remove nextcloud wording

apps/adminer.sh

@@ -78,22 +78,19 @@ server {
     ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
     ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
     ssl_session_timeout 1d;
-    ssl_session_cache shared:SSL:50m;
+    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
     ssl_session_tickets off;
-    # Diffie-Hellman parameter for DHE ciphersuites, recommended 4096 bits
-    # ssl_dhparam /path/to/dhparam.pem;
-    # intermediate configuration. tweak to your needs.
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
-    ssl_prefer_server_ciphers on;
-    # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
-    add_header Strict-Transport-Security max-age=15768000;
-    # OCSP Stapling ---
-    # fetch OCSP records from URL in ssl_certificate and cache them
+    # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
+    # ssl_dhparam /path/to/dhparam;
+    # intermediate configuration
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+    # HSTS (ngx_http_headers_module is required) (63072000 seconds)
+    add_header Strict-Transport-Security "max-age=63072000" always;
+    # OCSP stapling
     ssl_stapling on;
     ssl_stapling_verify on;
-    ## verify chain of trust of OCSP response using Root CA and Intermediate certs
-    # ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
 
     location / {
            index   index.php;

apps/fail2ban.sh

@@ -127,7 +127,7 @@ check_command systemctl restart fail2ban.service
 # The End
 msg_box "Fail2ban is now sucessfully installed.
 
-Please use 'fail2ban-client set nextcloud unbanip <Banned IP>' to unban certain IPs
+Please use 'fail2ban-client set wordpress unbanip <Banned IP>' to unban certain IPs
 You can also use 'iptables -L -n' to check which IPs that are banned"
 
 exit

lets-encrypt/activate-tls.sh

@@ -112,9 +112,10 @@ then
     sleep 2
     cat << TLS_CREATE > "$tls_conf"
 server {
-        listen 80;
-        server_name $TLSDOMAIN;
-        return 301 https://$TLSDOMAIN\$request_uri;
+    listen 80;
+    listen [::]:80
+    server_name $TLSDOMAIN;
+    return 301 https://$TLSDOMAIN\$request_uri;
 }
 server {
     listen 443 ssl http2;
@@ -140,18 +141,17 @@ server {
     ssl_certificate $CERTFILES/$TLSDOMAIN/fullchain.pem;
     ssl_certificate_key $CERTFILES/$TLSDOMAIN/privkey.pem;
     ssl_session_timeout 1d;
-    ssl_session_cache shared:SSL:50m;
+    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
     ssl_session_tickets off;
     # Diffie-Hellman parameter for DHE ciphersuites, recommended 4096 bits
     ssl_dhparam $DHPARAMS_TLS;
     # intermediate configuration. tweak to your needs.
     ssl_protocols TLSv1.2 TLSv1.3;
     ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
     ssl_prefer_server_ciphers on;
-    # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
-    add_header Strict-Transport-Security max-age=15768000;
-    # OCSP Stapling ---
-    # fetch OCSP records from URL in ssl_certificate and cache them
+    # HSTS (ngx_http_headers_module is required) (63072000 seconds)
+    add_header Strict-Transport-Security "max-age=63072000" always;
+    # OCSP stapling
     ssl_stapling on;
     ssl_stapling_verify on;
 

menu/fail2ban_menu.sh

@@ -38,7 +38,7 @@ case "$choice" in
     ;;&
     *"Fail2ban-Statuscheck"*)
         SUBTITLE="Fail2ban Statuscheck"
-        if is_this_installed fail2ban && [ -f "/etc/fail2ban/filter.d/nextcloud.conf" ]
+        if is_this_installed fail2ban && [ -f "/etc/fail2ban/filter.d/wordpress.conf" ]
         then
             msg_box "$(fail2ban-client status wordpress && fail2ban-client status sshd && iptables -L -n)" "$SUBTITLE"
         else

menu/startup_configuration.sh

@@ -95,13 +95,10 @@ the server will be rebooted. After the reboot, please login as usual and run thi
             if dpkg-reconfigure tzdata
             then
                 # Change timezone in php and logging if the startup script not exists
-                if ! [ -f "$SCRIPTS/nextcloud-startup-script.sh" ]
+                if ! [ -f "$SCRIPTS/wordpress-startup-script.sh" ]
                 then
                     # Change timezone in PHP
                     sed -i "s|;date.timezone.*|date.timezone = $(cat /etc/timezone)|g" "$PHP_INI"
-
-                    # Change timezone for logging
-                    nextcloud_occ config:system:set logtimezone --value="$(cat /etc/timezone)"
                     msg_box "The timezone was changed successfully." "$SUBTITLE"
                 fi
             fi

network/static_ip.sh

@@ -21,7 +21,7 @@ source /var/scripts/lib.sh
 else
     printf "You don't seem to have a working internet connection, and \
 /var/scripts/lib.sh is missing so you can't run this script."
-    printf "Please report this to https://github.com/nextcloud/vm/issues/"
+    printf "Please report this to https://github.com/techandme/wordpress-vm/issues/"
     exit 1
 fi
 

static/change_db_pass.sh

@@ -19,7 +19,7 @@ then
     msg_box "Your new MariaDB root password is: $NEWMARIADBPASS
 Please keep it somewhere safe.
 
-To login to MariaDB,, simply type 'mysql -u root' from your CLI.
+To login to MariaDB, simply type 'mysql -u root' from your CLI.
 Authentication happens with the UNIX socket. In other words,
 no password is needed as long as you have access to the root account."
     exit 0

static/fetch_lib.sh

@@ -14,7 +14,7 @@ print_text_in_color() {
 if [[ "$EUID" -ne 0 ]]
 then
     print_text_in_color "$IRed" "You must run fetch_lib with sudo privileges, or directly as root!"
-    print_text_in_color "$ICyan" "Please report this to https://github.com/nextcloud/vm/issues if you think it's a bug."
+    print_text_in_color "$ICyan" "Please report this to https://github.com/techandme/wordpress-vm/issues if you think it's a bug."
     exit 1
 fi
 

static/nginx.conf

@@ -37,9 +37,9 @@ http {
 	##
 
         ssl_early_data off;
-	ssl_protocols TLSv1.2 TLSv1.3;
-	ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
-	ssl_prefer_server_ciphers on;
+        ssl_protocols TLSv1.2 TLSv1.3;
+        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+        ssl_prefer_server_ciphers on;
 
 	##
 	# Logging Settings

static/wordpress_update.sh

@@ -152,7 +152,7 @@ update-grub
 # Remove update lists
 rm /var/lib/apt/lists/* -r
 
-# Fix bug in nextcloud.sh
+# Fix bug in wordpress.sh
 CURRUSR="$(getent group sudo | cut -d: -f4 | cut -d, -f1)"
 if grep -q "6.ifcfg.me" $SCRIPTS/wordpress.sh &>/dev/null
 then

wordpress_install.sh

@@ -567,10 +567,17 @@ server {
     # Diffie-Hellman parameter for DHE ciphersuites, recommended 4096 bits
     # ssl_dhparam /path/to/dhparam.pem;
 
-    # intermediate configuration. tweak to your needs.
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
-    ssl_prefer_server_ciphers on;
+    # intermediate configuration
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+
+    # OCSP stapling
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    # HSTS (ngx_http_headers_module is required) (63072000 seconds)
+    add_header Strict-Transport-Security "max-age=63072000" always;
 
     # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
     add_header Strict-Transport-Security max-age=15768000;