files while nginx serves everything else. Hopefully someone smarter can go through this and verify its all correct but I'm doing my best to make my first automated server setup script.

  • i4P1i4P1 Member

    https://lnmp.org/install.html

  • 4pple5auc34pple5auc3 Member

    @i4P1 said:
    https://lnmp.org/install.html

    Dang, guess I wasted my time as something very similar already exists. Thanks for the link.

Sign In or Register to comment.