butschster/database.sh

## database.sh
# INSTALL
# REQUIRES:
#       - server (the server instance)
#       - user (the database user instance)
#

# Add MySQL User

mysql --user="root" --password="IywEehlDEnpoOLSPgWEO" -e "DROP USER IF EXISTS test;"

mysql --user="root" --password="IywEehlDEnpoOLSPgWEO" -e "CREATE USER IF NOT EXISTS 'test'@'167.71.3.113' IDENTIFIED BY '23423werwer';"
mysql --user="root" --password="IywEehlDEnpoOLSPgWEO" -e "CREATE USER IF NOT EXISTS 'test'@'%' IDENTIFIED BY '23423werwer';"

mysql --user="root" --password="IywEehlDEnpoOLSPgWEO" -e "GRANT ALL ON test1.* TO 'test'@'167.71.3.113' WITH GRANT OPTION;"
mysql --user="root" --password="IywEehlDEnpoOLSPgWEO" -e "GRANT ALL ON test1.* TO 'test'@'%' WITH GRANT OPTION;"

mysql --user="root" --password="IywEehlDEnpoOLSPgWEO" -e "FLUSH PRIVILEGES;"


# REMOVE
# REQUIRES:
#       - name (the name of the database)
#

# Drop The MySQL Database

mysql --user="root" --password="IywEehlDEnpoOLSPgWEO" -e "DROP DATABASE IF EXISTS test;"

# CHANGE ROOT PASSWORD
# REQUIRES:
#		- server (the forge server instance)
#		- db_password (random password for mysql user)
#

mysql --user="root" --password="IywEehlDEnpoOLSPgWEO" -e "ALTER USER 'forge'@'167.71.3.113' IDENTIFIED BY 'test';"
mysql --user="root" --password="IywEehlDEnpoOLSPgWEO" -e "ALTER USER 'forge'@'%' IDENTIFIED BY 'test';"

mysql --user="root" --password="IywEehlDEnpoOLSPgWEO" -e "ALTER USER 'root'@'167.71.3.113' IDENTIFIED BY 'test';"
mysql --user="root" --password="IywEehlDEnpoOLSPgWEO" -e "ALTER USER 'root'@'%' IDENTIFIED BY 'test';"


## dummy.sh
#
# REQUIRES:
#		- site (the forge site instance)
#

# Write A Dummy PHP Info Stub To A Site

rm -rf /home/forge/superprojects.space/public
mkdir -p /home/forge/superprojects.space/public


# Deploy The Proper Stub File Based On Project Type

echo "<?php phpinfo();" >

## firewall.sh
# INSTALL
# REQUIRES:
#       - rule (the forge rule instance)
#

    sudo ufw allow 6001

# REMOVE
# REQUIRES:
#       - ip_address (the ip address allowed by the rule)
#       - port (the port allowed by the rule)
#

    sudo ufw delete allow 6001

## forge.sh
# PHP 7.3 Mysql 5.6
#
# REQUIRES:
#       - server (the forge server instance)
#       - event (the forge event instance)
#       - sudo_password (random password for sudo)
#       - db_password (random password for database user)
#       - callback (the callback URL)
#       - recipe_id (recipe id to run at the end)
#

sudo sed -i "s/#precedence ::ffff:0:0\/96  100/precedence ::ffff:0:0\/96  100/" /etc/gai.conf

# Upgrade The Base Packages

export DEBIAN_FRONTEND=noninteractive

apt-get update
apt-get upgrade -y

# Add A Few PPAs To Stay Current

apt-get install -y --force-yes software-properties-common

# apt-add-repository ppa:fkrull/deadsnakes-python2.7 -y
apt-add-repository ppa:nginx/development -y
apt-add-repository ppa:chris-lea/redis-server -y
apt-add-repository ppa:ondrej/apache2 -y

	apt-add-repository ppa:ondrej/php -y

# Setup MariaDB Repositories


# Update Package Lists

apt-get update
# Base Packages

add-apt-repository universe

apt-get install -y --force-yes build-essential curl fail2ban gcc git libmcrypt4 libpcre3-dev \
make python2.7 python-pip sendmail supervisor ufw unattended-upgrades unzip whois zsh ncdu

# Install Python Httpie

pip install httpie

# Disable Password Authentication Over SSH

sed -i "/PasswordAuthentication yes/d" /etc/ssh/sshd_config
echo "" | sudo tee -a /etc/ssh/sshd_config
echo "" | sudo tee -a /etc/ssh/sshd_config
echo "PasswordAuthentication no" | sudo tee -a /etc/ssh/sshd_config

# Restart SSH

ssh-keygen -A
service ssh restart

# Set The Hostname If Necessary


echo "red-chasm" > /etc/hostname
sed -i 's/127\.0\.0\.1.*localhost/127.0.0.1	red-chasm.localdomain red-chasm localhost/' /etc/hosts
hostname red-chasm


# Set The Timezone

# ln -sf /usr/share/zoneinfo/UTC /etc/localtime
ln -sf /usr/share/zoneinfo/UTC /etc/localtime

# Create The Root SSH Directory If Necessary

if [ ! -d /root/.ssh ]
then
	mkdir -p /root/.ssh
	touch /root/.ssh/authorized_keys
fi

# Setup Forge User

useradd forge
mkdir -p /home/forge/.ssh
mkdir -p /home/forge/.forge
adduser forge sudo

# Setup Bash For Forge User

chsh -s /bin/bash forge
cp /root/.profile /home/forge/.profile
cp /root/.bashrc /home/forge/.bashrc

# Set The Sudo Password For Forge

PASSWORD=$(mkpasswd jSqm0k4EsGjnv7mJ8oBY)
usermod --password $PASSWORD forge

# Build Formatted Keys & Copy Keys To Forge

if [ ! -d /root/.ssh ]
then
	mkdir -p /root/.ssh
	touch /root/.ssh/authorized_keys
fi


cat > /root/.ssh/authorized_keys << EOF
# Laravel Forge
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYlmATs0kV9aPQdCqaF12x8Bv0H5jIH2wfCzfpASB8oaRQOC2UerO/ukqtFzko9u5pqTb94bHG7MsQAjtJR13EcMAIOYxuNBEgMNVtJ6EJzklcxBRG9xKIZD6xiVdlxOBgguY72Yv8TkteeDPeN2YyqVx+HgRjqL0zwgFbVx8wlylQU1Gg8WDTERCdYX5jHmfdMN7IiIEYOw4F1U1eJTreexvid68X6OFHrWHAJhJXu8c/Q1d1UgWkHImN9IgHju6HPbge2D2W12UlpLw/FUGM1hNsfkLRwFLnPMnkBVsM27et+H4OdDEt52LtFfJuWKfWcAsrSzIjTCiXEcYsFjRh worker@forge.laravel.com
EOF


cp /root/.ssh/authorized_keys /home/forge/.ssh/authorized_keys

# Create The Server SSH Key

ssh-keygen -f /home/forge/.ssh/id_rsa -t rsa -N ''

# Copy Source Control Public Keys Into Known Hosts File

ssh-keyscan -H github.com >> /home/forge/.ssh/known_hosts
ssh-keyscan -H bitbucket.org >> /home/forge/.ssh/known_hosts
ssh-keyscan -H gitlab.com >> /home/forge/.ssh/known_hosts

# Configure Git Settings

git config --global user.name "Igor"
git config --global user.email "igorvdonsk@yandex.ru"

# Add The Reconnect Script Into Forge Directory

cat > /home/forge/.forge/reconnect << EOF
#!/usr/bin/env bash

echo "# Laravel Forge" | tee -a /home/forge/.ssh/authorized_keys > /dev/null
echo \$1 | tee -a /home/forge/.ssh/authorized_keys > /dev/null

echo "# Laravel Forge" | tee -a /root/.ssh/authorized_keys > /dev/null
echo \$1 | tee -a /root/.ssh/authorized_keys > /dev/null

echo "Keys Added!"
EOF

# Setup Forge Home Directory Permissions

chown -R forge:forge /home/forge
chmod -R 755 /home/forge
chmod 700 /home/forge/.ssh/id_rsa

# Setup UFW Firewall

ufw allow 22
ufw allow 80
ufw allow 443
ufw --force enable

# Allow FPM Restart

echo "forge ALL=NOPASSWD: /usr/sbin/service php7.3-fpm reload" > /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php7.2-fpm reload" >> /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php7.1-fpm reload" >> /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php7.0-fpm reload" >> /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php5.6-fpm reload" >> /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php5-fpm reload" >> /etc/sudoers.d/php-fpm

	# Install Base PHP Packages


apt-get install -y --force-yes php7.3-cli php7.3-dev \
php7.3-pgsql php7.3-sqlite3 php7.3-gd \
php7.3-curl php7.3-memcached \
php7.3-imap php7.3-mysql php7.3-mbstring \
php7.3-xml php7.3-zip php7.3-bcmath php7.3-soap \
php7.3-intl php7.3-readline


# Install Composer Package Manager

curl -sS https://getcomposer.org/installer | php
mv composer.phar /usr/local/bin/composer

# Misc. PHP CLI Configuration

sudo sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/7.3/cli/php.ini
sudo sed -i "s/display_errors = .*/display_errors = On/" /etc/php/7.3/cli/php.ini
sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.3/cli/php.ini
sudo sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.3/cli/php.ini

# Configure Sessions Directory Permissions

chmod 733 /var/lib/php/sessions
chmod +t /var/lib/php/sessions

# Write Systemd File For Linode


	#
# REQUIRES:
#       - server (the forge server instance)
#		- site_name (the name of the site folder)
#

# Install Nginx & PHP-FPM

	apt-get install -y --force-yes nginx php7.3-fpm

systemctl enable nginx.service

# Generate dhparam File

openssl dhparam -out /etc/nginx/dhparams.pem 2048

# Tweak Some PHP-FPM Settings

sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/7.3/fpm/php.ini
sed -i "s/display_errors = .*/display_errors = On/" /etc/php/7.3/fpm/php.ini
sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/" /etc/php/7.3/fpm/php.ini
sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.3/fpm/php.ini
sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.3/fpm/php.ini

# Configure FPM Pool Settings

sed -i "s/^user = www-data/user = forge/" /etc/php/7.3/fpm/pool.d/www.conf
sed -i "s/^group = www-data/group = forge/" /etc/php/7.3/fpm/pool.d/www.conf
sed -i "s/;listen\.owner.*/listen.owner = forge/" /etc/php/7.3/fpm/pool.d/www.conf
sed -i "s/;listen\.group.*/listen.group = forge/" /etc/php/7.3/fpm/pool.d/www.conf
sed -i "s/;listen\.mode.*/listen.mode = 0666/" /etc/php/7.3/fpm/pool.d/www.conf
sed -i "s/;request_terminate_timeout.*/request_terminate_timeout = 60/" /etc/php/7.3/fpm/pool.d/www.conf

# Configure Primary Nginx Settings

sed -i "s/user www-data;/user forge;/" /etc/nginx/nginx.conf
sed -i "s/worker_processes.*/worker_processes auto;/" /etc/nginx/nginx.conf
sed -i "s/# multi_accept.*/multi_accept on;/" /etc/nginx/nginx.conf
sed -i "s/# server_names_hash_bucket_size.*/server_names_hash_bucket_size 128;/" /etc/nginx/nginx.conf

# Configure Gzip

cat > /etc/nginx/conf.d/gzip.conf << EOF
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;

gzip_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
text/plain
text/x-component;

EOF

# Disable The Default Nginx Site

rm /etc/nginx/sites-enabled/default
rm /etc/nginx/sites-available/default
service nginx restart

# Install A Catch All Server

cat > /etc/nginx/sites-available/catch-all << EOF
server {
    return 404;
}
EOF

ln -s /etc/nginx/sites-available/catch-all /etc/nginx/sites-enabled/catch-all

# Restart Nginx & PHP-FPM Services

# Restart Nginx & PHP-FPM Services

#service nginx restart
service nginx reload

if [ ! -z "\$(ps aux | grep php-fpm | grep -v grep)" ]
then
    service php7.3-fpm restart > /dev/null 2>&1
    service php7.2-fpm restart > /dev/null 2>&1
    service php7.1-fpm restart > /dev/null 2>&1
    service php7.0-fpm restart > /dev/null 2>&1
    service php5.6-fpm restart > /dev/null 2>&1
    service php5-fpm restart > /dev/null 2>&1
fi

# Add Forge User To www-data Group

usermod -a -G www-data forge
id forge
groups forge


curl --silent --location https://deb.nodesource.com/setup_10.x | bash -

apt-get update

sudo apt-get install -y --force-yes nodejs

npm install -g pm2
npm install -g gulp
npm install -g yarn

    #
# REQUIRES:
#		- server (the forge server instance)
#		- db_password (random password for mysql user)
#

# Set The Automated Root Password

export DEBIAN_FRONTEND=noninteractive

debconf-set-selections <<< "mysql-community-server mysql-community-server/data-dir select ''"
debconf-set-selections <<< "mysql-community-server mysql-community-server/root-pass password cA3meglsHhZuClGleFHa"
debconf-set-selections <<< "mysql-community-server mysql-community-server/re-root-pass password cA3meglsHhZuClGleFHa"

# Install MySQL

apt-get install -y mysql-server

# Configure Password Expiration

echo "default_password_lifetime = 0" >> /etc/mysql/mysql.conf.d/mysqld.cnf

# Configure Access Permissions For Root & Forge Users

sed -i '/^bind-address/s/bind-address.*=.*/bind-address = */' /etc/mysql/mysql.conf.d/mysqld.cnf
mysql --user="root" --password="cA3meglsHhZuClGleFHa" -e "GRANT ALL ON *.* TO root@'167.71.3.113' IDENTIFIED BY 'cA3meglsHhZuClGleFHa';"
mysql --user="root" --password="cA3meglsHhZuClGleFHa" -e "GRANT ALL ON *.* TO root@'%' IDENTIFIED BY 'cA3meglsHhZuClGleFHa';"
service mysql restart

mysql --user="root" --password="cA3meglsHhZuClGleFHa" -e "CREATE USER 'forge'@'167.71.3.113' IDENTIFIED BY 'cA3meglsHhZuClGleFHa';"
mysql --user="root" --password="cA3meglsHhZuClGleFHa" -e "GRANT ALL ON *.* TO 'forge'@'167.71.3.113' IDENTIFIED BY 'cA3meglsHhZuClGleFHa' WITH GRANT OPTION;"
mysql --user="root" --password="cA3meglsHhZuClGleFHa" -e "GRANT ALL ON *.* TO 'forge'@'%' IDENTIFIED BY 'cA3meglsHhZuClGleFHa' WITH GRANT OPTION;"
mysql --user="root" --password="cA3meglsHhZuClGleFHa" -e "FLUSH PRIVILEGES;"

# Create The Initial Database If Specified

mysql --user="root" --password="cA3meglsHhZuClGleFHa" -e "CREATE DATABASE forge CHARACTER SET utf8 COLLATE utf8_unicode_ci;"


# Install & Configure Redis Server

apt-get install -y redis-server
sed -i 's/bind 127.0.0.1/bind 0.0.0.0/' /etc/redis/redis.conf
service redis-server restart
systemctl enable redis-server
# Install & Configure Memcached

apt-get install -y memcached
sed -i 's/-l 127.0.0.1/-l 0.0.0.0/' /etc/memcached.conf
service memcached restart
# Install & Configure Beanstalk

apt-get install -y --force-yes beanstalkd
sed -i "s/BEANSTALKD_LISTEN_ADDR.*/BEANSTALKD_LISTEN_ADDR=0.0.0.0/" /etc/default/beanstalkd

if grep START= /etc/default/beanstalkd; then
    sed -i "s/#START=yes/START=yes/" /etc/default/beanstalkd
else
    echo "START=yes" >> /etc/default/beanstalkd
fi

service beanstalkd start
sleep 5
service beanstalkd restart

systemctl enable beanstalkd

# Configure Supervisor Autostart

systemctl enable supervisor.service
service supervisor start

# Configure Swap Disk

if [ -f /swapfile ]; then
    echo "Swap exists."
else
    fallocate -l 1G /swapfile
    chmod 600 /swapfile
    mkswap /swapfile
    swapon /swapfile
    echo "/swapfile none swap sw 0 0" >> /etc/fstab
    echo "vm.swappiness=30" >> /etc/sysctl.conf
    echo "vm.vfs_cache_pressure=50" >> /etc/sysctl.conf
fi

# Setup Unattended Security Upgrades

cat > /etc/apt/apt.conf.d/50unattended-upgrades << EOF
Unattended-Upgrade::Allowed-Origins {
    "Ubuntu bionic-security";
};
Unattended-Upgrade::Package-Blacklist {
    //
};
EOF

cat > /etc/apt/apt.conf.d/10periodic << EOF
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
EOF

curl --insecure --data "event_id=30041879&server_id=306720&sudo_password=jSqm0k4EsGjnv7mJ8oBY&db_password=cA3meglsHhZuClGleFHa&recipe_id=;" https://forge.laravel.com/provisioning/callback/app

## forge56mariadb.sh
# PHP5.6 MadiaDB

#
# REQUIRES:
#       - server (the forge server instance)
#       - event (the forge event instance)
#       - sudo_password (random password for sudo)
#       - db_password (random password for database user)
#       - callback (the callback URL)
#       - recipe_id (recipe id to run at the end)
#

sudo sed -i "s/#precedence ::ffff:0:0\/96  100/precedence ::ffff:0:0\/96  100/" /etc/gai.conf

# Upgrade The Base Packages

export DEBIAN_FRONTEND=noninteractive

apt-get update
apt-get upgrade -y

# Add A Few PPAs To Stay Current

apt-get install -y --force-yes software-properties-common

# apt-add-repository ppa:fkrull/deadsnakes-python2.7 -y
apt-add-repository ppa:nginx/development -y
apt-add-repository ppa:chris-lea/redis-server -y
apt-add-repository ppa:ondrej/apache2 -y

    apt-add-repository ppa:ondrej/php -y
	# apt-add-repository ppa:ondrej/php5-5.6 -y

# Setup MariaDB Repositories

    sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
    sudo add-apt-repository 'deb [arch=amd64,i386] http://mirrors.accretive-networks.net/mariadb/repo/10.3/ubuntu xenial main'


