Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- export PATH=$PATH:/sbin
- RHOST='apt.hestiacp.com'
- GPG='gpg.hestiacp.com'
- HESTIA='/usr/local/hestia'
- LOG="/root/hst_install_backups/hst_install-$(date +%d%m%Y%H%M).log"
- memory=$(grep 'MemTotal' /proc/meminfo |tr ' ' '\n' |grep [0-9])
- hst_backups="/root/hst_install_backups/$(date +%d%m%Y%H%M)"
- arch=$(uname -i)
- spinner="/-\|"
- codename="$(cat /etc/os-release |grep VERSION= |cut -f 2 -d \(|cut -f 1 -d \))"
- pma_v='5.0.1'
- fpm_v="7.4"
- HESTIA_INSTALL_DIR="$HESTIA/install/deb"
- nginx='yes'
- phpfpm='yes'
- multiphp='no'
- vsftpd='yes'
- proftpd='no'
- named='yes'
- mysql='yes'
- postgresql='no'
- exim='yes'
- dovecot='yes'
- clamd='yes'
- spamd='yes'
- iptables='yes'
- fail2ban='yes'
- quota='no'
- interactive='yes'
- api='yes'
- email='tomislav@cybershark.rs'
- lang='en'
- port=8083
- # Defining password-gen function
- gen_pass() {
- MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
- LENGTH=10
- while [ ${n:=1} -le $LENGTH ]; do
- PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}"
- let n+=1
- done
- echo "$PASS"
- }
- software="awstats bc bind bind-libs bind-utils clamav clamav-update
- curl dovecot e2fsprogs exim expect fail2ban flex freetype ftp GeoIP httpd
- ImageMagick iptables-services lsof mailx mc
- net-tools nginx openssh-clients pcre libidn git php
- php-bcmath php-cli php-common php-fpm php-gd php-imap php-mbstring
- php-mcrypt phpMyAdmin php-mysql php-pdo php-pgsql php-soap
- php-tidy php-xml php-xmlrpc php-opcache php-pspell php-readline
- php-imagick php-intl php-json php-bz2 php-zip php-ldap php-apcu php-curl
- roundcubemail rrdtool rsyslog screen
- spamassassin sqlite sudo tar telnet unzip quota
- sudo vim-common vsftpd which zip sysstat"
- # Asking for confirmation to proceed
- if [ "$interactive" = 'yes' ]; then
- read -p 'Would you like to continue with the installation? [Y/N]: ' answer
- if [ "$answer" != 'y' ] && [ "$answer" != 'Y' ]; then
- echo 'Goodbye'
- exit 1
- fi
- # Asking for contact email
- if [ -z "$email" ]; then
- read -p 'Please enter admin email address: ' email
- fi
- # Asking to set FQDN hostname
- if [ -z "$servername" ]; then
- read -p "Please enter FQDN hostname [$(hostname -f)]: " servername
- fi
- fi
- # Set hostname if it wasn't set
- if [ -z "$servername" ]; then
- servername=$(hostname -f)
- fi
- # Set FQDN if it wasn't set
- mask1='(([[:alnum:]](-?[[:alnum:]])*)\.)'
- mask2='*[[:alnum:]](-?[[:alnum:]])+\.[[:alnum:]]{2,}'
- if ! [[ "$servername" =~ ^${mask1}${mask2}$ ]]; then
- if [ ! -z "$servername" ]; then
- servername="$servername.example.com"
- else
- servername="example.com"
- fi
- echo "127.0.0.1 $servername" >> /etc/hosts
- fi
- # Set email if it wasn't set
- if [ -z "$email" ]; then
- email="admin@$servername"
- fi
- # Creating backup directory tree
- mkdir -p $hst_backups
- cd $hst_backups
- mkdir nginx apache2 php vsftpd proftpd bind exim4 dovecot clamd
- mkdir spamassassin mysql postgresql hestia
- # Backup nginx configuration
- systemctl stop nginx > /dev/null 2>&1
- cp -r /etc/nginx/* $hst_backups/nginx > /dev/null 2>&1
- # Backup Apache configuration
- systemctl stop apache2 > /dev/null 2>&1
- cp -r /etc/apache2/* $hst_backups/apache2 > /dev/null 2>&1
- rm -f /etc/apache2/conf.d/* > /dev/null 2>&1
- # Backup PHP-FPM configuration
- systemctl stop php*-fpm > /dev/null 2>&1
- cp -r /etc/php/* $hst_backups/php/ > /dev/null 2>&1
- # Backup Bind configuration
