PHP 7.4 Update & Ubunthu 20 Support

PHP 7.4 Update Ubunthu 20 Support

Author: bajpangosh

kloudboy/general.conf

@@ -1,36 +1,31 @@
 # favicon.ico
 location = /favicon.ico {
-	log_not_found off;
-	access_log off;
+    log_not_found off;
+    access_log    off;
 }
 
 # robots.txt
 location = /robots.txt {
-	log_not_found off;
-	access_log off;
+    log_not_found off;
+    access_log    off;
 }
 
 # assets, media
 location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
-	expires 7d;
-	access_log off;
+    expires    7d;
+    access_log off;
 }
 
 # svg, fonts
 location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
-	add_header Access-Control-Allow-Origin "*";
-	expires 7d;
-	access_log off;
+    add_header Access-Control-Allow-Origin "*";
+    expires    7d;
+    access_log off;
 }
 
 # gzip
-gzip on;
-gzip_vary on;
-gzip_proxied any;
+gzip            on;
+gzip_vary       on;
+gzip_proxied    any;
 gzip_comp_level 6;
-gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
-
-# brotli
-# brotli on;
-# brotli_comp_level 6;
-# brotli_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
+gzip_types      text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;

kloudboy/php_fastcgi.conf

@@ -1,16 +1,16 @@
 # 404
-try_files $fastcgi_script_name =404;
+try_files                     $fastcgi_script_name =404;
 
 # default fastcgi_params
-include fastcgi_params;
+include                       fastcgi_params;
 
 # fastcgi settings
-fastcgi_pass			unix:/var/run/php/php7.3-fpm.sock;
-fastcgi_index			index.php;
-fastcgi_buffers			8 16k;
-fastcgi_buffer_size		32k;
+fastcgi_pass                  unix:/var/run/php/php7.4-fpm.sock;
+fastcgi_index                 index.php;
+fastcgi_buffers               8 16k;
+fastcgi_buffer_size           32k;
 
 # fastcgi params
-fastcgi_param DOCUMENT_ROOT		$realpath_root;
-fastcgi_param SCRIPT_FILENAME	$realpath_root$fastcgi_script_name;
-fastcgi_param PHP_ADMIN_VALUE	"open_basedir=$base/:/usr/lib/php/:/tmp/";
+fastcgi_param DOCUMENT_ROOT   $realpath_root;
+fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+fastcgi_param PHP_ADMIN_VALUE "open_basedir=$base/:/usr/lib/php/:/tmp/";

kloudboy/security.conf

@@ -1,12 +1,12 @@
 # security headers
-add_header X-Frame-Options "SAMEORIGIN" always;
-add_header X-XSS-Protection "1; mode=block" always;
-add_header X-Content-Type-Options "nosniff" always;
-add_header Referrer-Policy "no-referrer-when-downgrade" always;
-add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
+add_header X-Frame-Options           "SAMEORIGIN" always;
+add_header X-XSS-Protection          "1; mode=block" always;
+add_header X-Content-Type-Options    "nosniff" always;
+add_header Referrer-Policy           "no-referrer-when-downgrade" always;
+add_header Content-Security-Policy   "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
 
 # . files
 location ~ /\.(?!well-known) {
-	deny all;
-}
+    deny all;
+}

kloudboy/wordpress.conf

@@ -1,29 +1,32 @@
 # WordPress: allow TinyMCE
 location = /wp-includes/js/tinymce/wp-tinymce.php {
-	include kloudboy/php_fastcgi.conf;
+    include nginxconfig.io/php_fastcgi.conf;
 }
 
 # WordPress: deny wp-content, wp-includes php files
 location ~* ^/(?:wp-content|wp-includes)/.*\.php$ {
-	deny all;
+    deny all;
 }
 
 # WordPress: deny wp-content/uploads nasty stuff
 location ~* ^/wp-content/uploads/.*\.(?:s?html?|php|js|swf)$ {
-	deny all;
+    deny all;
 }
 
+# WordPress: SEO plugin
+location ~* ^/wp-content/plugins/wordpress-seo(?:-premium)?/css/main-sitemap\.xsl$ {}
+
 # WordPress: deny wp-content/plugins (except earlier rules)
 location ~ ^/wp-content/plugins {
-	deny all;
+    deny all;
 }
 
