#!/bin/bash # Vesta RHEL/CentOS installer v.05 #----------------------------------------------------------# # Variables&Functions # #----------------------------------------------------------# export PATH=$PATH:/sbin RHOST='r.vestacp.com' CHOST='c.vestacp.com' REPO='cmmnt' VERSION='rhel' VESTA='/usr/local/vesta' memory=$(grep 'MemTotal' /proc/meminfo |tr ' ' '\n' |grep [0-9]) arch=$(uname -i) os=$(cut -f 1 -d ' ' /etc/redhat-release) release=$(grep -o "[0-9]" /etc/redhat-release |head -n1) codename="${os}_$release" vestacp="$VESTA/install/$VERSION/$release" # Defining software pack for all distros software="nginx awstats bc bind bind-libs bind-utils clamav-server clamav-update curl dovecot e2fsprogs exim expect fail2ban flex freetype ftp GeoIP httpd ImageMagick iptables-services jwhois lsof mailx mariadb mariadb-server mc mod_fcgid mod_ruid2 mod_ssl net-tools ntp openssh-clients pcre php php-bcmath php-cli php-common php-fpm php-gd php-imap php-mbstring php-mcrypt phpMyAdmin php-mysql php-pdo phpPgAdmin php-pgsql php-soap php-tidy php-xml php-xmlrpc postgresql postgresql-contrib postgresql-server proftpd roundcubemail rrdtool rsyslog screen spamassassin sqlite sudo tar telnet unzip vesta vesta-ioncube vesta-nginx vesta-php vesta-softaculous vim-common vsftpd webalizer which zip" # Fix for old releases if [ "$release" -lt 7 ]; then software=$(echo "$software" |sed -e "s/mariadb/mysql/g") software=$(echo "$software" |sed -e "s/clamav-server/clamd/") software=$(echo "$software" |sed -e "s/clamav-update//") software=$(echo "$software" |sed -e "s/iptables-services//") software="$software mod_extract_forwarded" fi # Defining help function help() { echo "Usage: $0 [OPTIONS] -a, --apache Install Apache [yes|no] default: yes -n, --nginx Install Nginx [yes|no] default: yes -w, --phpfpm Install PHP-FPM [yes|no] default: no -v, --vsftpd Install Vsftpd [yes|no] default: yes -j, --proftpd Install ProFTPD [yes|no] default: no -k, --named Install Bind [yes|no] default: yes -m, --mysql Install MySQL [yes|no] default: yes -g, --postgresql Install PostgreSQL [yes|no] default: no -x, --exim Install Exim [yes|no] default: yes -z, --dovecot Install Dovecot [yes|no] default: yes -c, --clamav Install ClamAV [yes|no] default: yes -t, --spamassassin Install SpamAssassin [yes|no] default: yes -i, --iptables Install Iptables [yes|no] default: yes -b, --fail2ban Install Fail2ban [yes|no] default: yes -r, --remi Install Remi repo [yes|no] default: yes -o, --softaculous Install Softaculous [yes|no] default: yes -q, --quota Filesystem Quota [yes|no] default: no -l, --lang Default language default: en -y, --interactive Interactive install [yes|no] default: yes -s, --hostname Set hostname -u, --ssl Add LE SSL for hostname [yes|no] default: no -e, --email Set admin email -d, --port Set Vesta port -p, --password Set admin password -f, --force Force installation -h, --help Print this help Example: bash $0 -e demo@vestacp.com -p p4ssw0rd --apache no --phpfpm yes" exit 1 } # Defining password-gen function gen_pass() { MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' LENGTH=10 while [ ${n:=1} -le $LENGTH ]; do PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}" let n+=1 done echo "$PASS" } # Defining return code check function check_result() { if [ $1 -ne 0 ]; then echo "Error: $2" exit $1 fi } # Defining function to set default value set_default_value() { eval variable=\$$1 if [ -z "$variable" ]; then eval $1=$2 fi if [ "$variable" != 'yes' ] && [ "$variable" != 'no' ]; then eval $1=$2 fi } # Defining function to set default language value set_default_lang() { if [ -z "$lang" ]; then eval lang=$1 fi lang_list=" ar cz el fa hu ja no pt se ua bs da en fi id ka pl ro tr vi cn de es fr it nl pt-BR ru tw bg ko sr th ur" if !(echo $lang_list |grep -w $lang 1>&2>/dev/null); then eval lang=$1 fi } #----------------------------------------------------------# # Verifications # #----------------------------------------------------------# # Translating argument to --gnu-long-options for arg; do delim="" case "$arg" in --apache) args="${args}-a " ;; --nginx) args="${args}-n " ;; --phpfpm) args="${args}-w " ;; --vsftpd) args="${args}-v " ;; --proftpd) args="${args}-j " ;; --named) args="${args}-k " ;; --mysql) args="${args}-m " ;; --postgresql) args="${args}-g " ;; --exim) args="${args}-x " ;; --dovecot) args="${args}-z " ;; --clamav) args="${args}-c " ;; --spamassassin) args="${args}-t " ;; --iptables) args="${args}-i " ;; --fail2ban) args="${args}-b " ;; --remi) args="${args}-r " ;; --softaculous) args="${args}-o " ;; --quota) args="${args}-q " ;; --lang) args="${args}-l " ;; --interactive) args="${args}-y " ;; --hostname) args="${args}-s " ;; --ssl) args="${args}-u " ;; --email) args="${args}-e " ;; --port) args="${args}-d " ;; --password) args="${args}-p " ;; --force) args="${args}-f " ;; --help) args="${args}-h " ;; *) [[ "${arg:0:1}" == "-" ]] || delim="\"" args="${args}${delim}${arg}${delim} ";; esac done eval set -- "$args" # Parsing arguments while getopts "a:n:w:v:j:k:m:g:x:z:c:t:i:b:r:o:q:l:y:s:u:e:d:p:fh" Option; do case $Option in a) apache=$OPTARG ;; # Apache n) nginx=$OPTARG ;; # Nginx w) phpfpm=$OPTARG ;; # PHP-FPM v) vsftpd=$OPTARG ;; # Vsftpd j) proftpd=$OPTARG ;; # Proftpd k) named=$OPTARG ;; # Named m) mysql=$OPTARG ;; # MySQL g) postgresql=$OPTARG ;; # PostgreSQL d) mongodb=$OPTARG ;; # MongoDB (unsupported) x) exim=$OPTARG ;; # Exim z) dovecot=$OPTARG ;; # Dovecot c) clamd=$OPTARG ;; # ClamAV t) spamd=$OPTARG ;; # SpamAssassin