Nowe da_cli,sg
This commit is contained in:
@@ -1,15 +1,17 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
#version 0.8.0
|
#version 0.9.0
|
||||||
#gedas@mc2.dev
|
#gedas@mc2.dev
|
||||||
|
|
||||||
### VARS ###
|
### VARS ###
|
||||||
DEFAULTPACKAGE=NO-LIMIT
|
DEFAULTPACKAGE=NO_LIMIT
|
||||||
DNSMASTER="192.168.8.13" # IP address of this server that should be used on the client host for multiserver
|
DNSMASTER="185.242.132.100" # IP address of this server that should be used on the client host for multiserver
|
||||||
DNSSLAVE="192.168.8.14" # the second DNS server. This server should be able to login to DNSSLAVE via ssh
|
DNSSLAVE="193.178.43.30" # the second DNS server. This server should be able to login to DNSSLAVE via ssh
|
||||||
DNSSLAVEPORT="22" # port for dnsslave
|
DNSSLAVEPORT="22" # port for dnsslave
|
||||||
ADMINUSER="admin" # server main admin user
|
ADMINUSER="admin" # server main admin user
|
||||||
TRUSTED_IPS="127.0.0.1,185.242.134.92,185.242.134.93,185.242.134.94,193.177.165.192,193.177.165.193,193.177.165.194,193.177.165.195,193.177.165.196" #comma separated list of IP addresses
|
TRUSTED_IPS="127.0.0.1,185.242.134.92,185.242.134.93,185.242.134.94,193.177.165.192,193.177.165.193,193.177.165.194,193.177.165.195,193.177.165.196" #comma s
|
||||||
|
eparated list of IP addresses
|
||||||
### END VARS ###
|
### END VARS ###
|
||||||
|
|
||||||
######### FUNCTIONS
|
######### FUNCTIONS
|
||||||
|
|
||||||
createUser() {
|
createUser() {
|
||||||
@@ -885,10 +887,15 @@ phpList () {
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
PHP1=$(grep -e "^php1_release=" "${CBOPTIONS}" | cut -f2 -d=)
|
PHP1=$(grep -m1 -e ^php1_release= "${CBOPTIONS}" | cut -f2 -d=)
|
||||||
PHP2=$(grep -e "^php2_release=" "${CBOPTIONS}" | cut -f2 -d=)
|
PHP2=$(grep -m1 -e ^php2_release= "${CBOPTIONS}" | cut -f2 -d=)
|
||||||
PHP3=$(grep -e "^php3_release=" "${CBOPTIONS}" | cut -f2 -d=)
|
PHP3=$(grep -m1 -e ^php3_release= "${CBOPTIONS}" | cut -f2 -d=)
|
||||||
PHP4=$(grep -e "^php4_release=" "${CBOPTIONS}" | cut -f2 -d=)
|
PHP4=$(grep -m1 -e ^php4_release= "${CBOPTIONS}" | cut -f2 -d=)
|
||||||
|
PHP5=$(grep -m1 -e ^php5_release= "${CBOPTIONS}" | cut -f2 -d=)
|
||||||
|
PHP6=$(grep -m1 -e ^php6_release= "${CBOPTIONS}" | cut -f2 -d=)
|
||||||
|
PHP7=$(grep -m1 -e ^php7_release= "${CBOPTIONS}" | cut -f2 -d=)
|
||||||
|
PHP8=$(grep -m1 -e ^php8_release= "${CBOPTIONS}" | cut -f2 -d=)
|
||||||
|
PHP9=$(grep -m1 -e ^php9_release= "${CBOPTIONS}" | cut -f2 -d=)
|
||||||
|
|
||||||
if [[ ${EXPORT} -eq 0 ]]; then
|
if [[ ${EXPORT} -eq 0 ]]; then
|
||||||
printf "%-16s %-30s\t%s\n" "USER" "DOMAIN" "PHP"
|
printf "%-16s %-30s\t%s\n" "USER" "DOMAIN" "PHP"
|
||||||
@@ -906,7 +913,17 @@ phpList () {
|
|||||||
for USER in ${USERSLIST}; do
|
for USER in ${USERSLIST}; do
|
||||||
for DOMAIN in `cat ${USERSDATA}/${USER}/domains.list`; do
|
for DOMAIN in `cat ${USERSDATA}/${USER}/domains.list`; do
|
||||||
PHPVER=`grep -E "^php1_select=" ${USERSDATA}/${USER}/domains/${DOMAIN}.conf | cut -f2 -d=`
|
PHPVER=`grep -E "^php1_select=" ${USERSDATA}/${USER}/domains/${DOMAIN}.conf | cut -f2 -d=`
|
||||||
if [[ ${PHPVER} -eq 4 ]]; then
|
if [[ ${PHPVER} -eq 9 ]]; then
|
||||||
|
PHPSELECTED=${PHP9}
|
||||||
|
elif [[ ${PHPVER} -eq 8 ]]; then
|
||||||
|
PHPSELECTED=${PHP8}
|
||||||
|
elif [[ ${PHPVER} -eq 7 ]]; then
|
||||||
|
PHPSELECTED=${PHP7}
|
||||||
|
elif [[ ${PHPVER} -eq 6 ]]; then
|
||||||
|
PHPSELECTED=${PHP6}
|
||||||
|
elif [[ ${PHPVER} -eq 5 ]]; then
|
||||||
|
PHPSELECTED=${PHP5}
|
||||||
|
elif [[ ${PHPVER} -eq 4 ]]; then
|
||||||
PHPSELECTED=${PHP4}
|
PHPSELECTED=${PHP4}
|
||||||
elif [[ ${PHPVER} -eq 3 ]]; then
|
elif [[ ${PHPVER} -eq 3 ]]; then
