Merge pull request #131 from joglomedia/2.x.x

## v2.6.0

### New Features
- Add LEMPer's installation wrapper script ( https://github.com/joglomedia/LEMPer/blob/2.x.x/lemper.sh )
- Generate default LE's certificate for hostname domain on production environment
- Intro to new CLI command `lemper-cli site`

### Bugs Fix
- Installer not working on Ubuntu ( Issue #126 )
- locale-gen: command not found ( Issue #127 )
- VSFTPD error install: cannot create regular file ( Issue #128 )
- VSFTPD error Server sent passive reply with unroutable address ( Issue #129 )
- Postfix warning: do not list domain dev.localhost.localdomain in BOTH mydestination and virtual_alias_domains ( Issue #130 )
- Nginx Lua module installation error
- PHP multiple version installation error

### Enhancements
- Much more script enhancements

.env.dist

@@ -7,11 +7,11 @@
 # Auto install, true for auto installation,
 # false for manual or guided installation.
 AUTO_INSTALL=true
-FORCE_INSTALL=true
+FORCE_INSTALL=false
 
 # Cleanup existing LEMP / LAMP stack installation.
 AUTO_REMOVE=true
-FORCE_REMOVE=true
+FORCE_REMOVE=false
 
 # Dry run install, true for testing only.
 DRYRUN=false
@@ -26,15 +26,15 @@ ENABLE_SWAP=true
 LOGGING=true
 
 # Path to the install log file.
-LOG_FILE="./lemper_install.log"
+LOG_FILE="./install.log"
 
 # LEMPer build directorty, will be removed after installation.
 BUILD_DIR="/tmp/lemper"
 
 [lemper]
 # LEMP stack environment.
 # Use development for local environment or production for live environment.
-ENVIRONMENT="production"
+ENVIRONMENT="development"
 
 # In production, server hostname must be valid FQDN format (e.g. hostname.domain.ext).
 SERVER_HOSTNAME=""
@@ -93,14 +93,14 @@ NGINX_WITH_CUSTOMSSL=false
 
 # Available custom SSL version: e.g. openssl-1.1.1g, libressl-3.0.0
 # leave empty to use stack default OpenSSL.
-NGINX_CUSTOMSSL_VERSION="openssl-1.1.1g"
+NGINX_CUSTOMSSL_VERSION="openssl-1.1.1l"
 
 # Build with PCRE JIT.
 NGINX_WITH_PCRE=false
 
-# PCRE JIT version (requires PCRE 8.20 and latest): e.g. pcre-8.44, pcre2-10.35
-# get the PCRE version from here https://ftp.pcre.org/pub/pcre/
-NGINX_PCRE_VERSION="pcre-8.44"
+# PCRE JIT version (requires PCRE 8.20 and latest): e.g. 8.44, 8.45
+# get the PCRE version from here http://www.pcre.org/
+NGINX_PCRE_VERSION="8.45"
 
 # Extra parameters,
 # requires Nginx installation from source.
@@ -120,15 +120,27 @@ NGX_HTTP_GEOIP=true
 # GeoIP2 with MaxMind GeoLite2 database. GeoLite2 license key is required,
 # Get it from here https://www.maxmind.com/en/geolite2/signup
 NGX_HTTP_GEOIP2=false
-GEOLITE2_LICENSE_KEY=""
+GEOLITE2_LICENSE_KEY="zHccSDDcvqS4A0Ps"
 
 NGX_HTTP_HEADERS_MORE=true
 NGX_HTTP_IMAGE_FILTER=true
-NGX_HTTP_LUA=false
 NGX_HTTP_MEMCACHED=false
 NGX_HTTP_NAXSI=false
 NGX_HTTP_NDK=false
 NGX_HTTP_JS=false
+
+# Build with Lua JIT module.
+NGX_HTTP_LUA=false
+
+# Lua JIT module requires LuaJIT 2.1 and latest: e.g. v2.1-20211210, v2.1-20220111
+# LuaJIT2 version from here https://github.com/openresty/luajit2/tags
+# Lua Resty Core version from here https://github.com/openresty/lua-resty-core
+# Lua Resty LRU Cache version from here https://github.com/openresty/lua-resty-lrucache
+LUA_JIT_VERSION="v2.1-20220111"
+LUA_NGINX_MODULE_VERSION="v0.10.20"
+LUA_RESTY_CORE_VERSION="v0.1.22"
+LUA_RESTY_LRUCACHE_VERSION="v0.11"
+
 NGX_HTTP_PASSENGER=false
 NGX_HTTP_REDIS2=false
 NGX_HTTP_SUBS_FILTER=true
@@ -148,17 +160,17 @@ NGINX_RATE_LIMIT_REQUESTS=100
 [php]
 INSTALL_PHP=true
 
