From 60eac545d6e8629d7f717cbe348be7495b018960 Mon Sep 17 00:00:00 2001 From: Alexey Berezhok Date: Wed, 8 Jan 2025 23:01:10 +0300 Subject: [PATCH] Remove debian and ubuntu installer --- install/hst-install-debian.sh | 2295 --------------------------------- install/hst-install-rhel.sh | 13 +- install/hst-install-ubuntu.sh | 2269 -------------------------------- install/hst-install.sh | 33 +- 4 files changed, 17 insertions(+), 4593 deletions(-) delete mode 100755 install/hst-install-debian.sh delete mode 100755 install/hst-install-ubuntu.sh diff --git a/install/hst-install-debian.sh b/install/hst-install-debian.sh deleted file mode 100755 index 131aead..0000000 --- a/install/hst-install-debian.sh +++ /dev/null @@ -1,2295 +0,0 @@ -#!/bin/bash - -# ======================================================== # -# -# Hestia Control Panel Installer for Debian -# https://www.hestiacp.com/ -# -# Currently Supported Versions: -# Debian 10, 11 -# -# ======================================================== # - -#----------------------------------------------------------# -# Variables&Functions # -#----------------------------------------------------------# -export PATH=$PATH:/sbin -export DEBIAN_FRONTEND=noninteractive -RHOST='apt.hestiacp.com' -VERSION='debian' -HESTIA='/usr/local/hestia' -LOG="/root/hst_install_backups/hst_install-$(date +%d%m%Y%H%M).log" -memory=$(grep 'MemTotal' /proc/meminfo | tr ' ' '\n' | grep [0-9]) -hst_backups="/root/hst_install_backups/$(date +%d%m%Y%H%M)" -spinner="/-\|" -os='debian' -release="$(cat /etc/debian_version | tr "." "\n" | head -n1)" -codename="$(cat /etc/os-release | grep VERSION= | cut -f 2 -d \( | cut -f 1 -d \))" -architecture="$(arch)" -HESTIA_INSTALL_DIR="$HESTIA/install/deb" -HESTIA_COMMON_DIR="$HESTIA/install/common" -VERBOSE='no' - -# Define software versions -HESTIA_INSTALL_VER='1.9.0~alpha' -# Dependencies -multiphp_v=("5.6" "7.0" "7.1" "7.2" "7.3" "7.4" "8.0" "8.1" "8.2") -fpm_v="8.2" -mariadb_v="10.11" - -# Defining software pack for all distros -software="acl apache2 apache2-suexec-custom apache2-suexec-pristine apache2-utils awstats bc bind9 bsdmainutils bsdutils - clamav-daemon cron curl dnsutils dovecot-imapd dovecot-managesieved dovecot-pop3d dovecot-sieve e2fslibs e2fsprogs - exim4 exim4-daemon-heavy expect fail2ban flex ftp git hestia=${HESTIA_INSTALL_VER} hestia-nginx hestia-php idn2 - imagemagick ipset jq libapache2-mod-fcgid libapache2-mod-php$fpm_v libapache2-mpm-itk libmail-dkim-perl lsb-release - lsof mariadb-client mariadb-common mariadb-server mc mysql-client mysql-common mysql-server net-tools nginx openssh-server - php$fpm_v php$fpm_v-apcu php$fpm_v-bz2 php$fpm_v-cgi php$fpm_v-cli php$fpm_v-common php$fpm_v-curl php$fpm_v-gd - php$fpm_v-imagick php$fpm_v-imap php$fpm_v-intl php$fpm_v-ldap php$fpm_v-mbstring php$fpm_v-mysql php$fpm_v-opcache - php$fpm_v-pgsql php$fpm_v-pspell php$fpm_v-readline php$fpm_v-xml php$fpm_v-zip postgresql postgresql-contrib - proftpd-basic quota rrdtool rsyslog spamd sudo sysstat unrar-free unzip util-linux vim-common vsftpd xxd whois zip zstd" - -installer_dependencies="apt-transport-https ca-certificates curl dirmngr gnupg openssl wget" - -# Defining help function -help() { - echo "Usage: $0 [OPTIONS] - -a, --apache Install Apache [yes|no] default: yes - -w, --phpfpm Install PHP-FPM [yes|no] default: yes - -o, --multiphp Install Multi-PHP [yes|no] default: no - -v, --vsftpd Install Vsftpd [yes|no] default: yes - -j, --proftpd Install ProFTPD [yes|no] default: no - -k, --named Install Bind [yes|no] default: yes - -m, --mysql Install MariaDB [yes|no] default: yes - -M, --mysql8 Install MySQL [yes|no] default: no - -g, --postgresql Install PostgreSQL [yes|no] default: no - -x, --exim Install Exim [yes|no] default: yes - -z, --dovecot Install Dovecot [yes|no] default: yes - -Z, --sieve Install Sieve [yes|no] default: no - -c, --clamav Install ClamAV [yes|no] default: yes - -t, --spamassassin Install SpamAssassin [yes|no] default: yes - -i, --iptables Install Iptables [yes|no] default: yes - -b, --fail2ban Install Fail2ban [yes|no] default: yes - -q, --quota Filesystem Quota [yes|no] default: no - -d, --api Activate API [yes|no] default: yes - -r, --port Change Backend Port default: 8083 - -l, --lang Default language default: en - -y, --interactive Interactive install [yes|no] default: yes - -s, --hostname Set hostname - -e, --email Set admin email - -p, --password Set admin password - -D, --with-debs Path to Hestia debs - -f, --force Force installation - -h, --help Print this help - - Example: bash $0 -e demo@hestiacp.com -p p4ssw0rd --multiphp yes" - exit 1 -} - -# Defining file download function -download_file() { - wget $1 -q --show-progress --progress=bar:force -} - -# Defining password-gen function -gen_pass() { - matrix=$1 - length=$2 - if [ -z "$matrix" ]; then - matrix="A-Za-z0-9" - fi - if [ -z "$length" ]; then - length=16 - fi - head /dev/urandom | tr -dc $matrix | head -c$length -} - -# Defining return code check function -check_result() { - if [ $1 -ne 0 ]; then - echo "Error: $2" - exit $1 - fi -} - -# Defining function to set default value -set_default_value() { - eval variable=\$$1 - if [ -z "$variable" ]; then - eval $1=$2 - fi - if [ "$variable" != 'yes' ] && [ "$variable" != 'no' ]; then - eval $1=$2 - fi -} - -# Defining function to set default language value -set_default_lang() { - if [ -z "$lang" ]; then - eval lang=$1 - fi - lang_list="ar az bg bn bs ca cs da de el en es fa fi fr hr hu id it ja ka ku ko nl no pl pt pt-br ro ru sk sr sv th tr uk ur vi zh-cn zh-tw" - if ! (echo $lang_list | grep -w $lang > /dev/null 2>&1); then - eval lang=$1 - fi -} - -# Define the default backend port -set_default_port() { - if [ -z "$port" ]; then - eval port=$1 - fi -} - -# Write configuration KEY/VALUE pair to $HESTIA/conf/hestia.conf -write_config_value() { - local key="$1" - local value="$2" - echo "$key='$value'" >> $HESTIA/conf/hestia.conf -} - -# Sort configuration file values -# Write final copy to $HESTIA/conf/hestia.conf for active usage -# Duplicate file to $HESTIA/conf/defaults/hestia.conf to restore known good installation values -sort_config_file() { - sort $HESTIA/conf/hestia.conf -o /tmp/updconf - mv $HESTIA/conf/hestia.conf $HESTIA/conf/hestia.conf.bak - mv /tmp/updconf $HESTIA/conf/hestia.conf - rm -f $HESTIA/conf/hestia.conf.bak - if [ ! -d "$HESTIA/conf/defaults/" ]; then - mkdir -p "$HESTIA/conf/defaults/" - fi - cp $HESTIA/conf/hestia.conf $HESTIA/conf/defaults/hestia.conf -} - -# Validate hostname according to RFC1178 -validate_hostname() { - # remove extra . - servername=$(echo "$servername" | sed -e "s/[.]*$//g") - servername=$(echo "$servername" | sed -e "s/^[.]*//") - if [[ $(echo "$servername" | grep -o "\." | wc -l) -gt 1 ]] && [[ ! $servername =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then - # Hostname valid - return 1 - else - # Hostname invalid - return 0 - fi -} - -validate_email() { - if [[ ! "$email" =~ ^[A-Za-z0-9._%+-]+@[[:alnum:].-]+\.[A-Za-z]{2,63}$ ]]; then - # Email invalid - return 0 - else - # Email valid - return 1 - fi -} - -version_ge() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1" -o -n "$1" -a "$1" = "$2"; } - -#----------------------------------------------------------# -# Verifications # -#----------------------------------------------------------# - -# Creating temporary file -tmpfile=$(mktemp -p /tmp) - -# Translating argument to --gnu-long-options -for arg; do - delim="" - case "$arg" in - --apache) args="${args}-a " ;; - --phpfpm) args="${args}-w " ;; - --vsftpd) args="${args}-v " ;; - --proftpd) args="${args}-j " ;; - --named) args="${args}-k " ;; - --mysql) args="${args}-m " ;; - --mariadb) args="${args}-m " ;; - --mysql-classic) args="${args}-M " ;; - --mysql8) args="${args}-M " ;; - --postgresql) args="${args}-g " ;; - --exim) args="${args}-x " ;; - --dovecot) args="${args}-z " ;; - --sieve) args="${args}-Z " ;; - --clamav) args="${args}-c " ;; - --spamassassin) args="${args}-t " ;; - --iptables) args="${args}-i " ;; - --fail2ban) args="${args}-b " ;; - --multiphp) args="${args}-o " ;; - --quota) args="${args}-q " ;; - --port) args="${args}-r " ;; - --lang) args="${args}-l " ;; - --interactive) args="${args}-y " ;; - --api) args="${args}-d " ;; - --hostname) args="${args}-s " ;; - --email) args="${args}-e " ;; - --password) args="${args}-p " ;; - --force) args="${args}-f " ;; - --with-debs) args="${args}-D " ;; - --help) args="${args}-h " ;; - *) - [[ "${arg:0:1}" == "-" ]] || delim="\"" - args="${args}${delim}${arg}${delim} " - ;; - esac -done -eval set -- "$args" - -# Parsing arguments -while getopts "a:w:v:j:k:m:M:g:d:x:z:Z:c:t:i:b:r:o:q:l:y:s:e:p:D:fh" Option; do - case $Option in - a) apache=$OPTARG ;; # Apache - w) phpfpm=$OPTARG ;; # PHP-FPM - o) multiphp=$OPTARG ;; # Multi-PHP - v) vsftpd=$OPTARG ;; # Vsftpd - j) proftpd=$OPTARG ;; # Proftpd - k) named=$OPTARG ;; # Named - m) mysql=$OPTARG ;; # MariaDB - M) mysql8=$OPTARG ;; # MySQL - g) postgresql=$OPTARG ;; # PostgreSQL - x) exim=$OPTARG ;; # Exim - z) dovecot=$OPTARG ;; # Dovecot - Z) sieve=$OPTARG ;; # Sieve - c) clamd=$OPTARG ;; # ClamAV - t) spamd=$OPTARG ;; # SpamAssassin - i) iptables=$OPTARG ;; # Iptables - b) fail2ban=$OPTARG ;; # Fail2ban - q) quota=$OPTARG ;; # FS Quota - r) port=$OPTARG ;; # Backend Port - l) lang=$OPTARG ;; # Language - d) api=$OPTARG ;; # Activate API - y) interactive=$OPTARG ;; # Interactive install - s) servername=$OPTARG ;; # Hostname - e) email=$OPTARG ;; # Admin email - p) vpass=$OPTARG ;; # Admin password - D) withdebs=$OPTARG ;; # Hestia debs path - f) force='yes' ;; # Force install - h) help ;; # Help - *) help ;; # Print help (default) - esac -done - -# Defining default software stack -set_default_value 'nginx' 'yes' -set_default_value 'apache' 'yes' -set_default_value 'phpfpm' 'yes' -set_default_value 'multiphp' 'no' -set_default_value 'vsftpd' 'yes' -set_default_value 'proftpd' 'no' -set_default_value 'named' 'yes' -set_default_value 'mysql' 'yes' -set_default_value 'mysql8' 'no' -set_default_value 'postgresql' 'no' -set_default_value 'exim' 'yes' -set_default_value 'dovecot' 'yes' -set_default_value 'sieve' 'no' -if [ $memory -lt 1500000 ]; then - set_default_value 'clamd' 'no' - set_default_value 'spamd' 'no' -elif [ $memory -lt 3000000 ]; then - set_default_value 'clamd' 'no' - set_default_value 'spamd' 'yes' -else - set_default_value 'clamd' 'yes' - set_default_value 'spamd' 'yes' -fi -set_default_value 'iptables' 'yes' -set_default_value 'fail2ban' 'yes' -set_default_value 'quota' 'no' -set_default_value 'interactive' 'yes' -set_default_value 'api' 'yes' -set_default_port '8083' -set_default_lang 'en' - -# Checking software conflicts -if [ "$proftpd" = 'yes' ]; then - vsftpd='no' -fi -if [ "$exim" = 'no' ]; then - clamd='no' - spamd='no' - dovecot='no' -fi -if [ "$dovecot" = 'no' ]; then - sieve='no' -fi -if [ "$iptables" = 'no' ]; then - fail2ban='no' -fi -if [ "$apache" = 'no' ]; then - phpfpm='yes' -fi -if [ "$mysql" = 'yes' ] && [ "$mysql8" = 'yes' ]; then - mysql='no' -fi - -if [ "$mysql8" = 'yes' ] && [ "$architecture" = 'aarch64' ]; then - check_result 1 "Mysql 8 does not support ARM64 yet for Debian please use Ubuntu. Unable to continue" -fi -if [ "$mysql8" = 'yes' ] && [ "$release" = '12' ]; then - check_result 1 "Mysql 8 does not support Bookworm yet for Debian Unable to continue" -fi - -# Checking root permissions -if [ "x$(id -u)" != 'x0' ]; then - check_result 1 "Script can be run executed only by root" -fi - -if [ -d "/usr/local/hestia" ]; then - check_result 1 "Hestia install detected. Unable to continue" -fi - -# Checking admin