Skip to content

Instantly share code, notes, and snippets.

@centminmod

centminmod/do-first-login.sh Secret

Created March 18, 2020 18:42
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save centminmod/11bbaa7224bca26e63f26b510250f582 to your computer and use it in GitHub Desktop.
Save centminmod/11bbaa7224bca26e63f26b510250f582 to your computer and use it in GitHub Desktop.
Download ZIP
centminmod reset all logins for digitalocean 1-click app image builds
Raw
do-first-login.sh
#!/bin/bash
############################################################
# https://community.centminmod.com/threads/digitalocean-marketplace-for-1-click-applications.16835/
############################################################
VER=0.2
# revised nginx worker_proccess auto tuned settings for >12 cpu thread based servers
NGINXCPU_AUTOTUNE_NEW='y'
TOTALMEM=$(awk '/MemTotal/ {print $2}' /proc/meminfo)
TOTALMEM_T=$(awk '/MemTotal/ {print $2}' /proc/meminfo)
TOTALMEM_SWAP=$(awk '/SwapFree/ {print $2}' /proc/meminfo)
HOME_DFSIZE=$(df --output=avail /home | tail -1)
CONFIGSCANDIR='/etc/centminmod/php.d'
if [ ! -d /opt/centminmod ]; then
mkdir -p /opt/centminmod
fi
bookmark() {
echo "
===============================================================================
* Getting Started Guide - https://centminmod.com/getstarted.html
* Centmin Mod FAQ - https://centminmod.com/faq.html
* Centmin Mod Config Files - https://centminmod.com/configfiles.html
* Change Log - https://centminmod.com/changelog.html
* Community Forums https://community.centminmod.com [ << Register ]
* Cloudflare with Centmin Mod Nginx https://centminmod.com/nginx_configure_cloudflare.html
===============================================================================
"
echo
}
msg() {
bookmark
echo "Running a number of tasks required to initially setup your server"
sleep 2
updatedb
echo
}
yum_updates() {
echo
echo "--------------------------------------------------------------------"
echo "Ensure yum packages are up to date"
echo
yum -y update --enablerepo=remi
echo
echo "--------------------------------------------------------------------"
}
get_email() {
echo
echo "--------------------------------------------------------------------"
echo "Setup Server Administration Email"
echo "Emails will be used for future notification alert features"
echo "--------------------------------------------------------------------"
echo "Hit Enter To Skip..."
echo "Will be prompted everytime run centmin.sh if both emails not entered"
echo "--------------------------------------------------------------------"
read -ep "enter primary email: " mainemail
read -ep "enter secondary email: " secondemail
echo "--------------------------------------------------------------------"
if [ -z "$mainemail" ]; then
mainemail=""
rm -rf /etc/centminmod/email-primary.ini
echo "primary email setup skipped..."
else
echo
echo "Primary: $mainemail"
echo "$mainemail" > /etc/centminmod/email-primary.ini
echo "setup at /etc/centminmod/email-primary.ini"
echo
echo -n " "
cat /etc/centminmod/email-primary.ini
echo
if [ -f "$(which git)" ]; then
git config --global user.email "$mainemail"
git config --global user.name "cmm-user"
# git config user.email
# git config user.name
fi
fi
if [ -z "$secondemail" ]; then
secondemail=$mainemail
rm -rf /etc/centminmod/email-secondary.ini
echo "secondary email setup skipped..."
else
echo "Secondary: $secondemail"
echo "$secondemail" > /etc/centminmod/email-secondary.ini
echo "setup at /etc/centminmod/email-secondary.ini"
echo
echo -n " "
cat /etc/centminmod/email-secondary.ini
echo
fi
echo
}
whitelistip() {
# whitelist ssh log in user's IP in csf firewall
# https://centminmod.com/csf_firewall.html
echo
echo "--------------------------------------------------------------------"
echo "Whitelist IP in CSF Firewall"
echo "--------------------------------------------------------------------"
ssh_user_ip=$(echo $SSH_CLIENT | awk '{print $1}')
csf -a ${ssh_user_ip} # do-firstlogin-ip-whitelisting
echo "${ssh_user_ip}" >> /etc/csf/csf.ignore
csf -ra >/dev/null 2>&1
}
set_hostname() {
echo
echo "--------------------------------------------------------------------"
echo "Setup main hostname as per Getting Started Guide Step 1"
echo "https://centminmod.com/getstarted.html"
echo
echo "Main hostname is not same as desired site domain name but"
echo "used for where server statistics files get hosted as outlined"
echo "here https://community.centminmod.com/threads/1513/"
echo
echo "It's usually something like host.domain.com"
echo "--------------------------------------------------------------------"
echo
read -ep "Enter desired main hostname for this VPS: " yourhostname
echo
hostnamectl set-hostname $yourhostname
IPADDR=$(hostname -I | cut -f1 -d' ')
echo $IPADDR $yourhostname >> /etc/hosts
if [ -f /usr/local/nginx/conf/conf.d/virtual.conf ]; then
sed -i "s|server_name .*|server_name ${yourhostname};|" /usr/local/nginx/conf/conf.d/virtual.conf
echo "updated main hostname nginx vhost at"
echo "/usr/local/nginx/conf/conf.d/virtual.conf"
fi
}
cmm_update() {
echo
echo "--------------------------------------------------------------------"
echo "Ensure centmin mod up to date"
