#!/bin/bash
#################################################
# phpmyadmin installer for Centmin Mod centminmod.com
# written by George Liu (eva2000)
#################################################
# If you have a fairly static IP address that doesn't change often
# set STATICIP='y'. Otherwise leave as STATICIP='n'
STATICIP='n'
#################################################
VER='0.2.6'
DT=$(date +"%d%m%y-%H%M%S")

UPDATEDIR='/root/tools'
BASEDIR='/usr/local/nginx/html'
DIRNAME=$(echo "${RANDOM}_mysqladmin${RANDOM}")

SALT=$(openssl rand -base64 9)
USERPREFIX='admin'
USER=$(echo "${USERPREFIX}${SALT}" | sed -e 's|\/||g' -e 's|\+||g')
PASS=$(openssl rand -base64 21)
PASS=$(echo "$PASS" | sed -e 's|\/||g' -e 's|\+||g')
BLOWFISH=$(openssl rand -base64 32 | cut -c1-32)
# BLOWFISH=$(pwgen -syn1 46)
CURRENTIP=$(echo $SSH_CLIENT | awk '{print $1}')
USERNAME='nginx'

SSLHNAME=$(uname -n)

VERSIONMINOR='04' # last 2 digits in Centmin Mod version i.e. 1.2.3-eva2000.04
VERSIONALLOW="1.2.3-eva2000.${VERSIONMINOR}"
YARN_TMPDIR='/home/yarntmp-phpmyadmin'
#################################################
# set locale temporarily to english
# due to some non-english locale issues
export LC_ALL=en_US.UTF-8
export LANG=en_US.UTF-8
export LANGUAGE=en_US.UTF-8
export LC_CTYPE=en_US.UTF-8
export COMPOSER_ALLOW_SUPERUSER=1

shopt -s expand_aliases
for g in "" e f; do
    alias ${g}grep="LC_ALL=C ${g}grep"  # speed-up grep, egrep, fgrep
done

# Memory calculations for dynamic memory limit determination
TOTALMEM=$(cat /proc/meminfo | grep MemTotal | awk '{print $2}')
TOTALMEMMB=`echo "scale=0;$TOTALMEM/1024" | bc`

CHECKFREEMEM=$(cat /proc/meminfo | grep MemFree)
if [[ "$CHECKFREEMEM" ]]; then
FREEMEM=$(cat /proc/meminfo | grep MemFree | awk '{print $2}')
FREEMEMMB=`echo "scale=0;$FREEMEM/1024" | bc`
else
FREEMEMMB='0'
fi

CHECKBUFFER=$(cat /proc/meminfo | grep Buffers)
if [[ "$CHECKBUFFER" ]]; then
BUFFERSMEM=$(cat /proc/meminfo | grep Buffers | awk '{print $2}')
BUFFERSMB=`echo "scale=0;$BUFFERSMEM/1024" | bc`
else
BUFFERSMB='0'
fi

CHECKCACHED=$(cat /proc/meminfo | grep ^Cached)
if [[ "$CHECKCACHED" ]]; then
CACHEDMEM=$(cat /proc/meminfo | grep ^Cached | awk '{print $2}')
CACHEDMB=`echo "scale=0;$CACHEDMEM/1024" | bc`
else
CACHEDMB='0'
fi

REALFREEMB=$(echo $FREEMEMMB+$BUFFERSMB+$CACHEDMB | bc)
REALUSEDMEM=$(echo $TOTALMEMMB-$REALFREEMB | bc)

# set php-fpm memory_limit to 4/9 th of available free memory
MEMLIMIT=$(echo $REALFREEMB / 2.25 | bc)

# echo "Total Mem: $TOTALMEMMB MB"
# echo "Real Free Mem: $REALFREEMB MB"
# echo "Mem Limit: $MEMLIMIT MB"
#################################################
CENTMINLOGDIR='/root/centminlogs'
FPMPOOLDIR='/usr/local/nginx/conf/phpfpmd'

if [ ! -d "$YARN_TMPDIR" ]; then
	mkdir -p "$YARN_TMPDIR"
	chmod 1777 "$YARN_TMPDIR"
	export TMPDIR="$YARN_TMPDIR"
fi
if [[ "$(nginx -V 2>&1 | grep -Eo 'with-http_v2_module')" = 'with-http_v2_module' ]]; then
  HTTPTWO=y
  LISTENOPT='ssl http2'
  COMP_HEADER='#spdy_headers_comp 5'
else
  HTTPTWO=n
  LISTENOPT='ssl spdy'
  COMP_HEADER='spdy_headers_comp 5'
fi

if [ ! -d "$CENTMINLOGDIR" ]; then
mkdir -p $CENTMINLOGDIR
fi

if [ ! -d "$FPMPOOLDIR" ]; then
mkdir -p $FPMPOOLDIR
fi

if [ ! -f /usr/bin/pwgen ]; then
	yum -y -q install pwgen
fi

# Setup Colours
black='\E[30;40m'
red='\E[31;40m'
green='\E[32;40m'
yellow='\E[33;40m'
blue='\E[34;40m'
magenta='\E[35;40m'
cyan='\E[36;40m'
white='\E[37;40m'

boldblack='\E[1;30;40m'
boldred='\E[1;31;40m'
boldgreen='\E[1;32;40m'
boldyellow='\E[1;33;40m'
boldblue='\E[1;34;40m'
boldmagenta='\E[1;35;40m'
boldcyan='\E[1;36;40m'
boldwhite='\E[1;37;40m'

