Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- output(){
- echo -e '\e[36m'$1'\e[0m';
- warn(){
- echo -e '\e[31m'$1'\e[0m';
- version=v1.23
- preflight(){
- output "Pterodactyl Installation & Upgrade script ${version}"
- output "Copyright
- 2019 Thien Tran <thientran@securesrv.io>."
- output "Please report any issues or copyright violations to https://securesrv.io/discord"
- output ""
- output "Thank you for your purchase. Please note that this script is meant to be installed on a fresh OS. Installing it on a non-fresh OS may cause problems."
- output "Automatic Operating System Detection initialized."
- if [ -r /etc/os-release ]; then
- lsb_dist="$(. /etc/os-release && echo "$ID")"
- dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
- else
- exit 1
- fi
- output "OS: $lsb_dist $dist_version detected."
- output ""
- if [ "$lsb_dist" = "ubuntu" ]; then
- if [ "$dist_version" != "19.04" ] && [ "$dist_version" != "18.04" ] && [ "$dist_version" != "16.04" ]; then
- output "Unsupported Ubuntu version. Only Ubuntu 19.04, 18.04, 16.04 are supported."
- exit 2
- fi
- elif [ "$lsb_dist" = "debian" ]; then
- if [ "$dist_version" != "10" ] &&[ "$dist_version" != "9" ] && [ "$dist_version" != "8" ]; then
- output "Unsupported Debian version. Only Debian 10, 9 and 8 are supported.."
- exit 2
- fi
- elif [ "$lsb_dist" = "fedora" ]; then
- if [ "$dist_version" != "30" ] && [ "$dist_version" != "29" ]; then
- output "Unsupported Fedora version. Only Fedora 30 and 29 are supported."
- exit 2
- fi
- elif [ "$lsb_dist" = "centos" ]; then
- if [ "$dist_version" != "7" ]; then
- output "Unsupported CentOS version. Only CentOS 7 are supported."
- exit 2
- fi
- elif [ "$lsb_dist" = "rhel" ]; then
- if [ "$dist_version" != "7" ]&&[ "$dist_version" != "7.1" ]&&[ "$dist_version" != "7.2" ]&&[ "$dist_version" != "7.3" ]&&[ "$dist_version" != "7.4" ]&&[ "$dist_version" != "7.5" ]&&[ "$dist_version" != "7.6" ]; then
- output "Unsupported RHEL version. Only RHEL 7 is supported."
- exit 2
- fi
- elif [ "$lsb_dist" != "ubuntu" ] && [ "$lsb_dist" != "debian" ] && [ "$lsb_dist" != "centos" ] && [ "$lsb_dist" != "rhel" ]; then
- output "Unsupported Operating System."
- output ""
- output "Supported OS:"
- output "Ubuntu: 19.04, 18.04, 16.04"
- output "Debian: 10, 9, 8"
- output "Fedora: 30, 29"
- output "CentOS: 7"
- output "RHEL: 7"
- exit 2
- fi
- if [ "$EUID" -ne 0 ]; then
- output "Please run as root."
- exit 3
- fi
- output "Automatic Architecture Detection initialized."
- MACHINE_TYPE=`uname -m`
- if [ ${MACHINE_TYPE} == 'x86_64' ]; then
- output "64-bit server detected! Good to go."
- output ""
- else
- output "Unsupported architecture detected! Please switch to 64-bit (x86_64)."
- exit 4
- fi
- output "Automatic Virtualization Detection initialized."
- if [ "$lsb_dist" = "ubuntu" ]; then
- apt-get update --fix-missing
- apt-get -y install software-properties-common
- add-apt-repository -y universe
- apt-get -y install virt-what
- elif [ "$lsb_dist" = "debian" ]; then
- apt update --fix-missing
- apt-get -y install software-properties-common virt-what wget
- elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
- yum -y install virt-what wget
- fi
- virt_serv=$(echo $(virt-what))
- if [ "$virt_serv" = "" ]; then
- output "Virtualization: Bare Metal detected."
- elif [ "$virt_serv" = "openvz lxc" ]; then
- output "Virtualization: OpenVZ 7 detected."
- elif [ "$virt_serv" = "xen xen-hvm" ]; then
- output "Virtualization: Xen-HVM detected."
- elif [ "$virt_serv" = "xen xen-hvm aws" ]; then
- output "Virtualization: Xen-HVM on AWS detected."
- warn "When doing allocation for the node, please use the internal ip as Google Cloud uses NAT."
- warn "Resuming in 10 seconds."
- sleep 10
- else
- output "Virtualization: $virt_serv detected."
- fi
- output ""
- if [ "$virt_serv" != "" ] && [ "$virt_serv" != "kvm" ] && [ "$virt_serv" != "vmware" ] && [ "$virt_serv" != "hyperv" ] && [ "$virt_serv" != "openvz lxc" ] && [ "$virt_serv" != "xen xen-hvm" ] && [ "$virt_serv" != "xen xen-hvm aws" ]; then
- warn "Unsupported Virtualization method. Please consult with your provider whether your server can run Docker or not. Proceed at your own risk."
- warn "No support would be given if your server breaks at any point in the future."
- warn "Proceed?\n[1] Yes.\n[2] No."
- read choice
- case $choice in
- 1) output "Proceeding..."
- ;;
- 2) output "Cancelling installation..."
- exit 5
- ;;
- esac
- output ""
- fi
- output "Kernel Detection Initialized."
- if echo $(uname -r) | grep -q xxxx; then
- output "OVH Kernel Detected. The script will not work. Please install your server with a generic/distribution kernel."
- output "When you are reinstalling your server, click on 'custom installation' and click on 'use distribution' kernel after that."
- output "You might also want to do custom partritioning, remove the /home partrition and give / all the remaining space."
- output "Please do not hesitate to contact us if you need help regarding this issue."
- exit 6
- elif echo $(uname -r) | grep -q pve; then
- output "Proxmox LXE Kernel Detected. You have chosen to continue in the last step, therefore we are proceeding at your own risk."
- output "Proceeding with a risky operation..."
- elif echo $(uname -r) | grep -q stab; then
- if echo $(uname -r) | grep -q 2.6; then
- output "OpenVZ 6 detected. This server will definitely not work with Docker, regardless of what your provider might say. Exiting to avoid further damages."
- exit 6
- fi
- elif echo $(uname -r) | grep -q gcp; then
- output "Google Cloud Platform Detected."
- warn "Please make sure you have static ip setup, otherwise the system will not work after a reboot."
- warn "Please also make sure the google firewall allows the ports needed for the server to function normally."
- warn "When doing allocation for the node, please use the internal ip as Google Cloud uses NAT."
- warn "Resuming in 10 seconds."
- sleep 10
- else
- output "Did not detect any bad kernel. Moving forward."
- output ""
- fi
- output "Checking for updates..."
- wget https://mirrors.securesrv.io >/dev/null 2>&1
- if grep -q "${version}" index.html; then
- output "Up to date, good to go!"
- output ""
- rm -rf index.html
- else
- output "Outdated script, please use the latest version. If you believe this is an error, please contact us on Discord."
- output "If you happen to be using one of the pirated version of the script, please buy the resource to support the author. We accept both paypal and cryptocurrencies."
- rm -rf index.html
- exit 69
- fi
- install_options(){
- output "Please select your installation option:"
- output "[1] Install the panel."
- output "[2] Install the daemon."
- output "[3] Install the panel and daemon."
- output "[4] Install the standalone SFTP server."
- output "[5] Upgrade 0.7.x panel to 0.7.15."
- output "[6] Upgrade 0.6.x daemon to 0.6.12."
- output "[7] Upgrade the panel to 0.7.15 and daemon to 0.6.12"
- output "[8] Upgrade the standalone SFTP server to 1.0.4."
- output "[9] Make Pterodactyl compatible with the mobile app. (Only use this after you have installed the panel. Check out https://pterodactyl.cloud for the mobile app.)"
- output "[10] Update Mobile compatibility."
- output "[11] Install or Update to phpMyAdmin 4.9.1 (Only use this after you have installed the panel.)"
- output "[12] Change Pterodactyl theme."
- output "[13] Emergency MariaDB root password reset."
- output "[14] Emergency Database host information reset."
- read choice
- case $choice in
- 1 ) installoption=1
- output "You have selected panel installation only."
- ;;
- 2 ) installoption=2
- output "You have selected daemon installation only."
- ;;
- 3 ) installoption=3
- output "You have selected panel and daemon installation."
- ;;
- 4 ) installoption=4
- output "You have selected to install the standalone SFTP server."
- ;;
- 5 ) installoption=5
- output "You have selected to upgrade the panel."
- ;;
- 6 ) installoption=6
- output "You have selected to upgrade the daemon."
- ;;
- 7 ) installoption=7
- output "You have selected to upgrade both the panel and daemon."
- ;;
- 8 ) installoption=8
- output "You have selected to upgrade the standalone SFTP."
- ;;
- 9 ) installoption=9
- output "You have activated mobile app compatibility."
- ;;
- 10 ) installoption=10
- output "you have selected to update the mobile app compatibility."
- ;;
- 11 ) installoption=11
- output "You have selected to install or update phpMyAdmin."
- ;;
- 12 ) installoption=12
- output "You have selected to change Pterodactyl's theme."
- ;;
- 13 ) installoption=13
- output "You have selected MariaDB root password reset."
- ;;
- 14 ) installoption=14
- output "You have selected Database Host information reset."
- ;;
- * ) output "You did not enter a valid selection."
