added nginx-badbots fail2ban rule https://stackoverflow.com/a/65552146

assets/drupal-ssl-decoupled.nginxconf

@@ -89,7 +89,7 @@ server {
       #fastcgi_param DOCUMENT_ROOT /var/www/enfrancais.fr/api;
       # fastcgi_buffer_size 16k;
       # fastcgi_buffers 4 16k;
-      fastcgi_pass unix:/run/php/php7.3-fpm.sock;
+      fastcgi_pass unix:/run/php/php7.4-fpm.sock;
     }
 
     location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {

assets/drupal-ssl.nginxconf

@@ -116,7 +116,7 @@ server {
     fastcgi_intercept_errors on;
     # fastcgi_buffer_size 16k;
     # fastcgi_buffers 4 16k;
-    fastcgi_pass unix:/run/php/php7.3-fpm.sock;
+    fastcgi_pass unix:/run/php/php7.4-fpm.sock;
   }
   # Fighting with Styles? This little gem is amazing.
   # location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6

assets/drupal.nginxconf

@@ -92,7 +92,7 @@ server {
     fastcgi_intercept_errors on;
     # fastcgi_buffer_size 16k;
     # fastcgi_buffers 4 16k;
-    fastcgi_pass unix:/run/php/php7.3-fpm.sock;
+    fastcgi_pass unix:/run/php/php7.4-fpm.sock;
   }
   # Fighting with Styles? This little gem is amazing.
   # location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6

assets/fail2ban/filter.d/nginx-badbots.conf

@@ -0,0 +1,5 @@
+[Definition]
+
+failregex = FastCGI sent in stderr: "Primary script unknown" .*, client: <HOST>
+
+ignoreregex =

assets/fail2ban/jail.d/nginx-badbots.conf

@@ -0,0 +1,7 @@
+[nginx-badbots]
+
+enabled  = true
+port     = http,https
+filter   = <FILTER>
+logpath  = <LOGPATH>
+maxretry = 2

assets/nginx-phpmyadmin.conf

@@ -22,7 +22,7 @@ server {
     }
 
     location ~ \.php$ {
-      fastcgi_pass unix:/run/php/php7.3-fpm.sock;
+      fastcgi_pass unix:/run/php/php7.4-fpm.sock;
       fastcgi_index index.php;
       include fastcgi_params;
       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

assets/simple-phpfpm-ssl.nginxconf

@@ -48,7 +48,7 @@ server {
 
   location ~ \.php$ {
     fastcgi_split_path_info ^(.+\.php)(/.+)$;
-    fastcgi_pass unix:/run/php/php7.3-fpm.sock;
+    fastcgi_pass unix:/run/php/php7.4-fpm.sock;
     fastcgi_index index.php;
     include fastcgi_params;
     fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

assets/simple-phpfpm.nginxconf

@@ -24,7 +24,7 @@ server {
 
   location ~ \.php$ {
     fastcgi_split_path_info ^(.+\.php)(/.+)$;
-    fastcgi_pass unix:/run/php/php7.3-fpm.sock;
+    fastcgi_pass unix:/run/php/php7.4-fpm.sock;
     fastcgi_index index.php;
     include fastcgi_params;
     fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

assets/urbackup.service

@@ -5,7 +5,7 @@ ConditionPathExists=/usr/local/sbin/urbackupclientbackend
 [Service]
 Type=forking
 ExecStart=/usr/local/sbin/urbackupclientbackend -d
-PIDFile = /var/run/urbackup_srv.pid
+PIDFile = /run/urbackup_srv.pid
 TimeoutSec=0
 
 [Install]

bin/lemp.sh

@@ -36,7 +36,7 @@ echo -e '\033[35m
  / ____/ __  / ____/
 /_/   /_/ /_/_/
 \033[0m'
-echo -e "\033[35;1mInstalling PHP 7.3 \033[0m"
+echo -e "\033[35;1mInstalling PHP 7.4 \033[0m"
 sleep 3
 
 # mv: cannot stat '/etc/php/7.0/fpm/php.ini': No such file or directory
@@ -45,11 +45,15 @@ sleep 3
 # Failed to enable unit: Unit file php7.0-fpm.service does not exist.
 # Failed to start php7.0-fpm.service: Unit php7.0-fpm.service not found.
 
-apt-get --yes install php7.3-fpm php7.3-mysql php7.3-opcache php7.3-curl php7.3-mbstring php7.3-zip php7.3-xml php7.3-gd php-memcached php7.3-imagick php7.3-apcu
-# php7.3-mcrypt  ??
+apt-get --yes install php7.4-fpm php7.4-mysql php7.4-opcache php7.4-curl php7.4-mbstring php7.4-zip php7.4-xml php7.4-gd php-memcached php7.4-imagick php7.4-apcu
+# php7.4-mcrypt  ??
 