i) iptables=$OPTARG ;; # Iptables b) fail2ban=$OPTARG ;; # Fail2ban r) remi=$OPTARG ;; # Remi repo o) softaculous=$OPTARG ;; # Softaculous plugin q) quota=$OPTARG ;; # FS Quota l) lang=$OPTARG ;; # Language y) interactive=$OPTARG ;; # Interactive install s) servername=$OPTARG ;; # Hostname u) ssl=$OPTARG ;; # Add Let's Encrypt SSL for hostname e) email=$OPTARG ;; # Admin email d) port=$OPTARG ;; # Vesta port p) vpass=$OPTARG ;; # Admin password f) force='yes' ;; # Force install h) help ;; # Help *) help ;; # Print help (default) esac done # Defining default software stack set_default_value 'nginx' 'yes' set_default_value 'apache' 'yes' set_default_value 'phpfpm' 'no' set_default_value 'vsftpd' 'yes' set_default_value 'proftpd' 'no' set_default_value 'named' 'yes' set_default_value 'mysql' 'yes' set_default_value 'postgresql' 'no' set_default_value 'mongodb' 'no' set_default_value 'exim' 'yes' set_default_value 'dovecot' 'yes' if [ $memory -lt 1500000 ]; then set_default_value 'clamd' 'no' set_default_value 'spamd' 'no' else set_default_value 'clamd' 'yes' set_default_value 'spamd' 'yes' fi set_default_value 'iptables' 'yes' set_default_value 'fail2ban' 'yes' set_default_value 'remi' 'yes' set_default_value 'softaculous' 'yes' set_default_value 'quota' 'no' set_default_value 'interactive' 'yes' set_default_value 'ssl' 'no' set_default_lang 'en' # Checking software conflicts if [ "$phpfpm" = 'yes' ]; then apache='no' nginx='yes' fi if [ "$proftpd" = 'yes' ]; then vsftpd='no' fi if [ "$exim" = 'no' ]; then clamd='no' spamd='no' dovecot='no' fi if [ "$iptables" = 'no' ]; then fail2ban='no' fi # Checking root permissions if [ "x$(id -u)" != 'x0' ]; then check_result 1 "Script can be run executed only by root" fi # Checking admin user account if [ ! -z "$(grep ^admin: /etc/passwd /etc/group)" ] && [ -z "$force" ]; then echo 'Please remove admin user account before proceeding.' echo 'If you want to do it automatically run installer with -f option:' echo -e "Example: bash $0 --force\n" check_result 1 "User admin exists" fi # Checking wget if [ ! -e '/usr/bin/wget' ]; then yum -y install wget check_result $? "Can't install wget" fi # Checking repository availability wget -q "c.vestacp.com/GPG.txt" -O /dev/null check_result $? "No access to Vesta repository" # Checking installed packages tmpfile=$(mktemp -p /tmp) rpm -qa > $tmpfile for pkg in exim mysql-server httpd nginx vesta; do if [ ! -z "$(grep $pkg $tmpfile)" ]; then conflicts="$pkg $conflicts" fi done rm -f $tmpfile if [ ! -z "$conflicts" ] && [ -z "$force" ]; then echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!' echo echo 'Following packages are already installed:' echo "$conflicts" echo echo 'It is highly recommended to remove them before proceeding.' echo 'If you want to force installation run this script with -f option:' echo "Example: bash $0 --force" echo echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!' echo check_result 1 "Control Panel should be installed on clean server." fi #----------------------------------------------------------# # Brief Info # #----------------------------------------------------------# # Printing nice ASCII logo clear echo echo ' _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_|' echo ' _| _| _| _| _| _| _|' echo ' _| _| _|_|_| _|_| _| _|_|_|_|' echo ' _| _| _| _| _| _| _|' echo ' _| _|_|_|_| _|_|_| _| _| _|' echo echo ' Vesta Control Panel' echo -e "\n\n" echo 'The following software will be installed on your system:' # Web stack if [ "$nginx" = 'yes' ]; then echo ' - Nginx Web Server' fi if [ "$apache" = 'yes' ] && [ "$nginx" = 'no' ] ; then echo ' - Apache Web Server' fi if [ "$apache" = 'yes' ] && [ "$nginx" = 'yes' ] ; then echo ' - Apache Web Server (as backend)' fi if [ "$phpfpm" = 'yes' ]; then echo ' - PHP-FPM Application Server' fi # DNS stack if [ "$named" = 'yes' ]; then echo ' - Bind DNS Server' fi # Mail stack if [ "$exim" = 'yes' ]; then echo -n ' - Exim Mail Server' if [ "$clamd" = 'yes' ] || [ "$spamd" = 'yes' ] ; then echo -n ' + ' if [ "$clamd" = 'yes' ]; then echo -n 'ClamAV ' fi if [ "$spamd" = 'yes' ]; then echo -n 'SpamAssassin' fi fi echo if [ "$dovecot" = 'yes' ]; then echo ' - Dovecot POP3/IMAP Server' fi fi # Database stack if [ "$mysql" = 'yes' ]; then if [ $release -ge '7' ]; then echo ' - MariaDB Database Server' else echo ' - MySQL Database Server' fi fi if [ "$postgresql" = 'yes' ]; then echo ' - PostgreSQL Database Server' fi if [ "$mongodb" = 'yes' ]; then echo ' - MongoDB Database Server' fi # FTP stack if [ "$vsftpd" = 'yes' ]; then echo ' - Vsftpd FTP Server' fi if [ "$proftpd" = 'yes' ]; then echo ' - ProFTPD FTP Server' fi # LE SSL for hostname if [ "$ssl" = 'yes' ]; then echo ' - LE SSL for hostname' fi # Softaculous if [ "$softaculous" = 'yes' ]; then echo ' - Softaculous Plugin' fi # Firewall stack if [ "$iptables" = 'yes' ]; then echo -n ' - Iptables Firewall' fi if [ "$iptables" = 'yes' ] && [ "$fail2ban" = 'yes' ]; then echo -n ' + Fail2Ban' fi echo -e "\n\n" # Asking for confirmation to proceed if [ "$interactive" = 'yes' ]; then read -p 'Would you like to continue [y/n]: ' answer if [ "$answer" != 'y' ] && [ "$answer" != 'Y' ]; then echo 'Goodbye' exit 1 fi # Asking for contact email if [ -z "$email" ]; then read -p 'Please enter admin email address: ' email fi # Asking for Vesta port if [ -z "$port" ]; then read -p 'Please enter Vesta port number (press enter for 8083): ' port fi # Asking to set FQDN hostname if [ -z "$servername" ]; then read -p "Please enter FQDN hostname [$(hostname -f)]: " servername fi fi # Generating admin password if it wasn't set if [ -z "$vpass" ]; then vpass=$(gen_pass) fi # Set hostname if it wasn't set if [ -z "$servername" ]; then servername=$(hostname -f) fi # Set FQDN if it wasn't set mask1='(([[:alnum:]](-?