# Update Package Lists

apt-get update
# Base Packages

add-apt-repository universe

apt-get install -y --force-yes build-essential curl fail2ban gcc git libmcrypt4 libpcre3-dev \
make python2.7 python-pip sendmail supervisor ufw unattended-upgrades unzip whois zsh ncdu

# Install Python Httpie

pip install httpie

# Disable Password Authentication Over SSH

sed -i "/PasswordAuthentication yes/d" /etc/ssh/sshd_config
echo "" | sudo tee -a /etc/ssh/sshd_config
echo "" | sudo tee -a /etc/ssh/sshd_config
echo "PasswordAuthentication no" | sudo tee -a /etc/ssh/sshd_config

# Restart SSH

ssh-keygen -A
service ssh restart

# Set The Hostname If Necessary


echo "mellow-shelter" > /etc/hostname
sed -i 's/127\.0\.0\.1.*localhost/127.0.0.1	mellow-shelter.localdomain mellow-shelter localhost/' /etc/hosts
hostname mellow-shelter


# Set The Timezone

# ln -sf /usr/share/zoneinfo/UTC /etc/localtime
ln -sf /usr/share/zoneinfo/UTC /etc/localtime

# Create The Root SSH Directory If Necessary

if [ ! -d /root/.ssh ]
then
	mkdir -p /root/.ssh
	touch /root/.ssh/authorized_keys
fi

# Setup Forge User

useradd forge
mkdir -p /home/forge/.ssh
mkdir -p /home/forge/.forge
adduser forge sudo

# Setup Bash For Forge User

chsh -s /bin/bash forge
cp /root/.profile /home/forge/.profile
cp /root/.bashrc /home/forge/.bashrc

# Set The Sudo Password For Forge

PASSWORD=$(mkpasswd 8DlRjEGChLCBRKfTsaxd)
usermod --password $PASSWORD forge

# Build Formatted Keys & Copy Keys To Forge


cat > /root/.ssh/authorized_keys << EOF
# Laravel Forge
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjWOf2U/QVan+s49i75NMeV1f02/phMTJH19tcvFpCct4tcvUaMouQVY4FRb6lp74geTdcXyB/BzBStTPUVsTx2k87Rfy0LlIm3DYxA2PS6gEaKYkGSRAGk65tH09xKktbtXIUr5F6hzHsu8Mip9Fc+b57CRda6yWWH/q+v82iRGJJvZnLmHaxO3cuHB5yvo99Wbu+CzjjXcMcVUqrcbggOKHvfRr7KJ/Qg5Z04FPbd9GwHmsOAo6cwBs9J57yskMxpaYJElbMroXr7X3pDNHVIPE2+MooGnMRsrViTm1MDbQYoL0T9DXkvuqg0A5/PqtfmXNbt/cjrKTBZQkVTeEj worker@forge.laravel.com


EOF


cp /root/.ssh/authorized_keys /home/forge/.ssh/authorized_keys

# Create The Server SSH Key

ssh-keygen -f /home/forge/.ssh/id_rsa -t rsa -N ''

# Copy Source Control Public Keys Into Known Hosts File

ssh-keyscan -H github.com >> /home/forge/.ssh/known_hosts
ssh-keyscan -H bitbucket.org >> /home/forge/.ssh/known_hosts
ssh-keyscan -H gitlab.com >> /home/forge/.ssh/known_hosts

# Configure Git Settings

git config --global user.name "Igor"
git config --global user.email "igorvdonsk@yandex.ru"

# Add The Reconnect Script Into Forge Directory

cat > /home/forge/.forge/reconnect << EOF
#!/usr/bin/env bash

echo "# Laravel Forge" | tee -a /home/forge/.ssh/authorized_keys > /dev/null
echo \$1 | tee -a /home/forge/.ssh/authorized_keys > /dev/null

echo "# Laravel Forge" | tee -a /root/.ssh/authorized_keys > /dev/null
echo \$1 | tee -a /root/.ssh/authorized_keys > /dev/null

echo "Keys Added!"
EOF

# Setup Forge Home Directory Permissions

chown -R forge:forge /home/forge
chmod -R 755 /home/forge
chmod 700 /home/forge/.ssh/id_rsa

# Setup UFW Firewall

ufw allow 22
ufw allow 80
ufw allow 443
ufw --force enable

# Allow FPM Restart

echo "forge ALL=NOPASSWD: /usr/sbin/service php7.3-fpm reload" > /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php7.2-fpm reload" >> /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php7.1-fpm reload" >> /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php7.0-fpm reload" >> /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php5.6-fpm reload" >> /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php5-fpm reload" >> /etc/sudoers.d/php-fpm

	# Install Base PHP Packages


apt-get install -y --force-yes php5.6-cli php5.6-dev \
php5.6-pgsql php5.6-sqlite3 php5.6-gd \
php5.6-curl php5.6-dev \
php5.6-imap php5.6-mysql php5.6-memcached php5.6-mcrypt php5.6-mbstring \
php5.6-xml php5.6-imagick php5.6-zip php5.6-bcmath php5.6-soap \
php5.6-intl php5.6-readline


# Install Composer Package Manager

curl -sS https://getcomposer.org/installer | php
mv composer.phar /usr/local/bin/composer

# Misc. PHP CLI Configuration

sudo sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/5.6/cli/php.ini
sudo sed -i "s/display_errors = .*/display_errors = On/" /etc/php/5.6/cli/php.ini
sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/5.6/cli/php.ini
sudo sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/5.6/cli/php.ini

# Configure Sessions Directory Permissions

chmod 733 /var/lib/php/sessions
chmod +t /var/lib/php/sessions

# Write Systemd File For Linode


	#
# REQUIRES:
#       - server (the forge server instance)
#		- site_name (the name of the site folder)
#

# Install Nginx & PHP-FPM

    apt-get install -y --force-yes nginx php5.6-fpm

systemctl enable nginx.service

# Generate dhparam File

openssl dhparam -out /etc/nginx/dhparams.pem 2048

# Tweak Some PHP-FPM Settings

sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/5.6/fpm/php.ini
sed -i "s/display_errors = .*/display_errors = On/" /etc/php/5.6/fpm/php.ini
sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/" /etc/php/5.6/fpm/php.ini
sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/5.6/fpm/php.ini
sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/5.6/fpm/php.ini

# Configure FPM Pool Settings

sed -i "s/^user = www-data/user = forge/" /etc/php/5.6/fpm/pool.d/www.conf
sed -i "s/^group = www-data/group = forge/" /etc/php/5.6/fpm/pool.d/www.conf
sed -i "s/;listen\.owner.*/listen.owner = forge/" /etc/php/5.6/fpm/pool.d/www.conf
sed -i "s/;listen\.group.*/listen.group = forge/" /etc/php/5.6/fpm/pool.d/www.conf
sed -i "s/;listen\.mode.*/listen.mode = 0666/" /etc/php/5.6/fpm/pool.d/www.conf
sed -i "s/;request_terminate_timeout.*/request_terminate_timeout = 60/" /etc/php/5.6/fpm/pool.d/www.conf

# Configure Primary Nginx Settings

sed -i "s/user www-data;/user forge;/" /etc/nginx/nginx.conf
sed -i "s/worker_processes.*/worker_processes auto;/" /etc/nginx/nginx.conf
sed -i "s/# multi_accept.*/multi_accept on;/" /etc/nginx/nginx.conf
sed -i "s/# server_names_hash_bucket_size.*/server_names_hash_bucket_size 128;/" /etc/nginx/nginx.conf

# Configure Gzip

cat > /etc/nginx/conf.d/gzip.conf << EOF
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;

gzip_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
text/plain
text/x-component;

EOF

# Disable The Default Nginx Site

rm /etc/nginx/sites-enabled/default
rm /etc/nginx/sites-available/default
service nginx restart

# Install A Catch All Server

cat > /etc/nginx/sites-available/catch-all << EOF
server {
    return 404;
}
EOF

ln -s /etc/nginx/sites-available/catch-all /etc/nginx/sites-enabled/catch-all

# Restart Nginx & PHP-FPM Services

# Restart Nginx & PHP-FPM Services

#service nginx restart
service nginx reload

if [ ! -z "\$(ps aux | grep php-fpm | grep -v grep)" ]
then
    service php7.3-fpm restart > /dev/null 2>&1
    service php7.2-fpm restart > /dev/null 2>&1
    service php7.1-fpm restart > /dev/null 2>&1
    service php7.0-fpm restart > /dev/null 2>&1
    service php5.6-fpm restart > /dev/null 2>&1
    service php5-fpm restart > /dev/null 2>&1
fi

# Add Forge User To www-data Group

usermod -a -G www-data forge
id forge
groups forge


curl --silent --location https://deb.nodesource.com/setup_10.x | bash -

apt-get update

sudo apt-get install -y --force-yes nodejs

npm install -g pm2
npm install -g gulp
npm install -g yarn

    #
# REQUIRES:
#       - server (the forge server instance)
#       - db_password (random password for mysql user)
#

# Set The Automated Root Password

export DEBIAN_FRONTEND=noninteractive

debconf-set-selections <<< "mariadb-server-10.3 mysql-server/data-dir select ''"
debconf-set-selections <<< "mariadb-server-10.3 mysql-server/root_password password bn2WmJholdg9TDV9mbeT"
debconf-set-selections <<< "mariadb-server-10.3 mysql-server/root_password_again password bn2WmJholdg9TDV9mbeT"

# Install MySQL

apt-get install -y mariadb-server-10.3

# Configure Password Expiration

# echo "default_password_lifetime = 0" >> /etc/mysql/my.cnf

# Configure Access Permissions For Root & Forge Users

sed -i '/^bind-address/s/bind-address.*=.*/bind-address = */' /etc/mysql/my.cnf
mysql --user="root" --password="bn2WmJholdg9TDV9mbeT" -e "GRANT ALL ON *.* TO root@'167.71.3.113' IDENTIFIED BY 'bn2WmJholdg9TDV9mbeT';"
mysql --user="root" --password="bn2WmJholdg9TDV9mbeT" -e "GRANT ALL ON *.* TO root@'%' IDENTIFIED BY 'bn2WmJholdg9TDV9mbeT';"
service mysql restart

mysql --user="root" --password="bn2WmJholdg9TDV9mbeT" -e "CREATE USER 'forge'@'167.71.3.113' IDENTIFIED BY 'bn2WmJholdg9TDV9mbeT';"
mysql --user="root" --password="bn2WmJholdg9TDV9mbeT" -e "GRANT ALL ON *.* TO 'forge'@'167.71.3.113' IDENTIFIED BY 'bn2WmJholdg9TDV9mbeT' WITH GRANT OPTION;"
mysql --user="root" --password="bn2WmJholdg9TDV9mbeT" -e "GRANT ALL ON *.* TO 'forge'@'%' IDENTIFIED BY 'bn2WmJholdg9TDV9mbeT' WITH GRANT OPTION;"
mysql --user="root" --password="bn2WmJholdg9TDV9mbeT" -e "FLUSH PRIVILEGES;"

# Set Character Set

echo "" >> /etc/mysql/my.cnf
echo "[mysqld]" >> /etc/mysql/my.cnf
echo "character-set-server = utf8" >> /etc/mysql/my.cnf

# Create The Initial Database If Specified

mysql --user="root" --password="bn2WmJholdg9TDV9mbeT" -e "CREATE DATABASE forge;"


# Install & Configure Redis Server

apt-get install -y redis-server
sed -i 's/bind 127.0.0.1/bind 0.0.0.0/' /etc/redis/redis.conf
service redis-server restart
systemctl enable redis-server
# Install & Configure Memcached

apt-get install -y memcached
sed -i 's/-l 127.0.0.1/-l 0.0.0.0/' /etc/memcached.conf
service memcached restart
# Install & Configure Beanstalk

apt-get install -y --force-yes beanstalkd
sed -i "s/BEANSTALKD_LISTEN_ADDR.*/BEANSTALKD_LISTEN_ADDR=0.0.0.0/" /etc/default/beanstalkd

if grep START= /etc/default/beanstalkd; then
    sed -i "s/#START=yes/START=yes/" /etc/default/beanstalkd
else
    echo "START=yes" >> /etc/default/beanstalkd
fi

service beanstalkd start
sleep 5
service beanstalkd restart

systemctl enable beanstalkd

# Configure Supervisor Autostart

systemctl enable supervisor.service
service supervisor start

# Configure Swap Disk

if [ -f /swapfile ]; then
    echo "Swap exists."
else
    fallocate -l 1G /swapfile
    chmod 600 /swapfile
    mkswap /swapfile
    swapon /swapfile
    echo "/swapfile none swap sw 0 0" >> /etc/fstab
    echo "vm.swappiness=30" >> /etc/sysctl.conf
    echo "vm.vfs_cache_pressure=50" >> /etc/sysctl.conf
fi

# Setup Unattended Security Upgrades

cat > /etc/apt/apt.conf.d/50unattended-upgrades << EOF
Unattended-Upgrade::Allowed-Origins {
    "Ubuntu bionic-security";
};
Unattended-Upgrade::Package-Blacklist {
    //
};
EOF

cat > /etc/apt/apt.conf.d/10periodic << EOF
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
EOF

curl --insecure --data "event_id=30082598&server_id=306979&sudo_password=8DlRjEGChLCBRKfTsaxd&db_password=bn2WmJholdg9TDV9mbeT&recipe_id=" https://forge.laravel.com/provisioning/callback/app

## forge70pgsql.sh
# PHP7.0 pgsql

#
# REQUIRES:
#       - server (the forge server instance)
#       - event (the forge event instance)
#       - sudo_password (random password for sudo)
#       - db_password (random password for database user)
#       - callback (the callback URL)
#       - recipe_id (recipe id to run at the end)
#

sudo sed -i "s/#precedence ::ffff:0:0\/96  100/precedence ::ffff:0:0\/96  100/" /etc/gai.conf

# Upgrade The Base Packages

export DEBIAN_FRONTEND=noninteractive

apt-get update
apt-get upgrade -y

# Add A Few PPAs To Stay Current

apt-get install -y --force-yes software-properties-common

# apt-add-repository ppa:fkrull/deadsnakes-python2.7 -y
apt-add-repository ppa:nginx/development -y
apt-add-repository ppa:chris-lea/redis-server -y
apt-add-repository ppa:ondrej/apache2 -y

	apt-add-repository ppa:ondrej/php -y

# Setup MariaDB Repositories


# Update Package Lists

apt-get update
# Base Packages

add-apt-repository universe

apt-get install -y --force-yes build-essential curl fail2ban gcc git libmcrypt4 libpcre3-dev \
make python2.7 python-pip sendmail supervisor ufw unattended-upgrades unzip whois zsh ncdu

# Install Python Httpie

pip install httpie

# Disable Password Authentication Over SSH

sed -i "/PasswordAuthentication yes/d" /etc/ssh/sshd_config
echo "" | sudo tee -a /etc/ssh/sshd_config
echo "" | sudo tee -a /etc/ssh/sshd_config
echo "PasswordAuthentication no" | sudo tee -a /etc/ssh/sshd_config

# Restart SSH

ssh-keygen -A
service ssh restart

# Set The Hostname If Necessary


echo "deep-oasis" > /etc/hostname
sed -i 's/127\.0\.0\.1.*localhost/127.0.0.1	deep-oasis.localdomain deep-oasis localhost/' /etc/hosts
hostname deep-oasis


# Set The Timezone

# ln -sf /usr/share/zoneinfo/UTC /etc/localtime
ln -sf /usr/share/zoneinfo/UTC /etc/localtime

# Create The Root SSH Directory If Necessary

if [ ! -d /root/.ssh ]
then
	mkdir -p /root/.ssh
	touch /root/.ssh/authorized_keys
fi

# Setup Forge User

useradd forge
mkdir -p /home/forge/.ssh
mkdir -p /home/forge/.forge
adduser forge sudo

# Setup Bash For Forge User

chsh -s /bin/bash forge
cp /root/.profile /home/forge/.profile
cp /root/.bashrc /home/forge/.bashrc

# Set The Sudo Password For Forge

PASSWORD=$(mkpasswd 6xTGCaGrhIYuUev8pBy5)
usermod --password $PASSWORD forge

# Build Formatted Keys & Copy Keys To Forge


cat > /root/.ssh/authorized_keys << EOF
# Laravel Forge
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJO6V3BJ4/5GNPthRwjXfRCnm/Vx7S1evPOPK+fEjsDrf9AlU3RmtQ28b1GbA6OYtHlZw/B83NcnDtEa/ecgTGqGwqG6chbqANio54RlkielD5hDxPNQEG3xaTGOAxDyXVO5z2ObmCtStd37K+RDqL42fQGa4WUcN1/W2rccgQWZvABeVrZ1PEyiY4hs5rV5gVCwaBnhyNFlvhyyIp3ru9ZfPeeG83Nu1Db8ZCVuc0Mrbwu/0cA+1S88XMxKWZNrgmbAK5YWFllNDjI3NLuxtvsIfDs8TtFIWeM1B4t7GbipxhD7mAq9TTmkm5aSI2zARLLgrt9oHxfRQ7KRujjRdJ worker@forge.laravel.com


EOF


cp /root/.ssh/authorized_keys /home/forge/.ssh/authorized_keys

# Create The Server SSH Key

ssh-keygen -f /home/forge/.ssh/id_rsa -t rsa -N ''

# Copy Source Control Public Keys Into Known Hosts File

ssh-keyscan -H github.com >> /home/forge/.ssh/known_hosts
ssh-keyscan -H bitbucket.org >> /home/forge/.ssh/known_hosts
ssh-keyscan -H gitlab.com >> /home/forge/.ssh/known_hosts

# Configure Git Settings

git config --global user.name "Igor"
git config --global user.email "igorvdonsk@yandex.ru"

# Add The Reconnect Script Into Forge Directory

cat > /home/forge/.forge/reconnect << EOF
#!/usr/bin/env bash

echo "# Laravel Forge" | tee -a /home/forge/.ssh/authorized_keys > /dev/null
echo \$1 | tee -a /home/forge/.ssh/authorized_keys > /dev/null

echo "# Laravel Forge" | tee -a /root/.ssh/authorized_keys > /dev/null
echo \$1 | tee -a /root/.ssh/authorized_keys > /dev/null

echo "Keys Added!"
EOF

# Setup Forge Home Directory Permissions

chown -R forge:forge /home/forge
chmod -R 755 /home/forge
chmod 700 /home/forge/.ssh/id_rsa

