latest commit

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Allan Christensen
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,126 @@
+# Nginx + PHP-FPM for Ubuntu 24.04  
+[![OS](https://img.shields.io/badge/ubuntu-24.04-E95420)](#)
+[![Shell](https://img.shields.io/badge/shell-bash-121011)](#)
+[![WebServer](https://img.shields.io/badge/server-nginx-009639)](#)
+[![PHP](https://img.shields.io/badge/php-fpm-777BB4)](#)
+[![License](https://img.shields.io/badge/License-MIT-green)](./LICENSE)
+
+Install Nginx + PHP-FPM on Ubuntu 24.04 server.
+
+This is not a guide and not a toy.  
+This is a production-grade installer — secure, structured, and ready for multiple applications.
+
+## Why this installer exists
+Default Nginx configs become unmanageable quickly. This setup keeps things structured and predictable.
+
+## What this installer does  
+✔ Creates snippet directory for modular config  
+✔ Optional security and bot-blocking modules  
+✔ Cloudflare Real-IP support  
+✔ Requests to bare server IP return **444**  
+✔ Suitable for WordPress, Gitea, Zabbix, Wiki and more
+
+## What this installer does *NOT* do
+It won’t stop you from running the script without reading the documentation like there’s no tomorrow.  
+Skip the README, and whatever happens next is your headache, not a bug report.
+
+---
+
+## 1. Prepare your system
+
+```
+sudo apt update -y
+```
+
+---
+
+## 2. Download and enter the installer
+
+```
+git clone https://git.x-files.dk/webserver/nginx-ubuntu.git
+```
+
+```
+cd nginx-ubuntu
+```
+
+---
+
+## 3. Run the installer
+
+```
+sudo ./nginxinstall
+```
+
+After this runs, you have:
+
+| Feature | Status |
+|--------|--------|
+| Nginx installed & enabled | ✓ |
+| PHP-FPM configured | ✓ |
+| Snippet structure created | ✓ |
+| Default website disabled | ✓ (returns HTTP 444) |
+| Cloudflare Real-IP support | ✓ |
+| Bad-bot blocking available | ✓ |
+| Custom error pages | ✓ editable |
+
+---
+
+## Included Nginx Features
+
+### `/etc/nginx/nginx-snippets/`  
+
+Reusable drop-in configs:
+
+| Snippet | Purpose |
+|--------|---------|
+| cloudflare.conf | Fixes real visitor IPs |
+| block-bots.conf | Drops garbage traffic |
+| csp.conf | Security headers |
+| ssl.conf | TLS configuration |
+| errorpages/ | Custom 40x/50x pages |
+
+---
+
+### Default IP response
+
+Server IP access = **444 Drop.**  
+Because your server is not public property.
+
+---
+
+### Caching
+
+Performance tuning examples included, **commented until activated intentionally**.
+
+---
+
+## What happens after install?
+
+Example vhost:
+
+```
+server {
+    listen 443 ssl http2;
+    server_name yourdomain.com;
+
+    include nginx-snippets/cloudflare.conf;
+    include nginx-snippets/block-bots.conf;
+
+    root /var/www/yourproject;
+    index index.php index.html;
+}
+```
+
+---
+
+### More Information
+
+More guides and documentation can be found on [wiki.x-files.dk](https://wiki.x-files.dk)
+
+---
+
+### License
+Licensed under the [MIT License](./LICENSE).
+
+---

last-tested

@@ -0,0 +1,4 @@
+------------------------------------
+Last tested: 19-12-2025 (DD-MM-YYYY)
+Environment: Ubuntu Server 24.04 LTS
+------------------------------------

