#!/bin/bash # Vesta Debian installer v.05 #----------------------------------------------------------# # Variables&Functions # #----------------------------------------------------------# export PATH=$PATH:/sbin export DEBIAN_FRONTEND=noninteractive RHOST='apt.vestacp.com' CHOST='c.vestacp.com' VERSION='debian' VESTA='/usr/local/vesta' memory=$(grep 'MemTotal' /proc/meminfo |tr ' ' '\n' |grep [0-9]) arch=$(uname -i) os='debian' release=$(cat /etc/debian_version|grep -o [0-9]|head -n1) codename="$(cat /etc/os-release |grep VERSION= |cut -f 2 -d \(|cut -f 1 -d \))" vestacp="$VESTA/install/$VERSION/$release" if [ "$release" -eq 9 ]; then software="nginx apache2 apache2-utils apache2-suexec-custom libapache2-mod-ruid2 libapache2-mod-fcgid libapache2-mod-php php php-common php-cgi php-mysql php-curl php-fpm php-pgsql awstats webalizer vsftpd proftpd-basic bind9 exim4 exim4-daemon-heavy clamav-daemon spamassassin dovecot-imapd dovecot-pop3d roundcube-core roundcube-mysql roundcube-plugins mysql-server mysql-common mysql-client postgresql postgresql-contrib phppgadmin phpmyadmin mc flex whois rssh git idn zip sudo bc ftp lsof ntpdate rrdtool quota e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils bsdmainutils cron vesta vesta-nginx vesta-php expect libmail-dkim-perl unrar-free vim-common vesta-ioncube vesta-softaculous net-tools unzip" elif [ "$release" -eq 8 ]; then software="nginx apache2 apache2-utils apache2.2-common apache2-suexec-custom libapache2-mod-ruid2 libapache2-mod-fcgid libapache2-mod-php5 php5 php5-common php5-cgi php5-mysql php5-curl php5-fpm php5-pgsql awstats webalizer vsftpd proftpd-basic bind9 exim4 exim4-daemon-heavy clamav-daemon spamassassin dovecot-imapd dovecot-pop3d roundcube-core roundcube-mysql roundcube-plugins mysql-server mysql-common mysql-client postgresql postgresql-contrib phppgadmin phpMyAdmin mc flex whois rssh git idn zip sudo bc ftp lsof ntpdate rrdtool quota e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils bsdmainutils cron vesta vesta-nginx vesta-php expect libmail-dkim-perl unrar-free vim-common vesta-ioncube vesta-softaculous net-tools unzip" else software="nginx apache2 apache2-utils apache2.2-common apache2-suexec-custom libapache2-mod-ruid2 libapache2-mod-fcgid libapache2-mod-php5 php5 php5-common php5-cgi php5-mysql php5-curl php5-fpm php5-pgsql awstats webalizer vsftpd proftpd-basic proftpd-mod-vroot bind9 exim4 exim4-daemon-heavy clamav-daemon spamassassin dovecot-imapd dovecot-pop3d roundcube-core roundcube-mysql roundcube-plugins mysql-server mysql-common mysql-client postgresql postgresql-contrib phppgadmin phpMyAdmin mc flex whois rssh git idn zip sudo bc ftp lsof ntpdate rrdtool quota e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils bsdmainutils cron vesta vesta-nginx vesta-php expect unrar-free vim-common vesta-ioncube vesta-softaculous net-tools unzip" fi # Defining help function help() { echo "Usage: $0 [OPTIONS] -a, --apache Install Apache [yes|no] default: yes -n, --nginx Install Nginx [yes|no] default: yes -w, --phpfpm Install PHP-FPM [yes|no] default: no -v, --vsftpd Install Vsftpd [yes|no] default: yes -j, --proftpd Install ProFTPD [yes|no] default: no -k, --named Install Bind [yes|no] default: yes -m, --mysql Install MySQL [yes|no] default: yes -g, --postgresql Install PostgreSQL [yes|no] default: no -x, --exim Install Exim [yes|no] default: yes -z, --dovecot Install Dovecot [yes|no] default: yes -c, --clamav Install ClamAV [yes|no] default: yes -t, --spamassassin Install SpamAssassin [yes|no] default: yes -i, --iptables Install Iptables [yes|no] default: yes -b, --fail2ban Install Fail2ban [yes|no] default: yes -r, --remi Install Remi repo [yes|no] default: yes -o, --softaculous Install Softaculous [yes|no] default: yes -q, --quota Filesystem Quota [yes|no] default: no -l, --lang Default language default: en -y, --interactive Interactive install [yes|no] default: yes -s, --hostname Set hostname -u, --ssl Add LE SSL for hostname [yes|no] default: no -e, --email Set admin email -d, --port Set Vesta port -p, --password Set admin password -f, --force Force installation -h, --help Print this help Example: bash $0 -e demo@vestacp.com -p p4ssw0rd --apache no --phpfpm yes" exit 1 } # Defining password-gen function gen_pass() { MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' LENGTH=10 while [ ${n:=1} -le $LENGTH ]; do PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}" let n+=1 done echo "$PASS" } # Defning return code check function check_result() { if [ $1 -ne 0 ]; then echo "Error: $2" exit $1 fi } # Defining function to set default value set_default_value() { eval variable=\$$1 if [ -z "$variable" ]; then eval $1=$2 fi if [ "$variable" != 'yes' ] && [ "$variable" != 'no' ]; then eval $1=$2 fi } # Define function to set default language value set_default_lang() { if [ -z "$lang" ]; then eval lang=$1 fi lang_list=" ar cz el fa hu ja no pt se ua bs da en fi id ka pl ro tr vi cn de es fr it nl pt-BR ru tw bg ko sr th ur" if !