Untitled

#!/bin/bash
########################################################################
# Use of code or any part of it is strictly prohibited. File protected by copyright law and provided under license.
# To Use any part of this code you need to get a writen approval from the code owner: info@centos-webpanel.com
########################################################################
#
#
clear
echo "#################################################################"
echo "#             CentOS Web Panel (CWP)   Installer                #"
echo "#################################################################"
echo ""
echo "visit www.centos-webpanel.com"
echo ""

if [ ! -e "/etc/redhat-release" ]; then
echo "You need to have CentOS, RedHat or CloudLinux system!"
exit 0
fi

arch=$(uname -m)
if [[ $arch == "i686" ]]; then
        platform="x86"
        mariadb="x86"
else
    	platform="x86-64"
        mariadb="amd64"
fi

CHKDATE=`date +%Y`
if [ "$CHKDATE" -le "2014" ];then
        echo "You have incorrect date set on your server!"
        echo `date`
        exit 1
fi

type mysql 2> /dev/null && MYSQLCHK="on" || MYSQLCHK="off"


# MySQL checker
if [ "$MYSQLCHK" = "on" ]; then
	#check pwd if works
	while [ "$check" != "Database" ]
	do
		echo "Enter MySQL root Password: "
		read -p "MySQL root password []:" password
		check=`mysql -u root -p$password -e "show databases;" -B|head -n1`
		if [ "$check" = "Database" ]; then
			echo "Password OK!!"
		else
			echo "MySQL root passwordis invalid!!!"
			echo "You can remove MySQL server using command: yum remove mysql"
			echo "after mysql is removed run installer again."
			echo ""
			echo "if exists you can check your mysql password in file: /root/.my.cnf"
			echo ""
			if [ -e "/root/.my.cnf" ]; then
				echo ""
				cat /root/.my.cnf
				echo ""
			fi
		fi
	done


else
	password=$(</dev/urandom tr -dc A-Za-z0-9 | head -c12)
fi


service httpd stop
service mysql stop

yum -y update ca-certificates
yum -y install wget chkconfig epel-release
yum -y erase apr httpd

#Fix epel ssl issue
sed -i "s/mirrorlist=https/mirrorlist=http/" /etc/yum.repos.d/epel.repo

# Check if version el5
centosversion=`rpm -qa \*-release | grep -Ei "oracle|redhat|centos|cloudlinux" | cut -d"-" -f3`

if [ $centosversion -eq "5" ]; then
echo
echo "#######################################"
echo "# el5 version detected"
echo "#######################################"
echo
echo
echo "We recommend you to use CentOS 6 servers for full functionality!"
echo "Press ENTER to continue with CentOS 5 installation"
read CENTOS5CONFIRM
fi

if [ $centosversion -eq "7" ]; then
echo
echo "#######################################"
echo "# el7 version detected"
echo "#######################################"
echo
cd /usr/local/src
wget -q http://dl1.centos-webpanel.com/files/cwp-el7-latest
sh cwp-el7-latest
rm -f cwp-el7-latest
exit 0
fi

if [ $centosversion -eq "6" ]; then
echo
echo "#######################################"
echo "# el6 version detected"
echo "#######################################"
echo
#Install SQL
if [ "$mariadb" = "x86" ];then
        # INSTALLING 32bit MARIADB
cat > /etc/yum.repos.d/MariaDB.repo <<EOF
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos6-x86
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=0
EOF
else
    	# INSTALLING 64bit MARIADB
cat > /etc/yum.repos.d/MariaDB.repo <<EOF
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos6-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=0
EOF
fi

yum install MariaDB-server MariaDB-client -y
chkconfig --levels 235 mysql on
sed -i "s|old_passwords=1|#old_passwords=1|" /etc/my.cnf

ln -s /etc/init.d/mysql	/etc/init.d/mysqld
service mysql start
mysqladmin -u root password $password
mysql -u root -p$password -e "DROP DATABASE test";
mysql -u root -p$password -e "DELETE FROM mysql.user WHERE User='root' AND Host!='localhost'";
mysql -u root -p$password -e "DELETE FROM mysql.user WHERE User=''";
mysql -u root -p$password -e "FLUSH PRIVILEGES";

# ADD SQL ROOT PASSWORD
cat > /root/.my.cnf <<EOF
[client]
password=$password
user=root
EOF

# SECURE SQL ROOT PASSWORD
chmod 600 /root/.my.cnf

# RESTART SQL TO ACCEPT THE NEW CHANGES
service mysqld restart

if [ ! -e "/var/lib/mysql" ];then
        echo "Installation FAILED at SQL !!!"
        exit 1
fi
fi

if [ $centosversion -eq "7" ]; then
echo
echo "#######################################"
echo "# el7 version detected"
echo "#######################################"
echo
cd /usr/local/src
wget -q http://dl1.centos-webpanel.com/files/cwp-el7-latest
sh cwp-el7-latest
rm -f cwp-el7-latest
exit 0
fi

