israelshirk · October 27, 2017 13:54
diff --git a/create_chroot_site.sh b/create_chroot_site.sh
 #!/bin/bash

 if ! [[ "$0" != "" && "$1" != "" && "$2" != "" ]]; then
 	read -p "Enter User: " user
 	read -s -p "Enter DB password: " password
 	read -p "Enter domains (separate by spaces): " domains
 else
 	user="$1"
 	password="$2"
 	domains="$3"
 fi

 # set -x
 # trap read debug

 unsafe_username='[^A-Za-z_]'
 unsafe_domains='[^A-Za-z_\.- ]'

 if [[ "${user}" =~ "${unsafe_username}" ]]; then
 	echo "Invalid username"
 	exit
 fi

 if [[ "${domains}" =~ "${unsafe_domains}" ]]; then
 	echo "Invalid domains"
 	exit
 fi

 id -u "${user}"

 if [ $? -ne 1 ]; then
 	echo "User already exists.  Exiting."
 	exit
 fi

 if [[ "${user}" == "" ]]; then
 	echo "Empty username"
 	exit
 fi

 if [[ "${password}" == "" ]]; then
 	echo "Empty password"
 	exit
 fi

 if [[ "${domains}" == "" ]]; then
 	echo "Empty domains"
 	exit
 fi

 if [ -f "/etc/nginx/conf.d/${user}.conf" ]; then
 	echo "nginx config already exists, exiting"
 	exit;
 fi

 if [ -f "/etc/php-fpm.d/${user}.conf" ]; then
 	echo "php-fpm config already exists; exiting"
 	exit;
 fi

 if [ -e "/var/www/vhosts/${user}" ]; then
 	echo "User already exists, exiting"
 	exit;
 fi

 make_chroot_jail.sh "${user}" "/bin/chroot-shell" "/var/www/vhosts/${user}"

 if [ $? -ne 0 ]; then
 	echo "Make_chroot_jail failed, exiting"
 	exit
 fi

 mkdir -p "/var/www/vhosts/${user}/public" "/var/www/vhosts/${user}/var/log"
 chown -R "${user}" "/var/www/vhosts/${user}/public"
 touch "/var/www/vhosts/${user}/var/log/php.log"
 chmod 0777 "/var/www/vhosts/${user}/var/log/php.log"
 mkdir -p "/var/www/vhosts/${user}/tmp"
 chmod 1777 "/var/www/vhosts/${user}/tmp"

 cat << 'EOF' | sed "s/DOMAINS/${domains}/" | sed "s/USER/${user}/" | sed 's/^\t//' > /etc/nginx/conf.d/${user}.conf
 	server {
 		listen	   8080;
 		server_name  DOMAINS;

 		access_log  /var/log/nginx/USER.access.log  main;
 		error_log   /var/log/nginx/USER.error.log;

 		location / {
 			root   /var/www/vhosts/USER/public/;
 			index  index.html index.htm index.php;
 			try_files $uri $uri/ /index.php?$args;
 		}

 		error_page 405 =200 $uri;
 	#	error_page 405 =200 @405;
 	#	location @405 {
 	#		proxy_method GET;
 	#		proxy_set_header Host $http_host;
 	#		proxy_pass http://$host;
 	#	}

 	#	location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
 	#		access_log off; log_not_found off; expires max;
 	#	}

 		location ~ \.php$ {
 			try_files $uri =404;
 			fastcgi_split_path_info ^(.+\.php)(/.+)$;
 			root		   /var/www/vhosts/USER/public;
 			fastcgi_pass   unix:/var/run/USER.fpm.sock;
 			fastcgi_index  index.php;
 			fastcgi_param  SCRIPT_FILENAME /public/$fastcgi_script_name;
 			include		fastcgi_params;
 		}

 		# deny access to .htaccess files, if Apache's document root
 		# concurs with nginx's one
 		#
 		location ~ /\.ht {
 			deny  all;
 		}
 	}

