API tools faq
paste
Guest User

Untitled

a guest
Nov 30th, 2017
1,098
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 31.13 KB | None | 0 0
raw download clone embed print report
  1.  
  2. displayErr() {
  3.     echo
  4.     echo $1;
  5.     echo
  6.     exit 1;
  7. }
  8. clear
  9. output "Make sure you double check before hitting enter! Only one shot at these!"
  10. output ""
  11.     read -e -p "Enter time zone (e.g. America/New_York) : " Madrid/Europe
  12.     read -e -p "Server name (no http:// or www. just example.com) : " Minandomonedas
  13.     read -e -p "Are you using a subdomain (pool.example.com?) [y/N] : " pool.minandomonedas.eu
  14.     read -e -p "Enter support email (e.g. admin@example.com) : " oscar.javier.navarro.garcia@gmail.com
  15.     read -e -p "Set stratum to AutoExchange? i.e. mine any coinf with BTC address? [y/N] : " BTC
  16.     read -e -p "Please enter a new location for /site/adminRights this is to customize the admin entrance url (e.g. myAdminpanel) : " admin_panel
  17.     read -e -p "Enter your Public IP for admin access (http://www.whatsmyip.org/) : " Public
  18.     read -e -p "Install Fail2ban? [Y/n] : " install_fail2ban
  19.     read -e -p "Install UFW and configure ports? [Y/n] : " UFW
  20.     read -e -p "Install LetsEncrypt SSL? IMPORTANT! You MUST have your domain name pointed to this server prior to running the script!! [Y/n]: " ssl_install
  21.  
  22.     clear
  23.     output "If you found this helpful, please donate to BTC Donation: "
  24.     output ""
  25.     output "Updating system and installing required packages."
  26.     output ""
  27.    
  28.     # update package and upgrade Ubuntu
  29.     sudo apt-get -y update
  30.     sudo apt-get -y upgrade
  31.     sudo apt-get -y autoremove
  32.     clear
  33.     output "Switching to Aptitude"
  34.     output ""
  35.     sudo apt-get -y install aptitude
  36.    
  37.     output "Installing Nginx server."
  38.     output ""
  39.     sudo aptitude -y install nginx
  40.     sudo rm /etc/nginx/sites-enabled/default
  41.     sudo service nginx start
  42.     sudo service cron start
  43.     #Making Nginx a bit hard
  44.     echo 'map $http_user_agent $blockedagent {
  45. default         0;
  46. ~*malicious     1;
  47. ~*bot           1;
  48. ~*backdoor      1;
  49. ~*crawler       1;
  50. ~*bandit        1;
  51. }
  52. ' | sudo -E tee /etc/nginx/blockuseragents.rules >/dev/null 2>&1
  53.        
  54.     output "Installing Mariadb Server."
  55.     output ""
  56.     # create random password
  57.     rootpasswd=$(openssl rand -base64 12)
  58.     export DEBIAN_FRONTEND="noninteractive"
  59.     sudo aptitude -y install mariadb-server
  60.    
  61.     output "Installing php7.x and other needed files"
  62.     output ""
  63.     sudo aptitude -y install php7.0-fpm
  64.     sudo aptitude -y install php7.0-opcache php7.0-fpm php7.0 php7.0-common php7.0-gd php7.0-mysql php7.0-imap php7.0-cli php7.0-cgi php-pear php-auth php7.0-mcrypt mcrypt imagemagick libruby php7.0-curl php7.0-intl php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy php7.0-xmlrpc php7.0-xsl memcached php-memcache php-imagick php-gettext php7.0-zip php7.0-mbstring
  65.     sudo phpenmod mcrypt
  66.     sudo phpenmod mbstring
  67.     sudo aptitude -y install libgmp3-dev
  68.     sudo aptitude -y install libmysqlclient-dev
  69.     sudo aptitude -y install libcurl4-gnutls-dev
  70.     sudo aptitude -y install libkrb5-dev
  71.     sudo aptitude -y install libldap2-dev
  72.     sudo aptitude -y install libidn11-dev
  73.     sudo aptitude -y install gnutls-dev
  74.     sudo aptitude -y install librtmp-dev
  75.     sudo aptitude -y install build-essential libtool autotools-dev automake pkg-config libssl-dev libevent-dev bsdmainutils
  76.     sudo aptitude -y install sendmail
  77.     sudo aptitude -y install git
  78.     sudo aptitude -y install pwgen -y
  79.     clear
  80.    
  81.     #Generating Random Passwords
  82.     password=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1`
  83.     password2=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1`
  84.     AUTOGENERATED_PASS=`pwgen -c -1 20`
  85.     output "Testing to see if server emails are sent"
  86.     output ""
  87.     if [[ "$root_email" != "" ]]; then
  88.     echo $root_email > sudo tee --append ~/.email
  89.     echo $root_email > sudo tee --append ~/.forward
  90.  
  91.     if [[ "$send_email" == "y" || "$send_email" == "Y" || "$send_email" == "" ]]; then
  92.         echo "This is a mail test for the SMTP Service." > sudo tee --append /tmp/email.message
  93.         echo "You should receive this !" >> sudo tee --append /tmp/email.message
  94.         echo "" >> sudo tee --append /tmp/email.message
  95.         echo "Cheers" >> sudo tee --append /tmp/email.message
  96.         sudo sendmail -s "SMTP Testing" $root_email < sudo tee --append /tmp/email.message
  97.  