# Setup UFW Firewall

ufw allow 22
ufw allow 80
ufw allow 443
ufw --force enable

# Allow FPM Restart

echo "forge ALL=NOPASSWD: /usr/sbin/service php7.3-fpm reload" > /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php7.2-fpm reload" >> /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php7.1-fpm reload" >> /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php7.0-fpm reload" >> /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php5.6-fpm reload" >> /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php5-fpm reload" >> /etc/sudoers.d/php-fpm

	# Install Base PHP Packages


apt-get install -y --force-yes php7.0-cli php7.0-dev \
php7.0-pgsql php7.0-sqlite3 php7.0-gd \
php7.0-curl php7.0-dev \
php7.0-imap php7.0-mysql php7.0-memcached php7.0-mcrypt php7.0-mbstring \
php7.0-xml php7.0-imagick php7.0-zip php7.0-bcmath php7.0-soap \
php7.0-intl php7.0-readline


# Install Composer Package Manager

curl -sS https://getcomposer.org/installer | php
mv composer.phar /usr/local/bin/composer

# Misc. PHP CLI Configuration

sudo sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/7.0/cli/php.ini
sudo sed -i "s/display_errors = .*/display_errors = On/" /etc/php/7.0/cli/php.ini
sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.0/cli/php.ini
sudo sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.0/cli/php.ini

# Configure Sessions Directory Permissions

chmod 733 /var/lib/php/sessions
chmod +t /var/lib/php/sessions

# Write Systemd File For Linode


	#
# REQUIRES:
#       - server (the forge server instance)
#		- site_name (the name of the site folder)
#

# Install Nginx & PHP-FPM

	apt-get install -y --force-yes nginx php7.0-fpm

systemctl enable nginx.service

# Generate dhparam File

openssl dhparam -out /etc/nginx/dhparams.pem 2048

# Tweak Some PHP-FPM Settings

sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/7.0/fpm/php.ini
sed -i "s/display_errors = .*/display_errors = On/" /etc/php/7.0/fpm/php.ini
sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/" /etc/php/7.0/fpm/php.ini
sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.0/fpm/php.ini
sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.0/fpm/php.ini

# Configure FPM Pool Settings

sed -i "s/^user = www-data/user = forge/" /etc/php/7.0/fpm/pool.d/www.conf
sed -i "s/^group = www-data/group = forge/" /etc/php/7.0/fpm/pool.d/www.conf
sed -i "s/;listen\.owner.*/listen.owner = forge/" /etc/php/7.0/fpm/pool.d/www.conf
sed -i "s/;listen\.group.*/listen.group = forge/" /etc/php/7.0/fpm/pool.d/www.conf
sed -i "s/;listen\.mode.*/listen.mode = 0666/" /etc/php/7.0/fpm/pool.d/www.conf
sed -i "s/;request_terminate_timeout.*/request_terminate_timeout = 60/" /etc/php/7.0/fpm/pool.d/www.conf

# Configure Primary Nginx Settings

sed -i "s/user www-data;/user forge;/" /etc/nginx/nginx.conf
sed -i "s/worker_processes.*/worker_processes auto;/" /etc/nginx/nginx.conf
sed -i "s/# multi_accept.*/multi_accept on;/" /etc/nginx/nginx.conf
sed -i "s/# server_names_hash_bucket_size.*/server_names_hash_bucket_size 128;/" /etc/nginx/nginx.conf

# Configure Gzip

cat > /etc/nginx/conf.d/gzip.conf << EOF
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;

gzip_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
text/plain
text/x-component;

EOF

# Disable The Default Nginx Site

rm /etc/nginx/sites-enabled/default
rm /etc/nginx/sites-available/default
service nginx restart

# Install A Catch All Server

cat > /etc/nginx/sites-available/catch-all << EOF
server {
    return 404;
}
EOF

ln -s /etc/nginx/sites-available/catch-all /etc/nginx/sites-enabled/catch-all

# Restart Nginx & PHP-FPM Services

# Restart Nginx & PHP-FPM Services

#service nginx restart
service nginx reload

if [ ! -z "\$(ps aux | grep php-fpm | grep -v grep)" ]
then
    service php7.3-fpm restart > /dev/null 2>&1
    service php7.2-fpm restart > /dev/null 2>&1
    service php7.1-fpm restart > /dev/null 2>&1
    service php7.0-fpm restart > /dev/null 2>&1
    service php5.6-fpm restart > /dev/null 2>&1
    service php5-fpm restart > /dev/null 2>&1
fi

# Add Forge User To www-data Group

usermod -a -G www-data forge
id forge
groups forge


curl --silent --location https://deb.nodesource.com/setup_10.x | bash -

apt-get update

sudo apt-get install -y --force-yes nodejs

npm install -g pm2
npm install -g gulp
npm install -g yarn

    #
# REQUIRES:
#		- server (the forge server instance)
#		- db_password (random password for database user)
#

# Install Postgres
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main" >> /etc/apt/sources.list.d/pgdg.list'
apt-get update
apt-get install -y --force-yes postgresql postgresql-contrib

# Configure Postgres For Remote Access

sed -i "s/#listen_addresses = 'localhost'/listen_addresses = '*'/g" /etc/postgresql/11/main/postgresql.conf
echo "host    all             all             0.0.0.0/0               md5" | tee -a /etc/postgresql/11/main/pg_hba.conf
sudo -u postgres psql -c "CREATE ROLE forge LOGIN PASSWORD 'K2frkqlLNuF2JyWvfiHo' SUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION;"
service postgresql restart

# Configure The Timezone

sudo sed -i "s/localtime/UTC/" /etc/postgresql/11/main/postgresql.conf
service postgresql restart

# Create The Initial Database If Specified

sudo -u postgres /usr/bin/createdb --echo --owner=forge forge


# Install & Configure Redis Server

apt-get install -y redis-server
sed -i 's/bind 127.0.0.1/bind 0.0.0.0/' /etc/redis/redis.conf
service redis-server restart
systemctl enable redis-server
# Install & Configure Memcached

apt-get install -y memcached
sed -i 's/-l 127.0.0.1/-l 0.0.0.0/' /etc/memcached.conf
service memcached restart
# Install & Configure Beanstalk

apt-get install -y --force-yes beanstalkd
sed -i "s/BEANSTALKD_LISTEN_ADDR.*/BEANSTALKD_LISTEN_ADDR=0.0.0.0/" /etc/default/beanstalkd

if grep START= /etc/default/beanstalkd; then
    sed -i "s/#START=yes/START=yes/" /etc/default/beanstalkd
else
    echo "START=yes" >> /etc/default/beanstalkd
fi

service beanstalkd start
sleep 5
service beanstalkd restart

systemctl enable beanstalkd

# Configure Supervisor Autostart

systemctl enable supervisor.service
service supervisor start

# Configure Swap Disk

if [ -f /swapfile ]; then
    echo "Swap exists."
else
    fallocate -l 1G /swapfile
    chmod 600 /swapfile
    mkswap /swapfile
    swapon /swapfile
    echo "/swapfile none swap sw 0 0" >> /etc/fstab
    echo "vm.swappiness=30" >> /etc/sysctl.conf
    echo "vm.vfs_cache_pressure=50" >> /etc/sysctl.conf
fi

# Setup Unattended Security Upgrades

cat > /etc/apt/apt.conf.d/50unattended-upgrades << EOF
Unattended-Upgrade::Allowed-Origins {
    "Ubuntu bionic-security";
};
Unattended-Upgrade::Package-Blacklist {
    //
};
EOF

cat > /etc/apt/apt.conf.d/10periodic << EOF
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
EOF

curl --insecure --data "event_id=30082753&server_id=306982&sudo_password=6xTGCaGrhIYuUev8pBy5&db_password=K2frkqlLNuF2JyWvfiHo&recipe_id=" https://forge.laravel.com/provisioning/callback/app

## forge71mysql8.sh

#
# REQUIRES:
#       - server (the forge server instance)
#       - event (the forge event instance)
#       - sudo_password (random password for sudo)
#       - db_password (random password for database user)
#       - callback (the callback URL)
#       - recipe_id (recipe id to run at the end)
#

sudo sed -i "s/#precedence ::ffff:0:0\/96  100/precedence ::ffff:0:0\/96  100/" /etc/gai.conf

# Upgrade The Base Packages

export DEBIAN_FRONTEND=noninteractive

apt-get update
apt-get upgrade -y

# Add A Few PPAs To Stay Current

apt-get install -y --force-yes software-properties-common

# apt-add-repository ppa:fkrull/deadsnakes-python2.7 -y
apt-add-repository ppa:nginx/development -y
apt-add-repository ppa:chris-lea/redis-server -y
apt-add-repository ppa:ondrej/apache2 -y

	apt-add-repository ppa:ondrej/php -y

# Setup MariaDB Repositories


# Update Package Lists

apt-get update
# Base Packages

add-apt-repository universe

apt-get install -y --force-yes build-essential curl fail2ban gcc git libmcrypt4 libpcre3-dev \
make python2.7 python-pip sendmail supervisor ufw unattended-upgrades unzip whois zsh ncdu

# Install Python Httpie

pip install httpie

# Disable Password Authentication Over SSH

sed -i "/PasswordAuthentication yes/d" /etc/ssh/sshd_config
echo "" | sudo tee -a /etc/ssh/sshd_config
echo "" | sudo tee -a /etc/ssh/sshd_config
echo "PasswordAuthentication no" | sudo tee -a /etc/ssh/sshd_config

# Restart SSH

ssh-keygen -A
service ssh restart

# Set The Hostname If Necessary


echo "tall-moon" > /etc/hostname
sed -i 's/127\.0\.0\.1.*localhost/127.0.0.1	tall-moon.localdomain tall-moon localhost/' /etc/hosts
hostname tall-moon


# Set The Timezone

# ln -sf /usr/share/zoneinfo/UTC /etc/localtime
ln -sf /usr/share/zoneinfo/UTC /etc/localtime

# Create The Root SSH Directory If Necessary

if [ ! -d /root/.ssh ]
then
	mkdir -p /root/.ssh
	touch /root/.ssh/authorized_keys
fi

# Setup Forge User

useradd forge
mkdir -p /home/forge/.ssh
mkdir -p /home/forge/.forge
adduser forge sudo

# Setup Bash For Forge User

chsh -s /bin/bash forge
cp /root/.profile /home/forge/.profile
cp /root/.bashrc /home/forge/.bashrc

# Set The Sudo Password For Forge

PASSWORD=$(mkpasswd PEi8Q20ZZorcEUNB6JRQ)
usermod --password $PASSWORD forge

# Build Formatted Keys & Copy Keys To Forge


cat > /root/.ssh/authorized_keys << EOF
# Laravel Forge
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCskbWtwbqj0f4Zrhz8vrDWfa74ljA83cbMvxlhnwDrdPt4a4ti7vJ+Y0O/Jwf4tWZmkL0ZmN6SOTcfRuUMqUw06obgVn/KH8lJMaEV+2k+TjBJijscuMmImxYuq7NiPbIyg05o5QsFEdqkdbnw0LIxy7cb/E/GDVBfsn/VxSMGQI3dks9SQpFRUgGMo8EfJL3JyRFxtm3H3sZMySHPWqssiNS/oNWb/dZ2fxpcnqKcTLSJo+W9eR+/MKoR0GHrhFF5zwXKxeOlbssdJtOS/ryeNEu4kakck7jOersT0A5jAx1HCw1N3lo+sBBt6ledyI4nlF2holF01+YEm+TsDZEh worker@forge.laravel.com


EOF


cp /root/.ssh/authorized_keys /home/forge/.ssh/authorized_keys

# Create The Server SSH Key

ssh-keygen -f /home/forge/.ssh/id_rsa -t rsa -N ''

# Copy Source Control Public Keys Into Known Hosts File

ssh-keyscan -H github.com >> /home/forge/.ssh/known_hosts
ssh-keyscan -H bitbucket.org >> /home/forge/.ssh/known_hosts
ssh-keyscan -H gitlab.com >> /home/forge/.ssh/known_hosts

# Configure Git Settings

git config --global user.name "Igor"
git config --global user.email "igorvdonsk@yandex.ru"

# Add The Reconnect Script Into Forge Directory

cat > /home/forge/.forge/reconnect << EOF
#!/usr/bin/env bash

echo "# Laravel Forge" | tee -a /home/forge/.ssh/authorized_keys > /dev/null
echo \$1 | tee -a /home/forge/.ssh/authorized_keys > /dev/null

echo "# Laravel Forge" | tee -a /root/.ssh/authorized_keys > /dev/null
echo \$1 | tee -a /root/.ssh/authorized_keys > /dev/null

echo "Keys Added!"
EOF

# Setup Forge Home Directory Permissions

chown -R forge:forge /home/forge
chmod -R 755 /home/forge
chmod 700 /home/forge/.ssh/id_rsa

# Setup UFW Firewall

ufw allow 22
ufw allow 80
ufw allow 443
ufw --force enable

# Allow FPM Restart

echo "forge ALL=NOPASSWD: /usr/sbin/service php7.3-fpm reload" > /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php7.2-fpm reload" >> /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php7.1-fpm reload" >> /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php7.0-fpm reload" >> /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php5.6-fpm reload" >> /etc/sudoers.d/php-fpm
echo "forge ALL=NOPASSWD: /usr/sbin/service php5-fpm reload" >> /etc/sudoers.d/php-fpm

	# Install Base PHP Packages


apt-get install -y --force-yes php7.1-cli php7.1-dev \
php7.1-pgsql php7.1-sqlite3 php7.1-gd \
php7.1-curl php7.1-memcached \
php7.1-imap php7.1-mysql php7.1-mbstring \
php7.1-xml php7.1-imagick php7.1-zip php7.1-bcmath php7.1-soap \
php7.1-intl php7.1-readline php7.1-mcrypt


# Install Composer Package Manager

curl -sS https://getcomposer.org/installer | php
mv composer.phar /usr/local/bin/composer

# Misc. PHP CLI Configuration

sudo sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/7.1/cli/php.ini
sudo sed -i "s/display_errors = .*/display_errors = On/" /etc/php/7.1/cli/php.ini
sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.1/cli/php.ini
sudo sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.1/cli/php.ini

# Configure Sessions Directory Permissions

chmod 733 /var/lib/php/sessions
chmod +t /var/lib/php/sessions

# Write Systemd File For Linode


	#
# REQUIRES:
#       - server (the forge server instance)
#		- site_name (the name of the site folder)
#

# Install Nginx & PHP-FPM

    apt-get install -y --force-yes nginx php7.1-fpm

systemctl enable nginx.service

# Generate dhparam File

openssl dhparam -out /etc/nginx/dhparams.pem 2048

# Tweak Some PHP-FPM Settings

sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/7.1/fpm/php.ini
sed -i "s/display_errors = .*/display_errors = On/" /etc/php/7.1/fpm/php.ini
sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/" /etc/php/7.1/fpm/php.ini
sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.1/fpm/php.ini
sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.1/fpm/php.ini

# Configure FPM Pool Settings

sed -i "s/^user = www-data/user = forge/" /etc/php/7.1/fpm/pool.d/www.conf
sed -i "s/^group = www-data/group = forge/" /etc/php/7.1/fpm/pool.d/www.conf
sed -i "s/;listen\.owner.*/listen.owner = forge/" /etc/php/7.1/fpm/pool.d/www.conf
sed -i "s/;listen\.group.*/listen.group = forge/" /etc/php/7.1/fpm/pool.d/www.conf
sed -i "s/;listen\.mode.*/listen.mode = 0666/" /etc/php/7.1/fpm/pool.d/www.conf
sed -i "s/;request_terminate_timeout.*/request_terminate_timeout = 60/" /etc/php/7.1/fpm/pool.d/www.conf

# Configure Primary Nginx Settings

sed -i "s/user www-data;/user forge;/" /etc/nginx/nginx.conf
sed -i "s/worker_processes.*/worker_processes auto;/" /etc/nginx/nginx.conf
sed -i "s/# multi_accept.*/multi_accept on;/" /etc/nginx/nginx.conf
sed -i "s/# server_names_hash_bucket_size.*/server_names_hash_bucket_size 128;/" /etc/nginx/nginx.conf

# Configure Gzip

cat > /etc/nginx/conf.d/gzip.conf << EOF
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;

gzip_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
text/plain
text/x-component;

EOF

# Disable The Default Nginx Site

rm /etc/nginx/sites-enabled/default
rm /etc/nginx/sites-available/default
service nginx restart

# Install A Catch All Server

cat > /etc/nginx/sites-available/catch-all << EOF
server {
    return 404;
}
EOF

ln -s /etc/nginx/sites-available/catch-all /etc/nginx/sites-enabled/catch-all

# Restart Nginx & PHP-FPM Services

# Restart Nginx & PHP-FPM Services

#service nginx restart
service nginx reload

if [ ! -z "\$(ps aux | grep php-fpm | grep -v grep)" ]
then
    service php7.3-fpm restart > /dev/null 2>&1
    service php7.2-fpm restart > /dev/null 2>&1
    service php7.1-fpm restart > /dev/null 2>&1
    service php7.0-fpm restart > /dev/null 2>&1
    service php5.6-fpm restart > /dev/null 2>&1
    service php5-fpm restart > /dev/null 2>&1
fi

