#!/bin/bash # VERSION 1.7.8-10.04.2025 set -euo pipefail if [ -f "/var/log/dapostinstall.done" ]; then echo -e "\e[31mSkrypt DApostinstall był już uruchomiony na tym serwerze - przerywam działanie.\e[0m" exit 1 fi DAPOSTINSTALL_DIR=/opt/dapostinstall DADIR=/usr/local/directadmin CBDIR=/usr/local/directadmin/custombuild LOG_FILE=/var/log/dapostinstall.log HTLINK="https://ht.zenadmin.pl" DEFAULT_NS1=dns3.hitme.net.pl DEFAULT_NS2=dns4.hitme.net.pl SETUP_TXT="$DADIR/conf/setup.txt" # PHP versions and extensions managed through DirectAdmin CustomBuild. php1_release=8.3 php2_release=8.2 php3_release=8.1 php4_release=7.4 php5_release=no php6_release=no php7_release=no php8_release=no php9_release=no ioncube=yes zend=yes opcache=yes imap=yes imagick=yes configure_custombuild_php() { local idx local release local release_var cd "$CBDIR" da build update for idx in 1 2 3 4 5 6 7 8 9; do release_var="php${idx}_release" release="${!release_var}" da build set "php${idx}_release" "$release" if [[ "$release" != "no" ]]; then da build set "php${idx}_mode" "php-fpm" fi done da build php da build rewrite_confs } build_php_extension() { local enabled="$1" local option="$2" local target="$3" [[ "$enabled" == "yes" ]] || return 0 cd "$CBDIR" da build set "$option" yes da build "$target" } update_daupdate_tools() { echo "update..." wget "$HTLINK/daupdate.sh" -O /sbin/daupdate chmod +x /sbin/daupdate wget "$HTLINK/daupdate.sh" -O /opt/daupdate wget "$HTLINK/da_cli.sh" -O /sbin/dacli chmod +x /sbin/dacli } exec > >(tee -ia "$LOG_FILE") 2>&1 cd "$DAPOSTINSTALL_DIR" # shellcheck source=lib/common.sh source "$DAPOSTINSTALL_DIR/lib/common.sh" require_root require_dir "$DADIR" require_dir "$CBDIR" require_file "$CBDIR/build" require_file "$SETUP_TXT" yum -y install epel-release yum -y install htop wget rsync nano mc ncdu borgbackup screen net-tools htop libmemcached libmemcached-devel cp daupdate.sh /opt chmod 700 /opt/daupdate.sh update_daupdate_tools cd "$DAPOSTINSTALL_DIR" clear cd "$DAPOSTINSTALL_DIR" echo "Blokada logowania roota hasłem" sed -i '/PermitRootLogin yes/s/^#//g' /etc/ssh/sshd_config sed -i "s/PermitRootLogin yes/PermitRootLogin without-password/g" /etc/ssh/sshd_config echo "Poprawa locale" dnf install -y glibc-all-langpacks langpacks-pl glibc-langpack-pl localectl set-locale LANG=pl_PL.utf8 echo "Tworzenie domyslnego pakietu" mkdir -p $DADIR/data/users/admin/packages/ mkdir -p $DADIR/data/users/admin/packages \cp -r NO-LIMIT.pkg $DADIR/data/users/admin/packages chmod 600 $DADIR/data/users/admin/packages.list echo "NO-LIMIT" > $DADIR/data/users/admin/packages.list chown -R diradmin:diradmin $DADIR/data/users/admin/packages* echo "Instalacja spolszczenia DirectAdmina" echo "language=pl" >> "$DADIR/conf/directadmin.conf" sed -i 's/language=en/language=pl/gI' $DADIR/data/users/admin/user.conf sed -i 's/language=en/language=pl/gI' $DADIR/data/users/admin/user.conf sed -i 's/language=en/language=pl/gI' $DADIR/data/users/admin/packages/NO-LIMIT.pkg sed -i 's/Your reseller account is now ready for use./Twoje konto resellera o loginie |username| zostało utworzone I jest gotowe do użycia./gI' $DADIR/data/admin/admin.conf sed -i 's/Your administrator account is now ready for use./Twoje konto administratora o loginie |username| zostało utworzone i jest gotowe do użycia./gI' $DADIR/data/admin/admin.conf sed -i 's/Your account for |domain| is now ready for use./Twoje konto użytkownika o loginie |username| w domenie |domain| zostało utworzone i jest gotowe do użycia./gI' $DADIR/data/users/admin/reseller.conf echo "Instalacja spolszczenia dla skórki enhanced" tar -xvf spolszczenie_enhanced.tar.gz