user account -if [ -n "$(grep ^admin: /etc/passwd /etc/group)" ] && [ -z "$force" ]; then - echo 'Please remove admin user account before proceeding.' - echo 'If you want to do it automatically run installer with -f option:' - echo -e "Example: bash $0 --force\n" - check_result 1 "User admin exists" -fi - -# Clear the screen once launch permissions have been verified -clear - -# Configure apt to retry downloading on error -if [ ! -f /etc/apt/apt.conf.d/80-retries ]; then - echo "APT::Acquire::Retries \"3\";" > /etc/apt/apt.conf.d/80-retries -fi - -# Welcome message -echo "Welcome to the Hestia Control Panel installer!" -echo -echo "Please wait, the installer is now checking for missing dependencies..." -echo - -# Update apt repository -apt-get -qq update - -# Creating backup directory -mkdir -p "$hst_backups" - -# Pre-install packages -echo "[ * ] Installing dependencies..." -apt-get -y install $installer_dependencies >> $LOG -check_result $? "Package installation failed, check log file for more details." - -# Check if apparmor is installed -if [ $(dpkg-query -W -f='${Status}' apparmor 2> /dev/null | grep -c "ok installed") -eq 0 ]; then - apparmor='no' -else - apparmor='yes' -fi - -# Check repository availability -wget --quiet "https://$RHOST" -O /dev/null -check_result $? "Unable to connect to the Hestia APT repository" - -# Check installed packages -tmpfile=$(mktemp -p /tmp) -dpkg --get-selections > $tmpfile -conflicts_pkg="exim4 mariadb-server apache2 nginx hestia postfix" - -# Drop postfix from the list if exim should not be installed -if [ "$exim" = 'no' ]; then - conflicts_pkg=$(echo $conflicts_pkg | sed 's/postfix//g' | xargs) -fi - -for pkg in $conflicts_pkg; do - if [ -n "$(grep $pkg $tmpfile)" ]; then - conflicts="$pkg* $conflicts" - fi -done -rm -f $tmpfile -if [ -n "$conflicts" ] && [ -z "$force" ]; then - echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!' - echo - echo 'WARNING: The following packages are already installed' - echo "$conflicts" - echo - echo 'It is highly recommended that you remove them before proceeding.' - echo - echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!' - echo - read -p 'Would you like to remove the conflicting packages? [y/n] ' answer - if [ "$answer" = 'y' ] || [ "$answer" = 'Y' ]; then - apt-get -qq purge $conflicts -y - check_result $? 'apt-get remove failed' - unset $answer - else - check_result 1 "Hestia Control Panel should be installed on a clean server." - fi -fi - -# Check network configuration -if [ -d /etc/netplan ] && [ -z "$force" ]; then - if [ -z "$(ls -A /etc/netplan)" ]; then - echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!' - echo - echo 'WARNING: Your network configuration may not be set up correctly.' - echo 'Details: The netplan configuration directory is empty.' - echo '' - echo 'You may have a network configuration file that was created using' - echo 'systemd-networkd.' - echo '' - echo 'It is strongly recommended to migrate to netplan, which is now the' - echo 'default network configuration system in newer releases of Ubuntu.' - echo '' - echo 'While you can leave your configuration as-is, please note that you' - echo 'will not be able to use additional IPs properly.' - echo '' - echo 'If you wish to continue and force the installation,' - echo 'run this script with -f option:' - echo "Example: bash $0 --force" - echo - echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!' - echo - check_result 1 "Unable to detect netplan configuration." - fi -fi - -# Validate whether installation script matches release version before continuing with install -if [ -z "$withdebs" ] || [ ! -d "$withdebs" ]; then - release_branch_ver=$(curl -s https://raw.githubusercontent.com/hestiacp/hestiacp/release/src/deb/hestia/control | grep "Version:" | awk '{print $2}') - if [ "$HESTIA_INSTALL_VER" != "$release_branch_ver" ]; then - echo - echo -e "\e[91mInstallation aborted\e[0m" - echo "====================================================================" - echo -e "\e[33mERROR: Install script version does not match package version!\e[0m" - echo -e "\e[33mPlease download the installer from the release branch in order to continue:\e[0m" - echo "" - echo -e "\e[33mhttps://raw.githubusercontent.com/hestiacp/hestiacp/release/install/hst-install.sh\e[0m" - echo "" - echo -e "\e[33mTo test pre-release versions, build the .deb packages and re-run the installer:\e[0m" - echo -e " \e[33m./hst_autocompile.sh \e[1m--hestia branchname no\e[21m\e[0m" - echo -e " \e[33m./hst-install.sh .. \e[1m--with-debs /tmp/hestiacp-src/debs\e[21m\e[0m" - echo "" - check_result 1 "Installation aborted" - fi -fi - -case $architecture in - x86_64) - ARCH="amd64" - ;; - aarch64) - ARCH="arm64" - ;; - *) - echo - echo -e "\e[91mInstallation aborted\e[0m" - echo "====================================================================" - echo -e "\e[33mERROR: $architecture is currently not supported!\e[0m" - echo -e "\e[33mPlease verify the achitecture used is currenlty supported\e[0m" - echo "" - echo -e "\e[33mhttps://github.com/hestiacp/hestiacp/blob/main/README.md\e[0m" - echo "" - check_result 1 "Installation aborted" - ;; -esac - -#----------------------------------------------------------# -# Brief Info # -#----------------------------------------------------------# - -install_welcome_message() { - DISPLAY_VER=$(echo $HESTIA_INSTALL_VER | sed "s|~alpha||g" | sed "s|~beta||g") - echo - echo ' _ _ _ _ ____ ____ ' - echo ' | | | | ___ ___| |_(_) __ _ / ___| _ \ ' - echo ' | |_| |/ _ \/ __| __| |/ _` | | | |_) | ' - echo ' | _ | __/\__ \ |_| | (_| | |___| __/ ' - echo ' |_| |_|\___||___/\__|_|\__,_|\____|_| ' - echo " " - echo " Hestia Control Panel " - if [[ "$HESTIA_INSTALL_VER" =~ "beta" ]]; then - echo " BETA RELEASE " - fi - if [[ "$HESTIA_INSTALL_VER" =~ "alpha" ]]; then - echo " DEVELOPMENT SNAPSHOT " - echo " NOT INTENDED FOR PRODUCTION USE " - echo " USE AT YOUR OWN RISK " - fi - echo " ${DISPLAY_VER} " - echo " www.hestiacp.com " - echo - echo "========================================================================" - echo - echo "Thank you for downloading Hestia Control Panel! In a few moments," - echo "we will begin installing the following components on your server:" - echo -} - -# Printing nice ASCII logo -clear -install_welcome_message - -# Web stack -echo ' - NGINX Web / Proxy Server' -if [ "$apache" = 'yes' ]; then - echo ' - Apache Web Server (as backend)' -fi -if [ "$phpfpm" = 'yes' ] && [ "$multiphp" = 'no' ]; then - echo ' - PHP-FPM Application Server' -fi -if [ "$multiphp" = 'yes' ]; then - phpfpm='yes' - echo ' - Multi-PHP Environment' -fi - -# DNS stack -if [ "$named" = 'yes' ]; then - echo ' - Bind DNS Server' -fi - -# Mail stack -if [ "$exim" = 'yes' ]; then - echo -n ' - Exim Mail Server' - if [ "$clamd" = 'yes' ] || [ "$spamd" = 'yes' ]; then - echo -n ' + ' - if [ "$clamd" = 'yes' ]; then - echo -n 'ClamAV ' - fi - if [ "$spamd" = 'yes' ]; then - if [ "$clamd" = 'yes' ]; then - echo -n '+ ' - fi - echo -n 'SpamAssassin' - fi - fi - echo - if [ "$dovecot" = 'yes' ]; then - echo -n ' - Dovecot POP3/IMAP Server' - if [ "$sieve" = 'yes' ]; then - echo -n '+ Sieve' - fi - fi -fi - -echo - -# Database stack -if [ "$mysql" = 'yes' ]; then - echo ' - MariaDB Database Server' -fi -if [ "$mysql8" = 'yes' ]; then - echo ' - MySQL8 Database Server' -fi -if [ "$postgresql" = 'yes' ]; then - echo ' - PostgreSQL Database Server' -fi - -# FTP stack -if [ "$vsftpd" = 'yes' ]; then - echo ' - Vsftpd FTP Server' -fi -if [ "$proftpd" = 'yes' ]; then - echo ' - ProFTPD FTP Server' -fi - -# Firewall stack -if [ "$iptables" = 'yes' ]; then - echo -n ' - Firewall (iptables)' -fi -if [ "$iptables" = 'yes' ] && [ "$fail2ban" = 'yes' ]; then - echo -n ' + Fail2Ban Access Monitor' -fi -echo -e "\n" -echo "========================================================================" -echo -e "\n" - -# Asking for confirmation to proceed -if [ "$interactive" = 'yes' ]; then - read -p 'Would you like to continue with the installation? [Y/N]: ' answer - if [ "$answer" != 'y' ] && [ "$answer" != 'Y' ]; then - echo 'Goodbye' - exit 1 - fi -fi - -# Validate Email / Hostname even when interactive = no -# Asking for contact email -if [ -z "$email" ]; then - while validate_email; do - echo -e "\nPlease use a valid emailadress (ex. info@domain.tld)." - read -p 'Please enter admin email address: ' email - done -else - if validate_email; then - echo "Please use a valid emailadress (ex. info@domain.tld)." - exit 1 - fi -fi - -# Asking to set FQDN hostname -if [ -z "$servername" ]; then - # Ask and validate FQDN hostname. - read -p "Please enter FQDN hostname [$(hostname -f)]: " servername - - # Set hostname if it wasn't set - if [ -z "$servername" ]; then - servername=$(hostname -f) - fi - - # Validate Hostname, go to loop if the validation fails. - while validate_hostname; do - echo -e "\nPlease use a valid hostname according to RFC1178 (ex. hostname.domain.tld)." - read -p "Please enter FQDN hostname [$(hostname -f)]: " servername - done -else - # Validate FQDN hostname if it is preset - if validate_hostname; then - echo "Please use a valid hostname according to RFC1178 (ex. hostname.domain.tld)." - exit 1 - fi -fi - -# Generating admin password if it wasn't set -displaypass="The password you chose during installation." -if [ -z "$vpass" ]; then - vpass=$(gen_pass) - displaypass=$vpass -fi - -# Set FQDN if it wasn't set -mask1='(([[:alnum:]](-?[[:alnum:]])*)\.)' -mask2='*[[:alnum:]](-?[[:alnum:]])+\.[[:alnum:]]{2,}' -if ! [[ "$servername" =~ ^${mask1}${mask2}$ ]]; then - if [[ -n "$servername" ]]; then - servername="$servername.example.com" - else - servername="example.com" - fi - echo "127.0.0.1 $servername" >> /etc/hosts -fi - -if [[ -z $(grep -i "$servername" /etc/hosts) ]]; then - echo "127.0.0.1 $servername" >> /etc/hosts -fi - -# Set email if it wasn't set -if [[ -z "$email" ]]; then - email="admin@$servername" -fi - -# Defining backup directory -echo -e "Installation backup directory: $hst_backups" - -# Print Log File Path -echo "Installation log file: $LOG" - -# Print new line -echo - -#----------------------------------------------------------# -# Checking swap # -#----------------------------------------------------------# - -# Checking swap on small instances -if [ -z "$(swapon -s)" ] && [ "$memory" -lt 1000000 ]; then - fallocate -l 1G /swapfile - chmod 600 /swapfile - mkswap /swapfile - swapon /swapfile - echo "/swapfile none swap sw 0 0" >> /etc/fstab -fi - -#----------------------------------------------------------# -# Install repository # -#----------------------------------------------------------# - -# Define apt conf location -apt=/etc/apt/sources.list.d - -# Create new folder if not all-ready exists -mkdir -p /root/.gnupg/ && chmod 700 /root/.gnupg/ - -# Updating system -echo "Adding required repositories to proceed with installation:" -echo - -# Installing Nginx repo - -echo "[ * ] NGINX" -echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/nginx-keyring.gpg] https://nginx.org/packages/mainline/$VERSION/ $codename nginx" > $apt/nginx.list -curl -s https://nginx.org/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-keyring.gpg > /dev/null 2>&1 - -# Installing sury PHP repo -echo "[ * ] PHP" -echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/sury-keyring.gpg] https://packages.sury.org/php/ $codename main" > $apt/php.list -curl -s https://packages.sury.org/php/apt.gpg | gpg --dearmor | tee /usr/share/keyrings/sury-keyring.gpg > /dev/null 2>&1 - -# Installing sury Apache2 repo -if [ "$apache" = 'yes' ]; then - echo "[ * ] Apache2" - echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/apache2-keyring.gpg] https://packages.sury.org/apache2/ $codename main" > $apt/apache2.list - curl -s https://packages.sury.org/apache2/apt.gpg | gpg --dearmor | tee /usr/share/keyrings/apache2-keyring.gpg > /dev/null 2>&1 -fi - -# Installing MariaDB repo -if [ "$mysql" = 'yes' ]; then - if [ "$release" != '12' ]; then - echo "[ * ] MariaDB" - echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/mariadb-keyring.gpg] https://dlm.mariadb.com/repo/mariadb-server/$mariadb_v/repo/$VERSION $codename main" > $apt/mariadb.list - curl -s https://mariadb.org/mariadb_release_signing_key.asc | gpg --dearmor | tee /usr/share/keyrings/mariadb-keyring.gpg > /dev/null 2>&1 - else - echo "[ * ] MariaDB" - echo "#deb [arch=$ARCH signed-by=/usr/share/keyrings/mariadb-keyring.gpg] https://dlm.mariadb.com/repo/mariadb-server/$mariadb_v/repo/$VERSION $codename main" > $apt/mariadb.list - curl -s https://mariadb.org/mariadb_release_signing_key.asc | gpg --dearmor | tee /usr/share/keyrings/mariadb-keyring.gpg > /dev/null 2>&1 - fi -fi - -# Installing Mysql8 repo -if [ "$mysql8" = 'yes' ]; then - echo "[ * ] Mysql 8" - echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/mysql-keyring.gpg] http://repo.mysql.com/apt/debian/ $codename mysql-apt-config" >> /etc/apt/sources.list.d/mysql.list - echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/mysql-keyring.gpg] http://repo.mysql.com/apt/debian/ $codename mysql-8.0" >> /etc/apt/sources.list.d/mysql.list - echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/mysql-keyring.gpg] http://repo.mysql.com/apt/debian/ $codename mysql-tools" >> /etc/apt/sources.list.d/mysql.list - echo "#deb [arch=$ARCH signed-by=/usr/share/keyrings/mysql-keyring.gpg] http://repo.mysql.com/apt/debian/ $codename mysql-tools-preview" >> /etc/apt/sources.list.d/mysql.list - echo "deb-src [arch=$ARCH signed-by=/usr/share/keyrings/mysql-keyring.gpg] http://repo.mysql.com/apt/debian/ $codename mysql-8.0" >> /etc/apt/sources.list.d/mysql.list - - GNUPGHOME="$(mktemp -d)" - export GNUPGHOME - for keyserver in $(shuf -e ha.pool.sks-keyservers.net hkp://p80.pool.sks-keyservers.net:80 keyserver.ubuntu.com hkp://keyserver.ubuntu.com:80); do - gpg --no-default-keyring --keyring /usr/share/keyrings/mysql-keyring.gpg --keyserver "${keyserver}" --recv-keys "467B942D3A79BD29" > /dev/null 2>&1 && break - done -fi - -# Installing HestiaCP repo -echo "[ * ] Hestia Control Panel" -echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/hestia-keyring.gpg] https://$RHOST/ $codename main" > $apt/hestia.list -gpg --no-default-keyring --keyring /usr/share/keyrings/hestia-keyring.gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys A189E93654F0B0E5 > /dev/null 2>&1 - -# Installing PostgreSQL repo -if [ "$postgresql" = 'yes' ]; then - echo "[ * ] PostgreSQL" - echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/postgresql-keyring.gpg] https://apt.postgresql.org/pub/repos/apt/ $codename-pgdg main" > $apt/postgresql.list - curl -s https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor | tee /usr/share/keyrings/postgresql-keyring.gpg > /dev/null 2>&1 -fi - -# Echo for a new line -echo - -# Updating system -echo -ne "Updating currently installed packages, please wait... " -apt-get -qq update -apt-get -y upgrade >> $LOG & -BACK_PID=$! - -# Check if package installation is done, print a spinner -spin_i=1 -while kill -0 $BACK_PID > /dev/null 2>&1; do - printf "\b${spinner:spin_i++%${#spinner}:1}" - sleep 0.5 -done - -# Do a blank echo to get the \n back -echo - -# Check Installation result -wait $BACK_PID -check_result $? 'apt-get upgrade failed' - -#----------------------------------------------------------# -# Backup # -#----------------------------------------------------------# - -# Creating backup directory tree -mkdir -p $hst_backups -cd $hst_backups -mkdir nginx apache2 php vsftpd proftpd bind exim4 dovecot clamd -mkdir spamassassin mysql postgresql openssl hestia - -# Backup OpenSSL configuration -cp /etc/ssl/openssl.cnf $hst_backups/openssl > /dev/null 2>&1 - -# Backup nginx configuration -systemctl stop nginx > /dev/null 2>&1 -cp -r /etc/nginx/* $hst_backups/nginx > /dev/null 2>&1 - -# Backup Apache configuration -systemctl stop apache2 > /dev/null 2>&1 -cp -r /etc/apache2/* $hst_backups/apache2 > /dev/null 2>&1 -rm -f /etc/apache2/conf.d/* > /dev/null 2>&1 - -# Backup PHP-FPM configuration -systemctl stop php*-fpm > /dev/null 2>&1 -cp -r /etc/php/* $hst_backups/php > /dev/null 2>&1 - -# Backup Bind configuration -systemctl stop bind9 > /dev/null 2>&1 -cp -r /etc/bind/* $hst_backups/bind > /dev/null 2>&1 - -# Backup Vsftpd configuration -systemctl stop vsftpd > /dev/null 2>&1 -cp /etc/vsftpd.conf $hst_backups/vsftpd > /dev/null 2>&1 - -# Backup ProFTPD configuration -systemctl stop proftpd > /dev/null 2>&1 -cp /etc/proftpd/* $hst_backups/proftpd > /dev/null 2>&1 - -# Backup Exim configuration -systemctl stop exim4 > /dev/null 2>&1 -cp -r /etc/exim4/* $hst_backups/exim4 > /dev/null 2>&1 - -# Backup ClamAV configuration -systemctl stop clamav-daemon > /dev/null 2>&1 -cp -r /etc/clamav/* $hst_backups/clamav > /dev/null 2>&1 - -# Backup SpamAssassin configuration -systemctl stop spamassassin > /dev/null 2>&1 -cp -r /etc/spamassassin/* $hst_backups/spamassassin > /dev/null 2>&1 - -# Backup Dovecot configuration -systemctl stop dovecot > /dev/null 2>&1 -cp /etc/dovecot.conf $hst_backups/dovecot > /dev/null 2>&1 -cp -r /etc/dovecot/* $hst_backups/dovecot > /dev/null 2>&1 - -# Backup MySQL/MariaDB configuration and data -systemctl stop mysql > /dev/null 2>&1 -killall -9 mysqld > /dev/null 2>&1 -mv /var/lib/mysql $hst_backups/mysql/mysql_datadir > /dev/null 2>&1 -cp -r /etc/mysql/* $hst_backups/mysql > /dev/null 2>&1 -mv -f /root/.my.cnf $hst_backups/mysql > /dev/null 2>&1 - -# Backup Hestia -systemctl stop hestia > /dev/null 2>&1 -cp -r $HESTIA/* $hst_backups/hestia > /dev/null 2>&1 -apt-get -y purge hestia hestia-nginx hestia-php > /dev/null 2>&1 -rm -rf $HESTIA > /dev/null 2>&1 - -#----------------------------------------------------------# -# Package Includes # -#----------------------------------------------------------# - -if [ "$phpfpm" = 'yes' ]; then - fpm="php$fpm_v php$fpm_v-common php$fpm_v-bcmath php$fpm_v-cli - php$fpm_v-curl php$fpm_v-fpm php$fpm_v-gd php$fpm_v-intl - php$fpm_v-mysql php$fpm_v-soap php$fpm_v-xml php$fpm_v-zip - php$fpm_v-mbstring php$fpm_v-bz2 php$fpm_v-pspell - php$fpm_v-imagick" - software="$software $fpm" -fi - -#----------------------------------------------------------# -# Package Excludes # -#----------------------------------------------------------# - -# Excluding packages -software=$(echo "$software" | sed -e "s/apache2.2-common//") - -if [ $release -lt 12 ]; then - software=$(echo "$software" | sed -e "s/spamd/spamassassin/g") -fi - -if [ "$apache" = 'no' ]; then - software=$(echo "$software" | sed -e "s/apache2 //") - software=$(echo "$software" | sed -e "s/apache2-bin//") - software=$(echo "$software" | sed -e "s/apache2-utils//") - software=$(echo "$software" | sed -e "s/apache2-suexec-custom//") - software=$(echo "$software" | sed -e "s/apache2.2-common//") - software=$(echo "$software" | sed -e "s/libapache2-mod-rpaf//") - software=$(echo "$software" | sed -e "s/libapache2-mod-fcgid//") - software=$(echo "$software" | sed -e "s/libapache2-mod-php$fpm_v//") -fi -if [ "$vsftpd" = 'no' ]; then - software=$(echo "$software" | sed -e "s/vsftpd//") -fi -if [ "$proftpd" = 'no' ]; then - software=$(echo "$software" | sed -e "s/proftpd-basic//") - software=$(echo "$software" | sed -e "s/proftpd-mod-vroot//") -fi -if [ "$named" = 'no' ]; then - software=$(echo "$software" | sed -e "s/bind9//") -fi -if [ "$exim" = 'no' ]; then - software=$(echo "$software" | sed -e "s/exim4 //") - software=$(echo "$software" | sed -e "s/exim4-daemon-heavy//") - software=$(echo "$software" | sed -e "s/dovecot-imapd//") - software=$(echo "$software" | sed -e "s/dovecot-pop3d//") - software=$(echo "$software" | sed -e "s/clamav-daemon//") - software=$(echo "$software" | sed -e "s/spamassassin//") - software=$(echo "$software" | sed -e "s/dovecot-sieve//") - software=$(echo "$software" | sed -e "s/dovecot-managesieved//") -fi -if [ "$clamd" = 'no' ]; then - software=$(echo "$software" | sed -e "s/clamav-daemon//") -fi -if [ "$spamd" = 'no' ]; then - software=$(echo "$software" | sed -e "s/spamassassin//") - software=$(echo "$software" | sed -e "s/spamd//") -fi -if [ "$dovecot" = 'no' ]; then - software=$(echo "$software" | sed -e "s/dovecot-imapd//") - software=$(echo "$software" | sed -e "s/dovecot-pop3d//") -fi -if [ "$sieve" = 'no' ]; then - software=$(echo "$software" | sed -e "s/dovecot-sieve//") - software=$(echo "$software" | sed -e "s/dovecot-managesieved//") -fi -if [ "$mysql" = 'no' ]; then - software=$(echo "$software" | sed -e "s/mariadb-server//") - software=$(echo "$software" | sed -e "s/mariadb-client//") - software=$(echo "$software" | sed -e "s/mariadb-common//") -fi -if [ "$mysql8" = 'no' ]; then - software=$(echo "$software" | sed -e "s/mysql-server//") - software=$(echo "$software" | sed -e "s/mysql-client//") - software=$(echo "$software" | sed -e "s/mysql-common//") -fi -if [ "$mysql" = 'no' ] && [ "$mysql8" = 'no' ]; then - software=$(echo "$software" | sed -e "s/php$fpm_v-mysql//") -fi -if [ "$postgresql" = 'no' ]; then - software=$(echo "$software" | sed -e "s/postgresql-contrib//") - software=$(echo "$software" | sed -e "s/postgresql//") - software=$(echo "$software" | sed -e "s/php$fpm_v-pgsql//") -fi -if [ "$fail2ban" = 'no' ]; then - software=$(echo "$software" | sed -e "s/fail2ban//") -fi -if [ "$iptables" = 'no' ]; then - software=$(echo "$software" | sed -e "s/ipset//") - software=$(echo "$software" | sed -e "s/fail2ban//") -fi -if [ "$phpfpm" = 'yes' ]; then - software=$(echo "$software" | sed -e "s/php$fpm_v-cgi//") - software=$(echo "$software" | sed -e "s/libapache2-mpm-itk//") - software=$(echo "$software" | sed -e "s/libapache2-mod-ruid2//") - software=$(echo "$software" | sed -e "s/libapache2-mod-php$fpm_v//") -fi -if [ -d "$withdebs" ]; then - software=$(echo "$software" | sed -e "s/hestia-nginx//") - software=$(echo "$software" | sed -e "s/hestia-php//") - software=$(echo "$software" | sed -e "s/hestia=${HESTIA_INSTALL_VER}//") -fi - -#----------------------------------------------------------# -# Install packages # -#----------------------------------------------------------# - -# Enable en_US.UTF-8 -sed -i "s/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/g" /etc/locale.gen -locale-gen > /dev/null 2>&1 - -# Disabling daemon autostart on apt-get install -echo -e '#!/bin/sh\nexit 101' > /usr/sbin/policy-rc.d -chmod a+x /usr/sbin/policy-rc.d - -# Installing apt packages -echo "The installer is now downloading and installing all required packages." -echo -ne "NOTE: This process may take 10 to 15 minutes to complete, please wait... " -echo -apt-get -y install $software > $LOG -BACK_PID=$! - -# Check if package installation is done, print a spinner -spin_i=1 -while kill -0 $BACK_PID > /dev/null 2>&1; do - printf "\b${spinner:spin_i++%${#spinner}:1}" - sleep 0.5 -done - -# Do a blank echo to get the \n back -echo - -# Check Installation result -wait $BACK_PID -check_result $? "apt-get install failed" - -echo -echo "========================================================================" -echo - -# Install Hestia packages from local folder -if [ -n "$withdebs" ] && [ -d "$withdebs" ]; then - echo "[ * ] Installing local package files..." - echo " - hestia core package" - dpkg -i $withdebs/hestia_*.deb > /dev/null 2>&1 - - if [ -z $(ls $withdebs/hestia-php_*.deb 2> /dev/null) ]; then - echo " - hestia-php backend package (from apt)" - apt-get -y install hestia-php > /dev/null 2>&1 - else - echo " - hestia-php backend package" - dpkg -i $withdebs/hestia-php_*.deb > /dev/null 2>&1 - fi - - if [ -z $(ls $withdebs/hestia-nginx_*.deb 2> /dev/null) ]; then - echo " - hestia-nginx backend package (from apt)" - apt-get -y install hestia-nginx > /dev/null 2>&1 - else - echo " - hestia-nginx backend package" - dpkg -i $withdebs/hestia-nginx_*.deb > /dev/null 2>&1 - fi -fi - -# Restoring autostart policy -rm -f /usr/sbin/policy-rc.d - -#----------------------------------------------------------# -# Configure system # -#----------------------------------------------------------# - -echo "[ * ] Configuring system settings..." - -# Enable SFTP subsystem for SSH -sftp_subsys_enabled=$(grep -iE "^#?.