echo "--------------------------------------------------------------------"
cd /usr/local/src
mv centminmod centminmod-automoved
branchname=123.09beta01
git clone -b ${branchname} --depth=1 https://github.com/centminmod/centminmod.git centminmod
if [[ "$?" -eq '0' ]]; then
rm -rf centminmod-automoved
echo
echo "Completed. Fresh /usr/local/src/centminmod code base in place"
# echo "To run centmin.sh again, you need to change into directory: /usr/local/src/centminmod"
# echo "cd /usr/local/src/centminmod"
else
mv centminmod-automoved centminmod
echo
echo "Error: wasn't able to successfully update /usr/local/src/centminmod code base"
echo " restoring previous copy of /usr/local/src/centminmod code base"
fi
echo
}
reset_pureftpd_params() {
# echo
echo "--------------------------------------------------------------------"
echo "regenerate pure-ftpd ssl cert /etc/ssl/private/pure-ftpd-dhparams.pem"
echo "please wait... can take a few minutes depending on speed of server"
echo "--------------------------------------------------------------------"
if [ -f /etc/ssl/private/pure-ftpd-dhparams.pem ]; then
rm -f /etc/ssl/private/pure-ftpd-dhparams.pem
fi
openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 2048 >/dev/null 2>&1
echo
echo "--------------------------------------------------------------------"
echo "regenerating pure-ftpd self-signed ssl certificate"
echo "--------------------------------------------------------------------"
CNIP=$(ip route get 8.8.8.8 | awk 'NR==1 {print $NF}')
if [ -f /etc/pki/pure-ftpd/pure-ftpd.pem ]; then
rm -f /etc/pki/pure-ftpd/pure-ftpd.pem
fi
openssl req -x509 -days 7300 -sha256 -nodes -subj "/C=US/ST=California/L=Los Angeles/O=Default Company Ltd/CN==$CNIP" -newkey rsa:1024 -keyout /etc/pki/pure-ftpd/pure-ftpd.pem -out /etc/pki/pure-ftpd/pure-ftpd.pem
chmod 600 /etc/pki/pure-ftpd/*.pem
}
reset_memcache_admin() {
# Randomize memcache_${N}.php filename
N=$(od -vAn -N8 -tx < /dev/urandom | sed -e 's/\s//g')
rm -f /usr/local/nginx/html/memcache_*
\cp -a /usr/local/src/centminmod/config/memcached/memcache.php /usr/local/nginx/html/memcache_${N}.php
chown -R nginx:nginx /usr/local/nginx/html
chmod 644 /usr/local/nginx/html/memcache_${N}.php
sed -i "s/'ADMIN_USERNAME','memcache'/'ADMIN_USERNAME','memcacheuser'/g" /usr/local/nginx/html/memcache_${N}.php
sed -i "s/'ADMIN_PASSWORD','password'/'ADMIN_PASSWORD','memcachepass'/g" /usr/local/nginx/html/memcache_${N}.php
sed -i "s/mymemcache-server1:11211/localhost:11211/g" /usr/local/nginx/html/memcache_${N}.php
sed -i "s/\$MEMCACHE_SERVERS\[] = 'mymemcache-server2:11211'; \/\/ add more as an array/\/\/ mymemcache-server2:/g" /usr/local/nginx/html/memcache_${N}.php
CSALT=$(openssl rand 8 -base64 | tr -dc 'a-zA-Z0-9')
memcacheduser=$(echo "memadmin${CSALT}")
memcachedpassword=$(openssl rand 19 -base64 | tr -dc 'a-zA-Z0-9')
sed -i "s/'ADMIN_USERNAME','memcacheuser'/'ADMIN_USERNAME','${memcacheduser}'/g" /usr/local/nginx/html/memcache_${N}.php 2>&1>/dev/null
sed -i "s/'ADMIN_PASSWORD','memcachepass'/'ADMIN_PASSWORD','${memcachedpassword}'/g" /usr/local/nginx/html/memcache_${N}.php 2>&1>/dev/null
{
echo "--------------------------------------------------------------------"
echo "Memcached Server Admin Login File: /usr/local/nginx/html/memcache_${N}.php"
echo "Memcached Server Admin Login: ${hname}/memcache_${N}.php"
echo "new memcached username: ${memcacheduser}"
echo "new memcached password: ${memcachedpassword}"
echo "--------------------------------------------------------------------"
} 2>&1 | tee /opt/centminmod/memcache-admin-login.txt
}
reset_phpinfo() {
locate phpi.php | while read f; do
fname=$(basename ${f})
if [[ "${fname}" = 'phpi.php' ]]; then
cp -a "${f}" /usr/local/nginx/html/phpi.php
else
rm -f "${f}"
fi
done
# Randomize phpi.php filename
NPHP=$(od -vAn -N4 -tx < /dev/urandom)
NPHP=$(echo ${NPHP} | sed -e 's/\s//')
PHPISALT=$(openssl rand 11 -base64 | tr -dc 'a-zA-Z0-9')
PHPIUSER=$(echo "phpiadmin${PHPISALT}")
PHPIPASS=$(openssl rand 19 -base64 | tr -dc 'a-zA-Z0-9')
echo ""
mv /usr/local/nginx/html/phpi.php "/usr/local/nginx/html/${NPHP}_phpi.php"
sed -i "s|PHPUSERNAME|$PHPIUSER|" "/usr/local/nginx/html/${NPHP}_phpi.php"
sed -i "s|PHPPASSWORD|$PHPIPASS|" "/usr/local/nginx/html/${NPHP}_phpi.php"
chown nginx:nginx "/usr/local/nginx/html/${NPHP}_phpi.php"
{
echo "--------------------------------------------------------------------"
echo "PHP Info Login File: /usr/local/nginx/html/${NPHP}_phpi.php"
echo "PHP Info Login: ${hname}/${NPHP}_phpi.php"
echo "PHP Info Login username: ${PHPIUSER}"
echo "PHP Info Login password: ${PHPIPASS}"
echo "--------------------------------------------------------------------"
} 2>&1 | tee /opt/centminmod/php-info-password.txt
}
reset_opcache() {
echo
echo "--------------------------------------------------------------------"
echo "Generate Zend Opcache Admin password"
echo "--------------------------------------------------------------------"
N=$(od -vAn -N8 -tx < /dev/urandom | sed -e 's/\s//g')
locate opcache.php | while read f; do
fname=$(basename ${f})
if [[ "${fname}" = 'opcache.php' ]]; then
cp -a "${f}" /usr/local/nginx/html/${N}_opcache.php
else
rm -f "${f}"
fi
done
echo
