Prepare dapostinstall v2

This commit is contained in:
Marek Miklewicz
2026-06-13 18:28:04 +02:00
parent 53db10cd17
commit 6c377b2242
9 changed files with 411 additions and 354 deletions
+126 -299
View File
@@ -1,5 +1,7 @@
#!/bin/bash
# VERSION 1.7.8-10.04.2025
set -euo pipefail
if [ -f "/var/log/dapostinstall.done" ]; then
echo -e "\e[31mSkrypt DApostinstall był już uruchomiony na tym serwerze - przerywam działanie.\e[0m"
exit 1
@@ -10,20 +12,75 @@ DADIR=/usr/local/directadmin
CBDIR=/usr/local/directadmin/custombuild
LOG_FILE=/var/log/dapostinstall.log
HTLINK="https://ht.zenadmin.pl"
MIN_PASSWORD_LENGTH=18
MAX_PASSWORD_LENGTH=24
ITERATION_LIMIT=100
DEFAULT_NS1=dns3.hitme.net.pl
DEFAULT_NS2=dns4.hitme.net.pl
SETUP_TXT="$DADIR/conf/setup.txt"
# PHP versions and extensions managed through DirectAdmin CustomBuild.
php1_release=8.3
php2_release=8.2
php3_release=8.1
php4_release=7.4
php5_release=no
php6_release=no
php7_release=no
php8_release=no
php9_release=no
ioncube=yes
zend=yes
opcache=yes
imap=yes
imagick=yes
configure_custombuild_php() {
local idx
local release
local release_var
cd "$CBDIR"
da build update
for idx in 1 2 3 4 5 6 7 8 9; do
release_var="php${idx}_release"
release="${!release_var}"
da build set "php${idx}_release" "$release"
if [[ "$release" != "no" ]]; then
da build set "php${idx}_mode" "php-fpm"
fi
done
da build php
da build rewrite_confs
}
build_php_extension() {
local enabled="$1"
local option="$2"
local target="$3"
[[ "$enabled" == "yes" ]] || return 0
cd "$CBDIR"
da build set "$option" yes
da build "$target"
}
exec > >(tee -ia "$LOG_FILE") 2>&1
cd $DAPOSTINSTALL_DIR
cd "$DAPOSTINSTALL_DIR"
# shellcheck source=lib/common.sh
source "$DAPOSTINSTALL_DIR/lib/common.sh"
require_root
require_dir "$DADIR"
require_dir "$CBDIR"
require_file "$CBDIR/build"
require_file "$SETUP_TXT"
yum -y install epel-release
yum -y install htop wget rsync nano mc ncdu borgbackup screen net-tools htop libmemcached libmemcached-devel
cp daupdate.sh /opt
chmod 700 /opt/daupdate.sh
cd /opt/
/opt/daupdate.sh update
cd $DAPOSTINSTALL_DIR
cd "$DAPOSTINSTALL_DIR"
clear
cd $DAPOSTINSTALL_DIR
cd "$DAPOSTINSTALL_DIR"
echo "Blokada logowania roota hasłem"
sed -i '/PermitRootLogin yes/s/^#//g' /etc/ssh/sshd_config
@@ -41,7 +98,7 @@ chmod 600 $DADIR/data/users/admin/packages.list
echo "NO-LIMIT" > $DADIR/data/users/admin/packages.list
chown -R diradmin:diradmin $DADIR/data/users/admin/packages*
echo "Instalacja spolszczenia DirectAdmina"
echo "language=pl" >> $DADIR/conf/directadmin.conf
echo "language=pl" >> "$DADIR/conf/directadmin.conf"
sed -i 's/language=en/language=pl/gI' $DADIR/data/users/admin/user.conf
sed -i 's/language=en/language=pl/gI' $DADIR/data/users/admin/user.conf
sed -i 's/language=en/language=pl/gI' $DADIR/data/users/admin/packages/NO-LIMIT.pkg
@@ -79,51 +136,17 @@ cp pl.po login-pl.po $DADIR/data/skins/evolution/lang/
clear
PS3='Jaka skorke ustawic jako domyslna: '
options=("Enhanced" "Evolution")
select opt in "${options[@]}"
do
case $opt in
"Enhanced")
sed -i 's/evolution/enhanced/gI' $DADIR/conf/directadmin.conf
sed -i 's/evolution/enhanced/gI' $DADIR/data/users/admin/packages/NO-LIMIT.pkg
sed -i 's/evolution/enhanced/gI' $DADIR/data/users/admin/user.conf
systemctl restart directadmin
break
;;
"Evolution")
rm -f $DADIR/data/templates/custom/login.html
echo "Skorka evolution zostala ustawiona jako domyslna"
systemctl restart directadmin
break
;;
*) echo "Niewlasciwa opcja $REPLY";;
esac
done
echo "Wybierz tryb instalacji"
echo "Instalacja automatyczna instaluje wszystkie dodatki i przyjmuje domyslne ustawienia dla hitme."