# Add Forge User To www-data Group

usermod -a -G www-data forge
id forge
groups forge


curl --silent --location https://deb.nodesource.com/setup_10.x | bash -

apt-get update

sudo apt-get install -y --force-yes nodejs

npm install -g pm2
npm install -g gulp
npm install -g yarn

    #
# REQUIRES:
#		- server (the forge server instance)
#		- db_password (random password for mysql user)
#

# Set The Automated Root Password

export DEBIAN_FRONTEND=noninteractive

wget -c https://dev.mysql.com/get/mysql-apt-config_0.8.12-1_all.deb
dpkg --install mysql-apt-config_0.8.12-1_all.deb

debconf-set-selections <<< "mysql-community-server mysql-community-server/data-dir select ''"
debconf-set-selections <<< "mysql-community-server mysql-community-server/root-pass password 2BfaCQGXvwWs4chksok3"
debconf-set-selections <<< "mysql-community-server mysql-community-server/re-root-pass password 2BfaCQGXvwWs4chksok3"

apt-get update

# Install MySQL

apt-get install -y mysql-server

# Configure Password Expiration

echo "default_password_lifetime = 0" >> /etc/mysql/mysql.conf.d/mysqld.cnf

# Configure Access Permissions For Root & Forge Users

sed -i '/^bind-address/s/bind-address.*=.*/bind-address = */' /etc/mysql/mysql.conf.d/mysqld.cnf
mysql --user="root" --password="2BfaCQGXvwWs4chksok3" -e "CREATE USER 'root'@'167.71.3.113' IDENTIFIED WITH mysql_native_password BY '2BfaCQGXvwWs4chksok3';"
mysql --user="root" --password="2BfaCQGXvwWs4chksok3" -e "CREATE USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY '2BfaCQGXvwWs4chksok3';"
mysql --user="root" --password="2BfaCQGXvwWs4chksok3" -e "GRANT ALL PRIVILEGES ON *.* TO root@'167.71.3.113' WITH GRANT OPTION;"
mysql --user="root" --password="2BfaCQGXvwWs4chksok3" -e "GRANT ALL PRIVILEGES ON *.* TO root@'%' WITH GRANT OPTION;"
service mysql restart

mysql --user="root" --password="2BfaCQGXvwWs4chksok3" -e "CREATE USER 'forge'@'167.71.3.113' IDENTIFIED WITH mysql_native_password BY '2BfaCQGXvwWs4chksok3';"
mysql --user="root" --password="2BfaCQGXvwWs4chksok3" -e "CREATE USER 'forge'@'%' IDENTIFIED WITH mysql_native_password BY '2BfaCQGXvwWs4chksok3';"
mysql --user="root" --password="2BfaCQGXvwWs4chksok3" -e "GRANT ALL PRIVILEGES ON *.* TO 'forge'@'167.71.3.113' WITH GRANT OPTION;"
mysql --user="root" --password="2BfaCQGXvwWs4chksok3" -e "GRANT ALL PRIVILEGES ON *.* TO 'forge'@'%' WITH GRANT OPTION;"
mysql --user="root" --password="2BfaCQGXvwWs4chksok3" -e "FLUSH PRIVILEGES;"

# Create The Initial Database If Specified

mysql --user="root" --password="2BfaCQGXvwWs4chksok3" -e "CREATE DATABASE forge CHARACTER SET utf8 COLLATE utf8_unicode_ci;"

# Install & Configure Redis Server

apt-get install -y redis-server
sed -i 's/bind 127.0.0.1/bind 0.0.0.0/' /etc/redis/redis.conf
service redis-server restart
systemctl enable redis-server
# Install & Configure Memcached

apt-get install -y memcached
sed -i 's/-l 127.0.0.1/-l 0.0.0.0/' /etc/memcached.conf
service memcached restart
# Install & Configure Beanstalk

apt-get install -y --force-yes beanstalkd
sed -i "s/BEANSTALKD_LISTEN_ADDR.*/BEANSTALKD_LISTEN_ADDR=0.0.0.0/" /etc/default/beanstalkd

if grep START= /etc/default/beanstalkd; then
    sed -i "s/#START=yes/START=yes/" /etc/default/beanstalkd
else
    echo "START=yes" >> /etc/default/beanstalkd
fi

service beanstalkd start
sleep 5
service beanstalkd restart

systemctl enable beanstalkd

# Configure Supervisor Autostart

systemctl enable supervisor.service
service supervisor start

# Configure Swap Disk

if [ -f /swapfile ]; then
    echo "Swap exists."
else
    fallocate -l 1G /swapfile
    chmod 600 /swapfile
    mkswap /swapfile
    swapon /swapfile
    echo "/swapfile none swap sw 0 0" >> /etc/fstab
    echo "vm.swappiness=30" >> /etc/sysctl.conf
    echo "vm.vfs_cache_pressure=50" >> /etc/sysctl.conf
fi

# Setup Unattended Security Upgrades

cat > /etc/apt/apt.conf.d/50unattended-upgrades << EOF
Unattended-Upgrade::Allowed-Origins {
    "Ubuntu bionic-security";
};
Unattended-Upgrade::Package-Blacklist {
    //
};
EOF

cat > /etc/apt/apt.conf.d/10periodic << EOF
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
EOF

curl --insecure --data "event_id=30082785&server_id=306983&sudo_password=PEi8Q20ZZorcEUNB6JRQ&db_password=2BfaCQGXvwWs4chksok3&recipe_id=" https://forge.laravel.com/provisioning/callback/app

## letsencrypt.sh
#
# REQUIRES:
#		- site (the forge site instance)
#

# Remove The Nginx Site

rm "/etc/nginx/sites-enabled/www.default"
rm "/etc/nginx/sites-enabled/default"
rm "/etc/nginx/sites-available/www.default"
rm "/etc/nginx/sites-available/default"

# Remove Configuration Directories

rm -rf "/etc/nginx/forge-conf/default"
rm -rf "/etc/nginx/forge-conf/www.default"


# Remove The SSL Certificates

rm -rf "/etc/nginx/ssl/default"

# Remove The Site In Forge Directory

    rm -rf "/home/forge/default"

# Restart Nginx & PHP-FPM Services

# Restart Nginx & PHP-FPM Services

#service nginx restart
service nginx reload

if [ ! -z "\$(ps aux | grep php-fpm | grep -v grep)" ]
then
    service php7.3-fpm restart > /dev/null 2>&1
    service php7.2-fpm restart > /dev/null 2>&1
    service php7.1-fpm restart > /dev/null 2>&1
    service php7.0-fpm restart > /dev/null 2>&1
    service php5.6-fpm restart > /dev/null 2>&1
    service php5-fpm restart > /dev/null 2>&1
fi
root@ubuntu-s-1vcpu-1gb-ams3-06:~/.forge# cat provision-30439323.sh
#
# REQUIRES:
#		- site (the forge site instance)
#

cat > /etc/nginx/fastcgi_params << EOF
fastcgi_param   QUERY_STRING        \$query_string;
fastcgi_param   REQUEST_METHOD      \$request_method;
fastcgi_param   CONTENT_TYPE        \$content_type;
fastcgi_param   CONTENT_LENGTH      \$content_length;
fastcgi_param   SCRIPT_FILENAME     \$request_filename;
fastcgi_param   SCRIPT_NAME     \$fastcgi_script_name;
fastcgi_param   REQUEST_URI     \$request_uri;
fastcgi_param   DOCUMENT_URI        \$document_uri;
fastcgi_param   DOCUMENT_ROOT       \$document_root;
fastcgi_param   SERVER_PROTOCOL     \$server_protocol;
fastcgi_param   GATEWAY_INTERFACE   CGI/1.1;
fastcgi_param   SERVER_SOFTWARE     nginx/\$nginx_version;
fastcgi_param   REMOTE_ADDR     \$remote_addr;
fastcgi_param   REMOTE_PORT     \$remote_port;
fastcgi_param   SERVER_ADDR     \$server_addr;
fastcgi_param   SERVER_PORT     \$server_port;
fastcgi_param   SERVER_NAME     \$server_name;
fastcgi_param   HTTPS           \$https if_not_empty;
fastcgi_param   REDIRECT_STATUS     200;
fastcgi_param   HTTP_PROXY  "";
EOF

# Generate dhparams File If Necessary

if [ ! -f /etc/nginx/dhparams.pem ]
then
    openssl dhparam -out /etc/nginx/dhparams.pem 2048
fi

# Write The Nginx Server Block For The Site

rm -f "/etc/nginx/sites-available/sputnikcloud.com"
rm -f "/etc/nginx/sites-available/www.sputnikcloud.com"


cat > /etc/nginx/sites-available/sputnikcloud.com << EOF
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/sputnikcloud.com/before/*;

server {
    listen 80;
    listen [::]:80;
    server_name sputnikcloud.com;
    root /home/forge/sputnikcloud.com/public;

    # FORGE SSL (DO NOT REMOVE!)
    # ssl_certificate;
    # ssl_certificate_key;

    ssl_protocols TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/nginx/dhparams.pem;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    index index.html index.htm index.php;

    charset utf-8;

    # FORGE CONFIG (DO NOT REMOVE!)
    include forge-conf/sputnikcloud.com/server/*;

    location / {
        try_files \$uri \$uri/ /index.php?\$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/sputnikcloud.com-error.log error;

    error_page 404 /index.php;

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }

    location ~ /\.(?!well-known).* {
        deny all;
    }
}

# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/sputnikcloud.com/after/*;
EOF


# Write The Configuration Directories

mkdir -p /etc/nginx/forge-conf/sputnikcloud.com/before
mkdir -p /etc/nginx/forge-conf/sputnikcloud.com/after
mkdir -p /etc/nginx/forge-conf/sputnikcloud.com/server

# Enable The Nginx Sites

rm -f "/etc/nginx/sites-enabled/sputnikcloud.com"
rm -f "/etc/nginx/sites-enabled/www.sputnikcloud.com"

ln -s /etc/nginx/sites-available/sputnikcloud.com /etc/nginx/sites-enabled/sputnikcloud.com

# Write The Base Redirector For The Site

#
# REQUIRES:
#       - server (the server instance)
#		- site (the site instance)
#		- siteName (the site name)
#		- aliases (the site aliases)
#       - certificate (the certificate) (optional)
#

rm -f /etc/nginx/forge-conf/sputnikcloud.com/before/redirect.conf
rm -f /etc/nginx/forge-conf/sputnikcloud.com/before/ssl_redirect.conf


cat > /etc/nginx/forge-conf/sputnikcloud.com/before/redirect.conf << EOF
server {
    listen 80;
    listen [::]:80;

    server_name www.sputnikcloud.com;
    return 301 \$scheme://sputnikcloud.com\$request_uri;
}

EOF


# Restart Nginx & PHP-FPM Services

service nginx reload

if [ ! -z "\$(ps aux | grep php-fpm | grep -v grep)" ]
then
    service php7.3-fpm restart > /dev/null 2>&1
    service php7.2-fpm restart > /dev/null 2>&1
    service php7.1-fpm restart > /dev/null 2>&1
    service php7.0-fpm restart > /dev/null 2>&1
    service php5.6-fpm restart > /dev/null 2>&1
    service php5-fpm restart > /dev/null 2>&1
fi


# Restart HHVM-FastCGI When Running HHVM


## nginx-site.sh
# INSTALL
# REQUIRES:
#		- site (the forge site instance)
#

cat > /etc/nginx/fastcgi_params << EOF
fastcgi_param   QUERY_STRING        \$query_string;
fastcgi_param   REQUEST_METHOD      \$request_method;
fastcgi_param   CONTENT_TYPE        \$content_type;
fastcgi_param   CONTENT_LENGTH      \$content_length;
fastcgi_param   SCRIPT_FILENAME     \$request_filename;
fastcgi_param   SCRIPT_NAME     \$fastcgi_script_name;
fastcgi_param   REQUEST_URI     \$request_uri;
fastcgi_param   DOCUMENT_URI        \$document_uri;
fastcgi_param   DOCUMENT_ROOT       \$document_root;
fastcgi_param   SERVER_PROTOCOL     \$server_protocol;
fastcgi_param   GATEWAY_INTERFACE   CGI/1.1;
fastcgi_param   SERVER_SOFTWARE     nginx/\$nginx_version;
fastcgi_param   REMOTE_ADDR     \$remote_addr;
fastcgi_param   REMOTE_PORT     \$remote_port;
fastcgi_param   SERVER_ADDR     \$server_addr;
fastcgi_param   SERVER_PORT     \$server_port;
fastcgi_param   SERVER_NAME     \$server_name;
fastcgi_param   HTTPS           \$https if_not_empty;
fastcgi_param   REDIRECT_STATUS     200;
fastcgi_param   HTTP_PROXY  "";
EOF

# Generate dhparams File If Necessary

if [ ! -f /etc/nginx/dhparams.pem ]
then
    openssl dhparam -out /etc/nginx/dhparams.pem 2048
fi

# Write The Nginx Server Block For The Site

rm -f "/etc/nginx/sites-available/superprojects.space"
rm -f "/etc/nginx/sites-available/www.superprojects.space"


cat > /etc/nginx/sites-available/superprojects.space << EOF
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/superprojects.space/before/*;

server {
    listen 80;
    listen [::]:80;
    server_name superprojects.space;
    root /home/forge/superprojects.space/public;

    # FORGE SSL (DO NOT REMOVE!)
    # ssl_certificate;
    # ssl_certificate_key;

    ssl_protocols TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/nginx/dhparams.pem;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    index index.html index.htm index.php;

    charset utf-8;

    # FORGE CONFIG (DO NOT REMOVE!)
    include forge-conf/superprojects.space/server/*;

    location / {
        try_files \$uri \$uri/ /index.php?\$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/superprojects.space-error.log error;

    error_page 404 /index.php;

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }

    location ~ /\.(?!well-known).* {
        deny all;
    }
}

# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/superprojects.space/after/*;
EOF


# Write The Configuration Directories

mkdir -p /etc/nginx/forge-conf/superprojects.space/before
mkdir -p /etc/nginx/forge-conf/superprojects.space/after
mkdir -p /etc/nginx/forge-conf/superprojects.space/server

# Enable The Nginx Sites

rm -f "/etc/nginx/sites-enabled/superprojects.space"
rm -f "/etc/nginx/sites-enabled/www.superprojects.space"

ln -s /etc/nginx/sites-available/superprojects.space /etc/nginx/sites-enabled/superprojects.space

# Write The Base Redirector For The Site

#
# REQUIRES:
#       - server (the server instance)
#		- site (the site instance)
#		- siteName (the site name)
#		- aliases (the site aliases)
#       - certificate (the certificate) (optional)
#

rm -f /etc/nginx/forge-conf/superprojects.space/before/redirect.conf
rm -f /etc/nginx/forge-conf/superprojects.space/before/ssl_redirect.conf


cat > /etc/nginx/forge-conf/superprojects.space/before/redirect.conf << EOF
server {
    listen 80;
    listen [::]:80;

    server_name www.superprojects.space;
    return 301 \$scheme://superprojects.space\$request_uri;
}

EOF


# Restart Nginx & PHP-FPM Services

service nginx reload

if [ ! -z "\$(ps aux | grep php-fpm | grep -v grep)" ]
then
    service php7.3-fpm restart > /dev/null 2>&1
    service php7.2-fpm restart > /dev/null 2>&1
    service php7.1-fpm restart > /dev/null 2>&1
    service php7.0-fpm restart > /dev/null 2>&1
    service php5.6-fpm restart > /dev/null 2>&1
    service php5-fpm restart > /dev/null 2>&1
fi


# Restart HHVM-FastCGI When Running HHVM


# REMOVE
# REQUIRES:
#		- site (the forge site instance)
#

# Remove The Nginx Site

rm "/etc/nginx/sites-enabled/www.superprojects.space"
rm "/etc/nginx/sites-enabled/superprojects.space"
rm "/etc/nginx/sites-available/www.superprojects.space"
rm "/etc/nginx/sites-available/superprojects.space"

# Remove Configuration Directories

rm -rf "/etc/nginx/forge-conf/superprojects.space"
rm -rf "/etc/nginx/forge-conf/www.superprojects.space"


# Remove The SSL Certificates

rm -rf "/etc/nginx/ssl/superprojects.space"

# Remove The Site In Forge Directory

    rm -rf "/home/forge/superprojects.space"

# Restart Nginx & PHP-FPM Services

# Restart Nginx & PHP-FPM Services

#service nginx restart
service nginx reload

if [ ! -z "\$(ps aux | grep php-fpm | grep -v grep)" ]
then
    service php7.3-fpm restart > /dev/null 2>&1
    service php7.2-fpm restart > /dev/null 2>&1
    service php7.1-fpm restart > /dev/null 2>&1
    service php7.0-fpm restart > /dev/null 2>&1
    service php5.6-fpm restart > /dev/null 2>&1
    service php5-fpm restart > /dev/null 2>&1
fi


## opcache.sh
# ENABLE
# REQUIRES:
#       - server (the forge server instance)
#

sed -i "s/;\?opcache\.enable=.*/opcache.enable = 1/" /etc/php/7.3/fpm/php.ini
sed -i "s/;\?opcache\.enable =.*/opcache.enable = 1/" /etc/php/7.3/fpm/php.ini
sed -i "s/;\?opcache\.memory_consumption.*/opcache.memory_consumption = 512/" /etc/php/7.3/fpm/php.ini
sed -i "s/;\?opcache\.interned_strings_buffer.*/opcache.interned_strings_buffer = 64/" /etc/php/7.3/fpm/php.ini
sed -i "s/;\?opcache\.max_accelerated_files.*/opcache.max_accelerated_files = 30000/" /etc/php/7.3/fpm/php.ini
sed -i "s/;\?opcache\.validate_timestamps.*/opcache.validate_timestamps = 0/" /etc/php/7.3/fpm/php.ini
sed -i "s/;\?opcache\.save_comments.*/opcache.save_comments = 1/" /etc/php/7.3/fpm/php.ini
# sed -i "s/;\?opcache\.fast_shutdown.*/opcache.fast_shutdown = 1/" /etc/php/7.3/fpm/php.ini

# Restart Nginx & PHP-FPM Services

#service nginx restart
service nginx reload

if [ ! -z "\$(ps aux | grep php-fpm | grep -v grep)" ]
then
    service php7.3-fpm restart > /dev/null 2>&1
    service php7.2-fpm restart > /dev/null 2>&1
    service php7.1-fpm restart > /dev/null 2>&1
    service php7.0-fpm restart > /dev/null 2>&1
    service php5.6-fpm restart > /dev/null 2>&1
    service php5-fpm restart > /dev/null 2>&1
fi

# DISABLE
# REQUIRES:
#       - server (the forge server instance)
#

sed -i "s/;\?opcache.enable=.*/opcache.enable = 0/" /etc/php/7.3/fpm/php.ini
sed -i "s/;\?opcache.enable =.*/opcache.enable = 0/" /etc/php/7.3/fpm/php.ini

