Untitled

Debian wheezy is advised for this guide

installs apache2/php5, rtorrent, rutorrent, autodl-irssi/plugin and proftpd.
in putty just type..
wget -O install.sh http://sprunge.us/OYHe
then
bash install.sh NewUsername NewPassword
done

info on what it does..


# by Dan39
# installs apache2/php5, rtorrent, rutorrent, autodl-irssi/plugin, proftpd, mediainfo

# version 3.00


error() {
echo "$1"
echo 'exiting'
exit 1
}

set -e

[ $USER = 'root' ] || error 'Must run script as root'
[ 'x' = "x$1" ] && error 'Must supply 1st arg which will be ussername for system user and rutorrent user'
[ 'x' = "x$2" ] && error 'Must supply 2nd arg which will be password used for rutorrent and ssh/ftp etc.'

ltv='0.13.4'
rtv='0.9.4'

grep '^Debian' /etc/issue.net || error 'Only run this script on Debian!'

echo 'Creating user, please enter password for system user when it prompts'
useradd -m -s /bin/bash "$1" || error 'Problem adding new user, maybe this user already exists?!'
echo "$1:$2" | chpasswd

echo 'Running user script..'
su -s /bin/bash "$1" <<'EOSCRIPT'

echo 'Creating directories for rtorrent'
cd ~
mkdir .session
mkdir watch
mkdir downloads

echo 'Writing .rtorrent.rc'
cat > '.rtorrent.rc' <<'EOF'
scgi_port = 127.0.0.1:5009

throttle.max_uploads.set = 100
throttle.max_peers.normal.set = 500

throttle.global_down.max_rate.set_kb = 0
throttle.global_up.max_rate.set_kb = 0

directory.default.set = ~/downloads
session.path.set = ~/.session

schedule = low_diskspace,5,60,close_low_diskspace=100M
schedule = watch_directory,5,5,load.start=~/watch/*.torrent

network.port_range.set = 57300-57400
network.port_random.set = yes

trackers.use_udp.set = yes
protocol.encryption.set = require_RC4
dht.mode.set = off
protocol.pex.set = no
pieces.hash.on_completion.set = no
EOF

echo 'Installing conrtab to start rtorrent/irssi on reboot'
echo -e '@reboot /usr/bin/screen -fa -d -m -S rtorrent /usr/local/bin/rtorrent\n@reboot /usr/bin/screen -fa -d -m -S irssi /usr/bin/irssi' | crontab -
EOSCRIPT

cd ~
mkdir rtorrentbuild
cd rtorrentbuild

echo 'Editing sources.list'
grep -e 'non-free' -e 'contrib' /etc/apt/sources.list || sed -i 's/\(deb.*\)/\1 contrib non-free/' /etc/apt/sources.list

echo 'Configuring proftpd to run standalone'
echo 'proftpd-basic shared/proftpd/inetd_or_standalone select standalone' | debconf-set-selections

echo 'Updating and installing packages'
apt-get -qy update
apt-get -qy build-dep xmlrpc-c
apt-get -qy build-dep libtorrent
apt-get -qy install git screen subversion libncurses5-dev libncursesw5-dev build-essential curl apache2 php5 php5-dev php5-geoip unzip unrar rar mktorrent ffmpeg proftpd

echo 'Editing proftpd configs'
echo -e '\n<Global>\nAllowForeignAddress on\n</Global>' >> /etc/proftpd/proftpd.conf
sed -i 's@#Include /etc/proftpd/tls.conf@Include /etc/proftpd/tls.conf@' /etc/proftpd/proftpd.conf
sed -i 's/inetd/standalone/' /etc/proftpd/proftpd.conf
cat > /etc/proftpd/tls.conf <<'EOF'
#
# Proftpd sample configuration for FTPS connections.
#
# Note that FTPS impose some limitations in NAT traversing.
# See http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html
# for more information.
#

<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol SSLv23
#
# Server SSL certificate. You can generate a self-signed certificate using
# a command like:
#
# openssl req -x509 -newkey rsa:1024 \
# -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt \
# -nodes -days 365
#
# The proftpd.key file must be readable by root only. The other file can be
# readable by anyone.
#
# chmod 0600 /etc/ssl/private/proftpd.key
# chmod 0640 /etc/ssl/private/proftpd.key
#
#TLSRSACertificateFile /etc/ssl/certs/proftpd.crt
#TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key
#
TLSRSACertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
TLSRSACertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
#
# CA the server trusts
#TLSCACertificateFile /etc/ssl/certs/CA.pem
# or avoid CA cert and be verbose
#TLSRSACertificateFileSOptions NoCertRequest EnableDiags
#
# Per default drop connection if client tries to start a renegotiate
# This is a fix for CVE-2009-3555 but could break some clients.
#
#TLSOptions AllowowClientRenegotiations
#
TLSOptions NoCertRequest NoSessionReuseRequired AllowClientRenegotiations EnableDiags
#
# Authenticate clients that want to use FTP over TLS?
#
TLSVerifyClient off
#
# Are clients required to use FTP over TLS when talking to this server?
#
TLSRequired off
#
# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotations. Some clients do not support
# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
# clients will close the data connection, or there will be a timeout
# on an idle data connection.
#
TLSRenegotiate required off
</IfModule>
EOF

echo 'Restarting proftpd'
service proftpd restart

echo 'Downloading xmlrpc-c/libtorrent/rtorrent sources'
wget "http://libtorrent.rakshasa.no/downloads/libtorrent-$ltv.tar.gz" "http://libtorrent.rakshasa.no/downloads/rtorrent-$rtv.tar.gz"

tar -xzf libtorrent-$ltv.tar.gz
tar -xzf rtorrent-$rtv.tar.gz

svn checkout http://svn.code.sf.net/p/xmlrpc-c/code/advanced xmlrpc-c-code

echo 'Compiling/installing xmlrpc-c'
cd xmlrpc-c-code
./configure
make
make install
cd ..