# Check /tmp
if [[ `cat /etc/fstab | grep -E 'tmp.*noexec'` != "" ]]; then mount -o remount,exec /tmp >/dev/null 2>&1 ; fi

#Umask Fix
sed -ie "s/umask\=002/umask=022/g" /etc/bashrc >/dev/null 2>&1

# Install CWP repo
cat > /etc/yum.repos.d/cwp.repo <<EOF
[cwp]
name=CentOS Web Panel repo for Linux 6 - \$basearch
baseurl=http://repo.centos-webpanel.com/repo/6/\$basearch
failovermethod=priority
enabled=1
gpgcheck=0
EOF

#Install dependecies
yum -y install apr apr-util bzip2-devel gcc libxml2-devel openssl-devel pcre-devel sqlite-devel curl curl-devel libc-client-devel libmcrypt-devel libxslt-devel libpng-devel automake autoconf gcc-c++ freetype-devel libjpeg-devel which sysstat
yum -y install make rsync at bzip2-devel zip git unzip cronie perl-libwww-perl bash-completion
yum -y install rsync cpulimit nano links bzip2-devel
#yum -y install postfix dovecot dovecot-mysql
yum -y install bind bind-utils bind-libs

pubip=`curl -s http://centos-webpanel.com/webpanel/main.php?app=showip`
#pubip=`curl -s checkip.dyndns.org | sed -e 's/.*Current IP Address: //' -e 's/<.*$//'`

fqdn=`/bin/hostname`
echo ""
echo "PREPARING THE SERVER"
echo "##########################"

if [ -e "/etc/selinux/config" ]; then
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
fi

if [ -e "/etc/init.d/sendmail" ]
then
chkconfig --levels 235 sendmail off
/etc/init.d/sendmail stop
fi

service iptables save
service iptables stop

## PACKAGE INSTALLER
#yum -y install make zip unzip git ld-linux.so.2 libbz2.so.1 libdb-4.7.so libgd.so.2 vsftpd

echo
echo "#############################################"
echo "Please wait... installing web server files..."
echo "#############################################"
echo


#FTPD configuration
if [ ! -e "/etc/pure-ftpd/pure-ftpd.conf" ]
then
yum -y install pure-ftpd --enablerepo=epel
touch /etc/pure-ftpd/pure-ftpd.passwd
pure-pw mkdb /etc/pure-ftpd/pureftpd.pdb -f /etc/pure-ftpd/pure-ftpd.passwd -m
fi

if [ ! -e "/etc/pure-ftpd/pure-ftpd.conf" ]
then
echo "Installation FAILED at pure-ftpd"
exit 1
fi

sed -i 's|.*pureftpd.pdb.*|PureDB /etc/pure-ftpd/pureftpd.pdb|g' /etc/pure-ftpd/pure-ftpd.conf
sed -i 's|.*PAMAuthentication.*yes|PAMAuthentication	yes|g' /etc/pure-ftpd/pure-ftpd.conf
sed -i 's|.*UnixAuthentication.*yes|UnixAuthentication       yes|g' /etc/pure-ftpd/pure-ftpd.conf

## APACHE INSTALLER ##
mkdir -p /usr/local/src
cd /usr/local/src

yum -y install apr apr-util cwp-httpd
yum -y install cwp-suphp

yum -y install cwp-php


if [ -e "/usr/local/bin/php-config" ]
then
CHKEXTENSIONTDIR=`/usr/local/bin/php-config --extension-dir`;grep ^extension_dir /usr/local/php/php.ini || echo "extension_dir='$CHKEXTENSIONTDIR'" >> /usr/local/php/php.ini
fi

yum -y install cwpsrv


yum -y install cwpphp

# CONFIGURE APACHE
####################
touch /usr/local/apache/conf.d/vhosts.conf
sed -i "s|#Include conf/extra/httpd-userdir.conf|Include conf/extra/httpd-userdir.conf|" /usr/local/apache/conf/httpd.conf
sed -i "s|#LoadModule userdir_module modules.*$|LoadModule userdir_module modules/mod_userdir.so|" /usr/local/apache/conf/httpd.conf


# Apache Server Status
cat > /usr/local/apache/conf.d/server-status.conf <<EOF
<Location /server-status>
    SetHandler server-status
    Order deny,allow
    Allow from localhost
</Location>
EOF