# Restart Nginx & PHP-FPM Services

#service nginx restart
service nginx reload

if [ ! -z "\$(ps aux | grep php-fpm | grep -v grep)" ]
then
    service php7.3-fpm restart > /dev/null 2>&1
    service php7.2-fpm restart > /dev/null 2>&1
    service php7.1-fpm restart > /dev/null 2>&1
    service php7.0-fpm restart > /dev/null 2>&1
    service php5.6-fpm restart > /dev/null 2>&1
    service php5-fpm restart > /dev/null 2>&1
fi

## php-upgrade.sh
#
# REQUIRES:
#       - server (the forge server instance)
#

set -e

export DEBIAN_FRONTEND=noninteractive

apt-get install -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -y --only-upgrade php7.0-cli php7.0-dev \
php7.0-pgsql php7.0-sqlite3 php7.0-gd \
php7.0-curl php7.0-dev \
php7.0-imap php7.0-mysql php7.0-memcached php7.0-mcrypt php7.0-mbstring \
php7.0-xml php7.0-imagick php7.0-zip php7.0-bcmath php7.0-soap \
php7.0-intl php7.0-readline

apt-get install -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -y --only-upgrade php7.1-fpm php7.1-cli php7.1-dev \
php7.1-pgsql php7.1-sqlite3 php7.1-gd \
php7.1-curl php7.1-memcached \
php7.1-imap php7.1-mysql php7.1-mbstring \
php7.1-xml php7.1-zip php7.1-bcmath php7.1-soap \
php7.1-intl php7.1-readline php7.1-mcrypt php-msgpack php-igbinary

apt-get install -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -y --only-upgrade php7.2-cli php7.2-dev \
php7.2-pgsql php7.2-sqlite3 php7.2-gd \
php7.2-curl php7.2-memcached \
php7.2-imap php7.2-mysql php7.2-mbstring \
php7.2-xml php7.2-zip php7.2-bcmath php7.2-soap \
php7.2-intl php7.2-readline

apt-get install -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -y --only-upgrade php7.3-fpm php7.3-cli php7.3-dev \
php7.3-pgsql php7.3-sqlite3 php7.3-gd \
php7.3-curl php7.3-memcached \
php7.3-imap php7.3-mysql php7.3-mbstring \
php7.3-xml php7.3-zip php7.3-bcmath php7.3-soap \
php7.3-intl php7.3-readline php-msgpack php-igbinary

echo "Restarting Nginx"

service nginx restart
service nginx reload

echo "Nginx Restarted"

## redirect.sh
# INSTALL
# REQUIRES:
#		- rule (the forge redirect rule instance)
#

if [ ! -f /etc/nginx/forge-conf/superprojects.space/server/redirect_rules.conf ]
then
	touch /etc/nginx/forge-conf/superprojects.space/server/redirect_rules.conf
fi

echo "" > /etc/nginx/forge-conf/superprojects.space/server/redirect_rules.conf

echo "" | tee -a /etc/nginx/forge-conf/superprojects.space/server/redirect_rules.conf
echo "# Laravel Forge Redirect Rule 34892" | tee -a /etc/nginx/forge-conf/superprojects.space/server/redirect_rules.conf
echo "rewrite test1 tset2 redirect;" | tee -a /etc/nginx/forge-conf/superprojects.space/server/redirect_rules.conf

# Restart Nginx & PHP-FPM Services

#service nginx restart
service nginx reload

if [ ! -z "\$(ps aux | grep php-fpm | grep -v grep)" ]
then
    service php7.3-fpm restart > /dev/null 2>&1
    service php7.2-fpm restart > /dev/null 2>&1
    service php7.1-fpm restart > /dev/null 2>&1
    service php7.0-fpm restart > /dev/null 2>&1
    service php5.6-fpm restart > /dev/null 2>&1
    service php5-fpm restart > /dev/null 2>&1
fi

# REMOVE
# REQUIRES:
#		- rule (the forge redirect rule instance)
#

if [ ! -f /etc/nginx/forge-conf/superprojects.space/server/redirect_rules.conf ]
then
	touch /etc/nginx/forge-conf/superprojects.space/server/redirect_rules.conf
fi

echo "" > /etc/nginx/forge-conf/superprojects.space/server/redirect_rules.conf


# Restart Nginx & PHP-FPM Services

#service nginx restart
service nginx reload

if [ ! -z "\$(ps aux | grep php-fpm | grep -v grep)" ]
then
    service php7.3-fpm restart > /dev/null 2>&1
    service php7.2-fpm restart > /dev/null 2>&1
    service php7.1-fpm restart > /dev/null 2>&1
    service php7.0-fpm restart > /dev/null 2>&1
    service php5.6-fpm restart > /dev/null 2>&1
    service php5-fpm restart > /dev/null 2>&1
fi


## scheduler.sh
# INSTALL
# REQUIRES:
#       - job (the forge job instance)
#

echo "" | tee -a /etc/crontab
echo "# Laravel Forge Scheduler 469075" | tee -a /etc/crontab
echo '0 0 * * 0 root apt-get autoremove && apt-get autoclean > /home/forge/.forge/scheduled-469075.log 2>&1' | tee -a /etc/crontab


# REMOVE
# REQUIRES:
#       - job_id (the forge job ID)
#

sed -i "/# Laravel Forge Scheduler 469074/,+1d" /etc/crontab

## ssh.sh
# INSTALL
# REQUIRES:
#       - name (the name of the SSH Key)
#		- key (the key text)
#

echo "# Megacomp" | tee -a /home/forge/.ssh/authorized_keys
echo "ssh-rsa ..." | tee -a /home/forge/.ssh/authorized_key

# REMOVE
# REQUIRES:
#       - name (the name of the SSH Key)
#

sed -i "/# test$/,+1d" /home/forge/.ssh/authorized_keys

## ssl-cert.sh
#
# REQUIRES:
#       - certificate (the certificate instance)
#       - site (the site instance)
#		- key (the private key)
#		- contents (the text of the certificate)
#

# Make A Directory To Hold The Files

mkdir -p /etc/nginx/ssl/superprojects.space/598643

# Install The Private Key

cat > /etc/nginx/ssl/superprojects.space/598643/server.key << EOF
test

EOF

# Install The SSL Certificate

cat > /etc/nginx/ssl/superprojects.space/598643/server.crt << EOF
test

EOF


# REQUIRES:
#       - server (the server instance)
#       - certificate (the certificate)
#		- site (the site instance)
#

# Build DHParams If Necessary

if [ ! -f /etc/nginx/dhparams.pem ]
then
  openssl dhparam -out /etc/nginx/dhparams.pem 2048
fi

# Change Site To Listen On Port 443


sed -i "s/listen 80;/listen 443 ssl http2;/" /etc/nginx/sites-available/sputnikcloud.com
sed -i "s/listen \[::\]:80;/listen \[::\]:443 ssl http2;/" /etc/nginx/sites-available/sputnikcloud.com
sed -i "s/listen 80 default_server;/listen 443 ssl http2;/" /etc/nginx/sites-available/sputnikcloud.com
sed -i "s/listen \[::\]:80 default_server;/listen \[::\]:443 ssl http2;/" /etc/nginx/sites-available/sputnikcloud.com


# Replace Forge SSL Stubs

sed -i -r "s/# ssl_certificate_key.*/ssl_certificate_key \/etc\/nginx\/ssl\/sputnikcloud.com\/605289\/server.key;/" /etc/nginx/sites-available/sputnikcloud.com
sed -i -r "s/# ssl_certificate.*/ssl_certificate \/etc\/nginx\/ssl\/sputnikcloud.com\/605289\/server.crt;/" /etc/nginx/sites-available/sputnikcloud.com

# Write The SSL Redirect

rm -f "/etc/nginx/forge-conf/sputnikcloud.com/before/redirect.conf"
rm -f "/etc/nginx/forge-conf/sputnikcloud.com/before/ssl_redirect.conf"

#
# REQUIRES:
#       - server (the server instance)
#		- site (the site instance)
#		- siteName (the site name)
#		- aliases (the site aliases)
#       - certificate (the certificate) (optional)
#

rm -f /etc/nginx/forge-conf/sputnikcloud.com/before/redirect.conf
rm -f /etc/nginx/forge-conf/sputnikcloud.com/before/ssl_redirect.conf


cat > /etc/nginx/forge-conf/sputnikcloud.com/before/ssl_redirect.conf << EOF
# Redirect every request to HTTPS...
server {
    listen 80;
    listen [::]:80;

    server_name .sputnikcloud.com;
    return 301 https://\$host\$request_uri;
}


# Redirect SSL to primary domain SSL...
server {
        listen 443 ssl http2;
    listen [::]:443 ssl http2;

    # FORGE SSL (DO NOT REMOVE!)
    ssl_certificate /etc/nginx/ssl/sputnikcloud.com/605289/server.crt;
    ssl_certificate_key /etc/nginx/ssl/sputnikcloud.com/605289/server.key;

    ssl_protocols TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/nginx/dhparams.pem;

    server_name www.sputnikcloud.com;
    return 301 https://sputnikcloud.com\$request_uri;
}

EOF


# Remove Legacy "www" Server Blocks

rm -f "/etc/nginx/sites-enabled/www.sputnikcloud.com"
rm -f "/etc/nginx/sites-available/www.sputnikcloud.com"

# Setup Renew Job If Using LetsEncrypt

#
# REQUIRES:
#       - certificate (the certificate)
#

# Remove Any Existing File

rm -f /etc/cron.d/letsencrypt-renew-830338

# Add The Cron File


# Restart Nginx & PHP-FPM Services

# Restart Nginx & PHP-FPM Services

#service nginx restart
service nginx reload

if [ ! -z "\$(ps aux | grep php-fpm | grep -v grep)" ]
then
    service php7.3-fpm restart > /dev/null 2>&1
    service php7.2-fpm restart > /dev/null 2>&1
    service php7.1-fpm restart > /dev/null 2>&1
    service php7.0-fpm restart > /dev/null 2>&1
    service php5.6-fpm restart > /dev/null 2>&1
    service php5-fpm restart > /dev/null 2>&1
fi

nginx -s reload
	# INSTALL
	# REQUIRES:
	# - server (the server instance)
	# - user (the database user instance)
	#

	# Add MySQL User

	mysql --user="root" --password="IywEehlDEnpoOLSPgWEO" -e "DROP USER IF EXISTS test;"

	mysql --user="root" --password="IywEehlDEnpoOLSPgWEO" -e "CREATE USER IF NOT EXISTS 'test'@'167.71.3.113' IDENTIFIED BY '23423werwer';"
	mysql --user="root" --password="IywEehlDEnpoOLSPgWEO" -e "CREATE USER IF NOT EXISTS 'test'@'%' IDENTIFIED BY '23423werwer';"

	mysql --user="root" --password="IywEehlDEnpoOLSPgWEO" -e "GRANT ALL ON test1.* TO 'test'@'167.71.3.113' WITH GRANT OPTION;"
	mysql --user="root" --password="IywEehlDEnpoOLSPgWEO" -e "GRANT ALL ON test1.* TO 'test'@'%' WITH GRANT OPTION;"

	mysql --user="root" --password="IywEehlDEnpoOLSPgWEO" -e "FLUSH PRIVILEGES;"


	# REMOVE
	# REQUIRES:
	# - name (the name of the database)
	#

	# Drop The MySQL Database

	mysql --user="root" --password="IywEehlDEnpoOLSPgWEO" -e "DROP DATABASE IF EXISTS test;"

	# CHANGE ROOT PASSWORD
	# REQUIRES:
	# - server (the forge server instance)
	# - db_password (random password for mysql user)
	#

	mysql --user="root" --password="IywEehlDEnpoOLSPgWEO" -e "ALTER USER 'forge'@'167.71.3.113' IDENTIFIED BY 'test';"
	mysql --user="root" --password="IywEehlDEnpoOLSPgWEO" -e "ALTER USER 'forge'@'%' IDENTIFIED BY 'test';"

	mysql --user="root" --password="IywEehlDEnpoOLSPgWEO" -e "ALTER USER 'root'@'167.71.3.113' IDENTIFIED BY 'test';"
	mysql --user="root" --password="IywEehlDEnpoOLSPgWEO" -e "ALTER USER 'root'@'%' IDENTIFIED BY 'test';"
	#
	# REQUIRES:
	# - site (the forge site instance)
	#

	# Write A Dummy PHP Info Stub To A Site

	rm -rf /home/forge/superprojects.space/public
	mkdir -p /home/forge/superprojects.space/public


	# Deploy The Proper Stub File Based On Project Type

	echo "<?php phpinfo();" >
	# INSTALL
	# REQUIRES:
	# - rule (the forge rule instance)
	#

	sudo ufw allow 6001

	# REMOVE
	# REQUIRES:
	# - ip_address (the ip address allowed by the rule)
	# - port (the port allowed by the rule)
	#

	sudo ufw delete allow 6001
	# PHP 7.3 Mysql 5.6
	#
	# REQUIRES:
	# - server (the forge server instance)
	# - event (the forge event instance)
	# - sudo_password (random password for sudo)
	# - db_password (random password for database user)
	# - callback (the callback URL)
	# - recipe_id (recipe id to run at the end)
	#

	sudo sed -i "s/#precedence ::ffff:0:0\/96 100/precedence ::ffff:0:0\/96 100/" /etc/gai.conf

	# Upgrade The Base Packages

	export DEBIAN_FRONTEND=noninteractive

	apt-get update
	apt-get upgrade -y

	# Add A Few PPAs To Stay Current

	apt-get install -y --force-yes software-properties-common

	# apt-add-repository ppa:fkrull/deadsnakes-python2.7 -y
	apt-add-repository ppa:nginx/development -y
	apt-add-repository ppa:chris-lea/redis-server -y
	apt-add-repository ppa:ondrej/apache2 -y

	apt-add-repository ppa:ondrej/php -y

	# Setup MariaDB Repositories



	# Update Package Lists

	apt-get update
	# Base Packages

	add-apt-repository universe

	apt-get install -y --force-yes build-essential curl fail2ban gcc git libmcrypt4 libpcre3-dev \
	make python2.7 python-pip sendmail supervisor ufw unattended-upgrades unzip whois zsh ncdu

	# Install Python Httpie

	pip install httpie

	# Disable Password Authentication Over SSH

	sed -i "/PasswordAuthentication yes/d" /etc/ssh/sshd_config
	echo "" \| sudo tee -a /etc/ssh/sshd_config
	echo "" \| sudo tee -a /etc/ssh/sshd_config
	echo "PasswordAuthentication no" \| sudo tee -a /etc/ssh/sshd_config

	# Restart SSH

	ssh-keygen -A
	service ssh restart

	# Set The Hostname If Necessary


	echo "red-chasm" > /etc/hostname
	sed -i 's/127\.0\.0\.1.*localhost/127.0.0.1 red-chasm.localdomain red-chasm localhost/' /etc/hosts
	hostname red-chasm


	# Set The Timezone

	# ln -sf /usr/share/zoneinfo/UTC /etc/localtime
	ln -sf /usr/share/zoneinfo/UTC /etc/localtime

	# Create The Root SSH Directory If Necessary

	if [ ! -d /root/.ssh ]
	then
	mkdir -p /root/.ssh
	touch /root/.ssh/authorized_keys
	fi

	# Setup Forge User

	useradd forge
	mkdir -p /home/forge/.ssh
	mkdir -p /home/forge/.forge
	adduser forge sudo

	# Setup Bash For Forge User

	chsh -s /bin/bash forge
	cp /root/.profile /home/forge/.profile
	cp /root/.bashrc /home/forge/.bashrc

	# Set The Sudo Password For Forge

	PASSWORD=$(mkpasswd jSqm0k4EsGjnv7mJ8oBY)
	usermod --password $PASSWORD forge

	# Build Formatted Keys & Copy Keys To Forge

	if [ ! -d /root/.ssh ]
	then
	mkdir -p /root/.ssh
	touch /root/.ssh/authorized_keys
	fi


	cat > /root/.ssh/authorized_keys << EOF
	# Laravel Forge
	ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYlmATs0kV9aPQdCqaF12x8Bv0H5jIH2wfCzfpASB8oaRQOC2UerO/ukqtFzko9u5pqTb94bHG7MsQAjtJR13EcMAIOYxuNBEgMNVtJ6EJzklcxBRG9xKIZD6xiVdlxOBgguY72Yv8TkteeDPeN2YyqVx+HgRjqL0zwgFbVx8wlylQU1Gg8WDTERCdYX5jHmfdMN7IiIEYOw4F1U1eJTreexvid68X6OFHrWHAJhJXu8c/Q1d1UgWkHImN9IgHju6HPbge2D2W12UlpLw/FUGM1hNsfkLRwFLnPMnkBVsM27et+H4OdDEt52LtFfJuWKfWcAsrSzIjTCiXEcYsFjRh worker@forge.laravel.com
	EOF


	cp /root/.ssh/authorized_keys /home/forge/.ssh/authorized_keys

	# Create The Server SSH Key

	ssh-keygen -f /home/forge/.ssh/id_rsa -t rsa -N ''

	# Copy Source Control Public Keys Into Known Hosts File

	ssh-keyscan -H github.com >> /home/forge/.ssh/known_hosts
	ssh-keyscan -H bitbucket.org >> /home/forge/.ssh/known_hosts
	ssh-keyscan -H gitlab.com >> /home/forge/.ssh/known_hosts

	# Configure Git Settings

	git config --global user.name "Igor"
	git config --global user.email "igorvdonsk@yandex.ru"

	# Add The Reconnect Script Into Forge Directory

	cat > /home/forge/.forge/reconnect << EOF
	#!/usr/bin/env bash

	echo "# Laravel Forge" \| tee -a /home/forge/.ssh/authorized_keys > /dev/null
	echo \$1 \| tee -a /home/forge/.ssh/authorized_keys > /dev/null

	echo "# Laravel Forge" \| tee -a /root/.ssh/authorized_keys > /dev/null
	echo \$1 \| tee -a /root/.ssh/authorized_keys > /dev/null

	echo "Keys Added!"
	EOF

	# Setup Forge Home Directory Permissions

	chown -R forge:forge /home/forge
	chmod -R 755 /home/forge
	chmod 700 /home/forge/.ssh/id_rsa

