diff --git a/install/vst-install-rhel.sh b/install/vst-install-rhel.sh new file mode 100644 index 00000000..01eec098 --- /dev/null +++ b/install/vst-install-rhel.sh @@ -0,0 +1,871 @@ +#!/bin/bash + +# Vesta RHEL/CentOS installer v.03 + +#----------------------------------------------------------# +# Variables&Functions # +#----------------------------------------------------------# +export PATH=$PATH:/sbin +RHOST='r.vestacp.com' +CHOST='c.vestacp.com' +REPO='cmmnt' +VERSION='0.9.8/rhel' +YUM_REPO='/etc/yum.repos.d/vesta.repo' +software="nginx httpd mod_ssl mod_ruid2 mod_extract_forwarded mod_fcgid + php php-bcmath php-cli php-common php-gd php-imap php-mbstring php-mcrypt + php-mysql php-pdo php-soap php-tidy php-xml php-xmlrpc php-pecl-apc + phpMyAdmin awstats webalizer vsftpd mysql mysql-server exim dovecot clamd + spamassassin curl roundcubemail bind bind-utils bind-libs mc screen ftp + libpng libjpeg libmcrypt mhash zip unzip openssl flex rssh libxml2 + ImageMagick sqlite pcre sudo bc jwhois mailx lsof tar telnet rsync + rrdtool GeoIP freetype ntp openssh-clients vesta vesta-nginx vesta-php" + +help() { + echo "usage: $0 [OPTIONS] + -d, --disable-remi Disable remi + -e, --email Define email address + -h, --help Print this help and exit + -f, --force Force installation + -n, --noupdate Do not run yum update command" + exit 1 +} + +# Password generator +gen_pass() { + MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' + LENGTH=10 + while [ ${n:=1} -le $LENGTH ]; do + PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}" + let n+=1 + done + echo "$PASS" +} + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +# Translating argument to --gnu-long-options +for arg; do + delim="" + case "$arg" in + --help) args="${args}-h " ;; + --disable-remi) args="${args}-d " ;; + --force) args="${args}-f " ;; + --email) args="${args}-e " ;; + --noupdate) args="${args}-n " ;; + *) [[ "${arg:0:1}" == "-" ]] || delim="\"" + args="${args}${delim}${arg}${delim} ";; + esac +done +eval set -- "$args" + +# Getopt +while getopts "dhfne:" Option; do + case $Option in + d) disable_remi='yes' ;; # Disable remi repo + h) help ;; # Help + e) email=$OPTARG ;; # Set email + f) force='yes' ;; # Force install + n) noupdate='yes' ;; # Disable yum update + *) help ;; # Default + esac +done + +# Am I root? +if [ "x$(id -u)" != 'x0' ]; then + echo 'Error: this script can only be executed by root' + exit 1 +fi + +# Check supported version +if [ ! -e '/etc/redhat-release' ]; then + echo 'Error: sorry, we currently support RHEL and CentOS only' + exit 1 +fi + +# Check supported OS +arch=$(uname -i) +os=$(cut -f 1 -d ' ' /etc/redhat-release) +release=$(grep -o "[0-9]" /etc/redhat-release |head -n1) +codename="${os}_$release" +if [ $os != 'CentOS' ] && [ $os != 'Red' ]; then + echo 'Error: sorry, we currently support RHEL and CentOS only' +fi + +# Check admin user account +if [ ! -z "$(grep ^admin: /etc/passwd)" ] && [ "$force" != 'yes' ]; then + echo "Error: user admin exists" + echo + echo 'Please remove admin user account before proceeding.' + echo 'If you want to do it automatically run installer with -f option:' + echo "Example: bash $0 --force" + exit 1 +fi + +# Check admin user account +if [ ! -z "$(grep ^admin: /etc/group)" ] && [ "$force" != 'yes' ]; then + echo "Error: user admin exists" + echo + echo 'Please remove admin user account before proceeding.' + echo 'If you want to do it automatically run installer with -f option:' + echo "Example: bash $0 --force" + exit 1 +fi + +# Check wget +if [ ! -e '/usr/bin/wget' ]; then + yum -y install wget + if [ $? -ne 0 ]; then + echo "Error: can't install wget" + exit 1 + fi +fi + +# Check repo availability +wget -q "$CHOST/$VERSION/vesta.conf" -O /dev/null +if [ $? -ne 0 ]; then + echo "Error: no access to $REPO repository" + exit 1 +fi + +# Check installed packages +tmpfile=$(mktemp -p /tmp) +rpm -qa > $tmpfile +for pkg in exim bind-9 mysql-server httpd nginx vesta; do + if [ ! -z "$(grep $pkg $tmpfile)" ]; then + conflicts="$pkg $conflicts" + fi +done +rm -f $tmpfile +if [ ! -z "$conflicts" ] && [ -z "$force" ]; then + echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!' + echo + echo 'Following rpm packages are already installed:' + echo "$conflicts" + echo + echo 'It is highly recommended to remove them before proceeding.' + echo 'If you want to force installation run this script with -f option:' + echo "Example: bash $0 --force" + echo + echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!' + echo + exit 1 +fi + +# Check server type +memory=$(grep 'MemTotal' /proc/meminfo |tr ' ' '\n' |grep [0-9]) +if [ "$memory" -lt '350000' ] && [ -z "$force" ]; then + echo "Error: not enough memory to install Vesta Control Panel." + echo -e "\nMinimum RAM required: 350Mb" + echo 'If you want to force installation run this script with -f option:' + echo "Example: bash $0 --force" + exit 1 +fi +srv_type='micro' + +if [ "$memory" -gt '1000000' ]; then + srv_type='small' +fi + +if [ "$memory" -gt '3000000' ]; then + srv_type='medium' +fi + +if [ "$memory" -gt '7000000' ]; then + srv_type='large' +fi + +# Are you sure ? +if [ -z $email ]; then + clear + echo + echo ' _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_| ' + echo ' _| _| _| _| _| _| _| ' + echo ' _| _| _|_|_| _|_| _| _|_|_|_| ' + echo ' _| _| _| _| _| _| _| ' + echo ' _| _|_|_|_| _|_|_| _| _| _| ' + echo + echo ' Vesta Control Panel' + echo + echo + echo 'Following software will be installed on your system:' + echo ' - Nginx frontend web server' + echo ' - Apache application web server' + echo ' - Bind DNS server' + echo ' - Exim mail server' + echo ' - Dovecot IMAP and POP3 server' + if [ "$srv_type" = 'medium' ] || [ "$srv_type" = 'large' ]; then + echo ' - Clam mail antivirus' + echo ' - SpamAssassin antispam' + fi + echo ' - MySQL database server' + echo ' - Vsftpd FTP server' + echo + echo ' * SELinux and Iptables will be disabled' + echo + + read -p 'Do you want to proceed? [y/n]): ' answer + if [ "$answer" != 'y' ] && [ "$answer" != 'Y' ]; then + echo 'Goodbye' + exit 1 + fi + + # Check email + read -p 'Please enter valid email address: ' email +fi + +# Validate email +local_part=$(echo $email | cut -s -f1 -d\@) +remote_host=$(echo $email | cut -s -f2 -d\@) +mx_failed=1 +if [ ! -z "$remote_host" ] && [ ! -z "$local_part" ]; then + /usr/bin/host -t mx "$remote_host" > /dev/null 2>&1 + mx_failed="$?" +fi + +if [ "$mx_failed" -eq 1 ]; then + echo "Error: email $email is not valid" + exit 1 +fi + +# Check for ipv6 on loopback interface +check_lo_ipv6=$(/sbin/ifconfig lo| grep 'inet6 addr') +check_rc_ipv6=$(grep 'scope global dev lo' /etc/rc.local) +if [ ! -z "$check_lo_ipv6)" ] && [ -z "$check_rc_ipv6" ]; then + ip addr add ::2/128 scope global dev lo + echo "# Vesta: Workraround for openssl validation func" >> /etc/rc.local + echo "ip addr add ::2/128 scope global dev lo" >> /etc/rc.local + chmod a+x /etc/rc.local +fi + + +#----------------------------------------------------------# +# Install repository # +#----------------------------------------------------------# +# Let's start +echo -e "\n\n\n\nInstallation will take about 15 minutes ...