- systemctl stop named > /dev/null 2>&1
- cp -r /etc/named* $hst_backups/named > /dev/null 2>&1
- # Backup Vsftpd configuration
- systemctl stop vsftpd > /dev/null 2>&1
- cp /etc/vsftpd.conf $hst_backups/vsftpd > /dev/null 2>&1
- # Backup ProFTPD configuration
- systemctl stop proftpd > /dev/null 2>&1
- cp /etc/proftpd.conf $hst_backups/proftpd > /dev/null 2>&1
- # Backup Exim configuration
- systemctl stop exim > /dev/null 2>&1
- cp -r /etc/exim/* $hst_backups/exim > /dev/null 2>&1
- # Backup ClamAV configuration
- systemctl stop clamav-daemon > /dev/null 2>&1
- cp -r /etc/clam* $hst_backups/clamav > /dev/null 2>&1
- # Backup SpamAssassin configuration
- systemctl stop spamassassin > /dev/null 2>&1
- cp -r /etc/spamassassin/* $hst_backups/spamassassin > /dev/null 2>&1
- # Backup Dovecot configuration
- systemctl stop dovecot > /dev/null 2>&1
- cp /etc/dovecot.conf $hst_backups/dovecot > /dev/null 2>&1
- cp -r /etc/dovecot/* $hst_backups/dovecot > /dev/null 2>&1
- # Backup MySQL/MariaDB configuration and data
- systemctl stop mysql > /dev/null 2>&1
- killall -9 mysqld > /dev/null 2>&1
- mv /var/lib/mysql $hst_backups/mysql/mysql_datadir > /dev/null 2>&1
- cp -r /etc/percona-server.conf.d* $hst_backups/mysql > /dev/null 2>&1
- mv -f /root/.my.cnf $hst_backups/mysql > /dev/null 2>&1
- # Backup Hestia
- systemctl stop hestia > /dev/null 2>&1
- cp -r $HESTIA/* $hst_backups/hestia > /dev/null 2>&1
- rm -rf $HESTIA > /dev/null 2>&1
- # Restarting rsyslog
- service rsyslog restart > /dev/null 2>&1
- # Checking ipv6 on loopback interface
- check_lo_ipv6=$(/sbin/ip addr | grep 'inet6')
- check_rc_ipv6=$(grep 'scope global dev lo' /etc/rc.local)
- if [ ! -z "$check_lo_ipv6)" ] && [ -z "$check_rc_ipv6" ]; then
- ip addr add ::2/128 scope global dev lo
- echo "# Vesta: Workraround for openssl validation func" >> /etc/rc.local
- echo "ip addr add ::2/128 scope global dev lo" >> /etc/rc.local
- chmod a+x /etc/rc.local
- fi
- # Disabling SELinux
- if [ -e '/etc/sysconfig/selinux' ]; then
- sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
- sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
- setenforce 0 2>/dev/null
- fi
- # Disabling iptables
- service iptables stop
- service firewalld stop >/dev/null 2>&1
- # Adding backup user
- adduser backup 2>/dev/null
- ln -sf /home/backup /backup
- chmod a+x /backup
- # Set directory color
- echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile
- # Register /sbin/nologin and /usr/sbin/nologin
- echo "/sbin/nologin" >> /etc/shells
- echo "/usr/sbin/nologin" >> /etc/shells
- # Changing default systemd interval
- echo "DefaultStartLimitInterval=1s" >> /etc/systemd/system.conf
- echo "DefaultStartLimitBurst=60" >> /etc/systemd/system.conf
- systemctl daemon-reexec
- echo "(*) Configuring system settings..."
- # Enable SSH password authentication
- sed -i "s/rdAuthentication no/rdAuthentication yes/g" /etc/ssh/sshd_config
- # Reduce SSH login grace time
- sed -i "s/LoginGraceTime 2m/LoginGraceTime 1m/g" /etc/ssh/sshd_config
- sed -i "s/#LoginGraceTime 2m/LoginGraceTime 1m/g" /etc/ssh/sshd_config
- # Set directory color
- if [ -z "$(grep 'LS_COLORS="$LS_COLORS:di=00;33"' /etc/profile)" ]; then
- echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile
- fi
- # Registering /usr/sbin/nologin
- if [ -z "$(grep nologin /etc/shells)" ]; then
- echo "/usr/sbin/nologin" >> /etc/shells
- fi
- echo "(*) Configuring Hestia Control Panel..."
