webserver - split into seqs nginx and php and enhanced functionality

seqs/nginx.sh

@@ -0,0 +1,160 @@
+#!/bin/bash
+
+toolName="nginx"
+sq_toolDeps="nginx"
+sq_repoUrl="https://nginx.org/packages/debian"
+sq_keyUrl="https://nginx.org/keys"
+sq_toolConfig="/etc/nginx/nginx.conf"
+
+sq_aptOpt=
+
+seq_config() {
+  ## Apt cmdline option to suppress user interaction
+  interactive || sq_aptOpt="-y"
+  
+  ## Return of non zero value will abort the sequence
+  return 0
+}
+
+step_1_info() { echo "${toolName} status"; }
+step_1_alias() { echo "status"; }
+step_1() {
+  if ! command -v nginx >/dev/null ; then
+    exe apt-cache policy nginx
+    return 1
+  fi
+  exe nginx --version
+  exe systemctl status nginx
+}
+
+step_10_info() {
+  echo "Setup latest apt source list for ${toolName}:"
+  echoinfo "$sq_repoUrl"
+}
+step_10_alias() { echo "setup"; }
+step_10() {
+  local lArch=
+  case $(uname -m) in
+    aarch64)
+      lArch=arm64;;
+  esac
+  if [[ -n ${lArch:-} ]] ; then
+    info "Detected processor architecture: ${lArch}"
+    lArch="[arch=${lArch}]"
+  fi
+
+  info "Installing custom repository prerequisites:"
+  exe apt update
+  exe apt install apt-transport-https lsb-release ca-certificates curl ${sq_aptOpt}
+  info "Setup php repository including gpg key"
+  exep curl -fsSL  ${sq_keyUrl:?}/nginx_signing.key "|" gpg --dearmor -o "/etc/apt/trusted.gpg.d/nginx-keyring.gpg"
+  addConf -c "deb ${lArch:-} ${sq_repoUrl:?} $(lsb_release -sc) nginx" "/etc/apt/sources.list.d/nginx.list"
+  addConf -s "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
+    /etc/apt/preferences.d/99nginx
+  exe apt update
+}
+
+step_11_info() { 
+  echo "Installation of ${toolName} packages:"
+  echoinfo "${sq_toolDeps}"
+}
+step_11_alias() { echo "install"; }
+step_11() {
+  exe apt update
+  exe apt install ${sq_toolDeps} ${sq_aptOpt:-}
+  endReturn -o $? "Failed to install ${toolName}"
+}
+
+step_12_info() {
+  echo "Adapt default ${toolName} configuration"
+  echoinfo "Use Debian default web user \"www-data\" instead of \"nginx\"."
+}
+step_12() {
+  if ! grep -E "user\s*nginx;" "${sq_toolConfig}" >>/dev/null ; then
+    info "Nothing to do."
+    return 0
+  fi
+
+  exe systemctl stop nginx
+
+  info    "Installation from nginx.org repository detected."
+  info -a "Fixing nginx user..."
+  exe sed -i "s|user\(\s*\)nginx;|user\1www-data;|g" "${sq_toolConfig}"
+
+  local lQuiet=
+  interactive || lQuiet="-q"
+  info "Removing user nginx"
+  exe deluser ${lQuiet} nginx || true # allowed to fail if non existent
+
+  if [[ ! -e "/var/www" ]] ; then 
+    info "Create default web server directory."
+    exe mkdir "/var/www"
+    exe chown www-data: "/var/www"
+  fi
+}
+
+step_13_info() { echo "Basic nginx configuration for initial letsencrypt certificate creation"; }
+step_13_alias() { echo "initconf"; }
+step_13() {
+  exe mkdir -p "$(dirname -- "$snippetLetsencryptLoc")"
+
+  # Writing acme-challenge code snipped for certbot web root authentication
+  addConf -c "$snippetLetsencrypt" "$snippetLetsencryptLoc"
+
+  # Writing minimal default (see below)
+  addConf -c "$siteDefaultIp4" "$siteDefaultLoc"
+
+  # try fix errors on first install attempt
+  # (possible missing ipv6 support on system)
+  if [ $ERNO -ne 0 ] ; then
+    exe apt install ${sq_toolDeps} ${sq_aptOpt:-}
+  fi
+
+  # create webroot 
+  exe mkdir -p "$siteLetsencryptWww"
+
+  info -n "Restarting Nginx..."