- install_options
- esac
- webserver_options() {
- output "Please select which web server you would like to use:\n[1] Nginx (Recommended).\n[2] Apache2/Httpd."
- read choice
- case $choice in
- 1 ) webserver=1
- output "You have selected Nginx."
- output ""
- ;;
- 2 ) webserver=2
- output "You have selected Apache2 / Httpd."
- output ""
- ;;
- * ) output "You did not enter a valid selection."
- webserver_options
- esac
- database_options(){
- if [ "$lsb_dist" = "debian" ] && [ "$dist_version" = "10" ]; then
- db=mariadb
- else
- output "Please select your database version:"
- output "[1] MariaDB 10.4 (Recommended)."
- output "[2] MySQL 5.7."
- read database
- case $database in
- 1 ) db=mariadb
- output "You have selected to install MariaDB 10.4."
- output ""
- ;;
- 2 ) if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
- db=mysql
- elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
- db=mysql-community
- fi
- output "You have selected to install MySQL 5.7."
- output ""
- ;;
- * ) output "You did not enter a a valid selection."
- database_options
- esac
- fi
- theme_options() {
- output "Would you like to install Fonix's themes?"
- output "[1] No."
- output "[2] Tango Twist."
- output "[3] Blue Brick."
- output "[4] Minecraft Madness."
- output "[5] Lime Stitch."
- output "[6] Red Ape."
- output "[7] BlackEnd Space."
- output "[8] Nothing But Graphite."
- output ""
- output "You can find out about Fonix's themes here: https://github.com/TheFonix/Pterodactyl-Themes"
- read choice
- case $choice in
- 1 ) themeoption=1
- output "You have selected to install vanilla Pterodactyl theme."
- output ""
- ;;
- 2 ) themeoption=2
- output "You have selected to install Fonix's Tango Twist theme."
- output ""
- ;;
- 3 ) themeoption=3
- output "You have selected to install Fonix's Blue Brick theme."
- output ""
- ;;
- 4 ) themeoption=4
- output "You have selected to install Fonix's Minecraft Madness theme."
- output ""
- ;;
- 5 ) themeoption=5
- output "You have selected to install Fonix's Lime Stitch theme."
- output ""
- ;;
- 6 ) themeoption=6
- output "You have selected to install Fonix's Red Ape theme."
- output ""
- ;;
- 7 ) themeoption=7
- output "You have selected to install Fonix's BlackEnd Space theme."
- output ""
- ;;
- 8 ) themeoption=8
- output "You have selected to install Fonix's Nothing But Graphite theme."
- output ""
- ;;
- * ) output "You did not enter a a valid selection."
- theme_options
- esac
- }
- required_infos() {
- output "Please enter the desired user email address:"
- read email
- dns_check
- ssl_option(){
- output "Do you want to use SSL? [Y/n]: "
- output "If you have a domain, please set it to 'yes' for maximum security."
- output "If you choose 'no', the server will be accessible via the IP without SSL. Please keep in mind this is HIGHLY INSECURE and is NOT RECOMMENDED!"
- output "If you panel has SSL, your daemon must have SSL as well."
- read RESPONSE
- USE_SSL=true
- if [[ "${RESPONSE}" =~ ^([nN][oO]|[nN])+$ ]]; then
- USE_SSL=false
- fi
- if [ $USE_SSL = "true" ]; then
- dns_check
- fi
- dns_check(){
- output "Please enter your FQDN (panel.yourdomain.com):"
- read FQDN
- if [[ "${FQDN}" == *falixnode* ]] || [[ "${FQDN}" == *bjncloud* ]]; then
- output "Blacklisted Domain."
- exit 96
- fi
- output "Resolving DNS."
- SERVER_IP=$(curl -s http://checkip.amazonaws.com)
- DOMAIN_RECORD=$(dig +short ${FQDN})
- if [ "${SERVER_IP}" != "${DOMAIN_RECORD}" ]; then
- output ""
- output "The entered domain does not resolve to the primary public IP of this server."
- output "Please make an A record pointing to your server's ip. For example, if you make an A record called 'panel' pointing to your server's ip, your FQDN is panel.yourdomain.tld"
- output "If you are using Cloudflare, please disable the orange cloud."
- output "If you do not have a domain, you can get a free one at https://www.freenom.com/en/index.html?lang=en."
- dns_check
- else
- output "Domain resolved correctly. Good to go."
- fi
- theme() {
- output "Theme installation initialized."
- cd /var/www/pterodactyl
- if [ "$themeoption" = "1" ]; then
- output "Keeping Pterodactyl's vanilla theme."
- elif [ "$themeoption" = "2" ]; then
- curl https://raw.githubusercontent.com/TheFonix/Pterodactyl-Themes/master/MasterThemes/TangoTwist/build.sh | sh
- elif [ "$themeoption" = "3" ]; then
- curl https://raw.githubusercontent.com/TheFonix/Pterodactyl-Themes/master/MasterThemes/BlueBrick/build.sh | sh
- elif [ "$themeoption" = "4" ]; then
- curl https://raw.githubusercontent.com/TheFonix/Pterodactyl-Themes/master/MasterThemes/MinecraftMadness/build.sh | sh
- elif [ "$themeoption" = "5" ]; then
- curl https://raw.githubusercontent.com/TheFonix/Pterodactyl-Themes/master/MasterThemes/LimeStitch/build.sh | sh
- elif [ "$themeoption" = "6" ]; then
- curl https://raw.githubusercontent.com/TheFonix/Pterodactyl-Themes/master/MasterThemes/RedApe/build.sh | sh
- elif [ "$themeoption" = "7" ]; then
- curl https://raw.githubusercontent.com/TheFonix/Pterodactyl-Themes/master/MasterThemes/BlackEndSpace/build.sh | sh
- elif [ "$themeoption" = "8" ]; then
- curl https://raw.githubusercontent.com/TheFonix/Pterodactyl-Themes/master/MasterThemes/NothingButGraphite/build.sh | sh
- fi
- php artisan view:clear
- php artisan cache:clear
- repositories_setup(){
- output "Configuring your repositories."
- if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
- apt-get -y install sudo
- apt-get -y install software-properties-common iptables
- echo 'Acquire::ForceIPv4 "true";' | sudo tee /etc/apt/apt.conf.d/99force-ipv4
- apt-get -y update
- if [ "$lsb_dist" = "ubuntu" ]; then
- LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php
- add-apt-repository -y ppa:chris-lea/redis-server
- add-apt-repository -y ppa:certbot/certbot
- add-apt-repository -y ppa:nginx/development
- if [ "$dist_version" = "19.04" ]; then
- sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
- if [ "$db" = "mariadb" ]; then
- sudo add-apt-repository 'deb [arch=amd64] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.4/ubuntu disco main'
- fi
- apt -y install tuned
- tuned-adm profile latency-performance
- elif [ "$dist_version" = "18.10" ]; then
- apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
- if [ "$db" = "mariadb" ]; then
- add-apt-repository 'deb [arch=amd64] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.3/ubuntu cosmic main'
- fi
- apt -y install tuned
- tuned-adm profile latency-performance
- elif [ "$dist_version" = "18.04" ]; then
- apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
- if [ "$db" = "mariadb" ]; then
- add-apt-repository 'deb [arch=amd64,arm64,ppc64el] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.4/ubuntu bionic main'
- fi
- apt -y install tuned
- tuned-adm profile latency-performance
- elif [ "$dist_version" = "16.04" ]; then
- sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
- if [ "$db" = "mariadb" ]; then
- sudo add-apt-repository 'deb [arch=amd64,arm64,i386,ppc64el] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.4/ubuntu xenial main'
- fi
- apt -y install tuned
- tuned-adm profile latency-performance
- fi
- elif [ "$lsb_dist" = "debian" ]; then
- apt-get -y install ca-certificates apt-transport-https
- echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/php.list
- if [ "$dist_version" = "10" ]; then
- apt -y install software-properties-common dirmngr
- wget -q https://packages.sury.org/php/apt.gpg -O- | sudo apt-key add -
- if [ "$db" = "mariadb" ]; then
- sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xF1656F24C74CD1D8
- sudo add-apt-repository 'deb [arch=amd64] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.4/debian buster main'
- fi
- apt -y install tuned
- tuned-adm profile latency-performance
- elif [ "$dist_version" = "9" ]; then
- apt -y install software-properties-common dirmngr
- wget -q https://packages.sury.org/php/apt.gpg -O- | sudo apt-key add -
- if [ "$db" = "mariadb" ]; then
- sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xF1656F24C74CD1D8
- sudo add-apt-repository 'deb [arch=amd64,i386,ppc64el] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.4/debian stretch main'
- fi
- elif [ "$dist_version" = "8" ]; then
- apt -y install software-properties-common
- wget -q https://packages.sury.org/php/apt.gpg -O- | sudo apt-key add -
- if [ "$db" = "mariadb" ]; then
- sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db