(echo $lang_list |grep -w $lang 1>&2>/dev/null); then eval lang=$1 fi } #----------------------------------------------------------# # Verifications # #----------------------------------------------------------# # Creating temporary file tmpfile=$(mktemp -p /tmp) # Translating argument to --gnu-long-options for arg; do delim="" case "$arg" in --apache) args="${args}-a " ;; --nginx) args="${args}-n " ;; --phpfpm) args="${args}-w " ;; --vsftpd) args="${args}-v " ;; --proftpd) args="${args}-j " ;; --named) args="${args}-k " ;; --mysql) args="${args}-m " ;; --postgresql) args="${args}-g " ;; --exim) args="${args}-x " ;; --dovecot) args="${args}-z " ;; --clamav) args="${args}-c " ;; --spamassassin) args="${args}-t " ;; --iptables) args="${args}-i " ;; --fail2ban) args="${args}-b " ;; --remi) args="${args}-r " ;; --softaculous) args="${args}-o " ;; --quota) args="${args}-q " ;; --lang) args="${args}-l " ;; --interactive) args="${args}-y " ;; --hostname) args="${args}-s " ;; --ssl) args="${args}-u " ;; --email) args="${args}-e " ;; --port) args="${args}-d " ;; --password) args="${args}-p " ;; --force) args="${args}-f " ;; --help) args="${args}-h " ;; *) [[ "${arg:0:1}" == "-" ]] || delim="\"" args="${args}${delim}${arg}${delim} ";; esac done eval set -- "$args" # Parsing arguments while getopts "a:n:w:v:j:k:m:g:x:z:c:t:i:b:r:o:q:l:y:s:u:e:d:p:fh" Option; do case $Option in a) apache=$OPTARG ;; # Apache n) nginx=$OPTARG ;; # Nginx w) phpfpm=$OPTARG ;; # PHP-FPM v) vsftpd=$OPTARG ;; # Vsftpd j) proftpd=$OPTARG ;; # Proftpd k) named=$OPTARG ;; # Named m) mysql=$OPTARG ;; # MySQL g) postgresql=$OPTARG ;; # PostgreSQL x) exim=$OPTARG ;; # Exim z) dovecot=$OPTARG ;; # Dovecot c) clamd=$OPTARG ;; # ClamAV t) spamd=$OPTARG ;; # SpamAssassin i) iptables=$OPTARG ;; # Iptables b) fail2ban=$OPTARG ;; # Fail2ban r) remi=$OPTARG ;; # Remi repo o) softaculous=$OPTARG ;; # Softaculous plugin q) quota=$OPTARG ;; # FS Quota l) lang=$OPTARG ;; # Language y) interactive=$OPTARG ;; # Interactive install s) servername=$OPTARG ;; # Hostname u) ssl=$OPTARG ;; # Add Let's Encrypt SSL for hostname e) email=$OPTARG ;; # Admin email d) port=$OPTARG ;; # Vesta port p) vpass=$OPTARG ;; # Admin password f) force='yes' ;; # Force install h) help ;; # Help *) help ;; # Print help (default) esac done # Defining default software stack set_default_value 'nginx' 'yes' set_default_value 'apache' 'yes' set_default_value 'phpfpm' 'no' set_default_value 'vsftpd' 'yes' set_default_value 'proftpd' 'no' set_default_value 'named' 'yes' set_default_value 'mysql' 'yes' set_default_value 'postgresql' 'no' set_default_value 'mongodb' 'no' set_default_value 'exim' 'yes' set_default_value 'dovecot' 'yes' if [ $memory -lt 1500000 ]; then set_default_value 'clamd' 'no' set_default_value 'spamd' 'no' else set_default_value 'clamd' 'yes' set_default_value 'spamd' 'yes' fi set_default_value 'iptables' 'yes' set_default_value 'fail2ban' 'yes' set_default_value 'softaculous' 'yes' set_default_value 'quota' 'no' set_default_value 'interactive' 'yes' set_default_value 'ssl' 'no' set_default_lang 'en' # Checking software conflicts if [ "$phpfpm" = 'yes' ]; then apache='no' nginx='yes' fi if [ "$proftpd" = 'yes' ]; then vsftpd='no' fi if [ "$exim" = 'no' ]; then clamd='no' spamd='no' dovecot='no' fi if [ "$iptables" = 'no' ]; then fail2ban='no' fi # Checking root permissions if [ "x$(id -u)" != 'x0' ]; then check_error 1 "Script can be run executed only by root" fi # Checking admin user account if [ ! -z "$(grep ^admin: /etc/passwd)" ] && [ -z "$force" ]; then echo 'Please remove admin user account before proceeding.' echo 'If you want to do it automatically run installer with -f option:' echo -e "Example: bash $0 --force\n" check_result 1 "User admin exists" fi # Checking wget if [ ! -e '/usr/bin/wget' ]; then apt-get -y install wget check_result $? "Can't install wget" fi # Checking repository availability wget -q "c.vestacp.com/deb_signing.key" -O /dev/null check_result $? "No access to Vesta repository" # Check installed packages tmpfile=$(mktemp -p /tmp) dpkg --get-selections > $tmpfile for pkg in exim4 mysql-server apache2 nginx vesta; do if [ ! -z "$(grep $pkg $tmpfile)" ]; then conflicts="$pkg $conflicts" fi done rm -f $tmpfile if [ ! -z "$conflicts" ] && [ -z "$force" ]; then echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!' echo echo 'Following packages are already installed:' echo "$conflicts" echo echo 'It is highly recommended to remove them before proceeding.' echo 'If you want to force installation run this script with -f option:' echo "Example: bash $0 --force" echo echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!' echo check_result 1 "Control Panel should be installed on clean server." fi #----------------------------------------------------------# # Brief Info # #----------------------------------------------------------# # Printing nice ascii aslogo clear echo echo ' _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_|' echo ' _| _| _| _| _| _| _|' echo ' _| _| _|_|_| _|_| _| _|_|_|_|' echo ' _| _| _| _| _| _| _|' echo ' _| _|_|_|_| _|_|_| _| _| _|' echo echo ' Vesta Control Panel' echo -e "\n\n" echo 'Following software will be installed on your system:' # Web stack if [ "$nginx" = 'yes' ]; then echo ' - Nginx Web Server' fi if [ "$apache" = 'yes' ] && [ "$nginx" = 'no' ] ; then echo ' - Apache Web Server' fi if [ "$apache" = 'yes' ] && [ "$nginx" = 'yes' ] ; then echo ' - Apache Web Server (as backend)' fi if [ "$phpfpm" = 'yes' ]; then echo ' - PHP-FPM Application Server' fi # DNS stack if [ "$named" = 'yes' ]; then echo ' - Bind DNS Server' fi # Mail Stack if [ "$exim" = 'yes' ]; then echo -n ' - Exim mail server' if [ "$clamd" = 'yes' ] || [ "$spamd" = 'yes' ] ; then echo -n ' + ' if [ "$clamd" = 'yes' ]; then echo -n 'Antivirus ' fi if [ "$spamd" = 'yes' ]; then echo -n 'Antispam' fi fi echo if [ "$dovecot" = 'yes' ]; then echo ' - Dovecot POP3/IMAP Server' fi fi # DB stack if [ "$mysql" = 'yes' ]; then echo ' - MySQL Database Server' fi if [ "$postgresql" = 'yes' ]; then echo ' - PostgreSQL Database Server' fi if [ "$mongodb" = 'yes' ]; then echo ' - MongoDB Database Server' fi # FTP stack if [ "$vsftpd" = 'yes' ]; then echo ' - Vsftpd FTP Server' fi if [ "$proftpd" = 'yes' ]; then echo ' - ProFTPD FTP Server' fi # LE SSL for hostname if [ "$ssl" = 'yes' ]; then echo ' - LE SSL for hostname' fi # Softaculous if [ "$softaculous" = 'yes' ]; then echo ' - Softaculous Plugin' fi # Firewall stack if [ "$iptables" = 'yes' ]; then echo -n ' - Iptables Firewall' fi if [ "$iptables" = 'yes' ] && [ "$fail2ban" = 'yes' ]; then echo -n ' + Fail2Ban' fi echo -e "\n\n" # Asking for confirmation to proceed if [ "$interactive" = 'yes' ]; then read -p 'Would you like to continue [y/n]: ' answer if [ "$answer" != 'y' ] && [ "$answer" != 'Y' ]; then echo 'Goodbye' exit 1 fi # Asking for contact email if [ -z "$email" ]; then read -p 'Please enter admin email address: ' email fi # Asking for Vesta port if [ -z "$port" ]; then read -p 'Please enter Vesta port number (press enter for 8083): ' port fi # Asking to set FQDN hostname if [ -z "$servername" ]; then read -p "Please enter FQDN hostname [$(hostname)]: " servername fi fi # Generating admin password if it wasn't set if [ -z "$vpass" ]; then vpass=$(gen_pass) fi # Set hostname if it wasn't set if [ -z "$servername" ]; then servername=$(hostname -f) fi # Set FQDN if it wasn't set mask1='(([[:alnum:]](-?[[:alnum:]])*)\.)' mask2='*[[:alnum:]](-?[[:alnum:]])+\.[[:alnum:]]{2,}' if ! [[ "$servername" =~ ^${mask1}${mask2}$ ]]; then if [ ! -z "$servername" ]; then servername="$servername.example.com" else servername="example.com" fi echo "127.0.0.1 $servername" >> /etc/hosts fi # Set email if it wasn't set if [ -z "$email" ]; then email="admin@$servername" fi # Set port if it wasn't set if [ -z "$port" ]; then port="8083" fi # Defining backup directory vst_backups="/root/vst_install_backups/$(date +%s)" echo "Installation backup directory: $vst_backups" # Printing start message and sleeping for 5 seconds echo -e "\n\n\n\nInstallation will take about 15 minutes ...\n" sleep 5 #----------------------------------------------------------# # Checking swap # #----------------------------------------------------------# # Checking swap on small instances if [ -z "$(swapon -s)" ] && [ $memory -lt 1000000 ]; then fallocate -l 1G /swapfile chmod 600 /swapfile mkswap /swapfile swapon /swapfile echo "/swapfile none swap sw 0 0" >> /etc/fstab fi #----------------------------------------------------------# # Install repository # #----------------------------------------------------------# # Updating system apt-get -y upgrade check_result $? 'apt-get upgrade failed' # Installing nginx repo apt=/etc/apt/sources.list.d echo "deb http://nginx.org/packages/debian/ $codename nginx" > $apt/nginx.list wget http://nginx.org/keys/nginx_signing.key -O /tmp/nginx_signing.key apt-key add /tmp/nginx_signing.key # Installing vesta repo echo "deb http://$RHOST/$codename/ $codename vesta" > $apt/vesta.list wget $CHOST/deb_signing.key -O deb_signing.key apt-key add deb_signing.key # Installing jessie backports if [ "$release" -eq 8 ]; then if [ ! -e /etc/apt/apt.conf ]; then echo 'Acquire::Check-Valid-Until "false";' >> /etc/apt/apt.conf fi if [ ! -e /etc/apt/sources.list.d/backports.list ]; then echo "deb http://archive.debian.org/debian jessie-backports main" >\ /etc/apt/sources.list.d/backports.list fi fi #----------------------------------------------------------# # Backup # #----------------------------------------------------------# # Creating backup directory tree mkdir -p $vst_backups cd $vst_backups mkdir nginx apache2 php php5 php5-fpm vsftpd proftpd bind exim4 dovecot clamd mkdir spamassassin mysql postgresql mongodb vesta # Backing up Nginx configuration service nginx stop > /dev/null 2>&1 cp -r /etc/nginx/* $vst_backups/nginx >/dev/null 2>&1 # Backing up Apache configuration service apache2 stop > /dev/null 2>&1 cp -r /etc/apache2/* $vst_backups/apache2 > /dev/null 2>&1 rm -f /etc/apache2/conf.d/* > /dev/null 2>&1 # Backing up PHP configuration cp /etc/php.ini $vst_backups/php > /dev/null 2>&1 cp -r /etc/php.d $vst_backups/php > /dev/null 2>&1 # Backing up PHP configuration service php5-fpm stop >/dev/null 2>&1 cp /etc/php5/* $vst_backups/php5 > /dev/null 2>&1 rm -f /etc/php5/fpm/pool.d/* >/dev/null 2>&1 # Backing up Bind configuration service bind9 stop > /dev/null 2>&1 cp -r /etc/bind/* $vst_backups/bind > /dev/null 2>&1 # Backing up Vsftpd configuration service vsftpd stop > /dev/null 2>&1 cp /etc/vsftpd.conf $vst_backups/vsftpd > /dev/null 2>&1 # Backing up ProFTPD configuration service proftpd stop > /dev/null 2>&1 cp /etc/proftpd.conf $vst_backups/proftpd >/dev/null 2>&1 # Backing up Exim configuration service exim4 stop > /dev/null 2>&1 cp -r /etc/exim4/* $vst_backups/exim4 > /dev/null 2>&1 # Backing up ClamAV configuration service clamav-daemon stop > /dev/null 2>&1 cp -r /etc/clamav/* $vst_backups/clamav > /dev/null 2>&1 # Backing up SpamAssassin configuration service spamassassin stop > /dev/null 2>&1 cp -r /etc/spamassassin/* $vst_backups/spamassassin > /dev/null 2>&1 # Backing up Dovecot configuration service dovecot stop > /dev/null 2>&1 cp /etc/dovecot.conf $vst_backups/dovecot > /dev/null 2>&1 cp -r /etc/dovecot/* $vst_backups/dovecot > /dev/null 2>&1 # Backing up MySQL/MariaDB configuration and data service mysql stop > /dev/null 2>&1 killall -9 mysqld > /dev/null 2>&1 mv /var/lib/mysql $vst_backups/mysql/mysql_datadir > /dev/null 2>&1 cp -r /etc/mysql/* $vst_backups/mysql > /dev/null 2>&1 mv -f /root/.my.cnf $vst_backups/mysql > /dev/null 2>&1 # Backup vesta service vesta stop > /dev/null 2>&1 cp -r $VESTA/* $vst_backups/vesta > /dev/null 2>&1 apt-get -y remove vesta vesta-nginx vesta-php > /dev/null 2>&1 apt-get -y purge vesta vesta-nginx vesta-php > /dev/null 2>&1 rm -rf $VESTA > /dev/null 2>&1 #----------------------------------------------------------# # Package Excludes # #----------------------------------------------------------# # Excluding