some updates

drupal deploy git submodul init fix
lemp php8.1 fix, drupal deploy git submodul init fix
2025-03-13 21:43:02 +01:00 · 2024-07-29 12:15:04 +02:00 · 2024-07-29 12:06:35 +02:00 · 2023-12-21 09:53:56 +01:00 · 2023-12-21 09:53:17 +01:00 · 2023-11-26 18:09:20 +01:00
48 changed files with 6758 additions and 360 deletions
--- a/assets/deploy-drupal.sh
+++ b/assets/deploy-drupal.sh
@ -6,6 +6,7 @@ cd ./public_html
 echo ""
 echo "Pulling down latest code."
 git pull --ff-only origin prod
 git submodule update --init --recursive
 echo ""
 echo "Clearing drush caches."
 drush cache-clear drush
--- a/assets/drupal-ssl-decoupled.nginxconf
+++ b/assets/drupal-ssl-decoupled.nginxconf
@ -0,0 +1,157 @@
 # https://www.nginx.com/resources/wiki/start/topics/recipes/drupal/
 server {
  listen 80;
  listen [::]:80;
  server_name DOMAIN.LTD;
  return 301 https://$server_name$request_uri;
 }
 server {
  listen 443 ssl;
  listen [::]:443 ssl;
  server_name DOMAIN.LTD;
  #SSL Certificates
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_certificate "/etc/letsencrypt/live/DOMAIN.LTD/fullchain.pem";
  ssl_certificate_key "/etc/letsencrypt/live/DOMAIN.LTD/privkey.pem";
  ssl_dhparam /etc/nginx/ssl/certs/DOMAIN.LTD/dhparam.pem;
  ssl_session_cache shared:SSL:1m;
  ssl_session_timeout 10m;
  ssl_ciphers HIGH:!aNULL:!MD5;
  #ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
  ssl_prefer_server_ciphers  on;
  add_header Strict-Transport-Security "max-age=31536000;
  #includeSubDomains" always;
  charset utf-8;
  access_log on;
  error_log /var/www/DOMAIN.LTD/log/error.log; # debug;
  root /var/www/DOMAIN.LTD/app/src/dist/;
  index index.php index.html index.htm;
  location @app {
    rewrite ^/(.*)$ /index.html;
  }
  location / {
  	#alias /var/www/enfrancais.fr/app/web/;
 	  try_files $uri $uri/ @app;
  }
  location @api {
      rewrite ^/api/(.*)$ /api/index.php;
  }
  location @rewrite {
    rewrite ^/api/(.*)$ /index.php?q=$1;
  }
  location /api {
  	alias /var/www/enfrancais.fr/api/src/web/;
    try_files $uri $uri/ @api;
    # In Drupal 8, we must also match new paths where the '.php' appears in
    # the middle, such as update.php/selection. The rule we use is strict,
    # and only allows this pattern with the update.php front controller.
    # This allows legacy path aliases in the form of
    # blog/index.php/legacy-path to continue to route to Drupal nodes. If
    # you do not have any paths like that, then you might prefer to use a
    # laxer rule, such as:
    #   # location ~ \.php(/|$) {
    # The laxer rule will continue to work if Drupal uses this new URL
    # pattern with front controllers other than update.php in a future
    # release.
    #location ~ '\.php$|^/update.php' {
    #location ~ \.php(/|$) {
    location ~ \.php$ {
      #fastcgi_split_path_info ^(.+\.php)(/.+)$;
      #fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
      #fastcgi_split_path_info ^(.+?\.php)(/.*)$;
      include fastcgi_params;
      #fastcgi_index index.php;
      # Block httpoxy attacks. See https://httpoxy.org/.
      #fastcgi_param HTTP_PROXY "";
      #fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      #fastcgi_param SCRIPT_FILENAME index.php;
      fastcgi_param SCRIPT_FILENAME $request_filename;
      #fastcgi_param REQUEST_URI $request_uri;
      #fastcgi_param PATH_INFO $fastcgi_path_info;
      #set $path_info $fastcgi_path_info;
      #fastcgi_param PATH_INFO /;
      #fastcgi_param QUERY_STRING $query_string;
      #fastcgi_intercept_errors off;
      #fastcgi_param DOCUMENT_ROOT /var/www/enfrancais.fr/api;
      # fastcgi_buffer_size 16k;
      # fastcgi_buffers 4 16k;
      fastcgi_pass unix:/run/php/php8.2-fpm.sock;
    }
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
      try_files $uri @rewrite;
      expires max;
      log_not_found off;
    }
    location ~ \..*/.*\.php$ {
      return 403;
    }
    location ~ ^/sites/.*/private/ {
      return 403;
    }
    # Block access to scripts in site files directory
    location ~ ^/sites/[^/]+/files/.*\.php$ {
      deny all;
    }
    # Allow "Well-Known URIs" as per RFC 5785
    location ~* ^/.well-known/ {
        allow all;
    }
    # Block access to "hidden" files and directories whose names begin with a
    # period. This includes directories used by version control systems such
    # as Subversion or Git to store control files.
    location ~ (^|/)\. {
      return 403;
    }
    # Don't allow direct access to PHP files in the vendor directory.
    location ~ /vendor/.*\.php$ {
      deny all;
      return 404;
    }
    location ~ /\.ht {
      deny all;
    }
    sendfile off;
    client_max_body_size 100m;
    # Fighting with Styles? This little gem is amazing.
    # location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6
    location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7
      try_files $uri @rewrite;
    }
    # Handle private files through Drupal. Private file's path can come
    # with a language prefix.
    location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7
      try_files $uri /index.php?$query_string;
    }
  }
  location = /favicon.ico { access_log off; log_not_found off; }
  # website should not be displayed inside a <frame>, an <iframe> or an <object>
  add_header X-Frame-Options SAMEORIGIN;
 }
--- a/assets/drupal-ssl.nginxconf
+++ b/assets/drupal-ssl.nginxconf
@ -2,6 +2,7 @@
 # https://www.howtoforge.com/tutorial/install-letsencrypt-and-secure-nginx-in-debian-9/
 server {
  listen 80;
  listen [::]:80;
  server_name DOMAIN.LTD;
  return 301 https://$server_name$request_uri;
 }
@ -115,7 +116,7 @@ server {
    fastcgi_intercept_errors on;
    # fastcgi_buffer_size 16k;
    # fastcgi_buffers 4 16k;
-    fastcgi_pass unix:/run/php/php7.0-fpm.sock;
+    fastcgi_pass unix:/run/php/php8.1-fpm.sock;
  }
  # Fighting with Styles? This little gem is amazing.
  # location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6
--- a/assets/drupal.nginxconf
+++ b/assets/drupal.nginxconf
@ -1,6 +1,7 @@
 # https://www.nginx.com/resources/wiki/start/topics/recipes/drupal/
 server {
  listen 80;
  listen [::]:80;
  server_name DOMAIN.LTD;
  root /var/www/DOMAIN.LTD/public_html;
@ -91,7 +92,7 @@ server {
    fastcgi_intercept_errors on;
    # fastcgi_buffer_size 16k;
    # fastcgi_buffers 4 16k;
-      fastcgi_pass unix:/run/php/php7.0-fpm.sock;
+    fastcgi_pass unix:/run/php/php8.2-fpm.sock;
  }
  # Fighting with Styles? This little gem is amazing.
  # location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6
--- a/assets/fail2ban/filter.d/nginx-badbots.conf
+++ b/assets/fail2ban/filter.d/nginx-badbots.conf
@ -0,0 +1,5 @@
 [Definition]
 failregex = FastCGI sent in stderr: "Primary script unknown" .*, client: <HOST>, server: .*
 ignoreregex =
--- a/assets/fail2ban/jail.d/nginx-badbots.conf
+++ b/assets/fail2ban/jail.d/nginx-badbots.conf
@ -0,0 +1,7 @@
 [nginx-badbots]
 enabled  = true
 port     = http,https
 filter   = <FILTER>
 logpath  = <LOGPATH>
 maxretry = 2
--- a/assets/knockd.conf
+++ b/assets/knockd.conf
@ -18,7 +18,7 @@
 [SSH]
      sequence    = 7000,8000,9000
      seq_timeout = 5
-      # TODO do not limit port 22 to the ip as it don't work with 4G connection
+      # do not limit port 22 to the ip as it don't work with 4G connection
      # start_command = ufw insert 1 allow from %IP% to any port 22
      start_command = ufw allow ssh
      tcpflags    = syn
--- a/assets/nginx-phpmyadmin.conf
+++ b/assets/nginx-phpmyadmin.conf
@ -0,0 +1,31 @@
 server {
  listen 80;
  location /phpmyadmin {
    # server_name phpmyadmin.idroot.net;
    root /var/www/phpmyadmin;
    index  index.php;
    ## Images and static content is treated different
    location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|xml)$ {
      access_log        off;
      expires           30d;
    }
    location ~ /\.ht {
      deny  all;
    }
    location ~ /(libraries|setup/frames|setup/libs) {
      deny all;
      return 404;
    }
    location ~ \.php$ {
      fastcgi_pass unix:/run/php/php8.2-fpm.sock;
      fastcgi_index index.php;
      include fastcgi_params;
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
  }
 }
--- a/assets/pgsqlbackup.sh
+++ b/assets/pgsqlbackup.sh
@ -0,0 +1,59 @@
 #!/bin/bash
 # Simple script to backup postgresql databases
 # Parent backup directory
 backup_parent_dir="/var/backups/postgresql"
 # PostgreSQL settings
 pg_host="HOST"
 pg_port="PORT"
 pg_user="USER"
 pg_password="PASSWD"
