├── resources
├── ghost-supervisor.conf
├── default.conf
├── plexmediaserver
├── observium_distro
├── ghost.conf
├── observium.conf
├── ghost-ssl.conf
├── observium-ssl.conf
└── default-ssl.conf
├── README.md
├── CHANGELOG.md
└── setup.sh
/resources/ghost-supervisor.conf:
--------------------------------------------------------------------------------
1 | [program:ghost-blog]
2 | command = node /usr/share/ghost/index.js
3 | directory = /usr/share/ghost
4 | user = ghost
5 | autostart = true
6 | autorestart = true
7 | stdout_logfile = /var/log/supervisor/ghost.log
8 | stderr_logfile = /var/log/supervisor/ghost.log
9 | environment = NODE_ENV="production"
--------------------------------------------------------------------------------
/resources/default.conf:
--------------------------------------------------------------------------------
1 | server {
2 | listen 80 default_server;
3 | listen [::]:80 default_server ipv6only=on;
4 |
5 | root /opt/observium/html;
6 | index index.php;
7 |
8 | server_name _;
9 |
10 | error_page 500 502 503 504 /50x.html;
11 | location = /50x.html {
12 | root /usr/share/nginx/www;
13 | }
14 |
15 | location / {
16 | try_files $uri $uri/ @observium;
17 | }
18 | location @observium {
19 | rewrite ^(.+)$ /index.php/$1 last;
20 | }
21 |
22 | location /phpmyadmin
23 | {
24 | root /usr/share/; index index.php index.html index.htm;
25 | location ~ ^/phpmyadmin/(.+\.php)$ {
26 | try_files $uri =404;
27 | root /usr/share/;
28 | fastcgi_pass unix:/var/run/php5-fpm.sock;
29 | fastcgi_index index.php;
30 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
31 | include fastcgi_params;
32 | }
33 | location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$
34 | {
35 | root /usr/share/;
36 | }
37 | }
38 | location /phpMyAdmin
39 | {
40 | rewrite ^/* /phpmyadmin last;
41 | }
42 |
43 | location ~ \.php {
44 | fastcgi_split_path_info ^(.+\.php)(/.+)$;
45 | fastcgi_param QUERY_STRING $query_string;
46 | fastcgi_param REQUEST_METHOD $request_method;
47 | fastcgi_param CONTENT_TYPE $content_type;
48 | fastcgi_param CONTENT_LENGTH $content_length;
49 |
50 | fastcgi_param SCRIPT_NAME $fastcgi_script_name;
51 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
52 | fastcgi_param REQUEST_URI $request_uri;
53 | fastcgi_param DOCUMENT_URI $document_uri;
54 | fastcgi_param DOCUMENT_ROOT $document_root;
55 | fastcgi_param SERVER_PROTOCOL $server_protocol;
56 |
57 | fastcgi_param GATEWAY_INTERFACE CGI/1.1;
58 | fastcgi_param SERVER_SOFTWARE nginx;
59 |
60 | fastcgi_param REMOTE_ADDR $remote_addr;
61 | fastcgi_param REMOTE_PORT $remote_port;
62 | fastcgi_param SERVER_ADDR $server_addr;
63 | fastcgi_param SERVER_PORT $server_port;
64 | fastcgi_param SERVER_NAME $server_name;
65 |
66 | fastcgi_pass unix:/var/run/php5-fpm.sock;
67 | }
68 | }
69 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | ###[GotDeb](https://gotdeb.com)
2 |
3 | Interactive bash script for VPS or Dedicated servers.
4 | Build with low end systems in mind.
5 | Requires Debian version 7.x or 8.x
6 |
7 | ###Installation
8 | Run the script and follow the assistant:
9 |
10 | `wget https://raw.githubusercontent.com/eunas/gotdeb/master/setup.sh --no-check-certificate`
11 | `chmod +x setup.sh && ./setup.sh`
12 |
13 | ###Script content
14 |
15 | * Nginx
16 | * nginx Stable
17 | * nginx Mainline
18 | * Optional SSL support with self signed certificate or [Let's Encrypt](https://github.com/eunas/gotdeb/wiki/lets-encrypt)
19 | * Blogs
20 | * Ghost
21 | * Wordpress
22 | * [PHP](https://github.com/eunas/gotdeb/wiki/PHP-FPM)
23 | * PHP-FPM 5.6
24 | * PHP-FPM 7.0 (Debian 8 only)
25 | * HHVM
26 | * MySQL 5.7 Server
27 | * MariaDB 10.1 server
28 | * [phpMyAdmin](https://github.com/eunas/gotdeb/wiki/phpMyAdmin)
29 | * PureFTPD (FTPS enabled)
30 | * OpenVPN Server (Works on NAT)
31 | * [SoftEtherVPS (Works on NAT)](https://github.com/eunas/gotdeb/wiki/SoftEtherVPN)
32 | * Squid3 Proxy Server
33 | * sSMTP server
34 | * Aria2 + webui
35 | * Transmission BitTorrent Client
36 | * [X2Go + xfce Desktop](https://github.com/eunas/gotdeb/wiki/Remote-Desktop)
37 | * [Plex Media Server](https://github.com/eunas/gotdeb/wiki/plexmediaserver)
38 | * [Observium](https://github.com/eunas/gotdeb/wiki/Observium)
39 | * Server
40 | * Client
41 | * Linux Dash server monitor
42 | * User Management
43 | * Add user
44 | * Delete user
45 | * List Users
46 | * System Management
47 | * Remove unneeded packages and services
48 | * Install essentials packages
49 | * Update timezone
50 | * System tests
51 | * [Secure System](https://github.com/eunas/gotdeb/wiki/Secure-System)
52 | * fail2ban
53 | * Uncomplicated Firewall
54 | * Unattended Upgrades
55 | * Speedtest.net
56 | * Get OS Version
57 | * About
58 |
59 |
60 | ###Disclaimer
61 | Parts of the files are scripts found on various sites on the internet, and either modified or included.
62 | Tested on a [LowEndSpirit](http://lowendspirit.com/) VPS with 128 MB Ram
63 |
64 | ###Credits
65 | Xeoncross, mikel, Falko Timme, road warrior, Nyr and many others.
--------------------------------------------------------------------------------
/resources/plexmediaserver:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | ### BEGIN INIT INFO
3 | # Provides: plexmediaserver
4 | # Required-Start: $remote_fs $syslog $networking
5 | # Required-Stop:
6 | # Default-Start: 2 3 4 5
7 | # Default-Stop: 0 1 6
8 | # Short-Description: Plex Media Server
9 | # Description: Plex Media Server for Linux,
10 | # More information at http://www.plexapp.com
11 | # Many thanks to the great PlexApp team for their wonderfull job !
12 | # Author: Cedric Quillevere / origin@killy.net
13 | # Rewamped Christian Svedin / christian.svedin@gmail.com
14 | # Version: 1.2
15 | ### END INIT INFO
16 |
17 | # Read configuration variable file if it is present
18 | [ -r /etc/default/plexmediaserver ] && . /etc/default/plexmediaserver
19 |
20 | test -f "/usr/lib/plexmediaserver/start.sh" || exit 0
21 |
22 | plex_running=`ps ax | grep "\./Plex Media Server" | awk '{ print $1 }' | wc -l`
23 |
24 | case "$1" in
25 | start)
26 | if [ "$plex_running" -gt 1 ]; then
27 | echo "Plex already running..."
28 | exit 0
29 | fi
30 | echo -n "Starting Plex Media Server: "
31 | su -l $PLEX_MEDIA_SERVER_USER -c "/usr/sbin/start_pms &" >/dev/null 2>&1
32 | sleep 1
33 | echo "done"
34 | ;;
35 | stop)
36 | if [ "$plex_running" -eq 1 ]; then
37 | echo "Plex Media Server is not running (no process found)..."
38 | exit 0
39 | fi
40 | echo -n "Killing Plex Media Server: "
41 | # Trying to kill the Plex Media Server itself but also the Plug-ins
42 | ps ax | grep "Plex Media Server" | awk '{ print $1 }' | xargs kill -9 >/dev/null 2>&1
43 | ps ax | grep "Plex DLNA Server" | awk '{ print $1 }' | xargs kill -9 >/dev/null 2>&1
44 | sleep 1
45 | echo "done"
46 | ;;
47 | restart)
48 | sh $0 stop
49 | sh $0 start
50 | ;;
51 | status)
52 | if [ "$plex_running" -gt 1 ]; then
53 | echo "Plex Media Server process running."
54 | else
55 | echo "It seems that Plex Media Server isn't running (no process found)."
56 | fi
57 | ;;
58 | *)
59 | echo "Usage: $0 {start|stop|restart|status}"
60 | exit 1
61 | ;;
62 | esac
63 |
64 | exit 0
--------------------------------------------------------------------------------
/resources/observium_distro:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # Detects which OS and if it is Linux then it will detect which Linux Distribution.
3 |
4 | OS=`uname -s`
5 | REV=`uname -r`
6 | MACH=`uname -m`
7 |
8 | if [ "${OS}" = "SunOS" ] ; then
9 | OS=Solaris
10 | ARCH=`uname -p`
11 | OSSTR="${OS} ${REV}(${ARCH} `uname -v`)"
12 | elif [ "${OS}" = "AIX" ] ; then
13 | OSSTR="${OS} `oslevel` (`oslevel -r`)"
14 | elif [ "${OS}" = "Linux" ] ; then
15 | KERNEL=`uname -r`
16 | if [ -f /etc/redhat-release ] ; then
17 | DIST=$(cat /etc/redhat-release | awk '{print $1}')
18 | if [ "${DIST}" = "CentOS" ]; then
19 | DIST="CentOS"
20 | elif [ "${DIST}" = "Mandriva" ]; then
21 | DIST="Mandriva"
22 | PSEUDONAME=`cat /etc/mandriva-release | sed s/.*\(// | sed s/\)//`
23 | REV=`cat /etc/mandriva-release | sed s/.*release\ // | sed s/\ .*//`
24 | elif [ "${DIST}" = "Fedora" ]; then
25 | DIST="Fedora"
26 | else
27 | DIST="RedHat"
28 | fi
29 |
30 | PSEUDONAME=`cat /etc/redhat-release | sed s/.*\(// | sed s/\)//`
31 | REV=`cat /etc/redhat-release | sed s/.*release\ // | sed s/\ .*//`
32 | elif [ -f /etc/SuSE-release ] ; then
33 | DIST=`cat /etc/SuSE-release | tr "\n" ' '| sed s/VERSION.*//`
34 | REV=`cat /etc/SuSE-release | tr "\n" ' ' | sed s/.*=\ //`
35 | elif [ -f /etc/mandrake-release ] ; then
36 | DIST='Mandrake'
37 | PSEUDONAME=`cat /etc/mandrake-release | sed s/.*\(// | sed s/\)//`
38 | REV=`cat /etc/mandrake-release | sed s/.*release\ // | sed s/\ .*//`
39 | elif [ -f /etc/debian_version ] ; then
40 | if [ -f /etc/mailcleaner/etc/mailcleaner/version.def ] ; then
41 | DIST="MailCleaner"
42 | REV=`cat /etc/mailcleaner/etc/mailcleaner/version.def`
43 | else
44 | DIST="Debian `cat /etc/debian_version`"
45 | REV=""
46 | fi
47 | fi
48 |
49 | if [ -f /etc/UnitedLinux-release ] ; then
50 | DIST="${DIST}[`cat /etc/UnitedLinux-release | tr "\n" ' ' | sed s/VERSION.*//`]"
51 | fi
52 |
53 | if [ -f /etc/lsb-release ] ; then
54 | LSB_DIST="`cat /etc/lsb-release | grep DISTRIB_ID | cut -d "=" -f2`"
55 | LSB_REV="`cat /etc/lsb-release | grep DISTRIB_RELEASE | cut -d "=" -f2`"
56 | if [ "$LSB_DIST" != "" ] ; then
57 | DIST=$LSB_DIST
58 | REV=$LSB_REV
59 | fi
60 | fi
61 |
62 | # OSSTR="${OS} ${DIST} ${REV}(${PSEUDONAME} ${KERNEL} ${MACH})"
63 | OSSTR="${DIST} ${REV}"
64 | elif [ "${OS}" = "Darwin" ] ; then
65 | if [ -f /usr/bin/sw_vers ] ; then
66 | OSSTR=`/usr/bin/sw_vers|grep -v Build|sed 's/^.*:.//'| tr "\n" ' '`
67 | fi
68 | fi
69 |
70 | echo ${OSSTR}
71 |
--------------------------------------------------------------------------------
/resources/ghost.conf:
--------------------------------------------------------------------------------
1 | server {
2 | listen 80;
3 | server_name server_name;
4 | access_log /var/log/nginx/ghost.log;
5 |
6 | location /content/images {
7 | alias /usr/share/ghost/content/images;
8 | access_log off;
9 | expires max;
10 | }
11 | location /assets {
12 | alias /usr/share/ghost/content/themes/casper/assets;
13 | access_log off;
14 | expires max;
15 | }
16 | location /public {
17 | alias /usr/share/ghost/core/built/public;
18 | access_log off;
19 | expires max;
20 | }
21 | location /ghost/scripts {
22 | alias /usr/share/ghost/core/built/scripts;
23 | access_log off;
24 | expires max;
25 | }
26 | location / {
27 | proxy_cache_valid 200 30m;
28 | proxy_cache_valid 404 1m;
29 | proxy_pass http://127.0.0.1:2368;
30 | proxy_ignore_headers X-Accel-Expires Expires Cache-Control;
31 | proxy_ignore_headers Set-Cookie;
32 | proxy_hide_header Set-Cookie;
33 | proxy_hide_header X-powered-by;
34 | proxy_set_header X-Real-IP $remote_addr;
35 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
36 | proxy_set_header Host $http_host;
37 | expires 10m;
38 | }
39 | location ~ ^/(?:ghost|signout) {
40 | proxy_set_header X-Real-IP $remote_addr;
41 | proxy_set_header Host $http_host;
42 | proxy_pass http://127.0.0.1:2368;
43 | add_header Cache-Control "no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0";
44 | }
45 | location ~ \.php$ {
46 | try_files $uri $uri/ =404;
47 | fastcgi_split_path_info ^(.+\.php)(/.+)$;
48 | fastcgi_pass unix:/var/run/php5-fpm.sock;
49 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
50 | fastcgi_index index.php;
51 | include fastcgi_params;
52 | }
53 | location /phpmyadmin {
54 | root /usr/share/;
55 | index index.php index.html index.htm;
56 | location ~ ^/phpmyadmin/(.+\.php)$ {
57 | try_files $uri =404;
58 | root /usr/share/;
59 | fastcgi_pass unix:/var/run/php5-fpm.sock;
60 | fastcgi_index index.php;
61 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
62 | include /etc/nginx/fastcgi_params;
63 | }
64 | location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
65 | root /usr/share/;
66 | }
67 | }
68 | }
--------------------------------------------------------------------------------
/resources/observium.conf:
--------------------------------------------------------------------------------
1 | url.rewrite-once = (
2 | "^/(.*)\.(png|css|jpg|gif|php)$" => "/$0"
3 | , "^/cust/" => "/?page=cust"
4 | , "^/bare/(.+)/" => "/index-bare.php?page=$1"
5 | , "^/bare/(.+)/(.+)/" => "/index-bare.php?page=$1&opta=$2"
6 | , "^/bare/(.+)/(.+)/(.+)/" => "/index-bare.php?page=$1&opta=$2&optb=$3"
7 |
8 | , "^/mobile/([a-z|0-9]+)/(.+)/(.+)/" => "/mobile.php?page=$1&opta=$2&optb=$3"
9 | , "^/mobile/([a-z|0-9]+)/(.+)/" => "/mobile.php?page=$1&opta=$2"
10 | , "^/mobile/([a-z|0-9]+)/" => "/mobile.php?page=$1"
11 | , "^/mobile/" => "/mobile.php"
12 |
13 | ## Rewrites for Devices
14 |
15 | , "^/devices/location/(.+)/" => "/?page=devices&location=$1"
16 | , "^/devices/alerted/" => "/?page=devices&status=alerted"
17 | , "^/devices/(.+)/" => "/?page=devices&type=$1"
18 |
19 | , "^/interfaces/(.+)/" => "/?page=interfaces&type=$1"
20 |
21 | , "^/vrf/(.+)/(.+)/(.+)/" => "/?page=vrf&id=$1&opta=$2&optb=$3"
22 | , "^/vrf/(.+)/(.+)/" => "/?page=vrf&id=$1&opta=$2"
23 | , "^/vrf/(.+)/" => "/?page=vrf&id=$1"
24 | , "^/device/([0-9]+)/([a-z]+)/(.+)/(.+)/(.+)/(.+)/(.+)/(.+)/(.+)/" => "/?page=device&id=$1§ion=$2&opta=$3&optb=$4&optc=$5&optd=$6&opte=$7&optf=$8&optg=$9"
25 | , "^/device/([0-9]+)/([a-z]+)/(.+)/(.+)/(.+)/(.+)/(.+)/(.+)/" => "/?page=device&id=$1§ion=$2&opta=$3&optb=$4&optc=$5&optd=$6&opte=$7&optf=$8"
26 | , "^/device/([0-9]+)/([a-z]+)/(.+)/(.+)/(.+)/(.+)/(.+)/" => "/?page=device&id=$1§ion=$2&opta=$3&optb=$4&optc=$5&optd=$6&opte=$7"
27 | , "^/device/([0-9]+)/([a-z]+)/(.+)/(.+)/(.+)/(.+)/" => "/?page=device&id=$1§ion=$2&opta=$3&optb=$4&optc=$5&optd=$6"
28 | , "^/device/([0-9]+)/([a-z]+)/(.+)/(.+)/(.+)/" => "/?page=device&id=$1§ion=$2&opta=$3&optb=$4&optc=$5"
29 | , "^/device/([0-9]+)/([a-z]+)/(.+)/(.+)/" => "/?page=device&id=$1§ion=$2&opta=$3&optb=$4"
30 | , "^/device/([0-9]+)/([a-z]+)/(.+)/" => "/?page=device&id=$1§ion=$2&opta=$3"
31 | , "^/device/([0-9]+)/([a-z]+)/" => "/?page=device&id=$1§ion=$2"
32 | , "^/device/([0-9]+)" => "/?page=device&id=$1"
33 |
34 | , "^/([a-z|0-9\-]+)/$" => "/?page=$1"
35 |
36 | , "^/([a-z|0-9]+)/(.+)/(.+)/(.+)/(.+)/(.+)/$" => "/?page=$1&opta=$2&optb=$3&optc=$4&optd=$5&opte=$6"
37 | , "^/([a-z|0-9]+)/(.+)/(.+)/(.+)/(.+)/$" => "/?page=$1&opta=$2&optb=$3&optc=$4&optd=$5"
38 | , "^/([a-z|0-9]+)/(.+)/(.+)/(.+)/$" => "/?page=$1&opta=$2&optb=$3&optc=$4"
39 | , "^/([a-z|0-9]+)/(.+)/(.+)/$" => "/?page=$1&opta=$2&optb=$3"
40 | , "^/([a-z|0-9]+)/(.+)/$" => "/?page=$1&opta=$2"
41 | )
42 |
--------------------------------------------------------------------------------
/resources/ghost-ssl.conf:
--------------------------------------------------------------------------------
1 | server {
2 | listen 80;
3 | server_name server_name;
4 | return 301 https://$server_name$request_uri;
5 | }
6 | server {
7 | listen 443 ssl http2;
8 | server_name server_name;
9 | ssl on;
10 | ssl_certificate /etc/nginx/ssl/nginx.crt;
11 | ssl_certificate_key /etc/nginx/ssl/nginx.key;
12 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
13 | ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
14 | ssl_dhparam
15 | ssl_prefer_server_ciphers on;
16 | ssl_session_cache shared:SSL:10m;
17 | ssl_session_timeout 10m;
18 | access_log /var/log/nginx/ghost.log;
19 | location /content/images {
20 | alias /usr/share/ghost/content/images;
21 | access_log off;
22 | expires max;
23 | }
24 | location /assets {
25 | alias /usr/share/ghost/content/themes/casper/assets;
26 | access_log off;
27 | expires max;
28 | }
29 | location /public {
30 | alias /usr/share/ghost/core/built/public;
31 | access_log off;
32 | expires max;
33 | }
34 | location /ghost/scripts {
35 | alias /usr/share/ghost/core/built/scripts;
36 | access_log off;
37 | expires max;
38 | }
39 | location / {
40 | proxy_cache_valid 200 30m;
41 | proxy_cache_valid 404 1m;