echo 'Compiling/installing libtorrent'
cd libtorrent-$ltv
./configure
make
make install
cd ..

echo 'Compiling/installing rtorrent'
cd rtorrent-$rtv
./configure --with-xmlrpc-c=/usr/local/bin/xmlrpc-c-config
make
make install

echo 'Running ldconfig since we installed to /usr/local/'
ldconfig

cd ~
rm -r rtorrentbuild

echo 'Writing apache2 site config to allow htaccess password setup'
cat > /etc/apache2/sites-available/default <<'EOF'
<VirtualHost *:80>
ServerAdmin webmaster@localhost

DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride AuthConfig
Order allow,deny
allow from all
</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
EOF


cat > /etc/apache2/sites-available/default-ssl <<'EOF'
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost

DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride AuthConfig
Order allow,deny
allow from all
</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined

# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on

# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt

# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /etc/ssl/certs/
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt

# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /etc/apache2/ssl.crl/
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl

# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10

# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>

# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
# under a "Satisfy any" situation, i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>

# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

</VirtualHost>
</IfModule>
EOF

echo 'Enable ssl mod/site'
a2enmod ssl
a2ensite default-ssl

echo 'Restarting apache2'
service apache2 restart

echo 'Downloading and unpacking rutorrent'
cd /var/www
wget 'http://dl.bintray.com/novik65/generic/rutorrent-3.6.tar.gz'
tar -xzf rutorrent-3.6.tar.gz
rm rutorrent-3.6.tar.gz
cd rutorrent

echo 'Downloading and unpacking plugins'
wget 'http://dl.bintray.com/novik65/generic/plugins-3.6.tar.gz'
tar -xzf plugins-3.6.tar.gz
rm plugins-3.6.tar.gz
cd plugins
echo 'Removing dumb plugins'
rm -r extratio/ extsearch/ ipad/ show_peers_like_wtorrent/ rpc/ feeds/ retrackers/ throttle/ rutracker_check/ loginmgr/ check_port/
echo 'Editing create plugin conf to use mktorrent'
sed -i 's/$useExternal = false;/$useExternal = "mktorrent";/' create/conf.php
cd ..
echo 'Setting correct permissions for share directory'
chown -R root:root ./
chmod -R u=rwX,go=rX ./
chown -R www-data:www-data share/
find share/ -type d -exec chmod 777 {} \;
find share/ -type f -exec chmod 666 {} \;
echo 'Setting up user config'
cd conf/users/
mkdir -p "$1/plugins/autodl-irssi/"
cd "$1"
cp ../../config.php ./
sed -i 's/scgi_port = 5000/scgi_port = 5009/' config.php
sed -i "s_\$topDirectory = '/'_\$topDirectory = '/home/$1/'_" config.php

cd /var/www/rutorrent/
echo 'Writing htaccess/htpasswd for user login'
cat > .htaccess <<'EOF'
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /var/www/rutorrent/.htpasswd
AuthGroupFile /dev/null
require valid-user
EOF

htpasswd -cb .htpasswd "$1" "$2"

echo 'Install autodl-irssi/rutorrent plugin'
apt-get -qy install perl irssi irssi-scripts libdigest-sha-perl libarchive-zip-perl libnet-ssleay-perl libjson-perl libjson-xs-perl libxml-libxml-perl

pw=$(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c17)

echo 'Running user script..'
su -s /bin/bash "$1" <<EOSCRIPT

mkdir -p ~/.irssi/scripts/autorun
cd ~/.irssi/scripts
wget -O autodl-irssi.zip http://update.autodl-community.com/autodl-irssi-community.zip
unzip -o autodl-irssi.zip
rm autodl-irssi.zip
cp autodl-irssi.pl autorun/
mkdir ~/.autodl
touch ~/.autodl/autodl.cfg
cat > ~/.autodl/autodl2.cfg <<EOF
[options]
gui-server-port = 23760
gui-server-password = $pw
EOF
EOSCRIPT

cd /var/www/rutorrent/plugins/
git clone https://github.com/autodl-community/autodl-rutorrent.git autodl-irssi
chown -R www-data:www-data autodl-irssi
cd ../
cat > "conf/users/$1/plugins/autodl-irssi/conf.php" <<EOF
<?php
\$autodlPort = 23760;
\$autodlPassword = "$pw";
?>
EOF

echo 'Installing mediainfo'
wget 'http://mediaarea.net/download/binary/libzen0/0.4.29/libzen0_0.4.29-1_amd64.Debian_7.0.deb'
dpkg -i libzen0_0.4.29-1_amd64.Debian_7.0.deb
rm libzen0_0.4.29-1_amd64.Debian_7.0.deb

wget 'http://mediaarea.net/download/binary/libmediainfo0/0.7.69/libmediainfo0_0.7.69-1_amd64.Debian_7.0.deb'
dpkg -i libmediainfo0_0.7.69-1_amd64.Debian_7.0.deb
rm libmediainfo0_0.7.69-1_amd64.Debian_7.0.deb

wget 'http://mediaarea.net/download/binary/mediainfo/0.7.69/mediainfo_0.7.69-1_amd64.Debian_7.0.deb'
dpkg -i mediainfo_0.7.69-1_amd64.Debian_7.0.deb
rm mediainfo_0.7.69-1_amd64.Debian_7.0.deb

su -s /bin/bash -c "cd ~; screen -dmS rtorrent rtorrent; screen -dmS irssi irssi" "$1"


thanks to Dan39 for his work.