diff --git a/static/nginx.conf b/static/nginx.conf new file mode 100644 index 0000000..970d962 --- /dev/null +++ b/static/nginx.conf @@ -0,0 +1,126 @@ +user www-data; +worker_processes 2; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + + worker_rlimit_nofile 10240; + +events { + worker_connections 10240; + multi_accept on; + use epoll; +} + +http { + +# GEO IP BLOCK DOMAIN +geoip_country /usr/share/GeoIP/GeoIP.dat; + map $geoip_country_code $allowed_country { + default yes; + CN no; #China +# RU no; #Russia +# HK no; #Hong Kong +# IN no; #India +# IR no; #Iran +# VN no; #Vietnam +# TR no; #Turkey +# EG no; #Egypt +# MX no; #Mexico +# JP no; #Japan +# KR no; #South Korea +# KP no; #North Korea :) +# PE no; #Peru +# BR no; #Brazil +# UA no; #Ukraine +# ID no; #Indonesia +# TH no; #Thailand + } + +# To activate GEO BLOCK, add this in the default conf: +# COUNTRY GEO BLOCK +# if ($allowed_country = no) { +# return 444; +# } + + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + server_tokens off; + client_body_timeout 10; + client_header_timeout 10; + client_header_buffer_size 128; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # SSL Settings + ## + + ssl_early_data on; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + ssl_prefer_server_ciphers on; + + + + ## + # Logging Settings + ## + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + ## + # Gzip Settings + ## + + gzip on; + gzip_disable "msie6"; + + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + gzip_buffers 16 8k; + # gzip_http_version 1.1; + # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} + + +#mail { +# # See sample authentication script at: +# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript +# +# # auth_http localhost/auth.php; +# # pop3_capabilities "TOP" "USER"; +# # imap_capabilities "IMAP4rev1" "UIDPLUS"; +# +# server { +# listen localhost:110; +# protocol pop3; +# proxy on; +# } +# +# server { +# listen localhost:143; +# protocol imap; +# proxy on; +# } +#} diff --git a/wordpress_install.sh b/wordpress_install.sh index 381d4da..4a5ba15 100644 --- a/wordpress_install.sh +++ b/wordpress_install.sh @@ -113,6 +113,10 @@ fi # Update system apt update -q4 & spinner_loading +# Install dependencies for GEO-block in Nginx +install_if_not geoip-database +install_if_not libgeoip1 + # Write MARIADB pass to file and keep it safe { echo "[client]" @@ -165,12 +169,17 @@ run_static_script new_etc_mycnf apt install open-vm-tools -y # Install Nginx +check_command yes | add-apt-repository ppa:nginx/stable apt update -q4 && spinner_loading -check_command apt install nginx -y +install_if_not nginx sudo systemctl stop nginx.service sudo systemctl start nginx.service sudo systemctl enable nginx.service +# Download TLSv 1.3 modified nginx.conf +rm -f /etc/nginx/nginx.conf +check_command wget -q $STATIC/nginx.conf -P /etc/nginx/ + # Install PHP 7.2 apt install -y \ php \