Merge pull request #166 from joglomedia/2.x.x

2.x.x installer update

.env.dist

@@ -77,6 +77,9 @@ INSTALL_NGINX=true
 # Available Nginx installer: repo | source
 NGINX_INSTALLER="repo"
 
+# Nginx repository source: ondrej | myguard
+NGINX_REPO_SRC="myguard"
+
 # Supported Nginx version: stable (lts) | latest (mainline),
 # version number e.g. 1.18.0 (only if Nginx build from source).
 NGINX_VERSION="stable"
@@ -105,18 +108,19 @@ NGINX_EXTRA_MODULES=true
 
 # Availabe extra modules (true to enable),
 # requires Nginx installation from source.
-NGX_HTTP_AUTH_PAM=false
+NGX_HTTP_AUTH_PAM=true
 NGX_HTTP_BROTLI=true
 NGX_HTTP_CACHE_PURGE=true
 NGX_HTTP_DAV_EXT=false
 NGX_HTTP_ECHO=false
 NGX_HTTP_FANCYINDEX=true
 NGX_HTTP_GEOIP=true
 
-# GeoIP2 with MaxMind GeoLite2 database. GeoLite2 license key is required,
-# Get it from here https://www.maxmind.com/en/geolite2/signup
+# GeoIP2 with MaxMind GeoLite2 database.
 NGX_HTTP_GEOIP2=false
-GEOLITE2_LICENSE_KEY="zHccSDDcvqS4A0Ps"
+
+# GeoLite2 license key is required, get it from here https://www.maxmind.com/en/geolite2/signup
+GEOLITE2_LICENSE_KEY=""
 
 NGX_HTTP_HEADERS_MORE=true
 NGX_HTTP_IMAGE_FILTER=true
@@ -146,9 +150,10 @@ NGX_HTTP_XSLT_FILTER=true
 NGX_MAIL=true
 NGX_NCHAN=false
 
+# Note: Be aware that PAGESPEED is no longer being developed.
+NGX_PAGESPEED=false
 # For Nginx latest v1.23 or greater, try using NPS v1.14.33.1-RC1 or latest-stable
 NGX_PAGESPEED_VERSION="latest-stable"
-NGX_PAGESPEED=false
 
 NGX_RTMP=false
 NGX_STREAM=true
@@ -162,15 +167,15 @@ INSTALL_PHP=true
 
 # It is highly recommended to install PHP version 7.4 or greater.
 # Installing multiple versions is supported, separate version by space.
-PHP_VERSIONS="8.1 8.2"
+PHP_VERSIONS="8.1 8.2 8.3"
 
 # Additional PHP modules (extensions) to install.
 # Installing multiple extension is supported, separate version by space.
 # Type only the extension name (without php*-).
-PHP_EXTENSIONS="geoip gnupg imagick igbinary json mcrypt memcache memcached msgpack openswoole sodium"
+PHP_EXTENSIONS="geoip gnupg imagick igbinary json mcrypt memcache memcached msgpack sodium"
 
 # DO NOT CHANGE
-DEFAULT_PHP_VERSION="8.1"
+DEFAULT_PHP_VERSION="8.2"
 
 [php-loader]
 # PHP Loader is a PHP extension (module) that enables PHP
@@ -209,7 +214,11 @@ IMAGEMAGICK_VERSION="7.1.0-21"
 
 [mysql]
 INSTALL_MYSQL=true
+
+# Currently only support mariadb.
 MYSQL_SERVER="mariadb"
+
+# MySQL / MariaDB version.
 MYSQL_VERSION="11.1"
 
 # Securing MySQL installation.
@@ -257,8 +266,9 @@ MEMCACHED_PASSWORD=""
 [mongodb]
 INSTALL_MONGODB=false
 
-# Available MongoDB version: 4.2, 4.3, 4.4, or 5.0.
-MONGODB_VERSION="5.0"
+# Available supported MongoDB version: 5.0, 6.0, or 7.0.
+# Set MongoDB 6.0 as default for Debian (Buster, Bullseye) & Ubuntu (Bionic, Focal, Jammy).
+MONGODB_VERSION="6.0"
 