- # Installing sudo configuration
- mkdir -p /etc/sudoers.d
- cp -fn $HESTIA_INSTALL_DIR/sudo/admin /etc/sudoers.d/
- chmod 440 /etc/sudoers.d/admin
- # Configuring system env
- echo "export HESTIA='$HESTIA'" > /etc/profile.d/hestia.sh
- echo 'PATH=$PATH:'$HESTIA'/bin' >> /etc/profile.d/hestia.sh
- echo 'export PATH' >> /etc/profile.d/hestia.sh
- chmod 755 /etc/profile.d/hestia.sh
- source /etc/profile.d/hestia.sh
- # Configuring logrotate for Hestia logs
- cp -fn $HESTIA_INSTALL_DIR/logrotate/hestia /etc/logrotate.d/hestia
- # Building directory tree and creating some blank files for Hestia
- mkdir -p $HESTIA/conf $HESTIA/log $HESTIA/ssl $HESTIA/data/ips \
- $HESTIA/data/queue $HESTIA/data/users $HESTIA/data/firewall \
- $HESTIA/data/sessions
- touch $HESTIA/data/queue/backup.pipe $HESTIA/data/queue/disk.pipe \
- $HESTIA/data/queue/webstats.pipe $HESTIA/data/queue/restart.pipe \
- $HESTIA/data/queue/traffic.pipe $HESTIA/log/system.log \
- $HESTIA/log/nginx-error.log $HESTIA/log/auth.log
- chmod 750 $HESTIA/conf $HESTIA/data/users $HESTIA/data/ips $HESTIA/log
- chmod -R 750 $HESTIA/data/queue
- chmod 660 $HESTIA/log/*
- rm -f /var/log/hestia
- ln -s $HESTIA/log /var/log/hestia
- chmod 770 $HESTIA/data/sessions
- # Generating Hestia configuration
- rm -f $HESTIA/conf/hestia.conf > /dev/null 2>&1
- touch $HESTIA/conf/hestia.conf
- chmod 660 $HESTIA/conf/hestia.conf
- echo "WEB_SYSTEM='nginx'" >> $HESTIA/conf/hestia.conf
- echo "WEB_PORT='80'" >> $HESTIA/conf/hestia.conf
- echo "WEB_SSL_PORT='443'" >> $HESTIA/conf/hestia.conf
- echo "WEB_SSL='openssl'" >> $HESTIA/conf/hestia.conf
- #echo "STATS_SYSTEM='awstats'" >> $HESTIA/conf/hestia.conf
- echo "WEB_BACKEND='php-fpm'" >> $HESTIA/conf/hestia.conf
- installed_db_types='mysql'
- db=$(echo "$installed_db_types" |\
- sed "s/,/\n/g"|\
- sort -r -u |\
- sed "/^$/d"|\
- sed ':a;N;$!ba;s/\n/,/g')
- echo "DB_SYSTEM='$db'" >> $HESTIA/conf/hestia.conf
- echo "FTP_SYSTEM='vsftpd'" >> $HESTIA/conf/hestia.conf
- echo "DNS_SYSTEM='named'" >> $HESTIA/conf/hestia.conf
- # Mail stack
- if [ "$exim" = 'yes' ]; then
- echo "MAIL_SYSTEM='exim'" >> $HESTIA/conf/hestia.conf
- if [ "$clamd" = 'yes' ]; then
- echo "ANTIVIRUS_SYSTEM='clamav-daemon'" >> $HESTIA/conf/hestia.conf
- fi
- if [ "$spamd" = 'yes' ]; then
- echo "ANTISPAM_SYSTEM='spamassassin'" >> $HESTIA/conf/hestia.conf
- fi
- if [ "$dovecot" = 'yes' ]; then
- echo "IMAP_SYSTEM='dovecot'" >> $HESTIA/conf/hestia.conf
- fi
- fi
- # Cron daemon
- echo "CRON_SYSTEM='crond'" >> $HESTIA/conf/hestia.conf
- # Firewall stack
- if [ "$iptables" = 'yes' ]; then
- echo "FIREWALL_SYSTEM='iptables'" >> $HESTIA/conf/hestia.conf
- fi
- if [ "$iptables" = 'yes' ] && [ "$fail2ban" = 'yes' ]; then
- echo "FIREWALL_EXTENSION='fail2ban'" >> $HESTIA/conf/hestia.conf
- fi
- # Disk quota
- if [ "$quota" = 'yes' ]; then
- echo "DISK_QUOTA='yes'" >> $HESTIA/conf/hestia.conf
- fi
- # Backups
- echo "BACKUP_SYSTEM='local'" >> $HESTIA/conf/hestia.conf
- # Language
- echo "LANGUAGE='$lang'" >> $HESTIA/conf/hestia.conf
- # Version & Release Branch
- echo "VERSION='1.1.1'" >> $HESTIA/conf/hestia.conf
- echo "RELEASE_BRANCH='release'" >> $HESTIA/conf/hestia.conf
- # Installing hosting packages
- cp -rf $HESTIA_INSTALL_DIR/packages $HESTIA/data/
- # Update nameservers in hosting package
- IFS='.' read -r -a domain_elements <<< "$servername"
- if [ ! -z "${domain_elements[-2]}" ] && [ ! -z "${domain_elements[-1]}" ]; then
- serverdomain="${domain_elements[-2]}.${domain_elements[-1]}"
- sed -i s/"domain.tld"/"$serverdomain"/g $HESTIA/data/packages/*.pkg
- fi
- # Installing templates
- cp -rf $HESTIA_INSTALL_DIR/templates $HESTIA/data/
- mkdir -p /var/www/html
- mkdir -p /var/www/document_errors
- # Install default success page
- cp -rf $HESTIA_INSTALL_DIR/templates/web/unassigned/index.html /var/www/html/
- cp -rf $HESTIA_INSTALL_DIR/templates/web/skel/document_errors/* /var/www/document_errors/
- # Installing firewall rules
- cp -rf $HESTIA_INSTALL_DIR/firewall $HESTIA/data/
- # Configuring server hostname
- $HESTIA/bin/v-change-sys-hostname $servername > /dev/null 2>&1
- # Generating SSL certificate
- echo "(*) Generating default self-signed SSL certificate..."