-mv /etc/php/7.3/fpm/php.ini /etc/php/7.3/fpm/php.ini.back
-cp "$_assets"/php-fpm.ini /etc/php/7.3/fpm/php.ini
+apt-get --yes install php8.1-fpm php8.1-mysql php8.1-opcache php8.1-curl php8.1-mbstring php8.1-zip php8.1-xml php8.1-gd php-memcached php8.1-imagick php8.1-apcu php8.1-redis php8.1-bz2 php8.1-bcmath
+
+# apt-get --yes install php8.2-fpm php8.2-mysql php8.2-opcache php8.2-curl php8.2-mbstring php8.2-zip php8.2-xml php8.2-gd php-memcached php8.2-imagick php8.2-apcu php8.2-redis php8.2-bz2 php8.2-bcmath
+
+mv /etc/php/7.4/fpm/php.ini /etc/php/7.4/fpm/php.ini.back
+cp "$_assets"/php7.4-fpm.ini /etc/php/7.4/fpm/php.ini
 
 echo "Configuring PHP"
 
@@ -57,8 +61,8 @@ mkdir /var/log/php
 chown www-data /var/log/php
 cp "$_assets"/logrotate-php /etc/logrotate.d/php
 
-systemctl enable php7.3-fpm
-systemctl start php7.3-fpm
+systemctl enable php7.4-fpm
+systemctl start php7.4-fpm
 
 # echo "Installing memecached"
 # replaced by redis
@@ -136,24 +140,24 @@ if [ "$installmysql" = "yes" ]; then
   ##### Try 'cp --help' for more information.
 
   # TODO no pma package available :(
-  # apt-get --yes install phpmyadmin
-  # ln -s /usr/share/phpmyadmin /var/www/html/
-  # cp "$_assets"/nginx-phpmyadmin.conf > /etc/nginx/sites-available/phpmyadmin.conf
-  # ln -s /etc/nginx/sites-available/phpmyadmin.conf /etc/nginx/sites-enabled/phpmyadmin.conf
-  # echo -e "\033[92;1mphpMyAdmin installed\033[Om"
-  # echo -e "\033[92;1mYou can access it at yourip/phpmyadmin\033[Om"
+  apt-get --yes install phpmyadmin
+  ln -s /usr/share/phpmyadmin /var/www/html/
+  cp "$_assets"/nginx-phpmyadmin.conf /etc/nginx/sites-available/phpmyadmin.conf
+    
+  echo -e "\033[92;1mphpMyAdmin installed\033[Om"
+  echo -e "\033[92;1mYou can access it at yourip/phpmyadmin\033[Om"
 
   # install from source
-  apt-get --yes install php-{mbstring,zip,gd,xml,pear,gettext,cgi}
-  cd /var/www/html/
-  wget https://www.phpmyadmin.net/downloads/phpMyAdmin-latest-all-languages.zip
-  unzip phpMyAdmin-latest-all-languages.zip
-  mv phpMyAdmin-*-all-languages pma
-  rm phpMyAdmin-latest-all-languages.zip
-  # cp "$_assets"/nginx-phpmyadmin.conf > /etc/nginx/sites-available/phpmyadmin.conf
-  # ln -s /etc/nginx/sites-available/phpmyadmin.conf /etc/nginx/sites-enabled/phpmyadmin.conf
-  echo -e "\033[92;1mphpMyAdmin installed\033[Om"
-  echo -e "\033[92;1mYou can access it at yourip/pma\033[Om"
+  # apt-get --yes install php-{mbstring,zip,gd,xml,pear,gettext,cgi}
+  # cd /var/www/html/
+  # wget https://www.phpmyadmin.net/downloads/phpMyAdmin-latest-all-languages.zip
+  # unzip phpMyAdmin-latest-all-languages.zip
+  # mv phpMyAdmin-*-all-languages pma
+  # rm phpMyAdmin-latest-all-languages.zip
+  # # cp "$_assets"/nginx-phpmyadmin.conf > /etc/nginx/sites-available/phpmyadmin.conf
+  # # ln -s /etc/nginx/sites-available/phpmyadmin.conf /etc/nginx/sites-enabled/phpmyadmin.conf
+  # echo -e "\033[92;1mphpMyAdmin installed\033[Om"
+  # echo -e "\033[92;1mYou can access it at yourip/pma\033[Om"
 fi
 
 
@@ -182,7 +186,7 @@ apt-get --yes install redis-server php-redis
 
 systemctl enable redis-server
 systemctl restart redis-server
-systemctl restart php7.3-fpm
+systemctl restart php7.4-fpm
 echo -e "\033[92;1mRedis installed\033[Om"
 
 echo -e '\033[35m

bin/urbackup.sh

@@ -39,15 +39,16 @@ apt install build-essential "g++" "libcrypto++-dev" libz-dev -y
 