packages if [ "$nginx" = 'no' ]; then software=$(echo "$software" | sed -e "s/ nginx/ /") fi if [ "$apache" = 'no' ]; then software=$(echo "$software" | sed -e "s/apache2 //") software=$(echo "$software" | sed -e "s/apache2-utils//") software=$(echo "$software" | sed -e "s/apache2-suexec-custom//") software=$(echo "$software" | sed -e "s/apache2.2-common//") software=$(echo "$software" | sed -e "s/libapache2-mod-ruid2//") software=$(echo "$software" | sed -e "s/libapache2-mod-fcgid//") software=$(echo "$software" | sed -e "s/libapache2-mod-php5//") software=$(echo "$software" | sed -e "s/libapache2-mod-php//") fi if [ "$phpfpm" = 'no' ]; then software=$(echo "$software" | sed -e "s/php5-fpm//") software=$(echo "$software" | sed -e "s/php-fpm//") fi if [ "$vsftpd" = 'no' ]; then software=$(echo "$software" | sed -e "s/vsftpd//") fi if [ "$proftpd" = 'no' ]; then software=$(echo "$software" | sed -e "s/proftpd-basic//") software=$(echo "$software" | sed -e "s/proftpd-mod-vroot//") fi if [ "$named" = 'no' ]; then software=$(echo "$software" | sed -e "s/bind9//") fi if [ "$exim" = 'no' ]; then software=$(echo "$software" | sed -e "s/exim4 //") software=$(echo "$software" | sed -e "s/exim4-daemon-heavy//") software=$(echo "$software" | sed -e "s/dovecot-imapd//") software=$(echo "$software" | sed -e "s/dovecot-pop3d//") software=$(echo "$software" | sed -e "s/clamav-daemon//") software=$(echo "$software" | sed -e "s/spamassassin//") fi if [ "$clamd" = 'no' ]; then software=$(echo "$software" | sed -e "s/clamav-daemon//") fi if [ "$spamd" = 'no' ]; then software=$(echo "$software" | sed -e "s/spamassassin//") software=$(echo "$software" | sed -e "s/libmail-dkim-perl//") fi if [ "$dovecot" = 'no' ]; then software=$(echo "$software" | sed -e "s/dovecot-imapd//") software=$(echo "$software" | sed -e "s/dovecot-pop3d//") fi if [ "$mysql" = 'no' ]; then software=$(echo "$software" | sed -e 's/mysql-server//') software=$(echo "$software" | sed -e 's/mysql-client//') software=$(echo "$software" | sed -e 's/mysql-common//') software=$(echo "$software" | sed -e 's/php5-mysql//') software=$(echo "$software" | sed -e 's/php-mysql//') software=$(echo "$software" | sed -e 's/phpMyAdmin//') fi if [ "$postgresql" = 'no' ]; then software=$(echo "$software" | sed -e 's/postgresql-contrib//') software=$(echo "$software" | sed -e 's/postgresql//') software=$(echo "$software" | sed -e 's/php5-pgsql//') software=$(echo "$software" | sed -e 's/php-pgsql//') software=$(echo "$software" | sed -e 's/phppgadmin//') fi if [ "$softaculous" = 'no' ]; then software=$(echo "$software" | sed -e 's/vesta-softaculous//') fi if [ "$iptables" = 'no' ] || [ "$fail2ban" = 'no' ]; then software=$(echo "$software" | sed -e 's/fail2ban//') fi #----------------------------------------------------------# # Install packages # #----------------------------------------------------------# # Update system packages apt-get update # Disable daemon autostart /usr/share/doc/sysv-rc/README.policy-rc.d.gz echo -e '#!/bin/sh \nexit 101' > /usr/sbin/policy-rc.d chmod a+x /usr/sbin/policy-rc.d # Install apt packages apt-get -y install $software check_result $? "apt-get install failed" # Restore policy rm -f /usr/sbin/policy-rc.d #----------------------------------------------------------# # Configure system # #----------------------------------------------------------# # Enable SSH password auth sed -i "s/rdAuthentication no/rdAuthentication yes/g" /etc/ssh/sshd_config service ssh restart # Disable awstats cron rm -f /etc/cron.d/awstats # Set directory color echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile # Register /sbin/nologin and /usr/sbin/nologin echo "/sbin/nologin" >> /etc/shells echo "/usr/sbin/nologin" >> /etc/shells # NTP Synchronization echo '#!/bin/sh' > /etc/cron.daily/ntpdate echo "$(which ntpdate) -s pool.ntp.org" >> /etc/cron.daily/ntpdate chmod 775 /etc/cron.daily/ntpdate ntpdate -s pool.ntp.org # Setup rssh if [ -z "$(grep /usr/bin/rssh /etc/shells)" ]; then echo /usr/bin/rssh >> /etc/shells fi sed -i 's/#allowscp/allowscp/' /etc/rssh.conf sed -i 's/#allowsftp/allowsftp/' /etc/rssh.conf sed -i 's/#allowrsync/allowrsync/' /etc/rssh.conf chmod 755 /usr/bin/rssh #----------------------------------------------------------# # Configure VESTA # #----------------------------------------------------------# # Installing sudo configuration mkdir -p /etc/sudoers.d cp -f $vestacp/sudo/admin /etc/sudoers.d/ chmod 440 /etc/sudoers.d/admin # Configuring system env echo "export VESTA='$VESTA'" > /etc/profile.d/vesta.sh chmod 755 /etc/profile.d/vesta.sh source /etc/profile.d/vesta.sh echo 'PATH=$PATH:'$VESTA'/bin' >> /root/.bash_profile echo 'export PATH' >> /root/.bash_profile source /root/.bash_profile # Configuring logrotate for Vesta logs cp -f $vestacp/logrotate/vesta /etc/logrotate.d/ # Building directory tree and creating some blank files for vesta mkdir -p $VESTA/conf $VESTA/log $VESTA/ssl $VESTA/data/ips \ $VESTA/data/queue $VESTA/data/users $VESTA/data/firewall \ $VESTA/data/sessions touch $VESTA/data/queue/backup.pipe $VESTA/data/queue/disk.pipe \ $VESTA/data/queue/webstats.pipe $VESTA/data/queue/restart.pipe \ $VESTA/data/queue/traffic.pipe $VESTA/log/system.log \ $VESTA/log/nginx-error.log $VESTA/log/auth.log chmod 750 $VESTA/conf $VESTA/data/users $VESTA/data/ips $VESTA/log chmod -R 750 $VESTA/data/queue chmod 660 $VESTA/log/* rm -f /var/log/vesta ln -s $VESTA/log /var/log/vesta chmod 770 $VESTA/data/sessions # Generating vesta configuration rm -f $VESTA/conf/vesta.conf 2>/dev/null touch $VESTA/conf/vesta.conf chmod 660 $VESTA/conf/vesta.conf # WEB stack if [ "$apache" = 'yes' ] && [ "$nginx" = 'no' ] ; then echo "WEB_SYSTEM='apache2'" >> $VESTA/conf/vesta.conf echo "WEB_RGROUPS='www-data'" >> $VESTA/conf/vesta.conf echo "WEB_PORT='80'" >> $VESTA/conf/vesta.conf echo "WEB_SSL_PORT='443'" >> $VESTA/conf/vesta.conf echo "WEB_SSL='mod_ssl'" >> $VESTA/conf/vesta.conf echo "STATS_SYSTEM='webalizer,awstats'" >> $VESTA/conf/vesta.conf fi if [ "$apache" = 'yes' ] && [ "$nginx" = 'yes' ] ; then echo "WEB_SYSTEM='apache2'" >> $VESTA/conf/vesta.conf echo "WEB_RGROUPS='www-data'" >> $VESTA/conf/vesta.conf echo "WEB_PORT='8080'" >> $VESTA/conf/vesta.conf echo "WEB_SSL_PORT='8443'" >> $VESTA/conf/vesta.conf echo "WEB_SSL='mod_ssl'" >> $VESTA/conf/vesta.conf echo "PROXY_SYSTEM='nginx'" >> $VESTA/conf/vesta.conf echo "PROXY_PORT='80'" >> $VESTA/conf/vesta.conf echo "PROXY_SSL_PORT='443'" >> $VESTA/conf/vesta.conf echo "STATS_SYSTEM='webalizer,awstats'" >> $VESTA/conf/vesta.conf fi if [ "$apache" = 'no' ] && [ "$nginx" = 'yes' ]; then echo "WEB_SYSTEM='nginx'" >> $VESTA/conf/vesta.conf echo "WEB_PORT='80'" >> $VESTA/conf/vesta.conf echo "WEB_SSL_PORT='443'" >> $VESTA/conf/vesta.conf echo "WEB_SSL='openssl'" >> $VESTA/conf/vesta.conf if [ "$release" -eq 9 ]; then if [ "$phpfpm" = 'yes' ]; then echo "WEB_BACKEND='php-fpm'" >> $VESTA/conf/vesta.conf fi else if [ "$phpfpm" = 'yes' ]; then echo "WEB_BACKEND='php5-fpm'" >> $VESTA/conf/vesta.conf fi fi echo "STATS_SYSTEM='webalizer,awstats'" >> $VESTA/conf/vesta.conf fi # FTP stack if [ "$vsftpd" = 'yes' ]; then echo "FTP_SYSTEM='vsftpd'" >> $VESTA/conf/vesta.conf fi if [ "$proftpd" = 'yes' ]; then echo "FTP_SYSTEM='proftpd'" >> $VESTA/conf/vesta.conf fi # DNS stack if [ "$named" = 'yes' ]; then echo "DNS_SYSTEM='bind9'" >> $VESTA/conf/vesta.conf fi # Mail stack if [ "$exim" = 'yes' ]; then echo "MAIL_SYSTEM='exim4'" >> $VESTA/conf/vesta.conf if [ "$clamd" = 'yes' ]; then echo "ANTIVIRUS_SYSTEM='clamav-daemon'" >> $VESTA/conf/vesta.conf fi if [ "$spamd" = 'yes' ]; then echo "ANTISPAM_SYSTEM='spamassassin'" >> $VESTA/conf/vesta.conf fi if [ "$dovecot" = 'yes' ]; then echo "IMAP_SYSTEM='dovecot'" >> $VESTA/conf/vesta.conf fi fi # CRON daemon echo "CRON_SYSTEM='cron'" >> $VESTA/conf/vesta.conf # Firewall stack if [ "$iptables" = 'yes' ]; then echo "FIREWALL_SYSTEM='iptables'" >> $VESTA/conf/vesta.conf fi if [ "$iptables" = 'yes' ] && [ "$fail2ban" = 'yes' ]; then echo "FIREWALL_EXTENSION='fail2ban'" >> $VESTA/conf/vesta.conf fi # Disk quota if [ "$quota" = 'yes' ]; then echo "DISK_QUOTA='yes'" >> $VESTA/conf/vesta.conf fi # Backups echo "BACKUP_SYSTEM='local'" >> $VESTA/conf/vesta.conf # Language echo "LANGUAGE='$lang'" >> $VESTA/conf/vesta.conf # Version echo "VERSION='0.9.8'" >> $VESTA/conf/vesta.conf # Installing hosting packages cp -rf $vestacp/packages $VESTA/data/ # Installing templates cp -rf $vestacp/templates $VESTA/data/ # Copying index.html to default documentroot cp $VESTA/data/templates/web/skel/public_html/index.html /var/www/ sed -i 's/%domain%/It worked!/g' /var/www/index.html # Installing firewall rules cp -rf $vestacp/firewall $VESTA/data/ # Configuring server hostname $VESTA/bin/v-change-sys-hostname $servername 2>/dev/null # Generating SSL certificate $VESTA/bin/v-generate-ssl-cert $(hostname) $email 'US' 'California' \ 'San Francisco' 'Vesta Control Panel' 'IT' > /tmp/vst.pem # Parsing certificate file crt_end=$(grep -n "END CERTIFICATE-" /tmp/vst.pem |cut -f 1 -d:) key_start=$(grep -n "BEGIN RSA" /tmp/vst.pem |cut -f 1 -d:) key_end=$(grep -n "END RSA" /tmp/vst.pem |cut -f 1 -d:) # Adding SSL certificate cd $VESTA/ssl sed -n "1,${crt_end}p" /tmp/vst.pem > certificate.crt sed -n "$key_start,${key_end}p" /tmp/vst.pem > certificate.key chown root:mail $VESTA/ssl/* chmod 660 $VESTA/ssl/* rm /tmp/vst.pem #----------------------------------------------------------# # Configure Nginx # #----------------------------------------------------------# if [ "$nginx" = 'yes' ]; then rm -f /etc/nginx/conf.d/*.conf cp -f $vestacp/nginx/nginx.conf /etc/nginx/ cp -f $vestacp/nginx/status.conf /etc/nginx/conf.d/ cp -f $vestacp/nginx/phpmyadmin.inc /etc/nginx/conf.d/ cp -f $vestacp/nginx/phppgadmin.inc /etc/nginx/conf.d/ cp -f $vestacp/nginx/webmail.inc /etc/nginx/conf.d/ cp -f $vestacp/logrotate/nginx /etc/logrotate.d/ echo > /etc/nginx/conf.d/vesta.conf mkdir -p /var/log/nginx/domains update-rc.d nginx defaults service nginx start check_result $? "nginx start failed" fi #----------------------------------------------------------# # Configure Apache # #----------------------------------------------------------# if [ "$apache" = 'yes' ]; then cp -f $vestacp/apache2/apache2.conf /etc/apache2/ cp -f $vestacp/apache2/status.conf /etc/apache2/mods-enabled/ cp -f $vestacp/logrotate/apache2 /etc/logrotate.d/ a2enmod rewrite a2enmod suexec a2enmod ssl a2enmod actions a2enmod ruid2 a2enmod headers mkdir -p /etc/apache2/conf.d echo > /etc/apache2/conf.d/vesta.conf echo "# Server control panel by VESTA" > /etc/apache2/sites-available/default echo "# Server control panel by VESTA" > /etc/apache2/sites-available/default-ssl echo "# Server control panel by VESTA" > /etc/apache2/ports.conf echo -e "/home\npublic_html/cgi-bin" > /etc/apache2/suexec/www-data touch /var/log/apache2/access.log /var/log/apache2/error.log mkdir -p /var/log/apache2/domains chmod a+x /var/log/apache2 chmod 640 /var/log/apache2/access.log /var/log/apache2/error.log chmod 751 /var/log/apache2/domains update-rc.d apache2 defaults service apache2 start check_result $? "apache2 start failed" else update-rc.d apache2 disable >/dev/null 2>&1 service apache2 stop >/dev/null 2>&1 fi #----------------------------------------------------------# # Configure PHP-FPM # #----------------------------------------------------------# if [ "$phpfpm" = 'yes' ]; then if [ "$release" -eq 9 ]; then cp -f $vestacp/php-fpm/www.conf /etc/php/7.0/fpm/pool.d/www.conf update-rc.d php7.0-fpm defaults service php7.0-fpm start check_result $? "php-fpm start failed" else cp -f $vestacp/php5-fpm/www.conf /etc/php5/fpm/pool.d/www.conf update-rc.d php5-fpm defaults service php5-fpm start check_result $? "php-fpm start failed" fi fi #----------------------------------------------------------# # Configure PHP # #----------------------------------------------------------# ZONE=$(timedatectl 2>/dev/null|grep Timezone|awk '{print $2}') if [ -z "$ZONE" ]; then ZONE='UTC' fi for pconf in $(find /etc/php* -name php.ini); do sed -i "s/;date.timezone =/date.timezone = $ZONE/g" $pconf sed -i 's%_open_tag = Off%_open_tag = On%g' $pconf done #----------------------------------------------------------# # Configure VSFTPD # #----------------------------------------------------------# if [ "$vsftpd" = 'yes' ]; then cp -f $vestacp/vsftpd/vsftpd.conf /etc/ update-rc.d vsftpd defaults service vsftpd start check_result $? "vsftpd start failed" # To be deleted after release 0.9.8-18 echo "/sbin/nologin" >> /etc/shells fi #----------------------------------------------------------# # Configure ProFTPD # #----------------------------------------------------------# if [ "$proftpd" = 'yes' ]; then echo "127.0.0.1 $servername" >> /etc/hosts cp -f $vestacp/proftpd/proftpd.conf /etc/proftpd/ update-rc.d proftpd defaults service proftpd start check_result $? "proftpd start failed" fi #----------------------------------------------------------# # Configure MySQL/MariaDB # #----------------------------------------------------------# if [ "$mysql" = 'yes' ]; then mycnf="my-small.cnf" if [ $memory -gt 1200000 ]; then mycnf="my-medium.cnf" fi if [ $memory -gt 3900000 ]; then mycnf="my-large.cnf" fi # MySQL configuration cp -f $vestacp/mysql/$mycnf /etc/mysql/my.cnf mysql_install_db update-rc.d mysql defaults service mysql start check_result $? "mysql start failed" # Securing MySQL installation mpass=$(gen_pass) mysqladmin -u root password $mpass echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf chmod 600 /root/.my.cnf mysql -e "DELETE FROM mysql.user WHERE User=''" mysql -e "DROP DATABASE test" >/dev/null 2>&1 mysql -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'" mysql -e "DELETE FROM mysql.user WHERE user='' or password='';" mysql -e "FLUSH PRIVILEGES" # Configuring phpMyAdmin if [ "$apache" = 'yes' ]; then cp -f $vestacp/pma/apache.conf /etc/phpmyadmin/ ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf.d/phpmyadmin.conf fi cp -f $vestacp/pma/config.inc.php /etc/phpmyadmin/ chmod 777 /var/lib/phpmyadmin/tmp fi #----------------------------------------------------------# # Configure PostgreSQL # #----------------------------------------------------------# if [ "$postgresql" = 'yes' ]; then ppass=$(gen_pass) cp -f $vestacp/postgresql/pg_hba.conf /etc/postgresql/*/main/ service postgresql restart sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" # Configuring phpPgAdmin if [ "$apache" = 'yes' ]; then cp -f $vestacp/pga/phppgadmin.conf /etc/apache2/conf.d/ fi cp -f $vestacp/pga/config.inc.php /etc/phppgadmin/ fi #----------------------------------------------------------# # Configure Bind # #----------------------------------------------------------# if [ "$named" = 'yes' ]; then cp -f $vestacp/bind/named.conf /etc/bind/ sed -i "s%listen-on%//listen%" /etc/bind/named.conf.options chown root:bind /etc/bind/named.conf chmod 640 /etc/bind/named.conf aa-complain /usr/sbin/named 2>/dev/null echo "/home/** rwm," >> /etc/apparmor.d/local/usr.sbin.named 2>/dev/null service apparmor status >/dev/null 2>&1 if [ $? -ne 0 ]; then service apparmor restart fi update-rc.d bind9 defaults service bind9 start check_result $? "bind9 start failed" fi #----------------------------------------------------------# # Configure Exim # #----------------------------------------------------------# if [ "$exim" = 'yes' ]; then gpasswd -a Debian-exim mail cp -f $vestacp/exim/exim4.conf.template /etc/exim4/ cp -f $vestacp/exim/dnsbl.conf /etc/exim4/ cp -f $vestacp/exim/spam-blocks.conf /etc/exim4/ touch /etc/exim4/white-blocks.conf if [ "$spamd" = 'yes' ]; then sed -i "s/#SPAM/SPAM/g" /etc/exim4/exim4.conf.template fi if [ "$clamd" = 'yes' ]; then sed -i "s/#CLAMD/CLAMD/g" /etc/exim4/exim4.conf.template fi chmod 640 /etc/exim4/exim4.conf.template rm -rf /etc/exim4/domains mkdir -p /etc/exim4/domains rm -f /etc/alternatives/mta ln -s /usr/sbin/exim4 /etc/alternatives/mta update-rc.d -f sendmail remove > /dev/null 2>&1 service sendmail stop > /dev/null 2>&1 update-rc.d -f postfix remove > /dev/null 2>&1 service postfix stop > /dev/null 2>&1 update-rc.d exim4 defaults service exim4 start check_result $? "exim4 start failed" fi #----------------------------------------------------------# # Configure Dovecot # #----------------------------------------------------------# if [ "$dovecot" = 'yes' ]; then gpasswd -a dovecot mail cp -rf $vestacp/dovecot /etc/ cp -f $vestacp/logrotate/dovecot /etc/logrotate.d/ chown -R root:root /etc/dovecot* if [ "$release" -eq 9 ]; then sed -i "s#namespace inbox {#namespace inbox {\n inbox = yes#" /etc/dovecot/conf.d/15-mailboxes.conf fi update-rc.d dovecot defaults service dovecot start check_result $? "dovecot start failed" fi #----------------------------------------------------------# # Configure ClamAV # #----------------------------------------------------------# if [ "$clamd" = 'yes' ]; then gpasswd -a clamav mail gpasswd -a clamav Debian-exim cp -f $vestacp/clamav/clamd.conf /etc/clamav/ /usr/bin/freshclam update-rc.d clamav-daemon defaults if [ ! -d "/var/run/clamav" ]; then mkdir /var/run/clamav fi chown -R clamav:clamav /var/run/clamav if [ -e "/lib/systemd/system/clamav-daemon.service" ]; then exec_pre1='ExecStartPre=-/bin/mkdir -p /var/run/clamav' exec_pre2='ExecStartPre=-/bin/chown -R clamav:clamav /var/run/clamav' sed -i "s|\[Service\]/|[Service]\n$exec_pre1\n$exec_pre2|g" \ /lib/systemd/system/clamav-daemon.service systemctl daemon-reload fi service clamav-daemon start check_result $? "clamav-daeom start failed" fi #----------------------------------------------------------# # Configure SpamAssassin # #----------------------------------------------------------# if [ "$spamd" = 'yes' ]; then update-rc.d spamassassin defaults sed -i "s/ENABLED=0/ENABLED=1/" /etc/default/spamassassin service spamassassin start check_result $? "spamassassin start failed" unit_files="$(systemctl list-unit-files |grep spamassassin)" if [[ "$unit_files" =~ "disabled" ]]; then systemctl enable spamassassin fi fi #----------------------------------------------------------# # Configure RoundCube # #----------------------------------------------------------# if [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then if [ "$apache" = 'yes' ]; then cp -f $vestacp/roundcube/apache.conf /etc/roundcube/ ln -s /etc/roundcube/apache.conf /etc/apache2/conf.d/roundcube.conf fi cp -f $vestacp/roundcube/main.inc.php /etc/roundcube/ cp -f $vestacp/roundcube/db.inc.php /etc/roundcube/ chmod 640 /etc/roundcube/debian-db-roundcube.php chmod 640 /etc/roundcube/config.inc.php chown root:www-data /etc/roundcube/debian-db-roundcube.php chown root:www-data /etc/roundcube/config.inc.php cp -f $vestacp/roundcube/vesta.php \ /usr/share/roundcube/plugins/password/drivers/ cp -f $vestacp/roundcube/config.inc.php /etc/roundcube/plugins/password/ r="$(gen_pass)" mysql -e "CREATE DATABASE roundcube" mysql -e "GRANT ALL ON roundcube.* TO roundcube@localhost IDENTIFIED BY '$r'" sed -i "s/%password%/$r/g" /etc/roundcube/db.inc.php sed -i "s/localhost/$servername/g" \ /etc/roundcube/plugins/password/config.inc.php mysql roundcube < /usr/share/dbconfig-common/data/roundcube/install/mysql chmod a+r /etc/roundcube/main.inc.php if [ "$release" -eq 8 ] || [ "$release" -eq 9 ]; then mv -f /etc/roundcube/main.inc.php /etc/roundcube/config.inc.php mv -f /etc/roundcube/db.inc.php /etc/roundcube/debian-db-roundcube.php chmod 640 /etc/roundcube/debian-db-roundcube.php chmod 640 /etc/roundcube/config.inc.php chown root:www-data /etc/roundcube/debian-db-roundcube.php chown root:www-data /etc/roundcube/config.inc.php fi if [ "$release" -eq 8 ]; then # RoundCube tinyMCE fix tinymceFixArchiveURL=$vestacp/roundcube/roundcube-tinymce.tar.gz tinymceParentFolder=/usr/share/roundcube/program/js tinymceFolder=$tinymceParentFolder/tinymce tinymceBadJS=$tinymceFolder/tiny_mce.js tinymceFixArchive=$tinymceParentFolder/roundcube-tinymce.tar.gz if [[ -L "$tinymceFolder" && -d "$tinymceFolder" ]]; then if [ -f "$tinymceBadJS" ]; then wget $tinymceFixArchiveURL -O $tinymceFixArchive if [[ -f "$tinymceFixArchive" && -s "$tinymceFixArchive" ]] then rm $tinymceFolder tar -xzf $tinymceFixArchive -C $tinymceParentFolder rm $tinymceFixArchive chown -R root:root $tinymceFolder else echo -n "File roundcube-tinymce.tar.gz is not downloaded," echo "RoundCube tinyMCE fix is not applied" rm $tinymceFixArchive fi fi fi fi fi #----------------------------------------------------------# # Configure Fail2Ban # #----------------------------------------------------------# if [ "$fail2ban" = 'yes' ]; then cp -rf $vestacp/fail2ban /etc/ if [ "$dovecot" = 'no' ]; then fline=$(cat /etc/fail2ban/jail.local |grep -n dovecot-iptables -A 2) fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local fi if [ "$exim" = 'no' ]; then fline=$(cat /etc/fail2ban/jail.local |grep -n exim-iptables -A 2) fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local fi if [ "$vsftpd" = 'yes' ]; then #Create vsftpd Log File if [ ! -f "/var/log/vsftpd.log" ]; then touch /var/log/vsftpd.log fi fline=$(cat /etc/fail2ban/jail.local |grep -n vsftpd-iptables -A 2) fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) sed -i "${fline}s/false/true/" /etc/fail2ban/jail.local fi update-rc.d fail2ban defaults service fail2ban start check_result $? "fail2ban start failed" fi #----------------------------------------------------------# # Configure Admin User # #----------------------------------------------------------# # Deleting old admin user if [ ! -z "$(grep ^admin: /etc/passwd)" ] && [ "$force" = 'yes' ]; then chattr -i /home/admin/conf > /dev/null 2>&1 userdel -f admin >/dev/null 2>&1 chattr -i /home/admin/conf >/dev/null 2>&1 mv -f /home/admin $vst_backups/home/ >/dev/null 2>&1 rm -f /tmp/sess_* >/dev/null 2>&1 fi if [ ! -z "$(grep ^admin: /etc/group)" ]; then groupdel admin > /dev/null 2>&1 fi # Adding vesta account $VESTA/bin/v-add-user admin $vpass $email default System Administrator check_result $? "can't create admin user" $VESTA/bin/v-change-user-shell admin bash $VESTA/bin/v-change-user-language admin $lang # RoundCube permissions fix if [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then if [ ! -d "/var/log/roundcube" ]; then mkdir /var/log/roundcube fi chown admin:admin /var/log/roundcube fi # Configuring system ips $VESTA/bin/v-update-sys-ip # Get main ip ip=$(ip addr|grep 'inet '|grep global|head -n1|awk '{print $2}'|cut -f1 -d/) local_ip=$ip # Firewall configuration if [ "$iptables" = 'yes' ]; then $VESTA/bin/v-update-firewall fi # Get public ip pub_ip=$(curl -s vestacp.com/what-is-my-ip/) if [ ! -z "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then $VESTA/bin/v-change-sys-ip-nat $ip $pub_ip ip=$pub_ip fi # Configuring libapache2-mod-remoteip if [ "$apache" = 'yes' ] && [ "$nginx" = 'yes' ] ; then cd /etc/apache2/mods-available echo "" > remoteip.conf echo " RemoteIPHeader X-Real-IP" >> remoteip.conf if [ "$local_ip" != "127.0.0.1" ] && [ "$pub_ip" != "127.0.0.1" ]; then echo " RemoteIPInternalProxy 127.0.0.1" >> remoteip.conf fi if [ ! -z "$local_ip" ] && [ "$local_ip" != "$pub_ip" ]; then echo " RemoteIPInternalProxy $local_ip" >> remoteip.conf fi if [ ! -z "$pub_ip" ]; then echo " RemoteIPInternalProxy $pub_ip" >> remoteip.conf fi echo "" >> remoteip.conf sed -i "s/LogFormat \"%h/LogFormat \"%a/g" /etc/apache2/apache2.conf a2enmod remoteip service apache2 restart fi # Configuring mysql host if [ "$mysql" = 'yes' ]; then $VESTA/bin/v-add-database-host mysql localhost root $mpass $VESTA/bin/v-add-database admin default default $(gen_pass) mysql fi # Configuring pgsql host if [ "$postgresql" = 'yes' ]; then $VESTA/bin/v-add-database-host pgsql localhost postgres $ppass $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql fi # Adding default domain $VESTA/bin/v-add-domain admin $servername check_result $? "can't create $servername domain" # Adding cron jobs command="sudo $VESTA/bin/v-update-sys-queue disk" $VESTA/bin/v-add-cron-job 'admin' '15' '02' '*' '*' '*' "$command" command="sudo $VESTA/bin/v-update-sys-queue traffic" $VESTA/bin/v-add-cron-job 'admin' '10' '00' '*' '*' '*' "$command" command="sudo $VESTA/bin/v-update-sys-queue webstats" $VESTA/bin/v-add-cron-job 'admin' '30' '03' '*' '*' '*' "$command" command="sudo $VESTA/bin/v-update-sys-queue backup" $VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" command="sudo $VESTA/bin/v-backup-users" $VESTA/bin/v-add-cron-job 'admin' '10' '05' '*' '*' '*' "$command" command="sudo $VESTA/bin/v-update-user-stats" $VESTA/bin/v-add-cron-job 'admin' '20' '00' '*' '*' '*' "$command" command="sudo $VESTA/bin/v-update-sys-rrd" $VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" service cron restart # Building inititall rrd images $VESTA/bin/v-update-sys-rrd # Enabling file system quota if [ "$quota" = 'yes' ]; then $VESTA/bin/v-add-sys-quota fi # Enabling softaculous plugin if [ "$softaculous" = 'yes' ]; then $VESTA/bin/v-add-vesta-softaculous fi # Starting vesta service update-rc.d vesta defaults service vesta start check_result $? "vesta start failed" chown admin:admin $VESTA/data/sessions # Adding notifications $VESTA/upd/add_notifications.sh # Adding cronjob for autoupdates $VESTA/bin/v-add-cron-vesta-autoupdate if [ "$port" != "8083" ]; then echo "=== Set Vesta port: $port" $VESTA/bin/v-change-vesta-port $port fi echo "NOTIFY_ADMIN_FULL_BACKUP='$email'" >> $VESTA/conf/vesta.conf #----------------------------------------------------------# # Vesta Access Info # #----------------------------------------------------------# # Comparing hostname and ip if [ "$ssl" = 'no' ]; then host_ip=$(host $servername |head -n 1 |awk '{print $NF}') if [ "$host_ip" = "$ip" ]; then ip="$servername" fi fi if [ "$ssl" = 'yes' ]; then make_ssl=0 host_ip=$(host $servername | head -n 1 | awk '{print $NF}') if [ "$host_ip" != "$pub_ip" ]; then echo "***** PROBLEM: Hostname $servername is not pointing to your server (IP address $ip)" echo "Without pointing your hostname to your IP, LetsEncrypt SSL will not be generated for your server hostname." echo "Try to setup an A record in your DNS, pointing your hostname $servername to IP address $ip and then press ENTER." echo "(or register ns1.$servername and ns2.$servername as DNS Nameservers and put those Nameservers on $servername domain)" echo "If we detect that hostname is still not pointing to your IP, installer will not add LetsEncrypt SSL certificate to your hosting panel (unsigned SSL will be used instead)." read -p "To force to try anyway to add LetsEncrypt, press f and then ENTER." answer host_ip=$(host $servername | head -n 1 | awk '{print $NF}') fi if [ "$answer" = "f" ]; then make_ssl=1 fi if [ "$host_ip" = "$ip" ]; then ip="$servername" make_ssl=1 fi if [ $make_ssl -eq 1 ]; then # Check if www is also pointing to our IP www_host="www.$servername" www_host_ip=$(host $www_host | head -n 1 | awk '{print $NF}') if [ "$www_host_ip" != "$pub_ip" ]; then if [ "$named" = 'yes' ]; then echo "=== Deleting www to server hostname" $VESTA/bin/v-delete-web-domain-alias 'admin' "$servername" "$www_host" 'no' $VESTA/bin/v-delete-dns-on-web-alias 'admin' "$servername" "$www_host" 'no' fi www_host="" fi fi echo "===" echo "Hostname $servername is pointing to $host_ip" if [ $make_ssl -eq 1 ]; then echo "=== Generating HOSTNAME SSL" $VESTA/bin/v-add-letsencrypt-domain 'admin' "$servername" "$www_host" 'yes' $VESTA/bin/v-update-host-certificate 'admin' "$servername" else echo "We will not generate SSL because of this" fi echo "===" echo "UPDATE_HOSTNAME_SSL='yes'" >> $VESTA/conf/vesta.conf fi # Sending notification to admin email echo -e "Congratulations, you have just successfully installed \ Vesta Control Panel https://$ip:$port username: admin password: $vpass We hope that you enjoy your installation of Vesta. Please \ feel free to contact us anytime if you have any questions. Thank you. -- Sincerely yours vestacp.com team " > $tmpfile send_mail="$VESTA/web/inc/mail-wrapper.php" cat $tmpfile | $send_mail -s "Vesta Control Panel" $email # Congrats echo '=======================================================' echo echo ' _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_| ' echo ' _| _| _| _| _| _| _| ' echo ' _| _| _|_|_| _|_| _| _|_|_|_| ' echo ' _| _| _| _| _| _| _| ' echo ' _| _|_|_|_| _|_|_| _| _| _| ' echo echo cat $tmpfile rm -f $tmpfile # EOF