# Set PHP Config
sed -i "s|\;date\.timezone \=.*|date\.timezone = Etc/UTC|" /usr/local/php/php.ini

echo "127.0.0.1 "$fqdn >> /etc/hosts
chkconfig --levels 235 httpd on
service httpd restart

# Install CSF/LFD Firewall
cd /tmp
rm -fv csf.tgz
wget -q http://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
sed -i "s|465,587,993,995|465,587,993,995,2030,2031,2082,2083,2086,2087,2095,2096|" /etc/csf/csf.conf
sed -i "s|80,110,113,443|80,110,113,443,2030,2031,2082,2083,2086,2087,2095,2096|" /etc/csf/csf.conf
sed -i 's|TESTING = "1"|TESTING = "0"|' /etc/csf/csf.conf
echo "# Run external commands before csf configures iptables" >> /usr/local/csf/bin/csfpre.sh
echo "# Run external commands after csf configures iptables" >> /usr/local/csf/bin/csfpost.sh
csf -x

cat >> /etc/csf/csf.pignore <<EOF
# CWP CUSTOM
exe:/usr/sbin/clamd
exe:/usr/sbin/opendkim
exe:/usr/libexec/mysqld
exe:/usr/sbin/mysqld
exe:/usr/libexec/dovecot/anvil
exe:/usr/libexec/dovecot/auth
exe:/usr/libexec/dovecot/imap-login
exe:/usr/libexec/dovecot/dict
exe:/usr/libexec/dovecot/pop3-login

exe:/usr/libexec/postfix/tlsmgr
exe:/usr/libexec/postfix/qmgr
exe:/usr/libexec/postfix/pickup
exe:/usr/libexec/postfix/smtpd
exe:/usr/libexec/postfix/smtp
exe:/usr/libexec/postfix/bounce
exe:/usr/libexec/postfix/scache
exe:/usr/libexec/postfix/anvil
exe:/usr/libexec/postfix/cleanup
exe:/usr/libexec/postfix/proxymap
exe:/usr/libexec/postfix/trivial-rewrite
exe:/usr/libexec/postfix/local
exe:/usr/libexec/postfix/pipe
exe:/usr/libexec/postfix/spawn

exe:/usr/sbin/varnishd
exe:/usr/sbin/nginx

exe:/usr/bin/perl
user:amavis
cmd:/usr/sbin/amavisd
EOF

# CWP BruteForce Protection
sed -i "s|CUSTOM1_LOG.*|CUSTOM1_LOG = \"/var/log/cwp_client_login.log\"|g" /etc/csf/csf.conf
cat > /usr/local/csf/bin/regex.custom.pm <<EOF
#!/usr/bin/perl
sub custom_line {
        my \$line = shift;
        my \$lgfile = shift;
# Do not edit before this point
if ((\$globlogs{CUSTOM1_LOG}{\$lgfile}) and (\$line =~ /^\S+\s+\S+\s+(\S+)\s+Failed Login from:\s+(\S+) on: (\S+)/)) {
               return ("Failed CWP-Login login for User: \$1 from IP: \$2 URL: \$3",\$2,"cwplogin","5","2030,2031","1");
}
# Do not edit beyond this point
        return 0;
}
1;
EOF

#Dovecot bug fix
touch /var/log/dovecot-debug.log
touch /var/log/dovecot-info.log
touch /var/log/dovecot.log
chmod 600 /var/log/dovecot-debug.log
chmod 600 /var/log/dovecot-info.log
chmod 600 /var/log/dovecot.log


# WebPanel Install
mkdir -p /usr/local/cwpsrv/htdocs
cd /usr/local/cwpsrv/htdocs

cd /usr/local/cwpsrv/htdocs
wget -q dl1.centos-webpanel.com/files/cwp/cwp2-0.9.8.244.zip
unzip -o cwp2-0.9.8.244.zip
rm -f cwp2-0.9.8.244.zip

cd /usr/local/cwpsrv/htdocs/resources/admin/include
wget -q http://dl1.centos-webpanel.com/files/cwp/sql/db_conn.txt
mv db_conn.txt db_conn.php
cd /usr/local/cwpsrv/htdocs/resources/admin/modules
wget -q http://dl1.centos-webpanel.com/files/cwp/modules/example.txt
mv example.txt example.php


# phpMyAdmin Installer
cd /usr/local/cwpsrv/var/services
wget -q http://dl1.centos-webpanel.com/files/mysql/phpMyAdmin-4.6.6-all-languages.zip
unzip -o phpMyAdmin-4.6.6-all-languages.zip
mv phpMyAdmin-4.6.6-all-languages pma
rm -Rf phpMyAdmin-4.6.6-all-languages.zip pma/setup