- $HESTIA/bin/v-generate-ssl-cert $(hostname) $email 'US' 'California' \
- 'San Francisco' 'Hestia Control Panel' 'IT' > /tmp/hst.pem
- # Parsing certificate file
- crt_end=$(grep -n "END CERTIFICATE-" /tmp/hst.pem |cut -f 1 -d:)
- key_start=$(grep -n "BEGIN RSA" /tmp/hst.pem |cut -f 1 -d:)
- key_end=$(grep -n "END RSA" /tmp/hst.pem |cut -f 1 -d:)
- # Adding SSL certificate
- echo "(*) Adding SSL certificate to Hestia Control Panel..."
- cd $HESTIA/ssl
- sed -n "1,${crt_end}p" /tmp/hst.pem > certificate.crt
- sed -n "$key_start,${key_end}p" /tmp/hst.pem > certificate.key
- chown root:mail $HESTIA/ssl/*
- chmod 660 $HESTIA/ssl/*
- rm /tmp/hst.pem
- # Adding nologin as a valid system shell
- if [ -z "$(grep nologin /etc/shells)" ]; then
- echo "/usr/sbin/nologin" >> /etc/shells
- fi
- # Install dhparam.pem
- #cp -fn $HESTIA_INSTALL_DIR/ssl/dhparam.pem /etc/ssl
- openssl dhparam -dsaparam -out /etc/ssl/dhparam.pem 4096
- if [ "$nginx" = 'yes' ]; then
- echo "(*) Configuring NGINX..."
- rm -f /etc/nginx/conf.d/*.conf
- cp -fn $HESTIA_INSTALL_DIR/nginx/nginx.conf /etc/nginx/
- cp -fn $HESTIA_INSTALL_DIR/nginx/status.conf /etc/nginx/conf.d/
- cp -fn $HESTIA_INSTALL_DIR/nginx/phpmyadmin.inc /etc/nginx/conf.d/
- cp -fn $HESTIA_INSTALL_DIR/nginx/phppgadmin.inc /etc/nginx/conf.d/
- cp -fn $HESTIA_INSTALL_DIR/logrotate/nginx /etc/logrotate.d/
- mkdir -p /etc/nginx/conf.d/domains
- mkdir -p /var/log/nginx/domains
- # Update dns servers in nginx.conf
- dns_resolver=$(cat /etc/resolv.conf | grep -i '^nameserver' | cut -d ' ' -f2 | tr '\r\n' ' ' | xargs)
- for ip in $dns_resolver; do
- if [[ $ip =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
- resolver="$ip $resolver"
- fi
- done
- if [ ! -z "$resolver" ]; then
- sed -i "s/1.0.0.1 1.1.1.1/$resolver/g" /etc/nginx/nginx.conf
- sed -i "s/1.0.0.1 1.1.1.1/$resolver/g" /usr/local/hestia/nginx/conf/nginx.conf
- fi
- systemctl enable nginx > /dev/null 2>&1
- systemctl start nginx >> $LOG
- fi
- #----------------------------------------------------------#
- # Configure PHP-FPM #
- #----------------------------------------------------------#
- if [ "$phpfpm" = 'yes' ]; then
- echo "(*) Configuring PHP-FPM..."
- $HESTIA/bin/v-add-web-php "$fpm_v" > /dev/null 2>&1
- cp -fn $HESTIA_INSTALL_DIR/php-fpm/www.conf /etc/php-fpm.d/www.conf
- systemctl enable php-fpm > /dev/null 2>&1
- systemctl start php-fpm >> $LOG
- update-alternatives --set php /usr/bin/php$fpm_v > /dev/null 2>&1
- fi
- #----------------------------------------------------------#
- # Configure PHP #
- #----------------------------------------------------------#
- ZONE=$(timedatectl 2>/dev/null|grep 'Time zone'|awk '{print $3}')
- if [ -e '/etc/sysconfig/clock' ]; then
- source /etc/sysconfig/clock
- fi
- if [ -z "$ZONE" ]; then
- ZONE='UTC'
- fi
- for pconf in $(find /etc/php* -name php.ini); do
- sed -i "s|;date.timezone =|date.timezone = $ZONE|g" $pconf
- sed -i 's%_open_tag = Off%_open_tag = On%g' $pconf
- done
- # Cleanup php session files not changed in the last 7 days (60*24*7 minutes)
- echo '#!/bin/sh' > /etc/cron.daily/php-session-cleanup
- echo "find -O3 /home/*/tmp/ -ignore_readdir_race -depth -mindepth 1 -name 'sess_*' -type f -cmin '+10080' -delete > /dev/null 2>&1" >> /etc/cron.daily/php-session-cleanup
- echo "find -O3 $HESTIA/data/sessions/ -ignore_readdir_race -depth -mindepth 1 -name 'sess_*' -type f -cmin '+10080' -delete > /dev/null 2>&1" >> /etc/cron.daily/php-session-cleanup
- chmod 755 /etc/cron.daily/php-session-cleanup
- #----------------------------------------------------------#
- # Configure Vsftpd #
- #----------------------------------------------------------#
- if [ "$vsftpd" = 'yes' ]; then
- echo "(*) Configuring Vsftpd server..."