 # MongoDB default admin account.
 MONGODB_ADMIN_USER="lempermo"
@@ -284,7 +294,7 @@ INSTALL_FTP_SERVER=true
 FTP_SERVER_INSTALLER="repo"
 
 # Supported FTP server: vsftpd | pureftpd.
-FTP_SERVER_NAME="vsftpd"
+FTP_SERVER_NAME="pureftpd"
 
 # Available version: 3.0.5 (vsftpd), 1.0.50 (pure-ftpd), or latest.
 FTP_SERVER_VERSION="latest"
@@ -308,7 +318,7 @@ INSTALL_MAILER=true
 INSTALL_SPFDKIM=true
 
 # Sender domain is required, if left empty it will be sets to the default hostname domain.
-# Ensure that the hostname or sender domain already pointed to this server IP address.
+# Ensure that the hostname or sender domain already pointed to the server's IP address.
 SENDER_DOMAIN=""
 
 [certbot]
@@ -322,6 +332,9 @@ HOSTNAME_CERT_PATH=""
 # length of bits used for generating RSA key / Diffie-Helman params.
 KEY_HASH_LENGTH=2048
 
+# Python used for Certbot.
+DEFAULT_PYTHON_VERSION="3.9.19"
+
 [firewall]
 INSTALL_FW=true
 
@@ -331,8 +344,8 @@ INSTALL_FW=true
 FW_CONFIGURATOR="ufw"
 
 [fail2ban]
-INSTALL_FAIL2BAN=true
+INSTALL_FAIL2BAN=false
 
 # Available installer: repo | source.
-FAIL2BAN_INSTALLER="source"
+FAIL2BAN_INSTALLER="repo"
 FAIL2BAN_VERSION="1.0.2"

README.md

@@ -28,14 +28,14 @@ LEMPer stands for Linux, Engine-X (Nginx), MariaDB and PHP installer written in
     * FastCGI [cache purge module](https://github.com/nginx-modules/ngx_cache_purge.git) for atomic cache purging
     * Customizable SSL library: OpenSSL (default), LibreSSL, and BoringSSL
     * and much more useful 3rd-party modules.
-  * Pre-configured optimization for low-end VPS/cloud server. Need reliable VPS/cloud server? Get one from [UpCloud](https://masedi.net/l/upcloud/) or [DigitalOcean](https://masedi.net/l/digitalocean/).
+  * Pre-configured optimization for low-end VPS/cloud server. Need reliable VPS/cloud server? Get one from [DigitalOcean](https://masedi.net/l/digitalocean/), [UpCloud](https://masedi.net/l/upcloud/), or [Vultr](https://masedi.net/l/vultr/).
   * Nginx virtual host (vhost) configuration optimized for WordPress and several PHP Frameworks.
   * Support HTTP/2 natively for your secure website.
   * Free SSL certificates from [Let's Encrypt](https://letsencrypt.org/).
   * Get an A+ grade on several SSL Security Test ([Qualys SSL Labs](https://www.ssllabs.com/ssltest/analyze.html?d=masedi.net), [ImmuniWeb](https://www.immuniweb.com/ssl/?id=bVrykFnK), and Wormly).
 * PHP - Most used language that [powers 78.9% of all websites](https://w3techs.com/technologies/details/pl-php) around the universe.
   * Community package from [Ondrej's PHP repository](https://launchpad.net/~ondrej/+archive/ubuntu/php).
-  * Multiple PHP versions ~5.6 [EOL]~, ~7.0 [EOL]~, ~7.1 [EOL]~, ~7.2 [EOL]~, ~7.3 [EOL]~, 7.4 [SFO], 8.0, 8.1, 8.2 (Latest).
+  * Multiple PHP versions ~7.1 [EOL]~, ~7.2 [EOL]~, ~7.3 [EOL]~, ~7.4 [EOL]~, ~8.0 [EOL]~, 8.1 [SFO], 8.2 [Stable], 8.3 [Latest].
   * Run PHP as user who own the file (Multi-user isolation via FPM pool).
   * Feel the faster Nginx with secure multi-user environment like a top-notch shared hosting.
   * Supported PHP Framework and CMS:
@@ -82,7 +82,7 @@ sudo ./remove.sh
 