  98.         sudo rm -f /tmp/email.message
  99.         echo "Mail sent"
  100.     fi
  101.     fi
  102.    
  103.     output "Some optional installs"
  104.     if [[ "$install_fail2ban" == "y" || "$install_fail2ban" == "Y" || "$install_fail2ban" == "" ]]; then
  105.     sudo aptitude -y install fail2ban
  106.     fi
  107.     if [[ "$UFW" == "y" || "$UFW" == "Y" || "$UFW" == "" ]]; then
  108.     sudo apt-get install ufw
  109.     sudo ufw default deny incoming
  110.     sudo ufw default allow outgoing
  111.     sudo ufw allow ssh
  112.     sudo ufw allow http
  113.     sudo ufw allow https
  114.     sudo ufw allow 2142/tcp
  115.     sudo ufw allow 3739/tcp
  116.     sudo ufw allow 3525/tcp
  117.     sudo ufw allow 4233/tcp
  118.     sudo ufw allow 3747/tcp
  119.     sudo ufw allow 5033/tcp
  120.     sudo ufw allow 4262/tcp
  121.     sudo ufw allow 3737/tcp
  122.     sudo ufw allow 3556/tcp
  123.     sudo ufw allow 3553/tcp
  124.     sudo ufw allow 4633/tcp
  125.     sudo ufw allow 8433/tcp
  126.     sudo ufw allow 3555/tcp
  127.     sudo ufw allow 3833/tcp
  128.     sudo ufw allow 4533/tcp
  129.     sudo ufw allow 4133/tcp
  130.     sudo ufw allow 5339/tcp
  131.     sudo ufw allow 8533/tcp
  132.     sudo ufw allow 3334/tcp
  133.     sudo ufw allow 4933/tcp
  134.     sudo ufw allow 3333/tcp
  135.     sudo ufw allow 6033/tcp
  136.     sudo ufw allow 5766/tcp
  137.     sudo ufw allow 3533/tcp
  138.     sudo ufw allow 4033/tcp
  139.     sudo ufw allow 3433/tcp
  140.     sudo ufw allow 3633/tcp
  141.     sudo ufw --force enable    
  142.     fi
  143.    
  144.     clear
  145.     output "Installing phpmyadmin"
  146.     output ""
  147.     echo "phpmyadmin phpmyadmin/reconfigure-webserver multiselect" | sudo debconf-set-selections
  148.     echo "phpmyadmin phpmyadmin/dbconfig-install boolean true" | sudo debconf-set-selections
  149.     echo "phpmyadmin phpmyadmin/mysql/admin-user string root" | sudo debconf-set-selections
  150.     echo "phpmyadmin phpmyadmin/mysql/admin-pass password $rootpasswd" | sudo debconf-set-selections
  151.     echo "phpmyadmin phpmyadmin/mysql/app-pass password $AUTOGENERATED_PASS" | sudo debconf-set-selections
  152.     echo "phpmyadmin phpmyadmin/app-password-confirm password $AUTOGENERATED_PASS" | sudo debconf-set-selections
  153.     sudo aptitude -y install phpmyadmin
  154.    
  155.     output " Installing yiimp"
  156.     output ""
  157.     output "Grabbing yiimp fron Github, building files and setting file structure."
  158.     output ""
  159.     #Generating Random Password for stratum
  160.     blckntifypass=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1`
  161.     cd ~
  162.     git clone https://github.com/tpruvot/yiimp.git
  163.     cd $HOME/yiimp/blocknotify
  164.     sudo sed -i 's/tu8tu5/'$blckntifypass'/' blocknotify.cpp
  165.     sudo make
  166.     cd $HOME/yiimp/stratum/iniparser
  167.     sudo make
  168.     cd $HOME/yiimp/stratum
  169.     if [[ "$BTC" == "y" || "$BTC" == "Y" ]]; then
  170.     sudo sed -i 's/CFLAGS += -DNO_EXCHANGE/#CFLAGS += -DNO_EXCHANGE/' $HOME/yiimp/stratum/Makefile
  171.     sudo make
  172.     fi
  173.     sudo make
  174.     cd $HOME/yiimp
  175.     sudo sed -i 's/AdminRights/'$admin_panel'/' $HOME/yiimp/web/yaamp/modules/site/SiteController.php
  176.     sudo cp -r $HOME/yiimp/web /var/
  177.     sudo mkdir -p /var/stratum
  178.     cd $HOME/yiimp/stratum
  179.     sudo cp -a config.sample/. /var/stratum/config
  180. sudo cp -r stratum /var/stratum
  181. sudo cp -r run.sh /var/stratum
  182. cd $HOME/yiimp
  183. sudo cp -r $HOME/yiimp/bin/. /bin/
  184. sudo cp -r $HOME/yiimp/blocknotify/blocknotify /var/stratum
  185. sudo mkdir -p /etc/yiimp
  186. sudo mkdir -p /$HOME/backup/
  187. #fixing yiimp
  188.     sed -i "s|ROOTDIR=/data/yiimp|ROOTDIR=/var|g" /bin/yiimp
  189.     #fixing run.sh
  190.     sudo rm -r /var/stratum/config/run.sh
  191. echo '
  192. #!/bin/bash
  193. ulimit -n 10240
  194. ulimit -u 10240
  195. cd /var/stratum
  196. while true; do
  197.        ./stratum /var/stratum/config/$1
  198.        sleep 2
  199. done
  200. exec bash
  201. ' | sudo -E tee /var/stratum/config/run.sh >/dev/null 2>&1
  202. sudo chmod +x /var/stratum/config/run.sh
  203.     output "Update default timezone."
