github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-14 10:37:42 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge changes from upstream & more

Browse source
This commit is contained in:
ZonD Eighty 2013-01-10 22:14:34 +04:00
commit a2ac36b676
22 changed files with 5760 additions and 4261 deletions
Download patch file Download diff file Expand all files Collapse all files

680
install/0.9.7/rhel/exim.conf
View file

@ -1,340 +1,340 @@
##########################################################################
SPAMASSASSIN = yes
SPAM_SCORE = 10
CLAMD = yes
##########################################################################
domainlist local_domains = dsearch;/etc/exim/domains/
domainlist relay_to_domains = dsearch;/etc/exim/domains/
hostlist relay_from_hosts = 127.0.0.1
hostlist spammers = net-iplsearch;/etc/exim/spam-blocks.conf
acl_smtp_connect = acl_check_spammers
acl_smtp_mail = acl_check_mail
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
acl_smtp_mime = acl_check_mime
.ifdef SPAMASSASSIN
spamd_address = 127.0.0.1 783
.endif
.ifdef CLAMD
av_scanner = clamd: /var/run/clamav/clamd.sock
.endif
tls_advertise_hosts = *
tls_certificate = /etc/pki/tls/certs/exim.pem
tls_privatekey = /etc/pki/tls/private/exim.pem
daemon_smtp_ports = 25 : 465 : 587 : 2525
tls_on_connect_ports = 465
never_users = root
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 5s
ignore_bounce_errors_after = 2d
timeout_frozen_after = 7d
DKIM_DOMAIN = ${lc:${domain:$h_from:}}
DKIM_FILE = /etc/exim/domains/${lc:${domain:$h_from:}}/dkim.pem
DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
##########################################################################
begin acl
##########################################################################
acl_check_spammers:
drop message = Your host in blacklist on this server.
log_message = Host in blacklist
hosts = +spammers
deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\\n$dnslist_text
dnslists = ${readfile {/etc/exim/dnsbl.conf}{:}}
accept
acl_check_mail:
deny
condition = ${if eq{$sender_helo_name}{}}
message = HELO required before MAIL
drop
condition = ${if isip{$sender_helo_name}}
message = Access denied - Invalid HELO name (See RFC2821 4.1.3)
drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid
condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}}
condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}}
delay = 45s
# drop
# condition = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}}
# condition = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}}
# message = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
drop
condition = ${if isip{$sender_helo_name}}
message = Access denied - Invalid HELO name (See RFC2821 4.1.3)
drop
condition = ${if match{$sender_helo_name}{\N\.$\N}}
message = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
drop message = "REJECTED - Bad HELO - Host impersonating [$sender_helo_name]"
condition = ${if match{$sender_helo_name}{$primary_hostname}}
drop condition = ${if eq{[$interface_address]}{$sender_helo_name}}
message = $interface_address is _my_ address
accept
acl_check_rcpt:
accept hosts = :
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
require verify = sender
accept hosts = +relay_from_hosts
control = submission
accept local_parts = postmaster
domains = +local_domains
accept authenticated = *
control = submission/domain=
require message = relay not permitted
domains = +local_domains : +relay_to_domains
deny message = smtp auth requried
sender_domains = +local_domains
!authenticated = *
require verify = recipient
.ifdef CLAMD
warn set acl_m0 = no
warn condition = ${if exists {/etc/exim/domains/$domain/antivirus}{yes}{no}}
set acl_m0 = yes
.endif
.ifdef SPAMASSASSIN
warn set acl_m1 = no
warn condition = ${if exists {/etc/exim/domains/$domain/antispam}{yes}{no}}
set acl_m1 = yes
.endif
accept
acl_check_data:
.ifdef CLAMD
deny message = Message contains a virus ($malware_name) and has been rejected
malware = *
condition = ${if eq{$acl_m0}{yes}{yes}{no}}
.endif
.ifdef SPAMASSASSIN
warn
!authenticated = *
hosts = !+relay_from_hosts
condition = ${if < {$message_size}{100K}}
condition = ${if eq{$acl_m1}{yes}{yes}{no}}
spam = nobody:true/defer_ok
add_header = X-Spam-Score: $spam_score_int
add_header = X-Spam-Bar: $spam_bar
add_header = X-Spam-Report: $spam_report
set acl_m2 = $spam_score_int
warn
condition = ${if !eq{$acl_m2}{} {yes}{no}}
condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}}
add_header = X-Spam-Status: Yes
message = SpamAssassin detected spam (from $sender_address to $recipients).