	# Setup UFW Firewall

	ufw allow 22
	ufw allow 80
	ufw allow 443
	ufw --force enable

	# Allow FPM Restart

	echo "forge ALL=NOPASSWD: /usr/sbin/service php7.3-fpm reload" > /etc/sudoers.d/php-fpm
	echo "forge ALL=NOPASSWD: /usr/sbin/service php7.2-fpm reload" >> /etc/sudoers.d/php-fpm
	echo "forge ALL=NOPASSWD: /usr/sbin/service php7.1-fpm reload" >> /etc/sudoers.d/php-fpm
	echo "forge ALL=NOPASSWD: /usr/sbin/service php7.0-fpm reload" >> /etc/sudoers.d/php-fpm
	echo "forge ALL=NOPASSWD: /usr/sbin/service php5.6-fpm reload" >> /etc/sudoers.d/php-fpm
	echo "forge ALL=NOPASSWD: /usr/sbin/service php5-fpm reload" >> /etc/sudoers.d/php-fpm

	# Install Base PHP Packages


	apt-get install -y --force-yes php7.3-cli php7.3-dev \
	php7.3-pgsql php7.3-sqlite3 php7.3-gd \
	php7.3-curl php7.3-memcached \
	php7.3-imap php7.3-mysql php7.3-mbstring \
	php7.3-xml php7.3-zip php7.3-bcmath php7.3-soap \
	php7.3-intl php7.3-readline


	# Install Composer Package Manager

	curl -sS https://getcomposer.org/installer \| php
	mv composer.phar /usr/local/bin/composer

	# Misc. PHP CLI Configuration

	sudo sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/7.3/cli/php.ini
	sudo sed -i "s/display_errors = .*/display_errors = On/" /etc/php/7.3/cli/php.ini
	sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.3/cli/php.ini
	sudo sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.3/cli/php.ini

	# Configure Sessions Directory Permissions

	chmod 733 /var/lib/php/sessions
	chmod +t /var/lib/php/sessions

	# Write Systemd File For Linode



	#
	# REQUIRES:
	# - server (the forge server instance)
	# - site_name (the name of the site folder)
	#

	# Install Nginx & PHP-FPM

	apt-get install -y --force-yes nginx php7.3-fpm

	systemctl enable nginx.service

	# Generate dhparam File

	openssl dhparam -out /etc/nginx/dhparams.pem 2048

	# Tweak Some PHP-FPM Settings

	sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/7.3/fpm/php.ini
	sed -i "s/display_errors = .*/display_errors = On/" /etc/php/7.3/fpm/php.ini
	sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/" /etc/php/7.3/fpm/php.ini
	sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.3/fpm/php.ini
	sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.3/fpm/php.ini

	# Configure FPM Pool Settings

	sed -i "s/^user = www-data/user = forge/" /etc/php/7.3/fpm/pool.d/www.conf
	sed -i "s/^group = www-data/group = forge/" /etc/php/7.3/fpm/pool.d/www.conf
	sed -i "s/;listen\.owner.*/listen.owner = forge/" /etc/php/7.3/fpm/pool.d/www.conf
	sed -i "s/;listen\.group.*/listen.group = forge/" /etc/php/7.3/fpm/pool.d/www.conf
	sed -i "s/;listen\.mode.*/listen.mode = 0666/" /etc/php/7.3/fpm/pool.d/www.conf
	sed -i "s/;request_terminate_timeout.*/request_terminate_timeout = 60/" /etc/php/7.3/fpm/pool.d/www.conf

	# Configure Primary Nginx Settings

	sed -i "s/user www-data;/user forge;/" /etc/nginx/nginx.conf
	sed -i "s/worker_processes.*/worker_processes auto;/" /etc/nginx/nginx.conf
	sed -i "s/# multi_accept.*/multi_accept on;/" /etc/nginx/nginx.conf
	sed -i "s/# server_names_hash_bucket_size.*/server_names_hash_bucket_size 128;/" /etc/nginx/nginx.conf

	# Configure Gzip

	cat > /etc/nginx/conf.d/gzip.conf << EOF
	gzip_comp_level 5;
	gzip_min_length 256;
	gzip_proxied any;
	gzip_vary on;

	gzip_types
	application/atom+xml
	application/javascript
	application/json
	application/rss+xml
	application/vnd.ms-fontobject
	application/x-font-ttf
	application/x-web-app-manifest+json
	application/xhtml+xml
	application/xml
	font/opentype
	image/svg+xml
	image/x-icon
	text/css
	text/plain
	text/x-component;

	EOF

	# Disable The Default Nginx Site

	rm /etc/nginx/sites-enabled/default
	rm /etc/nginx/sites-available/default
	service nginx restart

	# Install A Catch All Server

	cat > /etc/nginx/sites-available/catch-all << EOF
	server {
	return 404;
	}
	EOF

	ln -s /etc/nginx/sites-available/catch-all /etc/nginx/sites-enabled/catch-all

	# Restart Nginx & PHP-FPM Services

	# Restart Nginx & PHP-FPM Services

	#service nginx restart
	service nginx reload

	if [ ! -z "\$(ps aux \| grep php-fpm \| grep -v grep)" ]
	then
	service php7.3-fpm restart > /dev/null 2>&1
	service php7.2-fpm restart > /dev/null 2>&1
	service php7.1-fpm restart > /dev/null 2>&1
	service php7.0-fpm restart > /dev/null 2>&1
	service php5.6-fpm restart > /dev/null 2>&1
	service php5-fpm restart > /dev/null 2>&1
	fi

	# Add Forge User To www-data Group

	usermod -a -G www-data forge
	id forge
	groups forge


	curl --silent --location https://deb.nodesource.com/setup_10.x \| bash -

	apt-get update

	sudo apt-get install -y --force-yes nodejs

	npm install -g pm2
	npm install -g gulp
	npm install -g yarn

	#
	# REQUIRES:
	# - server (the forge server instance)
	# - db_password (random password for mysql user)
	#

	# Set The Automated Root Password

	export DEBIAN_FRONTEND=noninteractive

	debconf-set-selections <<< "mysql-community-server mysql-community-server/data-dir select ''"
	debconf-set-selections <<< "mysql-community-server mysql-community-server/root-pass password cA3meglsHhZuClGleFHa"
	debconf-set-selections <<< "mysql-community-server mysql-community-server/re-root-pass password cA3meglsHhZuClGleFHa"

	# Install MySQL

	apt-get install -y mysql-server

	# Configure Password Expiration

	echo "default_password_lifetime = 0" >> /etc/mysql/mysql.conf.d/mysqld.cnf

	# Configure Access Permissions For Root & Forge Users

	sed -i '/^bind-address/s/bind-address.=./bind-address = */' /etc/mysql/mysql.conf.d/mysqld.cnf
	mysql --user="root" --password="cA3meglsHhZuClGleFHa" -e "GRANT ALL ON . TO root@'167.71.3.113' IDENTIFIED BY 'cA3meglsHhZuClGleFHa';"
	mysql --user="root" --password="cA3meglsHhZuClGleFHa" -e "GRANT ALL ON . TO root@'%' IDENTIFIED BY 'cA3meglsHhZuClGleFHa';"
	service mysql restart

	mysql --user="root" --password="cA3meglsHhZuClGleFHa" -e "CREATE USER 'forge'@'167.71.3.113' IDENTIFIED BY 'cA3meglsHhZuClGleFHa';"
	mysql --user="root" --password="cA3meglsHhZuClGleFHa" -e "GRANT ALL ON . TO 'forge'@'167.71.3.113' IDENTIFIED BY 'cA3meglsHhZuClGleFHa' WITH GRANT OPTION;"
	mysql --user="root" --password="cA3meglsHhZuClGleFHa" -e "GRANT ALL ON . TO 'forge'@'%' IDENTIFIED BY 'cA3meglsHhZuClGleFHa' WITH GRANT OPTION;"
	mysql --user="root" --password="cA3meglsHhZuClGleFHa" -e "FLUSH PRIVILEGES;"

	# Create The Initial Database If Specified

	mysql --user="root" --password="cA3meglsHhZuClGleFHa" -e "CREATE DATABASE forge CHARACTER SET utf8 COLLATE utf8_unicode_ci;"


	# Install & Configure Redis Server

	apt-get install -y redis-server
	sed -i 's/bind 127.0.0.1/bind 0.0.0.0/' /etc/redis/redis.conf
	service redis-server restart
	systemctl enable redis-server
	# Install & Configure Memcached

	apt-get install -y memcached
	sed -i 's/-l 127.0.0.1/-l 0.0.0.0/' /etc/memcached.conf
	service memcached restart
	# Install & Configure Beanstalk

	apt-get install -y --force-yes beanstalkd
	sed -i "s/BEANSTALKD_LISTEN_ADDR.*/BEANSTALKD_LISTEN_ADDR=0.0.0.0/" /etc/default/beanstalkd

	if grep START= /etc/default/beanstalkd; then
	sed -i "s/#START=yes/START=yes/" /etc/default/beanstalkd
	else
	echo "START=yes" >> /etc/default/beanstalkd
	fi

	service beanstalkd start
	sleep 5
	service beanstalkd restart

	systemctl enable beanstalkd

	# Configure Supervisor Autostart

	systemctl enable supervisor.service
	service supervisor start

	# Configure Swap Disk

	if [ -f /swapfile ]; then
	echo "Swap exists."
	else
	fallocate -l 1G /swapfile
	chmod 600 /swapfile
	mkswap /swapfile
	swapon /swapfile
	echo "/swapfile none swap sw 0 0" >> /etc/fstab
	echo "vm.swappiness=30" >> /etc/sysctl.conf
	echo "vm.vfs_cache_pressure=50" >> /etc/sysctl.conf
	fi

	# Setup Unattended Security Upgrades

	cat > /etc/apt/apt.conf.d/50unattended-upgrades << EOF
	Unattended-Upgrade::Allowed-Origins {
	"Ubuntu bionic-security";
	};
	Unattended-Upgrade::Package-Blacklist {
	//
	};
	EOF

	cat > /etc/apt/apt.conf.d/10periodic << EOF
	APT::Periodic::Update-Package-Lists "1";
	APT::Periodic::Download-Upgradeable-Packages "1";
	APT::Periodic::AutocleanInterval "7";
	APT::Periodic::Unattended-Upgrade "1";
	EOF

	curl --insecure --data "event_id=30041879&server_id=306720&sudo_password=jSqm0k4EsGjnv7mJ8oBY&db_password=cA3meglsHhZuClGleFHa&recipe_id=;" https://forge.laravel.com/provisioning/callback/app
	# PHP5.6 MadiaDB

	#
	# REQUIRES:
	# - server (the forge server instance)
	# - event (the forge event instance)
	# - sudo_password (random password for sudo)
	# - db_password (random password for database user)
	# - callback (the callback URL)
	# - recipe_id (recipe id to run at the end)
	#

	sudo sed -i "s/#precedence ::ffff:0:0\/96 100/precedence ::ffff:0:0\/96 100/" /etc/gai.conf

	# Upgrade The Base Packages

	export DEBIAN_FRONTEND=noninteractive

	apt-get update
	apt-get upgrade -y

	# Add A Few PPAs To Stay Current

	apt-get install -y --force-yes software-properties-common

	# apt-add-repository ppa:fkrull/deadsnakes-python2.7 -y
	apt-add-repository ppa:nginx/development -y
	apt-add-repository ppa:chris-lea/redis-server -y
	apt-add-repository ppa:ondrej/apache2 -y

	apt-add-repository ppa:ondrej/php -y
	# apt-add-repository ppa:ondrej/php5-5.6 -y

	# Setup MariaDB Repositories

	sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
	sudo add-apt-repository 'deb [arch=amd64,i386] http://mirrors.accretive-networks.net/mariadb/repo/10.3/ubuntu xenial main'


	# Update Package Lists

	apt-get update
	# Base Packages

	add-apt-repository universe

	apt-get install -y --force-yes build-essential curl fail2ban gcc git libmcrypt4 libpcre3-dev \
	make python2.7 python-pip sendmail supervisor ufw unattended-upgrades unzip whois zsh ncdu

	# Install Python Httpie

	pip install httpie

	# Disable Password Authentication Over SSH

	sed -i "/PasswordAuthentication yes/d" /etc/ssh/sshd_config
	echo "" \| sudo tee -a /etc/ssh/sshd_config
	echo "" \| sudo tee -a /etc/ssh/sshd_config
	echo "PasswordAuthentication no" \| sudo tee -a /etc/ssh/sshd_config

	# Restart SSH

	ssh-keygen -A
	service ssh restart

	# Set The Hostname If Necessary


	echo "mellow-shelter" > /etc/hostname
	sed -i 's/127\.0\.0\.1.*localhost/127.0.0.1 mellow-shelter.localdomain mellow-shelter localhost/' /etc/hosts
	hostname mellow-shelter


	# Set The Timezone

	# ln -sf /usr/share/zoneinfo/UTC /etc/localtime
	ln -sf /usr/share/zoneinfo/UTC /etc/localtime

	# Create The Root SSH Directory If Necessary

	if [ ! -d /root/.ssh ]
	then
	mkdir -p /root/.ssh
	touch /root/.ssh/authorized_keys
	fi

	# Setup Forge User

	useradd forge
	mkdir -p /home/forge/.ssh
	mkdir -p /home/forge/.forge
	adduser forge sudo

	# Setup Bash For Forge User

	chsh -s /bin/bash forge
	cp /root/.profile /home/forge/.profile
	cp /root/.bashrc /home/forge/.bashrc

	# Set The Sudo Password For Forge

	PASSWORD=$(mkpasswd 8DlRjEGChLCBRKfTsaxd)
	usermod --password $PASSWORD forge

	# Build Formatted Keys & Copy Keys To Forge


	cat > /root/.ssh/authorized_keys << EOF
	# Laravel Forge
	ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjWOf2U/QVan+s49i75NMeV1f02/phMTJH19tcvFpCct4tcvUaMouQVY4FRb6lp74geTdcXyB/BzBStTPUVsTx2k87Rfy0LlIm3DYxA2PS6gEaKYkGSRAGk65tH09xKktbtXIUr5F6hzHsu8Mip9Fc+b57CRda6yWWH/q+v82iRGJJvZnLmHaxO3cuHB5yvo99Wbu+CzjjXcMcVUqrcbggOKHvfRr7KJ/Qg5Z04FPbd9GwHmsOAo6cwBs9J57yskMxpaYJElbMroXr7X3pDNHVIPE2+MooGnMRsrViTm1MDbQYoL0T9DXkvuqg0A5/PqtfmXNbt/cjrKTBZQkVTeEj worker@forge.laravel.com


	EOF


	cp /root/.ssh/authorized_keys /home/forge/.ssh/authorized_keys

	# Create The Server SSH Key

	ssh-keygen -f /home/forge/.ssh/id_rsa -t rsa -N ''

	# Copy Source Control Public Keys Into Known Hosts File

	ssh-keyscan -H github.com >> /home/forge/.ssh/known_hosts
	ssh-keyscan -H bitbucket.org >> /home/forge/.ssh/known_hosts
	ssh-keyscan -H gitlab.com >> /home/forge/.ssh/known_hosts

	# Configure Git Settings

	git config --global user.name "Igor"
	git config --global user.email "igorvdonsk@yandex.ru"

	# Add The Reconnect Script Into Forge Directory

	cat > /home/forge/.forge/reconnect << EOF
	#!/usr/bin/env bash

	echo "# Laravel Forge" \| tee -a /home/forge/.ssh/authorized_keys > /dev/null
	echo \$1 \| tee -a /home/forge/.ssh/authorized_keys > /dev/null

	echo "# Laravel Forge" \| tee -a /root/.ssh/authorized_keys > /dev/null
	echo \$1 \| tee -a /root/.ssh/authorized_keys > /dev/null

	echo "Keys Added!"
	EOF

	# Setup Forge Home Directory Permissions

	chown -R forge:forge /home/forge
	chmod -R 755 /home/forge
	chmod 700 /home/forge/.ssh/id_rsa

	# Setup UFW Firewall

	ufw allow 22
	ufw allow 80
	ufw allow 443
	ufw --force enable

	# Allow FPM Restart

	echo "forge ALL=NOPASSWD: /usr/sbin/service php7.3-fpm reload" > /etc/sudoers.d/php-fpm
	echo "forge ALL=NOPASSWD: /usr/sbin/service php7.2-fpm reload" >> /etc/sudoers.d/php-fpm
	echo "forge ALL=NOPASSWD: /usr/sbin/service php7.1-fpm reload" >> /etc/sudoers.d/php-fpm
	echo "forge ALL=NOPASSWD: /usr/sbin/service php7.0-fpm reload" >> /etc/sudoers.d/php-fpm
	echo "forge ALL=NOPASSWD: /usr/sbin/service php5.6-fpm reload" >> /etc/sudoers.d/php-fpm
	echo "forge ALL=NOPASSWD: /usr/sbin/service php5-fpm reload" >> /etc/sudoers.d/php-fpm

	# Install Base PHP Packages


	apt-get install -y --force-yes php5.6-cli php5.6-dev \
	php5.6-pgsql php5.6-sqlite3 php5.6-gd \
	php5.6-curl php5.6-dev \
	php5.6-imap php5.6-mysql php5.6-memcached php5.6-mcrypt php5.6-mbstring \
	php5.6-xml php5.6-imagick php5.6-zip php5.6-bcmath php5.6-soap \
	php5.6-intl php5.6-readline


	# Install Composer Package Manager

	curl -sS https://getcomposer.org/installer \| php
	mv composer.phar /usr/local/bin/composer

	# Misc. PHP CLI Configuration

	sudo sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/5.6/cli/php.ini
	sudo sed -i "s/display_errors = .*/display_errors = On/" /etc/php/5.6/cli/php.ini
	sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/5.6/cli/php.ini
	sudo sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/5.6/cli/php.ini

	# Configure Sessions Directory Permissions

	chmod 733 /var/lib/php/sessions
	chmod +t /var/lib/php/sessions

	# Write Systemd File For Linode



	#
	# REQUIRES:
	# - server (the forge server instance)
	# - site_name (the name of the site folder)
	#

	# Install Nginx & PHP-FPM

	apt-get install -y --force-yes nginx php5.6-fpm

	systemctl enable nginx.service

	# Generate dhparam File

	openssl dhparam -out /etc/nginx/dhparams.pem 2048

	# Tweak Some PHP-FPM Settings

	sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/5.6/fpm/php.ini
	sed -i "s/display_errors = .*/display_errors = On/" /etc/php/5.6/fpm/php.ini
	sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/" /etc/php/5.6/fpm/php.ini
	sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/5.6/fpm/php.ini
	sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/5.6/fpm/php.ini

