From 90617fe558973897844144d640a3bfa0b593d52e Mon Sep 17 00:00:00 2001
From: Edi Septriyanto <me@masedi.net>
Date: Wed, 30 Mar 2022 22:22:27 +0700
Subject: [PATCH 1/4] Fix typo

---
 scripts/install_mongodb.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/install_mongodb.sh b/scripts/install_mongodb.sh
index b1cb796c..534e884d 100755
--- a/scripts/install_mongodb.sh
+++ b/scripts/install_mongodb.sh
@@ -31,7 +31,7 @@ fi
 ##
 function add_mongodb_repo() {
     local DISTRIB_ARCH
-    case ${ARCH} in
+    case "${ARCH}" in
         i386 | i486| i586 | i686)
             DISTRIB_ARCH="i386"
         ;;

From 45a3a485bb4e09f96c680fa2f3c88e0b019c25b6 Mon Sep 17 00:00:00 2001
From: Edi Septriyanto <me@masedi.net>
Date: Wed, 30 Mar 2022 22:22:56 +0700
Subject: [PATCH 2/4] Add liblua module

---
 scripts/install_nginx.sh | 59 ++++++++++++++++++++++++++--------------
 1 file changed, 38 insertions(+), 21 deletions(-)

diff --git a/scripts/install_nginx.sh b/scripts/install_nginx.sh
index 5d277fe3..2d2543d2 100755
--- a/scripts/install_nginx.sh
+++ b/scripts/install_nginx.sh
@@ -56,7 +56,7 @@ function add_nginx_repo() {
         ;;
         ubuntu)
             # Nginx custom with ngx cache purge from Ondrej repo.
-            #run wget -qO "/etc/apt/trusted.gpg.d/${NGINX_REPO}.gpg" "https://packages.sury.org/${NGINX_REPO}/apt.gpg"
+            run wget -qO "/etc/apt/trusted.gpg.d/${NGINX_REPO}.gpg" "https://packages.sury.org/${NGINX_REPO}/apt.gpg"
             run apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 14AA40EC0831756756D7F66C4F4EA0AAE5267A6C
             run add-apt-repository -y "ppa:ondrej/${NGINX_REPO}"
             run apt-get update -qq -y
@@ -182,7 +182,7 @@ function init_nginx_install() {
                             # Embed the power of Lua into Nginx HTTP Servers.
                             if "${NGX_HTTP_LUA}"; then
                                 echo "Adding ngx-http-lua module..."
-                                EXTRA_MODULE_PKGS=("${EXTRA_MODULE_PKGS[@]}" "libnginx-mod-http-lua")
+                                EXTRA_MODULE_PKGS=("${EXTRA_MODULE_PKGS[@]}" "luajit" "libluajit" "libnginx-mod-http-lua")
                             fi
 
                             # Nginx Memc - An extended version of the standard memcached module.
@@ -366,14 +366,14 @@ function init_nginx_install() {
 
                         # OpenSSL
                         if grep -iq openssl <<<"${NGINX_CUSTOMSSL_VERSION}"; then
-                            OPENSSL_SOURCE="https://www.openssl.org/source/${NGINX_CUSTOMSSL_VERSION}.tar.gz"
-                            #OPENSSL_SOURCE="https://github.com/openssl/openssl/archive/${NGINX_CUSTOMSSL_VERSION}.tar.gz"
+                            OPENSSL_SOURCE_URL="https://www.openssl.org/source/${NGINX_CUSTOMSSL_VERSION}.tar.gz"
+                            #OPENSSL_SOURCE_URL="https://github.com/openssl/openssl/archive/${NGINX_CUSTOMSSL_VERSION}.tar.gz"
 
-                            if curl -sLI "${OPENSSL_SOURCE}" | grep -q "HTTP/[.12]* [2].."; then
-                                run wget -q -O "${NGINX_CUSTOMSSL_VERSION}.tar.gz" "${OPENSSL_SOURCE}" && \
+                            if curl -sLI "${OPENSSL_SOURCE_URL}" | grep -q "HTTP/[.12]* [2].."; then
+                                run wget -q -O "${NGINX_CUSTOMSSL_VERSION}.tar.gz" "${OPENSSL_SOURCE_URL}" && \
                                 run tar -zxf "${NGINX_CUSTOMSSL_VERSION}.tar.gz"
 