echo "reset initial /usr/local/nginx/html/opcache.php"
echo
OPSALT=$(openssl rand 10 -base64 | tr -dc 'a-zA-Z0-9')
OPUSER=$(echo "opadmin${OPSALT}")
OPPASS=$(openssl rand 22 -base64 | tr -dc 'a-zA-Z0-9')
sed -i "s|OPCACHEUSERNAME|$OPUSER|" /usr/local/nginx/html/${N}_opcache.php
sed -i "s|OPCACHEPASSWORD|$OPPASS|" /usr/local/nginx/html/${N}_opcache.php
echo "" > /root/centminlogs/zendopcache_passfile.txt
echo "-------------------------------------------------------" >> /root/centminlogs/zendopcache_passfile.txt
echo "File Location: /usr/local/nginx/html/${N}_opcache.php" >> /root/centminlogs/zendopcache_passfile.txt
echo "Password protected ${hname}/${N}_opcache.php" >> /root/centminlogs/zendopcache_passfile.txt
echo "-------------------------------------------------------" >> /root/centminlogs/zendopcache_passfile.txt
echo "Username: $OPUSER" >> /root/centminlogs/zendopcache_passfile.txt
echo "Password: $OPPASS" >> /root/centminlogs/zendopcache_passfile.txt
echo "-------------------------------------------------------" >> /root/centminlogs/zendopcache_passfile.txt
/usr/local/nginx/conf/htpasswd.sh create /usr/local/nginx/conf/htpasswd_opcache $OPUSER $OPPASS
cat > "/usr/local/nginx/conf/include_opcache.conf" <<EOF
location ~ ^/(${N}_opcache.php) {
include /usr/local/nginx/conf/php.conf;
auth_basic "Password Protected";
auth_basic_user_file /usr/local/nginx/conf/htpasswd_opcache;
}
EOF
{
cat /root/centminlogs/zendopcache_passfile.txt
} 2>&1 | tee /opt/centminmod/zend-opcache-admin-login.txt
}
reset_mysqlroot() {
echo
echo "--------------------------------------------------------------------"
echo "Generate mysql root password"
echo "--------------------------------------------------------------------"
if [ -f /root/.my.cnf ]; then
echo
OLDMYSQLROOTPASS=$(awk -F '=' '/password/ {print $2}' /root/.my.cnf)
NEWMYSQLROOTPASS=$(openssl rand 21 -base64 | tr -dc 'a-zA-Z0-9')
echo "setup mysql root password"
mysqladmin -u root -p${OLDMYSQLROOTPASS} password $NEWMYSQLROOTPASS
echo
echo "--------------------------------------------------------------------"
echo "New MySQL root user password: $NEWMYSQLROOTPASS"
echo "--------------------------------------------------------------------"
echo
sed -i "s|password=.*|password=$NEWMYSQLROOTPASS|" /root/.my.cnf
echo "--------------------------------------------------------------------"
echo "/root/.my.cnf updated"
echo "--------------------------------------------------------------------"
echo
cat /root/.my.cnf | tee /opt/centminmod/mysql-root-password.txt
echo
fi
}
log_cleanup() {
if [ -f /var/log/audit/audit.log ]; then
# remove packer snapshot image builder entries
find /var/log/audit/audit.log -mtime -1 -type f -exec truncate -s 0 {} \;
fi
if [ -f /var/log/messages ]; then
# remove packer snapshot image builder entries
sed -i '1,28d' /var/log/messages
sed -i '/Set hostname to <packer/d' /var/log/messages
fi
if [ -f /var/log/lfd.log ]; then
# remove packer snapshot image builder entries
sed -i '1,6d' /var/log/lfd.log
fi
if [ -f /var/log/secure ]; then
# remove packer snapshot image builder entries
sed -i '1d' /var/log/secure
fi
if [ -f /etc/csf/csf.allow ]; then
# remove packer snapshot image builder entries
sed -i '/csf SSH installation/d' /etc/csf/csf.allow
fi
if [ -f /etc/csf/csf.ignore ]; then
# remove packer snapshot image builder entries
sed -i '/127.0.0.1/{n;N;d}' /etc/csf/csf.ignore
fi
rm -f /tmp/script_*
rm -f /home/script_*
}
service_checks() {
if [[ -f /usr/lib/systemd/system/redis.service && "$(systemctl status redis >/dev/null 2>&1; echo $?)" -ne '0' ]]; then
service redis start >/dev/null 2>&1
chkconfig redis on >/dev/null 2>&1
fi
}
reset_bashrc() {
echo
echo "--------------------------------------------------------------------"
echo "cleanup /root/.bashrc"
echo "--------------------------------------------------------------------"
sed -i '/first-login.sh/d' /root/.bashrc
# sed -i '/first-login.sh/d' /usr/local/bin/dmotd
if [ -f /opt/centminmod/first-login-run ]; then
rm -f /opt/centminmod/first-login-run
fi
if [ -f /opt/centminmod/first-login.sh ]; then
rm -f /opt/centminmod/first-login.sh
fi
if [ -f /opt/centminmod/first-login.sh-prebuilt ]; then
rm -f /opt/centminmod/first-login.sh-prebuilt
fi
if [ -f /var/lib/cloud/scripts/per-instance/01-setup-first-login.sh ]; then
rm -f /var/lib/cloud/scripts/per-instance/01-setup-first-login.sh
fi
chown -R nginx:nginx /usr/local/nginx/html
}
tmpsetup() {
echo "CentOS 7 Setup /tmp"
echo "CentOS 7 + non-OpenVZ virtualisation detected"
systemctl is-enabled tmp.mount
# only mount /tmp on tmpfs if CentOS system
# total memory size is greater than ~15.25GB
# will give /tmp a size equal to 1/2 total memory
if [[ "$TOTALMEM" -ge '16000001' ]]; then
cp -ar /tmp /tmp_backup
#rm -rf /tmp
#mkdir -p /tmp
mount -t tmpfs -o rw,noexec,nosuid tmpfs /tmp
chmod 1777 /tmp
cp -ar /tmp_backup/* /tmp
echo "tmpfs /tmp tmpfs rw,noexec,nosuid 0 0" >> /etc/fstab
cp -ar /var/tmp /var/tmp_backup
ln -s /tmp /var/tmp
cp -ar /var/tmp_backup/* /tmp
rm -rf /tmp_backup
rm -rf /var/tmp_backup
elif [[ "$TOTALMEM" -ge '8100001' || "$TOTALMEM" -lt '16000000' ]]; then
# set on disk non-tmpfs /tmp to 6GB size
# if total memory is between 2GB and <8GB
cp -ar /tmp /tmp_backup
# rm -rf /tmp
if [[ "$HOME_DFSIZE" -le '15750000' ]]; then
dd if=/dev/zero of=/home/usertmp_donotdelete bs=1024 count=1048576
elif [[ "$HOME_DFSIZE" -gt '15750001' && "$HOME_DFSIZE" -le '20999000' ]]; then
dd if=/dev/zero of=/home/usertmp_donotdelete bs=1024 count=2097152
else
dd if=/dev/zero of=/home/usertmp_donotdelete bs=1024 count=6291456
fi
echo Y | mkfs.ext4 /home/usertmp_donotdelete
# mkdir -p /tmp
mount -t ext4 -o loop,rw,noexec,nosuid /home/usertmp_donotdelete /tmp
chmod 1777 /tmp
cp -ar /tmp_backup/* /tmp
echo "/home/usertmp_donotdelete /tmp ext4 loop,rw,noexec,nosuid 0 0" >> /etc/fstab
cp -ar /var/tmp /var/tmp_backup
ln -s /tmp /var/tmp
cp -ar /var/tmp_backup/* /tmp
rm -rf /tmp_backup
rm -rf /var/tmp_backup
elif [[ "$TOTALMEM" -ge '2050061' || "$TOTALMEM" -lt '8100000' ]]; then
# set on disk non-tmpfs /tmp to 4GB size
# if total memory is between 2GB and <8GB
cp -ar /tmp /tmp_backup
# rm -rf /tmp
if [[ "$HOME_DFSIZE" -le '15750000' ]]; then
dd if=/dev/zero of=/home/usertmp_donotdelete bs=1024 count=1048576
elif [[ "$HOME_DFSIZE" -gt '15750001' && "$HOME_DFSIZE" -le '20999000' ]]; then
dd if=/dev/zero of=/home/usertmp_donotdelete bs=1024 count=2097152
else
dd if=/dev/zero of=/home/usertmp_donotdelete bs=1024 count=4194304
fi
echo Y | mkfs.ext4 /home/usertmp_donotdelete
# mkdir -p /tmp
mount -t ext4 -o loop,rw,noexec,nosuid /home/usertmp_donotdelete /tmp
chmod 1777 /tmp
cp -ar /tmp_backup/* /tmp
echo "/home/usertmp_donotdelete /tmp ext4 loop,rw,noexec,nosuid 0 0" >> /etc/fstab
cp -ar /var/tmp /var/tmp_backup
ln -s /tmp /var/tmp
cp -ar /var/tmp_backup/* /tmp
rm -rf /tmp_backup
rm -rf /var/tmp_backup
elif [[ "$TOTALMEM" -ge '1153434' || "$TOTALMEM" -lt '2050060' ]]; then
# set on disk non-tmpfs /tmp to 2GB size
# if total memory is between 1.1-2GB
cp -ar /tmp /tmp_backup
# rm -rf /tmp
if [[ "$HOME_DFSIZE" -le '15750000' ]]; then
dd if=/dev/zero of=/home/usertmp_donotdelete bs=1024 count=1048576
elif [[ "$HOME_DFSIZE" -gt '15750001' && "$HOME_DFSIZE" -le '20999000' ]]; then
dd if=/dev/zero of=/home/usertmp_donotdelete bs=1024 count=2097152
else
dd if=/dev/zero of=/home/usertmp_donotdelete bs=1024 count=3000000
fi
echo Y | mkfs.ext4 /home/usertmp_donotdelete
# mkdir -p /tmp
mount -t ext4 -o loop,rw,noexec,nosuid /home/usertmp_donotdelete /tmp
chmod 1777 /tmp
cp -ar /tmp_backup/* /tmp
echo "/home/usertmp_donotdelete /tmp ext4 loop,rw,noexec,nosuid 0 0" >> /etc/fstab
cp -ar /var/tmp /var/tmp_backup
ln -s /tmp /var/tmp
cp -ar /var/tmp_backup/* /tmp
rm -rf /tmp_backup
rm -rf /var/tmp_backup
elif [[ "$TOTALMEM" -le '1153433' ]]; then
# set on disk non-tmpfs /tmp to 1GB size
# if total memory is <1.1GB
cp -ar /tmp /tmp_backup
# rm -rf /tmp
if [[ "$HOME_DFSIZE" -le '15750000' ]]; then
dd if=/dev/zero of=/home/usertmp_donotdelete bs=1024 count=1048576
elif [[ "$HOME_DFSIZE" -gt '15750001' && "$HOME_DFSIZE" -le '20999000' ]]; then
dd if=/dev/zero of=/home/usertmp_donotdelete bs=1024 count=2097152
else
dd if=/dev/zero of=/home/usertmp_donotdelete bs=1024 count=3000000
fi
echo Y | mkfs.ext4 /home/usertmp_donotdelete
# mkdir -p /tmp
mount -t ext4 -o loop,rw,noexec,nosuid /home/usertmp_donotdelete /tmp
chmod 1777 /tmp
cp -ar /tmp_backup/* /tmp
echo "/home/usertmp_donotdelete /tmp ext4 loop,rw,noexec,nosuid 0 0" >> /etc/fstab
cp -ar /var/tmp /var/tmp_backup
ln -s /tmp /var/tmp
cp -ar /var/tmp_backup/* /tmp
rm -rf /tmp_backup
rm -rf /var/tmp_backup
fi
}
tmpfix() {
# digitalocean single / root partition doesn't require separate larger
# /tmp directory like bare metal where folks may partition /tmp too
# small for real world usage and run into problems.
# digitalocean VPS won't run into such issues due to /tmp mounted on
# single / root partition
# echo
# echo "--------------------------------------------------------------------"
# echo "/tmp adjustment"
# echo "--------------------------------------------------------------------"
sed -i '/usertmp_donotdelete/d' /etc/fstab
rm -f /home/usertmp_donotdelete
mount -a
}
autotune_nginx() {
if [ -f /usr/local/nginx/conf/nginx.conf ]; then
echo "auto tune nginx"
NOCPUS=$(grep "processor" /proc/cpuinfo |wc -l)
NGINXCONFCPU='/usr/local/nginx/conf/nginx.conf'
if [[ "$(grep 'worker_processes' $NGINXCONFCPU | grep -o 2)" -eq '2' ]]; then
WORKERCHECKA=$(grep 'worker_processes 2;' $NGINXCONFCPU)
WORKERCHECKB=$(grep 'worker_processes 2;' $NGINXCONFCPU)
else
WORKERCHECKA=$(grep 'worker_processes 1;' $NGINXCONFCPU)
WORKERCHECKB=$(grep 'worker_processes 1;' $NGINXCONFCPU)
fi
if [[ "$NOCPUS" -le "2" ]]; then
NOCPUS=$NOCPUS
echo
if [[ ! -z "$WORKERCHECKA" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*;/worker_processes $NOCPUS;/g" $NGINXCONFCPU
elif [[ ! -z "$WORKERCHECKB" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*/worker_processes $NOCPUS;/g" $NGINXCONFCPU
fi
fi
if [[ "$NOCPUS" -le 4 && "$NOCPUS" -gt 2 ]]; then
NOCPUS=$(echo "$NOCPUS"/2 | bc)
echo
if [[ ! -z "$WORKERCHECKA" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*;/worker_processes $NOCPUS;/g" $NGINXCONFCPU
elif [[ ! -z "$WORKERCHECKB" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*/worker_processes $NOCPUS;/g" $NGINXCONFCPU
fi
fi
if [[ "$NOCPUS" -le "6" && "$NOCPUS" -gt "4" ]]; then
NOCPUS=$(echo "$NOCPUS"/2 | bc)
echo
if [[ ! -z "$WORKERCHECKA" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*;/worker_processes $NOCPUS;/g" $NGINXCONFCPU
elif [[ ! -z "$WORKERCHECKB" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*/worker_processes $NOCPUS;/g" $NGINXCONFCPU
fi
fi
if [ "$NOCPUS" = "7" ]; then
NOCPUS=$(echo "$NOCPUS"/2.333 | bc)
echo
if [[ ! -z "$WORKERCHECKA" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*;/worker_processes $NOCPUS;/g" $NGINXCONFCPU
elif [[ ! -z "$WORKERCHECKB" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*/worker_processes $NOCPUS;/g" $NGINXCONFCPU
fi
fi
if [ "$NOCPUS" = "8" ]; then
NOCPUS=$(echo "$NOCPUS"/2 | bc)
echo
if [[ ! -z "$WORKERCHECKA" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*;/worker_processes $NOCPUS;/g" $NGINXCONFCPU
elif [[ ! -z "$WORKERCHECKB" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*/worker_processes $NOCPUS;/g" $NGINXCONFCPU
fi
fi
if [[ "$NOCPUS" -le "10" && "$NOCPUS" -gt "8" ]]; then
NOCPUS=$(echo "$NOCPUS"/2 | bc)
echo
if [[ ! -z "$WORKERCHECKA" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*;/worker_processes $NOCPUS;/g" $NGINXCONFCPU
elif [[ ! -z "$WORKERCHECKB" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*/worker_processes $NOCPUS;/g" $NGINXCONFCPU
fi
fi
if [ "$NOCPUS" = "11" ]; then
NOCPUS=$(echo "$NOCPUS"/2 | bc)
echo
if [[ ! -z "$WORKERCHECKA" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*;/worker_processes $NOCPUS;/g" $NGINXCONFCPU
elif [[ ! -z "$WORKERCHECKB" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*/worker_processes $NOCPUS;/g" $NGINXCONFCPU
fi
fi
if [ "$NOCPUS" = "12" ]; then
NOCPUS=$(echo "$NOCPUS"/2 | bc)
echo
if [[ ! -z "$WORKERCHECKA" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*;/worker_processes $NOCPUS;/g" $NGINXCONFCPU
elif [[ ! -z "$WORKERCHECKB" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*/worker_processes $NOCPUS;/g" $NGINXCONFCPU
fi
fi
if [[ "$NOCPUS" -le "15" && "$NOCPUS" -ge "13" ]]; then
NOCPUS=$(echo "$NOCPUS"/2.1 | bc)
echo
if [[ ! -z "$WORKERCHECKA" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*;/worker_processes $NOCPUS;/g" $NGINXCONFCPU
elif [[ ! -z "$WORKERCHECKB" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*/worker_processes $NOCPUS;/g" $NGINXCONFCPU
fi
fi
if [[ "$NOCPUS" -le "16" && "$NOCPUS" -gt "12" ]]; then
NOCPUS=$(echo "$NOCPUS"/2 | bc)
echo
if [[ ! -z "$WORKERCHECKA" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*;/worker_processes $NOCPUS;/g" $NGINXCONFCPU
elif [[ ! -z "$WORKERCHECKB" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*/worker_processes $NOCPUS;/g" $NGINXCONFCPU
fi
fi
if [[ "$NOCPUS" -le "23" && "$NOCPUS" -ge "17" ]]; then
NOCPUS=$(echo "$NOCPUS"/2.1 | bc)
echo
if [[ ! -z "$WORKERCHECKA" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*;/worker_processes $NOCPUS;/g" $NGINXCONFCPU
elif [[ ! -z "$WORKERCHECKB" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*/worker_processes $NOCPUS;/g" $NGINXCONFCPU
fi
fi
if [[ "$NOCPUS" -le "31" && "$NOCPUS" -ge "24" ]]; then
NOCPUS=$(echo "$NOCPUS"/2.4 | bc)
echo
if [[ ! -z "$WORKERCHECKA" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*;/worker_processes $NOCPUS;/g" $NGINXCONFCPU
elif [[ ! -z "$WORKERCHECKB" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*/worker_processes $NOCPUS;/g" $NGINXCONFCPU
fi
fi
if [[ "$NOCPUS" -le "47" && "$NOCPUS" -ge "32" ]]; then
NOCPUS=$(echo "$NOCPUS"/2.6 | bc)
echo
if [[ ! -z "$WORKERCHECKA" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*;/worker_processes $NOCPUS;/g" $NGINXCONFCPU
elif [[ ! -z "$WORKERCHECKB" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*/worker_processes $NOCPUS;/g" $NGINXCONFCPU
fi
fi
if [[ "$NOCPUS" -le "64" && "$NOCPUS" -ge "48" ]]; then
NOCPUS=$(echo "$NOCPUS"/2.666 | bc)
echo
if [[ ! -z "$WORKERCHECKA" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*;/worker_processes $NOCPUS;/g" $NGINXCONFCPU
elif [[ ! -z "$WORKERCHECKB" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*/worker_processes $NOCPUS;/g" $NGINXCONFCPU
fi
fi
if [[ "$NOCPUS" -le "127" && "$NOCPUS" -ge "65" ]]; then
NOCPUS=$(echo "$NOCPUS"/4.7083 | bc)
echo
if [[ ! -z "$WORKERCHECKA" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*;/worker_processes $NOCPUS;/g" $NGINXCONFCPU
elif [[ ! -z "$WORKERCHECKB" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*/worker_processes $NOCPUS;/g" $NGINXCONFCPU
fi
fi
if [[ "$NOCPUS" -le "191" && "$NOCPUS" -ge "128" ]]; then
NOCPUS=$(echo "$NOCPUS"/6.4 +10 | bc)
echo
if [[ ! -z "$WORKERCHECKA" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*;/worker_processes $NOCPUS;/g" $NGINXCONFCPU
elif [[ ! -z "$WORKERCHECKB" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*/worker_processes $NOCPUS;/g" $NGINXCONFCPU
fi
fi
if [[ "$NOCPUS" -le "256" && "$NOCPUS" -ge "192" ]]; then
NOCPUS=$(echo "$NOCPUS"/6.4 +10 | bc)
echo
if [[ ! -z "$WORKERCHECKA" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*;/worker_processes $NOCPUS;/g" $NGINXCONFCPU
elif [[ ! -z "$WORKERCHECKB" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*/worker_processes $NOCPUS;/g" $NGINXCONFCPU
fi
fi
if [[ "$NOCPUS" -ge "257" ]]; then
NOCPUS=$(echo "$NOCPUS"/6.5 +10 | bc)
echo
if [[ ! -z "$WORKERCHECKA" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*;/worker_processes $NOCPUS;/g" $NGINXCONFCPU
elif [[ ! -z "$WORKERCHECKB" ]]; then
#echo "set cpu worker_processes to $NOCPUS"
sed -i "s/worker_processes .*/worker_processes $NOCPUS;/g" $NGINXCONFCPU
fi
fi
fi
if [[ "$NGINXCPU_AUTOTUNE_NEW" = [yY] ]]; then
NOCPUS=$(grep -c "processor" /proc/cpuinfo)
NOCPUS_NGINX=$(($NOCPUS/2))
if [[ "$NOCPUS_NGINX" -ge '6' && "$NOCPUS_NGINX" -lt '8' ]]; then
# optimise for up to 12-15 cpu cores
# NOCPUS_NGINX=$(($NOCPUS_NGINX/1))
sed -i '/worker_cpu_affinity/d' $NGINXCONFCPU
sed -i "s/worker_processes .*;/worker_processes $NOCPUS_NGINX;\nworker_cpu_affinity auto;/g" $NGINXCONFCPU
# grep worker_ $NGINXCONFCPU
# for p in $(pidof nginx); do taskset -c -p $p; done
elif [[ "$NOCPUS_NGINX" -ge '8' && "$NOCPUS_NGINX" -lt '16' ]]; then
# optimise for up to 16-31 cpu cores
# NOCPUS_NGINX=$(($NOCPUS_NGINX/1))
sed -i '/worker_cpu_affinity/d' $NGINXCONFCPU
sed -i "s/worker_processes .*;/worker_processes $NOCPUS_NGINX;\nworker_cpu_affinity auto;/g" $NGINXCONFCPU
# grep worker_ $NGINXCONFCPU
# for p in $(pidof nginx); do taskset -c -p $p; done
elif [[ "$NOCPUS_NGINX" -ge '16' && "$NOCPUS_NGINX" -lt '24' ]]; then
# optimise for upto 32-47 cpu cores
# NOCPUS_NGINX=$(($NOCPUS_NGINX/1))
sed -i '/worker_cpu_affinity/d' $NGINXCONFCPU
sed -i "s/worker_processes .*;/worker_processes $NOCPUS_NGINX;\nworker_cpu_affinity auto;/g" $NGINXCONFCPU
# grep worker_ $NGINXCONFCPU
# for p in $(pidof nginx); do taskset -c -p $p; done
elif [[ "$NOCPUS_NGINX" -ge '24' && "$NOCPUS_NGINX" -lt '28' ]]; then
# optimise for upto 48-55 cpu cores
# NOCPUS_NGINX=$(($NOCPUS_NGINX/1))
sed -i '/worker_cpu_affinity/d' $NGINXCONFCPU
sed -i "s/worker_processes .*;/worker_processes $NOCPUS_NGINX;\nworker_cpu_affinity auto;/g" $NGINXCONFCPU
# grep worker_ $NGINXCONFCPU
# for p in $(pidof nginx); do taskset -c -p $p; done
elif [[ "$NOCPUS_NGINX" -ge '28' && "$NOCPUS_NGINX" -lt '32' ]]; then
# optimise for upto 56-63 cpu cores
# NOCPUS_NGINX=$(($NOCPUS_NGINX/1))
sed -i '/worker_cpu_affinity/d' $NGINXCONFCPU
sed -i "s/worker_processes .*;/worker_processes $NOCPUS_NGINX;\nworker_cpu_affinity auto;/g" $NGINXCONFCPU
# grep worker_ $NGINXCONFCPU
# for p in $(pidof nginx); do taskset -c -p $p; done
elif [[ "$NOCPUS_NGINX" -ge '32' && "$NOCPUS_NGINX" -lt '48' ]]; then
# optimise for upto 64-95 cpu cores
# NOCPUS_NGINX=$(($NOCPUS_NGINX/1))
sed -i '/worker_cpu_affinity/d' $NGINXCONFCPU
sed -i "s/worker_processes .*;/worker_processes $NOCPUS_NGINX;\nworker_cpu_affinity auto;/g" $NGINXCONFCPU
# grep worker_ $NGINXCONFCPU
# for p in $(pidof nginx); do taskset -c -p $p; done
elif [[ "$NOCPUS_NGINX" -ge '48' && "$NOCPUS_NGINX" -lt '64' ]]; then
# optimise for 96-127 cpu cores
# NOCPUS_NGINX=$(($NOCPUS_NGINX/1))
sed -i '/worker_cpu_affinity/d' $NGINXCONFCPU
sed -i "s/worker_processes .*;/worker_processes $NOCPUS_NGINX;\nworker_cpu_affinity auto;/g" $NGINXCONFCPU
# grep worker_ $NGINXCONFCPU
# for p in $(pidof nginx); do taskset -c -p $p; done
elif [[ "$NOCPUS_NGINX" -ge '64' ]]; then
# optimise for 128+ cpu cores
# NOCPUS_NGINX=$(($NOCPUS_NGINX/1))
sed -i '/worker_cpu_affinity/d' $NGINXCONFCPU
sed -i "s/worker_processes .*;/worker_processes $NOCPUS_NGINX;\nworker_cpu_affinity auto;/g" $NGINXCONFCPU
# grep worker_ $NGINXCONFCPU
# for p in $(pidof nginx); do taskset -c -p $p; done
fi
fi
}
autotune_php() {
echo "auto tune php"
TOTALMEM_T=$(awk '/MemTotal/ {print $2}' /proc/meminfo)
TOTALMEM_SWAP=$(awk '/SwapFree/ {print $2}' /proc/meminfo)
PHPINICUSTOM='a_customphp.ini'
CUSTOMPHPINIFILE="${CONFIGSCANDIR}/${PHPINICUSTOM}"
if [[ "$CENTOS_SIX" = '6' ]]; then
if [[ ! -f /proc/user_beancounters && -f /usr/bin/numactl ]]; then
# account for multiple cpu socket numa based memory
# https://community.centminmod.com/posts/48189/
GETCPUNODE_COUNT=$(numactl --hardware | awk '/available: / {print $2}')
if [[ "$GETCPUNODE_COUNT" -ge '2' ]]; then
FREEMEM_NUMANODE=$(($(numactl --hardware | awk '/free:/ {print $4}' | sort -r | head -n1)*1024))
FREEMEMCACHED=$(egrep '^Buffers|^Cached' /proc/meminfo | awk '{summ+=$2} END {print summ}' | head -n1)
FREEMEM=$(($FREEMEM_NUMANODE+$FREEMEMCACHED))
else
FREEMEM=$(egrep '^MemFree|^Buffers|^Cached' /proc/meminfo | awk '{summ+=$2} END {print summ}' | head -n1)
fi
elif [[ -f /proc/user_beancounters ]]; then
FREEMEMOPENVZ=$(grep '^MemFree' /proc/meminfo | awk '{summ+=$2} END {print summ}' | head -n1)
FREEMEMCACHED=$(egrep '^Buffers|^Cached' /proc/meminfo | awk '{summ+=$2} END {print summ}' | head -n1)
FREEMEM=$(($FREEMEMOPENVZ+$FREEMEMCACHED))
else
FREEMEM=$(egrep '^MemFree|^Buffers|^Cached' /proc/meminfo | awk '{summ+=$2} END {print summ}' | head -n1)
fi
elif [[ "$CENTOS_SEVEN" = '7' ]]; then
if [[ ! -f /proc/user_beancounters && -f /usr/bin/numactl ]]; then
# account for multiple cpu socket numa based memory
# https://community.centminmod.com/posts/48189/
GETCPUNODE_COUNT=$(numactl --hardware | awk '/available: / {print $2}')
if [[ "$GETCPUNODE_COUNT" -ge '2' ]]; then
FREEMEM_NUMANODE=$(($(numactl --hardware | awk '/free:/ {print $4}' | sort -r | head -n1)*1024))
FREEMEMCACHED=$(egrep '^Buffers|^Cached' /proc/meminfo | awk '{summ+=$2} END {print summ}' | head -n1)
FREEMEM=$(($FREEMEM_NUMANODE+$FREEMEMCACHED))
else
FREEMEM=$(cat /proc/meminfo | grep MemAvailable | awk '{print $2}')
fi
elif [[ -f /proc/user_beancounters ]]; then
FREEMEMOPENVZ=$(grep '^MemFree' /proc/meminfo | awk '{summ+=$2} END {print summ}' | head -n1)
FREEMEMCACHED=$(egrep '^Buffers|^Cached' /proc/meminfo | awk '{summ+=$2} END {print summ}' | head -n1)
FREEMEM=$(($FREEMEMOPENVZ+$FREEMEMCACHED))
else
FREEMEM=$(cat /proc/meminfo | grep MemAvailable | awk '{print $2}')
fi
fi
TOTALMEM_PHP=$FREEMEM
if [[ ! -f "${CUSTOMPHPINIFILE}" ]]; then
touch ${CUSTOMPHPINIFILE}
else
\cp -a ${CUSTOMPHPINIFILE} ${CUSTOMPHPINIFILE}-bak_$DT
rm -rf $CUSTOMPHPINIFILE
rm -rf ${CONFIGSCANDIR}/custom_php.ini
echo "" > ${CUSTOMPHPINIFILE}
fi
if [[ "$(date +"%Z")" = 'EST' ]]; then
echo "date.timezone = Australia/Brisbane" >> ${CUSTOMPHPINIFILE}
else
echo "date.timezone = UTC" >> ${CUSTOMPHPINIFILE}
fi
# dynamic PHP memory_limit calculation
if [[ "$TOTALMEM_PHP" -le '262144' ]]; then
ZOLIMIT='32'
PHP_MEMORYLIMIT='48M'
PHP_UPLOADLIMIT='48M'
PHP_REALPATHLIMIT='512k'
PHP_REALPATHTTL='14400'
elif [[ "$TOTALMEM_PHP" -gt '262144' && "$TOTALMEM_PHP" -le '393216' ]]; then
ZOLIMIT='80'
PHP_MEMORYLIMIT='96M'
PHP_UPLOADLIMIT='96M'
PHP_REALPATHLIMIT='640k'
PHP_REALPATHTTL='21600'
elif [[ "$TOTALMEM_PHP" -gt '393216' && "$TOTALMEM_PHP" -le '524288' ]]; then
ZOLIMIT='112'
PHP_MEMORYLIMIT='128M'
PHP_UPLOADLIMIT='128M'
PHP_REALPATHLIMIT='768k'
PHP_REALPATHTTL='28800'
elif [[ "$TOTALMEM_PHP" -gt '524288' && "$TOTALMEM_PHP" -le '1049576' ]]; then
ZOLIMIT='144'
PHP_MEMORYLIMIT='160M'
PHP_UPLOADLIMIT='160M'
PHP_REALPATHLIMIT='768k'
PHP_REALPATHTTL='28800'
elif [[ "$TOTALMEM_PHP" -gt '1049576' && "$TOTALMEM_PHP" -le '2097152' ]]; then
ZOLIMIT='160'
PHP_MEMORYLIMIT='320M'
PHP_UPLOADLIMIT='320M'
PHP_REALPATHLIMIT='1536k'
PHP_REALPATHTTL='28800'
elif [[ "$TOTALMEM_PHP" -gt '2097152' && "$TOTALMEM_PHP" -le '3145728' ]]; then
ZOLIMIT='192'
PHP_MEMORYLIMIT='384M'
PHP_UPLOADLIMIT='384M'
PHP_REALPATHLIMIT='2048k'
PHP_REALPATHTTL='43200'
elif [[ "$TOTALMEM_PHP" -gt '3145728' && "$TOTALMEM_PHP" -le '4194304' ]]; then
ZOLIMIT='224'
PHP_MEMORYLIMIT='512M'
PHP_UPLOADLIMIT='512M'
PHP_REALPATHLIMIT='3072k'
PHP_REALPATHTTL='43200'
elif [[ "$TOTALMEM_PHP" -gt '4194304' && "$TOTALMEM_PHP" -le '8180000' ]]; then
ZOLIMIT='288'
PHP_MEMORYLIMIT='640M'
PHP_UPLOADLIMIT='640M'
PHP_REALPATHLIMIT='4096k'
PHP_REALPATHTTL='43200'
elif [[ "$TOTALMEM_PHP" -gt '8180000' && "$TOTALMEM_PHP" -le '16360000' ]]; then
ZOLIMIT='320'
PHP_MEMORYLIMIT='800M'
PHP_UPLOADLIMIT='800M'
PHP_REALPATHLIMIT='4096k'
PHP_REALPATHTTL='43200'
elif [[ "$TOTALMEM_PHP" -gt '16360000' && "$TOTALMEM_PHP" -le '32400000' ]]; then
ZOLIMIT='480'
PHP_MEMORYLIMIT='1024M'
PHP_UPLOADLIMIT='1024M'
PHP_REALPATHLIMIT='4096k'
PHP_REALPATHTTL='43200'
elif [[ "$TOTALMEM_PHP" -gt '32400000' && "$TOTALMEM_PHP" -le '64800000' ]]; then
ZOLIMIT='600'
PHP_MEMORYLIMIT='1280M'
PHP_UPLOADLIMIT='1280M'
PHP_REALPATHLIMIT='4096k'
PHP_REALPATHTTL='43200'
elif [[ "$TOTALMEM_PHP" -gt '64800000' ]]; then
ZOLIMIT='800'
PHP_MEMORYLIMIT='2048M'
PHP_UPLOADLIMIT='2048M'
PHP_REALPATHLIMIT='8192k'
PHP_REALPATHTTL='86400'
fi
echo "max_execution_time = 60" >> ${CUSTOMPHPINIFILE}
echo "short_open_tag = On" >> ${CUSTOMPHPINIFILE}
echo "realpath_cache_size = $PHP_REALPATHLIMIT" >> ${CUSTOMPHPINIFILE}
echo "realpath_cache_ttl = $PHP_REALPATHTTL" >> ${CUSTOMPHPINIFILE}
echo "upload_max_filesize = $PHP_UPLOADLIMIT" >> ${CUSTOMPHPINIFILE}
echo "memory_limit = $PHP_MEMORYLIMIT" >> ${CUSTOMPHPINIFILE}
echo "post_max_size = $PHP_UPLOADLIMIT" >> ${CUSTOMPHPINIFILE}
echo "expose_php = Off" >> ${CUSTOMPHPINIFILE}
echo "mail.add_x_header = Off" >> ${CUSTOMPHPINIFILE}
echo "max_input_nesting_level = 128" >> ${CUSTOMPHPINIFILE}
echo "max_input_vars = 10000" >> ${CUSTOMPHPINIFILE}
echo "mysqlnd.net_cmd_buffer_size = 16384" >> ${CUSTOMPHPINIFILE}
echo "mysqlnd.collect_memory_statistics = Off" >> ${CUSTOMPHPINIFILE}
echo "mysqlnd.mempool_default_size = 16000" >> ${CUSTOMPHPINIFILE}
echo "always_populate_raw_post_data=-1" >> ${CUSTOMPHPINIFILE}
if [ -f "${CONFIGSCANDIR}/zendopcache.ini" ]; then
sed -i "s|opcache.memory_consumption=.*|opcache.memory_consumption=$ZOLIMIT|" "${CONFIGSCANDIR}/zendopcache.ini"
fi
echo "contents of ${CUSTOMPHPINIFILE}"
cat "${CUSTOMPHPINIFILE}"
}
autotune_mysql() {
# https://community.centminmod.com/posts/25691/
if [ -f /usr/local/src/centminmod/tools/setio.sh ]; then
echo
echo "auto tune mysql"
/usr/local/src/centminmod/tools/setio.sh set
mysqlrestart >/devnull 2>&1
fi
}
autotune_cpu() {
# tune-adm
# tuned-adm list
tuned-adm profile latency-performance >/devnull 2>&1
}
autotune() {
echo
echo "--------------------------------------------------------------------"
echo "auto tune Centmin Mod LEMP stack settings"
echo "based on detected server environment"
echo "--------------------------------------------------------------------"
autotune_nginx
autotune_php
autotune_mysql
autotune_cpu
echo
}
enable_phpstatus() {
echo
echo "--------------------------------------------------------------------"
echo "enable php-fpm status for localhost only ?"
echo "as per https://centminmod.com/phpfpm.html#phpstatus"
echo "--------------------------------------------------------------------"
read -ep "Do you want to enable php-fpm status page ? [y/n]: " enablephpstatus
echo
if [[ "$enablephpstatus" = [yY] ]]; then
sed -i 's|^#include /usr/local/nginx/conf/phpstatus.conf;|include /usr/local/nginx/conf/phpstatus.conf;|' /usr/local/nginx/conf/conf.d/virtual.conf
nprestart >/dev/null 2>&1
echo "php-fpm status enabled"
echo
echo "curl -s localhost/phpstatus"
curl -s localhost/phpstatus
echo
# sleep 3
echo "shortcut command = fpmstats"
fi
}
do_spaces_setup() {
echo
echo "--------------------------------------------------------------------"
echo "setup DigitalOcean Spaces + s3cmd"
echo "https://www.digitalocean.com/docs/spaces/resources/s3cmd/"
echo "--------------------------------------------------------------------"
echo
read -ep "Do you want to setup DigitalOcean Spaces & s3cdm ? [y/n]: " setup_spaces
echo
if [[ "$setup_spaces" = [yY] ]]; then
echo "installing s3cmd via yum"
echo "please wait..."
yum -y -q install s3cmd >/dev/null 2>&1
spaces_err=$?
if [[ "$spaces_err" -ne '0' ]]; then
echo "error: s3cmd failed to install"
elif [[ "$spaces_err" -eq '0' ]]; then
echo
echo "success: s3cmd installed"
echo
echo "setup s3cmd --configure options for DO Spaces"
echo "s3cmd configuration will be saved to /root/.s3cfg"
echo
echo "will need on hand the following details"
echo
echo "1. DO Spaces Access Key"
echo "2. DO Spaces Secret Key"
echo "3. DO Spaces Endpoint i.e. sfo2.digitaloceanspaces.com"
echo "4. Desired s3cmd Encryption password you want to set"
echo
read -ep "Enter your DO Spaces Access Key : " do_spaces_accesskey
echo
read -ep "Enter your DO Spaces Secret Key : " do_spaces_secretkey
echo
read -ep "Enter your DO Spaces Endpoint : " do_spaces_endpoint
echo
read -ep "Enter desired Encryption password : " do_spaces_passphrase
echo
cat > /root/.s3cfg <<EOFF
[default]
access_key = $do_spaces_accesskey
access_token =
add_encoding_exts =
add_headers =
bucket_location = US
ca_certs_file =
cache_file =
check_ssl_certificate = True
check_ssl_hostname = True
cloudfront_host = cloudfront.amazonaws.com
content_disposition =
content_type =
default_mime_type = binary/octet-stream
delay_updates = False
delete_after = False
delete_after_fetch = False
delete_removed = False
dry_run = False
enable_multipart = True
encrypt = False
expiry_date =
expiry_days =
expiry_prefix =
follow_symlinks = False
force = False
get_continue = False
gpg_command = /bin/gpg
gpg_decrypt = %(gpg_command)s -d --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
gpg_encrypt = %(gpg_command)s -c --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
gpg_passphrase = $do_spaces_passphrase
guess_mime_type = True
host_base = ${do_spaces_endpoint}
host_bucket = %(bucket)s.${do_spaces_endpoint}
human_readable_sizes = False
invalidate_default_index_on_cf = False
invalidate_default_index_root_on_cf = True
invalidate_on_cf = False
kms_key =
limit = -1
limitrate = 0
list_md5 = False
log_target_prefix =
long_listing = False
max_delete = -1
mime_type =
multipart_chunk_size_mb = 15
multipart_max_chunks = 10000
preserve_attrs = True
progress_meter = True
proxy_host =
proxy_port = 0
put_continue = False
recursive = False
recv_chunk = 65536
reduced_redundancy = False
requester_pays = False
restore_days = 1
restore_priority = Standard
secret_key = $do_spaces_secretkey
send_chunk = 65536
server_side_encryption = False
signature_v2 = False
signurl_use_https = False
simpledb_host = sdb.amazonaws.com
skip_existing = False
socket_timeout = 300
stats = False
stop_on_error = False
storage_class =
throttle_max = 100
upload_id =
urlencoding_mode = normal
use_http_expect = False
use_https = True
use_mime_magic = True
verbosity = WARNING
website_endpoint = http://%(bucket)s.s3-website-%(location)s.amazonaws.com/
website_error =
website_index = index.html
EOFF
echo "test s3cmd credentials"
echo "list DO Spaces"
echo
echo "s3cmd ls"
s3cmd ls
cmd_err=$?
if [[ "$cmd_err" -eq '0' ]]; then
space_name=$(s3cmd ls | head -n1 |awk '{print $3}')
echo
echo "Do you want to upload regenerated passwords to DO Spaces ?"
read -ep "Upload passwords to ${space_name}/opt-centminmod-$(hostname)/ ? [y/n]: " upload_passwords
echo
if [[ "$upload_passwords" = [yY] ]]; then
cd /opt/centminmod
echo "s3cmd put *.txt ${space_name}/opt-centminmod-$(hostname)/"
s3cmd put *.txt ${space_name}/opt-centminmod-$(hostname)/
uploadcmd_err=$?
if [[ "$uploadcmd_err" -eq '0' ]]; then
echo
echo "s3cmd ls ${space_name}/opt-centminmod-$(hostname)/ -r"
s3cmd ls ${space_name}/opt-centminmod-$(hostname)/ -r
echo
echo "to delete uploaded files you can run command:"
echo "s3cmd del ${space_name}/opt-centminmod-$(hostname) -r"
else
echo
echo "error: upload failed"
fi
else
echo "skip uploading regenerated passwords to DO Spaces"
fi
else
echo
echo "error: s3cmd ls failed..."
fi
echo
fi
else
echo "skipping DigitalOcean Spaces & s3cmd setup"
fi
echo
}
cleanup() {
reset_memcache_admin
reset_opcache
reset_phpinfo
reset_mysqlroot
log_cleanup
tmpfix
reset_bashrc
}
trap cleanup SIGHUP SIGINT SIGTERM
#########################################################
msg
get_email
set_hostname
whitelistip
cmm_update
yum_updates
autotune
reset_pureftpd_params
reset_memcache_admin
reset_opcache
reset_phpinfo
reset_mysqlroot
log_cleanup
service_checks
tmpfix
enable_phpstatus
reset_bashrc
do_spaces_setup
bookmark
exit
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment