Add files via upload

2022-03-29

files/basic_installer.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+apt -y upgrade
+apt -y upgrade
+apt -y dist-upgrade
+apt -y --fix-broken install nginx software-properties-common python3 python3-pip build-essential php php-cli php-fpm php-json php-common php-mysql php-zip php-gd php-mbstring php-curl php-xml php-pear php-bcmath zlib1g-dev libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libreadline-dev libffi-dev wget curl screen joe

files/nginx/nginx-ssl.conf

@@ -0,0 +1,152 @@
+# https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
+# PHP 7 starten: /etc/init.d/php7.0-fpm restart
+# renew via: bash: certbot certonly -interactive (Spin new Server, kill nginx before)
+
+user  www-data;
+worker_processes auto;
+error_log  /var/log/nginx/error.log;
+pid        /var/log/nginx/nginx.pid;
+
+events {
+	worker_connections 46096;
+	multi_accept on;
+	use epoll;
+}
+worker_rlimit_nofile 40000;
+
+http {
+	fastcgi_cache_path /dev/shm/ levels=1:2 keys_zone=phpcache:1500m inactive=10080m;
+	fastcgi_cache_key "$scheme$request_method$host$request_uri";
+	include 	/etc/nginx/mime.types;
+	include 	/etc/nginx/fastcgi.conf;
+	index 		index.html index.htm index.php;
+	default_type text/html;
+
+	log_format main 'site="$server_name" server="$host" dest_port="$server_port" dest_ip="$server_addr" '
+                   'src="$remote_addr" src_ip="$realip_remote_addr" user="$remote_user" '
+                   'time_local="$time_local" protocol="$server_protocol" status="$status" '
+                   'bytes_out="$body_bytes_sent" bytes_in="$upstream_response_length" '
+                   'http_referer="$http_referer" http_user_agent="$http_user_agent" '
+                   'nginx_version="$nginx_version" http_x_forwarded_for="$http_x_forwarded_for" '
+                   'http_x_header="$http_x_header" uri_query="$query_string" uri_path="$uri" '
+                   'http_method="$request_method" response_time="$upstream_response_time" '
+                   'cookie="$http_cookie" request_time="$request_time" ';
+
+	access_log /var/log/nginx/access.main.log main;
+
+	read_ahead                512K; # kernel read head set to the output_buffers
+	recursive_error_pages     on;
+	sendfile                  on;# on for decent direct disk I/O
+	sendfile_max_chunk 	  	  1m;
+	server_tokens             off;# version number in error pages
+	server_name_in_redirect   on; # if off, nginx will use the requested Host header
+	source_charset            utf-8; # same value as "charset"
+	tcp_nodelay               on;# Nagle buffering algorithm, used for keepalive only
+	tcp_nopush                on;
+
+	open_file_cache max=2000 inactive=20s;
+	open_file_cache_valid 60s;
+	open_file_cache_min_uses 5;
+	open_file_cache_errors off;
+
+	etag on;
+	gzip on;
+	gzip_vary on;
+	gzip_http_version 1.1;
+	gzip_static on;
+	gzip_min_length 100;
+	gzip_proxied any;
+	gzip_comp_level 9;
+	gzip_buffers 16 8k;
+