Reset="tput sgr0"      #  Reset text attributes to normal
                       #+ without clearing screen.

cecho ()                     # Coloured-echo.
                             # Argument $1 = message
                             # Argument $2 = color
{
message=$1
color=$2
echo -e "$color$message" ; $Reset
return
}
#################################################
# VERCHECK=$(cat /etc/centminmod-release)
# MINORVER=$(cat /etc/centminmod-release | awk -F "." '{print $3}')
# COMPARE=`expr $MINORVER \< $VERSIONMINOR`

# if [[ "$VERCHECK" != "$VERSIONALLOW" && "$COMPARE" = '1' ]]; then
# 	cecho "------------------------------------------------------------------------------" $boldgreen
# 	cecho "  $0 script requires centmin.sh from Centmin Mod" $boldyellow
# 	cecho "  version: $VERSIONALLOW + recompile PHP (menu option #5)" $boldyellow
# 	echo ""
# 	cecho "  The following steps are required:" $boldyellow
# 	echo ""
# 	cecho "  1. Download and extract centmin-${VERSIONALLOW}.zip" $boldgreen
# 	cecho "     As per instructions at http://centminmod.com/download.html" $boldgreen
# 	cecho "  2. Run the updated centmin.sh script version"  $boldgreen
# 	echo ""
# 	cecho "      ./centmin.sh"  $boldwhite
# 	echo ""
# 	cecho "  3. Run menu option #5 to recompile PHP entering either the"  $boldgreen
# 	cecho "     same PHP version or newer PHP  5.3.x or 5.4.x version"  $boldgreen
# 	cecho "  4. Download latest version phpmyadmin.sh Addon script from"  $boldgreen
# 	cecho "     http://centminmod.com/centminmodparts/addons/phpmyadmin.sh"  $boldgreen
# 	cecho "     Give script appropriate permissions via command:"  $boldgreen
# 	echo ""
# 	cecho "     chmod 0700 /full/path/to/where/you/downloaded/phpmyadmin.sh"  $boldwhite
# 	echo ""
# 	cecho "  5. Add port 9418 to CSF Firewall /etc/csf/csf.conf append 9418 to existing"  $boldgreen
# 	cecho "     TCP_IN / TCP_OUT list of ports. Then restart CSF Firewall via command:"  $boldgreen
# 	echo ""
# 	cecho "     csf -r"  $boldwhite
# 	echo ""
# 	cecho "  6. Run phpmyadmin.sh script via commands:"  $boldgreen
# 	echo ""
# 	cecho "     cd /full/path/to/where/you/downloaded/"  $boldwhite
# 	cecho "     ./phpmyadmin.sh install"  $boldwhite
# 	#echo ""
# 	#cecho "  Aborting script..." $boldyellow
# 	cecho "------------------------------------------------------------------------------" $boldgreen
# 	exit
# fi

#################################################
checkphpmyadmin() {
	if [[ "$(grep -rw server_name /usr/local/nginx/conf/conf.d/ | grep -w "$SSLHNAME" | wc -l)" -gt '1' ]]; then
		cecho "---------------------------------------------------------------" $boldyellow
		cecho "Warning: detected possible duplicate server_name entry" $boldgreen
		cecho "main hostname vhost server_name value has to be unique" $boldgreen
		cecho "and separate from any other nginx vhost site you addded" $boldgreen
		cecho "Check your server_name in /usr/local/nginx/conf/conf.d/virtual.conf" $boldgreen
		cecho "read Step 1 of Getting Started Guide for main hostname" $boldgreen
		cecho "proper setup https://centminmod.com/getstarted.html" $boldgreen
		cecho "---------------------------------------------------------------" $boldyellow
		exit
	fi
if [[ -f /usr/local/nginx/conf/phpmyadmin_check ]]; then
	cecho "---------------------------------------------------------------" $boldyellow
	cecho "detected phpmyadmin install that already exists" $boldgreen
	cecho "aborting..." $boldgreen
	cecho "---------------------------------------------------------------" $boldyellow
	exit
fi
}
#################################################
memlimitmsg() {
echo ""
cecho "Dynamically set PHP memory_limit based on available system memory..." $boldyellow
echo ""
cecho "Total Mem: $TOTALMEMMB MB" $boldyellow
cecho "Real Free Mem: $REALFREEMB MB" $boldyellow
cecho "Mem Limit: $MEMLIMIT MB" $boldyellow
echo ""
}
#################################################
usercreate() {

  if [[ "$USERNAME" != 'nginx' ]]; then
	 /usr/sbin/useradd -s /sbin/nologin -d /home/${USERNAME}/ -G nginx ${USERNAME}
	 USERID=$(id ${USERNAME})
	 cecho "---------------------------------------------------------------" $boldgreen
	 cecho "Create User: $USERNAME" $boldyellow
	 cecho "$USERID" $boldyellow
	 cecho "---------------------------------------------------------------" $boldgreen
	 echo ""
	elif [[ "$USERNAME" = 'nginx' ]]; then
		cecho "---------------------------------------------------------------" $boldgreen
		cecho "User $USERNAME already exists" $boldyellow
		cecho "---------------------------------------------------------------" $boldgreen
  fi