# webFTP Installer
cd /usr/local/apache/htdocs/
wget -q dl1.centos-webpanel.com/files/cwp/addons/webftp_simple.zip
unzip -o webftp_simple.zip
rm -f webftp_simple.zip


# Default website setup
cp /usr/local/cwpsrv/htdocs/resources/admin/tpl/new_account_tpl/* /usr/local/apache/htdocs/.


# WebPanel Settings
mv /usr/local/cwpsrv/var/services/pma/config.sample.inc.php /usr/local/cwpsrv/var/services/pma/config.inc.php
ran_password=$(</dev/urandom tr -dc A-Za-z0-9 | head -c32)
sed -i "s|\['blowfish_secret'\] = ''|\['blowfish_secret'\] = '${ran_password}'|" /usr/local/cwpsrv/var/services/pma/config.inc.php
ran_password2=$(</dev/urandom tr -dc A-Za-z0-9 | head -c12)
sed -i "s|\$crypt_pwd = ''|\$crypt_pwd = '${ran_password2}'|" /usr/local/cwpsrv/htdocs/resources/admin/include/db_conn.php
sed -i "s|\$db_pass = ''|\$db_pass = '$password'|" /usr/local/cwpsrv/htdocs/resources/admin/include/db_conn.php
chmod 600 /usr/local/cwpsrv/htdocs/resources/admin/include/db_conn.php
chmod 777 /var/lib/php/session/

# PHP Short tags fix
sed -i "s|short_open_tag = Off|short_open_tag = On|" /usr/local/cwp/php71/php.ini
sed -i "s|short_open_tag = Off|short_open_tag = On|" /usr/local/php/php.ini

# Setup Cron
cat > /etc/cron.daily/cwp <<EOF
/usr/local/cwp/php71/bin/php -d max_execution_time=1000000 -q /usr/local/cwpsrv/htdocs/resources/admin/include/cron.php
/usr/local/cwp/php71/bin/php -d max_execution_time=1000000 -q /usr/local/cwpsrv/htdocs/resources/admin/include/cron_backup.php
EOF
chmod +x /etc/cron.daily/cwp

# MySQL Database import
curl 'http://dl1.centos-webpanel.com/files/cwp/sql/root_cwp.sql'|mysql -uroot -p$password

mysql -u root -p$password << EOF
use root_cwp;
UPDATE settings SET shared_ip="$pubip";
EOF


# Disable named for antiDDoS security
chkconfig named on

# DNS Setup
if [ $centosversion -eq "5" ]; then
	ln -s /etc/named.rfc1912.zones /etc/named.conf
fi
echo "nameserver 8.8.8.8" > /etc/resolv.conf
echo "nameserver 8.8.4.4" >> /etc/resolv.conf
sed -i "s|127.0.0.1|any|" /etc/named.conf
sed -i "s|localhost|any|" /etc/named.conf
sed -i 's/recursion yes/recursion no/g' /etc/named.conf

# MAIL SERVER INSTALLER

# clean yum
yum clean all


######## Replace and read from root foder
#if [ ! -e "/usr/local/cwpsrv/htdocs/mysql.txt" ]
#then
#echo "\"$password\"" > /etc/webpanel/mysql.txt
#fi

##########################################################
# MAIL SERVER
##########################################################


# check MySQL root password
mysql_root_password=$password
if [ -z "${mysql_root_password}" ]; then
  read -p "MySQL root password []:" mysql_root_password
fi

clear
echo "#########################################################"
echo "          CentOS Web Panel MailServer Installer          "
echo "#########################################################"
echo
echo "visit for help: www.centos-webpanel.com"
echo

check=`mysql -u root -p$mysql_root_password -e "show databases;" -B|head -n1`
if [ "$check" = "Database" ]; then
    echo "Password OK!!"
else
	echo "MySQL root password is invalid!!!"
	echo "Check password and run this script again."
	exit 0

fi

## Needed to add password in root folder
mysql -u root -p$mysql_root_password -e "UPDATE mysql.user SET Password = PASSWORD('$mysql_root_password') WHERE user = 'root';"
mysql -u root -p$mysql_root_password -e "FLUSH PRIVILEGES;"