\n" +sleep 5 + +# Update system +if [ -z "$noupdate" ]; then + yum -y update + if [ $? -ne 0 ]; then + echo 'Error: yum update failed' + exit 1 + fi +fi + +# Install EPEL repo +if [ ! -e '/etc/yum.repos.d/epel.repo' ]; then + if [ "$release" -eq '5' ]; then + epel="5/$arch/epel-release-5-4.noarch.rpm" + fi + + if [ "$release" -eq '6' ]; then + epel="6/$arch/epel-release-6-8.noarch.rpm" + fi + + rpm -ivh http://dl.fedoraproject.org/pub/epel/$epel + if [ $? -ne 0 ]; then + echo "Error: can't install EPEL repository" + exit 1 + fi +fi + +# Install remi repo +if [ ! -e '/etc/yum.repos.d/remi.repo' ]; then + if [ "$release" -eq '5' ]; then + remi="remi-release-5.rpm" + fi + + if [ "$release" -eq '6' ]; then + remi="remi-release-6.rpm" + fi + + rpm -ivh http://rpms.famillecollet.com/enterprise/$remi + if [ $? -ne 0 ]; then + echo "Error: can't install remi repository" + exit 1 + fi +fi + +# Install nginx repo +if [ ! -e '/etc/yum.repos.d/nginx.repo' ]; then + echo "[nginx]" > /etc/yum.repos.d/nginx.repo + echo "name=nginx repo" >> /etc/yum.repos.d/nginx.repo + echo "baseurl=http://nginx.org/packages/centos/$release/\$basearch/" \ + >> /etc/yum.repos.d/nginx.repo + echo "gpgcheck=0" >> /etc/yum.repos.d/nginx.repo + echo "enabled=1" >> /etc/yum.repos.d/nginx.repo +fi + +# Install vesta repo +echo "[vesta]" > $YUM_REPO +echo "name=Vesta - $REPO" >> $YUM_REPO +echo "baseurl=http://$RHOST/$REPO/$release/\$basearch/" >> $YUM_REPO +echo "enabled=1" >> $YUM_REPO +echo "gpgcheck=1" >> $YUM_REPO +echo "gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-VESTA" >> $YUM_REPO +wget $CHOST/GPG.txt -O /etc/pki/rpm-gpg/RPM-GPG-KEY-VESTA + + +#----------------------------------------------------------# +# Backups # +#----------------------------------------------------------# + +# Prepare backup tree +vst_backups="/root/vst_install_backups/$(date +%s)" +mkdir -p $vst_backups/nginx +mkdir -p $vst_backups/httpd +mkdir -p $vst_backups/mysql +mkdir -p $vst_backups/exim +mkdir -p $vst_backups/dovecot +mkdir -p $vst_backups/clamd +mkdir -p $vst_backups/spamassassin +mkdir -p $vst_backups/vsftpd +mkdir -p $vst_backups/named +mkdir -p $vst_backups/vesta/admin +mkdir -p $vst_backups/home + +# Backup sudoers +if [ -e '/etc/sudoers' ]; then + cp /etc/sudoers $vst_backups/ +fi + +# Backup nginx +service nginx stop > /dev/null 2>&1 +if [ -e '/etc/nginx/nginx.conf' ]; then + cp -r /etc/nginx/* $vst_backups/nginx/ +fi + +# Backup httpd +service httpd stop > /dev/null 2>&1 +if [ -e '/etc/httpd/conf/httpd.conf' ]; then + cp -r /etc/httpd/* $vst_backups/httpd/ +fi + +# Backup bind +service named stop > /dev/null 2>&1 +if [ -e '/etc/named.conf' ]; then + cp /etc/named.conf $vst_backups/named/ +fi + +# Backup vsftpd +service vsftpd stop > /dev/null 2>&1 +if [ -e '/etc/vsftpd/vsftpd.conf' ]; then + cp /etc/vsftpd/vsftpd.conf $vst_backups/vsftpd/ +fi + +# Backup exim +service exim stop > /dev/null 2>&1 +if [ -e '/etc/exim/exim.conf' ]; then + cp -r /etc/exim/* $vst_backups/exim/ +fi + +# Backup clamav +service clamd stop > /dev/null 2>&1 +if [ -e '/etc/clamd.conf' ]; then + cp /etc/clamd.conf $vst_backups/clamd/ +fi + +# Backup SpamAssassin +service spamassassin stop > /dev/null 2>&1 +if [ -e '/etc/mail/spamassassin' ]; then + cp -r /etc/mail/spamassassin/* $vst_backups/spamassassin/ +fi + +# Backup dovecot +service dovecot stop > /dev/null 2>&1 +if [ -e '/etc/dovecot.conf' ]; then + cp /etc/dovecot.conf $vst_backups/dovecot/ +fi +if [ -e '/etc/dovecot' ]; then + cp -r /etc/dovecot/* $vst_backups/dovecot/ +fi + +# Backup MySQL stuff +service mysqld stop > /dev/null 2>&1 +if [ -e '/var/lib/mysql' ]; then + mv /var/lib/mysql $vst_backups/mysql/mysql_datadir +fi +if [ -e '/etc/my.cnf' ]; then + cp /etc/my.cnf $vst_backups/mysql/ +fi +if [ -e '/root/.my.cnf' ]; then + mv /root/.my.cnf $vst_backups/mysql/ +fi + +# Backup vesta +service vesta stop > /dev/null 2>&1 +if [ -e '/usr/local/vesta/data' ]; then + mv /usr/local/vesta/data $vst_backups/vesta/ +fi + +if [ -e '/usr/local/vesta/conf' ]; then + mv /usr/local/vesta/conf $vst_backups/vesta/ +fi + +if [ -e '/home/admin/conf/' ]; then + mv /home/admin/conf/ $vst_backups/vesta/admin +fi + + +#----------------------------------------------------------# +# Install packages # +#----------------------------------------------------------# + +# Exclude heavy packages +if [ "$srv_type" = 'micro' ]; then + software=$(echo "$software" | sed -e 's/mod_fcgid//') + software=$(echo "$software" | sed -e 's/clamd//') + software=$(echo "$software" | sed -e 's/spamassassin//') +fi + +if [ "$srv_type" = 'small' ]; then + software=$(echo "$software" | sed -e 's/clamd//') + software=$(echo "$software" | sed -e 's/spamassassin//') +fi + +# Install Vesta packages +if [ -z "$disable_remi" ]; then + yum -y --disablerepo=* --enablerepo="base,updates,nginx,epel,vesta,remi" \ + install $software +else + yum -y --disablerepo=* --enablerepo="base,updates,nginx,epel,vesta" \ + install $software +fi +if [ $? -ne 0 ]; then + echo 'Error: yum install failed' + exit 1 +fi + + +#----------------------------------------------------------# +# Configure system # +#----------------------------------------------------------# + +# Set writable permission on tmp directory +chmod 777 /tmp + +# Disabling SELinux +if [ -e '/etc/sysconfig/selinux' ]; then + sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux + setenforce 0 +fi +if [ -e '/etc/selinux/config' ]; then + sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config + setenforce 0 +fi + +# Disabling iptables +chkconfig iptables off +service iptables stop + +# Disabling webalizer routine +rm -f /etc/cron.daily/00webalizer + +# Set directory color +echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile + +# Sudo configuration +wget $CHOST/$VERSION/sudoers.conf -O /etc/sudoers +chmod 0440 /etc/sudoers + +# NTP Synchronization +echo '#!