greenpeas/add_new_site.sh

## add_new_site.sh
#!/bin/bash

source /root/sh/db.sh

TIMEZONE='Europe/Moscow'

MYSQLPASS=`< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c12`
SFTPPASS=`< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c12`
PASSWORD=`< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c12`
##############

echo "Укажите имя пользователя:"
read USERNAME

/bin/egrep  -i "^${USERNAME}" /etc/passwd >/dev/null
if [ $? -eq 0 ]; then
	echo "Пользователь $USERNAME уже существует"
	exit
fi


echo "Укажите домен:"
read DOMAIN

##############

echo "Creating user and home directory..."
useradd $USERNAME -m -G webusers -s "/bin/false" -d "/home/$USERNAME"
if [ "$?" -ne 0 ]; then
	echo "Can't add user"
	exit 1
fi
# Добавляем nginx в группу пользователя
usermod -a -G $USERNAME nginx

echo $SFTPPASS > ./tmp
echo $SFTPPASS >> ./tmp
cat ./tmp | passwd $USERNAME
rm ./tmp

##############

mkdir /home/$USERNAME/www -m 0750
mkdir /home/$USERNAME/tmp -m 0700

echo "<?php echo 'Hello world!';" > /home/$USERNAME/www/index.php

chown -R $USERNAME:$USERNAME /home/$USERNAME/
chown root:root /home/$USERNAME
chmod 755 /home/$USERNAME/

mkdir /home/$USERNAME/.ssh -m 0600
chown $USERNAME:$USERNAME /home/$USERNAME/.ssh

mkdir /home/$USERNAME/logs -m 0777
#chown nginx:nginx /home/$USERNAME/logs

mkdir /home/$USERNAME/backups

echo "upstream backend-$USERNAME {server unix:/var/run/php5-$USERNAME.sock;}

server {
	listen				80;
	server_name			$DOMAIN www.$DOMAIN;
	root				/home/$USERNAME/www;
	access_log			/home/$USERNAME/logs/access.log;
	error_log			/home/$USERNAME/logs/error.log;
	index				index.php index.html;
	rewrite_log			on;
	if (\$host != '$DOMAIN' ) {
		rewrite			^/(.*)$  http://$DOMAIN/\$1  permanent;
	}" > /etc/nginx/conf.d/$USERNAME.conf

echo "Укажите будущий WEB движок"
select ENGINE in "Yii" "MODx" "UMI" "Other";
do
    case $ENGINE in
        MODx )
            echo "Creating vhost file for MODx"
            echo "
	location ~* ^/core/ {
		deny			all;
	}
	location / {
		try_files		\$uri \$uri/ @rewrite;
	}
	location @rewrite {
		rewrite			^/(.*)\$ /index.php?q=\$1;
	}
	location ~ \.php$ {
		include			fastcgi_params;
		fastcgi_param	SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
		fastcgi_pass	backend-$USERNAME;
	}
" >> /etc/nginx/conf.d/$USERNAME.conf
        break;;
        UMI )
            echo "Creating vhost file for UMI"
            echo "
    location ~* ^\/(classes|errors\/logs|sys\-temp|cache|xmldb|static|packages) {
		deny all;
	}

	location ~* (\/for_del_connector\.php|\.ini|\.conf)\$ {
		deny all;
	}

    location ~* ^(\/files\/|\/images\/) {
		try_files \$uri =404;
	}

    location ~* ^\/images\/autothumbs\/ {
		try_files \$uri @autothumbs =404;
	}

    location @autothumbs {
		rewrite ^\/images\/autothumbs\/(.*)\$ /autothumbs.php?img=\$1\$query_string last;
	}

    location @clean_url {
		rewrite ^/(.*)\$ /index.php?path=\$1 last;
	}

    location @dynamic {
		try_files \$uri @clean_url;
	}

	location / {
		rewrite ^\/robots\.txt /sbots.php?path=\$1 last;
		rewrite ^\/sitemap\.xml /sitemap.php last;
		rewrite ^\/\~\/([0-9]+)\$ /tinyurl.php?id=\$1 last;
		rewrite ^\/(udata|upage|uobject|ufs|usel|ulang|utype|umess|uhttp):?(\/\/)?(.*)? /releaseStreams.php?scheme=\$1&path=\$3 last;

		rewrite ^\/(.*)\.xml\$ /index.php?xmlMode=force&path=\$1 last;
		rewrite ^(.*)\.json\$ /index.php?jsonMode=force&path=\$1 last;
		if (\$cookie_umicms_session) {
			error_page 412 = @dynamic;
			return 412;
		}
		if (\$request_method = 'POST') {
			error_page 412 = @dynamic;
			return 412;
		}