 # Check MySQL password
 # echo exit | mysql --user=${mysql_user} --password=${mysql_password} -B 2>/dev/null
 # if [ "$?" -gt 0 ]; then
 #   echo "MySQL ${mysql_user} password incorrect"
 #   exit 1
 # else
 #   echo "MySQL ${mysql_user} password correct."
 # fi
 # Create backup directory and set permissions
 backup_date=`date +%Y_%m_%d_%H_%M`
 backup_dir="${backup_parent_dir}/${backup_date}"
 echo "Backup directory: ${backup_dir}"
 mkdir -p "${backup_dir}"
 chmod 644 "${backup_dir}"
 # Get postgresql databases
 pgsql_databases=`psql "host=$pg_host port=$pg_port user=$pg_user password=$pg_password" -At -c "select datname from pg_database where not datistemplate and datallowconn;"`
 # Backup and compress each database
 for database in $pgsql_databases
 do
  echo "Creating backup of \"${database}\" database"
  # mysqldump ${additional_mysqldump_params} --user=${mysql_user} --password=${mysql_password} ${database} | gzip > "${backup_dir}/${database}.sql.gz"
  # chmod 644 "${backup_dir}/${database}.sql.gz"
 	set -o pipefail
 	# if ! pg_dump -Fp -h "$pg_host" -U "$pg_user" "$database" | gzip > $backup_dir"/$database".sql.gz.in_progress; then
  # if ! pg_dump -Fp "host=$pg_host port=$pg_port user=$pg_user password=$pg_password" "$database" | gzip > $backup_dir"/$database".sql.gz.in_progress; then
  if ! pg_dump -Fp --dbname="postgresql://$pg_user:$pg_password@$pg_host:$pg_port/$database" | gzip > $backup_dir"/$database".sql.gz.in_progress; then
 		echo "[!!ERROR!!] Failed to produce plain backup database $database" 1>&2
 	else
 		mv $backup_dir"/$database".sql.gz.in_progress $backup_dir"/$database".sql.gz
 	fi
 	set +o pipefail
 done
 # compress the folder
 # tar -zcvf "${backup_dir}.tar.gz" "${backup_dir}"
 # rm -rf "${backup_dir}"
 # Rotate backups
 # Delete files older than 30 days
 find $backup_parent_dir/ -type f -mtime +60 -delete;
 # Delete empty directories
 find $backup_parent_dir/ -type d -empty -delete;
--- a/assets/php7.3-fpm.ini
+++ b/assets/php7.3-fpm.ini
--- a/assets/php7.4-fpm.ini
+++ b/assets/php7.4-fpm.ini
--- a/assets/php8.1-fpm.ini
+++ b/assets/php8.1-fpm.ini
--- a/assets/php8.2-fpm.ini
+++ b/assets/php8.2-fpm.ini
--- a/assets/simple-phpfpm-ssl.nginxconf
+++ b/assets/simple-phpfpm-ssl.nginxconf
@ -2,6 +2,7 @@
 server {
  listen 80;
  listen [::]:80;
  server_name DOMAIN.LTD;
  return 301 https://$server_name$request_uri;
 }
@ -47,7 +48,7 @@ server {
  location ~ \.php$ {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
-    fastcgi_pass unix:/run/php/php7.0-fpm.sock;
+    fastcgi_pass unix:/run/php/php8.1-fpm.sock;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
--- a/assets/simple-phpfpm.nginxconf
+++ b/assets/simple-phpfpm.nginxconf
@ -1,5 +1,6 @@
 server {
  listen 80;
  listen [::]:80;
  server_name DOMAIN.LTD;
  root /var/www/DOMAIN.LTD/public_html;
@ -23,7 +24,7 @@ server {
  location ~ \.php$ {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
-    fastcgi_pass unix:/run/php/php7.0-fpm.sock;
+    fastcgi_pass unix:/run/php/php8.1-fpm.sock;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
--- a/assets/urbackup.service
+++ b/assets/urbackup.service
@ -5,7 +5,7 @@ ConditionPathExists=/usr/local/sbin/urbackupclientbackend
 [Service]
 Type=forking
 ExecStart=/usr/local/sbin/urbackupclientbackend -d
-PIDFile = /var/run/urbackup_srv.pid
+PIDFile = /run/urbackup_srv.pid
 TimeoutSec=0
 [Install]
--- a/assets/webhook-deploy.sh
+++ b/assets/webhook-deploy.sh
@ -0,0 +1,8 @@
 #!/bin/bash
 # update bare repos
 echo "Updating bare repos"
 su -c "git --git-dir=git-repositories/DOMAIN.git fetch origin prod:prod" USER
 # deploy prod
 cd www/DOMAIN/
 su -c "./deploy.sh" USER
--- a/assets/webhook.service
+++ b/assets/webhook.service
@ -0,0 +1,10 @@
 [Unit]
 Description=Small server for creating HTTP endpoints (hooks)
 Documentation=https://github.com/adnanh/webhook/
 [Service]
 ExecStart=webhook -hooks /etc/webhooks.conf -verbose -nopanic -hotreload
 Restart=always
 [Install]
 WantedBy=multi-user.target
--- a/assets/webhook/etc/systemd/system/webhook.service
+++ b/assets/webhook/etc/systemd/system/webhook.service
@ -0,0 +1,11 @@
 [Unit]
 Description=Small server for creating HTTP endpoints (hooks)
 Documentation=https://github.com/adnanh/webhook/
 [Service]
 ExecStart=webhook -hooks /etc/webhooks.conf -verbose -nopanic -hotreload
 Restart=always
 [Install]
 WantedBy=multi-user.target
--- a/assets/webhook/etc/webhook.conf
+++ b/assets/webhook/etc/webhook.conf
@ -0,0 +1,3 @@
 - id: deploy-app-enfrancais
  execute-command: "/root/deploy-app-enfrancais-hook.sh"
  command-working-directory: "/home/appdev/"
--- a/assets/webhook/root/deploy-app-hook.sh
+++ b/assets/webhook/root/deploy-app-hook.sh
@ -0,0 +1,9 @@
 #!/bin/sh
 # $cwd is defined in webhook conf
 # update bare repos
 git --git-dir=git-repositories/app.enfrancais.fr.git fetch origin prod:prod
 # deploy prod
 cd www/enfrancais.fr/app
 ./deploy.sh
--- a/assets/zabbix/userparameter_linux_name_version.conf
+++ b/assets/zabbix/userparameter_linux_name_version.conf
@ -0,0 +1 @@
 UserParameter=linux.system.name.version,(lsb_release -d > dev/null 2>&1) && lsb_release -d || (cat /etc/centos-release > /dev/null > /dev/null 2>&1 && cat /etc/centos-release || cat /etc/redhat-release)
--- a/bin/_addUserSite.sh
+++ b/bin/_addUserSite.sh
@ -4,14 +4,14 @@
 # TODO check if root
-echo '\033[35m
+echo -e '\033[35m
   __  _______ __________
  / / / / ___// ____/ __ \
 / / / /\__ \/ __/ / /_/ /
 / /_/ /___/ / /___/ _, _/
 \____//____/_____/_/ |_|
 \033[0m'
-echo "\033[35;1mCreate new user (you will be asked a user name and a password) \033[0m"
+echo -e "\033[35;1mCreate new user (you will be asked a user name and a password) \033[0m"
 sleep 3
 while [ "$user" = "" ]
 do
@ -34,14 +34,14 @@ mkdir /home/$user/backups
 chmod -w /home/"$user"
-echo '\033[35m
+echo -e '\033[35m
        __               __
 _   __/ /_  ____  _____/ /_
 | | / / __ \/ __ \/ ___/ __/
 | |/ / / / / /_/ (__  ) /_
 |___/_/ /_/\____/____/\__/
 \033[0m'
-echo "\033[35;1mVHOST install \033[0m"
+echo -e "\033[35;1mVHOST install \033[0m"
 while [ "$_host_name" = "" ]
 do
@ -75,12 +75,12 @@ ln -s /home/"$user"/logs /var/www/"$_host_name"/logs
 # a2ensite "$_host_name".conf
 #restart apache
 # service apache2 restart
-echo "\033[92;1mvhost $_host_name configured\033[Om"
+echo -e "\033[92;1mvhost $_host_name configured\033[Om"
 # todo add mysql user and database
-echo '\033[35m
+echo -e '\033[35m
    __  ___                 __
   /  |/  /_  ___________ _/ /
  / /|_/ / / / / ___/ __ `/ /
@ -88,7 +88,7 @@ echo '\033[35m
 /_/  /_/\__, /____/\__, /_/
       /____/        /_/
 \033[0m'
-echo "\033[35;1mMysql database \033[0m"
+echo -e "\033[35;1mMysql database \033[0m"
 while [ "$_dbname" = "" ]
 do
--- a/bin/autoupdate.sh
+++ b/bin/autoupdate.sh
@ -1,6 +1,6 @@
 #!/bin/sh
-echo '\033[35m
+echo -e '\033[35m
    ___         __           __  __          __      __
   /   | __  __/ /_____     / / / /___  ____/ /___ _/ /____
  / /| |/ / / / __/ __ \   / / / / __ \/ __  / __ `/ __/ _ \
@ -16,8 +16,8 @@ if [ "$EUID" -ne 0 ]; then
  exit
 fi
-echo "\033[35;1mInstalling apticron \033[0m"
+echo -e "\033[35;1mInstalling apticron \033[0m"
-apt-get --yes --force-yes install apticron
+apt-get --yes install apticron
 sleep 3
 echo -n "Enter an email: "
@ -27,4 +27,4 @@ sed -i -r "s/EMAIL=\"root\"/EMAIL=\"$email\"/g" /etc/apticron/apticron.conf
 # sed -i -r "s/# DIFF_ONLY=\"1\"/DIFF_ONLY=\"1\"/g" /etc/apticron/apticron.conf
 sed -i -r "s/# NOTIFY_NEW=\"0\"/NOTIFY_NEW=\"0\"/g" /etc/apticron/apticron.conf