+  if exe service nginx restart ; then
+    info "ok"
+  else
+    info "failed"
+    endReturn -o 1 "Failed to install ${toolName}"
+  fi
+}
+snippetLetsencryptLoc="/etc/nginx/snippets/letsencrypt.conf"
+siteLetsencryptWww="/var/www/letsencrypt"
+snippetLetsencrypt="\
+location ^~ /.well-known/acme-challenge/ {
+default_type \"text/plain\";
+root ${siteLetsencryptWww};
+}"
+siteDefaultLoc="/etc/nginx/conf.d/default"
+siteDefaultIp4="server {
+listen 80 default_server;
+
+include ${snippetLetsencryptLoc}; 
+}"
+
+step_20_info() { echo "Installation notes"; }
+step_20_alias() { echo "notes"; }
+step_20() {
+  color green
+  cat <<NOTES_EOF
+# Set user to www-data on debian and tune performance a bit
+
+  [/etc/nginx/nginx.conf]
+user www-data;
+worker_processes  1;
+
+events {
+    worker_connections  1024;
+    multi_accept        on;
+    use                 epoll;
+}
+NOTES_EOF
+}
+
+# shellcheck disable=SC2034 # Appears unused
+readonly sqr_minVersion=16
+# shellcheck disable=SC1091 # Don't follow this source
+. /usr/local/bin/sequencer.sh

seqs/php.cfg.example

@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+sc_phpVersion="8.0"
+# Add packages to be installed alongside the default (fpm cli)
+sc_phpPackages=(zip bz2)

seqs/php.sh

@@ -0,0 +1,187 @@
+#!/usr/bin/env bash
+
+readonly toolName=php
+readonly sq_repoUrl="https://packages.sury.org/php"
+
+# Already defined by sequencer.sh, but may be overwritten
+#readonly seq_configName="${sq_scriptName:?}.cfg"
+#readonly seq_configTemplate="${seq_origin:?}/${sq_configName:?}.example"
+
+sq_aptOpt=
+sq_config=0
+
+sq_phpName=php
+sq_FpmConfig=
+sq_CliConfig=
+sq_PoolConfig=
+sq_FpmIni=
+
+seq_config() {
+  if initSeqConfig "${seq_configName:?}" "${seq_configTemplate:?}" ; then
+    sq_config=1
+  else
+    # End if no configuration file exists
+    dry || return 1
+  fi
+
+  ## Apt cmdline option to suppress user interaction
+  interactive || sq_aptOpt="-y"
+
+  ## Disable error checks if external scripts are used
+  ## e.g. error on unbound variables
+  #disableErrorCheck
+
+  sq_phpName="php${sc_phpVersion:?}"
+
+  # Default dependencies for this seq
+  sc_phpPackages+=(fpm cli)
+
+  # Prepare php packages to be installed
+  sq_phpPackages="${sc_phpPackages[@]/#/${sq_phpName}-}"
+  
+  sq_FpmConfig="/etc/php/${sc_phpVersion:?}/fpm/conf.d/90-custom_pi.ini"
+  sq_CliConfig="/etc/php/${sc_phpVersion:?}/cli/conf.d/90-custom_pi.ini"
+  sq_PoolConfig="/etc/php/${sc_phpVersion:?}/fpm/pool.d/www.conf"
+  sq_FpmIni="/etc/php/${sc_phpVersion:?}/fpm/php-fpm.conf"
+
+  ## Return of non zero value will abort the sequence
+  return 0
+}
+
+getPhpVersion() {
+  local lPhp=
+  if ! lPhp="$(command -v php >>/dev/null && php -r 'echo PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')"; then
+    return 1
+  fi
+  echo ${lPhp}
+}
+
+step_1_info() { echo "Installation status"; }
+step_1_alias() { echo "status"; }
+step_1() {
+  exe apt-cache policy ${sq_phpName}-common
+}
+
+step_3_info() { echo "Get installed PHP version"; }
+step_3_alias() { echo "version"; }
+step_3(){
+  if ! lPhp="$(getPhpVersion)" ; then
+    warning "PHP not yet installed"
+    return 1
+  fi
+  echo "$lPhp"
+}
+
+step_5_info() { 
+  echoinfoArgs "[PHP_PACKAGE_NAME ...]"