- sudo add-apt-repository 'deb [arch=amd64,i386,ppc64el] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.4/debian jessie main'
- fi
- fi
- fi
- apt-get -y update
- apt-get -y upgrade
- apt-get -y autoremove
- apt-get -y autoclean
- apt-get -y install dnsutils curl
- elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
- if [ "$lsb_dist" = "fedora" ] && [ "$dist_version" = "30" ]; then
- bash -c 'cat > /etc/yum.repos.d/nginx.repo' <<-'EOF'
- [heffer-nginx-mainline]
- name=Copr repo for nginx-mainline owned by heffer
- baseurl=https://copr-be.cloud.fedoraproject.org/results/heffer/nginx-mainline/fedora-$releasever-$basearch/
- type=rpm-md
- skip_if_unavailable=True
- gpgcheck=1
- gpgkey=https://copr-be.cloud.fedoraproject.org/results/heffer/nginx-mainline/pubkey.gpg
- repo_gpgcheck=0
- enabled=1
- enabled_metadata=1
- if [ "$db" = "mariadb" ]; then
- bash -c 'cat > /etc/yum.repos.d/mariadb.repo' <<-'EOF'
- [mariadb]
- name = MariaDB
- baseurl = http://yum.mariadb.org/10.4/fedora30-amd64
- gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
- gpgcheck=1
- fi
- if [ "$db" = "mysql-community" ]; then
- dnf install https://dev.mysql.com/get/mysql80-community-release-fc30-1.noarch.rpm
- dnf config-manager --set-disabled mysql80-community
- dnf config-manager --set-enabled mysql57-community
- fi
- dnf -y install http://rpms.remirepo.net/fedora/remi-release-30.rpm
- dnf -y install dnf-plugins-core
- dnf config-manager --set-enabled remi-php73
- dnf config-manager --set-enabled remi
- elif [ "$lsb_dist" = "fedora" ] && [ "$dist_version" = "29" ]; then
- bash -c 'cat > /etc/yum.repos.d/nginx.repo' <<-'EOF'
- [heffer-nginx-mainline]
- name=Copr repo for nginx-mainline owned by heffer
- baseurl=https://copr-be.cloud.fedoraproject.org/results/heffer/nginx-mainline/fedora-$releasever-$basearch/
- type=rpm-md
- skip_if_unavailable=True
- gpgcheck=1
- gpgkey=https://copr-be.cloud.fedoraproject.org/results/heffer/nginx-mainline/pubkey.gpg
- repo_gpgcheck=0
- enabled=1
- enabled_metadata=1
- if [ "$db" = "mariadb" ]; then
- bash -c 'cat > /etc/yum.repos.d/mariadb.repo' <<-'EOF'
- [mariadb]
- name = MariaDB
- baseurl = http://yum.mariadb.org/10.4/fedora29-amd64
- gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
- gpgcheck=1
- fi
- if [ "$db" = "mysql-community" ]; then
- dnf install https://dev.mysql.com/get/mysql80-community-release-fc29-2.noarch.rpm
- dnf config-manager --set-disabled mysql80-community
- dnf config-manager --set-enabled mysql57-community
- fi
- dnf -y install http://rpms.remirepo.net/fedora/remi-release-29.rpm
- dnf -y install dnf-plugins-core
- dnf config-manager --set-enabled remi-php73
- dnf config-manager --set-enabled remi
- elif [ "$lsb_dist" = "centos" ] && [ "$dist_version" = "7" ]; then
- bash -c 'cat > /etc/yum.repos.d/nginx.repo' <<-'EOF'
- [heffer-nginx-mainline]
- name=Copr repo for nginx-mainline owned by heffer
- baseurl=https://copr-be.cloud.fedoraproject.org/results/heffer/nginx-mainline/epel-7-$basearch/
- type=rpm-md
- skip_if_unavailable=True
- gpgcheck=1
- gpgkey=https://copr-be.cloud.fedoraproject.org/results/heffer/nginx-mainline/pubkey.gpg
- repo_gpgcheck=0
- enabled=1
- enabled_metadata=1
- if [ "$db" = "mariadb" ]; then
- bash -c 'cat > /etc/yum.repos.d/mariadb.repo' <<-'EOF'
- [mariadb]
- name = MariaDB
- baseurl = http://yum.mariadb.org/10.4/centos7-amd64
- gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
- gpgcheck=1
- fi
- yum -y install epel-release
- yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
- elif [ "$lsb_dist" = "rhel" ]; then
- bash -c 'cat > /etc/yum.repos.d/nginx.repo' <<-'EOF'
- [heffer-nginx-mainline]
- name=Copr repo for nginx-mainline owned by heffer
- baseurl=https://copr-be.cloud.fedoraproject.org/results/heffer/nginx-mainline/epel-7-$basearch/
- type=rpm-md
- skip_if_unavailable=True
- gpgcheck=1
- gpgkey=https://copr-be.cloud.fedoraproject.org/results/heffer/nginx-mainline/pubkey.gpg
- repo_gpgcheck=0
- enabled=1
- enabled_metadata=1
- if [ "$db" = "mariadb" ]; then
- bash -c 'cat > /etc/yum.repos.d/mariadb.repo' <<-'EOF'
- [mariadb]
- name = MariaDB
- baseurl = http://yum.mariadb.org/10.4/rhel7-ppc64le
- gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
- gpgcheck=1
- fi
- yum -y install epel-release
- yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
- fi
- yum -y install yum-utils tuned iptables policycoreutils-python
- tuned-adm profile latency-performance
- yum-config-manager --enable remi-php73
- yum -y upgrade
- yum -y autoremove
- yum -y clean packages
- yum -y install curl bind-utils
- fi
- install_dependencies(){
- output "Installing dependencies."
- if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
- if [ "$webserver" = "1" ]; then
- apt-get -y install php7.3 php7.3-cli php7.3-gd php7.3-mysql php7.3-pdo php7.3-mbstring php7.3-tokenizer php7.3-bcmath php7.3-xml php7.3-fpm php7.3-curl php7.3-zip curl tar unzip git redis-server nginx git wget expect jq
- elif [ "$webserver" = "2" ]; then
- apt-get -y install php7.3 php7.3-cli php7.3-gd php7.3-mysql php7.3-pdo php7.3-mbstring php7.3-tokenizer php7.3-bcmath php7.3-xml php7.3-fpm php7.3-curl php7.3-zip curl tar unzip git redis-server apache2 libapache2-mod-php7.3 redis-server git wget expect jq
- fi
- sh -c "DEBIAN_FRONTEND=noninteractive apt-get install -y ${db}-server"
- elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
- if [ "$webserver" = "1" ]; then
- yum -y install php php-common php-fpm php-cli php-json php-mysqlnd php-mcrypt php-gd php-mbstring php-pdo php-zip php-bcmath php-dom php-opcache ${db}-server redis nginx git policycoreutils-python-utils libsemanage-devel unzip wget expect jq
- elif [ "$webserver" = "2" ]; then
- yum -y install php php-common php-fpm php-cli php-json php-mysqlnd php-mcrypt php-gd php-mbstring php-pdo php-zip php-bcmath php-dom php-opcache ${db}-server redis httpd git policycoreutils-python-utils libsemanage-devel mod_ssl unzip wget expect jq
- fi
- fi
- output "Enabling Services."
- if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
- systemctl enable redis-server
- service redis-server start
- systemctl enable php7.3-fpm
- service php7.3-fpm start
- elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
- systemctl enable redis
- service redis start
- systemctl enable php-fpm
- service php-fpm start
- fi
- systemctl enable cron
- systemctl enable mariadb
- if [ "$webserver" = "1" ]; then
- systemctl enable nginx
- service nginx start
- elif [ "$webserver" = "2" ]; then
- if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
- systemctl enable apache2
- service apache2 start
- elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
- systemctl enable httpd
- service httpd start
- fi
- fi
- service cron start
- service mysql start
- install_pterodactyl() {
- output "Creating the databases and setting root password."
- password=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1`
- adminpassword=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1`
- rootpassword=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1`
- Q0="DROP DATABASE IF EXISTS test;"
- Q1="CREATE DATABASE IF NOT EXISTS panel;"
- Q2="GRANT ALL ON panel.* TO 'pterodactyl'@'127.0.0.1' IDENTIFIED BY '$password';"
- Q3="GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, ALTER, INDEX, DROP, EXECUTE, PROCESS, RELOAD, LOCK TABLES, CREATE USER ON *.* TO 'admin'@'$SERVER_IP' IDENTIFIED BY '$adminpassword' WITH GRANT OPTION;"
- Q4="SET PASSWORD FOR 'root'@'localhost' = PASSWORD('$rootpassword');"
- if [ "$db" = "mysql" ]; then
- Q5="SET PASSWORD FOR 'root'@'127.0.0.1' = PASSWORD('$rootpassword');"
- Q6="SET PASSWORD FOR 'root'@'::1' = PASSWORD('$rootpassword');"
- fi
- Q7="DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
- Q8="DELETE FROM mysql.user WHERE User='';"
- Q9="DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%';"
- Q10="FLUSH PRIVILEGES;"
- if [ "$db" = "mariadb" ]; then
- SQL="${Q0}${Q1}${Q2}${Q3}${Q4}${Q7}${Q8}${Q9}${Q10}"
- else
- SQL="${Q0}${Q1}${Q2}${Q3}${Q4}${Q5}${Q6}${Q7}${Q8}${Q9}${Q10}"
- fi
- mysql -u root -e "$SQL"
- output "Binding MariaDB/MySQL to 0.0.0.0."
- if [ -f /etc/mysql/my.cnf ] ; then
- sed -i -- 's/bind-address/# bind-address/g' /etc/mysql/my.cnf
- sed -i '/\[mysqld\]/a bind-address = 0.0.0.0' /etc/mysql/my.cnf
- output 'Restarting MySQL process...'
- service mysql restart
- elif [ -f /etc/my.cnf ] ; then
- sed -i -- 's/bind-address/# bind-address/g' /etc/my.cnf
- sed -i '/\[mysqld\]/a bind-address = 0.0.0.0' /etc/my.cnf
- output 'Restarting MySQL process...'
