vst-install-ubuntu.sh

1. #!/bin/bash
2.  
3. # Vesta Ubuntu installer v.05
4.  
5. #----------------------------------------------------------#
6. # Variables&Functions #
7. #----------------------------------------------------------#
8. export PATH=$PATH:/sbin
9. export DEBIAN_FRONTEND=noninteractive
10. RHOST='apt.vestacp.com'
11. CHOST='c.vestacp.com'
12. VERSION='ubuntu'
13. VESTA='/usr/local/vesta'
14. memory=$(grep 'MemTotal' /proc/meminfo |tr ' ' '\n' |grep [0-9])
15. arch=$(uname -i)
16. os='ubuntu'
17. release="$(lsb_release -s -r)"
18. codename="$(lsb_release -s -c)"
19. vestacp="$VESTA/install/$VERSION/$release"
20.  
21. # Defining software pack for all distros
22. software="apache2 apache2.2-common apache2-suexec-custom apache2-utils
23. apparmor-utils awstats bc bind9 bsdmainutils bsdutils clamav-daemon
24. cron curl dnsutils dovecot-imapd dovecot-pop3d e2fslibs e2fsprogs exim4
25. exim4-daemon-heavy expect fail2ban flex ftp git idn imagemagick
26. libapache2-mod-fcgid libapache2-mod-php libapache2-mod-rpaf
27. libapache2-mod-ruid2 lsof mc mysql-client mysql-common mysql-server nginx
28. ntpdate php-cgi php-common php-curl php-fpm phpmyadmin php-mysql
29. phppgadmin php-pgsql postgresql postgresql-contrib proftpd-basic quota
30. roundcube-core roundcube-mysql roundcube-plugins rrdtool rssh spamassassin
31. sudo vesta vesta-ioncube vesta-nginx vesta-php vesta-softaculous
32. vim-common vsftpd webalizer whois zip"
33.  
34. # Fix for old releases
35. if [[ ${release:0:2} -lt 16 ]]; then
36. software=$(echo "$software" |sed -e "s/php /php5 /g")
37. software=$(echo "$software" |sed -e "s/vesta-php5 /vesta-php /g")
38. software=$(echo "$software" |sed -e "s/php-/php5-/g")
39. fi
40.  
41. # Defining help function
42. help() {
43. echo "Usage: $0 [OPTIONS]
44. -a, --apache Install Apache [yes|no] default: yes
45. -n, --nginx Install Nginx [yes|no] default: yes
46. -w, --phpfpm Install PHP-FPM [yes|no] default: no
47. -v, --vsftpd Install Vsftpd [yes|no] default: yes
48. -j, --proftpd Install ProFTPD [yes|no] default: no
49. -k, --named Install Bind [yes|no] default: yes
50. -m, --mysql Install MySQL [yes|no] default: yes
51. -g, --postgresql Install PostgreSQL [yes|no] default: no
52. -d, --mongodb Install MongoDB [yes|no] unsupported
53. -x, --exim Install Exim [yes|no] default: yes
54. -z, --dovecot Install Dovecot [yes|no] default: yes
55. -c, --clamav Install ClamAV [yes|no] default: yes
56. -t, --spamassassin Install SpamAssassin [yes|no] default: yes
57. -i, --iptables Install Iptables [yes|no] default: yes
58. -b, --fail2ban Install Fail2ban [yes|no] default: yes
59. -o, --softaculous Install Softaculous [yes|no] default: yes
60. -q, --quota Filesystem Quota [yes|no] default: no
61. -l, --lang Default language default: en
62. -y, --interactive Interactive install [yes|no] default: yes
63. -s, --hostname Set hostname
64. -e, --email Set admin email
65. -p, --password Set admin password
66. -f, --force Force installation
67. -h, --help Print this help
68.  
69. Example: bash $0 -e demo@vestacp.com -p p4ssw0rd --apache no --phpfpm yes"
70. exit 1
71. }
72.  
73.  
74. # Defining password-gen function
75. gen_pass() {
76. MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
77. LENGTH=10
78. while [ ${n:=1} -le $LENGTH ]; do
79. PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}"
80. let n+=1
81. done
82. echo "$PASS"
83. }
84.  
85. # Defining return code check function
86. check_result() {
87. if [ $1 -ne 0 ]; then
88. echo "Error: $2"
89. exit $1
90. fi
91. }
92.  
93. # Defining function to set default value
94. set_default_value() {
95. eval variable=\$$1
96. if [ -z "$variable" ]; then
97. eval $1=$2
98. fi
99. if [ "$variable" != 'yes' ] && [ "$variable" != 'no' ]; then
100. eval $1=$2
101. fi
102. }
103.  
104. # Defining function to set default language value
105. set_default_lang() {
106. if [ -z "$lang" ]; then
107. eval lang=$1
108. fi
109. lang_list="
110. ar cz el fa hu ja no pt se ua
111. bs da en fi id ka pl ro tr vi
112. cn de es fr it nl pt-BR ru tw
113. bg ko sr th ur"
114. if !(echo $lang_list |grep -w $lang 1>&2>/dev/null); then
115. eval lang=$1
116. fi
117. }
118.  
119.  
120. #----------------------------------------------------------#
121. # Verifications #
122. #----------------------------------------------------------#
123.  
124. # Creating temporary file
125. tmpfile=$(mktemp -p /tmp)
126.  
127. # Translating argument to --gnu-long-options
128. for arg; do
129. delim=""
130. case "$arg" in
131. --apache) args="${args}-a " ;;
132. --nginx) args="${args}-n " ;;
133. --phpfpm) args="${args}-w " ;;
134. --vsftpd) args="${args}-v " ;;
135. --proftpd) args="${args}-j " ;;
136. --named) args="${args}-k " ;;
137. --mysql) args="${args}-m " ;;
138. --postgresql) args="${args}-g " ;;
139. --mongodb) args="${args}-d " ;;
140. --exim) args="${args}-x " ;;
141. --dovecot) args="${args}-z " ;;
142. --clamav) args="${args}-c " ;;
143. --spamassassin) args="${args}-t " ;;
144. --iptables) args="${args}-i " ;;
145. --fail2ban) args="${args}-b " ;;
146. --softaculous) args="${args}-o " ;;
147. --remi) args="${args}-r " ;;
148. --quota) args="${args}-q " ;;
149. --lang) args="${args}-l " ;;
150. --interactive) args="${args}-y " ;;
151. --hostname) args="${args}-s " ;;
152. --email) args="${args}-e " ;;
153. --password) args="${args}-p " ;;
154. --force) args="${args}-f " ;;
155. --help) args="${args}-h " ;;
156. *) [[ "${arg:0:1}" == "-" ]] || delim="\""
157. args="${args}${delim}${arg}${delim} ";;
158. esac
159. done
160. eval set -- "$args"
161.  
162. # Parsing arguments
163. while getopts "a:n:w:v:j:k:m:g:d:x:z:c:t:i:b:r:o:q:l:y:s:e:p:fh" Option; do
164. case $Option in
165. a) apache=$OPTARG ;; # Apache
166. n) nginx=$OPTARG ;; # Nginx
167. w) phpfpm=$OPTARG ;; # PHP-FPM
168. v) vsftpd=$OPTARG ;; # Vsftpd
169. j) proftpd=$OPTARG ;; # Proftpd
170. k) named=$OPTARG ;; # Named
171. m) mysql=$OPTARG ;; # MySQL
172. g) postgresql=$OPTARG ;; # PostgreSQL
173. d) mongodb=$OPTARG ;; # MongoDB (unsupported)
174. x) exim=$OPTARG ;; # Exim
175. z) dovecot=$OPTARG ;; # Dovecot
176. c) clamd=$OPTARG ;; # ClamAV
177. t) spamd=$OPTARG ;; # SpamAssassin
178. i) iptables=$OPTARG ;; # Iptables
179. b) fail2ban=$OPTARG ;; # Fail2ban
180. r) remi=$OPTARG ;; # Remi repo
181. o) softaculous=$OPTARG ;; # Softaculous plugin
182. q) quota=$OPTARG ;; # FS Quota
183. l) lang=$OPTARG ;; # Language
184. y) interactive=$OPTARG ;; # Interactive install
185. s) servername=$OPTARG ;; # Hostname
186. e) email=$OPTARG ;; # Admin email
187. p) vpass=$OPTARG ;; # Admin password
188. f) force='yes' ;; # Force install
189. h) help ;; # Help
190. *) help ;; # Print help (default)
191. esac
192. done
193.  