 # WordPress: deny scripts and styles concat
 location ~* \/wp-admin\/load-(?:scripts|styles)\.php {
-	deny all;
+    deny all;
 }
 
 # WordPress: deny general stuff
 location ~* ^/(?:xmlrpc\.php|wp-links-opml\.php|wp-config\.php|wp-config-sample\.php|wp-comments-post\.php|readme\.html|license\.txt)$ {
-	deny all;
-}
+    deny all;
+}

nginx.conf

@@ -1,50 +1,50 @@
-user www-data;
-pid /run/nginx.pid;
-worker_processes auto;
+user                 www-data;
+pid                  /run/nginx.pid;
+worker_processes     auto;
 worker_rlimit_nofile 65535;
 
 events {
-	multi_accept on;
-	worker_connections 65535;
+    multi_accept       on;
+    worker_connections 65535;
 }
 
 http {
-	charset utf-8;
-	sendfile on;
-	tcp_nopush on;
-	tcp_nodelay on;
-	server_tokens off;
-	log_not_found off;
-	types_hash_max_size 2048;
-	client_max_body_size 100M;
-
-	# MIME
-	include mime.types;
-	default_type application/octet-stream;
-
-	# logging
-	access_log /var/log/nginx/access.log;
-	error_log /var/log/nginx/error.log warn;
-
-	# SSL
-	ssl_session_timeout 1d;
-	ssl_session_cache shared:SSL:10m;
-	ssl_session_tickets off;
-
-	# Diffie-Hellman parameter for DHE ciphersuites
-	ssl_dhparam /etc/nginx/ssl/dhparam.pem;
-
-	# Mozilla Intermediate configuration
-	ssl_protocols TLSv1.2 TLSv1.3;
-	ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
-
-	# OCSP Stapling
-	ssl_stapling on;
-	ssl_stapling_verify on;
-	resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
-	resolver_timeout 2s;
-
-	# load configs
-	include /etc/nginx/conf.d/*.conf;
-	include /etc/nginx/sites-enabled/*;
-}
+    charset              utf-8;
+    sendfile             on;
+    tcp_nopush           on;
+    tcp_nodelay          on;
+    server_tokens        off;
+    log_not_found        off;
+    types_hash_max_size  2048;
+    client_max_body_size 100M;
+
+    # MIME
+    include              mime.types;
+    default_type         application/octet-stream;
+
+    # Logging
+    access_log           /var/log/nginx/access.log;
+    error_log            /var/log/nginx/error.log warn;
+
+    # SSL
+    ssl_session_timeout  1d;
+    ssl_session_cache    shared:SSL:10m;
+    ssl_session_tickets  off;
+
+    # Diffie-Hellman parameter for DHE ciphersuites
+    ssl_dhparam          /etc/nginx/dhparam.pem;
+
+    # Mozilla Intermediate configuration
+    ssl_protocols        TLSv1.2 TLSv1.3;
+    ssl_ciphers          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+
+    # OCSP Stapling
+    ssl_stapling         on;
+    ssl_stapling_verify  on;
+    resolver             1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] 8.8.8.8 8.8.4.4 [2001:4860:4860::8888] [2001:4860:4860::8844] 208.67.222.222 208.67.220.220 [2620:119:35::35] [2620:119:53::53] valid=60s;
+    resolver_timeout     2s;
+
+    # Load configs
+    include              /etc/nginx/conf.d/*.conf;
+    include              /etc/nginx/sites-enabled/*;
+}

wp-install.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 # GET ALL USER INPUT
-tput setaf 2; echo "Domain Name (eg. example.com)?"
+tput setaf 2; echo "Domain Name (eg. yoursitename.com)?"
 read DOMAIN
 tput setaf 2; echo "Username (eg. database name)?"
 read USERNAME
@@ -42,46 +42,47 @@ sudo wget -qO nginx.conf https://raw.githubusercontent.com/bajpangosh/High-Traff
 sudo mkdir -p /var/www/"$DOMAIN"/public
 cd /var/www/"$DOMAIN/public"
 cd ~
-
+tput setaf 2; echo "Installing WP-CLI...."
+sleep 2;
+tput sgr0
+curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
+chmod +x wp-cli.phar
+sudo mv wp-cli.phar /usr/local/bin/wp
 tput setaf 2; echo "Downloading Latest Wordpress...."
 sleep 2;
 tput sgr0
 sudo wget -q wordpress.org/latest.zip
 sudo unzip latest.zip
 sudo mv wordpress/* /var/www/"$DOMAIN"/public/
 sudo rm -rf wordpress latest.zip
-
 tput setaf 2; echo "Nginx server installation completed.."
 sleep 2;
 tput sgr0
 cd ~
 sudo chown www-data:www-data -R /var/www/"$DOMAIN"/public
 sudo systemctl restart nginx.service
-
-tput setaf 2; echo "let's install php 7.3 and modules"
+tput setaf 2; echo "let's install php 7.4 and modules"
 sleep 2;
 tput sgr0
-sudo apt install php7.3 php7.3-fpm -y
-sudo apt-get -y install php7.3-intl php7.3-curl php7.3-gd php7.3-imap php7.3-readline php7.3-common php7.3-recode php7.3-mysql php7.3-cli php7.3-curl php7.3-mbstring php7.3-bcmath php7.3-mysql php7.3-opcache php7.3-zip php7.3-xml php-memcached php-imagick php-memcache memcached graphviz php-pear php-xdebug php-msgpack  php7.3-soap
+sudo apt install php7.4 php7.4-fpm -y
+sudo apt-get -y install php7.4-intl php7.4-curl php7.4-gd php7.4-imap php7.4-readline php7.4-common php7.4-recode php7.4-mysql php7.4-cli php7.4-curl php7.4-mbstring php7.4-bcmath php7.4-mysql php7.4-opcache php7.4-zip php7.4-xml php-memcached php-imagick php-memcache memcached graphviz php-pear php-xdebug php-msgpack  php7.4-soap
 tput setaf 2; echo "Some php.ini Tweaks"
 sleep 2;
 tput sgr0
-sudo sed -i "s/post_max_size = .*/post_max_size = 2000M/" /etc/php/7.3/fpm/php.ini
-sudo sed -i "s/memory_limit = .*/memory_limit = 3000M/" /etc/php/7.3/fpm/php.ini
-sudo sed -i "s/upload_max_filesize = .*/upload_max_filesize = 100M/" /etc/php/7.3/fpm/php.ini
-sudo sed -i "s/max_execution_time = .*/max_execution_time = 18000/" /etc/php/7.3/fpm/php.ini
-sudo sed -i "s/;max_input_vars = .*/max_input_vars = 5000/" /etc/php/7.3/fpm/php.ini
-sudo sed -i "s/max_input_time = .*/max_input_time = 1000/" /etc/php/7.3/fpm/php.ini
-sudo systemctl restart php7.3-fpm.service
-
+sudo sed -i "s/post_max_size = .*/post_max_size = 2000M/" /etc/php/7.4/fpm/php.ini
+sudo sed -i "s/memory_limit = .*/memory_limit = 3000M/" /etc/php/7.4/fpm/php.ini
+sudo sed -i "s/upload_max_filesize = .*/upload_max_filesize = 100M/" /etc/php/7.4/fpm/php.ini
+sudo sed -i "s/max_execution_time = .*/max_execution_time = 18000/" /etc/php/7.4/fpm/php.ini
+sudo sed -i "s/;max_input_vars = .*/max_input_vars = 5000/" /etc/php/7.4/fpm/php.ini
+sudo sed -i "s/max_input_time = .*/max_input_time = 1000/" /etc/php/7.4/fpm/php.ini
+sudo systemctl restart php7.4-fpm.service
 tput setaf 2; echo "Instaling MariaDB"
 sleep 2;
 tput sgr0
-sudo apt install mariadb-server mariadb-client php7.3-mysql -y
-sudo systemctl restart php7.3-fpm.service
+sudo apt install mariadb-server mariadb-client php7.4-mysql -y
+sudo systemctl restart php7.4-fpm.service
 sudo mysql_secure_installation
 PASS=`pwgen -s 14 1`
-
 sudo mysql -uroot <<MYSQL_SCRIPT
 CREATE DATABASE $USERNAME;
 CREATE USER '$USERNAME'@'localhost' IDENTIFIED BY '$PASS';