|
||||||
PHPSELECTED=${PHP3}
|
PHPSELECTED=${PHP3}
|
||||||
@@ -970,7 +987,7 @@ phpSet () {
|
|||||||
for DOMAIN in ${DOMAINLIST}; do
|
for DOMAIN in ${DOMAINLIST}; do
|
||||||
if [[ -z ${PHPVER} ]]; then
|
if [[ -z ${PHPVER} ]]; then
|
||||||
printf "\nDOMAIN: %s - PHP version \"%s\" does not exist. Available versions: " "${DOMAIN}" "${PHPSELECTED}"
|
printf "\nDOMAIN: %s - PHP version \"%s\" does not exist. Available versions: " "${DOMAIN}" "${PHPSELECTED}"
|
||||||
grep -e "^php._release=" ${CBOPTIONS} | xargs
|
grep -e "^php._release=" ${CBOPTIONS} | grep -v _release=no | xargs
|
||||||
break
|
break
|
||||||
fi
|
fi
|
||||||
PHPSELECT_JSON=$(cat <<- EOF
|
PHPSELECT_JSON=$(cat <<- EOF
|
||||||
|
|||||||
@@ -1,627 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
# VERSION 1.6.5-29.11.2023
|
|
||||||
if [ -f "/var/log/dapostinstall.done" ]; then
|
|
||||||
echo -e "\e[31mSkrypt DApostinstall był już uruchomiony na tym serwerze - przerywam działanie.\e[0m"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
DAPOSTINSTALL_DIR=/opt/dapostinstall
|
|
||||||
DADIR=/usr/local/directadmin
|
|
||||||
CBDIR=/usr/local/directadmin/custombuild
|
|
||||||
LOG_FILE=/var/log/dapostinstall.log
|
|
||||||
HTLINK="https://ht.zenadmin.pl"
|
|
||||||
MIN_PASSWORD_LENGTH=18
|
|
||||||
MAX_PASSWORD_LENGTH=24
|
|
||||||
exec > >(tee -ia "$LOG_FILE") 2>&1
|
|
||||||
cd $DAPOSTINSTALL_DIR
|
|
||||||
yum -y install htop wget rsync nano mc ncdu borgbackup
|
|
||||||
wget $HTLINK//daupdate.sh -O /opt/daupdate.sh
|
|
||||||
chmod 700 /opt/daupdate.sh
|
|
||||||
cd /opt/
|
|
||||||
sh daupdate.sh update
|
|
||||||
cd $DAPOSTINSTALL_DIR
|
|
||||||
yum -y install epel-release
|
|
||||||
clear
|
|
||||||
cd $DAPOSTINSTALL_DIR
|
|
||||||
|
|
||||||
echo "Blokada logowania roota hasłem"
|
|
||||||
sed -i '/PermitRootLogin yes/s/^#//g' /etc/ssh/sshd_config
|
|
||||||
sed -i "s/PermitRootLogin yes/PermitRootLogin without-password/g" /etc/ssh/sshd_config
|
|
||||||
|
|
||||||
echo "Poprawa locale"
|
|
||||||
dnf install -y glibc-all-langpacks langpacks-pl glibc-langpack-pl
|
|
||||||
localectl set-locale LANG=pl_PL.utf8
|
|
||||||
|
|
||||||
echo "Tworzenie domyslnego pakietu"
|
|
||||||
mkdir -p $DADIR/data/users/admin/packages/
|
|
||||||
mkdir -p $DADIR/data/users/admin/packages
|
|
||||||
\cp -r NO-LIMIT.pkg $DADIR/data/users/admin/packages
|
|
||||||
chmod 600 $DADIR/data/users/admin/packages.list
|
|
||||||
echo "NO-LIMIT" > $DADIR/data/users/admin/packages.list
|
|
||||||
chown -R diradmin:diradmin $DADIR/data/users/admin/packages*
|
|
||||||
echo "Instalacja spolszczenia DirectAdmina"
|
|
||||||
echo "language=pl" >> $DADIR/conf/directadmin.conf
|
|
||||||
sed -i 's/language=en/language=pl/gI' $DADIR/data/users/admin/user.conf
|
|
||||||
sed -i 's/language=en/language=pl/gI' $DADIR/data/users/admin/user.conf
|
|
||||||
sed -i 's/language=en/language=pl/gI' $DADIR/data/users/admin/packages/NO-LIMIT.pkg
|
|
||||||
sed -i 's/Your reseller account is now ready for use./Twoje konto resellera o loginie |username| zostało utworzone I jest gotowe do użycia./gI' $DADIR/data/admin/admin.conf
|
|
||||||
sed -i 's/Your administrator account is now ready for use./Twoje konto administratora o loginie |username| zostało utworzone i jest gotowe do użycia./gI' $DADIR/data/admin/admin.conf
|
|
||||||
sed -i 's/Your account for |domain| is now ready for use./Twoje konto użytkownika o loginie |username| w domenie |domain| zostało utworzone i jest gotowe do użycia./gI' $DADIR/data/users/admin/reseller.conf
|
|
||||||
|
|
||||||
|
|
||||||
echo "Instalacja spolszczenia dla skórki enhanced"
|
|
||||||
|
|
||||||
tar -xvf spolszczenie_enhanced.tar.gz
|
|
||||||
cp -Rfp spolszczenie_enhanced/pl $DADIR/data/skins/enhanced/lang/
|
|
||||||
cp -Rfp spolszczenie_enhanced/templates/* $DADIR/data/templates/
|
|
||||||
cp -f spolszczenie_enhanced/a_welcome.txt $DADIR/data/admin
|
|
||||||
cp -f spolszczenie_enhanced/r_welcome.txt $DADIR/data/admin
|
|
||||||
cp -f spolszczenie_enhanced/u_welcome.txt $DADIR/data/users/admin
|
|
||||||
cp -f spolszczenie_enhanced/u_welcome.txt $DADIR/data/templates/custom
|
|
||||||
|
|
||||||
echo "Spolszczenie skorki evolution"
|
|
||||||
|
|
||||||
|
|
||||||
rm -rf $DAPOSTINSTALL_DIR/evolution
|
|
||||||
mkdir -p $DAPOSTINSTALL_DIR/evolution
|
|
||||||
cd $DAPOSTINSTALL_DIR/evolution
|
|
||||||
git clone https://github.com/regdos/DirectAdmin-Evolution-PL.git
|
|
||||||
cd DirectAdmin-Evolution-PL
|
|
||||||
cp pl.po login-pl.po $DADIR/data/skins/evolution/lang/
|
|
||||||
\cp -Rfp templates/* $DADIR/data/templates/
|
|
||||||
\cp -f a_welcome.txt $DADIR/data/admin
|
|
||||||
\cp -f r_welcome.txt $DADIR/data/admin
|
|
||||||
\cp -f u_welcome.txt $DADIR/data/users/admin
|
|
||||||
\cp -f u_welcome.txt $DADIR/data/templates/custom
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
clear
|
|
||||||
|
|
||||||
PS3='Jaka skorke ustawic jako domyslna: '
|
|
||||||
options=("Enhanced" "Evolution")
|
|
||||||
select opt in "${options[@]}"
|
|
||||||
do
|
|
||||||
case $opt in
|
|
||||||
|
|
||||||
"Enhanced")
|
|
||||||
sed -i 's/evolution/enhanced/gI' $DADIR/conf/directadmin.conf
|
|
||||||
sed -i 's/evolution/enhanced/gI' $DADIR/data/users/admin/packages/NO-LIMIT.pkg
|
|
||||||
sed -i 's/evolution/enhanced/gI' $DADIR/data/users/admin/user.conf
|
|
||||||
systemctl restart directadmin
|
|
||||||
|
|
||||||
break
|
|
||||||
;;
|
|
||||||
|
|
||||||
"Evolution")
|
|
||||||
rm -f $DADIR/data/templates/custom/login.html
|
|
||||||
echo "Skorka evolution zostala ustawiona jako domyslna"
|
|
||||||
systemctl restart directadmin
|
|
||||||
break
|
|
||||||
;;
|
|
||||||
|
|
||||||
|
|
||||||
*) echo "Niewlasciwa opcja $REPLY";;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
|
|
||||||
echo "Wybierz tryb instalacji"
|
|
||||||
echo "Instalacja automatyczna instaluje wszystkie dodatki i przyjmuje domyslne ustawienia dla hitme."
|
|
||||||
echo "Instalacja niestandardowa pozwala pominac niektore komponenty, np. nie instalowac ModSecurity, okreslic inny niz 10022 port SSH czy serwery DNS niz standardowe dla hitme zadajac dodatkowe pytania podczas wykonywania skryptu"
|
|
||||||
|
|
||||||
PS3='Wybierz tryb instalacji: '
|
|
||||||
options=("Automatyczna" "Niestandardowa")
|
|
||||||
select opt in "${options[@]}"
|
|
||||||
do
|
|
||||||
case $opt in
|
|
||||||
|
|
||||||
"Automatyczna")
|
|
||||||
echo "Ustawienie DNSów hitme"
|
|
||||||
sed -i "/ns1=/c\ns1=dns3.hitme.net.pl" $DADIR/conf/directadmin.conf
|
|
||||||
sed -i "/ns2=/c\ns2=dns4.hitme.net.pl" $DADIR/conf/directadmin.conf
|
|
||||||
sed -i "/ns1=/c\ns1=dns3.hitme.net.pl" $DADIR/data/users/admin/user.conf
|
|
||||||
sed -i "/ns2=/c\ns2=dns4.hitme.net.pl" $DADIR/data/users/admin/user.conf
|
|
||||||
sed -i "/ns1=/c\ns1=dns3.hitme.net.pl" $DADIR/data/users/admin/reseller.conf
|
|
||||||
sed -i "/ns2=/c\ns2=dns4.hitme.net.pl" $DADIR/data/users/admin/reseller.conf
|
|
||||||
systemctl restart directadmin
|
|
||||||
|
|
||||||
echo "Ustawienie domyslnego portu SSH na 10022"
|
|
||||||
|
|
||||||
SSH_PORT=10022
|
|
||||||
sed -i '/Port 22/s/^#//g' /etc/ssh/sshd_config
|
|
||||||
sed -i "s/Port 22/Port 10022/g" /etc/ssh/sshd_config
|
|
||||||
sed -i "s/,22,/,22,10022,/g" /etc/csf/csf.conf
|
|
||||||
|
|
||||||
echo "Ustawienie dodatkowych zabezpieczen SSH"
|
|
||||||
|
|
||||||
tee -a /etc/ssh/sshd_config > /dev/null <<EOT