# password generator
postfix_pwd=$(</dev/urandom tr -dc A-Za-z0-9 | head -c12)
cnf_hostname=`/bin/hostname`

# create database and user
mysql -u root -p$mysql_root_password -e "CREATE DATABASE postfix;"
mysql -u root -p$mysql_root_password -e "CREATE USER postfix@localhost IDENTIFIED BY '$postfix_pwd';"
mysql -u root -p$mysql_root_password -e "GRANT ALL PRIVILEGES ON postfix . * TO postfix@localhost;"

# MySQL Database import
curl 'http://centos-webpanel.com/webpanel/main.php?dl=postfix.sql'|mysql -uroot -p$mysql_root_password -h localhost postfix

yum -y remove sendmail exim
yum -y install postfix dovecot dovecot-mysql dovecot-pigeonhole cyrus-sasl-devel cyrus-sasl-sql subversion crontabs sysstat
yum -y install perl-MailTools perl-MIME-EncWords perl-MIME-Charset perl-Email-Valid perl-Test-Pod perl-TimeDate
yum -y install perl-Mail-Sender perl-Log-Log4perl imapsync offlineimap
yum -y install perl-Razor-Agent perl-Convert-BinHex crypto-utils
yum -y install amavisd-new clamav clamd --disablerepo=rpmforge-webpanel

# Mail Server Config
sed -i "s|inet_interfaces = localhost|inet_interfaces = all|" /etc/postfix/main.cf
sed -i "s|mydestination = $myhostname, localhost.$mydomain, localhost|mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, $domain|" /etc/postfix/main.cf
sed -i "s|#home_mailbox = Maildir/|home_mailbox = Maildir/|" /etc/postfix/main.cf

# GET MAIL configs
cd /
wget -q http://dl1.centos-webpanel.com/files/mail/mail_server2.zip
unzip -o /mail_server2.zip
rm -f /mail_server2.zip

#User add
mkdir /var/vmail
chmod 770 /var/vmail
useradd -r -u 101 -g mail -d /var/vmail -s /sbin/nologin -c "Virtual mailbox" vmail
chown vmail:mail /var/vmail

touch /etc/postfix/virtual_regexp

#vacation
useradd -r -d /var/spool/vacation -s /sbin/nologin -c "Virtual vacation" vacation
mkdir /var/spool/vacation
chmod 770 /var/spool/vacation
cd /var/spool/vacation/
#ln -s /etc/postfix/vacation.pl /var/spool/vacation/vacation.pl
ln -s /etc/postfix/vacation.php /var/spool/vacation/vacation.php
chmod +x /etc/postfix/vacation.php
usermod -G mail vacation
chown postfix.mail /usr/local/cwpsrv/htdocs/resources/admin/include/postfix.php
chmod 440 /usr/local/cwpsrv/htdocs/resources/admin/include/postfix.php

echo "autoreply.$cnf_hostname vacation:" > /etc/postfix/transport
postmap /etc/postfix/transport
chown -R vacation:vacation /var/spool/vacation
echo "127.0.0.1 autoreply.$cnf_hostname" >> /etc/hosts

#sieve
mkdir -p /var/sieve/
cat > /var/sieve/globalfilter.sieve <<EOF
require "fileinto";
if exists "X-Spam-Flag" {
if header :contains "X-Spam-Flag" "NO" {
} else {
fileinto "Spam";
stop;
}
}
if header :contains "subject" ["***SPAM***"] {
fileinto "Spam";
stop;
}
EOF
chown -R vmail:mail /var/sieve


#razor-admin -register -user=some_user -pass=somepas
freshclam
service clamd restart

##### SSL Certifikat START #####
# SSL Self signed certificate
cd /root
DOMAIN="$cnf_hostname"
if [ -z "$DOMAIN" ]; then
echo "Usage: $(basename $0) <domain>"
exit 11
fi

fail_if_error() {
[ $1 != 0 ] && {
unset PASSPHRASE
exit 10
}
}

# Generate a passphrase
export PASSPHRASE=$(head -c 500 /dev/urandom | tr -dc a-z0-9A-Z | head -c 128; echo)

# Certificate details; replace items in angle brackets with your own info
subj="
C=HR
ST=Zagreb
O=CentOS Web Panel
localityName=HR
commonName=$DOMAIN
organizationalUnitName=CentOS Web Panel
emailAddress=info@studio4host.com
"

# Generate the server private key
openssl genrsa -des3 -out $DOMAIN.key -passout env:PASSPHRASE 2048
fail_if_error $?

# Generate the CSR
openssl req \
-new \
-batch \
-subj "$(echo -n "$subj" | tr "\n" "/")" \
-key $DOMAIN.key \
-out $DOMAIN.csr \
-passin env:PASSPHRASE
fail_if_error $?
cp $DOMAIN.key $DOMAIN.key.org
fail_if_error $?

