#!/bin/sh
#
# Check if user is root
#
if [ $(id -u) != "0" ]; then
    echo "Error: You must be root to run this script, please use the root user to install the software."
    exit 1
fi

if [ ! -f /etc/debian_version ]; then 
    echo "Unsupported Linux Distribution. Prepared for Debian"
    exit 1
fi
################################################################################
#
# Hostname: freshrss.dmz.lan
#
# IP: 192.168.50.30/24
#
# OS: Debian 12
#
# URL: http://192.168.50.30/i/
#
# URL: https://freshrss.vmnetz.lan64.de
#
# Container ID: 118
#
# Node: PVE01
#
################################################################################
#
# root pass:	master_user#01@vmnets.de
#
# Admin pass:	admin_user#01@vmnets.de
#
################################################################################
# 
# systemctl [start | stop | reload | restart | status] nginx
#
# systemctl [start | stop | reload | restart | status] php8.2-fpm
#
################################################################################
apt install -y \
	git \
	nginx \
	php8.2 \
	php8.2-fpm \
	php8.2-curl \
	php8.2-gmp \
	php8.2-xml \
	php8.2-mbstring \
	php8.2-zip \
    php8.2-sqlite3 

mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.default

cat > /etc/nginx/nginx.conf <<"EOF"
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
        worker_connections 1024;
        multi_accept on;
}

http {
        ##
        # Basic Settings
        ##
        sendfile on;
        tcp_nopush on;
        types_hash_max_size 2048;
        server_tokens off;

        server_names_hash_bucket_size 64;
        server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        client_body_timeout 12;
        client_header_timeout 12;
        keepalive_timeout 15;
        send_timeout 10;

        client_body_buffer_size 10K;
        client_header_buffer_size 1k;
        client_max_body_size 8m;
        large_client_header_buffers 4 4k;

        # Logging Settings
        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;
        
        # Gzip Settings
        gzip on;
        gzip_vary on;
        gzip_proxied any;
        gzip_comp_level 6;
        gzip_buffers 16 8k;
        gzip_http_version 1.1;
		gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;


        # Virtual Host Configs
        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}
EOF

## Backup and then tweak PHP for optimization and security reasons:
cp /etc/php/8.2/fpm/pool.d/www.conf /etc/php/8.2/fpm/pool.d/www.conf.bak
cp /etc/php/8.2/cli/php.ini /etc/php/8.2/cli/php.ini.bak
cp /etc/php/8.2/fpm/php.ini /etc/php/8.2/fpm/php.ini.bak
cp /etc/php/8.2/fpm/php-fpm.conf /etc/php/8.2/fpm/php-fpm.conf.bak


## Update PHP CLI configuration
sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/8.2/cli/php.ini
sed -i "s/display_errors = .*/display_errors = On/" /etc/php/8.2/cli/php.ini
sed -i "s/memory_limit = .*/memory_limit = 256M/" /etc/php/8.2/cli/php.ini
sed -i "s/;date.timezone.*/date.timezone = Europe\/\Berlin/" /etc/php/8.2/cli/php.ini

## Configure sessions directory permissions
chmod 733 /var/lib/php/sessions
chmod +t /var/lib/php/sessions

## Tweak PHP-FPM settings
# Please note: We are suppressing PHP error output here by setting these options to production values
sed -i "s/error_reporting = .*/error_reporting = E_ALL \& ~E_NOTICE \& ~E_STRICT \& ~E_DEPRECATED/" /etc/php/8.2/fpm/php.ini
sed -i "s/display_errors = .*/display_errors = Off/" /etc/php/8.2/fpm/php.ini
sed -i "s/memory_limit = .*/memory_limit = 256M/" /etc/php/8.2/fpm/php.ini
sed -i "s/upload_max_filesize = .*/upload_max_filesize = 256M/" /etc/php/8.2/fpm/php.ini
sed -i "s/post_max_size = .*/post_max_size = 256M/" /etc/php/8.2/fpm/php.ini
sed -i "s/;date.timezone.*/date.timezone = Europe\/\Berlin/" /etc/php/8.2/fpm/php.ini

sed -i "s/;session.cookie_secure.*/session.cookie_secure = True/" /etc/php/8.2/fpm/php.ini
sed -i "s/;opcache.enable=.*/opcache.enable=1/" /etc/php/8.2/fpm/php.ini
sed -i "s/;opcache.enable_cli=.*/opcache.enable_cli=1/" /etc/php/8.2/fpm/php.ini
sed -i "s/;opcache.memory_consumption=.*/opcache.memory_consumption=128/" /etc/php/8.2/fpm/php.ini
sed -i "s/;opcache.interned_strings_buffer=.*/opcache.interned_strings_buffer=8/" /etc/php/8.2/fpm/php.ini
sed -i "s/;opcache.max_accelerated_files=.*/opcache.max_accelerated_files=10000/" /etc/php/8.2/fpm/php.ini
sed -i "s/;opcache.revalidate_freq=.*/opcache.revalidate_freq=1/" /etc/php/8.2/fpm/php.ini
sed -i "s/;opcache.save_comments=.*/opcache.save_comments=1/" /etc/php/8.2/fpm/php.ini