echo "Instalacja niestandardowa pozwala pominac niektore komponenty, np. nie instalowac ModSecurity, okreslic inny niz 10022 port SSH czy serwery DNS niz standardowe dla hitme zadajac dodatkowe pytania podczas wykonywania skryptu"
PS3='Wybierz tryb instalacji: '
options=("Automatyczna" "Niestandardowa")
select opt in "${options[@]}"
do
case $opt in
"Automatyczna")
echo "Ustawienie DNSów hitme"
sed -i "/ns1=/c\ns1=dns3.hitme.net.pl" $DADIR/conf/directadmin.conf
sed -i "/ns2=/c\ns2=dns4.hitme.net.pl" $DADIR/conf/directadmin.conf
sed -i "/ns1=/c\ns1=dns3.hitme.net.pl" $DADIR/data/users/admin/user.conf
sed -i "/ns2=/c\ns2=dns4.hitme.net.pl" $DADIR/data/users/admin/user.conf
sed -i "/ns1=/c\ns1=dns3.hitme.net.pl" $DADIR/data/users/admin/reseller.conf
sed -i "/ns2=/c\ns2=dns4.hitme.net.pl" $DADIR/data/users/admin/reseller.conf
set_key_value "$DADIR/conf/directadmin.conf" "ns1" "$DEFAULT_NS1"
set_key_value "$DADIR/conf/directadmin.conf" "ns2" "$DEFAULT_NS2"
set_key_value "$DADIR/data/users/admin/user.conf" "ns1" "$DEFAULT_NS1"
set_key_value "$DADIR/data/users/admin/user.conf" "ns2" "$DEFAULT_NS2"
set_key_value "$DADIR/data/users/admin/reseller.conf" "ns1" "$DEFAULT_NS1"
set_key_value "$DADIR/data/users/admin/reseller.conf" "ns2" "$DEFAULT_NS2"
systemctl restart directadmin
echo "Ustawienie domyslnego portu SSH na 10022"
@@ -185,205 +208,27 @@ echo "Instalacja Security headers"
cd $DAPOSTINSTALL_DIR
cat security-headers.conf >>/etc/httpd/conf/extra/httpd-includes.conf
cd $CBDIR
./build rewrite_confs
da build rewrite_confs
cd $DAPOSTINSTALL_DIR
echo "Instalacja certyfikatu Let's Encrypt"
$DADIR/scripts/letsencrypt.sh request_single `hostname` 4096
break
;;
"Niestandardowa")
read -p "Podaj adres NS1 [dns3.hitme.net.pl]: " NS1_DEFAULT
NS1_DEFAULT=${NS1_DEFAULT:-dns3.hitme.net.pl}
read -p "Podaj adres NS2 [dns4.hitme.net.pl]: " NS2_DEFAULT
NS2_DEFAULT=${NS2_DEFAULT:-dns4.hitme.net.pl}
sed -i "/ns1=/c\ns1=$NS1_DEFAULT" $DADIR/conf/directadmin.conf
sed -i "/ns2=/c\ns2=$NS2_DEFAULT" $DADIR/conf/directadmin.conf
sed -i "/ns1=/c\ns1=$NS1_DEFAULT" $DADIR/data/users/admin/user.conf
sed -i "/ns2=/c\ns2=$NS2_DEFAULT" $DADIR/data/users/admin/user.conf
sed -i "/ns1=/c\ns1=$NS1_DEFAULT" $DADIR/data/users/admin/reseller.conf
sed -i "/ns2=/c\ns2=$NS2_DEFAULT" $DADIR/data/users/admin/reseller.conf
systemctl restart directadmin
read -p "Podaj port SSH [10022]: " SSH_PORT
SSH_PORT=${SSH_PORT:-10022}
sed -i '/Port 22/s/^#//g' /etc/ssh/sshd_config
sed -i "s/Port 22/Port $SSH_PORT/g" /etc/ssh/sshd_config
sed -i "s/,22,/,22,$SSH_PORT,/g" /etc/csf/csf.conf
while true; do
read -p "Czy aktywowac dodatkowe zabezpiecznia SSH (T/N)? " yn
case $yn in