  204.     output "Thanks for using this installation script. Donations welcome"
  205.     # check if link file
  206.     sudo [ -L /etc/localtime ] &&  sudo unlink /etc/localtime
  207.     # update time zone
  208.     sudo ln -sf /usr/share/zoneinfo/$TIME /etc/localtime
  209.     sudo aptitude -y install ntpdate
  210.     # write time to clock.
  211.     sudo hwclock -w
  212.     clear
  213.     output "Making Web Server Magic Happen!"
  214.     # adding user to group, creating dir structure, setting permissions
  215.       sudo mkdir -p /var/www/$server_name/html  
  216.     output "Creating webserver initial config file"
  217.     output ""
  218.     if [[ "$sub_domain" == "y" || "$sub_domain" == "Y" ]]; then
  219. echo 'include /etc/nginx/blockuseragents.rules;
  220.     server {
  221.     if ($blockedagent) {
  222.                return 403;
  223.        }
  224.        if ($request_method !~ ^(GET|HEAD|POST)$) {
  225.        return 444;
  226.        }
  227.        listen 80;
  228.        listen [::]:80;
  229.        server_name '"${server_name}"';
  230.        root "/var/www/'"${server_name}"'/html/web";
  231.        index index.html index.htm index.php;
  232.        charset utf-8;
  233.    
  234.        location / {
  235.        try_files $uri $uri/ /index.php?$args;
  236.        }
  237.        location @rewrite {
  238.        rewrite ^/(.*)$ /index.php?r=$1;
  239.        }
  240.    
  241.        location = /favicon.ico { access_log off; log_not_found off; }
  242.        location = /robots.txt  { access_log off; log_not_found off; }
  243.    
  244.        access_log off;
  245.        error_log  /var/log/nginx/'"${server_name}"'.app-error.log error;
  246.    
  247.        # allow larger file uploads and longer script runtimes
  248.     client_body_buffer_size  50k;
  249.        client_header_buffer_size 50k;
  250.        client_max_body_size 50k;
  251.        large_client_header_buffers 2 50k;
  252.        sendfile off;
  253.    
  254.        location ~ ^/index\.php$ {
  255.            fastcgi_split_path_info ^(.+\.php)(/.+)$;
  256.            fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
  257.            fastcgi_index index.php;
  258.            include fastcgi_params;
  259.            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  260.            fastcgi_intercept_errors off;
  261.            fastcgi_buffer_size 16k;
  262.            fastcgi_buffers 4 16k;
  263.            fastcgi_connect_timeout 300;
  264.            fastcgi_send_timeout 300;
  265.            fastcgi_read_timeout 300;
  266.         try_files $uri $uri/ =404;
  267.        }
  268.         location ~ \.php$ {
  269.             return 404;
  270.        }
  271.         location ~ \.sh {
  272.         return 404;
  273.        }
  274.         location ~ /\.ht {
  275.         deny all;
  276.        }
  277.         location ~ /.well-known {
  278.         allow all;
  279.        }
  280.         location /phpmyadmin {
  281.         root /usr/share/;
  282.         index index.php;
  283.         try_files $uri $uri/ =404;
  284.         location ~ ^/phpmyadmin/(doc|sql|setup)/ {
  285.             deny all;
  286.     }
  287.         location ~ /phpmyadmin/(.+\.php)$ {
  288.             fastcgi_pass unix:/run/php/php7.0-fpm.sock;
  289.             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  290.             include fastcgi_params;
  291.             include snippets/fastcgi-php.conf;
  292.     }
  293. }
  294. }
  295. ' | sudo -E tee /etc/nginx/sites-available/$server_name.conf >/dev/null 2>&1
  296.  
  297. sudo ln -s /etc/nginx/sites-available/$server_name.conf /etc/nginx/sites-enabled/$server_name.conf
  298. sudo ln -s /var/web /var/www/$server_name/html
  299. sudo service nginx restart
  300.     if [[ "$ssl_install" == "y" || "$ssl_install" == "Y" || "$ssl_install" == "" ]]; then
  301.     output "Install LetsEncrypt and setting SSL"
  302.     sudo aptitude -y install letsencrypt
  303.     sudo letsencrypt certonly -a webroot --webroot-path=/var/web --email "$EMAIL" --agree-tos -d "$server_name"
  304.     sudo rm /etc/nginx/sites-available/$server_name.conf
  305.     sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
  306.     # I am SSL Man!