*subsystem.+(sftp )?sftp-server" /etc/ssh/sshd_config) -if [ -n "$sftp_subsys_enabled" ]; then - sed -i -E "s/^#?.*Subsystem.+(sftp )?sftp-server/Subsystem sftp internal-sftp/g" /etc/ssh/sshd_config -fi - -# Reduce SSH login grace time -sed -i "s/[#]LoginGraceTime [[:digit:]]m/LoginGraceTime 1m/g" /etc/ssh/sshd_config - -# Disable SSH suffix broadcast -if [ -z "$(grep "^DebianBanner no" /etc/ssh/sshd_config)" ]; then - sed -i '/^[#]Banner .*/a DebianBanner no' /etc/ssh/sshd_config - if [ -z "$(grep "^DebianBanner no" /etc/ssh/sshd_config)" ]; then - # If first attempt fails just add it - echo '' >> /etc/ssh/sshd_config - echo 'DebianBanner no' >> /etc/ssh/sshd_config - fi -fi - -# Restart SSH daemon -systemctl restart ssh - -# Disable AWStats cron -rm -f /etc/cron.d/awstats -# Replace awstatst function -cp -f $HESTIA_INSTALL_DIR/logrotate/httpd-prerotate/* /etc/logrotate.d/httpd-prerotate/ - -# Set directory color -if [ -z "$(grep 'LS_COLORS="$LS_COLORS:di=00;33"' /etc/profile)" ]; then - echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile -fi - -# Register /sbin/nologin and /usr/sbin/nologin -if [ -z "$(grep ^/sbin/nologin /etc/shells)" ]; then - echo "/sbin/nologin" >> /etc/shells -fi - -if [ -z "$(grep ^/usr/sbin/nologin /etc/shells)" ]; then - echo "/usr/sbin/nologin" >> /etc/shells -fi - -# Configuring NTP -if [ ! -f "/etc/default/ntpsec-ntpdate " ]; then - sed -i 's/#NTP=/NTP=pool.ntp.org/' /etc/systemd/timesyncd.conf - systemctl enable systemd-timesyncd - systemctl start systemd-timesyncd -fi -# Restrict access to /proc fs -# - Prevent unpriv users from seeing each other running processes -mount -o remount,defaults,hidepid=2 /proc > /dev/null 2>&1 -if [ $? -ne 0 ]; then - echo "Info: Cannot remount /proc (LXC containers require additional perm added to host apparmor profile)" -else - echo "@reboot root sleep 5 && mount -o remount,defaults,hidepid=2 /proc" > /etc/cron.d/hestia-proc -fi - -#----------------------------------------------------------# -# Configure Hestia # -#----------------------------------------------------------# - -echo "[ * ] Configuring Hestia Control Panel..." -# Installing sudo configuration -mkdir -p /etc/sudoers.d -cp -f $HESTIA_INSTALL_DIR/sudo/admin /etc/sudoers.d/ -chmod 440 /etc/sudoers.d/admin - -# Add Hestia global config -if [[ ! -e /etc/hestiacp/hestia.conf ]]; then - mkdir -p /etc/hestiacp - echo -e "# Do not edit this file, will get overwritten on next upgrade, use /etc/hestiacp/local.conf instead\n\nexport HESTIA='/usr/local/hestia'\n\n[[ -f /etc/hestiacp/local.conf ]] && source /etc/hestiacp/local.conf" > /etc/hestiacp/hestia.conf -fi - -# Configuring system env -echo "export HESTIA='$HESTIA'" > /etc/profile.d/hestia.sh -echo 'PATH=$PATH:'$HESTIA'/bin' >> /etc/profile.d/hestia.sh -echo 'export PATH' >> /etc/profile.d/hestia.sh -chmod 755 /etc/profile.d/hestia.sh -source /etc/profile.d/hestia.sh - -# Configuring logrotate for Hestia logs -cp -f $HESTIA_INSTALL_DIR/logrotate/hestia /etc/logrotate.d/hestia - -# Create log path and symbolic link -rm -f /var/log/hestia -mkdir -p /var/log/hestia -ln -s /var/log/hestia $HESTIA/log - -# Building directory tree and creating some blank files for Hestia -mkdir -p $HESTIA/conf $HESTIA/ssl $HESTIA/data/ips \ - $HESTIA/data/queue $HESTIA/data/users $HESTIA/data/firewall \ - $HESTIA/data/sessions -touch $HESTIA/data/queue/backup.pipe $HESTIA/data/queue/disk.pipe \ - $HESTIA/data/queue/webstats.pipe $HESTIA/data/queue/restart.pipe \ - $HESTIA/data/queue/traffic.pipe $HESTIA/data/queue/daily.pipe $HESTIA/log/system.log \ - $HESTIA/log/nginx-error.log $HESTIA/log/auth.log $HESTIA/log/backup.log -chmod 750 $HESTIA/conf $HESTIA/data/users $HESTIA/data/ips $HESTIA/log -chmod -R 750 $HESTIA/data/queue -chmod 660 /var/log/hestia/* -chmod 770 $HESTIA/data/sessions - -# Generating Hestia configuration -rm -f $HESTIA/conf/hestia.conf > /dev/null 2>&1 -touch $HESTIA/conf/hestia.conf -chmod 660 $HESTIA/conf/hestia.conf - -# Write default port value to hestia.conf -# If a custom port is specified it will be set at the end of the installation process. -write_config_value "BACKEND_PORT" "8083" - -# Web stack -if [ "$apache" = 'yes' ]; then - write_config_value "WEB_SYSTEM" "apache2" - write_config_value "WEB_RGROUPS" "www-data" - write_config_value "WEB_PORT" "8080" - write_config_value "WEB_SSL_PORT" "8443" - write_config_value "WEB_SSL" "mod_ssl" - write_config_value "PROXY_SYSTEM" "nginx" - write_config_value "PROXY_PORT" "80" - write_config_value "PROXY_SSL_PORT" "443" - write_config_value "STATS_SYSTEM" "awstats" -fi -if [ "$apache" = 'no' ]; then - write_config_value "WEB_SYSTEM" "nginx" - write_config_value "WEB_PORT" "80" - write_config_value "WEB_SSL_PORT" "443" - write_config_value "WEB_SSL" "openssl" - write_config_value "STATS_SYSTEM" "awstats" -fi -if [ "$phpfpm" = 'yes' ]; then - write_config_value "WEB_BACKEND" "php-fpm" -fi - -# Database stack -if [ "$mysql" = 'yes' ] || [ "$mysql8" = 'yes' ]; then - installed_db_types='mysql' -fi -if [ "$postgresql" = 'yes' ]; then - installed_db_types="$installed_db_types,pgsql" -fi -if [ -n "$installed_db_types" ]; then - db=$(echo "$installed_db_types" \ - | sed "s/,/\n/g" \ - | sort -r -u \ - | sed "/^$/d" \ - | sed ':a;N;$!ba;s/\n/,/g') - write_config_value "DB_SYSTEM" "$db" -fi - -# FTP stack -if [ "$vsftpd" = 'yes' ]; then - write_config_value "FTP_SYSTEM" "vsftpd" -fi -if [ "$proftpd" = 'yes' ]; then - write_config_value "FTP_SYSTEM" "proftpd" -fi - -# DNS stack -if [ "$named" = 'yes' ]; then - write_config_value "DNS_SYSTEM" "bind9" -fi - -# Mail stack -if [ "$exim" = 'yes' ]; then - write_config_value "MAIL_SYSTEM" "exim4" - if [ "$clamd" = 'yes' ]; then - write_config_value "ANTIVIRUS_SYSTEM" "clamav-daemon" - fi - if [ "$spamd" = 'yes' ]; then - if [ "$release" = '10' ] || [ "$release" = '11' ]; then - write_config_value "ANTISPAM_SYSTEM" "spamassassin" - else - write_config_value "ANTISPAM_SYSTEM" "spamd" - fi - fi - if [ "$dovecot" = 'yes' ]; then - write_config_value "IMAP_SYSTEM" "dovecot" - fi - if [ "$sieve" = 'yes' ]; then - write_config_value "SIEVE_SYSTEM" "yes" - fi -fi - -# Cron daemon -write_config_value "CRON_SYSTEM" "cron" - -# Firewall stack -if [ "$iptables" = 'yes' ]; then - write_config_value "FIREWALL_SYSTEM" "iptables" -fi -if [ "$iptables" = 'yes' ] && [ "$fail2ban" = 'yes' ]; then - write_config_value "FIREWALL_EXTENSION" "fail2ban" -fi - -# Disk quota -if [ "$quota" = 'yes' ]; then - write_config_value "DISK_QUOTA" "yes" -else - write_config_value "DISK_QUOTA" "no" -fi - -# Backups -write_config_value "BACKUP_SYSTEM" "local" -write_config_value "BACKUP_GZIP" "4" -write_config_value "BACKUP_MODE" "zstd" - -# Language -write_config_value "LANGUAGE" "$lang" - -# Login in screen -write_config_value "LOGIN_STYLE" "default" - -# Theme -write_config_value "THEME" "dark" - -# Inactive session timeout -write_config_value "INACTIVE_SESSION_TIMEOUT" "60" - -# Version & Release Branch -write_config_value "VERSION" "${HESTIA_INSTALL_VER}" -write_config_value "RELEASE_BRANCH" "release" - -# Email notifications after upgrade -write_config_value "UPGRADE_SEND_EMAIL" "true" -write_config_value "UPGRADE_SEND_EMAIL_LOG" "false" - -# Installing hosting packages -cp -rf $HESTIA_COMMON_DIR/packages $HESTIA/data/ - -# Update nameservers in hosting package -IFS='.' read -r -a domain_elements <<< "$servername" -if [ -n "${domain_elements[-2]}" ] && [ -n "${domain_elements[-1]}" ]; then - serverdomain="${domain_elements[-2]}.${domain_elements[-1]}" - sed -i s/"domain.tld"/"$serverdomain"/g $HESTIA/data/packages/*.pkg -fi - -# Installing templates -cp -rf $HESTIA_INSTALL_DIR/templates $HESTIA/data/ -cp -rf $HESTIA_COMMON_DIR/templates/web/ $HESTIA/data/templates -cp -rf $HESTIA_COMMON_DIR/templates/dns/ $HESTIA/data/templates - -mkdir -p /var/www/html -mkdir -p /var/www/document_errors - -# Install default success page -cp -rf $HESTIA_COMMON_DIR/templates/web/unassigned/index.html /var/www/html/ -cp -rf $HESTIA_COMMON_DIR/templates/web/skel/document_errors/* /var/www/document_errors/ - -# Installing firewall rules -cp -rf $HESTIA_COMMON_DIR/firewall $HESTIA/data/ -rm -f $HESTIA/data/firewall/ipset/blacklist.sh $HESTIA/data/firewall/ipset/blacklist.ipv6.sh - -# Installing apis -cp -rf $HESTIA_COMMON_DIR/api $HESTIA/data/ - -# Configuring server hostname -$HESTIA/bin/v-change-sys-hostname $servername > /dev/null 2>&1 - -# Configuring global OpenSSL options -echo "[ * ] Configuring OpenSSL to improve TLS performance..." -tls13_ciphers="TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384" -if [ "$release" = "10" ] || [ "$release" = "11" ]; then - sed -i '/^system_default = system_default_sect$/a system_default = hestia_openssl_sect\n\n[hestia_openssl_sect]\nCiphersuites = '"$tls13_ciphers"'\nOptions = PrioritizeChaCha' /etc/ssl/openssl.cnf -elif [ "$release" = "12" ]; then - if ! grep -qw "^ssl_conf = ssl_sect$" /etc/ssl/openssl.cnf 2> /dev/null; then - sed -i '/providers = provider_sect$/a ssl_conf = ssl_sect' /etc/ssl/openssl.cnf - fi - if ! grep -qw "^[ssl_sect]$" /etc/ssl/openssl.cnf 2> /dev/null; then - sed -i '$a \\n[ssl_sect]\nsystem_default = hestia_openssl_sect\n\n[hestia_openssl_sect]\nCiphersuites = '"$tls13_ciphers"'\nOptions = PrioritizeChaCha' /etc/ssl/openssl.cnf - elif grep -qw "^system_default = system_default_sect$" /etc/ssl/openssl.cnf 2> /dev/null; then - sed -i '/^system_default = system_default_sect$/a system_default = hestia_openssl_sect\n\n[hestia_openssl_sect]\nCiphersuites = '"$tls13_ciphers"'\nOptions = PrioritizeChaCha' /etc/ssl/openssl.cnf - fi -fi - -# Generating SSL certificate -echo "[ * ] Generating default self-signed SSL certificate..." -$HESTIA/bin/v-generate-ssl-cert $(hostname) '' 'US' 'California' \ - 'San Francisco' 'Hestia Control Panel' 'IT' > /tmp/hst.pem - -crt_end=$(grep -n "END CERTIFICATE-" /tmp/hst.pem | cut -f 1 -d:) -if [ "$release" = "12" ]; then - key_start=$(grep -n "BEGIN PRIVATE KEY" /tmp/hst.pem | cut -f 1 -d:) - key_end=$(grep -n "END PRIVATE KEY" /tmp/hst.pem | cut -f 1 -d:) -else - key_start=$(grep -n "BEGIN RSA" /tmp/hst.pem | cut -f 1 -d:) - key_end=$(grep -n "END RSA" /tmp/hst.pem | cut -f 1 -d:) -fi - -# Adding SSL certificate -echo "[ * ] Adding SSL certificate to Hestia Control Panel..." -cd $HESTIA/ssl -sed -n "1,${crt_end}p" /tmp/hst.pem > certificate.crt -sed -n "$key_start,${key_end}p" /tmp/hst.pem > certificate.key -chown root:mail $HESTIA/ssl/* -chmod 660 $HESTIA/ssl/* -rm /tmp/hst.pem - -# Install dhparam.pem -cp -f $HESTIA_INSTALL_DIR/ssl/dhparam.pem /etc/ssl - -# Deleting old admin user -if [ -n "$(grep ^admin: /etc/passwd)" ] && [ "$force" = 'yes' ]; then - chattr -i /home/admin/conf > /dev/null 2>&1 - userdel -f admin > /dev/null 2>&1 - chattr -i /home/admin/conf > /dev/null 2>&1 - mv -f /home/admin $hst_backups/home/ > /dev/null 2>&1 - rm -f /tmp/sess_* > /dev/null 2>&1 -fi -if [ -n "$(grep ^admin: /etc/group)" ] && [ "$force" = 'yes' ]; then - groupdel admin > /dev/null 2>&1 -fi - -# Enable sftp jail -echo "[ * ] Enabling SFTP jail..." -$HESTIA/bin/v-add-sys-sftp-jail > /dev/null 2>&1 -check_result $? "can't enable sftp jail" - -# Adding Hestia admin account -echo "[ * ] Creating default admin account..." -$HESTIA/bin/v-add-user admin $vpass $email "system" "System Administrator" -check_result $? "can't create admin user" -$HESTIA/bin/v-change-user-shell admin nologin -$HESTIA/bin/v-change-user-role admin admin -$HESTIA/bin/v-change-user-language admin $lang -$HESTIA/bin/v-change-sys-config-value 'POLICY_SYSTEM_PROTECTED_ADMIN' 'yes' - -#----------------------------------------------------------# -# Configure Nginx # -#----------------------------------------------------------# - -echo "[ * ] Configuring NGINX..." -rm -f /etc/nginx/conf.d/*.conf -cp -f $HESTIA_INSTALL_DIR/nginx/nginx.conf /etc/nginx/ -cp -f $HESTIA_INSTALL_DIR/nginx/status.conf /etc/nginx/conf.d/ -cp -f $HESTIA_INSTALL_DIR/nginx/0rtt-anti-replay.conf /etc/nginx/conf.d/ -cp -f $HESTIA_INSTALL_DIR/nginx/agents.conf /etc/nginx/conf.d/ -cp -f $HESTIA_INSTALL_DIR/nginx/phpmyadmin.inc /etc/nginx/conf.d/ -cp -f $HESTIA_INSTALL_DIR/nginx/phppgadmin.inc /etc/nginx/conf.d/ -cp -f $HESTIA_INSTALL_DIR/logrotate/nginx /etc/logrotate.d/ -mkdir -p /etc/nginx/conf.d/domains -mkdir -p /etc/nginx/conf.d/main -mkdir -p /etc/nginx/modules-enabled -mkdir -p /var/log/nginx/domains - -# Update dns servers in nginx.conf -for nameserver in $(grep -is '^nameserver' /etc/resolv.conf | cut -d' ' -f2 | tr '\r\n' ' ' | xargs); do - if [[ "$nameserver" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; then - if [ -z "$resolver" ]; then - resolver="$nameserver" - else - resolver="$resolver $nameserver" - fi - fi -done -if [ -n "$resolver" ]; then - sed -i "s/1.0.0.1 8.8.4.4 1.1.1.1 8.8.8.8/$resolver/g" /etc/nginx/nginx.conf -fi - -# https://github.com/ergin/nginx-cloudflare-real-ip/ -cf_ips="$(curl -fsLm5 --retry 2 https://api.cloudflare.com/client/v4/ips)" - -if [ -n "$cf_ips" ] && [ "$(echo "$cf_ips" | jq -r '.success//""')" = "true" ]; then - cf_inc="/etc/nginx/conf.d/cloudflare.inc" - - echo "[ * ] Updating Cloudflare IP Ranges for Nginx..." - echo "# Cloudflare IP Ranges" > $cf_inc - echo "" >> $cf_inc - echo "# IPv4" >> $cf_inc - for ipv4 in $(echo "$cf_ips" | jq -r '.result.ipv4_cidrs[]//""' | sort); do - echo "set_real_ip_from $ipv4;" >> $cf_inc - done - echo "" >> $cf_inc - echo "# IPv6" >> $cf_inc - for ipv6 in $(echo "$cf_ips" | jq -r '.result.ipv6_cidrs[]//""' | sort); do - echo "set_real_ip_from $ipv6;" >> $cf_inc - done - echo "" >> $cf_inc - echo "real_ip_header CF-Connecting-IP;" >> $cf_inc -fi - -update-rc.d nginx defaults > /dev/null 2>&1 -systemctl start nginx >> $LOG -check_result $? "nginx start failed" - -#----------------------------------------------------------# -# Configure Apache # -#----------------------------------------------------------# - -if [ "$apache" = 'yes' ]; then - echo "[ * ] Configuring Apache Web Server..." - - mkdir -p /etc/apache2/conf.d - mkdir -p /etc/apache2/conf.d/domains - - # Copy configuration files - cp -f $HESTIA_INSTALL_DIR/apache2/apache2.conf /etc/apache2/ - cp -f $HESTIA_INSTALL_DIR/apache2/status.conf /etc/apache2/mods-available/hestia-status.conf - cp -f /etc/apache2/mods-available/status.load /etc/apache2/mods-available/hestia-status.load - cp -f $HESTIA_INSTALL_DIR/logrotate/apache2 /etc/logrotate.d/ - - # Enable needed modules - a2enmod rewrite > /dev/null 2>&1 - a2enmod suexec > /dev/null 2>&1 - a2enmod ssl > /dev/null 2>&1 - a2enmod actions > /dev/null 2>&1 - a2dismod --quiet status > /dev/null 2>&1 - a2enmod --quiet hestia-status > /dev/null 2>&1 - - # Enable mod_ruid/mpm_itk or mpm_event - if [ "$phpfpm" = 'yes' ]; then - # Disable prefork and php, enable event - a2dismod php$fpm_v > /dev/null 2>&1 - a2dismod mpm_prefork > /dev/null 2>&1 - a2enmod mpm_event > /dev/null 2>&1 - cp -f $HESTIA_INSTALL_DIR/apache2/hestia-event.conf /etc/apache2/conf.d/ - else - a2enmod mpm_itk > /dev/null 2>&1 - fi - - echo "# Powered by hestia" > /etc/apache2/sites-available/default - echo "# Powered by hestia" > /etc/apache2/sites-available/default-ssl - echo "# Powered by hestia" > /etc/apache2/ports.conf - echo -e "/home\npublic_html/cgi-bin" > /etc/apache2/suexec/www-data - touch /var/log/apache2/access.log /var/log/apache2/error.log - mkdir -p /var/log/apache2/domains - chmod a+x /var/log/apache2 - chmod 640 /var/log/apache2/access.log /var/log/apache2/error.log - chmod 751 /var/log/apache2/domains - - # Prevent remote access to server-status page - sed -i '/Allow from all/d' /etc/apache2/mods-available/hestia-status.conf - - update-rc.d apache2 defaults > /dev/null 2>&1 - systemctl start apache2 >> $LOG - check_result $? "apache2 start failed" -else - update-rc.d apache2 disable > /dev/null 2>&1 - systemctl stop apache2 > /dev/null 2>&1 -fi - -#----------------------------------------------------------# -# Configure PHP-FPM # -#----------------------------------------------------------# - -if [ "$phpfpm" = "yes" ]; then - if [ "$multiphp" = 'yes' ]; then - for v in "${multiphp_v[@]}"; do - echo "[ * ] Installing PHP $v..." - $HESTIA/bin/v-add-web-php "$v" > /dev/null 2>&1 - done - else - echo "[ * ] Installing PHP $fpm_v..." - $HESTIA/bin/v-add-web-php "$fpm_v" > /dev/null 2>&1 - fi - - echo "[ * ] Configuring PHP-FPM $fpm_v..." - # Create www.conf for webmail and php(*)admin - cp -f $HESTIA_INSTALL_DIR/php-fpm/www.conf /etc/php/$fpm_v/fpm/pool.d/www.conf - update-rc.d php$fpm_v-fpm defaults > /dev/null 2>&1 - systemctl start php$fpm_v-fpm >> $LOG - check_result $? "php-fpm start failed" - # Set default php version to $fpm_v - update-alternatives --set php /usr/bin/php$fpm_v > /dev/null 2>&1 -fi - -#----------------------------------------------------------# -# Configure PHP # -#----------------------------------------------------------# - -echo "[ * ] Configuring PHP..." -ZONE=$(timedatectl > /dev/null 2>&1 | grep Timezone | awk '{print $2}') -if [ -z "$ZONE" ]; then - ZONE='UTC' -fi -for pconf in $(find /etc/php* -name php.ini); do - sed -i "s%;date.timezone =%date.timezone = $ZONE%g" $pconf - sed -i 's%_open_tag = Off%_open_tag = On%g' $pconf -done - -# Cleanup php session files not changed in the last 7 days (60*24*7 minutes) -echo '#!/bin/sh' > /etc/cron.daily/php-session-cleanup -echo "find -O3 /home/*/tmp/ -ignore_readdir_race -depth -mindepth 1 -name 'sess_*' -type f -cmin '+10080' -delete > /dev/null 2>&1" >> /etc/cron.daily/php-session-cleanup -echo "find -O3 $HESTIA/data/sessions/ -ignore_readdir_race -depth -mindepth 1 -name 'sess_*' -type f -cmin '+10080' -delete > /dev/null 2>&1" >> /etc/cron.daily/php-session-cleanup -chmod 755 /etc/cron.daily/php-session-cleanup - -#----------------------------------------------------------# -# Configure Vsftpd # -#----------------------------------------------------------# - -if [ "$vsftpd" = 'yes' ]; then - echo "[ * ] Configuring Vsftpd server..." - cp -f $HESTIA_INSTALL_DIR/vsftpd/vsftpd.conf /etc/ - touch /var/log/vsftpd.log - chown root:adm /var/log/vsftpd.log - chmod 640 /var/log/vsftpd.log - touch /var/log/xferlog - chown root:adm /var/log/xferlog - chmod 640 /var/log/xferlog - update-rc.d vsftpd defaults > /dev/null 2>&1 - systemctl start vsftpd >> $LOG - check_result $? "vsftpd start failed" -fi - -#----------------------------------------------------------# -# Configure ProFTPD # -#----------------------------------------------------------# - -if [ "$proftpd" = 'yes' ]; then - echo "[ * ] Configuring ProFTPD server..." - echo "127.0.0.1 $servername" >> /etc/hosts - cp -f $HESTIA_INSTALL_DIR/proftpd/proftpd.conf /etc/proftpd/ - cp -f $HESTIA_INSTALL_DIR/proftpd/tls.conf /etc/proftpd/ - - # Disable TLS 1.3 support for ProFTPD versions older than v1.3.7a - if [ "$release" -eq 10 ]; then - sed -i 's/TLSProtocol TLSv1.2 TLSv1.3/TLSProtocol TLSv1.2/' /etc/proftpd/tls.conf - fi - - update-rc.d proftpd defaults > /dev/null 2>&1 - systemctl start proftpd >> $LOG - check_result $? "proftpd start failed" - - if [ "$release" -eq 11 ]; then - unit_files="$(systemctl list-unit-files | grep proftpd)" - if [[ "$unit_files" =~ "disabled" ]]; then - systemctl enable proftpd - fi - fi - - if [ "$release" -eq 12 ]; then - systemctl disable --now proftpd.socket - systemctl enable --now proftpd.service - fi -fi - -#----------------------------------------------------------# -# Configure MariaDB / MySQL # -#----------------------------------------------------------# - -if [ "$mysql" = 'yes' ] || [ "$mysql8" = 'yes' ]; then - [ "$mysql" = 'yes' ] && mysql_type="MariaDB" || mysql_type="MySQL" - echo "[ * ] Configuring $mysql_type database server..." - mycnf="my-small.cnf" - if [ $memory -gt 1200000 ]; then - mycnf="my-medium.cnf" - fi - if [ $memory -gt 3900000 ]; then - mycnf="my-large.cnf" - fi - - if [ "$mysql_type" = 'MariaDB' ]; then - # Run mysql_install_db - mysql_install_db >> $LOG - fi - - # Remove symbolic link - rm -f /etc/mysql/my.cnf - # Configuring MariaDB - cp -f $HESTIA_INSTALL_DIR/mysql/$mycnf /etc/mysql/my.cnf - - # Switch MariaDB inclusions to the MySQL - if [ "$mysql_type" = 'MySQL' ]; then - sed -i '/query_cache_size/d' /etc/mysql/my.cnf - sed -i 's|mariadb.conf.d|mysql.conf.d|g' /etc/mysql/my.cnf - fi - - if [ "$mysql_type" = 'MariaDB' ]; then - update-rc.d mariadb defaults > /dev/null 2>&1 - systemctl -q enable mariadb 2> /dev/null - systemctl start mariadb >> $LOG - check_result $? "${mysql_type,,} start failed" - fi - - if [ "$mysql_type" = 'MySQL' ]; then - update-rc.d mysql defaults > /dev/null 2>&1 - systemctl -q enable mysql 2> /dev/null - systemctl start mysql >> $LOG - check_result $? "${mysql_type,,} start failed" - fi - - # Securing MariaDB/MySQL installation - mpass=$(gen_pass) - echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf - chmod 600 /root/.my.cnf - - if [ -f '/usr/bin/mariadb' ]; then - mysql_server="mariadb" - else - mysql_server="mysql" - fi - # Alter root password - $mysql_server -e "ALTER USER 'root'@'localhost' IDENTIFIED BY '$mpass'; FLUSH PRIVILEGES;" - if [ "$mysql_type" = 'MariaDB' ]; then - # Allow mysql access via socket for startup - $mysql_server -e "UPDATE mysql.global_priv SET priv=json_set(priv, '$.password_last_changed', UNIX_TIMESTAMP(), '$.plugin', 'mysql_native_password', '$.authentication_string', 'invalid', '$.auth_or', json_array(json_object(), json_object('plugin', 'unix_socket'))) WHERE User='root';" - # Disable anonymous users - $mysql_server -e "DELETE FROM mysql.global_priv WHERE User='';" - else - $mysql_server -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH caching_sha2_password BY '$mpass';" - $mysql_server -e "DELETE FROM mysql.user WHERE User='';" - $mysql_server -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" - fi - # Drop test database - $mysql_server -e "DROP DATABASE IF EXISTS test" - $mysql_server -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'" - # Flush privileges - $mysql_server -e "FLUSH PRIVILEGES;" -fi - -#----------------------------------------------------------# -# Configure phpMyAdmin # -#----------------------------------------------------------# - -# Source upgrade.conf with phpmyadmin versions -# shellcheck source=/usr/local/hestia/install/upgrade/upgrade.conf -source $HESTIA/install/upgrade/upgrade.conf - -if [ "$mysql" = 'yes' ] || [ "$mysql8" = 'yes' ]; then - # Display upgrade information - echo "[ * ] Installing phpMyAdmin version v$pma_v..." - - # Download latest phpmyadmin release - wget --quiet --retry-connrefused https://files.phpmyadmin.net/phpMyAdmin/$pma_v/phpMyAdmin-$pma_v-all-languages.tar.gz - - # Unpack files - tar xzf phpMyAdmin-$pma_v-all-languages.tar.gz - - # Create folders - mkdir -p /usr/share/phpmyadmin - mkdir -p /etc/phpmyadmin - mkdir -p /etc/phpmyadmin/conf.d/ - mkdir /usr/share/phpmyadmin/tmp - - # Configuring Apache2 for PHPMYADMIN - if [ "$apache" = 'yes' ]; then - touch /etc/apache2/conf.d/phpmyadmin.inc - fi - - # Overwrite old files - cp -rf phpMyAdmin-$pma_v-all-languages/* /usr/share/phpmyadmin - - # Create copy of config file - cp -f $HESTIA_COMMON_DIR/phpmyadmin/config.inc.php /etc/phpmyadmin/ - mkdir -p /var/lib/phpmyadmin/tmp - chmod 770 /var/lib/phpmyadmin/tmp - chown root:www-data /usr/share/phpmyadmin/tmp - - # Set config and log directory - sed -i "s|'configFile' => ROOT_PATH . 