[Tt] ) echo "Aktywacja dodatkowych zabezpieczen SSH"
tee -a /etc/ssh/sshd_config > /dev/null <<EOT
Match User root Address 185.242.134.0/24,185.242.133.37,185.242.134.92,185.242.134.93,193.177.165.192,193.177.165.193,193.177.165.194,193.177.165.195,193.177.165.196
PubkeyAuthentication yes
PasswordAuthentication yes
PermitRootLogin yes
EOT
break;;
[nN] ) echo "Pomijam aktywacje dodatkowych zabezpieczen SSH";
break;;
* ) echo "Niewlasciwa odpowiedz";;
esac
done
while true; do
read -p "Czy instalowac klucze logowania HITME do SSH (T/N)? " yn
case $yn in
[Tt] ) echo "Instaluje klucze logowania HITME do SSH"
cd /opt
sh daupdate keyput
break;;
[nN] ) echo "Pomijam instalacje kluczy logowania do SSH";
break;;
* ) echo "Niewlasciwa odpowiedz";;
esac
done
while true; do
read -p "Czy instalowac klucze logowania HITME do DirectAdmina (T/N)? " yn
case $yn in
[Tt] ) echo "Instaluje klucze logowania HITME do DirectAdmina"
cd /opt
sh daupdate klucze
break;;
[nN] ) echo "Pomijam instalacje kluczy logowania do DirectAdmina";
break;;
* ) echo "Niewlasciwa odpowiedz";;
esac
done
echo "Instalacja ModSecurity"
while true; do
read -p "Czy instalowac ModSecurity z reglłkami Malware Experts (T/N)? " yn
case $yn in
[Tt] ) echo "Instaluje ModSecurity + Malware Experts"
wget $HTLINK/hitmemodsec.sh -O /opt/hitmemodsec.sh
sh /opt/hitmemodsec.sh
rm -f hitmemodsec.sh
daupdate antybots
break;;
[nN] ) echo "Pomijam instalacje ModSecurity";
break;;
* ) echo "Niewlasciwa odpowiedz";;
esac
done
while true; do
read -p "Czy instalowac brandowanie hitme dla skorki evolution i serwera www (T/N)? " yn
case $yn in
[Tt] ) echo "Instaluje branowanie hitme dla skorki evolution"
cd $DAPOSTINSTALL_DIR
tar -xvf skin_customizations.tar -C $DADIR/data/users/admin/
wget https://cdn.hitme.pl/da_templates.tar
tar -xf da_templates.tar
cp da_templates/*[1-9]* /home/admin/domains/default/
cp da_templates/index.html /home/admin/domains/default/index.html
cp da_templates/suspended.shtml /home/admin/domains/suspended/index.html
cp da_templates/index-hitme.html /var/www/html/index.html
cd $DAPOSTINSTALL_DIR
break;;
[nN] ) echo "Pomijam instalacje brandowania hitme dla skorki evolution";
break;;
* ) echo "Niewlasciwa odpowiedz";;
esac
done
echo "Certyfikat SSL dla DirectAdmina"
while true; do
read -p "Czy instalowac Let's Encrypt dla DirectAdmina dla hostname `hostname` (T/N)? " yn
case $yn in
[Tt] ) echo "Instaluje Let's encrypt"
$DADIR/scripts/letsencrypt.sh request_single `hostname` 4096
break;;
[nN] ) echo "Pomijam instalacje Let's Encrypt";
break;;
* ) echo "Niewlasciwa odpowiedz";;
esac
done
while true; do
read -p "Czy instalowac Security Headers (T/N)? " yn
case $yn in
[Tt] ) echo "Instalacja Security Headers?"