cp -Rfp spolszczenie_enhanced/pl $DADIR/data/skins/enhanced/lang/ cp -Rfp spolszczenie_enhanced/templates/* $DADIR/data/templates/ cp -f spolszczenie_enhanced/a_welcome.txt $DADIR/data/admin cp -f spolszczenie_enhanced/r_welcome.txt $DADIR/data/admin cp -f spolszczenie_enhanced/u_welcome.txt $DADIR/data/users/admin cp -f spolszczenie_enhanced/u_welcome.txt $DADIR/data/templates/custom echo "Spolszczenie skorki evolution" rm -rf $DAPOSTINSTALL_DIR/evolution mkdir -p $DAPOSTINSTALL_DIR/evolution cd $DAPOSTINSTALL_DIR/evolution git clone https://github.com/regdos/DirectAdmin-Evolution-PL.git cd DirectAdmin-Evolution-PL cp pl.po login-pl.po $DADIR/data/skins/evolution/lang/ \cp -Rfp templates/* $DADIR/data/templates/ \cp -f a_welcome.txt $DADIR/data/admin \cp -f r_welcome.txt $DADIR/data/admin \cp -f u_welcome.txt $DADIR/data/users/admin \cp -f u_welcome.txt $DADIR/data/templates/custom clear rm -f $DADIR/data/templates/custom/login.html echo "Skorka evolution zostala ustawiona jako domyslna" systemctl restart directadmin echo "Ustawienie DNSów hitme" set_key_value "$DADIR/conf/directadmin.conf" "ns1" "$DEFAULT_NS1" set_key_value "$DADIR/conf/directadmin.conf" "ns2" "$DEFAULT_NS2" set_key_value "$DADIR/data/users/admin/user.conf" "ns1" "$DEFAULT_NS1" set_key_value "$DADIR/data/users/admin/user.conf" "ns2" "$DEFAULT_NS2" set_key_value "$DADIR/data/users/admin/reseller.conf" "ns1" "$DEFAULT_NS1" set_key_value "$DADIR/data/users/admin/reseller.conf" "ns2" "$DEFAULT_NS2" systemctl restart directadmin echo "Ustawienie domyslnego portu SSH na 10022" SSH_PORT=10022 sed -i '/Port 22/s/^#//g' /etc/ssh/sshd_config sed -i "s/Port 22/Port 10022/g" /etc/ssh/sshd_config sed -i "s/,22,/,22,10022,/g" /etc/csf/csf.conf echo "Ustawienie dodatkowych zabezpieczen SSH" if ! grep -q '^Match User root' /etc/ssh/sshd_config; then daupdate secssh2 fi echo "Dodanie autoryzacji hasłem" sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config echo "Ustawienie kluczy logowania do DirectAdmina i kluczy SSH hitme" if ! grep -Fq '185.242.134.92' /root/.ssh/authorized_keys; then daupdate keyput fi daupdate klucze cd $DAPOSTINSTALL_DIR echo "Instalacja Modsecurity i regułek malware experts" wget $HTLINK/hitmemodsec.sh -O /opt/hitmemodsec.sh sh /opt/hitmemodsec.sh rm -f hitmemodsec.sh daupdate antybots echo "Instaluje branding hitme dla skorki evolution i serwera www" cd $DAPOSTINSTALL_DIR tar -xvf skin_customizations.tar -C $DADIR/data/users/admin/ cd $DAPOSTINSTALL_DIR wget https://cdn.hitme.pl/da_templates.tar tar -xf da_templates.tar cp da_templates/*[1-9]* /home/admin/domains/default/ cp da_templates/index.html /home/admin/domains/default/index.html cp da_templates/suspended.shtml /home/admin/domains/suspended/index.html cp da_templates/index-hitme.html /var/www/html/index.html cd $DAPOSTINSTALL_DIR echo "Login branging hitme" cd / wget https://cdn.hitme.pl/da_files/da-branding-hitme.tar.gz tar xvzf da-branding-hitme.tar.gz rm -rf da-branding-hitme.tar.gz cd $DAPOSTINSTALL_DIR/login_branding cp admin/* $DADIR/data/admin/ cp -rfp users/admin/skin_customizations//evolution/* $DADIR/data/users/admin/skin_customizations/evolution cd $DAPOSTINSTALL_DIR echo "Instalacja Security headers" cd $DAPOSTINSTALL_DIR cat security-headers.conf >>/etc/httpd/conf/extra/httpd-includes.conf cd $CBDIR da build rewrite_confs cd $DAPOSTINSTALL_DIR echo "Instalacja certyfikatu Let's Encrypt" $DADIR/scripts/letsencrypt.sh request_single `hostname` 4096 echo -e "\e[96mMam wszystkie informacje - rozpoczynam konfiguracje\e[0m" echo "Konfiguracja i kompilacja PHP" configure_custombuild_php echo "Generowanie maila