|
|
||||||
Match User root Address 185.242.134.0/24,185.242.133.37,185.242.134.92,185.242.134.93,193.177.165.192,193.177.165.193,193.177.165.194,193.177.165.195,193.177.165.196
|
|
||||||
PubkeyAuthentication yes
|
|
||||||
PasswordAuthentication yes
|
|
||||||
PermitRootLogin yes
|
|
||||||
EOT
|
|
||||||
|
|
||||||
echo "Ustawienie kluczy logowania do DirectAdmina i kluczy SSH hitme"
|
|
||||||
|
|
||||||
cd /opt
|
|
||||||
sh daupdate.sh klucze
|
|
||||||
# sh daupdate keyput
|
|
||||||
cd $DAPOSTINSTALL_DIR
|
|
||||||
|
|
||||||
echo "Instalacja Modsecurity i regułek malware experts"
|
|
||||||
|
|
||||||
wget $HTLINK/hitmemodsec.sh -O /opt/hitmemodsec.sh
|
|
||||||
sh /opt/hitmemodsec.sh
|
|
||||||
rm -f hitmemodsec.sh
|
|
||||||
daupdate antybots
|
|
||||||
|
|
||||||
echo "Instaluje branding hitme dla skorki evolution i serwera www"
|
|
||||||
cd $DAPOSTINSTALL_DIR
|
|
||||||
tar -xvf skin_customizations.tar -C $DADIR/data/users/admin/
|
|
||||||
cd $DAPOSTINSTALL_DIR
|
|
||||||
wget https://cdn.hitme.pl/da_templates.tar
|
|
||||||
tar -xf da_templates.tar
|
|
||||||
cp da_templates/*[1-9]* /home/admin/domains/default/
|
|
||||||
cp da_templates/index.html /home/admin/domains/default/index.html
|
|
||||||
cp da_templates/suspended.shtml /home/admin/domains/suspended/index.html
|
|
||||||
cp da_templates/index-hitme.html /var/www/html/index.html
|
|
||||||
cd $DAPOSTINSTALL_DIR
|
|
||||||
|
|
||||||
echo "Login branging hitme"
|
|
||||||
cd /
|
|
||||||
wget https://cdn.hitme.pl/da_files/da-branding-hitme.tar.gz
|
|
||||||
tar xvzf da-branding-hitme.tar.gz
|
|
||||||
rm -rf da-branding-hitme.tar.gz
|
|
||||||
cd $DAPOSTINSTALL_DIR
|
|
||||||
|
|
||||||
echo "Instalacja Security headers"
|
|
||||||
|
|
||||||
cd $DAPOSTINSTALL_DIR
|
|
||||||
cat security-headers.conf >>/etc/httpd/conf/extra/httpd-includes.conf
|
|
||||||
cd $CBDIR
|
|
||||||
./build rewrite_confs
|
|
||||||
cd $DAPOSTINSTALL_DIR
|
|
||||||
|
|
||||||
echo "Instalacja certyfikatu Let's Encrypt"
|
|
||||||
$DADIR/scripts/letsencrypt.sh request_single `hostname` 4096
|
|
||||||
|
|
||||||
break
|
|
||||||
;;
|
|
||||||
|
|
||||||
"Niestandardowa")
|
|
||||||
read -p "Podaj adres NS1 [dns3.hitme.net.pl]: " NS1_DEFAULT
|
|
||||||
NS1_DEFAULT=${NS1_DEFAULT:-dns3.hitme.net.pl}
|
|
||||||
read -p "Podaj adres NS2 [dns4.hitme.net.pl]: " NS2_DEFAULT
|
|
||||||
NS2_DEFAULT=${NS2_DEFAULT:-dns4.hitme.net.pl}
|
|
||||||
|
|
||||||
sed -i "/ns1=/c\ns1=$NS1_DEFAULT" $DADIR/conf/directadmin.conf
|
|
||||||
sed -i "/ns2=/c\ns2=$NS2_DEFAULT" $DADIR/conf/directadmin.conf
|
|
||||||
sed -i "/ns1=/c\ns1=$NS1_DEFAULT" $DADIR/data/users/admin/user.conf
|
|
||||||
sed -i "/ns2=/c\ns2=$NS2_DEFAULT" $DADIR/data/users/admin/user.conf
|
|
||||||
sed -i "/ns1=/c\ns1=$NS1_DEFAULT" $DADIR/data/users/admin/reseller.conf
|
|
||||||
sed -i "/ns2=/c\ns2=$NS2_DEFAULT" $DADIR/data/users/admin/reseller.conf
|
|
||||||
systemctl restart directadmin
|
|
||||||
|
|
||||||
read -p "Podaj port SSH [10022]: " SSH_PORT
|
|
||||||
SSH_PORT=${SSH_PORT:-10022}
|
|
||||||
|
|
||||||
sed -i '/Port 22/s/^#//g' /etc/ssh/sshd_config
|
|
||||||
sed -i "s/Port 22/Port $SSH_PORT/g" /etc/ssh/sshd_config
|
|
||||||
sed -i "s/,22,/,22,$SSH_PORT,/g" /etc/csf/csf.conf
|
|
||||||
|
|
||||||
while true; do
|
|
||||||
|
|
||||||
read -p "Czy aktywowac dodatkowe zabezpiecznia SSH (T/N)? " yn
|
|
||||||
|
|
||||||
case $yn in
|
|
||||||
[Tt] ) echo "Aktywacja dodatkowych zabezpieczen SSH"
|
|
||||||
tee -a /etc/ssh/sshd_config > /dev/null <<EOT
|
|
||||||
Match User root Address 185.242.134.0/24,185.242.133.37,185.242.134.92,185.242.134.93,193.177.165.192,193.177.165.193,193.177.165.194,193.177.165.195,193.177.165.196