- service mysql restart
- elif [ -f /etc/mysql/my.conf.d/mysqld.cnf ] ; then
- sed -i -- 's/bind-address/# bind-address/g' /etc/my.cnf
- sed -i '/\[mysqld\]/a bind-address = 0.0.0.0' /etc/my.cnf
- output 'Restarting MySQL process...'
- service mysql restart
- else
- output 'File my.cnf was not found! Please contact support.'
- output "Downloading Pterodactyl."
- mkdir -p /var/www/pterodactyl
- cd /var/www/pterodactyl
- curl -Lo panel.tar.gz https://github.com/pterodactyl/panel/releases/download/v0.7.15/panel.tar.gz
- tar --strip-components=1 -xzvf panel.tar.gz
- chmod -R 755 storage/* bootstrap/cache/
- output "Installing Pterodactyl."
- curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer
- cp .env.example .env
- if [ "$lsb_dist" = "rhel" ]; then
- yum -y install composer
- composer update
- else
- composer install --no-dev --optimize-autoloader
- fi
- php artisan key:generate --force
- php artisan p:environment:setup -n --author=$email --url=https://$FQDN --timezone=America/New_York --cache=redis --session=database --queue=redis --redis-host=127.0.0.1 --redis-pass= --redis-port=6379
- php artisan p:environment:database --host=127.0.0.1 --port=3306 --database=panel --username=pterodactyl --password=$password
- output "To use PHP's internal mail sending, select [mail]. To use a custom SMTP server, select [smtp]. TLS Encryption is recommended."
- php artisan p:environment:mail
- php artisan migrate --seed --force
- php artisan p:user:make --email=$email --admin=1
- if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
- chown -R www-data:www-data * /var/www/pterodactyl
- elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
- if [ "$webserver" = "1" ]; then
- chown -R nginx:nginx * /var/www/pterodactyl
- elif [ "$webserver" = "2" ]; then
- chown -R apache:apache * /var/www/pterodactyl
- fi
- semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/pterodactyl/storage(/.*)?"
- restorecon -R /var/www/pterodactyl
- fi
- output "Creating panel queue listeners"
- (crontab -l ; echo "* * * * * php /var/www/pterodactyl/artisan schedule:run >> /dev/null 2>&1")| crontab -
- service cron restart
- if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
- cat > /etc/systemd/system/pteroq.service <<- 'EOF'
- [Unit]
- Description=Pterodactyl Queue Worker
- After=redis-server.service
- [Service]
- User=www-data
- Group=www-data
- Restart=always
- ExecStart=/usr/bin/php /var/www/pterodactyl/artisan queue:work --queue=high,standard,low --sleep=3 --tries=3
- [Install]
- WantedBy=multi-user.target
- elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
- if [ "$webserver" = "1" ]; then
- cat > /etc/systemd/system/pteroq.service <<- 'EOF'
- Description=Pterodactyl Queue Worker
- After=redis-server.service
- [Service]
- User=nginx
- Group=nginx
- Restart=always
- ExecStart=/usr/bin/php /var/www/pterodactyl/artisan queue:work --queue=high,standard,low --sleep=3 --tries=3
- [Install]
- WantedBy=multi-user.target
- elif [ "$webserver" = "2" ]; then
- cat > /etc/systemd/system/pteroq.service <<- 'EOF'
- [Unit]
- Description=Pterodactyl Queue Worker
- After=redis-server.service
- [Service]
- User=apache
- Group=apache
- Restart=always
- ExecStart=/usr/bin/php /var/www/pterodactyl/artisan queue:work --queue=high,standard,low --sleep=3 --tries=3
- [Install]
- WantedBy=multi-user.target
- fi
- semanage permissive -a redis_t
- fi
- sudo systemctl daemon-reload
- systemctl enable pteroq.service
- systemctl start pteroq
- upgrade_pterodactyl(){
- cd /var/www/pterodactyl
- php artisan down
- curl -L https://github.com/pterodactyl/panel/releases/download/v0.7.15/panel.tar.gz | tar --strip-components=1 -xzv
- chmod -R 755 storage/* bootstrap/cache
- composer install --no-dev --optimize-autoloader
- php artisan view:clear
- php artisan config:clear
- php artisan migrate --force
- php artisan db:seed --force
- chown -R www-data:www-data * /var/www/pterodactyl
- if [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
- chown -R apache:apache * /var/www/pterodactyl
- chown -R nginx:nginx * /var/www/pterodactyl
- semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/pterodactyl/storage(/.*)?"
- restorecon -R /var/www/pterodactyl
- fi
- output "Your panel has been updated to version 0.7.15."
- php artisan up
- php artisan queue:restart
- nginx_config() {
- output "Disabling default configuration"
- rm -rf /etc/nginx/sites-enabled/default
- output "Configuring Nginx Webserver"
- echo '
- server_tokens off;
- set_real_ip_from 103.21.244.0/22;
- set_real_ip_from 103.22.200.0/22;
- set_real_ip_from 103.31.4.0/22;
- set_real_ip_from 104.16.0.0/12;
- set_real_ip_from 108.162.192.0/18;
- set_real_ip_from 131.0.72.0/22;
- set_real_ip_from 141.101.64.0/18;
- set_real_ip_from 162.158.0.0/15;
- set_real_ip_from 172.64.0.0/13;
- set_real_ip_from 173.245.48.0/20;
- set_real_ip_from 188.114.96.0/20;
- set_real_ip_from 190.93.240.0/20;
- set_real_ip_from 197.234.240.0/22;
- set_real_ip_from 198.41.128.0/17;
- set_real_ip_from 2400:cb00::/32;
- set_real_ip_from 2606:4700::/32;
- set_real_ip_from 2803:f800::/32;
- set_real_ip_from 2405:b500::/32;
- set_real_ip_from 2405:8100::/32;
- set_real_ip_from 2c0f:f248::/32;
- set_real_ip_from 2a06:98c0::/29;
- real_ip_header X-Forwarded-For;
- server {
- listen 80;
- server_name '"$FQDN"';
- return 301 https://$server_name$request_uri;
- server {
- listen 443 ssl http2;
- server_name '"$FQDN"';
- root /var/www/pterodactyl/public;
- index index.php;
- access_log /var/log/nginx/pterodactyl.app-access.log;
- error_log /var/log/nginx/pterodactyl.app-error.log error;
- # allow larger file uploads and longer script runtimes
- client_max_body_size 100m;
- client_body_timeout 120s;
- sendfile off;
- # SSL Configuration
- ssl_certificate /etc/letsencrypt/live/'"$FQDN"'/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/'"$FQDN"'/privkey.pem;
- ssl_session_cache shared:SSL:10m;
- ssl_protocols TLSv1.2;
- ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
- ssl_prefer_server_ciphers on;
- # See https://hstspreload.org/ before uncommenting the line below.