.endif
accept
acl_check_mime:
deny message = Blacklisted file extension detected
condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh)$\N}{1}{0}}
accept
##########################################################################
begin authenticators
##########################################################################
dovecot_plain:
driver = dovecot
public_name = PLAIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
dovecot_login:
driver = dovecot
public_name = LOGIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
##########################################################################
begin routers
##########################################################################
dnslookup:
driver = dnslookup
domains = !+local_domains
transport = remote_smtp
# ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
#system_aliases:
# domains = +local_domains
# driver = redirect
# allow_fail
# allow_defer
# data = ${lookup{$local_part}lsearch{/etc/aliases}}
# file_transport = address_file
# pipe_transport = address_pipe
userforward:
driver = redirect
check_local_user
file = $home/.forward
allow_filter
no_verify
no_expn
check_ancestor
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
procmail:
driver = accept
check_local_user
require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail
transport = procmail
no_verify
autoreplay:
driver = accept
require_files = /etc/exim/domains/$domain/autoreply.${local_part}.msg
condition = ${if exists{/etc/exim/domains/$domain/autoreply.${local_part}.msg}}{yes}{no}}
retry_use_local_part
transport = userautoreply
unseen
aliases:
driver = redirect
headers_add = X-redirected: yes
data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}}
require_files = /etc/exim/domains/$domain/aliases
redirect_router = dnslookup
pipe_transport = address_pipe
unseen
localuser_spam:
driver = accept
transport = local_spam_delivery
condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}{yes}{no_such_user}}}}
localuser:
driver = accept
transport = local_delivery
condition = ${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}{true}{false}}
catchall:
driver = redirect
headers_add = X-redirected: yes
require_files = /etc/exim/domains/$domain/aliases
data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}}
file_transport = local_delivery
redirect_router = dnslookup
terminate_alias:
driver = accept
transport = devnull
condition = ${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}{true}{false}}
##########################################################################
begin transports
##########################################################################
remote_smtp:
driver = smtp
helo_data = $sender_address_domain
dkim_domain = DKIM_DOMAIN
dkim_selector = mail
dkim_private_key = DKIM_PRIVATE_KEY
dkim_canon = relaxed
dkim_strict = 0
procmail:
driver = pipe
command = "/usr/bin/procmail -d $local_part"
return_path_add
delivery_date_add
envelope_to_add
user = $local_part
initgroups
return_output
local_delivery:
driver = appendfile
maildir_format
maildir_use_size_file
user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}
group = mail
create_directory
directory_mode = 770
mode = 660
use_lockfile = no
delivery_date_add
envelope_to_add
return_path_add
directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part"
quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}M
quota_warn_threshold = 75%
local_spam_delivery:
driver = appendfile
maildir_format
maildir_use_size_file
user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}
group = mail
create_directory
directory_mode = 770
mode = 660
use_lockfile = no
delivery_date_add
envelope_to_add
return_path_add
directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part/.spam"
quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}M
quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part"
quota_warn_threshold = 75%
address_pipe:
driver = pipe
return_output
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
address_reply:
driver = autoreply
userautoreply:
driver = autoreply
file = /etc/exim/domains/$domain/autoreply.${local_part}.msg
from = "${local_part}@${domain}"
subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {Autoreply Message}}"
to = "${sender_address}"
devnull:
driver = appendfile
file = /dev/null
##########################################################################
begin retry
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
##########################################################################
begin rewrite
##########################################################################
SPAMASSASSIN = yes
SPAM_SCORE = 10
CLAMD = yes
##########################################################################
domainlist local_domains = dsearch;/etc/exim/domains/
domainlist relay_to_domains = dsearch;/etc/exim/domains/
hostlist relay_from_hosts = 127.0.0.1
hostlist spammers = net-iplsearch;/etc/exim/spam-blocks.conf
acl_smtp_connect = acl_check_spammers
acl_smtp_mail = acl_check_mail
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
acl_smtp_mime = acl_check_mime
.ifdef SPAMASSASSIN
spamd_address = 127.0.0.1 783
.endif
.ifdef CLAMD
av_scanner = clamd: /var/run/clamav/clamd.sock
.endif
tls_advertise_hosts = *
tls_certificate = /etc/pki/tls/certs/exim.pem
tls_privatekey = /etc/pki/tls/private/exim.pem
daemon_smtp_ports = 25 : 465 : 587 : 2525
tls_on_connect_ports = 465
never_users = root
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 5s
ignore_bounce_errors_after = 2d
timeout_frozen_after = 7d
DKIM_DOMAIN = ${lc:${domain:$h_from:}}
DKIM_FILE = /etc/exim/domains/${lc:${domain:$h_from:}}/dkim.pem
DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
##########################################################################
begin acl
##########################################################################
acl_check_spammers:
drop message = Your host in blacklist on this server.
log_message = Host in blacklist
hosts = +spammers
deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\\n$dnslist_text
dnslists = ${readfile {/etc/exim/dnsbl.conf}{:}}
accept
acl_check_mail:
deny
condition = ${if eq{$sender_helo_name}{}}
message = HELO required before MAIL
# drop
# condition = ${if isip{$sender_helo_name}}
# message = Access denied - Invalid HELO name (See RFC2821 4.1.3)
drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid
condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}}
condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}}
delay = 45s
# drop
# condition = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}}
# condition = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}}
# message = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
drop
condition = ${if isip{$sender_helo_name}}
message = Access denied - Invalid HELO name (See RFC2821 4.1.3)
# drop
# condition = ${if match{$sender_helo_name}{\N\.$\N}}
# message = Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
# drop message = "REJECTED - Bad HELO - Host impersonating [$sender_helo_name]"
# condition = ${if match{$sender_helo_name}{$primary_hostname}}
drop condition = ${if eq{[$interface_address]}{$sender_helo_name}}
message = $interface_address is _my_ address
accept
acl_check_rcpt:
accept hosts = :
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
require verify = sender
accept hosts = +relay_from_hosts
control = submission
accept local_parts = postmaster
domains = +local_domains
accept authenticated = *
control = submission/domain=
require message = relay not permitted
domains = +local_domains : +relay_to_domains
deny message = smtp auth requried
sender_domains = +local_domains
!authenticated = *
require verify = recipient
.ifdef CLAMD
warn set acl_m0 = no
warn condition = ${if exists {/etc/exim/domains/$domain/antivirus}{yes}{no}}
set acl_m0 = yes
.endif
.ifdef SPAMASSASSIN
warn set acl_m1 = no
warn condition = ${if exists {/etc/exim/domains/$domain/antispam}{yes}{no}}
set acl_m1 = yes
.endif
accept
acl_check_data:
.ifdef CLAMD
deny message = Message contains a virus ($malware_name) and has been rejected
malware = *
condition = ${if eq{$acl_m0}{yes}{yes}{no}}
.endif
.ifdef SPAMASSASSIN
warn
!authenticated = *
hosts = !+relay_from_hosts
condition = ${if < {$message_size}{100K}}
condition = ${if eq{$acl_m1}{yes}{yes}{no}}
spam = nobody:true/defer_ok
add_header = X-Spam-Score: $spam_score_int
add_header = X-Spam-Bar: $spam_bar
add_header = X-Spam-Report: $spam_report
set acl_m2 = $spam_score_int
warn
condition = ${if !eq{$acl_m2}{} {yes}{no}}
condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}}
add_header = X-Spam-Status: Yes
message = SpamAssassin detected spam (from $sender_address to $recipients).
.endif
accept
acl_check_mime:
deny message = Blacklisted file extension detected
condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh)$\N}{1}{0}}
accept
##########################################################################
begin authenticators
##########################################################################
dovecot_plain:
driver = dovecot
public_name = PLAIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
dovecot_login:
driver = dovecot
public_name = LOGIN
server_socket = /var/run/dovecot/auth-client
server_set_id = $auth1
##########################################################################
begin routers
##########################################################################
dnslookup:
driver = dnslookup
domains = !+local_domains
transport = remote_smtp
# ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
#system_aliases:
# domains = +local_domains
# driver = redirect
# allow_fail
# allow_defer
# data = ${lookup{$local_part}lsearch{/etc/aliases}}
# file_transport = address_file
# pipe_transport = address_pipe
userforward:
driver = redirect
check_local_user
file = $home/.forward
allow_filter
no_verify
no_expn
check_ancestor
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
procmail:
driver = accept
check_local_user
require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail
transport = procmail
no_verify
autoreplay:
driver = accept
require_files = /etc/exim/domains/$domain/autoreply.${local_part}.msg
condition = ${if exists{/etc/exim/domains/$domain/autoreply.${local_part}.msg}}{yes}{no}}
retry_use_local_part
transport = userautoreply
unseen
aliases:
driver = redirect
headers_add = X-redirected: yes
data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}}
require_files = /etc/exim/domains/$domain/aliases
redirect_router = dnslookup
pipe_transport = address_pipe
unseen
localuser_spam:
driver = accept
transport = local_spam_delivery
condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}{yes}{no_such_user}}}}
localuser:
driver = accept
transport = local_delivery
condition = ${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}{true}{false}}
catchall:
driver = redirect
headers_add = X-redirected: yes
require_files = /etc/exim/domains/$domain/aliases
data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}}
file_transport = local_delivery
redirect_router = dnslookup
terminate_alias:
driver = accept
transport = devnull
condition = ${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}{true}{false}}
##########################################################################
begin transports
##########################################################################
remote_smtp:
driver = smtp
helo_data = $sender_address_domain
dkim_domain = DKIM_DOMAIN
dkim_selector = mail
dkim_private_key = DKIM_PRIVATE_KEY
dkim_canon = relaxed
dkim_strict = 0
procmail:
driver = pipe
command = "/usr/bin/procmail -d $local_part"
return_path_add
delivery_date_add
envelope_to_add
user = $local_part
initgroups
return_output
local_delivery:
driver = appendfile
maildir_format
maildir_use_size_file
user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}
group = mail
create_directory
directory_mode = 770
mode = 660
use_lockfile = no
delivery_date_add
envelope_to_add
return_path_add
directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part"
quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}M
quota_warn_threshold = 75%
local_spam_delivery:
driver = appendfile
maildir_format
maildir_use_size_file
user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}
group = mail
create_directory
directory_mode = 770
mode = 660
use_lockfile = no
delivery_date_add
envelope_to_add
return_path_add
directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part/.spam"
quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}M
quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}/mail/$domain/$local_part"
quota_warn_threshold = 75%
address_pipe:
driver = pipe
return_output
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
address_reply:
driver = autoreply
userautoreply:
driver = autoreply
file = /etc/exim/domains/$domain/autoreply.${local_part}.msg
from = "${local_part}@${domain}"
subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {Autoreply Message}}"
to = "${sender_address}"
devnull:
driver = appendfile
file = /dev/null
##########################################################################
begin retry
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
##########################################################################
begin rewrite

63
install/0.9.7/rhel/roundcube-driver.php
View file

@ -1,3 +1,4 @@
<<<<<<< HEAD
<?php
/**
@ -52,3 +53,65 @@ class rcube_vesta_password
}
}
=======
<?php
/**
* Vesta Control Panel Password Driver
*
* @version 1.0
* @author Serghey Rodin <skid@vestacp.com>
*/
class rcube_vesta_password
{
function save($curpass, $passwd)
{
$rcmail = rcmail::get_instance();
$vesta_host = $rcmail->config->get('password_vesta_host');
if (empty($vesta_host))
{
$vesta_host = 'localhost';
}
$vesta_port = $rcmail->config->get('password_vesta_port');
if (empty($vesta_port))
{
$vesta_port = '8083';
}
$postvars = array(
'email' => $_SESSION['username'],
'password' => $curpass,
'new' => $passwd
);
$postdata = http_build_query($postvars);
$send = 'POST /reset/mail/ HTTP/1.1' . PHP_EOL;
$send .= 'Host: ' . $vesta_host . PHP_EOL;
$send .= 'User-Agent: PHP Script' . PHP_EOL;
$send .= 'Content-length: ' . strlen($postdata) . PHP_EOL;
$send .= 'Content-type: application/x-www-form-urlencoded' . PHP_EOL;
$send .= 'Connection: close' . PHP_EOL;
$send .= PHP_EOL;
$send .= $postdata . PHP_EOL . PHP_EOL;
$fp = fsockopen('ssl://' . $vesta_host, $vesta_port);
fputs($fp, $send);
$result = fread($fp, 2048);
fclose($fp);
if(strpos($result, 'ok') && !strpos($html, 'error'))
{
return PASSWORD_SUCCESS;
}
else {
return PASSWORD_ERROR;
}
}
}
>>>>>>> 994c40901078e48fe939536f7b366e29c2e44a1d

650
install/vst-install.sh
View file

@ -1,3 +1,4 @@
<<<<<<< HEAD
#!/bin/bash
# Vesta installer
@ -636,3 +637,652 @@ cd
bash
# EOF
=======
#!/bin/bash
# Vesta installer
# Define Variables
RHOST='r.vestacp.com'
CHOST='c.vestacp.com'
REPO='cmmnt'
VERSION='0.9.7'
YUM_REPO='/etc/yum.repos.d/vesta.repo'
arch=$(uname -i)
tools="screen mc libpng libjpeg curl libmcrypt mhash zip unzip freetype ntp
openssl flex libxml2 ImageMagick sqlite pcre sudo bc jwhois mailx lsof
tar telnet rsync"
rpms="nginx httpd mod_ssl mod_ruid2 mod_extract_forwarded mod_fcgid ftp
webalizer awstats mysql mysql-server php php-bcmath php-cli php-common
php-gd php-imap php-mbstring php-mcrypt php-mysql php-pdo php-soap php-tidy
php-xml php-xmlrpc phpMyAdmin exim dovecot clamd spamassassin roundcubemail
bind bind-utils bind-libs vsftpd rrdtool GeoIP vesta vesta-nginx vesta-php"
# Am I root?
if [ "x$(id -u)" != 'x0' ]; then
echo 'Error: this script can only be executed by root'
exit 1
fi
# Check supported version
if [ ! -e '/etc/redhat-release' ]; then
echo 'Error: sorry, we currently support RHEL and CentOS only'
exit 1
fi
os=$(cut -f 1 -d ' ' /etc/redhat-release)
if [ $os != 'CentOS' ] && [ $os != 'Red' ]; then
echo 'Error: sorry, we currently support RHEL and CentOS only'
fi
release=$(grep -o "[0-9]" /etc/redhat-release |head -n1)
help() {
echo "usage: $0 [OPTIONS]
-d, --disable-remi Disable remi
-e, --email Define email address
-h, --help Print this help and exit
-f, --force Force installation"
exit 1
}
# Translating argument to --gnu-long-options
for arg; do
delim=""
case "$arg" in
--help) args="${args}-h " ;;
--disable-remi) args="${args}-d " ;;
--force) args="${args}-f " ;;
--email) args="${args}-e " ;;
*) [[ "${arg:0:1}" == "-" ]] || delim="\""
args="${args}${delim}${arg}${delim} ";;
esac
done
eval set -- "$args"
# Getopt
while getopts "dhfe:" Option; do
case $Option in
d) disable_remi='yes' ;; # Disable remi repo
h) help ;; # Help
e) email=$OPTARG ;; # Contact email
f) force=yes ;; # Force install
*) help ;; # Default
esac
done
# Are you sure ?
if [ -z $email ]; then
echo
echo
echo
echo
echo
echo ' ***********************************************************'
echo
echo ' _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_| '
echo ' _| _| _| _| _| _| _| '
echo ' _| _| _|_|_| _|_| _| _|_|_|_| '
echo ' _| _| _| _| _| _| _| '
echo ' _| _|_|_|_| _|_|_| _| _| _| '
echo
echo
echo
echo
echo
echo
echo
echo
echo ' ***********************************************************'
echo
echo
read -n 1 -p 'Do you want to install Vesta Control Panel? [y/n]): ' answer
if [ "$answer" != 'y' ] && [ "$answer" != 'Y' ]; then
echo 'Goodbye'
exit 1
fi
echo
# Check email
read -p 'Please enter valid email address: ' email
fi
# Validate email
local_part=$(echo $email | cut -s -f1 -d\@)
remote_host=$(echo $email | cut -s -f2 -d\@)
mx_failed=1
if [ ! -z "$remote_host" ] && [ ! -z "$local_part" ]; then
/usr/bin/host -t mx "$remote_host" &> /dev/null
mx_failed="$?"
fi
if [ "$mx_failed" -eq 1 ]; then
echo "Error: email $email is not valid"
exit 1
fi
echo
echo
echo
echo
echo 'Installation will take about 15 minutes ...'
echo
sleep 2
# Check wget
if [ ! -e '/usr/bin/wget' ]; then
yum -y install wget
if [ $? -ne 0 ]; then
echo "Error: can't install wget"
exit 1
fi
fi
# Check repo availability
wget "$RHOST/$REPO/vesta.conf" -O /dev/null
if [ $? -ne 0 ]; then
echo "Error: no access to $REPO repository"
exit 1
fi
# Check installed packages
tmpfile=$(mktemp -p /tmp)
rpm -qa > $tmpfile
for rpm in $rpms; do
if [ ! -z "$(grep ^$rpm. $tmpfile)" ]; then
conflicts="$rpm $conflicts"
fi
done
rm -f $tmpfile
if [ ! -z "$conflicts" ] && [ -z "$force" ]; then
echo
echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!'
echo
echo 'Following rpm packages aleady installed:'
echo "$conflicts"
echo
echo 'It is highly recommended to remove them before proceeding.'
echo
echo 'If you want to force installation run this script with -f option:'
echo "Example: bash $0 --force"
echo
echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!'
echo
exit 1
fi
# Password generator
gen_pass() {
MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
LENGTH=10
while [ ${n:=1} -le $LENGTH ]; do
PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}"
let n+=1
done
echo "$PASS"
}
# Update system
yum -y update
if [ $? -ne 0 ]; then
echo 'Error: yum update failed'
exit 1
fi
# Install additional packages
yum -y install $tools
if [ $? -ne 0 ]; then
echo 'Error: yum install failed'
exit 1
fi
# Install EPEL repo
if [ ! -e '/etc/yum.repos.d/epel.repo' ]; then
if [ "$release" -eq '5' ]; then
epel="5/$arch/epel-release-5-4.noarch.rpm"
fi
if [ "$release" -eq '6' ]; then
epel="6/$arch/epel-release-6-8.noarch.rpm"
fi
rpm -ivh http://dl.fedoraproject.org/pub/epel/$epel
if [ $? -ne 0 ]; then
echo "Error: can't install EPEL repository"
exit 1
fi
fi
# Install remi repo
if [ ! -e '/etc/yum.repos.d/remi.repo' ]; then
if [ "$release" -eq '5' ]; then
remi="remi-release-5.rpm"
fi
if [ "$release" -eq '6' ]; then
remi="remi-release-6.rpm"
fi
rpm -ivh http://rpms.famillecollet.com/enterprise/$remi
if [ $? -ne 0 ]; then
echo "Error: can't install remi repository"
exit 1
fi
fi
# Install vesta repo
echo "[vesta]
name=Vesta - $REPO
baseurl=http://$RHOST/$REPO/$release/\$basearch/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-VESTA" > $YUM_REPO
wget $CHOST/GPG.txt -O /etc/pki/rpm-gpg/RPM-GPG-KEY-VESTA
# Checking if old MySQL stuff exists
if [ -e '/var/lib/mysql' ]; then
mv -f /var/lib/mysql /var/lib/mysql_old
fi
if [ -e '/etc/my.cnf' ]; then
mv -f /etc/my.cnf /etc/my.cnf_old
fi
if [ -e '/root/.my.cnf' ]; then
mv -f /root/.my.cnf
fi
# Install Vesta packages
if [ -z "$disable_remi" ]; then
yum -y --enablerepo=remi install $rpms
else
yum -y install $rpms
fi
if [ $? -ne 0 ]; then
echo 'Error: yum install failed'
exit 1
fi
# Configuring run levels
chkconfig iptables off
if [ -e /etc/init.d/sendmail ]; then
chkconfig sendmail off
fi
if [ -e /etc/init.d/postfix ]; then
chkconfig postfix off
fi
chkconfig vesta on
chkconfig httpd on
chkconfig nginx on
chkconfig mysqld on
chkconfig vsftpd on
chkconfig named on
chkconfig exim on
chkconfig clamd on
chkconfig spamassassin on
chkconfig dovecot on
# Make dirs more visible
echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile
# Vesta does not support SELINUX for now
if [ -e '/etc/sysconfig/selinux' ]; then
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
setenforce 0
fi
if [ -e '/etc/selinux/config' ]; then
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
fi
# Vesta use own webalizer routine
rm -f /etc/cron.daily/00webalizer
# NTP Synchronization
echo '#!/bin/sh' > /etc/cron.daily/ntpdate
echo "$(which ntpdate) -s pool.ntp.org" >> /etc/cron.daily/ntpdate
chmod 775 /etc/cron.daily/ntpdate
ntpdate -s pool.ntp.org
# Vesta Environment
echo "export VESTA='/usr/local/vesta'" > /etc/profile.d/vesta.sh
chmod 755 /etc/profile.d/vesta.sh
source /etc/profile.d/vesta.sh
echo 'PATH=$PATH:/usr/local/vesta/bin' >> /root/.bash_profile
echo 'export PATH' >> /root/.bash_profile
source /root/.bash_profile
mkdir -p $VESTA/conf
mkdir -p $VESTA/log
mkdir -p $VESTA/data
mkdir -p $VESTA/ssl
chmod 770 $VESTA/conf
# Make backup directory
vst_backups="/root/vst_install_backups/$(date +%s)"
mkdir -p $vst_backups
mkdir -p $vst_backups/nginx
mkdir -p $vst_backups/httpd
mkdir -p $vst_backups/mysql
mkdir -p $vst_backups/exim
mkdir -p $vst_backups/dovecot
mkdir -p $vst_backups/clamd
mkdir -p $vst_backups/vsftpd
mkdir -p $vst_backups/named
wget $RHOST/$REPO/vesta.conf -O $VESTA/conf/vesta.conf
if [ -e '/etc/sudoers' ]; then
mv /etc/sudoers $vst_backups/
fi
wget $CHOST/$VERSION/sudoers.conf -O /etc/sudoers
chmod 0440 /etc/sudoers
wget $CHOST/$VERSION/vesta.log -O /etc/logrotate.d/vesta
sed -i "s/umask 022/umask 002/g" /etc/profile
# Create backup directory
adduser backup
ln -s /home/backup /backup
chmod a+x /backup
# Configuring data templates
cd /usr/local/vesta/data
mkdir ips
mkdir queue
mkdir users
touch queue/backup.pipe
touch queue/disk.pipe
touch queue/webstats.pipe
touch queue/restart.pipe
touch queue/traffic.pipe
chmod 750 users
chmod 750 ips
chmod -R 750 queue
wget $CHOST/$VERSION/packages.tar.gz -O packages.tar.gz
tar -xzf packages.tar.gz
rm -f packages.tar.gz
cd /usr/local/vesta/data
wget $CHOST/$VERSION/templates.tar.gz -O templates.tar.gz
tar -xzf templates.tar.gz
rm -f templates.tar.gz
chmod -R 755 /usr/local/vesta/data/templates
cp templates/web/skel/public_html/index.html /var/www/html/
sed -i 's/%domain%/It worked!/g' /var/www/html/index.html
# Configuring ssl keys
cd /usr/local/vesta/ssl
wget $CHOST/$VERSION/certificate.crt -O certificate.crt
wget $CHOST/$VERSION/certificate.key -O certificate.key
# Adding admin user
vpass=$(gen_pass)
$VESTA/bin/v-add-user admin $vpass $email default System Administrator
if [ $? -ne 0 ]; then
echo "Error: can't create admin user"
exit 1
fi
# Set shell
$VESTA/bin/v-change-user-shell admin bash
# Apache
if [ -e '/etc/httpd/conf/httpd.conf' ]; then
mv /etc/httpd/conf/httpd.conf $vst_backups/httpd/
fi
if [ -e '/etc/httpd/conf.d/ssl.conf' ]; then
mv /etc/httpd/conf.d/ssl.conf $vst_backups/httpd/
fi
if [ -e '/etc/httpd/conf.d/proxy_ajp.conf' ]; then
mv /etc/httpd/conf.d/proxy_ajp.conf $vst_backups/httpd/
fi
wget $CHOST/$VERSION/httpd.conf -O /etc/httpd/conf/httpd.conf