cd $DAPOSTINSTALL_DIR
cat security-headers.conf >>/etc/httpd/conf/extra/httpd-includes.conf
cd $CBDIR
./build rewrite_confs
cd $DAPOSTINSTALL_DIR
break;;
[nN] ) echo "Pomijam instalacje Security Headers";
break;;
* ) echo "Niewlasciwa odpowiedz";;
esac
done
break
;;
*) echo "Niewlasciwa opcja $REPLY";;
esac
done
echo -e "\e[96mMam wszystkie informacje - rozpoczynam konfiguracje\e[0m"
echo "Konfiguracja i kompilacja PHP"
configure_custombuild_php
echo "Generowanie maila powitalnego"
cd $DAPOSTINSTALL_DIR
chmod 755 da_cli.sh
echo "Generowanie hasla DirectAdmin"
echo "Pobieranie hasla DirectAdmin z $SETUP_TXT"
count=0
DA_ADMINPASS=$(
while true; do
((count++))
[ "$count" -gt "$ITERATION_LIMIT" ] && { echo "Błąd: przekroczono limit iteracji generowania hasła" >&2; exit 1; }
base_part=$(tr -dc '[:alnum:]' < /dev/urandom | tr -d 'oO0l1I' | fold -w "$((RANDOM % (MAX_PASSWORD_LENGTH - MIN_PASSWORD_LENGTH + 1) + MIN_PASSWORD_LENGTH))" | head -n1)
special_char=$(tr -dc '[:graph:]' < /dev/urandom | tr -d '#|oO0l1I' | fold -w 1 | head -n1)
special_index=$((RANDOM % ${#base_part}))
password="${base_part:0:special_index}${special_char}${base_part:special_index}"
if echo "$password" | grep -qP '^(?=.*[[:digit:]])(?=.*[[:upper:]])(?=.*[^[:alnum:]]).+$'; then
echo "$password"
break
fi
done
)
DA_ADMINPASS=$(get_key_value "$SETUP_TXT" "adminpass")
DA_OPTIONSCONF=$CBDIR/options.conf
DA_USERCONF=$DADIR/data/users/admin/user.conf
@@ -392,53 +237,35 @@ DA_HOSTNAME=$(hostname -f)
DA_IP=$(cat "$DA_USERCONF" | grep 'ip=' | cut -d= -f2)
DA_NS1=$(cat "$DA_USERCONF" | grep 'ns1=' | cut -d= -f2)
DA_NS2=$(cat "$DA_USERCONF" | grep 'ns2=' | cut -d= -f2)
DA_PHP_LIST=$(get_php_release_list "$DA_OPTIONSCONF")
DA_PHP1=$(cat "$DA_OPTIONSCONF" | grep 'php1_release=' | cut -d= -f2)
DA_PHP2=$(cat "$DA_OPTIONSCONF" | grep 'php2_release=' | cut -d= -f2)
DA_PHP3=$(cat "$DA_OPTIONSCONF" | grep 'php3_release=' | cut -d= -f2)
DA_PHP4=$(cat "$DA_OPTIONSCONF" | grep 'php4_release=' | cut -d= -f2)
DA_PHP5=$(cat "$DA_OPTIONSCONF" | grep 'php5_release=' | cut -d= -f2)
DA_PHP6=$(cat "$DA_OPTIONSCONF" | grep 'php6_release=' | cut -d= -f2)
DA_PHP7=$(cat "$DA_OPTIONSCONF" | grep 'php7_release=' | cut -d= -f2)
DA_PHP8=$(cat "$DA_OPTIONSCONF" | grep 'php8_release=' | cut -d= -f2)
DA_PHP9=$(cat "$DA_OPTIONSCONF" | grep 'php9_release=' | cut -d= -f2)
export DA_HOSTNAME
export DA_IP
export DA_NS1
export DA_NS2
export DA_ADMINPASS
export DA_HASLO="$DA_ADMINPASS"
export SSH_PORT
export DA_PHP_LIST
sed -i 's/DA_HOSTNAME/'"$DA_HOSTNAME"'/g' mail_powitalny.txt