 ### LEMPer Command Line Administration Tool
 
-LEMPer packed with friendly command line tool which will make your LEMP stack administration much easier. These command line tool called Lemper CLI (lemper-cli) for creating new virtual host and managing existing LEMP stack.
+LEMPer packed with friendly command line tool which makes your LEMPer stack administration much easier. These command line tool called Lemper CLI (lemper-cli) for creating new virtual host and managing existing LEMPer stack.
 
 #### LEMPer CLI Usage
 
@@ -160,7 +160,8 @@ http://YOUR_IP_ADDRESS:8082/lcp/filemanager/
 
 ## TODOs
 
-* [x] Custom build latest [Nginx](https://nginx.org/en/) from source
+* [x] Add support for Debian (Bullseye, Bookworm) & Ubuntu (Bionic, Focal, Jammy) distro
+* [x] Add custom build latest [Nginx](https://nginx.org/en/) from source
 * [x] Add [Let's Encrypt SSL](https://letsencrypt.org/)
 * [x] Add network security (iptable rules, firewall configurator, else?)
 * [x] Add database backup tool (Mariabackup, Percona Xtrabackup, else?)
@@ -230,6 +231,6 @@ LEMPer Stack is open-source project licensed under the GNU GPLv3 license.
 
 ## Copyright
 
-(c) 2014-2023 | [MasEDI.Net](https://masedi.net/)
+(c) 2014-2024 | [MasEDI.Net](https://masedi.net/)
 
 ### Enjoy LEMPer Stack ;)

etc/default/pure-ftpd-common

@@ -0,0 +1,26 @@
+# Configuration for pure-ftpd
+# (this file is sourced by /bin/sh, edit accordingly)
+
+# STANDALONE_OR_INETD
+# valid values are "standalone" and "inetd".
+# Any change here overrides the setting in debconf.
+STANDALONE_OR_INETD=standalone
+
+# VIRTUALCHROOT: 
+# whether to use binary with virtualchroot support
+# valid values are "true" or "false"
+# Any change here overrides the setting in debconf.
+VIRTUALCHROOT=false
+
+# UPLOADSCRIPT: if this is set and the daemon is run in standalone mode,
+# pure-uploadscript will also be run to spawn the program given below
+# for handling uploads. see /usr/share/doc/pure-ftpd/README.gz or
+# pure-uploadscript(8)
+
+# example: UPLOADSCRIPT=/usr/local/sbin/uploadhandler.pl
+UPLOADSCRIPT=
+
+# if set, pure-uploadscript will spawn  running as the
+# given uid and gid
+UPLOADUID=
+UPLOADGID=

etc/init.d/pure-ftpd

@@ -60,7 +60,10 @@ test -x $WRAPPER || exit 0
 set -e
 
 if [ ! -e `dirname $PIDFILE` ];then
-       mkdir `dirname $PIDFILE`
+    mkdir `dirname $PIDFILE`
+
+    # label directory correctly on SE Linux systems (#980051)
+    [ -x /sbin/restorecon ] && /sbin/restorecon `dirname $PIDFILE`
 fi
 
 start_uploadscript() {
@@ -82,7 +85,7 @@ case "$1" in
   start)
 	test "$STANDALONE_OR_INETD" = standalone || exit 0
 	echo -n "Starting $DESC: "
-	 --start $SSDAEMONLOGOPTS --pidfile "$PIDFILE" \
+	start-stop-daemon --start $SSDAEMONLOGOPTS --pidfile "$PIDFILE" \
 		--exec $WRAPPER -- $SUFFIX
 	start_uploadscript Starting
 	;;