+  echo "Install ${toolName:-'-'} packages prepending the correct version"
+}
+step_5_alias() { echo "add"; }
+step_5() {
+  shift
+  local packages=("$@")
+  (( ${#packages[@]} )) || fatal "No packages provided"
+  exe apt install "${packages[@]/#/${sq_phpName}-}" ${sq_aptOpt:-}
+}
+
+step_10_info() { echo "Setup debian ${toolName:-'-'} repository"; }
+step_10_alias() { echo "setup"; }
+step_10() {
+  local lArch=
+  case $(uname -m) in
+    aarch64)
+      lArch=arm64;;
+  esac
+  if [[ -n ${lArch:-} ]] ; then
+    info "Detected processor architecture: ${lArch}"
+    lArch="[arch=${lArch}]"
+  fi
+
+  info "Installing custom repository prerequisites:"
+  exe apt update
+  exe apt install apt-transport-https lsb-release ca-certificates curl ${sq_aptOpt:-}
+  info "Setup ${toolName:-'-'} repository including gpg key"
+  exep curl -fsSL  ${sq_repoUrl:?}/apt.gpg "|" gpg --dearmor -o /etc/apt/trusted.gpg.d/sury-keyring.gpg
+  addConf -c "deb ${lArch:-} ${sq_repoUrl:?} $(lsb_release -sc) main" "/etc/apt/sources.list.d/php.list"
+  exe apt-get update
+}
+
+step_11_info() { 
+  echo "Installation of ${toolName:-'-'} packages:"
+  echoinfo "${sq_phpPackages:-"(customize with '${seq_name} -c')"}"
+}
+step_11_alias() { echo "install"; }
+step_11() {
+  exe apt install ${sq_phpPackages} ${sq_aptOpt}
+}
+
+phpFpmConfig="date.timezone = Europe/Berlin
+max_execution_time = 600
+memory_limit = 1024M
+output_buffering = Off
+session.cookie_secure = True
+upload_max_filesize = 1024M"
+
+phpCliConfig="date.timezone = Europe/Berlin
+output_buffering = Off"
+
+step_20_info() { echo "Configuration of ${sq_phpName} fpm and cli"; }
+step_20_alias() { echo "conf_fpm_cli"; }
+step_20() {
+  addConf -s "$phpFpmConfig" "$sq_FpmConfig"
+  addConf -s "$phpCliConfig" "$sq_CliConfig"
+
+  restart_php
+}
+
+step_22_info() { echo "Configure ${toolName} pool ondemand"; }
+step_22_alias() { echo "conf_pool_ondemand"; }
+step_22() {
+  info "Setting ${toolName} pool to 'ondemand'"
+  
+  addConf -a "" "$sq_FpmIni"
+  exe sed -i "s/^[;[:space:]]*pm =.*/pm = ondemand/" "$sq_PoolConfig"
+  
+  restart_php
+}
+
+step_24_info() { echo "Configure ${toolName} pool dynamic"; }
+step_24_alias() { echo "conf_pool_dynamic"; }
+step_24() {
+  local AvailableRAM=$(awk '/MemAvailable/ {printf "%d", $2/1024}' /proc/meminfo)
+  local AverageFPM=$(ps --no-headers -o 'rss,cmd' -C php-fpm${sc_phpVersion} | awk '{ sum+=$1 } END { printf ("%d\n", sum/NR/1024,"M") }')
+  local FPMS=$((AvailableRAM/AverageFPM))
+  local PMaxSS=$((FPMS*2/3))
+  local PMinSS=$((PMaxSS/2))
+  local PStartS=$(((PMaxSS+PMinSS)/2))
+
+  addConf -a "" "$sq_FpmIni"
+  exe sed -i "s|;emergency_restart_threshold.*|emergency_restart_threshold = 10|g" "$sq_FpmIni"
+  exe sed -i "s|;emergency_restart_interval.*|emergency_restart_interval = 1m|g" "$sq_FpmIni"
+  exe sed -i "s|;process_control_timeout.*|process_control_timeout = 10|g" "$sq_FpmIni"
+
+  addConf -a "" "$sq_PoolConfig"
+  exe sed -i "s/;env\[HOSTNAME\] = /env[HOSTNAME] = /" "$sq_PoolConfig"
+  exe sed -i "s/;env\[TMP\] = /env[TMP] = /" "$sq_PoolConfig"