|
|
||||||
PubkeyAuthentication yes
|
|
||||||
PasswordAuthentication yes
|
|
||||||
PermitRootLogin yes
|
|
||||||
EOT
|
|
||||||
break;;
|
|
||||||
[nN] ) echo "Pomijam aktywacje dodatkowych zabezpieczen SSH";
|
|
||||||
break;;
|
|
||||||
* ) echo "Niewlasciwa odpowiedz";;
|
|
||||||
esac
|
|
||||||
|
|
||||||
done
|
|
||||||
|
|
||||||
while true; do
|
|
||||||
|
|
||||||
read -p "Czy instalowac klucze logowania HITME do SSH (T/N)? " yn
|
|
||||||
|
|
||||||
case $yn in
|
|
||||||
[Tt] ) echo "Instaluje klucze logowania HITME do SSH"
|
|
||||||
cd /opt
|
|
||||||
sh daupdate keyput
|
|
||||||
break;;
|
|
||||||
[nN] ) echo "Pomijam instalacje kluczy logowania do SSH";
|
|
||||||
break;;
|
|
||||||
* ) echo "Niewlasciwa odpowiedz";;
|
|
||||||
esac
|
|
||||||
|
|
||||||
done
|
|
||||||
|
|
||||||
|
|
||||||
while true; do
|
|
||||||
|
|
||||||
read -p "Czy instalowac klucze logowania HITME do DirectAdmina (T/N)? " yn
|
|
||||||
|
|
||||||
case $yn in
|
|
||||||
[Tt] ) echo "Instaluje klucze logowania HITME do DirectAdmina"
|
|
||||||
cd /opt
|
|
||||||
sh daupdate klucze
|
|
||||||
break;;
|
|
||||||
[nN] ) echo "Pomijam instalacje kluczy logowania do DirectAdmina";
|
|
||||||
break;;
|
|
||||||
* ) echo "Niewlasciwa odpowiedz";;
|
|
||||||
esac
|
|
||||||
|
|
||||||
done
|
|
||||||
|
|
||||||
echo "Instalacja ModSecurity"
|
|
||||||
|
|
||||||
while true; do
|
|
||||||
|
|
||||||
read -p "Czy instalowac ModSecurity z reglłkami Malware Experts (T/N)? " yn
|
|
||||||
|
|
||||||
case $yn in
|
|
||||||
[Tt] ) echo "Instaluje ModSecurity + Malware Experts"
|
|
||||||
wget $HTLINK/hitmemodsec.sh -O /opt/hitmemodsec.sh
|
|
||||||
sh /opt/hitmemodsec.sh
|
|
||||||
rm -f hitmemodsec.sh
|
|
||||||
daupdate antybots
|
|
||||||
break;;
|
|
||||||
[nN] ) echo "Pomijam instalacje ModSecurity";
|
|
||||||
break;;
|
|
||||||
* ) echo "Niewlasciwa odpowiedz";;
|
|
||||||
esac
|
|
||||||
|
|
||||||
done
|
|
||||||
|
|
||||||
while true; do
|
|
||||||
|
|
||||||
read -p "Czy instalowac brandowanie hitme dla skorki evolution i serwera www (T/N)? " yn
|
|
||||||
|
|
||||||
case $yn in
|
|
||||||
[Tt] ) echo "Instaluje branowanie hitme dla skorki evolution"
|
|
||||||
cd $DAPOSTINSTALL_DIR
|
|
||||||
tar -xvf skin_customizations.tar -C $DADIR/data/users/admin/
|
|
||||||
wget https://cdn.hitme.pl/da_templates.tar
|
|
||||||
tar -xf da_templates.tar
|
|
||||||
cp da_templates/*[1-9]* /home/admin/domains/default/
|
|
||||||
cp da_templates/index.html /home/admin/domains/default/index.html
|
|
||||||
cp da_templates/suspended.shtml /home/admin/domains/suspended/index.html
|
|
||||||
cp da_templates/index-hitme.html /var/www/html/index.html
|
|
||||||
cd $DAPOSTINSTALL_DIR
|
|
||||||
break;;
|
|
||||||
[nN] ) echo "Pomijam instalacje brandowania hitme dla skorki evolution";
|
|
||||||
break;;
|
|
||||||
* ) echo "Niewlasciwa odpowiedz";;
|
|
||||||
esac
|
|
||||||
|
|
||||||
done
|
|
||||||
|
|
||||||
echo "Certyfikat SSL dla DirectAdmina"
|
|
||||||
|
|
||||||
while true; do
|
|
||||||
|
|
||||||
read -p "Czy instalowac Let's Encrypt dla DirectAdmina dla hostname `hostname` (T/N)? " yn
|
|
||||||
|
|
||||||
case $yn in
|
|
||||||
[Tt] ) echo "Instaluje Let's encrypt"
|
|
||||||
$DADIR/scripts/letsencrypt.sh request_single `hostname` 4096
|
|
||||||
break;;
|
|
||||||
[nN] ) echo "Pomijam instalacje Let's Encrypt";
|
|
||||||
break;;
|
|
||||||
* ) echo "Niewlasciwa odpowiedz";;
|
|
||||||
esac
|
|
||||||
|
|
||||||
done
|
|
||||||
|
|
||||||
while true; do
|
|
||||||
|
|
||||||
read -p "Czy instalowac Security Headers (T/N)? " yn
|
|
||||||
|
|
||||||
case $yn in
|
|
||||||
[Tt] ) echo "Instalacja Security Headers?"