 # Download the UrBackup client source files and extract them
 # wget -P /tmp/ https://hndl.urbackup.org/Client/latest/urbackup-client-2.3.4.0.tar.gz
-wget -P /tmp/ https://hndl.urbackup.org/Client/2.4.11/urbackup-client-2.4.11.0.tar.gz
+# wget -P /tmp/ https://hndl.urbackup.org/Client/2.4.11/urbackup-client-2.4.11.0.tar.gz
+wget -P /tmp/ https://hndl.urbackup.org/Client/2.5.20/urbackup-client-2.5.20.0.tar.gz
 
 cd /tmp
 # tar xzf /tmp/urbackup-client-2.3.4.0.tar.gz
-tar xzf /tmp/urbackup-client-2.4.11.0.tar.gz
+tar xzf /tmp/urbackup-client-2.5.20.0.tar.gz
 
 # Build the UrBackup client and install it
 # cd /tmp/urbackup-client-2.3.4.0
-cd /tmp/urbackup-client-2.4.11.0
+cd /tmp/urbackup-client-2.5.20.0
 ./configure --enable-headless
 make -j4
 make install
@@ -70,7 +71,8 @@ internet_mode_enabled=true
 internet_image_backups_def=false
 default_dirs_def=/etc;var/www;/var/backups/mysql
 startup_backup_delay_def=3
-computername=$_computername" > /usr/local/var/urbackup/data/settings.cfg
+computername=$_computername" > /etc/default/urbackupclient
+# /usr/local/var/urbackup/data/settings.cfg
 
 # firewall
 ufw allow from "$_ip" to any port 35621
@@ -78,7 +80,8 @@ ufw allow from "$_ip" to any port 35622
 ufw allow from "$_ip" to any port 35623
 
 # install and enable systemd service
-cp "$_assets"/urbackup.service /etc/systemd/system/
+# cp "$_assets"/urbackup.service /etc/systemd/system/
+cp urbackupclientbackend-debian.service /etc/systemd/system/urbackup.service
 chmod a+x /etc/systemd/system/urbackup.service
 
 systemctl --system daemon-reload

bin/vhost.sh

@@ -106,6 +106,16 @@ if [ "$vh" = "y" ]; then
   chmod -R g+w /var/www/"$_domain"/
   chmod -R g+r /var/www/"$_domain"/
 
+  #set fail2ban for vhost
+  # https://stackoverflow.com/a/65552146
+  cp "$_assets/fail2ban/jail.d/nginx-badbots.conf" "/etc/fail2ban/jail.d/nginx-badbots-$_domain.conf"
+  sed -i -r "s/\[nginx-badbots\]/\[nginx-badbots-$_domain\]/g" "/etc/fail2ban/jail.d/nginx-badbots-$_domain.conf"
+  sed -i -r "s/<FILTER>/\[nginx-badbots-$_domain\]/g" "/etc/fail2ban/jail.d/nginx-badbots-$_domain.conf"
+  sed -i -r "s/<LOGPATH>/\/var\/www\/$_domain\/log\/error.log/g" "/etc/fail2ban/jail.d/nginx-badbots-$_domain.conf"
+
+  cp "$_assets/fail2ban/filter.d/nginx-badbots.conf" "/etc/fail2ban/filter.d/nginx-badbots-$_domain.conf"
+  sed -i -r "s/<HOST>/$_domain/g" "/etc/fail2ban/filter.d/nginx-badbots-$_domain.conf"
+
 
 
   # create a shortcut to the site

bin/webhook.sh

@@ -91,7 +91,7 @@ git --git-dir=/home/"$user"/git-repositories/"$_domain.git" remote add origin "$
 
 # hook deploy script
 cp -f "$_assets"/webhook-deploy.sh /home/"$user"/webhook_deploy_"$_id".sh
-sed -i -r "s/DOMAIN/$_domain/g" /home/"$user"/webhook_deploy_"$_domain".sh
+sed -i -r "s/DOMAIN/$_domain/g" /home/"$user"/webhook_deploy_"$_id".sh
 chowm $user:$user /home/"$user"/webhook_deploy_"$_id".sh
 chmod +x /home/"$user"/webhook_deploy_"$_id".sh
 

install.sh

@@ -78,6 +78,7 @@ do
   read _install_vhost
 done
 if [ "$_install_vhost" = "yes" ]; then
+  # TODO bug vhost.sh file does not exists ...
   . bin/vhost.sh
 else
   echo 'no vhost installed'