42 | proxy_pass http://127.0.0.1:2368;
43 | proxy_ignore_headers X-Accel-Expires Expires Cache-Control;
44 | proxy_ignore_headers Set-Cookie;
45 | proxy_hide_header Set-Cookie;
46 | proxy_hide_header X-powered-by;
47 | proxy_set_header X-Real-IP $remote_addr;
48 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
49 | proxy_set_header Host $http_host;
50 | expires 10m;
51 | }
52 | location ~ ^/(?:ghost|signout) {
53 | proxy_set_header X-Real-IP $remote_addr;
54 | proxy_set_header Host $http_host;
55 | proxy_pass http://127.0.0.1:2368;
56 | add_header Cache-Control "no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0";
57 | }
58 | location ~ \.php$ {
59 | try_files $uri $uri/ =404;
60 | fastcgi_split_path_info ^(.+\.php)(/.+)$;
61 | fastcgi_pass unix:/var/run/php5-fpm.sock;
62 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
63 | fastcgi_index index.php;
64 | include fastcgi_params;
65 | }
66 | location /phpmyadmin {
67 | root /usr/share/;
68 | index index.php index.html index.htm;
69 | location ~ ^/phpmyadmin/(.+\.php)$ {
70 | try_files $uri =404;
71 | root /usr/share/;
72 | fastcgi_pass unix:/var/run/php5-fpm.sock;
73 | fastcgi_index index.php;
74 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
75 | include /etc/nginx/fastcgi_params;
76 | }
77 | location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
78 | root /usr/share/;
79 | }
80 | }
81 | }
--------------------------------------------------------------------------------
/resources/observium-ssl.conf:
--------------------------------------------------------------------------------
1 | limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
2 | server {
3 | listen 80;
4 | server_name domain www.domain;
5 | root /usr/share/nginx/html;
6 | index index.php index.html index.htm;
7 | return 301 https://$server_name$request_uri;
8 | location / {
9 | limit_req zone=one burst=10 nodelay;
10 |
11 | }
12 | }
13 | server {
14 | listen 443 ssl http2;
15 | server_name domain www.domain;
16 | root /usr/share/nginx/html;
17 | index index.php index.html index.htm;
18 |
19 | # Start the SSL configurations
20 | ssl on;
21 | ssl_certificate /cert.crt;
22 | ssl_certificate_key /privkey.key;
23 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
24 | ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
25 | ssl_dhparam /dhparams.pem;
26 | ssl_prefer_server_ciphers on;
27 | ssl_session_cache shared:SSL:10m;
28 | ssl_session_timeout 10m;
29 | location / {
30 | try_files $uri $uri/ =404 /index.php;
31 | limit_req zone=one burst=10 nodelay;
32 | }
33 |
34 | error_page 404 /404.html;
35 | error_page 500 502 503 504 /50x.html;
36 | location = /50x.html {
37 | root /usr/share/nginx/html;
38 | }
39 | location ~ \.php$ {
40 | try_files $uri $uri/ =404;
41 | fastcgi_split_path_info ^(.+\.php)(/.+)$;
42 | fastcgi_pass unix:/var/run/php.sock;
43 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
44 | fastcgi_index index.php;
45 | include fastcgi_params;
46 | limit_req zone=one burst=10 nodelay;
47 | }
48 | location ^~ /.well-known/ {
49 | allow all;
50 | }
51 | location /phpmyadmin {
52 | root /usr/share/; index index.php index.html index.htm;
53 | location ~ ^/phpmyadmin/(.+\.php)$ {
54 | try_files $uri =404;
55 | root /usr/share/;
56 | fastcgi_pass unix:/var/run/php.sock;
57 | fastcgi_index index.php;
58 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
59 | include fastcgi_params;
60 | }
61 | location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$
62 | {
63 | root /usr/share/;
64 | }
65 | }
66 | location /phpMyAdmin
67 | {
68 | rewrite ^/* /phpmyadmin last;
69 | }
70 |
71 | if ($request_method !~ ^(GET|HEAD|POST)$ )
72 | {
73 | return 444;
74 | }
75 | location = /favicon.ico {
76 | log_not_found off;
77 | access_log off;
78 | }
79 | location = /robots.txt {
80 | allow all;
81 | log_not_found off;
82 | access_log off;
83 | }
84 | location ~ /\. {
85 | deny all;
86 | log_not_found off;
87 | access_log off;
88 | }
89 | location ~* /(?:uploads|files)/.*\.php$ {
90 | deny all;
91 | }
92 | location ~ \.(eot|ttf|woff|svg|css)$ {
93 | add_header Access-Control-Allow-Origin "*";
94 | }
95 | location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
96 | expires max;
97 | log_not_found off;
98 | access_log off;
99 | }
100 |
101 | }
--------------------------------------------------------------------------------
/resources/default-ssl.conf:
--------------------------------------------------------------------------------
1 | limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
2 | server {
3 | listen 80;
4 | server_name domain www.domain;
5 | root /usr/share/nginx/html;
6 | index index.php index.html index.htm;
7 | return 301 https://$server_name$request_uri;
8 | location / {
9 | limit_req zone=one burst=10 nodelay;
10 |
11 | }
12 | }
13 | server {
14 | listen 443 ssl http2;
15 | server_name domain www.domain;
16 | root /usr/share/nginx/html;
17 | index index.php index.html index.htm;
18 |
19 | # Start the SSL configurations
20 | ssl on;
21 | ssl_certificate /etc/letsencrypt/live/domain/fullchain.pem;
22 | ssl_certificate_key /etc/letsencrypt/live/domain/privkey.pem;
23 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
24 | ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
25 | ssl_dhparam /etc/letsencrypt/dhparams.pem;
26 | ssl_prefer_server_ciphers on;
27 | ssl_session_cache shared:SSL:10m;
28 | ssl_session_timeout 10m;
29 | location / {
30 | try_files $uri $uri/ =404;
31 | limit_req zone=one burst=10 nodelay;
32 | }
33 |
34 | error_page 404 /404.html;
35 | error_page 500 502 503 504 /50x.html;
36 | location = /50x.html {
37 | root /usr/share/nginx/html;
38 | }
39 | location ~ \.php$ {
40 | try_files $uri $uri/ =404;
41 | fastcgi_split_path_info ^(.+\.php)(/.+)$;
42 | fastcgi_pass unix:/var/run/php5-fpm.sock;
43 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
44 | fastcgi_index index.php;
45 | include fastcgi_params;
46 | limit_req zone=one burst=10 nodelay;
47 | }
48 | location ^~ /.well-known/ {
49 | allow all;
50 | }
51 | location /phpmyadmin {
52 | root /usr/share/; index index.php index.html index.htm;
53 | location ~ ^/phpmyadmin/(.+\.php)$ {
54 | try_files $uri =404;
55 | root /usr/share/;
56 | fastcgi_pass unix:/var/run/php5-fpm.sock;
57 | fastcgi_index index.php;
58 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
59 | include fastcgi_params;
60 | }
61 | location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$
62 | {
63 | root /usr/share/;
64 | }
65 | }
66 | location /phpMyAdmin
67 | {
68 | rewrite ^/* /phpmyadmin last;
69 | }
70 |
71 | if ($request_method !~ ^(GET|HEAD|POST)$ )
72 | {
73 | return 444;
74 | }
75 | location = /favicon.ico {
76 | log_not_found off;
77 | access_log off;
78 | }
79 | location = /robots.txt {
80 | allow all;
81 | log_not_found off;
82 | access_log off;
83 | }
84 | location ~ /\. {
85 | deny all;
86 | log_not_found off;
87 | access_log off;
88 | }
89 | location ~* /(?:uploads|files)/.*\.php$ {
90 | deny all;
91 | }
92 | location ~ \.(eot|ttf|woff|svg|css)$ {
93 | add_header Access-Control-Allow-Origin "*";
94 | }
95 | location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
96 | expires max;
97 | log_not_found off;
98 | access_log off;
99 | }
100 |
101 | }
--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
1 | ### 1.6.7 (2016-09-11)
2 | - Ghost now works with other themes
3 | - Fixed wrong path in nginx document root
4 | - http/2 is now default for nginx
5 | - Fix for HTTPOXY vulnerability
6 | - Added debug information
7 | - Enabled OPCache on PHP 7
8 | - Updated OpenVPN installer
9 |
10 | ### 1.6.6 (2016-07-09)
11 | - Fixed error with SQLite in ghost install *
12 | - Fixed missing mbstring in phpMyAdmin on Debian 8
13 | - Updated OpenVPN installer
14 | - Detect users running with "sh" instead of bash
15 | - Updated repository and key for Plexmediaserver.
16 |
17 | ### 1.6.5 (2016-06-09)
18 | - Updated LetsEncrypt to use Certbot.
19 | - Updated LetsEncrypt autorenew
20 | - Updated MySQL to version 5.7
21 | - Fixed error in MariaDB repo
22 | - Fixed standalone MariaDB installation.
23 | - Various bug fixes
24 |
25 | ### 1.6.4 (2016-03-06)
26 | - Fixed nginx config not being applied on setup
27 | - Fixed error in nginx ssl redirect
28 | - Added SSL support and port option for Aria2
29 | - Added SSL Support for Observium
30 | - Added UFW (Uncomplicated Firewall)
31 | - Added Unattended Upgrades
32 | - Updated OpenVPN installer
33 | - Various bug fixes
34 |
35 | ### 1.6.3 (2016-02-02)
36 | - Removed PPTP, Java and MCmyadmin install.
37 | - Fixed PHP 5 detection
38 | - Added SSL support for nginx with self signed certificate
39 | - Added SSL support for Ghost Blog
40 | - Added MySQL support for Ghost Blog
41 | - Updated nodejs for Ghost
42 | - Ghost and Wordpress are now installed with nginx.
43 | - Other tweaks and fixes
44 |
45 | ### 1.6.2 (2016-01-17)
46 | - Fixed errors in PHP 7 and PHP 5.6 install
47 | - Added experimental [Let's Encrypt](https://github.com/eunas/gotdeb/wiki/lets-encrypt) support for nginx
48 | - Updated MariaDB repo to version 10.1
49 | - Other tweaks and fixes
50 |
51 | ### 1.6.1 (2016-01-10)
52 | - Fixed typo in PHP 7 install.
53 | - Fixed line break issue in Dnsmasq config
54 | - Fetching the external IP correctly on NAT VPS servers
55 | - Updated OpenVPN Installer.
56 | - Updated Softether to version Ver 4.19 Build 9599 Beta
57 |
58 | ### 1.6 (2015-10-03)
59 | - Added [HHVM](http://hhvm.com/) (64 bit OS support only)
60 | - Added Dotdeb PHP 7 repo for Debian 8
61 | - MariaDB now checks for OS version, so the correct repo is used.
62 | - Updated Softether to version 4.19 Build 9578 beta
63 | - Minor tweaks and fixes
64 |
65 | ### 1.5.10 (2015-08-18)
66 | - Added Wordpress install
67 |
68 | ### 1.5.9 (2015-08-16)
69 | - Added Ghost blog with nginx as reverse proxy
70 | - Removed lighttpd
71 |
72 | ### 1.5.8 (2015-08-04)
73 | - Updated squid3 configuration for Debian 8
74 | - Updated OpenVPN Installer.
75 | - Updated Softether
76 | - Removed Lighttpd support for debian 7
77 | - Added Transmission BitTorrent client
78 | - Other Minor tweaks
79 |
80 | ### 1.5.7 (2015-06-22)
81 | - Added [Plex Media Server](https://github.com/eunas/essentials/wiki/plexmediaserver)
82 | - Updated Softether VPN to latest build
83 | - Changed file-allocation for aria2 to none.
84 | - Minor tweaks and fixes
85 |
86 | ### 1.5.6 (2015-05-07)
87 | - Updated nginx for Debian 8
88 | - Minor tweaks and fixes
89 |
90 | ### 1.5.5 (2015-04-27)
91 | - Updated PHP and x2go server for Debian 8
92 |
93 | ### 1.5.4 (2015-04-01)
94 |
95 | - Added TUN/TAP check
96 | - Fixed error in SoftEtherVPN Bridge setup
97 | - Fixed error In LEMP / LLMP stack setup.
98 | - Disabled Squid3 logging
99 | - Minor tweaks and fixes
100 | - Applied NYR's latest commit to OpenVPN install.
101 |
102 | ### 1.5.3 (2015-02-27)
103 |
104 | - Added Observium server and client install.
105 | - phpMyAdmin is now cloned from the official github. Upping it to a newer version. [(Advanced features disabled.)](https://github.com/eunas/essentials/wiki/phpMyAdmin)
106 | - Minor tweaks and fixes.
107 |
108 | ### 1.5.2 (2015-02-19)
109 |
110 | - Re-engineered ssmtp install.
111 | - Removed additional OS checks in openVPN install. (We already verified that.)
112 | - Replaced php5-mysql with php5-mysqlnd for better performance.
113 | - Added lighttpd 1.4.35 to webserver install.
114 | - Updated NYR's OpenVPN script
115 | - Fixed duplicate in php.ini
116 | - Other minor stuff.
117 |
118 | ### 1.5.1 (2015-02-16)
119 |
120 | - SSH port is now optional in "Secure system"
121 | - New option for SoftEther VPN Server. Choose between "SecureNAT" or "Local Bridge" If Local Bridge is selected but TUN/TAP is not enabled, SecureNAT will be used instead.
122 |
123 | ### 1.5 (2015-02-14)
124 |
125 | ## Fixed:
126 | - Error in MySQL Server installation.
127 | - Dnsmasq unable to start on some OpenVZ systems.
128 | - Various tweaks and fixes.
129 | - Aria2 is no longer compiled on the server as low end systems would run out of memory in the process. It's now installed from the debian testing repository.
130 |
131 | ##New:
132 | - Changed nginx repo from dotdeb to the official one.
133 | - You can now choose between nginx version 1.6.x or 1.7.x
134 | - nginx, PHP-FPM, MariaDB, Mysql, phpMyAdmin or any combination thereof, can now be installed in a single run.
135 | - secure_mysql_installation is no longer optional.
136 | - Supressed some output messages.
137 | - Updated Nyr's OpenVPN installer.
138 | - If apache2 is installed, remove it before installing nginx
139 |
140 | ### 1.4 (2015-02-07)
141 |
142 | ## Fixed:
143 | - Certificate check in speedtest.net fixed
144 | - Reworked the menu
145 |
146 | ## New:
147 | - SoftEtherVPN
148 | - Xfce desktop enviroment + X2Go server
149 | - [Secure system](https://github.com/eunas/essentials/wiki/Secure-System)
150 | - Install fail2ban
151 | - Change SSH port
152 | - Prevent root SSH login
153 | - Create new user
154 | - Wiki
155 |
156 | ## 1.3 (2015-02-04)
157 |
158 | ### Fixes:
159 | - Fixed error in my.cnf
160 |
161 | ### New:
162 | - Aria2 1.18.9 torrent client + Webui (Secret token security)
163 | - Linux Dash PHP server monitor.
164 | - Speedtest.net with image url to results.
165 |
166 | ## 1.2 (2015-01-03)
167 |
168 | ###Features:
169 |
170 | - New functions and clean up.
171 | - Seperated PHP-FPM and nginx
172 | - Tweaked nginx for lowend use.
173 | - Removed Apache2
174 | - Added FTPS to Pure-ftpd
175 | - Added port selection during pure-ftpd install
176 | - Added port selection during squid3 install
177 | - Minor changes to php.ini
178 | - Added php5-sqlite
179 | - Tweaked my.cnf for lowend use
180 | - Better OS info
181 | - Better info messages
182 | - Added Essentials script (See below)
183 | - Moved lftp to essentials
184 |
185 | ###Essentials:
186 |
187 | Essentials will remove un-needed services and install some essentials.
188 | Removes: apache2, bind9, samba, nscd, sendmail, portmap
189 | Disables: xinetd, saslauthd
190 | Installs: nano, rcconf, lftp, unzip
191 | Added Disk I/O test and Network speed test.
192 |
193 | ###Todo
194 | * Add easy vhost creation to nginx
195 | * lighttpd and php installation
196 | * More & better user management
197 |
198 |
--------------------------------------------------------------------------------
/setup.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | ########gotdeb.com#########github.com/eunas/gotdeb##########
3 | ############################################################
4 | # Core
5 | ############################################################
6 | check_install() {
7 | if [ $(dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed") -eq $2 ]
8 | then
9 | if [ -n "$3" ]; then
10 | print_warn "$3"
11 | fi
12 | if [ -n "$4" ]; then
13 | version=$(dpkg -s $1 | grep 'Version')
14 | print_info "$version"
15 | fi
16 | exit 1
17 | fi
18 | }
19 | print_info() { echo "$(tput bold)$(tput setaf 3)$*$(tput sgr0)"; }
20 | print_warn() { echo "$(tput bold)$(tput setaf 1)$*$(tput sgr0)"; }
21 | print_done() { echo "$(tput bold)$(tput setaf 2)$*$(tput sgr0)"; }
22 | die() { echo "$(tput bold)$(tput setaf 1)Warning: $*$(tput sgr0)"; }
23 | if readlink /proc/$$/exe | grep -qs "dash"; then
24 | print_warn "This script needs to be run with bash, not sh"
25 | exit 1
26 | fi
27 | plain_version() {
28 | VERSION=$(sed 's/\..*//' /etc/debian_version)
29 | echo "$VERSION"
30 | }
31 | check_sanity() {
32 | # Do some sanity checking.
33 | if readlink /proc/$$/exe | grep -qs "dash"; then
34 | echo "This script needs to be run with bash, not sh"
35 | exit 1
36 | fi
37 | if [ $(/usr/bin/id -u) != "0" ]
38 | then
39 | die 'Must be run by root user'
40 | fi
41 | if [[ $(plain_version) -lt 7 ]] ;
42 | then
43 | die "Distribution is not supported. Debian 7 or above required."
44 | fi
45 | MACHINE_TYPE=`uname -m`
46 | if [[ ${MACHINE_TYPE} == arm* ]] ; then
47 | die "ARM processors are not supported."