 	# HTTPS server

 	server {
 		listen	   443;
 		server_name  DOMAINS;

 		access_log  /var/log/nginx/USER.access.ssl.log  main;
 		error_log   /var/log/nginx/USER.error.ssl.log;

 		ssl				  on;
 		ssl_certificate	  /etc/ssl/nginx/gcommercesolutions.com.pem;
 		ssl_certificate_key  /etc/ssl/nginx/gcommercesolutions.com.key;

 		ssl_session_timeout  5m;

 		ssl_protocols  SSLv2 SSLv3 TLSv1;
 		ssl_ciphers  HIGH:!aNULL:!MD5;
 		ssl_prefer_server_ciphers   on;

 		# It'll get logged at the normal HTTP level.
 		access_log off; log_not_found off;

 		location / {
 			proxy_set_header Host $host;
 			proxy_pass http://127.0.0.1:80;
 		}
 	}
 EOF

 nginx -t

 if [ $? -ne 0 ]; then
 	rm /etc/nginx/conf.d/${user}.conf
 	userdel "${user}"
 	rm -rf "/var/www/vhosts/${user}"

 	echo "nginx config test failed; exiting."
 	exit
 fi

 cat << 'EOF' | sed "s/DOMAINS/${domains}/" | sed "s/USER/${user}/" | sed 's/^\t//' > /etc/php-fpm.d/${user}.conf
 	[USER]

 	listen = /var/run/USER.fpm.sock
 	listen.owner = nobody
 	listen.group = nobody
 	listen.mode = 0666

 	user = nobody
 	group = psacln

 	pm = dynamic
 	pm.max_children = 3
 	pm.start_servers = 1
 	pm.min_spare_servers = 1
 	pm.max_spare_servers = 1
 	pm.max_requests = 5
 	pm.status_path = /php-fpm-status
 	ping.path = /php-fpm-ping
 	ping.response = poing
 	request_terminate_timeout = 5m
 	request_slowlog_timeout = 5s
 	slowlog = /var/log/php-fpm/USER-slow.log
 	 
 	chroot = /var/www/vhosts/USER
 	chdir = /public

 	catch_workers_output = yes
 	security.limit_extensions = .php .php3 .php4 .php5

 	php_flag[display_errors] = off
 	php_admin_value[error_log] = /var/log/error.log
 	php_admin_flag[log_errors] = on
 	php_admin_value[memory_limit] = 128M
 EOF

 php-fpm -ty /etc/php-fpm.conf

 if [ $? -ne 0 ]; then
 	rm /etc/php-fpm.d/${user}.conf
 	rm /etc/nginx/conf.d/${user}.conf

 	userdel "${user}"
 	rm -rf "/var/www/vhosts/${user}"

 	exit
 fi

 echo "Reloading nginx..."
 service nginx reload

 if [ $? -ne 0 ]; then
 	rm /etc/php-fpm.d/${user}.conf
 	rm /etc/nginx/conf.d/${user}.conf

 	service php-fpm reload
 	service nginx reload

 	userdel "${user}"
 	rm -rf "/var/www/vhosts/${user}"

 	echo "Restarting nginx failed, configuration rolled back.  Config may now be dirty."
 	exit
 fi

 echo "Reloading php-fpm..."
 service php-fpm reload

 if [ $? -ne 0 ]; then
 	rm /etc/php-fpm.d/${user}.conf
 	rm /etc/nginx/conf.d/${user}.conf

 	service php-fpm reload
 	service nginx reload

 	userdel "${user}"
 	rm -rf "/var/www/vhosts/${user}"

 	echo "Restarting php-fpm failed, configuration rolled back.  Config may now be dirty."
 	exit;
 fi

 cat << 'EOF' | sed "s/PASSWORD/${password}/" | sed "s/USER/${user}/" | sed 's/^\t//'
 	Run the following to create the mysql user:
 		CREATE DATABASE `USER`;
 		GRANT ALL ON `USER`.* TO `USER`@`localhost` IDENTIFIED BY 'PASSWORD';
 		GRANT ALL ON `USER`.* TO `USER`@`127.0.0.1` IDENTIFIED BY 'PASSWORD';
 		FLUSH PRIVILEGES;
 EOF
	#!/bin/bash

	if ! [[ "$0" != "" && "$1" != "" && "$2" != "" ]]; then
	read -p "Enter User: " user
	read -s -p "Enter DB password: " password
	read -p "Enter domains (separate by spaces): " domains
	else
	user="$1"
	password="$2"
	domains="$3"
	fi