- cp -fn $HESTIA_INSTALL_DIR/vsftpd/vsftpd.conf /etc/
- touch /var/log/vsftpd.log
- chown root:adm /var/log/vsftpd.log
- chmod 640 /var/log/vsftpd.log
- touch /var/log/xferlog
- chown root:adm /var/log/xferlog
- chmod 640 /var/log/xferlog
- systemctl enable vsftpd
- systemctl start vsftpd >> $LOG
- fi
- #----------------------------------------------------------#
- # Configure MySQL #
- #----------------------------------------------------------#
- if [ "$mysql" = 'yes' ]; then
- echo "(*) Configuring MySQL database server..."
- mycnf="my-small.cnf"
- if [ $memory -gt 1200000 ]; then
- mycnf="my-medium.cnf"
- fi
- if [ $memory -gt 3900000 ]; then
- mycnf="my-large.cnf"
- fi
- # Configuring MySQL
- #cp -fn $HESTIA_INSTALL_DIR/mysql/$mycnf /etc/percona-server.conf.d/mysqld.cnf
- #mysql_install_db >> $LOG
- systemctl enable mysql
- systemctl start mysql >> $LOG
- # Securing MySQL installation
- #mpass=$(date +%s | sha256sum | base64 | head -c 16 ; echo)
- mpass=`grep 'temporary password' /var/log/mysqld.log | tail -n 1 | cut -d"@" -f 2 | cut -d" " -f 2`
- echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf
- mysqladmin -u root password $mpass >> $LOG
- chmod 600 /root/.my.cnf
- # Clear MySQL Test Users and Databases
- mysql -e "DELETE FROM mysql.user WHERE User=''"
- mysql -e "DROP DATABASE test" > /dev/null 2>&1
- mysql -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'"
- mysql -e "DELETE FROM mysql.user WHERE user='';"
- mysql -e "DELETE FROM mysql.user WHERE authentication_string='';"
- # Configuring phpMyAdmin
- mysql < /usr/share/phpMyAdmin/sql/create_tables.sql
- p=$(date +%s | sha256sum | base64 | head -c 16 ; echo)
- fish=$(date +%s | sha256sum | base64 | head -c 16 ; echo)
- mysql -e "GRANT ALL ON phpmyadmin.*
- TO phpmyadmin@localhost IDENTIFIED BY '$p'"
- cp -fn $HESTIA/pma/config.inc.conf /etc/phpMyAdmin/config.inc.php
- sed -i "s/%blowfish_secret%/$fish/g" /etc/phpMyAdmin/config.inc.php
- sed -i "s/%phpmyadmin_pass%/$p/g" /etc/phpMyAdmin/config.inc.php
- chmod 777 /var/lib/phpMyAdmin/temp
- chmod 777 /var/lib/phpMyAdmin/save
- # Configuring phpMyAdmin
- #cp -fn $HESTIA_INSTALL_DIR/pma/config.inc.php /etc/phpMyAdmin/
- #chmod 777 /var/lib/phpMyAdmin/temp/
- fi
- #----------------------------------------------------------#
- # Configure Bind #
- #----------------------------------------------------------#
- if [ "$named" = 'yes' ]; then
- echo "(*) Configuring Bind DNS server..."
- cp -fn $HESTIA_INSTALL_DIR/bind/named.conf /etc/
- cp -fn $HESTIA_INSTALL_DIR/bind/named.conf.options /etc/named/
- chown root:named /etc/named.conf
- chown root:named /etc/bind/named.conf.options
- chown named:named /var/cache/bind
- chmod 640 /etc/named.conf
- chmod 640 /etc/named/named.conf.options
- #aa-complain /usr/sbin/named > /dev/null 2>&1
- #echo "/home/** rwm," >> /etc/apparmor.d/local/usr.sbin.named 2> /dev/null
- #if ! grep --quiet lxc /proc/1/environ; then
- # systemctl status apparmor > /dev/null 2>&1
- # if [ $? -ne 0 ]; then
- # systemctl restart apparmor >> $LOG
- # fi
- #fi
- systemctl enable bind9
- systemctl start bind9
- # Workaround for OpenVZ/Virtuozzo
- #if [ -e "/proc/vz/veinfo" ] && [ -e "/etc/rc.local" ]; then
- # sed -i "s/^exit 0/service bind9 restart\nexit 0/" /etc/rc.local
- #fi
- fi
- #----------------------------------------------------------#
- # Configure Exim #
- #----------------------------------------------------------#
- if [ "$exim" = 'yes' ]; then
- echo "(*) Configuring Exim mail server..."
