From d7496cf06fecb94518967822b44de7db4f160808 Mon Sep 17 00:00:00 2001 From: fliker09 Date: Fri, 2 Jun 2017 15:30:33 +0300 Subject: [PATCH 1/3] Small code and spellcheck fixes --- install/vst-install-rhel.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/install/vst-install-rhel.sh b/install/vst-install-rhel.sh index ee7844f3..2e5e3d64 100755 --- a/install/vst-install-rhel.sh +++ b/install/vst-install-rhel.sh @@ -84,7 +84,7 @@ gen_pass() { echo "$PASS" } -# Defning return code check function +# Defining return code check function check_result() { if [ $1 -ne 0 ]; then echo "Error: $2" @@ -222,7 +222,7 @@ fi # Checking root permissions if [ "x$(id -u)" != 'x0' ]; then - check_error 1 "Script can be run executed only by root" + check_result 1 "Script can be run executed only by root" fi # Checking admin user account @@ -270,7 +270,7 @@ fi # Brief Info # #----------------------------------------------------------# -# Printing nice ascii aslogo +# Printing nice ascii as logo clear echo echo ' _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_|' @@ -704,7 +704,6 @@ chmod -R 750 $VESTA/data/queue chmod 660 $VESTA/log/* rm -f /var/log/vesta ln -s $VESTA/log /var/log/vesta -chown admin:admin $VESTA/data/sessions chmod 770 $VESTA/data/sessions # Generating vesta configuration @@ -973,6 +972,7 @@ if [ "$mysql" = 'yes' ]; then mkdir -p /var/lib/mysql chown mysql:mysql /var/lib/mysql + mkdir -p /etc/my.cnf.d if [ $release -ne 7 ]; then service='mysqld' @@ -1282,7 +1282,7 @@ command="sudo $VESTA/bin/v-update-sys-rrd" $VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" service crond restart -# Building inititall rrd images +# Building initial rrd images $VESTA/bin/v-update-sys-rrd # Enabling file system quota From cdd2bead79cd6848b33cc579d42914dbe38479bb Mon Sep 17 00:00:00 2001 From: fliker09 Date: Mon, 5 Jun 2017 16:52:45 +0300 Subject: [PATCH 2/3] Added installer for Amazon AMI --- install/vst-install-ami.sh | 1316 ++++++++++++++++++++++++++++++++++++ install/vst-install.sh | 4 +- 2 files changed, 1319 insertions(+), 1 deletion(-) create mode 100755 install/vst-install-ami.sh diff --git a/install/vst-install-ami.sh b/install/vst-install-ami.sh new file mode 100755 index 00000000..a2490bcc --- /dev/null +++ b/install/vst-install-ami.sh @@ -0,0 +1,1316 @@ +#!/bin/bash + +# Vesta Amazon AMI installer v.01 + + +#----------------------------------------------------------# +# Variables&Functions # +#----------------------------------------------------------# + +export PATH=$PATH:/sbin +RHOST='r.vestacp.com' +CHOST='c.vestacp.com' +REPO='cmmnt' +VERSION='rhel' +VESTA='/usr/local/vesta' +memory=$(grep 'MemTotal' /proc/meminfo |tr ' ' '\n' |grep [0-9]) +arch=$(uname -i) +release=6 +codename="ami" +vestacp="http://$CHOST/$VERSION/$release" + +software_main="nginx httpd mod_ssl mod_fcgid which php php-common +php-cli php-bcmath php-gd php-imap php-mbstring php-mcrypt php-fpm +php-mysql php-pdo php-soap php-tidy php-xml php-xmlrpc php-pgsql +vsftpd bind bind-utils bind-libs exim dovecot expect bc jwhois +clamd spamassassin mysql mysql-server postgresql vim-common +postgresql-server postgresql-contrib e2fsprogs openssh-clients +ImageMagick curl mc screen ftp zip unzip flex sqlite pcre sudo +mailx lsof tar telnet rrdtool net-tools ntp GeoIP freetype fail2ban" +software_aux="mod_ruid2 mod_extract_forwarded awstats proftpd +roundcubemail phpMyAdmin phpPgAdmin vesta vesta-nginx vesta-php" + +# Defining help function +help() { + echo "Usage: $0 [OPTIONS] + -a, --apache Install Apache [yes|no] default: yes + -n, --nginx Install Nginx [yes|no] default: yes + -w, --phpfpm Install PHP-FPM [yes|no] default: no + -v, --vsftpd Install Vsftpd [yes|no] default: yes + -j, --proftpd Install ProFTPD [yes|no] default: no + -k, --named Install Bind [yes|no] default: yes + -m, --mysql Install MySQL [yes|no] default: yes + -g, --postgresql Install PostgreSQL [yes|no] default: no + -d, --mongodb Install MongoDB [yes|no] unsupported + -x, --exim Install Exim [yes|no] default: yes + -z, --dovecot Install Dovecot [yes|no] default: yes + -c, --clamav Install ClamAV [yes|no] default: yes + -t, --spamassassin Install SpamAssassin [yes|no] default: yes + -i, --iptables Install Iptables [yes|no] default: yes + -b, --fail2ban Install Fail2ban [yes|no] default: yes + -q, --quota Filesystem Quota [yes|no] default: no + -l, --lang Default language default: en + -y, --interactive Interactive install [yes|no] default: yes + -s, --hostname Set hostname + -e, --email Set admin email + -p, --password Set admin password + -f, --force Force installation + -h, --help Print this help + + Example: bash $0 -e demo@vestacp.com -p p4ssw0rd --apache no --phpfpm yes" + exit 1 +} + +# Defining password-gen function +gen_pass() { + MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' + LENGTH=10 + while [ ${n:=1} -le $LENGTH ]; do + PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}" + let n+=1 + done + echo "$PASS" +} + +# Defining return code check function +check_result() { + if [ $1 -ne 0 ]; then + echo "Error: $2" + exit $1 + fi +} + +# Defining function to set default value +set_default_value() { + eval variable=\$$1 + if [ -z "$variable" ]; then + eval $1=$2 + fi + if [ "$variable" != 'yes' ] && [ "$variable" != 'no' ]; then + eval $1=$2 + fi +} + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +# Creating temporary file +tmpfile=$(mktemp -p /tmp) + +# Translating argument to --gnu-long-options +for arg; do + delim="" + case "$arg" in + --apache) args="${args}-a " ;; + --nginx) args="${args}-n " ;; + --phpfpm) args="${args}-w " ;; + --vsftpd) args="${args}-v " ;; + --proftpd) args="${args}-j " ;; + --named) args="${args}-k " ;; + --mysql) args="${args}-m " ;; + --postgresql) args="${args}-g " ;; + --mongodb) args="${args}-d " ;; + --exim) args="${args}-x " ;; + --dovecot) args="${args}-z " ;; + --clamav) args="${args}-c " ;; + --spamassassin) args="${args}-t " ;; + --iptables) args="${args}-i " ;; + --fail2ban) args="${args}-b " ;; + --quota) args="${args}-q " ;; + --lang) args="${args}-l " ;; + --interactive) args="${args}-y " ;; + --hostname) args="${args}-s " ;; + --email) args="${args}-e " ;; + --password) args="${args}-p " ;; + --force) args="${args}-f " ;; + --help) args="${args}-h " ;; + *) [[ "${arg:0:1}" == "-" ]] || delim="\"" + args="${args}${delim}${arg}${delim} ";; + esac +done +eval set -- "$args" + +# Parsing arguments +while getopts "a:n:w:v:j:k:m:g:d:x:z:c:t:i:b:r:q:l:y:s:e:p:fh" Option; do + case $Option in + a) apache=$OPTARG ;; # Apache + n) nginx=$OPTARG ;; # Nginx + w) phpfpm=$OPTARG ;; # PHP-FPM + v) vsftpd=$OPTARG ;; # Vsftpd + j) proftpd=$OPTARG ;; # Proftpd + k) named=$OPTARG ;; # Named + m) mysql=$OPTARG ;; # MySQL + g) postgresql=$OPTARG ;; # PostgreSQL + d) mongodb=$OPTARG ;; # MongoDB (unsupported) + x) exim=$OPTARG ;; # Exim + z) dovecot=$OPTARG ;; # Dovecot + c) clamd=$OPTARG ;; # ClamAV + t) spamd=$OPTARG ;; # SpamAssassin + i) iptables=$OPTARG ;; # Iptables + b) fail2ban=$OPTARG ;; # Fail2ban + q) quota=$OPTARG ;; # FS Quota + l) lang=$OPTARG ;; # Language + y) interactive=$OPTARG ;; # Interactive install + s) servername=$OPTARG ;; # Hostname + e) email=$OPTARG ;; # Admin email + p) vpass=$OPTARG ;; # Admin password + f) force='yes' ;; # Force install + h) help ;; # Help + *) help ;; # Print help (default) + esac +done + +# Defining default software stack +set_default_value 'nginx' 'yes' +set_default_value 'apache' 'yes' +set_default_value 'phpfpm' 'no' +set_default_value 'vsftpd' 'yes' +set_default_value 'proftpd' 'no' +set_default_value 'named' 'yes' +set_default_value 'mysql' 'yes' +set_default_value 'postgresql' 'no' +set_default_value 'mongodb' 'no' +set_default_value 'exim' 'yes' +set_default_value 'dovecot' 'yes' +if [ $memory -lt 1500000 ]; then + set_default_value 'clamd' 'no' + set_default_value 'spamd' 'no' +else + set_default_value 'clamd' 'yes' + set_default_value 'spamd' 'yes' +fi +set_default_value 'iptables' 'yes' +set_default_value 'fail2ban' 'yes' +set_default_value 'quota' 'no' +set_default_value 'lang' 'en' +set_default_value 'interactive' 'yes' + +# Checking software conflicts +if [ "$phpfpm" = 'yes' ]; then + apache='no' + nginx='yes' +fi +if [ "$proftpd" = 'yes' ]; then + vsftpd='no' +fi +if [ "$exim" = 'no' ]; then + clamd='no' + spamd='no' + dovecot='no' +fi +if [ "$iptables" = 'no' ]; then + fail2ban='no' +fi + +# Checking root permissions +if [ "x$(id -u)" != 'x0' ]; then + check_result 1 "Script can be run executed only by root" +fi + +# Checking admin user account +if [ ! -z "$(grep ^admin: /etc/passwd /etc/group)" ] && [ -z "$force" ]; then + echo 'Please remove admin user account before proceeding.' + echo 'If you want to do it automatically run installer with -f option:' + echo -e "Example: bash $0 --force\n" + check_result 1 "User admin exists" +fi + +# Checking wget +if [ ! -e '/usr/bin/wget' ]; then + yum -y install wget + check_result $? "Can't install wget" +fi + +# Checking repository availability +wget -q "$vestacp/GPG.txt" -O /dev/null +check_result $? "No access to Vesta repository" + +# Checking installed packages +rpm -qa > $tmpfile +for pkg in exim mysql-server httpd nginx vesta; do + if [ ! -z "$(grep $pkg $tmpfile)" ]; then + conflicts="$pkg $conflicts" + fi +done +if [ ! -z "$conflicts" ] && [ -z "$force" ]; then + echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!' + echo + echo 'Following packages are already installed:' + echo "$conflicts" + echo + echo 'It is highly recommended to remove them before proceeding.' + echo 'If you want to force installation run this script with -f option:' + echo "Example: bash $0 --force" + echo + echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!' + echo + check_result 1 "Control Panel should be installed on clean server." +fi + + +#----------------------------------------------------------# +# Brief Info # +#----------------------------------------------------------# + +# Printing nice ascii as logo +clear +echo +echo ' _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_|' +echo ' _| _| _| _| _| _| _|' +echo ' _| _| _|_|_| _|_| _| _|_|_|_|' +echo ' _| _| _| _| _| _| _|' +echo ' _| _|_|_|_| _|_|_| _| _| _|' +echo +echo ' Vesta Control Panel' +echo -e "\n\n" + +echo 'Following software will be installed on your system:' + +# Web stack +if [ "$nginx" = 'yes' ]; then + echo ' - Nginx Web Server' +fi +if [ "$apache" = 'yes' ] && [ "$nginx" = 'no' ] ; then + echo ' - Apache Web Server' +fi +if [ "$apache" = 'yes' ] && [ "$nginx" = 'yes' ] ; then + echo ' - Apache Web Server (as backend)' +fi +if [ "$phpfpm" = 'yes' ]; then + echo ' - PHP-FPM Application Server' +fi + +# DNS stack +if [ "$named" = 'yes' ]; then + echo ' - Bind DNS Server' +fi + +# Mail Stack +if [ "$exim" = 'yes' ]; then + echo -n ' - Exim mail server' + if [ "$clamd" = 'yes' ] || [ "$spamd" = 'yes' ] ; then + echo -n ' + ' + if [ "$clamd" = 'yes' ]; then + echo -n 'Antivirus ' + fi + if [ "$spamd" = 'yes' ]; then + echo -n 'Antispam' + fi + fi + echo + if [ "$dovecot" = 'yes' ]; then + echo ' - Dovecot POP3/IMAP Server' + fi +fi + +# DB stack +if [ "$mysql" = 'yes' ]; then + if [ $release = 7 ]; then + echo ' - MariaDB Database Server' + else + echo ' - MySQL Database Server' + fi +fi +if [ "$postgresql" = 'yes' ]; then + echo ' - PostgreSQL Database Server' +fi +if [ "$mongodb" = 'yes' ]; then + echo ' - MongoDB Database Server' +fi + +# FTP stack +if [ "$vsftpd" = 'yes' ]; then + echo ' - Vsftpd FTP Server' +fi +if [ "$proftpd" = 'yes' ]; then + echo ' - ProFTPD FTP Server' +fi + +# Firewall stack +if [ "$iptables" = 'yes' ]; then + echo -n ' - Iptables Firewall' +fi +if [ "$iptables" = 'yes' ] && [ "$fail2ban" = 'yes' ]; then + echo -n ' + Fail2Ban' +fi +echo -e "\n\n" + +# Asking for confirmation to proceed +if [ "$interactive" = 'yes' ]; then + read -p 'Would you like to continue [y/n]: ' answer + if [ "$answer" != 'y' ] && [ "$answer" != 'Y' ]; then + echo 'Goodbye' + exit 1 + fi + + # Asking for contact email + if [ -z "$email" ]; then + read -p 'Please enter admin email address: ' email + fi + + # Asking to set FQDN hostname + if [ -z "$servername" ]; then + read -p "Please enter FQDN hostname [$(hostname)]: " servername + fi +fi + +# Generating admin password if it wasn't set +if [ -z "$vpass" ]; then + vpass=$(curl http://169.254.169.254/latest/meta-data/instance-id) +fi + +# Set hostname if it wasn't set +if [ -z "$servername" ]; then + servername=$(hostname -f) +fi + +# Set FQDN if it wasn't set +mask1='(([[:alnum:]](-?