/bin/sh' > /etc/cron.daily/ntpdate +echo "$(which ntpdate) -s pool.ntp.org" >> /etc/cron.daily/ntpdate +chmod 775 /etc/cron.daily/ntpdate +ntpdate -s pool.ntp.org + +# Setup rssh +if [ -z "$(grep /usr/bin/rssh /etc/shells)" ]; then + echo /usr/bin/rssh >> /etc/shells +fi +sed -i 's/#allowscp/allowscp/' /etc/rssh.conf +sed -i 's/#allowsftp/allowsftp/' /etc/rssh.conf +sed -i 's/#allowrsync/allowrsync/' /etc/rssh.conf +chmod 755 /usr/bin/rssh + +# Nginx configuration +rm -f /etc/nginx/conf.d/*.conf +wget $CHOST/$VERSION/nginx.conf -O /etc/nginx/nginx.conf +wget $CHOST/$VERSION/nginx-status.conf -O /etc/nginx/conf.d/status.conf +touch /etc/nginx/conf.d/vesta.conf +chkconfig nginx on +service nginx start +if [ "$?" -ne 0 ]; then + echo "Error: nginx start failed" + exit 1 +fi + +# Apache configuration +wget $CHOST/$VERSION/httpd.conf -O /etc/httpd/conf/httpd.conf +wget $CHOST/$VERSION/httpd-status.conf -O /etc/httpd/conf.d/status.conf +wget $CHOST/$VERSION/httpd-ssl.conf -O /etc/httpd/conf.d/ssl.conf +wget $CHOST/$VERSION/httpd.log -O /etc/logrotate.d/httpd +echo "MEFaccept 127.0.0.1" >> /etc/httpd/conf.d/mod_extract_forwarded.conf +rm -f /etc/httpd/conf.d/proxy_ajp.conf +echo > /etc/httpd/conf.d/proxy_ajp.conf +rm -f /etc/httpd/conf.d/vesta.conf +echo > /etc/httpd/conf.d/vesta.conf +touch /var/log/httpd/access_log +touch /var/log/httpd/error_log +touch /var/log/httpd/suexec.log +mkdir -p /var/log/httpd/domains +chmod a+x /var/log/httpd +chmod 640 /var/log/httpd/access_log +chmod 640 /var/log/httpd/error_log +chmod 640 /var/log/httpd/suexec.log +chmod 751 /var/log/httpd/domains +chkconfig httpd on +service httpd start +if [ "$?" -ne 0 ]; then + echo "Error: httpd start failed" + exit 1 +fi + +# Vsftpd configuration +wget $CHOST/$VERSION/vsftpd.conf -O /etc/vsftpd/vsftpd.conf +chkconfig vsftpd on +service vsftpd start +if [ "$?" -ne 0 ]; then + echo "Error: vsftpd start failed" + exit 1 +fi + +# MySQL configuration +mpass=$(gen_pass) +if [ "$srv_type" = 'micro' ]; then + wget $CHOST/$VERSION/mysql-512.cnf -O /etc/my.cnf +else + wget $CHOST/$VERSION/mysql.cnf -O /etc/my.cnf +fi + +chkconfig mysqld on +service mysqld start +if [ "$?" -ne 0 ]; then + + # Fix for aio on OpenVZ + if [ -e "/proc/user_beancounters" ]; then + sed -i "s/#innodb_use_native_aio/innodb_use_native_aio/g" /etc/my.cnf + fi + + service mysqld start + if [ "$?" -ne 0 ]; then + echo "Error: mysqld start failed" + exit 1 + fi +fi + +mysqladmin -u root password $mpass +echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf +chmod 600 /root/.my.cnf +mysql -e "DELETE FROM mysql.user WHERE User=''" +mysql -e "DROP DATABASE test" +mysql -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'" +mysql -e "DELETE FROM mysql.user WHERE user='' or password='';" +mysql -e "FLUSH PRIVILEGES" + +# Bind configuration +wget $CHOST/$VERSION/named.conf -O /etc/named.conf +chown root:named /etc/named.conf +chmod 640 /etc/named.conf +chkconfig named on +service named start +if [ "$?" -ne 0 ]; then + echo "Error: named start failed" + exit 1 +fi + +# Exim +wget $CHOST/$VERSION/exim.conf -O /etc/exim/exim.conf +if [ "$srv_type" = 'micro' ] || [ "$srv_type" = 'small' ]; then + sed -i "s/^SPAMASSASSIN/#SPAMASSASSIN/g" /etc/exim/exim.conf + sed -i "s/^CLAMD/#CLAMD/g" /etc/exim/exim.conf +fi +wget $CHOST/$VERSION/dnsbl.conf -O /etc/exim/dnsbl.conf +wget $CHOST/$VERSION/spam-blocks.conf -O /etc/exim/spam-blocks.conf +touch /etc/exim/white-blocks.conf +rm -rf /etc/exim/domains +mkdir -p /etc/exim/domains +chmod 640 /etc/exim/exim.conf +gpasswd -a exim mail +if [ -e /etc/init.d/sendmail ]; then + chkconfig sendmail off + service sendmail stop +fi +if [ -e /etc/init.d/postfix ]; then + chkconfig postfix off + service postfix stop +fi +rm -f /etc/alternatives/mta +ln -s /usr/sbin/sendmail.exim /etc/alternatives/mta +chkconfig exim on +service exim start +if [ "$?" -ne 0 ]; then + echo "Error: exim start failed" + exit 1 +fi + +# Dovecot configuration +if [ "$release" -eq '5' ]; then + wget $CHOST/$VERSION/dovecot.conf -O /etc/dovecot.conf +else + wget $CHOST/$VERSION/dovecot.tar.gz -O /etc/dovecot.tar.gz + cd /etc/ + rm -rf dovecot + tar -xzf dovecot.tar.gz + rm -f dovecot.tar.gz + chown -R root:root /etc/dovecot +fi +gpasswd -a dovecot mail +chkconfig dovecot on +service dovecot start +if [ "$?" -ne 0 ]; then + echo "Error: dovecot start failed" + exit 1 +fi + +# ClamAV configuration +if [ "$srv_type" = 'medium' ] || [ "$srv_type" = 'large' ]; then + wget $CHOST/$VERSION/clamd.conf -O /etc/clamd.conf + wget $CHOST/$VERSION/freshclam.conf -O /etc/freshclam.conf + gpasswd -a clam exim + gpasswd -a clam mail + /usr/bin/freshclam + chkconfig clamd on + service clamd start + if [ "$?" -ne 0 ]; then + echo "Error: clamd start failed" + exit 1 + fi +fi + +# SpamAssassin configuration +if [ "$srv_type" = 'medium' ] || [ "$srv_type" = 'large' ]; then + chkconfig spamassassin on + service spamassassin start + if [ "$?" -ne 0 ]; then + echo "Error: spamassassin start failed" + exit 1 + fi +fi + +# php configuration +sed -i 's/short_open_tag = Off/short_open_tag = On/g' /etc/php.ini +sed -i "s/;date.timezone =/date.timezone = UTC/g" /etc/php.ini + +# phpMyAdmin configuration +wget $CHOST/$VERSION/httpd-pma.conf -O /etc/httpd/conf.d/phpMyAdmin.conf +wget $CHOST/$VERSION/pma.conf -O /etc/phpMyAdmin/config.inc.php +sed -i "s/%blowfish_secret%/$(gen_pass)/g" /etc/phpMyAdmin/config.inc.php + +# Roundcube configuration +wget $CHOST/$VERSION/httpd-webmail.conf -O /etc/httpd/conf.d/roundcubemail.conf +wget $CHOST/$VERSION/roundcube-main.conf -O /etc/roundcubemail/main.inc.php +wget $CHOST/$VERSION/roundcube-db.conf -O /etc/roundcubemail/db.inc.php +wget $CHOST/$VERSION/roundcube-driver.php -O \ + /usr/share/roundcubemail/plugins/password/drivers/vesta.php +wget $CHOST/$VERSION/roundcube-pw.conf -O \ + /usr/share/roundcubemail/plugins/password/config.inc.php +r="$(gen_pass)" +mysql -e "CREATE DATABASE roundcube" +mysql -e "GRANT ALL ON roundcube.