}

#################################################
createpassword() {
cecho "---------------------------------------------------------------" $boldyellow
cecho "Create phpmyadmin htaccess user/pass..." $boldyellow
cecho "python /usr/local/nginx/conf/htpasswd.py -c -b /usr/local/nginx/conf/htpassphpmyadmin $USER $PASS" $boldgreen
cecho "---------------------------------------------------------------" $boldyellow
python /usr/local/nginx/conf/htpasswd.py -c -b /usr/local/nginx/conf/htpassphpmyadmin $USER $PASS
}

#################################################
htpassdetails() {
echo ""
cecho "phpmyadmin htaccess login details:" $boldgreen
cecho "Username: $USER" $boldgreen
cecho "Password: $PASS" $boldgreen
cecho "Allowed IP address: ${CURRENTIP}" $boldgreen
echo ""
cecho "---------------------------------------------------------------" $boldyellow
}
#################################################
myadmininstall() {

if [[ ! -f /usr/bin/git ]]; then
	cecho "---------------------------------------------------------------" $boldyellow
	cecho "Installing git..." $boldgreen
	cecho "---------------------------------------------------------------" $boldyellow
	cecho "yum -q -y install git --disablerepo=CentALT" $boldgreen
	yum -q -y install git --disablerepo=CentALT
	echo ""
fi

	cecho "---------------------------------------------------------------" $boldyellow
	cecho "Installing phpmyadmin from official git repository..." $boldgreen
	cecho "---------------------------------------------------------------" $boldyellow

	cecho "This process can take some time depending on" $boldyellow
	cecho "speed of the repository and your server..." $boldyellow
	echo ""

cd $BASEDIR
git clone -b STABLE --depth=1 https://github.com/phpmyadmin/phpmyadmin.git $DIRNAME
cd $DIRNAME

wget -cnv https://getcomposer.org/composer-stable.phar -O composer.phar
echo y | php composer.phar update --no-dev

if [ ! -f "$(which npm)" ]; then
	/usr/local/src/centminmod/addons/nodejs.sh install
fi
if [ ! -f /usr/bin/yarn ]; then
	npm install --location=global yarn
fi
# https://docs.phpmyadmin.net/en/latest/setup.html#installing-from-git
if [ ! -f ${BASEDIR}/${DIRNAME}/themes/pmahomme/css/theme.css ]; then
	yarn install --production
elif [ -f ${BASEDIR}/${DIRNAME}/themes/pmahomme/css/theme.css ]; then
	yarn install --production
fi

cp config.sample.inc.php config.inc.php
chmod o-rw config.inc.php

replace 'a8b7c6d' "${BLOWFISH}" -- config.inc.php
sed -i "s|\['blowfish_secret'\] = ''|\['blowfish_secret'\] = '${BLOWFISH}'|g" config.inc.php

sed -i 's/?>//g' config.inc.php
echo "\$cfg['ExecTimeLimit'] = '28800';" >> config.inc.php
echo "\$cfg['MemoryLimit'] = '0';" >> config.inc.php
echo "\$cfg['ShowDbStructureCreation'] = 'true';" >> config.inc.php
echo "\$cfg['ShowDbStructureLastUpdate'] = 'true';" >> config.inc.php
echo "\$cfg['ShowDbStructureLastCheck'] = 'true';" >> config.inc.php
echo "\$cfg['ShowPhpInfo'] = true;" >> config.inc.php
echo "\$cfg['Export']['compression'] = 'gzip';" >> config.inc.php
echo "\$cfg['LoginCookieValidity'] = 1440;" >> config.inc.php
echo "?>" >> config.inc.php

chown ${USERNAME}:nginx ${BASEDIR}/${DIRNAME}
chown -R ${USERNAME}:nginx ${BASEDIR}/${DIRNAME}
chmod g+rx ${BASEDIR}/${DIRNAME}

if [[ ! -f "/usr/local/nginx/conf/phpmyadmin.conf" ]]; then

	cecho "---------------------------------------------------------------" $boldyellow
	cecho "Setup /usr/local/nginx/conf/phpmyadmin.conf ..." $boldgreen
	cecho "---------------------------------------------------------------" $boldyellow

createpassword 

#history -d $((HISTCMD-2))

echo ""

if [ -f /usr/local/nginx/conf/php_phpmyadmin_template.conf ]; then
	echo "\cp -af /usr/local/nginx/conf/php_phpmyadmin_template.conf /usr/local/nginx/conf/php_${DIRNAME}.conf"
	\cp -af /usr/local/nginx/conf/php_phpmyadmin_template.conf /usr/local/nginx/conf/php_${DIRNAME}.conf
else
	echo "\cp -af /usr/local/nginx/conf/php.conf /usr/local/nginx/conf/php_${DIRNAME}.conf"
	\cp -af /usr/local/nginx/conf/php.conf /usr/local/nginx/conf/php_${DIRNAME}.conf
fi