-# It is highly recommended to install PHP version 7.4 or greater. 
+# It is highly recommended to install PHP version 7.4 or greater.
 # Installing multiple versions is supported, separate version by space.
-PHP_VERSIONS="7.4 8.0"
+PHP_VERSIONS="7.4 8.0 8.1"
 
-# Additional PHP modules (extensions) to install. 
+# Additional PHP modules (extensions) to install.
 # Installing multiple extension is supported, separate version by space.
 # Type only the extension name (without php*-).
-PHP_EXTENSIONS="geoip gnupg imagick igbinary json mcrypt memcache memcached msgpack openswoole libsodium"
+PHP_EXTENSIONS="geoip gnupg imagick igbinary json mcrypt memcache memcached msgpack openswoole sodium"
 
 # DO NOT CHANGE
-DEFAULT_PHP_VERSION="7.4"
+DEFAULT_PHP_VERSION="8.0"
 
 [php-loader]
 # PHP Loader is a PHP extension (module) that enables PHP
@@ -192,8 +204,8 @@ INSTALL_IMAGEMAGICK=true
 # Available ImageMagick & PHP module installer: repo | source
 IMAGEMAGICK_INSTALLER="repo"
 
-# Available ImageMagick version: 6.9.10-62 | 7.1.0-8 | latest
-IMAGEMAGICK_VERSION="7.1.0-8"
+# Available ImageMagick version: 6.9.12-36 | 7.1.0-21 | latest
+IMAGEMAGICK_VERSION="7.1.0-21"
 
 [mysql]
 INSTALL_MYSQL=true
@@ -236,19 +248,19 @@ INSTALL_MONGODB=false
 MONGODB_VERSION="5.0"
 
 # MongoDB default admin account.
-MONGODB_ADMIN_USER="lemperdb"
+MONGODB_ADMIN_USER="lempermo"
 MONGODB_ADMIN_PASSWORD=""
 
 [redis]
-INSTALL_REDIS=false
+INSTALL_REDIS=true
 
 # Available installer: repo | source.
 REDIS_INSTALLER="repo"
 
 # Available Redis version: 6.2.5 or stable.
 REDIS_VERSION="stable"
 
-# Enable pass authentication.
+# Enable password authentication.
 REDIS_REQUIRE_PASSWORD=false
 REDIS_PASSWORD=""
 
@@ -261,20 +273,28 @@ VSFTPD_INSTALLER="source"
 # Available version: 3.0.5 or latest.
 VSFTPD_VERSION="3.0.5"
 
+# Enable FTP over TLS.
+VSFTPD_SSL_ENABLE=true
+
+# Range of passv ports.
+FTP_MIN_PORT=45000
+FTP_MAX_PORT=45099
+
 [dns]
 # TODO: Install DNS server.
 
 [mailer]
 # Install basic Mailer based on Postfix & Dovecot.
-INSTALL_MAILER=false
-INSTALL_SPFDKIM=false
+INSTALL_MAILER=true
+INSTALL_SPFDKIM=true
 
-# Sender domain is required, default sets to hostname.
-# Ensure that the hostname/sender domain already pointed to this server IP address.
-SENDER_DOMAIN="example.com"
+# Sender domain is required, if left empty it will be sets to the default hostname domain.
+# Ensure that the hostname or sender domain already pointed to this server IP address.
+SENDER_DOMAIN=""
 
 [certbot]
 INSTALL_CERTBOT=true
+HOSTNAME_CERT_PATH=""
 