# Strip the password so we don't have to type it every time we restart Apache
openssl rsa -in $DOMAIN.key.org -out $DOMAIN.key -passin env:PASSPHRASE
fail_if_error $?

# Generate the cert (good for 10 years)
openssl x509 -req -days 3650 -in $DOMAIN.csr -signkey $DOMAIN.key -out $DOMAIN.crt
fail_if_error $?

mv /root/$cnf_hostname.key /etc/pki/tls/private/hostname.key
mv /root/$cnf_hostname.crt /etc/pki/tls/certs/hostname.crt
ln -s /etc/pki/tls/private/hostname.key /etc/pki/tls/private/$cnf_hostname.key
ln -s /etc/pki/tls/certs/hostname.crt /etc/pki/tls/certs/$cnf_hostname.crt
echo " " > /etc/pki/tls/certs/$cnf_hostname.bundle

# Services Certs
ln -s /etc/pki/tls/certs/hostname.crt /etc/pki/tls/certs/server-cwp.crt
ln -s /etc/pki/tls/certs/hostname.crt /etc/pki/tls/certs/server-dovecot.crt
ln -s /etc/pki/tls/certs/hostname.crt /etc/pki/tls/certs/server-ftp.crt
ln -s /etc/pki/tls/certs/hostname.crt /etc/pki/tls/certs/server-http.crt
ln -s /etc/pki/tls/certs/hostname.crt /etc/pki/tls/certs/server-postfix.crt

ln -s /etc/pki/tls/private/hostname.key /etc/pki/tls/private/server-cwp.key
ln -s /etc/pki/tls/private/hostname.key /etc/pki/tls/private/server-dovecot.key
ln -s /etc/pki/tls/private/hostname.key /etc/pki/tls/private/server-ftp.key
ln -s /etc/pki/tls/private/hostname.key /etc/pki/tls/private/server-http.key
ln -s /etc/pki/tls/private/hostname.key /etc/pki/tls/private/server-postfix.key

##### END SSL Certifikat START #####

# /etc/postfix/main.cf
sed -i "s|MY_HOSTNAME|$cnf_hostname|" /etc/postfix/main.cf
sed -i "s|MY_HOSTNAME|autoreply.$cnf_hostname|" /etc/postfix/mysql-virtual_vacation.cf
sed -i "s|MY_DOMAIN|$cnf_hostname|" /etc/postfix/main.cf

# MySQL PWD Fix for postfix
sed -i "s|MYSQL_PASSWORD|$postfix_pwd|" /etc/postfix/mysql-relay_domains_maps.cf
sed -i "s|MYSQL_PASSWORD|$postfix_pwd|" /etc/postfix/mysql-virtual_alias_maps.cf
sed -i "s|MYSQL_PASSWORD|$postfix_pwd|" /etc/postfix/mysql-virtual_domains_maps.cf
sed -i "s|MYSQL_PASSWORD|$postfix_pwd|" /etc/postfix/mysql-virtual_mailbox_limit_maps.cf
sed -i "s|MYSQL_PASSWORD|$postfix_pwd|" /etc/postfix/mysql-virtual_mailbox_maps.cf
sed -i "s|MYSQL_PASSWORD|$postfix_pwd|" /etc/postfix/mysql-virtual_vacation.cf

# Postfix Web panel SQL setup
if [ ! -e "/usr/local/cwpsrv/htdocs/resources/admin/include/postfix.php" ]
then
cd /usr/local/cwpsrv/htdocs/resources/admin/include
wget -q http://centos-webpanel.com/webpanel/main.php?dl=postfix.txt
mv main.php?dl=postfix.txt postfix.php
fi
sed -i "s|\$db_pass_postfix = ''|\$db_pass_postfix = '$postfix_pwd'|" /usr/local/cwpsrv/htdocs/resources/admin/include/postfix.php
chmod 600 /usr/local/cwpsrv/htdocs/resources/admin/include/postfix.php

# Vacation fix
sed -i "s|MYSQL_PASSWORD|$postfix_pwd|" /etc/postfix/vacation.conf
sed -i "s|AUTO_REPLAY|autoreply.$cnf_hostname|" /etc/postfix/vacation.conf

# DOVECOT fix
sed -i "s|MYSQL_PASSWORD|$postfix_pwd|" /etc/dovecot/dovecot-dict-quota.conf
sed -i "s|MYSQL_PASSWORD|$postfix_pwd|" /etc/dovecot/dovecot-mysql.conf
sed -i "s|MY_DOMAIN|$cnf_hostname|" /etc/dovecot/dovecot.conf
sed -i "s|MY_DOMAIN|$cnf_hostname|" /etc/dovecot/dovecot.conf