- # add_header Strict-Transport-Security "max-age=15768000; preload;";
- add_header X-Content-Type-Options nosniff;
- add_header X-XSS-Protection "1; mode=block";
- add_header X-Robots-Tag none;
- add_header Content-Security-Policy "frame-ancestors 'self'";
- add_header X-Frame-Options DENY;
- add_header Referrer-Policy same-origin;
- location / {
- try_files $uri $uri/ /index.php?$query_string;
- }
- location ~ \.php$ {
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
- fastcgi_index index.php;
- include fastcgi_params;
- fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M";
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_param HTTP_PROXY "";
- fastcgi_intercept_errors off;
- fastcgi_buffer_size 16k;
- fastcgi_buffers 4 16k;
- fastcgi_connect_timeout 300;
- fastcgi_send_timeout 300;
- fastcgi_read_timeout 300;
- include /etc/nginx/fastcgi_params;
- }
- location ~ /\.ht {
- deny all;
- }
- ' | sudo -E tee /etc/nginx/sites-available/pterodactyl.conf >/dev/null 2>&1
- ln -s /etc/nginx/sites-available/pterodactyl.conf /etc/nginx/sites-enabled/pterodactyl.conf
- service nginx restart
- nginx_config_nossl() {
- output "Disabling default configuration"
- rm -rf /etc/nginx/sites-enabled/default
- output "Configuring Nginx Webserver"
- echo '
- server_tokens off;
- set_real_ip_from 103.21.244.0/22;
- set_real_ip_from 103.22.200.0/22;
- set_real_ip_from 103.31.4.0/22;
- set_real_ip_from 104.16.0.0/12;
- set_real_ip_from 108.162.192.0/18;
- set_real_ip_from 131.0.72.0/22;
- set_real_ip_from 141.101.64.0/18;
- set_real_ip_from 162.158.0.0/15;
- set_real_ip_from 172.64.0.0/13;
- set_real_ip_from 173.245.48.0/20;
- set_real_ip_from 188.114.96.0/20;
- set_real_ip_from 190.93.240.0/20;
- set_real_ip_from 197.234.240.0/22;
- set_real_ip_from 198.41.128.0/17;
- set_real_ip_from 2400:cb00::/32;
- set_real_ip_from 2606:4700::/32;
- set_real_ip_from 2803:f800::/32;
- set_real_ip_from 2405:b500::/32;
- set_real_ip_from 2405:8100::/32;
- set_real_ip_from 2c0f:f248::/32;
- set_real_ip_from 2a06:98c0::/29;
- real_ip_header X-Forwarded-For;
- server {
- listen 80 default_server;
- server_name _;
- root /var/www/pterodactyl/public;
- index index.php;
- access_log /var/log/nginx/pterodactyl.app-access.log;
- error_log /var/log/nginx/pterodactyl.app-error.log error;
- # allow larger file uploads and longer script runtimes
- client_max_body_size 100m;
- client_body_timeout 120s;
- sendfile off;
- location / {
- try_files $uri $uri/ /index.php?$query_string;
- }
- location ~ \.php$ {
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
- fastcgi_index index.php;
- include fastcgi_params;
- fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M";
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_param HTTP_PROXY "";
- fastcgi_intercept_errors off;
- fastcgi_buffer_size 16k;
- fastcgi_buffers 4 16k;
- fastcgi_connect_timeout 300;
- fastcgi_send_timeout 300;
- fastcgi_read_timeout 300;
- include /etc/nginx/fastcgi_params;
- }
- location ~ /\.ht {
- deny all;
- }
- ' | sudo -E tee /etc/nginx/sites-available/pterodactyl.conf >/dev/null 2>&1
- ln -s /etc/nginx/sites-available/pterodactyl.conf /etc/nginx/sites-enabled/pterodactyl.conf
- service nginx restart
- apache_config() {
- output "Disabling default configuration"
- rm -rf /etc/nginx/sites-enabled/default
- output "Configuring Apache2"
- echo '
- <VirtualHost *:80>
- ServerName '"$FQDN"'
- RewriteEngine On
- RewriteCond %{HTTPS} !=on
- RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
- </VirtualHost>
- <VirtualHost *:443>
- ServerName '"$FQDN"'
- DocumentRoot "/var/www/pterodactyl/public"
- AllowEncodedSlashes On
- php_value upload_max_filesize 100M
- php_value post_max_size 100M
- <Directory "/var/www/pterodactyl/public">
- AllowOverride all
- </Directory>
- SSLEngine on
- SSLCertificateFile /etc/letsencrypt/live/'"$FQDN"'/fullchain.pem
- SSLCertificateKeyFile /etc/letsencrypt/live/'"$FQDN"'/privkey.pem
- </VirtualHost>
- ' | sudo -E tee /etc/apache2/sites-available/pterodactyl.conf >/dev/null 2>&1
- ln -s /etc/apache2/sites-available/pterodactyl.conf /etc/apache2/sites-enabled/pterodactyl.conf
- a2enmod ssl
- a2enmod rewrite
- service apache2 restart
- nginx_config_redhat(){
- output "Configuring Nginx Webserver"
- echo '
- server_tokens off;
- set_real_ip_from 103.21.244.0/22;
- set_real_ip_from 103.22.200.0/22;
- set_real_ip_from 103.31.4.0/22;
- set_real_ip_from 104.16.0.0/12;
- set_real_ip_from 108.162.192.0/18;
- set_real_ip_from 131.0.72.0/22;
- set_real_ip_from 141.101.64.0/18;
- set_real_ip_from 162.158.0.0/15;
- set_real_ip_from 172.64.0.0/13;
- set_real_ip_from 173.245.48.0/20;
- set_real_ip_from 188.114.96.0/20;
- set_real_ip_from 190.93.240.0/20;
- set_real_ip_from 197.234.240.0/22;
- set_real_ip_from 198.41.128.0/17;
- set_real_ip_from 2400:cb00::/32;
- set_real_ip_from 2606:4700::/32;
- set_real_ip_from 2803:f800::/32;
- set_real_ip_from 2405:b500::/32;
- set_real_ip_from 2405:8100::/32;
- set_real_ip_from 2c0f:f248::/32;
- set_real_ip_from 2a06:98c0::/29;
- real_ip_header X-Forwarded-For;
- server {
- listen 80;
- server_name '"$FQDN"';
- return 301 https://$server_name$request_uri;
- server {
- listen 443 ssl http2;
- server_name '"$FQDN"';
- root /var/www/pterodactyl/public;
- index index.php;
- access_log /var/log/nginx/pterodactyl.app-access.log;
- error_log /var/log/nginx/pterodactyl.app-error.log error;
- # allow larger file uploads and longer script runtimes
- client_max_body_size 100m;
- client_body_timeout 120s;
- sendfile off;
- # strengthen ssl security
- ssl_certificate /etc/letsencrypt/live/'"$FQDN"'/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/'"$FQDN"'/privkey.pem;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_prefer_server_ciphers on;
- ssl_session_cache shared:SSL:10m;
- ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
- # See the link below for more SSL information:
- # https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
- #
- # ssl_dhparam /etc/ssl/certs/dhparam.pem;
- # Add headers to serve security related headers
- add_header Strict-Transport-Security "max-age=15768000; preload;";
- add_header X-Content-Type-Options nosniff;
- add_header X-XSS-Protection "1; mode=block";
- add_header X-Robots-Tag none;
- add_header Content-Security-Policy "frame-ancestors 'self'";
- location / {
- try_files $uri $uri/ /index.php?$query_string;
- }
- location ~ \.php$ {
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- fastcgi_pass unix:/var/run/php-fpm/pterodactyl.sock;
- fastcgi_index index.php;
- include fastcgi_params;
- fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M";
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_param HTTP_PROXY "";
- fastcgi_intercept_errors off;
- fastcgi_buffer_size 16k;
- fastcgi_buffers 4 16k;
- fastcgi_connect_timeout 300;
- fastcgi_send_timeout 300;
- fastcgi_read_timeout 300;
- include /etc/nginx/fastcgi_params;
- }
- location ~ /\.ht {
- deny all;
- }
- ' | sudo -E tee /etc/nginx/conf.d/pterodactyl.conf >/dev/null 2>&1
- service nginx restart
- chown -R nginx:nginx $(pwd)
- semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/pterodactyl/storage(/.*)?"
- restorecon -R /var/www/pterodactyl
- nginx_config_redhat_nossl(){
- output "Configuring Nginx Webserver"
- echo '
- server_tokens off;
- set_real_ip_from 103.21.244.0/22;
- set_real_ip_from 103.22.200.0/22;
- set_real_ip_from 103.31.4.0/22;
- set_real_ip_from 104.16.0.0/12;
- set_real_ip_from 108.162.192.0/18;
- set_real_ip_from 131.0.72.0/22;
- set_real_ip_from 141.101.64.0/18;
- set_real_ip_from 162.158.0.0/15;
- set_real_ip_from 172.64.0.0/13;
- set_real_ip_from 173.245.48.0/20;
- set_real_ip_from 188.114.96.0/20;
- set_real_ip_from 190.93.240.0/20;
- set_real_ip_from 197.234.240.0/22;
- set_real_ip_from 198.41.128.0/17;
- set_real_ip_from 2400:cb00::/32;
- set_real_ip_from 2606:4700::/32;
- set_real_ip_from 2803:f800::/32;
- set_real_ip_from 2405:b500::/32;
- set_real_ip_from 2405:8100::/32;
- set_real_ip_from 2c0f:f248::/32;
- set_real_ip_from 2a06:98c0::/29;
- real_ip_header X-Forwarded-For;
- server {
- listen 80 default_server;
- server_name _;
- root /var/www/pterodactyl/public;
- index index.php;
- access_log /var/log/nginx/pterodactyl.app-access.log;
- error_log /var/log/nginx/pterodactyl.app-error.log error;
- # allow larger file uploads and longer script runtimes
- client_max_body_size 100m;
- client_body_timeout 120s;
- sendfile off;
- location / {
- try_files $uri $uri/ /index.php?$query_string;
- }
- location ~ \.php$ {
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- fastcgi_pass unix:/var/run/php-fpm/pterodactyl.sock;
- fastcgi_index index.php;
- include fastcgi_params;
- fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M";
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_param HTTP_PROXY "";
- fastcgi_intercept_errors off;
- fastcgi_buffer_size 16k;
- fastcgi_buffers 4 16k;
- fastcgi_connect_timeout 300;
- fastcgi_send_timeout 300;
- fastcgi_read_timeout 300;
- include /etc/nginx/fastcgi_params;
- }
- location ~ /\.ht {
- deny all;
- }
- ' | sudo -E tee /etc/nginx/conf.d/pterodactyl.conf >/dev/null 2>&1
- service nginx restart
- chown -R nginx:nginx $(pwd)
- semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/pterodactyl/storage(/.*)?"
- restorecon -R /var/www/pterodactyl
- apache_config_redhat() {
- output "Configuring Apache2"
- echo '
- <VirtualHost *:80>
- ServerName '"$FQDN"'
- RewriteEngine On
- RewriteCond %{HTTPS} !=on
- RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
- </VirtualHost>
- <VirtualHost *:443>
- ServerName '"$FQDN"'
- DocumentRoot "/var/www/pterodactyl/public"
- AllowEncodedSlashes On
- <Directory "/var/www/pterodactyl/public">
- AllowOverride all
- </Directory>
- SSLEngine on
- SSLCertificateFile /etc/letsencrypt/live/'"$FQDN"'/fullchain.pem
- SSLCertificateKeyFile /etc/letsencrypt/live/'"$FQDN"'/privkey.pem
- </VirtualHost>
- ' | sudo -E tee /etc/httpd/conf.d/pterodactyl.conf >/dev/null 2>&1
- service httpd restart
- php_config(){
- output "Configuring PHP socket."