48 | fi
49 | }
50 | function get_ip {
51 | IP=$(ifconfig | grep 'inet addr:' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | cut -d: -f2 | awk '{ print $1}' | head -1)
52 | echo "$IP"
53 | }
54 | function get_external_ip {
55 | ip=$(curl -s http://v4.ident.me/ |cut -d " " -f 5)
56 | echo "$ip"
57 | }
58 | function get_version {
59 | version=$(dpkg -s $1 | grep 'Version')
60 | print_info "$version"
61 | }
62 | function dotdeb_php_repo {
63 | file="/etc/apt/sources.list.d/dotdeb_php.list"
64 | if [ ! -f "$file" ]
65 | then
66 | touch /etc/apt/sources.list.d/dotdeb_php.list
67 | echo "deb http://packages.dotdeb.org wheezy-php56 all" >> /etc/apt/sources.list.d/dotdeb_php.list
68 | echo "deb-src http://packages.dotdeb.org wheezy-php56 all" >> /etc/apt/sources.list.d/dotdeb_php.list
69 | wget http://www.dotdeb.org/dotdeb.gpg&> /dev/null
70 | apt-key add dotdeb.gpg &> /dev/null
71 | wait
72 | rm dotdeb.gpg
73 | fi
74 | apt-get update &> /dev/null
75 | wait
76 | }
77 | function dotdeb_php_7_repo {
78 | file="/etc/apt/sources.list.d/dotdeb_php.list"
79 | if [ ! -f "$file" ]
80 | then
81 | touch /etc/apt/sources.list.d/dotdeb_php.list
82 | fi
83 | if [ $(plain_version) = "8" ];
84 | then
85 | echo "deb http://packages.dotdeb.org jessie all" >> /etc/apt/sources.list.d/dotdeb_php.list
86 | echo "deb-src http://packages.dotdeb.org jessie all" >> /etc/apt/sources.list.d/dotdeb_php.list
87 | fi
88 | wget http://www.dotdeb.org/dotdeb.gpg &> /dev/null
89 | apt-key add dotdeb.gpg &> /dev/null
90 | wait
91 | rm dotdeb.gpg
92 | apt-get update &> /dev/null
93 | wait
94 | }
95 | function hhvm_repo {
96 | file="/etc/apt/sources.list.d/hhvm.list"
97 | if [ ! -f "$file" ]
98 | then
99 | touch /etc/apt/sources.list.d/hhvm.list
100 | fi
101 | if [ $(plain_version) = "7" ]; then
102 | echo deb "http://dl.hhvm.com/debian wheezy main" >> /etc/apt/sources.list.d/hhvm.list
103 | elif [ $(plain_version) = "8" ]; then
104 | echo deb "http://dl.hhvm.com/debian jessie main" >> /etc/apt/sources.list.d/hhvm.list
105 | fi
106 | apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0x5a16e7281be7a449 &> /dev/null
107 | wait
108 | apt-get update &> /dev/null
109 | }
110 | function nginx_repo {
111 | clear
112 | print_info "Installing nginx..."
113 | file="/etc/apt/sources.list.d/nginx.list"
114 | if [ ! -f "$file" ]
115 | then
116 | touch /etc/apt/sources.list.d/nginx.list
117 | fi
118 | >/etc/apt/sources.list.d/nginx.list
119 | if [[ $web = "1" ]] && [[ $(plain_version) = "7" ]];
120 | then
121 | echo "deb http://nginx.org/packages/debian/ wheezy nginx" >> /etc/apt/sources.list.d/nginx.list
122 | echo "deb-src http://nginx.org/packages/debian/ wheezy nginx" >> /etc/apt/sources.list.d/nginx.list
123 | elif [[ $web = "1" ]] && [[ $(plain_version) = "8" ]];
124 | then
125 | echo "deb http://nginx.org/packages/debian/ jessie nginx" >> /etc/apt/sources.list.d/nginx.list
126 | echo "deb-src http://nginx.org/packages/debian/ jessie nginx" >> /etc/apt/sources.list.d/nginx.list
127 | elif [[ $web = "2" ]] && [[ $(plain_version) = "7" ]];
128 | then
129 | echo "deb http://nginx.org/packages/mainline/debian/ wheezy nginx" >> /etc/apt/sources.list.d/nginx.list
130 | echo "deb-src http://nginx.org/packages/mainline/debian/ wheezy nginx" >> /etc/apt/sources.list.d/nginx.list
131 | elif [[ $web = "2" ]] && [[ $(plain_version) = "8" ]];
132 | then
133 | echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list.d/nginx.list
134 | echo "deb-src http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list.d/nginx.list
135 | fi
136 | wget http://nginx.org/keys/nginx_signing.key &> /dev/null
137 | apt-key add nginx_signing.key &> /dev/null
138 | wait
139 | rm nginx_signing.key
140 | apt-get update &> /dev/null
141 | apt-get install -y -y curl &> /dev/null
142 | wait
143 | }
144 | mariadb_repo() {
145 | file="/etc/apt/sources.list.d/mariadb.list"
146 | if [ ! -f "$file" ]
147 | then
148 | touch /etc/apt/sources.list.d/mariadb.list
149 | fi
150 | >/etc/apt/sources.list.d/mariadb.list
151 | if [[ $(plain_version) = "7" ]];
152 | then
153 | echo deb [arch=amd64,i386] "http://ams2.mirrors.digitalocean.com/mariadb/repo/10.1/debian wheezy main" >> /etc/apt/sources.list.d/mariadb.list
154 | elif [[ $(plain_version) = "8" ]];
155 | then
156 | echo deb [arch=amd64,i386] "http://ams2.mirrors.digitalocean.com/mariadb/repo/10.1/debian jessie main" >> /etc/apt/sources.list.d/mariadb.list
157 | fi
158 | apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db &> /dev/null
159 | apt-get update &> /dev/null
160 | wait
161 | apt-get install -y software-properties-common &> /dev/null
162 | wait
163 | }
164 | mysql_repo() {
165 | file="/etc/apt/sources.list.d/mysql.list"
166 | if [ ! -f "$file" ]
167 | then
168 | touch /etc/apt/sources.list.d/mysql.list
169 | fi
170 | if [[ $(plain_version) = "7" ]];
171 | then
172 | echo "deb http://repo.mysql.com/apt/debian/ wheezy mysql-5.7" >> /etc/apt/sources.list.d/mysql.list
173 | elif [[ $(plain_version) = "8" ]];
174 | then
175 | echo "deb http://repo.mysql.com/apt/debian/ jessie mysql-5.7" >> /etc/apt/sources.list.d/mysql.list
176 | fi
177 | apt-key adv --keyserver pgp.mit.edu --recv-keys 5072E1F5 &> /dev/null
178 | apt-get update &> /dev/null
179 | wait
180 | apt-get install -y software-properties-common &> /dev/null
181 | wait
182 | }
183 | mysql_opt() {
184 | #mysqladmin -u root password "$dbpass"
185 | mysql -u root -p"$dbpass" -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')" &> /dev/null
186 | mysql -u root -p"$dbpass" -e "DELETE FROM mysql.user WHERE User=''" &> /dev/null
187 | mysql -u root -p"$dbpass" -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'" &> /dev/null
188 | mysql -u root -p"$dbpass" -e "FLUSH PRIVILEGES" &> /dev/null
189 | print_info "Restarting services..."
190 | service mysql restart &> /dev/null
191 | }
192 | function rand {
193 | rand=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 4 | head -n 1)
194 | echo "$rand"
195 | }
196 | choice_menu() {
197 | print_info "Install nginx with HTTPS ? [y/n]"
198 | read -s -n 1 ssl
199 | if [[ $ssl != [YyNn] ]];
200 | then
201 | clear
202 | print_warn "Error in input, try again"
203 | exit 1
204 | fi
205 | if [ $ssl = "y" ]; then
206 | clear
207 | print_info "Please choose a SSL Certificate"
208 | print_info "1) Self signed"
209 | print_info "2) Let's Encrypt (Domain required)"
210 | read -s -n 1 sslv
211 | if [[ $sslv != [Ee12] ]];
212 | then
213 | print_warn "Invalid choice, try again"
214 | exit 1
215 | fi
216 | fi
217 | clear
218 | if [[ -z $php ]]; then
219 | print_info "Install PHP or HHVM ? (y/n)"
220 | read -s -n 1 php
221 | if [[ $php != [YyNn] ]];
222 | then
223 | clear
224 | print_warn "Error in input, try again"
225 | exit 1
226 | fi
227 | fi
228 | if [ $php = "y" ]; then
229 | print_info "Please choose which PHP version to install"
230 | print_info "1) PHP 5.6"
231 | if [ $(plain_version) = "8" ]; then
232 | print_info "2) PHP 7.0"
233 | fi
234 | MACHINE_TYPE=`uname -m`
235 | if [ ${MACHINE_TYPE} == 'x86_64' ]; then
236 | print_info "3) HHVM"
237 | fi
238 | read -s -n 1 phpv
239 | if [[ $phpv != [Ee123] ]];
240 | then
241 | print_warn "Invalid choice, try again"
242 | exit 1
243 | fi
244 | fi
245 | clear
246 | if [[ -z $db ]]; then
247 | print_info "Install MariaDB Server ? (y/n)"
248 | read -s -n 1 db
249 | if [[ $db != [YyNn] ]];
250 | then
251 | clear
252 | print_warn "Error in input, try again"
253 | exit 1
254 | fi
255 | fi
256 | if [[ $db = "n" ]]
257 | then
258 | clear
259 | if [[ -z $db1 ]]; then
260 | print_info "Install MySQL Server ? (y/n)"
261 | read -s -n 1 db1
262 | if [[ $db1 != [YyNn] ]];
263 | then
264 | clear
265 | print_warn "Error in input, try again"
266 | exit 1
267 | fi
268 | fi
269 | fi
270 | if [[ $php = "y" ]] && [[ $db == 'y' || $db1 == 'y' ]];
271 | then
272 | clear
273 | print_info "Install phpMyAdmin [y/n]"
274 | read -s -n 1 phpadm
275 | if [[ $phpadm != [YyNn] ]];
276 | then
277 | clear
278 | print_warn "Error in input, try again"
279 | exit 1
280 | fi
281 | fi
282 |
283 | if [[ $db = "y" ]] || [[ $db1 = "y" ]]
284 | then
285 | unset dbpass
286 | print_info "Enter a password for the MySQL root user:"
287 | while IFS= read -p "$prompt" -r -s -n 1 char
288 | do
289 | if [[ $char == $'\0' ]]
290 | then
291 | break
292 | fi
293 | prompt='*'
294 | dbpass+="$char"
295 | done
296 | echo ""
297 | if [[ -z $dbpass ]];
298 | then
299 | clear
300 | print_warn "MySql password can not be blank !"
301 | exit 1
302 | fi
303 | fi
304 | if [[ $sslv = "2" ]];
305 | then
306 | print_info ""
307 | print_warn "**********Notice**********"
308 | print_info "The domain you plan on using"
309 | print_info "should already resolve to the"
310 | print_info "servers main ip address."
311 | print_info "This goes for both www.domain.com"
312 | print_info "and domain.com"
313 | print_info "Else Let's Encrypt will fail."
314 | print_info "And nginx won't start."
315 | print_warn "**********Notice**********"
316 | print_info ""
317 | print_info "Enter Domain name (without www)"
318 | read d
319 | print_info "Enter a valid email"
320 | read mail
321 | print_info "Please wait ..."
322 | if [[ -z $d ]];
323 | then
324 | clear
325 | print_warn "Domain name not entered. Aborting."
326 | exit 1
327 | fi
328 | else
329 | print_info "Enter Domain, leave blank to use IP"
330 | read d
331 | print_info "Please wait ..."
332 | fi
333 | }
334 | php_version() {
335 | while true; do
336 | print_info "Please choose which PHP version to install"
337 | print_info "1) PHP 5.6"
338 | print_info "2) PHP 7.0"
339 | print_info "3) HHVM"
340 | print_info "e) Exit"
341 | read choice
342 | case $choice in
343 | 1)
344 | install_php
345 | break
346 | ;;
347 | 2)
348 | install_php7
349 | break
350 | ;;
351 | 3)
352 | install_hhvm
353 | break
354 | ;;
355 | e|E)
356 | break
357 | ;;
358 | *)
359 | print_warn "That is not a valid choice, try a number from 1 to 3."
360 | ;;
361 | esac
362 | done
363 | }
364 | ############################################################
365 | # Apps
366 | ############################################################
367 | function install_nginx {
368 | check_install nginx 1 "ngninx is already installed" v
369 | choice_menu
370 | apt-get install -y curl -y &> /dev/null
371 | if which apache2 >/dev/null; then
372 | print_info "Apache2 detected, please wait while we remove it..."
373 | service apache2 stop &> /dev/null
374 | apt-get --purge remove apache2 &> /dev/null
375 | wait
376 | fi
377 | nginx_repo
378 | apt-get install -y nginx &> /dev/null
379 | wait
380 | /bin/cat <<"EOM" >/etc/nginx/conf.d/default.conf
381 | server {
382 | listen 80 default_server;
383 | listen [::]:80 default_server ipv6only=on;
384 |
385 | root /usr/share/nginx/html;
386 | index index.php index.html index.htm;
387 |
388 | server_name _;
389 |
390 | location / {
391 | try_files $uri $uri/ =404;
392 | }
393 |
394 | error_page 404 /404.html;
395 | error_page 500 502 503 504 /50x.html;
396 | location = /50x.html {
397 | root /usr/share/nginx/html;
398 | }
399 | location ~ \.php$ {
400 | try_files $uri $uri/ =404;
401 | fastcgi_split_path_info ^(.+\.php)(/.+)$;
402 | fastcgi_pass unix:/var/run/php5-fpm.sock;
403 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
404 | fastcgi_index index.php;
405 | include fastcgi_params;
406 | }
407 | location = /favicon.ico {
408 | log_not_found off;
409 | access_log off;
410 | }
411 | location = /robots.txt {
412 | allow all;
413 | log_not_found off;
414 | access_log off;
415 | }
416 | location ~ /\. {
417 | deny all;
418 | log_not_found off;
419 | access_log off;
420 | }
421 |
422 | location ~* /(?:uploads|files)/.*\.php$ {
423 | deny all;
424 | }
425 | location ~ \.(eot|ttf|woff|svg|css)$ {
426 | add_header Access-Control-Allow-Origin "*";
427 | }
428 | location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
429 | expires max;
430 | log_not_found off;
431 | access_log off;
432 | }
433 | }
434 | EOM
435 | if [ -z "$d" ] ; then
436 | d="$(get_external_ip)"
437 | fi
438 | sed -i "s|.*server_name.*| server_name "$d";|" /etc/nginx/conf.d/default.conf
439 | sed -i "s|.*user.*nginx.*|user www-data;|" /etc/nginx/nginx.conf
440 | cpu_count=`grep -c ^processor /proc/cpuinfo`
441 | sed -i "s|.*worker_processes.*[0-9].*|worker_processes $cpu_count;|" /etc/nginx/nginx.conf
442 | sed -i "s|.* #gzip on;.*| gzip on;|" /etc/nginx/nginx.conf
443 | sed -i '/ gzip on;/ a\ gzip_vary on;' /etc/nginx/nginx.conf
444 | sed -i '/ gzip_vary on;/ a\ gzip_proxied any;' /etc/nginx/nginx.conf
445 | sed -i '/ gzip_proxied any;/ a\ gzip_comp_level 6;' /etc/nginx/nginx.conf
446 | sed -i '/ gzip_comp_level 6;/ a\ gzip_buffers 16 8k;' /etc/nginx/nginx.conf
447 | sed -i '/ gzip_buffers 16 8k;/ a\ gzip_http_version 1.1;' /etc/nginx/nginx.conf
448 | sed -i '/ gzip_http_version 1.1;/ a\ gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;' /etc/nginx/nginx.conf
449 | sed -i '/.*sendfile.*;/ a\ server_tokens off; ' /etc/nginx/nginx.conf
450 | echo 'fastcgi_param HTTP_PROXY "";' >> /etc/nginx/fastcgi_params
451 | if [[ $sslv = "1" ]]
452 | then
453 | setup_selfsigned
454 | elif [[ $sslv = "2" ]]
455 | then
456 | setup_letsencrypt
457 | else
458 | if which ufw >/dev/null; then
459 | ufw allow 80/tcp &> /dev/null
460 | ufw disable &> /dev/null
461 | ufw --force enable &> /dev/null
462 | fi
463 | service nginx restart &> /dev/null
464 | print_done "ngninx successfully installed."
465 | fi
466 | if [ $php = "y" ] && [ $phpv = "1" ] ; then
467 | install_php
468 | elif
469 | [ $php = "y" ] && [ $phpv = "2" ] ; then
470 | install_php7
471 | elif
472 | [ $php = "y" ] && [ $phpv = "3" ] ; then
473 | install_hhvm
474 | fi
475 | if [[ $db = "y" ]]
476 | then
477 | install_mariadb
478 | fi
479 | if [[ $db1 = "y" ]]
480 | then
481 | install_mysql
482 | fi
483 | if [[ $phpadm = "y" ]]
484 | then
485 | install_phpmyadmin
486 | fi
487 | }
488 | setup_selfsigned() {
489 | print_info "Setting up SSL Certificate ..."
490 | apt-get install -y openssl &> /dev/null
491 | mkdir -p /etc/nginx/ssl
492 | cd /etc/nginx/ssl
493 | openssl req -sha256 -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt -subj "/C=US/ST=defaultstate/L=defaultcity/O=myorg/CN="$d"" &> /dev/null
494 | wait
495 | chmod 600 /etc/nginx/ssl/nginx.key
496 | if [ -z "$d" ] ; then
497 | d="$(get_external_ip)"
498 | fi
499 | rm /etc/nginx/conf.d/default.conf
500 | wget -O /etc/nginx/conf.d/default.conf https://raw.githubusercontent.com/eunas/gotdeb/master/resources/default-ssl.conf --no-check-certificate&> /dev/null
501 | wait
502 | sed -i "s| ssl_certificate /etc/letsencrypt/live/domain/fullchain.pem;| ssl_certificate /etc/nginx/ssl/nginx.crt;|" /etc/nginx/conf.d/default.conf
503 | sed -i "s| ssl_certificate_key /etc/letsencrypt/live/domain/privkey.pem;| ssl_certificate_key /etc/nginx/ssl/nginx.key;|" /etc/nginx/conf.d/default.conf
504 | sed -i "s|.*server_name domain www.domain;.*| server_name "$d";|" /etc/nginx/conf.d/default.conf
505 | sed -i "s| ssl_dhparam /etc/letsencrypt/dhparams.pem;| ssl_dhparam /etc/nginx/ssl/dhparams.pem;|" /etc/nginx/conf.d/default.conf
506 | if [ $web = "1" ] ; then
507 | sed -i "s|.*listen 443.*| listen 443 ssl;|" /etc/nginx/conf.d/default.conf
508 | fi
509 | cd /etc/nginx/ssl/
510 | openssl dhparam -out dhparams.pem 2048 &> /dev/null
511 | chmod 600 dhparams.pem
512 | if which ufw >/dev/null; then
513 | ufw allow 80/tcp &> /dev/null
514 | ufw allow 443/tcp &> /dev/null
515 | ufw disable &> /dev/null
516 | ufw --force enable &> /dev/null
517 | fi
518 | service nginx restart &> /dev/null
519 | print_done "ngninx successfully installed."
520 | }
521 | setup_letsencrypt() {
522 | print_info "Setting up Let's Encrypt. This might take a while..."