##### ROUNDCUBE INSTALLER #####
/usr/local/cwp/php71/bin/pear install Mail_mime
/usr/local/cwp/php71/bin/pear install Net_SMTP
/usr/local/cwp/php71/bin/pear install channel://pear.php.net/Net_IDNA2-0.1.1

#SIEVE REQUIREMENTS
# >=5.3.0, roundcube/plugin-installer: >=0.1.3, roundcube/net_sieve: "1.5.0
/usr/local/cwp/php71/bin/pear install Net_Sieve

if [ -z "${mysql_roundcube_password}" ]; then
  tmp=$(</dev/urandom tr -dc A-Za-z0-9 | head -c12)
  mysql_roundcube_password=${mysql_roundcube_password:-${tmp}}
  echo "MySQL roundcube: ${mysql_roundcube_password}" >> .passwords
fi

if [ -z "${mysql_root_password}" ]; then
  read -p "MySQL root password []:" mysql_root_password
fi

wget -P /usr/local/cwpsrv/var/services http://dl1.centos-webpanel.com/files/mail/roundcubemail-1.2.3.tar.gz
tar -C /usr/local/cwpsrv/var/services -zxvf /usr/local/cwpsrv/var/services/roundcubemail-*.tar.gz
rm -f /usr/local/cwpsrv/var/services/roundcubemail-*.tar.gz
mv /usr/local/cwpsrv/var/services/roundcubemail-* /usr/local/cwpsrv/var/services/roundcube
chown cwpsvc:cwpsvc -R /usr/local/cwpsrv/var/services/roundcube
chmod 777 -R /usr/local/cwpsrv/var/services/roundcube/temp/
chmod 777 -R /usr/local/cwpsrv/var/services/roundcube/logs/

sed -e "s|mypassword|${mysql_roundcube_password}|" <<'EOF' | mysql -u root -p"${mysql_root_password}"
USE mysql;
CREATE DATABASE IF NOT EXISTS roundcube;
GRANT ALL PRIVILEGES ON roundcube.* TO 'roundcube'@'localhost' IDENTIFIED BY 'mypassword';
FLUSH PRIVILEGES;
EOF

mysql -u root -p"${mysql_root_password}" 'roundcube' < /usr/local/cwpsrv/var/services/roundcube/SQL/mysql.initial.sql

cp /usr/local/cwpsrv/var/services/roundcube/config/config.inc.php.sample /usr/local/cwpsrv/var/services/roundcube/config/config.inc.php

sed -i "s|^\(\$config\['default_host'\] =\).*$|\1 \'localhost\';|" /usr/local/cwpsrv/var/services/roundcube/config/config.inc.php
sed -i "s|^\(\$config\['smtp_server'\] =\).*$|\1 \'localhost\';|" /usr/local/cwpsrv/var/services/roundcube/config/config.inc.php
sed -i "s|^\(\$config\['smtp_user'\] =\).*$|\1 \'%u\';|" /usr/local/cwpsrv/var/services/roundcube/config/config.inc.php
sed -i "s|^\(\$config\['smtp_pass'\] =\).*$|\1 \'%p\';|" /usr/local/cwpsrv/var/services/roundcube/config/config.inc.php
#sed -i "s|^\(\$config\['support_url'\] =\).*$|\1 \'mailto:${E}\';|" /usr/local/cwpsrv/var/services/roundcube/config/config.inc.php
sed -i "s|^\(\$config\['quota_zero_as_unlimited'\] =\).*$|\1 true;|" /usr/local/cwpsrv/var/services/roundcube/config/config.inc.php
sed -i "s|^\(\$config\['preview_pane'\] =\).*$|\1 true;|" /usr/local/cwpsrv/var/services/roundcube/config/config.inc.php
sed -i "s|^\(\$config\['read_when_deleted'\] =\).*$|\1 false;|" /usr/local/cwpsrv/var/services/roundcube/config/config.inc.php
sed -i "s|^\(\$config\['check_all_folders'\] =\).*$|\1 true;|" /usr/local/cwpsrv/var/services/roundcube/config/config.inc.php
sed -i "s|^\(\$config\['display_next'\] =\).*$|\1 true;|" /usr/local/cwpsrv/var/services/roundcube/config/config.inc.php
sed -i "s|^\(\$config\['top_posting'\] =\).*$|\1 true;|" /usr/local/cwpsrv/var/services/roundcube/config/config.inc.php
sed -i "s|^\(\$config\['sig_above'\] =\).*$|\1 true;|" /usr/local/cwpsrv/var/services/roundcube/config/config.inc.php
sed -i "s|^\(\$config\['login_lc'\] =\).*$|\1 2;|" /usr/local/cwpsrv/var/services/roundcube/config/config.inc.php
sed -i "s|MYSQL_PASSWORD|$postfix_pwd|g" /usr/local/cwpsrv/var/services/roundcube/plugins/password/config.inc.php
sed -i "s|^\(\$config\['db_dsnw'\] =\).*$|\1 \'mysqli://roundcube:${mysql_roundcube_password}@localhost/roundcube\';|" /usr/local/cwpsrv/var/services/roundcube/config/config.inc.php
rm -rf /usr/local/cwpsrv/var/services/roundcube/installer
chown -R cwpsvc:cwpsvc /usr/local/cwpsrv/var/services/roundcube