	# Configure FPM Pool Settings

	sed -i "s/^user = www-data/user = forge/" /etc/php/5.6/fpm/pool.d/www.conf
	sed -i "s/^group = www-data/group = forge/" /etc/php/5.6/fpm/pool.d/www.conf
	sed -i "s/;listen\.owner.*/listen.owner = forge/" /etc/php/5.6/fpm/pool.d/www.conf
	sed -i "s/;listen\.group.*/listen.group = forge/" /etc/php/5.6/fpm/pool.d/www.conf
	sed -i "s/;listen\.mode.*/listen.mode = 0666/" /etc/php/5.6/fpm/pool.d/www.conf
	sed -i "s/;request_terminate_timeout.*/request_terminate_timeout = 60/" /etc/php/5.6/fpm/pool.d/www.conf

	# Configure Primary Nginx Settings

	sed -i "s/user www-data;/user forge;/" /etc/nginx/nginx.conf
	sed -i "s/worker_processes.*/worker_processes auto;/" /etc/nginx/nginx.conf
	sed -i "s/# multi_accept.*/multi_accept on;/" /etc/nginx/nginx.conf
	sed -i "s/# server_names_hash_bucket_size.*/server_names_hash_bucket_size 128;/" /etc/nginx/nginx.conf

	# Configure Gzip

	cat > /etc/nginx/conf.d/gzip.conf << EOF
	gzip_comp_level 5;
	gzip_min_length 256;
	gzip_proxied any;
	gzip_vary on;

	gzip_types
	application/atom+xml
	application/javascript
	application/json
	application/rss+xml
	application/vnd.ms-fontobject
	application/x-font-ttf
	application/x-web-app-manifest+json
	application/xhtml+xml
	application/xml
	font/opentype
	image/svg+xml
	image/x-icon
	text/css
	text/plain
	text/x-component;

	EOF

	# Disable The Default Nginx Site

	rm /etc/nginx/sites-enabled/default
	rm /etc/nginx/sites-available/default
	service nginx restart

	# Install A Catch All Server

	cat > /etc/nginx/sites-available/catch-all << EOF
	server {
	return 404;
	}
	EOF

	ln -s /etc/nginx/sites-available/catch-all /etc/nginx/sites-enabled/catch-all

	# Restart Nginx & PHP-FPM Services

	# Restart Nginx & PHP-FPM Services

	#service nginx restart
	service nginx reload

	if [ ! -z "\$(ps aux \| grep php-fpm \| grep -v grep)" ]
	then
	service php7.3-fpm restart > /dev/null 2>&1
	service php7.2-fpm restart > /dev/null 2>&1
	service php7.1-fpm restart > /dev/null 2>&1
	service php7.0-fpm restart > /dev/null 2>&1
	service php5.6-fpm restart > /dev/null 2>&1
	service php5-fpm restart > /dev/null 2>&1
	fi

	# Add Forge User To www-data Group

	usermod -a -G www-data forge
	id forge
	groups forge


	curl --silent --location https://deb.nodesource.com/setup_10.x \| bash -

	apt-get update

	sudo apt-get install -y --force-yes nodejs

	npm install -g pm2
	npm install -g gulp
	npm install -g yarn

	#
	# REQUIRES:
	# - server (the forge server instance)
	# - db_password (random password for mysql user)
	#

	# Set The Automated Root Password

	export DEBIAN_FRONTEND=noninteractive

	debconf-set-selections <<< "mariadb-server-10.3 mysql-server/data-dir select ''"
	debconf-set-selections <<< "mariadb-server-10.3 mysql-server/root_password password bn2WmJholdg9TDV9mbeT"
	debconf-set-selections <<< "mariadb-server-10.3 mysql-server/root_password_again password bn2WmJholdg9TDV9mbeT"

	# Install MySQL

	apt-get install -y mariadb-server-10.3

	# Configure Password Expiration

	# echo "default_password_lifetime = 0" >> /etc/mysql/my.cnf

	# Configure Access Permissions For Root & Forge Users

	sed -i '/^bind-address/s/bind-address.=./bind-address = */' /etc/mysql/my.cnf
	mysql --user="root" --password="bn2WmJholdg9TDV9mbeT" -e "GRANT ALL ON . TO root@'167.71.3.113' IDENTIFIED BY 'bn2WmJholdg9TDV9mbeT';"
	mysql --user="root" --password="bn2WmJholdg9TDV9mbeT" -e "GRANT ALL ON . TO root@'%' IDENTIFIED BY 'bn2WmJholdg9TDV9mbeT';"
	service mysql restart

	mysql --user="root" --password="bn2WmJholdg9TDV9mbeT" -e "CREATE USER 'forge'@'167.71.3.113' IDENTIFIED BY 'bn2WmJholdg9TDV9mbeT';"
	mysql --user="root" --password="bn2WmJholdg9TDV9mbeT" -e "GRANT ALL ON . TO 'forge'@'167.71.3.113' IDENTIFIED BY 'bn2WmJholdg9TDV9mbeT' WITH GRANT OPTION;"
	mysql --user="root" --password="bn2WmJholdg9TDV9mbeT" -e "GRANT ALL ON . TO 'forge'@'%' IDENTIFIED BY 'bn2WmJholdg9TDV9mbeT' WITH GRANT OPTION;"
	mysql --user="root" --password="bn2WmJholdg9TDV9mbeT" -e "FLUSH PRIVILEGES;"

	# Set Character Set

	echo "" >> /etc/mysql/my.cnf
	echo "[mysqld]" >> /etc/mysql/my.cnf
	echo "character-set-server = utf8" >> /etc/mysql/my.cnf

	# Create The Initial Database If Specified

	mysql --user="root" --password="bn2WmJholdg9TDV9mbeT" -e "CREATE DATABASE forge;"


	# Install & Configure Redis Server

	apt-get install -y redis-server
	sed -i 's/bind 127.0.0.1/bind 0.0.0.0/' /etc/redis/redis.conf
	service redis-server restart
	systemctl enable redis-server
	# Install & Configure Memcached

	apt-get install -y memcached
	sed -i 's/-l 127.0.0.1/-l 0.0.0.0/' /etc/memcached.conf
	service memcached restart
	# Install & Configure Beanstalk

	apt-get install -y --force-yes beanstalkd
	sed -i "s/BEANSTALKD_LISTEN_ADDR.*/BEANSTALKD_LISTEN_ADDR=0.0.0.0/" /etc/default/beanstalkd

	if grep START= /etc/default/beanstalkd; then
	sed -i "s/#START=yes/START=yes/" /etc/default/beanstalkd
	else
	echo "START=yes" >> /etc/default/beanstalkd
	fi

	service beanstalkd start
	sleep 5
	service beanstalkd restart

	systemctl enable beanstalkd

	# Configure Supervisor Autostart

	systemctl enable supervisor.service
	service supervisor start

	# Configure Swap Disk

	if [ -f /swapfile ]; then
	echo "Swap exists."
	else
	fallocate -l 1G /swapfile
	chmod 600 /swapfile
	mkswap /swapfile
	swapon /swapfile
	echo "/swapfile none swap sw 0 0" >> /etc/fstab
	echo "vm.swappiness=30" >> /etc/sysctl.conf
	echo "vm.vfs_cache_pressure=50" >> /etc/sysctl.conf
	fi

	# Setup Unattended Security Upgrades

	cat > /etc/apt/apt.conf.d/50unattended-upgrades << EOF
	Unattended-Upgrade::Allowed-Origins {
	"Ubuntu bionic-security";
	};
	Unattended-Upgrade::Package-Blacklist {
	//
	};
	EOF

	cat > /etc/apt/apt.conf.d/10periodic << EOF
	APT::Periodic::Update-Package-Lists "1";
	APT::Periodic::Download-Upgradeable-Packages "1";
	APT::Periodic::AutocleanInterval "7";
	APT::Periodic::Unattended-Upgrade "1";
	EOF

	curl --insecure --data "event_id=30082598&server_id=306979&sudo_password=8DlRjEGChLCBRKfTsaxd&db_password=bn2WmJholdg9TDV9mbeT&recipe_id=" https://forge.laravel.com/provisioning/callback/app
	# PHP7.0 pgsql

	#
	# REQUIRES:
	# - server (the forge server instance)
	# - event (the forge event instance)
	# - sudo_password (random password for sudo)
	# - db_password (random password for database user)
	# - callback (the callback URL)
	# - recipe_id (recipe id to run at the end)
	#

	sudo sed -i "s/#precedence ::ffff:0:0\/96 100/precedence ::ffff:0:0\/96 100/" /etc/gai.conf

	# Upgrade The Base Packages

	export DEBIAN_FRONTEND=noninteractive

	apt-get update
	apt-get upgrade -y

	# Add A Few PPAs To Stay Current

	apt-get install -y --force-yes software-properties-common

	# apt-add-repository ppa:fkrull/deadsnakes-python2.7 -y
	apt-add-repository ppa:nginx/development -y
	apt-add-repository ppa:chris-lea/redis-server -y
	apt-add-repository ppa:ondrej/apache2 -y

	apt-add-repository ppa:ondrej/php -y

	# Setup MariaDB Repositories



	# Update Package Lists

	apt-get update
	# Base Packages

	add-apt-repository universe

	apt-get install -y --force-yes build-essential curl fail2ban gcc git libmcrypt4 libpcre3-dev \
	make python2.7 python-pip sendmail supervisor ufw unattended-upgrades unzip whois zsh ncdu

	# Install Python Httpie

	pip install httpie

	# Disable Password Authentication Over SSH

	sed -i "/PasswordAuthentication yes/d" /etc/ssh/sshd_config
	echo "" \| sudo tee -a /etc/ssh/sshd_config
	echo "" \| sudo tee -a /etc/ssh/sshd_config
	echo "PasswordAuthentication no" \| sudo tee -a /etc/ssh/sshd_config

	# Restart SSH

	ssh-keygen -A
	service ssh restart

	# Set The Hostname If Necessary


	echo "deep-oasis" > /etc/hostname
	sed -i 's/127\.0\.0\.1.*localhost/127.0.0.1 deep-oasis.localdomain deep-oasis localhost/' /etc/hosts
	hostname deep-oasis


	# Set The Timezone

	# ln -sf /usr/share/zoneinfo/UTC /etc/localtime
	ln -sf /usr/share/zoneinfo/UTC /etc/localtime

	# Create The Root SSH Directory If Necessary

	if [ ! -d /root/.ssh ]
	then
	mkdir -p /root/.ssh
	touch /root/.ssh/authorized_keys
	fi

	# Setup Forge User

	useradd forge
	mkdir -p /home/forge/.ssh
	mkdir -p /home/forge/.forge
	adduser forge sudo

	# Setup Bash For Forge User

	chsh -s /bin/bash forge
	cp /root/.profile /home/forge/.profile
	cp /root/.bashrc /home/forge/.bashrc

	# Set The Sudo Password For Forge

	PASSWORD=$(mkpasswd 6xTGCaGrhIYuUev8pBy5)
	usermod --password $PASSWORD forge

	# Build Formatted Keys & Copy Keys To Forge


	cat > /root/.ssh/authorized_keys << EOF
	# Laravel Forge
	ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJO6V3BJ4/5GNPthRwjXfRCnm/Vx7S1evPOPK+fEjsDrf9AlU3RmtQ28b1GbA6OYtHlZw/B83NcnDtEa/ecgTGqGwqG6chbqANio54RlkielD5hDxPNQEG3xaTGOAxDyXVO5z2ObmCtStd37K+RDqL42fQGa4WUcN1/W2rccgQWZvABeVrZ1PEyiY4hs5rV5gVCwaBnhyNFlvhyyIp3ru9ZfPeeG83Nu1Db8ZCVuc0Mrbwu/0cA+1S88XMxKWZNrgmbAK5YWFllNDjI3NLuxtvsIfDs8TtFIWeM1B4t7GbipxhD7mAq9TTmkm5aSI2zARLLgrt9oHxfRQ7KRujjRdJ worker@forge.laravel.com


	EOF


	cp /root/.ssh/authorized_keys /home/forge/.ssh/authorized_keys

	# Create The Server SSH Key

	ssh-keygen -f /home/forge/.ssh/id_rsa -t rsa -N ''

	# Copy Source Control Public Keys Into Known Hosts File

	ssh-keyscan -H github.com >> /home/forge/.ssh/known_hosts
	ssh-keyscan -H bitbucket.org >> /home/forge/.ssh/known_hosts
	ssh-keyscan -H gitlab.com >> /home/forge/.ssh/known_hosts

	# Configure Git Settings

	git config --global user.name "Igor"
	git config --global user.email "igorvdonsk@yandex.ru"

	# Add The Reconnect Script Into Forge Directory

	cat > /home/forge/.forge/reconnect << EOF
	#!/usr/bin/env bash

	echo "# Laravel Forge" \| tee -a /home/forge/.ssh/authorized_keys > /dev/null
	echo \$1 \| tee -a /home/forge/.ssh/authorized_keys > /dev/null

	echo "# Laravel Forge" \| tee -a /root/.ssh/authorized_keys > /dev/null
	echo \$1 \| tee -a /root/.ssh/authorized_keys > /dev/null

	echo "Keys Added!"
	EOF

	# Setup Forge Home Directory Permissions

	chown -R forge:forge /home/forge
	chmod -R 755 /home/forge
	chmod 700 /home/forge/.ssh/id_rsa

	# Setup UFW Firewall

	ufw allow 22
	ufw allow 80
	ufw allow 443
	ufw --force enable

	# Allow FPM Restart

	echo "forge ALL=NOPASSWD: /usr/sbin/service php7.3-fpm reload" > /etc/sudoers.d/php-fpm
	echo "forge ALL=NOPASSWD: /usr/sbin/service php7.2-fpm reload" >> /etc/sudoers.d/php-fpm
	echo "forge ALL=NOPASSWD: /usr/sbin/service php7.1-fpm reload" >> /etc/sudoers.d/php-fpm
	echo "forge ALL=NOPASSWD: /usr/sbin/service php7.0-fpm reload" >> /etc/sudoers.d/php-fpm
	echo "forge ALL=NOPASSWD: /usr/sbin/service php5.6-fpm reload" >> /etc/sudoers.d/php-fpm
	echo "forge ALL=NOPASSWD: /usr/sbin/service php5-fpm reload" >> /etc/sudoers.d/php-fpm

	# Install Base PHP Packages


	apt-get install -y --force-yes php7.0-cli php7.0-dev \
	php7.0-pgsql php7.0-sqlite3 php7.0-gd \
	php7.0-curl php7.0-dev \
	php7.0-imap php7.0-mysql php7.0-memcached php7.0-mcrypt php7.0-mbstring \
	php7.0-xml php7.0-imagick php7.0-zip php7.0-bcmath php7.0-soap \
	php7.0-intl php7.0-readline


	# Install Composer Package Manager

	curl -sS https://getcomposer.org/installer \| php
	mv composer.phar /usr/local/bin/composer

	# Misc. PHP CLI Configuration

	sudo sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/7.0/cli/php.ini
	sudo sed -i "s/display_errors = .*/display_errors = On/" /etc/php/7.0/cli/php.ini
	sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.0/cli/php.ini
	sudo sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.0/cli/php.ini

	# Configure Sessions Directory Permissions

	chmod 733 /var/lib/php/sessions
	chmod +t /var/lib/php/sessions

	# Write Systemd File For Linode



	#
	# REQUIRES:
	# - server (the forge server instance)
	# - site_name (the name of the site folder)
	#

	# Install Nginx & PHP-FPM

	apt-get install -y --force-yes nginx php7.0-fpm

	systemctl enable nginx.service

	# Generate dhparam File

	openssl dhparam -out /etc/nginx/dhparams.pem 2048

	# Tweak Some PHP-FPM Settings

	sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/7.0/fpm/php.ini
	sed -i "s/display_errors = .*/display_errors = On/" /etc/php/7.0/fpm/php.ini
	sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/" /etc/php/7.0/fpm/php.ini
	sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.0/fpm/php.ini
	sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.0/fpm/php.ini

	# Configure FPM Pool Settings

	sed -i "s/^user = www-data/user = forge/" /etc/php/7.0/fpm/pool.d/www.conf
	sed -i "s/^group = www-data/group = forge/" /etc/php/7.0/fpm/pool.d/www.conf
	sed -i "s/;listen\.owner.*/listen.owner = forge/" /etc/php/7.0/fpm/pool.d/www.conf
	sed -i "s/;listen\.group.*/listen.group = forge/" /etc/php/7.0/fpm/pool.d/www.conf
	sed -i "s/;listen\.mode.*/listen.mode = 0666/" /etc/php/7.0/fpm/pool.d/www.conf
	sed -i "s/;request_terminate_timeout.*/request_terminate_timeout = 60/" /etc/php/7.0/fpm/pool.d/www.conf

	# Configure Primary Nginx Settings

	sed -i "s/user www-data;/user forge;/" /etc/nginx/nginx.conf
	sed -i "s/worker_processes.*/worker_processes auto;/" /etc/nginx/nginx.conf
	sed -i "s/# multi_accept.*/multi_accept on;/" /etc/nginx/nginx.conf
	sed -i "s/# server_names_hash_bucket_size.*/server_names_hash_bucket_size 128;/" /etc/nginx/nginx.conf

	# Configure Gzip

	cat > /etc/nginx/conf.d/gzip.conf << EOF
	gzip_comp_level 5;
	gzip_min_length 256;
	gzip_proxied any;
	gzip_vary on;

	gzip_types
	application/atom+xml
	application/javascript
	application/json
	application/rss+xml
	application/vnd.ms-fontobject
	application/x-font-ttf
	application/x-web-app-manifest+json
	application/xhtml+xml
	application/xml
	font/opentype
	image/svg+xml
	image/x-icon
	text/css
	text/plain
	text/x-component;