sed -i 's/fastcgi_pass   127.0.0.1:9000/fastcgi_pass   127.0.0.1:9991/g' /usr/local/nginx/conf/php_${DIRNAME}.conf
sed -i 's/#fastcgi_pass   127.0.0.1:9991/fastcgi_pass   127.0.0.1:9991/g' /usr/local/nginx/conf/php_${DIRNAME}.conf
sed -i 's|fastcgi_pass phpbackend|#fastcgi_pass phpbackend|g' /usr/local/nginx/conf/php_${DIRNAME}.conf
sed -i 's|fastcgi_pass dft_php|#fastcgi_pass dft_php|g' /usr/local/nginx/conf/php_${DIRNAME}.conf
sed -i 's|fastcgi_keep_conn on|#fastcgi_keep_conn on|' /usr/local/nginx/conf/php_${DIRNAME}.conf

if [[ -z "$(grep 'fastcgi_param HTTPS $server_https;' /usr/local/nginx/conf/php.conf)" ]]; then
replace '#fastcgi_param HTTPS on;' 'fastcgi_param HTTPS on;' -- /usr/local/nginx/conf/php_${DIRNAME}.conf
fi

# sed -i 's/#fastcgi_pass   unix:\/tmp\/php5-fpm.sock/fastcgi_pass   unix:\/tmp\/phpfpm_myadmin.sock/g' /usr/local/nginx/conf/php_${DIRNAME}.conf

# increase php-fpm timeouts

sed -i 's/fastcgi_connect_timeout 60;/fastcgi_connect_timeout 3000;/g' /usr/local/nginx/conf/php_${DIRNAME}.conf

sed -i 's/fastcgi_send_timeout 180;/fastcgi_send_timeout 3000;/g' /usr/local/nginx/conf/php_${DIRNAME}.conf

sed -i 's/fastcgi_read_timeout 180;/fastcgi_read_timeout 3000;/g' /usr/local/nginx/conf/php_${DIRNAME}.conf

cat > "/usr/local/nginx/conf/phpmyadmin.conf" <<EOF
location ^~ /${DIRNAME}/ {
	rewrite ^/(.*) https://${SSLHNAME}/\$1 permanent;
}
EOF

sed -i "s/include \/usr\/local\/nginx\/conf\/staticfiles.conf;/include \/usr\/local\/nginx\/conf\/phpmyadmin.conf;\ninclude \/usr\/local\/nginx\/conf\/staticfiles.conf;/g" /usr/local/nginx/conf/conf.d/virtual.conf

cecho "---------------------------------------------------------------" $boldyellow

cat /usr/local/nginx/conf/conf.d/virtual.conf

cecho "---------------------------------------------------------------" $boldyellow

if [[ "$STATICIP" = 'y' && ! -z "$CURRENTIP" ]]; then

cecho "STATIC IP configuration" $boldyellow

cat > "/usr/local/nginx/conf/phpmyadmin_https.conf" <<END
location ^~ /${DIRNAME}/ {
	#try_files \$uri \$uri/ /${DIRNAME}/index.php?\$args;
	include /usr/local/nginx/conf/php_${DIRNAME}.conf;

	auth_basic      "Private Access";
	auth_basic_user_file  /usr/local/nginx/conf/htpassphpmyadmin;
	allow 127.0.0.1;
	allow ${CURRENTIP};
	deny all;
}
END

else

cecho "NON-STATIC IP configuration" $boldyellow

cat > "/usr/local/nginx/conf/phpmyadmin_https.conf" <<END
location ^~ /${DIRNAME}/ {
	#try_files \$uri \$uri/ /${DIRNAME}/index.php?\$args;
	include /usr/local/nginx/conf/php_${DIRNAME}.conf;

	auth_basic      "Private Access";
	auth_basic_user_file  /usr/local/nginx/conf/htpassphpmyadmin;
	allow 127.0.0.1;
	#allow ${CURRENTIP};
	#deny all;
}
END

fi # STATICIP 

	cecho "---------------------------------------------------------------" $boldyellow
	cecho "cat /usr/local/nginx/conf/phpmyadmin.conf" $boldgreen
	cecho "---------------------------------------------------------------" $boldyellow

cat /usr/local/nginx/conf/phpmyadmin.conf

	cecho "---------------------------------------------------------------" $boldyellow
	cecho "cat /usr/local/nginx/conf/phpmyadmin_https.conf" $boldgreen
	cecho "---------------------------------------------------------------" $boldyellow

cat /usr/local/nginx/conf/phpmyadmin_https.conf

	cecho "---------------------------------------------------------------" $boldyellow

# php-fpm pool setup

if [[ ! -f /usr/local/nginx/conf/phpfpmd/phpfpm_myadmin.conf ]]; then
	echo ""
	cecho "touch /usr/local/nginx/conf/phpfpmd/phpfpm_myadmin.conf" $boldgreen
	touch /usr/local/nginx/conf/phpfpmd/phpfpm_myadmin.conf
	touch /usr/local/nginx/conf/phpfpmd/empty.conf
	echo ""