|
|
||||||
cd $DAPOSTINSTALL_DIR
|
|
||||||
cat security-headers.conf >>/etc/httpd/conf/extra/httpd-includes.conf
|
|
||||||
cd $CBDIR
|
|
||||||
./build rewrite_confs
|
|
||||||
cd $DAPOSTINSTALL_DIR
|
|
||||||
|
|
||||||
|
|
||||||
break;;
|
|
||||||
[nN] ) echo "Pomijam instalacje Security Headers";
|
|
||||||
break;;
|
|
||||||
* ) echo "Niewlasciwa odpowiedz";;
|
|
||||||
esac
|
|
||||||
|
|
||||||
done
|
|
||||||
|
|
||||||
break
|
|
||||||
;;
|
|
||||||
|
|
||||||
|
|
||||||
*) echo "Niewlasciwa opcja $REPLY";;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
|
|
||||||
|
|
||||||
echo -e "\e[96mMam wszystkie informacje - rozpoczynam konfiguracje\e[0m"
|
|
||||||
|
|
||||||
|
|
||||||
echo "Generowanie maila powitalnego"
|
|
||||||
|
|
||||||
cd $DAPOSTINSTALL_DIR
|
|
||||||
chmod 755 da_cli.sh
|
|
||||||
|
|
||||||
echo "Generowanie hasla DirectAdmin"
|
|
||||||
|
|
||||||
DA_ADMINPASS=$(
|
|
||||||
while true; do
|
|
||||||
base_part=$(tr -dc '[:alnum:]' < /dev/urandom | tr -d 'oO0l1I' | fold -w "$((RANDOM % (MAX_PASSWORD_LENGTH - MIN_PASSWORD_LENGTH) + MIN_PASSWORD_LENGTH))" | head -n1)
|
|
||||||
special_char=$(tr -dc '[:graph:]' < /dev/urandom | tr -d '#oO0l1I' | fold -w 1 | head -n1)
|
|
||||||
special_index=$((RANDOM % ${#base_part}))
|
|
||||||
password="${base_part:0:special_index}${special_char}${base_part:special_index}"
|
|
||||||
if echo "$password" | grep -qE '[[:digit:]]' && echo "$password" | grep -qE '[[:upper:]]' && echo "$password" | grep -qE '[^[:alnum:]]'; then
|
|
||||||
echo "$password"
|
|
||||||
break
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
)
|
|
||||||
|
|
||||||
DA_OPTIONSCONF=$CBDIR/options.conf
|
|
||||||
DA_USERCONF=$DADIR/data/users/admin/user.conf
|
|
||||||
DA_HOSTNAME=$(hostname -f)
|
|
||||||
DA_IP=`cat $DA_USERCONF | grep ip= | cut -d= -f2`
|
|
||||||
DA_NS1=`cat $DA_USERCONF | grep ns1= | cut -d= -f2`
|
|
||||||
DA_NS2=`cat $DA_USERCONF | grep ns1= | cut -d= -f2`
|
|
||||||
DA_PHP1=`cat $DA_OPTIONSCONF | grep php1_release= | cut -d= -f2`
|
|
||||||
DA_PHP2=`cat $DA_OPTIONSCONF | grep php2_release= | cut -d= -f2`
|
|
||||||
DA_PHP3=`cat $DA_OPTIONSCONF | grep php3_release= | cut -d= -f2`
|
|
||||||
DA_PHP4=`cat $DA_OPTIONSCONF | grep php4_release= | cut -d= -f2`
|
|
||||||
sed -i 's/DA_HOSTNAME/'"$DA_HOSTNAME"'/g' mail_powitalny.txt
|
|
||||||
sed -i 's/DA_HOSTNAME/'"$DA_HOSTNAME"'/g' options.conf
|
|
||||||
sed -i 's/DA_IP/'"$DA_IP"'/g' mail_powitalny.txt
|
|
||||||
sed -i 's/DA_NS1/'"$DA_NS1"'/g' mail_powitalny.txt
|
|
||||||
sed -i 's/DA_NS2/'"$DA_NS2"'/g' mail_powitalny.txt
|
|
||||||
sed -i 's/DA_HASLO/'"$DA_ADMINPASS"'/g' mail_powitalny.txt
|
|
||||||
sed -i 's/SSH_PORT/'"$SSH_PORT"'/g' mail_powitalny.txt
|
|
||||||
sed -i 's/DA_PHP1/'"$DA_PHP1"'/g' mail_powitalny.txt
|
|
||||||
sed -i 's/DA_PHP2/'"$DA_PHP2"'/g' mail_powitalny.txt
|
|
||||||
sed -i 's/DA_PHP3/'"$DA_PHP3"'/g' mail_powitalny.txt
|
|
||||||
sed -i 's/DA_PHP4/'"$DA_PHP4"'/g' mail_powitalny.txt
|
|
||||||
mv mail_powitalny.txt /root
|
|
||||||
|
|
||||||
echo "instalacja SpamBlocker"
|
|
||||||
cd $CBDIR
|
|
||||||
./build update
|
|
||||||
./build set eximconf yes
|
|
||||||
./build set eximconf_release 4.5
|
|
||||||
./build set blockcracking yes
|
|
||||||
./build set easy_spam_fighter yes
|
|
||||||
./build set spamd spamassassin
|
|
||||||
./build set exim yes
|
|
||||||
./build exim
|
|
||||||
./build set dovecot_conf yes
|
|
||||||
./build dovecot_conf
|
|
||||||
./build spamassassin
|
|
||||||
./build update
|
|
||||||
./build exim_conf
|
|
||||||
|
|
||||||
echo "Dodanie SpamAssassin dla wszystkich uzytkownikow"
|
|
||||||
|
|
||||||
cd $DAPOSTINSTALL_DIR
|
|
||||||
cp user_create_post.sh $DADIR/scripts/custom/user_create_post.sh
|
|
||||||
chmod 755 $DADIR/scripts/custom/user_create_post.sh
|
|
||||||
|
|
||||||
|
|
||||||
echo "Aktywacja SpamAssassina dla obecnych użytkowników"
|
|
||||||
|
|
||||||
cd $DAPOSTINSTALL_DIR
|
|
||||||
cp spam_assassin_all_users_on.sh $DADIR/scripts/custom/
|
|
||||||
chmod 755 $DADIR/scripts/custom/spam_assassin_all_users_on.sh
|
|
||||||
$DADIR/scripts/custom/spam_assassin_all_users_on.sh
|
|
||||||
|
|
||||||
echo "Naprawa komunikacji URIBL"
|
|
||||||
|
|
||||||
echo "dns_server 127.0.0.1 # Naprawa zapytan URIBL i DNSWL" >> /etc/mail/spamassassin/local.cf
|
|
||||||
|
|
||||||
echo "OneClick Roundcube"
|
|
||||||
cd $DADIR
|
|
||||||