[[:alnum:]])*)\.)' mask2='*[[:alnum:]](-?[[:alnum:]])+\.[[:alnum:]]{2,}' if ! [[ "$servername" =~ ^${mask1}${mask2}$ ]]; then if [ ! -z "$servername" ]; then servername="$servername.example.com" else servername="example.com" fi echo "127.0.0.1 $servername" >> /etc/hosts fi # Set email if it wasn't set if [ -z "$email" ]; then email="admin@$servername" fi # Set port if it wasn't set if [ -z "$port" ]; then port="8083" fi # Defining backup directory vst_backups="/root/vst_install_backups/$(date +%s)" echo "Installation backup directory: $vst_backups" # Printing start message and sleeping for 5 seconds echo -e "\n\n\n\nInstallation will take about 15 minutes ...\n" sleep 5 #----------------------------------------------------------# # Checking swap # #----------------------------------------------------------# # Checking swap on small instances if [ -z "$(swapon -s)" ] && [ $memory -lt 1000000 ]; then fallocate -l 1G /swapfile chmod 600 /swapfile mkswap /swapfile swapon /swapfile echo "/swapfile none swap sw 0 0" >> /etc/fstab fi #----------------------------------------------------------# # Install repository # #----------------------------------------------------------# # Updating system yum -y update check_result $? 'yum update failed' # Installing EPEL repository yum install epel-release -y check_result $? "Can't install EPEL repository" # Installing Remi repository if [ "$remi" = 'yes' ] && [ ! -e "/etc/yum.repos.d/remi.repo" ]; then rpm -Uvh http://rpms.remirepo.net/enterprise/remi-release-$release.rpm check_result $? "Can't install REMI repository" sed -i "s/enabled=0/enabled=1/g" /etc/yum.repos.d/remi.repo sed -i "s/enabled=0/enabled=1/g" /etc/yum.repos.d/remi-php81.repo fi # Installing Nginx repository nrepo="/etc/yum.repos.d/nginx.repo" echo "[nginx]" > $nrepo echo "name=nginx repo" >> $nrepo echo "baseurl=http://nginx.org/packages/centos/$release/\$basearch/" >> $nrepo echo "gpgcheck=0" >> $nrepo echo "enabled=1" >> $nrepo # Installing Vesta repository vrepo='/etc/yum.repos.d/vesta.repo' echo "[vesta]" > $vrepo echo "name=Vesta - $REPO" >> $vrepo echo "baseurl=http://$RHOST/$REPO/$release/\$basearch/" >> $vrepo echo "enabled=1" >> $vrepo echo "gpgcheck=1" >> $vrepo echo "gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-VESTA" >> $vrepo wget c.vestacp.com/GPG.txt -O /etc/pki/rpm-gpg/RPM-GPG-KEY-VESTA #----------------------------------------------------------# # Backup # #----------------------------------------------------------# # Creating backup directory tree mkdir -p $vst_backups cd $vst_backups mkdir nginx httpd php php-fpm vsftpd proftpd named exim dovecot clamd \ spamassassin mysql postgresql mongodb vesta # Backup Nginx configuration service nginx stop > /dev/null 2>&1 cp -r /etc/nginx/* $vst_backups/nginx > /dev/null 2>&1 # Backup Apache configuration service httpd stop > /dev/null 2>&1 cp -r /etc/httpd/* $vst_backups/httpd > /dev/null 2>&1 # Backup PHP-FPM configuration service php-fpm stop >/dev/null 2>&1 cp /etc/php.ini $vst_backups/php > /dev/null 2>&1 cp -r /etc/php.d $vst_backups/php > /dev/null 2>&1 cp /etc/php-fpm.conf $vst_backups/php-fpm > /dev/null 2>&1 mv -f /etc/php-fpm.d/* $vst_backups/php-fpm/ > /dev/null 2>&1 # Backup Bind configuration yum remove bind-chroot > /dev/null 2>&1 service named stop > /dev/null 2>&1 cp /etc/named.conf $vst_backups/named >/dev/null 2>&1 # Backup Vsftpd configuration service vsftpd stop > /dev/null 2>&1 cp /etc/vsftpd/vsftpd.conf $vst_backups/vsftpd >/dev/null 2>&1 # Backup ProFTPD configuration service proftpd stop > /dev/null 2>&1 cp /etc/proftpd.conf $vst_backups/proftpd >/dev/null 2>&1 # Backup Exim configuration service exim stop > /dev/null 2>&1 cp -r /etc/exim/* $vst_backups/exim >/dev/null 2>&1 # Backup ClamAV configuration service clamd stop > /dev/null 2>&1 cp /etc/clamd.conf $vst_backups/clamd >/dev/null 2>&1 cp -r /etc/clamd.d $vst_backups/clamd >/dev/null 2>&1 # Backup SpamAssassin configuration service spamassassin stop > /dev/null 2>&1 cp -r /etc/mail/spamassassin/* $vst_backups/spamassassin >/dev/null 2>&1 # Backup Dovecot configuration service dovecot stop > /dev/null 2>&1 cp /etc/dovecot.conf $vst_backups/dovecot > /dev/null 2>&1 cp -r /etc/dovecot/* $vst_backups/dovecot > /dev/null 2>&1 # Backup MySQL/MariaDB configuration and data service mysql stop > /dev/null 2>&1 service mysqld stop > /dev/null 2>&1 service mariadb stop > /dev/null 2>&1 mv /var/lib/mysql $vst_backups/mysql/mysql_datadir >/dev/null 2>&1 cp /etc/my.cnf $vst_backups/mysql > /dev/null 2>&1 cp /etc/my.cnf.d $vst_backups/mysql > /dev/null 2>&1 mv /root/.my.cnf $vst_backups/mysql > /dev/null 2>&1 # Backup MySQL/MariaDB configuration and data service postgresql stop > /dev/null 2>&1 mv /var/lib/pgsql/data $vst_backups/postgresql/ >/dev/null 2>&1 # Backup Vesta service vesta stop > /dev/null 2>&1 mv $VESTA/data/* $vst_backups/vesta > /dev/null 2>&1 mv $VESTA/conf/* $vst_backups/vesta > /dev/null 2>&1 #----------------------------------------------------------# # Package Excludes # #----------------------------------------------------------# # Excluding packages if [ "$nginx" = 'no' ]; then software=$(echo "$software" | sed -e "s/ nginx/ /") fi if [ "$apache" = 