etc/pure-ftpd/conf/AltLog

@@ -0,0 +1 @@
+clf:/var/log/pure-ftpd/transfer.log

etc/pure-ftpd/conf/FSCharset

@@ -0,0 +1 @@
+UTF-8

etc/pure-ftpd/conf/MinUID

@@ -0,0 +1 @@
+1000

etc/pure-ftpd/conf/NoAnonymous

@@ -0,0 +1 @@
+yes

etc/pure-ftpd/conf/PAMAuthentication

@@ -0,0 +1 @@
+yes

etc/pure-ftpd/conf/PureDB

@@ -0,0 +1 @@
+/etc/pure-ftpd/pureftpd.pdb

etc/pure-ftpd/conf/TLSCipherSuite

@@ -0,0 +1 @@
+HIGH

etc/pure-ftpd/conf/UnixAuthentication

@@ -0,0 +1 @@
+no

etc/pure-ftpd/pure-ftpd.conf

@@ -0,0 +1,60 @@
+ChrootEveryone               yes
+BrokenClientsCompatibility   no
+MaxClientsNumber             50
+Daemonize                    yes
+MaxClientsPerIP              8
+VerboseLog                   no
+DisplayDotFiles              yes
+AnonymousOnly                no
+NoAnonymous                  no
+SyslogFacility               ftp
+DontResolve                  yes
+MaxIdleTime                  15
+
+# MySQLConfigFile              /etc/pureftpd-mysql.conf
+# PureDB                       /etc/pureftpd.pdb
+PureDB                       /etc/pure-ftpd/pureftpd.pdb
+
+# ExtAuth                      /var/run/ftpd.sock
+
+# PAMAuthentication            yes
+UnixAuthentication           yes
+
+LimitRecursion               10000 8
+AnonymousCanCreateDirs       no
+MaxLoad                      4
+
+PassivePortRange             45000 45099
+ForcePassiveIP               52.221.186.193
+
+# AntiWarez                    yes
+
+# Bind                         127.0.0.1,21
+
+Umask                        133:022
+MinUID                       100
+AllowUserFXP                 no
+AllowAnonymousFXP            no
+ProhibitDotFilesWrite        no
+ProhibitDotFilesRead         no
+AutoRename                   no
+AnonymousCantUpload          no
+# TrustedIP                    10.1.1.1
+
+# CreateHomeDir                yes
+# Quota                        1000:10
+
+# PIDFile                      /var/run/pure-ftpd.pid
+PIDFile                      /var/run/pure-ftpd/pure-ftpd.pid
+
+# CallUploadScript             yes
+
+MaxDiskUsage                   90
+CustomerProof                yes
+
+IPV4Only                     no
+
+TLS                          2
+TLSCipherSuite               HIGH:MEDIUM:+TLSv1:!SSLv2:!SSLv3
+CertFile                     /etc/ssl/certs/ssl-cert-snakeoil.pem
+

etc/pure-ftpd/pureftpd-dir-aliases

@@ -0,0 +1,10 @@
+# Configuration file for directory aliases
+#
+# To define alias/directory pairs, use alternating lines of alias
+# and directory (optional blank lines are allowed) like that:
+#
+# pictures
+# /usr/misc/pictures
+#
+# sources
+# /usr/src

install.sh

@@ -283,6 +283,9 @@ Please Save the above Credentials & Keep it Secure!
 
         status "${CREDENTIALS}"
 
+        # Send credentials to admin email.
+        run bash -c "echo '${CREDENTIALS}' | mail -s 'LEMPer Stack Credentials for ${SERVER_IP}' ${LEMPER_ADMIN_EMAIL}"
+
         # Save it to log file
         #save_log "${CREDENTIALS}"
 

remove.sh

@@ -187,6 +187,10 @@ fi
 ### Remove unnecessary packages ###
 echo -e "\nCleaning up unnecessary packages..."
 
+if [[ "${FORCE_REMOVE}" == true ]]; then
+    [ -d /tmp/lemper ] && run rm -fr /tmp/lemper
+fi
+
 run apt-get autoremove -q -y && \
 run apt-get autoclean -q -y && \
 run apt-get clean -q -y