194. # Defining default software stack
195. set_default_value 'nginx' 'yes'
196. set_default_value 'apache' 'yes'
197. set_default_value 'phpfpm' 'no'
198. set_default_value 'vsftpd' 'yes'
199. set_default_value 'proftpd' 'no'
200. set_default_value 'named' 'yes'
201. set_default_value 'mysql' 'yes'
202. set_default_value 'postgresql' 'no'
203. set_default_value 'mongodb' 'no'
204. set_default_value 'exim' 'yes'
205. set_default_value 'dovecot' 'yes'
206. if [ $memory -lt 1500000 ]; then
207. set_default_value 'clamd' 'no'
208. set_default_value 'spamd' 'no'
209. else
210. set_default_value 'clamd' 'yes'
211. set_default_value 'spamd' 'yes'
212. fi
213. set_default_value 'iptables' 'yes'
214. set_default_value 'fail2ban' 'yes'
215. set_default_value 'softaculous' 'yes'
216. set_default_value 'quota' 'no'
217. set_default_value 'interactive' 'yes'
218. set_default_lang 'en'
219.  
220. # Checking software conflicts
221. if [ "$phpfpm" = 'yes' ]; then
222. apache='no'
223. nginx='yes'
224. fi
225. if [ "$proftpd" = 'yes' ]; then
226. vsftpd='no'
227. fi
228. if [ "$exim" = 'no' ]; then
229. clamd='no'
230. spamd='no'
231. dovecot='no'
232. fi
233. if [ "$iptables" = 'no' ]; then
234. fail2ban='no'
235. fi
236.  
237. # Checking root permissions
238. if [ "x$(id -u)" != 'x0' ]; then
239. check_result 1 "Script can be run executed only by root"
240. fi
241.  
242. # Checking admin user account
243. if [ ! -z "$(grep ^admin: /etc/passwd)" ] && [ -z "$force" ]; then
244. echo 'Please remove admin user account before proceeding.'
245. echo 'If you want to do it automatically run installer with -f option:'
246. echo -e "Example: bash $0 --force\n"
247. check_result 1 "User admin exists"
248. fi
249.  
250. # Checking wget
251. if [ ! -e '/usr/bin/wget' ]; then
252. apt-get -y install wget
253. check_result $? "Can't install wget"
254. fi
255.  
256. # Checking repository availability
257. wget -q "c.vestacp.com/deb_signing.key" -O /dev/null
258. check_result $? "No access to Vesta repository"
259.  
260. # Checking installed packages
261. tmpfile=$(mktemp -p /tmp)
262. dpkg --get-selections > $tmpfile
263. for pkg in exim4 mysql-server apache2 nginx vesta; do
264. if [ ! -z "$(grep $pkg $tmpfile)" ]; then
265. conflicts="$pkg $conflicts"
266. fi
267. done
268. rm -f $tmpfile
269. if [ ! -z "$conflicts" ] && [ -z "$force" ]; then
270. echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!'
271. echo
272. echo 'Following packages are already installed:'
273. echo "$conflicts"
274. echo
275. echo 'It is highly recommended to remove them before proceeding.'
276. echo 'If you want to force installation run this script with -f option:'
277. echo "Example: bash $0 --force"
278. echo
279. echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!'
280. echo
281. check_result 1 "Control Panel should be installed on clean server."
282. fi
283.  
284.  
285. #----------------------------------------------------------#
286. # Brief Info #
287. #----------------------------------------------------------#
288.  
289. # Printing nice ASCII logo
290. clear
291. echo
292. echo ' _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_|'
293. echo ' _| _| _| _| _| _| _|'
294. echo ' _| _| _|_|_| _|_| _| _|_|_|_|'
295. echo ' _| _| _| _| _| _| _|'
296. echo ' _| _|_|_|_| _|_|_| _| _| _|'
297. echo
298. echo ' Vesta Control Panel'
299. echo -e "\n\n"
300.  
301. echo 'The following software will be installed on your system:'
302.  
303. # Web stack
304. if [ "$nginx" = 'yes' ]; then
305. echo ' - Nginx Web Server'
306. fi
307. if [ "$apache" = 'yes' ] && [ "$nginx" = 'no' ] ; then
308. echo ' - Apache Web Server'
309. fi
310. if [ "$apache" = 'yes' ] && [ "$nginx" = 'yes' ] ; then
311. echo ' - Apache Web Server (as backend)'
312. fi
313. if [ "$phpfpm" = 'yes' ]; then
314. echo ' - PHP-FPM Application Server'
315. fi
316.  
317. # DNS stack
318. if [ "$named" = 'yes' ]; then
319. echo ' - Bind DNS Server'
320. fi
321.  
322. # Mail stack
323. if [ "$exim" = 'yes' ]; then
324. echo -n ' - Exim Mail Server'
325. if [ "$clamd" = 'yes' ] || [ "$spamd" = 'yes' ] ; then
326. echo -n ' + '
327. if [ "$clamd" = 'yes' ]; then
328. echo -n 'ClamAV'
329. fi
330. if [ "$spamd" = 'yes' ]; then
331. echo -n 'SpamAssassin'
332. fi
333. fi
334. echo
335. if [ "$dovecot" = 'yes' ]; then
336. echo ' - Dovecot POP3/IMAP Server'
337. fi
338. fi
339.  
340. # Database stack
341. if [ "$mysql" = 'yes' ]; then
342. echo ' - MySQL Database Server'
343. fi
344. if [ "$postgresql" = 'yes' ]; then
345. echo ' - PostgreSQL Database Server'
346. fi
347. if [ "$mongodb" = 'yes' ]; then
348. echo ' - MongoDB Database Server'
349. fi
350.  
351. # FTP stack
352. if [ "$vsftpd" = 'yes' ]; then
353. echo ' - Vsftpd FTP Server'
354. fi
355. if [ "$proftpd" = 'yes' ]; then
356. echo ' - ProFTPD FTP Server'
357. fi
358.  
359. # Softaculous
360. if [ "$softaculous" = 'yes' ]; then
361. echo ' - Softaculous Plugin'
362. fi
363.  
364. # Firewall stack
365. if [ "$iptables" = 'yes' ]; then
366. echo -n ' - Iptables Firewall'
367. fi
368. if [ "$iptables" = 'yes' ] && [ "$fail2ban" = 'yes' ]; then
369. echo -n ' + Fail2Ban'
370. fi
371. echo -e "\n\n"
372.  
373. # Asking for confirmation to proceed
374. if [ "$interactive" = 'yes' ]; then
375. read -p 'Would you like to continue [y/n]: ' answer
376. if [ "$answer" != 'y' ] && [ "$answer" != 'Y' ]; then
377. echo 'Goodbye'
378. exit 1
379. fi
380.  
381. # Asking for contact email
382. if [ -z "$email" ]; then
383. read -p 'Please enter admin email address: ' email
384. fi
385.  