CHECKPOOLDIR=$(grep ';include=\/usr\/local\/nginx\/conf\/phpfpmd\/\*.conf' /usr/local/etc/php-fpm.conf)

CHECKPOOLDIRB=$(grep 'include=\/usr\/local\/nginx\/conf\/phpfpmd\/\*.conf' /usr/local/etc/php-fpm.conf)

if [[ ! -z "$CHECKPOOLDIR" ]]; then
sed -i 's/;include=\/usr\/local\/nginx\/conf\/phpfpmd\/\*.conf/include=\/usr\/local\/nginx\/conf\/phpfpmd\/\*.conf/g' /usr/local/etc/php-fpm.conf
fi

#if [[ ! -z "$CHECKPOOLDIR" && -z "$CHECKPOOLDIRB" ]]; then
#sed -i 's/;include=\/usr\/local\/nginx\/conf\/phpfpmd\/\*.conf/include=\/usr\/local\/nginx\/conf\/phpfpmd\/\*.conf/g' /usr/local/etc/php-fpm.conf
#fi

if [[ -z "$CHECKPOOLDIRB" && -z "$CHECKPOOLDIR" ]]; then
sed -i 's/process_control_timeout = 10s/process_control_timeout = 10s\ninclude=\/usr\/local\/nginx\/conf\/phpfpmd\/\*.conf/g' /usr/local/etc/php-fpm.conf
fi

CHECKPOOL=$(grep '\[phpmyadmin\]' /usr/local/nginx/conf/phpfpmd/phpfpm_myadmin.conf)

if [[ -z "$CHECKPOOL" ]]; then

memlimitmsg

cat >> "/usr/local/nginx/conf/phpfpmd/phpfpm_myadmin.conf" <<EOF
[phpmyadmin]
user = ${USERNAME}
group = nginx

listen = 127.0.0.1:9991
;listen = /tmp/phpfpm_myadmin.sock
listen.allowed_clients = 127.0.0.1
listen.owner=${USERNAME}
listen.group=nginx

pm = ondemand
pm.max_children = 5
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 3
pm.max_requests = 500

pm.process_idle_timeout = 3600s;

rlimit_files = 65536
rlimit_core = 0

; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_terminate_timeout = 0
;request_slowlog_timeout = 0
slowlog = /var/log/php-fpm/www-slowmyadmin.log

security.limit_extensions = .php .php3 .php4 .php5

php_admin_value[open_basedir] = ${BASEDIR}/${DIRNAME}:/tmp
php_flag[display_errors] = off
php_admin_value[error_log] = /var/log/php_myadmin_error.log
php_admin_flag[log_errors] = on
php_admin_value[memory_limit] = ${MEMLIMIT}M
php_admin_value[max_execution_time] = 3600
php_admin_value[post_max_size] = 1280M
php_admin_value[upload_max_filesize] = 1280M
EOF

if [[ ! -f /var/log/php_myadmin_error.log ]]; then
	touch /var/log/php_myadmin_error.log
	chown ${USERNAME}:nginx /var/log/php_myadmin_error.log
	chmod 0666 /var/log/php_myadmin_error.log
	ls -lah /var/log/php_myadmin_error.log
fi

if [[ ! -f /var/log/php-fpm/www-slowmyadmin.log ]]; then
	touch /var/log/php-fpm/www-slowmyadmin.log
	chown ${USERNAME}:nginx /var/log/php-fpm/www-slowmyadmin.log
	chmod 0666 /var/log/php-fpm/www-slowmyadmin.log
	ls -lah /var/log/php-fpm/www-slowmyadmin.log
fi

fi # CHECKPOOL

fi # /usr/local/nginx/conf/phpfpmd/phpfpm_myadmin.conf

service nginx restart
service php-fpm restart

fi

}

sslvhost() {

cecho "---------------------------------------------------------------" $boldyellow
cecho "SSL Vhost Setup..." $boldgreen
cecho "---------------------------------------------------------------" $boldyellow
echo ""

mkdir -p /usr/local/nginx/conf/ssl
cd /usr/local/nginx/conf/ssl

cecho "---------------------------------------------------------------" $boldyellow
cecho "Generating self signed SSL certificate..." $boldgreen
sleep 10
cecho "Just hit enter at each of the prompts" $boldgreen
cecho "---------------------------------------------------------------" $boldyellow
echo ""
sleep 10

cat > /tmp/req.cnf <<EOF
[req]
default_bits       = 2048
distinguished_name = req_distinguished_name
req_extensions     = v3_req
prompt = no
[req_distinguished_name]
C = US
ST = California
L = Los Angeles
O = ${SSLHNAME}
OU = ${SSLHNAME}
CN = ${SSLHNAME}
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = ${SSLHNAME}
DNS.2 = *.${SSLHNAME}
EOF

cat > /tmp/v3ext.cnf <<EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = ${SSLHNAME}
DNS.2 = *.${SSLHNAME}
EOF