# Setup Login Screen
[[ $(grep "bash_cwp" /root/.bash_profile) == "" ]] && echo "sh /root/.bash_cwp" >>  /root/.bash_profile

cat > /root/.bash_cwp <<EOF
echo ""
echo "********************************************"
echo "Welcome to CWP (CentOS WebPanel) server"
echo "Restart CWP using: service cwpsrv restart"
echo "********************************************"
echo ""
echo "CWP Wiki: http://wiki.centos-webpanel.com"
echo "CWP Forum: http://forum.centos-webpanel.com"
echo "CWP Support: http://centos-webpanel.com/support-services"
echo ""
w
echo ""
EOF

# FIX /etc/init.d links
yum -y remove httpd
cd /etc/init.d/
rm -f /etc/init.d/httpd
wget -q http://dl1.centos-webpanel.com/files/s_scripts/httpd
chmod +x /etc/init.d/httpd

if [ ! -e "/scripts" ]
then
	cd /;ln -s /usr/local/cwpsrv/htdocs/resources/scripts /scripts
fi

# FIX QUOTA for first few users caused by UID & GID
sed -i 's/^UID_MIN.*/UID_MIN 700/' /etc/login.defs
sed -i 's/^GID_MIN.*/GID_MIN 700/' /etc/login.defs

# Email AutoResponder Fix
chmod +x /usr/sbin/sendmail.postfix

# NAT-ed networking setup detection
checklocal=`/sbin/ip addr sh | grep $pubip`

if [ -z "$checklocal" ];then
	mkdir -p /usr/local/cwp/.conf/
        touch /usr/local/cwp/.conf/nat_check.conf
fi

# Chkconfig
# iptables -F
chkconfig iptables off
chkconfig httpd on
chkconfig cwpsrv on
chkconfig mysqld on
chkconfig pure-ftpd on
chkconfig postfix on
chkconfig dovecot on

# Lets make php easier for usage
ln -s /usr/local/bin/php /bin/php
ln -s /usr/local/bin/php /usr/bin/php

# service restart
service httpd restart
service cwpsrvd restart

# Check /tmp
if [[ `cat /etc/fstab | grep -E 'tmp.*noexec'` != "" ]]; then mount -o remount /tmp >/dev/null 2>&1 ; fi

chown vmail.mail /var/log/dovecot*
chown -R nobody:nobody /usr/local/apache/htdocs/*
/usr/bin/chattr +i /usr/local/cwpsrv/htdocs/admin

# NAT-ed networking setup detection
checklocal=`/sbin/ip addr sh | grep $pubip`

if [ -z "$checklocal" ];then
        mkdir -p /usr/local/cwp/.conf/
        touch /usr/local/cwp/.conf/nat_check.conf
fi

clear
echo "#############################"
echo "#      CWP Installed        #"
echo "#############################"
echo ""
echo "go to CentOS WebPanel Admin GUI at http://SERVER_IP:2030/"
echo ""
echo "http://${pubip}:2030"
echo "SSL: https://${pubip}:2031"
echo -e "---------------------"
echo "Username: root"
echo "Password: ssh server root password"
echo "MySQL root Password: $password"
echo
echo "#########################################################"
echo "          CentOS Web Panel MailServer Installer          "
echo "#########################################################"
#echo "Roundcube MySQL Password: ${mysql_roundcube_password}"
#echo "Postfix MySQL Password: ${postfix_pwd}"
echo "SSL Cert name (hostname): ${cnf_hostname}"
echo "SSL Cert file location /etc/pki/tls/ private|certs"
echo "#########################################################"
echo
echo "visit for help: www.centos-webpanel.com"
echo "Write down login details and press ENTER for server reboot!"
read -p "Press ENTER for server reboot!"
shutdown -r now