hazcod/setup_media_vps.sh

## setup_media_vps.sh
address="vps.tv"

sudo apt-get install -y apache2
sudo mkdir /var/log/httpd
sudo a2enmod headers
sudo a2enmod dav
sudo a2enmod dav_fs
sudo a2enmod rewrite
sudo a2enmod ssl
sudo a2enmod auth_digest
sudo a2enmod proxy
sudo a2enmod proxy_http
openssl req \
    -new \
    -newkey rsa:4096 \
    -days 7300 \
    -nodes \
    -x509 \
    -subj "/C=BE/ST=Vlaams-Brabant/L=Diegem/O=D00MED inc./OU=IT Services/CN=$address" \
    -keyout /etc/apache2/server.key \
    -out /etc/apache2/server.crt \
    -sha256

sudo rm /etc/apache2/sites-enabled/*
sudo rm /etc/apache2/sites-available/*

cat > /etc/apache2/sites-available/default.conf << EOF
User www-data
Group www-data
ServerSignature Off
ServerTokens Prod

ServerName gunther.tv

<VirtualHost *:80>
  # This VirtualHost redirects everything to HTTPS on port 443.
  RewriteEngine On
  RewriteCond %{HTTPS} off
  RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>

<VirtualHost *:443>
  Options -Includes -ExecCGI

  RewriteEngine On
  RewriteCond %{THE_REQUEST} !HTTP/1.1$
  RewriteRule .* - [F]

  LimitRequestBody 512000
  SSLEngine On
  SSLCertificateFile /etc/apache2/server.crt
  SSLCertificateKeyFile /etc/apache2/server.key
  SSLProtocol +TLSv1.2

  Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
  Header always set X-Frame-Options DENY
  FileETag None
  TraceEnable off
  Header edit Set-Cookie ^(.*)$ ;HttpOnly;Secure
  Header set X-XSS-Protection "1; mode=block"
	Timeout 60

	ProxyRequests Off
	ProxyPreserveHost On

  <Directory />
    Order deny,allow
    deny from all
  </Directory>

	<Location /request>
	# PLEX REQUESTS
		ProxyPass http://127.0.0.1:3000/
		ProxyPassReverse http://127.0.0.1:3000/
	</Location>

	Alias /dav /mnt/storage/media
  Alias /pwatch /var/www/plexwatch

  <Location /dav>
	# WEBDAV
    Options Indexes
    DAV On
    AuthType Digest
    AuthName "Media"
    AuthDigestProvider file
    AuthUserFile /etc/apache2/dav.auth
    Require valid-user
  </Location>

	<Location /sonarr>
	# SONARR
		ProxyPass http://127.0.0.1:8989/
		ProxyPassReverse http://127.0.0.1:8989/
	</Location>

	<Location /couch>
	# COUCHPOTATO
		ProxyPass http://127.0.0.1:5050/
		ProxyPassReverse http://127.0.0.1:5050/
	</Location>

	<Location /sab>
	# SABNZBD
		ProxyPass http://127.0.0.1:9090/
		ProxyPassReverse http://127.0.0.1:9090/
	</Location>

  <Location /pwatch>
    AuthType Digest
    AuthName "pwatch"
    AuthDigestProvider file
    AuthUserFile /etc/apache2/pwatch.auth
    Require valid-user
  </Location>

	# PLEX
  RewriteEngine on
  RewriteCond %{REQUEST_URI} !^/web
  RewriteCond %{HTTP:X-Plex-Device} ^$
  RewriteRule ^/$ /web/ [R,L]

  ProxyPass / http://127.0.0.1:32400/
  ProxyPassReverse / http://127.0.0.1:32400/

  ErrorLog /var/log/httpd/error.log
  CustomLog /var/log/httpd/access-log "%h %l %u %t \"%r\" %>s %b"
  ErrorDocument 404 "Page not found."
  ErrorDocument 500 "Sorry, our script crashed. Oh dear.. "
  ErrorDocument 401 "You do not have access."
</VirtualHost>