  307. echo 'include /etc/nginx/blockuseragents.rules;
  308.     server {
  309.     if ($blockedagent) {
  310.                return 403;
  311.        }
  312.        if ($request_method !~ ^(GET|HEAD|POST)$) {
  313.        return 444;
  314.        }
  315.        listen 80;
  316.        listen [::]:80;
  317.        server_name '"${server_name}"';
  318.         # enforce https
  319.        return 301 https://$server_name$request_uri;
  320.     }
  321.    
  322.     server {
  323.     if ($blockedagent) {
  324.                return 403;
  325.        }
  326.        if ($request_method !~ ^(GET|HEAD|POST)$) {
  327.        return 444;
  328.        }
  329.            listen 443 ssl http2;
  330.            listen [::]:443 ssl http2;
  331.            server_name '"${server_name}"';
  332.        
  333.            root /var/www/'"${server_name}"'/html/web;
  334.            index index.php;
  335.        
  336.            access_log /var/log/nginx/'"${server_name}"'.app-accress.log;
  337.            error_log  /var/log/nginx/'"${server_name}"'.app-error.log error;
  338.        
  339.            # allow larger file uploads and longer script runtimes
  340.     client_body_buffer_size  50k;
  341.        client_header_buffer_size 50k;
  342.        client_max_body_size 50k;
  343.        large_client_header_buffers 2 50k;
  344.        sendfile off;
  345.        
  346.            # strengthen ssl security
  347.            ssl_certificate /etc/letsencrypt/live/'"${server_name}"'/fullchain.pem;
  348.            ssl_certificate_key /etc/letsencrypt/live/'"${server_name}"'/privkey.pem;
  349.            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  350.            ssl_prefer_server_ciphers on;
  351.            ssl_session_cache shared:SSL:10m;
  352.            ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
  353.            ssl_dhparam /etc/ssl/certs/dhparam.pem;
  354.        
  355.            # Add headers to serve security related headers
  356.            add_header Strict-Transport-Security "max-age=15768000; preload;";
  357.            add_header X-Content-Type-Options nosniff;
  358.            add_header X-XSS-Protection "1; mode=block";
  359.            add_header X-Robots-Tag none;
  360.            add_header Content-Security-Policy "frame-ancestors 'self'";
  361.        
  362.        location / {
  363.        try_files $uri $uri/ /index.php?$args;
  364.        }
  365.        location @rewrite {
  366.        rewrite ^/(.*)$ /index.php?r=$1;
  367.        }
  368.    
  369.        
  370.            location ~ ^/index\.php$ {
  371.                fastcgi_split_path_info ^(.+\.php)(/.+)$;
  372.                fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
  373.                fastcgi_index index.php;
  374.                include fastcgi_params;
  375.                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  376.                fastcgi_intercept_errors off;
  377.                fastcgi_buffer_size 16k;
  378.                fastcgi_buffers 4 16k;
  379.                fastcgi_connect_timeout 300;
  380.                fastcgi_send_timeout 300;
  381.                fastcgi_read_timeout 300;
  382.                include /etc/nginx/fastcgi_params;
  383.             try_files $uri $uri/ =404;
  384.        }
  385.         location ~ \.php$ {
  386.             return 404;
  387.        }
  388.         location ~ \.sh {
  389.         return 404;
  390.        }
  391.        
  392.            location ~ /\.ht {
  393.                deny all;
  394.            }
  395.         location /phpmyadmin {
  396.         root /usr/share/;
  397.         index index.php;
  398.         try_files $uri $uri/ =404;
  399.         location ~ ^/phpmyadmin/(doc|sql|setup)/ {
  400.             deny all;
  401.     }
  402.         location ~ /phpmyadmin/(.+\.php)$ {
  403.             fastcgi_pass unix:/run/php/php7.0-fpm.sock;
  404.             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  405.             include fastcgi_params;
  406.             include snippets/fastcgi-php.conf;
  407.     }
  408. }
  409. }
  410.        
  411. ' | sudo -E tee /etc/nginx/sites-available/$server_name.conf >/dev/null 2>&1
  412.     fi
  413. sudo service nginx restart
  414. sudo service php7.0-fpm reload
  415. else
  416. echo 'include /etc/nginx/blockuseragents.rules;
  417.     server {
  418.     if ($blockedagent) {
  419.                return 403;
  420.        }
  421.        if ($request_method !~ ^(GET|HEAD|POST)$) {
  422.        return 444;
  423.        }
  424.        listen 80;
  425.        listen [::]:80;
  426.        server_name '"${server_name}"' www.'"${server_name}"';
  427.        root "/var/www/'"${server_name}"'/html/web";
  428.        index index.html index.htm index.php;
  429.        charset utf-8;
  430.    
  431.        location / {
  432.        try_files $uri $uri/ /index.php?$args;
  433.        }
  434.        location @rewrite {
  435.        rewrite ^/(.*)$ /index.php?r=$1;
  436.        }
  437.    
  438.        location = /favicon.ico { access_log off; log_not_found off; }
  439.        location = /robots.txt  { access_log off; log_not_found off; }
  440.    
  441.        access_log off;
  442.        error_log  /var/log/nginx/'"${server_name}"'.app-error.log error;
  443.    