	# set -x
	# trap read debug

	unsafe_username='[^A-Za-z_]'
	unsafe_domains='[^A-Za-z_\.- ]'

	if [[ "${user}" =~ "${unsafe_username}" ]]; then
	echo "Invalid username"
	exit
	fi

	if [[ "${domains}" =~ "${unsafe_domains}" ]]; then
	echo "Invalid domains"
	exit
	fi

	id -u "${user}"

	if [ $? -ne 1 ]; then
	echo "User already exists. Exiting."
	exit
	fi

	if [[ "${user}" == "" ]]; then
	echo "Empty username"
	exit
	fi

	if [[ "${password}" == "" ]]; then
	echo "Empty password"
	exit
	fi

	if [[ "${domains}" == "" ]]; then
	echo "Empty domains"
	exit
	fi

	if [ -f "/etc/nginx/conf.d/${user}.conf" ]; then
	echo "nginx config already exists, exiting"
	exit;
	fi

	if [ -f "/etc/php-fpm.d/${user}.conf" ]; then
	echo "php-fpm config already exists; exiting"
	exit;
	fi

	if [ -e "/var/www/vhosts/${user}" ]; then
	echo "User already exists, exiting"
	exit;
	fi

	make_chroot_jail.sh "${user}" "/bin/chroot-shell" "/var/www/vhosts/${user}"

	if [ $? -ne 0 ]; then
	echo "Make_chroot_jail failed, exiting"
	exit
	fi

	mkdir -p "/var/www/vhosts/${user}/public" "/var/www/vhosts/${user}/var/log"
	chown -R "${user}" "/var/www/vhosts/${user}/public"
	touch "/var/www/vhosts/${user}/var/log/php.log"
	chmod 0777 "/var/www/vhosts/${user}/var/log/php.log"
	mkdir -p "/var/www/vhosts/${user}/tmp"
	chmod 1777 "/var/www/vhosts/${user}/tmp"

	cat << 'EOF' \| sed "s/DOMAINS/${domains}/" \| sed "s/USER/${user}/" \| sed 's/^\t//' > /etc/nginx/conf.d/${user}.conf
	server {
	listen 8080;
	server_name DOMAINS;

	access_log /var/log/nginx/USER.access.log main;
	error_log /var/log/nginx/USER.error.log;

	location / {
	root /var/www/vhosts/USER/public/;
	index index.html index.htm index.php;
	try_files $uri $uri/ /index.php?$args;
	}

	error_page 405 =200 $uri;
	# error_page 405 =200 @405;
	# location @405 {
	# proxy_method GET;
	# proxy_set_header Host $http_host;
	# proxy_pass http://$host;
	# }

	# location ~* ^.+\.(ogg\|ogv\|svg\|svgz\|eot\|otf\|woff\|mp4\|ttf\|rss\|atom\|jpg\|jpeg\|gif\|png\|ico\|zip\|tgz\|gz\|rar\|bz2\|doc\|xls\|exe\|ppt\|tar\|mid\|midi\|wav\|bmp\|rtf)$ {
	# access_log off; log_not_found off; expires max;
	# }

	location ~ \.php$ {
	try_files $uri =404;
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	root /var/www/vhosts/USER/public;
	fastcgi_pass unix:/var/run/USER.fpm.sock;
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME /public/$fastcgi_script_name;
	include fastcgi_params;
	}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	location ~ /\.ht {
	deny all;
	}
	}