-echo "\033[92;1mApticron installed and configured\033[0m"
+echo -e "\033[92;1mApticron installed and configured\033[0m"
--- a/bin/dotfiles.sh
+++ b/bin/dotfiles.sh
@ -1,6 +1,6 @@
 #!/bin/sh
-echo '\033[35m
+echo -e '\033[35m
    ____        __     _______ __
   / __ \____  / /_   / ____(_) /__  _____
  / / / / __ \/ __/  / /_  / / / _ \/ ___/
@ -8,7 +8,7 @@ echo '\033[35m
 /_____/\____/\__/  /_/   /_/_/\___/____/
 \033[0m'
 #installing better prompt and some goodies
-echo "\033[35;1mInstalling shell prompt for current user $USER \033[0m"
+echo -e "\033[35;1mInstalling shell prompt for current user $USER \033[0m"
 sleep 2
 # get the current position
 _cwd="$(pwd)"
@ -19,4 +19,4 @@ git clone https://figureslibres.io/gogs/bachir/dotfiles-server.git ~/.dotfiles-s
 source ~/.bashrc
 # return to working directory
 cd "$_cwd"
-echo "\033[92;1mDot files installed for $USER\033[0m"
+echo -e "\033[92;1mDot files installed for $USER\033[0m"
--- a/bin/email.sh
+++ b/bin/email.sh
@ -1,13 +1,13 @@
 #!/bin/sh
-echo '\033[35m
+echo -e '\033[35m
    __  ______    ______
   /  |/  /   |  /  _/ /
  / /|_/ / /| |  / // /
 / /  / / ___ |_/ // /___
 /_/  /_/_/  |_/___/_____/
 \033[0m'
-echo "\033[35;1mEnable mail sending for php \033[0m"
+echo -e "\033[35;1mEnable mail sending for php \033[0m"
 if [ "$EUID" -ne 0 ]; then
  echo "Please run as root"
@ -28,8 +28,8 @@ fi
 # http://www.sycha.com/lamp-setup-debian-linux-apache-mysql-php#anchor13
 sleep 2
-apt-get --yes --force-yes install exim4
+apt-get --yes install exim4
-echo "\033[35;1mConfiguring EXIM4 \033[0m"
+echo -e "\033[35;1mConfiguring EXIM4 \033[0m"
 while [ "$configexim" != "y" ] && [ "$configexim" != "n" ]
 do
  echo -n "Should we configure exim4 ? [y|n] "
@ -48,7 +48,7 @@ systemctl restart exim4
 # dkim spf
 # https://debian-administration.org/article/718/DKIM-signing_outgoing_mail_with_exim4
-echo "\033[35;1mConfiguring DKIM \033[0m"
+echo -e "\033[35;1mConfiguring DKIM \033[0m"
 while [ "$installdkim" != "y" ] && [ "$installdkim" != "n" ]
 do
  echo -n "Should we install dkim for exim4 ? [y|n] "
@ -60,10 +60,11 @@ if [ "$installdkim" = "y" ]; then
  selector=$(date +%Y%m%d)
  mkdir /etc/exim4/dkim
-  openssl genrsa -out /etc/exim4/dkim/"$domain"-private.pem 1024 -outform PEM
+  # openssl genrsa -out /etc/exim4/dkim/"$domain"-private.pem 1024 -outform PEM
-  openssl rsa -in /etc/exim4/dkim/"$domain"-private.pem -out /etc/exim4/dkim/"$domain".pem -pubout -outform PEM
+  openssl genrsa -out /etc/exim4/dkim/"$domain"-private.key 1024
-  chown root:Debian-exim /etc/exim4/dkim/"$domain"-private.pem
+  openssl rsa -in /etc/exim4/dkim/"$domain"-private.key -out /etc/exim4/dkim/"$domain".pub -pubout
-  chmod 440 /etc/exim4/dkim/"$domain"-private.pem
+  chown root:Debian-exim /etc/exim4/dkim/"$domain"-private.key
  chmod 440 /etc/exim4/dkim/"$domain"-private.key
  cp "$_assets"/exim4_dkim.conf /etc/exim4/conf.d/main/00_local_macros
  sed -i -r "s/DOMAIN_TO_CHANGE/$domain/g" /etc/exim4/conf.d/main/00_local_macros
@ -73,7 +74,7 @@ if [ "$installdkim" = "y" ]; then
  systemctl restart exim4
  echo "please create a TXT entry in your dns zone : $selector._domainkey.$domain \n"
  echo "your public key is : \n"
-  cat /etc/exim4/dkim/"$domain".pem
+  cat /etc/exim4/dkim/"$domain".pub
  echo "press any key to continue."
  read continu
 else
--- a/bin/fail2ban.sh
+++ b/bin/fail2ban.sh
@ -17,7 +17,7 @@ if [ "$EUID" -ne 0 ]; then
 fi
 sleep 2
-apt-get --yes --force-yes install fail2ban
+apt-get --yes install fail2ban
 cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
 # ToDo ask for email and configure jail.local with it
 touch /var/log/auth.log
--- a/bin/firewall.sh
+++ b/bin/firewall.sh
@ -17,8 +17,8 @@ if [ "$EUID" -ne 0 ]; then
 fi
 sleep 2
-apt-get --yes --force-yes install ufw
+apt-get --yes install ufw
-# ufw allow ssh # knockd will open the ssh port
+ufw allow ssh
 ufw allow http
 ufw allow https
--- a/bin/ftp.sh
+++ b/bin/ftp.sh
@ -1,7 +1,7 @@
 #!/bin/sh
-echo '\033[35m
+echo -e '\033[35m
  ______ _______ _____
 |  ____|__   __|  __ \
 | |__     | |  | |__) |
@ -28,7 +28,7 @@ if [ ! -d "$_assets" ]; then
 fi
 echo "installing proftpd"
-apt-get --yes --force-yes install proftpd
+apt-get --yes install proftpd
 while [ "$_server_name" = "" ]
 do
 read -p "enter a server name ? " _server_name
--- a/bin/gitbarrerepos.sh
+++ b/bin/gitbarrerepos.sh
@ -51,7 +51,7 @@ if [ "$vh" = "yes" ]; then
            user=""
          fi
        else
-          echo -e "user $user doesn't exists, you must provide an existing user"
+          echo "user $user doesn't exists, you must provide an existing user"
          user=""
        fi
      fi
@ -112,11 +112,11 @@ if [ "$vh" = "yes" ]; then
  # setup git repo on site folder
  cd /home/"$user"/www/"$_domain"/public_html
-  git init
+  su -c "git init" $user
  # link to the bare repo
-  git remote add origin /home/"$user"/git-repositories/"$_domain".git
+  su -c "git remote add origin /home/$user/git-repositories/$_domain.git" $user
  chown -R "$user":"$user" /home/"$user"/www/"$_domain"
  chown -R "$user":"$user" /home/"$user"/www/"$_domain"/public_html
  cd "$_cwd"
  # done
--- a/bin/knockd.sh
+++ b/bin/knockd.sh
@ -29,7 +29,7 @@ if [ ! -d "$_assets" ]; then
 fi
 sleep 2
-apt-get --yes --force-yes install knockd
+apt-get --yes install knockd
 mv /etc/knockd.conf /etc/knockd.conf.ori
 cp "$_assets"/knockd.conf /etc/knockd.conf
--- a/bin/lemp.sh
+++ b/bin/lemp.sh
@ -11,7 +11,7 @@ echo -e '\033[35m
 echo -e "\033[35;1mLEMP server (Nginx Mysql Php-fpm) \033[0m"
 if [ "$EUID" -ne 0 ]; then
-  echo -e "Please run as root"
+  echo "Please run as root"
  exit
 fi
@ -29,25 +29,6 @@ fi
 sleep 2
 echo -e '\033[35m
    __  ___                 __
   /  |/  /_  ___________ _/ /
  / /|_/ / / / / ___/ __ `/ /
 / /  / / /_/ (__  ) /_/ / /
 /_/  /_/\__, /____/\__, /_/
       /____/        /_/
 \033[0m'
 echo -e "\033[35;1minstalling Mysql \033[0m"
 sleep 3
 apt-get --yes --force-yes install mariadb-server
 mysql_secure_installation
 cp "$_assets"/mysql/innodb-file-per-table.cnf /etc/mysql/conf.d/
 systemctl enable mariadb.service
 systemctl restart mariadb.service
 echo -e "\033[92;1mmysql installed\033[Om"
 echo -e '\033[35m
    ____  __  ______
   / __ \/ / / / __ \
@ -55,25 +36,50 @@ echo -e '\033[35m
 / ____/ __  / ____/
 /_/   /_/ /_/_/
 \033[0m'
-echo -e "\033[35;1mInstalling PHP 7.0 \033[0m"
+
 echo -e "\033[35;1mInstalling SURY \033[0m"
 sleep 3
 apt-get --yes --force-yes install php7.0-fpm php7.0-mysql php7.0-opcache php7.0-curl php7.0-mbstring php7.0-zip php7.0-xml php7.0-gd php7.0-mcrypt php-memcached php7.0-imagick
-mv /etc/php/7.0/fpm/php.ini /etc/php/7.0/fpm/php.ini.back
+apt-get --yes install ca-certificates apt-transport-https software-properties-common curl lsb-release
-cp "$_assets"/php-fpm.ini /etc/php/7.0/fpm/php.ini
+curl -sSL https://packages.sury.org/php/README.txt | bash -x
 apt-get update && apt-get upgrade
-echo -e "Configuring PHP"
+echo -e "\033[35;1mInstalling PHP \033[0m"
 sleep 3
 # mv: cannot stat '/etc/php/7.0/fpm/php.ini': No such file or directory
 # cp: cannot create regular file '/etc/php/7.0/fpm/php.ini': No such file or directory
 # Configuring PHP
 # Failed to enable unit: Unit file php7.0-fpm.service does not exist.
 # Failed to start php7.0-fpm.service: Unit php7.0-fpm.service not found.
 # apt-get --yes install php7.4-fpm php7.4-mysql php7.4-opcache php7.4-curl php7.4-mbstring php7.4-zip php7.4-xml php7.4-gd php-memcached php7.4-imagick php7.4-apcu