523 | if [[ ! -f /usr/sbin/cron ]]; then
524 | apt-get update &> /dev/null
525 | apt-get install -y cron &> /dev/null
526 | wait
527 | fi
528 | if [ $(plain_version) = "8" ]; then
529 | if ! grep -q jessie-backports "/etc/apt/sources.list"; then
530 | echo "deb http://http.debian.net/debian jessie-backports main" >>/etc/apt/sources.list
531 | fi
532 | apt-get update &> /dev/null
533 | wait
534 | apt-get install -y certbot -t jessie-backports &> /dev/null
535 | wait
536 | service nginx stop
537 | wait
538 | certbot certonly -n --standalone --agree-tos --email "$mail" -d "$d" -d www."$d" &> /dev/null
539 | wait
540 | (crontab -l 2>/dev/null; echo "30 2 * * 1 /certbot renew --quiet >> /var/log/le-renewal.log") | crontab -
541 | fi
542 | if [ $(plain_version) = "7" ]; then
543 | mkdir /etc/letsencrypt
544 | wget -O /etc/letsencrypt/certbot-auto https://dl.eff.org/certbot-auto --no-check-certificate &> /dev/null
545 | wait
546 | service nginx stop
547 | wait
548 | chmod a+x /etc/letsencrypt/certbot-auto
549 | /etc/letsencrypt/certbot-auto certonly -n --standalone --agree-tos --email "$mail" -d "$d" -d www."$d" &> /dev/null
550 | wait
551 | (crontab -l 2>/dev/null; echo "30 2 * * 1 /etc/letsencrypt/certbot-auto renew --quiet >> /var/log/le-renewal.log") | crontab -
552 | fi
553 | rm /etc/nginx/conf.d/default.conf
554 | wget -O /etc/nginx/conf.d/default.conf https://raw.githubusercontent.com/eunas/gotdeb/master/resources/default-ssl.conf --no-check-certificate &> /dev/null
555 | wait
556 | sed -i "s| ssl_certificate /etc/letsencrypt/live/domain/fullchain.pem;| ssl_certificate /etc/letsencrypt/live/"$d"/fullchain.pem;|" /etc/nginx/conf.d/default.conf
557 | sed -i "s| ssl_certificate_key /etc/letsencrypt/live/domain/privkey.pem;| ssl_certificate_key /etc/letsencrypt/live/"$d"/privkey.pem;|" /etc/nginx/conf.d/default.conf
558 | sed -i "s| server_name domain www.domain;| server_name "$d" www."$d";|" /etc/nginx/conf.d/default.conf
559 | if [ $web = "1" ] ; then
560 | sed -i "s|.*listen 443.*| listen 443 ssl;|" /etc/nginx/conf.d/default.conf
561 | fi
562 | cd /etc/letsencrypt/
563 | openssl dhparam -out dhparams.pem 2048
564 | chmod 600 dhparams.pem
565 | if which ufw >/dev/null; then
566 | ufw allow 80/tcp &> /dev/null
567 | ufw allow 443/tcp &> /dev/null
568 | ufw disable &> /dev/null
569 | ufw --force enable &> /dev/null
570 | fi
571 | service nginx &> /dev/null
572 | print_done "ngninx successfully installed."
573 | }
574 | function install_php {
575 | if [ -x /usr/sbin/nginx ]; then
576 | check_install php5-fpm 1 "php5-fpm is already installed" v
577 | print_info "Installing PHP ..."
578 | if [ $(plain_version) = "7" ]; then
579 | dotdeb_php_repo
580 | fi
581 | DEBIAN_FRONTEND=noninteractive apt-get install -y php5-fpm php5-common php5-mysqlnd php5-sqlite php5-mcrypt php5-curl curl php5-cli php5-gd &> /dev/null
582 | sed -i "s|.*;cgi.fix_pathinfo.*|cgi.fix_pathinfo=0|" /etc/php5/fpm/php.ini
583 | sed -i "s|.*upload_max_filesize = 2M.*|upload_max_filesize = 128M|" /etc/php5/fpm/php.ini
584 | sed -i "s|.*post_max_size = 8M.*|post_max_size = 128M|" /etc/php5/fpm/php.ini
585 | sed -i "s|.*reload signal USR2.*| #reload signal USR2|" /etc/init/php5-fpm.conf
586 | touch /usr/share/nginx/html/info.php
587 | /bin/cat <<"EOM" >/usr/share/nginx/html/info.php
588 |
591 | EOM
592 | wait
593 | service php5-fpm start &> /dev/null
594 | service nginx restart &> /dev/null
595 | print_done "PHP-FPM 5.6 successfully installed."
596 | else
597 | print_warn "No webserver installed. Aborting"
598 | exit 1
599 | fi
600 | }
601 | function install_php7 {
602 | if [ -x /usr/sbin/nginx ]; then
603 | check_install php7-fpm 1 "php7-fpm is already installed" v
604 | print_info "Installing PHP 7 ..."
605 | dotdeb_php_7_repo
606 | wait
607 | DEBIAN_FRONTEND=noninteractive apt-get install -y php7.0-mysql php7.0 php7.0-fpm php7.0-common curl php7.0-cli php7.0-gd php7.0-mcrypt php7.0-opcache php7.0-curl &> /dev/null
608 | ram=$(free | awk '/^Mem:/{print $2}')
609 | op_mem=$(($ram / 1024 /4))
610 | sed -i "s|.*;cgi.fix_pathinfo.*|cgi.fix_pathinfo=0|" /etc/php/7.0/fpm/php.ini
611 | sed -i "s|.*upload_max_filesize = 2M.*|upload_max_filesize = 128M|" /etc/php/7.0/fpm/php.ini
612 | sed -i "s|.*post_max_size = 8M.*|post_max_size = 128M|" /etc/php/7.0/fpm/php.ini
613 | sed -i "s| fastcgi_pass unix:/var/run/php5-fpm.sock;| fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;|" /etc/nginx/conf.d/default.conf
614 | sed -i "s|.*;opcache.enable=1.*|opcache.enable=1|" /etc/php/7.0/fpm/php.ini
615 | sed -i "s|.*;opcache.memory_consumption.*|opcache.memory_consumption=$op_mem|" /etc/php/7.0/fpm/php.in
616 | touch /usr/share/nginx/html/info.php
617 | /bin/cat <<"EOM" >/usr/share/nginx/html/info.php
618 |
621 | wget -O /usr/share/nginx/html/opcache.php https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php --no-check-certificate &> /dev/null
622 | EOM
623 | wait
624 | service php7.0-fpm start &> /dev/null
625 | service nginx restart &> /dev/null
626 | print_done "PHP-FPM 7.0 successfully installed."
627 | else
628 | print_warn "No webserver installed. Aborting"
629 | exit 1
630 | fi
631 | }
632 | function install_hhvm {
633 | if [ -x /usr/sbin/nginx ]; then
634 | print_info "Installing HHVM ..."
635 | hhvm_repo
636 | wait
637 | apt-get install -y php5-mysql hhvm curl &> /dev/null
638 | sed -i "s| fastcgi_pass unix:/var/run/php5-fpm.sock;| fastcgi_pass unix:/var/run/hhvm/hhvm.sock;|" /etc/nginx/conf.d/default.conf
639 | sed -i '/hhvm.server.port = 9000/ a\hhvm.server.file_socket=/var/run/hhvm/hhvm.sock' /etc/hhvm/server.ini
640 | sed -i "s|hhvm.server.port = 9000|;hhvm.server.port = 9000|" /etc/hhvm/server.ini
641 | touch /usr/share/nginx/html/info.php
642 | /bin/cat <<"EOM" >/usr/share/nginx/html/info.php
643 |
646 | EOM
647 | wait
648 | service hhvm restart &> /dev/null
649 | service nginx restart &> /dev/null
650 | print_done "HHVM successfully installed."
651 | else
652 | print_warn "No webserver installed. Aborting"
653 | exit 1
654 | fi
655 | }
656 | install_mysql() {
657 | check_install mysql-server 1 "MySQL is already installed"
658 | check_install mariadb-server 1 "MariaDB is the current DB server. Can't install MySQL"
659 | if [ -z "$dbpass" ];
660 | then
661 | unset dbpass
662 | print_info "Enter a password for the MySQL root user:"
663 | while IFS= read -p "$prompt" -r -s -n 1 char
664 | do
665 | if [[ $char == $'\0' ]]
666 | then
667 | break
668 | fi
669 | prompt='*'
670 | dbpass+="$char"
671 | done
672 | fi
673 | clear
674 | print_info "Installing MySQL Server, please wait..."
675 | mysql_repo
676 | echo mysql-community-server mysql-community-server/root-pass password $dbpass | debconf-set-selections &> /dev/null
677 | echo mysql-community-server mysql-community-server/re-root-pass password $dbpass | debconf-set-selections &> /dev/null
678 | DEBIAN_FRONTEND=noninteractive apt-get install -y mysql-server &> /dev/null
679 | wait
680 | mysql_opt $dbpass
681 | print_done "MySQL successfully installed."
682 | }
683 | function install_mariadb {
684 | check_install mysql-server 1 "MySQL is the current DB server. Can't install Mariadb"
685 | check_install mariadb-server 1 "MariaDB Server is already installed"
686 | if [ -z "$dbpass" ];
687 | then
688 | unset dbpass
689 | print_info "Enter a password for the MySQL root user:"
690 | while IFS= read -p "$prompt" -r -s -n 1 char
691 | do
692 | if [[ $char == $'\0' ]]
693 | then
694 | break
695 | fi
696 | prompt='*'
697 | dbpass+="$char"
698 | done
699 | fi
700 | clear
701 | print_info "Installing MariaDB Server, please wait...";
702 | mariadb_repo
703 | echo mariadb-server mysql-server/root_password password $dbpass | debconf-set-selections
704 | echo mariadb-server mysql-server/root_password_again password $dbpass | debconf-set-selections
705 | DEBIAN_FRONTEND=noninteractive apt-get install -y mariadb-server &> /dev/null
706 | wait
707 | mysql_opt
708 | sed -i '/default-storage-engine=MyISAM/ a\default-tmp-storage-engine=MyISAM' /etc/mysql/my.cnf
709 | print_done "MariaDB successfully installed."
710 | }
711 | function install_phpmyadmin {
712 | check_install phpmyadmin 1 "phpMyAdmin is already installed" v
713 | check_install nginx 0 "Nginx is not installed."
714 | if [[ ! -f /usr/sbin/php5-fpm ]] && [[ ! -f /usr/sbin/php-fpm7.0 ]] && [[ ! -f /usr/bin/hhvm ]]; then
715 | print_warn "PHP or HHVM is not installed."
716 | exit 1
717 | fi
718 | if ((! $(ps -ef | grep -v grep | grep mysql | wc -l) > 0 ))
719 | then
720 | print_warn "The MySQL server is stopped or not installed.";
721 | exit 1
722 |
723 | fi
724 | print_info "Installing phpMyAdmin..."
725 | if [[ $phpv = "2" ]] && [[ $(plain_version) = "8" ]];
726 | then
727 | apt-get install -y php7.0-mbstring &> /dev/null
728 | wait
729 | fi
730 | apt-get install -y unzip &> /dev/null
731 | wait
732 | wget -O /tmp/phpmyadmin.zip https://github.com/phpmyadmin/phpmyadmin/archive/STABLE.zip &> /dev/null
733 | wait
734 | unzip /tmp/phpmyadmin.zip -d /tmp &> /dev/null
735 | wait
736 | rm /tmp/phpmyadmin.zip
737 | mkdir /usr/share/phpmyadmin
738 | mv /tmp/phpmyadmin-STABLE/* /usr/share/phpmyadmin
739 | chown -R www-data:www-data /usr/share/phpmyadmin
740 | cp /usr/share/phpmyadmin/config.sample.inc.php /usr/share/phpmyadmin/config.inc.php
741 | sed -i "s|.*blowfish_secret.*|\$cfg['blowfish_secret'] = '$(rand)';|" /usr/share/phpmyadmin/config.inc.php
742 | sed -i '/.*blowfish_secret.*/ a\$cfg['PmaNoRelation_DisableWarning'] = true;' /usr/share/phpmyadmin/config.inc.php
743 | ln -s /usr/share/phpmyadmin/ /usr/share/nginx/html
744 | if [[ -f /usr/sbin/php-fpm7.0 ]]; then
745 | chown -R www-data:www-data /var/lib/php/sessions
746 | fi
747 | if [[ -f /usr/bin/hhvm ]]; then
748 | echo "\$cfg['Servers'][\$i]['port'] = '3306';" >> /usr/share/phpmyadmin/config.inc.php
749 | sed -i "s|.*localhost.*|\$cfg['Servers'][\$i]['host'] = '127.0.0.1';|" /usr/share/phpmyadmin/config.inc.php
750 | fi
751 | service nginx restart &> /dev/null
752 | print_done "phpMyAdmin successfully installed."
753 | }
754 | function install_webserver {
755 | clear
756 | print_info "Please choose which version to install"
757 | print_info "1) nginx Stable"
758 | print_info "2) nginx Mainline"
759 | print_info "e) Exit"
760 | read -s -n 1 web
761 | if [[ $web != [Ee123] ]];
762 | then
763 | print_warn "Invalid choice, try again"
764 | install_webserver
765 | fi
766 | if [[ $web = [12] ]];
767 | then
768 | install_nginx
769 | fi
770 | if [[ $web = "e" ]]
771 | then
772 | exit 1
773 | fi
774 | }
775 | function install_pureftpd {
776 | check_install pure-ftpd 1 "Pure-ftpd is already installed." v
777 | print_info "Define port for Pure-ftpd, leave blank for port 21"
778 | read p
779 | print_info "Installing Pure-FTPd..."
780 | apt-get update &> /dev/null
781 | wait
782 | DEBIAN_FRONTEND=noninteractive apt-get install -y pure-ftpd &> /dev/null
783 | wait
784 | if [ -z "$p" ] ; then
785 | p="21"
786 | fi
787 | echo "yes" > /etc/pure-ftpd/conf/Daemonize
788 | echo "yes" > /etc/pure-ftpd/conf/NoAnonymous
789 | echo "yes" > /etc/pure-ftpd/conf/ChrootEveryone
790 | echo "2" > /etc/pure-ftpd/conf/TLS
791 | echo "$p" > /etc/pure-ftpd/conf/Bind
792 | openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem -subj "/C=US/ST=defaultstate/L=defaultcity/O=myorg/CN=localhost"
793 | if which ufw >/dev/null; then
794 | ufw allow "$p"/tcp &> /dev/null
795 | ufw disable &> /dev/null
796 | ufw --force enable &> /dev/null
797 | fi
798 | service pure-ftpd restart &> /dev/null
799 | print_done "Pure-FTPd with FTPS support successfully installed."
800 | }
801 | function install_openvpn {
802 | if [[ ! -e /dev/net/tun ]]; then
803 | print_warn "TUN is not available"
804 | exit 1
805 | fi
806 | if grep -qs "CentOS release 5" "/etc/redhat-release"; then
807 | echo "CentOS 5 is too old and not supported"
808 | exit 2
809 | fi
810 | if [[ -e /etc/debian_version ]]; then
811 | OS=debian
812 | GROUPNAME=nogroup
813 | RCLOCAL='/etc/rc.local'
814 | elif [[ -e /etc/centos-release || -e /etc/redhat-release ]]; then
815 | OS=centos
816 | GROUPNAME=nobody
817 | RCLOCAL='/etc/rc.d/rc.local'
818 | # Needed for CentOS 7
819 | chmod +x /etc/rc.d/rc.local
820 | else
821 | echo "Looks like you aren't running this installer on a Debian, Ubuntu or CentOS system"
822 | exit 3
823 | fi
824 |
825 | newclient () {
826 | # Generates the custom client.ovpn
827 | cp /etc/openvpn/client-common.txt ~/$1.ovpn
828 | echo "" >> ~/$1.ovpn
829 | cat /etc/openvpn/easy-rsa/pki/ca.crt >> ~/$1.ovpn
830 | echo "" >> ~/$1.ovpn
831 | echo "" >> ~/$1.ovpn
832 | cat /etc/openvpn/easy-rsa/pki/issued/$1.crt >> ~/$1.ovpn
833 | echo "" >> ~/$1.ovpn
834 | echo "" >> ~/$1.ovpn
835 | cat /etc/openvpn/easy-rsa/pki/private/$1.key >> ~/$1.ovpn
836 | echo "" >> ~/$1.ovpn
837 | echo "" >> ~/$1.ovpn
838 | cat /etc/openvpn/ta.key >> ~/$1.ovpn
839 | echo "" >> ~/$1.ovpn
840 | }
841 |
842 |
843 | # Try to get our IP from the system and fallback to the Internet.
844 | # I do this to make the script compatible with NATed servers (lowendspirit.com)
845 | # and to avoid getting an IPv6.
846 | IP=$(ip addr | grep 'inet' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -o -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1)
847 | if [[ "$IP" = "" ]]; then
848 | IP=$(wget -qO- ipv4.icanhazip.com)
849 | fi
850 |
851 |
852 | if [[ -e /etc/openvpn/server.conf ]]; then
853 | while :
854 | do
855 | clear
856 | echo "Looks like OpenVPN is already installed"
857 | echo ""
858 | echo "What do you want to do?"
859 | echo " 1) Add a cert for a new user"
860 | echo " 2) Revoke existing user cert"
861 | echo " 3) Remove OpenVPN"
862 | echo " 4) Exit"
863 | read -p "Select an option [1-4]: " option
864 | case $option in
865 | 1)
866 | echo ""
867 | echo "Tell me a name for the client cert"
868 | echo "Please, use one word only, no special characters"
869 | read -p "Client name: " -e -i client CLIENT
870 | cd /etc/openvpn/easy-rsa/
871 | ./easyrsa build-client-full $CLIENT nopass
872 | # Generates the custom client.ovpn
873 | newclient "$CLIENT"
874 | echo ""
875 | echo "Client $CLIENT added, certs available at ~/$CLIENT.ovpn"
876 | exit
877 | ;;
878 | 2)
879 | # This option could be documented a bit better and maybe even be simplimplified
880 | # ...but what can I say, I want some sleep too
881 | NUMBEROFCLIENTS=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep -c "^V")
882 | if [[ "$NUMBEROFCLIENTS" = '0' ]]; then
883 | echo ""
884 | echo "You have no existing clients!"
885 | exit 5
886 | fi
887 | echo ""
888 | echo "Select the existing client certificate you want to revoke"
889 | tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | nl -s ') '
890 | if [[ "$NUMBEROFCLIENTS" = '1' ]]; then
891 | read -p "Select one client [1]: " CLIENTNUMBER
892 | else
893 | read -p "Select one client [1-$NUMBEROFCLIENTS]: " CLIENTNUMBER
894 | fi
895 | CLIENT=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | sed -n "$CLIENTNUMBER"p)
896 | cd /etc/openvpn/easy-rsa/
897 | ./easyrsa --batch revoke $CLIENT
898 | ./easyrsa gen-crl
899 | rm -rf pki/reqs/$CLIENT.req
900 | rm -rf pki/private/$CLIENT.key
901 | rm -rf pki/issued/$CLIENT.crt
902 | rm -rf /etc/openvpn/crl.pem
903 | cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem
904 | # CRL is read with each client connection, when OpenVPN is dropped to nobody
905 | chown nobody:$GROUPNAME /etc/openvpn/crl.pem
906 | echo ""
907 | echo "Certificate for client $CLIENT revoked"
908 | exit
909 | ;;
910 | 3)
911 | echo ""
912 | read -p "Do you really want to remove OpenVPN? [y/n]: " -e -i n REMOVE
913 | if [[ "$REMOVE" = 'y' ]]; then
914 | PORT=$(grep '^port ' /etc/openvpn/server.conf | cut -d " " -f 2)
915 | if pgrep firewalld; then
916 | # Using both permanent and not permanent rules to avoid a firewalld reload.
917 | firewall-cmd --zone=public --remove-port=$PORT/udp
918 | firewall-cmd --zone=trusted --remove-source=10.8.0.0/24
919 | firewall-cmd --permanent --zone=public --remove-port=$PORT/udp
920 | firewall-cmd --permanent --zone=trusted --remove-source=10.8.0.0/24
921 | fi
922 | if iptables -L -n | grep -qE 'REJECT|DROP'; then
923 | sed -i "/iptables -I INPUT -p udp --dport $PORT -j ACCEPT/d" $RCLOCAL
924 | sed -i "/iptables -I FORWARD -s 10.8.0.0\/24 -j ACCEPT/d" $RCLOCAL
925 | sed -i "/iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT/d" $RCLOCAL
926 | fi
927 | sed -i '/iptables -t nat -A POSTROUTING -s 10.8.0.0\/24 -j SNAT --to /d' $RCLOCAL
928 | if hash sestatus 2>/dev/null; then
929 | if sestatus | grep "Current mode" | grep -qs "enforcing"; then
930 | if [[ "$PORT" != '1194' ]]; then
931 | semanage port -d -t openvpn_port_t -p udp $PORT
932 | fi
933 | fi
934 | fi
935 | if [[ "$OS" = 'debian' ]]; then
936 | apt-get remove --purge -y openvpn openvpn-blacklist
937 | else
938 | yum remove openvpn -y
939 | fi
940 | rm -rf /etc/openvpn
941 | rm -rf /usr/share/doc/openvpn*
942 | echo ""
943 | echo "OpenVPN removed!"