sed -i 's/DA_HOSTNAME/'"$DA_HOSTNAME"'/g' options.conf
sed -i 's/DA_IP/'"$DA_IP"'/g' mail_powitalny.txt
sed -i 's/DA_NS1/'"$DA_NS1"'/g' mail_powitalny.txt
sed -i 's/DA_NS2/'"$DA_NS2"'/g' mail_powitalny.txt
sed -i 's/DA_HASLO/'"$DA_ADMINPASS"'/g' mail_powitalny.txt
sed -i 's/SSH_PORT/'"$SSH_PORT"'/g' mail_powitalny.txt
sed -i 's/DA_PHP1/'"$DA_PHP1"'/g' mail_powitalny.txt
sed -i 's/DA_PHP2/'"$DA_PHP2"'/g' mail_powitalny.txt
sed -i 's/DA_PHP3/'"$DA_PHP3"'/g' mail_powitalny.txt
sed -i 's/DA_PHP4/'"$DA_PHP4"'/g' mail_powitalny.txt
sed -i 's/DA_PHP5/'"$DA_PHP5"'/g' mail_powitalny.txt
sed -i 's/DA_PHP6/'"$DA_PHP6"'/g' mail_powitalny.txt
sed -i 's/DA_PHP7/'"$DA_PHP7"'/g' mail_powitalny.txt
sed -i 's/DA_PHP8/'"$DA_PHP8"'/g' mail_powitalny.txt
sed -i 's/DA_PHP9/'"$DA_PHP9"'/g' mail_powitalny.txt
mv mail_powitalny.txt /root
render_template "$DAPOSTINSTALL_DIR/mail_powitalny.txt" "/root/mail_powitalny.txt"
echo "instalacja SpamBlocker"
cd $CBDIR
./build update
./build set eximconf yes
./build set eximconf_release 4.5
./build set blockcracking yes
./build set easy_spam_fighter yes
./build set spamd spamassassin
./build set exim yes
./build exim
./build set dovecot_conf yes
./build dovecot_conf
./build spamassassin
./build update
./build exim_conf
da build update
da build set eximconf yes
da build set blockcracking yes
da build set easy_spam_fighter yes
da build set spamd spamassassin
da build set exim yes
da build exim
da build set dovecot_conf yes
da build dovecot_conf
da build spamassassin
da build update
da build exim_conf
systemctl enable spamassassin
systemctl restart spamd
@@ -469,25 +296,25 @@ cd $DADIR
./directadmin set one_click_webmail_login 1
service directadmin restart
cd custombuild
./build update
./build dovecot_conf
./build exim_conf
./build roundcube
da build update
da build dovecot_conf
da build exim_conf
da build roundcube
echo "OneClick PhpMyAdmin"
cd $DADIR/
./directadmin set one_click_pma_login 1
systemctl restart directadmin
cd custombuild
./build update
./build phpmyadmin
da build update
da build phpmyadmin
echo "PhpMyAdmin tylko z poziomu DirectAdmina"
cd $CBDIR
./build update
./build set phpmyadmin_public no
./build phpmyadmin
da build update
da build set phpmyadmin_public no
da build phpmyadmin
systemctl restart directadmin
cd $DAPOSTINSTALL_DIR
@@ -505,23 +332,24 @@ mkdir -p $CBDIR/custom/ap2/conf/extra
cp -Rfp /etc/httpd/conf/extra/httpd-alias.conf $CBDIR/custom/ap2/conf/extra