	EOF

	# Disable The Default Nginx Site

	rm /etc/nginx/sites-enabled/default
	rm /etc/nginx/sites-available/default
	service nginx restart

	# Install A Catch All Server

	cat > /etc/nginx/sites-available/catch-all << EOF
	server {
	return 404;
	}
	EOF

	ln -s /etc/nginx/sites-available/catch-all /etc/nginx/sites-enabled/catch-all

	# Restart Nginx & PHP-FPM Services

	# Restart Nginx & PHP-FPM Services

	#service nginx restart
	service nginx reload

	if [ ! -z "\$(ps aux \| grep php-fpm \| grep -v grep)" ]
	then
	service php7.3-fpm restart > /dev/null 2>&1
	service php7.2-fpm restart > /dev/null 2>&1
	service php7.1-fpm restart > /dev/null 2>&1
	service php7.0-fpm restart > /dev/null 2>&1
	service php5.6-fpm restart > /dev/null 2>&1
	service php5-fpm restart > /dev/null 2>&1
	fi

	# Add Forge User To www-data Group

	usermod -a -G www-data forge
	id forge
	groups forge


	curl --silent --location https://deb.nodesource.com/setup_10.x \| bash -

	apt-get update

	sudo apt-get install -y --force-yes nodejs

	npm install -g pm2
	npm install -g gulp
	npm install -g yarn

	#
	# REQUIRES:
	# - server (the forge server instance)
	# - db_password (random password for database user)
	#

	# Install Postgres
	wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc \| sudo apt-key add -
	sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main" >> /etc/apt/sources.list.d/pgdg.list'
	apt-get update
	apt-get install -y --force-yes postgresql postgresql-contrib

	# Configure Postgres For Remote Access

	sed -i "s/#listen_addresses = 'localhost'/listen_addresses = '*'/g" /etc/postgresql/11/main/postgresql.conf
	echo "host all all 0.0.0.0/0 md5" \| tee -a /etc/postgresql/11/main/pg_hba.conf
	sudo -u postgres psql -c "CREATE ROLE forge LOGIN PASSWORD 'K2frkqlLNuF2JyWvfiHo' SUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION;"
	service postgresql restart

	# Configure The Timezone

	sudo sed -i "s/localtime/UTC/" /etc/postgresql/11/main/postgresql.conf
	service postgresql restart

	# Create The Initial Database If Specified

	sudo -u postgres /usr/bin/createdb --echo --owner=forge forge



	# Install & Configure Redis Server

	apt-get install -y redis-server
	sed -i 's/bind 127.0.0.1/bind 0.0.0.0/' /etc/redis/redis.conf
	service redis-server restart
	systemctl enable redis-server
	# Install & Configure Memcached

	apt-get install -y memcached
	sed -i 's/-l 127.0.0.1/-l 0.0.0.0/' /etc/memcached.conf
	service memcached restart
	# Install & Configure Beanstalk

	apt-get install -y --force-yes beanstalkd
	sed -i "s/BEANSTALKD_LISTEN_ADDR.*/BEANSTALKD_LISTEN_ADDR=0.0.0.0/" /etc/default/beanstalkd

	if grep START= /etc/default/beanstalkd; then
	sed -i "s/#START=yes/START=yes/" /etc/default/beanstalkd
	else
	echo "START=yes" >> /etc/default/beanstalkd
	fi

	service beanstalkd start
	sleep 5
	service beanstalkd restart

	systemctl enable beanstalkd

	# Configure Supervisor Autostart

	systemctl enable supervisor.service
	service supervisor start

	# Configure Swap Disk

	if [ -f /swapfile ]; then
	echo "Swap exists."
	else
	fallocate -l 1G /swapfile
	chmod 600 /swapfile
	mkswap /swapfile
	swapon /swapfile
	echo "/swapfile none swap sw 0 0" >> /etc/fstab
	echo "vm.swappiness=30" >> /etc/sysctl.conf
	echo "vm.vfs_cache_pressure=50" >> /etc/sysctl.conf
	fi

	# Setup Unattended Security Upgrades

	cat > /etc/apt/apt.conf.d/50unattended-upgrades << EOF
	Unattended-Upgrade::Allowed-Origins {
	"Ubuntu bionic-security";
	};
	Unattended-Upgrade::Package-Blacklist {
	//
	};
	EOF

	cat > /etc/apt/apt.conf.d/10periodic << EOF
	APT::Periodic::Update-Package-Lists "1";
	APT::Periodic::Download-Upgradeable-Packages "1";
	APT::Periodic::AutocleanInterval "7";
	APT::Periodic::Unattended-Upgrade "1";
	EOF

	curl --insecure --data "event_id=30082753&server_id=306982&sudo_password=6xTGCaGrhIYuUev8pBy5&db_password=K2frkqlLNuF2JyWvfiHo&recipe_id=" https://forge.laravel.com/provisioning/callback/app
	#
	# REQUIRES:
	# - site (the forge site instance)
	#

	# Remove The Nginx Site

	rm "/etc/nginx/sites-enabled/www.default"
	rm "/etc/nginx/sites-enabled/default"
	rm "/etc/nginx/sites-available/www.default"
	rm "/etc/nginx/sites-available/default"

	# Remove Configuration Directories

	rm -rf "/etc/nginx/forge-conf/default"
	rm -rf "/etc/nginx/forge-conf/www.default"


	# Remove The SSL Certificates

	rm -rf "/etc/nginx/ssl/default"

	# Remove The Site In Forge Directory

	rm -rf "/home/forge/default"

	# Restart Nginx & PHP-FPM Services

	# Restart Nginx & PHP-FPM Services

	#service nginx restart
	service nginx reload

	if [ ! -z "\$(ps aux \| grep php-fpm \| grep -v grep)" ]
	then
	service php7.3-fpm restart > /dev/null 2>&1
	service php7.2-fpm restart > /dev/null 2>&1
	service php7.1-fpm restart > /dev/null 2>&1
	service php7.0-fpm restart > /dev/null 2>&1
	service php5.6-fpm restart > /dev/null 2>&1
	service php5-fpm restart > /dev/null 2>&1
	fi
	root@ubuntu-s-1vcpu-1gb-ams3-06:~/.forge# cat provision-30439323.sh
	#
	# REQUIRES:
	# - site (the forge site instance)
	#

	cat > /etc/nginx/fastcgi_params << EOF
	fastcgi_param QUERY_STRING \$query_string;
	fastcgi_param REQUEST_METHOD \$request_method;
	fastcgi_param CONTENT_TYPE \$content_type;
	fastcgi_param CONTENT_LENGTH \$content_length;
	fastcgi_param SCRIPT_FILENAME \$request_filename;
	fastcgi_param SCRIPT_NAME \$fastcgi_script_name;
	fastcgi_param REQUEST_URI \$request_uri;
	fastcgi_param DOCUMENT_URI \$document_uri;
	fastcgi_param DOCUMENT_ROOT \$document_root;
	fastcgi_param SERVER_PROTOCOL \$server_protocol;
	fastcgi_param GATEWAY_INTERFACE CGI/1.1;
	fastcgi_param SERVER_SOFTWARE nginx/\$nginx_version;
	fastcgi_param REMOTE_ADDR \$remote_addr;
	fastcgi_param REMOTE_PORT \$remote_port;
	fastcgi_param SERVER_ADDR \$server_addr;
	fastcgi_param SERVER_PORT \$server_port;
	fastcgi_param SERVER_NAME \$server_name;
	fastcgi_param HTTPS \$https if_not_empty;
	fastcgi_param REDIRECT_STATUS 200;
	fastcgi_param HTTP_PROXY "";
	EOF

	# Generate dhparams File If Necessary

	if [ ! -f /etc/nginx/dhparams.pem ]
	then
	openssl dhparam -out /etc/nginx/dhparams.pem 2048
	fi

	# Write The Nginx Server Block For The Site

	rm -f "/etc/nginx/sites-available/sputnikcloud.com"
	rm -f "/etc/nginx/sites-available/www.sputnikcloud.com"


	cat > /etc/nginx/sites-available/sputnikcloud.com << EOF
	# FORGE CONFIG (DO NOT REMOVE!)
	include forge-conf/sputnikcloud.com/before/*;

	server {
	listen 80;
	listen [::]:80;
	server_name sputnikcloud.com;
	root /home/forge/sputnikcloud.com/public;

	# FORGE SSL (DO NOT REMOVE!)
	# ssl_certificate;
	# ssl_certificate_key;

	ssl_protocols TLSv1.2;
	ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
	ssl_prefer_server_ciphers on;
	ssl_dhparam /etc/nginx/dhparams.pem;

	add_header X-Frame-Options "SAMEORIGIN";
	add_header X-XSS-Protection "1; mode=block";
	add_header X-Content-Type-Options "nosniff";

	index index.html index.htm index.php;

	charset utf-8;

	# FORGE CONFIG (DO NOT REMOVE!)
	include forge-conf/sputnikcloud.com/server/*;

	location / {
	try_files \$uri \$uri/ /index.php?\$query_string;
	}

	location = /favicon.ico { access_log off; log_not_found off; }
	location = /robots.txt { access_log off; log_not_found off; }

	access_log off;
	error_log /var/log/nginx/sputnikcloud.com-error.log error;

	error_page 404 /index.php;

	location ~ \.php$ {
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
	fastcgi_index index.php;
	include fastcgi_params;
	}

	location ~ /\.(?!well-known).* {
	deny all;
	}
	}

	# FORGE CONFIG (DO NOT REMOVE!)
	include forge-conf/sputnikcloud.com/after/*;
	EOF


	# Write The Configuration Directories

	mkdir -p /etc/nginx/forge-conf/sputnikcloud.com/before
	mkdir -p /etc/nginx/forge-conf/sputnikcloud.com/after
	mkdir -p /etc/nginx/forge-conf/sputnikcloud.com/server

	# Enable The Nginx Sites

	rm -f "/etc/nginx/sites-enabled/sputnikcloud.com"
	rm -f "/etc/nginx/sites-enabled/www.sputnikcloud.com"

	ln -s /etc/nginx/sites-available/sputnikcloud.com /etc/nginx/sites-enabled/sputnikcloud.com

	# Write The Base Redirector For The Site

	#
	# REQUIRES:
	# - server (the server instance)
	# - site (the site instance)
	# - siteName (the site name)
	# - aliases (the site aliases)
	# - certificate (the certificate) (optional)
	#

	rm -f /etc/nginx/forge-conf/sputnikcloud.com/before/redirect.conf
	rm -f /etc/nginx/forge-conf/sputnikcloud.com/before/ssl_redirect.conf


	cat > /etc/nginx/forge-conf/sputnikcloud.com/before/redirect.conf << EOF
	server {
	listen 80;
	listen [::]:80;

	server_name www.sputnikcloud.com;
	return 301 \$scheme://sputnikcloud.com\$request_uri;
	}

	EOF


	# Restart Nginx & PHP-FPM Services

	service nginx reload

	if [ ! -z "\$(ps aux \| grep php-fpm \| grep -v grep)" ]
	then
	service php7.3-fpm restart > /dev/null 2>&1
	service php7.2-fpm restart > /dev/null 2>&1
	service php7.1-fpm restart > /dev/null 2>&1
	service php7.0-fpm restart > /dev/null 2>&1
	service php5.6-fpm restart > /dev/null 2>&1
	service php5-fpm restart > /dev/null 2>&1
	fi


	# Restart HHVM-FastCGI When Running HHVM
	# ENABLE
	# REQUIRES:
	# - server (the forge server instance)
	#

	sed -i "s/;\?opcache\.enable=.*/opcache.enable = 1/" /etc/php/7.3/fpm/php.ini
	sed -i "s/;\?opcache\.enable =.*/opcache.enable = 1/" /etc/php/7.3/fpm/php.ini
	sed -i "s/;\?opcache\.memory_consumption.*/opcache.memory_consumption = 512/" /etc/php/7.3/fpm/php.ini
	sed -i "s/;\?opcache\.interned_strings_buffer.*/opcache.interned_strings_buffer = 64/" /etc/php/7.3/fpm/php.ini
	sed -i "s/;\?opcache\.max_accelerated_files.*/opcache.max_accelerated_files = 30000/" /etc/php/7.3/fpm/php.ini
	sed -i "s/;\?opcache\.validate_timestamps.*/opcache.validate_timestamps = 0/" /etc/php/7.3/fpm/php.ini
	sed -i "s/;\?opcache\.save_comments.*/opcache.save_comments = 1/" /etc/php/7.3/fpm/php.ini
	# sed -i "s/;\?opcache\.fast_shutdown.*/opcache.fast_shutdown = 1/" /etc/php/7.3/fpm/php.ini

	# Restart Nginx & PHP-FPM Services

	#service nginx restart
	service nginx reload

	if [ ! -z "\$(ps aux \| grep php-fpm \| grep -v grep)" ]
	then
	service php7.3-fpm restart > /dev/null 2>&1
	service php7.2-fpm restart > /dev/null 2>&1
	service php7.1-fpm restart > /dev/null 2>&1
	service php7.0-fpm restart > /dev/null 2>&1
	service php5.6-fpm restart > /dev/null 2>&1
	service php5-fpm restart > /dev/null 2>&1
	fi

	# DISABLE
	# REQUIRES:
	# - server (the forge server instance)
	#

	sed -i "s/;\?opcache.enable=.*/opcache.enable = 0/" /etc/php/7.3/fpm/php.ini
	sed -i "s/;\?opcache.enable =.*/opcache.enable = 0/" /etc/php/7.3/fpm/php.ini

	# Restart Nginx & PHP-FPM Services

	#service nginx restart
	service nginx reload

	if [ ! -z "\$(ps aux \| grep php-fpm \| grep -v grep)" ]
	then
	service php7.3-fpm restart > /dev/null 2>&1
	service php7.2-fpm restart > /dev/null 2>&1
	service php7.1-fpm restart > /dev/null 2>&1
	service php7.0-fpm restart > /dev/null 2>&1
	service php5.6-fpm restart > /dev/null 2>&1
	service php5-fpm restart > /dev/null 2>&1
	fi
	#
	# REQUIRES:
	# - server (the forge server instance)
	#

	set -e

	export DEBIAN_FRONTEND=noninteractive

	apt-get install -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -y --only-upgrade php7.0-cli php7.0-dev \
	php7.0-pgsql php7.0-sqlite3 php7.0-gd \
	php7.0-curl php7.0-dev \
	php7.0-imap php7.0-mysql php7.0-memcached php7.0-mcrypt php7.0-mbstring \
	php7.0-xml php7.0-imagick php7.0-zip php7.0-bcmath php7.0-soap \
	php7.0-intl php7.0-readline

	apt-get install -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -y --only-upgrade php7.1-fpm php7.1-cli php7.1-dev \
	php7.1-pgsql php7.1-sqlite3 php7.1-gd \
	php7.1-curl php7.1-memcached \
	php7.1-imap php7.1-mysql php7.1-mbstring \
	php7.1-xml php7.1-zip php7.1-bcmath php7.1-soap \
	php7.1-intl php7.1-readline php7.1-mcrypt php-msgpack php-igbinary

	apt-get install -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -y --only-upgrade php7.2-cli php7.2-dev \
	php7.2-pgsql php7.2-sqlite3 php7.2-gd \
	php7.2-curl php7.2-memcached \
	php7.2-imap php7.2-mysql php7.2-mbstring \
	php7.2-xml php7.2-zip php7.2-bcmath php7.2-soap \
	php7.2-intl php7.2-readline

	apt-get install -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -y --only-upgrade php7.3-fpm php7.3-cli php7.3-dev \
	php7.3-pgsql php7.3-sqlite3 php7.3-gd \
	php7.3-curl php7.3-memcached \
	php7.3-imap php7.3-mysql php7.3-mbstring \
	php7.3-xml php7.3-zip php7.3-bcmath php7.3-soap \
	php7.3-intl php7.3-readline php-msgpack php-igbinary

	echo "Restarting Nginx"

	service nginx restart
	service nginx reload

	echo "Nginx Restarted"
	# INSTALL
	# REQUIRES:
	# - rule (the forge redirect rule instance)
	#

	if [ ! -f /etc/nginx/forge-conf/superprojects.space/server/redirect_rules.conf ]
	then
	touch /etc/nginx/forge-conf/superprojects.space/server/redirect_rules.conf
	fi

	echo "" > /etc/nginx/forge-conf/superprojects.space/server/redirect_rules.conf

	echo "" \| tee -a /etc/nginx/forge-conf/superprojects.space/server/redirect_rules.conf
	echo "# Laravel Forge Redirect Rule 34892" \| tee -a /etc/nginx/forge-conf/superprojects.space/server/redirect_rules.conf
	echo "rewrite test1 tset2 redirect;" \| tee -a /etc/nginx/forge-conf/superprojects.space/server/redirect_rules.conf

	# Restart Nginx & PHP-FPM Services

	#service nginx restart
	service nginx reload

	if [ ! -z "\$(ps aux \| grep php-fpm \| grep -v grep)" ]
	then
	service php7.3-fpm restart > /dev/null 2>&1
	service php7.2-fpm restart > /dev/null 2>&1
	service php7.1-fpm restart > /dev/null 2>&1
	service php7.0-fpm restart > /dev/null 2>&1
	service php5.6-fpm restart > /dev/null 2>&1
	service php5-fpm restart > /dev/null 2>&1
	fi

	# REMOVE
	# REQUIRES:
	# - rule (the forge redirect rule instance)
	#

	if [ ! -f /etc/nginx/forge-conf/superprojects.space/server/redirect_rules.conf ]
	then
	touch /etc/nginx/forge-conf/superprojects.space/server/redirect_rules.conf
	fi

	echo "" > /etc/nginx/forge-conf/superprojects.space/server/redirect_rules.conf


	# Restart Nginx & PHP-FPM Services

	#service nginx restart
	service nginx reload

	if [ ! -z "\$(ps aux \| grep php-fpm \| grep -v grep)" ]
	then
	service php7.3-fpm restart > /dev/null 2>&1
	service php7.2-fpm restart > /dev/null 2>&1
	service php7.1-fpm restart > /dev/null 2>&1
	service php7.0-fpm restart > /dev/null 2>&1
	service php5.6-fpm restart > /dev/null 2>&1
	service php5-fpm restart > /dev/null 2>&1
	fi