944 | else
945 | echo ""
946 | echo "Removal aborted!"
947 | fi
948 | exit
949 | ;;
950 | 4) exit;;
951 | esac
952 | done
953 | else
954 | clear
955 | print_info 'Welcome to this quick OpenVPN "road warrior" installer'
956 | print_info ""
957 | # OpenVPN setup and first user creation
958 | print_info "I need to ask you a few questions before starting the setup"
959 | print_info "You can leave the default options and just press enter if you are ok with them"
960 | print_info ""
961 | print_info "First I need to know the IPv4 address of the network interface you want OpenVPN"
962 | print_info "listening to."
963 | read -p "IP address: " -e -i $IP IP
964 | print_info ""
965 | print_info "What port do you want for OpenVPN?"
966 | read -p "Port: " -e -i 1194 PORT
967 | print_info ""
968 | print_info "What DNS do you want to use with the VPN?"
969 | print_info " 1) Current system resolvers"
970 | print_info " 2) Google"
971 | print_info " 3) OpenDNS"
972 | print_info " 4) NTT"
973 | print_info " 5) Hurricane Electric"
974 | print_info " 6) Verisign"
975 | read -p "DNS [1-6]: " -e -i 1 DNS
976 | print_info ""
977 | print_info "Finally, tell me your name for the client cert"
978 | print_info "Please, use one word only, no special characters"
979 | read -p "Client name: " -e -i client CLIENT
980 | print_info ""
981 | print_info "Okay, that was all I needed. We are ready to setup your OpenVPN server now"
982 | read -n1 -r -p "Press any key to continue..."
983 | if [[ "$OS" = 'debian' ]]; then
984 | apt-get update &> /dev/null
985 | apt-get install -y openvpn iptables openssl ca-certificates &> /dev/null
986 | else
987 | # Else, the distro is CentOS
988 | yum install epel-release -y
989 | yum install openvpn iptables openssl wget ca-certificates -y
990 | fi
991 | # An old version of easy-rsa was available by default in some openvpn packages
992 | if [[ -d /etc/openvpn/easy-rsa/ ]]; then
993 | rm -rf /etc/openvpn/easy-rsa/
994 | fi
995 | # Get easy-rsa
996 | wget -O ~/EasyRSA-3.0.1.tgz https://github.com/OpenVPN/easy-rsa/releases/download/3.0.1/EasyRSA-3.0.1.tgz
997 | tar xzf ~/EasyRSA-3.0.1.tgz -C ~/
998 | mv ~/EasyRSA-3.0.1/ /etc/openvpn/
999 | mv /etc/openvpn/EasyRSA-3.0.1/ /etc/openvpn/easy-rsa/
1000 | chown -R root:root /etc/openvpn/easy-rsa/
1001 | rm -rf ~/EasyRSA-3.0.1.tgz
1002 | cd /etc/openvpn/easy-rsa/
1003 | # Create the PKI, set up the CA, the DH params and the server + client certificates
1004 | ./easyrsa init-pki
1005 | ./easyrsa --batch build-ca nopass
1006 | ./easyrsa gen-dh
1007 | ./easyrsa build-server-full server nopass
1008 | ./easyrsa build-client-full $CLIENT nopass
1009 | ./easyrsa gen-crl
1010 | # Move the stuff we need
1011 | cp pki/ca.crt pki/private/ca.key pki/dh.pem pki/issued/server.crt pki/private/server.key /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn
1012 | # CRL is read with each client connection, when OpenVPN is dropped to nobody
1013 | chown nobody:$GROUPNAME /etc/openvpn/crl.pem
1014 | # Generate key for tls-auth
1015 | openvpn --genkey --secret /etc/openvpn/ta.key
1016 | # Generate server.conf
1017 | echo "port $PORT
1018 | proto udp
1019 | dev tun
1020 | sndbuf 0
1021 | rcvbuf 0
1022 | ca ca.crt
1023 | cert server.crt
1024 | key server.key
1025 | dh dh.pem
1026 | tls-auth ta.key 0
1027 | topology subnet
1028 | server 10.8.0.0 255.255.255.0
1029 | ifconfig-pool-persist ipp.txt" > /etc/openvpn/server.conf
1030 | echo 'push "redirect-gateway def1 bypass-dhcp"' >> /etc/openvpn/server.conf
1031 | # DNS
1032 | case $DNS in
1033 | 1)
1034 | # Obtain the resolvers from resolv.conf and use them for OpenVPN
1035 | grep -v '#' /etc/resolv.conf | grep 'nameserver' | grep -E -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | while read line; do
1036 | echo "push \"dhcp-option DNS $line\"" >> /etc/openvpn/server.conf
1037 | done
1038 | ;;
1039 | 2)
1040 | echo 'push "dhcp-option DNS 8.8.8.8"' >> /etc/openvpn/server.conf
1041 | echo 'push "dhcp-option DNS 8.8.4.4"' >> /etc/openvpn/server.conf
1042 | ;;
1043 | 3)
1044 | echo 'push "dhcp-option DNS 208.67.222.222"' >> /etc/openvpn/server.conf
1045 | echo 'push "dhcp-option DNS 208.67.220.220"' >> /etc/openvpn/server.conf
1046 | ;;
1047 | 4)
1048 | echo 'push "dhcp-option DNS 129.250.35.250"' >> /etc/openvpn/server.conf
1049 | echo 'push "dhcp-option DNS 129.250.35.251"' >> /etc/openvpn/server.conf
1050 | ;;
1051 | 5)
1052 | echo 'push "dhcp-option DNS 74.82.42.42"' >> /etc/openvpn/server.conf
1053 | ;;
1054 | 6)
1055 | echo 'push "dhcp-option DNS 64.6.64.6"' >> /etc/openvpn/server.conf
1056 | echo 'push "dhcp-option DNS 64.6.65.6"' >> /etc/openvpn/server.conf
1057 | ;;
1058 | esac
1059 | echo "keepalive 10 120
1060 | cipher AES-128-CBC
1061 | comp-lzo
1062 | user nobody
1063 | group $GROUPNAME
1064 | persist-key
1065 | persist-tun
1066 | status openvpn-status.log
1067 | verb 3
1068 | crl-verify crl.pem" >> /etc/openvpn/server.conf
1069 | # Enable net.ipv4.ip_forward for the system
1070 | if [[ "$OS" = 'debian' ]]; then
1071 | sed -i 's|#net.ipv4.ip_forward=1|net.ipv4.ip_forward=1|' /etc/sysctl.conf
1072 | else
1073 | # CentOS 5 and 6
1074 | sed -i 's|net.ipv4.ip_forward = 0|net.ipv4.ip_forward = 1|' /etc/sysctl.conf
1075 | # CentOS 7
1076 | if ! grep -q "net.ipv4.ip_forward=1" "/etc/sysctl.conf"; then
1077 | echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
1078 | fi
1079 | fi
1080 | # Avoid an unneeded reboot
1081 | echo 1 > /proc/sys/net/ipv4/ip_forward
1082 | # Set NAT for the VPN subnet
1083 | iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to $IP
1084 | sed -i "1 a\iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to $IP" $RCLOCAL
1085 | if pgrep firewalld; then
1086 | # We don't use --add-service=openvpn because that would only work with
1087 | # the default port. Using both permanent and not permanent rules to
1088 | # avoid a firewalld reload.
1089 | firewall-cmd --zone=public --add-port=$PORT/udp
1090 | firewall-cmd --zone=trusted --add-source=10.8.0.0/24
1091 | firewall-cmd --permanent --zone=public --add-port=$PORT/udp
1092 | firewall-cmd --permanent --zone=trusted --add-source=10.8.0.0/24
1093 | fi
1094 | if iptables -L -n | grep -qE 'REJECT|DROP'; then
1095 | # If iptables has at least one REJECT rule, we asume this is needed.
1096 | # Not the best approach but I can't think of other and this shouldn't
1097 | # cause problems.
1098 | iptables -I INPUT -p udp --dport $PORT -j ACCEPT
1099 | iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT
1100 | iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
1101 | sed -i "1 a\iptables -I INPUT -p udp --dport $PORT -j ACCEPT" $RCLOCAL
1102 | sed -i "1 a\iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT" $RCLOCAL
1103 | sed -i "1 a\iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT" $RCLOCAL
1104 | fi
1105 | # If SELinux is enabled and a custom port was selected, we need this
1106 | if hash sestatus 2>/dev/null; then
1107 | if sestatus | grep "Current mode" | grep -qs "enforcing"; then
1108 | if [[ "$PORT" != '1194' ]]; then
1109 | # semanage isn't available in CentOS 6 by default
1110 | if ! which semanage > /dev/null 2>&1; then
1111 | yum install policycoreutils-python -y
1112 | fi
1113 | semanage port -a -t openvpn_port_t -p udp $PORT
1114 | fi
1115 | fi
1116 | fi
1117 | # And finally, restart OpenVPN
1118 | if [[ "$OS" = 'debian' ]]; then
1119 | # Little hack to check for systemd
1120 | if pgrep systemd-journal; then
1121 | systemctl restart openvpn@server.service
1122 | else
1123 | /etc/init.d/openvpn restart
1124 | fi
1125 | else
1126 | if pgrep systemd-journal; then
1127 | systemctl restart openvpn@server.service
1128 | systemctl enable openvpn@server.service
1129 | else
1130 | service openvpn restart
1131 | chkconfig openvpn on
1132 | fi
1133 | fi
1134 | # Try to detect a NATed connection and ask about it to potential LowEndSpirit users
1135 | EXTERNALIP=$(wget -qO- ipv4.icanhazip.com)
1136 | if [[ "$IP" != "$EXTERNALIP" ]]; then
1137 | print_info ""
1138 | print_info "Looks like your server is behind a NAT!"
1139 | print_info ""
1140 | print_info "If your server is NATed (e.g. LowEndSpirit), I need to know the external IP"
1141 | print_info "If that's not the case, just ignore this and leave the next field blank"
1142 | read -p "External IP: " -e USEREXTERNALIP
1143 | if [[ "$USEREXTERNALIP" != "" ]]; then
1144 | IP=$USEREXTERNALIP
1145 | fi
1146 | fi
1147 | # client-common.txt is created so we have a template to add further users later
1148 | echo "client
1149 | dev tun
1150 | proto udp
1151 | sndbuf 0
1152 | rcvbuf 0
1153 | remote $IP $PORT
1154 | resolv-retry infinite
1155 | nobind
1156 | persist-key
1157 | persist-tun
1158 | remote-cert-tls server
1159 | cipher AES-128-CBC
1160 | comp-lzo
1161 | setenv opt block-outside-dns
1162 | key-direction 1
1163 | verb 3" > /etc/openvpn/client-common.txt
1164 | # Generates the custom client.ovpn
1165 | if which ufw >/dev/null; then
1166 | ufw allow "$PORT"/tcp &> /dev/null
1167 | ufw disable &> /dev/null
1168 | ufw --force enable &> /dev/null
1169 | fi
1170 | newclient "$CLIENT"
1171 | print_info ""
1172 | print_info "Finished!"
1173 | print_info ""
1174 | print_info "Your client config is available at ~/$CLIENT.ovpn"
1175 | print_info "If you want to add more clients, you simply need to run this script another time!"
1176 | fi
1177 | }
1178 | function install_squid3 {
1179 | check_install squid3 1 "Squid3 is already installed" v
1180 | print_info ""
1181 | print_info "-----------------------------------------------------"
1182 | print_info "WELCOME TO THE SQUID PROXY SERVER INSTALLATION SCRIPT"
1183 | print_info "-----------------------------------------------------"
1184 | print_info ""
1185 | print_info " This script will set up a password protected, elite"
1186 | print_info " proxy on your target server"
1187 | print_info ""
1188 | print_info "-----------------------------------------------------"
1189 | print_info ""
1190 | print_info "Please enter a user name for Squid:"
1191 | read u
1192 | print_info ""
1193 | print_info "Please enter a password:"
1194 | read -s p
1195 | print_info ""
1196 | print_info "Please enter the port squid3 will listen on (Leave blank for default):"
1197 | read sp
1198 | if [ -z "$sp" ] ; then
1199 | sp="3128"
1200 | fi
1201 | clear
1202 | print_info "Installing Squid3, please wait..."
1203 | a="`netstat -i | cut -d' ' -f1 | grep eth0`";
1204 | b="`netstat -i | cut -d' ' -f1 | grep venet0:0`";
1205 |
1206 | if [ "$a" == "eth0" ]; then
1207 | ip="`/sbin/ifconfig eth0 | awk -F':| +' '/inet addr/{print $4}'`";
1208 | elif [ "$b" == "venet0:0" ]; then
1209 | ip="`/sbin/ifconfig venet0:0 | awk -F':| +' '/inet addr/{print $4}'`";
1210 | fi
1211 |
1212 | apt-get update &> /dev/null
1213 | DEBIAN_FRONTEND=noninteractive apt-get -y install apache2-utils squid3 curl &> /dev/null
1214 |
1215 | rm /etc/squid3/squid.conf
1216 |
1217 | cat > /etc/squid3/squid.conf </dev/null; then
1294 | ufw allow "$p"/tcp &> /dev/null
1295 | ufw disable &> /dev/null
1296 | ufw --force enable &> /dev/null
1297 | fi
1298 | service squid3 restart
1299 |
1300 | clear
1301 |
1302 | print_info ""
1303 | print_info "----------------------------------------------------"
1304 | print_info "Squid proxy server set up has been completed."
1305 | print_info ""
1306 | print_info "You can access your proxy server at $(get_external_ip)"
1307 | print_info "on port $sp with user name $u"
1308 | print_info ""
1309 | print_info "----------------------------------------------------"
1310 | print_info ""
1311 | }
1312 | function configure_ssmtp {
1313 | while true; do
1314 | print_info "ssmtp needs to be configured to use an external smtp server."
1315 | print_info "Remember to set it up for PHP if you need that"
1316 | print_info "Configure ssmtp:"
1317 | print_info "1) Setup using Mandrill smtp"
1318 | print_info "2) Setup using Gmail smtp"
1319 | print_info "3) Configure for PHP"
1320 | print_info "e) Exit"
1321 | read -n1 choice
1322 | case $choice in
1323 | 1)
1324 | print_info "specify email address"
1325 | read mmail
1326 | print_info "Server hostname"
1327 | read mhost
1328 | print_info "Your mandril login mail"
1329 | read mlogin
1330 | print_info "mandril api key"
1331 | read -s mapikey
1332 | if [[ ! -f "/etc/ssmtp/ssmtp.conf" ]] ;
1333 | then
1334 | touch /etc/ssmtp/ssmtp.conf
1335 | else
1336 | >/etc/ssmtp/ssmtp.conf
1337 | fi
1338 | /bin/cat </etc/ssmtp/ssmtp.conf
1339 | # ---- basic config
1340 | root=$mmail
1341 | AuthMethod=LOGIN
1342 | UseSTARTTLS=YES
1343 | hostname=$mhost
1344 | FromLineOverride=YES
1345 | # ---- mandrill config
1346 | AuthUser=$mlogin
1347 | mailhub=smtp.mandrillapp.com:587
1348 | AuthPass=$mapikey
1349 | EOM
1350 | if [[ ! -f "/etc/ssmtp/revaliases" ]] ;
1351 | then
1352 | touch /etc/ssmtp/revaliases
1353 | else
1354 | >/etc/ssmtp/revaliases
1355 | fi
1356 | /bin/cat </etc/ssmtp/revaliases
1357 | root:$mmail:smtp.mandrillapp.com:587
1358 | EOM
1359 | print_done "ssmtp successfully installed."
1360 | break
1361 | ;;
1362 | 2)
1363 | print_info "specify email address"
1364 | read gmail
1365 | print_info "Servers hostname"
1366 | read ghost
1367 | print_info "Gmail address"
1368 | read glogin
1369 | print_info "Gmail password"
1370 | read -s gapikey
1371 | if [[ ! -f "/etc/ssmtp/ssmtp.conf" ]] ;
1372 | then
1373 | touch /etc/ssmtp/ssmtp.conf
1374 | else
1375 | >/etc/ssmtp/ssmtp.conf
1376 | fi
1377 | /bin/cat </etc/ssmtp/ssmtp.conf
1378 | # ---- basic config
1379 | root=$gmail
1380 | AuthMethod=LOGIN
1381 | UseTLS=YES
1382 | UseSTARTTLS=YES
1383 | hostname=$ghost
1384 | FromLineOverride=YES
1385 | # ---- gmail config
1386 | AuthUser=$glogin
1387 | mailhub=smtp.gmail.com:587
1388 | AuthPass=$gapikey
1389 | EOM
1390 | if [[ ! -f "/etc/ssmtp/revaliases" ]] ;
1391 | then
1392 | touch /etc/ssmtp/revaliases
1393 | else
1394 | >/etc/ssmtp/revaliases
1395 | fi
1396 | /bin/cat </etc/ssmtp/revaliases
1397 | root:$gmail:smtp.gmail.com:587
1398 | EOM
1399 | print_done "ssmtp successfully installed."
1400 | break
1401 | ;;
1402 | 3)
1403 | if [[ ! -f /usr/sbin/php5-fpm ]] && [[ ! -f /usr/sbin/php-fpm7.0 ]] && [[ ! -f /usr/bin/hhvm ]]; then
1404 | print_warn "PHP or HHVM is not installed."
1405 | exit 1
1406 | fi
1407 | if [[ -f /usr/sbin/php5-fpm ]]; then
1408 | sed -i "s|.*sendmail_path.*|sendmail_path = /usr/sbin/ssmtp -t|" /etc/php5/fpm/php.ini
1409 | elif [[ -f /usr/sbin/php-fpm7.0 ]]; then
1410 | sed -i "s|.*sendmail_path.*|sendmail_path = /usr/sbin/ssmtp -t|" /etc/php/7.0/fpm/php.ini
1411 | elif [[ -f /usr/bin/hhvm ]]; then
1412 | echo "sendmail_path = /usr/sbin/ssmtp -t" >> /etc/hhvm/php.ini
1413 | fi
1414 | print_done "ssmtp successfully configured."
1415 | break
1416 | ;;
1417 | e)
1418 | break
1419 | ;;
1420 | *)
1421 | print_warn "That is not a valid choice, try a number from 1 to 2."
1422 | ;;
1423 | esac
1424 | done
1425 | }
1426 | function install_ssmtp {
1427 | if which ssmtp >/dev/null; then
1428 | configure_ssmtp
1429 | else
1430 | print_info "Installing ssmtp..."
1431 | DEBIAN_FRONTEND=noninteractive apt-get install ssmtp -y &> /dev/null
1432 | wait
1433 | configure_ssmtp
1434 | fi
1435 | }
1436 | function show_os_arch_version {
1437 | if [ $(dpkg-query -W -f='${Status}' lsb-release 2>/dev/null | grep -c "ok installed") -eq 0 ];
1438 | then
1439 | apt-get install -y lsb-release &> /dev/null
1440 | wait
1441 | fi
1442 | ARCH=$(uname -m | sed 's/x86_//;s/i[3-6]86/32/')
1443 |
1444 | if [ -f /etc/lsb-release ]; then
1445 | . /etc/lsb-release
1446 | OS=$DISTRIB_ID
1447 | VERSION=$DISTRIB_RELEASE
1448 | elif [ -f /etc/debian_version ]; then
1449 | # Work on Debian and Ubuntu alike
1450 | OS=$(lsb_release -si)
1451 | VERSION=$(lsb_release -sr)
1452 | elif [ -f /etc/redhat-release ]; then
1453 | # Add code for Red Hat and CentOS here
1454 | OS=Redhat
1455 | VERSION=$(uname -r)
1456 | else
1457 | # Pretty old OS? fallback to compatibility mode
1458 | OS=$(uname -s)
1459 | VERSION=$(uname -r)
1460 | fi
1461 |
1462 | OS_SUMMARY=$OS
1463 | OS_SUMMARY+=" "
1464 | OS_SUMMARY+=$VERSION
1465 | OS_SUMMARY+=" "
1466 | OS_SUMMARY+=$ARCH
1467 | OS_SUMMARY+="bit"
1468 |
1469 | print_info "$OS_SUMMARY"
1470 | }
1471 | function user_management {
1472 | while true; do
1473 | print_info "1) Add user"
1474 | print_info "2) Delete user"
1475 | print_info "3) List users"
1476 | print_info "e) Exit"
1477 | read -n1 choice
1478 | case $choice in
1479 | 1)
1480 | print_info "Enter username"
1481 | read username
1482 | useradd -d /home/$username $username
1483 | wait
1484 | mkdir -p "/home/$username"
1485 | chmod 750 /home/$username
1486 | chown -R $username /home/$username
1487 | wait
1488 | passwd $username
1489 | print_info "User $username added with home dir /home/$username"
1490 | break
1491 | ;;
1492 | 2)
1493 | echo "Enter username"
1494 | read username
1495 | deluser $username
1496 | print_info "User: $username deleted. Home directory is still intact"
1497 | break
1498 | ;;
1499 | 3)
1500 | echo"------system users------"
1501 | cut -d: -f1 /etc/passwd
1502 | break
1503 | ;;
1504 | e)
1505 | break
1506 | ;;
1507 | *)
1508 | echo "That is not a valid choice, try a number from 1 to 3."