EOF

sudo a2ensite default
sudo service apache2 restart
	address="vps.tv"

	sudo apt-get install -y apache2
	sudo mkdir /var/log/httpd
	sudo a2enmod headers
	sudo a2enmod dav
	sudo a2enmod dav_fs
	sudo a2enmod rewrite
	sudo a2enmod ssl
	sudo a2enmod auth_digest
	sudo a2enmod proxy
	sudo a2enmod proxy_http
	openssl req \
	-new \
	-newkey rsa:4096 \
	-days 7300 \
	-nodes \
	-x509 \
	-subj "/C=BE/ST=Vlaams-Brabant/L=Diegem/O=D00MED inc./OU=IT Services/CN=$address" \
	-keyout /etc/apache2/server.key \
	-out /etc/apache2/server.crt \
	-sha256

	sudo rm /etc/apache2/sites-enabled/*
	sudo rm /etc/apache2/sites-available/*

	cat > /etc/apache2/sites-available/default.conf << EOF
	User www-data
	Group www-data
	ServerSignature Off
	ServerTokens Prod

	ServerName gunther.tv

	<VirtualHost *:80>
	# This VirtualHost redirects everything to HTTPS on port 443.
	RewriteEngine On
	RewriteCond %{HTTPS} off
	RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
	</VirtualHost>

	<VirtualHost *:443>
	Options -Includes -ExecCGI

	RewriteEngine On
	RewriteCond %{THE_REQUEST} !HTTP/1.1$
	RewriteRule .* - [F]

	LimitRequestBody 512000
	SSLEngine On
	SSLCertificateFile /etc/apache2/server.crt
	SSLCertificateKeyFile /etc/apache2/server.key
	SSLProtocol +TLSv1.2

	Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
	Header always set X-Frame-Options DENY
	FileETag None
	TraceEnable off
	Header edit Set-Cookie ^(.*)$ ;HttpOnly;Secure
	Header set X-XSS-Protection "1; mode=block"
	Timeout 60

	ProxyRequests Off
	ProxyPreserveHost On

	<Directory />
	Order deny,allow
	deny from all
	</Directory>

	<Location /request>
	# PLEX REQUESTS
	ProxyPass http://127.0.0.1:3000/
	ProxyPassReverse http://127.0.0.1:3000/
	</Location>

	Alias /dav /mnt/storage/media
	Alias /pwatch /var/www/plexwatch

	<Location /dav>
	# WEBDAV
	Options Indexes
	DAV On
	AuthType Digest
	AuthName "Media"
	AuthDigestProvider file
	AuthUserFile /etc/apache2/dav.auth
	Require valid-user
	</Location>

	<Location /sonarr>
	# SONARR
	ProxyPass http://127.0.0.1:8989/
	ProxyPassReverse http://127.0.0.1:8989/
	</Location>

	<Location /couch>
	# COUCHPOTATO
	ProxyPass http://127.0.0.1:5050/
	ProxyPassReverse http://127.0.0.1:5050/
	</Location>

	<Location /sab>
	# SABNZBD
	ProxyPass http://127.0.0.1:9090/
	ProxyPassReverse http://127.0.0.1:9090/
	</Location>

	<Location /pwatch>
	AuthType Digest
	AuthName "pwatch"
	AuthDigestProvider file
	AuthUserFile /etc/apache2/pwatch.auth
	Require valid-user
	</Location>

	# PLEX
	RewriteEngine on
	RewriteCond %{REQUEST_URI} !^/web
	RewriteCond %{HTTP:X-Plex-Device} ^$
	RewriteRule ^/$ /web/ [R,L]

	ProxyPass / http://127.0.0.1:32400/
	ProxyPassReverse / http://127.0.0.1:32400/

	ErrorLog /var/log/httpd/error.log
	CustomLog /var/log/httpd/access-log "%h %l %u %t \"%r\" %>s %b"
	ErrorDocument 404 "Page not found."
	ErrorDocument 500 "Sorry, our script crashed. Oh dear.. "
	ErrorDocument 401 "You do not have access."
	</VirtualHost>

	EOF

	sudo a2ensite default
	sudo service apache2 restart