 [firewall]
 INSTALL_FW=true

.github/workflows/main.yml

@@ -25,6 +25,7 @@ jobs:
           sed -i "s/SERVER_HOSTNAME=\"\"/SERVER_HOSTNAME=\"gh-ci.lemper.cloud\"/g" .env
           sed -i "s/SERVER_IP=\"\"/SERVER_IP=\"127.0.0.1\"/g" .env
           sed -i "s/AUTO_INSTALL=false/AUTO_INSTALL=true/g" .env
+          sed -i "s/FORCE_INSTALL=false/FORCE_INSTALL=true/g" .env
           sed -i "s/AUTO_REMOVE=false/AUTO_REMOVE=true/g" .env
           sed -i "s/FORCE_REMOVE=false/FORCE_REMOVE=true/g" .env
           sed -i "s/LEMPER_ADMIN_EMAIL=\"mail@example.com\"/LEMPER_ADMIN_EMAIL=\"me@masedi.net\"/g" .env
@@ -57,15 +58,16 @@ jobs:
           TERM: xterm-256color
         run: |
           set -ex
+          shellcheck -s bash -x lemper.sh
           shellcheck -s bash -x install.sh
           shellcheck -s bash -x remove.sh
           shellcheck -s bash -x bin/lemper-*.sh
           shellcheck -s bash -x lib/lemper-*.sh
-          shellcheck -s bash -x scripts/cleanup_server.sh
           shellcheck -s bash -x scripts/helper.sh
+          shellcheck -s bash -x scripts/cleanup_server.sh
+          shellcheck -s bash -x scripts/secure_server.sh
           shellcheck -s bash -x scripts/install_*.sh
           shellcheck -s bash -x scripts/remove_*.sh
-          shellcheck -s bash -x scripts/secure_server.sh
       # Simple Unit Tests
       - name: Run unit testing
         env:

.gitignore

@@ -1,16 +1,18 @@
 .env
+.env~
+.env.bak
 .env.save
 .travis.yml
+install.log
 lemper.log
-lemper.sh
-scripts/install_ffmpeg.sh
-scripts/createssl.sh
-scripts/mysqltuner.pl
+lemper_install.log
+LEMPer.wiki
 bin/lemper-cli-enc
 bin/lemper-cli-enc.sh
 bin/lemper-cli-enc.sh.x.c
 bin/lemperography.php
-LEMPer.wiki
-install.log
 #lib/lemper-create.sh
-#lib/lemper-manage.sh
+#lib/lemper-manage.sh
+scripts/install_ffmpeg.sh
+scripts/createssl.sh
+scripts/mysqltuner.pl

README.md

@@ -19,40 +19,50 @@ LEMPer stands for Linux, Engine-X (Nginx), MariaDB and PHP installer written in
 