## Tune PHP-FPM pool settings
sed -i "s/;env\[HOSTNAME\] = /env[HOSTNAME] = /" /etc/php/8.2/fpm/pool.d/www.conf
sed -i "s/;env\[TMP\] = /env[TMP] = /" /etc/php/8.2/fpm/pool.d/www.conf
sed -i "s/;env\[TMPDIR\] = /env[TMPDIR] = /" /etc/php/8.2/fpm/pool.d/www.conf
sed -i "s/;env\[TEMP\] = /env[TEMP] = /" /etc/php/8.2/fpm/pool.d/www.conf
sed -i "s/;env\[PATH\] = /env[PATH] = /" /etc/php/8.2/fpm/pool.d/www.conf

sed -i "s/;listen\.mode.*/listen.mode = 0666/" /etc/php/8.2/fpm/pool.d/www.conf
sed -i "s/;request_terminate_timeout.*/request_terminate_timeout = 60/" /etc/php/8.2/fpm/pool.d/www.conf
sed -i "s/pm\.max_children.*/pm.max_children = 70/" /etc/php/8.2/fpm/pool.d/www.conf
sed -i "s/pm\.start_servers.*/pm.start_servers = 20/" /etc/php/8.2/fpm/pool.d/www.conf
sed -i "s/pm\.min_spare_servers.*/pm.min_spare_servers = 20/" /etc/php/8.2/fpm/pool.d/www.conf
sed -i "s/pm\.max_spare_servers.*/pm.max_spare_servers = 35/" /etc/php/8.2/fpm/pool.d/www.conf
sed -i "s/;pm\.max_requests.*/pm.max_requests = 500/" /etc/php/8.2/fpm/pool.d/www.conf

## How to fix the NGINX error “Failed to read PID from file”
#mkdir /etc/systemd/system/nginx.service.d
#printf "[Service]\nExecStartPost=/bin/sleep 0.1\n" > /etc/systemd/system/nginx.service.d/override.conf


unlink /etc/nginx/sites-enabled/default
rm /etc/nginx/sites-available/default


cat > /etc/nginx/sites-available/freshrss <<"EOF"
server {
	listen 80;

	server_name _;

	# the folder p of your FreshRSS installation
	root /srv/FreshRSS/p/;

	index index.php index.html index.htm;

	# nginx log files
	access_log /var/log/nginx/rss.access.log;
	error_log /var/log/nginx/rss.error.log;

	# php files handling
	# this regex is mandatory because of the API
	location ~ ^.+?\.php(/.*)?$ {
		fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
		fastcgi_split_path_info ^(.+\.php)(/.*)$;
		# By default, the variable PATH_INFO is not set under PHP-FPM
		# But FreshRSS API greader.php need it. If you have a “Bad Request” error, double check this var!
		# NOTE: the separate $path_info variable is required. For more details, see:
		# https://trac.nginx.org/nginx/ticket/321
		set $path_info $fastcgi_path_info;
		fastcgi_param PATH_INFO $path_info;
		include fastcgi_params;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	}

	location / {
		try_files $uri $uri/ index.php;
	}
	
	# assets, media 
	location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
		expires 365d;
		access_log off;
	}

	# svg, fonts
	location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
	#add_header Access-Control-Allow-Origin "*";
	expires    365d;
	access_log off;
	}
	
}
EOF

ln -s /etc/nginx/sites-available/freshrss /etc/nginx/sites-enabled/

# FreshRSS Installation:
mkdir -p /srv/FreshRSS

# curl -o /tmp/freshrss.tar.gz -L https://github.com/FreshRSS/FreshRSS/archive/master.tar.gz
# tar xf /tmp/freshrss.tar.gz -C /srv/FreshRSS --strip-components=1 

git clone https://github.com/FreshRSS/FreshRSS.git /srv/FreshRSS
chown -R www-data:www-data /srv/FreshRSS

# Setup the cron job to refresh feeds:
echo "*/15 * * * * root /usr/bin/php /srv/FreshRSS/app/actualize_script.php > /tmp/FreshRSS.log 2>&1" >> /etc/crontab


systemctl restart nginx && systemctl restart php8.2-fpm

apt autoremove && apt autoclean && apt clean