./directadmin set one_click_webmail_login 1
|
|
||||||
service directadmin restart
|
|
||||||
cd custombuild
|
|
||||||
./build update
|
|
||||||
./build dovecot_conf
|
|
||||||
./build exim_conf
|
|
||||||
./build roundcube
|
|
||||||
|
|
||||||
echo "OneClick PhpMyAdmin"
|
|
||||||
cd $DADIR/
|
|
||||||
./directadmin set one_click_pma_login 1
|
|
||||||
systemctl restart directadmin
|
|
||||||
cd custombuild
|
|
||||||
./build update
|
|
||||||
./build phpmyadmin
|
|
||||||
|
|
||||||
echo "PhpMyAdmin tylko z poziomu DirectAdmina"
|
|
||||||
|
|
||||||
cd $CBDIR
|
|
||||||
./build update
|
|
||||||
./build set phpmyadmin_public no
|
|
||||||
./build phpmyadmin
|
|
||||||
systemctl restart directadmin
|
|
||||||
|
|
||||||
cd $DAPOSTINSTALL_DIR
|
|
||||||
|
|
||||||
echo "Naprawa PhpMyAdmin"
|
|
||||||
cd $DAPOSTINSTALL_DIR
|
|
||||||
chmod 755 fix_phpmyadmin.sh
|
|
||||||
./fix_phpmyadmin.sh
|
|
||||||
cd $DAPOSTINSTALL_DIR
|
|
||||||
|
|
||||||
|
|
||||||
echo "Automatyczna konfiguracja Thunderbirda"
|
|
||||||
mkdir -p /var/www/html/.well-known/autoconfig/mail/
|
|
||||||
da config-set mail_autoconfig 0
|
|
||||||
da build rewrite_confs
|
|
||||||
|
|
||||||
cd $DAPOSTINSTALL_DIR
|
|
||||||
cp -f config-v1.1.xml /var/www/html/.well-known/autoconfig/mail/config-v1.1.xml
|
|
||||||
sed -i 's_nazwahosta_'$HOSTNAME'_g' /var/www/html/.well-known/autoconfig/mail/config-v1.1.xml
|
|
||||||
chown -R webapps:webapps /var/www/html/.well-known/autoconfig
|
|
||||||
mkdir -p $CBDIR/custom/ap2/conf/extra
|
|
||||||
cp -Rfp /etc/httpd/conf/extra/httpd-alias.conf $CBDIR/custom/ap2/conf/extra
|
|
||||||
echo "Alias /.well-known/autoconfig /var/www/html/.well-known/autoconfig" >> $CBDIR/custom/ap2/conf/extra/httpd-alias.conf
|
|
||||||
echo "Alias /poczta /var/www/html/roundcube" >> $CBDIR/custom/ap2/conf/extra/httpd-alias.conf
|
|
||||||
$CBDIR/build rewrite_confs
|
|
||||||
|
|
||||||
echo "Instalacja Imagick i WebP"
|
|
||||||
cd $DAPOSTINSTALL_DIR
|
|
||||||
dnf -y install mesa-libGL giflib freeglut
|
|
||||||
rpm -ivh libwebp-tools-1.0.0-8.el8_7.x86_64.rpm
|
|
||||||
dnf --enablerepo=powertools -y install giflib-devel
|
|
||||||
dnf -y install libwebp-devel libjpeg-devel libpng-devel libwebp-tools giflib libvpx libvpx-devel libtiff-devel libXpm-devel libpng-devel ImageMagick-devel
|
|
||||||
# $CBDIR/build set imagick yes
|
|
||||||
# $CBDIR/build imagick
|
|
||||||
sed -i 's/imagick=no/imagick=yes/g' /usr/local/directadmin/custombuild/php_extensions.conf
|
|
||||||
da build imagick
|
|
||||||
|
|
||||||
echo "Instalacja IMAP"
|
|
||||||
sed -i 's/imap=no/imap=yes/gI' $CBDIR/php_extensions.conf
|
|
||||||
$CBDIR/build php_imap
|
|
||||||
|
|
||||||
echo "Instalacja Memcache i redis"
|
|
||||||
yum -y install memcached libmemcached
|
|
||||||
systemctl enable memcached
|
|
||||||
systemctl restart memcached
|
|
||||||
yum -y install redis redis-devel
|
|
||||||
|
|
||||||
echo "Instalacja rozszerzen PECL od poralixa"
|
|
||||||
cd $DADIR/scripts/custom
|
|
||||||
wget https://raw.githubusercontent.com/poralix/directadmin-utils/master/php/php-extension.sh -O php-extension.sh
|
|
||||||
chmod 750 php-extension.sh
|
|
||||||
./php-extension.sh install memcached
|
|
||||||
cd $DAPOSTINSTALL_DIR
|
|
||||||
|
|
||||||
cd $CBDIR
|
|
||||||
touch custom/php_disable_functions
|
|
||||||
echo "exec,system,passthru,shell_exec,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname" > custom/php_disable_functions
|
|
||||||
./build secure_php
|
|
||||||
|
|
||||||
echo "Optymalizacja MySQL"
|
|
||||||
cd $DAPOSTINSTALL_DIR
|
|
||||||
\cp -f my.cnf /etc/my.cnf
|
|
||||||
systemctl restart mysqld
|
|
||||||
|
|
||||||
|
|
||||||
echo "Dodawanie subdomeny poczta do kazdej domeny"
|
|
||||||
|
|
||||||
mkdir -p $DADIR/data/templates/custom/
|
|
||||||
\cp virtual_host2.conf.CUSTOM.4.post $DADIR/data/templates/custom/virtual_host2.conf.CUSTOM.4.post
|
|
||||||
\cp virtual_host2_secure.conf.CUSTOM.4.post $DADIR/data/templates/custom/virtual_host2_secure.conf.CUSTOM.4.post
|
|
||||||
echo "action=rewrite&value=httpd" >> $DADIR/data/task.queue
|
|
||||||
cd $DADIR/data/templates
|
|
||||||
cp dns_a.conf custom/
|
|
||||||
cd custom
|
|
||||||
sed -i '/pop/i poczta=|IP|' $DADIR/data/templates/custom/dns_a.conf
|
|
||||||
|
|
||||||
echo "Instalacja bezpiecznego DMARC"
|
|
||||||
|
|
||||||
cd $DADIR/data/templates/custom
|
|
||||||
cp ../dns_txt.conf .