nginxinstall

@@ -0,0 +1,96 @@
+#!/usr/bin/env bash
+
+# Author        : Allan Christensen
+# First Created : 05-01-2022 (DD-MM-YYYY)
+# Description   : Installs Nginx on Ubuntu 24.04
+# License       : MIT License
+
+#
+# Are we root
+#
+if [[ $(id -u) -ne 0 ]]; then echo "" && echo "Must be root or use sudo" && echo "" ; exit 1; fi
+
+#
+# Check if services are already running
+#
+for svc in nginx php*-fpm; do if systemctl is-active --quiet "$svc"; then printf "\n%s is already running, cannot continue...\n\n" "${svc^}" ; exit 1 ; fi ; done
+
+#
+# Let's go
+#
+clear
+
+#
+# Install and configure Nginx
+#
+apt install -y nginx
+rm /var/www/html/index.nginx-debian.html > /dev/null 2>&1
+rm /etc/nginx/snippets/snakeoil.conf  > /dev/null 2>&1
+mkdir -p /var/cache/nginx/fcgi
+mkdir -p /etc/nginx/static-sites
+
+#
+# Clone nginx-snippets; if nginx-snippets exists then just pull latest changes
+#
+nginxsnippets="/etc/nginx/nginx-snippets"
+repo="https://git.x-files.dk/webserver/nginx-snippets.git"
+if [[ -d "$nginxsnippets/.git" ]]; then git -C "$nginxsnippets" pull --quiet; else git clone --quiet "$repo" "$nginxsnippets"; fi
+
+#
+# Install PHP-FPM
+#
+apt install -y php-fpm php-curl php-dom php-gd php-imagick php-ldap php-mbstring php-mysql php-pear php-soap php-xml php-zip
+
+#
+# Determine PHP version
+#
+phpver=$(php -r 'echo PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')
+phpfpm="php${phpver}-fpm"
+phpclidir="/etc/php/$phpver/cli"
+phpfpmdir="/etc/php/$phpver/fpm"
+
+#
+# Configure Nginx
+#
+cp "$phpclidir"/php.ini "$phpclidir"/php.ini.orig
+cp "$phpfpmdir"/php.ini "$phpfpmdir"/php.ini.orig
+cp "$nginxsnippets"/nginxconf/nginx.conf /etc/nginx
+cp "$nginxsnippets"/nginxconf/nginx.conf.high.perf /etc/nginx
+cp "$nginxsnippets"/nginxconf/default /etc/nginx/sites-available/default
+sed -i "s/PHPVERSION/$phpfpm/" /etc/nginx/nginx.conf
+sed -i "s/PHPVERSION/$phpfpm/" /etc/nginx/nginx.conf.high.perf
+
+#
+# Create a high performance www.conf file for optional or later use
+#
+cp /etc/php/"$phpver"/fpm/pool.d/www.conf /etc/nginx/www.conf.high.perf
+sed -i "s/pm.max_children = 5/pm.max_children = 50/" /etc/nginx/www.conf.high.perf
+sed -i "s/pm.start_servers = 2/pm.start_servers = 15/" /etc/nginx/www.conf.high.perf
+sed -i "s/pm.max_spare_servers = 3/pm.max_spare_servers = 10/" /etc/nginx/www.conf.high.perf
+sed -i "s/;pm.process_idle_timeout = 10s/pm.process_idle_timeout = 10s/" /etc/nginx/www.conf.high.perf
+sed -i "s/;pm.max_requests = 500/pm.max_requests = 500/" /etc/nginx/www.conf.high.perf
+
+#
+# Adjust PHP settings commonly needed for deployments
+#
+sed -i 's/;max_input_vars = 1000/max_input_vars = 3000/' "$phpclidir"/php.ini
+sed -i 's/;max_input_vars = 1000/max_input_vars = 3000/' "$phpfpmdir"/php.ini
+sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 50M/' "$phpfpmdir"/php.ini
+sed -i 's/max_file_uploads = 20/max_file_uploads = 100/' "$phpfpmdir"/php.ini
+sed -i 's/;date.timezone =/date.timezone = Europe\/Copenhagen/' "$phpclidir"/php.ini
+sed -i 's/;date.timezone =/date.timezone = Europe\/Copenhagen/' "$phpfpmdir"/php.ini
+
+#
+# Restart Nginx and PHP-FPM
+#
+systemctl restart "$phpfpm"
+systemctl restart nginx
+
+#
+# All done
+#
+printf "\n\nAll Done...\n\n"
+
+#
+# End of script
+#