commit 193ef721a3ee050595fd105c3932b8088692a233 Author: allan Date: Fri Dec 19 15:52:21 2025 +0100 latest commit diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..3eaaa81 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2025 Allan Christensen + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..fae1bac --- /dev/null +++ b/README.md @@ -0,0 +1,126 @@ +# Nginx + PHP-FPM for Ubuntu 24.04 +[![OS](https://img.shields.io/badge/ubuntu-24.04-E95420)](#) +[![Shell](https://img.shields.io/badge/shell-bash-121011)](#) +[![WebServer](https://img.shields.io/badge/server-nginx-009639)](#) +[![PHP](https://img.shields.io/badge/php-fpm-777BB4)](#) +[![License](https://img.shields.io/badge/License-MIT-green)](./LICENSE) + +Install Nginx + PHP-FPM on Ubuntu 24.04 server. + +This is not a guide and not a toy. +This is a production-grade installer — secure, structured, and ready for multiple applications. + +## Why this installer exists +Default Nginx configs become unmanageable quickly. This setup keeps things structured and predictable. + +## What this installer does +✔ Creates snippet directory for modular config +✔ Optional security and bot-blocking modules +✔ Cloudflare Real-IP support +✔ Requests to bare server IP return **444** +✔ Suitable for WordPress, Gitea, Zabbix, Wiki and more + +## What this installer does *NOT* do +It won’t stop you from running the script without reading the documentation like there’s no tomorrow. +Skip the README, and whatever happens next is your headache, not a bug report. + +--- + +## 1. Prepare your system + +``` +sudo apt update -y +``` + +--- + +## 2. Download and enter the installer + +``` +git clone https://git.x-files.dk/webserver/nginx-ubuntu.git +``` + +``` +cd nginx-ubuntu +``` + +--- + +## 3. Run the installer + +``` +sudo ./nginxinstall +``` + +After this runs, you have: + +| Feature | Status | +|--------|--------| +| Nginx installed & enabled | ✓ | +| PHP-FPM configured | ✓ | +| Snippet structure created | ✓ | +| Default website disabled | ✓ (returns HTTP 444) | +| Cloudflare Real-IP support | ✓ | +| Bad-bot blocking available | ✓ | +| Custom error pages | ✓ editable | + +--- + +## Included Nginx Features + +### `/etc/nginx/nginx-snippets/` + +Reusable drop-in configs: + +| Snippet | Purpose | +|--------|---------| +| cloudflare.conf | Fixes real visitor IPs | +| block-bots.conf | Drops garbage traffic | +| csp.conf | Security headers | +| ssl.conf | TLS configuration | +| errorpages/ | Custom 40x/50x pages | + +--- + +### Default IP response + +Server IP access = **444 Drop.** +Because your server is not public property. + +--- + +### Caching + +Performance tuning examples included, **commented until activated intentionally**. + +--- + +## What happens after install? + +Example vhost: + +``` +server { + listen 443 ssl http2; + server_name yourdomain.com; + + include nginx-snippets/cloudflare.conf; + include nginx-snippets/block-bots.conf; + + root /var/www/yourproject; + index index.php index.html; +} +``` + +--- + +### More Information + +More guides and documentation can be found on [wiki.x-files.dk](https://wiki.x-files.dk) + +--- + +### License +Licensed under the [MIT License](./LICENSE). + +--- diff --git a/last-tested b/last-tested new file mode 100644 index 0000000..02156f4 --- /dev/null +++ b/last-tested @@ -0,0 +1,4 @@ +------------------------------------ +Last tested: 19-12-2025 (DD-MM-YYYY) +Environment: Ubuntu Server 24.04 LTS +------------------------------------ diff --git a/nginxinstall b/nginxinstall new file mode 100755 index 0000000..5b0ffc1 --- /dev/null +++ b/nginxinstall @@ -0,0 +1,96 @@ +#!