1509 | ;;
1510 | esac
1511 | done
1512 | }
1513 | function system_management {
1514 | while true; do
1515 | print_info "1) Remove unneeded packages and services"
1516 | print_info "2) Install essentials packages"
1517 | print_info "3) Update timezone"
1518 | print_info "4) System tests"
1519 | print_info "5) Secure System"
1520 | print_info "6) Speedtest.net"
1521 | print_info "7) Get OS Version"
1522 | print_info "8) TUN/TAP Status"
1523 | print_info "9) Debug info"
1524 | print_info "e) Exit"
1525 | read -n1 choice
1526 | case $choice in
1527 | 1)
1528 | remove_unneeded
1529 | break
1530 | ;;
1531 | 2)
1532 | essentials
1533 | break
1534 | ;;
1535 | 3)
1536 | dpkg-reconfigure tzdata
1537 | break
1538 | ;;
1539 | 4)
1540 | system_tests
1541 | break
1542 | ;;
1543 | 5)
1544 | secure_system
1545 | break
1546 | ;;
1547 | 6)
1548 | run_speedtest
1549 | break
1550 | ;;
1551 | 7)
1552 | show_os_arch_version
1553 | break
1554 | ;;
1555 | 8)
1556 | if [[ ! -e /dev/net/tun ]]; then
1557 | print_info "TUN/TAP is not available"
1558 | else
1559 | print_info "TUN/TAP is available"
1560 | fi
1561 | break
1562 | ;;
1563 | 9)
1564 | debug
1565 | break
1566 | ;;
1567 | e)
1568 | break
1569 | ;;
1570 | *)
1571 | print_warn "That is not a valid choice, try a number from 1 to 8."
1572 | ;;
1573 | esac
1574 | done
1575 | }
1576 | function remove_unneeded {
1577 | service sendmail stop
1578 | wait
1579 | service apache2 stop
1580 | wait
1581 | service bind9 stop
1582 | wait
1583 | # Some Debian have portmap installed. We don't need that.
1584 | apt-get --purge remove -y portmap
1585 |
1586 | # Other packages that are quite common in standard OpenVZ templates.
1587 | apt-get --purge remove -y apache2*
1588 | wait
1589 | apt-get --purge remove -y bind9*
1590 | wait
1591 | apt-get --purge remove -y samba*
1592 | wait
1593 | apt-get --purge remove -y nscd
1594 | wait
1595 | apt-get update && apt-get install -y sysv-rc-conf &> /dev/null
1596 | wait
1597 | sysv-rc-conf xinetd off
1598 | sysv-rc-conf saslauthd off
1599 |
1600 | # Need to stop sendmail as removing the package does not seem to stop it.
1601 | if [ -f /usr/lib/sm.bin/smtpd ]
1602 | then
1603 | invoke-rc.d sendmail stop
1604 | apt-get --purge remove -y sendmail-base m4 procmail
1605 | fi
1606 | print_done "You should restart now"
1607 | }
1608 | function essentials {
1609 | print_info "Installing..."
1610 | apt-get update &> /dev/null
1611 | apt-get install -y nano rcconf lftp unzip &> /dev/null
1612 | print_done "Essentials services installed"
1613 | }
1614 | function script_about {
1615 | print_info "Interactive bash script for VPS or Dedicated servers."
1616 | print_info "Build with low end systems in mind. Requires Debian version 7.x or above"
1617 | print_info "https://gotdeb.com"
1618 | print_info ""
1619 | print_info "Credits: Xeoncross, mikel, Falko Timme, road warrior, Nyr and many others",
1620 | print_info ""
1621 | print_info "Version 1.6.7"
1622 | }
1623 | system_tests() {
1624 | print_info "Classic I/O test"
1625 | print_info "dd if=/dev/zero of=iotest bs=64k count=16k conv=fdatasync && rm -fr iotest"
1626 | dd if=/dev/zero of=iotest bs=64k count=16k conv=fdatasync && rm -fr iotest
1627 |
1628 | print_info "Network test"
1629 | print_info "wget cachefly.cachefly.net/100mb.test -O 100mb.test && rm -fr 100mb.test"
1630 | wget cachefly.cachefly.net/100mb.test -O 100mb.test && rm -fr 100mb.test
1631 | }
1632 | debug() {
1633 | file="$(pwd)debug.txt"
1634 | if [ -f "$file" ]
1635 | then
1636 | rm debug.txt
1637 | fi
1638 | date >> debug.txt
1639 | echo "" >> debug.txt
1640 | df -h >> debug.txt
1641 | echo "" >> debug.txt
1642 | show_os_arch_version >> debug.txt
1643 | uname -a >> debug.txt
1644 | echo "" >> debug.txt
1645 | free -m >> debug.txt
1646 | echo "" >> debug.txt
1647 | echo "" >> debug.txt
1648 |
1649 | sed -n '/Version /s/^.*[^0-9]\([0-9]*\.[0-9]*\.[0-9]*\).*$/\1/p' /root/setup.sh >> debug.txt
1650 | print_done "File saved: $(pwd)/debug.txt"
1651 | }
1652 | configure_aria2() {
1653 | if which aria2c >/dev/null; then
1654 | print_warn "Aria2 is already installed."
1655 | exit 1
1656 | fi
1657 | check_install nginx 1 "nginx is already installed. Please remove it before installing Aria2."
1658 | print_info "Enter a secret token"
1659 | read -s secret
1660 | print_info "Enter a port for the Aria2 Daemon"
1661 | read aport
1662 | php=n
1663 | db=n
1664 | db1=n
1665 | install_webserver
1666 | print_info "Installing Aria2 (This might take some time, please be patient...)"
1667 | file="/etc/apt/sources.list.d/debian-testing.list"
1668 | if [ ! -f "$file" ]
1669 | then
1670 | touch /etc/apt/sources.list.d/debian-testing.list
1671 | echo "deb http://http.us.debian.org/debian testing main non-free contrib" >>/etc/apt/sources.list.d/debian-testing.list
1672 | echo "deb-src http://http.us.debian.org/debian testing main non-free contrib" >>/etc/apt/sources.list.d/debian-testing.list
1673 | apt-get update &> /dev/null
1674 | wait
1675 | fi
1676 | DEBIAN_FRONTEND=noninteractive apt-get install -y aria2 git curl &> /dev/null
1677 | wait
1678 | rm /etc/apt/sources.list.d/debian-testing.list
1679 | apt-get update &> /dev/null
1680 | wait
1681 | mkdir /usr/share/aria2
1682 | mkdir /usr/share/Downloads
1683 | mkdir /var/log/aria2/
1684 | touch /var/log/aria2/aria2.log
1685 | touch /usr/share/aria2/aria2.conf
1686 | touch /usr/share/aria2/input.txt
1687 | /bin/cat <<"EOM" >/usr/share/aria2/aria2.conf
1688 | dir=/usr/share/Downloads
1689 | file-allocation=none
1690 | continue
1691 | log-level=warn
1692 | check-certificate=false
1693 | max-connection-per-server=8
1694 | summary-interval=120
1695 | daemon=true
1696 | enable-rpc=true
1697 | enable-dht=true
1698 | rpc-listen-port=
1699 | rpc-listen-all=true
1700 | max-concurrent-downloads=3
1701 | http-auth-challenge=true
1702 | input-file=/usr/share/aria2/input.txt
1703 | log=/var/log/aria2/aria2.log
1704 | disable-ipv6=false
1705 | disk-cache=25M
1706 | timeout=600
1707 | retry-wait=30
1708 | max-tries=50
1709 | EOM
1710 | sed -i "s|rpc-listen-port=|rpc-listen-port=$aport|" /usr/share/aria2/aria2.conf
1711 | touch /etc/init.d/aria2
1712 | /bin/cat <<"EOM" >/etc/init.d/aria2
1713 | #! /bin/sh
1714 | # /etc/init.d/aria2
1715 | ### BEGIN INIT INFO
1716 | # Provides: aria2cRPC
1717 | # Required-Start: $network $local_fs $remote_fs
1718 | # Required-Stop: $network $local_fs $remote_fs
1719 | # Default-Start: 2 3 4 5
1720 | # Default-Stop: 0 1 6
1721 | # Short-Description: aria2c RPC init script.
1722 | # Description: Starts and stops aria2 RPC services.
1723 | ### END INIT INFO
1724 | RETVAL=0
1725 | case "$1" in
1726 | start)
1727 | echo -n "Starting aria2c daemon: "
1728 | umask 0000
1729 | aria2c --daemon=true --enable-rpc --rpc-listen-all --rpc-secret=secret -D --conf-path=/usr/share/aria2/aria2.conf
1730 | umask 0000
1731 | aria2c --daemon=true --enable-rpc --rpc-listen-all --rpc-secret=secret -D --conf-path=/usr/share/aria2/aria2.conf
1732 | RETVAL=$?
1733 | echo
1734 | ;;
1735 | stop)
1736 | echo -n "Shutting down aria2c daemon: "
1737 | /usr/bin/killall aria2c
1738 | RETVAL=$?
1739 | echo
1740 | ;;
1741 | restart)
1742 | stop
1743 | sleep 3
1744 | start
1745 | ;;
1746 | *)
1747 | echo $"Usage: $0 {start|stop|restart}"
1748 | RETVAL=1
1749 | esac
1750 | exit $RETVAL
1751 | EOM
1752 | sed -i "s|.*aria2c --daemon=true --enable-rpc --rpc-listen-all --rpc-secret=secret.*|aria2c --daemon=true --enable-rpc --rpc-listen-all --rpc-secret=$secret -D --conf-path=/usr/share/aria2/aria2.conf|" /etc/init.d/aria2
1753 | chmod +x /etc/init.d/aria2
1754 | update-rc.d aria2 defaults &> /dev/null
1755 | git clone https://github.com/ziahamza/webui-aria2.git /usr/share/nginx/html/aria2 &> /dev/null
1756 | wait
1757 | if which ufw >/dev/null; then
1758 | ufw allow "$aport"/tcp &> /dev/null
1759 | ufw allow 80/tcp &> /dev/null
1760 | ufw disable &> /dev/null
1761 | ufw --force enable &> /dev/null
1762 | fi
1763 | service aria2 start &> /dev/null
1764 | wait
1765 | rm -rf /tmp/aria2
1766 | if [[ $ssl = "y" ]]
1767 | then
1768 | if [[ $sslv = "1" ]]
1769 | then
1770 | sed -i "s|.*aria2c --daemon=true --enable-rpc --rpc-listen-all --rpc-secret.*|aria2c --daemon=true --enable-rpc --rpc-certificate=/etc/nginx/ssl/nginx.crt --rpc-private-key=/etc/nginx/ssl/nginx.key --rpc-secure=true --rpc-listen-all --rpc-secret=$secret -D --conf-path=/usr/share/aria2/aria2.conf|" /etc/init.d/aria2
1771 | elif [[ $sslv = "2" ]]
1772 | then
1773 | sed -i "s|.*aria2c --daemon=true --enable-rpc --rpc-listen-all --rpc-secret.*|aria2c --daemon=true --enable-rpc --rpc-certificate=/etc/letsencrypt/live/"$d"/fullchain.pem --rpc-private-key=/etc/letsencrypt/live/"$d"/privkey.pem --rpc-secure=true --rpc-listen-all --rpc-secret=$secret -D --conf-path=/usr/share/aria2/aria2.conf|" /etc/init.d/aria2
1774 | fi
1775 | if which ufw >/dev/null; then
1776 | ufw allow "$aport"/tcp &> /dev/null
1777 | ufw allow 80/tcp &> /dev/null
1778 | ufw allow 443/tcp &> /dev/null
1779 | ufw disable &> /dev/null
1780 | ufw --force enable &> /dev/null
1781 | fi
1782 | sed -i "s|.*port: uri.port(),| port: $aport,|" /usr/share/nginx/html/aria2/js/services/rpc/rpc.js
1783 | sed -i "s|.*port: 6800,| port: $aport,|" /usr/share/nginx/html/aria2/js/services/rpc/rpc.js
1784 | systemctl daemon-reload
1785 | service aria2 stop
1786 | sleep 3
1787 | service aria2 start
1788 | fi
1789 | print_done "Aria2 has been installed"
1790 | print_done "Access it at http://$d/aria2"
1791 | print_done "Your secret token is $secret"
1792 | }
1793 | function get_linuxdash {
1794 | check_install nginx 0 "Please install nginx first."
1795 | if [[ ! -f /usr/sbin/php5-fpm ]] && [[ ! -f /usr/sbin/php-fpm7.0 ]] && [[ ! -f /usr/bin/hhvm ]]; then
1796 | print_warn "PHP or HHVM is not installed."
1797 | exit 1
1798 | fi
1799 | apt-get install -y git curl &> /dev/null
1800 | mkdir /usr/share/nginx/html/monitor
1801 | git clone https://github.com/afaqurk/linux-dash /usr/share/nginx/html/monitor
1802 | print_done "You can view the monitor at http://$(get_external_ip)/monitor"
1803 | }
1804 | function run_speedtest {
1805 | file="/home/speedtest-cli"
1806 | if [ ! -f "$file" ]
1807 | then
1808 | print_info "Fetching script"
1809 | apt-get install -y python &> /dev/null
1810 | wget -O /home/speedtest-cli https://raw.github.com/sivel/speedtest-cli/master/speedtest_cli.py --no-check-certificate &> /dev/null
1811 | python /home/speedtest-cli --share
1812 | else
1813 | python /home/speedtest-cli --share
1814 | fi
1815 | }
1816 | install_softether() {
1817 | check_install softether 1 "SoftEtherVPN is already installed" v
1818 | print_info "Running pre checks, this might take a while..."
1819 | apt-get update &> /dev/null
1820 | apt-get --purge remove -y bind9* &> /dev/null
1821 | apt-get install -y build-essential dnsmasq &> /dev/null
1822 | mkdir /tmp/softether
1823 | print_info "Downloading and installing SoftEther VPN Server...."
1824 | MACHINE_TYPE=`uname -m`
1825 | if [ ${MACHINE_TYPE} == 'x86_64' ]; then
1826 | wget -O /tmp/softether/softether-vpnserver_x64.tar.gz http://www.softether-download.com/files/softether/v4.20-9608-rtm-2016.04.17-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.20-9608-rtm-2016.04.17-linux-x64-64bit.tar.gz &> /dev/null
1827 | wait
1828 | cd /tmp/softether
1829 | tar zxf softether-vpnserver_x64.tar.gz
1830 | wait
1831 | else
1832 | wget -O /tmp/softether/softether-vpnserver_x86.tar.gz http://www.softether-download.com/files/softether/v4.20-9608-rtm-2016.04.17-tree/Linux/SoftEther_VPN_Server/32bit_-_Intel_x86/softether-vpnserver-v4.20-9608-rtm-2016.04.17-linux-x86-32bit.tar.gz &> /dev/null
1833 | wait
1834 | cd /tmp/softether
1835 | tar zxf softether-vpnserver_x86.tar.gz
1836 | wait
1837 | fi
1838 | cd vpnserver
1839 | echo "1
1840 | 1
1841 | 1
1842 | 1
1843 | " | make &> /dev/null
1844 | cd ..
1845 | mv vpnserver /opt
1846 | cd /opt/vpnserver/
1847 | chmod 600 *
1848 | chmod 700 vpncmd
1849 | chmod 700 vpnserver
1850 | touch /etc/init.d/vpnserver
1851 | /bin/cat <<"EOM" >/etc/init.d/vpnserver
1852 | #!/bin/sh
1853 | ### BEGIN INIT INFO
1854 | # Provides: vpnserver
1855 | # Required-Start: $remote_fs $syslog
1856 | # Required-Stop: $remote_fs $syslog
1857 | # Default-Start: 2 3 4 5
1858 | # Default-Stop: 0 1 6
1859 | # Short-Description: Start daemon at boot time
1860 | # Description: Enable Softether by daemon.
1861 | ### END INIT INFO
1862 | DAEMON=/opt/vpnserver/vpnserver
1863 | LOCK=/var/lock/subsys/vpnserver
1864 | TAP_ADDR=192.168.7.1
1865 |
1866 | test -x $DAEMON || exit 0
1867 | case "$1" in
1868 | start)
1869 | $DAEMON start
1870 | touch $LOCK
1871 | sleep 1
1872 | /sbin/ifconfig tap_soft $TAP_ADDR
1873 | ;;
1874 | stop)
1875 | $DAEMON stop
1876 | rm $LOCK
1877 | ;;
1878 | restart)
1879 | $DAEMON stop
1880 | sleep 3
1881 | $DAEMON start
1882 | sleep 1
1883 | /sbin/ifconfig tap_soft $TAP_ADDR
1884 | ;;
1885 | *)
1886 | echo "Usage: $0 {start|stop|restart}"
1887 | exit 1
1888 | esac
1889 | exit 0
1890 | EOM
1891 | chmod 755 /etc/init.d/vpnserver
1892 | if [ ! -d "/var/lock/subsys" ]; then
1893 | mkdir /var/lock/subsys
1894 | fi
1895 | update-rc.d vpnserver defaults &> /dev/null
1896 | /etc/init.d/vpnserver start &> /dev/null
1897 | mkdir /tmp/.vpntemp
1898 | touch /tmp/.vpntemp/vpnsetup.in
1899 | CONFIG=/tmp/.vpntemp/vpnsetup.in
1900 | print_info "Please enter a softether admin password: "
1901 | read -s softadmin
1902 | print_info "Please enter a IPSEC Secret: "
1903 | read -s secret
1904 | print_info "Please enter a l2tp username: "
1905 | read username
1906 | print_info "Please enter a l2tp password: "
1907 | read -s pass
1908 | print_info "Enter a custom port: "
1909 | read port
1910 | print_info "Select method"
1911 | print_info "1) SecureNAT"
1912 | print_info "2) Local Bridge"
1913 | read -s -n1 method
1914 | if [[ $method = "2" ]] && [[ ! -e /dev/net/tun ]]; then
1915 | print_warn "TUN/TAP is not available, using SecureNAT instead."
1916 | method="1"
1917 | fi
1918 | if [[ $method = "2" ]] ; then
1919 | /bin/cat <<"EOM" >/tmp/.vpntemp/vpnsetup.in
1920 | ServerPasswordSet ADMINPASSWORD
1921 | HubCreate VPN /PASSWORD:
1922 | hubdelete default
1923 | Hub VPN
1924 | UserCreate USERNAME /GROUP:none /REALNAME:none /NOTE:none
1925 | UserPasswordSet USERNAME /PASSWORD:TESTPASS
1926 | BridgeCreate VPN /DEVICE:soft /TAP:yes
1927 | ipsecenable /L2TP:yes /L2TPRAW:yes /ETHERIP:yes /PSK:TESTSECRET /DEFAULTHUB:VPN
1928 | listenercreate PORT
1929 | listenercreate 1701
1930 | listenercreate 1723
1931 | listenercreate 4500
1932 | listenercreate 500
1933 | flush
1934 | exit
1935 | EOM
1936 | else
1937 | /bin/cat <<"EOM" >/tmp/.vpntemp/vpnsetup.in
1938 | ServerPasswordSet ADMINPASSWORD
1939 | HubCreate VPN /PASSWORD:
1940 | hubdelete default
1941 | Hub VPN
1942 | UserCreate USERNAME /GROUP:none /REALNAME:none /NOTE:none
1943 | UserPasswordSet USERNAME /PASSWORD:TESTPASS
1944 | SecureNatEnable
1945 | ipsecenable /L2TP:yes /L2TPRAW:yes /ETHERIP:yes /PSK:TESTSECRET /DEFAULTHUB:VPN
1946 | listenercreate PORT
1947 | listenercreate 1701
1948 | listenercreate 1723
1949 | listenercreate 4500
1950 | listenercreate 500
1951 | flush
1952 | exit
1953 | EOM
1954 | fi
1955 | print_info "Continuing installation..."
1956 | sed -i "s/ADMINPASSWORD/$softadmin/g" $CONFIG
1957 | sed -i "s/USERNAME/$username/g" $CONFIG
1958 | sed -i "s/TESTPASS/$pass/g" $CONFIG
1959 | sed -i "s/TESTSECRET/$secret/g" $CONFIG
1960 | sed -i "s/PORT/$port/g" $CONFIG
1961 | /opt/vpnserver/vpncmd localhost:443 /SERVER /IN:$CONFIG &> /dev/null
1962 | rm -r /tmp/.vpntemp/vpnsetup.in
1963 | if [[ $method = "2" ]] ; then
1964 | echo -en '\n' >> /etc/dnsmasq.conf
1965 | echo "interface=tap_soft" >> /etc/dnsmasq.conf
1966 | echo "dhcp-range=tap_soft,192.168.7.50,192.168.7.60,12h" >> /etc/dnsmasq.conf
1967 | echo "dhcp-option=tap_soft,3,192.168.7.1" >> /etc/dnsmasq.conf
1968 | sed -i "s|.*listen-address=.*|listen-address=$(get_ip)|" /etc/dnsmasq.conf
1969 | touch /etc/sysctl.d/ipv4_forwarding.conf
1970 | fi
1971 | echo "net.ipv4.ip_forward = 1" > /etc/sysctl.d/ipv4_forwarding.conf
1972 | sysctl --system &> /dev/null
1973 | iptables -t nat -A POSTROUTING -s 192.168.7.0/24 -j SNAT --to-source $(get_ip)
1974 | iptables -A INPUT -p tcp --dport 443 -j ACCEPT
1975 | iptables -A INPUT -p tcp --dport 992 -j ACCEPT
1976 | iptables -A INPUT -p tcp --dport 1194 -j ACCEPT
1977 | iptables -A INPUT -p udp --dport 1194 -j ACCEPT
1978 | iptables -A INPUT -p tcp --dport 5555 -j ACCEPT
1979 | iptables -A INPUT -p udp --dport 500 -j ACCEPT
1980 | iptables -A INPUT -p udp --dport 4500 -j ACCEPT
1981 | iptables -A INPUT -p tcp --dport 1701 -j ACCEPT
1982 | iptables -A INPUT -p udp --dport 1701 -j ACCEPT
1983 | iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
1984 | iptables -A INPUT -p udp --dport 1723 -j ACCEPT
1985 | iptables -A INPUT -p udp --dport $port -j ACCEPT
1986 | iptables -A INPUT -p tcp --dport $port -j ACCEPT
1987 | if [[ $method = "2" ]] ; then
1988 | echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
1989 | echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
1990 | apt-get install -y iptables-persistent &> /dev/null
1991 | sed -i "s|.*#user=.*|user=root|" /etc/dnsmasq.conf
1992 | if which ufw >/dev/null; then
1993 | ufw allow "$port"/tcp &> /dev/null
1994 | ufw disable &> /dev/null
1995 | ufw --force enable &> /dev/null
1996 | fi
1997 | print_info "Restarting services..."
1998 | /etc/init.d/vpnserver restart &> /dev/null
1999 | /etc/init.d/dnsmasq restart &> /dev/null
2000 | else
2001 | print_info "Restarting services..."
2002 | /etc/init.d/vpnserver restart &> /dev/null
2003 | fi
2004 | rm -rf /tmp/softether
2005 | print_done "SoftEtherVPN has been installed"
2006 | print_done "Please see the wiki https://github.com/eunas/gotdeb/wiki/SoftEtherVPN"
2007 | print_done "For further information."
2008 | }
2009 | install_remotedesktop() {
2010 | check_install x2goserver 1 "X2Go Server is already installed." v
2011 | print_info "Install X2GO. Please wait ..."
2012 | apt-key adv --recv-keys --keyserver keys.gnupg.net E1F958385BFE2B6E
2013 | file="/etc/apt/sources.list.d/x2go.list"
2014 | if [ ! -f "$file" ]
2015 | then
2016 | touch /etc/apt/sources.list.d/x2go.list
2017 | fi
2018 | if [ $(plain_version) = "7" ]; then
2019 | echo "deb http://packages.x2go.org/debian wheezy main" >> /etc/apt/sources.list.d/x2go.list
2020 | echo "deb-src http://packages.x2go.org/debian wheezy main" >> /etc/apt/sources.list.d/x2go.list
2021 | elif [ $(plain_version) = "8" ]; then
2022 | echo "deb http://packages.x2go.org/debian jessie main" >> /etc/apt/sources.list.d/x2go.list
2023 | echo "deb-src http://packages.x2go.org/debian jessie main" >> /etc/apt/sources.list.d/x2go.list
2024 | fi
2025 | apt-get update &> /dev/null
2026 | apt-get install -y x2go-keyring &> /dev/null
2027 | apt-get install -y xfce4 iceweasel &> /dev/null
2028 |
2029 | apt-get install -y x2goserver* &> /dev/null
2030 | service x2goserver start &> /dev/null
2031 | print_done "Installation completed"
2032 | print_done "Remember to create a new user"
2033 | print_done "X2Go client can be downloaded from"
2034 | print_done "http://wiki.x2go.org/doku.php/download:start"
2035 | }
2036 | secure_system() {
2037 | install_fail2ban() {
2038 | while true; do
2039 | check_install fail2ban 1 "fail2ban is already installed." v
2040 | print_info "This will install fail2ban, change the ssh port,"
2041 | print_info "permit ssh root login and create a new user"
2042 | print_info "Are you sure you want to continue ? [y/n]"
2043 | read -n1 choice
2044 | case $choice in
2045 | y|Y|yes|Yes|YES)
2046 | print_info "Name for the new user:"
2047 | read u
2048 | mkdir -p "/home/$u"
2049 | chmod 750 /home/$u
2050 | useradd -d /home/$u $u
2051 | chown -R $u /home/$u
2052 | wait
2053 | passwd $u
2054 | print_info "Choose a new ssh port (Press enter to skip)"
2055 | read p
2056 | print_done "User $u added with home dir /home/$u"
2057 | print_info "Installing..."
2058 | apt-get update &> /dev/null
2059 | apt-get install -y fail2ban &> /dev/null
2060 | wait
2061 | cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
2062 | sed -i "s|.*PermitRootLogin yes.*|PermitRootLogin no|" /etc/ssh/sshd_config
2063 | if [[ -n "$p" ]] ; then
2064 | sed -i "s|.*Port.*|Port $p|" /etc/ssh/sshd_config
2065 | elif [[ -z "$p" ]] ; then
2066 | PORT=$(cat /etc/ssh/sshd_config | grep Port)
2067 | unset p
2068 | p=${PORT#*Port }
2069 | fi
2070 | if which ufw >/dev/null; then
2071 | ufw allow $p &> /dev/null
2072 | ufw disable &> /dev/null
2073 | ufw --force enable &> /dev/null
2074 | fi
2075 | print_info "Restarting services...."
2076 | service fail2ban restart &> /dev/null
2077 | wait
2078 | service ssh restart &> /dev/null
2079 | print_done "Install complete."
2080 | print_done "Please check that your new user can login with ssh before closing this session."
2081 | break
2082 | ;;
2083 | n|N|no|No|NO)
2084 | break
2085 | ;;
2086 | *)
2087 | echo "That is not a valid choice."
2088 | ;;
2089 | esac
2090 | done
2091 | }
2092 | install_ufw() {
2093 | check_install ufw 1 "ufw is already installed." v
2094 | print_info "Ufw will disable all incoming ports except for ssh"
2095 | print_info "Ports can be opened using ufw allow port-number"
2096 | sleep 3
2097 | print_info "Installing..."
2098 | apt-get update &> /dev/null
2099 | apt-get install -y ufw &> /dev/null
2100 | PORT=$(cat /etc/ssh/sshd_config | grep Port)
2101 | unset p
2102 | p=${PORT#*Port }
2103 | if [[ ! /proc/net/if_inet6 ]]
2104 | then
2105 | ipv6=0
2106 | else
2107 | ipv6=1
2108 | fi
2109 | if [[ $ipv6 = "1" ]]
2110 | then
2111 | sed -i "s|IPV6=.*|IPV6=yes|" /etc/default/ufw
2112 | fi
2113 | ufw default deny incoming &> /dev/null
2114 | ufw default allow outgoing &> /dev/null
2115 | ufw allow "$p" &> /dev/null
2116 | ufw --force enable &> /dev/null
2117 | print_done "Install complete."
2118 | }
2119 | unattended_upgrades() {
2120 | print_info "Setting up Unattended Upgrades..."
2121 | if [ -f /etc/cron.daily/apt.disabled ]; then
2122 | mv /etc/cron.daily/apt.disabled /etc/cron.daily/apt
2123 | fi
2124 | apt-get upgrade &> /dev/null
2125 | echo unattended-upgrades unattended-upgrades/enable_auto_updates boolean true | debconf-set-selections &> /dev/null
2126 | apt-get install -y unattended-upgrades &> /dev/null
2127 | print_done "Your installation is now configured to automaticly install critical updates."
2128 | }
2129 | while true; do
2130 | print_info "Select an option"
2131 | print_info "1) Install fail2ban"
2132 | print_info "2) Install UFW"
2133 | print_info "3) Unattended Upgrades"
2134 | print_info "e) Exit"
2135 | read -n1 choice
2136 | case $choice in
2137 | 1)
2138 | install_fail2ban
2139 | break
2140 | ;;
2141 | 2)
2142 | install_ufw
2143 | break
2144 | ;;
2145 | 3)
2146 | unattended_upgrades
2147 | break
2148 | ;;
2149 | e|E)
2150 | break
2151 | ;;
2152 | *)
2153 | print_warn "That is not a valid choice, try a number from 1 to 3."
2154 | ;;
2155 | esac
2156 | done
2157 | }
2158 | plex_setup() {
2159 | ram=$(free | awk '/^Mem:/{print $2}')
2160 | if [[ "$ram" -lt "524288" ]] ; then
2161 | print_warn "It's not recommended to install plex on a server with less then 512 MB RAM. Are you sure you want to continue ? [y/n]"
2162 | read -n1 ram
2163 | else
2164 | plex_install
2165 | fi
2166 | if [[ $ram =~ [yY](es)* ]] ; then
2167 | plex_install
2168 | else
2169 | exit 1
2170 | fi
2171 | }
2172 | plex_install() {
2173 | print_info "Installing Plex media server ..."
2174 | wget http://shell.ninthgate.se/packages/shell.ninthgate.se.gpg.key&> /dev/null
2175 | apt-key add shell.ninthgate.se.gpg.key &> /dev/null
2176 | wait
2177 | rm shell.ninthgate.se.gpg.key
2178 | file="/etc/apt/sources.list.d/plexmediaserver.list"
2179 | if [ ! -f "$file" ]
2180 | then
2181 | touch /etc/apt/sources.list.d/plexmediaserver.list
2182 | fi
2183 | if [ $(plain_version) = "7" ]; then
2184 | echo "deb http://shell.ninthgate.se/packages/debian wheezy main" >> /etc/apt/sources.list.d/plexmediaserver.list
2185 | elif [ $(plain_version) = "8" ]; then
2186 | echo "deb http://shell.ninthgate.se/packages/debian jessie main" >> /etc/apt/sources.list.d/plexmediaserver.list
2187 | fi
2188 | apt-get update &> /dev/null
2189 | apt-get install -y plexmediaserver &> /dev/null
2190 | wait
2191 | wget --no-check-certificate -O /etc/init.d/plexmediaserver https://raw.githubusercontent.com/eunas/gotdeb/master/resources/plexmediaserver &> /dev/null
2192 | wait
2193 | chmod +x /etc/init.d/plexmediaserver
2194 | update-rc.d plexmediaserver defaults &> /dev/null
2195 | if which ufw >/dev/null; then
2196 | ufw allow 32400/tcp &> /dev/null
2197 | ufw disable &> /dev/null
2198 | ufw --force enable &> /dev/null
2199 | fi
2200 | service plexmediaserver restart &> /dev/null
2201 | wait
2202 | print_done "Plex media server has been installed. You can access it at http://$(get_ip):32400/web To get access to the server settings please setup a VPN on the server and access it's local IP using that."
2203 | }
2204 | function setup_observium {
2205 | while true; do
2206 | print_info "Choose what you want to install:"
2207 | print_info "1) Install Server"
2208 | print_info "2) Install Client"
2209 | print_info "e) Exit"
2210 | read -n1 choice
2211 | case $choice in
2212 | 1)
2213 | install_observium_server
2214 | break
2215 | ;;
2216 | 2)
2217 | install_observium_client
2218 | break
2219 | ;;
2220 | e|E)
2221 | break
2222 | ;;
2223 | *)
2224 | echo "That is not a valid choice, try a number from 1 to 2."
2225 | ;;
2226 | esac
2227 | done
2228 | }
2229 | function install_observium_server {
2230 | print_info "Select a database server"
2231 | print_info "1) MariaDB"
2232 | print_info "2) MySQL"
2233 | read -n 1 dbs
2234 | if [[ $dbs = "1" ]] ; then
2235 | db=y
2236 | db1=n
2237 | elif [[ $dbs = "2" ]] ; then
2238 | db=n
2239 | db1=y
2240 | fi
2241 | php=y
2242 | install_webserver
2243 | wait
2244 | rand=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 4 | head -n 1)
2245 | u=observium
2246 | p=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 12 | head -n 1)
2247 | #EXPECTED_ARGS=3
2248 | #E_BADARGS=65
2249 | MYSQL=`which mysql`
2250 | Q1="CREATE DATABASE IF NOT EXISTS observium;"
2251 | Q2="GRANT USAGE ON *.* TO $u@localhost IDENTIFIED BY '$p';"
2252 | Q3="GRANT ALL PRIVILEGES ON observium.* TO $u@localhost;"
2253 | Q4="FLUSH PRIVILEGES;"
2254 | SQL="${Q1}${Q2}${Q3}${Q4}"
2255 | print_info "Installing observium..."
2256 | $MYSQL -uroot -p$dbpass -e "$SQL"
2257 | apt-get update &> /dev/null
2258 | rm /etc/nginx/conf.d/default.conf
2259 | wget -O /etc/nginx/conf.d/default.conf https://raw.githubusercontent.com/eunas/gotdeb/master/resources/default.conf --no-check-certificate &> /dev/null
2260 | if [[ -e /usr/sbin/php-fpm7.0 ]]; then
2261 | apt-get install -y php7.0-snmp php-pear snmp graphviz php7.0-json rrdtool fping imagemagick whois mtr-tiny nmap ipmitool python-mysqldb curl &> /dev/null
2262 | elif [[ -e /usr/sbin/php5-fpm ]] || [[ -e /usr/bin/hhvm ]] ; then
2263 | apt-get install -y php5-snmp php-pear snmp graphviz php5-json rrdtool fping imagemagick whois mtr-tiny nmap ipmitool python-mysqldb curl &> /dev/null
2264 | fi
2265 | if [[ $ssl = "y" ]]; then
2266 | rm /etc/nginx/conf.d/default.conf
2267 | wget -O /etc/nginx/conf.d/default.conf https://raw.githubusercontent.com/eunas/gotdeb/master/resources/observium-ssl.conf --no-check-certificate &> /dev/null
2268 | wait
2269 | if [ $sslv = "1" ] ; then
2270 | sed -i "s| ssl_certificate /cert.crt;| ssl_certificate /etc/nginx/ssl/nginx.crt;|" /etc/nginx/conf.d/default.conf
2271 | sed -i "s| ssl_certificate_key /privkey.key;| ssl_certificate_key /etc/nginx/ssl/nginx.key;|" /etc/nginx/conf.d/default.conf
2272 | sed -i "s| ssl_dhparam /dhparams.pem;| ssl_dhparam /etc/nginx/ssl/dhparams.pem;|" /etc/nginx/conf.d/default.conf
2273 | fi
2274 | if [ $sslv = "2" ] ; then
2275 | sed -i "s| ssl_certificate /cert.crt;| ssl_certificate /etc/letsencrypt/live/"$d"/fullchain.pem;|" /etc/nginx/conf.d/default.conf
2276 | sed -i "s| ssl_certificate_key /privkey.key;| ssl_certificate_key /etc/letsencrypt/live/"$d"/privkey.pem;|" /etc/nginx/conf.d/default.conf
2277 | sed -i "s| ssl_dhparam /dhparams.pem;| ssl_dhparam /etc/letsencrypt/dhparams.pem;|" /etc/nginx/conf.d/default.conf
2278 | fi
2279 | fi
2280 | if [[ $phpv = "1" ]] ; then
2281 | sed -i "s|.*fastcgi_pass unix:/var/run/php.sock;| fastcgi_pass unix:/var/run/php5-fpm.sock;|" /etc/nginx/conf.d/default.conf
2282 | elif [[ $phpv = "2" ]] ; then
2283 | sed -i "s|.*fastcgi_pass unix:/var/run/php.sock;| fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;|" /etc/nginx/conf.d/default.conf
2284 | elif [[ $phpv = "3" ]] ; then
2285 | sed -i "s|.*fastcgi_pass unix:/var/run/php.sock;| fastcgi_pass unix:/var/run/hhvm/hhvm.sock;|" /etc/nginx/conf.d/default.conf
2286 | fi
2287 | sed -i "s| server_name domain www.domain;| server_name "$d";|" /etc/nginx/conf.d/default.conf
2288 | sed -i "5s|.*root /usr/share/nginx/html;| root /opt/observium/html;|" /etc/nginx/conf.d/default.conf
2289 | sed -i "16s|.*root /usr/share/nginx/html;| root /opt/observium/html;|" /etc/nginx/conf.d/default.conf
2290 | mkdir -p /opt/observium && cd /opt
2291 | wget -P /opt/ http://www.observium.org/observium-community-latest.tar.gz &> /dev/null
2292 | tar zxvf /opt/observium-community-latest.tar.gz -C /opt &> /dev/null
2293 | cp /opt/observium/config.php.default /opt/observium/config.php
2294 | sed -i "s|USERNAME|"$u"|" /opt/observium/config.php
2295 | sed -i "s|PASSWORD|"$p"|" /opt/observium/config.php
2296 | mkdir -p /opt/observium/rrd
2297 | mkdir /opt/observium/logs
2298 | chown www-data:www-data /opt/observium/rrd
2299 | cd /opt/observium
2300 | randp=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 12 | head -n 1)
2301 | php /opt/observium/discovery.php -u &> /dev/null
2302 | php adduser.php admin "$randp" 10 &> /dev/null
2303 | touch /etc/cron.d/observium
2304 | service nginx restart &> /dev/null
2305 | echo "33 */6 * * * root /opt/observium/discovery.php -h all >> /dev/null 2>&1" >> /etc/cron.d/observium
2306 | echo "*/5 * * * * root /opt/observium/discovery.php -h new >> /dev/null 2>&1" >> /etc/cron.d/observium
2307 | echo "*/5 * * * * root /opt/observium/poller-wrapper.py 2 >> /dev/null 2>&1" >> /etc/cron.d/observium
2308 | print_done "---------------------------------------------------------------"
2309 | print_done "Observium has been installed. Login at http://$d"
2310 | print_done "Login details:"
2311 | print_done "Username: admin"
2312 | print_done "Password: $randp"
2313 | print_done "---------------------------------------------------------------"
2314 | print_done "Database details"
2315 | print_done "Database: observium"
2316 | print_done "Username: $u"
2317 | print_done "password: $p"
2318 | print_done "---------------------------------------------------------------"
2319 | print_warn "Write this information down now. It will NOT be stored."