+	gzip_types text/plain text/css application/json application/javascript text/javascript application/x-javascript text/xml application/xml application/xml+rss application/x-font-woff font/ttf font/eot font/otf font/woff font/x-woff application/font-woff application/font-woff2 font/woff2 image/svg+xml;
+
+	large_client_header_buffers 8 512k;
+	client_max_body_size 25M;
+	client_body_buffer_size 1m;
+	client_body_timeout 15;
+	client_header_timeout 15;
+	keepalive_timeout 15;
+
+	client_header_buffer_size 64k;
+	#large_client_header_buffers 4 64k;
+	client_body_in_file_only clean;
+	#client_body_buffer_size 32K;
+	#client_max_body_size 300M;
+	#sendfile on;
+	send_timeout 300s;
+
+	fastcgi_buffers 256 16k;
+	fastcgi_buffer_size 230k;
+	fastcgi_connect_timeout 3s;
+	fastcgi_send_timeout 120s;
+	fastcgi_read_timeout 120s;
+	fastcgi_busy_buffers_size 512k;
+	fastcgi_temp_file_write_size 256k;
+	reset_timedout_connection on;
+	server_names_hash_bucket_size 100;
+	add_header X-Cache $upstream_cache_status;
+
+	server {
+		server_name MYDOMAIN;
+		return 301 https://MY_WWW_DOMAIN$request_uri;
+	}
+	server {
+		server_name MY_WWW_DOMAIN;
+		return 301 https://MY_WWW_DOMAIN$request_uri;
+	}
+
+	server {
+		charset utf-8;
+		server_tokens off;
+		listen MYIP:443 ssl http2;
+
+		server_name MY_WWW_DOMAIN MYDOMAIN;
+		root MYWWWROOT;
+
+		fastcgi_hide_header X-Powered-By;
+		add_header Referrer-Policy "no-referrer" always;
+		add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+		add_header Content-Security-Policy "upgrade-insecure-requests" always;
+		add_header X-Content-Type-Options "nosniff";
+		add_header X-Frame-Options "SAMEORIGIN; ALLOW-FROM https://MY_WWW_DOMAIN";
+		add_header X-XSS-Protection "1; mode=block";
+		add_header Cache-Control "no-store, no-cache, must-revalidate, max-age=0";
+
+		access_log  /var/log/nginx/unaique.net.access.log main;
+		error_log   /var/log/nginx/unaique.net.error.log;
+		expires 3000d;
+		limit_rate 0;
+
+		# Closing Slow Connections
+		client_body_timeout 23s;
+		client_header_timeout 23s;
+
+		# https://www.nginx.com/blog/free-certificates-lets-encrypt-and-nginx/
+		ssl_certificate  /home/seo-marketing-tool/files/ssl/fullchain1.pem;
+		ssl_certificate_key /home/seo-marketing-tool/files/ssl/privkey1.pem;
+		ssl_trusted_certificate /home/seo-marketing-tool/files/ssl/chain1.pem;
+
+		ssl_stapling on;
+		ssl_stapling_verify on;
+		ssl_session_tickets off;
+		ssl_prefer_server_ciphers on;
+		ssl_session_cache    shared:SSL:50m;
+		ssl_session_timeout  5m;
+		ssl_protocols TLSv1.2 TLSv1.3;
+		ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;';
+		ssl_dhparam /home/seo-marketing-tool/files/ssl/dhparam.pem;
+		ssl_ecdh_curve secp521r1:X448:secp384r1:secp256k1;
+
+		resolver 8.8.8.8 8.8.4.4 valid=300s;
+		resolver_timeout 5s;
+
+	    location / {
+           index index.html index.htm;
+        }
+		#Block scripts from being run that shouldnt be running
+		location ~* .(pl|cgi|py|sh|lua|bak|~)$ {
+			return 404;
+		}
+    }
+}