  444.        # allow larger file uploads and longer script runtimes
  445.     client_body_buffer_size  50k;
  446.        client_header_buffer_size 50k;
  447.        client_max_body_size 50k;
  448.        large_client_header_buffers 2 50k;
  449.        sendfile off;
  450.    
  451.        location ~ ^/index\.php$ {
  452.            fastcgi_split_path_info ^(.+\.php)(/.+)$;
  453.            fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
  454.            fastcgi_index index.php;
  455.            include fastcgi_params;
  456.            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  457.            fastcgi_intercept_errors off;
  458.            fastcgi_buffer_size 16k;
  459.            fastcgi_buffers 4 16k;
  460.            fastcgi_connect_timeout 300;
  461.            fastcgi_send_timeout 300;
  462.            fastcgi_read_timeout 300;
  463.         try_files $uri $uri/ =404;
  464.        }
  465.         location ~ \.php$ {
  466.             return 404;
  467.        }
  468.         location ~ \.sh {
  469.         return 404;
  470.        }
  471.         location ~ /\.ht {
  472.         deny all;
  473.        }
  474.         location ~ /.well-known {
  475.         allow all;
  476.        }
  477.         location /phpmyadmin {
  478.         root /usr/share/;
  479.         index index.php;
  480.         try_files $uri $uri/ =404;
  481.         location ~ ^/phpmyadmin/(doc|sql|setup)/ {
  482.             deny all;
  483.     }
  484.         location ~ /phpmyadmin/(.+\.php)$ {
  485.             fastcgi_pass unix:/run/php/php7.0-fpm.sock;
  486.             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  487.             include fastcgi_params;
  488.             include snippets/fastcgi-php.conf;
  489.     }
  490. }
  491. }
  492. ' | sudo -E tee /etc/nginx/sites-available/$server_name.conf >/dev/null 2>&1
  493.  
  494. sudo ln -s /etc/nginx/sites-available/$server_name.conf /etc/nginx/sites-enabled/$server_name.conf
  495. sudo ln -s /var/web /var/www/$server_name/html
  496. sudo service nginx restart
  497.     if [[ ^"$ssl_install" == "y" || "$ssl_install" == "Y" || "$ssl_install" == "" ]]; then
  498.     output "Install LetsEncrypt and setting SSL"
  499.     sudo aptitude -y install letsencrypt
  500.     sudo letsencrypt certonly -a webroot --webroot-path=/var/web --email "$EMAIL" --agree-tos -d "$server_name" -d www."$server_name"
  501.     sudo rm /etc/nginx/sites-available/$server_name.conf
  502.     sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
  503.     # I am SSL Man!
  504. echo 'include /etc/nginx/blockuseragents.rules;
  505.     server {
  506.     if ($blockedagent) {
  507.                return 403;
  508.        }
  509.        if ($request_method !~ ^(GET|HEAD|POST)$) {
  510.        return 444;
  511.        }
  512.        listen 80;
  513.        listen [::]:80;
  514.        server_name '"${server_name}"';
  515.         # enforce https
  516.        return 301 https://$server_name$request_uri;
  517.     }
  518.    
  519.     server {
  520.     if ($blockedagent) {
  521.                return 403;
  522.        }
  523.        if ($request_method !~ ^(GET|HEAD|POST)$) {
  524.        return 444;
  525.        }
  526.            listen 443 ssl http2;
  527.            listen [::]:443 ssl http2;
  528.            server_name '"${server_name}"' www.'"${server_name}"';
  529.        
  530.            root /var/www/'"${server_name}"'/html/web;
  531.            index index.php;
  532.        
  533.            access_log /var/log/nginx/'"${server_name}"'.app-accress.log;
  534.            error_log  /var/log/nginx/'"${server_name}"'.app-error.log error;
  535.        
  536.            # allow larger file uploads and longer script runtimes
  537.     client_body_buffer_size  50k;
  538.        client_header_buffer_size 50k;
  539.        client_max_body_size 50k;
  540.        large_client_header_buffers 2 50k;
  541.        sendfile off;
  542.        
  543.            # strengthen ssl security
  544.            ssl_certificate /etc/letsencrypt/live/'"${server_name}"'/fullchain.pem;
  545.            ssl_certificate_key /etc/letsencrypt/live/'"${server_name}"'/privkey.pem;
  546.            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  547.            ssl_prefer_server_ciphers on;
  548.            ssl_session_cache shared:SSL:10m;
  549.            ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
  550.            ssl_dhparam /etc/ssl/certs/dhparam.pem;
  551.        
  552.            # Add headers to serve security related headers
  553.            add_header Strict-Transport-Security "max-age=15768000; preload;";
  554.            add_header X-Content-Type-Options nosniff;
  555.            add_header X-XSS-Protection "1; mode=block";
  556.            add_header X-Robots-Tag none;
  557.            add_header Content-Security-Policy "frame-ancestors 'self'";
  558.        
  559.        location / {
  560.        try_files $uri $uri/ /index.php?$args;
  561.        }
  562.        location @rewrite {
  563.        rewrite ^/(.*)$ /index.php?r=$1;
  564.        }
  565.    
  566.        