powitalnego" cd $DAPOSTINSTALL_DIR chmod 755 da_cli.sh echo "Pobieranie hasla DirectAdmin z $SETUP_TXT" DA_ADMINPASS=$(get_key_value "$SETUP_TXT" "adminpass") DA_OPTIONSCONF=$CBDIR/options.conf DA_USERCONF=$DADIR/data/users/admin/user.conf DA_HOSTNAME=$(hostname -f) DA_IP=$(cat "$DA_USERCONF" | grep 'ip=' | cut -d= -f2) DA_NS1=$(cat "$DA_USERCONF" | grep 'ns1=' | cut -d= -f2) DA_NS2=$(cat "$DA_USERCONF" | grep 'ns2=' | cut -d= -f2) DA_PHP_LIST=$(get_php_release_list "$DA_OPTIONSCONF") export DA_HOSTNAME export DA_IP export DA_NS1 export DA_NS2 export DA_ADMINPASS export DA_HASLO="$DA_ADMINPASS" export SSH_PORT export DA_PHP_LIST sed -i 's/DA_HOSTNAME/'"$DA_HOSTNAME"'/g' options.conf render_template "$DAPOSTINSTALL_DIR/mail_powitalny.txt" "/root/mail_powitalny.txt" echo "instalacja SpamBlocker" cd $CBDIR da build update da build set eximconf yes da build set blockcracking yes da build set easy_spam_fighter yes da build set spamd spamassassin da build set exim yes da build exim da build set dovecot_conf yes da build dovecot_conf da build spamassassin da build update da build exim_conf systemctl enable spamassassin systemctl restart spamd echo "Dodanie SpamAssassin dla wszystkich uzytkownikow" cd $DAPOSTINSTALL_DIR cp user_create_post.sh $DADIR/scripts/custom/user_create_post.sh chmod 755 $DADIR/scripts/custom/user_create_post.sh echo "Aktywacja SpamAssassina dla obecnych użytkowników" cd $DAPOSTINSTALL_DIR cp spam_assassin_all_users_on.sh $DADIR/scripts/custom/ chmod 755 $DADIR/scripts/custom/spam_assassin_all_users_on.sh $DADIR/scripts/custom/spam_assassin_all_users_on.sh echo "Dodawanie ustawoeń PHP" bash php_settings.sh echo "Naprawa komunikacji URIBL" echo "dns_server 127.0.0.1 # Naprawa zapytan URIBL i DNSWL" >> /etc/mail/spamassassin/local.cf echo "OneClick Roundcube" cd $DADIR ./directadmin set one_click_webmail_login 1 service directadmin restart cd custombuild da build update da build dovecot_conf da build exim_conf da build roundcube echo "OneClick PhpMyAdmin" cd $DADIR/ ./directadmin set one_click_pma_login 1 systemctl restart directadmin cd custombuild da build update da build phpmyadmin echo "PhpMyAdmin tylko z poziomu DirectAdmina" cd $CBDIR da build update da build set phpmyadmin_public no da build phpmyadmin systemctl restart directadmin cd $DAPOSTINSTALL_DIR echo "Automatyczna konfiguracja Thunderbirda" mkdir -p /var/www/html/.well-known/autoconfig/mail/ da config-set mail_autoconfig 0 da build rewrite_confs cd $DAPOSTINSTALL_DIR cp -f config-v1.1.xml /var/www/html/.well-known/autoconfig/mail/config-v1.1.xml sed -i 's_nazwahosta_'$HOSTNAME'_g' /var/www/html/.well-known/autoconfig/mail/config-v1.1.xml chown -R webapps:webapps /var/www/html/.well-known/autoconfig mkdir -p $CBDIR/custom/ap2/conf/extra cp -Rfp /etc/httpd/conf/extra/httpd-alias.conf $CBDIR/custom/ap2/conf/extra echo "Alias /.well-known/autoconfig /var/www/html/.well-known/autoconfig" >> $CBDIR/custom/ap2/conf/extra/httpd-alias.conf echo "Alias /poczta /var/www/html/roundcube" >> $CBDIR/custom/ap2/conf/extra/httpd-alias.conf da build rewrite_confs echo "Instalacja zaleznosci Imagick i WebP" cd $DAPOSTINSTALL_DIR if [[ "$imagick" == "yes" ]]; then dnf -y install mesa-libGL giflib freeglut # rpm -ivh libwebp-tools-1.0.0-8.el8_7.x86_64.rpm dnf config-manager --set-enabled crb dnf install -y giflib-devel dnf -y install libwebp-devel libjpeg-devel libpng-devel libwebp-tools giflib libvpx libvpx-devel libtiff-devel libXpm-devel libpng-devel ImageMagick-devel fi echo "Instalacja rozszerzen PHP z CustomBuild" build_php_extension "$ioncube" "ioncube" "ioncube" build_php_extension "$zend" "zend" "zend" build_php_extension "$opcache" "opcache" "opcache" build_php_extension "$imap" "php_imap" "php_imap" build_php_extension "$imagick" "imagick" "imagick" echo "Instalacja Memcache i redis" yum -y install memcached libmemcached systemctl enable memcached systemctl restart memcached yum -y install redis redis-devel echo "Instalacja rozszerzen PECL od poralixa" cd $DADIR/scripts/custom wget https://raw.githubusercontent.com/poralix/directadmin-utils/master/php/php-extension.sh -O php-extension.sh chmod 750 php-extension.sh ./php-extension.sh install memcached cd $DAPOSTINSTALL_DIR cd $CBDIR touch custom/php_disable_functions echo "exec,system,passthru,shell_exec,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname" > custom/php_disable_functions da build secure_php # Poprawka redis dla AlmaLinux 9 if grep -q "AlmaLinux release 9" /etc/redhat-release; then ln -s /etc/redis/redis.conf /etc/redis.conf fi echo "Optymalizacja MySQL" cd $DAPOSTINSTALL_DIR \cp -f my.cnf /etc/my.cnf systemctl restart mysqld echo "Instalacja bezpiecznego DMARC" cd $DADIR/data/templates/custom cp ../dns_txt.conf . echo '_dmarc="v=DMARC1;p=quarantine;pct=100;sp=none;fo=0:d:s;aspf=s;adkim=r;"' >> dns_txt.conf echo "Dopuszczenie wszystkich metod HTTPD" cd $CBDIR da build set http_methods ALL da build rewrite_confs echo "Instalacja composera" cd $CBDIR da build composer cd $DAPOSTINSTALL_DIR echo "Instalacja wp-cli" curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar chmod +x wp-cli.phar mv wp-cli.phar /usr/local/bin/wp cd $DAPOSTINSTALL_DIR echo "Inne optymalizacje" cd $DAPOSTINSTALL_DIR daupdate rblda_full cd /opt sh /opt/daupdate bbmysql \cp $DAPOSTINSTALL_DIR/csfcf.sh /opt/csfcf.sh chmod 700 /opt/csfcf.sh sh /opt/csfcf.sh echo "20 0 * * * sh /opt/csfcf.sh > /dev/null 2>&1" >>/var/spool/cron/root echo "Usowanie dostepu do DA / IMAP z po za Polski" wget --timeout=1 --tries=3 -O /opt/csf_off2222.sh https://ht.zenadmin.pl/da/csf_off2222.sh systemctl restart sshd csf -r echo "poprawka too many users SSHD" touch /etc/ssh/sshd_config_placebo sed -i 's^/etc/ssh/sshd_config^/etc/ssh/sshd_config_placebo^g' $DADIR/conf/directadmin.conf systemctl restart directadmin echo "Instalacja REDISa" cd $DADIR/scripts/custom ./php-extension.sh install redis mkdir $DADIR/plugins/redis_management cd $DAPOSTINSTALL_DIR tar -zxf redis_management.tar.gz -C $DADIR/plugins/redis_management $DADIR/plugins/redis_management/scripts/install.sh cd $DAPOSTINSTALL_DIR echo "Instalacja IMAPsync" dnf -y install imapsync mkdir $DADIR/plugins/imapsync tar -zxf imapsync.tar.gz -C $DADIR/plugins/imapsync $DADIR/plugins/imapsync/scripts/install.sh echo 'imapsync=ON' >> /usr/local/directadmin/data/users/admin/user.conf cp lang_pl.php $DADIR/plugins/imapsync/lang echo "instalacja promptów" sh prompt.sh echo "Blokada dostępu do pluginu CustomBuild i informacjach o licencji" echo "never_commands=custombuild:updates:license" >> /usr/local/directadmin/conf/directadmin.conf echo "wydłużenie dopuszczalnej długości nazwy użytkownika do 14 znaków" echo "max_username_length=14" >> /usr/local/directadmin/conf/directadmin.conf systemctl restart directadmin rm -rf /usr/local/directadmin/data/users/skin* da build rewrite_confs cd $DAPOSTINSTALL_DIR echo "dodaje JIT dla PHP" sh php_zmienne.sh sh da_cli.sh disablemultiserverpage sh da_cli.sh disablecreateadmin sh da_cli.sh createemptybackup clear touch /var/log/dapostinstall.done echo -e "\e[92mKonfiguracja zakonczona - usuwam pliki tymczasowe - tekst powitalny z uzupelnionymi odpowiednimi danymi znajdziesz w /root/mail_powitalny.txt\e[0m" cd ~ exec >/dev/null 2>&1 rm -rf $DAPOSTINSTALL_DIR