- gpasswd -a exim mail > /dev/null 2>&1
- cp -fn $HESTIA_INSTALL_DIR/exim/exim4.conf.template /etc/exim/exim.conf.template
- cp -fn $HESTIA_INSTALL_DIR/exim/dnsbl.conf /etc/exim/
- cp -fn $HESTIA_INSTALL_DIR/exim/spam-blocks.conf /etc/exim/
- touch /etc/exim/white-blocks.conf
- if [ "$spamd" = 'yes' ]; then
- sed -i "s/#SPAM/SPAM/g" /etc/exim/exim.conf.template
- fi
- if [ "$clamd" = 'yes' ]; then
- sed -i "s/#CLAMD/CLAMD/g" /etc/exim/exim.conf.template
- fi
- chmod 640 /etc/exim/exim.conf.template
- rm -rf /etc/exim/domains
- mkdir -p /etc/exim/domains
- rm -fn /etc/alternatives/mta
- ln -s /usr/sbin/exim /etc/alternatives/mta
- systemctl disable sendmail > /dev/null 2>&1
- systemctl stop sendmail > /dev/null 2>&1
- systemctl disable postfix > /dev/null 2>&1
- systemctl stop postfix > /dev/null 2>&1
- systemctl enable exim
- systemctl start exim4 >> $LOG
- fi
- #----------------------------------------------------------#
- # Configure Dovecot #
- #----------------------------------------------------------#
- if [ "$dovecot" = 'yes' ]; then
- echo "(*) Configuring Dovecot POP/IMAP mail server..."
- gpasswd -a dovecot mail > /dev/null 2>&1
- cp -rf $HESTIA_INSTALL_DIR/dovecot /etc/
- cp -fn $HESTIA_INSTALL_DIR/logrotate/dovecot /etc/logrotate.d/
- if [ "$release" = '18.04' ]; then
- rm -fn /etc/dovecot/conf.d/15-mailboxes.conf
- fi
- chown -R root:root /etc/dovecot*
- systemctl enable dovecot
- systemctl start dovecot >> $LOG
- fi
- #----------------------------------------------------------#
- # Configure ClamAV #
- #----------------------------------------------------------#
- if [ "$clamd" = 'yes' ]; then
- gpasswd -a clamav mail > /dev/null 2>&1
- gpasswd -a clamav exim > /dev/null 2>&1
- cp -fn $HESTIA_INSTALL_DIR/clamav/clamd.conf /etc/
- systemctl enable clamd
- echo -ne "(*) Installing ClamAV anti-virus definitions... "
- /usr/bin/freshclam >> $LOG &
- BACK_PID=$!
- spin_i=1
- while kill -0 $BACK_PID > /dev/null 2>&1 ; do
- printf "\b${spinner:spin_i++%${#spinner}:1}"
- sleep 0.5
- done
- echo
- systemctl start clamav-daemon >> $LOG
- fi
- #----------------------------------------------------------#
- # Configure SpamAssassin #
- #----------------------------------------------------------#
- if [ "$spamd" = 'yes' ]; then
- echo "(*) Configuring SpamAssassin..."
- systemctl enable spamassassin > /dev/null 2>&1
- #sed -i "s/ENABLED=0/ENABLED=1/" /etc/default/spamassassin
- systemctl start spamassassin >> $LOG
- unit_files="$(systemctl list-unit-files |grep spamassassin)"
- if [[ "$unit_files" =~ "disabled" ]]; then
- systemctl enable spamassassin > /dev/null 2>&1
- fi
- fi
- #----------------------------------------------------------#
- # Configure Roundcube #
- #----------------------------------------------------------#
- if [ "$dovecot" = 'yes' ] && [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then
- echo "(*) Configuring Roundcube webmail client..."