- bash -c 'cat > /etc/php-fpm.d/www-pterodactyl.conf' <<-'EOF'
- [pterodactyl]
- user = nginx
- group = nginx
- listen = /var/run/php-fpm/pterodactyl.sock
- listen.owner = nginx
- listen.group = nginx
- listen.mode = 0750
- pm = ondemand
- pm.max_children = 9
- pm.process_idle_timeout = 10s
- pm.max_requests = 200
- systemctl restart php-fpm
- webserver_config(){
- if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
- if [ "$webserver" = "1" ]; then
- nginx_config
- elif [ "$webserver" = "2" ]; then
- apache_config
- fi
- elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
- if [ "$webserver" = "1" ]; then
- php_config
- nginx_config_redhat
- elif [ "$webserver" = "2" ]; then
- apache_config_redhat
- fi
- fi
- setup_pterodactyl(){
- install_dependencies
- install_pterodactyl
- ssl_certs
- webserver_config
- theme
- install_daemon() {
- cd /root
- output "Installing Pterodactyl Daemon dependencies."
- if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
- apt-get -y install curl tar unzip
- elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
- yum -y install curl tar unzip
- fi
- if [ "$lsb_dist" = "ubuntu" ] && [ "$dist_version" = "19.04" ]; then
- apt -y install docker.io
- else
- output "Installing Docker"
- curl -sSL https://get.docker.com/ | CHANNEL=stable bash
- fi
- service docker start
- systemctl enable docker
- output "Enabling Swap support for Docker & Installing NodeJS."
- sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="[^"]*/& swapaccount=1/' /etc/default/grub
- if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
- sudo update-grub
- curl -sL https://deb.nodesource.com/setup_10.x | sudo bash -
- if [ "$lsb_dist" = "ubuntu" ] && [ "$dist_version" = "19.04" ]; then
- apt -y install nodejs make gcc g++
- elif [ "$lsb_dist" = "debian" ] && [ "$dist_version" = "10" ]; then
- apt -y install nodejs make gcc g++
- else
- apt -y install nodejs make gcc g++ node-gyp
- fi
- apt-get -y update
- apt-get -y upgrade
- apt-get -y autoremove
- apt-get -y autoclean
- elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
- grub2-mkconfig -o "$(readlink /etc/grub2.conf)"
- curl --silent --location https://rpm.nodesource.com/setup_10.x | sudo bash -
- yum -y install nodejs gcc-c++ make
- yum -y upgrade
- yum -y autoremove
- yum -y clean packages
- semanage permissive -a httpd_t
- fi
- output "Installing the Pterodactyl Daemon."
- mkdir -p /srv/daemon /srv/daemon-data
- cd /srv/daemon
- curl -L https://github.com/pterodactyl/daemon/releases/download/v0.6.12/daemon.tar.gz | tar --strip-components=1 -xzv
- npm install --only=production
- bash -c 'cat > /etc/systemd/system/wings.service' <<-'EOF'
- [Unit]
- Description=Pterodactyl Wings Daemon
- After=docker.service
- [Service]
- User=root
- #Group=some_group
- WorkingDirectory=/srv/daemon
- LimitNOFILE=4096
- PIDFile=/var/run/wings/daemon.pid
- ExecStart=/usr/bin/node /srv/daemon/src/index.js
- Restart=on-failure
- StartLimitInterval=600
- [Install]
- WantedBy=multi-user.target
- systemctl daemon-reload
- systemctl enable wings
- if [ "$lsb_dist" = "debian" ] && [ "$dist_version" = "8" ]; then
- kernel_modifications_d8
- fi
- output "Daemon installation is nearly complete, Please go to the panel and get your 'Auto deploy' command in the node configuration tab."
- output "Paste your auto deploy command below: "
- read AUTODEPLOY
- ${AUTODEPLOY}
- service wings start
- upgrade_daemon(){
- cd /srv/daemon
- service wings stop
- curl -L https://github.com/pterodactyl/daemon/releases/download/v0.6.12/daemon.tar.gz | tar --strip-components=1 -xzv
- npm install -g npm
- npm install --only=production
- service wings restart
- output "Your daemon has been updated to version 0.6.12."
- output "npm has been updated to the latest version."
- install_standalone_sftp(){
- cd /srv/daemon
- if [ $(cat /srv/daemon/config/core.json | jq -r '.sftp.enabled') == "null" ]; then
- output "Updating config to enable sftp-server."
- cat /srv/daemon/config/core.json | jq '.sftp.enabled |= false' > /tmp/core
- cat /tmp/core > /srv/daemon/config/core.json
- rm -rf /tmp/core
- elif [ $(cat /srv/daemon/config/core.json | jq -r '.sftp.enabled') == "false" ]; then
- output "Config already set up for golang sftp server."
- else
- output "You may have purposly set the sftp to true and that will fail."
- fi
- service wings restart
- output "Installing standalone SFTP server."
- curl -Lo sftp-server https://github.com/pterodactyl/sftp-server/releases/download/v1.0.4/sftp-server
- chmod +x sftp-server
- bash -c 'cat > /etc/systemd/system/pterosftp.service' <<-'EOF'
- [Unit]
- Description=Pterodactyl Standalone SFTP Server
- After=wings.service
- [Service]
- User=root
- WorkingDirectory=/srv/daemon
- LimitNOFILE=4096
- PIDFile=/var/run/wings/sftp.pid
- ExecStart=/srv/daemon/sftp-server
- Restart=on-failure
- StartLimitInterval=600
- [Install]
- WantedBy=multi-user.target
- systemctl enable pterosftp
- service pterosftp restart
- upgrade_standalone_sftp(){
- output "Turning off the standalone SFTP server."
- service pterosftp stop
- curl -Lo sftp-server https://github.com/pterodactyl/sftp-server/releases/download/v1.0.4/sftp-server
- chmod +x sftp-server
- service pterosftp start
- output "Your standalone SFTP server has been updated to v1.0.4"
- install_mobile(){
- cd /var/www/pterodactyl
- composer config repositories.cloud composer https://packages.pterodactyl.cloud
- composer require friendsofphp/php-cs-fixer 2.15.1 --dev
- composer require pterodactyl/mobile-addon --update-no-dev --optimize-autoloader
- php artisan migrate --force
- install_phpmyadmin(){
- output "Installing phpMyAdmin."
- cd /var/www/pterodactyl/public
- rm -rf phpmyadmin
- wget https://files.phpmyadmin.net/phpMyAdmin/4.9.0.1/phpMyAdmin-4.9.0.1-all-languages.zip
- unzip phpMyAdmin-4.9.1-all-languages.zip
- mv phpMyAdmin-4.9.1-all-languages phpmyadmin
- rm -rf phpMyAdmin-4.9.1-all-languages.zip
- cd /var/www/pterodactyl/public/phpmyadmin
- SERVER_IP=$(curl -s http://checkip.amazonaws.com)
- BOWFISH=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 34 | head -n 1`
- bash -c 'cat > /var/www/pterodactyl/public/phpmyadmin/config.inc.php' <<EOF
- <?php
- /* Servers configuration */
- \$i = 0;
- /* Server: MariaDB [1] */
- \$i++;
- \$cfg['Servers'][\$i]['verbose'] = 'MariaDB';
- \$cfg['Servers'][\$i]['host'] = '${SERVER_IP}';
- \$cfg['Servers'][\$i]['port'] = '';
- \$cfg['Servers'][\$i]['socket'] = '';
- \$cfg['Servers'][\$i]['auth_type'] = 'cookie';
- \$cfg['Servers'][\$i]['user'] = 'root';
- \$cfg['Servers'][\$i]['password'] = '';
- /* End of servers configuration */
- \$cfg['blowfish_secret'] = '${BOWFISH}';
- \$cfg['DefaultLang'] = 'en';
- \$cfg['ServerDefault'] = 1;
- \$cfg['UploadDir'] = '';
- \$cfg['SaveDir'] = '';
- \$cfg['CaptchaLoginPublicKey'] = '6LcJcjwUAAAAAO_Xqjrtj9wWufUpYRnK6BW8lnfn';
- \$cfg['CaptchaLoginPrivateKey'] = '6LcJcjwUAAAAALOcDJqAEYKTDhwELCkzUkNDQ0J5'
- ?>
- output "Installation completed."
- if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
- chown -R www-data:www-data * /var/www/pterodactyl
- elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
- chown -R apache:apache * /var/www/pterodactyl
- chown -R nginx:nginx * /var/www/pterodactyl
- semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/pterodactyl/storage(/.*)?"
- restorecon -R /var/www/pterodactyl
- fi
- kernel_modifications_d8(){
- output "Modifying Grub."
- sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="[^"]*/& cgroup_enable=memory/' /etc/default/grub
- output "Adding backport repositories."
- echo deb http://http.debian.net/debian jessie-backports main > /etc/apt/sources.list.d/jessie-backports.list
- echo deb http://http.debian.net/debian jessie-backports main contrib non-free > /etc/apt/sources.list.d/jessie-backports.list
- output "Updating Server Packages."
- apt-get -y update
- apt-get -y upgrade
- apt-get -y autoremove
- apt-get -y autoclean
- output"Installing new kernel"
- apt install -t jessie-backports linux-image-4.9.0-0.bpo.7-amd64
- output "Modifying Docker."
- sed -i 's,/usr/bin/dockerd,/usr/bin/dockerd --storage-driver=overlay2,g' /lib/systemd/system/docker.service
- systemctl daemon-reload
- service docker start
- ssl_certs(){
- output "Installing LetsEncrypt and creating an SSL certificate."
