#!/bin/bash
# LiteSpeed Server Appliance Installer
# An Open Source Appliance from Robbie Ferguson
# (c) 2025 Robbie Ferguson - Licensed under Apache 2.0

HTMLSITE_CONF="html-site"

if [[ "$1" == "--purge" ]]; then
    echo "WARNING: This will completely uninstall LiteSpeed and delete all data (vhosts, configs, logs, web root)."
    read -p "Are you sure you want to continue? [y/N]: " confirm
    if [[ "$confirm" != "y" && "$confirm" != "Y" ]]; then
        echo "Purge cancelled."
        exit 1
    fi

    echo "Purging LiteSpeed Server Appliance..."

    # Stop LiteSpeed service
    systemctl stop lsws || true

    # Uninstall LiteSpeed and dependencies
    apt-get remove --purge -y openlitespeed || true
    apt-get autoremove --purge -y

    # Remove configuration and vhost data
    rm -rf /usr/local/lsws
    rm -rf /var/www/html
    rm -rf /var/log/lsws
    rm -rf /etc/lsws

    # Remove admin user
    userdel -r lsadm 2>/dev/null || true

    if [[ ! -s /usr/local/bin/php ]]; then
      rm -f /usr/local/bin/php
    fi

    echo "LiteSpeed Server Appliance has been purged."
    exit 0
fi

echo "LiteSpeed Server Appliance Installer"
echo "By Robbie Ferguson"

set -e

# Variables
DEBIAN_FRONTEND=noninteractive

# Update system
apt update && apt upgrade -y

# Install essentials
apt install -y curl wget gnupg2 software-properties-common lsb-release unzip htop ufw fail2ban

# Add OpenLiteSpeed repository
# Needs to happen after curl is installed
wget -qO - https://repo.litespeed.sh | bash

# Required to compile PHP
  apt install -y pkg-config build-essential libxml2 libxml2-dev php-dev autoconf automake libtool
  # Required by virtual:world
  apt install -y libssl-dev libsqlite3-dev zlib1g-dev libcurl4-openssl-dev libpng-dev libonig-dev libzip-dev

# MariaDB
apt install -y mariadb-server mariadb-client

# Secure MariaDB (default root password is blank)
mysql -u root <<EOF
DELETE FROM mysql.user WHERE User='';
DROP DATABASE IF EXISTS test;
DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%';
FLUSH PRIVILEGES;
EOF

# Install OpenLiteSpeed
apt install -y openlitespeed

# Start OpenLiteSpeed once to initialize directories
systemctl start lsws
sleep 2

# PHP and extensions
PHPVER='8.3'
apt install -y lsphp${PHPVER//./} lsphp${PHPVER//./}-{common,mysql,curl,imagick,intl,opcache,redis}

# Create a symlink that gives PHP CLI capability but uses the LSPHP version of PHP to coincide with server
if [[ ! -e /usr/local/bin/php ]]; then
  ln -s /usr/local/lsws/lsphp83/bin/php /usr/local/bin/php
fi

systemctl stop lsws
# Set lsphp as default for LiteSpeed
sed -i "/extprocessor lsphp${PHPVER//./}/,/}/ s|path .*|  path /usr/local/lsws/lsphp${PHPVER//./}/bin/lsphp|" /usr/local/lsws/conf/httpd_config.conf
systemctl start lsws

# Enable GZIP and Brotli compression
cat <<EOL >> /usr/local/lsws/conf/httpd_config.conf

compress 1
compressBr 1
EOL

# Redis for object caching
apt install -y redis-server php-redis

# Enable and start Redis
systemctl enable redis-server
systemctl start redis-server

# Setup default virtual host
mkdir -p /var/www/html
chown -R www-data:www-data /var/www/html

# Create custom virtual host 'html-site'
mkdir -p /usr/local/lsws/conf/vhosts/${HTMLSITE_CONF}
cat <<EOF > /usr/local/lsws/conf/vhosts/${HTMLSITE_CONF}/vhconf.conf
docRoot                   /var/www/html
vhDomain                  *
vhAliases                 *
adminEmails               root@localhost

errorlog /usr/local/lsws/logs/${HTMLSITE_CONF}_error.log {
  useServer               0
  logLevel                WARN
  rollingSize             10M
}

accesslog /usr/local/lsws/logs/${HTMLSITE_CONF}_access.log {
  useServer               0
  rollingSize             10M
}

index  {
  useServer               0
  indexFiles              index.php, index.html
}

scripthandler  {
  add                     lsapi:lsphp${PHPVER//./} php
}

extprocessor lsphp${PHPVER//./} {
  type                    lsapi
  address                 uds://tmp/lshttpd/lsphp${PHPVER//./}.sock
  maxConns                35
  env                     PHP_LSAPI_CHILDREN=35
  env                     LSAPI_AVOID_FORK=200M
  initTimeout             60
  retryTimeout            0
  persistConn             1
  respBuffer              0
  autoStart               1
  path                    /usr/local/lsws/lsphp${PHPVER//./}/bin/lsphp
  backlog                 100
  instances               1
  priority                0
  memSoftLimit            2047M
  memHardLimit            2047M
  procSoftLimit           400
  procHardLimit           500
}

phpIniOverride  {
  php_admin_value open_basedir "/var/www/html/:/tmp/"
}
EOF

chown -R lsadm:nogroup /usr/local/lsws/conf/vhosts/${HTMLSITE_CONF}
chmod 700 /usr/local/lsws/conf/vhosts/${HTMLSITE_CONF}
chmod 600 /usr/local/lsws/conf/vhosts/${HTMLSITE_CONF}/vhconf.conf

# Map listeners to html-site instead of Example
##sed -i "s|^[[:space:]]*vhMap[[:space:]]\\+Example[[:space:]]\\+|  vhMap ${HTMLSITE_CONF} *|" /usr/local/lsws/conf/httpd_config.conf

# Delete the broken Example vhost
if [[ -e /usr/local/lsws/conf/vhosts/Example ]]; then
  rm -rf /usr/local/lsws/conf/vhosts/Example
fi

# Update main config to use new vhost
HTTPD_CONF="/usr/local/lsws/conf/httpd_config.conf"
VHOSTS_DIR="/usr/local/lsws/conf/vhosts"

# 1. Remove "Example" vhost from httpd_config.conf
if grep -q 'virtualHost Example' "$HTTPD_CONF"; then
    echo "Removing Example virtual host from httpd_config.conf..."
    sed -i '/virtualHost Example {/,/^}/d' "$HTTPD_CONF"
fi

# 2. Register html-site virtual host if not already present
if ! grep -q "virtualHost $HTMLSITE_CONF" "$HTTPD_CONF"; then
    echo "Adding ${HTMLSITE_CONF} virtual host to httpd_config.conf..."
    cat <<EOL >> "$HTTPD_CONF"

virtualHost $HTMLSITE_CONF {
    vhEnabled               1
    vhRoot                  $VHOSTS_DIR/$HTMLSITE_CONF/
    configFile              \$VH_ROOT/vhconf.conf
    allowSymbolLink         1
    enableScript            1
    restrained              1
    setUIDMode              0
}
EOL
fi


# Generate self-signed certificate for HTTPS
mkdir -p /etc/ssl/litespeed
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
  -keyout /etc/ssl/litespeed/selfsigned.key \
  -out /etc/ssl/litespeed/selfsigned.crt \
  -subj "/C=US/ST=Denial/L=Nowhere/O=Dis/CN=localhost"

# Configure listener for HTTPS (443) in LiteSpeed
cat <<EOF >> /usr/local/lsws/conf/httpd_config.conf
listener SSL {
  address                 *:443
  secure                  1
  keyFile                 /etc/ssl/litespeed/selfsigned.key
  certFile                /etc/ssl/litespeed/selfsigned.crt
  vhMap                   $HTMLSITE_CONF *
}
EOF

# Install Certbot for optional Let's Encrypt
apt install -y certbot python3-certbot

# Configure UFW rules
ufw allow 22/tcp       # SSH
ufw allow 80/tcp       # HTTP
ufw allow 443/tcp      # HTTPS
ufw allow 7080/tcp     # LiteSpeed WebAdmin
ufw --force enable

cat > /var/www/html/index.php << 'EOF'
<?php
$phpver = phpversion();
?>
<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8" />
  <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
  <title>LiteSpeed Server Appliance</title>
  <style>
    :root {
      color-scheme: light dark;
    }
    body {
      font-family: system-ui, sans-serif;
      margin: 0;
      padding: 2em;
      background-color: #f5f5f5;
      color: #333;
    }
    @media (prefers-color-scheme: dark) {
      body {
        background-color: #121212;
        color: #e0e0e0;
      }
    }
    main {
      max-width: 800px;
      margin: auto;
      background: rgba(255, 255, 255, 0.05);
      padding: 2em;
      border-radius: 8px;
      box-shadow: 0 0 10px rgba(0,0,0,0.05);
    }
    h1 {
      font-size: 2em;
      margin-bottom: 0.25em;
    }
    .ver {
      font-size: 0.9em;
      color: #666;
    }
    code {
      background: rgba(0,0,0,0.05);
      padding: 0.2em 0.4em;
      border-radius: 4px;
      font-family: monospace;
    }
  </style>
</head>
<body>
  <main>
    <h1>LiteSpeed Server Appliance</h1>
    <p>This is a placeholder site located at <code>/var/www/html/</code></p>
    <p>PHP is working! You're running PHP <strong><?= htmlspecialchars($phpver) ?></strong>.</p>
    <p>You can now deploy your application or configure your virtual host as needed.</p>
    <p>An Open Source Appliance from <strong>Robbie Ferguson</strong>. <a href="https://baldnerd.com" target="_blank">https://baldnerd.com</a></p>
  </main>
</body>
</html>
EOF

# Restart OpenLiteSpeed to apply changes
systemctl restart lsws

echo "Reloading OpenLiteSpeed configuration..."
if [[ -e /usr/local/lsws/admin/conf/.httpd_config.xml ]]; then
  rm -f /usr/local/lsws/admin/conf/.httpd_config.xml
fi
/usr/local/lsws/bin/lswsctrl restart

# Print completion message
echo "LiteSpeed Server Appliance installed successfully!"
echo
echo "System"
echo "  Default php.ini: /usr/local/lsws/lsphp83/etc/php/${PHPVER}/litespeed/php.ini"
echo "  Default Web Root: /var/www/html"
echo
echo "WebAdmin"
echo "  OpenLiteSpeed WebAdmin: https://<your-server-ip>:7080"
echo "  Set admin Password: /usr/local/lsws/admin/misc/admpass.sh (as root)"
echo
echo "SSL"
echo "Self-signed cert enabled. Run Certbot to upgrade to Let's Encrypt."