'no' ]; then software=$(echo "$software" | sed -e "s/httpd//") software=$(echo "$software" | sed -e "s/mod_ssl//") software=$(echo "$software" | sed -e "s/mod_fcgid//") software=$(echo "$software" | sed -e "s/mod_ruid2//") fi if [ "$phpfpm" = 'no' ]; then software=$(echo "$software" | sed -e "s/php-fpm//") fi if [ "$vsftpd" = 'no' ]; then software=$(echo "$software" | sed -e "s/vsftpd//") fi if [ "$proftpd" = 'no' ]; then software=$(echo "$software" | sed -e "s/proftpd//") fi if [ "$named" = 'no' ]; then software=$(echo "$software" | sed -e "s/bind //") fi if [ "$exim" = 'no' ]; then software=$(echo "$software" | sed -e "s/exim//") software=$(echo "$software" | sed -e "s/dovecot//") software=$(echo "$software" | sed -e "s/clamd//") software=$(echo "$software" | sed -e "s/clamav-server//") software=$(echo "$software" | sed -e "s/clamav-update//") software=$(echo "$software" | sed -e "s/spamassassin//") software=$(echo "$software" | sed -e "s/dovecot//") software=$(echo "$software" | sed -e "s/roundcubemail//") fi if [ "$clamd" = 'no' ]; then software=$(echo "$software" | sed -e "s/clamd//") software=$(echo "$software" | sed -e "s/clamav-server//") software=$(echo "$software" | sed -e "s/clamav-update//") fi if [ "$spamd" = 'no' ]; then software=$(echo "$software" | sed -e 's/spamassassin//') fi if [ "$dovecot" = 'no' ]; then software=$(echo "$software" | sed -e "s/dovecot//") fi if [ "$mysql" = 'no' ]; then software=$(echo "$software" | sed -e 's/mysql //') software=$(echo "$software" | sed -e 's/mysql-server//') software=$(echo "$software" | sed -e 's/mariadb //') software=$(echo "$software" | sed -e 's/mariadb-server//') software=$(echo "$software" | sed -e 's/php-mysql//') software=$(echo "$software" | sed -e 's/phpMyAdmin//') software=$(echo "$software" | sed -e 's/roundcubemail//') fi if [ "$postgresql" = 'no' ]; then software=$(echo "$software" | sed -e 's/postgresql //') software=$(echo "$software" | sed -e 's/postgresql-server//') software=$(echo "$software" | sed -e 's/postgresql-contrib//') software=$(echo "$software" | sed -e 's/php-pgsql//') software=$(echo "$software" | sed -e 's/phpPgAdmin//') fi if [ "$softaculous" = 'no' ]; then software=$(echo "$software" | sed -e 's/vesta-softaculous//') fi if [ "$iptables" = 'no' ] || [ "$fail2ban" = 'no' ]; then software=$(echo "$software" | sed -e 's/fail2ban//') fi #----------------------------------------------------------# # Install packages # #----------------------------------------------------------# # Installing rpm packages yum install -y $software if [ $? -ne 0 ]; then if [ "$remi" = 'yes' ]; then yum -y --disablerepo=* \ --enablerepo="*base,*updates,nginx,epel,vesta,remi*" \ install $software else yum -y --disablerepo=* --enablerepo="*base,*updates,nginx,epel,vesta" \ install $software fi fi check_result $? "yum install failed" #----------------------------------------------------------# # Configure system # #----------------------------------------------------------# # Restarting rsyslog service rsyslog restart > /dev/null 2>&1 # Checking ipv6 on loopback interface check_lo_ipv6=$(/sbin/ip addr | grep 'inet6') check_rc_ipv6=$(grep 'scope global dev lo' /etc/rc.local) if [ ! -z "$check_lo_ipv6)" ] && [ -z "$check_rc_ipv6" ]; then ip addr add ::2/128 scope global dev lo echo "# Vesta: Workraround for openssl validation func" >> /etc/rc.local echo "ip addr add ::2/128 scope global dev lo" >> /etc/rc.local chmod a+x /etc/rc.local fi # Disabling SELinux if [ -e '/etc/sysconfig/selinux' ]; then sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config setenforce 0 2>/dev/null fi # Disabling iptables service iptables stop service firewalld stop >/dev/null 2>&1 # Configuring NTP synchronization echo '#!/bin/sh' > /etc/cron.daily/ntpdate echo "$(which ntpdate) -s pool.ntp.org" >> /etc/cron.daily/ntpdate chmod 775 /etc/cron.daily/ntpdate ntpdate -s pool.ntp.org # Disabling webalizer routine rm -f /etc/cron.daily/00webalizer # Adding backup user adduser backup 2>/dev/null ln -sf /home/backup /backup chmod a+x /backup # Set directory color echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile # Register /sbin/nologin and /usr/sbin/nologin echo "/sbin/nologin" >> /etc/shells echo "/usr/sbin/nologin" >> /etc/shells # Changing default systemd interval if [ "$release" -eq '7' ]; then # Hi Lennart echo "DefaultStartLimitInterval=1s" >> /etc/systemd/system.conf echo "DefaultStartLimitBurst=60" >> /etc/systemd/system.conf systemctl daemon-reexec fi #----------------------------------------------------------# # Configure VESTA # #----------------------------------------------------------# # Installing sudo configuration mkdir -p /etc/sudoers.d cp -f $vestacp/sudo/admin /etc/sudoers.d/ chmod 440 /etc/sudoers.d/admin # Configuring system env echo "export VESTA='$VESTA'" > /etc/profile.d/vesta.sh chmod 755 /etc/profile.d/vesta.sh source /etc/profile.d/vesta.sh echo 'PATH=$PATH:'$VESTA'/bin' >> /root/.bash_profile echo 'export PATH' >> /root/.bash_profile source /root/.bash_profile # Configuring logrotate for vesta logs cp -f $vestacp/logrotate/vesta /etc/logrotate.d/ # Building directory tree and creating some blank files for Vesta mkdir -p $VESTA/conf $VESTA/log $VESTA/ssl $VESTA/data/ips \ $VESTA/data/queue $VESTA/data/users $VESTA/data/firewall \ $VESTA/data/sessions touch $VESTA/data/queue/backup.pipe $VESTA/data/queue/disk.pipe \ $VESTA/data/queue/webstats.pipe $VESTA/data/queue/restart.pipe \ $VESTA/data/queue/traffic.pipe $VESTA/log/system.log \ $VESTA/log/nginx-error.log $VESTA/log/auth.log chmod 750 $VESTA/conf $VESTA/data/users $VESTA/data/ips $VESTA/log chmod -R 750 $VESTA/data/queue chmod 660 $VESTA/log/* rm -f /var/log/vesta ln -s $VESTA/log /var/log/vesta chmod 770 $VESTA/data/sessions # Generating Vesta configuration rm -f $VESTA/conf/vesta.conf 2>/dev/null touch $VESTA/conf/vesta.conf chmod 660 $VESTA/conf/vesta.conf # Web stack if [ "$apache" = 'yes' ] && [ "$nginx" = 'no' ] ; then echo "WEB_SYSTEM='httpd'" >> $VESTA/conf/vesta.conf echo "WEB_RGROUPS='apache'" >> $VESTA/conf/vesta.conf echo "WEB_PORT='80'" >> $VESTA/conf/vesta.conf echo "WEB_SSL_PORT='443'" >> $VESTA/conf/vesta.conf echo "WEB_SSL='mod_ssl'" >> $VESTA/conf/vesta.conf echo "STATS_SYSTEM='webalizer,awstats'" >> $VESTA/conf/vesta.conf fi if [ "$apache" = 'yes' ] && [ "$nginx" = 'yes' ] ; then echo "WEB_SYSTEM='httpd'" >> $VESTA/conf/vesta.conf echo "WEB_RGROUPS='apache'" >> $VESTA/conf/vesta.conf echo "WEB_PORT='8080'" >> $VESTA/conf/vesta.conf echo "WEB_SSL_PORT='8443'" >> $VESTA/conf/vesta.conf echo "WEB_SSL='mod_ssl'" >> $VESTA/conf/vesta.conf echo "PROXY_SYSTEM='nginx'" >> $VESTA/conf/vesta.conf echo "PROXY_PORT='80'" >> $VESTA/conf/vesta.conf echo "PROXY_SSL_PORT='443'" >> $VESTA/conf/vesta.conf echo "STATS_SYSTEM='webalizer,awstats'" >> $VESTA/conf/vesta.conf fi if [ "$apache" = 'no' ] && [ "$nginx" = 'yes' ]; then echo "WEB_SYSTEM='nginx'" >> $VESTA/conf/vesta.conf echo "WEB_PORT='80'" >> $VESTA/conf/vesta.conf echo "WEB_SSL_PORT='443'" >> $VESTA/conf/vesta.conf echo "WEB_SSL='openssl'" >> $VESTA/conf/vesta.conf if [ "$phpfpm" = 'yes' ]; then echo "WEB_BACKEND='php-fpm'" >> $VESTA/conf/vesta.conf fi echo "STATS_SYSTEM='webalizer,awstats'" >> $VESTA/conf/vesta.conf fi # FTP stack if [ "$vsftpd" = 'yes' ]; then echo "FTP_SYSTEM='vsftpd'" >> $VESTA/conf/vesta.conf fi if [ "$proftpd" = 'yes' ]; then echo "FTP_SYSTEM='proftpd'" >> $VESTA/conf/vesta.conf fi # DNS stack if [ "$named" = 'yes' ]; then echo "DNS_SYSTEM='named'" >> $VESTA/conf/vesta.conf fi # Mail stack if [ "$exim" = 'yes' ]; then echo "MAIL_SYSTEM='exim'" >> $VESTA/conf/vesta.conf if [ "$clamd" = 'yes' ]; then echo "ANTIVIRUS_SYSTEM='clamav'" >> $VESTA/conf/vesta.conf fi if [ "$spamd" = 'yes' ]; then echo "ANTISPAM_SYSTEM='spamassassin'" >> $VESTA/conf/vesta.conf fi if [ "$dovecot" = 'yes' ]; then echo "IMAP_SYSTEM='dovecot'" >> $VESTA/conf/vesta.conf fi fi # Cron daemon echo "CRON_SYSTEM='crond'" >> $VESTA/conf/vesta.conf # Firewall stack if [ "$iptables" = 'yes' ]; then echo "FIREWALL_SYSTEM='iptables'" >> $VESTA/conf/vesta.conf fi if [ "$iptables" = 'yes' ] && [ "$fail2ban" = 'yes' ]; then echo "FIREWALL_EXTENSION='fail2ban'" >> $VESTA/conf/vesta.conf fi # Disk quota if [ "$quota" = 'yes' ]; then echo "DISK_QUOTA='yes'" >> $VESTA/conf/vesta.conf fi # Backups echo "BACKUP_SYSTEM='local'" >> $VESTA/conf/vesta.conf # Language echo "LANGUAGE='$lang'" >> $VESTA/conf/vesta.conf # Version echo "VERSION='0.9.8'" >> $VESTA/conf/vesta.conf # Installing hosting packages cp -rf $vestacp/packages $VESTA/data/ # Installing templates cp -rf $vestacp/templates $VESTA/data/ # Copying index.html to default documentroot cp $VESTA/data/templates/web/skel/public_html/index.html /var/www/html/ sed -i 's/%domain%/It worked!/g' /var/www/html/index.html # Installing firewall rules cp -rf $vestacp/firewall $VESTA/data/ # Configuring server hostname $VESTA/bin/v-change-sys-hostname $servername 2>/dev/null # Generating SSL certificate $VESTA/bin/v-generate-ssl-cert $(hostname) $email 'US' 'California' \ 'San Francisco' 'Vesta Control Panel' 'IT' > /tmp/vst.pem # Parsing certificate file crt_end=$(grep -n "END CERTIFICATE-" /tmp/vst.pem |cut -f 1 -d:) key_start=$(grep -n "BEGIN RSA" /tmp/vst.pem |cut -f 1 -d:) key_end=$(grep -n "END RSA" /tmp/vst.pem |cut -f 1 -d:) # Adding SSL certificate cd $VESTA/ssl sed -n "1,${crt_end}p" /tmp/vst.pem > certificate.crt sed -n "$key_start,${key_end}p" /tmp/vst.pem > certificate.key chown root:mail $VESTA/ssl/* chmod 660 $VESTA/ssl/* rm /tmp/vst.pem #----------------------------------------------------------# # Configure Nginx # #----------------------------------------------------------# if [ "$nginx" = 'yes' ]; then rm -f /etc/nginx/conf.d/*.conf cp -f $vestacp/nginx/nginx.conf /etc/nginx/ cp -f $vestacp/nginx/status.conf /etc/nginx/conf.d/ cp -f $vestacp/nginx/phpmyadmin.inc /etc/nginx/conf.d/ cp -f $vestacp/nginx/phppgadmin.inc /etc/nginx/conf.d/ cp -f $vestacp/nginx/webmail.inc /etc/nginx/conf.d/ cp -f $vestacp/logrotate/nginx /etc/logrotate.d/ echo > /etc/nginx/conf.d/vesta.conf mkdir -p /var/log/nginx/domains if [ "$release" -ge '7' ]; then mkdir -p /etc/systemd/system/nginx.service.d cd /etc/systemd/system/nginx.service.d echo "[Service]" > limits.conf echo "LimitNOFILE=500000" >> limits.conf fi chkconfig nginx on service nginx start check_result $? "nginx start failed" # Workaround for OpenVZ/Virtuozzo if [ "$release" -ge '7' ] && [ -e "/proc/vz/veinfo" ]; then echo "#Vesta: workraround for networkmanager" >> /etc/rc.local echo "sleep 3 && service nginx restart" >> /etc/rc.local fi fi #----------------------------------------------------------# # Configure Apache # #----------------------------------------------------------# if [ "$apache" = 'yes' ]; then cp -f $vestacp/httpd/httpd.conf /etc/httpd/conf/ cp -f $vestacp/httpd/status.conf /etc/httpd/conf.d/ cp -f $vestacp/httpd/ssl.conf /etc/httpd/conf.d/ cp -f $vestacp/httpd/ruid2.conf /etc/httpd/conf.d/ cp -f $vestacp/logrotate/httpd /etc/logrotate.d/ if [ $release -lt 7 ]; then cd /etc/httpd/conf.d echo "MEFaccept 127.0.0.1" >> mod_extract_forwarded.conf echo > proxy_ajp.conf fi if [ -e "/etc/httpd/conf.modules.d/00-dav.conf" ]; then cd /etc/httpd/conf.modules.d sed -i "s/^/#/" 00-dav.conf 00-lua.conf 00-proxy.conf fi echo > /etc/httpd/conf.d/vesta.conf cd /var/log/httpd touch access_log error_log suexec.log chmod 640 access_log error_log suexec.log chmod -f 777 /var/lib/php/session chmod a+x /var/log/httpd mkdir -p /var/log/httpd/domains chmod 751 /var/log/httpd/domains if [ "$release" -ge '7' ]; then mkdir -p /etc/systemd/system/httpd.service.d cd /etc/systemd/system/httpd.service.d echo "[Service]" > limits.conf echo "LimitNOFILE=500000" >> limits.conf fi chkconfig httpd on service httpd start check_result $? "httpd start failed" # Workaround for OpenVZ/Virtuozzo if [ "$release" -ge '7' ] && [ -e "/proc/vz/veinfo" ]; then echo "#Vesta: workraround for networkmanager" >> /etc/rc.local echo "sleep 2 && service httpd restart" >> /etc/rc.local fi fi #----------------------------------------------------------# # Configure PHP-FPM # #----------------------------------------------------------# if [ "$phpfpm" = 'yes' ]; then cp -f $vestacp/php-fpm/www.conf /etc/php-fpm.d/ chkconfig php-fpm on service php-fpm start check_result $? "php-fpm start failed" fi #----------------------------------------------------------# # Configure PHP # #----------------------------------------------------------# ZONE=$(timedatectl 2>/dev/null|grep Timezone|awk '{print $2}') if [ -e '/etc/sysconfig/clock' ]; then source /etc/sysconfig/clock fi if [ -z "$ZONE" ]; then ZONE='UTC' fi for pconf in $(find /etc/php* -name php.ini); do sed -i "s|;date.timezone =|date.timezone = $ZONE|g" $pconf sed -i 's%_open_tag = Off%_open_tag = On%g' $pconf done #----------------------------------------------------------# # Configure Vsftpd # #----------------------------------------------------------# if [ "$vsftpd" = 'yes' ]; then cp -f $vestacp/vsftpd/vsftpd.conf /etc/vsftpd/ chkconfig vsftpd on service vsftpd start check_result $? "vsftpd start failed" fi #----------------------------------------------------------# # Configure ProFTPD # #----------------------------------------------------------# if [ "$proftpd" = 'yes' ]; then cp -f $vestacp/proftpd/proftpd.conf /etc/ chkconfig proftpd on service proftpd start check_result $? "proftpd start failed" fi #----------------------------------------------------------# # Configure MySQL/MariaDB # #----------------------------------------------------------# if [ "$mysql" = 'yes' ]; then mycnf="my-small.cnf" if [ $memory -gt 1200000 ]; then mycnf="my-medium.cnf" fi if [ $memory -gt 3900000 ]; then mycnf="my-large.cnf" fi mkdir -p /var/lib/mysql chown mysql:mysql /var/lib/mysql mkdir -p /etc/my.cnf.d if [ $release -lt 7 ]; then service='mysqld' else service='mariadb' fi cp -f $vestacp/$service/$mycnf /etc/my.cnf chkconfig $service on service $service start if [ "$?" -ne 0 ]; then if [ -e "/proc/user_beancounters" ]; then # Fix for aio on OpenVZ sed -i "s/#innodb_use_native/innodb_use_native/g" /etc/my.cnf fi service $service start check_result $? "$service start failed" fi # Securing MySQL installation mpass=$(gen_pass) mysqladmin -u root password $mpass echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf chmod 600 /root/.my.cnf mysql -e "DELETE FROM mysql.user WHERE User=''" mysql -e "DROP DATABASE test" >/dev/null 2>&1 mysql -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'" mysql -e "DELETE FROM mysql.user WHERE user='' or password='';" mysql -e "FLUSH PRIVILEGES" # Configuring phpMyAdmin if [ "$apache" = 'yes' ]; then cp -f $vestacp/pma/phpMyAdmin.conf /etc/httpd/conf.d/ fi mysql < /usr/share/phpMyAdmin/sql/create_tables.sql p=$(gen_pass) mysql -e "GRANT ALL ON phpmyadmin.* TO phpmyadmin@localhost IDENTIFIED BY '$p'" cp -f $vestacp/pma/config.inc.conf /etc/phpMyAdmin/config.inc.php sed -i "s/%blowfish_secret%/$(gen_pass 32)/g" /etc/phpMyAdmin/config.inc.php sed -i "s/%phpmyadmin_pass%/$p/g" /etc/phpMyAdmin/config.inc.php chmod 777 /var/lib/phpMyAdmin/temp chmod 777 /var/lib/phpMyAdmin/save fi #----------------------------------------------------------# # Configure PostgreSQL # #----------------------------------------------------------# if [ "$postgresql" = 'yes' ]; then ppass=$(gen_pass) if [ $release -eq 5 ]; then service postgresql start sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" service postgresql stop cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/ service postgresql start else service postgresql initdb cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/ service postgresql start sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" fi # Configuring phpPgAdmin if [ "$apache" = 'yes' ]; then cp -f $vestacp/pga/phpPgAdmin.conf /etc/httpd/conf.d/ fi cp -f $vestacp/pga/config.inc.php /etc/phpPgAdmin/ fi #----------------------------------------------------------# # Configure Bind # #----------------------------------------------------------# if [ "$named" = 'yes' ]; then cp -f $vestacp/named/named.conf /etc/ chown root:named /etc/named.conf chmod 640 /etc/named.conf chkconfig named on service named start check_result $? "named start failed" fi #----------------------------------------------------------# # Configure Exim # #----------------------------------------------------------# if [ "$exim" = 'yes' ]; then gpasswd -a exim mail cp -f $vestacp/exim/exim.conf /etc/exim/ cp -f $vestacp/exim/dnsbl.conf /etc/exim/ cp -f $vestacp/exim/spam-blocks.conf /etc/exim/ touch /etc/exim/white-blocks.conf if [ "$spamd" = 'yes' ]; then sed -i "s/#SPAM/SPAM/g" /etc/exim/exim.conf fi if [ "$clamd" = 'yes' ]; then sed -i "s/#CLAMD/CLAMD/g" /etc/exim/exim.conf fi chmod 640 /etc/exim/exim.conf rm -rf /etc/exim/domains mkdir -p /etc/exim/domains rm -f /etc/alternatives/mta ln -s /usr/sbin/sendmail.exim /etc/alternatives/mta chkconfig sendmail off 2>/dev/null service sendmail stop 2>/dev/null chkconfig postfix off 2>/dev/null service postfix stop 2>/dev/null chkconfig exim on service exim start check_result $? "exim start failed" fi #----------------------------------------------------------# # Configure Dovecot # #----------------------------------------------------------# if [ "$dovecot" = 'yes' ]; then gpasswd -a dovecot mail cp -rf $vestacp/dovecot /etc/ cp -f $vestacp/logrotate/dovecot /etc/logrotate.d/ chown -R root:root /etc/dovecot* if [ "$release" -eq 7 ]; then sed -i "s#namespace inbox {#namespace inbox {\n inbox = yes#" /etc/dovecot/conf.d/15-mailboxes.conf fi chkconfig dovecot on service dovecot start check_result $? "dovecot start failed" fi #----------------------------------------------------------# # Configure ClamAV # #----------------------------------------------------------# if [ "$clamd" = 'yes' ]; then useradd clam -s /sbin/nologin -d /var/lib/clamav 2>/dev/null gpasswd -a clam exim gpasswd -a clam mail cp -f $vestacp/clamav/clamd.conf /etc/ cp -f $vestacp/clamav/freshclam.conf /etc/ mkdir -p /var/log/clamav /var/run/clamav chown clam:clam /var/log/clamav /var/run/clamav chown -R clam:clam /var/lib/clamav if [ "$release" -ge '7' ]; then cp -f $vestacp/clamav/clamd.service /usr/lib/systemd/system/ systemctl --system daemon-reload fi /usr/bin/freshclam if [ "$release" -ge '7' ]; then sed -i "s/nofork/foreground/" /usr/lib/systemd/system/clamd.service systemctl daemon-reload fi chkconfig clamd on service clamd start #check_result $? "clamd start failed" fi #----------------------------------------------------------# # Configure SpamAssassin # #----------------------------------------------------------# if [ "$spamd" = 'yes' ]; then chkconfig spamassassin on service spamassassin start check_result $? "spamassassin start failed" if [ "$release" -ge '7' ]; then groupadd -g 1001 spamd useradd -u 1001 -g spamd -s /sbin/nologin -d \ /var/lib/spamassassin spamd mkdir /var/lib/spamassassin chown spamd:spamd /var/lib/spamassassin fi fi #----------------------------------------------------------# # Configure RoundCube # #----------------------------------------------------------# if [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then if [ "$apache" = 'yes' ]; then cp -f $vestacp/roundcube/roundcubemail.conf /etc/httpd/conf.d/ fi cp -f $vestacp/roundcube/main.inc.php /etc/roundcubemail/config.inc.php cd /usr/share/roundcubemail/plugins/password cp -f $vestacp/roundcube/vesta.php drivers/vesta.php cp -f $vestacp/roundcube/config.inc.php config.inc.php sed -i "s/localhost/$servername/g" config.inc.php chmod a+r /etc/roundcubemail/* chmod -f 777 /var/log/roundcubemail r="$(gen_pass)" mysql -e "CREATE DATABASE roundcube" mysql -e "GRANT ALL ON roundcube.* TO roundcube@localhost IDENTIFIED BY '$r'" sed -i "s/%password%/$r/g" /etc/roundcubemail/config.inc.php chmod 640 /etc/roundcubemail/config.inc.php chown root:apache /etc/roundcubemail/config.inc.php if [ -e "/usr/share/roundcubemail/SQL/mysql.initial.sql" ]; then mysql roundcube < /usr/share/roundcubemail/SQL/mysql.initial.sql else mysql roundcube < /usr/share/doc/roundcubemail-*/SQL/mysql.initial.sql fi fi #----------------------------------------------------------# # Configure Fail2Ban # #----------------------------------------------------------# if [ "$fail2ban" = 'yes' ]; then cp -rf $vestacp/fail2ban /etc/ if [ "$dovecot" = 'no' ]; then fline=$(cat /etc/fail2ban/jail.local |grep -n dovecot-iptables -A 2) fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local fi if [ "$exim" = 'no' ]; then fline=$(cat /etc/fail2ban/jail.local |grep -n exim-iptables -A 2) fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local fi if [ "$vsftpd" = 'yes' ]; then #Create vsftpd Log File if [ ! -f "/var/log/vsftpd.log" ]; then touch /var/log/vsftpd.log fi fline=$(cat /etc/fail2ban/jail.local |grep -n vsftpd-iptables -A 2) fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) sed -i "${fline}s/false/true/" /etc/fail2ban/jail.local fi chkconfig fail2ban on mkdir -p /var/run/fail2ban if [ -e "/usr/lib/systemd/system/fail2ban.service" ]; then exec_pre='ExecStartPre=/bin/mkdir -p /var/run/fail2ban' sed -i "s|\[Service\]|[Service]\n$exec_pre|g" \ /usr/lib/systemd/system/fail2ban.service systemctl daemon-reload fi service fail2ban start check_result $? "fail2ban start failed" fi #----------------------------------------------------------# # Configure Admin User # #----------------------------------------------------------# # Deleting old admin user if [ ! -z "$(grep ^admin: /etc/passwd)" ] && [ "$force" = 'yes' ]; then chattr -i /home/admin/conf > /dev/null 2>&1 userdel -f admin >/dev/null 2>&1 chattr -i /home/admin/conf >/dev/null 2>&1 mv -f /home/admin $vst_backups/home/ >/dev/null 2>&1 rm -f /tmp/sess_* >/dev/null 2>&1 fi if [ ! -z "$(grep ^admin: /etc/group)" ] && [ "$force" = 'yes' ]; then groupdel admin > /dev/null 2>&1 fi # Adding Vesta admin account $VESTA/bin/v-add-user admin $vpass $email default System Administrator check_result $? "can't create admin