+  exe sed -i "s/;env\[TMPDIR\] = /env[TMPDIR] = /" "$sq_PoolConfig"
+  exe sed -i "s/;env\[TEMP\] = /env[TEMP] = /" "$sq_PoolConfig"
+  exe sed -i "s/;env\[PATH\] = /env[PATH] = /" "$sq_PoolConfig"
+  exe sed -i "s/^[;[:space:]]*pm =.*/pm = dynamic/" "$sq_PoolConfig"
+  exe sed -i 's/pm.max_children =.*/pm.max_children = '$FPMS'/' "$sq_PoolConfig"
+  exe sed -i 's/pm.start_servers =.*/pm.start_servers = '$PStartS'/' "$sq_PoolConfig"
+  exe sed -i 's/pm.min_spare_servers =.*/pm.min_spare_servers = '$PMinSS'/' "$sq_PoolConfig"
+  exe sed -i 's/pm.max_spare_servers =.*/pm.max_spare_servers = '$PMaxSS'/' "$sq_PoolConfig"
+  exe sed -i "s/;pm.max_requests =.*/pm.max_requests = 1000/" "$sq_PoolConfig"
+  restart_php
+}
+
+restart_php() {
+  info -n "Restarting ${sq_phpName} fpm ... "
+  exe service ${sq_phpName}-fpm restart && info -d "ok" || info -d "nok"
+}
+
+
+# shellcheck disable=SC2034 # Appears unused
+readonly sqr_minVersion=16
+# shellcheck disable=SC1091 # Don't follow this source
+. /usr/local/bin/sequencer.sh

seqs/webserver.sh

@@ -1,183 +0,0 @@
-#!/bin/bash
-
-serverName="nginx"
-serverPackages="nginx"
-serverSourceUrl="https://nginx.org/packages/debian/"
-phpVersion="7.3"
-phpName="php${phpVersion}"
-phpPackages="${phpName}-{fpm,gd,mysql,curl,xml,zip,intl,mbstring,bz2,ldap,apcu,bcmath,gmp,imagick,igbinary,redis,smbclient,cli,common,opcache,readline} imagemagick"
-
-aptOpt=
-seq_config() {
-  if quiet ; then
-    aptOpt="-y"
-  fi
-}
-
-step_1_info() {
-  echoinfoArgs "[DEBIAN RELEASE]"
-  echo "Setup latest apt source list for $serverName"
-  echoinfo "$serverSourceUrl"
-}
-step_1_alias() { echo "setup"; }
-step_1() {
-  shift
-  local osRelease=$1
-  endCheckEmpty osRelease "Debian release not provided"
-
-  info "Setup apt source for $serverName $serverSourceUrl"
-  local srvSource="deb $serverSourceUrl $osRelease nginx"
-  addConf -s "$srvSource" "$serverSourceLoc"
-  if [ $? -eq 0 ] ; then
-    info "Get repository key for $serverSourceUrl"Y
-    exe apt install gnupg $aptOpt
-    exe apt-key adv --keyserver keyserver.ubuntu.com --recv-keys ABF5BD827BD9BF62
-  fi
-}
-serverSourceLoc="/etc/apt/sources.list.d/nginx.list"
-
-step_2_info() { 
-  echo "Installation of $serverName packages:"
-  echoinfo "$serverPackages"
-}
-step_2_alias() { echo install; }
-step_2() {
-  exe apt update
-  exe apt install $serverPackages $aptOpt
-  endReturn -o $? "Failed to install $serverName"
-}
-
-step_3_info() { echo "Basic nginx configuration for initial letsencrypt certificate creation"; }
-step_3() {
-  # Writing acme-challenge code snipped for certbot web root authentication
-  addConf -c "$snippetLetsencrypt" "$snippetLetsencryptLoc"
-
-  # Writing minimal default (see below)
-  addConf -c "$siteDefaultIp4" "$siteDefaultLoc"
-
-  # try fix errors on first install attempt
-  # (possible missing ipv6 support on system)
-  if [ $ERNO -ne 0 ] ; then
-    exe apt install nginx $aptOpt
-  fi
-
-  # create webroot 
-  exe mkdir -p "$siteLetsencryptWww"
-
-  sqr::echo -n "Restarting Nginx..."