386. # Asking to set FQDN hostname
387. if [ -z "$servername" ]; then
388. read -p "Please enter FQDN hostname [$(hostname -f)]: " servername
389. fi
390. fi
391.  
392. # Generating admin password if it wasn't set
393. if [ -z "$vpass" ]; then
394. vpass=$(gen_pass)
395. fi
396.  
397. # Set hostname if it wasn't set
398. if [ -z "$servername" ]; then
399. servername=$(hostname -f)
400. fi
401.  
402. # Set FQDN if it wasn't set
403. mask1='(([[:alnum:]](-?[[:alnum:]])*)\.)'
404. mask2='*[[:alnum:]](-?[[:alnum:]])+\.[[:alnum:]]{2,}'
405. if ! [[ "$servername" =~ ^${mask1}${mask2}$ ]]; then
406. if [ ! -z "$servername" ]; then
407. servername="$servername.example.com"
408. else
409. servername="example.com"
410. fi
411. echo "127.0.0.1 $servername" >> /etc/hosts
412. fi
413.  
414. # Set email if it wasn't set
415. if [ -z "$email" ]; then
416. email="admin@$servername"
417. fi
418.  
419. # Defining backup directory
420. vst_backups="/root/vst_install_backups/$(date +%s)"
421. echo "Installation backup directory: $vst_backups"
422.  
423. # Printing start message and sleeping for 5 seconds
424. echo -e "\n\n\n\nInstallation will take about 15 minutes ...\n"
425. sleep 5
426.  
427.  
428. #----------------------------------------------------------#
429. # Checking swap #
430. #----------------------------------------------------------#
431.  
432. # Checking swap on small instances
433. if [ -z "$(swapon -s)" ] && [ $memory -lt 1000000 ]; then
434. fallocate -l 1G /swapfile
435. chmod 600 /swapfile
436. mkswap /swapfile
437. swapon /swapfile
438. echo "/swapfile none swap sw 0 0" >> /etc/fstab
439. fi
440.  
441.  
442. #----------------------------------------------------------#
443. # Install repository #
444. #----------------------------------------------------------#
445.  
446. # Updating system
447. apt-get -y upgrade
448. check_result $? 'apt-get upgrade failed'
449.  
450. # Checking universe repository
451. if [[ ${release:0:2} -gt 16 ]]; then
452. if [ -z "$(grep universe /etc/apt/sources.list)" ]; then
453. add-apt-repository -y universe
454. fi
455. fi
456.  
457. # Installing nginx repo
458. apt=/etc/apt/sources.list.d
459. echo "deb http://nginx.org/packages/mainline/ubuntu/ $codename nginx" \
460. > $apt/nginx.list
461. wget http://nginx.org/keys/nginx_signing.key -O /tmp/nginx_signing.key
462. apt-key add /tmp/nginx_signing.key
463.  
464. # Installing vesta repo
465. echo "deb http://$RHOST/$codename/ $codename vesta" > $apt/vesta.list
466. wget $CHOST/deb_signing.key -O deb_signing.key
467. apt-key add deb_signing.key
468.  
469.  
470. #----------------------------------------------------------#
471. # Backup #
472. #----------------------------------------------------------#
473.  
474. # Creating backup directory tree
475. mkdir -p $vst_backups
476. cd $vst_backups
477. mkdir nginx apache2 php vsftpd proftpd bind exim4 dovecot clamd
478. mkdir spamassassin mysql postgresql mongodb vesta
479.  
480. # Backup nginx configuration
481. service nginx stop > /dev/null 2>&1
482. cp -r /etc/nginx/* $vst_backups/nginx >/dev/null 2>&1
483.  
484. # Backup Apache configuration
485. service apache2 stop > /dev/null 2>&1
486. cp -r /etc/apache2/* $vst_backups/apache2 > /dev/null 2>&1
487. rm -f /etc/apache2/conf.d/* > /dev/null 2>&1
488.  
489. # Backup PHP-FPM configuration
490. service php7.0-fpm stop > /dev/null 2>&1
491. service php5-fpm stop > /dev/null 2>&1
492. service php-fpm stop > /dev/null 2>&1
493. cp -r /etc/php7.0/* $vst_backups/php/ > /dev/null 2>&1
494. cp -r /etc/php5/* $vst_backups/php/ > /dev/null 2>&1
495. cp -r /etc/php/* $vst_backups/php/ > /dev/null 2>&1
496.  
497. # Backup Bind configuration
498. service bind9 stop > /dev/null 2>&1
499. cp -r /etc/bind/* $vst_backups/bind > /dev/null 2>&1
500.  
501. # Backup Vsftpd configuration
502. service vsftpd stop > /dev/null 2>&1
503. cp /etc/vsftpd.conf $vst_backups/vsftpd > /dev/null 2>&1
504.  
505. # Backup ProFTPD configuration
506. service proftpd stop > /dev/null 2>&1
507. cp /etc/proftpd.conf $vst_backups/proftpd > /dev/null 2>&1
508.  
509. # Backup Exim configuration
510. service exim4 stop > /dev/null 2>&1
511. cp -r /etc/exim4/* $vst_backups/exim4 > /dev/null 2>&1
512.  
513. # Backup ClamAV configuration
514. service clamav-daemon stop > /dev/null 2>&1
515. cp -r /etc/clamav/* $vst_backups/clamav > /dev/null 2>&1
516.  
517. # Backup SpamAssassin configuration
518. service spamassassin stop > /dev/null 2>&1
519. cp -r /etc/spamassassin/* $vst_backups/spamassassin > /dev/null 2>&1
520.  
521. # Backup Dovecot configuration
522. service dovecot stop > /dev/null 2>&1
523. cp /etc/dovecot.conf $vst_backups/dovecot > /dev/null 2>&1
524. cp -r /etc/dovecot/* $vst_backups/dovecot > /dev/null 2>&1
525.  
526. # Backup MySQL/MariaDB configuration and data
527. service mysql stop > /dev/null 2>&1
528. killall -9 mysqld > /dev/null 2>&1
529. mv /var/lib/mysql $vst_backups/mysql/mysql_datadir > /dev/null 2>&1
530. cp -r /etc/mysql/* $vst_backups/mysql > /dev/null 2>&1
531. mv -f /root/.my.cnf $vst_backups/mysql > /dev/null 2>&1
532. if [ "$release" = '16.04' ] && [ -e '/etc/init.d/mysql' ]; then
533. mkdir -p /var/lib/mysql > /dev/null 2>&1
534. chown mysql:mysql /var/lib/mysql
535. mysqld --initialize-insecure
536. fi
537.  
538. # Backup Vesta
539. service vesta stop > /dev/null 2>&1
540. cp -r $VESTA/* $vst_backups/vesta > /dev/null 2>&1
541. apt-get -y remove vesta vesta-nginx vesta-php > /dev/null 2>&1
542. apt-get -y purge vesta vesta-nginx vesta-php > /dev/null 2>&1
543. rm -rf $VESTA > /dev/null 2>&1
544.  
545.  
546. #----------------------------------------------------------#
547. # Package Excludes #
548. #----------------------------------------------------------#
549.  
550. # Excluding packages
551. if [ "$release" != "15.04" ] && [ "$release" != "15.04" ]; then
552. software=$(echo "$software" | sed -e "s/apache2.2-common//")
553. fi
554.  