'config.inc.php',|'configFile' => '/etc/phpmyadmin/config.inc.php',|g" /usr/share/phpmyadmin/libraries/vendor_config.php - - # Create temporary folder and change permission - chmod 770 /usr/share/phpmyadmin/tmp - chown root:www-data /usr/share/phpmyadmin/tmp - - # Generate blow fish - blowfish=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 32) - sed -i "s|%blowfish_secret%|$blowfish|" /etc/phpmyadmin/config.inc.php - - # Clean Up - rm -fr phpMyAdmin-$pma_v-all-languages - rm -f phpMyAdmin-$pma_v-all-languages.tar.gz - - write_config_value "DB_PMA_ALIAS" "phpmyadmin" - $HESTIA/bin/v-change-sys-db-alias 'pma' "phpmyadmin" - - # Special thanks to Pavel Galkin (https://skurudo.ru) - # https://github.com/skurudo/phpmyadmin-fixer - # shellcheck source=/usr/local/hestia/install/deb/phpmyadmin/pma.sh - source $HESTIA_COMMON_DIR/phpmyadmin/pma.sh > /dev/null 2>&1 - - # limit access to /etc/phpmyadmin/ - chown -R root:www-data /etc/phpmyadmin/ - chmod -R 640 /etc/phpmyadmin/* - chmod 750 /etc/phpmyadmin/conf.d/ -fi - -#----------------------------------------------------------# -# Configure PostgreSQL # -#----------------------------------------------------------# - -if [ "$postgresql" = 'yes' ]; then - echo "[ * ] Configuring PostgreSQL database server..." - ppass=$(gen_pass) - cp -f $HESTIA_INSTALL_DIR/postgresql/pg_hba.conf /etc/postgresql/*/main/ - systemctl restart postgresql - sudo -iu postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" > /dev/null 2>&1 - - mkdir -p /etc/phppgadmin/ - mkdir -p /usr/share/phppgadmin/ - - wget --retry-connrefused --quiet https://github.com/hestiacp/phppgadmin/releases/download/v$pga_v/phppgadmin-v$pga_v.tar.gz - tar xzf phppgadmin-v$pga_v.tar.gz -C /usr/share/phppgadmin/ - - cp -f $HESTIA_INSTALL_DIR/pga/config.inc.php /etc/phppgadmin/ - - ln -s /etc/phppgadmin/config.inc.php /usr/share/phppgadmin/conf/ - - # Configuring phpPgAdmin - if [ "$apache" = 'yes' ]; then - cp -f $HESTIA_INSTALL_DIR/pga/phppgadmin.conf /etc/apache2/conf.d/phppgadmin.inc - fi - - rm phppgadmin-v$pga_v.tar.gz - write_config_value "DB_PGA_ALIAS" "phppgadmin" - $HESTIA/bin/v-change-sys-db-alias 'pga' "phppgadmin" -fi - -#----------------------------------------------------------# -# Configure Bind # -#----------------------------------------------------------# - -if [ "$named" = 'yes' ]; then - echo "[ * ] Configuring Bind DNS server..." - cp -f $HESTIA_INSTALL_DIR/bind/named.conf /etc/bind/ - cp -f $HESTIA_INSTALL_DIR/bind/named.conf.options /etc/bind/ - chown root:bind /etc/bind/named.conf - chown root:bind /etc/bind/named.conf.options - chown bind:bind /var/cache/bind - chmod 640 /etc/bind/named.conf - chmod 640 /etc/bind/named.conf.options - aa-complain /usr/sbin/named 2> /dev/null - if [ "$apparmor" = 'yes' ]; then - echo "/home/** rwm," >> /etc/apparmor.d/local/usr.sbin.named 2> /dev/null - systemctl status apparmor > /dev/null 2>&1 - if [ $? -ne 0 ]; then - systemctl restart apparmor >> $LOG - fi - fi - update-rc.d bind9 defaults > /dev/null 2>&1 - systemctl start bind9 - check_result $? "bind9 start failed" - - # Workaround for OpenVZ/Virtuozzo - if [ -e "/proc/vz/veinfo" ] && [ -e "/etc/rc.local" ]; then - sed -i "s/^exit 0/service bind9 restart\nexit 0/" /etc/rc.local - fi -fi - -#----------------------------------------------------------# -# Configure Exim # -#----------------------------------------------------------# - -if [ "$exim" = 'yes' ]; then - echo "[ * ] Configuring Exim mail server..." - gpasswd -a Debian-exim mail > /dev/null 2>&1 - exim_version=$(exim4 --version | head -1 | awk '{print $3}' | cut -f -2 -d .) - # if Exim version > 4.9.4 or greater! - if ! version_ge "4.9.5" "$exim_version"; then - cp -f $HESTIA_INSTALL_DIR/exim/exim4.conf.4.95.template /etc/exim4/exim4.conf.template - else - if ! version_ge "4.9.3" "$exim_version"; then - cp -f $HESTIA_INSTALL_DIR/exim/exim4.conf.4.94.template /etc/exim4/exim4.conf.template - else - cp -f $HESTIA_INSTALL_DIR/exim/exim4.conf.template /etc/exim4/ - fi - fi - cp -f $HESTIA_INSTALL_DIR/exim/dnsbl.conf /etc/exim4/ - cp -f $HESTIA_INSTALL_DIR/exim/spam-blocks.conf /etc/exim4/ - cp -f $HESTIA_INSTALL_DIR/exim/limit.conf /etc/exim4/ - cp -f $HESTIA_INSTALL_DIR/exim/system.filter /etc/exim4/ - touch /etc/exim4/white-blocks.conf - - if [ "$spamd" = 'yes' ]; then - sed -i "s/#SPAM/SPAM/g" /etc/exim4/exim4.conf.template - fi - if [ "$clamd" = 'yes' ]; then - sed -i "s/#CLAMD/CLAMD/g" /etc/exim4/exim4.conf.template - fi - - if [ "$release" = 10 ]; then - sed -i "/^smtputf8_advertise_hosts =/d" /etc/exim4/exim4.conf.template - fi - - # Generate SRS KEY If not support just created it will get ignored anyway - srs=$(gen_pass) - echo $srs > /etc/exim4/srs.conf - chmod 640 /etc/exim4/srs.conf - chmod 640 /etc/exim4/exim4.conf.template - chown root:Debian-exim /etc/exim4/srs.conf - - rm -rf /etc/exim4/domains - mkdir -p /etc/exim4/domains - - rm -f /etc/alternatives/mta - ln -s /usr/sbin/exim4 /etc/alternatives/mta - update-rc.d -f sendmail remove > /dev/null 2>&1 - systemctl stop sendmail > /dev/null 2>&1 - update-rc.d -f postfix remove > /dev/null 2>&1 - systemctl stop postfix > /dev/null 2>&1 - update-rc.d exim4 defaults - systemctl start exim4 >> $LOG - check_result $? "exim4 start failed" -fi - -#----------------------------------------------------------# -# Configure Dovecot # -#----------------------------------------------------------# - -if [ "$dovecot" = 'yes' ]; then - echo "[ * ] Configuring Dovecot POP/IMAP mail server..." - gpasswd -a dovecot mail > /dev/null 2>&1 - cp -rf $HESTIA_COMMON_DIR/dovecot /etc/ - cp -f $HESTIA_INSTALL_DIR/logrotate/dovecot /etc/logrotate.d/ - rm -f /etc/dovecot/conf.d/15-mailboxes.conf - chown -R root:root /etc/dovecot* - - #Alter config for 2.2 - version=$(dovecot --version | cut -f -2 -d .) - if [ "$version" = "2.2" ]; then - echo "[ * ] Downgrade dovecot config to sync with 2.2 settings" - sed -i 's|#ssl_dh_parameters_length = 4096|ssl_dh_parameters_length = 4096|g' /etc/dovecot/conf.d/10-ssl.conf - sed -i 's|ssl_dh = > $LOG - check_result $? "dovecot start failed" -fi - -#----------------------------------------------------------# -# Configure ClamAV # -#----------------------------------------------------------# - -if [ "$clamd" = 'yes' ]; then - gpasswd -a clamav mail > /dev/null 2>&1 - gpasswd -a clamav Debian-exim > /dev/null 2>&1 - cp -f $HESTIA_INSTALL_DIR/clamav/clamd.conf /etc/clamav/ - update-rc.d clamav-daemon defaults - if [ ! -d "/run/clamav" ]; then - mkdir /run/clamav - fi - chown -R clamav:clamav /run/clamav - if [ -e "/lib/systemd/system/clamav-daemon.service" ]; then - exec_pre1='ExecStartPre=-/bin/mkdir -p /run/clamav' - exec_pre2='ExecStartPre=-/bin/chown -R clamav:clamav /run/clamav' - sed -i "s|\[Service\]|[Service]\n$exec_pre1\n$exec_pre2|g" \ - /lib/systemd/system/clamav-daemon.service - systemctl daemon-reload - fi - systemctl start clamav-daemon > /dev/null 2>&1 - sleep 1 - systemctl status clamav-daemon > /dev/null 2>&1 - echo -ne "[ * ] Installing ClamAV anti-virus definitions... " - /usr/bin/freshclam >> $LOG > /dev/null 2>&1 - BACK_PID=$! - spin_i=1 - while kill -0 $BACK_PID > /dev/null 2>&1; do - printf "\b${spinner:spin_i++%${#spinner}:1}" - sleep 0.5 - done - echo - systemctl start clamav-daemon >> $LOG - check_result $? "clamav-daemon start failed" -fi - -#----------------------------------------------------------# -# Configure SpamAssassin # -#----------------------------------------------------------# - -if [ "$spamd" = 'yes' ]; then - echo "[ * ] Configuring SpamAssassin..." - update-rc.d spamassassin defaults > /dev/null 2>&1 - if [ "$release" = "10" ] || [ "$release" = "11" ]; then - update-rc.d spamassassin enable > /dev/null 2>&1 - systemctl start spamassassin >> $LOG - check_result $? "spamassassin start failed" - unit_files="$(systemctl list-unit-files | grep spamassassin)" - if [[ "$unit_files" =~ "disabled" ]]; then - systemctl enable spamassassin > /dev/null 2>&1 - fi - sed -i "s/#CRON=1/CRON=1/" /etc/default/spamassassin - else - # Deb 12+ renamed to spamd - update-rc.d spamd enable > /dev/null 2>&1 - systemctl start spamd >> $LOG - unit_files="$(systemctl list-unit-files | grep spamd)" - if [[ "$unit_files" =~ "disabled" ]]; then - systemctl enable spamd > /dev/null 2>&1 - fi - - fi -fi - -#----------------------------------------------------------# -# Configure Fail2Ban # -#----------------------------------------------------------# - -if [ "$fail2ban" = 'yes' ]; then - echo "[ * ] Configuring fail2ban access monitor..." - cp -rf $HESTIA_INSTALL_DIR/fail2ban /etc/ - if [ "$dovecot" = 'no' ]; then - fline=$(cat /etc/fail2ban/jail.local | grep -n dovecot-iptables -A 2) - fline=$(echo "$fline" | grep enabled | tail -n1 | cut -f 1 -d -) - sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local - fi - if [ "$exim" = 'no' ]; then - fline=$(cat /etc/fail2ban/jail.local | grep -n exim-iptables -A 2) - fline=$(echo "$fline" | grep enabled | tail -n1 | cut -f 1 -d -) - sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local - fi - if [ "$vsftpd" = 'yes' ]; then - # Create vsftpd Log File - if [ ! -f "/var/log/vsftpd.log" ]; then - touch /var/log/vsftpd.log - fi - fline=$(cat /etc/fail2ban/jail.local | grep -n vsftpd-iptables -A 2) - fline=$(echo "$fline" | grep enabled | tail -n1 | cut -f 1 -d -) - sed -i "${fline}s/false/true/" /etc/fail2ban/jail.local - fi - if [ ! -e /var/log/auth.log ]; then - # Debian workaround: auth logging was moved to systemd - touch /var/log/auth.log - chmod 640 /var/log/auth.log - chown root:adm /var/log/auth.log - fi - if [ -f /etc/fail2ban/jail.d/defaults-debian.conf ]; then - rm -f /etc/fail2ban/jail.d/defaults-debian.conf - fi - - update-rc.d fail2ban defaults - systemctl start fail2ban >> $LOG - check_result $? "fail2ban start failed" -fi - -# Configuring MariaDB/MySQL host -if [ "$mysql" = 'yes' ] || [ "$mysql8" = 'yes' ]; then - $HESTIA/bin/v-add-database-host mysql localhost root $mpass -fi - -# Configuring PostgreSQL host -if [ "$postgresql" = 'yes' ]; then - $HESTIA/bin/v-add-database-host pgsql localhost postgres $ppass -fi - -#----------------------------------------------------------# -# Install Roundcube # -#----------------------------------------------------------# - -# Min requirements Dovecot + Exim + Mysql -if ([ "$mysql" == 'yes' ] || [ "$mysql8" == 'yes' ]) && [ "$dovecot" == "yes" ]; then - echo "[ * ] Installing Roundcube..." - $HESTIA/bin/v-add-sys-roundcube - write_config_value "WEBMAIL_ALIAS" "webmail" -else - write_config_value "WEBMAIL_ALIAS" "" - write_config_value "WEBMAIL_SYSTEM" "" -fi - -#----------------------------------------------------------# -# Install Sieve # -#----------------------------------------------------------# - -# Min requirements Dovecot + Exim + Mysql + Roundcube -if [ "$sieve" = 'yes' ]; then - # Folder paths - RC_INSTALL_DIR="/var/lib/roundcube" - RC_CONFIG_DIR="/etc/roundcube" - - echo "[ * ] Installing Sieve Mail Filter..." - - # dovecot.conf install - sed -i "s/namespace/service stats \{\n unix_listener stats-writer \{\n group = mail\n mode = 0660\n user = dovecot\n \}\n\}\n\nnamespace/g" /etc/dovecot/dovecot.conf - - # Dovecot conf files - # 10-master.conf - sed -i -E -z "s/ }\n user = dovecot\n}/ \}\n unix_listener auth-master \{\n group = mail\n mode = 0660\n user = dovecot\n \}\n user = dovecot\n\}/g" /etc/dovecot/conf.d/10-master.conf - # 15-lda.conf - sed -i "s/\#mail_plugins = \\\$mail_plugins/mail_plugins = \$mail_plugins quota sieve\n auth_socket_path = \/var\/run\/dovecot\/auth-master/g" /etc/dovecot/conf.d/15-lda.conf - # 20-imap.conf - sed -i "s/mail_plugins = quota imap_quota/mail_plugins = quota imap_quota imap_sieve/g" /etc/dovecot/conf.d/20-imap.conf - - # Replace dovecot-sieve config files - cp -f $HESTIA_COMMON_DIR/dovecot/sieve/* /etc/dovecot/conf.d - - # Dovecot default file install - echo -e "require [\"fileinto\"];\n# rule:[SPAM]\nif header :contains \"X-Spam-Flag\" \"YES\" {\n fileinto \"INBOX.Spam\";\n}\n" > /etc/dovecot/sieve/default - - # exim4 install - sed -i "s/\stransport = local_delivery/ transport = dovecot_virtual_delivery/" /etc/exim4/exim4.conf.template - sed -i "s/address_pipe:/dovecot_virtual_delivery:\n driver = pipe\n command = \/usr\/lib\/dovecot\/dovecot-lda -e -d \${extract{1}{:}{\${lookup{\$local_part}lsearch{\/etc\/exim4\/domains\/\${lookup{\$domain}dsearch{\/etc\/exim4\/domains\/}}\/accounts}}}}@\${lookup{\$domain}dsearch{\/etc\/exim4\/domains\/}}\n delivery_date_add\n envelope_to_add\n return_path_add\n log_output = true\n log_defer_output = true\n user = \${extract{2}{:}{\${lookup{\$local_part}lsearch{\/etc\/exim4\/domains\/\${lookup{\$domain}dsearch{\/etc\/exim4\/domains\/}}\/passwd}}}}\n group = mail\n return_output\n\naddress_pipe:/g" /etc/exim4/exim4.conf.template - - # Permission changes - chown -R dovecot:mail /var/log/dovecot.log - chmod 660 /var/log/dovecot.log - - if [ -d "/var/lib/roundcube" ]; then - # Modify Roundcube config - mkdir -p $RC_CONFIG_DIR/plugins/managesieve - cp -f $HESTIA_COMMON_DIR/roundcube/plugins/config_managesieve.inc.php $RC_CONFIG_DIR/plugins/managesieve/config.inc.php - ln -s $RC_CONFIG_DIR/plugins/managesieve/config.inc.php $RC_INSTALL_DIR/plugins/managesieve/config.inc.php - chown -R root:www-data $RC_CONFIG_DIR/ - chmod 751 -R $RC_CONFIG_DIR - chmod 644 $RC_CONFIG_DIR/*.php - chmod 644 $RC_CONFIG_DIR/plugins/managesieve/config.inc.php - sed -i "s/\"archive\"/\"archive\", \"managesieve\"/g" $RC_CONFIG_DIR/config.inc.php - fi - - # Restart Dovecot and exim4 - systemctl restart dovecot > /dev/null 2>&1 - systemctl restart exim4 > /dev/null 2>&1 -fi - -#----------------------------------------------------------# -# Configure API # -#----------------------------------------------------------# - -if [ "$api" = "yes" ]; then - # Keep legacy api enabled until transition is complete - write_config_value "API" "yes" - write_config_value "API_SYSTEM" "1" - write_config_value "API_ALLOWED_IP" "" -else - write_config_value "API" "no" - write_config_value "API_SYSTEM" "0" - write_config_value "API_ALLOWED_IP" "" - $HESTIA/bin/v-change-sys-api disable -fi - -#----------------------------------------------------------# -# Configure File Manager # -#----------------------------------------------------------# - -echo "[ * ] Configuring File Manager..." -$HESTIA/bin/v-add-sys-filemanager quiet - -#----------------------------------------------------------# -# Configure dependencies # -#----------------------------------------------------------# - -echo "[ * ] Configuring PHP dependencies..." -$HESTIA/bin/v-add-sys-dependencies quiet - -echo "[ * ] Installing Rclone..." -curl -s https://rclone.org/install.sh | bash > /dev/null 2>&1 - -#----------------------------------------------------------# -# Configure IP # -#----------------------------------------------------------# - -# Configuring system IPs -echo "[ * ] Configuring System IP..." -$HESTIA/bin/v-update-sys-ip > /dev/null 2>&1 - -# Get primary IP -default_nic="$(ip -d -j route show | jq -r '.[] | if .dst == "default" then .dev else empty end')" -# IPv4 -primary_ipv4="$(ip -4 -d -j addr show "$default_nic" | jq -r '.[] | select(length > 0) | .addr_info[] | if .scope == "global" then .local else empty end' | head -n1)" -# IPv6 -#primary_ipv6="$(ip -6 -d -j addr show "$default_nic" | jq -r '.[] | select(length > 0) | .addr_info[] | if .scope == "global" then .local else empty end' | head -n1)" -ip="$primary_ipv4" -local_ip="$primary_ipv4" - -# Configuring firewall -if [ "$iptables" = 'yes' ]; then - $HESTIA/bin/v-update-firewall -fi - -# Get public IP -pub_ipv4="$(curl -fsLm5 --retry 2 --ipv4 -H "Simple-Hestiacp: yes" https://hestiaip.brepo.ru/)" -if [ -n "$pub_ipv4" ] && [ "$pub_ipv4" != "$ip" ]; then - if [ -e /etc/rc.local ]; then - sed -i '/exit 0/d' /etc/rc.local - else - touch /etc/rc.local - fi - - check_rclocal=$(cat /etc/rc.local | grep "#!") - if [ -z "$check_rclocal" ]; then - echo "#!/bin/sh" >> /etc/rc.local - fi - - # Fix for Proxmox VE containers where hostname is reset to non-FQDN format on reboot - check_pve=$(uname -r | grep pve) - if [ ! -z "$check_pve" ]; then - echo 'hostname=$(hostname --fqdn)' >> /etc/rc.local - echo ""$HESTIA/bin/v-change-sys-hostname" "'"$hostname"'"" >> /etc/rc.local - fi - echo "$HESTIA/bin/v-update-sys-ip" >> /etc/rc.local - echo "exit 0" >> /etc/rc.local - chmod +x /etc/rc.local - systemctl enable rc-local > /dev/null 2>&1 - $HESTIA/bin/v-change-sys-ip-nat "$ip" "$pub_ipv4" > /dev/null 2>&1 - ip="$pub_ipv4" -fi - -# Configuring libapache2-mod-remoteip -if [ "$apache" = 'yes' ] && [ "$nginx" = 'yes' ]; then - cd /etc/apache2/mods-available - echo "" > remoteip.conf - echo " RemoteIPHeader X-Real-IP" >> remoteip.conf - if [ "$local_ip" != "127.0.0.1" ] && [ "$pub_ipv4" != "127.0.0.1" ]; then - echo " RemoteIPInternalProxy 127.0.0.1" >> remoteip.conf - fi - if [ -n "$local_ip" ] && [ "$local_ip" != "$pub_ipv4" ]; then - echo " RemoteIPInternalProxy $local_ip" >> remoteip.conf - fi - if [ -n "$pub_ipv4" ]; then - echo " RemoteIPInternalProxy $pub_ipv4" >> remoteip.conf - fi - echo "" >> remoteip.conf - sed -i "s/LogFormat \"%h/LogFormat \"%a/g" /etc/apache2/apache2.conf - a2enmod remoteip >> $LOG - systemctl restart apache2 -fi - -# Adding default domain -$HESTIA/bin/v-add-web-domain admin "$servername" "$ip" -check_result $? "can't create $servername domain" - -# Adding cron jobs -export SCHEDULED_RESTART="yes" -command="sudo $HESTIA/bin/v-update-sys-queue restart" -$HESTIA/bin/v-add-cron-job 'admin' '*/2' '*' '*' '*' '*' "$command" -systemctl restart cron - -command="sudo $HESTIA/bin/v-update-sys-queue daily" -$HESTIA/bin/v-add-cron-job 'admin' '10' '00' '*' '*' '*' "$command" -command="sudo $HESTIA/bin/v-update-sys-queue disk" -$HESTIA/bin/v-add-cron-job 'admin' '15' '02' '*' '*' '*' "$command" -command="sudo $HESTIA/bin/v-update-sys-queue traffic" -$HESTIA/bin/v-add-cron-job 'admin' '10' '00' '*' '*' '*' "$command" -command="sudo $HESTIA/bin/v-update-sys-queue webstats" -$HESTIA/bin/v-add-cron-job 'admin' '30' '03' '*' '*' '*' "$command" -command="sudo $HESTIA/bin/v-update-sys-queue backup" -$HESTIA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" -command="sudo $HESTIA/bin/v-backup-users" -$HESTIA/bin/v-add-cron-job 'admin' '10' '05' '*' '*' '*' "$command" -command="sudo $HESTIA/bin/v-update-user-stats" -$HESTIA/bin/v-add-cron-job 'admin' '20' '00' '*' '*' '*' "$command" -command="sudo $HESTIA/bin/v-update-sys-rrd" -$HESTIA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" -command="sudo $HESTIA/bin/v-update-letsencrypt-ssl" -min=$(gen_pass '012345' '2') -hour=$(gen_pass '1234567' '1') -$HESTIA/bin/v-add-cron-job 'admin' "$min" "$hour" '*' '*' '*' "$command" - -# Enable automatic updates -$HESTIA/bin/v-add-cron-hestia-autoupdate apt - -# Building initital rrd images -$HESTIA/bin/v-update-sys-rrd - -# Enabling file system quota -if [ "$quota" = 'yes' ]; then - $HESTIA/bin/v-add-sys-quota -fi - -# Set backend port -$HESTIA/bin/v-change-sys-port $port > /dev/null 2>&1 - -# Create default configuration files -$HESTIA/bin/v-update-sys-defaults - -# Update remaining packages since repositories have changed -echo -ne "[ * ] Installing remaining software updates..." -apt-get -qq update -apt-get -y upgrade >> $LOG & -BACK_PID=$! -echo - -# Starting Hestia service -update-rc.d hestia defaults -systemctl start hestia -check_result $? "hestia start failed" -chown admin:admin $HESTIA/data/sessions - -# Create backup folder and set correct permission -mkdir -p /backup/ -chmod 755 /backup/ - -# Create cronjob to generate ssl -echo "@reboot root sleep 10 && rm /etc/cron.d/hestia-ssl && PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:' && /usr/local/hestia/bin/v-add-letsencrypt-host" > /etc/cron.d/hestia-ssl - -#----------------------------------------------------------# -# Set hestia.conf default values # -#----------------------------------------------------------# - -echo "[ * ] Updating configuration files..." - -BIN="$HESTIA/bin" -source $HESTIA/func/syshealth.sh -syshealth_repair_system_config - -# Add /usr/local/hestia/bin/ to path variable -echo 'if [ "${PATH#*/usr/local/hestia/bin*}" = "$PATH" ]; then - . /etc/profile.d/hestia.sh -fi' >> /root/.bashrc - -#----------------------------------------------------------# -# Hestia Access Info # -#----------------------------------------------------------# - -# Comparing hostname and IP -host_ip=$(host $servername | head -n 1 | awk '{print $NF}') -if [ "$host_ip" = "$ip" ]; then - ip="$servername" -fi - -echo -e "\n" -echo "====================================================================" -echo -e "\n" - -# Sending notification to admin email -echo -e "Congratulations! - -You have successfully installed Hestia Control Panel on your server. - -Ready to get started? Log in using the following credentials: - - Admin URL: https://$servername:$port" > $tmpfile -if [ "$host_ip" != "$ip" ]; then - echo " Backup URL: https://$ip:$port" >> $tmpfile -fi -echo -e -n " Username: admin - Password: $displaypass - -Thank you for choosing Hestia Control Panel to power your full stack web server, -we hope that you enjoy using it as much as we do! - -Please feel free to contact us at any time if you have any questions, -or if you encounter any bugs or problems: - -Documentation: https://docs.hestiacp.com/ -Forum: https://forum.hestiacp.com/ -GitHub: https://www.github.com/hestiacp/hestiacp - -Note: Automatic updates are enabled by default. If you would like to disable them, -please log in and navigate to Server > Updates to turn them off. - -Help support the Hestia Control Panel project by donating via PayPal: -https://www.hestiacp.com/donate - --- -Sincerely yours, -The Hestia Control Panel development team - -Made with love & pride by the open-source community around the world. -" >> $tmpfile - -send_mail="$HESTIA/web/inc/mail-wrapper.php" -cat $tmpfile | $send_mail -s "Hestia Control Panel" $email - -# Congrats -echo -cat $tmpfile -rm -f $tmpfile - -# Add welcome message to notification panel -$HESTIA/bin/v-add-user-notification admin 'Welcome to Hestia Control Panel!' '

You are now ready to begin adding user accounts and domains. For help and assistance, view the documentation or visit our forum.

Please report any issues via GitHub.

Have a wonderful day!