[[:alnum:]])*)\.)' +mask2='*[[:alnum:]](-?[[:alnum:]])+\.[[:alnum:]]{2,}' +if ! [[ "$servername" =~ ^${mask1}${mask2}$ ]]; then + if [ ! -z "$servername" ]; then + servername="$servername.example.com" + else + servername="example.com" + fi + echo "127.0.0.1 $servername" >> /etc/hosts +fi + +# Set email if it wasn't set +if [ -z "$email" ]; then + email="admin@$servername" +fi + +# Defining backup directory +vst_backups="/root/vst_install_backups/$(date +%s)" +echo "Installation backup directory: $vst_backups" + +# Printing start message and sleeping for 5 seconds +echo -e "\n\n\n\nInstallation will take about 15 minutes ...\n" +sleep 5 + + +#----------------------------------------------------------# +# Checking swap # +#----------------------------------------------------------# + +# Checking swap on small instances +if [ -z "$(swapon -s)" ] && [ $memory -lt 1000000 ]; then + fallocate -l 1G /swapfile + chmod 600 /swapfile + mkswap /swapfile + swapon /swapfile + echo "/swapfile none swap sw 0 0" >> /etc/fstab +fi + + +#----------------------------------------------------------# +# Install repositories # +#----------------------------------------------------------# + +# Updating system packages +yum -y update +check_result $? 'yum update failed' + +# Installing EPEL repository +rpm -Uvh --force $vestacp/epel-release.rpm +check_result $? "Can't install EPEL repository" + +# Installing Nginx repository +nrepo="/etc/yum.repos.d/nginx.repo" +echo "[nginx]" > $nrepo +echo "name=nginx repo" >> $nrepo +echo "baseurl=http://nginx.org/packages/centos/$release/\$basearch/" >> $nrepo +echo "gpgcheck=0" >> $nrepo +echo "enabled=1" >> $nrepo + +# Installing Vesta repository +vrepo='/etc/yum.repos.d/vesta.repo' +echo "[vesta]" > $vrepo +echo "name=Vesta - $REPO" >> $vrepo +echo "baseurl=http://$RHOST/$REPO/$release/\$basearch/" >> $vrepo +echo "enabled=1" >> $vrepo +echo "gpgcheck=1" >> $vrepo +echo "gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-VESTA" >> $vrepo +wget $vestacp/GPG.txt -O /etc/pki/rpm-gpg/RPM-GPG-KEY-VESTA + + +#----------------------------------------------------------# +# Backup # +#----------------------------------------------------------# + +# Creating backup directory tree +mkdir -p $vst_backups +cd $vst_backups +mkdir nginx httpd php php-fpm vsftpd proftpd named exim dovecot clamd \ + spamassassin mysql postgresql mongodb vesta + +# Backing up Nginx configuration +service nginx stop > /dev/null 2>&1 +cp -r /etc/nginx/* $vst_backups/nginx > /dev/null 2>&1 + +# Backing up Apache configuration +service httpd stop > /dev/null 2>&1 +cp -r /etc/httpd/* $vst_backups/httpd > /dev/null 2>&1 + +# Backing up PHP configuration +service php-fpm stop >/dev/null 2>&1 +cp /etc/php.ini $vst_backups/php > /dev/null 2>&1 +cp -r /etc/php.d $vst_backups/php > /dev/null 2>&1 +cp /etc/php-fpm.conf $vst_backups/php-fpm > /dev/null 2>&1 +mv -f /etc/php-fpm.d/* $vst_backups/php-fpm/ > /dev/null 2>&1 + +# Backing up Bind configuration +service named stop > /dev/null 2>&1 +cp /etc/named.conf $vst_backups/named >/dev/null 2>&1 + +# Backing up Vsftpd configuration +service vsftpd stop > /dev/null 2>&1 +cp /etc/vsftpd/vsftpd.conf $vst_backups/vsftpd >/dev/null 2>&1 + +# Backing up ProFTPD configuration +service proftpd stop > /dev/null 2>&1 +cp /etc/proftpd.conf $vst_backups/proftpd >/dev/null 2>&1 + +# Backing up Exim configuration +service exim stop > /dev/null 2>&1 +cp -r /etc/exim/* $vst_backups/exim >/dev/null 2>&1 + +# Backing up ClamAV configuration +service clamd stop > /dev/null 2>&1 +cp /etc/clamd.conf $vst_backups/clamd >/dev/null 2>&1 +cp -r /etc/clamd.d $vst_backups/clamd >/dev/null 2>&1 + +# Backing up SpamAssassin configuration +service spamassassin stop > /dev/null 2>&1 +cp -r /etc/mail/spamassassin/* $vst_backups/spamassassin >/dev/null 2>&1 + +# Backing up Dovecot configuration +service dovecot stop > /dev/null 2>&1 +cp /etc/dovecot.conf $vst_backups/dovecot > /dev/null 2>&1 +cp -r /etc/dovecot/* $vst_backups/dovecot > /dev/null 2>&1 + +# Backing up MySQL/MariaDB configuration and data +service mysql stop > /dev/null 2>&1 +service mysqld stop > /dev/null 2>&1 +service mariadb stop > /dev/null 2>&1 +mv /var/lib/mysql $vst_backups/mysql/mysql_datadir >/dev/null 2>&1 +cp /etc/my.cnf $vst_backups/mysql > /dev/null 2>&1 +cp /etc/my.cnf.d $vst_backups/mysql > /dev/null 2>&1 +mv /root/.my.cnf $vst_backups/mysql > /dev/null 2>&1 + +# Backing up MySQL/MariaDB configuration and data +service postgresql stop > /dev/null 2>&1 +mv /var/lib/pgsql/data $vst_backups/postgresql/ >/dev/null 2>&1 + +# Backing up Vesta configuration and data +service vesta stop > /dev/null 2>&1 +mv $VESTA/data/* $vst_backups/vesta > /dev/null 2>&1 +mv $VESTA/conf/* $vst_backups/vesta > /dev/null 2>&1 + + +#----------------------------------------------------------# +# Package Exludes # +#----------------------------------------------------------# + +# Excluding packages +if [ "$nginx" = 'no' ]; then + software_main=$(echo "$software_main" | sed -e "s/^nginx//") +fi +if [ "$apache" = 'no' ]; then + software_main=$(echo "$software_main" | sed -e "s/httpd//") + software_main=$(echo "$software_main" | sed -e "s/mod_ssl//") + software_main=$(echo "$software_main" | sed -e "s/mod_fcgid//") + software_aux=$(echo "$software_aux" | sed -e "s/mod_ruid2//") +fi +if [ "$phpfpm" = 'no' ]; then + software_main=$(echo "$software_main" | sed -e "s/php-fpm//") +fi +if [ "$vsftpd" = 'no' ]; then + software_main=$(echo "$software_main" | sed -e "s/vsftpd//") +fi +if [ "$proftpd" = 'no' ]; then + software_aux=$(echo "$software_aux" | sed -e "s/proftpd//") +fi +if [ "$named" = 'no' ]; then + software_main=$(echo "$software_main" | sed -e "s/bind //") +fi +if [ "$exim" = 'no' ]; then + software_main=$(echo "$software_main" | sed -e "s/exim//") + software_main=$(echo "$software_main" | sed -e "s/dovecot//") + software_main=$(echo "$software_main" | sed -e "s/clamd//") + software_main=$(echo "$software_main" | sed -e "s/clamav-server//") + software_main=$(echo "$software_main" | sed -e "s/clamav-update//") + software_main=$(echo "$software_main" | sed -e "s/spamassassin//") + software_main=$(echo "$software_main" | sed -e "s/dovecot//") + software_aux=$(echo "$software_aux" | sed -e "s/roundcubemail//") +fi +if [ "$clamd" = 'no' ]; then + software_main=$(echo "$software_main" | sed -e "s/clamd//") + software_main=$(echo "$software_main" | sed -e "s/clamav-server//") + software_main=$(echo "$software_main" | sed -e "s/clamav-update//") +fi +if [ "$spamd" = 'no' ]; then + software_main=$(echo "$software_main" | sed -e 's/spamassassin//') +fi +if [ "$dovecot" = 'no' ]; then + software_main=$(echo "$software_main" | sed -e "s/dovecot//") +fi +if [ "$mysql" = 'no' ]; then + software_main=$(echo "$software_main" | sed -e 's/mysql //') + software_main=$(echo "$software_main" | sed -e 's/mysql-server//') + software_main=$(echo "$software_main" | sed -e 's/mariadb //') + software_main=$(echo "$software_main" | sed -e 's/mariadb-server//') + software_main=$(echo "$software_main" | sed -e 's/php-mysql//') + software_aux=$(echo "$software_aux" | sed -e 's/phpMyAdmin//') + software_aux=$(echo "$software_aux" | sed -e 's/roundcubemail//') +fi +if [ "$postgresql" = 'no' ]; then + software_main=$(echo "$software_main" | sed -e 's/postgresql //') + software_main=$(echo "$software_main" | sed -e 's/postgresql-server//') + software_main=$(echo "$software_main" | sed -e 's/postgresql-contrib//') + software_main=$(echo "$software_main" | sed -e 's/php-pgsql//') + software_aux=$(echo "$software_aux" | sed -e 's/phpPgAdmin//') +fi +if [ "$iptables" = 'no' ] || [ "$fail2ban" = 'no' ]; then + software_main=$(echo "$software_main" | sed -e 's/fail2ban//') +fi + + +#----------------------------------------------------------# +# Install packages # +#----------------------------------------------------------# + +# Installing rpm packages +yum -y --disableplugin=priorities --disablerepo=* --enablerepo="*main,*updates,nginx" \ + install $software_main +check_result $? "yum install failed" +yum -y --disableplugin=priorities --disablerepo=* --enablerepo="*main,*updates,nginx,epel,vesta" \ + install $software_aux +check_result $? "yum install failed" + + +#----------------------------------------------------------# +# Configure system # +#----------------------------------------------------------# + +# Restarting rsyslog +service rsyslog restart > /dev/null 2>&1 + +# Checking ipv6 on loopback interface +check_lo_ipv6=$(/sbin/ip addr | grep 'inet6') +check_rc_ipv6=$(grep 'scope global dev lo' /etc/rc.local) +if [ ! -z "$check_lo_ipv6)" ] && [ -z "$check_rc_ipv6" ]; then + ip addr add ::2/128 scope global dev lo + echo "# Vesta: Workraround for openssl validation func" >> /etc/rc.local + echo "ip addr add ::2/128 scope global dev lo" >> /etc/rc.local + chmod a+x /etc/rc.local +fi + +# Disabling SELinux +if [ -e '/etc/sysconfig/selinux' ]; then + sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux + sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config + setenforce 0 2>/dev/null +fi + +# Disable iptables +service iptables stop + +# Configuring NTP synchronization +echo '#!