#!/bin/bash
curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/version > /tmp/version; source /tmp/version
case "`grep DISTRIB_CODENAME /etc/*-release | awk -F '=' '{print $2}'`" in
      focal)
             if [ "$(whoami)" != "root" ]
             then
                 echo "You should Login as root to use this script!";
                 echo "Maybe you already have access for sudo, but commands aren't designed with sudo! so..";
                 echo "sudo -i";
                 exit 1
             fi

             if [ -d "/nginx/" ]; then
                 echo "We've detect a folder '/nginx/' which means"
                 echo "Maybe you have use this script before!"
                 echo "You can wipe old installation by executing!"
                 echo "(**THIS WILL DELETE ALL YOUR OLD NGINX CONFIGS MAKE SURE YOU BACKUP BEFORE USING**)"
                 echo "execute: rm -Rf /nginx; rm -Rf /usr/sbin/nginx; rm -Rf /opt/mod; rm -Rf /opt/nginx*"
                 echo "then execute again bash install"
                 exit 1
             fi

             if [ -d "/etc/nginx" ]; then
                 echo "We've detect a folder '/etc/nginx' which means you already got nginx up and running!"
                 exit 1
             fi

             if [ -d "/opt/nginx/" ]; then
                 echo "DETECTED '/opt/nginx/'"
                 echo "Maybe script has already been used you need to start clean!"
                 echo "(**THIS WILL DELETE ALL YOUR OLD NGINX CONFIGS MAKE SURE YOU BACKUP BEFORE USING**)"
                 echo "execute: rm -Rf /nginx; rm -Rf /usr/sbin/nginx; rm -Rf /opt/mod; rm -Rf /opt/nginx*"
                 echo "then execute again bash install"
                 exit 1
             fi

             apt-get update -y; apt-get upgrade -y; apt-get dist-upgrade -y; apt-get autoremove -y
             DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get -y install tzdata
             apt-get install libtool pkg-config make cmake automake autoconf -y
             apt-get install libyajl-dev ssdeep zlib1g-dev libxslt1-dev libgd-dev libgeoip-dev liblmdb-dev libfuzzy-dev libmaxminddb-dev liblua5.2-dev libcurl4-openssl-dev libxml2 libxml2-dev libpcre3-dev -y

             mkdir -p /opt/mod/
             cd /opt/mod && wget https://github.com/openresty/luajit2/archive/refs/tags/v${FOCAL_VERSION_LUA}.tar.gz
             cd /opt/mod && tar xf v${FOCAL_VERSION_LUA}.tar.gz && rm -Rf v${FOCAL_VERSION_LUA}.tar.gz
             cd /opt/mod/luajit2-${FOCAL_VERSION_LUA}/ && make install PREFIX=/usr/local/LuaJIT && ldconfig
             rm -Rf /opt/mod/luajit2-${FOCAL_VERSION_LUA}/

             cd /opt/mod && wget https://github.com/SpiderLabs/ModSecurity/releases/download/v${FOCAL_VERSION_NGX_MODSECURITY}/modsecurity-v${FOCAL_VERSION_NGX_MODSECURITY}.tar.gz
             cd /opt/mod && tar xf modsecurity-v${FOCAL_VERSION_NGX_MODSECURITY}.tar.gz; rm -Rf modsecurity-v${FOCAL_VERSION_NGX_MODSECURITY}.tar.gz
             cd /opt/mod/modsecurity-v${FOCAL_VERSION_NGX_MODSECURITY} && ./configure && make -j`nproc` && make install
             
             cd /opt/mod && wget https://github.com/openresty/lua-resty-core/archive/refs/tags/v${FOCAL_VERSION_NGX_RESTY_CORE}.tar.gz
             cd /opt/mod && tar xf v${FOCAL_VERSION_NGX_RESTY_CORE}.tar.gz && rm -Rf v${FOCAL_VERSION_NGX_RESTY_CORE}.tar.gz
             cd /opt/mod/lua-resty-core-${FOCAL_VERSION_NGX_RESTY_CORE} && make install PREFIX=${LUA_SCRIPTS}
             
             cd /opt/mod && wget https://github.com/openresty/lua-resty-lrucache/archive/refs/tags/v${FOCAL_VERSION_NGX_RESTY_LRUCACHE}.tar.gz
             cd /opt/mod && tar xf v${FOCAL_VERSION_NGX_RESTY_LRUCACHE}.tar.gz && rm -Rf v${FOCAL_VERSION_NGX_RESTY_LRUCACHE}.tar.gz
             cd /opt/mod/lua-resty-lrucache-${FOCAL_VERSION_NGX_RESTY_LRUCACHE} && make install PREFIX=${LUA_SCRIPTS}
             
             cd /opt/mod && wget https://github.com/PCRE2Project/pcre2/archive/refs/tags/pcre2-${FOCAL_PCRE}.tar.gz
             cd /opt/mod && tar xf pcre2-${FOCAL_PCRE}.tar.gz; rm -Rf pcre2-${FOCAL_PCRE}.tar.gz
             cd /opt/mod/pcre2-pcre2-${FOCAL_PCRE} && ./autogen.sh 
             #cd /opt/mod/pcre2-pcre2-${FOCAL_PCRE} && ./configure --prefix=/usr/local/pcre2_${FOCAL_PCRE} && make -j`nproc` && make install
             
             cd /opt/mod && wget https://github.com/openssl/openssl/archive/refs/tags/OpenSSL_${FOCAL_OPENSSL}.tar.gz
             cd /opt/mod && tar xf OpenSSL_${FOCAL_OPENSSL}.tar.gz; rm -Rf OpenSSL_${FOCAL_OPENSSL}.tar.gz
             #cd /opt/mod/openssl-OpenSSL_${FOCAL_OPENSSL} && ./config --prefix=/usr/local/openssl_${FOCAL_OPENSSL} && make -j`nproc` && make install
             
             cd /opt/mod && wget http://zlib.net/zlib-${FOCAL_ZLIB}.tar.gz
             cd /opt/mod && tar xf zlib-${FOCAL_ZLIB}.tar.gz; rm -Rf zlib-${FOCAL_ZLIB}.tar.gz
             #cd /opt/mod/zlib-${FOCAL_ZLIB} && ./configure --prefix=/usr/local/zlib-${FOCAL_ZLIB} && make -j`nproc` && make install

             # Nginx
             cd /opt/ && wget https://nginx.org/download/nginx-${FOCAL_VERSION_NGINX}.tar.gz && tar xf nginx-${FOCAL_VERSION_NGINX}.tar.gz && rm -Rf nginx-${FOCAL_VERSION_NGINX}.tar.gz
             cd /opt/nginx-${FOCAL_VERSION_NGINX} && curl -s https://raw.githubusercontent.com/hakasenyang/openssl-patch/master/nginx_hpack_push_1.15.3.patch > hpack_push.patch && patch -p1 < hpack_push.patch
             cd /opt/nginx-${FOCAL_VERSION_NGINX} && ./configure --with-compat \
                                          --user=nginx                                             \
                                          --group=nginx                                            \
                                          --sbin-path=/usr/sbin/nginx                              \
                                          --conf-path=/nginx/nginx.conf                            \
                                          --pid-path=/var/run/nginx.pid                            \
                                          --lock-path=/var/run/nginx.lock                          \
                                          --error-log-path=/var/log/nginx/error.log                \
                                          --http-log-path=/var/log/nginx/access.log                \
                                          --with-openssl=/opt/mod/openssl-OpenSSL_${FOCAL_OPENSSL} \
                                          --with-pcre                                              \
                                          --with-pcre=/opt/mod/pcre2-pcre2-${FOCAL_PCRE}           \
                                          --with-zlib=/opt/mod/zlib-${FOCAL_ZLIB}                  \
                                          --with-threads                                           \
                                          --with-file-aio                                          \
                                          --with-http_ssl_module                                   \
                                          --with-http_v2_module                                    \
                                          --with-http_realip_module                                \
                                          --with-http_addition_module                              \
                                          --with-http_xslt_module                                  \
                                          --with-http_image_filter_module                          \
                                          --with-http_geoip_module                                 \
                                          --with-http_sub_module                                   \
                                          --with-http_dav_module                                   \
                                          --with-http_flv_module                                   \
                                          --with-http_mp4_module                                   \
                                          --with-http_gunzip_module                                \
                                          --with-http_gzip_static_module                           \
                                          --with-http_auth_request_module                          \
                                          --with-http_random_index_module                          \
                                          --with-http_secure_link_module                           \
                                          --with-http_slice_module                                 \
                                          --with-http_stub_status_module                           \
                                          --with-mail                                              \
                                          --with-mail_ssl_module                                   \
                                          --with-stream                                            \
                                          --with-stream_ssl_module                                 \
                                          --with-stream_realip_module                              \
                                          --with-stream_geoip_module                               \
                                          --with-http_v2_hpack_enc                                 \
                                          --with-cc-opt="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC" \
                                          --with-ld-opt="-Wl,-rpath,/usr/local/lib -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie"
             cd /opt/nginx-${FOCAL_VERSION_NGINX} && make -j`nproc`
             cd /opt/nginx-${FOCAL_VERSION_NGINX} && make install
             curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/Focal/nginx.service > /lib/systemd/system/nginx.service
             rm -Rf /nginx/*.default

             # Download Dynamic Modules
             mkdir -p /nginx/modules; mkdir -p /tmp 
             cd /tmp && wget https://github.com/theraw/The-World-Is-Yours/archive/refs/tags/0.0.1.tar.gz
             cd /tmp && tar xf 0.0.1.tar.gz && rm -Rf 0.0.1.tar.gz && cp -a /tmp/The-World-Is-Yours-0.0.1/static/Focal/mod/*.so /nginx/modules/; rm -Rf /tmp/The-World-Is-Yours-0.0.1

             # Fixes
             mkdir -p /nginx/modsec; curl -s https://raw.githubusercontent.com/nbs-system/naxsi/master/naxsi_config/naxsi_core.rules > /nginx/modsec/naxi.core
             curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/l7.conf > /nginx/modsec/l7.conf
             curl -s https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended > /nginx/modsec/modsecurity.conf
             curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/tester.conf > /nginx/modsec/tester.conf
             curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/unicode.mapping > /nginx/modsec/unicode.mapping
             curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/Focal/nginx.conf > /nginx/nginx.conf
             mkdir -p /nginx/live/ && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/default > /nginx/live/default
             mkdir -p /hostdata/default/public_html/ && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/index.html > /hostdata/default/public_html/index.html
             mkdir -p /hostdata/default/public_html/cdn/modsec && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/aes.min.js > /hostdata/default/public_html/cdn/modsec/aes.min.js


             # Start
             unset NGINX
             killall nginx
             useradd nginx && usermod -s /bin/false nginx
             systemctl enable nginx
             systemctl daemon-reload
             systemctl enable nginx
             systemctl stop nginx
             systemctl start nginx
      ;;
      jammy)
             if [ "$(whoami)" != "root" ]
             then
                 echo "You should Login as root to use this script!";
                 echo "May you already have access for sudo, but commands aren't designed with sudo! so..";
                 echo "sudo -i";
                 exit 1
             fi

             if [ -d "/nginx/" ]; then
                 echo "We've detect a folder '/nginx/' which means"
                 echo "Maybe you have use this script before!"
                 echo "You wipe old installation by executing!"
                 echo "(**THIS WILL DELETE ALL YOUR OLD NGINX CONFIGS MAKE SURE YOU BACKUP BEFORE USING**)"
                 echo "execute: rm -Rf /nginx; rm -Rf /usr/sbin/nginx; rm -Rf /opt/mod; rm -Rf /opt/nginx*"
                 echo "then execute again bash install"
                 exit 1
             fi

             if [ -d "/etc/nginx" ]; then
                 echo "We've detect a folder '/etc/nginx' which means"
                 echo "Maybe you have use this script before!"
                 echo "(**THIS WILL DELETE ALL YOUR OLD NGINX CONFIGS MAKE SURE YOU BACKUP BEFORE USING**)"
                 echo "execute: rm -Rf /nginx; rm -Rf /usr/sbin/nginx; rm -Rf /opt/mod; rm -Rf /opt/nginx*"
                 echo "then execute again bash install"
                 exit 1
             fi

             if [ -d "/opt/nginx/" ]; then
                 echo "DETECTED '/opt/nginx/'"
                 echo "Maybe script has already been used you need to start clean!"
                 echo "(**THIS WILL DELETE ALL YOUR OLD NGINX CONFIGS MAKE SURE YOU BACKUP BEFORE USING**)"
                 echo "execute: rm -Rf /nginx; rm -Rf /usr/sbin/nginx; rm -Rf /opt/mod; rm -Rf /opt/nginx*"
                 echo "then execute again bash install"
                 exit 1
             fi

             apt-get update -y; apt-get upgrade -y; apt-get dist-upgrade -y; apt-get autoremove -y
             DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get -y install tzdata
             apt-get install libtool pkg-config make cmake automake autoconf -y
             apt-get install libyajl-dev ssdeep zlib1g-dev libxslt1-dev libgd-dev libgeoip-dev liblmdb-dev libfuzzy-dev libmaxminddb-dev liblua5.2-dev libcurl4-openssl-dev libxml2 libxml2-dev libpcre3-dev -y

             mkdir -p /opt/mod/
             cd /opt/mod && wget https://github.com/openresty/luajit2/archive/refs/tags/v${JAMMY_VERSION_LUA}.tar.gz
             cd /opt/mod && tar xf v${JAMMY_VERSION_LUA}.tar.gz && rm -Rf v${JAMMY_VERSION_LUA}.tar.gz
             cd /opt/mod/luajit2-${JAMMY_VERSION_LUA}/ && make install PREFIX=/usr/local/LuaJIT && ldconfig
             rm -Rf /opt/mod/luajit2-${JAMMY_VERSION_LUA}/

             cd /opt/mod && wget https://github.com/SpiderLabs/ModSecurity/releases/download/v${JAMMY_VERSION_NGX_MODSECURITY}/modsecurity-v${JAMMY_VERSION_NGX_MODSECURITY}.tar.gz
             cd /opt/mod && tar xf modsecurity-v${JAMMY_VERSION_NGX_MODSECURITY}.tar.gz; rm -Rf modsecurity-v${JAMMY_VERSION_NGX_MODSECURITY}.tar.gz
             cd /opt/mod/modsecurity-v${JAMMY_VERSION_NGX_MODSECURITY} && ./configure && make -j`nproc` && make install
             
             cd /opt/mod && wget https://github.com/openresty/lua-resty-core/archive/refs/tags/v${JAMMY_VERSION_NGX_RESTY_CORE}.tar.gz
             cd /opt/mod && tar xf v${JAMMY_VERSION_NGX_RESTY_CORE}.tar.gz && rm -Rf v${JAMMY_VERSION_NGX_RESTY_CORE}.tar.gz
             cd /opt/mod/lua-resty-core-${JAMMY_VERSION_NGX_RESTY_CORE} && make install PREFIX=${LUA_SCRIPTS}
             
             cd /opt/mod && wget https://github.com/openresty/lua-resty-lrucache/archive/refs/tags/v${JAMMY_VERSION_NGX_RESTY_LRUCACHE}.tar.gz
             cd /opt/mod && tar xf v${JAMMY_VERSION_NGX_RESTY_LRUCACHE}.tar.gz && rm -Rf v${JAMMY_VERSION_NGX_RESTY_LRUCACHE}.tar.gz
             cd /opt/mod/lua-resty-lrucache-${JAMMY_VERSION_NGX_RESTY_LRUCACHE} && make install PREFIX=${LUA_SCRIPTS}

             cd /opt/mod && wget https://github.com/PCRE2Project/pcre2/archive/refs/tags/pcre2-${JAMMY_PCRE}.tar.gz
             cd /opt/mod && tar xf pcre2-${JAMMY_PCRE}.tar.gz; rm -Rf pcre2-${JAMMY_PCRE}.tar.gz
             cd /opt/mod/pcre2-pcre2-${JAMMY_PCRE} && ./autogen.sh 
             #cd /opt/mod/pcre2-pcre2-${JAMMY_PCRE} && ./configure --prefix=/usr/local/pcre2_${JAMMY_PCRE} && make -j`nproc` && make install
             
             cd /opt/mod && wget https://github.com/openssl/openssl/archive/refs/tags/openssl-${JAMMY_OPENSSL}.tar.gz
             cd /opt/mod && tar xf openssl-${JAMMY_OPENSSL}.tar.gz; rm -Rf openssl-${JAMMY_OPENSSL}.tar.gz
             #cd /opt/mod/openssl-OpenSSL_${JAMMY_OPENSSL} && ./config --prefix=/usr/local/openssl_${JAMMY_OPENSSL} && make -j`nproc` && make install
             
             cd /opt/mod && wget http://zlib.net/zlib-${JAMMY_ZLIB}.tar.gz
             cd /opt/mod && tar xf zlib-${JAMMY_ZLIB}.tar.gz; rm -Rf zlib-${JAMMY_ZLIB}.tar.gz
             #cd /opt/mod/zlib-${JAMMY_ZLIB} && ./configure --prefix=/usr/local/zlib-${JAMMY_ZLIB} && make -j`nproc` && make install
             
             # Nginx
             cd /opt/ && wget https://nginx.org/download/nginx-${JAMMY_VERSION_NGINX}.tar.gz && tar xf nginx-${JAMMY_VERSION_NGINX}.tar.gz && rm -Rf nginx-${JAMMY_VERSION_NGINX}.tar.gz
             cd /opt/nginx-${JAMMY_VERSION_NGINX} && curl -s https://raw.githubusercontent.com/hakasenyang/openssl-patch/master/nginx_hpack_push_1.15.3.patch > hpack_push.patch && patch -p1 < hpack_push.patch
             cd /opt/nginx-${JAMMY_VERSION_NGINX} && ./configure --with-compat                     \
                                          --user=nginx                                             \
                                          --group=nginx                                            \
                                          --sbin-path=/usr/sbin/nginx                              \
                                          --conf-path=/nginx/nginx.conf                            \
                                          --pid-path=/var/run/nginx.pid                            \
                                          --lock-path=/var/run/nginx.lock                          \
                                          --error-log-path=/var/log/nginx/error.log                \
                                          --http-log-path=/var/log/nginx/access.log                \
                                          --with-openssl=/opt/mod/openssl-openssl-${JAMMY_OPENSSL} \
                                          --with-pcre                                              \
                                          --with-pcre=/opt/mod/pcre2-pcre2-${JAMMY_PCRE}           \
                                          --with-zlib=/opt/mod/zlib-${JAMMY_ZLIB}                  \
                                          --with-threads                                           \
                                          --with-file-aio                                          \
                                          --with-http_ssl_module                                   \
                                          --with-http_v2_module                                    \
                                          --with-http_realip_module                                \
                                          --with-http_addition_module                              \
                                          --with-http_xslt_module                                  \
                                          --with-http_image_filter_module                          \
                                          --with-http_geoip_module                                 \
                                          --with-http_sub_module                                   \
                                          --with-http_dav_module                                   \
                                          --with-http_flv_module                                   \
                                          --with-http_mp4_module                                   \
                                          --with-http_gunzip_module                                \
                                          --with-http_gzip_static_module                           \
                                          --with-http_auth_request_module                          \
                                          --with-http_random_index_module                          \
                                          --with-http_secure_link_module                           \
                                          --with-http_slice_module                                 \
                                          --with-http_stub_status_module                           \
                                          --with-mail                                              \
                                          --with-mail_ssl_module                                   \
                                          --with-stream                                            \
                                          --with-stream_ssl_module                                 \
                                          --with-stream_realip_module                              \
                                          --with-stream_geoip_module                               \
                                          --with-http_v2_hpack_enc                                 \
                                          --with-cc-opt="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC" \
                                          --with-ld-opt="-Wl,-rpath,/usr/local/lib -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie"
             cd /opt/nginx-${JAMMY_VERSION_NGINX} && make -j`nproc`
             cd /opt/nginx-${JAMMY_VERSION_NGINX} && make install
             curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/Jammy/nginx.service > /lib/systemd/system/nginx.service
             rm -Rf /nginx/*.default

             # Download Dynamic Modules
             mkdir -p /nginx/modules; mkdir -p /tmp 
             cd /tmp && wget https://github.com/theraw/The-World-Is-Yours/archive/refs/tags/0.0.1.tar.gz
             cd /tmp && tar xf 0.0.1.tar.gz && rm -Rf 0.0.1.tar.gz && cp -a /tmp/The-World-Is-Yours-0.0.1/static/Jammy/mod/*.so /nginx/modules/; rm -Rf /tmp/The-World-Is-Yours-0.0.1

             # Fixes
             mkdir -p /nginx/modsec
             curl -s https://raw.githubusercontent.com/nbs-system/naxsi/master/naxsi_config/naxsi_core.rules > /nginx/modsec/naxi.core
             curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/l7.conf > /nginx/modsec/l7.conf
             curl -s https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended > /nginx/modsec/modsecurity.conf
             curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/tester.conf > /nginx/modsec/tester.conf
             curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/unicode.mapping > /nginx/modsec/unicode.mapping
             curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/Jammy/nginx.conf > /nginx/nginx.conf
             mkdir -p /nginx/live/ && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/default > /nginx/live/default
             mkdir -p /hostdata/default/public_html/ && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/index.html > /hostdata/default/public_html/index.html
             mkdir -p /hostdata/default/public_html/cdn/modsec && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/aes.min.js > /hostdata/default/public_html/cdn/modsec/aes.min.js


             # Start
             unset NGINX
             killall nginx
             useradd nginx && usermod -s /bin/false nginx
             systemctl enable nginx
             systemctl daemon-reload
             systemctl enable nginx
             systemctl stop nginx
             systemctl start nginx
      ;;
esac