- cp -fn $HESTIA_INSTALL_DIR/roundcube/main.inc.php /etc/roundcubemail/config.inc.php
- cp -fn $HESTIA_INSTALL_DIR/roundcube/config.inc.php /etc/roundcubemail/plugins/password/
- cp -fn $HESTIA_INSTALL_DIR/roundcube/hestia.php /usr/share/roundcubemail/plugins/password/drivers/
- touch /var/log/roundcubemail/errors
- chmod 640 /etc/roundcubemail/config.inc.php
- chown root:nginx /etc/roundcubemail/config.inc.php
- chmod 640 /var/log/roundcubemail/errors
- chown nginx:adm /var/log/roundcubemail/errors
- r="$(date +%s | sha256sum | base64 | head -c 32 ; echo)"
- rcDesKey="$(openssl rand -base64 30 | tr -d "/" | cut -c1-24)"
- mysql -e "CREATE DATABASE roundcube"
- mysql -e "GRANT ALL ON roundcube.*
- TO roundcube@localhost IDENTIFIED BY '$r'"
- sed -i "s/%password%/$r/g" /etc/roundcubemail/debian-db-roundcube.php
- sed -i "s/%des_key%/$rcDesKey/g" /etc/roundcubemail/config.inc.php
- sed -i "s/localhost/$servername/g" /etc/roundcubemail/plugins/password/config.inc.php
- mysql roundcube < /usr/share/roundcubemail/SQL/mysql.initial.sql
- # Configure webmail alias
- echo "WEBMAIL_ALIAS='webmail'" >> $HESTIA/conf/hestia.conf
- # Add robots.txt
- echo "User-agent: *" > /var/lib/roundcubemail/robots.txt
- echo "Disallow: /" >> /var/lib/roundcubemail/robots.txt
- if [ "$nginx" = 'yes' ]; then
- systemctl restart nginx >> $LOG
- fi
- fi
- #----------------------------------------------------------#
- # Configure Fail2Ban #
- #----------------------------------------------------------#
- if [ "$fail2ban" = 'yes' ]; then
- echo "(*) Configuring fail2ban access monitor..."
- cp -rf $HESTIA_INSTALL_DIR/fail2ban /etc/
- if [ "$dovecot" = 'no' ]; then
- fline=$(cat /etc/fail2ban/jail.local |grep -n dovecot-iptables -A 2)
- fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -)
- sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local
- fi
- if [ "$exim" = 'no' ]; then
- fline=$(cat /etc/fail2ban/jail.local |grep -n exim-iptables -A 2)
- fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -)
- sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local
- fi
- if [ "$vsftpd" = 'yes' ]; then
- #Create vsftpd Log File
- if [ ! -f "/var/log/vsftpd.log" ]; then
- touch /var/log/vsftpd.log
- fi
- fline=$(cat /etc/fail2ban/jail.local |grep -n vsftpd-iptables -A 2)
- fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -)
- sed -i "${fline}s/false/true/" /etc/fail2ban/jail.local
- fi
- systemctl enable fail2ban
- systemctl start fail2ban >> $LOG
- fi
- #----------------------------------------------------------#
- # Configure API #
- #----------------------------------------------------------#
- if [ "$api" = 'yes' ]; then
- echo "API='yes'" >> $HESTIA/conf/hestia.conf
- else
- rm -r $HESTIA/web/api
- echo "API='no'" >> $HESTIA/conf/hestia.conf
- fi
- #----------------------------------------------------------#
- # Configure Admin User #
- #----------------------------------------------------------#
- # Deleting old admin user
- if [ ! -z "$(grep ^admin: /etc/passwd)" ] && [ "$force" = 'yes' ]; then
- chattr -i /home/admin/conf > /dev/null 2>&1
- userdel -f admin > /dev/null 2>&1
- chattr -i /home/admin/conf > /dev/null 2>&1
- mv -f /home/admin $hst_backups/home/ > /dev/null 2>&1
- rm -f /tmp/sess_* > /dev/null 2>&1
- fi
- if [ ! -z "$(grep ^admin: /etc/group)" ] && [ "$force" = 'yes' ]; then
- groupdel admin > /dev/null 2>&1
- fi
- # Enable sftp jail
- $HESTIA/bin/v-add-sys-sftp-jail > /dev/null 2>&1
- # Adding Hestia admin account
- $HESTIA/bin/v-add-user admin $vpass $email default System Administrator
- $HESTIA/bin/v-change-user-shell admin nologin
- $HESTIA/bin/v-change-user-language admin $lang
- # Configuring system IPs
- $HESTIA/bin/v-update-sys-ip > /dev/null 2>&1
- # Get main IP
- ip=$(ip addr|grep 'inet '|grep global|head -n1|awk '{print $2}'|cut -f1 -d/)
- # Configuring firewall
- if [ "$iptables" = 'yes' ]; then
- $HESTIA/bin/v-update-firewall
- fi
- # Get public IP
- pub_ip=$(curl --ipv4 -s https://ip.hestiacp.com/)
- if [ ! -z "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then
- if [ -e /etc/rc.local ]; then
- sed -i '/exit 0/d' /etc/rc.local
- fi
- #check_rclocal=$(cat /etc/rc.local | grep "#!")