 # php7.4-mcrypt  ??
 apt-get --yes install php8.1-fpm php8.1-mysql php8.1-opcache php8.1-curl php8.1-mbstring php8.1-zip php8.1-xml php8.1-gd php8.1-memcached php8.1-imagick php8.1-apcu php8.1-redis php8.1-bz2 php8.1-bcmath
 # apt-get --yes install php8.2-fpm php8.2-mysql php8.2-opcache php8.2-curl php8.2-mbstring php8.2-zip php8.2-xml php8.2-gd php-memcached php8.2-imagick php8.2-apcu php8.2-redis php8.2-bz2 php8.2-bcmath
 # apt-get --yes install php8.3-fpm php8.3-mysql php8.3-opcache php8.3-curl php8.3-mbstring php8.3-zip php8.3-xml php8.3-gd php8.3-memcached php8.3-imagick php8.3-apcu php8.3-redis php8.3-bz2 php8.3-bcmath
 mv /etc/php/8.1/fpm/php.ini /etc/php/8.1/fpm/php.ini.back
 cp "$_assets"/php8.1-fpm.ini /etc/php/8.1/fpm/php.ini
 echo "Configuring PHP"
 mkdir /var/log/php
 chown www-data /var/log/php
 cp "$_assets"/logrotate-php /etc/logrotate.d/php
-systemctl enable php7.0-fpm
+systemctl enable php8.1-fpm
-systemctl start php7.0-fpm
+systemctl start php8.1-fpm
-# echo -e "Installing memecached"
+# echo "Installing memecached"
 # replaced by redis
-# apt-get --yes --force-yes install memcached
+# apt-get --yes install memcached
 # sed -i "s/-m\s64/-m 128/g" /etc/memcached.conf
 #
 # systemctl start memcached
@ -90,7 +96,7 @@ echo -e '\033[35m
 \033[0m'
 echo -e "\033[35;1mInstalling Nginx \033[0m"
 sleep 3
-apt-get --yes --force-yes install nginx
+apt-get --yes install nginx
 mv /etc/nginx/sites-available/default /etc/nginx/sites-available/default.ori
 cp "$_assets"/default.nginxconf /etc/nginx/sites-available/default
@ -98,6 +104,38 @@ systemctl enable nginx
 systemctl restart nginx
 echo -e "\033[92;1mNginx installed\033[Om"
 while [ "$installmysql" != "yes" ] && [ "$installmysql" != "no" ]
 do
 echo -n "install mysql? [yes|no] "
 read installmysql
 # installmysql=${installmysql:-y}
 done
 if [ "$installmysql" = "yes" ]; then
  echo -e '\033[35m
      __  ___                 __
     /  |/  /_  ___________ _/ /
    / /|_/ / / / / ___/ __ `/ /
   / /  / / /_/ (__  ) /_/ / /
  /_/  /_/\__, /____/\__, /_/
         /____/        /_/
  \033[0m'
  echo -e "\033[35;1minstalling Mysql \033[0m"
  sleep 3
  apt-get --yes install mariadb-server
  mysql_secure_installation
  cp "$_assets"/mysql/innodb-file-per-table.cnf /etc/mysql/conf.d/
  # you may increase memory
  # innodb_buffer_pool_size = 1024M
  systemctl enable mariadb.service
  systemctl restart mariadb.service
  echo -e "\033[92;1mmysql installed\033[Om"
  echo -e '\033[35m
             __          __  ___      ___       __          _
      ____  / /_  ____  /  |/  /_  __/   | ____/ /___ ___  (_)___
@ -107,21 +145,40 @@ echo -e '\033[35m
  /_/         /_/           /____/
  \033[0m'
  echo -e "\033[35;1mInstalling phpMyAdmin \033[0m"
-apt-get --yes --force-yes install phpmyadmin
+  ##### Building dependency tree
-ln -s /usr/share/phpmyadmin /var/www/html/
+  ##### Reading state information... Done
-cp "$_assets"/nginx-phpmyadmin.conf > /etc/nginx/sites-available/phpmyadmin.conf
+  ##### Package phpmyadmin is not available, but is referred to by another package.
-ln -s /etc/nginx/sites-available/phpmyadmin.conf /etc/nginx/sites-enabled/phpmyadmin.conf
+  ##### This may mean that the package is missing, has been obsoleted, or
  ##### is only available from another source
  #####
  ##### E: Package 'phpmyadmin' has no installation candidate
  ##### cp: missing destination file operand after '/root/debian-web-server/assets/nginx-phpmyadmin.conf'
  ##### Try 'cp --help' for more information.
  # TODO no pma package available :(
  apt-get --yes install phpmyadmin
  ln -s /usr/share/phpmyadmin /var/www/html/
  cp "$_assets"/nginx-phpmyadmin.conf /etc/nginx/sites-available/phpmyadmin.conf
 # echo -e "\033[35;1msecuring phpMyAdmin \033[0m"
 # sed -i "s/DirectoryIndex index.php/DirectoryIndex index.php\nAllowOverride all/"
 # cp "$_assets"/phpmyadmin_htaccess > /usr/share/phpmyadmin/.htaccess
 # echo -n "define a user name for phpmyadmin : "
 # read un
 # htpasswd -c /etc/phpmyadmin/.htpasswd $un
 # service apache2 restart
  echo -e "\033[92;1mphpMyAdmin installed\033[Om"
  echo -e "\033[92;1mYou can access it at yourip/phpmyadmin\033[Om"
  # install from source
  # apt-get --yes install php-{mbstring,zip,gd,xml,pear,gettext,cgi}
  # cd /var/www/html/
  # wget https://www.phpmyadmin.net/downloads/phpMyAdmin-latest-all-languages.zip
  # unzip phpMyAdmin-latest-all-languages.zip
  # mv phpMyAdmin-*-all-languages pma
  # rm phpMyAdmin-latest-all-languages.zip
  # # cp "$_assets"/nginx-phpmyadmin.conf > /etc/nginx/sites-available/phpmyadmin.conf
  # # ln -s /etc/nginx/sites-available/phpmyadmin.conf /etc/nginx/sites-enabled/phpmyadmin.conf
  # echo -e "\033[92;1mphpMyAdmin installed\033[Om"
  # echo -e "\033[92;1mYou can access it at yourip/pma\033[Om"
 fi
 echo -e '\033[35m
    ____           ___
   / __ \___  ____/ (_)____
@ -131,16 +188,21 @@ echo -e '\033[35m
 \033[0m'
 echo -e "\033[35;1mInstalling Redis \033[0m"
 sleep 3
-apt-get --yes --force-yes install redis-server php-redis
+apt-get --yes install redis-server php8.1-redis
 # TODO set maxmemory=2gb
 # TODO set maxmemory-policy=volatile-lru
 # TODO comment all save line
 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.
 # https://blog.opstree.com/2019/04/16/redis-best-practices-and-performance-tuning/
 systemctl enable redis-server
 systemctl restart redis-server
-systemctl restart php7.0-fpm
+systemctl restart php8.1-fpm
 echo -e "\033[92;1mRedis installed\033[Om"
 echo -e '\033[35m
@ -166,111 +228,9 @@ echo -e '\033[35m
 / /_/ / /  / /_/ (__  ) / / /
 /_____/_/   \__,_/____/_/ /_/
 \033[0m'
-echo -e "\033[35;1mInstalling Drush and DrupalConsole\033[0m"
+echo -e "\033[35;1mInstalling Drush\033[0m"
 sleep 3
-curl https://drupalconsole.com/installer -L -o /usr/local/bin/drupal
+# curl https://github.com/drush-ops/drush-launcher/releases/download/0.6.0/drush.phar -L -o /usr/local/bin/drush
-chmod +x /usr/local/bin/drupal
+wget -O /usr/local/bin/drush https://github.com/drush-ops/drush-launcher/releases/latest/download/drush.phar
 curl https://github.com/drush-ops/drush-launcher/releases/download/0.6.0/drush.phar -L -o /usr/local/bin/drush
 chmod +x /usr/local/bin/drush
-echo -e "\033[92;1mDrush and DrupalConsoleinstalled\033[Om"
+echo -e "\033[92;1mDrush\033[Om"
 # TODO supervising
 # echo -e '\033[35m
 #    __  ___          _ __      __  __  ___          _
 #   /  |/  /__  ___  (_) /_   _/_/ /  |/  /_ _____  (_)__
 #  / /|_/ / _ \/ _ \/ / __/ _/_/  / /|_/ / // / _ \/ / _ \
 # /_/  /_/\___/_//_/_/\__/ /_/   /_/  /_/\_,_/_//_/_/_//_/
 # \033[0m'
 # echo -e "\033[35;1mInstalling Munin \033[0m"
 # sleep 3
 # # https://www.howtoforge.com/tutorial/server-monitoring-with-munin-and-monit-on-debian/
 # apt-get --yes --force-yes install munin munin-node munin-plugins-extra
 # # Configure Munin
 # # enable plugins
 # ln -s /usr/share/munin/plugins/mysql_ /etc/munin/plugins/mysql_
 # ln -s /usr/share/munin/plugins/mysql_bytes /etc/munin/plugins/mysql_bytes
 # ln -s /usr/share/munin/plugins/mysql_innodb /etc/munin/plugins/mysql_innodb
 # ln -s /usr/share/munin/plugins/mysql_isam_space_ /etc/munin/plugins/mysql_isam_space_
 # ln -s /usr/share/munin/plugins/mysql_queries /etc/munin/plugins/mysql_queries
 # ln -s /usr/share/munin/plugins/mysql_slowqueries /etc/munin/plugins/mysql_slowqueries
 # ln -s /usr/share/munin/plugins/mysql_threads /etc/munin/plugins/mysql_threads
 #
 # ln -s /usr/share/munin/plugins/apache_accesses /etc/munin/plugins/
 # ln -s /usr/share/munin/plugins/apache_processes /etc/munin/plugins/
 # ln -s /usr/share/munin/plugins/apache_volume /etc/munin/plugins/
 #
 # # ln -s /usr/share/munin/plugins/fail2ban /etc/munin/plugins/
 #
 # # dbdir, htmldir, logdir, rundir, and tmpldir
 # sed -i 's/^#dbdir/dbdir/' /etc/munin/munin.conf
 # sed -i 's/^#htmldir/htmldir/' /etc/munin/munin.conf
 # sed -i 's/^#logdir/logdir/' /etc/munin/munin.conf
 # sed -i 's/^#rundir/rundir/' /etc/munin/munin.conf
 # sed -i 's/^#tmpldir/tmpldir/' /etc/munin/munin.conf
 #
 # sed -i "s/^\[localhost.localdomain\]/[${HOSTNAME}]/" /etc/munin/munin.conf
 #
 # # ln -s /etc/munin/apache24.conf /etc/apache2/conf-enabled/munin.conf
 # sed -i 's/Require local/Require all granted\nOptions FollowSymLinks SymLinksIfOwnerMatch/g' /etc/munin/apache24.conf
 # htpasswd -c /etc/munin/munin-htpasswd admin
 # sed -i 's/Require all granted/AuthUserFile \/etc\/munin\/munin-htpasswd\nAuthName "Munin"\nAuthType Basic\nRequire valid-user/g' /etc/munin/apache24.conf
