From 3ac73b51bb35a20f853935bb03ba398a79c6c43f Mon Sep 17 00:00:00 2001 From: allan Date: Thu, 30 Oct 2025 11:12:06 +0100 Subject: [PATCH] logic changes --- wordpressinstall | 93 ++++++++++++++++++++---------------------------- 1 file changed, 38 insertions(+), 55 deletions(-) diff --git a/wordpressinstall b/wordpressinstall index 518cbf8..d2d1343 100755 --- a/wordpressinstall +++ b/wordpressinstall @@ -10,10 +10,33 @@ # if [[ $(id -u) -ne 0 ]]; then echo "" && echo "Must be root or use sudo" && echo "" ; exit 1 ; fi +# +# Get php-fpm version +# +phpfpm=$(systemctl list-unit-files --type=service | awk '/php[0-9]+\.[0-9]+-fpm/ {sub(".service",""); print; exit}') +if [[ -z "$phpfpm" ]]; then printf "\nUnable to detect php-fpm version. Is PHP-FPM installed?\n\n" ; exit 1 ; fi + +# +# Check if required services are running or not +# +for svc in nginx mariadb "$phpfpm"; do systemctl is-active --quiet "$svc" || { printf "\n%s is not running, cannot continue...\n\n" "${svc^}" ; exit 1 ; }; done + +# +# Check MariaDB authentication method (socket or not) +# +if mysql -u root -e ";" 2>/dev/null; then + socket="SOCKET DETECTED — no need for -a or -m" + socketusage="SOCKET DETECTED — this flag is not needed" + socketauth="yes" +else + socket="NO SOCKET DETECTED — you must use -a and -m" + socketusage="NO SOCKET DETECTED — these flags are required" + socketauth="no" +fi + # # Define variables and functions # -phpver=$(php -r 'echo PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;' 2>/dev/null || echo "8.3") ; phpfpm="php$phpver-fpm" # # Function usage @@ -34,40 +57,17 @@ usage () { printf -- " sudo ./wordpressinstall -n wp.something.xyz -d wpdb -u wpuser -p wpPass123 -a admin -m adminpwd\n\n" } -# -# Function to check if a service is already running or not -# -serviceno () { printf "\n%s" "$service" ; printf " is not running cannot continue...\n\n"; } -servicedead () { status=$(systemctl is-active "$service"); if [[ "$status" != "active" ]]; then serviceno ; exit 1 ; fi; } - # # Function inputcheck # inputcheck () { [[ -z "$hostname" ]] && { usage; echo ""; echo "Error! Hostname empty."; echo ""; exit 1; } + [[ "$hostname" =~ [[:space:]/] ]] && { echo "ERROR: DOMAIN INVALID (no spaces or slashes allowed)"; exit 1; } [[ -z "$dbname" ]] && { usage; echo ""; echo "Error! Database name empty."; echo ""; exit 1; } [[ -z "$dbuser" ]] && { usage; echo ""; echo "Error! Database user empty."; echo ""; exit 1; } [[ -z "$dbpass" ]] && { usage; echo ""; echo "Error! Database password empty."; echo ""; exit 1; } } -# -# If Nginx and MariaDB is not running then die -# -service="mariadb" ; servicedead ; service="nginx" ; servicedead - -# -# Check MariaDB authentication method (socket or not) -# -if mysql -u root -e ";" 2>/dev/null; then - socket="SOCKET DETECTED — no need for -a or -m" - socketusage="SOCKET DETECTED — this flag is not needed" - socketauth="yes" -else - socket="NO SOCKET DETECTED — you must use -a and -m" - socketusage="NO SOCKET DETECTED — this flag is required" - socketauth="no" -fi - # # Let's go # @@ -126,25 +126,19 @@ repo="https://git.x-files.dk/webserver/nginx-snippets.git" if [[ -d "$nginxsnippets/.git" ]]; then git -C "$nginxsnippets" pull --quiet; else git clone --quiet "$repo" "$nginxsnippets"; fi # -# Copy and adjust WordPress hardening config (runtime-only) +# Create WordPress Nginx configuration # -runtimeinc="/etc/nginx/conf.d/includes" ; mkdir -p "$runtimeinc" - -if [[ -f "$nginxsnippets/wp-hardening.conf" ]]; then - cp "$nginxsnippets/wp-hardening.conf" "$runtimeinc/wp-hardening.conf" - sed -i "s/phpVERSION/php$phpver/" "$runtimeinc/wp-hardening.conf" -else - echo "Warning: wp-hardening.conf not found in nginx-snippets" -fi +cp "$nginxsnippets/hostfiles/wordpress.80.conf" /etc/nginx/conf.d/"$hostname".conf +sed -i -- "s/DOMAIN/$hostname/g" /etc/nginx/conf.d/"$hostname".conf +sed -i "s/VERSION/$phpfpm/" /etc/nginx/conf.d/"$hostname".conf # -# Copy WordPress rate-limit config (if missing) +# Wordpress hardeging # -if [[ -f "$nginxsnippets/wp-rate-limit.conf" ]]; then - cp --no-clobber "$nginxsnippets/wp-rate-limit.conf" /etc/nginx/conf.d/wp-rate-limit.conf 2>/dev/null -else - echo "Warning: wp-rate-limit.conf not found in nginx-snippets" -fi +mkdir -p /etc/nginx/includes +cp "$nginxsnippets/wp-hardening.conf" /etc/nginx/includes/wp-hardening.conf +sed -i "s/PHPVERSION/$phpfpm/" /etc/nginx/includes/wp-hardening.conf +cp --no-clobber "$nginxsnippets/wp-rate-limit.conf" /etc/nginx/conf.d/wp-rate-limit.conf 2>/dev/null # # Determine MariaDB login method (uses earlier socket variable) @@ -199,22 +193,11 @@ EOF esac # -# Create WordPress Nginx configuration +# Restarting Nginx and Phpfpm for changes to take effect # -cp "$nginxsnippets/hostfiles/wordpress.80.conf" /etc/nginx/conf.d/"$hostname".conf -sed -i "s/DOMAIN/$hostname/g" /etc/nginx/conf.d/"$hostname".conf -sed -i "s/VERSION/$phpver/" /etc/nginx/conf.d/"$hostname".conf -sed -i "s|/etc/nginx/conf.d/wp-hardening.conf|$runtimeinc/wp-hardening.conf|" /etc/nginx/conf.d/"$hostname".conf - -# -# Validate Nginx configuration before restarting -# -nginx -t || { echo "" ; echo "Nginx configuration test failed. Please check /etc/nginx/conf.d/ for errors." ; echo "" ; exit 1; } - -# -# Restart Nginx and PHP-FPM for changes to take effect -# -systemctl restart "$phpfpm" && systemctl restart nginx +printf "\nRestarting services...\n" +systemctl restart "$phpfpm" +systemctl restart nginx # # Wordpress notice