555. if [ "$nginx" = 'no' ]; then
556. software=$(echo "$software" | sed -e "s/^nginx//")
557. fi
558. if [ "$apache" = 'no' ]; then
559. software=$(echo "$software" | sed -e "s/apache2 //")
560. software=$(echo "$software" | sed -e "s/apache2-utils//")
561. software=$(echo "$software" | sed -e "s/apache2-suexec-custom//")
562. software=$(echo "$software" | sed -e "s/apache2.2-common//")
563. software=$(echo "$software" | sed -e "s/libapache2-mod-ruid2//")
564. software=$(echo "$software" | sed -e "s/libapache2-mod-rpaf//")
565. software=$(echo "$software" | sed -e "s/libapache2-mod-fcgid//")
566. software=$(echo "$software" | sed -e "s/libapache2-mod-php7.0//")
567. software=$(echo "$software" | sed -e "s/libapache2-mod-php5//")
568. software=$(echo "$software" | sed -e "s/libapache2-mod-php//")
569. fi
570. if [ "$phpfpm" = 'no' ]; then
571. software=$(echo "$software" | sed -e "s/php7.0-fpm//")
572. software=$(echo "$software" | sed -e "s/php5-fpm//")
573. software=$(echo "$software" | sed -e "s/php-fpm//")
574. fi
575. if [ "$vsftpd" = 'no' ]; then
576. software=$(echo "$software" | sed -e "s/vsftpd//")
577. fi
578. if [ "$proftpd" = 'no' ]; then
579. software=$(echo "$software" | sed -e "s/proftpd-basic//")
580. software=$(echo "$software" | sed -e "s/proftpd-mod-vroot//")
581. fi
582. if [ "$named" = 'no' ]; then
583. software=$(echo "$software" | sed -e "s/bind9//")
584. fi
585. if [ "$exim" = 'no' ]; then
586. software=$(echo "$software" | sed -e "s/exim4 //")
587. software=$(echo "$software" | sed -e "s/exim4-daemon-heavy//")
588. software=$(echo "$software" | sed -e "s/dovecot-imapd//")
589. software=$(echo "$software" | sed -e "s/dovecot-pop3d//")
590. software=$(echo "$software" | sed -e "s/clamav-daemon//")
591. software=$(echo "$software" | sed -e "s/spamassassin//")
592. fi
593. if [ "$clamd" = 'no' ]; then
594. software=$(echo "$software" | sed -e "s/clamav-daemon//")
595. fi
596. if [ "$spamd" = 'no' ]; then
597. software=$(echo "$software" | sed -e "s/spamassassin//")
598. fi
599. if [ "$dovecot" = 'no' ]; then
600. software=$(echo "$software" | sed -e "s/dovecot-imapd//")
601. software=$(echo "$software" | sed -e "s/dovecot-pop3d//")
602. fi
603. if [ "$mysql" = 'no' ]; then
604. software=$(echo "$software" | sed -e 's/mysql-server//')
605. software=$(echo "$software" | sed -e 's/mysql-client//')
606. software=$(echo "$software" | sed -e 's/mysql-common//')
607. software=$(echo "$software" | sed -e 's/php7.0-mysql//')
608. software=$(echo "$software" | sed -e 's/php5-mysql//')
609. software=$(echo "$software" | sed -e 's/php-mysql//')
610. software=$(echo "$software" | sed -e 's/phpMyAdmin//')
611. software=$(echo "$software" | sed -e 's/phpmyadmin//')
612. fi
613. if [ "$postgresql" = 'no' ]; then
614. software=$(echo "$software" | sed -e 's/postgresql-contrib//')
615. software=$(echo "$software" | sed -e 's/postgresql//')
616. software=$(echo "$software" | sed -e 's/php7.0-pgsql//')
617. software=$(echo "$software" | sed -e 's/php5-pgsql//')
618. software=$(echo "$software" | sed -e 's/php-pgsql//')
619. software=$(echo "$software" | sed -e 's/phppgadmin//')
620. fi
621. if [ "$softaculous" = 'no' ]; then
622. software=$(echo "$software" | sed -e 's/vesta-softaculous//')
623. fi
624. if [ "$iptables" = 'no' ] || [ "$fail2ban" = 'no' ]; then
625. software=$(echo "$software" | sed -e 's/fail2ban//')
626. fi
627.  
628.  
629. #----------------------------------------------------------#
630. # Install packages #
631. #----------------------------------------------------------#
632.  
633. # Updating system
634. apt-get update
635.  
636. # Disabling daemon autostart on apt-get install
637. echo -e '#!/bin/sh\nexit 101' > /usr/sbin/policy-rc.d
638. chmod a+x /usr/sbin/policy-rc.d
639.  
640. # Installing apt packages
641. apt-get -y install $software
642. check_result $? "apt-get install failed"
643.  
644. # Restoring autostart policy
645. rm -f /usr/sbin/policy-rc.d
646.  
647.  
648. #----------------------------------------------------------#
649. # Configure system #
650. #----------------------------------------------------------#
651.  
652. # Enabling SSH password auth
653. sed -i "s/rdAuthentication no/rdAuthentication yes/g" /etc/ssh/sshd_config
654. service ssh restart
655.  
656. # Disabling AWStats cron
657. rm -f /etc/cron.d/awstats
658.  
659. # Set directory color
660. echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile
661.  
662. # Registering /usr/sbin/nologin
663. if [ -z "$(grep nologin /etc/shells)" ]; then
664. echo "/usr/sbin/nologin" >> /etc/shells
665. fi
666.  
667. # Configuring NTP
668. echo '#!/bin/sh' > /etc/cron.daily/ntpdate
669. echo "$(which ntpdate) -s ntp.ubuntu.com" >> /etc/cron.daily/ntpdate
670. chmod 775 /etc/cron.daily/ntpdate
671. ntpdate -s ntp.ubuntu.com
672.  
673. # Adding rssh
674. if [ -z "$(grep /usr/bin/rssh /etc/shells)" ]; then
675. echo /usr/bin/rssh >> /etc/shells
676. fi
677. sed -i 's/#allowscp/allowscp/' /etc/rssh.conf
678. sed -i 's/#allowsftp/allowsftp/' /etc/rssh.conf
679. sed -i 's/#allowrsync/allowrsync/' /etc/rssh.conf
680. chmod 755 /usr/bin/rssh
681.  
682.  
683. #----------------------------------------------------------#
684. # Configure Vesta #
685. #----------------------------------------------------------#
686.  
687. # Installing sudo configuration
688. mkdir -p /etc/sudoers.d
689. cp -f $vestacp/sudo/admin /etc/sudoers.d/
690. chmod 440 /etc/sudoers.d/admin
691.  
692. # Configuring system env
693. echo "export VESTA='$VESTA'" > /etc/profile.d/vesta.sh
694. chmod 755 /etc/profile.d/vesta.sh
695. source /etc/profile.d/vesta.sh
696. echo 'PATH=$PATH:'$VESTA'/bin' >> /root/.bash_profile
697. echo 'export PATH' >> /root/.bash_profile
698. source /root/.bash_profile
699.  
700. # Configuring logrotate for Vesta logs
701. cp -f $vestacp/logrotate/vesta /etc/logrotate.d/
702.  
703. # Building directory tree and creating some blank files for Vesta
704. mkdir -p $VESTA/conf $VESTA/log $VESTA/ssl $VESTA/data/ips \
705. $VESTA/data/queue $VESTA/data/users $VESTA/data/firewall \
706. $VESTA/data/sessions
707. touch $VESTA/data/queue/backup.pipe $VESTA/data/queue/disk.pipe \
708. $VESTA/data/queue/webstats.pipe $VESTA/data/queue/restart.pipe \
709. $VESTA/data/queue/traffic.pipe $VESTA/log/system.log \
710. $VESTA/log/nginx-error.log $VESTA/log/auth.log
711. chmod 750 $VESTA/conf $VESTA/data/users $VESTA/data/ips $VESTA/log
712. chmod -R 750 $VESTA/data/queue
713. chmod 660 $VESTA/log/*
714. rm -f /var/log/vesta
715. ln -s $VESTA/log /var/log/vesta
716. chmod 770 $VESTA/data/sessions
717.  