- cd /root
- if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
- if [ "$lsb_dist" = "debian" ] && [ "$dist_version" = "8" ]; then
- wget https://dl.eff.org/certbot-auto
- chmod a+x certbot-auto
- else
- apt-get -y install certbot
- fi
- elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
- yum -y install certbot
- fi
- if [ "$webserver" = "1" ]; then
- service nginx stop
- elif [ "$webserver" = "2" ]; then
- if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
- service apache2 stop
- elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
- service httpd stop
- fi
- fi
- if [ "$lsb_dist" = "debian" ] && [ "$dist_version" = "8" ]; then
- ./certbot-auto certonly --standalone --email "$email" --agree-tos -d "$FQDN" --non-interactive
- else
- certbot certonly --standalone --email "$email" --agree-tos -d "$FQDN" --non-interactive
- fi
- if [ "$installoption" = "2" ]; then
- if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
- ufw deny 80
- elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
- firewall-cmd --permanent --remove-port=80/tcp
- firewall-cmd --reload
- fi
- else
- if [ "$webserver" = "1" ]; then
- service nginx restart
- elif [ "$webserver" = "2" ]; then
- if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
- service apache2 restart
- elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
- service httpd restart
- fi
- fi
- fi
- if [ "$lsb_dist" = "debian" ] && [ "$dist_version" = "8" ]; then
- apt -y install cronie
- if [ "$installoption" = "1" ]; then
- if [ "$webserver" = "1" ]; then
- (crontab -l ; echo "0 0,12 * * * ./certbot-auto renew --pre-hook "service nginx stop" --post-hook "service nginx restart" >> /dev/null 2>&1")| crontab -
- elif [ "$webserver" = "2" ]; then
- (crontab -l ; echo "0 0,12 * * * ./certbot-auto renew --pre-hook "service apache2 stop" --post-hook "service apache2 restart" >> /dev/null 2>&1")| crontab -
- fi
- elif [ "$installoption" = "2" ]; then
- (crontab -l ; echo "0 0,12 * * * ./certbot-auto renew --pre-hook "ufw allow 80" --pre-hook "service wings stop" --post-hook "ufw deny 80" --post-hook "service wings restart" >> /dev/null 2>&1")| crontab -
- elif [ "$installoption" = "3" ]; then
- if [ "$webserver" = "1" ]; then
- (crontab -l ; echo "0 0,12 * * * ./certbot-auto renew --pre-hook "service nginx stop" --pre-hook "service wings stop" --post-hook "service nginx restart" --post-hook "service wings restart" >> /dev/null 2>&1")| crontab -
- elif [ "$webserver" = "2" ]; then
- (crontab -l ; echo "0 0,12 * * * ./certbot-auto renew --pre-hook "service apache2 stop" --pre-hook "service wings stop" --post-hook "service apache2 restart" --post-hook "service wings restart" >> /dev/null 2>&1")| crontab -
- fi
- fi
- elif [ "$lsb_dist" = "debian" ] || [ "$lsb_dist" = "ubuntu" ]; then
- apt -y install cronie
- if [ "$installoption" = "1" ]; then
- if [ "$webserver" = "1" ]; then
- (crontab -l ; echo "0 0,12 * * * certbot renew --pre-hook "service nginx stop" --post-hook "service nginx restart" >> /dev/null 2>&1")| crontab -
- elif [ "$webserver" = "2" ]; then
- (crontab -l ; echo "0 0,12 * * * certbot renew --pre-hook "service apache2 stop" --post-hook "service apache2 restart" >> /dev/null 2>&1")| crontab -
- fi
- elif [ "$installoption" = "2" ]; then
- (crontab -l ; echo "0 0,12 * * * certbot renew --pre-hook "ufw allow 80" --pre-hook "service wings stop" --post-hook "ufw deny 80" --post-hook "service wings restart" >> /dev/null 2>&1")| crontab -
- elif [ "$installoption" = "3" ]; then
- if [ "$webserver" = "1" ]; then
- (crontab -l ; echo "0 0,12 * * * certbot renew --pre-hook "service nginx stop" --pre-hook "service wings stop" --post-hook "service nginx restart" --post-hook "service wings restart" >> /dev/null 2>&1")| crontab -
- elif [ "$webserver" = "2" ]; then
- (crontab -l ; echo "0 0,12 * * * certbot renew --pre-hook "service apache2 stop" --pre-hook "service wings stop" --post-hook "service apache2 restart" --post-hook "service wings restart" >> /dev/null 2>&1")| crontab -
- fi
- fi
- elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
- yum -y install cronie
- if [ "$installoption" = "1" ]; then
- if [ "$webserver" = "1" ]; then
- (crontab -l ; echo "0 0,12 * * * certbot renew --pre-hook "service nginx stop" --post-hook "service nginx restart" >> /dev/null 2>&1")| crontab -
- elif [ "$webserver" = "2" ]; then
- (crontab -l ; echo "0 0,12 * * * certbot renew --pre-hook "service httpd stop" --post-hook "service httpd restart" >> /dev/null 2>&1")| crontab -
- fi
- elif [ "$installoption" = "2" ]; then
- (crontab -l ; echo "0 0,12 * * * certbot renew --pre-hook "firewall-cmd --add-port=80/tcp && firewall-cmd --reload" --pre-hook "service wings stop" --post-hook "firewall-cmd --remove-port=80/tcp && firewall-cmd --reload" --post-hook "service wings restart" >> /dev/null 2>&1")| crontab -
- elif [ "$installoption" = "3" ]; then
- if [ "$webserver" = "1" ]; then
- (crontab -l ; echo "0 0,12 * * * certbot renew --pre-hook "service nginx stop" --pre-hook "service wings stop" --post-hook "service nginx restart" --post-hook "service wings restart" >> /dev/null 2>&1")| crontab -
- elif [ "$webserver" = "2" ]; then
- (crontab -l ; echo "0 0,12 * * * certbot renew --pre-hook "service httpd stop" --pre-hook "service wings stop" --post-hook "service httpd restart" --post-hook "service wings restart" >> /dev/null 2>&1")| crontab -
- fi
- fi
- fi
- service cron restart
- javapipe_kernel(){
- output "Apply JavaPipe's kernel configurations? (https://javapipe.com/blog/iptables-ddos-protection/)"
- output "[1] Yes. (Recommended for RHEL/CentOS 7)"
- output "[2] No."
- read javapipe
- case $javapipe in
- 1) bash -c 'cat > /etc/sysctl.conf' <<-'EOF'
- kernel.printk = 4 4 1 7
- kernel.panic = 10
- kernel.sysrq = 0
- kernel.shmmax = 4294967296
- kernel.shmall = 4194304
- kernel.core_uses_pid = 1
- kernel.msgmnb = 65536
- kernel.msgmax = 65536
- vm.swappiness = 20
- vm.dirty_ratio = 80
- vm.dirty_background_ratio = 5
- fs.file-max = 2097152
- net.core.netdev_max_backlog = 262144
- net.core.rmem_default = 31457280
- net.core.rmem_max = 67108864
- net.core.wmem_default = 31457280
- net.core.wmem_max = 67108864
- net.core.somaxconn = 65535
- net.core.optmem_max = 25165824
- net.ipv4.neigh.default.gc_thresh1 = 4096
- net.ipv4.neigh.default.gc_thresh2 = 8192
- net.ipv4.neigh.default.gc_thresh3 = 16384
- net.ipv4.neigh.default.gc_interval = 5
- net.ipv4.neigh.default.gc_stale_time = 120
- net.netfilter.nf_conntrack_max = 10000000
- net.netfilter.nf_conntrack_tcp_loose = 0
- net.netfilter.nf_conntrack_tcp_timeout_established = 1800
- net.netfilter.nf_conntrack_tcp_timeout_close = 10
- net.netfilter.nf_conntrack_tcp_timeout_close_wait = 10
- net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 20
- net.netfilter.nf_conntrack_tcp_timeout_last_ack = 20
- net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 20
- net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 20
- net.netfilter.nf_conntrack_tcp_timeout_time_wait = 10
- net.ipv4.tcp_slow_start_after_idle = 0
- net.ipv4.ip_local_port_range = 1024 65000
- net.ipv4.ip_no_pmtu_disc = 1
- net.ipv4.route.flush = 1
- net.ipv4.route.max_size = 8048576
- net.ipv4.icmp_echo_ignore_broadcasts = 1
- net.ipv4.icmp_ignore_bogus_error_responses = 1
- net.ipv4.tcp_congestion_control = htcp
- net.ipv4.tcp_mem = 65536 131072 262144
- net.ipv4.udp_mem = 65536 131072 262144
- net.ipv4.tcp_rmem = 4096 87380 33554432
- net.ipv4.udp_rmem_min = 16384
- net.ipv4.tcp_wmem = 4096 87380 33554432
- net.ipv4.udp_wmem_min = 16384
- net.ipv4.tcp_max_tw_buckets = 1440000
- net.ipv4.tcp_tw_recycle = 0
- net.ipv4.tcp_tw_reuse = 1
- net.ipv4.tcp_max_orphans = 400000
- net.ipv4.tcp_window_scaling = 1
- net.ipv4.tcp_rfc1337 = 1
- net.ipv4.tcp_syncookies = 1
- net.ipv4.tcp_synack_retries = 1
- net.ipv4.tcp_syn_retries = 2
- net.ipv4.tcp_max_syn_backlog = 16384
- net.ipv4.tcp_timestamps = 1
- net.ipv4.tcp_sack = 1
- net.ipv4.tcp_fack = 1
- net.ipv4.tcp_ecn = 2
- net.ipv4.tcp_fin_timeout = 10
- net.ipv4.tcp_keepalive_time = 600
- net.ipv4.tcp_keepalive_intvl = 60
- net.ipv4.tcp_keepalive_probes = 10
- net.ipv4.tcp_no_metrics_save = 1
- net.ipv4.ip_forward = 0
- net.ipv4.conf.all.accept_redirects = 0
- net.ipv4.conf.all.send_redirects = 0
- net.ipv4.conf.all.accept_source_route = 0
- net.ipv4.conf.all.rp_filter = 1
- sysctl -p
- ;;
- 2) output "Skipping..."