-  exe service nginx restart && sqr::echo "ok"
-  endReturn -o $? "Failed to install $serverName"
-}
-snippetLetsencryptLoc="/etc/nginx/snippets/letsencrypt.conf"
-siteLetsencryptWww="/var/www/letsencrypt"
-snippetLetsencrypt="\
-location ^~ /.well-known/acme-challenge/ {
-default_type \"text/plain\";
-root ${siteLetsencryptWww};
-}"
-siteDefaultLoc="/etc/nginx/sites-available/default"
-siteDefaultIp4="server {
-listen 80 default_server;
-
-include ${snippetLetsencryptLoc}; 
-}"
-
-step_4_info() { 
-  echo "Installation of $phpName packages:"
-  echoinfo "$phpPackages"
-}
-step_4_alias() { echo "php"; }
-step_4() {
-  exe apt install $(eval echo $phpPackages) $aptOpt
-}
-
-phpFpmConfigLocation="/etc/php/${phpVersion}/fpm/conf.d/90-custom_pi.ini"
-phpFpmConfig="memory_limit = 1024M
-apc.enable_cli=1
-output_buffering = Off
-max_execution_time = 3600
-max_input_time = 3600
-post_max_size = 10240M
-upload_max_filesize = 10240M
-date.timezone = Europe/Berlin
-session.cookie_secure = True
-
-opcache.enable=1
-opcache.enable_cli=1
-opcache.memory_consumption=128
-opcache.interned_strings_buffer=8
-opcache.max_accelerated_files=10000
-opcache.revalidate_freq=1
-opcache.save_comments=1
-
-allow_url_fopen = 1"
-phpFpmConfigBu="register_argc_argv=on"
-
-phpCliConfigLocation="/etc/php/${phpVersion}/cli/conf.d/90-custom_pi.ini"
-phpCliConfig="\
-apc.enable_cli=1
-output_buffering = Off
-max_execution_time = 3600
-max_input_time = 3600
-post_max_size = 10240M
-upload_max_filesize = 10240M
-date.timezone = Europe/Berlin"
-phpPoolConfigLocation="/etc/php/${phpVersion}/fpm/pool.d/www.conf"
-phpFpmIniLocation="/etc/php/${phpVersion}/fpm/php-fpm.conf"
-
-step_5_info() { echo "Configuration of ${phpName} fpm and cli"; }
-step_5() {
-  local AvailableRAM=$(awk '/MemAvailable/ {printf "%d", $2/1024}' /proc/meminfo)
-  local AverageFPM=$(ps --no-headers -o 'rss,cmd' -C php-fpm$phpVersion | awk '{ sum+=$1 } END { printf ("%d\n", sum/NR/1024,"M") }')
-  echo $AvailableRAM
-  echo $AverageFPM
-  local FPMS=$((AvailableRAM/AverageFPM))
-  local PMaxSS=$((FPMS*2/3))
-  local PMinSS=$((PMaxSS/2))
-  local PStartS=$(((PMaxSS+PMinSS)/2))
-
-
-  addConf -c "$phpFpmConfig" "$phpFpmConfigLocation"
-  addConf -c "$phpCliConfig" "$phpCliConfigLocation"
-
-  addConf -a "" "$phpFpmIniLocation"
-  exe sed -i "s|;emergency_restart_threshold.*|emergency_restart_threshold = 10|g" "$phpFpmIniLocation"
-  exe sed -i "s|;emergency_restart_interval.*|emergency_restart_interval = 1m|g" "$phpFpmIniLocation"
-  exe sed -i "s|;process_control_timeout.*|process_control_timeout = 10|g" "$phpFpmIniLocation"
-
-  addConf -a "" "$phpPoolConfigLocation"
-  exe sed -i "s/;env\[HOSTNAME\] = /env[HOSTNAME] = /" "$phpPoolConfigLocation"
-  exe sed -i "s/;env\[TMP\] = /env[TMP] = /" "$phpPoolConfigLocation"
-  exe sed -i "s/;env\[TMPDIR\] = /env[TMPDIR] = /" "$phpPoolConfigLocation"
-  exe sed -i "s/;env\[TEMP\] = /env[TEMP] = /" "$phpPoolConfigLocation"
-  exe sed -i "s/;env\[PATH\] = /env[PATH] = /" "$phpPoolConfigLocation"
-  exe sed -i 's/pm.max_children =.*/pm.max_children = '$FPMS'/' "$phpPoolConfigLocation"
-  exe sed -i 's/pm.start_servers =.*/pm.start_servers = '$PStartS'/' "$phpPoolConfigLocation"
-  exe sed -i 's/pm.min_spare_servers =.*/pm.min_spare_servers = '$PMinSS'/' "$phpPoolConfigLocation"
-  exe sed -i 's/pm.max_spare_servers =.*/pm.max_spare_servers = '$PMaxSS'/' "$phpPoolConfigLocation"
-  exe sed -i "s/;pm.max_requests =.*/pm.max_requests = 1000/" "$phpPoolConfigLocation"
-
-  sqr::echo -n "Restarting ${phpName} ... "
-  exe service ${phpName}-fpm restart && sqr::echo "ok"
-}
-
-step_6_info() { echo "Installation notes"; }
-step_6_alias() { echo "notes"; }
-step_6() {
-  cat <<NOTES_EOF
-# Set user to www-data on debian an tune performance a bit
-  [/etc/nginx/nginx.conf]
-user www-data;
-worker_processes  1;
-
-events {
-    worker_connections  1024;
-    multi_accept        on;
-    use                 epoll;
-}
-
-NOTES_EOF
-}
-
-readonly sqr_minVersion=16
-. /usr/local/bin/sequencer.sh