/bin/sh' > /etc/cron.daily/ntpdate +echo "$(which ntpdate) -s pool.ntp.org" >> /etc/cron.daily/ntpdate +chmod 775 /etc/cron.daily/ntpdate +ntpdate -s pool.ntp.org + +# Adding backup user +adduser backup 2>/dev/null +ln -sf /home/backup /backup +chmod a+x /backup + +# Chaning default directory color +echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile + + +#----------------------------------------------------------# +# Configure VESTA # +#----------------------------------------------------------# + +# Downlading sudo configuration +mkdir -p /etc/sudoers.d +wget $vestacp/sudo/admin -O /etc/sudoers.d/admin +chmod 440 /etc/sudoers.d/admin + +# Configuring system env +echo "export VESTA='$VESTA'" > /etc/profile.d/vesta.sh +chmod 755 /etc/profile.d/vesta.sh +source /etc/profile.d/vesta.sh +echo 'PATH=$PATH:'$VESTA'/bin' >> /root/.bash_profile +echo 'export PATH' >> /root/.bash_profile +source /root/.bash_profile + +# Configuring logrotate for vesta logs +wget $vestacp/logrotate/vesta -O /etc/logrotate.d/vesta + +# Buidling directory tree and creating some blank files for vesta +mkdir -p $VESTA/conf $VESTA/log $VESTA/ssl $VESTA/data/ips \ + $VESTA/data/queue $VESTA/data/users $VESTA/data/firewall \ + $VESTA/data/sessions +touch $VESTA/data/queue/backup.pipe $VESTA/data/queue/disk.pipe \ + $VESTA/data/queue/webstats.pipe $VESTA/data/queue/restart.pipe \ + $VESTA/data/queue/traffic.pipe $VESTA/log/system.log \ + $VESTA/log/nginx-error.log $VESTA/log/auth.log +chmod 750 $VESTA/conf $VESTA/data/users $VESTA/data/ips $VESTA/log +chmod -R 750 $VESTA/data/queue +chmod 660 $VESTA/log/* +rm -f /var/log/vesta +ln -s $VESTA/log /var/log/vesta +chmod 770 $VESTA/data/sessions + +# Generating vesta configuration +rm -f $VESTA/conf/vesta.conf 2>/dev/null +touch $VESTA/conf/vesta.conf +chmod 660 $VESTA/conf/vesta.conf + +# WEB stack +if [ "$apache" = 'yes' ] && [ "$nginx" = 'no' ] ; then + echo "WEB_SYSTEM='httpd'" >> $VESTA/conf/vesta.conf + echo "WEB_RGROUPS='apache'" >> $VESTA/conf/vesta.conf + echo "WEB_PORT='80'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL_PORT='443'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL='mod_ssl'" >> $VESTA/conf/vesta.conf + echo "STATS_SYSTEM='awstats'" >> $VESTA/conf/vesta.conf +fi +if [ "$apache" = 'yes' ] && [ "$nginx" = 'yes' ] ; then + echo "WEB_SYSTEM='httpd'" >> $VESTA/conf/vesta.conf + echo "WEB_RGROUPS='apache'" >> $VESTA/conf/vesta.conf + echo "WEB_PORT='8080'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL_PORT='8443'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL='mod_ssl'" >> $VESTA/conf/vesta.conf + echo "PROXY_SYSTEM='nginx'" >> $VESTA/conf/vesta.conf + echo "PROXY_PORT='80'" >> $VESTA/conf/vesta.conf + echo "PROXY_SSL_PORT='443'" >> $VESTA/conf/vesta.conf + echo "STATS_SYSTEM='awstats'" >> $VESTA/conf/vesta.conf +fi +if [ "$apache" = 'no' ] && [ "$nginx" = 'yes' ]; then + echo "WEB_SYSTEM='nginx'" >> $VESTA/conf/vesta.conf + echo "WEB_PORT='80'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL_PORT='443'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL='openssl'" >> $VESTA/conf/vesta.conf + if [ "$phpfpm" = 'yes' ]; then + echo "WEB_BACKEND='php-fpm'" >> $VESTA/conf/vesta.conf + fi + echo "STATS_SYSTEM='awstats'" >> $VESTA/conf/vesta.conf +fi + +# FTP stack +if [ "$vsftpd" = 'yes' ]; then + echo "FTP_SYSTEM='vsftpd'" >> $VESTA/conf/vesta.conf +fi +if [ "$proftpd" = 'yes' ]; then + echo "FTP_SYSTEM='proftpd'" >> $VESTA/conf/vesta.conf +fi + +# DNS stack +if [ "$named" = 'yes' ]; then + echo "DNS_SYSTEM='named'" >> $VESTA/conf/vesta.conf +fi + +# Mail stack +if [ "$exim" = 'yes' ]; then + echo "MAIL_SYSTEM='exim'" >> $VESTA/conf/vesta.conf + if [ "$clamd" = 'yes' ]; then + echo "ANTIVIRUS_SYSTEM='clamav'" >> $VESTA/conf/vesta.conf + fi + if [ "$spamd" = 'yes' ]; then + echo "ANTISPAM_SYSTEM='spamassassin'" >> $VESTA/conf/vesta.conf + fi + if [ "$dovecot" = 'yes' ]; then + echo "IMAP_SYSTEM='dovecot'" >> $VESTA/conf/vesta.conf + fi +fi + +# CRON daemon +echo "CRON_SYSTEM='crond'" >> $VESTA/conf/vesta.conf + +# Firewall stack +if [ "$iptables" = 'yes' ]; then + echo "FIREWALL_SYSTEM='iptables'" >> $VESTA/conf/vesta.conf +fi +if [ "$iptables" = 'yes' ] && [ "$fail2ban" = 'yes' ]; then + echo "FIREWALL_EXTENSION='fail2ban'" >> $VESTA/conf/vesta.conf +fi + +# Disk quota +if [ "$quota" = 'yes' ]; then + echo "DISK_QUOTA='yes'" >> $VESTA/conf/vesta.conf +fi + +# Backups +echo "BACKUP_SYSTEM='local'" >> $VESTA/conf/vesta.conf + +# Language +echo "LANGUAGE='$lang'" >> $VESTA/conf/vesta.conf + +# Version +echo "VERSION='0.9.8'" >> $VESTA/conf/vesta.conf + +# Downloading hosting packages +cd $VESTA/data +wget $vestacp/packages.tar.gz -O packages.tar.gz +tar -xzf packages.tar.gz +rm -f packages.tar.gz + +# Downloading templates +wget $vestacp/templates.tar.gz -O templates.tar.gz +tar -xzf templates.tar.gz +rm -f templates.tar.gz + +# Copying index.html to default documentroot +cp templates/web/skel/public_html/index.html /var/www/html/ +sed -i 's/%domain%/It worked!/g' /var/www/html/index.html + +# Downloading firewall rules +chkconfig firewalld off >/dev/null 2>&1 +wget $vestacp/firewall.tar.gz -O firewall.tar.gz +tar -xzf firewall.tar.gz +rm -f firewall.tar.gz + +# Configuring server hostname +$VESTA/bin/v-change-sys-hostname $servername 2>/dev/null + +# Generating SSL certificate +$VESTA/bin/v-generate-ssl-cert $(hostname) $email 'US' 'California' \ + 'San Francisco' 'Vesta Control Panel' 'IT' > /tmp/vst.pem + +# Parsing certificate file +crt_end=$(grep -n "END CERTIFICATE-" /tmp/vst.pem |cut -f 1 -d:) +key_start=$(grep -n "BEGIN RSA" /tmp/vst.pem |cut -f 1 -d:) +key_end=$(grep -n "END RSA" /tmp/vst.pem |cut -f 1 -d:) + +# Adding SSL certificate +cd $VESTA/ssl +sed -n "1,${crt_end}p" /tmp/vst.pem > certificate.crt +sed -n "$key_start,${key_end}p" /tmp/vst.pem > certificate.key +chown root:mail $VESTA/ssl/* +chmod 660 $VESTA/ssl/* +rm /tmp/vst.pem + + +#----------------------------------------------------------# +# Configure Nginx # +#----------------------------------------------------------# + +if [ "$nginx" = 'yes' ]; then + rm -f /etc/nginx/conf.d/*.conf + wget $vestacp/nginx/nginx.conf -O /etc/nginx/nginx.conf + wget $vestacp/nginx/status.conf -O /etc/nginx/conf.d/status.conf + wget $vestacp/nginx/phpmyadmin.inc -O /etc/nginx/conf.d/phpmyadmin.inc + wget $vestacp/nginx/phppgadmin.inc -O /etc/nginx/conf.d/phppgadmin.inc + wget $vestacp/nginx/webmail.inc -O /etc/nginx/conf.d/webmail.inc + wget $vestacp/logrotate/nginx -O /etc/logrotate.d/nginx + echo > /etc/nginx/conf.d/vesta.conf + mkdir -p /var/log/nginx/domains + chkconfig nginx on + service nginx start + check_result $? "nginx start failed" + + # Workaround for OpenVZ/Virtuozzo + if [ "$release" -eq '7' ] && [ -e "/proc/vz/veinfo" ]; then + echo "#Vesta: workraround for networkmanager" >> /etc/rc.local + echo "sleep 3 && service nginx restart" >> /etc/rc.local + fi +fi + + +#----------------------------------------------------------# +# Configure Apache # +#----------------------------------------------------------# + +if [ "$apache" = 'yes' ]; then + cd /etc/httpd + wget $vestacp/httpd/httpd.conf -O conf/httpd.conf + wget $vestacp/httpd/status.conf -O conf.d/status.conf + wget $vestacp/httpd/ssl.conf -O conf.d/ssl.conf + wget $vestacp/httpd/ruid2.conf -O conf.d/ruid2.conf + wget $vestacp/logrotate/httpd -O /etc/logrotate.d/httpd + if [ $release -ne 7 ]; then + echo "MEFaccept 127.0.0.1" >> conf.d/mod_extract_forwarded.conf + echo > conf.d/proxy_ajp.conf + fi + if [ -e "conf.modules.d/00-dav.conf" ]; then + sed -i "s/^/#/" conf.modules.d/00-dav.conf conf.modules.d/00-lua.conf + sed -i "s/^/#/" conf.modules.d/00-proxy.conf + fi + echo > conf.d/vesta.conf + touch logs/access_log logs/error_log logs/error_log logs/suexec.log + chmod 640 logs/access_log logs/error_log logs/error_log logs/suexec.log + chmod -f 777 /var/lib/php/session + chmod a+x /var/log/httpd + mkdir -p /var/log/httpd/domains + chmod 751 /var/log/httpd/domains + chkconfig httpd on + service httpd start + check_result $? "httpd start failed" + + # Workaround for OpenVZ/Virtuozzo + if [ "$release" -eq '7' ] && [ -e "/proc/vz/veinfo" ]; then + echo "#Vesta: workraround for networkmanager" >> /etc/rc.local + echo "sleep 2 && service httpd restart" >> /etc/rc.local + fi +fi + + +#----------------------------------------------------------# +# Configure PHP-FPM # +#----------------------------------------------------------# + +if [ "$phpfpm" = 'yes' ]; then + wget $vestacp/php-fpm/www.conf -O /etc/php-fpm.d/www.conf + chkconfig php-fpm on + service php-fpm start + check_result $? "php-fpm start failed" +fi + + +#----------------------------------------------------------# +# Configure PHP # +#----------------------------------------------------------# + +ZONE=$(timedatectl 2>/dev/null|grep Timezone|awk '{print $2}') +if [ -e '/etc/sysconfig/clock' ]; then + source /etc/sysconfig/clock +fi +if [ -z "$ZONE" ]; then + ZONE='UTC' +fi +for pconf in $(find /etc/php* -name php.ini); do + sed -i "s/;date.timezone =/date.timezone = $ZONE/g" $pconf + sed -i 's%_open_tag = Off%_open_tag = On%g' $pconf +done + + +#----------------------------------------------------------# +# Configure VSFTPD # +#----------------------------------------------------------# + +if [ "$vsftpd" = 'yes' ]; then + wget $vestacp/vsftpd/vsftpd.conf -O /etc/vsftpd/vsftpd.conf + chkconfig vsftpd on + service vsftpd start + check_result $? "vsftpd start failed" + + # To be deleted after release 0.9.8-18 + echo "/sbin/nologin" >> /etc/shells +fi + + +#----------------------------------------------------------# +# Configure ProFTPD # +#----------------------------------------------------------# + +if [ "$proftpd" = 'yes' ]; then + wget $vestacp/proftpd/proftpd.conf -O /etc/proftpd.conf + chkconfig proftpd on + service proftpd start + check_result $? "proftpd start failed" +fi + + +#----------------------------------------------------------# +# Configure MySQL # +#----------------------------------------------------------# + +if [ "$mysql" = 'yes' ]; then + + mycnf="my-small.cnf" + if [ $memory -gt 1200000 ]; then + mycnf="my-medium.cnf" + fi + if [ $memory -gt 3900000 ]; then + mycnf="my-large.cnf" + fi + + mkdir -p /var/lib/mysql + chown mysql:mysql /var/lib/mysql + mkdir -p /etc/my.cnf.d + + service='mysqld' + + wget $vestacp/$service/$mycnf -O /etc/my.cnf + chkconfig $service on + service $service start + if [ "$?" -ne 0 ]; then + if [ -e "/proc/user_beancounters" ]; then + # Fix for aio on OpenVZ + sed -i "s/#innodb_use_native/innodb_use_native/g" /etc/my.cnf + fi + service $service start + check_result $? "$service start failed" + fi + + # Securing MySQL installation + mysqladmin -u root password $vpass + echo -e "[client]\npassword='$vpass'\n" > /root/.my.cnf + chmod 600 /root/.my.cnf + mysql -e "DELETE FROM mysql.user WHERE User=''" + mysql -e "DROP DATABASE test" >/dev/null 2>&1 + mysql -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'" + mysql -e "DELETE FROM mysql.user WHERE user='' or password='';" + mysql -e "FLUSH PRIVILEGES" + + # Configuring phpMyAdmin + if [ "$apache" = 'yes' ]; then + wget $vestacp/pma/phpMyAdmin.conf -O /etc/httpd/conf.d/phpMyAdmin.conf + fi + wget $vestacp/pma/config.inc.conf -O /etc/phpMyAdmin/config.inc.php + sed -i "s/%blowfish_secret%/$(gen_pass)/g" /etc/phpMyAdmin/config.inc.php +fi + + +#----------------------------------------------------------# +# Configure PostgreSQL # +#----------------------------------------------------------# + +if [ "$postgresql" = 'yes' ]; then + if [ $release = 5 ]; then + service postgresql start + sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" + service postgresql stop + wget $vestacp/postgresql/pg_hba.conf -O /var/lib/pgsql/data/pg_hba.conf + service postgresql start + else + service postgresql initdb + wget $vestacp/postgresql/pg_hba.conf -O /var/lib/pgsql/data/pg_hba.conf + service postgresql start + sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" + fi + # Configuring phpPgAdmin + if [ "$apache" = 'yes' ]; then + wget $vestacp/pga/phpPgAdmin.conf -O /etc/httpd/conf.d/phpPgAdmin.conf + fi + wget $vestacp/pga/config.inc.php -O /etc/phpPgAdmin/config.inc.php +fi + + +#----------------------------------------------------------# +# Configure Bind # +#----------------------------------------------------------# + +if [ "$named" = 'yes' ]; then + wget $vestacp/named/named.conf -O /etc/named.conf + chown root:named /etc/named.conf + chmod 640 /etc/named.conf + chkconfig named on + service named start + check_result $? "named start failed" +fi + + +#----------------------------------------------------------# +# Configure Exim # +#----------------------------------------------------------# + +if [ "$exim" = 'yes' ]; then + gpasswd -a exim mail + wget $vestacp/exim/exim.conf -O /etc/exim/exim.conf + wget $vestacp/exim/dnsbl.conf -O /etc/exim/dnsbl.conf + wget $vestacp/exim/spam-blocks.conf -O /etc/exim/spam-blocks.conf + touch /etc/exim/white-blocks.conf + + if [ "$spamd" = 'yes' ]; then + sed -i "s/#SPAM/SPAM/g" /etc/exim/exim.conf + fi + if [ "$clamd" = 'yes' ]; then + sed -i "s/#CLAMD/CLAMD/g" /etc/exim/exim.conf + fi + + chmod 640 /etc/exim/exim.conf + rm -rf /etc/exim/domains + mkdir -p /etc/exim/domains + + rm -f /etc/alternatives/mta + ln -s /usr/sbin/sendmail.exim /etc/alternatives/mta + chkconfig sendmail off 2>/dev/null + service sendmail stop 2>/dev/null + chkconfig postfix off 2>/dev/null + service postfix stop 2>/dev/null + + chkconfig exim on + service exim start + check_result $? "exim start failed" +fi + + +#----------------------------------------------------------# +# Configure Dovecot # +#----------------------------------------------------------# + +if [ "$dovecot" = 'yes' ]; then + gpasswd -a dovecot mail + wget $vestacp/dovecot.tar.gz -O /etc/dovecot.tar.gz + wget $vestacp/logrotate/dovecot -O /etc/logrotate.d/dovecot + cd /etc + rm -rf dovecot dovecot.conf + tar -xzf dovecot.tar.gz + rm -f dovecot.tar.gz + chown -R root:root /etc/dovecot* + chkconfig dovecot on + service dovecot start + check_result $? "dovecot start failed" +fi + + +#----------------------------------------------------------# +# Configure ClamAV # +#----------------------------------------------------------# + +if [ "$clamd" = 'yes' ]; then + useradd clam -s /sbin/nologin -d /var/lib/clamav 2>/dev/null + gpasswd -a clam exim + gpasswd -a clam mail + wget $vestacp/clamav/clamd.conf -O /etc/clamd.conf + wget $vestacp/clamav/freshclam.conf -O /etc/freshclam.conf + mkdir -p /var/log/clamav + mkdir -p /var/run/clamav + chown clam:clam /var/log/clamav /var/run/clamav + chown -R clam:clam /var/lib/clamav + if [ "$release" -eq '7' ]; then + wget $vestacp/clamav/clamd.service -O \ + /usr/lib/systemd/system/clamd.service + systemctl --system daemon-reload + fi + /usr/bin/freshclam + if [ "$release" -eq '7' ]; then + sed -i "s/nofork/foreground/" /usr/lib/systemd/system/clamd.service + systemctl daemon-reload + fi + chkconfig clamd on + service clamd start + #check_result $? "clamd start failed" +fi + + +#----------------------------------------------------------# +# Configure SpamAssassin # +#----------------------------------------------------------# + +if [ "$spamd" = 'yes' ]; then + chkconfig spamassassin on + service spamassassin start + check_result $? "spamassassin start failed" + if [ "$release" -eq '7' ]; then + groupadd -g 1001 spamd + useradd -u 1001 -g spamd -s /sbin/nologin -d \ + /var/lib/spamassassin spamd + mkdir /var/lib/spamassassin + chown spamd:spamd /var/lib/spamassassin + fi +fi + + +#----------------------------------------------------------# +# Configure RoundCube # +#----------------------------------------------------------# + +if [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then + if [ "$apache" = 'yes' ]; then + wget $vestacp/roundcube/roundcubemail.conf \ + -O /etc/httpd/conf.d/roundcubemail.conf + fi + wget $vestacp/roundcube/main.inc.php -O /etc/roundcubemail/config.inc.php + cd /usr/share/roundcubemail/plugins/password + wget $vestacp/roundcube/vesta.php -O drivers/vesta.php + wget $vestacp/roundcube/config.inc.php -O config.inc.php + sed -i "s/localhost/$servername/g" /usr/share/roundcubemail/plugins/password/config.inc.php + chmod a+r /etc/roundcubemail/* + chmod -f 777 /var/log/roundcubemail + r="$(gen_pass)" + mysql -e "CREATE DATABASE roundcube" + mysql -e "GRANT ALL ON roundcube.* TO roundcube@localhost IDENTIFIED BY '$r'" + sed -i "s/%password%/$r/g" /etc/roundcubemail/config.inc.php + chmod 640 /etc/roundcubemail/config.inc.php + chown root:apache /etc/roundcubemail/config.inc.php + if [ -e "/usr/share/roundcubemail/SQL/mysql.initial.sql" ]; then + mysql roundcube < /usr/share/roundcubemail/SQL/mysql.initial.sql + else + mysql roundcube < /usr/share/doc/roundcubemail-*/SQL/mysql.initial.sql + fi +fi + + +#----------------------------------------------------------# +# Configure Fail2Ban # +#----------------------------------------------------------# + +if [ "$fail2ban" = 'yes' ]; then + cd /etc + wget $vestacp/fail2ban.tar.gz -O fail2ban.tar.gz + tar -xzf fail2ban.tar.gz + rm -f fail2ban.tar.gz + if [ "$dovecot" = 'no' ]; then + fline=$(cat /etc/fail2ban/jail.local |grep -n dovecot-iptables -A 2) + fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) + sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local + fi + if [ "$exim" = 'no' ]; then + fline=$(cat /etc/fail2ban/jail.local |grep -n exim-iptables -A 2) + fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) + sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local + fi + chkconfig fail2ban on + /bin/mkdir -p /var/run/fail2ban + if [ "$release" -eq 7 ]; then + sed -i "s/\[Service\]/\[Service\]\nExecStartPre = \/bin\/mkdir -p \/var\/run\/fail2ban/g" /usr/lib/systemd/system/fail2ban.service + systemctl daemon-reload + fi + service fail2ban start + check_result $? "fail2ban start failed" +fi + + +#----------------------------------------------------------# +# Configure Admin User # +#----------------------------------------------------------# + +# Deleting old admin user +if [ ! -z "$(grep ^admin: /etc/passwd)" ] && [ "$force" = 'yes' ]; then + chattr -i /home/admin/conf > /dev/null 2>&1 + userdel -f admin >/dev/null 2>&1 + chattr -i /home/admin/conf >/dev/null 2>&1 + mv -f /home/admin $vst_backups/home/ >/dev/null 2>&1 + rm -f /tmp/sess_* >/dev/null 2>&1 +fi +if [ ! -z "$(grep ^admin: /etc/group)" ] && [ "$force" = 'yes' ]; then + groupdel admin > /dev/null 2>&1 +fi + +# Adding vesta account +$VESTA/bin/v-add-user admin $vpass $email default System Administrator +check_result $? "can't create admin user" +$VESTA/bin/v-change-user-shell admin bash +$VESTA/bin/v-change-user-language admin $lang + +# Configuring system ips +touch /etc/redhat-release +$VESTA/bin/v-update-sys-ip + +# Get main ip +ip=$(ip addr|grep 'inet '|grep global|head -n1|awk '{print $2}'|cut -f1 -d/) + +# Firewall configuration +if [ "$iptables" = 'yes' ]; then + $VESTA/bin/v-update-firewall +fi +rm /etc/redhat-release + +# Get public ip +pub_ip=$(curl -s vestacp.com/what-is-my-ip/) +if [ ! -z "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then + $VESTA/bin/v-change-sys-ip-nat $ip $pub_ip + ip=$pub_ip +fi + +# Configuring mysql host +if [ "$mysql" = 'yes' ]; then + $VESTA/bin/v-add-database-host mysql localhost root $vpass + $VESTA/bin/v-add-database admin default default $(gen_pass) mysql +fi + +# Configuring pgsql host +if [ "$postgresql" = 'yes' ]; then + $VESTA/bin/v-add-database-host pgsql localhost postgres $vpass + $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql +fi + +# Adding default domain +$VESTA/bin/v-add-domain admin $servername +check_result $? "can't create $servername domain" + +command="sudo $VESTA/bin/v-update-sys-queue disk" +$VESTA/bin/v-add-cron-job 'admin' '15' '02' '*' '*' '*' "$command" +command="sudo $VESTA/bin/v-update-sys-queue traffic" +$VESTA/bin/v-add-cron-job 'admin' '10' '00' '*' '*' '*' "$command" +command="sudo $VESTA/bin/v-update-sys-queue webstats" +$VESTA/bin/v-add-cron-job 'admin' '30' '03' '*' '*' '*' "$command" +command="sudo $VESTA/bin/v-update-sys-queue backup" +$VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" +command="sudo $VESTA/bin/v-backup-users" +$VESTA/bin/v-add-cron-job 'admin' '10' '05' '*' '*' '*' "$command" +command="sudo $VESTA/bin/v-update-user-stats" +$VESTA/bin/v-add-cron-job 'admin' '20' '00' '*' '*' '*' "$command" +command="sudo $VESTA/bin/v-update-sys-rrd" +$VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" +service crond restart + +# Building initial rrd images +$VESTA/bin/v-update-sys-rrd + +# Enabling file system quota +if [ "$quota" = 'yes' ]; then + $VESTA/bin/v-add-sys-quota +fi + +# Starting vesta service +chkconfig vesta on +service vesta start +check_result $? "vesta start failed" +chown admin:admin $VESTA/data/sessions + +# Adding notifications +$VESTA/upd/add_notifications.sh + +# Adding cronjob for autoupdates +$VESTA/bin/v-add-cron-vesta-autoupdate + + +#----------------------------------------------------------# +# Vesta Access Info # +#----------------------------------------------------------# + +# Sending install notification to vestacp.com +wget vestacp.com/notify/?$codename -O /dev/null -q + +# Comparing hostname and ip +host_ip=$(host $servername| head -n 1 | awk '{print $NF}') +if [ "$host_ip" = "$ip" ]; then + ip="$servername" +fi + +# Sending notification to admin email +echo -e "Congratulations, you have just successfully installed \ +Vesta Control Panel + + https://$ip:8083 + username: admin + password: $vpass + +We hope that you enjoy your installation of Vesta. Please \ +feel free to contact us anytime if you have any questions. +Thank you. + +-- +Sincerely yours +vestacp.com team +" > $tmpfile + +send_mail="$VESTA/web/inc/mail-wrapper.php" +cat $tmpfile | $send_mail -s "Vesta Control Panel" $email + +# Congrats +echo '=======================================================' +echo +echo ' _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_| ' +echo ' _| _| _| _| _| _| _| ' +echo ' _| _| _|_|_| _|_| _| _|_|_|_| ' +echo ' _| _| _| _| _| _| _| ' +echo ' _| _|_|_|_| _|_|_| _| _| _| ' +echo +echo +cat $tmpfile +rm -f $tmpfile + +# EOF + diff --git a/install/vst-install.sh b/install/vst-install.sh index 026393f7..30b96ef5 100755 --- a/install/vst-install.sh +++ b/install/vst-install.sh @@ -41,11 +41,12 @@ fi case $(head -n1 /etc/issue | cut -f 1 -d ' ') in Debian) type="debian" ;; Ubuntu) type="ubuntu" ;; + Amazon) type="ami" ;; *) type="rhel" ;; esac # Fallback to Ubuntu -if [ ! -e "/etc/redhat-release" ]; then +if [[ ! -e "/etc/redhat-release" && ! -e "/etc/system-release" ]]; then type='ubuntu' fi @@ -74,3 +75,4 @@ if [ -e '/usr/bin/curl' ]; then fi exit + From 9ab28c57824f57b33e4c11fcee2e9cf9b0711728 Mon Sep 17 00:00:00 2001 From: fliker09 Date: Fri, 9 Jun 2017 13:19:03 +0300 Subject: [PATCH 3/3] Revert "Added installer for Amazon AMI" This reverts commit cdd2bead79cd6848b33cc579d42914dbe38479bb. To be moved into another branch --- install/vst-install-ami.sh | 1316 ------------------------------------ install/vst-install.sh | 4 +- 2 files changed, 1 insertion(+), 1319 deletions(-) delete mode 100755 install/vst-install-ami.sh diff --git a/install/vst-install-ami.sh b/install/vst-install-ami.sh deleted file mode 100755 index a2490bcc..00000000 --- a/install/vst-install-ami.sh +++ /dev/null @@ -1,1316 +0,0 @@ -#!/bin/bash - -# Vesta Amazon AMI installer v.01 - - -#----------------------------------------------------------# -# Variables&Functions # -#----------------------------------------------------------# - -export PATH=$PATH:/sbin -RHOST='r.vestacp.com' -CHOST='c.vestacp.com' -REPO='cmmnt' -VERSION='rhel' -VESTA='/usr/local/vesta' -memory=$(grep 'MemTotal' /proc/meminfo |tr ' ' '\n' |grep [0-9]) -arch=$(uname -i) -release=6 -codename="ami" -vestacp="http://$CHOST/$VERSION/$release" - -software_main="nginx httpd mod_ssl mod_fcgid which php php-common -php-cli php-bcmath php-gd php-imap php-mbstring php-mcrypt php-fpm -php-mysql php-pdo php-soap php-tidy php-xml php-xmlrpc php-pgsql -vsftpd bind bind-utils bind-libs exim dovecot expect bc jwhois -clamd spamassassin mysql mysql-server postgresql vim-common -postgresql-server postgresql-contrib e2fsprogs openssh-clients -ImageMagick curl mc screen ftp zip unzip flex sqlite pcre sudo -mailx lsof tar telnet rrdtool net-tools ntp GeoIP freetype fail2ban" -software_aux="mod_ruid2 mod_extract_forwarded awstats proftpd -roundcubemail phpMyAdmin phpPgAdmin vesta vesta-nginx vesta-php" - -# Defining help function -help() { - echo "Usage: $0 [OPTIONS] - -a, --apache Install Apache [yes|no] default: yes - -n, --nginx Install Nginx [yes|no] default: yes - -w, --phpfpm Install PHP-FPM [yes|no] default: no - -v, --vsftpd Install Vsftpd [yes|no] default: yes - -j, --proftpd Install ProFTPD [yes|no] default: no - -k, --named Install Bind [yes|no] default: yes - -m, --mysql Install MySQL [yes|no] default: yes - -g, --postgresql Install PostgreSQL [yes|no] default: no - -d, --mongodb Install MongoDB [yes|no] unsupported - -x, --exim Install Exim [yes|no] default: yes - -z, --dovecot Install Dovecot [yes|no] default: yes - -c, --clamav Install ClamAV [yes|no] default: yes - -t, --spamassassin Install SpamAssassin [yes|no] default: yes - -i, --iptables Install Iptables [yes|no] default: yes - -b, --fail2ban Install Fail2ban [yes|no] default: yes - -q, --quota Filesystem Quota [yes|no] default: no - -l, --lang Default language default: en - -y, --interactive Interactive install [yes|no] default: yes - -s, --hostname Set hostname - -e, --email Set admin email - -p, --password Set admin password - -f, --force Force installation - -h, --help Print this help - - Example: bash $0 -e demo@vestacp.com -p p4ssw0rd --apache no --phpfpm yes" - exit 1 -} - -# Defining password-gen function -gen_pass() { - MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' - LENGTH=10 - while [ ${n:=1} -le $LENGTH ]; do - PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}" - let n+=1 - done - echo "$PASS" -} - -# Defining return code check function -check_result() { - if [ $1 -ne 0 ]; then - echo "Error: $2" - exit $1 - fi -} - -# Defining function to set default value -set_default_value() { - eval variable=\$$1 - if [ -z "$variable" ]; then - eval $1=$2 - fi - if [ "$variable" != 'yes' ] && [ "$variable" != 'no' ]; then - eval $1=$2 - fi -} - - -#----------------------------------------------------------# -# Verifications # -#----------------------------------------------------------# - -# Creating temporary file -tmpfile=$(mktemp -p /tmp) - -# Translating argument to --gnu-long-options -for arg; do - delim="" - case "$arg" in - --apache) args="${args}-a " ;; - --nginx) args="${args}-n " ;; - --phpfpm) args="${args}-w " ;; - --vsftpd) args="${args}-v " ;; - --proftpd) args="${args}-j " ;; - --named) args="${args}-k " ;; - --mysql) args="${args}-m " ;; - --postgresql) args="${args}-g " ;; - --mongodb) args="${args}-d " ;; - --exim) args="${args}-x " ;; - --dovecot) args="${args}-z " ;; - --clamav) args="${args}-c " ;; - --spamassassin) args="${args}-t " ;; - --iptables) args="${args}-i " ;; - --fail2ban) args="${args}-b " ;; - --quota) args="${args}-q " ;; - --lang) args="${args}-l " ;; - --interactive) args="${args}-y " ;; - --hostname) args="${args}-s " ;; - --email) args="${args}-e " ;; - --password) args="${args}-p " ;; - --force) args="${args}-f " ;; - --help) args="${args}-h " ;; - *) [[ "${arg:0:1}" == "-" ]] || delim="\"" - args="${args}${delim}${arg}${delim} ";; - esac -done -eval set -- "$args" - -# Parsing arguments -while getopts "a:n:w:v:j:k:m:g:d:x:z:c:t:i:b:r:q:l:y:s:e:p:fh" Option; do - case $Option in - a) apache=$OPTARG ;; # Apache - n) nginx=$OPTARG ;; # Nginx - w) phpfpm=$OPTARG ;; # PHP-FPM - v) vsftpd=$OPTARG ;; # Vsftpd - j) proftpd=$OPTARG ;; # Proftpd - k) named=$OPTARG ;; # Named - m) mysql=$OPTARG ;; # MySQL - g) postgresql=$OPTARG ;; # PostgreSQL - d) mongodb=$OPTARG ;; # MongoDB (unsupported) - x) exim=$OPTARG ;; # Exim - z) dovecot=$OPTARG ;; # Dovecot - c) clamd=$OPTARG ;; # ClamAV - t) spamd=$OPTARG ;; # SpamAssassin - i) iptables=$OPTARG ;; # Iptables - b) fail2ban=$OPTARG ;; # Fail2ban - q) quota=$OPTARG ;; # FS Quota - l) lang=$OPTARG ;; # Language - y) interactive=$OPTARG ;; # Interactive install - s) servername=$OPTARG ;; # Hostname - e) email=$OPTARG ;; # Admin email - p) vpass=$OPTARG ;; # Admin password - f) force='yes' ;; # Force install - h) help ;; # Help - *) help ;; # Print help (default) - esac -done - -# Defining default software stack -set_default_value 'nginx' 'yes' -set_default_value 'apache' 'yes' -set_default_value 'phpfpm' 'no' -set_default_value 'vsftpd' 'yes' -set_default_value 'proftpd' 'no' -set_default_value 'named' 'yes' -set_default_value 'mysql' 'yes' -set_default_value 'postgresql' 'no' -set_default_value 'mongodb' 'no' -set_default_value 'exim' 'yes' -set_default_value 'dovecot' 'yes' -if [ $memory -lt 1500000 ]; then - set_default_value 'clamd' 'no' - set_default_value 'spamd' 'no' -else - set_default_value 'clamd' 'yes' - set_default_value 'spamd' 'yes' -fi -set_default_value 'iptables' 'yes' -set_default_value 'fail2ban' 'yes' -set_default_value 'quota' 'no' -set_default_value 'lang' 'en' -set_default_value 'interactive' 'yes' - -# Checking software conflicts -if [ "$phpfpm" = 'yes' ]; then - apache='no' - nginx='yes' -fi -if [ "$proftpd" = 'yes' ]; then - vsftpd='no' -fi -if [ "$exim" = 'no' ]; then - clamd='no' - spamd='no' - dovecot='no' -fi -if [ "$iptables" = 'no' ]; then - fail2ban='no' -fi - -# Checking root permissions -if [ "x$(id -u)" != 'x0' ]; then - check_result 1 "Script can be run executed only by root" -fi - -# Checking admin user account -if [ ! -z "$(grep ^admin: /etc/passwd /etc/group)" ] && [ -z "$force" ]; then - echo 'Please remove admin user account before proceeding.' - echo 'If you want to do it automatically run installer with -f option:' - echo -e "Example: bash $0 --force\n" - check_result 1 "User admin exists" -fi - -# Checking wget -if [ ! -e '/usr/bin/wget' ]; then - yum -y install wget - check_result $? "Can't install wget" -fi - -# Checking repository availability -wget -q "$vestacp/GPG.txt" -O /dev/null -check_result $? "No access to Vesta repository" - -# Checking installed packages -rpm -qa > $tmpfile -for pkg in exim mysql-server httpd nginx vesta; do - if [ ! -z "$(grep $pkg $tmpfile)" ]; then - conflicts="$pkg $conflicts" - fi -done -if [ ! -z "$conflicts" ] && [ -z "$force" ]; then - echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!' - echo - echo 'Following packages are already installed:' - echo "$conflicts" - echo - echo 'It is highly recommended to remove them before proceeding.' - echo 'If you want to force installation run this script with -f option:' - echo "Example: bash $0 --force" - echo - echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!' - echo - check_result 1 "Control Panel should be installed on clean server." -fi - - -#----------------------------------------------------------# -# Brief Info # -#----------------------------------------------------------# - -# Printing nice ascii as logo -clear -echo -echo ' _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_|' -echo ' _| _| _| _| _| _| _|' -echo ' _| _| _|_|_| _|_| _| _|_|_|_|' -echo ' _| _| _| _| _| _| _|' -echo ' _| _|_|_|_| _|_|_| _| _| _|' -echo -echo ' Vesta Control Panel' -echo -e "\n\n" - -echo 'Following software will be installed on your system:' - -# Web stack -if [ "$nginx" = 'yes' ]; then - echo ' - Nginx Web Server' -fi -if [ "$apache" = 'yes' ] && [ "$nginx" = 'no' ] ; then - echo ' - Apache Web Server' -fi -if [ "$apache" = 'yes' ] && [ "$nginx" = 'yes' ] ; then - echo ' - Apache Web Server (as backend)' -fi -if [ "$phpfpm" = 'yes' ]; then - echo ' - PHP-FPM Application Server' -fi - -# DNS stack -if [ "$named" = 'yes' ]; then - echo ' - Bind DNS Server' -fi - -# Mail Stack -if [ "$exim" = 'yes' ]; then - echo -n ' - Exim mail server' - if [ "$clamd" = 'yes' ] || [ "$spamd" = 'yes' ] ; then - echo -n ' + ' - if [ "$clamd" = 'yes' ]; then - echo -n 'Antivirus ' - fi - if [ "$spamd" = 'yes' ]; then - echo -n 'Antispam' - fi - fi - echo - if [ "$dovecot" = 'yes' ]; then - echo ' - Dovecot POP3/IMAP Server' - fi -fi - -# DB stack -if [ "$mysql" = 'yes' ]; then - if [ $release = 7 ]; then - echo ' - MariaDB Database Server' - else - echo ' - MySQL Database Server' - fi -fi -if [ "$postgresql" = 'yes' ]; then - echo ' - PostgreSQL Database Server' -fi -if [ "$mongodb" = 'yes' ]; then - echo ' - MongoDB Database Server' -fi - -# FTP stack -if [ "$vsftpd" = 'yes' ]; then - echo ' - Vsftpd FTP Server' -fi -if [ "$proftpd" = 'yes' ]; then - echo ' - ProFTPD FTP Server' -fi - -# Firewall stack -if [ "$iptables" = 'yes' ]; then - echo -n ' - Iptables Firewall' -fi -if [ "$iptables" = 'yes' ] && [ "$fail2ban" = 'yes' ]; then - echo -n ' + Fail2Ban' -fi -echo -e "\n\n" - -# Asking for confirmation to proceed -if [ "$interactive" = 'yes' ]; then - read -p 'Would you like to continue [y/n]: ' answer - if [ "$answer" != 'y' ] && [ "$answer" != 'Y' ]; then - echo 'Goodbye' - exit 1 - fi - - # Asking for contact email - if [ -z "$email" ]; then - read -p 'Please enter admin email address: ' email - fi - - # Asking to set FQDN hostname - if [ -z "$servername" ]; then - read -p "Please enter FQDN hostname [$(hostname)]: " servername - fi -fi - -# Generating admin password if it wasn't set -if [ -z "$vpass" ]; then - vpass=$(curl http://169.254.169.254/latest/meta-data/instance-id) -fi - -# Set hostname if it wasn't set -if [ -z "$servername" ]; then - servername=$(hostname -f) -fi - -# Set FQDN if it wasn't set -mask1='(([[:alnum:]](-?[[:alnum:]])*)\.)' -mask2='*[[:alnum:]](-?[[:alnum:]])+\.[[:alnum:]]{2,}' -if ! [[ "$servername" =~ ^${mask1}${mask2}$ ]]; then - if [ ! -z "$servername" ]; then - servername="$servername.example.com" - else - servername="example.com" - fi - echo "127.0.0.1 $servername" >> /etc/hosts -fi - -# Set email if it wasn't set -if [ -z "$email" ]; then - email="admin@$servername" -fi - -# Defining backup directory -vst_backups="/root/vst_install_backups/$(date +%s)" -echo "Installation backup directory: $vst_backups" - -# Printing start message and sleeping for 5 seconds -echo -e "\n\n\n\nInstallation will take about 15 minutes ...\n" -sleep 5 - - -#----------------------------------------------------------# -# Checking swap # -#----------------------------------------------------------# - -# Checking swap on small instances -if [ -z "$(swapon -s)" ] && [ $memory -lt 1000000 ]; then - fallocate -l 1G /swapfile - chmod 600 /swapfile - mkswap /swapfile - swapon /swapfile - echo "/swapfile none swap sw 0 0" >> /etc/fstab -fi - - -#----------------------------------------------------------# -# Install repositories # -#----------------------------------------------------------# - -# Updating system packages -yum -y update -check_result $? 'yum update failed' - -# Installing EPEL repository -rpm -Uvh --force $vestacp/epel-release.rpm -check_result $? "Can't install EPEL repository" - -# Installing Nginx repository -nrepo="/etc/yum.repos.d/nginx.repo" -echo "[nginx]" > $nrepo -echo "name=nginx repo" >> $nrepo -echo "baseurl=http://nginx.org/packages/centos/$release/\$basearch/" >> $nrepo -echo "gpgcheck=0" >> $nrepo -echo "enabled=1" >> $nrepo - -# Installing Vesta repository -vrepo='/etc/yum.repos.d/vesta.repo' -echo "[vesta]" > $vrepo -echo "name=Vesta - $REPO" >> $vrepo -echo "baseurl=http://$RHOST/$REPO/$release/\$basearch/" >> $vrepo -echo "enabled=1" >> $vrepo -echo "gpgcheck=1" >> $vrepo -echo "gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-VESTA" >> $vrepo -wget $vestacp/GPG.txt -O /etc/pki/rpm-gpg/RPM-GPG-KEY-VESTA - - -#----------------------------------------------------------# -# Backup # -#----------------------------------------------------------# - -# Creating backup directory tree -mkdir -p $vst_backups -cd $vst_backups -mkdir nginx httpd php php-fpm vsftpd proftpd named exim dovecot clamd \ - spamassassin mysql postgresql mongodb vesta - -# Backing up Nginx configuration -service nginx stop > /dev/null 2>&1 -cp -r /etc/nginx/* $vst_backups/nginx > /dev/null 2>&1 - -# Backing up Apache configuration -service httpd stop > /dev/null 2>&1 -cp -r /etc/httpd/* $vst_backups/httpd > /dev/null 2>&1 - -# Backing up PHP configuration -service php-fpm stop >/dev/null 2>&1 -cp /etc/php.ini $vst_backups/php > /dev/null 2>&1 -cp -r /etc/php.d $vst_backups/php > /dev/null 2>&1 -cp /etc/php-fpm.conf $vst_backups/php-fpm > /dev/null 2>&1 -mv -f /etc/php-fpm.d/* $vst_backups/php-fpm/ > /dev/null 2>&1 - -# Backing up Bind configuration -service named stop > /dev/null 2>&1 -cp /etc/named.conf $vst_backups/named >/dev/null 2>&1 - -# Backing up Vsftpd configuration -service vsftpd stop > /dev/null 2>&1 -cp /etc/vsftpd/vsftpd.conf $vst_backups/vsftpd >/dev/null 2>&1 - -# Backing up ProFTPD configuration -service proftpd stop > /dev/null 2>&1 -cp /etc/proftpd.conf $vst_backups/proftpd >/dev/null 2>&1 - -# Backing up Exim configuration -service exim stop > /dev/null 2>&1 -cp -r /etc/exim/* $vst_backups/exim >/dev/null 2>&1 - -# Backing up ClamAV configuration -service clamd stop > /dev/null 2>&1 -cp /etc/clamd.conf $vst_backups/clamd >/dev/null 2>&1 -cp -r /etc/clamd.d $vst_backups/clamd >/dev/null 2>&1 - -# Backing up SpamAssassin configuration -service spamassassin stop > /dev/null 2>&1 -cp -r /etc/mail/spamassassin/* $vst_backups/spamassassin >/dev/null 2>&1 - -# Backing up Dovecot configuration -service dovecot stop > /dev/null 2>&1 -cp /etc/dovecot.conf $vst_backups/dovecot > /dev/null 2>&1 -cp -r /etc/dovecot/* $vst_backups/dovecot > /dev/null 2>&1 - -# Backing up MySQL/MariaDB configuration and data -service mysql stop > /dev/null 2>&1 -service mysqld stop > /dev/null 2>&1 -service mariadb stop > /dev/null 2>&1 -mv /var/lib/mysql $vst_backups/mysql/mysql_datadir >/dev/null 2>&1 -cp /etc/my.cnf $vst_backups/mysql > /dev/null 2>&1 -cp /etc/my.cnf.d $vst_backups/mysql > /dev/null 2>&1 -mv /root/.my.cnf $vst_backups/mysql > /dev/null 2>&1 - -# Backing up MySQL/MariaDB configuration and data -service postgresql stop > /dev/null 2>&1 -mv /var/lib/pgsql/data $vst_backups/postgresql/ >/dev/null 2>&1 - -# Backing up Vesta configuration and data -service vesta stop > /dev/null 2>&1 -mv $VESTA/data/* $vst_backups/vesta > /dev/null 2>&1 -mv $VESTA/conf/* $vst_backups/vesta > /dev/null 2>&1 - - -#----------------------------------------------------------# -# Package Exludes # -#----------------------------------------------------------# - -# Excluding packages -if [ "$nginx" = 'no' ]; then - software_main=$(echo "$software_main" | sed -e "s/^nginx//") -fi -if [ "$apache" = 'no' ]; then - software_main=$(echo "$software_main" | sed -e "s/httpd//") - software_main=$(echo "$software_main" | sed -e "s/mod_ssl//") - software_main=$(echo "$software_main" | sed -e "s/mod_fcgid//") - software_aux=$(echo "$software_aux" | sed -e "s/mod_ruid2//") -fi -if [ "$phpfpm" = 'no' ]; then - software_main=$(echo "$software_main" | sed -e "s/php-fpm//") -fi -if [ "$vsftpd" = 'no' ]; then - software_main=$(echo "$software_main" | sed -e "s/vsftpd//") -fi -if [ "$proftpd" = 'no' ]; then - software_aux=$(echo "$software_aux" | sed -e "s/proftpd//") -fi -if [ "$named" = 'no' ]; then - software_main=$(echo "$software_main" | sed -e "s/bind //") -fi -if [ "$exim" = 'no' ]; then - software_main=$(echo "$software_main" | sed -e "s/exim//") - software_main=$(echo "$software_main" | sed -e "s/dovecot//") - software_main=$(echo "$software_main" | sed -e "s/clamd//") - software_main=$(echo "$software_main" | sed -e "s/clamav-server//") - software_main=$(echo "$software_main" | sed -e "s/clamav-update//") - software_main=$(echo "$software_main" | sed -e "s/spamassassin//") - software_main=$(echo "$software_main" | sed -e "s/dovecot//") - software_aux=$(echo "$software_aux" | sed -e "s/roundcubemail//") -fi -if [ "$clamd" = 'no' ]; then - software_main=$(echo "$software_main" | sed -e "s/clamd//") - software_main=$(echo "$software_main" | sed -e "s/clamav-server//") - software_main=$(echo "$software_main" | sed -e "s/clamav-update//") -fi -if [ "$spamd" = 'no' ]; then - software_main=$(echo "$software_main" | sed -e 's/spamassassin//') -fi -if [ "$dovecot" = 'no' ]; then - software_main=$(echo "$software_main" | sed -e "s/dovecot//") -fi -if [ "$mysql" = 'no' ]; then - software_main=$(echo "$software_main" | sed -e 's/mysql //') - software_main=$(echo "$software_main" | sed -e 's/mysql-server//') - software_main=$(echo "$software_main" | sed -e 's/mariadb //') - software_main=$(echo "$software_main" | sed -e 's/mariadb-server//') - software_main=$(echo "$software_main" | sed -e 's/php-mysql//') - software_aux=$(echo "$software_aux" | sed -e 's/phpMyAdmin//') - software_aux=$(echo "$software_aux" | sed -e 's/roundcubemail//') -fi -if [ "$postgresql" = 'no' ]; then - software_main=$(echo "$software_main" | sed -e 's/postgresql //') - software_main=$(echo "$software_main" | sed -e 's/postgresql-server//') - software_main=$(echo "$software_main" | sed -e 's/postgresql-contrib//') - software_main=$(echo "$software_main" | sed -e 's/php-pgsql//') - software_aux=$(echo "$software_aux" | sed -e 's/phpPgAdmin//') -fi -if [ "$iptables" = 'no' ] || [ "$fail2ban" = 'no' ]; then - software_main=$(echo "$software_main" | sed -e 's/fail2ban//') -fi - - -#----------------------------------------------------------# -# Install packages # -#----------------------------------------------------------# - -# Installing rpm packages -yum -y --disableplugin=priorities --disablerepo=* --enablerepo="*main,*updates,nginx" \ - install $software_main -check_result $? "yum install failed" -yum -y --disableplugin=priorities --disablerepo=* --enablerepo="*main,*updates,nginx,epel,vesta" \ - install $software_aux -check_result $? "yum install failed" - - -#----------------------------------------------------------# -# Configure system # -#----------------------------------------------------------# - -# Restarting rsyslog -service rsyslog restart > /dev/null 2>&1 - -# Checking ipv6 on loopback interface -check_lo_ipv6=$(/sbin/ip addr | grep 'inet6') -check_rc_ipv6=$(grep 'scope global dev lo' /etc/rc.local) -if [ ! -z "$check_lo_ipv6)" ] && [ -z "$check_rc_ipv6" ]; then - ip addr add ::2/128 scope global dev lo - echo "# Vesta: Workraround for openssl validation func" >> /etc/rc.local - echo "ip addr add ::2/128 scope global dev lo" >> /etc/rc.local - chmod a+x /etc/rc.local -fi - -# Disabling SELinux -if [ -e '/etc/sysconfig/selinux' ]; then - sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux - sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config - setenforce 0 2>/dev/null -fi - -# Disable iptables -service iptables stop - -# Configuring NTP synchronization -echo '#!/bin/sh' > /etc/cron.daily/ntpdate -echo "$(which ntpdate) -s pool.ntp.org" >> /etc/cron.daily/ntpdate -chmod 775 /etc/cron.daily/ntpdate -ntpdate -s pool.ntp.org - -# Adding backup user -adduser backup 2>/dev/null -ln -sf /home/backup /backup -chmod a+x /backup - -# Chaning default directory color -echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile - - -#----------------------------------------------------------# -# Configure VESTA # -#----------------------------------------------------------# - -# Downlading sudo configuration -mkdir -p /etc/sudoers.d -wget $vestacp/sudo/admin -O /etc/sudoers.d/admin -chmod 440 /etc/sudoers.d/admin - -# Configuring system env -echo "export VESTA='$VESTA'" > /etc/profile.d/vesta.sh -chmod 755 /etc/profile.d/vesta.sh -source /etc/profile.d/vesta.sh -echo 'PATH=$PATH:'$VESTA'/bin' >> /root/.bash_profile -echo 'export PATH' >> /root/.bash_profile -source /root/.bash_profile - -# Configuring logrotate for vesta logs -wget $vestacp/logrotate/vesta -O /etc/logrotate.d/vesta - -# Buidling directory tree and creating some blank files for vesta -mkdir -p $VESTA/conf $VESTA/log $VESTA/ssl $VESTA/data/ips \ - $VESTA/data/queue $VESTA/data/users $VESTA/data/firewall \ - $VESTA/data/sessions -touch $VESTA/data/queue/backup.pipe $VESTA/data/queue/disk.pipe \ - $VESTA/data/queue/webstats.pipe $VESTA/data/queue/restart.pipe \ - $VESTA/data/queue/traffic.pipe $VESTA/log/system.log \ - $VESTA/log/nginx-error.log $VESTA/log/auth.log -chmod 750 $VESTA/conf $VESTA/data/users $VESTA/data/ips $VESTA/log -chmod -R 750 $VESTA/data/queue -chmod 660 $VESTA/log/* -rm -f /var/log/vesta -ln -s $VESTA/log /var/log/vesta -chmod 770 $VESTA/data/sessions - -# Generating vesta configuration -rm -f $VESTA/conf/vesta.conf 2>/dev/null -touch $VESTA/conf/vesta.conf -chmod 660 $VESTA/conf/vesta.conf - -# WEB stack -if [ "$apache" = 'yes' ] && [ "$nginx" = 'no' ] ; then - echo "WEB_SYSTEM='httpd'" >> $VESTA/conf/vesta.conf - echo "WEB_RGROUPS='apache'" >> $VESTA/conf/vesta.conf - echo "WEB_PORT='80'" >> $VESTA/conf/vesta.conf - echo "WEB_SSL_PORT='443'" >> $VESTA/conf/vesta.conf - echo "WEB_SSL='mod_ssl'" >> $VESTA/conf/vesta.conf - echo "STATS_SYSTEM='awstats'" >> $VESTA/conf/vesta.conf -fi -if [ "$apache" = 'yes' ] && [ "$nginx" = 'yes' ] ; then - echo "WEB_SYSTEM='httpd'" >> $VESTA/conf/vesta.conf - echo "WEB_RGROUPS='apache'" >> $VESTA/conf/vesta.conf - echo "WEB_PORT='8080'" >> $VESTA/conf/vesta.conf - echo "WEB_SSL_PORT='8443'" >> $VESTA/conf/vesta.conf - echo "WEB_SSL='mod_ssl'" >> $VESTA/conf/vesta.conf - echo "PROXY_SYSTEM='nginx'" >> $VESTA/conf/vesta.conf - echo "PROXY_PORT='80'" >> $VESTA/conf/vesta.conf - echo "PROXY_SSL_PORT='443'" >> $VESTA/conf/vesta.conf - echo "STATS_SYSTEM='awstats'" >> $VESTA/conf/vesta.conf -fi -if [ "$apache" = 'no' ] && [ "$nginx" = 'yes' ]; then - echo "WEB_SYSTEM='nginx'" >> $VESTA/conf/vesta.conf - echo "WEB_PORT='80'" >> $VESTA/conf/vesta.conf - echo "WEB_SSL_PORT='443'" >> $VESTA/conf/vesta.conf - echo "WEB_SSL='openssl'" >> $VESTA/conf/vesta.conf - if [ "$phpfpm" = 'yes' ]; then - echo "WEB_BACKEND='php-fpm'" >> $VESTA/conf/vesta.conf - fi - echo "STATS_SYSTEM='awstats'" >> $VESTA/conf/vesta.conf -fi - -# FTP stack -if [ "$vsftpd" = 'yes' ]; then - echo "FTP_SYSTEM='vsftpd'" >> $VESTA/conf/vesta.conf -fi -if [ "$proftpd" = 'yes' ]; then - echo "FTP_SYSTEM='proftpd'" >> $VESTA/conf/vesta.conf -fi - -# DNS stack -if [ "$named" = 'yes' ]; then - echo "DNS_SYSTEM='named'" >> $VESTA/conf/vesta.conf -fi - -# Mail stack -if [ "$exim" = 'yes' ]; then - echo "MAIL_SYSTEM='exim'" >> $VESTA/conf/vesta.conf - if [ "$clamd" = 'yes' ]; then - echo "ANTIVIRUS_SYSTEM='clamav'" >> $VESTA/conf/vesta.conf - fi - if [ "$spamd" = 'yes' ]; then - echo "ANTISPAM_SYSTEM='spamassassin'" >> $VESTA/conf/vesta.conf - fi - if [ "$dovecot" = 'yes' ]; then - echo "IMAP_SYSTEM='dovecot'" >> $VESTA/conf/vesta.conf - fi -fi - -# CRON daemon -echo "CRON_SYSTEM='crond'" >> $VESTA/conf/vesta.conf - -# Firewall stack -if [ "$iptables" = 'yes' ]; then - echo "FIREWALL_SYSTEM='iptables'" >> $VESTA/conf/vesta.conf -fi -if [ "$iptables" = 'yes' ] && [ "$fail2ban" = 'yes' ]; then - echo "FIREWALL_EXTENSION='fail2ban'" >> $VESTA/conf/vesta.conf -fi - -# Disk quota -if [ "$quota" = 'yes' ]; then - echo "DISK_QUOTA='yes'" >> $VESTA/conf/vesta.conf -fi - -# Backups -echo "BACKUP_SYSTEM='local'" >> $VESTA/conf/vesta.conf - -# Language -echo "LANGUAGE='$lang'" >> $VESTA/conf/vesta.conf - -# Version -echo "VERSION='0.9.8'" >> $VESTA/conf/vesta.conf - -# Downloading hosting packages -cd $VESTA/data -wget $vestacp/packages.tar.gz -O packages.tar.gz -tar -xzf packages.tar.gz -rm -f packages.tar.gz - -# Downloading templates -wget $vestacp/templates.tar.gz -O templates.tar.gz -tar -xzf templates.tar.gz -rm -f templates.tar.gz - -# Copying index.html to default documentroot -cp templates/web/skel/public_html/index.html /var/www/html/ -sed -i 's/%domain%/It worked!/g' /var/www/html/index.html - -# Downloading firewall rules -chkconfig firewalld off >/dev/null 2>&1 -wget $vestacp/firewall.tar.gz -O firewall.tar.gz -tar -xzf firewall.tar.gz -rm -f firewall.tar.gz - -# Configuring server hostname -$VESTA/bin/v-change-sys-hostname $servername 2>/dev/null - -# Generating SSL certificate -$VESTA/bin/v-generate-ssl-cert $(hostname) $email 'US' 'California' \ - 'San Francisco' 'Vesta Control Panel' 'IT' > /tmp/vst.pem - -# Parsing certificate file -crt_end=$(grep -n "END CERTIFICATE-" /tmp/vst.pem |cut -f 1 -d:) -key_start=$(grep -n "BEGIN RSA" /tmp/vst.pem |cut -f 1 -d:) -key_end=$(grep -n "END RSA" /tmp/vst.pem |cut -f 1 -d:) - -# Adding SSL certificate -cd $VESTA/ssl -sed -n "1,${crt_end}p" /tmp/vst.pem > certificate.crt -sed -n "$key_start,${key_end}p" /tmp/vst.pem > certificate.key -chown root:mail $VESTA/ssl/* -chmod 660 $VESTA/ssl/* -rm /tmp/vst.pem - - -#----------------------------------------------------------# -# Configure Nginx # -#----------------------------------------------------------# - -if [ "$nginx" = 'yes' ]; then - rm -f /etc/nginx/conf.d/*.conf - wget $vestacp/nginx/nginx.conf -O /etc/nginx/nginx.conf - wget $vestacp/nginx/status.conf -O /etc/nginx/conf.d/status.conf - wget $vestacp/nginx/phpmyadmin.inc -O /etc/nginx/conf.d/phpmyadmin.inc - wget $vestacp/nginx/phppgadmin.inc -O /etc/nginx/conf.d/phppgadmin.inc - wget $vestacp/nginx/webmail.inc -O /etc/nginx/conf.d/webmail.inc - wget $vestacp/logrotate/nginx -O /etc/logrotate.d/nginx - echo > /etc/nginx/conf.d/vesta.conf - mkdir -p /var/log/nginx/domains - chkconfig nginx on - service nginx start - check_result $? "nginx start failed" - - # Workaround for OpenVZ/Virtuozzo - if [ "$release" -eq '7' ] && [ -e "/proc/vz/veinfo" ]; then - echo "#Vesta: workraround for networkmanager" >> /etc/rc.local - echo "sleep 3 && service nginx restart" >> /etc/rc.local - fi -fi - - -#----------------------------------------------------------# -# Configure Apache # -#----------------------------------------------------------# - -if [ "$apache" = 'yes' ]; then - cd /etc/httpd - wget $vestacp/httpd/httpd.conf -O conf/httpd.conf - wget $vestacp/httpd/status.conf -O conf.d/status.conf - wget $vestacp/httpd/ssl.conf -O conf.d/ssl.conf - wget $vestacp/httpd/ruid2.conf -O conf.d/ruid2.conf - wget $vestacp/logrotate/httpd -O /etc/logrotate.d/httpd - if [ $release -ne 7 ]; then - echo "MEFaccept 127.0.0.1" >> conf.d/mod_extract_forwarded.conf - echo > conf.d/proxy_ajp.conf - fi - if [ -e "conf.modules.d/00-dav.conf" ]; then - sed -i "s/^/#/" conf.modules.d/00-dav.conf conf.modules.d/00-lua.conf - sed -i "s/^/#/" conf.modules.d/00-proxy.conf - fi - echo > conf.d/vesta.conf - touch logs/access_log logs/error_log logs/error_log logs/suexec.log - chmod 640 logs/access_log logs/error_log logs/error_log logs/suexec.log - chmod -f 777 /var/lib/php/session - chmod a+x /var/log/httpd - mkdir -p /var/log/httpd/domains - chmod 751 /var/log/httpd/domains - chkconfig httpd on - service httpd start - check_result $? "httpd start failed" - - # Workaround for OpenVZ/Virtuozzo - if [ "$release" -eq '7' ] && [ -e "/proc/vz/veinfo" ]; then - echo "#Vesta: workraround for networkmanager" >> /etc/rc.local - echo "sleep 2 && service httpd restart" >> /etc/rc.local - fi -fi - - -#----------------------------------------------------------# -# Configure PHP-FPM # -#----------------------------------------------------------# - -if [ "$phpfpm" = 'yes' ]; then - wget $vestacp/php-fpm/www.conf -O /etc/php-fpm.d/www.conf - chkconfig php-fpm on - service php-fpm start - check_result $? "php-fpm start failed" -fi - - -#----------------------------------------------------------# -# Configure PHP # -#----------------------------------------------------------# - -ZONE=$(timedatectl 2>/dev/null|grep Timezone|awk '{print $2}') -if [ -e '/etc/sysconfig/clock' ]; then - source /etc/sysconfig/clock -fi -if [ -z "$ZONE" ]; then - ZONE='UTC' -fi -for pconf in $(find /etc/php* -name php.ini); do - sed -i "s/;date.timezone =/date.timezone = $ZONE/g" $pconf - sed -i 's%_open_tag = Off%_open_tag = On%g' $pconf -done - - -#----------------------------------------------------------# -# Configure VSFTPD # -#----------------------------------------------------------# - -if [ "$vsftpd" = 'yes' ]; then - wget $vestacp/vsftpd/vsftpd.conf -O /etc/vsftpd/vsftpd.conf - chkconfig vsftpd on - service vsftpd start - check_result $? "vsftpd start failed" - - # To be deleted after release 0.9.8-18 - echo "/sbin/nologin" >> /etc/shells -fi - - -#----------------------------------------------------------# -# Configure ProFTPD # -#----------------------------------------------------------# - -if [ "$proftpd" = 'yes' ]; then - wget $vestacp/proftpd/proftpd.conf -O /etc/proftpd.conf - chkconfig proftpd on - service proftpd start - check_result $? "proftpd start failed" -fi - - -#----------------------------------------------------------# -# Configure MySQL # -#----------------------------------------------------------# - -if [ "$mysql" = 'yes' ]; then - - mycnf="my-small.cnf" - if [ $memory -gt 1200000 ]; then - mycnf="my-medium.cnf" - fi - if [ $memory -gt 3900000 ]; then - mycnf="my-large.cnf" - fi - - mkdir -p /var/lib/mysql - chown mysql:mysql /var/lib/mysql - mkdir -p /etc/my.cnf.d - - service='mysqld' - - wget $vestacp/$service/$mycnf -O /etc/my.cnf - chkconfig $service on - service $service start - if [ "$?" -ne 0 ]; then - if [ -e "/proc/user_beancounters" ]; then - # Fix for aio on OpenVZ - sed -i "s/#innodb_use_native/innodb_use_native/g" /etc/my.cnf - fi - service $service start - check_result $? "$service start failed" - fi - - # Securing MySQL installation - mysqladmin -u root password $vpass - echo -e "[client]\npassword='$vpass'\n" > /root/.my.cnf - chmod 600 /root/.my.cnf - mysql -e "DELETE FROM mysql.user WHERE User=''" - mysql -e "DROP DATABASE test" >/dev/null 2>&1 - mysql -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'" - mysql -e "DELETE FROM mysql.user WHERE user='' or password='';" - mysql -e "FLUSH PRIVILEGES" - - # Configuring phpMyAdmin - if [ "$apache" = 'yes' ]; then - wget $vestacp/pma/phpMyAdmin.conf -O /etc/httpd/conf.d/phpMyAdmin.conf - fi - wget $vestacp/pma/config.inc.conf -O /etc/phpMyAdmin/config.inc.php - sed -i "s/%blowfish_secret%/$(gen_pass)/g" /etc/phpMyAdmin/config.inc.php -fi - - -#----------------------------------------------------------# -# Configure PostgreSQL # -#----------------------------------------------------------# - -if [ "$postgresql" = 'yes' ]; then - if [ $release = 5 ]; then - service postgresql start - sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" - service postgresql stop - wget $vestacp/postgresql/pg_hba.conf -O /var/lib/pgsql/data/pg_hba.conf - service postgresql start - else - service postgresql initdb - wget $vestacp/postgresql/pg_hba.conf -O /var/lib/pgsql/data/pg_hba.conf - service postgresql start - sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" - fi - # Configuring phpPgAdmin - if [ "$apache" = 'yes' ]; then - wget $vestacp/pga/phpPgAdmin.conf -O /etc/httpd/conf.d/phpPgAdmin.conf - fi - wget $vestacp/pga/config.inc.php -O /etc/phpPgAdmin/config.inc.php -fi - - -#----------------------------------------------------------# -# Configure Bind # -#----------------------------------------------------------# - -if [ "$named" = 'yes' ]; then - wget $vestacp/named/named.conf -O /etc/named.conf - chown root:named /etc/named.conf - chmod 640 /etc/named.conf - chkconfig named on - service named start - check_result $? "named start failed" -fi - - -#----------------------------------------------------------# -# Configure Exim # -#----------------------------------------------------------# - -if [ "$exim" = 'yes' ]; then - gpasswd -a exim mail - wget $vestacp/exim/exim.conf -O /etc/exim/exim.conf - wget $vestacp/exim/dnsbl.conf -O /etc/exim/dnsbl.conf - wget $vestacp/exim/spam-blocks.conf -O /etc/exim/spam-blocks.conf - touch /etc/exim/white-blocks.conf - - if [ "$spamd" = 'yes' ]; then - sed -i "s/#SPAM/SPAM/g" /etc/exim/exim.conf - fi - if [ "$clamd" = 'yes' ]; then - sed -i "s/#CLAMD/CLAMD/g" /etc/exim/exim.conf - fi - - chmod 640 /etc/exim/exim.conf - rm -rf /etc/exim/domains - mkdir -p /etc/exim/domains - - rm -f /etc/alternatives/mta - ln -s /usr/sbin/sendmail.exim /etc/alternatives/mta - chkconfig sendmail off 2>/dev/null - service sendmail stop 2>/dev/null - chkconfig postfix off 2>/dev/null - service postfix stop 2>/dev/null - - chkconfig exim on - service exim start - check_result $? "exim start failed" -fi - - -#----------------------------------------------------------# -# Configure Dovecot # -#----------------------------------------------------------# - -if [ "$dovecot" = 'yes' ]; then - gpasswd -a dovecot mail - wget $vestacp/dovecot.tar.gz -O /etc/dovecot.tar.gz - wget $vestacp/logrotate/dovecot -O /etc/logrotate.d/dovecot - cd /etc - rm -rf dovecot dovecot.conf - tar -xzf dovecot.tar.gz - rm -f dovecot.tar.gz - chown -R root:root /etc/dovecot* - chkconfig dovecot on - service dovecot start - check_result $? "dovecot start failed" -fi - - -#----------------------------------------------------------# -# Configure ClamAV # -#----------------------------------------------------------# - -if [ "$clamd" = 'yes' ]; then - useradd clam -s /sbin/nologin -d /var/lib/clamav 2>/dev/null - gpasswd -a clam exim - gpasswd -a clam mail - wget $vestacp/clamav/clamd.conf -O /etc/clamd.conf - wget $vestacp/clamav/freshclam.conf -O /etc/freshclam.conf - mkdir -p /var/log/clamav - mkdir -p /var/run/clamav - chown clam:clam /var/log/clamav /var/run/clamav - chown -R clam:clam /var/lib/clamav - if [ "$release" -eq '7' ]; then - wget $vestacp/clamav/clamd.service -O \ - /usr/lib/systemd/system/clamd.service - systemctl --system daemon-reload - fi - /usr/bin/freshclam - if [ "$release" -eq '7' ]; then - sed -i "s/nofork/foreground/" /usr/lib/systemd/system/clamd.service - systemctl daemon-reload - fi - chkconfig clamd on - service clamd start - #check_result $? "clamd start failed" -fi - - -#----------------------------------------------------------# -# Configure SpamAssassin # -#----------------------------------------------------------# - -if [ "$spamd" = 'yes' ]; then - chkconfig spamassassin on - service spamassassin start - check_result $? "spamassassin start failed" - if [ "$release" -eq '7' ]; then - groupadd -g 1001 spamd - useradd -u 1001 -g spamd -s /sbin/nologin -d \ - /var/lib/spamassassin spamd - mkdir /var/lib/spamassassin - chown spamd:spamd /var/lib/spamassassin - fi -fi - - -#----------------------------------------------------------# -# Configure RoundCube # -#----------------------------------------------------------# - -if [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then - if [ "$apache" = 'yes' ]; then - wget $vestacp/roundcube/roundcubemail.conf \ - -O /etc/httpd/conf.d/roundcubemail.conf - fi - wget $vestacp/roundcube/main.inc.php -O /etc/roundcubemail/config.inc.php - cd /usr/share/roundcubemail/plugins/password - wget $vestacp/roundcube/vesta.php -O drivers/vesta.php - wget $vestacp/roundcube/config.inc.php -O config.inc.php - sed -i "s/localhost/$servername/g" /usr/share/roundcubemail/plugins/password/config.inc.php - chmod a+r /etc/roundcubemail/* - chmod -f 777 /var/log/roundcubemail - r="$(gen_pass)" - mysql -e "CREATE DATABASE roundcube" - mysql -e "GRANT ALL ON roundcube.* TO roundcube@localhost IDENTIFIED BY '$r'" - sed -i "s/%password%/$r/g" /etc/roundcubemail/config.inc.php - chmod 640 /etc/roundcubemail/config.inc.php - chown root:apache /etc/roundcubemail/config.inc.php - if [ -e "/usr/share/roundcubemail/SQL/mysql.initial.sql" ]; then - mysql roundcube < /usr/share/roundcubemail/SQL/mysql.initial.sql - else - mysql roundcube < /usr/share/doc/roundcubemail-*/SQL/mysql.initial.sql - fi -fi - - -#----------------------------------------------------------# -# Configure Fail2Ban # -#----------------------------------------------------------# - -if [ "$fail2ban" = 'yes' ]; then - cd /etc - wget $vestacp/fail2ban.tar.gz -O fail2ban.tar.gz - tar -xzf fail2ban.tar.gz - rm -f fail2ban.tar.gz - if [ "$dovecot" = 'no' ]; then - fline=$(cat /etc/fail2ban/jail.local |grep -n dovecot-iptables -A 2) - fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) - sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local - fi - if [ "$exim" = 'no' ]; then - fline=$(cat /etc/fail2ban/jail.local |grep -n exim-iptables -A 2) - fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) - sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local - fi - chkconfig fail2ban on - /bin/mkdir -p /var/run/fail2ban - if [ "$release" -eq 7 ]; then - sed -i "s/\[Service\]/\[Service\]\nExecStartPre = \/bin\/mkdir -p \/var\/run\/fail2ban/g" /usr/lib/systemd/system/fail2ban.service - systemctl daemon-reload - fi - service fail2ban start - check_result $? "fail2ban start failed" -fi - - -#----------------------------------------------------------# -# Configure Admin User # -#----------------------------------------------------------# - -# Deleting old admin user -if [ ! -z "$(grep ^admin: /etc/passwd)" ] && [ "$force" = 'yes' ]; then - chattr -i /home/admin/conf > /dev/null 2>&1 - userdel -f admin >/dev/null 2>&1 - chattr -i /home/admin/conf >/dev/null 2>&1 - mv -f /home/admin $vst_backups/home/ >/dev/null 2>&1 - rm -f /tmp/sess_* >/dev/null 2>&1 -fi -if [ ! -z "$(grep ^admin: /etc/group)" ] && [ "$force" = 'yes' ]; then - groupdel admin > /dev/null 2>&1 -fi - -# Adding vesta account -$VESTA/bin/v-add-user admin $vpass $email default System Administrator -check_result $? "can't create admin user" -$VESTA/bin/v-change-user-shell admin bash -$VESTA/bin/v-change-user-language admin $lang - -# Configuring system ips -touch /etc/redhat-release -$VESTA/bin/v-update-sys-ip - -# Get main ip -ip=$(ip addr|grep 'inet '|grep global|head -n1|awk '{print $2}'|cut -f1 -d/) - -# Firewall configuration -if [ "$iptables" = 'yes' ]; then - $VESTA/bin/v-update-firewall -fi -rm /etc/redhat-release - -# Get public ip -pub_ip=$(curl -s vestacp.com/what-is-my-ip/) -if [ ! -z "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then - $VESTA/bin/v-change-sys-ip-nat $ip $pub_ip - ip=$pub_ip -fi - -# Configuring mysql host -if [ "$mysql" = 'yes' ]; then - $VESTA/bin/v-add-database-host mysql localhost root $vpass - $VESTA/bin/v-add-database admin default default $(gen_pass) mysql -fi - -# Configuring pgsql host -if [ "$postgresql" = 'yes' ]; then - $VESTA/bin/v-add-database-host pgsql localhost postgres $vpass - $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql -fi - -# Adding default domain -$VESTA/bin/v-add-domain admin $servername -check_result $? "can't create $servername domain" - -command="sudo $VESTA/bin/v-update-sys-queue disk" -$VESTA/bin/v-add-cron-job 'admin' '15' '02' '*' '*' '*' "$command" -command="sudo $VESTA/bin/v-update-sys-queue traffic" -$VESTA/bin/v-add-cron-job 'admin' '10' '00' '*' '*' '*' "$command" -command="sudo $VESTA/bin/v-update-sys-queue webstats" -$VESTA/bin/v-add-cron-job 'admin' '30' '03' '*' '*' '*' "$command" -command="sudo $VESTA/bin/v-update-sys-queue backup" -$VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" -command="sudo $VESTA/bin/v-backup-users" -$VESTA/bin/v-add-cron-job 'admin' '10' '05' '*' '*' '*' "$command" -command="sudo $VESTA/bin/v-update-user-stats" -$VESTA/bin/v-add-cron-job 'admin' '20' '00' '*' '*' '*' "$command" -command="sudo $VESTA/bin/v-update-sys-rrd" -$VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" -service crond restart - -# Building initial rrd images -$VESTA/bin/v-update-sys-rrd - -# Enabling file system quota -if [ "$quota" = 'yes' ]; then - $VESTA/bin/v-add-sys-quota -fi - -# Starting vesta service -chkconfig vesta on -service vesta start -check_result $? "vesta start failed" -chown admin:admin $VESTA/data/sessions - -# Adding notifications -$VESTA/upd/add_notifications.sh - -# Adding cronjob for autoupdates -$VESTA/bin/v-add-cron-vesta-autoupdate - - -#----------------------------------------------------------# -# Vesta Access Info # -#----------------------------------------------------------# - -# Sending install notification to vestacp.com -wget vestacp.com/notify/?$codename -O /dev/null -q - -# Comparing hostname and ip -host_ip=$(host $servername| head -n 1 | awk '{print $NF}') -if [ "$host_ip" = "$ip" ]; then - ip="$servername" -fi - -# Sending notification to admin email -echo -e "Congratulations, you have just successfully installed \ -Vesta Control Panel - - https://$ip:8083 - username: admin - password: $vpass - -We hope that you enjoy your installation of Vesta. Please \ -feel free to contact us anytime if you have any questions. -Thank you. - --- -Sincerely yours -vestacp.com team -" > $tmpfile - -send_mail="$VESTA/web/inc/mail-wrapper.php" -cat $tmpfile | $send_mail -s "Vesta Control Panel" $email - -# Congrats -echo '=======================================================' -echo -echo ' _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_| ' -echo ' _| _| _| _| _| _| _| ' -echo ' _| _| _|_|_| _|_| _| _|_|_|_| ' -echo ' _| _| _| _| _| _| _| ' -echo ' _| _|_|_|_| _|_|_| _| _| _| ' -echo -echo -cat $tmpfile -rm -f $tmpfile - -# EOF - diff --git a/install/vst-install.sh b/install/vst-install.sh index 30b96ef5..026393f7 100755 --- a/install/vst-install.sh +++ b/install/vst-install.sh @@ -41,12 +41,11 @@ fi case $(head -n1 /etc/issue | cut -f 1 -d ' ') in Debian) type="debian" ;; Ubuntu) type="ubuntu" ;; - Amazon) type="ami" ;; *) type="rhel" ;; esac # Fallback to Ubuntu -if [[ ! -e "/etc/redhat-release" && ! -e "/etc/system-release" ]]; then +if [ ! -e "/etc/redhat-release" ]; then type='ubuntu' fi @@ -75,4 +74,3 @@ if [ -e '/usr/bin/curl' ]; then fi exit -