# Create the certificate signing request
echo "openssl req -new -newkey rsa:2048 -sha256 -nodes -out ${SSLHNAME}.csr -keyout ${SSLHNAME}.key -config /tmp/req.cnf"
openssl req -new -newkey rsa:2048 -sha256 -nodes -out ${SSLHNAME}.csr -keyout ${SSLHNAME}.key -config /tmp/req.cnf
echo "openssl req -noout -text -in ${SSLHNAME}.csr | grep DNS"
openssl req -noout -text -in ${SSLHNAME}.csr | grep DNS
echo "openssl x509 -req -days 36500 -sha256 -in ${SSLHNAME}.csr -signkey ${SSLHNAME}.key -out ${SSLHNAME}.crt -extfile /tmp/v3ext.cnf"
openssl x509 -req -days 36500 -sha256 -in ${SSLHNAME}.csr -signkey ${SSLHNAME}.key -out ${SSLHNAME}.crt -extfile /tmp/v3ext.cnf

rm -f /tmp/req.cnf
rm -f /tmp/v3ext.cnf

if [[ "$(nginx -V 2>&1 | grep LibreSSL | head -n1)" ]]; then
	CHACHACIPHERS='EECDH+CHACHA20:EECDH+CHACHA20-draft:'
elif [[ "$(nginx -V 2>&1 | grep OpenSSL | head -n1)" ]]; then
	if [[ -f "${DIR_TMP}/openssl-${OPENSSL_VERSION}/crypto/chacha20poly1305/chacha20.c" ]]; then
		CHACHACIPHERS='EECDH+CHACHA20:EECDH+CHACHA20-draft:'
	elif [[ -f "${DIR_TMP}/openssl-${OPENSSL_VERSION}/crypto/chacha/chacha_enc.c" ]]; then
		CHACHACIPHERS='EECDH+CHACHA20:EECDH+CHACHA20-draft:'
	else
		CHACHACIPHERS=""
  fi
else
  CHACHACIPHERS=""
fi

cat > "/usr/local/nginx/conf/conf.d/phpmyadmin_ssl.conf"<<SSLEOF
# https SSL SPDY phpmyadmin
server {
        listen 443 $LISTENOPT;
            server_name ${SSLHNAME};
            root   html;

keepalive_timeout  3000;

 client_body_buffer_size 256k;
 client_body_timeout 3000s;
 client_header_buffer_size 256k;
## how long a connection has to complete sending
## it's headers for request to be processed
 client_header_timeout  60s;
 client_max_body_size 512m;
 connection_pool_size  512;
 directio  512m;
 ignore_invalid_headers on;
 large_client_header_buffers 8 256k;

        ssl_certificate      /usr/local/nginx/conf/ssl/${SSLHNAME}.crt;
        ssl_certificate_key  /usr/local/nginx/conf/ssl/${SSLHNAME}.key;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_session_cache      shared:SSL:10m;
        ssl_session_timeout  10m;
        # mozilla recommended
        ssl_ciphers ${CHACHACIPHERS}EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
        ssl_prefer_server_ciphers   on;
        #add_header Alternate-Protocol  443:npn-spdy/3;
        #add_header Strict-Transport-Security "max-age=0; includeSubdomains;";
        add_header X-Frame-Options SAMEORIGIN;
        $COMP_HEADER;
        ssl_buffer_size 1400;
        ssl_session_tickets on;

  # limit_conn limit_per_ip 16;
  # ssi  on;

        access_log              /var/log/nginx/localhost_ssl.access.log     main;
        error_log               /var/log/nginx/localhost_ssl.error.log      error;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

    location / {
        return 302 http://\$server_name\$request_uri;
    }
    
  include /usr/local/nginx/conf/phpmyadmin_https.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  #include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/drop.conf;
  include /usr/local/nginx/conf/errorpage.conf;
}
SSLEOF

service nginx restart
service php-fpm restart

chmod 0666 /var/log/nginx/localhost_ssl.access.log
chmod 0666 /var/log/nginx/localhost_ssl.error.log

}

#################################################
myadminupdater() {

if [[ ! -d "$UPDATEDIR" ]]; then
	mkdir -p $UPDATEDIR
fi

if [[ ! -f "/root/tools/phpmyadmin_update.sh" ]]; then
cecho "---------------------------------------------------------------" $boldyellow
cecho "Create update script:" $boldgreen
cecho "/root/tools/phpmyadmin_update.sh" $boldgreen
cecho "---------------------------------------------------------------" $boldyellow

cat > "/root/tools/phpmyadmin_update.sh" <<EOF
#!/bin/bash
export PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin"
DT=\$(date +"%d%m%y-%H%M%S")
YARN_TMPDIR='/home/yarntmp-phpmyadmin'
##############################################
CENTMINLOGDIR='/root/centminlogs'
export COMPOSER_ALLOW_SUPERUSER=1