- ;;
- * ) output "You did not enter a valid selection."
- javapipe_kernel
- esac
- firewall(){
- /sbin/iptables -t mangle -A PREROUTING -m conntrack --ctstate INVALID -j DROP
- /sbin/iptables -t mangle -A PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
- /sbin/iptables -t mangle -A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP
- /sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
- /sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
- /sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
- /sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
- /sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,ACK FIN -j DROP
- /sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,URG URG -j DROP
- /sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,FIN FIN -j DROP
- /sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,PSH PSH -j DROP
- /sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL ALL -j DROP
- /sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP
- /sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP
- /sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,FIN,PSH,URG -j DROP
- /sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
- /sbin/iptables -t mangle -A PREROUTING -f -j DROP
- /sbin/iptables -N port-scanning
- /sbin/iptables -A port-scanning -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s --limit-burst 2 -j RETURN
- /sbin/iptables -A port-scanning -j DROP
- (crontab -l ; echo "@reboot /sbin/iptables -t mangle -A PREROUTING -m conntrack --ctstate INVALID -j DROP >> /dev/null 2>&1")| crontab -
- (crontab -l ; echo "@reboot /sbin/iptables -t mangle -A PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP >> /dev/null 2>&1")| crontab -
- (crontab -l ; echo "@reboot /sbin/iptables -t mangle -A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP >> /dev/null 2>&1")| crontab -
- (crontab -l ; echo "@reboot /sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP >> /dev/null 2>&1")| crontab -
- (crontab -l ; echo "@reboot /sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP >> /dev/null 2>&1")| crontab -
- (crontab -l ; echo "@reboot /sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j DROP >> /dev/null 2>&1")| crontab -
- (crontab -l ; echo "@reboot /sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,RST FIN,RST -j DROP >> /dev/null 2>&1")| crontab -
- (crontab -l ; echo "@reboot /sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,ACK FIN -j DROP >> /dev/null 2>&1")| crontab -
- (crontab -l ; echo "@reboot /sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,URG URG -j DROP >> /dev/null 2>&1")| crontab -
- (crontab -l ; echo "@reboot /sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,FIN FIN -j DROP >> /dev/null 2>&1")| crontab -
- (crontab -l ; echo "@reboot /sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,PSH PSH -j DROP >> /dev/null 2>&1")| crontab -
- (crontab -l ; echo "@reboot /sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL ALL -j DROP >> /dev/null 2>&1")| crontab -
- (crontab -l ; echo "@reboot /sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP >> /dev/null 2>&1")| crontab -
- (crontab -l ; echo "@reboot /sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP >> /dev/null 2>&1")| crontab -
- (crontab -l ; echo "@reboot /sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,FIN,PSH,URG -j DROP >> /dev/null 2>&1")| crontab -
- (crontab -l ; echo "@reboot /sbin/iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP >> /dev/null 2>&1")| crontab -
- (crontab -l ; echo "@reboot /sbin/iptables -t mangle -A PREROUTING -f -j DROP >> /dev/null 2>&1")| crontab -
- (crontab -l ; echo "@reboot /sbin/iptables -N port-scanning >> /dev/null 2>&1")| crontab -
- (crontab -l ; echo "@reboot /sbin/iptables -A port-scanning -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s --limit-burst 2 -j RETURN >> /dev/null 2>&1")| crontab -
- (crontab -l ; echo "@reboot /sbin/iptables -A port-scanning -j DROP >> /dev/null 2>&1")| crontab -
- block_icmp
- javapipe_kernel
- output "Setting up Fail2Ban"
- if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
- apt -y install fail2ban
- elif [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "rhel" ]; then
- yum -y install fail2ban
- fi
- systemctl enable fail2ban
- bash -c 'cat > /etc/fail2ban/jail.local' <<-'EOF'
- [DEFAULT]
- # Ban hosts for ten hours:
- bantime = 36000
- # Override /etc/fail2ban/jail.d/00-firewalld.conf:
- banaction = iptables-multiport
- [sshd]
- enabled = true
- service fail2ban restart
- output "Configuring your firewall."
- if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
- apt-get -y install ufw
- ufw allow 22
- if [ "$installoption" = "1" ]; then
- ufw allow 80
- ufw allow 443
- ufw allow 3306
- elif [ "$installoption" = "2" ]; then
- ufw allow 80
- ufw allow 8080
- ufw allow 2022
- elif [ "$installoption" = "3" ]; then
- ufw allow 80
- ufw allow 443
- ufw allow 8080
- ufw allow 2022
- ufw allow 3306
- fi
- yes |ufw enable
- elif [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "rhel" ]; then
- yum -y install firewalld
- systemctl enable firewalld
- systemctl start firewalld
- if [ "$installoption" = "1" ]; then
- firewall-cmd --add-service=http --permanent
- firewall-cmd --add-service=https --permanent
- firewall-cmd --add-service=mysql --permanent
- elif [ "$installoption" = "2" ]; then
- firewall-cmd --permanent --add-port=80/tcp
- firewall-cmd --permanent --add-port=2022/tcp
- firewall-cmd --permanent --add-port=8080/tcp
- elif [ "$installoption" = "3" ]; then
- firewall-cmd --add-service=http --permanent
- firewall-cmd --add-service=https --permanent
- firewall-cmd --permanent --add-port=2022/tcp
- firewall-cmd --permanent --add-port=8080/tcp
- firewall-cmd --add-service=mysql --permanent
- fi
- firewall-cmd --reload
- fi
- block_icmp(){
- output "Block ICMP (Ping) Packets?"
- output "You should choose [1] if you are not using a monitoring system and [2] otherwise."
- output "[1] Yes."
- output "[2] No."
- read icmp
- case $icmp in
- 1 ) /sbin/iptables -t mangle -A PREROUTING -p icmp -j DROP
- (crontab -l ; echo "@reboot /sbin/iptables -t mangle -A PREROUTING -p icmp -j DROP >> /dev/null 2>&1")| crontab -
- ;;
- 2 ) output "Skipping rule..."
- ;;
- * ) output "You did not enter a valid selection."
- block_icmp
- esac
- mariadb_root_reset(){
- rootpassword=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1`
- Q1="SET PASSWORD FOR root@localhost = PASSWORD('$rootpassword');"
- Q2="FLUSH PRIVILEGES;"
- SQL="${Q1}${Q2}"
- mysql mysql -e "$SQL"
- output "Your MariaDB root password is $rootpassword"
- database_host_reset(){
- SERVER_IP=$(curl -s http://checkip.amazonaws.com)
- adminpassword=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1`
- Q1="SET PASSWORD FOR 'admin'@'$SERVER_IP' = PASSWORD('$adminpassword');"
- Q2="FLUSH PRIVILEGES;"
- SQL="${Q1}${Q2}"
- mysql mysql -e "$SQL"
- output "New database host information:"
- output "Host: $SERVER_IP"
- output "Port: 3306"
- output "User: admin"
- output "Password: $adminpassword"
- broadcast(){
- if [ "$installoption" = "1" ] || [ "$installoption" = "3" ]; then
- output "###############################################################"
- output "MARIADB/MySQL INFORMATION"
- output ""
- output "Your MariaDB/MySQL root password is $rootpassword"
- output ""
- output "Create your MariaDB/MySQL host with the following information:"
- output "Host: $SERVER_IP"
- output "Port: 3306"
- output "User: admin"
- output "Password: $adminpassword"
- output "###############################################################"
- output ""
- fi
- output "###############################################################"
- output "FIREWALL INFORMATION"
- output ""
- output "All unnecessary ports are blocked by default."
- if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
- output "Use 'ufw allow <port>' to enable your desired ports"
- elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
- output "Use 'firewall-cmd --permanent --add-port=<port>/tcp' to enable your desired ports."
- fi
- output "###############################################################"
- output ""
- if [ "$installoption" = "2" ] || [ "$installoption" = "3" ]; then
- if [ "$lsb_dist" = "debian" ] && [ "$dist_version" = "8" ]; then
- output "Please restart the server daemon to apply the necessary kernel changes on Debian 8."
- fi
- fi
- #Execution
- preflight
- install_options
- case $installoption in
- 1) webserver_options
- theme_options
- database_options
- repositories_setup
- required_infos
- firewall
- setup_pterodactyl
- broadcast
- ;;
- 2) repositories_setup
- required_infos
- firewall
- ssl_certs
- install_daemon
- broadcast
- ;;
- 3) webserver_options
- theme_options
- database_options
- repositories_setup
- required_infos
- firewall
- setup_pterodactyl
- install_daemon
- broadcast
- ;;
- 4) install_standalone_sftp
- ;;
- 5) theme_options
- upgrade_pterodactyl
- theme
- ;;
- 6) upgrade_daemon
- ;;
- 7) theme_options
- upgrade_pterodactyl
- theme
- upgrade_daemon
- ;;
- 8) upgrade_standalone_sftp
- ;;
- 9) install_mobile
- ;;
- 10) cd /var/www/pterodactyl
- composer update pterodactyl/mobile-addon
- ;;
- 11) install_phpmyadmin
- ;;
- 12) theme_options
- if [ "$themeoption" = "1" ]; then
- upgrade_pterodactyl
- fi
- theme
- ;;
- 13) mariadb_root_reset
- ;;
- 14) database_host_reset
- ;;
- esac
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement