notes.txt

## TODO List

- Add Memory usage limit as a parameter for `docweb run`
- Add certbot email as a parameter for `docweb proxy:run`
- Add gzip compression level as a parameter for `docweb proxy:run`
- logrotate
- phpMyAdmin auto latest version
- Requests rate limit
- Bash Auto-Completion
- Auto latest node.js version detection for php7nginx image
- Redirect www to non-www for subdomains. non-www to www for root domains
- fail2ban
- run.sh template
- the easiest way to run things at startup is to add them to the file /etc/rc.local.

---
https://nginxconfig.io/
https://github.com/phanan/htaccess
---
https://github.com/containous/traefik
---
https://github.com/mholt/caddy
https://github.com/lucaslorentz/caddy-docker-proxy
https://github.com/abiosoft/caddy-docker
---
https://github.com/lando/lando
---
https://buddy.works/guides/laravel-in-docker
https://github.com/TrafeX/docker-wordpress
https://github.com/thecodingmachine/docker-images-php
---
https://github.com/0xboz/digitalocean_email_server
---
Wildcard SSL Certificates
https://blogs.msdn.microsoft.com/mihansen/2018/03/15/creating-wildcard-ssl-certificates-with-lets-encrypt/

docweb exec --root proxy

/opt/certbot-auto certonly \
--server https://acme-v02.api.letsencrypt.org/directory \
--manual --preferred-challenges dns \
-d example.com -d *.example.com

nslookup -type=TXT _acme-challenge.example.com

cp /etc/letsencrypt/live/example.com/fullchain.pem /opt/nginx/conf/cert/fullchain.pem
cp /etc/letsencrypt/live/example.com/privkey.pem /opt/nginx/conf/cert/privkey.pem
cp /etc/letsencrypt/live/example.com/chain.pem /opt/nginx/conf/cert/chain.pem

---
https://docs.docker.com/config/containers/logging/json-file/

/etc/docker/daemon.json

{
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  }
}

---
TODO: Block ip
https://www.abuseipdb.com/statistics
/home/proxy/blocklists.conf
https://github.com/violentlydave/mkhtaccess_red
---
/etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="cgroup_enable=memory swapaccount=1"
update-grub
---
High-performance PHP application server, load-balancer and process manager written in Golang
https://github.com/spiral/roadrunner
---
https://github.com/cytopia/devilbox
https://github.com/yandex/gixy
https://github.com/giovtorres/kvm-install-vm
https://github.com/spotify/docker-gc
https://www.cyberciti.biz/tips/top-linux-monitoring-tools.html
https://github.com/dylanaraps/pure-bash-bible

docker run --init

glances --disable-sensors -w -p 81
docker run -it --rm --volume=/var/run/docker.sock:/var/run/docker.sock --publish=0.0.0.0:8000:80 gliderlabs/logspout

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
netstat -n | grep :80 |wc -l
iptables -A INPUT -s IPADRESS -j DROP

zgrep sshd /var/log/auth.log* | grep rhost | sed -re 's/.*rhost=([^ ]+).*/\1/' | sort | uniq -c | sort -n
/var/log/auth.log

.bash_profile
echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | awk '{print $6}'`" mail@something.com

https://git.cloudron.io/cloudron/box/blob/master/baseimage/initializeBaseUbuntuImage.sh

PPM is a process manager, supercharger and load balancer for modern PHP applications.
https://github.com/php-pm/php-pm

https://github.com/banianhost/images

nginx server block
autoindex on;

Docker Utilities:
https://github.com/v2tec/watchtower
https://github.com/spotify/docker-gc
https://github.com/docker-slim/docker-slim
https://github.com/grammarly/rocker
https://github.com/bcicen/ctop

https://github.com/evertramos

https://github.com/thecodingmachine/kickoff-docker-php

TODO: https://github.com/OptimalBits/redbird
---
NGiИX config generator generator on steroids
https://github.com/valentinxxx/nginxconfig.io
https://nginxconfig.io
---
TODO: Bash Programmable Completion:
http://www.tldp.org/LDP/abs/html/tabexpansion.html
http://askubuntu.com/questions/68175/how-to-create-script-with-auto-complete
/etc/bash_completion.d/*
http://mywiki.wooledge.org/BashFAQ
---

EMAIL:  https://github.com/hardware/mailserver
	https://github.com/vedetta-com/caesonia

	https://github.com/zixia/docker-simple-mail-forwarder
	https://github.com/jbeda/docker-postfix-forwarder
	https://github.com/tomav/docker-mailserver
	https://github.com/mail-in-a-box/mailinabox
	https://github.com/andryyy/mailcow-dockerized
	https://github.com/lava/dockermail
	https://github.com/Mailu/Mailu
	https://github.com/ONLYOFFICE/Docker-CommunityServer
	https://github.com/modoboa/modoboa
	https://github.com/n-at/docker-ox-app-suite
	https://github.com/sb-minimal/docker-ubuntu-open-exchange
	http://www.iredmail.org/
	https://www.zimbra.com/open-source-email-overview/

EMAIL CATCHER:
	https://github.com/mailhog/MailHog
	https://github.com/sj26/mailcatcher

DNS:
	https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-an-authoritative-only-dns-server-on-ubuntu-14-04
	https://www.digitalocean.com/community/tutorials/how-to-setup-dnssec-on-an-authoritative-bind-dns-server--2
	https://github.com/obi12341/docker-pdns
	https://github.com/poweradmin/poweradmin
	https://github.com/yswery/PHP-DNS-SERVER
	https://github.com/jethrocarr/namedmanager

TODO:
	https://github.com/docker-slim/docker-slim
	https://github.com/influxdata/influxdb
	https://github.com/nazar-pc/docker-webserver
	https://github.com/shellinabox/shellinabox
	https://github.com/cytopia/mysqldump-secure
	https://github.com/pixelb/ps_mem
	https://github.com/Yelp/dumb-init
	https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion

PHP:
	https://github.com/virustotal/yara
	https://github.com/Maikuolan/phpMussel
	https://github.com/nbs-system/php-malware-finder
	https://github.com/planet-work/php-malware-scanner
	https://github.com/btoplak/Joomla-Anti-Malware-Scan-Script--JAMSS-
	https://github.com/nexylan/PHPAV
	https://github.com/evoforge/evomalware
	https://github.com/mikestowe/Malicious-Code-Scanner
	https://github.com/emposha/PHP-Shell-Detector
	https://github.com/Orbixx/Obfuscalp
	https://github.com/lucanos/Tripwire
	https://github.com/krismas/Malicious

TODO APP LIST:
adminer
	https://github.com/vrana/adminer
	wget http://www.adminer.org/latest.php -O /var/www/index.php
	wget https://raw.github.com/vrana/adminer/master/designs/hever/adminer.css -O /var/www/adminer.css
	https://www.adminer.org/#download
ajenti
	https://github.com/ajenti/ajenti
	https://github.com/paimpozhil/WhatPanel
apaxy
	https://github.com/AdamWhitcroft/Apaxy
	https://github.com/DirectoryLister/DirectoryLister
	https://github.com/marekrei/encode-explorer
bolt
	https://github.com/bolt/bolt
codeigniter
	https://github.com/bcit-ci/CodeIgniter
django
	https://github.com/django/django
	https://github.com/rosarior/awesome-django
drupal
	https://github.com/drupal/drupal
	https://github.com/docker-library/drupal
gateone
	https://github.com/liftoff/GateOne/
	https://github.com/glyptodon/
gitlab
	https://github.com/gitlabhq/gitlabhq
gogs
	https://github.com/gogits/gogs
gitea
	https://github.com/go-gitea/gitea
h5ai
	https://github.com/lrsjng/h5ai
joomla
	https://github.com/joomla/joomla-cms
laravel
	https://github.com/laravel/laravel
metabase
	docker run -d -p 3000:3000 --net=isolated_nw --name metabase metabase/metabase
octobercms
	https://github.com/octobercms/october
owncloud
	https://owncloud.org/
paperwork
	https://github.com/twostairs/paperwork
piwik
	https://piwik.org/
polr
	https://github.com/Cydrobolt/polr
pydio
	https://pydio.com/
	https://github.com/pydio/pydio-core
redash
	http://redash.io/
	https://github.com/getredash/redash
seafile
	https://www.seafile.com
	https://github.com/haiwen/seafile
webmin
wordpress
	https://github.com/jbfink/docker-wordpress
	https://fa.wordpress.org/
caddy
	https://github.com/mholt/caddy
cherokee
tengine
	https://github.com/alibaba/tengine


https://github.com/vmware/harbor

Analog
Awstats
Webalizer
DKIM
SPF
Max hourly emails per domain
Disk space usage warnings
Disk quota usage warnings
Include databases in disk usage calculations (Use INFORMATION_SCHEMA to acquire MySQL disk usage)
Out of memory warnings
Critical load threshold
Bandwidth usage warning
PHP max execution time
PHP max POST size
PHP max upload size
ioncube
sourceguardian
zend
Always redirect to SSL
I/O priority level (bandwidth usage, stats logs, nightly backups, quota checks)
Update Preferences
Brute Force Protection
ModSecurity (https://waf.comodo.com/)
Fork Bomb Protection
Log Rotation
Backup Scheduling and Retention
View Bandwidth Usage
Email Delivery Reports
Email Queue
munin

https://github.com/minio/minio
https://github.com/ceph/ceph
https://github.com/ceph/ceph-docker
https://github.com/chrislusf/seaweedfs
https://github.com/coreos/torus
https://github.com/rook/rook
https://github.com/s3git/s3git
https://github.com/leo-project/leofs


VBoxManage createvm --name "Ubuntu 16.04 Server" --register
VBoxManage modifyvm "Ubuntu 16.04 Server" --memory 2048 --acpi on --boot1 dvd --nic1 bridged --bridgeadapter1 ens33
VBoxManage createhd --filename /home/administrator/Ubuntu_16_04_Server.vdi --size 10000
VBoxManage storagectl "Ubuntu 16.04 Server" --name "IDE Controller" --add ide
VBoxManage storageattach "Ubuntu 16.04 Server" --storagectl "IDE Controller" --port 0 --device 0 --type hdd --medium /home/administrator/Ubuntu_16_04_Server.vdi
VBoxManage storageattach "Ubuntu 16.04 Server" --storagectl "IDE Controller" --port 1 --device 0 --type dvddrive --medium /home/administrator/iso/ubuntu-16.04-server-amd64.iso
VBoxManage modifyvm "Ubuntu 16.04 Server" --vrde on
VBoxHeadless --startvm "Ubuntu 16.04 Server"
VBoxManage controlvm "Ubuntu 16.04 Server" poweroff
VBoxManage controlvm "Ubuntu 16.04 Server" reset