files/nginx/nginx-standard.conf

@@ -0,0 +1,135 @@
+# https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
+# PHP 7 starten: /etc/init.d/php7.0-fpm restart
+# renew via: bash: certbot certonly -interactive (Spin new Server, kill nginx before)
+
+user  www-data;
+worker_processes auto;
+error_log  /var/log/nginx/error.log;
+pid        /var/log/nginx/nginx.pid;
+
+events {
+	worker_connections 46096;
+	multi_accept on;
+	use epoll;
+}
+worker_rlimit_nofile 40000;
+
+http {
+	include 	/etc/nginx/mime.types;
+	include 	/etc/nginx/fastcgi.conf;
+	index 		index.html index.htm index.php;
+	default_type text/html;
+
+	log_format main 'site="$server_name" server="$host" dest_port="$server_port" dest_ip="$server_addr" '
+                   'src="$remote_addr" src_ip="$realip_remote_addr" user="$remote_user" '
+                   'time_local="$time_local" protocol="$server_protocol" status="$status" '
+                   'bytes_out="$body_bytes_sent" bytes_in="$upstream_response_length" '
+                   'http_referer="$http_referer" http_user_agent="$http_user_agent" '
+                   'nginx_version="$nginx_version" http_x_forwarded_for="$http_x_forwarded_for" '
+                   'http_x_header="$http_x_header" uri_query="$query_string" uri_path="$uri" '
+                   'http_method="$request_method" response_time="$upstream_response_time" '
+                   'cookie="$http_cookie" request_time="$request_time" ';
+
+	access_log /var/log/nginx/access.main.log main;
+
+	read_ahead                512K; # kernel read head set to the output_buffers
+	recursive_error_pages     on;
+	sendfile                  on;# on for decent direct disk I/O
+	sendfile_max_chunk 	  	  1m;
+	server_tokens             off;# version number in error pages
+	server_name_in_redirect   on; # if off, nginx will use the requested Host header
+	source_charset            utf-8; # same value as "charset"
+	tcp_nodelay               on;# Nagle buffering algorithm, used for keepalive only
+	tcp_nopush                on;
+
+	open_file_cache max=2000 inactive=20s;
+	open_file_cache_valid 60s;
+	open_file_cache_min_uses 5;
+	open_file_cache_errors off;
+
+	etag on;
+	gzip on;
+	gzip_vary on;
+	gzip_http_version 1.1;
+	gzip_static on;
+	gzip_min_length 100;
+	gzip_proxied any;
+	gzip_comp_level 9;
+	gzip_buffers 16 8k;
+
+	gzip_types text/plain text/css application/json application/javascript text/javascript application/x-javascript text/xml application/xml application/xml+rss application/x-font-woff font/ttf font/eot font/otf font/woff font/x-woff application/font-woff application/font-woff2 font/woff2 image/svg+xml;
+
+	large_client_header_buffers 8 512k;
+	client_max_body_size 25M;
+	client_body_buffer_size 1m;
+	client_body_timeout 15;
+	client_header_timeout 15;
+	keepalive_timeout 15;
+
+	client_header_buffer_size 64k;
+	#large_client_header_buffers 4 64k;
+	client_body_in_file_only clean;
+	#client_body_buffer_size 32K;
+	#client_max_body_size 300M;
+	#sendfile on;
+	send_timeout 300s;
+
+	fastcgi_buffers 256 16k;
+	fastcgi_buffer_size 230k;
+	fastcgi_connect_timeout 3s;
+	fastcgi_send_timeout 120s;
+	fastcgi_read_timeout 120s;
+	fastcgi_busy_buffers_size 512k;
+	fastcgi_temp_file_write_size 256k;
+	reset_timedout_connection on;
+	server_names_hash_bucket_size 100;
+	add_header X-Cache $upstream_cache_status;
+
+	server {
+		server_name MYDOMAIN;
+		return 301 http://MY_WWW_DOMAIN$request_uri;
+	}
+	server {
+		server_name MY_WWW_DOMAIN;
+		return 301 http://MY_WWW_DOMAIN$request_uri;
+	}
+
+	server {
+		charset utf-8;
+		server_tokens off;
+		listen MYIP:80;
+
+		server_name MY_WWW_DOMAIN MYDOMAIN;
+		root MYWWWROOT;
+
+		fastcgi_hide_header X-Powered-By;
+		add_header Referrer-Policy "no-referrer" always;
+		add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+		add_header Content-Security-Policy "upgrade-insecure-requests" always;
+		add_header X-Content-Type-Options "nosniff";
+		#add_header X-Frame-Options "SAMEORIGIN; ALLOW-FROM http://MY_WWW_DOMAIN";
+		add_header X-XSS-Protection "1; mode=block";
+		add_header Cache-Control "no-store, no-cache, must-revalidate, max-age=0";
+
+		access_log  /var/log/nginx/access.log main;
+		error_log   /var/log/nginx/error.log;
+		expires 3000d;
+		limit_rate 0;
+
+		# Closing Slow Connections
+		client_body_timeout 23s;
+		client_header_timeout 23s;
+
+		resolver 8.8.8.8 8.8.4.4 valid=300s;
+		resolver_timeout 5s;
+
+	    location / {
+           index index.html index.htm;
+        }
+
+		#Block scripts from being run that shouldnt be running
+		location ~* .(pl|cgi|py|sh|lua|bak|~)$ {
+			return 404;
+		}
+    }
+}

files/seo-marketing-tool.conf

@@ -0,0 +1,20 @@
+[DEFAULT]
+custom_link_top1 		  	= https://www.artikelschreiber.com/
+custom_link_top2 		  	= https://www.unaique.net/
+custom_link_top3 		  	= https://www.unaique.com/
+
+custom_link_name_top1 		= Artikelschreiber
+custom_link_name_top2 		= UNAIQUE Software
+custom_link_name_top3 		= UNAIQUE LCC
+
+search_query			    = Familie und Geborgenheit
+language_text			    = de
+
+mydomain				    = artikelschreiben.com
+my_www_domain			    = www.artikelschreiben.com
+mywwwroot				    = /home/wwwroot
+google_analytics_id   		= G-BWLRQ17XN
+use_ssl					    = 1
+
+unaique_api				    = https://www.unaique.net/de/api/index.php
+unaique_session			  	=