|
|
||||||
echo '_dmarc="v=DMARC1;p=quarantine;pct=100;sp=none;fo=0:d:s;aspf=s;adkim=r;"' >> dns_txt.conf
|
|
||||||
|
|
||||||
echo "Dopuszczenie wszystkich metod HTTPD"
|
|
||||||
|
|
||||||
cd $CBDIR
|
|
||||||
./build set http_methods ALL
|
|
||||||
./build rewrite_confs
|
|
||||||
|
|
||||||
echo "Instalacja composera"
|
|
||||||
cd $CBDIR
|
|
||||||
./build composer
|
|
||||||
cd $DAPOSTINSTALL_DIR
|
|
||||||
|
|
||||||
echo "Instalacja wp-cli"
|
|
||||||
curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
|
|
||||||
chmod +x wp-cli.phar
|
|
||||||
mv wp-cli.phar /usr/local/bin/wp
|
|
||||||
cd $DAPOSTINSTALL_DIR
|
|
||||||
|
|
||||||
echo "Inne optymalizacje"
|
|
||||||
|
|
||||||
cd $DAPOSTINSTALL_DIR
|
|
||||||
daupdate rblda_full
|
|
||||||
cd /opt
|
|
||||||
sh /opt/daupdate bbmysql
|
|
||||||
\cp $DAPOSTINSTALL_DIR/csfcf.sh /opt/csfcf.sh
|
|
||||||
chmod 700 /opt/csfcf.sh
|
|
||||||
sh /opt/csfcf.sh
|
|
||||||
echo "20 0 * * * sh /opt/csfcf.sh > /dev/null 2>&1" >>/var/spool/cron/root
|
|
||||||
|
|
||||||
echo "Usowanie dostepu do DA / IMAP z po za Polski"
|
|
||||||
wget --timeout=1 --tries=3 -O /opt/csf_off2222.sh https://ht.zenadmin.pl/da/csf_off2222.sh
|
|
||||||
|
|
||||||
systemctl restart sshd
|
|
||||||
csf -r
|
|
||||||
|
|
||||||
echo "poprawka too many users SSHD"
|
|
||||||
touch /etc/ssh/sshd_config_placebo
|
|
||||||
sed -i 's^/etc/ssh/sshd_config^/etc/ssh/sshd_config_placebo^g' $DADIR/conf/directadmin.conf
|
|
||||||
systemctl restart directadmin
|
|
||||||
|
|
||||||
echo "Instalacja NetData"
|
|
||||||
cd $CBDIR
|
|
||||||
./build netdata
|
|
||||||
|
|
||||||
echo "Instalacja REDISa"
|
|
||||||
cd $DADIR/scripts/custom
|
|
||||||
./php-extension.sh install redis
|
|
||||||
mkdir $DADIR/plugins/redis_management
|
|
||||||
cd $DAPOSTINSTALL_DIR
|
|
||||||
tar -zxf redis_management.tar.gz -C $DADIR/plugins/redis_management
|
|
||||||
$DADIR/plugins/redis_management/scripts/install.sh
|
|
||||||
cd $DAPOSTINSTALL_DIR
|
|
||||||
|
|
||||||
echo "Instalacja IMAPsync"
|
|
||||||
dnf -y install --enablerepo=powertools imapsync
|
|
||||||
mkdir $DADIR/plugins/imapsync
|
|
||||||
tar -zxf imapsync.tar.gz -C $DADIR/plugins/imapsync
|
|
||||||
$DADIR/plugins/imapsync/scripts/install.sh
|
|
||||||
echo 'imapsync=type=checkbox&string=IMAPsync migrations (plugin)&desc=Allow access to imapsync migrations&default=yes' >> /usr/local/directadmin/data/admin/custom_package_items.conf
|
|
||||||
echo 'imapsync=ON' >> /usr/local/directadmin/data/users/admin/user.conf
|
|
||||||
cp lang_pl.php $DADIR/plugins/imapsync/lang
|
|
||||||
|
|
||||||
# echo "Dodanie kolorowego prompta hitme"
|
|
||||||
# echo "PS1='\[\e[0;1;38;5;46m\]\u\[\e[0m\]@\[\e[0;1;38;5;214m\]\h\[\e[0m\][\[\e[0;1;97m\]\W\[\e[0m\]]\[\e[0;38;5;46m\]$ \[\e[0m\]'" | sudo tee -a /etc/profile
|
|
||||||
|
|
||||||
# echo "dodanie kolorowego prompta dla roota"
|
|
||||||
# echo "PS1='\[\e[0;1;91m\]\u\[\e[0m\]@\[\e[0;1;38;5;214m\]\h\[\e[0m\][\[\e[0;1;97m\]\W\[\e[0m\]]\[\e[0;1m\]# \[\e[0m\]'" | sudo tee -a /root/.bash_profile
|
|
||||||
|
|
||||||
echo "never_commands=custombuild:updates:license" >> /usr/local/directadmin/conf/directadmin.conf
|
|
||||||
systemctl restart directadmin
|
|
||||||
|
|
||||||
cd $DAPOSTINSTALL_DIR
|
|
||||||
echo "dodaje JIT dla PHP"
|
|
||||||
sh php_zmienne.sh
|
|
||||||
sh da_cli.sh disablenamed
|
|
||||||
sh da_cli.sh disablemultiserverpage
|
|
||||||
sh da_cli.sh disablecreateadmin
|
|
||||||
sh da_cli.sh changeuserpass admin $DA_ADMINPASS
|
|
||||||
sh da_cli.sh createemptybackup
|
|
||||||
|
|
||||||
|
|
||||||
clear
|
|
||||||
touch /var/log/dapostinstall.done
|
|
||||||
|
|
||||||
echo -e "\e[92mKonfiguracja zakonczona - usuwam pliki tymczasowe - tekst powitalny z uzupelnionymi odpowiednimi danymi znajdziesz w /root/mail_powitalny.txt\e[0m"
|
|
||||||
cd ~
|
|
||||||
exec >/dev/null 2>&1
|
|
||||||
rm -rf $DAPOSTINSTALL_DIR
|
|
||||||
Reference in New Issue
Block a user