- #if [ -z "$check_rclocal" ]; then
- # echo "#!/bin/sh" >> /etc/rc.local
- #fi
- echo "$HESTIA/bin/v-update-sys-ip" >> /etc/rc.local
- echo "exit 0" >> /etc/rc.local
- chmod +x /etc/rc.local
- systemctl enable rc-local
- $HESTIA/bin/v-change-sys-ip-nat $ip $pub_ip > /dev/null 2>&1
- ip=$pub_ip
- fi
- # Configuring MySQL host
- if [ "$mysql" = 'yes' ]; then
- $HESTIA/bin/v-add-database-host mysql localhost root $mpass mysql
- fi
- # Adding default domain
- $HESTIA/bin/v-add-web-domain admin $servername
- # Adding cron jobs
- export SCHEDULED_RESTART="yes"
- command="sudo $HESTIA/bin/v-update-sys-queue restart"
- $HESTIA/bin/v-add-cron-job 'admin' '*/2' '*' '*' '*' '*' "$command"
- systemctl restart cron
- command="sudo $HESTIA/bin/v-update-sys-queue disk"
- $HESTIA/bin/v-add-cron-job 'admin' '15' '02' '*' '*' '*' "$command"
- command="sudo $HESTIA/bin/v-update-sys-queue traffic"
- $HESTIA/bin/v-add-cron-job 'admin' '10' '00' '*' '*' '*' "$command"
- command="sudo $HESTIA/bin/v-update-sys-queue webstats"
- $HESTIA/bin/v-add-cron-job 'admin' '30' '03' '*' '*' '*' "$command"
- command="sudo $HESTIA/bin/v-update-sys-queue backup"
- $HESTIA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command"
- command="sudo $HESTIA/bin/v-backup-users"
- $HESTIA/bin/v-add-cron-job 'admin' '10' '05' '*' '*' '*' "$command"
- command="sudo $HESTIA/bin/v-update-user-stats"
- $HESTIA/bin/v-add-cron-job 'admin' '20' '00' '*' '*' '*' "$command"
- command="sudo $HESTIA/bin/v-update-sys-rrd"
- $HESTIA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command"
- # Enable automatic updates
- $HESTIA/bin/v-add-cron-hestia-autoupdate
- # Building initital rrd images
- $HESTIA/bin/v-update-sys-rrd
- # Enabling file system quota
- if [ "$quota" = 'yes' ]; then
- $HESTIA/bin/v-add-sys-quota
- fi
- # Set backend port
- $HESTIA/bin/v-change-sys-port $port
- # Set default theme
- $HESTIA/bin/v-change-sys-theme 'default'
- # Starting Hestia service
- systemctl enable hestia
- systemctl start hestia
- chown admin:admin $HESTIA/data/sessions
- #----------------------------------------------------------#
- # Hestia Access Info #
- #----------------------------------------------------------#
- # Comparing hostname and IP
- host_ip=$(host $servername| head -n 1 |awk '{print $NF}')
- if [ "$host_ip" = "$ip" ]; then
- ip="$servername"
- fi
- echo -e "\n"
- echo "===================================================================="
- echo -e "\n"
- # Sending notification to admin email
- echo -e "Congratulations!
- You have successfully installed Hestia Control Panel on your server.
- Ready to get started? Log in using the following credentials:
- Admin URL: https://$ip:$port
- Username: admin
- Password: $vpass
- Thank you for choosing Hestia Control Panel to power your full stack web server,
- we hope that you enjoy using it as much as we do!
- Please feel free to contact us at any time if you have any questions,
- or if you encounter any bugs or problems:
- E-mail: info@hestiacp.com
- Web: https://www.hestiacp.com/
- Forum: https://forum.hestiacp.com/
- GitHub: https://www.github.com/hestiacp/hestiacp
- Note: Automatic updates are enabled by default. If you would like to disable them,
- please log in and navigate to Server > Updates to turn them off.
- Help support the Hestia Contol Panel project by donating via PayPal:
- https://www.hestiacp.com/donate
- --
- Sincerely yours,
- The Hestia Control Panel development team
- Made with love & pride by the open-source community around the world.
- " > $tmpfile
- send_mail="$HESTIA/web/inc/mail-wrapper.php"
- cat $tmpfile | $send_mail -s "Hestia Control Panel" $email
- # Congrats
- echo
- cat $tmpfile
- rm -f $tmpfile
- # Add welcome message to notification panel
- $HESTIA/bin/v-add-user-notification admin 'Welcome!' 'For more information on how to use Hestia Control Panel, click on the Help icon in the top right corner of the toolbar.<br><br>Please report any bugs or issues on GitHub at<br>https://github.com/hestiacp/hestiacp/issues<br><br>Have a great day!'
- echo "(!) IMPORTANT: You must logout or restart the server before continuing."
- echo ""
- if [ "$interactive" = 'yes' ]; then
- echo -n " Do you want to reboot now? [Y/N] "
- read reboot
- if [ "$reboot" = "Y" ] || [ "$reboot" = "y" ]; then
- reboot
- fi
- fi
- # EOF
Add Comment
Please, Sign In to add comment