  567.            location ~ ^/index\.php$ {
  568.                fastcgi_split_path_info ^(.+\.php)(/.+)$;
  569.                fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
  570.                fastcgi_index index.php;
  571.                include fastcgi_params;
  572.                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  573.                fastcgi_intercept_errors off;
  574.                fastcgi_buffer_size 16k;
  575.                fastcgi_buffers 4 16k;
  576.                fastcgi_connect_timeout 300;
  577.                fastcgi_send_timeout 300;
  578.                fastcgi_read_timeout 300;
  579.                include /etc/nginx/fastcgi_params;
  580.             try_files $uri $uri/ =404;
  581.        }
  582.         location ~ \.php$ {
  583.             return 404;
  584.        }
  585.         location ~ \.sh {
  586.         return 404;
  587.        }
  588.        
  589.            location ~ /\.ht {
  590.                deny all;
  591.            }
  592.         location /phpmyadmin {
  593.         root /usr/share/;
  594.         index index.php;
  595.         try_files $uri $uri/ =404;
  596.         location ~ ^/phpmyadmin/(doc|sql|setup)/ {
  597.             deny all;
  598.     }
  599.         location ~ /phpmyadmin/(.+\.php)$ {
  600.             fastcgi_pass unix:/run/php/php7.0-fpm.sock;
  601.             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  602.             include fastcgi_params;
  603.             include snippets/fastcgi-php.conf;
  604.     }
  605. }
  606. }
  607.        
  608. ' | sudo -E tee /etc/nginx/sites-available/$server_name.conf >/dev/null 2>&1
  609.     fi
  610. sudo service nginx restart
  611. sudo service php7.0-fpm reload
  612. fi
  613.     clear
  614.     output "Now for the database fun!"
  615.     # create database
  616.     Q1="CREATE DATABASE IF NOT EXISTS yiimpfrontend;"
  617.     Q2="GRANT ALL ON *.* TO 'panel'@'localhost' IDENTIFIED BY '$password';"
  618.     Q3="FLUSH PRIVILEGES;"
  619.     SQL="${Q1}${Q2}${Q3}"
  620.     sudo mysql -u root -p="" -e "$SQL"
  621.     # create stratum user
  622.     Q1="GRANT ALL ON *.* TO 'stratum'@'localhost' IDENTIFIED BY '$password2';"
  623.     Q2="FLUSH PRIVILEGES;"
  624.     SQL="${Q1}${Q2}"
  625.     sudo mysql -u root -p="" -e "$SQL"  
  626.    
  627.     #Create my.cnf
  628.    
  629.  echo '
  630. [clienthost1]
  631. user=panel
  632. password='"${password}"'
  633. database=yiimpfrontend
  634. host=localhost
  635. [clienthost2]
  636. user=stratum
  637. password='"${password2}"'
  638. database=yiimpfrontend
  639. host=localhost
  640. [mysql]
  641. user=root
  642. password='"${rootpasswd}"'
  643. ' | sudo -E tee ~/.my.cnf >/dev/null 2>&1
  644.       sudo chmod 0600 ~/.my.cnf
  645.  
  646. #Create keys file
  647.   echo '  
  648.    <?php
  649. /* Sample config file to put in /etc/yiimp/keys.php */
  650. define('"'"'YIIMP_MYSQLDUMP_USER'"'"', '"'"'panel'"'"');
  651. define('"'"'YIIMP_MYSQLDUMP_PASS'"'"', '"'"''"${password}"''"'"');
  652. /* Keys required to create/cancel orders and access your balances/deposit addresses */
  653. define('"'"'EXCH_BITTREX_SECRET'"'"', '"'"'<my_bittrex_api_secret_key>'"'"');
  654. define('"'"'EXCH_BITSTAMP_SECRET'"'"','"'"''"'"');
  655. define('"'"'EXCH_BLEUTRADE_SECRET'"'"', '"'"''"'"');
  656. define('"'"'EXCH_BTER_SECRET'"'"', '"'"''"'"');
  657. define('"'"'EXCH_CCEX_SECRET'"'"', '"'"''"'"');
  658. define('"'"'EXCH_COINMARKETS_PASS'"'"', '"'"''"'"');
  659. define('"'"'EXCH_CRYPTOPIA_SECRET'"'"', '"'"''"'"');
  660. define('"'"'EXCH_EMPOEX_SECKEY'"'"', '"'"''"'"');
  661. define('"'"'EXCH_HITBTC_SECRET'"'"', '"'"''"'"');
  662. define('"'"'EXCH_KRAKEN_SECRET'"'"','"'"''"'"');
  663. define('"'"'EXCH_LIVECOIN_SECRET'"'"', '"'"''"'"');
  664. define('"'"'EXCH_NOVA_SECRET'"'"','"'"''"'"');
  665. define('"'"'EXCH_POLONIEX_SECRET'"'"', '"'"''"'"');
  666. define('"'"'EXCH_YOBIT_SECRET'"'"', '"'"''"'"');
  667. ' | sudo -E tee /etc/yiimp/keys.php >/dev/null 2>&1
  668.  
  669.  
  670.     output "Database 'yiimpfrontend' and users 'panel' and 'stratum' created with password $password and $password2, will be saved for you"
  671.     output ""
  672.     output "BTC Donation: "
  673.     output ""
  674.    