718. # Generating Vesta configuration
719. rm -f $VESTA/conf/vesta.conf 2>/dev/null
720. touch $VESTA/conf/vesta.conf
721. chmod 660 $VESTA/conf/vesta.conf
722.  
723. # Web stack
724. if [ "$apache" = 'yes' ] && [ "$nginx" = 'no' ] ; then
725. echo "WEB_SYSTEM='apache2'" >> $VESTA/conf/vesta.conf
726. echo "WEB_RGROUPS='www-data'" >> $VESTA/conf/vesta.conf
727. echo "WEB_PORT='80'" >> $VESTA/conf/vesta.conf
728. echo "WEB_SSL_PORT='443'" >> $VESTA/conf/vesta.conf
729. echo "WEB_SSL='mod_ssl'" >> $VESTA/conf/vesta.conf
730. echo "STATS_SYSTEM='webalizer,awstats'" >> $VESTA/conf/vesta.conf
731. fi
732. if [ "$apache" = 'yes' ] && [ "$nginx" = 'yes' ] ; then
733. echo "WEB_SYSTEM='apache2'" >> $VESTA/conf/vesta.conf
734. echo "WEB_RGROUPS='www-data'" >> $VESTA/conf/vesta.conf
735. echo "WEB_PORT='8080'" >> $VESTA/conf/vesta.conf
736. echo "WEB_SSL_PORT='8443'" >> $VESTA/conf/vesta.conf
737. echo "WEB_SSL='mod_ssl'" >> $VESTA/conf/vesta.conf
738. echo "PROXY_SYSTEM='nginx'" >> $VESTA/conf/vesta.conf
739. echo "PROXY_PORT='80'" >> $VESTA/conf/vesta.conf
740. echo "PROXY_SSL_PORT='443'" >> $VESTA/conf/vesta.conf
741. echo "STATS_SYSTEM='webalizer,awstats'" >> $VESTA/conf/vesta.conf
742. fi
743. if [ "$apache" = 'no' ] && [ "$nginx" = 'yes' ]; then
744. echo "WEB_SYSTEM='nginx'" >> $VESTA/conf/vesta.conf
745. echo "WEB_PORT='80'" >> $VESTA/conf/vesta.conf
746. echo "WEB_SSL_PORT='443'" >> $VESTA/conf/vesta.conf
747. echo "WEB_SSL='openssl'" >> $VESTA/conf/vesta.conf
748. if [ "$phpfpm" = 'yes' ]; then
749. echo "WEB_BACKEND='php-fpm'" >> $VESTA/conf/vesta.conf
750. fi
751. echo "STATS_SYSTEM='webalizer,awstats'" >> $VESTA/conf/vesta.conf
752. fi
753.  
754. # FTP stack
755. if [ "$vsftpd" = 'yes' ]; then
756. echo "FTP_SYSTEM='vsftpd'" >> $VESTA/conf/vesta.conf
757. fi
758. if [ "$proftpd" = 'yes' ]; then
759. echo "FTP_SYSTEM='proftpd'" >> $VESTA/conf/vesta.conf
760. fi
761.  
762. # DNS stack
763. if [ "$named" = 'yes' ]; then
764. echo "DNS_SYSTEM='bind9'" >> $VESTA/conf/vesta.conf
765. fi
766.  
767. # Mail stack
768. if [ "$exim" = 'yes' ]; then
769. echo "MAIL_SYSTEM='exim4'" >> $VESTA/conf/vesta.conf
770. if [ "$clamd" = 'yes' ]; then
771. echo "ANTIVIRUS_SYSTEM='clamav-daemon'" >> $VESTA/conf/vesta.conf
772. fi
773. if [ "$spamd" = 'yes' ]; then
774. echo "ANTISPAM_SYSTEM='spamassassin'" >> $VESTA/conf/vesta.conf
775. fi
776. if [ "$dovecot" = 'yes' ]; then
777. echo "IMAP_SYSTEM='dovecot'" >> $VESTA/conf/vesta.conf
778. fi
779. fi
780.  
781. # Cron daemon
782. echo "CRON_SYSTEM='cron'" >> $VESTA/conf/vesta.conf
783.  
784. # Firewall stack
785. if [ "$iptables" = 'yes' ]; then
786. echo "FIREWALL_SYSTEM='iptables'" >> $VESTA/conf/vesta.conf
787. fi
788. if [ "$iptables" = 'yes' ] && [ "$fail2ban" = 'yes' ]; then
789. echo "FIREWALL_EXTENSION='fail2ban'" >> $VESTA/conf/vesta.conf
790. fi
791.  
792. # Disk quota
793. if [ "$quota" = 'yes' ]; then
794. echo "DISK_QUOTA='yes'" >> $VESTA/conf/vesta.conf
795. fi
796.  
797. # Backups
798. echo "BACKUP_SYSTEM='local'" >> $VESTA/conf/vesta.conf
799.  
800. # Language
801. echo "LANGUAGE='$lang'" >> $VESTA/conf/vesta.conf
802.  
803. # Version
804. echo "VERSION='0.9.8'" >> $VESTA/conf/vesta.conf
805.  
806. # Installing hosting packages
807. cp -rf $vestacp/packages $VESTA/data/
808.  
809. # Installing templates
810. cp -rf $vestacp/templates $VESTA/data/
811.  
812. # Copying index.html to default documentroot
813. cp $VESTA/data/templates/web/skel/public_html/index.html /var/www/
814. sed -i 's/%domain%/It worked!/g' /var/www/index.html
815.  
816. # Installing firewall rules
817. cp -rf $vestacp/firewall $VESTA/data/
818.  
819. # Configuring server hostname
820. $VESTA/bin/v-change-sys-hostname $servername 2>/dev/null
821.  
822. # Generating SSL certificate
823. $VESTA/bin/v-generate-ssl-cert $(hostname) $email 'US' 'California' \
824. 'San Francisco' 'Vesta Control Panel' 'IT' > /tmp/vst.pem
825.  
826. # Parsing certificate file
827. crt_end=$(grep -n "END CERTIFICATE-" /tmp/vst.pem |cut -f 1 -d:)
828. key_start=$(grep -n "BEGIN RSA" /tmp/vst.pem |cut -f 1 -d:)
829. key_end=$(grep -n "END RSA" /tmp/vst.pem |cut -f 1 -d:)
830.  
831. # Adding SSL certificate
832. cd $VESTA/ssl
833. sed -n "1,${crt_end}p" /tmp/vst.pem > certificate.crt
834. sed -n "$key_start,${key_end}p" /tmp/vst.pem > certificate.key
835. chown root:mail $VESTA/ssl/*
836. chmod 660 $VESTA/ssl/*
837. rm /tmp/vst.pem
838.  
839. # Adding nologin as a valid system shell
840. if [ -z "$(grep nologin /etc/shells)" ]; then
841. echo "/usr/sbin/nologin" >> /etc/shells
842. fi
843.  
844.  
845. #----------------------------------------------------------#
846. # Configure Nginx #
847. #----------------------------------------------------------#
848.  