-                                [ -d "${BUILD_DIR}/${NGINX_CUSTOMSSL_VERSION}" ] && \
+                                [[ -d "${BUILD_DIR}/${NGINX_CUSTOMSSL_VERSION}" ]] && \
                                     NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \
                                         --with-openssl=${BUILD_DIR}/${NGINX_CUSTOMSSL_VERSION} \
                                         --with-openssl-opt=enable-ec_nistp_64_gcc_128 \
@@ -385,13 +385,13 @@ function init_nginx_install() {
 
                         # LibreSSL
                         elif grep -iq libressl <<<"${NGINX_CUSTOMSSL_VERSION}"; then
-                            LIBRESSL_SOURCE="https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${NGINX_CUSTOMSSL_VERSION}.tar.gz"
+                            LIBRESSL_SOURCE_URL="https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${NGINX_CUSTOMSSL_VERSION}.tar.gz"
 
-                            if curl -sLI "${LIBRESSL_SOURCE}" | grep -q "HTTP/[.12]* [2].."; then
-                                run wget -q -O "${NGINX_CUSTOMSSL_VERSION}.tar.gz" "${LIBRESSL_SOURCE}" && \
+                            if curl -sLI "${LIBRESSL_SOURCE_URL}" | grep -q "HTTP/[.12]* [2].."; then
+                                run wget -q -O "${NGINX_CUSTOMSSL_VERSION}.tar.gz" "${LIBRESSL_SOURCE_URL}" && \
                                 run tar -zxf "${NGINX_CUSTOMSSL_VERSION}.tar.gz"
 
-                                [ -d "${BUILD_DIR}/${NGINX_CUSTOMSSL_VERSION}" ] && \
+                                [[ -d "${BUILD_DIR}/${NGINX_CUSTOMSSL_VERSION}" ]] && \
                                     NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \
                                         --with-openssl=${BUILD_DIR}/${NGINX_CUSTOMSSL_VERSION} \
                                         --with-openssl-opt=no-weak-ssl-ciphers"
@@ -403,9 +403,30 @@ function init_nginx_install() {
                         elif grep -iq boringssl <<< "${NGINX_CUSTOMSSL_VERSION}"; then
                             # BoringSSL requires Golang, install it first.
                             if [[ -z $(command -v go) ]]; then
+                                GOLANG_VER="1.17.8"
+
+                                local DISTRIB_ARCH
+                                case "${ARCH}" in
+                                    i386 | i486| i586 | i686)
+                                        DISTRIB_ARCH="386"
+                                    ;;
+                                    x86_64 | amd64)
+                                        DISTRIB_ARCH="amd64"
+                                    ;;
+                                    arm64 | aarch* | armv8*)
+                                        DISTRIB_ARCH="arm64"
+                                    ;;
+                                    arm | armv7*)
+                                        DISTRIB_ARCH="armv6l"
+                                    ;;
+                                    *)
+                                        DISTRIB_ARCH="386"
+                                    ;;
+                                esac
+
                                 case "${DISTRIB_NAME}" in
                                     debian)
-                                        GOLANG_DOWNLOAD_URL="https://dl.google.com/go/go1.13.4.linux-amd64.tar.gz"
+                                        GOLANG_DOWNLOAD_URL="https://go.dev/dl/go${GOLANG_VER}.linux-${DISTRIB_ARCH}.tar.gz"
 
                                         if curl -sLI "${GOLANG_DOWNLOAD_URL}" | grep -q "HTTP/[.12]* [2].."; then
                                             run wget -q -O golang.tar.gz "${GOLANG_DOWNLOAD_URL}" && \
@@ -432,11 +453,11 @@ function init_nginx_install() {
                             IFS='- ' read -r -a BSPARTS <<< "${NGINX_CUSTOMSSL_VERSION}"
                             IFS=${SAVEIFS} # Restore IFS
                             BORINGSSL_VERSION=${BSPARTS[1]}
-                            [[ -z ${BORINGSSL_VERSION} || ${BORINGSSL_VERSION} = "latest" ]] && BORINGSSL_VERSION="master"
-                            BORINGSSL_DOWNLOAD_URL="https://boringssl.googlesource.com/boringssl/+archive/refs/heads/${BORINGSSL_VERSION}.tar.gz"
+                            [[ -z ${BORINGSSL_VERSION} || ${BORINGSSL_VERSION} == "latest" ]] && BORINGSSL_VERSION="master"
+                            BORINGSSL_SOURCE_URL="https://boringssl.googlesource.com/boringssl/+archive/refs/heads/${BORINGSSL_VERSION}.tar.gz"
 
-                            if curl -sLI "${BORINGSSL_DOWNLOAD_URL}" | grep -q "HTTP/[.12]* [2].."; then
-                                run wget -q -O "${NGINX_CUSTOMSSL_VERSION}.tar.gz" "${BORINGSSL_DOWNLOAD_URL}" && \
+                            if curl -sLI "${BORINGSSL_SOURCE_URL}" | grep -q "HTTP/[.12]* [2].."; then
+                                run wget -q -O "${NGINX_CUSTOMSSL_VERSION}.tar.gz" "${BORINGSSL_SOURCE_URL}" && \
                                 run mkdir -p "${NGINX_CUSTOMSSL_VERSION}" && \
                                 run tar -zxf "${NGINX_CUSTOMSSL_VERSION}.tar.gz" -C "${NGINX_CUSTOMSSL_VERSION}" && \
                                 run cd "${BUILD_DIR}/${NGINX_CUSTOMSSL_VERSION}" && \
@@ -453,13 +474,11 @@ function init_nginx_install() {
                                 run make -C"${BUILD_DIR}/${NGINX_CUSTOMSSL_VERSION}/build" -j"${NB_PROC}" && \
 
                                 # Copy the BoringSSL crypto libraries to .openssl/lib so nginx can find them.
-                                run cp build/crypto/libcrypto.a .openssl/lib && \
-                                run cp build/ssl/libssl.a .openssl/lib && \
+                                run cp build/crypto/libcrypto.a build/ssl/libssl.a .openssl/lib && \
 
                                 # Back to extra module dir.
                                 run cd "${EXTRA_MODULE_DIR}" || return 1
 
-                                #NGX_CONFIGURE_ARGS="--with-openssl=${BUILD_DIR}/${NGINX_CUSTOMSSL_VERSION} ${NGX_CONFIGURE_ARGS}"
                                 NGX_CONFIGURE_ARGS="${NGX_CONFIGURE_ARGS} \
                                     --with-cc-opt=\"-I${BUILD_DIR}/${NGINX_CUSTOMSSL_VERSION}/.openssl/include\" \
                                     --with-ld-opt=\"-L${BUILD_DIR}/${NGINX_CUSTOMSSL_VERSION}/.openssl/lib\""
@@ -674,7 +693,6 @@ function init_nginx_install() {
                             GEOLITE2_COUNTRY_SRC="https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country&license_key=${GEOLITE2_LICENSE_KEY}&suffix=tar.gz"
 
                             if curl -sLI "${GEOLITE2_COUNTRY_SRC}" | grep -q "HTTP/[.12]* [2].."; then
-                                #run wget -q https://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.tar.gz && \
                                 run wget -q "${GEOLITE2_COUNTRY_SRC}" -O GeoLite2-Country.tar.gz && \
                                 run tar -xf GeoLite2-Country.tar.gz && \
                                 run cd GeoLite2-Country_*/ && \
@@ -685,7 +703,6 @@ function init_nginx_install() {
                             GEOLITE2_CITY_SRC="https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key=${GEOLITE2_LICENSE_KEY}&suffix=tar.gz"
 
                             if curl -sLI "${GEOLITE2_CITY_SRC}" | grep -q "HTTP/[.12]* [2].."; then
-                                #run wget -q https://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz && \
                                 run wget -q "${GEOLITE2_CITY_SRC}" -O GeoLite2-City.tar.gz && \
                                 run tar -xf GeoLite2-City.tar.gz && \
                                 run cd GeoLite2-City_*/ && \

From 9ba5bfb9bc34f856550748ecde7ebd3810d8a743 Mon Sep 17 00:00:00 2001
From: Edi Septriyanto <me@masedi.net>
Date: Wed, 30 Mar 2022 22:23:45 +0700
Subject: [PATCH 3/4] Added som env parameters

---
 lemper.sh | 40 ++++++++++++++++++++++++++++++++--------
 1 file changed, 32 insertions(+), 8 deletions(-)

diff --git a/lemper.sh b/lemper.sh
index 4249c659..69c1cd09 100755
--- a/lemper.sh
+++ b/lemper.sh
@@ -501,7 +501,7 @@ function init_lemper_install() {
     START_TIME=$(date +%s)
 
     # Clone LEMPer repository first.
-    git_clone_lemper "2.x.x"
+    git_clone_lemper "master" > /dev/null 2>&1
 
     # Check dotenv config file.
     if [[ ! -f .env.dist ]]; then
@@ -510,7 +510,7 @@ function init_lemper_install() {
     fi
 
     if [[ -f .env ]]; then
-        cp .env .env.bak
+        cp -f .env .env.bak
     else
         cp .env.dist .env
     fi
@@ -526,7 +526,8 @@ function init_lemper_install() {
     # Set getopt options.
     OPTS=$(getopt -o h:i:dgpDBF \
         -l debug,development,dry-run,fix-broken-install,force,guided,hostname:,ipv4:,production,unattended \
-        -l with-nginx:,with-nginx-installer:,with-php:,with-php-extensions:,with-php-loader: \
+        -l with-nginx:,with-nginx-installer:,with-nginx-custom-ssl:,with-nginx-lua,with-nginx-pagespeed,with-nginx-passenger \
+        -l with-nginx-pcre:,with-nginx-rtmp,with-php:,with-php-extensions:,with-php-loader: \
         -l with-mysql-server:,with-memcached:,with-memcached-installer:,with-mongodb:,with-mongodb-admin: \
         -l with-redis:,with-redis-installer:,with-redis-requirepass:,with-ftp-server: \
         -n "${PROG_NAME}" -- "$@")
@@ -559,6 +560,14 @@ function init_lemper_install() {
                 esac
                 shift
             ;;
+            --with-nginx-custom-ssl)
+                exit_if_optarg_is_empty "${1}" "${2}"
+                shift
+                NGINX_CUSTOMSSL_VERSION=${1-"openssl-1.1.1l"}
+                sed -i "s/NGINX_WITH_CUSTOMSSL=[a-zA-Z]*/NGINX_WITH_CUSTOMSSL=true/g" .env
+                sed -i "s/NGINX_CUSTOMSSL_VERSION=\"[0-9a-zA-Z.-\ ]*\"/NGINX_CUSTOMSSL_VERSION=\"${NGINX_CUSTOMSSL_VERSION}\"/g" .env
+                shift
+            ;;
             --with-nginx-lua)
                 sed -i "s/NGX_HTTP_LUA=[a-zA-Z]*/NGX_HTTP_LUA=true/g" .env
                 shift
@@ -571,6 +580,14 @@ function init_lemper_install() {
                 sed -i "s/NGX_HTTP_PASSENGER=[a-zA-Z]*/NGX_HTTP_PASSENGER=true/g" .env
                 shift
             ;;
+            --with-nginx-pcre)
+                exit_if_optarg_is_empty "${1}" "${2}"
+                shift
+                NGINX_PCRE_VERSION=${1-"8.45"}
+                sed -i "s/NGINX_WITH_PCRE=[a-zA-Z]*/NGINX_WITH_PCRE=true/g" .env
+                sed -i "s/NGINX_PCRE_VERSION=\"[0-9a-zA-Z.\ ]*\"/NGINX_PCRE_VERSION=\"${NGINX_PCRE_VERSION}\"/g" .env
+                shift
+            ;;
             --with-nginx-rtmp)
                 sed -i "s/NGX_RTMP=[a-zA-Z]*/NGX_RTMP=true/g" .env
                 shift
@@ -661,7 +678,7 @@ function init_lemper_install() {
                 MEMCACHED_INSTALLER=${1}
                 case "${MEMCACHED_INSTALLER}" in
                     source)
-                        sed -i "s/MEMCACHED_INSTALLER=\"[a-zA-Z.\ ]*\"/MEMCACHED_INSTALLER=\"source\"/g" .env
+                        sed -i "s/MEMCACHED_INSTALLER=\"[a-zA-Z]*\"/MEMCACHED_INSTALLER=\"source\"/g" .env
                     ;;
                     *)
                         sed -i "s/MEMCACHED_INSTALLER=\"[a-zA-Z]*\"/MEMCACHED_INSTALLER=\"repo\"/g" .env
@@ -690,8 +707,8 @@ function init_lemper_install() {
                 MONGODB_ADMIN_PASS="${MONGODB_ADMIN_AUTH[1]}"
                 # Restore default IFS
                 IFS=${_IFS}
-                sed -i "s/MONGODB_ADMIN_USER=\"[0-9a-zA-Z._-\ ]*\"/MONGODB_ADMIN_USER=\"${MONGODB_ADMIN_USER}\"/g" .env
-                sed -i "s/MONGODB_ADMIN_PASSWORD=\"[0-9a-zA-Z._-\ ]*\"/MONGODB_ADMIN_PASSWORD=\"${MONGODB_ADMIN_PASS}\"/g" .env
+                sed -i "s/MONGODB_ADMIN_USER=\"[0-9a-zA-Z._-]*\"/MONGODB_ADMIN_USER=\"${MONGODB_ADMIN_USER}\"/g" .env
+                sed -i "s/MONGODB_ADMIN_PASSWORD=\"[0-9a-zA-Z._-]*\"/MONGODB_ADMIN_PASSWORD=\"${MONGODB_ADMIN_PASS}\"/g" .env
                 shift
             ;;
             # Usage: --with-redis <latest | stable | redis-version>
@@ -701,7 +718,7 @@ function init_lemper_install() {
                 REDIS_VERSION=${1}
                 if [ -z "${REDIS_VERSION}" ]; then REDIS_VERSION="stable"; fi
                 sed -i "s/INSTALL_REDIS=[a-zA-Z]*/INSTALL_REDIS=true/g" .env
-                sed -i "s/REDIS_VERSION=\"[0-9a-zA-Z._-\ ]*\"/REDIS_VERSION=\"${REDIS_VERSION}\"/g" .env
+                sed -i "s/REDIS_VERSION=\"[0-9a-zA-Z._-]*\"/REDIS_VERSION=\"${REDIS_VERSION}\"/g" .env
                 shift
             ;;
             # Usage: --with-redis-installer <source | repo>
@@ -725,7 +742,7 @@ function init_lemper_install() {
                 shift
                 REDIS_PASSWORD=${1}
                 sed -i "s/REDIS_REQUIRE_PASSWORD=[a-zA-Z]*/REDIS_REQUIRE_PASSWORD=true/g" .env
-                sed -i "s/REDIS_PASSWORD=\"[0-9a-zA-Z._-\ ]*\"/REDIS_PASSWORD=\"${REDIS_PASSWORD}\"/g" .env
+                sed -i "s/REDIS_PASSWORD=\"[0-9a-zA-Z._-]*\"/REDIS_PASSWORD=\"${REDIS_PASSWORD}\"/g" .env
                 shift
             ;;
             --with-ssh-port)
@@ -789,6 +806,13 @@ function init_lemper_install() {
                 sed -i "s/ENVIRONMENT=\"[a-zA-Z]*\"/ENVIRONMENT=\"production\"/g" .env
                 shift
             ;;
+            --admin-email)
+                exit_if_optarg_is_empty "${1}" "${2}"
+                shift
+                LEMPER_ADMIN_EMAIL=${1}
+                sed -i "s/LEMPER_ADMIN_EMAIL=\"[0-9a-zA-Z._-@\ ]*\"/LEMPER_ADMIN_EMAIL=\"${LEMPER_ADMIN_EMAIL}\"/g" .env
+                shift
+            ;;
             --)
                 shift
                 break

From adcaaf75762dee3b0949f75c040797480f586a06 Mon Sep 17 00:00:00 2001
From: Edi Septriyanto <me@masedi.net>
Date: Wed, 30 Mar 2022 22:33:31 +0700
Subject: [PATCH 4/4] Make Ngx PageSpeed disabled by default

---
 .env.dist | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.env.dist b/.env.dist
index f722504f..91e2db72 100644
--- a/.env.dist
+++ b/.env.dist
@@ -149,7 +149,7 @@ NGX_HTTP_VTS=true
 NGX_HTTP_XSLT_FILTER=true
 NGX_MAIL=true
 NGX_NCHAN=false
-NGX_PAGESPEED=true
+NGX_PAGESPEED=false
 NGX_RTMP=false
 NGX_STREAM=true