echo "Alias /.well-known/autoconfig /var/www/html/.well-known/autoconfig" >> $CBDIR/custom/ap2/conf/extra/httpd-alias.conf
echo "Alias /poczta /var/www/html/roundcube" >> $CBDIR/custom/ap2/conf/extra/httpd-alias.conf
$CBDIR/build rewrite_confs
da build rewrite_confs
echo "Instalacja Imagick i WebP"
echo "Instalacja zaleznosci Imagick i WebP"
cd $DAPOSTINSTALL_DIR
dnf -y install mesa-libGL giflib freeglut
# rpm -ivh libwebp-tools-1.0.0-8.el8_7.x86_64.rpm
dnf config-manager --set-enabled crb
dnf install -y giflib-devel
dnf -y install libwebp-devel libjpeg-devel libpng-devel libwebp-tools giflib libvpx libvpx-devel libtiff-devel libXpm-devel libpng-devel ImageMagick-devel
# $CBDIR/build set imagick yes
# $CBDIR/build imagick
sed -i 's/imagick=no/imagick=yes/g' /usr/local/directadmin/custombuild/options.conf
da build imagick
if [[ "$imagick" == "yes" ]]; then
dnf -y install mesa-libGL giflib freeglut
# rpm -ivh libwebp-tools-1.0.0-8.el8_7.x86_64.rpm
dnf config-manager --set-enabled crb
dnf install -y giflib-devel
dnf -y install libwebp-devel libjpeg-devel libpng-devel libwebp-tools giflib libvpx libvpx-devel libtiff-devel libXpm-devel libpng-devel ImageMagick-devel
fi
echo "Instalacja IMAP"
sed -i 's/imap=no/imap=yes/gI' $CBDIR/options.conf
$CBDIR/build php_imap
echo "Instalacja rozszerzen PHP z CustomBuild"
build_php_extension "$ioncube" "ioncube" "ioncube"
build_php_extension "$zend" "zend" "zend"
build_php_extension "$opcache" "opcache" "opcache"
build_php_extension "$imap" "php_imap" "php_imap"
build_php_extension "$imagick" "imagick" "imagick"
echo "Instalacja Memcache i redis"
yum -y install memcached libmemcached
@@ -539,7 +367,7 @@ cd $DAPOSTINSTALL_DIR
cd $CBDIR
touch custom/php_disable_functions
echo "exec,system,passthru,shell_exec,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname" > custom/php_disable_functions
./build secure_php
da build secure_php
# Poprawka redis dla AlmaLinux 9
if grep -q "AlmaLinux release 9" /etc/redhat-release; then
@@ -561,12 +389,12 @@ echo '_dmarc="v=DMARC1;p=quarantine;pct=100;sp=none;fo=0:d:s;aspf=s;adkim=r;"' >
echo "Dopuszczenie wszystkich metod HTTPD"
cd $CBDIR
./build set http_methods ALL
./build rewrite_confs
da build set http_methods ALL
da build rewrite_confs
echo "Instalacja composera"
cd $CBDIR
./build composer
da build composer
cd $DAPOSTINSTALL_DIR
echo "Instalacja wp-cli"
@@ -629,7 +457,6 @@ echo "dodaje JIT dla PHP"
sh php_zmienne.sh
sh da_cli.sh disablemultiserverpage
sh da_cli.sh disablecreateadmin
sh da_cli.sh changeuserpass admin $DA_ADMINPASS
sh da_cli.sh createemptybackup