 ## Features
 
-* Nginx from [Ondrej's](https://launchpad.net/~ondrej/+archive/ubuntu/nginx) repository.
-* Nginx build from [source](https://github.com/nginx/nginx) with [Mod PageSpeed](https://github.com/apache/incubator-pagespeed-ngx) module.
-* Nginx with FastCGI cache enable & disable feature (via LEMPer CLI).
-* Nginx pre-configured optimization for low-end VPS/cloud server. Need reliable VPS/cloud server? Get one from [UpCloud](https://masedi.net/upcloud/) or [DigitalOcean](https://masedi.net/digitalocean/).
-* Nginx virtual host (vhost) configuration optimized for WordPress, and several PHP Frameworks.
-* Support HTTP/2 natively for your secure website.
-* Free SSL certificates from [Let's Encrypt](https://letsencrypt.org/).
-* Get an A+ grade on several SSL Security Test ([Qualys SSL Labs](https://www.ssllabs.com/ssltest/analyze.html?d=masedi.net), [ImmuniWeb](https://www.immuniweb.com/ssl/?id=bVrykFnK), and Wormly).
-* Multiple PHP versions 5.6 [EOL], 7.0 [EOL], 7.1 [EOL], 7.2 [EOL], 7.3 [SFO], 7.4, 8.0, 8.1 from [Ondrej's repository](https://launchpad.net/~ondrej/+archive/ubuntu/php).
-* Run PHP as user who own the file (Multi-user isolation via FPM pool). Feel the faster Nginx with secure multi-user environment like a top-notch shared hosting.
-* Supported PHP Framework and CMS:
-  * Vanilla PHP: default,
-  * Framework: codeigniter, laravel, lumen, phalcon, symfony,
-  * CMS: drupal, mautic, roundcube, sendy, wordpress, wordpress-ms (multi-site), and
-  * more coming soon.
-* PHP Zend OPcache.
-* PHP Loader, ionCube & SourceGuardian.
+* Nginx - A high performance web server and a reverse proxy server.
+  * Community package from [Ondrej's Nginx repository](https://launchpad.net/~ondrej/+archive/ubuntu/nginx).
+  * Custom build from [source](https://github.com/nginx/nginx) featured with :
+    * [Brotli module](https://github.com/google/ngx_brotli.git) an alternative compression to Gzip
+    * [Lua Nginx module](https://github.com/openresty/lua-nginx-module) with LuaJIT 2 library
+    * [PageSpeed module](https://github.com/apache/incubator-pagespeed-ngx) an automatic PageSpeed optimization
+    * FastCGI [cache purge module](https://github.com/nginx-modules/ngx_cache_purge.git) for atomic cache purging
+    * Customizable SSL library: OpenSSL (default), LibreSSL, and BoringSSL
+    * and much more useful 3rd-party modules.
+  * Pre-configured optimization for low-end VPS/cloud server. Need reliable VPS/cloud server? Get one from [UpCloud](https://masedi.net/upcloud/) or [DigitalOcean](https://masedi.net/digitalocean/).
+  * Nginx virtual host (vhost) configuration optimized for WordPress and several PHP Frameworks.
+  * Support HTTP/2 natively for your secure website.
+  * Free SSL certificates from [Let's Encrypt](https://letsencrypt.org/).
+  * Get an A+ grade on several SSL Security Test ([Qualys SSL Labs](https://www.ssllabs.com/ssltest/analyze.html?d=masedi.net), [ImmuniWeb](https://www.immuniweb.com/ssl/?id=bVrykFnK), and Wormly).
+* PHP - Most used language that [powers 78.9% of all websites](https://w3techs.com/technologies/details/pl-php) around the universe.
+  * Community package from [Ondrej's PHP repository](https://launchpad.net/~ondrej/+archive/ubuntu/php).
+  * Multiple PHP versions 5.6 [EOL], 7.0 [EOL], 7.1 [EOL], 7.2 [EOL], 7.3 [EOL], 7.4 [SFO], 8.0, 8.1 (Latest).
+  * Run PHP as user who own the file (Multi-user isolation via FPM pool).
+  * Feel the faster Nginx with secure multi-user environment like a top-notch shared hosting.
+  * Supported PHP Framework and CMS:
+    * Vanilla PHP: default,
+    * Framework: codeigniter, laravel, lumen, phalcon, symfony,
+    * CMS: drupal, mautic, roundcube, sendy, wordpress, wordpress-ms (multi-site), and
+    * more coming soon.
+  * PHP Zend OPcache.
+  * PHP Loader, ionCube & SourceGuardian.
 * SQL database with MariaDB 10 (MySQL drop-in replacement).
 * NoSQL database with MongoDB.
-* In-memory database with Redis.
-* Memory cache with Memcached.
-* FTP server with VSFTPD or Pure-FTPd.
-* [Adminer](https://www.adminer.org/) web-based SQL & MongoDB database manager (PhpMyAdmin replacement).
-* [phpRedisAdmin](https://github.com/erikdubbelboer/phpRedisAdmin) web-based Redis database manager.
-* [phpMemcachedAdmin](https://github.com/elijaa/phpmemcachedadmin) web-based Memcached manager.
-* [TinyFileManager](https://github.com/joglomedia/tinyfilemanager) alternative web-based filemanager (Experimental).
+* Key-value store database with Redis.
+* In-memory cache with Memcached.
+* FTP server with VSFTPD or Pure-FTPd (_coming soon_).
+* Web-based administration tools:
+  * [Adminer](https://www.adminer.org/) web-based SQL & MongoDB database manager (PhpMyAdmin replacement).
+  * [phpRedisAdmin](https://github.com/erikdubbelboer/phpRedisAdmin) web-based Redis database manager.
+  * [phpMemcachedAdmin](https://github.com/elijaa/phpmemcachedadmin) web-based Memcached manager.
+  * [TinyFileManager](https://github.com/joglomedia/tinyfilemanager) alternative web-based filemanager (Experimental).
 
 ## Setting Up
 
 * Ensure that you have git installed.
-* Clone LEMPer Git repositroy, ```git clone https://github.com/joglomedia/LEMPer.git```.
-* Enter LEMPer directory.
-* Make a copy of .env.dist to .env ```cp .env.dist .env``` and replace the values.
-* Execute install.sh file, ```sudo ./install.sh```.
+* Clone LEMPer Git repositroy, ```git clone https://github.com/joglomedia/LEMPer.git```
+* Enter LEMPer directory
+* Checkout to the desired version, ```git checkout 2.x.x```
+* Make a copy of .env.dist to .env ```cp .env.dist .env``` and replace the values
 
 ### Install LEMPer Stack
 
@@ -81,22 +91,23 @@ Here are some examples of using LEMPer CLI.
 ##### LEMPer CLI add new vhost / website
 
 ```bash
-sudo lemper-cli create -u ${USER} -d example.test -f wordpress -w ${HOME}/webapps/example.test --install-skeleton
+lemper-cli site add -u ${USER} -d example.test -f wordpress \
+-w ${HOME}/webapps/example.test --install-app
 ```
 
 :warning: For local/development environment, in order to make the test domain (e.g. example.test) working as expected, you need to do a small workaround by modifying the `/etc/hosts` file. By adding the local domain name to the hosts file and assign it with local/private IP address.
 