849. if [ "$nginx" = 'yes' ]; then
850. rm -f /etc/nginx/conf.d/*.conf
851. cp -f $vestacp/nginx/nginx.conf /etc/nginx/
852. cp -f $vestacp/nginx/status.conf /etc/nginx/conf.d/
853. cp -f $vestacp/nginx/phpmyadmin.inc /etc/nginx/conf.d/
854. cp -f $vestacp/nginx/phppgadmin.inc /etc/nginx/conf.d/
855. cp -f $vestacp/nginx/webmail.inc /etc/nginx/conf.d/
856. cp -f $vestacp/logrotate/nginx /etc/logrotate.d/
857. echo > /etc/nginx/conf.d/vesta.conf
858. mkdir -p /var/log/nginx/domains
859. update-rc.d nginx defaults
860. service nginx start
861. check_result $? "nginx start failed"
862. fi
863.  
864.  
865. #----------------------------------------------------------#
866. # Configure Apache #
867. #----------------------------------------------------------#
868.  
869. if [ "$apache" = 'yes' ]; then
870. cp -f $vestacp/apache2/apache2.conf /etc/apache2/
871. cp -f $vestacp/apache2/status.conf /etc/apache2/mods-enabled/
872. cp -f $vestacp/logrotate/apache2 /etc/logrotate.d/
873. a2enmod rewrite
874. a2enmod suexec
875. a2enmod ssl
876. a2enmod actions
877. a2enmod ruid2
878. mkdir -p /etc/apache2/conf.d
879. echo > /etc/apache2/conf.d/vesta.conf
880. echo "# Powered by vesta" > /etc/apache2/sites-available/default
881. echo "# Powered by vesta" > /etc/apache2/sites-available/default-ssl
882. echo "# Powered by vesta" > /etc/apache2/ports.conf
883. echo -e "/home\npublic_html/cgi-bin" > /etc/apache2/suexec/www-data
884. touch /var/log/apache2/access.log /var/log/apache2/error.log
885. mkdir -p /var/log/apache2/domains
886. chmod a+x /var/log/apache2
887. chmod 640 /var/log/apache2/access.log /var/log/apache2/error.log
888. chmod 751 /var/log/apache2/domains
889. update-rc.d apache2 defaults
890. service apache2 start
891. check_result $? "apache2 start failed"
892. else
893. update-rc.d apache2 disable >/dev/null 2>&1
894. service apache2 stop >/dev/null 2>&1
895. fi
896.  
897.  
898. #----------------------------------------------------------#
899. # Configure PHP-FPM #
900. #----------------------------------------------------------#
901.  
902. if [ "$phpfpm" = 'yes' ]; then
903. pool=$(find /etc/php* -type d \( -name "pool.d" -o -name "*fpm.d" \))
904. cp -f $vestacp/php-fpm/www.conf $pool/
905. php_fpm=$(ls /etc/init.d/php*-fpm* |cut -f 4 -d /)
906. ln -s /etc/init.d/$php_fpm /etc/init.d/php-fpm > /dev/null 2>&1
907. update-rc.d $php_fpm defaults
908. service $php_fpm start
909. check_result $? "php-fpm start failed"
910. fi
911.  
912.  
913. #----------------------------------------------------------#
914. # Configure PHP #
915. #----------------------------------------------------------#
916.  
917. ZONE=$(timedatectl 2>/dev/null|grep Timezone|awk '{print $2}')
918. if [ -z "$ZONE" ]; then
919. ZONE='UTC'
920. fi
921. for pconf in $(find /etc/php* -name php.ini); do
922. sed -i "s%;date.timezone =%date.timezone = $ZONE%g" $pconf
923. sed -i 's%_open_tag = Off%_open_tag = On%g' $pconf
924. done
925.  
926.  
927. #----------------------------------------------------------#
928. # Configure Vsftpd #
929. #----------------------------------------------------------#
930.  
931. if [ "$vsftpd" = 'yes' ]; then
932. cp -f $vestacp/vsftpd/vsftpd.conf /etc/
933. touch /var/log/vsftpd.log
934. chown root:adm /var/log/vsftpd.log
935. chmod 640 /var/log/vsftpd.log
936. touch /var/log/xferlog
937. chown root:adm /var/log/xferlog
938. chmod 640 /var/log/xferlog
939. update-rc.d vsftpd defaults
940. service vsftpd start
941. check_result $? "vsftpd start failed"
942.  
943. fi
944.  
945.  
946. #----------------------------------------------------------#
947. # Configure ProFTPD #
948. #----------------------------------------------------------#
949.  
950. if [ "$proftpd" = 'yes' ]; then
951. echo "127.0.0.1 $servername" >> /etc/hosts
952. cp -f $vestacp/proftpd/proftpd.conf /etc/proftpd/
953. update-rc.d proftpd defaults
954. service proftpd start
955. check_result $? "proftpd start failed"
956. fi
957.  
958.  
959. #----------------------------------------------------------#
960. # Configure MySQL/MariaDB #
961. #----------------------------------------------------------#
962.  
963. if [ "$mysql" = 'yes' ]; then
964. mycnf="my-small.cnf"
965. if [ $memory -gt 1200000 ]; then
966. mycnf="my-medium.cnf"
967. fi
968. if [ $memory -gt 3900000 ]; then
969. mycnf="my-large.cnf"
970. fi
971.  
972. # Configuring MySQL/MariaDB
973. cp -f $vestacp/mysql/$mycnf /etc/mysql/my.cnf
974. if [ "$release" != '16.04' ]; then
975. mysql_install_db
976. fi
977. if [ "$release" == '18.04' ]; then
978. mkdir /var/lib/mysql
979. chown mysql:mysql /var/lib/mysql
980. mysqld --initialize-insecure
981. fi
982. update-rc.d mysql defaults
983. service mysql start
984. check_result $? "mysql start failed"
985.  
986. # Securing MySQL/MariaDB installation
987. mpass=$(gen_pass)
988. mysqladmin -u root password $mpass
989. echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf
990. chmod 600 /root/.my.cnf
991. mysql -e "DELETE FROM mysql.user WHERE User=''"
992. mysql -e "DROP DATABASE test" >/dev/null 2>&1
993. mysql -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'"
994. mysql -e "DELETE FROM mysql.user WHERE user='' OR password='';"
995. mysql -e "FLUSH PRIVILEGES"
996.  
997. # Configuring phpMyAdmin
998. if [ "$apache" = 'yes' ]; then
999. cp -f $vestacp/pma/apache.conf /etc/phpmyadmin/
1000. ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf.d/phpmyadmin.conf
1001. fi
1002. if [[ ${release:0:2} -ge 18 ]]; then
1003. mysql < /usr/share/phpmyadmin/sql/create_tables.sql
1004. p=$(grep dbpass /etc/phpmyadmin/config-db.php |cut -f 2 -d "'")
1005. mysql -e "GRANT ALL ON phpmyadmin.*
1006. TO phpmyadmin@localhost IDENTIFIED BY '$p'"
1007. else
1008. cp -f $vestacp/pma/config.inc.php /etc/phpmyadmin/
1009. fi
1010. chmod 777 /var/lib/phpmyadmin/tmp
1011. fi
1012.  
1013.  
1014. #----------------------------------------------------------#
1015. # Configure PostgreSQL #
1016. #----------------------------------------------------------#
1017.  
1018. if [ "$postgresql" = 'yes' ]; then
1019. ppass=$(gen_pass)
1020. cp -f $vestacp/postgresql/pg_hba.conf /etc/postgresql/*/main/
1021. service postgresql restart
1022. sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'"
1023.  
1024. # Configuring phpPgAdmin
1025. if [ "$apache" = 'yes' ]; then
1026. cp -f $vestacp/pga/phppgadmin.conf /etc/apache2/conf.d/
1027. fi
1028. cp -f $vestacp/pga/config.inc.php /etc/phppgadmin/
1029. fi
1030.  
1031.  
1032. #----------------------------------------------------------#
1033. # Configure Bind #
1034. #----------------------------------------------------------#
1035.  