/usr/bin/env bash + +# Author : Allan Christensen +# First Created : 05-01-2022 (DD-MM-YYYY) +# Description : Installs Nginx on Ubuntu 24.04 +# License : MIT License + +# +# Are we root +# +if [[ $(id -u) -ne 0 ]]; then echo "" && echo "Must be root or use sudo" && echo "" ; exit 1; fi + +# +# Check if services are already running +# +for svc in nginx php*-fpm; do if systemctl is-active --quiet "$svc"; then printf "\n%s is already running, cannot continue...\n\n" "${svc^}" ; exit 1 ; fi ; done + +# +# Let's go +# +clear + +# +# Install and configure Nginx +# +apt install -y nginx +rm /var/www/html/index.nginx-debian.html > /dev/null 2>&1 +rm /etc/nginx/snippets/snakeoil.conf > /dev/null 2>&1 +mkdir -p /var/cache/nginx/fcgi +mkdir -p /etc/nginx/static-sites + +# +# Clone nginx-snippets; if nginx-snippets exists then just pull latest changes +# +nginxsnippets="/etc/nginx/nginx-snippets" +repo="https://git.x-files.dk/webserver/nginx-snippets.git" +if [[ -d "$nginxsnippets/.git" ]]; then git -C "$nginxsnippets" pull --quiet; else git clone --quiet "$repo" "$nginxsnippets"; fi + +# +# Install PHP-FPM +# +apt install -y php-fpm php-curl php-dom php-gd php-imagick php-ldap php-mbstring php-mysql php-pear php-soap php-xml php-zip + +# +# Determine PHP version +# +phpver=$(php -r 'echo PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;') +phpfpm="php${phpver}-fpm" +phpclidir="/etc/php/$phpver/cli" +phpfpmdir="/etc/php/$phpver/fpm" + +# +# Configure Nginx +# +cp "$phpclidir"/php.ini "$phpclidir"/php.ini.orig +cp "$phpfpmdir"/php.ini "$phpfpmdir"/php.ini.orig +cp "$nginxsnippets"/nginxconf/nginx.conf /etc/nginx +cp "$nginxsnippets"/nginxconf/nginx.conf.high.perf /etc/nginx +cp "$nginxsnippets"/nginxconf/default /etc/nginx/sites-available/default +sed -i "s/PHPVERSION/$phpfpm/" /etc/nginx/nginx.conf +sed -i "s/PHPVERSION/$phpfpm/" /etc/nginx/nginx.conf.high.perf + +# +# Create a high performance www.conf file for optional or later use +# +cp /etc/php/"$phpver"/fpm/pool.d/www.conf /etc/nginx/www.conf.high.perf +sed -i "s/pm.max_children = 5/pm.max_children = 50/" /etc/nginx/www.conf.high.perf +sed -i "s/pm.start_servers = 2/pm.start_servers = 15/" /etc/nginx/www.conf.high.perf +sed -i "s/pm.max_spare_servers = 3/pm.max_spare_servers = 10/" /etc/nginx/www.conf.high.perf +sed -i "s/;pm.process_idle_timeout = 10s/pm.process_idle_timeout = 10s/" /etc/nginx/www.conf.high.perf +sed -i "s/;pm.max_requests = 500/pm.max_requests = 500/" /etc/nginx/www.conf.high.perf + +# +# Adjust PHP settings commonly needed for deployments +# +sed -i 's/;max_input_vars = 1000/max_input_vars = 3000/' "$phpclidir"/php.ini +sed -i 's/;max_input_vars = 1000/max_input_vars = 3000/' "$phpfpmdir"/php.ini +sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 50M/' "$phpfpmdir"/php.ini +sed -i 's/max_file_uploads = 20/max_file_uploads = 100/' "$phpfpmdir"/php.ini +sed -i 's/;date.timezone =/date.timezone = Europe\/Copenhagen/' "$phpclidir"/php.ini +sed -i 's/;date.timezone =/date.timezone = Europe\/Copenhagen/' "$phpfpmdir"/php.ini + +# +# Restart Nginx and PHP-FPM +# +systemctl restart "$phpfpm" +systemctl restart nginx + +# +# All done +# +printf "\n\nAll Done...\n\n" + +# +# End of script +#