  675.     output "Peforming the SQL import"
  676.     output ""
  677.     cd ~
  678.     cd yiimp/sql
  679.     # import sql dump
  680.     sudo zcat 2016-04-03-yaamp.sql.gz | sudo mysql --defaults-group-suffix=host1
  681.     # oh the humanity!
  682.      sudo mysql --defaults-group-suffix=host1 --force < 2016-04-24-market_history.sql
  683.      sudo mysql --defaults-group-suffix=host1 --force < 2016-04-27-settings.sql
  684.      sudo mysql --defaults-group-suffix=host1 --force < 2016-05-11-coins.sql
  685.      sudo mysql --defaults-group-suffix=host1 --force < 2016-05-15-benchmarks.sql
  686.      sudo mysql --defaults-group-suffix=host1 --force < 2016-05-23-bookmarks.sql
  687.      sudo mysql --defaults-group-suffix=host1 --force < 2016-06-01-notifications.sql
  688.      sudo mysql --defaults-group-suffix=host1 --force < 2016-06-04-bench_chips.sql
  689.      sudo mysql --defaults-group-suffix=host1 --force < 2016-11-23-coins.sql
  690.      sudo mysql --defaults-group-suffix=host1 --force < 2017-02-05-benchmarks.sql
  691.      sudo mysql --defaults-group-suffix=host1 --force < 2017-03-31-earnings_index.sql
  692.      sudo mysql --defaults-group-suffix=host1 --force < 2017-05-accounts_case_swaptime.sql
  693.      sudo mysql --defaults-group-suffix=host1 --force < 2017-06-payouts_coinid_memo.sql
  694.      sudo mysql --defaults-group-suffix=host1 --force < 2017-09-notifications.sql
  695.      
  696.     clear
  697.     output "Generating a basic serverconfig.php"
  698.     output ""
  699.     # make config file
  700. echo '
  701. <?php
  702. ini_set('"'"'date.timezone'"'"', '"'"'UTC'"'"');
  703. define('"'"'YAAMP_LOGS'"'"', '"'"'/var/log'"'"');
  704. define('"'"'YAAMP_HTDOCS'"'"', '"'"'/var/web'"'"');
  705. define('"'"'YAAMP_BIN'"'"', '"'"'/var/bin'"'"');
  706. define('"'"'YAAMP_DBHOST'"'"', '"'"'localhost'"'"');
  707. define('"'"'YAAMP_DBNAME'"'"', '"'"'yiimpfrontend'"'"');
  708. define('"'"'YAAMP_DBUSER'"'"', '"'"'panel'"'"');
  709. define('"'"'YAAMP_DBPASSWORD'"'"', '"'"''"${password}"''"'"');
  710. define('"'"'YAAMP_PRODUCTION'"'"', true);
  711. define('"'"'YAAMP_RENTAL'"'"', true);
  712. define('"'"'YAAMP_LIMIT_ESTIMATE'"'"', false);
  713. define('"'"'YAAMP_FEES_MINING'"'"', 0.5);
  714. define('"'"'YAAMP_FEES_EXCHANGE'"'"', 2);
  715. define('"'"'YAAMP_FEES_RENTING'"'"', 2);
  716. define('"'"'YAAMP_TXFEE_RENTING_WD'"'"', 0.002);
  717. define('"'"'YAAMP_PAYMENTS_FREQ'"'"', 3*60*60);
  718. define('"'"'YAAMP_PAYMENTS_MINI'"'"', 0.001);
  719. define('"'"'YAAMP_ALLOW_EXCHANGE'"'"', false);
  720. define('"'"'YIIMP_PUBLIC_EXPLORER'"'"', true);
  721. define('"'"'YIIMP_PUBLIC_BENCHMARK'"'"', false);
  722. define('"'"'YIIMP_FIAT_ALTERNATIVE'"'"', '"'"'USD'"'"'); // USD is main
  723. define('"'"'YAAMP_USE_NICEHASH_API'"'"', false);
  724. define('"'"'YAAMP_BTCADDRESS'"'"', '"'"'1KuE2LMZMPXJ4gsVniWLuyyPsqqZs5Av4y'"'"');
  725. define('"'"'YAAMP_SITE_URL'"'"', '"'"''"${server_name}"''"'"');
  726. define('"'"'YAAMP_STRATUM_URL'"'"', YAAMP_SITE_URL); // change if your stratum server is on a different host
  727. define('"'"'YAAMP_SITE_NAME'"'"', '"'"'TheCryptoPool'"'"');
  728. define('"'"'YAAMP_ADMIN_EMAIL'"'"', '"'"''"${EMAIL}"''"'"');
  729. define('"'"'YAAMP_ADMIN_IP'"'"', '"'"''"${Public}"''"'"'); // samples: "80.236.118.26,90.234.221.11" or "10.0.0.1/8"
  730. define('"'"'YAAMP_ADMIN_WEBCONSOLE'"'"', true);
  731. define('"'"'YAAMP_NOTIFY_NEW_COINS'"'"', true);
  732. define('"'"'YAAMP_DEFAULT_ALGO'"'"', '"'"'x11'"'"');
  733. define('"'"'YAAMP_USE_NGINX'"'"', true);
  734. // Exchange public keys (private keys are in a separate config file)
  735. define('"'"'EXCH_CRYPTOPIA_KEY'"'"', '"'"''"'"');