 #
 #
 # service apache2 restart
 # service munin-node restart
 # echo -e "\033[92;1mMunin installed\033[Om"
 #
 # echo -e "\033[35;1mInstalling Monit \033[0m"
 # sleep 3
 # # https://www.howtoforge.com/tutorial/server-monitoring-with-munin-and-monit-on-debian/2/
 # apt-get --yes --force-yes install monit
 # # TODO setup monit rc
 # cat "$_assets"/monitrc > /etc/monit/monitrc
 #
 # # TODO setup webaccess
 # passok=0
 # while [ "$passok" = "0" ]
 # do
 #   echo -n "Write web access password to monit"
 #   read passwda
 #   echo -n "ReWrite web access password to monit"
 #   read passwdb
 #   if [ "$passwda" = "$passwdb" ]; then
 #     sed -i 's/PASSWD_TO_REPLACE/$passwda/g' /etc/monit/monitrc
 #     passok=1
 #   else
 #     echo -e "pass words don't match, please try again"
 #   fi
 # done
 #
 # # TODO setup mail settings
 # sed -i "s/server1\.example\.com/$HOSTNAME/g" /etc/monit/monitrc
 #
 # mkdir /var/www/html/monit
 # echo -e "hello" > /var/www/html/monit/token
 #
 # service monit start
 #
 # echo -e "\033[92;1mMonit installed\033[Om"
 # echo -e '\033[35m
 #     ___                __        __
 #    /   |_      _______/ /_____ _/ /_
 #   / /| | | /| / / ___/ __/ __ `/ __/
 #  / ___ | |/ |/ (__  ) /_/ /_/ / /_
 # /_/  |_|__/|__/____/\__/\__,_/\__/
 # \033[0m'
 # echo -e "\033[35;1mInstalling Awstat \033[0m"
 # sleep 3
 # apt-get --yes --force-yes install awstats
 # # Configure AWStats
 # temp=`grep -i sitedomain /etc/awstats/awstats.conf.local | wc -l`
 # if [ $temp -lt 1 ]; then
 #     echo SiteDomain="$_domain" >> /etc/awstats/awstats.conf.local
 # fi
 # # Disable Awstats from executing every 10 minutes. Put a hash in front of any line.
 # sed -i 's/^[^#]/#&/' /etc/cron.d/awstats
 # echo -e "\033[92;1mAwstat installed\033[Om"
--- a/bin/misc.sh
+++ b/bin/misc.sh
@ -15,12 +15,13 @@ if [ "$EUID" -ne 0 ]; then
 fi
 sleep 2
-apt-get --yes --force-yes install vim curl
+# TODO --force-yes is deprecated, use one of the options starting with --allow instead.
 apt-get --yes install vim curl
 sed -i "s/^# en_GB.UTF-8/en_GB.UTF-8/g" /etc/locale.gen
 locale-gen
-apt-get --yes --force-yes install ntp
+apt-get --yes install ntp
 dpkg-reconfigure tzdata
-apt-get --yes --force-yes install tmux etckeeper needrestart htop lynx unzip
+apt-get --yes install tmux etckeeper needrestart htop lynx unzip nfs-common
 # TODO cron
 # https://askubuntu.com/questions/56683/where-is-the-cron-crontab-log/121560#121560
--- a/bin/mysql-db.sh
+++ b/bin/mysql-db.sh
@ -0,0 +1,56 @@
 #!/bin/sh
 echo -e '
     _ _      _   _
  __| | |__  | | | |___ ___ _ _
 / _` |  _ \ | |_| (_-</ -_)  _|
 \__,_|_.__/  \___//__/\___|_|
 '
 echo -e "Create new mysql db and user (you will be asked a db name and a password)"
 . bin/checkroot.sh
 sleep 3
 # configure
 echo -n "Please provide the mysql root passwd : "
 read _root_mysql_passwd
 mysql -u root -p$_root_mysql_passwd -e "show databases;"
 echo -n "Enter new db name: "
 read db_name
 while [ "$db_name" = "" ]
 do
  read -p "enter a db name ? " db_name
  if [ "$db_name" != "" ]; then
    # TODO check if db already exists
    # if id "$db_name" >/dev/null 2>&1; then
    #   echo "user $db_name alreday exists, you must provide a non existing user name."
    #   db=""
    # else
      read -p "is db name $db_name correcte [y|n] " validated
      if [ "$validated" = "y" ]; then
        break
      else
        db_name=""
      fi
    # fi
  fi
 done
 # generate random password for new mysql user
 _passwd="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c16)"
 # create new mysql user
 mysql -u root -p$_root_mysql_passwd -e "CREATE DATABASE $db_name;"
 mysql -u root -p$_root_mysql_passwd -e "CREATE USER '$db_name'@'localhost' IDENTIFIED BY '$_passwd';"
 mysql -u root -p$_root_mysql_passwd -e "GRANT ALL ON $db_name.* TO '$db_name'@'localhost';"
 mysql -u root -p$_root_mysql_passwd -e "show databases;"
 echo "database and user : $db_name installed"
 echo " please record your password $_passwd"
 echo "press any key to continue."
 read continu
--- a/bin/mysqlbackup.sh
+++ b/bin/mysqlbackup.sh
@ -39,4 +39,4 @@ touch /var/spool/cron/crontabs/root
 crontab -l > /tmp/mycron
 echo "30 2 */2 * * /usr/local/bin/mysqlbackup.sh" >> /tmp/mycron
 crontab /tmp/mycron
-rm /tmp/mycron
+rm -f /tmp/mycron
--- a/bin/nfs.sh
+++ b/bin/nfs.sh
@ -0,0 +1,44 @@
 #!/bin/sh
 echo -e '\033[35m
        __     
 _ __  / _|___ 
 |  _ \| |_/ __|
 | | | |  _\__ \
 |_| |_|_| |___/
 \033[0m'
 echo -e "\033[35;1mLEMP server (Nginx Mysql Php-fpm) \033[0m"
 apt install nfs-kernel-server
 vim /etc/exports 
 mkdir /home/proxmox-backup
 mkdir /home/urbackup
 ufw allow from 37.187.134.71 to any port nfs
 ufw allow from 37.187.134.71 to any port 111
 ufw allow proto udp from 37.187.134.71 to any port 32764:32769
 ufw allow proto tcp from 37.187.134.71 to any port 32764:32769
 ufw allow from 37.187.93.155 to any port nfs
 ufw allow from 37.187.93.155 to any port 111
 ufw allow proto udp from 37.187.93.155 to any port 32764:32769
 ufw allow proto tcp from 37.187.93.155 to any port 32764:32769
 ufw allow from 37.187.128.147 to any port nfs
 ufw allow from 37.187.128.147 to any port 111
 ufw allow proto udp from 37.187.128.147 to any port 32764:32769
 ufw allow proto tcp from 37.187.128.147 to any port 32764:32769
 ufw allow from 94.23.8.104 to any port nfs
 ufw allow from 94.23.8.104 to any port 111
 ufw allow proto udp from 94.23.8.104 to any port 32764:32769
 ufw allow proto tcp from 94.23.8.104 to any port 32764:32769
 systemctl restart nfs-server
 systemctl enable nfs-server
 vim /etc/ufw/user.rules
--- a/bin/php7.4.sh
+++ b/bin/php7.4.sh
@ -0,0 +1,16 @@
 #!/bin/bash
 echo -e "\033[35;1mInstalling PHP 7.4 \033[0m"
 apt-get -y install lsb-release apt-transport-https ca-certificates
 wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
 echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list
 apt-get update
 apt-get -y install php7.4 php7.4-{fpm,mysql,opcache,curl,mbstring,zip,xml,gd,imagick,apcu}
 mv /etc/php/7.4/fpm/php.ini /etc/php/7.4/fpm/php.ini.back
 cp "$_assets"/php7.4-fpm.ini /etc/php/7.4/fpm/php.ini
 systemctl enable php7.4-fpm
 systemctl start php7.4-fpm
 echo -e "\033[92;1mphp7.4-fpm installed\033[O"
--- a/bin/postgresqlbackup.sh
+++ b/bin/postgresqlbackup.sh
@ -0,0 +1,54 @@
 #!/bin/sh
 echo -e '\033[35m
  ___        _                ___  ___  _      ___          _
 | _ \___ __| |_ __ _ _ _ ___/ __|/ _ \| |    | _ ) __ _ __| |___  _ _ __
 |  _/ _ (_-<  _/ _. | ._/ -_)__ \ (_) | |__  | _ \/ _. / _| / / || | ._ \
 |_| \___/__/\__\__, |_| \___|___/\__\_\____| |___/\__,_\__|_\_\\_,_| .__/
                |___/                                               |_|
 \033[0m'
 if [ "$EUID" -ne 0 ]; then
  echo "Please run as root"
  exit
 fi
 # get the current position
 _cwd="$(pwd)"
 # check for assets forlder
 _assets="$_cwd/assets"
 if [ ! -d "$_assets" ]; then
  _assets="$_cwd/../assets"
  if [ ! -d "$_assets" ]; then
    echo "!! can't find assets directory !!"
    exit
  fi
 fi
 # adding the script
 cp "$_assets"/pgsqlbackup.sh /usr/local/bin/
 chmod +x /usr/local/bin/pgsqlbackup.sh
 # configure
 echo -n "Please provide the postgresql host : "
 read _pg_host
 sed -i "s/HOST/$_pg_host/g" /usr/local/bin/pgsqlbackup.sh
 echo -n "Please provide the postgresql port : "
 read _pg_port
 sed -i "s/PORT/$_pg_port/g" /usr/local/bin/pgsqlbackup.sh
 echo -n "Please provide the postgresql user : "
 read _pg_user
 sed -i "s/USER/$_pg_user/g" /usr/local/bin/pgsqlbackup.sh
 echo -n "Please provide the postgresql passwd : "
 read _pg_passwd
 sed -i "s/PASSWD/$_pg_passwd/g" /usr/local/bin/pgsqlbackup.sh
 # creating crontab
 touch /var/spool/cron/crontabs/root
 crontab -l > /tmp/mycron
 echo "30 2 */2 * * /usr/local/bin/pgsqlbackup.sh" >> /tmp/mycron
 crontab /tmp/mycron
 rm /tmp/mycron
--- a/bin/ssh.sh
+++ b/bin/ssh.sh
@ -1,7 +1,7 @@
 #!/bin/sh
-echo '\033[35m
+echo -e '\033[35m
   __________ __  __
  / ___/ ___// / / /
  \__ \\__ \/ /_/ /
@ -14,8 +14,13 @@ if [ "$EUID" -ne 0 ]; then
  exit
 fi
-sed -i 's/PermitRootLogin\ yes/PermitRootLogin no/g' /etc/ssh/sshd_config
+# sed -i 's/PermitRootLogin\ yes/PermitRootLogin no/g' /etc/ssh/sshd_config
-sed -i 's/PermitEmptyPasswords\ yes/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
+# sed -i 's/PermitEmptyPasswords\ yes/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
-sed -i 's/Protocol\ [0-9]/Protocol 2/g' /etc/ssh/sshd_config
+# sed -i 's/Protocol\ [0-9]/Protocol 2/g' /etc/ssh/sshd_config
 touch /etc/ssh/sshd_config.d/custom.conf
 echo "PermitRootLogin no" >> /etc/ssh/sshd_config.d/custom.conf
 echo "PermitEmptyPasswords no" >> /etc/ssh/sshd_config.d/custom.conf
 systemctl reload ssh
-echo "\033[92;1mSSH secured\033[Om"
+echo -e "\033[92;1mSSH secured\033[Om"
--- a/bin/upgrade.sh
+++ b/bin/upgrade.sh
@ -2,7 +2,7 @@
 # TODO check if root
-echo '\033[35m
+echo -e '\033[35m
   __  ______  __________  ___    ____  ______
  / / / / __ \/ ____/ __ \/   |  / __ \/ ____/
 / / / / /_/ / / __/ /_/ / /| | / / / / __/
--- a/bin/urbackup.sh
+++ b/bin/urbackup.sh
@ -38,12 +38,18 @@ apt install build-essential "g++" "libcrypto++-dev" libz-dev -y
 #  libwxgtk3.0-dev
 # Download the UrBackup client source files and extract them
-wget -P /tmp/ https://hndl.urbackup.org/Client/latest/urbackup-client-2.3.4.0.tar.gz
+# wget -P /tmp/ https://hndl.urbackup.org/Client/latest/urbackup-client-2.3.4.0.tar.gz
 # wget -P /tmp/ https://hndl.urbackup.org/Client/2.4.11/urbackup-client-2.4.11.0.tar.gz
 # wget -P /tmp/ https://hndl.urbackup.org/Client/2.5.20/urbackup-client-2.5.20.0.tar.gz
 # wget -P /tmp/ https://hndl.urbackup.org/Client/2.5.20/urbackup-client-2.5.24.0.tar.gz
 wget -P /tmp/ https://hndl.urbackup.org/Client/2.5.25/urbackup-client-2.5.25.0.tar.gz
 cd /tmp
-tar xzf /tmp/urbackup-client-2.3.4.0.tar.gz
+
 tar xzf /tmp/urbackup-client-2.5.25.0.tar.gz
 # Build the UrBackup client and install it
-cd /tmp/urbackup-client-2.3.4.0
+# cd /tmp/urbackup-client-2.3.4.0
 cd /tmp/urbackup-client-2.5.25.0
 ./configure --enable-headless
 make -j4
 make install
@ -66,7 +72,8 @@ internet_mode_enabled=true
 internet_image_backups_def=false
 default_dirs_def=/etc;var/www;/var/backups/mysql
 startup_backup_delay_def=3
-computername=$_computername" > /usr/local/var/urbackup/data/settings.cfg
+computername=$_computername" > /etc/default/urbackupclient
 # /usr/local/var/urbackup/data/settings.cfg
 # firewall
 ufw allow from "$_ip" to any port 35621
@ -74,7 +81,8 @@ ufw allow from "$_ip" to any port 35622
 ufw allow from "$_ip" to any port 35623
 # install and enable systemd service
-cp "$_assets"/urbackup.service /etc/systemd/system/
+# cp "$_assets"/urbackup.service /etc/systemd/system/
 cp urbackupclientbackend-debian.service /etc/systemd/system/urbackup.service
 chmod a+x /etc/systemd/system/urbackup.service
 systemctl --system daemon-reload
--- a/bin/user.sh
+++ b/bin/user.sh
@ -37,8 +37,6 @@ do
  fi
 done
 # read -p "Continue? (Y/N): " confirm && [[ $confirm == [yY] || $confirm == [yY][eE][sS] ]] || exit 1
 adduser "$user"
 echo "adding $user to admin group and limiting su to the admin group"
 groupadd admin
--- a/bin/vhost.sh
+++ b/bin/vhost.sh
@ -27,6 +27,7 @@ if [ "$vh" = "y" ]; then
    fi
  fi
  _domain=""
  while [ "$_domain" = "" ]
  do
  read -p "enter a domain name ? " _domain
@ -41,6 +42,7 @@ if [ "$vh" = "y" ]; then
  done
  # ask for simple php conf or drupal conf
  _drupal=""
  while [ "$_drupal" != "yes" ] && [ "$_drupal" != "no" ]
  do
    echo -n "Is your site is a drupal one? [yes|no] "
@ -48,28 +50,30 @@ if [ "$vh" = "y" ]; then
  done
  # ask for let's encrypt
  _letsencrypt=""
  while [ "$_letsencrypt" != "yes" ] && [ "$_letsencrypt" != "no" ]
  do
    echo -e "\033[35;1mLet's encrypt \033[0m"
-    echo -e "Let's encrypt needs a public registered domain name with proper DNS records ( A records or CNAME records for subdomains pointing to your server)."
+    echo "Let's encrypt needs a public registered domain name with proper DNS records ( A records or CNAME records for subdomains pointing to your server)."
    echo -n "Should we install let's encrypt certificate with $_domain? [yes|no] "
    read _letsencrypt
  done
  systemctl stop nginx
  # lets'encrypt
  # https://certbot.eff.org/lets-encrypt/debianstretch-nginx
  if [ "$_letsencrypt" = "yes" ]; then
-    apt-get --yes --force-yes install certbot
+    apt-get --yes install certbot
    systemctl stop nginx
    certbot certonly --standalone -d "$_domain" --cert-name "$_domain"
    systemctl start nginx
    # TODO stop the whole process if letsencrypt faile
    mkdir -p /etc/nginx/ssl/certs/"$_domain"
    openssl dhparam -out /etc/nginx/ssl/certs/"$_domain"/dhparam.pem 2048
    # renewing
    touch /var/spool/cron/crontabs/root
    crontab -l > mycron
-    echo -e "0 3 * * * certbot renew --pre-hook 'systemctl stop nginx' --post-hook 'systemctl start nginx' --cert-name $_domain" >> mycron
+    echo "0 3 * * * certbot renew --pre-hook 'systemctl stop nginx' --post-hook 'systemctl start nginx' --cert-name $_domain" >> mycron
    crontab mycron
    rm mycron
  fi
@ -102,6 +106,16 @@ if [ "$vh" = "y" ]; then
  chmod -R g+w /var/www/"$_domain"/
  chmod -R g+r /var/www/"$_domain"/
  #set fail2ban for vhost
  # https://stackoverflow.com/a/65552146
  cp "$_assets/fail2ban/jail.d/nginx-badbots.conf" "/etc/fail2ban/jail.d/nginx-badbots-$_domain.conf"
  sed -i -r "s/\[nginx-badbots\]/\[nginx-badbots-$_domain\]/g" "/etc/fail2ban/jail.d/nginx-badbots-$_domain.conf"
  sed -i -r "s/<FILTER>/\[nginx-badbots-$_domain\]/g" "/etc/fail2ban/jail.d/nginx-badbots-$_domain.conf"
  sed -i -r "s/<LOGPATH>/\/var\/www\/$_domain\/log\/error.log/g" "/etc/fail2ban/jail.d/nginx-badbots-$_domain.conf"
  cp "$_assets/fail2ban/filter.d/nginx-badbots.conf" "/etc/fail2ban/filter.d/nginx-badbots-$_domain.conf"
  sed -i -r "s/<HOST>/$_domain/g" "/etc/fail2ban/filter.d/nginx-badbots-$_domain.conf"
  # create a shortcut to the site
@ -110,7 +124,8 @@ if [ "$vh" = "y" ]; then
  yn=${yn:-y}
  if [ "$yn" = "Y" ] || [ "$yn" = "y" ]; then
    # if $user var does not exists (vhost.sh ran directly) ask for it
-    if [ -z ${user+x} ]; then
+    user=""
    # if [ -z ${user+x} ]; then
      while [ "$user" = "" ]
      do
        read -p "enter an existing user name ? " user
@ -124,14 +139,14 @@ if [ "$vh" = "y" ]; then
              user=""
            fi
          else
-            echo -e "user $user doesn't exists, you must provide an existing user"
+            echo "user $user doesn't exists, you must provide an existing user"
            user=""
          fi
        fi
      done
-    fi
+    # fi
-    echo -e "shortcut will be installed for '$user'";
+    echo "shortcut will be installed for '$user'";
    sleep 3
    mkdir /home/"$user"/www/
@ -140,14 +155,14 @@ if [ "$vh" = "y" ]; then
    chown "$user":admin /home/"$user"/www/"$_domain"
  else
-    echo -e 'no shortcut installed'
+    echo 'no shortcut installed'
  fi
  # activate the vhost
  ln -s /etc/nginx/sites-available/"$_domain".conf /etc/nginx/sites-enabled/"$_domain".conf
  # restart nginx
-  systemctl start nginx
+  systemctl restart nginx
  echo -e "\033[92;1mvhost $_domain configured \033[Om"
 else
-  echo -e "Vhost installation aborted"
+  echo "Vhost installation aborted"
 fi
--- a/bin/webhook.sh
+++ b/bin/webhook.sh
@ -0,0 +1,122 @@
 #!/bin/bash
 # bachir soussi chiadmi
 # get the current position
 _cwd="$(pwd)"
 echo -e '\033[35m
 __      __   _    _  _          _
 \ \    / /__| |__| || |___  ___| |__
  \ \/\/ / -_) `_ \ __ / _ \/ _ \ / /
   \_/\_/\___|_.__/_||_\___/\___/_\_\
 \033[0m'
 # check for assets folder
 _assets="$_cwd/assets"
 if [ ! -d "$_assets" ]; then
  _assets="$_cwd/../assets"
  if [ ! -d "$_assets" ]; then
    echo "!! can't find assets directory !!"
    exit
  fi
 fi
 user=""
 while [ "$user" = "" ]
 do
  read -p "enter an existing user name ? " user
  if [ "$user" != "" ]; then
    # check if user already exists
    if id "$user" >/dev/null 2>&1; then
      read -p "is user name $user correcte [y|n] " validated
      if [ "$validated" = "y" ]; then
        break
      else
        user=""
      fi
    else
      echo "user $user doesn't exists, you must provide an existing user"
      user=""
    fi
  fi
 done
 _domain=""
 while [ "$_domain" = "" ]
 do
 read -p "enter a domain name ? " _domain
 if [ "$_domain" != "" ]; then
  read -p "is domain $_domain correcte [y|n] " validated
  if [ "$validated" = "y" ]; then
    break
  else
    _domain=""
  fi
 fi
 done
 _id=$(echo "$_domain" | sed "s/\./_/g")
 _remote=""
 while [ "$_remote" = "" ]
 do
 read -p "enter teh remote git repos url to pull from ? " _remote
 if [ "$_remote" != "" ]; then
  read -p "is $_remote correcte [y|n] " validated
  if [ "$validated" = "y" ]; then
    break
  else
    _remote=""
  fi
 fi
 done
 # TODO check for /home/"$user"/www/"$_domain"
 if [ ! -d /home/"$user"/www/"$_domain" ]; then
  echo "/home/$user/www/$_domain does not exists !"