		rewrite  ^(.*)\$  /index.php?path=\$uri&\$args&umi_authorization=\$http_authorization last;
	}

    location ~* \.js\$ {
		rewrite ^\/(udata|upage|uobject|ufs|usel|ulang|utype|umess|uhttp):?(\/\/)?(.*)? /releaseStreams.php?scheme=\$1&path=\$3 last;
		try_files \$uri =404;
	}

	location ~* \.php\$ {
        include                 fastcgi_params;
        fastcgi_pass	        backend-$USERNAME;
        fastcgi_index           index.php;
        fastcgi_param	        SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
		fastcgi_param           PHP_ADMIN_VALUE \"sendmail_path = /usr/sbin/sendmail -t -i -f webmaster@cgb-kislovodsk.ru\";
		fastcgi_split_path_info ^((?U).+\.ph(?:p\d*|tml))(/?.+)\$;
		try_files               \$uri =404;

	}
" >> /etc/nginx/conf.d/$USERNAME.conf
        break;;
        Yii|Other )

            echo "Creating vhost file for Yii"
            echo "
	location / {
		try_files		\$uri \$uri/ /index.php?\$args;
	}

	location ~ \.php$ {
		include			fastcgi_params;
		fastcgi_param	SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
		fastcgi_pass	backend-$USERNAME;
	}
" >> test.conf
        break;;
    esac
done

echo "
    location ~ /\.ht {
		deny			all;
	}

    location ~* ^.+\.(jpg|jpeg|gif|css|png|js|ico|bmp|map|woff|woff2|ttf)\$ {
        try_files \$uri =404;
        access_log		off;
        expires			2d;
        break;
	}
}
" >> /etc/nginx/conf.d/$USERNAME.conf

echo "Creating php-fpm config"

echo "[$USERNAME]

listen = /var/run/php5-$USERNAME.sock
listen.mode = 0660
listen.owner = nginx
listen.group = nginx

user = $USERNAME
group = $USERNAME
chdir = /home/$USERNAME

php_admin_value[upload_tmp_dir] = /home/$USERNAME/tmp
php_admin_value[soap.wsdl_cache_dir] = /home/$USERNAME/tmp
php_admin_value[upload_max_filesize] = 100M
php_admin_value[post_max_size] = 100M
php_admin_value[open_basedir] = /home/$USERNAME/:/usr/share/pear:/usr/share/php
php_admin_value[disable_functions] = exec,passthru,shell_exec,system,proc_open,popen,curl_multi_exec,show_source,stream_socket_client,stream_set_write_buffer,stream_socket_sendto,highlight_file,com_load_typelib
php_admin_value[cgi.fix_pathinfo] = 0
php_admin_value[date.timezone] = $TIMEZONE

php_value[session.save_handler] = files
php_value[session.save_path] = /home/$USERNAME/tmp
php_admin_value[session.gc_probability] = 1
php_admin_value[session.gc_divisor] = 100

php_admin_value[error_log] = /home/$USERNAME/logs/php-fpm-error.log

pm = dynamic
pm.max_children = 10
pm.start_servers = 2
pm.min_spare_servers = 2
pm.max_spare_servers = 4
" > /etc/php-fpm.d/$USERNAME.conf

echo "Reloading nginx"
systemctl restart nginx.service
echo "Reloading php-fpm"
systemctl restart php-fpm.service

##############


echo "Создать базу данных?"
select CDB in "Yes" "No";
do
    case $CDB in
        Yes )
        echo "Создаем БД $USERNAME"
        Q1="CREATE DATABASE IF NOT EXISTS $USERNAME DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;"
        Q2="GRANT ALTER,DELETE,DROP,CREATE,INDEX,INSERT,SELECT,UPDATE,CREATE TEMPORARY TABLES,LOCK TABLES ON $USERNAME.* TO '$USERNAME'@'localhost' IDENTIFIED BY '$MYSQLPASS';"
        Q3="FLUSH PRIVILEGES;"
        SQL="${Q1}${Q2}${Q3}"
        mysql -uroot --password=$ROOTPASS -e "$SQL"
        break;;
        * )
        MYSQLPASS="---"
        break;;
    esac
done

echo "Done.
User: $USERNAME
SFTP password: $SFTPPASS
Mysql password: $MYSQLPASS" > /home/$USERNAME/pass.txt

cat /home/$USERNAME/pass.txt
chmod 0700 /home/$USERNAME/pass.txt
	#!/bin/bash

	source /root/sh/db.sh

	TIMEZONE='Europe/Moscow'