* TO roundcube@localhost IDENTIFIED BY '$r'" +sed -i "s/%password%/$r/g" /etc/roundcubemail/db.inc.php +mysql roundcube < /usr/share/doc/roundcubemail-*/SQL/mysql.initial.sql + +# Vesta configuration +echo "export VESTA='/usr/local/vesta'" > /etc/profile.d/vesta.sh +chmod 755 /etc/profile.d/vesta.sh +source /etc/profile.d/vesta.sh +echo 'PATH=$PATH:/usr/local/vesta/bin' >> /root/.bash_profile +echo 'export PATH' >> /root/.bash_profile +source /root/.bash_profile +wget $CHOST/$VERSION/vesta.log -O /etc/logrotate.d/vesta + +# Directory tree +mkdir -p $VESTA/conf +mkdir -p $VESTA/log +mkdir -p $VESTA/ssl +mkdir -p $VESTA/data +mkdir -p $VESTA/data/ips +mkdir -p $VESTA/data/queue +mkdir -p $VESTA/data/users +touch $VESTA/data/queue/backup.pipe +touch $VESTA/data/queue/disk.pipe +touch $VESTA/data/queue/webstats.pipe +touch $VESTA/data/queue/restart.pipe +touch $VESTA/data/queue/traffic.pipe +chmod 750 $VESTA/conf +chmod 750 $VESTA/data/users +chmod 750 $VESTA/data/ips +chmod -R 750 $VESTA/data/queue +ln -s /usr/local/vesta/log /var/log/vesta +touch /var/log/vesta/system.log +touch /var/log/vesta/nginx-error.log +touch /var/log/vesta/auth.log +chmod 660 /var/log/vesta/* +adduser backup +ln -s /home/backup /backup +chmod a+x /backup + +# vesta.conf +wget $CHOST/$VERSION/vesta.conf -O $VESTA/conf/vesta.conf +if [ "$srv_type" = 'micro' ] || [ "$srv_type" = 'small' ]; then + sed -i "s/clamav//g" $VESTA/conf/vesta.conf + sed -i "s/spamassassin//g" $VESTA/conf/vesta.conf +fi + +# Templates +cd /usr/local/vesta/data +wget $CHOST/$VERSION/packages.tar.gz -O packages.tar.gz +tar -xzf packages.tar.gz +rm -f packages.tar.gz +cd /usr/local/vesta/data +wget $CHOST/$VERSION/templates.tar.gz -O templates.tar.gz +tar -xzf templates.tar.gz +rm -f templates.tar.gz +chmod -R 755 /usr/local/vesta/data/templates +cp templates/web/skel/public_html/index.html /var/www/html/ +sed -i 's/%domain%/It worked!/g' /var/www/html/index.html +if [ "$srv_type" = 'micro' ]; then + rm -f /usr/local/vesta/data/templates/web/httpd/phpfcgid.* +fi + +# Default SSL keys +cd /usr/local/vesta/ssl +wget $CHOST/$VERSION/certificate.crt -O certificate.crt +wget $CHOST/$VERSION/certificate.key -O certificate.key + +# Adding admin user +if [ ! -z "$(grep ^admin: /etc/passwd)" ] && [ "$force" = 'yes' ]; then + chattr -i /home/admin/conf > /dev/null 2>&1 + userdel -f admin + chattr -i /home/admin/conf + mv -f /home/admin $vst_backups/home/ + rm -f /tmp/sess_* +fi +if [ ! -z "$(grep ^admin: /etc/group)" ] && [ "$force" = 'yes' ]; then + groupdel admin > /dev/null 2>&1 +fi +vpass=$(gen_pass) +$VESTA/bin/v-add-user admin $vpass $email default System Administrator +if [ $? -ne 0 ]; then + echo "Error: can't create admin user" + exit 1 +fi +$VESTA/bin/v-change-user-shell admin bash +$VESTA/bin/v-change-user-language admin en + +# Configure mysql host +$VESTA/bin/v-add-database-host mysql localhost root $mpass +$VESTA/bin/v-add-database admin default default $(gen_pass) mysql + +# Configuring system ips +$VESTA/bin/v-update-sys-ip + +# Get main ip +main_ip=$(ifconfig |grep 'inet addr:' |grep -v 127.0.0.1 |head -n1 | \ + cut -f2 -d: | cut -f1 -d ' ') + +# Get remote ip +vst_ip=$(wget vestacp.com/what-is-my-ip/ -O - 2>/dev/null) +if [ ! -z "$vst_ip" ] && [ "$vst_ip" != "$main_ip" ]; then + # Set NAT association + $VESTA/bin/v-change-sys-ip-nat $main_ip $vst_ip +fi +if [ -z "$vst_ip" ]; then + vst_ip=$main_ip +fi + +# Add default web domain +$VESTA/bin/v-add-web-domain admin default.domain $vst_ip + +# Add default dns domain +$VESTA/bin/v-add-dns-domain admin default.domain $vst_ip + +# Add default mail domain +$VESTA/bin/v-add-mail-domain admin default.domain + +# Configuring crond +command='sudo /usr/local/vesta/bin/v-update-sys-queue disk' +$VESTA/bin/v-add-cron-job 'admin' '15' '02' '*' '*' '*' "$command" +command='sudo /usr/local/vesta/bin/v-update-sys-queue traffic' +$VESTA/bin/v-add-cron-job 'admin' '10' '00' '*' '*' '*' "$command" +command='sudo /usr/local/vesta/bin/v-update-sys-queue webstats' +$VESTA/bin/v-add-cron-job 'admin' '30' '03' '*' '*' '*' "$command" +command='sudo /usr/local/vesta/bin/v-update-sys-queue backup' +$VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" +command='sudo /usr/local/vesta/bin/v-backup-users' +$VESTA/bin/v-add-cron-job 'admin' '10' '05' '*' '*' '*' "$command" +command='sudo /usr/local/vesta/bin/v-update-user-stats' +$VESTA/bin/v-add-cron-job 'admin' '20' '00' '*' '*' '*' "$command" +command='sudo /usr/local/vesta/bin/v-update-sys-rrd' +$VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" + +# Build inititall rrd images +$VESTA/bin/v-update-sys-rrd + +# Start system service +chkconfig vesta on +service vesta start +if [ "$?" -ne 0 ]; then + echo "Error: vesta start failed" + exit 1 +fi + +# Send notification to vestacp.com +wget vestacp.com/notify/?$codename -O /dev/null + +# Send notification to admin email +echo -e "Congratulations, you have just successfully installed \ +the Vesta Control Panel + +You can login in Vesta with following credentials: + username: admin + password: $vpass + https://$vst_ip:8083 + +We hope that you enjoy your installation of Vesta. Please \ +feel free to contact us anytime if you have any questions. +Thank you. + +-- +Sincerely yours +vestacp.com team +" > $tmpfile + +send_mail="$VESTA/web/inc/mail-wrapper.php" +cat $tmpfile | $send_mail -s "Vesta Control Panel" $email +rm -f $tmpfile + +# Congrats +echo '=======================================================' +echo +echo +echo ' _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_| ' +echo ' _| _| _| _| _| _| _| ' +echo ' _| _| _|_|_| _|_| _| _|_|_|_| ' +echo ' _| _| _| _| _| _| _| ' +echo ' _| _|_|_|_| _|_|_| _| _| _| ' +echo +echo +echo '-------------------------------' +echo " https://$vst_ip:8083" +echo ' username: admin' +echo " password: $vpass" +echo '-------------------------------' +echo +echo +echo 'Congratulations,' +echo 'you have successfully installed Vesta Control Panel.' +echo +echo + +# Tricky way to get new PATH variable +cd +bash + +# EOF diff --git a/install/vst-install.sh b/install/vst-install.sh index 01eec098..2d411230 100644 --- a/install/vst-install.sh +++ b/install/vst-install.sh @@ -1,77 +1,7 @@ #!/bin/bash +# Vesta installation wrapper +# http://vestacp.com -# Vesta RHEL/CentOS installer v.03 - -#----------------------------------------------------------# -# Variables&Functions # -#----------------------------------------------------------# -export PATH=$PATH:/sbin -RHOST='r.vestacp.com' -CHOST='c.vestacp.com' -REPO='cmmnt' -VERSION='0.9.8/rhel' -YUM_REPO='/etc/yum.repos.d/vesta.repo' -software="nginx httpd mod_ssl mod_ruid2 mod_extract_forwarded mod_fcgid - php php-bcmath php-cli php-common php-gd php-imap php-mbstring php-mcrypt - php-mysql php-pdo php-soap php-tidy php-xml php-xmlrpc php-pecl-apc - phpMyAdmin awstats webalizer vsftpd mysql mysql-server exim dovecot clamd - spamassassin curl roundcubemail bind bind-utils bind-libs mc screen ftp - libpng libjpeg libmcrypt mhash zip unzip openssl flex rssh libxml2 - ImageMagick sqlite pcre sudo bc jwhois mailx lsof tar telnet rsync - rrdtool GeoIP freetype ntp openssh-clients vesta vesta-nginx vesta-php" - -help() { - echo "usage: $0 [OPTIONS] - -d, --disable-remi Disable remi - -e, --email Define email address - -h, --help Print this help and exit - -f, --force Force installation - -n, --noupdate Do not run yum update command" - exit 1 -} - -# Password generator -gen_pass() { - MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' - LENGTH=10 - while [ ${n:=1} -le $LENGTH ]; do - PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}" - let n+=1 - done - echo "$PASS" -} - - -#----------------------------------------------------------# -# Verifications # -#----------------------------------------------------------# - -# Translating argument to --gnu-long-options -for arg; do - delim="" - case "$arg" in - --help) args="${args}-h " ;; - --disable-remi) args="${args}-d " ;; - --force) args="${args}-f " ;; - --email) args="${args}-e " ;; - --noupdate) args="${args}-n " ;; - *) [[ "${arg:0:1}" == "-" ]] || delim="\"" - args="${args}${delim}${arg}${delim} ";; - esac -done -eval set -- "$args" - -# Getopt -while getopts "dhfne:" Option; do - case $Option in - d) disable_remi='yes' ;; # Disable remi repo - h) help ;; # Help - e) email=$OPTARG ;; # Set email - f) force='yes' ;; # Force install - n) noupdate='yes' ;; # Disable yum update - *) help ;; # Default - esac -done # Am I root? if [ "x$(id -u)" != 'x0' ]; then @@ -79,21 +9,6 @@ if [ "x$(id -u)" != 'x0' ]; then exit 1 fi -# Check supported version -if [ ! -e '/etc/redhat-release' ]; then - echo 'Error: sorry, we currently support RHEL and CentOS only' - exit 1 -fi - -# Check supported OS -arch=$(uname -i) -os=$(cut -f 1 -d ' ' /etc/redhat-release) -release=$(grep -o "[0-9]" /etc/redhat-release |head -n1) -codename="${os}_$release" -if [ $os != 'CentOS' ] && [ $os != 'Red' ]; then - echo 'Error: sorry, we currently support RHEL and CentOS only' -fi - # Check admin user account if [ ! -z "$(grep ^admin: /etc/passwd)" ] && [ "$force" != 'yes' ]; then echo "Error: user admin exists" @@ -114,758 +29,81 @@ if [ ! -z "$(grep ^admin: /etc/group)" ] && [ "$force" != 'yes' ]; then exit 1 fi +# Check OS type +if [ -e '/etc/redhat-release' ]; then + type="rhel" +fi + +if [ -e '/etc/lsb-release' ]; then + type="ubuntu" +fi + +if [ -z "$type" ]; then + os=$(head -n1 /etc/issue | cut -f 1 -d ' ') + if [ "$os" == 'Debian' ]; then + type="debian" + fi +fi + +# Check type +if [ -z "$type" ]; then + echo 'Error: only RHEL,CentOS, Ubuntu LTS and Debian 7 is supported' + exit 1 +fi + + # Check wget -if [ ! -e '/usr/bin/wget' ]; then +if [ -e '/usr/bin/wget' ]; then + wget http://vestacp.com/pub/vst-install-$type.sh -O vst-install-$type.sh + if [ "$?" -eq '0' ]; then + bash vst-install-$type.sh $* + exit + else + echo "Error: vst-install-$type.sh download failed." + exit 1 + fi +fi + +# Check curl +if [ -e '/usr/bin/curl' ]; then + curl -O http://vestacp.com/pub/vst-install-$type.sh + if [ "$?" -eq '0' ]; then + bash vst-install-$type.sh $* + exit + else + echo "Error: vst-install-$type.sh download failed." + exit 1 + fi +fi + +# Let's try to install wget automaticaly +if [ "$type" = 'rhel' ]; then yum -y install wget if [ $? -ne 0 ]; then echo "Error: can't install wget" exit 1 fi +else + apt-get -y install wget + if [ $? -ne 0 ]; then + echo "Error: can't install wget" + exit 1 + fi fi -# Check repo availability -wget -q "$CHOST/$VERSION/vesta.conf" -O /dev/null -if [ $? -ne 0 ]; then - echo "Error: no access to $REPO repository" - exit 1 -fi - -# Check installed packages -tmpfile=$(mktemp -p /tmp) -rpm -qa > $tmpfile -for pkg in exim bind-9 mysql-server httpd nginx vesta; do - if [ ! -z "$(grep $pkg $tmpfile)" ]; then - conflicts="$pkg $conflicts" - fi -done -rm -f $tmpfile -if [ ! -z "$conflicts" ] && [ -z "$force" ]; then - echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!' - echo - echo 'Following rpm packages are already installed:' - echo "$conflicts" - echo - echo 'It is highly recommended to remove them before proceeding.' - echo 'If you want to force installation run this script with -f option:' - echo "Example: bash $0 --force" - echo - echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!' - echo - exit 1 -fi - -# Check server type -memory=$(grep 'MemTotal' /proc/meminfo |tr ' ' '\n' |grep [0-9]) -if [ "$memory" -lt '350000' ] && [ -z "$force" ]; then - echo "Error: not enough memory to install Vesta Control Panel." - echo -e "\nMinimum RAM required: 350Mb" - echo 'If you want to force installation run this script with -f option:' - echo "Example: bash $0 --force" - exit 1 -fi -srv_type='micro' - -if [ "$memory" -gt '1000000' ]; then - srv_type='small' -fi - -if [ "$memory" -gt '3000000' ]; then - srv_type='medium' -fi - -if [ "$memory" -gt '7000000' ]; then - srv_type='large' -fi - -# Are you sure ? -if [ -z $email ]; then - clear - echo - echo ' _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_| ' - echo ' _| _| _| _| _| _| _| ' - echo ' _| _| _|_|_| _|_| _| _|_|_|_| ' - echo ' _| _| _| _| _| _| _| ' - echo ' _| _|_|_|_| _|_|_| _| _| _| ' - echo - echo ' Vesta Control Panel' - echo - echo - echo 'Following software will be installed on your system:' - echo ' - Nginx frontend web server' - echo ' - Apache application web server' - echo ' - Bind DNS server' - echo ' - Exim mail server' - echo ' - Dovecot IMAP and POP3 server' - if [ "$srv_type" = 'medium' ] || [ "$srv_type" = 'large' ]; then - echo ' - Clam mail antivirus' - echo ' - SpamAssassin antispam' - fi - echo ' - MySQL database server' - echo ' - Vsftpd FTP server' - echo - echo ' * SELinux and Iptables will be disabled' - echo - - read -p 'Do you want to proceed? [y/n]): ' answer - if [ "$answer" != 'y' ] && [ "$answer" != 'Y' ]; then - echo 'Goodbye' +# OK, last try +if [ -e '/usr/bin/wget' ]; then + wget http://vestacp.com/pub/vst-install-$type.sh -O vst-install-$type.sh + if [ "$?" -eq '0' ]; then + bash vst-install-$type.sh $* + exit + else + echo "Error: vst-install-$type.sh download failed." exit 1 fi - - # Check email - read -p 'Please enter valid email address: ' email -fi - -# Validate email -local_part=$(echo $email | cut -s -f1 -d\@) -remote_host=$(echo $email | cut -s -f2 -d\@) -mx_failed=1 -if [ ! -z "$remote_host" ] && [ ! -z "$local_part" ]; then - /usr/bin/host -t mx "$remote_host" > /dev/null 2>&1 - mx_failed="$?" -fi - -if [ "$mx_failed" -eq 1 ]; then - echo "Error: email $email is not valid" - exit 1 -fi - -# Check for ipv6 on loopback interface -check_lo_ipv6=$(/sbin/ifconfig lo| grep 'inet6 addr') -check_rc_ipv6=$(grep 'scope global dev lo' /etc/rc.local) -if [ ! -z "$check_lo_ipv6)" ] && [ -z "$check_rc_ipv6" ]; then - ip addr add ::2/128 scope global dev lo - echo "# Vesta: Workraround for openssl validation func" >> /etc/rc.local - echo "ip addr add ::2/128 scope global dev lo" >> /etc/rc.local - chmod a+x /etc/rc.local -fi - - -#----------------------------------------------------------# -# Install repository # -#----------------------------------------------------------# -# Let's start -echo -e "\n\n\n\nInstallation will take about 15 minutes ...\n" -sleep 5 - -# Update system -if [ -z "$noupdate" ]; then - yum -y update - if [ $? -ne 0 ]; then - echo 'Error: yum update failed' - exit 1 - fi -fi - -# Install EPEL repo -if [ ! -e '/etc/yum.repos.d/epel.repo' ]; then - if [ "$release" -eq '5' ]; then - epel="5/$arch/epel-release-5-4.noarch.rpm" - fi - - if [ "$release" -eq '6' ]; then - epel="6/$arch/epel-release-6-8.noarch.rpm" - fi - - rpm -ivh http://dl.fedoraproject.org/pub/epel/$epel - if [ $? -ne 0 ]; then - echo "Error: can't install EPEL repository" - exit 1 - fi -fi - -# Install remi repo -if [ ! -e '/etc/yum.repos.d/remi.repo' ]; then - if [ "$release" -eq '5' ]; then - remi="remi-release-5.rpm" - fi - - if [ "$release" -eq '6' ]; then - remi="remi-release-6.rpm" - fi - - rpm -ivh http://rpms.famillecollet.com/enterprise/$remi - if [ $? -ne 0 ]; then - echo "Error: can't install remi repository" - exit 1 - fi -fi - -# Install nginx repo -if [ ! -e '/etc/yum.repos.d/nginx.repo' ]; then - echo "[nginx]" > /etc/yum.repos.d/nginx.repo - echo "name=nginx repo" >> /etc/yum.repos.d/nginx.repo - echo "baseurl=http://nginx.org/packages/centos/$release/\$basearch/" \ - >> /etc/yum.repos.d/nginx.repo - echo "gpgcheck=0" >> /etc/yum.repos.d/nginx.repo - echo "enabled=1" >> /etc/yum.repos.d/nginx.repo -fi - -# Install vesta repo -echo "[vesta]" > $YUM_REPO -echo "name=Vesta - $REPO" >> $YUM_REPO -echo "baseurl=http://$RHOST/$REPO/$release/\$basearch/" >> $YUM_REPO -echo "enabled=1" >> $YUM_REPO -echo "gpgcheck=1" >> $YUM_REPO -echo "gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-VESTA" >> $YUM_REPO -wget $CHOST/GPG.txt -O /etc/pki/rpm-gpg/RPM-GPG-KEY-VESTA - - -#----------------------------------------------------------# -# Backups # -#----------------------------------------------------------# - -# Prepare backup tree -vst_backups="/root/vst_install_backups/$(date +%s)" -mkdir -p $vst_backups/nginx -mkdir -p $vst_backups/httpd -mkdir -p $vst_backups/mysql -mkdir -p $vst_backups/exim -mkdir -p $vst_backups/dovecot -mkdir -p $vst_backups/clamd -mkdir -p $vst_backups/spamassassin -mkdir -p $vst_backups/vsftpd -mkdir -p $vst_backups/named -mkdir -p $vst_backups/vesta/admin -mkdir -p $vst_backups/home - -# Backup sudoers -if [ -e '/etc/sudoers' ]; then - cp /etc/sudoers $vst_backups/ -fi - -# Backup nginx -service nginx stop > /dev/null 2>&1 -if [ -e '/etc/nginx/nginx.conf' ]; then - cp -r /etc/nginx/* $vst_backups/nginx/ -fi - -# Backup httpd -service httpd stop > /dev/null 2>&1 -if [ -e '/etc/httpd/conf/httpd.conf' ]; then - cp -r /etc/httpd/* $vst_backups/httpd/ -fi - -# Backup bind -service named stop > /dev/null 2>&1 -if [ -e '/etc/named.conf' ]; then - cp /etc/named.conf $vst_backups/named/ -fi - -# Backup vsftpd -service vsftpd stop > /dev/null 2>&1 -if [ -e '/etc/vsftpd/vsftpd.conf' ]; then - cp /etc/vsftpd/vsftpd.conf $vst_backups/vsftpd/ -fi - -# Backup exim -service exim stop > /dev/null 2>&1 -if [ -e '/etc/exim/exim.conf' ]; then - cp -r /etc/exim/* $vst_backups/exim/ -fi - -# Backup clamav -service clamd stop > /dev/null 2>&1 -if [ -e '/etc/clamd.conf' ]; then - cp /etc/clamd.conf $vst_backups/clamd/ -fi - -# Backup SpamAssassin -service spamassassin stop > /dev/null 2>&1 -if [ -e '/etc/mail/spamassassin' ]; then - cp -r /etc/mail/spamassassin/* $vst_backups/spamassassin/ -fi - -# Backup dovecot -service dovecot stop > /dev/null 2>&1 -if [ -e '/etc/dovecot.conf' ]; then - cp /etc/dovecot.conf $vst_backups/dovecot/ -fi -if [ -e '/etc/dovecot' ]; then - cp -r /etc/dovecot/* $vst_backups/dovecot/ -fi - -# Backup MySQL stuff -service mysqld stop > /dev/null 2>&1 -if [ -e '/var/lib/mysql' ]; then - mv /var/lib/mysql $vst_backups/mysql/mysql_datadir -fi -if [ -e '/etc/my.cnf' ]; then - cp /etc/my.cnf $vst_backups/mysql/ -fi -if [ -e '/root/.my.cnf' ]; then - mv /root/.my.cnf $vst_backups/mysql/ -fi - -# Backup vesta -service vesta stop > /dev/null 2>&1 -if [ -e '/usr/local/vesta/data' ]; then - mv /usr/local/vesta/data $vst_backups/vesta/ -fi - -if [ -e '/usr/local/vesta/conf' ]; then - mv /usr/local/vesta/conf $vst_backups/vesta/ -fi - -if [ -e '/home/admin/conf/' ]; then - mv /home/admin/conf/ $vst_backups/vesta/admin -fi - - -#----------------------------------------------------------# -# Install packages # -#----------------------------------------------------------# - -# Exclude heavy packages -if [ "$srv_type" = 'micro' ]; then - software=$(echo "$software" | sed -e 's/mod_fcgid//') - software=$(echo "$software" | sed -e 's/clamd//') - software=$(echo "$software" | sed -e 's/spamassassin//') -fi - -if [ "$srv_type" = 'small' ]; then - software=$(echo "$software" | sed -e 's/clamd//') - software=$(echo "$software" | sed -e 's/spamassassin//') -fi - -# Install Vesta packages -if [ -z "$disable_remi" ]; then - yum -y --disablerepo=* --enablerepo="base,updates,nginx,epel,vesta,remi" \ - install $software else - yum -y --disablerepo=* --enablerepo="base,updates,nginx,epel,vesta" \ - install $software -fi -if [ $? -ne 0 ]; then - echo 'Error: yum install failed' + echo "Error: /usr/bin/wget not found" exit 1 fi - -#----------------------------------------------------------# -# Configure system # -#----------------------------------------------------------# - -# Set writable permission on tmp directory -chmod 777 /tmp - -# Disabling SELinux -if [ -e '/etc/sysconfig/selinux' ]; then - sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux - setenforce 0 -fi -if [ -e '/etc/selinux/config' ]; then - sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config - setenforce 0 -fi - -# Disabling iptables -chkconfig iptables off -service iptables stop - -# Disabling webalizer routine -rm -f /etc/cron.daily/00webalizer - -# Set directory color -echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile - -# Sudo configuration -wget $CHOST/$VERSION/sudoers.conf -O /etc/sudoers -chmod 0440 /etc/sudoers - -# NTP Synchronization -echo '#!/bin/sh' > /etc/cron.daily/ntpdate -echo "$(which ntpdate) -s pool.ntp.org" >> /etc/cron.daily/ntpdate -chmod 775 /etc/cron.daily/ntpdate -ntpdate -s pool.ntp.org - -# Setup rssh -if [ -z "$(grep /usr/bin/rssh /etc/shells)" ]; then - echo /usr/bin/rssh >> /etc/shells -fi -sed -i 's/#allowscp/allowscp/' /etc/rssh.conf -sed -i 's/#allowsftp/allowsftp/' /etc/rssh.conf -sed -i 's/#allowrsync/allowrsync/' /etc/rssh.conf -chmod 755 /usr/bin/rssh - -# Nginx configuration -rm -f /etc/nginx/conf.d/*.conf -wget $CHOST/$VERSION/nginx.conf -O /etc/nginx/nginx.conf -wget $CHOST/$VERSION/nginx-status.conf -O /etc/nginx/conf.d/status.conf -touch /etc/nginx/conf.d/vesta.conf -chkconfig nginx on -service nginx start -if [ "$?" -ne 0 ]; then - echo "Error: nginx start failed" - exit 1 -fi - -# Apache configuration -wget $CHOST/$VERSION/httpd.conf -O /etc/httpd/conf/httpd.conf -wget $CHOST/$VERSION/httpd-status.conf -O /etc/httpd/conf.d/status.conf -wget $CHOST/$VERSION/httpd-ssl.conf -O /etc/httpd/conf.d/ssl.conf -wget $CHOST/$VERSION/httpd.log -O /etc/logrotate.d/httpd -echo "MEFaccept 127.0.0.1" >> /etc/httpd/conf.d/mod_extract_forwarded.conf -rm -f /etc/httpd/conf.d/proxy_ajp.conf -echo > /etc/httpd/conf.d/proxy_ajp.conf -rm -f /etc/httpd/conf.d/vesta.conf -echo > /etc/httpd/conf.d/vesta.conf -touch /var/log/httpd/access_log -touch /var/log/httpd/error_log -touch /var/log/httpd/suexec.log -mkdir -p /var/log/httpd/domains -chmod a+x /var/log/httpd -chmod 640 /var/log/httpd/access_log -chmod 640 /var/log/httpd/error_log -chmod 640 /var/log/httpd/suexec.log -chmod 751 /var/log/httpd/domains -chkconfig httpd on -service httpd start -if [ "$?" -ne 0 ]; then - echo "Error: httpd start failed" - exit 1 -fi - -# Vsftpd configuration -wget $CHOST/$VERSION/vsftpd.conf -O /etc/vsftpd/vsftpd.conf -chkconfig vsftpd on -service vsftpd start -if [ "$?" -ne 0 ]; then - echo "Error: vsftpd start failed" - exit 1 -fi - -# MySQL configuration -mpass=$(gen_pass) -if [ "$srv_type" = 'micro' ]; then - wget $CHOST/$VERSION/mysql-512.cnf -O /etc/my.cnf -else - wget $CHOST/$VERSION/mysql.cnf -O /etc/my.cnf -fi - -chkconfig mysqld on -service mysqld start -if [ "$?" -ne 0 ]; then - - # Fix for aio on OpenVZ - if [ -e "/proc/user_beancounters" ]; then - sed -i "s/#innodb_use_native_aio/innodb_use_native_aio/g" /etc/my.cnf - fi - - service mysqld start - if [ "$?" -ne 0 ]; then - echo "Error: mysqld start failed" - exit 1 - fi -fi - -mysqladmin -u root password $mpass -echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf -chmod 600 /root/.my.cnf -mysql -e "DELETE FROM mysql.user WHERE User=''" -mysql -e "DROP DATABASE test" -mysql -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'" -mysql -e "DELETE FROM mysql.user WHERE user='' or password='';" -mysql -e "FLUSH PRIVILEGES" - -# Bind configuration -wget $CHOST/$VERSION/named.conf -O /etc/named.conf -chown root:named /etc/named.conf -chmod 640 /etc/named.conf -chkconfig named on -service named start -if [ "$?" -ne 0 ]; then - echo "Error: named start failed" - exit 1 -fi - -# Exim -wget $CHOST/$VERSION/exim.conf -O /etc/exim/exim.conf -if [ "$srv_type" = 'micro' ] || [ "$srv_type" = 'small' ]; then - sed -i "s/^SPAMASSASSIN/#SPAMASSASSIN/g" /etc/exim/exim.conf - sed -i "s/^CLAMD/#CLAMD/g" /etc/exim/exim.conf -fi -wget $CHOST/$VERSION/dnsbl.conf -O /etc/exim/dnsbl.conf -wget $CHOST/$VERSION/spam-blocks.conf -O /etc/exim/spam-blocks.conf -touch /etc/exim/white-blocks.conf -rm -rf /etc/exim/domains -mkdir -p /etc/exim/domains -chmod 640 /etc/exim/exim.conf -gpasswd -a exim mail -if [ -e /etc/init.d/sendmail ]; then - chkconfig sendmail off - service sendmail stop -fi -if [ -e /etc/init.d/postfix ]; then - chkconfig postfix off - service postfix stop -fi -rm -f /etc/alternatives/mta -ln -s /usr/sbin/sendmail.exim /etc/alternatives/mta -chkconfig exim on -service exim start -if [ "$?" -ne 0 ]; then - echo "Error: exim start failed" - exit 1 -fi - -# Dovecot configuration -if [ "$release" -eq '5' ]; then - wget $CHOST/$VERSION/dovecot.conf -O /etc/dovecot.conf -else - wget $CHOST/$VERSION/dovecot.tar.gz -O /etc/dovecot.tar.gz - cd /etc/ - rm -rf dovecot - tar -xzf dovecot.tar.gz - rm -f dovecot.tar.gz - chown -R root:root /etc/dovecot -fi -gpasswd -a dovecot mail -chkconfig dovecot on -service dovecot start -if [ "$?" -ne 0 ]; then - echo "Error: dovecot start failed" - exit 1 -fi - -# ClamAV configuration -if [ "$srv_type" = 'medium' ] || [ "$srv_type" = 'large' ]; then - wget $CHOST/$VERSION/clamd.conf -O /etc/clamd.conf - wget $CHOST/$VERSION/freshclam.conf -O /etc/freshclam.conf - gpasswd -a clam exim - gpasswd -a clam mail - /usr/bin/freshclam - chkconfig clamd on - service clamd start - if [ "$?" -ne 0 ]; then - echo "Error: clamd start failed" - exit 1 - fi -fi - -# SpamAssassin configuration -if [ "$srv_type" = 'medium' ] || [ "$srv_type" = 'large' ]; then - chkconfig spamassassin on - service spamassassin start - if [ "$?" -ne 0 ]; then - echo "Error: spamassassin start failed" - exit 1 - fi -fi - -# php configuration -sed -i 's/short_open_tag = Off/short_open_tag = On/g' /etc/php.ini -sed -i "s/;date.timezone =/date.timezone = UTC/g" /etc/php.ini - -# phpMyAdmin configuration -wget $CHOST/$VERSION/httpd-pma.conf -O /etc/httpd/conf.d/phpMyAdmin.conf -wget $CHOST/$VERSION/pma.conf -O /etc/phpMyAdmin/config.inc.php -sed -i "s/%blowfish_secret%/$(gen_pass)/g" /etc/phpMyAdmin/config.inc.php - -# Roundcube configuration -wget $CHOST/$VERSION/httpd-webmail.conf -O /etc/httpd/conf.d/roundcubemail.conf -wget $CHOST/$VERSION/roundcube-main.conf -O /etc/roundcubemail/main.inc.php -wget $CHOST/$VERSION/roundcube-db.conf -O /etc/roundcubemail/db.inc.php -wget $CHOST/$VERSION/roundcube-driver.php -O \ - /usr/share/roundcubemail/plugins/password/drivers/vesta.php -wget $CHOST/$VERSION/roundcube-pw.conf -O \ - /usr/share/roundcubemail/plugins/password/config.inc.php -r="$(gen_pass)" -mysql -e "CREATE DATABASE roundcube" -mysql -e "GRANT ALL ON roundcube.* TO roundcube@localhost IDENTIFIED BY '$r'" -sed -i "s/%password%/$r/g" /etc/roundcubemail/db.inc.php -mysql roundcube < /usr/share/doc/roundcubemail-*/SQL/mysql.initial.sql - -# Vesta configuration -echo "export VESTA='/usr/local/vesta'" > /etc/profile.d/vesta.sh -chmod 755 /etc/profile.d/vesta.sh -source /etc/profile.d/vesta.sh -echo 'PATH=$PATH:/usr/local/vesta/bin' >> /root/.bash_profile -echo 'export PATH' >> /root/.bash_profile -source /root/.bash_profile -wget $CHOST/$VERSION/vesta.log -O /etc/logrotate.d/vesta - -# Directory tree -mkdir -p $VESTA/conf -mkdir -p $VESTA/log -mkdir -p $VESTA/ssl -mkdir -p $VESTA/data -mkdir -p $VESTA/data/ips -mkdir -p $VESTA/data/queue -mkdir -p $VESTA/data/users -touch $VESTA/data/queue/backup.pipe -touch $VESTA/data/queue/disk.pipe -touch $VESTA/data/queue/webstats.pipe -touch $VESTA/data/queue/restart.pipe -touch $VESTA/data/queue/traffic.pipe -chmod 750 $VESTA/conf -chmod 750 $VESTA/data/users -chmod 750 $VESTA/data/ips -chmod -R 750 $VESTA/data/queue -ln -s /usr/local/vesta/log /var/log/vesta -touch /var/log/vesta/system.log -touch /var/log/vesta/nginx-error.log -touch /var/log/vesta/auth.log -chmod 660 /var/log/vesta/* -adduser backup -ln -s /home/backup /backup -chmod a+x /backup - -# vesta.conf -wget $CHOST/$VERSION/vesta.conf -O $VESTA/conf/vesta.conf -if [ "$srv_type" = 'micro' ] || [ "$srv_type" = 'small' ]; then - sed -i "s/clamav//g" $VESTA/conf/vesta.conf - sed -i "s/spamassassin//g" $VESTA/conf/vesta.conf -fi - -# Templates -cd /usr/local/vesta/data -wget $CHOST/$VERSION/packages.tar.gz -O packages.tar.gz -tar -xzf packages.tar.gz -rm -f packages.tar.gz -cd /usr/local/vesta/data -wget $CHOST/$VERSION/templates.tar.gz -O templates.tar.gz -tar -xzf templates.tar.gz -rm -f templates.tar.gz -chmod -R 755 /usr/local/vesta/data/templates -cp templates/web/skel/public_html/index.html /var/www/html/ -sed -i 's/%domain%/It worked!/g' /var/www/html/index.html -if [ "$srv_type" = 'micro' ]; then - rm -f /usr/local/vesta/data/templates/web/httpd/phpfcgid.* -fi - -# Default SSL keys -cd /usr/local/vesta/ssl -wget $CHOST/$VERSION/certificate.crt -O certificate.crt -wget $CHOST/$VERSION/certificate.key -O certificate.key - -# Adding admin user -if [ ! -z "$(grep ^admin: /etc/passwd)" ] && [ "$force" = 'yes' ]; then - chattr -i /home/admin/conf > /dev/null 2>&1 - userdel -f admin - chattr -i /home/admin/conf - mv -f /home/admin $vst_backups/home/ - rm -f /tmp/sess_* -fi -if [ ! -z "$(grep ^admin: /etc/group)" ] && [ "$force" = 'yes' ]; then - groupdel admin > /dev/null 2>&1 -fi -vpass=$(gen_pass) -$VESTA/bin/v-add-user admin $vpass $email default System Administrator -if [ $? -ne 0 ]; then - echo "Error: can't create admin user" - exit 1 -fi -$VESTA/bin/v-change-user-shell admin bash -$VESTA/bin/v-change-user-language admin en - -# Configure mysql host -$VESTA/bin/v-add-database-host mysql localhost root $mpass -$VESTA/bin/v-add-database admin default default $(gen_pass) mysql - -# Configuring system ips -$VESTA/bin/v-update-sys-ip - -# Get main ip -main_ip=$(ifconfig |grep 'inet addr:' |grep -v 127.0.0.1 |head -n1 | \ - cut -f2 -d: | cut -f1 -d ' ') - -# Get remote ip -vst_ip=$(wget vestacp.com/what-is-my-ip/ -O - 2>/dev/null) -if [ ! -z "$vst_ip" ] && [ "$vst_ip" != "$main_ip" ]; then - # Set NAT association - $VESTA/bin/v-change-sys-ip-nat $main_ip $vst_ip -fi -if [ -z "$vst_ip" ]; then - vst_ip=$main_ip -fi - -# Add default web domain -$VESTA/bin/v-add-web-domain admin default.domain $vst_ip - -# Add default dns domain -$VESTA/bin/v-add-dns-domain admin default.domain $vst_ip - -# Add default mail domain -$VESTA/bin/v-add-mail-domain admin default.domain - -# Configuring crond -command='sudo /usr/local/vesta/bin/v-update-sys-queue disk' -$VESTA/bin/v-add-cron-job 'admin' '15' '02' '*' '*' '*' "$command" -command='sudo /usr/local/vesta/bin/v-update-sys-queue traffic' -$VESTA/bin/v-add-cron-job 'admin' '10' '00' '*' '*' '*' "$command" -command='sudo /usr/local/vesta/bin/v-update-sys-queue webstats' -$VESTA/bin/v-add-cron-job 'admin' '30' '03' '*' '*' '*' "$command" -command='sudo /usr/local/vesta/bin/v-update-sys-queue backup' -$VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" -command='sudo /usr/local/vesta/bin/v-backup-users' -$VESTA/bin/v-add-cron-job 'admin' '10' '05' '*' '*' '*' "$command" -command='sudo /usr/local/vesta/bin/v-update-user-stats' -$VESTA/bin/v-add-cron-job 'admin' '20' '00' '*' '*' '*' "$command" -command='sudo /usr/local/vesta/bin/v-update-sys-rrd' -$VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" - -# Build inititall rrd images -$VESTA/bin/v-update-sys-rrd - -# Start system service -chkconfig vesta on -service vesta start -if [ "$?" -ne 0 ]; then - echo "Error: vesta start failed" - exit 1 -fi - -# Send notification to vestacp.com -wget vestacp.com/notify/?$codename -O /dev/null - -# Send notification to admin email -echo -e "Congratulations, you have just successfully installed \ -the Vesta Control Panel - -You can login in Vesta with following credentials: - username: admin - password: $vpass - https://$vst_ip:8083 - -We hope that you enjoy your installation of Vesta. Please \ -feel free to contact us anytime if you have any questions. -Thank you. - --- -Sincerely yours -vestacp.com team -" > $tmpfile - -send_mail="$VESTA/web/inc/mail-wrapper.php" -cat $tmpfile | $send_mail -s "Vesta Control Panel" $email -rm -f $tmpfile - -# Congrats -echo '=======================================================' -echo -echo -echo ' _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_| ' -echo ' _| _| _| _| _| _| _| ' -echo ' _| _| _|_|_| _|_| _| _|_|_|_| ' -echo ' _| _| _| _| _| _| _| ' -echo ' _| _|_|_|_| _|_|_| _| _| _| ' -echo -echo -echo '-------------------------------' -echo " https://$vst_ip:8083" -echo ' username: admin' -echo " password: $vpass" -echo '-------------------------------' -echo -echo -echo 'Congratulations,' -echo 'you have successfully installed Vesta Control Panel.' -echo -echo - -# Tricky way to get new PATH variable -cd -bash - -# EOF +exit