  exit
 fi
 # TODO check for /home/"$user"/git-repositories/"$_domain.git"
 if [ ! -d /home/"$user"/git-repositories/"$_domain.git" ]; then
  echo "/home/$user/git-repositories/$_domain.git does not exists !"
  exit
 fi
 apt-get install webhook
 # git bare repos remote
 git --git-dir=/home/"$user"/git-repositories/"$_domain.git" remote add origin "$_remote"
 # hook deploy script
 cp -f "$_assets"/webhook-deploy.sh /home/"$user"/webhook-deploy-"$_id".sh
 sed -i -r "s/DOMAIN/$_domain/g" /home/"$user"/webhook-deploy-"$_id".sh
 sed -i -r "s/USER/$user/g" /home/"$user"/webhook-deploy-"$_id".sh
 chowm $user:$user /home/"$user"/webhook-deploy-"$_id".sh
 chmod +x /home/"$user"/webhook-deploy-"$_id".sh
 # remove git bare repos hook
 mv /home/"$user"/git-repositories/"$_domain".git/hooks/post-receive /home/"$user"/git-repositories/"$_domain".git/hooks/post-receive.back
 # webhook conf
 touch /etc/webhooks.conf
 echo "
 - id: deploy_app_$_id
  execute-command: /home/$user/webhook-deploy-$_id.sh
  command-working-directory: /home/$user/
 " >> /etc/webhooks.conf
 # webhook service
 cp -f "$_assets"/webhook.service /etc/systemd/system/webhook.service
 systemctl enable webhook
 systemctl start webhook
 systemctl restart webhook
 # systemctl reload webhook
 ufw allow 9000
 echo "webhook done"
 echo "you can configure your webhook trigger with the following url :"
 echo "http://$_domain:9000/hooks/deploy_app_$_id"
--- a/bin/zabbix.sh
+++ b/bin/zabbix.sh
@ -26,8 +26,9 @@ if [ ! -d "$_assets" ]; then
  fi
 fi
-wget -P /tmp/ http://repo.zabbix.com/zabbix/3.4/debian/pool/main/z/zabbix-release/zabbix-release_3.4-1+stretch_all.deb
+
-dpkg -i /tmp/zabbix-release_3.4-1+stretch_all.deb
+wget -P /tmp/ wget https://repo.zabbix.com/zabbix/6.4/debian/pool/main/z/zabbix-release/zabbix-release_6.4-1+debian12_all.deb
 dpkg -i /tmp/zabbix-release_6.4-1+debian12_all.deb
 apt-get update -y
@ -40,8 +41,6 @@ echo -n "Please provide the zabbix-server's ip : "
 read _ip
 echo -n "Please provide the hostname of this agent : "
 read _host_name
 echo -n "Please provide the mysql root password : "
 read _root_mysql_passwd
 _agent_conf_d="/etc/zabbix/zabbix_agentd.d" # for debian 8
 if [ ! -d "$_agent_conf_d" ]; then
@ -53,6 +52,10 @@ sed -i "s#Server=127.0.0.1#Server=$_ip#g" /etc/zabbix/zabbix_agentd.conf
 sed -i "s#ServerActive=127.0.0.1#ServerActive=$_ip#g" /etc/zabbix/zabbix_agentd.conf
 sed -i "s#Hostname=Zabbix server#Hostname=$_host_name#g" /etc/zabbix/zabbix_agentd.conf
 # todo ask if LXC container, if yes install this script
 # https://github.com/kvaps/zabbix-linux-container-template
 # APT
 # check for debian security updates
 # not working : https://www.osso.nl/blog/zabbix-counting-security-updates
@ -64,6 +67,14 @@ cp "$_assets"/zabbix/apt.conf "$_agent_conf_d"/
 # MYSQL
 # https://serverfault.com/questions/737018/zabbix-user-parameter-mysql-status-setting-home
 # create zabbix user home
 echo -n "monitor mysql? [Y|n] "
 read yn
 yn=${yn:-y}
 if [ "$yn" = "Y" ] || [ "$yn" = "y" ]; then
  echo -n "Please provide the mysql root password : "
  read _root_mysql_passwd
  mkdir /var/lib/zabbix
  # generate random password for zabbix mysql user
  _passwd="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c12)"
@ -76,15 +87,24 @@ mysql -uroot -p"$_root_mysql_passwd" -e "CREATE USER 'zabbix' IDENTIFIED BY '$_p
  mysql -uroot -p"$_root_mysql_passwd" -e "GRANT USAGE ON *.* TO 'zabbix'@'localhost' IDENTIFIED BY '$_passwd';"
  # add zabbix-agent parameter
  cp "$_assets"/zabbix/userparameter_mysql.conf "$_agent_conf_d"/
 fi
 # NGINX
 # https://github.com/sfuerte/zbx-nginx
 # nginxconf already included in default.nginxconf asset
 echo -n "Monitor nginx? [Y|n] "
 read yn
 yn=${yn:-y}
 if [ "$yn" = "Y" ] || [ "$yn" = "y" ]; then
  sed -i "s/# allow CURRENT-SERVER-IP/allow $_cur_ip/g" /etc/nginx/sites-available/default
  cp "$_assets"/zabbix/userparameter_nginx.conf "$_agent_conf_d"/
  mkdir /etc/zabbix/zabbix_agentd.scripts
  cp "$_assets"/zabbix/scripts/nginx-stat.py /etc/zabbix/zabbix_agentd.scripts/
  chmod +x /etc/zabbix/zabbix_agentd.scripts/nginx-stat.py
 fi
 echo -n "This is box is a proxmox CT? [Y|n] "
 read yn
@ -96,6 +116,8 @@ fi
 # SYSTEMD
 # https://github.com/MogiePete/zabbix-systemd-service-monitoring
 cp "$_assets"/zabbix/userparameter_systemd_services.conf "$_agent_conf_d"/
 # https://www.zabbix.com/forum/zabbix-cookbook/23024-monitor-the-version-of-centos-debian-ubuntu?p=386466#post386466
 cp "$_assets"/zabbix/userparameter_linux_name_version.conf "$_agent_conf_d"/
 # disble unused system units
 systemctl disable rsync
--- a/install.sh
+++ b/install.sh
@ -13,10 +13,10 @@ echo -e '\033[35m
 /_____/\___/_.___/_/\__,_/_/ /_/   /____/\___/_/    |___/\___/_/
 \033[0m'
-echo -e "\033[35;1mThis script has been tested only on Linux Debian 9 \033[0m"
+echo -e "\033[35;1mThis script has been tested only on Linux Debian 10 \033[0m"
 if [ "$EUID" -ne 0 ]; then
-  echo -e "Please run as root"
+  echo "Please run as root"
  exit
 fi
@ -24,7 +24,7 @@ echo -n "Should we start? [Y|n] "
 read yn
 yn=${yn:-y}
 if [ "$yn" != "y" ]; then
-  echo -e "aborting script!"
+  echo "aborting script!"
  exit
 fi
@ -35,7 +35,7 @@ _cwd="$(pwd)"
 . bin/misc.sh
 . bin/firewall.sh
 . bin/fail2ban.sh
-. bin/knockd.sh
+# . bin/knockd.sh
 . bin/user.sh
 . bin/email.sh
@ -48,7 +48,7 @@ done
 if [ "$securssh" = "yes" ]; then
  . bin/ssh.sh
 else
-  echo -e 'root user can still conect through ssh'
+  echo 'root user can still conect through ssh'
 fi
@ -58,7 +58,7 @@ yn=${yn:-y}
 if [ "$yn" = "y" ]; then
  . bin/ftp.sh
 else
-  echo -e 'ftp server not installed'
+  echo 'ftp server not installed'
 fi
 while [ "$lemp" != "yes" ] && [ "$lemp" != "no" ]
@ -69,7 +69,7 @@ done
 if [ "$lemp" = "yes" ]; then
  . bin/lemp.sh
 else
-  echo -e 'lemp server not installed'
+  echo 'lemp server not installed'
 fi
 while [ "$_install_vhost" != "yes" ] && [ "$_install_vhost" != "no" ]
@ -78,9 +78,10 @@ do
  read _install_vhost
 done
 if [ "$_install_vhost" = "yes" ]; then
  # TODO bug vhost.sh file does not exists ...
  . bin/vhost.sh
 else
-  echo -e 'no vhost installed'
+  echo 'no vhost installed'
 fi
 while [ "$_install_zabbix_agent" != "yes" ] && [ "$_install_zabbix_agent" != "no" ]
@ -91,7 +92,7 @@ done
 if [ "$_install_zabbix_agent" = "yes" ]; then
  . bin/zabbix.sh
 else
-  echo -e 'zabbix-agent not installed'
+  echo 'zabbix-agent not installed'
 fi
 while [ "$_install_urbackup" != "yes" ] && [ "$_install_urbackup" != "no" ]
@ -102,11 +103,12 @@ done
 if [ "$_install_urbackup" = "yes" ]; then
  . bin/urbackup.sh
 else
-  echo -e 'urbackup client not installed'
+  echo 'urbackup client not installed'
 fi
-
+# ./install.sh: line 109: bin/dotfiles.sh: No such file or directory
 . bin/dotfiles.sh
 # . bin/autoupdate.sh
 # echo -e '\033[35m
@ -139,7 +141,7 @@ fi
 #   mount -t tmpfs -o rw,noexec,nosuid tmpfs /tmp
 #   chmod 1777 /tmp
-#   echo -e "tmpfs /tmp tmpfs rw,noexec,nosuid 0 0" >> /etc/fstab
+#   echo "tmpfs /tmp tmpfs rw,noexec,nosuid 0 0" >> /etc/fstab
 #   # Restore /tmp
 #   cp -Rpf /tmpbackup/* /tmp/ >/dev/null 2>&1
--- a/raw.githubusercontent.com_kvaps_zabbix-linux-container-template_master_zabbix_container.conf.txt
+++ b/raw.githubusercontent.com_kvaps_zabbix-linux-container-template_master_zabbix_container.conf.txt
@ -0,0 +1,4 @@
 UserParameter=ct.memory.size[*],free -b | awk 'NR==2 {total=$ 2; used=($ 3+$ 5); pused=(($ 3+$ 5)*100/$ 2); free=$ 4; pfree=($ 4*100/$ 2); shared=$ 5; buffers=$ 6; cached=$ 6; available=$ 7; pavailable=($ 7*100/$ 2); if("$1" == "") {printf("%.0f", total )} else {printf("%.0f", $1 "" )} }'
 UserParameter=ct.swap.size[*],free -b | awk 'NR==3 {total=$ 2; used=$ 3; free=$ 4; pfree=($ 4*100/$ 2); pused=($ 3*100/$ 2); if("$1" == "") {printf("%.0f", free )} else {printf("%.0f", $1 "" )} }'
 UserParameter=ct.cpu.load[*],cut -d" " -f1-3 /proc/loadavg | awk -F'[, ]+' '{avg1=$(NF-2); avg5=$(NF-1); avg15=$(NF)}{print $2/'$(nproc)'}'
 UserParameter=ct.uptime,cut -d"." -f1 /proc/uptime
--- a/readme.md
+++ b/readme.md
@ -1,10 +1,11 @@
-# Install web server and secure it on debian 9
+# Install LEMP web server and secure it on debian 12
 Fail2ban, Ufw, Proftpd, Knockd, Nginx, Mariadb, php7.0-fpm, redis, vhosts, git barre repos, zabbix-agent, dotfiles and more
 ## how to use it
 on a fresh install
-as root
+
 All commands below are run as root user. Either log in as root user directly or log in as your normal user and then use the command ```su -``` to become root user on your server before you proceed. IMPORTANT: You must use ```su -``` and not just ```su```, otherwise your PATH variable is set wrong by Debian.