	# HTTPS server

	server {
	listen 443;
	server_name DOMAINS;

	access_log /var/log/nginx/USER.access.ssl.log main;
	error_log /var/log/nginx/USER.error.ssl.log;

	ssl on;
	ssl_certificate /etc/ssl/nginx/gcommercesolutions.com.pem;
	ssl_certificate_key /etc/ssl/nginx/gcommercesolutions.com.key;

	ssl_session_timeout 5m;

	ssl_protocols SSLv2 SSLv3 TLSv1;
	ssl_ciphers HIGH:!aNULL:!MD5;
	ssl_prefer_server_ciphers on;

	# It'll get logged at the normal HTTP level.
	access_log off; log_not_found off;

	location / {
	proxy_set_header Host $host;
	proxy_pass http://127.0.0.1:80;
	}
	}
	EOF

	nginx -t

	if [ $? -ne 0 ]; then
	rm /etc/nginx/conf.d/${user}.conf
	userdel "${user}"
	rm -rf "/var/www/vhosts/${user}"

	echo "nginx config test failed; exiting."
	exit
	fi

	cat << 'EOF' \| sed "s/DOMAINS/${domains}/" \| sed "s/USER/${user}/" \| sed 's/^\t//' > /etc/php-fpm.d/${user}.conf
	[USER]

	listen = /var/run/USER.fpm.sock
	listen.owner = nobody
	listen.group = nobody
	listen.mode = 0666

	user = nobody
	group = psacln

	pm = dynamic
	pm.max_children = 3
	pm.start_servers = 1
	pm.min_spare_servers = 1
	pm.max_spare_servers = 1
	pm.max_requests = 5
	pm.status_path = /php-fpm-status
	ping.path = /php-fpm-ping
	ping.response = poing
	request_terminate_timeout = 5m
	request_slowlog_timeout = 5s
	slowlog = /var/log/php-fpm/USER-slow.log

	chroot = /var/www/vhosts/USER
	chdir = /public

	catch_workers_output = yes
	security.limit_extensions = .php .php3 .php4 .php5

	php_flag[display_errors] = off
	php_admin_value[error_log] = /var/log/error.log
	php_admin_flag[log_errors] = on
	php_admin_value[memory_limit] = 128M
	EOF

	php-fpm -ty /etc/php-fpm.conf

	if [ $? -ne 0 ]; then
	rm /etc/php-fpm.d/${user}.conf
	rm /etc/nginx/conf.d/${user}.conf

	userdel "${user}"
	rm -rf "/var/www/vhosts/${user}"

	exit
	fi

	echo "Reloading nginx..."
	service nginx reload

	if [ $? -ne 0 ]; then
	rm /etc/php-fpm.d/${user}.conf
	rm /etc/nginx/conf.d/${user}.conf

	service php-fpm reload
	service nginx reload

	userdel "${user}"
	rm -rf "/var/www/vhosts/${user}"

	echo "Restarting nginx failed, configuration rolled back. Config may now be dirty."
	exit
	fi

	echo "Reloading php-fpm..."
	service php-fpm reload

	if [ $? -ne 0 ]; then
	rm /etc/php-fpm.d/${user}.conf
	rm /etc/nginx/conf.d/${user}.conf

	service php-fpm reload
	service nginx reload

	userdel "${user}"
	rm -rf "/var/www/vhosts/${user}"

	echo "Restarting php-fpm failed, configuration rolled back. Config may now be dirty."
	exit;
	fi

	cat << 'EOF' \| sed "s/PASSWORD/${password}/" \| sed "s/USER/${user}/" \| sed 's/^\t//'
	Run the following to create the mysql user:
	CREATE DATABASE `USER`;
	GRANT ALL ON `USER`.* TO `USER`@`localhost` IDENTIFIED BY 'PASSWORD';
	GRANT ALL ON `USER`.* TO `USER`@`127.0.0.1` IDENTIFIED BY 'PASSWORD';
	FLUSH PRIVILEGES;
	EOF
No results found