-Since version 2.4.0 this workaround could be done via `lemper-cli` by passing `--ipv4` parameter and assign it with private IP address, as below:
+Since version 2.4.0, this workaround could be done via `lemper-cli` by passing `--ipv4` parameter and assign it with private IP address, as below:
 
 ```bash
-sudo lemper-cli create -u ${USER} -d example.test -f wordpress \ 
--w ${HOME}/webapps/example.test --ipv4=127.0.10.1 --install-skeleton
+lemper-cli site add -u ${USER} -d example.test -f wordpress \ 
+-w ${HOME}/webapps/example.test --ipv4=127.0.10.1 --install-app
 ```
 
 For more info
 
 ```bash
-sudo lemper-cli create --help
+lemper-cli site add --help
 ```
 
 ##### LEMPer CLI manage vhost / website
@@ -154,15 +165,18 @@ http://YOUR_DOMAIN_NAME:8082/lcp/filemanager
 * [x] Add network security (iptable rules, firewall configurator, else?)
 * [x] Add database backup tool (Mariabackup, Percona Xtrabackup, else?)
 * [x] Add enhanced security (AppArmor, cgroups, jailkit (chrooted/jail users), fail2ban, else?)
+* [ ] Add CrowdSec a modern Host-based Intrusion Detection System (replacement option for Fail2ban)
+* [ ] Add NodeJS installation to support modern web frontend development
+* [ ] Add Pure-FTPd installation as an alternative option to VSFTPD
 * [ ] Add file backup tool (Borg, Duplicati, Rclone, Restic, Rsnapshot, else?)
 * [ ] Add server monitoring (Amplify, Monit, Nagios, else?)
 * [ ] Add user account & hosting package management
 
-Add your feature [request here](https://github.com/joglomedia/LEMPer/issues/new)
+Add your feature [request here](https://github.com/joglomedia/LEMPer/issues/new)!
 
 ## Security Vulnerabilities and Bugs
 
-If you discover any security vulnerability or any bug within _LEMPer Stack_, please open an [issue](https://github.com/joglomedia/LEMPer/issues/new).
+If you discover any security vulnerabilities or any bugs within _LEMPer Stack_, please open an [issue](https://github.com/joglomedia/LEMPer/issues/new).
 
 ## Contributing
 

bin/lemper-cli.sh

@@ -3,7 +3,7 @@
 # +-------------------------------------------------------------------------+
 # | Lemper CLI - Simple LEMP Stack Manager                                  |
 # +-------------------------------------------------------------------------+
-# | Copyright (c) 2014-2021 MasEDI.Net (https://masedi.net/lemper)          |
+# | Copyright (c) 2014-2022 MasEDI.Net (https://masedi.net/lemper)          |
 # +-------------------------------------------------------------------------+
 # | This source file is subject to the GNU General Public License           |
 # | that is bundled with this package in the file LICENSE.md.               |
@@ -15,7 +15,9 @@
 # | Authors: Edi Septriyanto <me@masedi.net>                                |
 # +-------------------------------------------------------------------------+
 
-set -e
+# Work even if somebody does "bash lemper-cli.sh".
+#set -exv -o pipefail # For verbose output.
+set -e -o pipefail
 
 # Version control.
 PROG_NAME=$(basename "$0")
@@ -201,15 +203,15 @@ function init_lemper_cli() {
                     . "${CLI_PLUGINS_DIR}/lemper-${CMD}" "$@"
                     exit 0
                 else
-                    echo "${PROG_NAME}: '${CMD}' is not ${PROG_NAME} command."
-                    echo "See '${PROG_NAME} --help' for more information."
+                    echo "${PROG_NAME}: '${CMD}' is not ${PROG_NAME} command"
+                    echo "See '${PROG_NAME} --help' for more information"
                     exit 1
                 fi
             ;;
         esac
     else
-        echo "${PROG_NAME}: missing required arguments."
-        echo "See '${PROG_NAME} --help' for more information."
+        echo "${PROG_NAME}: missing required arguments"
+        echo "See '${PROG_NAME} --help' for more information"
         exit 1
     fi
 }