2320 | print_done "---------------------------------------------------------------"
2321 | print_done ""
2322 | print_done ""
2323 | print_done ""
2324 | exit 1
2325 | }
2326 | function install_observium_client {
2327 | #!/bin/bash
2328 | print_info "Contact email"
2329 | read mail
2330 | print_info "Community"
2331 | read comm
2332 | print_info "Specify port (Leave blank for default)"
2333 | read port
2334 | if [ -z "$port" ] ; then
2335 | port="161"
2336 | fi
2337 | COMMUNITY=$comm
2338 | CONTACT=$mail
2339 | print_info "Please enter where the server is physically located:"
2340 | read loc
2341 | LOCATION=$loc
2342 | listen=$(hostname --ip-address)
2343 | print_info "Installing Observium client, please wait..."
2344 | apt-get update &> /dev/null
2345 | apt-get install -y &> /dev/null
2346 | sed -i.bak "/SNMPDOPTS=/c\SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -p /var/run/snmpd.pid'" /etc/default/snmpd
2347 | cat > /etc/snmp/snmpd.conf < /dev/null
2362 | mv distro /usr/bin/distro
2363 | chmod +x /usr/bin/distro
2364 | if which ufw >/dev/null; then
2365 | ufw allow "$port"/tcp &> /dev/null
2366 | ufw disable &> /dev/null
2367 | ufw --force enable &> /dev/null
2368 | fi
2369 | /etc/init.d/snmpd restart &> /dev/null
2370 | print_done "#########################################################"
2371 | print_done "## !! !! Installation Complete !! !! ##"
2372 | print_done "#########################################################"
2373 | print_done "#You may add this server to your Observium installation #"
2374 | print_done "# using $COMMUNITY as the Community #"
2375 | print_done "#########################################################"
2376 | print_done "## Install Script by www.SonicBoxes.com ##"
2377 | print_done "## Modified by eunas.net ##"
2378 | print_done "#########################################################"
2379 | }
2380 | function install_transmission {
2381 | check_install transmission-daemon 1 "Transmission is already installed" v
2382 | print_info "Please enter a username: "
2383 | read transu
2384 | print_info "Please enter a password: "
2385 | read -s transp
2386 | print_info "Please enter port (Leave blank to use default)"
2387 | read trp
2388 | if [ -z "$trp" ] ; then
2389 | trp="9091"
2390 | fi
2391 | print_info "Installing Transmission BitTorrent client, please wait..."
2392 | apt-get install -y transmission-daemon &> /dev/null
2393 | wait
2394 | mkdir /usr/share/transmission/completed /usr/share/transmission/incomplete
2395 | chown debian-transmission:debian-transmission /usr/share/transmission/completed
2396 | chown debian-transmission:debian-transmission /usr/share/transmission/incomplete
2397 | if ! id -u "$transu" >/dev/null 2>&1; then
2398 | useradd -d /home/$transu $transu
2399 | wait
2400 | echo "$transu:$transp" | chpasswd
2401 | mkdir -p "/home/$transu"
2402 | chmod 750 /home/$transu
2403 | chown -R $transu /home/$transu
2404 | fi
2405 | usermod -a -G debian-transmission $transu
2406 | chmod 775 /usr/share/transmission/*
2407 | service transmission-daemon stop &> /dev/null
2408 | wait
2409 | sed -i "s|.*download-dir.*| \"download-dir\": \"/usr/share/transmission/completed\",|" /etc/transmission-daemon/settings.json
2410 | sed -i "s|\"incomplete-dir\": \"/var/lib/transmission-daemon/Downloads\",|\"incomplete-dir\": \"/usr/share/transmission/incomplete\",|" /etc/transmission-daemon/settings.json
2411 | sed -i "s|.*rpc-password.*| \"rpc-password\": \"$transp\",|" /etc/transmission-daemon/settings.json
2412 | sed -i "s|.*rpc-port.*| \"rpc-port\": $trp,|" /etc/transmission-daemon/settings.json
2413 | sed -i "s|.*rpc-bind-address.*| \"rpc-bind-address\": \"$(get_ip)\",|" /etc/transmission-daemon/settings.json
2414 | sed -i "s|.*rpc-username.*| \"rpc-username\": \"$transu\",|" /etc/transmission-daemon/settings.json
2415 | sed -i "s|\"rpc-whitelist\": \"127.0.0.1\",|\"rpc-whitelist\": \"127.0.0.1,*.*.*.*\",|" /etc/transmission-daemon/settings.json
2416 | if which ufw >/dev/null; then
2417 | ufw allow "$trp"/tcp &> /dev/null
2418 | ufw disable &> /dev/null
2419 | ufw --force enable &> /dev/null
2420 | fi
2421 | service transmission-daemon start &> /dev/null
2422 | wait
2423 | clear
2424 | print_info ""
2425 | print_info "----------------------------------------------------"
2426 | print_info "Transmissions has been installed."
2427 | print_info ""
2428 | print_info "Navigate to http://$(get_external_ip):$trp"
2429 | print_info "Login with username: $transu and the"
2430 | print_info "password you selected during installation."
2431 | print_info ""
2432 | print_info "----------------------------------------------------"
2433 | print_info ""
2434 | }
2435 | function install_blog {
2436 | while true; do
2437 | print_info "Choose a blog to install:"
2438 | print_info "1) Ghost"
2439 | print_info "2) Wordpress"
2440 | print_info "e) Exit"
2441 | read -n 1 choice
2442 | case $choice in
2443 | 1)
2444 | install_ghost
2445 | break
2446 | ;;
2447 | 2)
2448 | install_wp
2449 | break
2450 | ;;
2451 | e|E)
2452 | break
2453 | ;;
2454 | *)
2455 | print_warn "That is not a valid choice."
2456 | ;;
2457 | esac
2458 | done
2459 | }
2460 | install_ghost() {
2461 | check_install nginx 1 "nginx is already installed. Please remove it before installing ghost."
2462 | print_info "========================================================================="
2463 | print_info "Please notice that installing ghost on a lowend system can take 30+ min."
2464 | print_info "Your current nginx configuration will be overwritten"
2465 | print_info "========================================================================="
2466 | print_info ""
2467 | print_info "Enter port (Leave blank to use default)"
2468 | read gp
2469 | clear
2470 | print_info "Select a database server"
2471 | print_info "1) SQLite"
2472 | print_info "2) MariaDB"
2473 | print_info "3) MySQL"
2474 | read -n 1 dbs
2475 | if [[ $dbs = "1" ]] ; then
2476 | php=n
2477 | db=n
2478 | db1=n
2479 | install_webserver
2480 | fi
2481 | if [[ $dbs = "2" ]] || [[ $dbs = "3" ]] ; then
2482 | clear
2483 | print_info "Install PHPMyAdmin ? [y/n]"
2484 | read -n 1 pha
2485 | if [[ $pha != [YyNn] ]];
2486 | then
2487 | clear
2488 | print_warn "Error in input, try again !"
2489 | exit 1
2490 | fi
2491 | if [[ $pha = "y" ]] ; then
2492 | php=y
2493 | else
2494 | php=n
2495 | fi
2496 | if [[ $dbs = "2" ]] ; then
2497 | db=y
2498 | db1=n
2499 | elif [[ $dbs = "3" ]] ; then
2500 | db=n
2501 | db1=y
2502 | else
2503 | db=n
2504 | db1=n
2505 | fi
2506 | install_webserver
2507 | fi
2508 | if [ -z "$gp" ] ; then
2509 | gp="2368"
2510 | fi
2511 | clear
2512 | print_info "Installing ghost. Please wait ...."
2513 | apt-get update &> /dev/null
2514 | wait
2515 | if [ $(plain_version) = "7" ]; then
2516 | curl -sL https://deb.nodesource.com/setup_4.x | bash - &> /dev/null
2517 | wait
2518 | fi
2519 | apt-get install -y build-essential nodejs nodejs-legacy npm unzip curl supervisor &> /dev/null
2520 | wait
2521 | wget -O /tmp/ghost.zip https://ghost.org/zip/ghost-latest.zip &> /dev/null
2522 | wait
2523 | mkdir -p /usr/share/ghost
2524 | unzip /tmp/ghost.zip -d /usr/share/ghost &> /dev/null
2525 | wait
2526 | cd /usr/share/ghost
2527 | npm install --production &> /dev/null
2528 | wait
2529 | useradd -r ghost -U
2530 | chown -R ghost:ghost /usr/share/ghost
2531 | cp config.example.js config.js
2532 | wget -O /etc/nginx/conf.d/ghost.conf https://raw.githubusercontent.com/eunas/gotdeb/master/resources/ghost.conf --no-check-certificate &> /dev/null
2533 | wait
2534 | mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default-backup
2535 | if [[ $ssl = "y" ]]; then
2536 | rm /etc/nginx/conf.d/ghost.conf
2537 | wget -O /etc/nginx/conf.d/ghost.conf https://raw.githubusercontent.com/eunas/gotdeb/master/resources/ghost-ssl.conf --no-check-certificate &> /dev/null
2538 | wait
2539 | if [ $sslv = "1" ] ; then
2540 | sed -i "s| ssl_dhparam| ssl_dhparam /etc/nginx/ssl/dhparams.pem;|" /etc/nginx/conf.d/ghost.conf
2541 | fi
2542 | if [ $sslv = "2" ] ; then
2543 | sed -i "s| ssl_certificate /etc/nginx/ssl/nginx.crt;| ssl_certificate /etc/letsencrypt/live/"$d"/fullchain.pem;|" /etc/nginx/conf.d/ghost.conf
2544 | sed -i "s| ssl_certificate_key /etc/nginx/ssl/nginx.key;| ssl_certificate_key /etc/letsencrypt/live/"$d"/privkey.pem;|" /etc/nginx/conf.d/ghost.conf
2545 | sed -i "s| ssl_dhparam| ssl_dhparam /etc/letsencrypt/dhparams.pem;|" /etc/nginx/conf.d/ghost.conf
2546 | fi
2547 | if [ $web = "1" ] ; then
2548 | sed -i "s| listen 443 ssl http2;| listen 443 ssl;|" /etc/nginx/conf.d/ghost.conf
2549 | fi
2550 | fi
2551 | if [[ $phpv = "2" ]] ; then
2552 | sed -i "s|.*fastcgi_pass unix:/var/run/php5-fpm.sock;|fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;|" /etc/nginx/conf.d/ghost.conf
2553 | elif [[ $phpv = "3" ]] ; then
2554 | sed -i "s| fastcgi_pass unix:/var/run/php5-fpm.sock;| fastcgi_pass unix:/var/run/hhvm/hhvm.sock;|" /etc/nginx/conf.d/ghost.conf
2555 | fi
2556 | if [[ $dbs = "2" ]] || [[ $dbs = "3" ]] ; then
2557 | rand=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 4 | head -n 1)
2558 | u=ghost_$rand
2559 | p=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 12 | head -n 1)
2560 | #EXPECTED_ARGS=3
2561 | #E_BADARGS=65
2562 | MYSQL=`which mysql`
2563 | Q1="CREATE DATABASE IF NOT EXISTS ghost;"
2564 | Q2="GRANT USAGE ON *.* TO $u@localhost IDENTIFIED BY '$p';"
2565 | Q3="GRANT ALL PRIVILEGES ON ghost.* TO $u@localhost;"
2566 | Q4="FLUSH PRIVILEGES;"
2567 | SQL="${Q1}${Q2}${Q3}${Q4}"
2568 | $MYSQL -uroot -p$dbpass -e "$SQL"
2569 | sed -i "s| client: 'sqlite3',| client: 'mysql',|" /usr/share/ghost/config.js
2570 | sed -i "s|filename: path.join(__dirname, '/content/data/ghost.db')|host: 'localhost',\n user: '"$u"',\n password: '"$p"',\n database: 'ghost',\n charset: 'utf8'|" /usr/share/ghost/config.js
2571 | fi
2572 | sed -i "s|.*http://my-ghost-blog.com.*| url: 'http://$d',|" /usr/share/ghost/config.js
2573 | sed -i "s| host: '127.0.0.1',| host: '0.0.0.0',|" /usr/share/ghost/config.js
2574 | sed -i "s| port: '2368'| port: '"$gp"'|" /usr/share/ghost/config.js
2575 | sed -i "s| server_name server_name;| server_name "$d";|" /etc/nginx/conf.d/ghost.conf
2576 | sed -i "s|proxy_pass http://127.0.0.1:2368;|proxy_pass http://127.0.0.1:"$gp";|" /etc/nginx/conf.d/ghost.conf
2577 | wget -O /etc/supervisor/conf.d/ghost.conf https://raw.githubusercontent.com/eunas/gotdeb/master/resources/ghost-supervisor.conf --no-check-certificate&> /dev/null
2578 | supervisorctl reread &> /dev/null
2579 | supervisorctl update &> /dev/null
2580 | supervisorctl restart ghost-blog &> /dev/null
2581 | service nginx restart &> /dev/null
2582 | clear
2583 | print_done "======================================================"
2584 | print_done "Ghost has been installed"
2585 | print_done "You can access it at $d"
2586 | print_done "Access the admin area at $d/ghost"
2587 | if [[ $dbs = "2" ]] || [[ $dbs = "3" ]] ; then
2588 | print_done ""
2589 | print_done "Database information:"
2590 | print_done "Username: $u"
2591 | print_done "Password: $p"
2592 | fi
2593 | print_done "======================================================"
2594 | }
2595 | install_wp() {
2596 | check_install nginx 1 "nginx is already installed. Please remove it before installing Wordpress."
2597 | php=y
2598 | db=y
2599 | db1=n
2600 | install_webserver
2601 | rand=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 4 | head -n 1)
2602 | u=wordpress_$rand
2603 | p=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 12 | head -n 1)
2604 | while ! mysql -u root -p$dbpass -e 2>/dev/null ";" ; do
2605 | read -s -p "Can't connect, please retry: " dbpass
2606 | done
2607 | print_info "Installing Wordpress..."
2608 | #EXPECTED_ARGS=3
2609 | #E_BADARGS=65
2610 | MYSQL=`which mysql`
2611 | Q1="CREATE DATABASE IF NOT EXISTS wordpress;"
2612 | Q2="GRANT USAGE ON *.* TO $u@localhost IDENTIFIED BY '$p';"
2613 | Q3="GRANT ALL PRIVILEGES ON wordpress.* TO $u@localhost;"
2614 | Q4="FLUSH PRIVILEGES;"
2615 | SQL="${Q1}${Q2}${Q3}${Q4}"
2616 | $MYSQL -uroot -p$dbpass -e "$SQL"
2617 | wget -O /tmp/wordpress.tar.gz http://wordpress.org/latest.tar.gz &> /dev/null
2618 | wait
2619 | tar -C /tmp/ -xvzf /tmp/wordpress.tar.gz &> /dev/null
2620 | wait
2621 | cp -r /tmp/wordpress/* /usr/share/nginx/html/ &> /dev/null
2622 | wait
2623 | cp /usr/share/nginx/html/wp-config-sample.php /usr/share/nginx/html/wp-config.php &> /dev/null
2624 | wget -O /tmp/wp.keys https://api.wordpress.org/secret-key/1.1/salt/ &> /dev/null
2625 | sed -i '/#@-/r /tmp/wp.keys' /usr/share/nginx/html/wp-config.php
2626 | sed -i "/#@+/,/#@-/d" /usr/share/nginx/html/wp-config.php
2627 | sed -i "s/database_name_here/wordpress/" /usr/share/nginx/html/wp-config.php
2628 | sed -i "s/username_here/$u/" /usr/share/nginx/html/wp-config.php
2629 | sed -i "s/password_here/$p/" /usr/share/nginx/html/wp-config.php
2630 | mkdir /usr/share/nginx/html/wp-content/uploads
2631 | chmod 775 /usr/share/nginx/html/wp-content/uploads
2632 | rm -rf /tmp/*
2633 | clear
2634 | print_done "======================================================"
2635 | print_done "Wordpress has been installed"
2636 | print_done "You can access it at $d"
2637 | print_done "Database user: $u"
2638 | print_done "Database password: $p"
2639 | print_done "======================================================"
2640 | }
2641 | ############################################################
2642 | # Menu
2643 | ############################################################
2644 | check_sanity
2645 | while true; do
2646 | print_info "Choose what you want to install:"
2647 | print_info "1) Nginx"
2648 | print_info "2) Blogs"
2649 | print_info "3) PHP"
2650 | print_info "4) MySQL Server"
2651 | print_info "5) MariaDB server"
2652 | print_info "6) phpMyAdmin"
2653 | print_info "7) PureFTPD"
2654 | print_info "8) OpenVPN Server"
2655 | print_info "9) SoftEther VPN"
2656 | print_info "10) Squid3 Proxy Server"
2657 | print_info "11) sSMTP server"
2658 | print_info "12) Aria2 + Webui"
2659 | print_info "13) Transmission"
2660 | print_info "14) X2Go + Xfce Desktop"
2661 | print_info "15) Plex Media Server"
2662 | print_info "16) Observium"
2663 | print_info "17) Linux-Dash"
2664 | print_info "18) User Management"
2665 | print_info "19) System Management"
2666 | print_info "20) About"
2667 | print_info "e) Exit"
2668 | read choice
2669 | case $choice in
2670 | 1)
2671 | install_webserver
2672 | break
2673 | ;;
2674 | 2)
2675 | install_blog
2676 | break
2677 | ;;
2678 | 3)
2679 | php_version
2680 | break
2681 | ;;
2682 | 4)
2683 | install_mysql
2684 | break
2685 | ;;
2686 | 5)
2687 | install_mariadb
2688 | break
2689 | ;;
2690 | 6)
2691 | install_phpmyadmin
2692 | break
2693 | ;;
2694 | 7)
2695 | install_pureftpd
2696 | break
2697 | ;;
2698 | 8)
2699 | install_openvpn
2700 | break
2701 | ;;
2702 | 9)
2703 | install_softether
2704 | break
2705 | ;;
2706 | 10)
2707 | install_squid3
2708 | break
2709 | ;;
2710 | 11)
2711 | install_ssmtp
2712 | break
2713 | ;;
2714 | 12)
2715 | configure_aria2
2716 | break
2717 | ;;
2718 | 13)
2719 | install_transmission
2720 | break
2721 | ;;
2722 | 14)
2723 | install_remotedesktop
2724 | break
2725 | ;;
2726 | 15)
2727 | plex_setup
2728 | break
2729 | ;;
2730 | 16)
2731 | setup_observium
2732 | break
2733 | ;;
2734 | 17)
2735 | get_linuxdash
2736 | break
2737 | ;;
2738 | 18)
2739 | user_management
2740 | break
2741 | ;;
2742 | 19)
2743 | system_management
2744 | break
2745 | ;;
2746 | 20)
2747 | script_about
2748 | break
2749 | ;;
2750 | e|E)
2751 | break
2752 | ;;
2753 | *)
2754 | print_warn "That is not a valid choice, try a number from 1 to 20."
2755 | ;;
2756 | esac
2757 | done
--------------------------------------------------------------------------------