if [ ! -d "$CENTMINLOGDIR" ]; then
  mkdir -p $CENTMINLOGDIR
fi
if [ ! -d "$YARN_TMPDIR" ]; then
	mkdir -p "$YARN_TMPDIR"
	chmod 1777 "$YARN_TMPDIR"
	export TMPDIR="$YARN_TMPDIR"
fi
##############################################
starttime=\$(date +%s.%N)
{
chown root:root ${BASEDIR}/${DIRNAME}
chown -R root:root ${BASEDIR}/${DIRNAME}
echo "cd ${BASEDIR}/${DIRNAME}"
cd ${BASEDIR}/${DIRNAME}
rm -rf composer.lock
echo "git stash"
git stash
echo "git pull"
git pull
rm -rf composer.phar
wget -cnv https://getcomposer.org/composer-stable.phar -O composer.phar
echo y | php composer.phar update --no-dev

if [ ! -f "\$(which npm)" ]; then
	/usr/local/src/centminmod/addons/nodejs.sh install
fi
if [ ! -f /usr/bin/yarn ]; then
	npm install --location=global yarn
fi
# https://docs.phpmyadmin.net/en/latest/setup.html#installing-from-git
if [ ! -f ${BASEDIR}/${DIRNAME}/themes/pmahomme/css/theme.css ]; then
	yarn install --production
elif [ -f ${BASEDIR}/${DIRNAME}/themes/pmahomme/css/theme.css ]; then
	yarn install --production
fi
chown ${USERNAME}:nginx ${BASEDIR}/${DIRNAME}
chown -R ${USERNAME}:nginx ${BASEDIR}/${DIRNAME}

} 2>&1 | tee \${CENTMINLOGDIR}/centminmod_phpmyadmin_update-\${DT}.log

endtime=\$(date +%s.%N)

INSTALLTIME=\$(echo "scale=2;\$endtime - \$starttime"|bc )
echo "" >> \${CENTMINLOGDIR}/centminmod_phpmyadmin_update-\${DT}.log 
echo "Total phpmyadmin Update Time: \$INSTALLTIME seconds" >> \${CENTMINLOGDIR}/centminmod_phpmyadmin_update-\${DT}.log
EOF

chmod 0700 /root/tools/phpmyadmin_update.sh

cecho "---------------------------------------------------------------" $boldyellow
cecho "Create cronjob for auto updating phpmyadmin:" $boldgreen
cecho "/root/tools/phpmyadmin_update.sh" $boldgreen
cecho "---------------------------------------------------------------" $boldyellow


if [[ -z "$(crontab -l 2>&1 | grep phpmyadmin_update.sh)" ]]; then
    crontab -l > cronjoblist
    mkdir -p /etc/centminmod/cronjobs
    cp cronjoblist /etc/centminmod/cronjobs/cronjoblist-before-phpmyadmin-setup.txt
    echo "19 02 * * * /root/tools/phpmyadmin_update.sh >/dev/null 2>&1" >> cronjoblist
    cp cronjoblist /etc/centminmod/cronjobs/cronjoblist-after-phpmyadmin-setup.txt
    crontab cronjoblist
    rm -rf cronjoblist
    crontab -l
fi

fi

}

#################################################
myadminremove() {

if [[ ! -d "$UPDATEDIR" ]]; then
	mkdir -p $UPDATEDIR
fi

if [[ -f "/root/tools/phpmyadmin_uninstall.sh" || ! -f "/root/tools/phpmyadmin_uninstall.sh" ]]; then
cecho "---------------------------------------------------------------" $boldyellow
cecho "Create uninstall script:" $boldgreen
cecho "/root/tools/phpmyadmin_uninstall.sh" $boldgreen
cecho "---------------------------------------------------------------" $boldyellow

cat > "/root/tools/phpmyadmin_uninstall.sh" <<EOF
#!/bin/bash
DT=\$(date +"%d%m%y-%H%M%S")
##############################################
CENTMINLOGDIR='/root/centminlogs'

if [ ! -d "$CENTMINLOGDIR" ]; then
mkdir $CENTMINLOGDIR
fi
##############################################
starttime=\$(date +%s.%N)
{
echo "
rm -rf ${BASEDIR}/${DIRNAME}
rm -rf /root/tools/phpmyadmin_update.sh
rm -rf /usr/local/nginx/conf/conf.d/phpmyadmin_ssl.conf
rm -rf /usr/local/nginx/conf/php_${DIRNAME}.conf
rm -rf /usr/local/nginx/conf/phpfpmd/phpfpm_myadmin.conf
rm -rf /usr/local/nginx/conf/htpassphpmyadmin
rm -rf /usr/local/nginx/conf/phpmyadmin_https.conf
rm -rf /usr/local/nginx/conf/phpmyadmin.conf
rm -rf /usr/local/nginx/conf/phpmyadmin_check"