1036. if [ "$named" = 'yes' ]; then
1037. cp -f $vestacp/bind/named.conf /etc/bind/
1038. sed -i "s%listen-on%//listen%" /etc/bind/named.conf.options
1039. chown root:bind /etc/bind/named.conf
1040. chmod 640 /etc/bind/named.conf
1041. aa-complain /usr/sbin/named 2>/dev/null
1042. echo "/home/** rwm," >> /etc/apparmor.d/local/usr.sbin.named 2>/dev/null
1043. service apparmor status >/dev/null 2>&1
1044. if [ $? -ne 0 ]; then
1045. service apparmor restart
1046. fi
1047. update-rc.d bind9 defaults
1048. service bind9 start
1049. check_result $? "bind9 start failed"
1050.  
1051. # Workaround for OpenVZ/Virtuozzo
1052. if [ -e "/proc/vz/veinfo" ]; then
1053. sed -i "s/^exit 0/service bind9 restart\nexit 0/" /etc/rc.local
1054. fi
1055. fi
1056.  
1057. #----------------------------------------------------------#
1058. # Configure Exim #
1059. #----------------------------------------------------------#
1060.  
1061. if [ "$exim" = 'yes' ]; then
1062. gpasswd -a Debian-exim mail
1063. cp -f $vestacp/exim/exim4.conf.template /etc/exim4/
1064. cp -f $vestacp/exim/dnsbl.conf /etc/exim4/
1065. cp -f $vestacp/exim/spam-blocks.conf /etc/exim4/
1066. touch /etc/exim4/white-blocks.conf
1067.  
1068. if [ "$spamd" = 'yes' ]; then
1069. sed -i "s/#SPAM/SPAM/g" /etc/exim4/exim4.conf.template
1070. fi
1071. if [ "$clamd" = 'yes' ]; then
1072. sed -i "s/#CLAMD/CLAMD/g" /etc/exim4/exim4.conf.template
1073. fi
1074.  
1075. chmod 640 /etc/exim4/exim4.conf.template
1076. rm -rf /etc/exim4/domains
1077. mkdir -p /etc/exim4/domains
1078.  
1079. rm -f /etc/alternatives/mta
1080. ln -s /usr/sbin/exim4 /etc/alternatives/mta
1081. update-rc.d -f sendmail remove > /dev/null 2>&1
1082. service sendmail stop > /dev/null 2>&1
1083. update-rc.d -f postfix remove > /dev/null 2>&1
1084. service postfix stop > /dev/null 2>&1
1085.  
1086. update-rc.d exim4 defaults
1087. service exim4 start
1088. check_result $? "exim4 start failed"
1089. fi
1090.  
1091.  
1092. #----------------------------------------------------------#
1093. # Configure Dovecot #
1094. #----------------------------------------------------------#
1095.  
1096. if [ "$dovecot" = 'yes' ]; then
1097. gpasswd -a dovecot mail
1098. if [[ ${release:0:2} -ge 18 ]]; then
1099. cp -r /usr/local/vesta/install/debian/9/dovecot /etc/
1100. if [ -z "$(grep yes /etc/dovecot/conf.d/10-mail.conf)" ]; then
1101. echo "namespace inbox {" >> /etc/dovecot/conf.d/10-mail.conf
1102. echo " inbox = yes" >> /etc/dovecot/conf.d/10-mail.conf
1103. echo "}" >> /etc/dovecot/conf.d/10-mail.conf
1104. echo "first_valid_uid = 1000" >> /etc/dovecot/conf.d/10-mail.conf
1105. echo "mbox_write_locks = fcntl" >> /etc/dovecot/conf.d/10-mail.conf
1106. fi
1107. else
1108. cp -rf $vestacp/dovecot /etc/
1109. fi
1110. cp -f $vestacp/logrotate/dovecot /etc/logrotate.d/
1111. chown -R root:root /etc/dovecot*
1112. update-rc.d dovecot defaults
1113. service dovecot start
1114. check_result $? "dovecot start failed"
1115. fi
1116.  
1117.  
1118. #----------------------------------------------------------#
1119. # Configure ClamAV #
1120. #----------------------------------------------------------#
1121.  
1122. if [ "$clamd" = 'yes' ]; then
1123. gpasswd -a clamav mail
1124. gpasswd -a clamav Debian-exim
1125. cp -f $vestacp/clamav/clamd.conf /etc/clamav/
1126. /usr/bin/freshclam
1127. update-rc.d clamav-daemon defaults
1128. service clamav-daemon start
1129. check_result $? "clamav-daemon start failed"
1130. fi
1131.  
1132.  
1133. #----------------------------------------------------------#
1134. # Configure SpamAssassin #
1135. #----------------------------------------------------------#
1136.  
1137. if [ "$spamd" = 'yes' ]; then
1138. update-rc.d spamassassin defaults
1139. sed -i "s/ENABLED=0/ENABLED=1/" /etc/default/spamassassin
1140. service spamassassin start
1141. check_result $? "spamassassin start failed"
1142. unit_files="$(systemctl list-unit-files |grep spamassassin)"
1143. if [[ "$unit_files" =~ "disabled" ]]; then
1144. systemctl enable spamassassin
1145. fi
1146. fi
1147.  
1148.  
1149. #----------------------------------------------------------#
1150. # Configure Roundcube #
1151. #----------------------------------------------------------#
1152.  
1153. if [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then
1154. if [ "$apache" = 'yes' ]; then
1155. cp -f $vestacp/roundcube/apache.conf /etc/roundcube/
1156. ln -s /etc/roundcube/apache.conf /etc/apache2/conf.d/roundcube.conf
1157. fi
1158.  
1159. if [[ ${release:0:2} -ge 18 ]]; then
1160. r=$(grep dbpass= /etc/roundcube/debian-db.php |cut -f 2 -d "'")
1161. sed -i "s/default_host.*/default_host'] = 'localhost';/" \
1162. /etc/roundcube/config.inc.php
1163. sed -i "s/^);/'password');/" /etc/roundcube/config.inc.php
1164. else
1165. r="$(gen_pass)"
1166. cp -f $vestacp/roundcube/main.inc.php /etc/roundcube/
1167. cp -f $vestacp/roundcube/db.inc.php /etc/roundcube/
1168. sed -i "s/%password%/$r/g" /etc/roundcube/db.inc.php
1169. fi
1170.  
1171. if [ "$release" = '16.04' ]; then
1172. # TBD: should be fixed in config repo
1173. mv /etc/roundcube/db.inc.php /etc/roundcube/debian-db-roundcube.php
1174. mv /etc/roundcube/main.inc.php /etc/roundcube/config.inc.php
1175. chmod 640 /etc/roundcube/debian-db-roundcube.php
1176. chown root:www-data /etc/roundcube/debian-db-roundcube.php
1177. fi
1178.  
1179. cp -f $vestacp/roundcube/vesta.php \
1180. /usr/share/roundcube/plugins/password/drivers/
1181. cp -f $vestacp/roundcube/config.inc.php /etc/roundcube/plugins/password/
1182.  
1183. mysql -e "CREATE DATABASE roundcube"
1184. mysql -e "GRANT ALL ON roundcube.*
1185. TO roundcube@localhost IDENTIFIED BY '$r'"
1186. mysql roundcube < /usr/share/dbconfig-common/data/roundcube/install/mysql
1187.  
1188. chmod 640 /etc/roundcube/debian-db*
1189. chown root:www-data /etc/roundcube/debian-db*
1190. touch /var/log/roundcube/errors
1191. chmod 640 /var/log/roundcube/errors
1192. chown www-data:adm /var/log/roundcube/errors
1193.  
