print text in color + year (#45)

apps/adminer.sh

@@ -1,8 +1,8 @@
 #!/bin/bash
 
-# T&M Hansson IT AB © - 2018, https://www.hanssonit.se/
+# T&M Hansson IT AB © - 2019, https://www.hanssonit.se/
 
-echo "Installing and securing Adminer..."
+print_text_in_color "$ICyan" "Installing and securing Adminer..."
 
 # Prefer IPv4
 sed -i "s|#precedence ::ffff:0:0/96  100|precedence ::ffff:0:0/96  100|g" /etc/gai.conf
@@ -28,17 +28,17 @@ fi
 # Check Ubuntu version
 if [ "$OS" != 1 ]
 then
-    echo "Ubuntu Server is required to run this script."
-    echo "Please install that distro and try again."
+    print_text_in_color "$IRed" "Ubuntu Server is required to run this script."
+    print_text_in_color "$IRed" "Please install that distro and try again."
     sleep 3
     exit 1
 fi
 
 
 if ! version 16.04 "$DISTRO" 18.04.4; then
-    echo "Ubuntu version seems to be $DISTRO"
-    echo "It must be between 16.04 - 18.04.4"
-    echo "Please install that version and try again."
+    print_text_in_color "$IRed" "Ubuntu version seems to be $DISTRO"
+    print_text_in_color "$IRed" "It must be between 16.04 - 18.04.4"
+    print_text_in_color "$IRed" "Please install that version and try again."
     exit 1
 fi
 

apps/fail2ban.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# T&M Hansson IT AB © - 2018, https://www.hanssonit.se/
+# T&M Hansson IT AB © - 2019, https://www.hanssonit.se/
 
 # shellcheck disable=2034,2059
 true
@@ -31,7 +31,7 @@ FINDTIME_=1800
 #bad attempts before banning an IP
 MAXRETRY_=10
 
-echo "Installing Fail2ban..."
+print_text_in_color "$ICyan" "Installing Fail2ban..."
 
 apt update -q4 & spinner_loading
 check_command apt install fail2ban -y
@@ -44,7 +44,7 @@ curl https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-har
 
 if [ ! -f $AUTHLOG ]
 then
-    echo "$AUTHLOG not found"
+    print_text_in_color "$IRed" "$AUTHLOG not found"
     exit 1
 fi
 
@@ -90,9 +90,8 @@ check_command update-rc.d fail2ban enable
 check_command service fail2ban restart
 
 # The End
-echo
-echo "Fail2ban is now sucessfully installed."
-echo "Please use 'fail2ban-client set wordpress unbanip <Banned IP>' to unban certain IPs"
-echo "You can also use 'iptables -L -n' to check which IPs that are banned"
-any_key "Press any key to continue..."
+msg_box "Fail2ban is now sucessfully installed.
+Please use 'fail2ban-client set wordpress unbanip <Banned IP>' to unban certain IPs
+You can also use 'iptables -L -n' to check which IPs that are banned"
+
 clear

apps/webmin.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# T&M Hansson IT AB © - 2018, https://www.hanssonit.se/
+# T&M Hansson IT AB © - 2019, https://www.hanssonit.se/
 
 # shellcheck disable=2034,2059
 true

lets-encrypt/activate-ssl.sh

@@ -4,19 +4,20 @@ true
 # shellcheck source=lib.sh
 . <(curl -sL https://raw.githubusercontent.com/techandme/wordpress-vm/master/lib.sh)
 
-# T&M Hansson IT AB © - 2018, https://www.hanssonit.se/
+# T&M Hansson IT AB © - 2019, https://www.hanssonit.se/
 
 # Check for errors + debug code and abort if something isn't right
 # 1 = ON
 # 0 = OFF
 DEBUG=0
 debug_mode
 
-# Check root
+# Check if root
 root_check
 
 # Information
 msg_box "Important! Please read this:
+
 This script will install SSL from Let's Encrypt.
 It's free of charge, and very easy to maintain.
 
@@ -29,8 +30,8 @@ You also have to open port 80+443 against this VMs
 IP address: $ADDRESS - do this in your router/FW.
 Here is a guide: https://goo.gl/Uyuf65
 
-This script is located in $SCRIPTS and you
-can run this script after you got a domain.
+You can find the script here: $SCRIPTS/activate-ssl.sh 
+and you can run it after you got a domain.
 
 Please don't run this script if you don't have
 a domain yet. You can get one for a fair price here:
@@ -66,7 +67,7 @@ do
 cat << ENTERDOMAIN
 +---------------------------------------------------------------+
 |    Please enter the domain name you will use for Wordpress:   |
-|    Like this: example.com, or wordpress.example.com         |
+|    Like this: example.com, or wordpress.example.com           |
 +---------------------------------------------------------------+
 ENTERDOMAIN
 echo
@@ -80,8 +81,7 @@ done
 
 # Check if port is open with NMAP
 sed -i "s|127.0.1.1.*|127.0.1.1       $domain wordpress|g" /etc/hosts
-install_if_not net-tools
-service networking restart
+network_ok
 check_open_port 80 "$domain"
 check_open_port 443 "$domain"
 
@@ -90,7 +90,7 @@ check_command download_le_script test-new-config
 
 # Check if $domain exists and is reachable
 echo
-echo "Checking if $domain exists and is reachable..."
+print_text_in_color "$ICyan" "Checking if $domain exists and is reachable..."
 if wget -q -T 10 -t 2 --spider "$domain"; then
     sleep 1
 elif wget -q -T 10 -t 2 --spider --no-check-certificate "https://$domain"; then
@@ -113,18 +113,26 @@ ssl_conf="/etc/nginx/sites-available/"$domain.conf""
 
 # DHPARAM
 DHPARAMS="$CERTFILES/$domain/dhparam.pem"
+
 # Check if "$ssl.conf" exists, and if, then delete
 if [ -f "$ssl_conf" ]
 then
     rm -f "$ssl_conf"
 fi
+
 # Generate vhost.conf
 if [ ! -f "$ssl_conf" ]
 then
     touch "$ssl_conf"
-    echo "$ssl_conf was successfully created"
+    print_text_in_color "$IGreen" "$ssl_conf was successfully created."
     sleep 2
     cat << SSL_CREATE > "$ssl_conf"
+server {
+        listen 80;
+        server_name $domain;
+        return 301 https://$domain\$request_uri;
+}
+
 server {
     listen 443 ssl http2;
     listen [::]:443 ssl http2;
@@ -218,8 +226,8 @@ else
     echo "fail" > /tmp/le_test
 fi
 }
-webroot() {
-if eval "certbot certonly --webroot --webroot-path $WPATH $default_le"
+tls-alpn-01() {
+if eval "certbot certonly --preferred-challenges tls-alpn-01 $default_le"
 then
     echo "success" > /tmp/le_test
 else
@@ -235,7 +243,7 @@ else
 fi
 }
 
-methods=(standalone webroot dns)
+methods=(standalone dns)
 
 create_config() {
 # $1 = method
@@ -260,10 +268,10 @@ if [ "$method" == "standalone" ]
 then
     printf "%b" "${ICyan}It seems like no certs were generated, we will do 2 more tries.\n${Color_Off}"
     any_key "Press any key to continue..."
-elif [ "$method" == "webroot" ]
-then
-    printf "%b" "${ICyan}It seems like no certs were generated, we will do 1 more tries.\n${Color_Off}"
-    any_key "Press any key to continue..."
+#elif [ "$method" == "tls-alpn-01" ]
+#then
+#    printf "%b" "${ICyan}It seems like no certs were generated, we will do 1 more tries.\n${Color_Off}"
+#    any_key "Press any key to continue..."
 elif [ "$method" == "dns" ]
 then
     printf "%b" "${IRed}It seems like no certs were generated, please check your DNS and try again.\n${Color_Off}"
@@ -284,16 +292,20 @@ done
 
 # Failed
 msg_box "Sorry, last try failed as well. :/
+
 The script is located in $SCRIPTS/activate-ssl.sh
 Please try to run it again some other time with other settings.
+
 There are different configs you can try in Let's Encrypt's user guide:
 https://letsencrypt.readthedocs.org/en/latest/index.html
 Please check the guide for further information on how to enable SSL.
+
 This script is developed on GitHub, feel free to contribute:
 https://github.com/techandme/wordpress-vm
+
 The script will now do some cleanup and revert the settings."
 
 # Cleanup
-apt remove letsencrypt -y
+apt remove certbot -y
 apt autoremove -y
 clear

lets-encrypt/test-new-config.sh

@@ -4,7 +4,7 @@ true
 # shellcheck source=lib.sh
 . <(curl -sL https://raw.githubusercontent.com/techandme/wordpress-vm/master/lib.sh)
 
-# T&M Hansson IT AB © - 2018, https://www.hanssonit.se/
+# T&M Hansson IT AB © - 2019, https://www.hanssonit.se/
 
 # Check for errors + debug code and abort if something isn't right
 # 1 = ON
@@ -20,24 +20,30 @@ rm -f /etc/nginx/sites-enabled/wordpress_port_80.conf
 rm -f /etc/nginx/sites-enabled/wordpress_port_443.conf
 rm -f /etc/nginx/sites-enabled/default.conf
 rm -f /etc/nginx/sites-enabled/default
-if service nginx restart
+if restart_webserver
 then
-    printf "${On_Green}New settings works! SSL is now activated and OK!${Color_Off}\n\n"
-    echo "This cert will expire in 90 days, so you have to renew it."
-    echo "There are several ways of doing so, here are some tips and tricks: https://goo.gl/c1JHR0"
-    echo "This script will add a renew cronjob to get you started, edit it by typing:"
-    echo "'crontab -u root -e'"
-    echo "Feel free to contribute to this project: https://goo.gl/3fQD65"
-    any_key "Press any key to continue..."
+msg_box "New settings works! SSL is now activated and OK!
+
+This cert will expire in 90 days if you don't renew it.
+There are several ways of renewing this cert and here are some tips and tricks:
+https://goo.gl/c1JHR0
+
+To do your job a little bit easier we have added a autorenew script as a cronjob.
+If you need to edit the crontab please type: crontab -u root -e
+If you need to edit the script itself, please check: $SCRIPTS/letsencryptrenew.sh
+
+Feel free to contribute to this project: https://goo.gl/3fQD65"
     crontab -u root -l | { cat; echo "@daily $SCRIPTS/letsencryptrenew.sh"; } | crontab -u root -
 
 FQDOMAIN=$(grep -m 1 "server_name" "/etc/nginx/sites-enabled/$1" | awk '{print $2}')
 if [ "$(hostname)" != "$FQDOMAIN" ]
 then
-    echo "Setting hostname to $FQDOMAIN..."
+    print_text_in_color "$ICyan" "Setting hostname to $FQDOMAIN..."
     sudo hostnamectl set-hostname "$FQDOMAIN"
     # Change /etc/hosts as well
     sed -i "s|127.0.1.1.*|127.0.1.1       $FQDOMAIN $(hostname -s)|g" /etc/hosts
+    # And in the php-fpm pool conf
+    sed -i "s|env\[HOSTNAME\] = .*|env[HOSTNAME] = $(hostname -f)|g" "$PHP_POOL_DIR/www_wordpress.conf"
 fi
 
 add_crontab_le() {
@@ -64,14 +70,14 @@ add_crontab_le
 chmod +x $SCRIPTS/letsencryptrenew.sh
 
 # Cleanup
-rm $SCRIPTS/test-new-config.sh ## Remove ??
-rm $SCRIPTS/activate-ssl.sh ## Remove ??
+rm -f $SCRIPTS/test-new-config.sh
+rm -f $SCRIPTS/activate-ssl.sh
 
 else
 # If it fails, revert changes back to normal
     rm -f /etc/nginx/sites-enabled/"$1"
     ln -s /etc/nginx/sites-available/wordpress_port_80.conf /etc/nginx/sites-enabled/ 
-    service nginx restart
+    restart_webserver
     printf "${ICyan}Couldn't load new config, reverted to old settings. Self-signed SSL is OK!${Color_Off}\n"
     any_key "Press any key to continue... "
     exit 1