rm -rf ${BASEDIR}/${DIRNAME}
rm -rf /root/tools/phpmyadmin_update.sh
rm -rf /usr/local/nginx/conf/conf.d/phpmyadmin_ssl.conf
rm -rf /usr/local/nginx/conf/php_${DIRNAME}.conf
rm -rf /usr/local/nginx/conf/phpfpmd/phpfpm_myadmin.conf
rm -rf /usr/local/nginx/conf/htpassphpmyadmin
rm -rf /usr/local/nginx/conf/phpmyadmin_https.conf
rm -rf /usr/local/nginx/conf/phpmyadmin.conf
rm -rf /usr/local/nginx/conf/phpmyadmin_check
sed -i '/include \/usr\/local\/nginx\/conf\/phpmyadmin.conf;'/d /usr/local/nginx/conf/conf.d/virtual.conf
rm -rf /etc/centminmod/cronjobs/cronjoblist-before-phpmyadmin-setup.txt
rm -rf /etc/centminmod/cronjobs/cronjoblist-after-phpmyadmin-setup.txt

service nginx restart
service php-fpm restart

} 2>&1 | tee \${CENTMINLOGDIR}/centminmod_phpmyadmin_uninstall-\${DT}.log

endtime=\$(date +%s.%N)

INSTALLTIME=\$(echo "scale=2;\$endtime - \$starttime"|bc )
echo "" >> \${CENTMINLOGDIR}/centminmod_phpmyadmin_uninstall-\${DT}.log 
echo "Total phpmyadmin Update Time: \$INSTALLTIME seconds" >> \${CENTMINLOGDIR}/centminmod_phpmyadmin_uninstall-\${DT}.log
EOF

chmod 0700 /root/tools/phpmyadmin_uninstall.sh

fi

}

#################################################
myadminmsg() {

echo ""
cecho "---------------------------------------------------------------" $boldyellow
cecho "Password protected ${DIRNAME}" $boldgreen
cecho "at path ${BASEDIR}/${DIRNAME}" $boldgreen
cecho "config.inc.php at: ${BASEDIR}/${DIRNAME}/config.inc.php" $boldgreen
cecho "  WEB url: " $boldgreen
echo ""
cecho "  https://${SSLHNAME}/${DIRNAME}" $boldwhite
echo ""
cecho "Login with your MySQL root username / password" $boldgreen
cecho "---------------------------------------------------------------" $boldyellow
htpassdetails
cecho "phpmyadmin update script at: /root/tools/phpmyadmin_update.sh" $boldgreen
cecho "Add your own cron job to automatically run the update script i.e." $boldgreen
echo ""
cecho "  15 01 * * * /root/tools/phpmyadmin_update.sh" $boldwhite
echo ""
cecho "---------------------------------------------------------------" $boldyellow
cecho "phpmyadmin uninstall script at: /root/tools/phpmyadmin_uninstall.sh" $boldgreen
echo ""
cecho "  /root/tools/phpmyadmin_uninstall.sh" $boldwhite
echo ""
cecho "---------------------------------------------------------------" $boldyellow
cecho "SSL vhost: /usr/local/nginx/conf/conf.d/phpmyadmin_ssl.conf" $boldgreen
cecho "php-fpm includes: /usr/local/nginx/conf/php_${DIRNAME}.conf" $boldgreen
cecho "php-fpm pool conf: /usr/local/nginx/conf/phpfpmd/phpfpm_myadmin.conf" $boldgreen
cecho "dedicated php-fpm pool user: ${USERNAME}" $boldgreen
cecho "dedicated php-fpm pool group: nginx" $boldgreen
cecho "dedicated php error log: /var/log/php_myadmin_error.log" $boldgreen
cecho "---------------------------------------------------------------" $boldyellow
cecho "SSL vhost access log: /var/log/nginx/localhost_ssl.access.log" $boldgreen
cecho "SSL vhost error log: /var/log/nginx/localhost_ssl.error.log" $boldgreen
cecho "---------------------------------------------------------------" $boldyellow
echo ""

echo "phpmyadmin_install='y'" > /usr/local/nginx/conf/phpmyadmin_check

}
#################################################
case "$1" in
install)
checkphpmyadmin
starttime=$(date +%s.%N)
{
	#backup csf.conf
	cp -a /etc/csf/csf.conf /etc/csf/csf.conf-backup_beforephpmyadmin_${DT}

	usercreate
	myadmininstall
	sslvhost
	myadminupdater
	myadminremove
	myadminmsg
} 2>&1 | tee ${CENTMINLOGDIR}/centminmod_phpmyadmin_install_${DT}.log

endtime=$(date +%s.%N)

INSTALLTIME=$(echo "scale=2;$endtime - $starttime"|bc )
echo "" >> ${CENTMINLOGDIR}/centminmod_phpmyadmin_install_${DT}.log
echo "Total phpmyadmin Install Time: $INSTALLTIME seconds" >> ${CENTMINLOGDIR}/centminmod_phpmyadmin_install_${DT}.log

cecho "---------------------------------------------------------------" $boldyellow
cecho "Total phpmyadmin Install Time: $INSTALLTIME seconds" $boldgreen
cecho "phpmyadmin install log located at:" $boldgreen
cecho "${CENTMINLOGDIR}/centminmod_phpmyadmin_install_${DT}.log" $boldgreen
cecho "---------------------------------------------------------------" $boldyellow

;;
resetpwd)
cecho "---------------------------------------------------------------" $boldyellow
createpassword
htpassdetails
;;
*)
	echo "$0 install"
	echo "$0 resetpwd"
;;
esac
exit