 1 install git
 ```
@ -16,7 +17,13 @@ apt-get install git
 git clone https://figureslibres.io/gogs/bachir/debian-web-server.git
 ```
-3 run the script as root
+3 change defaut shell from dash to bash
 ```
 dpkg-reconfigure dash
 ```
 and answer NO to the the question
 4 run the script as root
 ```
 su
 cd debian-web-server
@ -25,6 +32,23 @@ chmod a+x install.sh
 ```
 5 steps
 * misc.sh
 * dotfliles.sh
 * user.sh
 * ssh.sh
 * firewall.sh
 * fail2ban.sh
 * email.sh
 * lemp.sh
 * mysqlbackup.sh
 * vhost.sh
 * gitbarrerepos.sh
 * webhook.sh
 * urbackup.sh
 * zabbix.sh
 * 
 ## ref
 http://www.debian.org/doc/manuals/securing-debian-howto/
Author	SHA1	Message	Date
bach	207a05f75b	some updates	2025-03-13 21:43:02 +01:00
bach	308b65e7be	drupal deploy git submodul init fix	2024-07-29 12:15:04 +02:00
bach	6efc4fba23	lemp php8.1 fix, drupal deploy git submodul init fix	2024-07-29 12:06:35 +02:00
bach	47b88ae300	lemp and gitbarerepos	2023-12-21 09:53:56 +01:00
bach	8863d1ef79	updtaed urbackup client	2023-12-21 09:53:17 +01:00
bach	f6cfa57db6	somme options on zabbix-agent install	2023-11-26 18:09:20 +01:00
bach	cdcb034b6b	improved webhook install, mysql comment innodb_buffer_pool_size	2023-11-26 17:59:15 +01:00
bach	62c03fc009	somme options on zabbix-agent install	2023-11-26 17:57:29 +01:00
bach	015307986d	fixed webhook-deploy install	2023-11-20 15:39:06 +01:00
bach	c409589eab	misc fixes	2023-11-19 11:04:50 +01:00
bach	0cc2b94c7e	updated sshd config	2023-11-18 11:26:36 +01:00
bach	de547cc2dd	Merge branch 'master' into deb12	2023-11-02 11:18:37 +01:00
bach	a8ea6b53bc	zabbix bug fix	2023-10-17 21:46:38 +02:00
bach	300402a38f	updated zabbix	2023-10-17 21:42:08 +02:00
bach	fd9e202d49	updated zabbix	2023-10-17 21:39:30 +02:00
bach	8ecaf8d78a	reverted php to 8.1, fixed nginx-badbots	2023-10-09 11:09:50 +02:00
bach	2c3682bf4c	fixed gitbarrerepos bug	2023-07-01 12:12:06 +02:00
bach	692584ff8a	fixed gitbarrerepos bug	2023-07-01 12:10:19 +02:00
bach	5c163b3ea2	updated urbackup client version	2023-07-01 10:47:11 +02:00
bach	cb915edc33	fixed php version on nginx conf files	2023-06-30 12:31:39 +02:00
bach	00c9aa6cd2	updated php in lemp to php8.2	2023-06-30 12:22:52 +02:00
bach	665aaabe48	updated php in lemp to php8.2	2023-06-30 12:19:53 +02:00
bach	a96789a9ed	updated php in lemp to php8.2	2023-06-30 12:18:43 +02:00
bach	f317ded417	updated php in lemp to php8.2	2023-06-30 12:17:04 +02:00
bach	418f2e5583	deb12	2023-06-30 11:49:51 +02:00
bach	4b3ccb3fff	added nginx-badbots fail2ban rule https://stackoverflow.com/a/65552146	2023-03-31 11:27:55 +02:00
bach	d2380db06b	misc	2023-03-31 11:16:46 +02:00
bach	af5d1b1404	fixed urbackup settings file path	2022-10-18 10:02:54 +02:00
bach	3503f954be	urbackup is now using coming from source systemd service	2022-10-16 21:57:16 +02:00
bach	d2e30fc62f	updated urbackup client	2022-10-16 21:33:29 +02:00
bach	1272de1add	updated php version	2021-11-08 15:53:04 +01:00
bach	443fb016bd	reset vars in vhost	2021-05-31 09:47:45 +02:00
bach	e9f4ea86f5	webhook deploy fix	2021-05-18 15:29:06 +02:00
bach	4554f1fa5a	webhook deploy fix	2021-05-18 14:37:00 +02:00
bach	98ea6deeeb	webhook deploy fix	2021-05-18 14:35:19 +02:00
bach	d69c6d778a	webhook deploy fix	2021-05-18 14:32:46 +02:00
bach	b771dd27db	webhook deploy fix	2021-05-18 14:12:32 +02:00
bach	df6255689e	webhook deploy fix	2021-05-18 14:07:33 +02:00
bach	1163cd6ff0	webhook deploy fix	2021-05-18 14:04:31 +02:00
bach	3a921226c0	webhook deploy fix	2021-05-18 14:02:08 +02:00
bach	932d0a7d7f	webhook deploy install	2021-05-18 13:59:30 +02:00
bach	0af76cdd60	webhook deploy install	2021-05-18 13:58:50 +02:00
bach	198036de8d	fixed nginx conf	2021-05-18 11:49:33 +02:00
bach	0b6f134691	added php7.4 install	2021-05-18 11:25:29 +02:00
bach	d7cb0d32a4	added php7.4 install	2021-05-18 11:07:16 +02:00
bach	591f67e6bc	mysql as option in lemp install	2021-05-18 10:52:02 +02:00
bach	a79e147c3a	added php7.4 install	2021-05-18 10:48:24 +02:00
bach	cecb09a12e	misc	2021-05-12 11:31:55 +02:00
bach	918220ba07	postgresql backup	2021-04-29 15:37:36 +02:00
bach	bec4a5ee3c	postgresql backup	2021-04-29 15:36:28 +02:00
bach	5de5b48682	postgresql backup	2021-04-29 15:35:41 +02:00
bach	fcfeda8999	started pgsql backup script	2021-04-29 14:43:46 +02:00
bach	a8af6cff54	updated urbackup client to 2.4.11	2021-04-28 12:03:02 +02:00
bach	0b00728d66	added php7.3-apcu	2021-03-24 20:47:53 +01:00
bach	9040ba67e7	chmod +x mysql-db.sh	2021-03-17 12:01:43 +01:00
bach	37a8a031da	git barerepos & redis warnings	2021-03-16 10:02:38 +01:00
Bachir Soussi Chiadmi	a96979f219	added ipv6 support to vhosts	2020-12-14 16:34:41 +01:00
Bachir Soussi Chiadmi	ea3a702235	added mysql db creation script	2020-11-15 21:29:09 +01:00
Bachir Soussi Chiadmi	4a8e1b3a4a	updated drush-launcher path	2020-11-15 21:28:28 +01:00
Bachir Soussi Chiadmi	8190ca5ab2	updated urbackup client	2020-04-18 11:37:55 +02:00
Bachir Soussi Chiadmi	21d9c2ee0d	updated urbackup client	2020-04-18 11:32:19 +02:00
Bachir Soussi Chiadmi	3546724fbc	improved vhost	2020-03-30 12:37:46 +02:00
Bachir Soussi Chiadmi	a6c0ccdd17	fixed redis install	2020-03-30 12:07:20 +02:00
Bachir Soussi Chiadmi	6fd0b7c443	fixed phpmyadmin install (not secured yet	2020-03-30 12:07:00 +02:00
Bachir Soussi Chiadmi	9f2c10519e	fix small echo	2020-03-27 18:28:19 +01:00
Bachir Soussi Chiadmi	eab2c83c2d	updated urbackup client	2020-01-13 18:35:58 +01:00
Bachir Soussi Chiadmi	783afc1a3b	exim4 fix, zabbix update	2020-01-13 16:59:27 +01:00
Bachir Soussi Chiadmi	9b3ba02e1d	updated nginx conf to php7.3-fpm	2019-10-22 09:46:14 +02:00
Bachir Soussi Chiadmi	8c44da8785	fixed lemp php7.3 install	2019-10-21 17:11:57 +02:00
Bachir Soussi Chiadmi	0c779980b0	fixed --yesinstall typo	2019-10-21 16:14:48 +02:00
Bachir Soussi Chiadmi	cf8fd6a008	reverted for bash shell	2019-10-21 16:12:37 +02:00
Bachir Soussi Chiadmi	faabe5d622	reverted for bash shell	2019-10-21 16:11:31 +02:00
Bachir Soussi Chiadmi	9225ca2f4b	reverted for bash shell	2019-10-21 16:10:05 +02:00
Bachir Soussi Chiadmi	67b84ed088	some updates for buster	2019-10-21 16:00:06 +02:00
Bachir Soussi Chiadmi	4ce386eeed	updated readme	2019-10-21 15:10:57 +02:00
		`@ -0,0 +1 @@`
							`UserParameter=linux.system.name.version,(lsb_release -d > dev/null 2>&1) && lsb_release -d \|\| (cat /etc/centos-release > /dev/null > /dev/null 2>&1 && cat /etc/centos-release \|\| cat /etc/redhat-release)`