1194. php5enmod mcrypt 2>/dev/null
1195. phpenmod mcrypt 2>/dev/null
1196. if [ "$apache" = 'yes' ]; then
1197. service apache2 restart
1198. fi
1199. if [ "$nginx" = 'yes' ]; then
1200. service nginx restart
1201. fi
1202. fi
1203.  
1204.  
1205. #----------------------------------------------------------#
1206. # Configure Fail2Ban #
1207. #----------------------------------------------------------#
1208.  
1209. if [ "$fail2ban" = 'yes' ]; then
1210. cp -rf $vestacp/fail2ban /etc/
1211. if [ "$dovecot" = 'no' ]; then
1212. fline=$(cat /etc/fail2ban/jail.local |grep -n dovecot-iptables -A 2)
1213. fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -)
1214. sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local
1215. fi
1216. if [ "$exim" = 'no' ]; then
1217. fline=$(cat /etc/fail2ban/jail.local |grep -n exim-iptables -A 2)
1218. fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -)
1219. sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local
1220. fi
1221. if [ "$vsftpd" = 'yes' ]; then
1222. #Create vsftpd Log File
1223. if [ ! -f "/var/log/vsftpd.log" ]; then
1224. touch /var/log/vsftpd.log
1225. fi
1226. fline=$(cat /etc/fail2ban/jail.local |grep -n vsftpd-iptables -A 2)
1227. fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -)
1228. sed -i "${fline}s/false/true/" /etc/fail2ban/jail.local
1229. fi
1230. update-rc.d fail2ban defaults
1231. service fail2ban start
1232. check_result $? "fail2ban start failed"
1233. fi
1234.  
1235.  
1236. #----------------------------------------------------------#
1237. # Configure Admin User #
1238. #----------------------------------------------------------#
1239.  
1240. # Deleting old admin user
1241. if [ ! -z "$(grep ^admin: /etc/passwd)" ] && [ "$force" = 'yes' ]; then
1242. chattr -i /home/admin/conf > /dev/null 2>&1
1243. userdel -f admin >/dev/null 2>&1
1244. chattr -i /home/admin/conf >/dev/null 2>&1
1245. mv -f /home/admin $vst_backups/home/ >/dev/null 2>&1
1246. rm -f /tmp/sess_* >/dev/null 2>&1
1247. fi
1248. if [ ! -z "$(grep ^admin: /etc/group)" ]; then
1249. groupdel admin > /dev/null 2>&1
1250. fi
1251.  
1252. # Adding Vesta admin account
1253. $VESTA/bin/v-add-user admin $vpass $email default System Administrator
1254. check_result $? "can't create admin user"
1255. $VESTA/bin/v-change-user-shell admin bash
1256. $VESTA/bin/v-change-user-language admin $lang
1257.  
1258. # Configuring system IPs
1259. $VESTA/bin/v-update-sys-ip
1260.  
1261. # Get main IP
1262. ip=$(ip addr|grep 'inet '|grep global|head -n1|awk '{print $2}'|cut -f1 -d/)
1263.  
1264. # Configuring firewall
1265. if [ "$iptables" = 'yes' ]; then
1266. $VESTA/bin/v-update-firewall
1267. fi
1268.  
1269. # Get public IP
1270. pub_ip=$(curl -s vestacp.com/what-is-my-ip/)
1271. if [ ! -z "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then
1272. echo "$VESTA/bin/v-update-sys-ip" >> /etc/rc.local
1273. $VESTA/bin/v-change-sys-ip-nat $ip $pub_ip
1274. ip=$pub_ip
1275. fi
1276.  
1277. # Configuring MySQL/MariaDB host
1278. if [ "$mysql" = 'yes' ]; then
1279. $VESTA/bin/v-add-database-host mysql localhost root $mpass
1280. $VESTA/bin/v-add-database admin default default $(gen_pass) mysql
1281. fi
1282.  
1283. # Configuring PostgreSQL host
1284. if [ "$postgresql" = 'yes' ]; then
1285. $VESTA/bin/v-add-database-host pgsql localhost postgres $ppass
1286. $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql
1287. fi
1288.  
1289. # Adding default domain
1290. $VESTA/bin/v-add-domain admin $servername
1291.  
1292. # Adding cron jobs
1293. command="sudo $VESTA/bin/v-update-sys-queue disk"
1294. $VESTA/bin/v-add-cron-job 'admin' '15' '02' '*' '*' '*' "$command"
1295. command="sudo $VESTA/bin/v-update-sys-queue traffic"
1296. $VESTA/bin/v-add-cron-job 'admin' '10' '00' '*' '*' '*' "$command"
1297. command="sudo $VESTA/bin/v-update-sys-queue webstats"
1298. $VESTA/bin/v-add-cron-job 'admin' '30' '03' '*' '*' '*' "$command"
1299. command="sudo $VESTA/bin/v-update-sys-queue backup"
1300. $VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command"
1301. command="sudo $VESTA/bin/v-backup-users"
1302. $VESTA/bin/v-add-cron-job 'admin' '10' '05' '*' '*' '*' "$command"
1303. command="sudo $VESTA/bin/v-update-user-stats"
1304. $VESTA/bin/v-add-cron-job 'admin' '20' '00' '*' '*' '*' "$command"
1305. command="sudo $VESTA/bin/v-update-sys-rrd"
1306. $VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command"
1307. service cron restart
1308.  
1309. # Building initital rrd images
1310. $VESTA/bin/v-update-sys-rrd
1311.  
1312. # Enabling file system quota
1313. if [ "$quota" = 'yes' ]; then
1314. $VESTA/bin/v-add-sys-quota
1315. fi
1316.  
1317. # Enabling softaculous plugin
1318. if [ "$softaculous" = 'yes' ]; then
1319. $VESTA/bin/v-add-vesta-softaculous
1320. fi
1321.  
1322. # Starting Vesta service
1323. update-rc.d vesta defaults
1324. service vesta start
1325. check_result $? "vesta start failed"
1326. chown admin:admin $VESTA/data/sessions
1327.  
1328. # Adding notifications
1329. $VESTA/upd/add_notifications.sh
1330.  
1331. # Adding cronjob for autoupdates
1332. $VESTA/bin/v-add-cron-vesta-autoupdate
1333.  
1334.  
1335. #----------------------------------------------------------#
1336. # Vesta Access Info #
1337. #----------------------------------------------------------#
1338.  
1339. # Comparing hostname and IP
1340. host_ip=$(host $servername| head -n 1 |awk '{print $NF}')
1341. if [ "$host_ip" = "$ip" ]; then
1342. ip="$servername"
1343. fi
1344.  
1345. # Sending notification to admin email
1346. echo -e "Congratulations, you have just successfully installed \
1347. Vesta Control Panel
1348.  
1349. https://$ip:8083
1350. username: admin
1351. password: $vpass
1352.  
1353. We hope that you enjoy your installation of Vesta. Please \
1354. feel free to contact us anytime if you have any questions.
1355. Thank you.
1356.  
1357. --
1358. Sincerely yours
1359. vestacp.com team
1360. " > $tmpfile
1361.  
1362. send_mail="$VESTA/web/inc/mail-wrapper.php"
1363. cat $tmpfile | $send_mail -s "Vesta Control Panel" $email
1364.  
1365. # Congrats
1366. echo '======================================================='
1367. echo
1368. echo ' _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_| '
1369. echo ' _| _| _| _| _| _| _| '
1370. echo ' _| _| _|_|_| _|_| _| _|_|_|_| '
1371. echo ' _| _| _| _| _| _| _| '
1372. echo ' _| _|_|_|_| _|_|_| _| _| _| '
1373. echo
1374. echo
1375. cat $tmpfile
1376. rm -f $tmpfile
1377.  
1378. # EOF