user" $VESTA/bin/v-change-user-shell admin bash $VESTA/bin/v-change-user-language admin $lang # Configuring system IPs $VESTA/bin/v-update-sys-ip # Get main IP ip=$(ip addr|grep 'inet '|grep global|head -n1|awk '{print $2}'|cut -f1 -d/) # Configuring firewall if [ "$iptables" = 'yes' ]; then chkconfig firewalld off >/dev/null 2>&1 $VESTA/bin/v-update-firewall fi # Get public IP pub_ip=$(curl -s vestacp.com/what-is-my-ip/) if [ ! -z "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then echo "$VESTA/bin/v-update-sys-ip" >> /etc/rc.local $VESTA/bin/v-change-sys-ip-nat $ip $pub_ip ip=$pub_ip fi # Configuring MySQL/MariaDB host if [ "$mysql" = 'yes' ]; then $VESTA/bin/v-add-database-host mysql localhost root $mpass $VESTA/bin/v-add-database admin default default $(gen_pass) mysql fi # Configuring PostgreSQL host if [ "$postgresql" = 'yes' ]; then $VESTA/bin/v-add-database-host pgsql localhost postgres $ppass $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql fi # Adding default domain $VESTA/bin/v-add-domain admin $servername # Adding cron jobs command="sudo $VESTA/bin/v-update-sys-queue disk" $VESTA/bin/v-add-cron-job 'admin' '15' '02' '*' '*' '*' "$command" command="sudo $VESTA/bin/v-update-sys-queue traffic" $VESTA/bin/v-add-cron-job 'admin' '10' '00' '*' '*' '*' "$command" command="sudo $VESTA/bin/v-update-sys-queue webstats" $VESTA/bin/v-add-cron-job 'admin' '30' '03' '*' '*' '*' "$command" command="sudo $VESTA/bin/v-update-sys-queue backup" $VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" command="sudo $VESTA/bin/v-backup-users" $VESTA/bin/v-add-cron-job 'admin' '10' '05' '*' '*' '*' "$command" command="sudo $VESTA/bin/v-update-user-stats" $VESTA/bin/v-add-cron-job 'admin' '20' '00' '*' '*' '*' "$command" command="sudo $VESTA/bin/v-update-sys-rrd" $VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" service crond restart # Building RRD images $VESTA/bin/v-update-sys-rrd # Enabling file system quota if [ "$quota" = 'yes' ]; then $VESTA/bin/v-add-sys-quota fi # Enabling Softaculous plugin if [ "$softaculous" = 'yes' ]; then $VESTA/bin/v-add-vesta-softaculous fi # Starting Vesta service chkconfig vesta on service vesta start check_result $? "vesta start failed" chown admin:admin $VESTA/data/sessions # Adding notifications $VESTA/upd/add_notifications.sh # Adding cronjob for autoupdates $VESTA/bin/v-add-cron-vesta-autoupdate if [ "$port" != "8083" ]; then echo "=== Set Vesta port: $port" $VESTA/bin/v-change-vesta-port $port fi echo "NOTIFY_ADMIN_FULL_BACKUP='$email'" >> $VESTA/conf/vesta.conf #----------------------------------------------------------# # Vesta Access Info # #----------------------------------------------------------# # Comparing hostname and ip if [ "$ssl" = 'no' ]; then host_ip=$(host $servername |head -n 1 |awk '{print $NF}') if [ "$host_ip" = "$ip" ]; then ip="$servername" fi fi if [ "$ssl" = 'yes' ]; then make_ssl=0 host_ip=$(host $servername | head -n 1 | awk '{print $NF}') if [ "$host_ip" != "$pub_ip" ]; then echo "***** PROBLEM: Hostname $servername is not pointing to your server (IP address $ip)" echo "Without pointing your hostname to your IP, LetsEncrypt SSL will not be generated for your server hostname." echo "Try to setup an A record in your DNS, pointing your hostname $servername to IP address $ip and then press ENTER." echo "(or register ns1.$servername and ns2.$servername as DNS Nameservers and put those Nameservers on $servername domain)" echo "If we detect that hostname is still not pointing to your IP, installer will not add LetsEncrypt SSL certificate to your hosting panel (unsigned SSL will be used instead)." read -p "To force to try anyway to add LetsEncrypt, press f and then ENTER." answer host_ip=$(host $servername | head -n 1 | awk '{print $NF}') fi if [ "$answer" = "f" ]; then make_ssl=1 fi if [ "$host_ip" = "$ip" ]; then ip="$servername" make_ssl=1 fi if [ $make_ssl -eq 1 ]; then # Check if www is also pointing to our IP www_host="www.$servername" www_host_ip=$(host $www_host | head -n 1 | awk '{print $NF}') if [ "$www_host_ip" != "$pub_ip" ]; then if [ "$named" = 'yes' ]; then echo "=== Deleting www to server hostname" $VESTA/bin/v-delete-web-domain-alias 'admin' "$servername" "$www_host" 'no' $VESTA/bin/v-delete-dns-on-web-alias 'admin' "$servername" "$www_host" 'no' fi www_host="" fi fi echo "===" echo "Hostname $servername is pointing to $host_ip" if [ $make_ssl -eq 1 ]; then echo "=== Generating HOSTNAME SSL" $VESTA/bin/v-add-letsencrypt-domain 'admin' "$servername" "$www_host" 'yes' $VESTA/bin/v-update-host-certificate 'admin' "$servername" else echo "We will not generate SSL because of this" fi echo "===" echo "UPDATE_HOSTNAME_SSL='yes'" >> $VESTA/conf/vesta.conf fi # Sending notification to admin email echo -e "Congratulations, you have just successfully installed \ Vesta Control Panel https://$ip:$port username: admin password: $vpass We hope that you enjoy your installation of Vesta. Please \ feel free to contact us anytime if you have any questions. Thank you. -- Sincerely yours vestacp.com team " > $tmpfile send_mail="$VESTA/web/inc/mail-wrapper.php" cat $tmpfile | $send_mail -s "Vesta Control Panel" $email # Congrats echo '=======================================================' echo echo ' _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_| ' echo ' _| _| _| _| _| _| _| ' echo ' _| _| _|_|_| _|_| _| _|_|_|_| ' echo ' _| _| _| _| _| _| _| ' echo ' _| _|_|_|_| _|_|_| _| _| _| ' echo echo cat $tmpfile rm -f $tmpfile # EOF