  736. define('"'"'EXCH_POLONIEX_KEY'"'"', '"'"''"'"');
  737. define('"'"'EXCH_BITTREX_KEY'"'"', '"'"''"'"');
  738. define('"'"'EXCH_BLEUTRADE_KEY'"'"', '"'"''"'"');
  739. define('"'"'EXCH_BTER_KEY'"'"', '"'"''"'"');
  740. define('"'"'EXCH_YOBIT_KEY'"'"', '"'"''"'"');
  741. define('"'"'EXCH_CCEX_KEY'"'"', '"'"''"'"');
  742. define('"'"'EXCH_COINMARKETS_USER'"'"', '"'"''"'"');
  743. define('"'"'EXCH_COINMARKETS_PIN'"'"', '"'"''"'"');
  744. define('"'"'EXCH_BITSTAMP_ID'"'"','"'"''"'"');
  745. define('"'"'EXCH_BITSTAMP_KEY'"'"','"'"''"'"');
  746. define('"'"'EXCH_HITBTC_KEY'"'"','"'"''"'"');
  747. define('"'"'EXCH_KRAKEN_KEY'"'"', '"'"''"'"');
  748. define('"'"'EXCH_LIVECOIN_KEY'"'"', '"'"''"'"');
  749. define('"'"'EXCH_NOVA_KEY'"'"', '"'"''"'"');
  750. // Automatic withdraw to Yaamp btc wallet if btc balance > 0.3
  751. define('"'"'EXCH_AUTO_WITHDRAW'"'"', 0.3);
  752. // nicehash keys deposit account & amount to deposit at a time
  753. define('"'"'NICEHASH_API_KEY'"'"','"'"'521c254d-8cc7-4319-83d2-ac6c604b5b49'"'"');
  754. define('"'"'NICEHASH_API_ID'"'"','"'"'9205'"'"');
  755. define('"'"'NICEHASH_DEPOSIT'"'"','"'"'3J9tapPoFCtouAZH7Th8HAPsD8aoykEHzk'"'"');
  756. define('"'"'NICEHASH_DEPOSIT_AMOUNT'"'"','"'"'0.01'"'"');
  757. $cold_wallet_table = array(
  758.     '"'"'1KuE2LMZMPXJ4gsVniWLuyyPsqqZs5Av4y'"'"' => 0.10,
  759. );
  760. // Sample fixed pool fees
  761. $configFixedPoolFees = array(
  762.        '"'"'zr5'"'"' => 2.0,
  763.        '"'"'scrypt'"'"' => 20.0,
  764.        '"'"'sha256'"'"' => 5.0,
  765. );
  766. // Sample custom stratum ports
  767. $configCustomPorts = array(
  768. //  '"'"'x11'"'"' => 7000,
  769. );
  770. // mBTC Coefs per algo (default is 1.0)
  771. $configAlgoNormCoef = array(
  772. //  '"'"'x11'"'"' => 5.0,
  773. );
  774. ' | sudo -E tee /var/web/serverconfig.php >/dev/null 2>&1
  775.  
  776. output "Updating stratum config files with database connection info."
  777. output ""
  778. cd /var/stratum/config
  779. sudo sed -i 's/password = tu8tu5/password = '$blckntifypass'/g' *.conf
  780. sudo sed -i 's/server = yaamp.com/server = '$server_name'/g' *.conf
  781. sudo sed -i 's/host = yaampdb/host = localhost/g' *.conf
  782. sudo sed -i 's/database = yaamp/database = yiimpfrontend/g' *.conf
  783. sudo sed -i 's/username = root/username = stratum/g' *.conf
  784. sudo sed -i 's/password = patofpaq/password = '$password2'/g' *.conf
  785. cd ~
  786.  
  787.  
  788. output "Final Directory permissions"
  789. output ""
  790. whoami=`whoami`
  791. sudo usermod -aG www-data $whoami
  792. sudo chown -R www-data:www-data /var/log
  793. sudo chown -R www-data:www-data /var/stratum
  794. sudo chown -R www-data:www-data /var/web
  795. sudo chmod -R 775 /var/www/$server_name/html
  796. sudo chmod -R 775 /var/web
  797. sudo chmod -R 775 /var/stratum
  798. sudo chmod -R 775 /var/web/yaamp/runtime
  799. sudo chmod -R 775 /root/backup/
  800. sudo chmod -R 775 /var/log
  801. sudo chmod -R 775 /var/web/serverconfig.php
  802. sudo mv $HOME/yiimp/ $HOME/yiimp-install-only-do-not-run-commands-from-this-folder
  803. sudo service nginx restart
  804. sudo service php7.0-fpm reload
  805. clear
  806. output "Whew that was fun, just some reminders. Your mysql information is saved in ~/.my.cnf. this installer did not directly install anything required to build coins."
  807. output ""
  808. output "Please make sure to change your wallet addresses in the /var/web/serverconfig.php file."
  809. output ""
  810. output "Please make sure to add your public and private keys."
  811. output ""
  812. output "If you found this script helpful please consider donating some BTC Donation: "
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!