	MYSQLPASS=`< /dev/urandom tr -dc _A-Z-a-z-0-9 \| head -c12`
	SFTPPASS=`< /dev/urandom tr -dc _A-Z-a-z-0-9 \| head -c12`
	PASSWORD=`< /dev/urandom tr -dc _A-Z-a-z-0-9 \| head -c12`
	##############

	echo "Укажите имя пользователя:"
	read USERNAME

	/bin/egrep -i "^${USERNAME}" /etc/passwd >/dev/null
	if [ $? -eq 0 ]; then
	echo "Пользователь $USERNAME уже существует"
	exit
	fi


	echo "Укажите домен:"
	read DOMAIN

	##############

	echo "Creating user and home directory..."
	useradd $USERNAME -m -G webusers -s "/bin/false" -d "/home/$USERNAME"
	if [ "$?" -ne 0 ]; then
	echo "Can't add user"
	exit 1
	fi
	# Добавляем nginx в группу пользователя
	usermod -a -G $USERNAME nginx

	echo $SFTPPASS > ./tmp
	echo $SFTPPASS >> ./tmp
	cat ./tmp \| passwd $USERNAME
	rm ./tmp

	##############

	mkdir /home/$USERNAME/www -m 0750
	mkdir /home/$USERNAME/tmp -m 0700

	echo "<?php echo 'Hello world!';" > /home/$USERNAME/www/index.php

	chown -R $USERNAME:$USERNAME /home/$USERNAME/
	chown root:root /home/$USERNAME
	chmod 755 /home/$USERNAME/

	mkdir /home/$USERNAME/.ssh -m 0600
	chown $USERNAME:$USERNAME /home/$USERNAME/.ssh

	mkdir /home/$USERNAME/logs -m 0777
	#chown nginx:nginx /home/$USERNAME/logs

	mkdir /home/$USERNAME/backups

	echo "upstream backend-$USERNAME {server unix:/var/run/php5-$USERNAME.sock;}

	server {
	listen 80;
	server_name $DOMAIN www.$DOMAIN;
	root /home/$USERNAME/www;
	access_log /home/$USERNAME/logs/access.log;
	error_log /home/$USERNAME/logs/error.log;
	index index.php index.html;
	rewrite_log on;
	if (\$host != '$DOMAIN' ) {
	rewrite ^/(.*)$ http://$DOMAIN/\$1 permanent;
	}" > /etc/nginx/conf.d/$USERNAME.conf

	echo "Укажите будущий WEB движок"
	select ENGINE in "Yii" "MODx" "UMI" "Other";
	do
	case $ENGINE in
	MODx )
	echo "Creating vhost file for MODx"
	echo "
	location ~* ^/core/ {
	deny all;
	}
	location / {
	try_files \$uri \$uri/ @rewrite;
	}
	location @rewrite {
	rewrite ^/(.*)\$ /index.php?q=\$1;
	}
	location ~ \.php$ {
	include fastcgi_params;
	fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
	fastcgi_pass backend-$USERNAME;
	}
	" >> /etc/nginx/conf.d/$USERNAME.conf
	break;;
	UMI )
	echo "Creating vhost file for UMI"
	echo "
	location ~* ^\/(classes\|errors\/logs\|sys\-temp\|cache\|xmldb\|static\|packages) {
	deny all;
	}

	location ~* (\/for_del_connector\.php\|\.ini\|\.conf)\$ {
	deny all;
	}

	location ~* ^(\/files\/\|\/images\/) {
	try_files \$uri =404;
	}

	location ~* ^\/images\/autothumbs\/ {
	try_files \$uri @autothumbs =404;
	}

	location @autothumbs {
	rewrite ^\/images\/autothumbs\/(.*)\$ /autothumbs.php?img=\$1\$query_string last;
	}

	location @clean_url {
	rewrite ^/(.*)\$ /index.php?path=\$1 last;
	}

	location @dynamic {
	try_files \$uri @clean_url;
	}

	location / {
	rewrite ^\/robots\.txt /sbots.php?path=\$1 last;
	rewrite ^\/sitemap\.xml /sitemap.php last;
	rewrite ^\/\~\/([0-9]+)\$ /tinyurl.php?id=\$1 last;
	rewrite ^\/(udata\|upage\|uobject\|ufs\|usel\|ulang\|utype\|umess\|uhttp):?(\/\/)?(.*)? /releaseStreams.php?scheme=\$1&path=\$3 last;

	rewrite ^\/(.*)\.xml\$ /index.php?xmlMode=force&path=\$1 last;
	rewrite ^(.*)\.json\$ /index.php?jsonMode=force&path=\$1 last;
	if (\$cookie_umicms_session) {
	error_page 412 = @dynamic;
	return 412;
	}
	if (\$request_method = 'POST') {
	error_page 412 = @dynamic;
	return 412;
	}

	rewrite ^(.*)\$ /index.php?path=\$uri&\$args&umi_authorization=\$http_authorization last;
	}

	location ~* \.js\$ {
	rewrite ^\/(udata\|upage\|uobject\|ufs\|usel\|ulang\|utype\|umess\|uhttp):?(\/\/)?(.*)? /releaseStreams.php?scheme=\$1&path=\$3 last;
	try_files \$uri =404;
	}

	location ~* \.php\$ {
	include fastcgi_params;
	fastcgi_pass backend-$USERNAME;
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
	fastcgi_param PHP_ADMIN_VALUE \"sendmail_path = /usr/sbin/sendmail -t -i -f webmaster@cgb-kislovodsk.ru\";
	fastcgi_split_path_info ^((?U).+\.ph(?:p\d*\|tml))(/?.+)\$;
	try_files \$uri =404;

	}
	" >> /etc/nginx/conf.d/$USERNAME.conf
	break;;
	Yii\|Other )

	echo "Creating vhost file for Yii"
	echo "
	location / {
	try_files \$uri \$uri/ /index.php?\$args;
	}

	location ~ \.php$ {
	include fastcgi_params;
	fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
	fastcgi_pass backend-$USERNAME;
	}
	" >> test.conf
	break;;
	esac
	done

	echo "
	location ~ /\.ht {
	deny all;
	}

	location ~* ^.+\.(jpg\|jpeg\|gif\|css\|png\|js\|ico\|bmp\|map\|woff\|woff2\|ttf)\$ {
	try_files \$uri =404;
	access_log off;
	expires 2d;
	break;
	}
	}
	" >> /etc/nginx/conf.d/$USERNAME.conf

	echo "Creating php-fpm config"

	echo "[$USERNAME]

	listen = /var/run/php5-$USERNAME.sock
	listen.mode = 0660
	listen.owner = nginx
	listen.group = nginx

	user = $USERNAME
	group = $USERNAME
	chdir = /home/$USERNAME

	php_admin_value[upload_tmp_dir] = /home/$USERNAME/tmp
	php_admin_value[soap.wsdl_cache_dir] = /home/$USERNAME/tmp
	php_admin_value[upload_max_filesize] = 100M
	php_admin_value[post_max_size] = 100M
	php_admin_value[open_basedir] = /home/$USERNAME/:/usr/share/pear:/usr/share/php
	php_admin_value[disable_functions] = exec,passthru,shell_exec,system,proc_open,popen,curl_multi_exec,show_source,stream_socket_client,stream_set_write_buffer,stream_socket_sendto,highlight_file,com_load_typelib
	php_admin_value[cgi.fix_pathinfo] = 0
	php_admin_value[date.timezone] = $TIMEZONE

	php_value[session.save_handler] = files
	php_value[session.save_path] = /home/$USERNAME/tmp
	php_admin_value[session.gc_probability] = 1
	php_admin_value[session.gc_divisor] = 100

	php_admin_value[error_log] = /home/$USERNAME/logs/php-fpm-error.log

	pm = dynamic
	pm.max_children = 10
	pm.start_servers = 2
	pm.min_spare_servers = 2
	pm.max_spare_servers = 4
	" > /etc/php-fpm.d/$USERNAME.conf

	echo "Reloading nginx"
	systemctl restart nginx.service
	echo "Reloading php-fpm"
	systemctl restart php-fpm.service

	##############


	echo "Создать базу данных?"
	select CDB in "Yes" "No";
	do
	case $CDB in
	Yes )
	echo "Создаем БД $USERNAME"
	Q1="CREATE DATABASE IF NOT EXISTS $USERNAME DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;"
	Q2="GRANT ALTER,DELETE,DROP,CREATE,INDEX,INSERT,SELECT,UPDATE,CREATE TEMPORARY TABLES,LOCK TABLES ON $USERNAME.* TO '$USERNAME'@'localhost' IDENTIFIED BY '$MYSQLPASS';"
	Q3="FLUSH PRIVILEGES;"
	SQL="${Q1}${Q2}${Q3}"
	mysql -uroot --password=$ROOTPASS -e "$SQL"
	break;;
	* )
	MYSQLPASS="---"
	break;;
	esac
	done

	echo "Done.
	User: $USERNAME
	SFTP password: $SFTPPASS
	Mysql password: $MYSQLPASS" > /home/$USERNAME/pass.txt

	cat /home/$USERNAME/pass.txt
	chmod 0700 /home/$USERNAME/pass.txt