wget $CHOST/$VERSION/httpd-status.conf -O /etc/httpd/conf.d/status.conf
wget $CHOST/$VERSION/httpd-ssl.conf -O /etc/httpd/conf.d/ssl.conf
wget $CHOST/$VERSION/httpd.log -O /etc/logrotate.d/httpd
echo "MEFaccept 127.0.0.1" >> /etc/httpd/conf.d/mod_extract_forwarded.conf
echo > /etc/httpd/conf.d/proxy_ajp.conf
echo > /etc/httpd/conf.d/vesta.conf
touch /var/log/httpd/access_log
touch /var/log/httpd/error_log
touch /var/log/httpd/suexec.log
mkdir -p /var/log/httpd/domains
chmod a+x /var/log/httpd
chmod 640 /var/log/httpd/access_log
chmod 640 /var/log/httpd/error_log
chmod 640 /var/log/httpd/suexec.log
chmod 751 /var/log/httpd/domains
# Nginx
if [ -e '/etc/nginx/nginx.conf' ]; then
mv /etc/nginx/nginx.conf $vst_backups/nginx/
fi
if [ -f '/etc/nginx/conf.d/default.conf' ]; then
mv /etc/nginx/conf.d/default.conf $vst_backups/nginx/
fi
if [ -e '/etc/nginx/conf.d/example_ssl.conf' ]; then
mv /etc/nginx/conf.d/example_ssl.conf $vst_backups/nginx/
fi
wget $CHOST/$VERSION/nginx.conf -O /etc/nginx/nginx.conf
wget $CHOST/$VERSION/nginx-status.conf -O /etc/nginx/conf.d/status.conf
touch /etc/nginx/conf.d/vesta_ip.conf
touch /etc/nginx/conf.d/vesta_users.conf
# VsFTP
if [ -e '/etc/vsftpd/vsftpd.conf' ]; then
mv /etc/vsftpd/vsftpd.conf $vst_backups/vsftpd/
fi
wget $CHOST/$VERSION/vsftpd.conf -O /etc/vsftpd/vsftpd.conf
# MySQL
if [ -e '/etc/my.cnf' ]; then
mv /etc/my.cnf $vst_backups/mysql/
fi
if [ -e '/root/.my.cnf' ]; then
mv /root/.my.cnf $vst_backups/mysql/
fi
mpass=$(gen_pass)
server_memory="$(grep 'MemTotal' /proc/meminfo |tr ' ' '\n' |grep [0-9])"
if [ "$server_memory" -gt '1000000' ]; then
wget $CHOST/$VERSION/mysql.cnf -O /etc/my.cnf
else
wget $CHOST/$VERSION/mysql-512.cnf -O /etc/my.cnf
fi
service mysqld start
mysqladmin -u root password $mpass
echo -e "[client]\npassword='$mpass'\n" >/root/.my.cnf
$VESTA/bin/v-add-database-server mysql localhost 3306 root $mpass
$VESTA/bin/v-add-database admin default default $(gen_pass) mysql
# Bind
if [ -e '/etc/named.conf' ]; then
mv /etc/named.conf $vst_backups/named/
fi
wget $CHOST/$VERSION/named.conf -O /etc/named.conf
chown root:named /etc/named.conf
chmod 640 /etc/named.conf
# Exim
if [ -e '/etc/exim/exim.conf' ]; then
mv /etc/exim/exim.conf $vst_backups/exim/
fi
if [ -e '/etc/clamd.conf' ]; then
mv /etc/clamd.conf $vst_backups/clamd/
fi
wget $CHOST/$VERSION/exim.conf -O /etc/exim/exim.conf
wget $CHOST/$VERSION/dnsbl.conf -O /etc/exim/dnsbl.conf
wget $CHOST/$VERSION/spam-blocks.conf -O /etc/exim/spam-blocks.conf
wget $CHOST/$VERSION/clamd.conf -O /etc/clamd.conf
mkdir /etc/exim/domains
chmod 640 /etc/exim/exim.conf
gpasswd -a clam exim
gpasswd -a exim mail
gpasswd -a clam mail
gpasswd -a dovecot mail
/usr/bin/freshclam
# Dovecot config
if [ "$release" -eq '5' ]; then
if -e [ '/etc/dovecot.conf' ]; then
mv /etc/dovecot.conf $vst_backups/dovecot/
fi
wget $CHOST/$VERSION/dovecot.conf -O /etc/dovecot.conf
else
if [ -e '/etc/dovecot' ]; then
mv /etc/dovecot/* $vst_backups/dovecot/
fi
wget $CHOST/$VERSION/dovecot.tar.gz -O /etc/dovecot.tar.gz
cd /etc/
tar -xzf dovecot.tar.gz
rm -f dovecot.tar.gz
fi
# PMA
wget $CHOST/$VERSION/httpd-pma.conf -O /etc/httpd/conf.d/phpMyAdmin.conf
wget $CHOST/$VERSION/pma.conf -O /etc/phpMyAdmin/config.inc.php
sed -i "s/%blowfish_secret%/$(gen_pass)/g" /etc/phpMyAdmin/config.inc.php
# Roundcube setup
wget $CHOST/$VERSION/httpd-webmail.conf -O /etc/httpd/conf.d/roundcubemail.conf
wget $CHOST/$VERSION/roundcube-main.conf -O /etc/roundcubemail/main.inc.php
wget $CHOST/$VERSION/roundcube-db.conf -O /etc/roundcubemail/db.inc.php
wget $CHOST/$VERSION/roundcube-driver.php -O /usr/share/roundcubemail/plugins/password/vesta.php
wget $CHOST/$VERSION/roundcube-pw.conf -O /usr/share/roundcubemail/plugins/password/config.inc.php
r="$(gen_pass)"
mysql -e "CREATE DATABASE roundcube"
mysql -e "GRANT ALL ON roundcube.* TO roundcube@localhost IDENTIFIED BY '$r'"
sed -i "s/%password%/$r/g" /etc/roundcubemail/db.inc.php
mysql roundcube < /usr/share/doc/roundcubemail-*/SQL/mysql.initial.sql
# Configuring ip
$VESTA/bin/v-update-sys-ip
# Get main ip
main_ip=$(ifconfig |grep 'inet addr:' |grep -v 127.0.0.1 |head -n1 |\
cut -f2 -d: | cut -f1 -d ' ')
# Add default web domain on main ip
$VESTA/bin/v-add-web-domain admin default.domain $main_ip
# Add default dns domain on main ip
$VESTA/bin/v-add-dns-domain admin default.domain $main_ip
# Add default mail domain
$VESTA/bin/v-add-mail-domain admin default.domain
# Configuring crond
command='sudo /usr/local/vesta/bin/v-update-sys-queue disk'
$VESTA/bin/v-add-cron-job 'admin' '15' '02' '*' '*' '*' "$command"
command='sudo /usr/local/vesta/bin/v-update-sys-queue traffic'
$VESTA/bin/v-add-cron-job 'admin' '10' '00' '*' '*' '*' "$command"
command='sudo /usr/local/vesta/bin/v-update-sys-queue webstats'
$VESTA/bin/v-add-cron-job 'admin' '30' '03' '*' '*' '*' "$command"
command='sudo /usr/local/vesta/bin/v-update-sys-queue backup'
$VESTA/bin/v-add-cron-job 'admin' '*/30' '*' '*' '*' '*' "$command"
command='sudo /usr/local/vesta/bin/v-backup-users'
$VESTA/bin/v-add-cron-job 'admin' '10' '05' '*' '*' '*' "$command"
command='sudo /usr/local/vesta/bin/v-update-user-stats'
$VESTA/bin/v-add-cron-job 'admin' '20' '00' '01' '*' '*' "$command"
command='sudo /usr/local/vesta/bin/v-update-sys-rrd'
$VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command"
# Creating symlink
ln -s /usr/local/vesta/log /var/log/vesta
# Stop unused services
services='iptables sendmail postfix'
for srv in $services; do
service $srv status > /dev/null
if [ $? -eq 0 ]; then
service $srv stop
fi
done
# Start system service
services='vesta httpd nginx vsftpd exim dovecot clamd spamassassin named crond'
for srv in $services; do
service $srv status > /dev/null
if [ $? -gt 0 ]; then
service $srv start
else
service $srv restart
fi
done
# Change sendmail client
rm -f /etc/alternatives/mta
ln -s /usr/sbin/sendmail.exim /etc/alternatives/mta
# Build inititall rrd images
$VESTA/bin/v-update-sys-rrd
# Send notification to vestacp.com
wget vestacp.com/notify/?$REPO -O /dev/null
# Get server ip
vst_ip=$(wget vestacp.com/what-is-my-ip/ -O - 2>/dev/null)
if [ ! -z "$vst_ip" ] && [ "$vst_ip" != "$main_ip" ]; then
# Assign passive ip address
echo "pasv_address=$vst_ip" >> /etc/vsftpd/vsftpd.conf
fi
if [ -z "$vst_ip" ]; then
vst_ip=$main_ip
fi
# Send email
echo -e "Congratulations, you have just successfully installed \
the Vesta Control Panel
You can login in Vesta with following credentials:
username: admin
password: $vpass
https://$vst_ip:8083
We hope that you enjoy your installation of Vesta. Please \
feel free to contact us anytime if you have any questions.
Thank you.
--
Sincerely yours
vestacp.com team
" > $tmpfile
cat $tmpfile | mail -s "Vesta Control Panel" $email
rm -f $tmpfile
# Congrats
echo
echo
echo ' ***********************************************************'
echo
echo ' _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_| '
echo ' _| _| _| _| _| _| _| '
echo ' _| _| _|_|_| _|_| _| _|_|_|_| '
echo ' _| _| _| _| _| _| _| '
echo ' _| _|_|_|_| _|_|_| _| _| _| '
echo
echo ' Congratulations, you have just successfully installed'
echo ' the Vesta Control Panel!'
echo
echo ' Now you can login in Vesta with following credentials:'
echo ' username: admin'
echo " password: $vpass"
echo " https://$vst_ip:8083/"
echo
echo
echo ' Thank you for using our product.'
echo
echo ' ***********************************************************'
echo
echo
# Tricky way to get new PATH variable
cd
bash
# EOF
>>>>>>> 994c40901078e48fe939536f7b366e29c2e44a1d