The Hestia Control Panel development team

' - -# Clean-up -# Sort final configuration file -sort_config_file - -if [ "$interactive" = 'yes' ]; then - echo "[ ! ] IMPORTANT: The system will now reboot to complete the installation process." - read -n 1 -s -r -p "Press any key to continue" - reboot -else - echo "[ ! ] IMPORTANT: You must restart the system before continuing!" -fi -# EOF diff --git a/install/hst-install-rhel.sh b/install/hst-install-rhel.sh index e763138..7f23c37 100755 --- a/install/hst-install-rhel.sh +++ b/install/hst-install-rhel.sh @@ -1336,11 +1336,18 @@ if [ "$apache" = 'yes' ]; then fi # IDK why those modules still here, but ok. if they are disabled by default - sed 's/^LoadModule suexec_module/#LoadModule suexec_module/' -i /etc/httpd/conf.modules.d/01-suexec.conf - sed 's/^LoadModule fcgid_module/#LoadModule fcgid_module/' -i /etc/httpd/conf.modules.d/10-fcgid.conf + + if [ -e /etc/httpd/conf.modules.d/01-suexec.conf ]; then + sed 's/^LoadModule suexec_module/#LoadModule suexec_module/' -i /etc/httpd/conf.modules.d/01-suexec.conf + fi + if [ -e /etc/httpd/conf.modules.d/10-fcgid.conf ]; then + sed 's/^LoadModule fcgid_module/#LoadModule fcgid_module/' -i /etc/httpd/conf.modules.d/10-fcgid.conf + fi # Switch status loader to custom one - sed 's/^LoadModule status_module/#LoadModule status_module/' -i /etc/httpd/conf.modules.d/00-base.conf + if [ -e /etc/httpd/conf.modules.d/00-base.conf ]; then + sed 's/^LoadModule status_module/#LoadModule status_module/' -i /etc/httpd/conf.modules.d/00-base.conf + fi echo 'LoadModule status_module modules/mod_status.so' > /etc/httpd/conf.modules.d/00-hestia-status.conf if [ "$phpfpm" = 'yes' ]; then diff --git a/install/hst-install-ubuntu.sh b/install/hst-install-ubuntu.sh deleted file mode 100755 index f48564e..0000000 --- a/install/hst-install-ubuntu.sh +++ /dev/null @@ -1,2269 +0,0 @@ -#!/bin/bash - -# ======================================================== # -# -# Hestia Control Panel Installer for Ubuntu -# https://www.hestiacp.com/ -# -# Currently Supported Versions: -# Ubuntu 20.04, 22.04 LTS -# -# ======================================================== # - -#----------------------------------------------------------# -# Variables&Functions # -#----------------------------------------------------------# -export PATH=$PATH:/sbin -export DEBIAN_FRONTEND=noninteractive -RHOST='apt.hestiacp.com' -VERSION='ubuntu' -HESTIA='/usr/local/hestia' -LOG="/root/hst_install_backups/hst_install-$(date +%d%m%Y%H%M).log" -memory=$(grep 'MemTotal' /proc/meminfo | tr ' ' '\n' | grep [0-9]) -hst_backups="/root/hst_install_backups/$(date +%d%m%Y%H%M)" -spinner="/-\|" -os='ubuntu' -release="$(lsb_release -s -r)" -codename="$(lsb_release -s -c)" -architecture="$(arch)" -HESTIA_INSTALL_DIR="$HESTIA/install/deb" -HESTIA_COMMON_DIR="$HESTIA/install/common" -VERBOSE='no' - -# Define software versions -HESTIA_INSTALL_VER='1.9.0~alpha' -# Dependencies -multiphp_v=("5.6" "7.0" "7.1" "7.2" "7.3" "7.4" "8.0" "8.1" "8.2") -fpm_v="8.2" -mariadb_v="10.11" - -# Defining software pack for all distros -software="acl apache2 apache2.2-common apache2-suexec-custom apache2-utils apparmor-utils awstats bc bind9 bsdmainutils bsdutils - clamav-daemon cron curl dnsutils dovecot-imapd dovecot-managesieved dovecot-pop3d dovecot-sieve e2fslibs e2fsprogs - exim4 exim4-daemon-heavy expect fail2ban flex ftp git hestia=${HESTIA_INSTALL_VER} hestia-nginx hestia-php idn2 - imagemagick ipset jq libapache2-mod-fcgid libapache2-mod-php$fpm_v libapache2-mod-rpaf libonig5 libzip4 lsb-release - lsof mariadb-client mariadb-common mariadb-server mc mysql-client mysql-common mysql-server nginx openssh-server - php$fpm_v php$fpm_v-apcu php$fpm_v-bz2 php$fpm_v-cgi php$fpm_v-cli php$fpm_v-common php$fpm_v-curl php$fpm_v-gd - php$fpm_v-imagick php$fpm_v-imap php$fpm_v-intl php$fpm_v-ldap php$fpm_v-mbstring php$fpm_v-mysql php$fpm_v-opcache - php$fpm_v-pgsql php$fpm_v-pspell php$fpm_v-readline php$fpm_v-xml php$fpm_v-zip postgresql postgresql-contrib - proftpd-basic quota rrdtool rsyslog setpriv spamassassin sudo sysstat unzip vim-common vsftpd whois zip zstd" - -installer_dependencies="apt-transport-https ca-certificates curl dirmngr gnupg openssl software-properties-common wget" - -# Defining help function -help() { - echo "Usage: $0 [OPTIONS] - -a, --apache Install Apache [yes|no] default: yes - -w, --phpfpm Install PHP-FPM [yes|no] default: yes - -o, --multiphp Install Multi-PHP [yes|no] default: no - -v, --vsftpd Install Vsftpd [yes|no] default: yes - -j, --proftpd Install ProFTPD [yes|no] default: no - -k, --named Install Bind [yes|no] default: yes - -m, --mysql Install MariaDB [yes|no] default: yes - -M, --mysql8 Install MySQL [yes|no] default: no - -g, --postgresql Install PostgreSQL [yes|no] default: no - -x, --exim Install Exim [yes|no] default: yes - -z, --dovecot Install Dovecot [yes|no] default: yes - -Z, --sieve Install Sieve [yes|no] default: no - -c, --clamav Install ClamAV [yes|no] default: yes - -t, --spamassassin Install SpamAssassin [yes|no] default: yes - -i, --iptables Install Iptables [yes|no] default: yes - -b, --fail2ban Install Fail2ban [yes|no] default: yes - -q, --quota Filesystem Quota [yes|no] default: no - -d, --api Activate API [yes|no] default: yes - -r, --port Change Backend Port default: 8083 - -l, --lang Default language default: en - -y, --interactive Interactive install [yes|no] default: yes - -s, --hostname Set hostname - -e, --email Set admin email - -p, --password Set admin password - -D, --with-debs Path to Hestia debs - -f, --force Force installation - -h, --help Print this help - - Example: bash $0 -e demo@hestiacp.com -p p4ssw0rd --multiphp yes" - exit 1 -} - -# Defining file download function -download_file() { - wget $1 -q --show-progress --progress=bar:force -} - -# Defining password-gen function -gen_pass() { - matrix=$1 - length=$2 - if [ -z "$matrix" ]; then - matrix="A-Za-z0-9" - fi - if [ -z "$length" ]; then - length=16 - fi - head /dev/urandom | tr -dc $matrix | head -c$length -} - -# Defining return code check function -check_result() { - if [ $1 -ne 0 ]; then - echo "Error: $2" - exit $1 - fi -} - -# Defining function to set default value -set_default_value() { - eval variable=\$$1 - if [ -z "$variable" ]; then - eval $1=$2 - fi - if [ "$variable" != 'yes' ] && [ "$variable" != 'no' ]; then - eval $1=$2 - fi -} - -# Defining function to set default language value -set_default_lang() { - if [ -z "$lang" ]; then - eval lang=$1 - fi - lang_list="ar az bg bn bs ca cs da de el en es fa fi fr hr hu id it ja ka ku ko nl no pl pt pt-br ro ru sk sr sv th tr uk ur vi zh-cn zh-tw" - if ! (echo $lang_list | grep -w $lang > /dev/null 2>&1); then - eval lang=$1 - fi -} - -# Define the default backend port -set_default_port() { - if [ -z "$port" ]; then - eval port=$1 - fi -} - -# Write configuration KEY/VALUE pair to $HESTIA/conf/hestia.conf -write_config_value() { - local key="$1" - local value="$2" - echo "$key='$value'" >> $HESTIA/conf/hestia.conf -} - -# Sort configuration file values -# Write final copy to $HESTIA/conf/hestia.conf for active usage -# Duplicate file to $HESTIA/conf/defaults/hestia.conf to restore known good installation values -sort_config_file() { - sort $HESTIA/conf/hestia.conf -o /tmp/updconf - mv $HESTIA/conf/hestia.conf $HESTIA/conf/hestia.conf.bak - mv /tmp/updconf $HESTIA/conf/hestia.conf - rm -f $HESTIA/conf/hestia.conf.bak - if [ ! -d "$HESTIA/conf/defaults/" ]; then - mkdir -p "$HESTIA/conf/defaults/" - fi - cp $HESTIA/conf/hestia.conf $HESTIA/conf/defaults/hestia.conf -} - -# Validate hostname according to RFC1178 -validate_hostname() { - # remove extra . - servername=$(echo "$servername" | sed -e "s/[.]*$//g") - servername=$(echo "$servername" | sed -e "s/^[.]*//") - if [[ $(echo "$servername" | grep -o "\." | wc -l) -gt 1 ]] && [[ ! $servername =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then - # Hostname valid - return 1 - else - # Hostname invalid - return 0 - fi -} - -validate_email() { - if [[ ! "$email" =~ ^[A-Za-z0-9._%+-]+@[[:alnum:].-]+\.[A-Za-z]{2,63}$ ]]; then - # Email invalid - return 0 - else - # Email valid - return 1 - fi -} - -version_ge() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1" -o -n "$1" -a "$1" = "$2"; } - -#----------------------------------------------------------# -# Verifications # -#----------------------------------------------------------# - -# Creating temporary file -tmpfile=$(mktemp -p /tmp) - -# Translating argument to --gnu-long-options -for arg; do - delim="" - case "$arg" in - --apache) args="${args}-a " ;; - --phpfpm) args="${args}-w " ;; - --vsftpd) args="${args}-v " ;; - --proftpd) args="${args}-j " ;; - --named) args="${args}-k " ;; - --mysql) args="${args}-m " ;; - --mariadb) args="${args}-m " ;; - --mysql-classic) args="${args}-M " ;; - --mysql8) args="${args}-M " ;; - --postgresql) args="${args}-g " ;; - --exim) args="${args}-x " ;; - --dovecot) args="${args}-z " ;; - --sieve) args="${args}-Z " ;; - --clamav) args="${args}-c " ;; - --spamassassin) args="${args}-t " ;; - --iptables) args="${args}-i " ;; - --fail2ban) args="${args}-b " ;; - --multiphp) args="${args}-o " ;; - --quota) args="${args}-q " ;; - --port) args="${args}-r " ;; - --lang) args="${args}-l " ;; - --interactive) args="${args}-y " ;; - --api) args="${args}-d " ;; - --hostname) args="${args}-s " ;; - --email) args="${args}-e " ;; - --password) args="${args}-p " ;; - --force) args="${args}-f " ;; - --with-debs) args="${args}-D " ;; - --help) args="${args}-h " ;; - *) - [[ "${arg:0:1}" == "-" ]] || delim="\"" - args="${args}${delim}${arg}${delim} " - ;; - esac -done -eval set -- "$args" - -# Parsing arguments -while getopts "a:w:v:j:k:m:M:g:d:x:z:Z:c:t:i:b:r:o:q:l:y:s:e:p:D:fh" Option; do - case $Option in - a) apache=$OPTARG ;; # Apache - w) phpfpm=$OPTARG ;; # PHP-FPM - o) multiphp=$OPTARG ;; # Multi-PHP - v) vsftpd=$OPTARG ;; # Vsftpd - j) proftpd=$OPTARG ;; # Proftpd - k) named=$OPTARG ;; # Named - m) mysql=$OPTARG ;; # MariaDB - M) mysql8=$OPTARG ;; # MySQL - g) postgresql=$OPTARG ;; # PostgreSQL - x) exim=$OPTARG ;; # Exim - z) dovecot=$OPTARG ;; # Dovecot - Z) sieve=$OPTARG ;; # Sieve - c) clamd=$OPTARG ;; # ClamAV - t) spamd=$OPTARG ;; # SpamAssassin - i) iptables=$OPTARG ;; # Iptables - b) fail2ban=$OPTARG ;; # Fail2ban - q) quota=$OPTARG ;; # FS Quota - r) port=$OPTARG ;; # Backend Port - l) lang=$OPTARG ;; # Language - d) api=$OPTARG ;; # Activate API - y) interactive=$OPTARG ;; # Interactive install - s) servername=$OPTARG ;; # Hostname - e) email=$OPTARG ;; # Admin email - p) vpass=$OPTARG ;; # Admin password - D) withdebs=$OPTARG ;; # Hestia debs path - f) force='yes' ;; # Force install - h) help ;; # Help - *) help ;; # Print help (default) - esac -done - -# Defining default software stack -set_default_value 'nginx' 'yes' -set_default_value 'apache' 'yes' -set_default_value 'phpfpm' 'yes' -set_default_value 'multiphp' 'no' -set_default_value 'vsftpd' 'yes' -set_default_value 'proftpd' 'no' -set_default_value 'named' 'yes' -set_default_value 'mysql' 'yes' -set_default_value 'mysql8' 'no' -set_default_value 'postgresql' 'no' -set_default_value 'exim' 'yes' -set_default_value 'dovecot' 'yes' -set_default_value 'sieve' 'no' -if [ $memory -lt 1500000 ]; then - set_default_value 'clamd' 'no' - set_default_value 'spamd' 'no' -elif [ $memory -lt 3000000 ]; then - set_default_value 'clamd' 'no' - set_default_value 'spamd' 'yes' -else - set_default_value 'clamd' 'yes' - set_default_value 'spamd' 'yes' -fi -set_default_value 'iptables' 'yes' -set_default_value 'fail2ban' 'yes' -set_default_value 'quota' 'no' -set_default_value 'interactive' 'yes' -set_default_value 'api' 'yes' -set_default_port '8083' -set_default_lang 'en' - -# Checking software conflicts -if [ "$proftpd" = 'yes' ]; then - vsftpd='no' -fi -if [ "$exim" = 'no' ]; then - clamd='no' - spamd='no' - dovecot='no' -fi -if [ "$dovecot" = 'no' ]; then - sieve='no' -fi -if [ "$iptables" = 'no' ]; then - fail2ban='no' -fi -if [ "$apache" = 'no' ]; then - phpfpm='yes' -fi -if [ "$mysql" = 'yes' ] && [ "$mysql8" = 'yes' ]; then - mysql='no' -fi - -# Checking root permissions -if [ "x$(id -u)" != 'x0' ]; then - check_result 1 "Script can be run executed only by root" -fi - -if [ -d "/usr/local/hestia" ]; then - check_result 1 "Hestia install detected. Unable to continue" -fi - -# Checking admin user account -if [ -n "$(grep ^admin: /etc/passwd /etc/group)" ] && [ -z "$force" ]; then - echo 'Please remove admin user account before proceeding.' - echo 'If you want to do it automatically run installer with -f option:' - echo -e "Example: bash $0 --force\n" - check_result 1 "User admin exists" -fi - -# Clear the screen once launch permissions have been verified -clear - -# Configure apt to retry downloading on error -if [ ! -f /etc/apt/apt.conf.d/80-retries ]; then - echo "APT::Acquire::Retries \"3\";" > /etc/apt/apt.conf.d/80-retries -fi - -# Welcome message -echo "Welcome to the Hestia Control Panel installer!" -echo -echo "Please wait, the installer is now checking for missing dependencies..." -echo - -# Update apt repository -apt-get -qq update - -# Creating backup directory -mkdir -p "$hst_backups" - -# Pre-install packages -echo "[ * ] Installing dependencies..." -apt-get -y install $installer_dependencies >> $LOG -check_result $? "Package installation failed, check log file for more details." - -# Check repository availability -wget --quiet "https://$RHOST" -O /dev/null -check_result $? "Unable to connect to the Hestia APT repository" - -# Check installed packages -tmpfile=$(mktemp -p /tmp) -dpkg --get-selections > $tmpfile -conflicts_pkg="exim4 mariadb-server apache2 nginx hestia postfix ufw" - -# Drop postfix from the list if exim should not be installed -if [ "$exim" = 'no' ]; then - conflicts_pkg=$(echo $conflicts_pkg | sed 's/postfix//g' | xargs) -fi - -for pkg in $conflicts_pkg; do - if [ -n "$(grep $pkg $tmpfile)" ]; then - conflicts="$pkg* $conflicts" - fi -done -rm -f $tmpfile -if [ -n "$conflicts" ] && [ -z "$force" ]; then - echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!' - echo - echo 'WARNING: The following packages are already installed' - echo "$conflicts" - echo - echo 'It is highly recommended that you remove them before proceeding.' - echo - echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!' - echo - read -p 'Would you like to remove the conflicting packages? [y/n] ' answer - if [ "$answer" = 'y' ] || [ "$answer" = 'Y' ]; then - apt-get -qq purge $conflicts -y - check_result $? 'apt-get remove failed' - unset $answer - else - check_result 1 "Hestia Control Panel should be installed on a clean server." - fi -fi - -# Check network configuration -if [ -d /etc/netplan ] && [ -z "$force" ]; then - if [ -z "$(ls -A /etc/netplan)" ]; then - echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!' - echo - echo 'WARNING: Your network configuration may not be set up correctly.' - echo 'Details: The netplan configuration directory is empty.' - echo '' - echo 'You may have a network configuration file that was created using' - echo 'systemd-networkd.' - echo '' - echo 'It is strongly recommended to migrate to netplan, which is now the' - echo 'default network configuration system in newer releases of Ubuntu.' - echo '' - echo 'While you can leave your configuration as-is, please note that you' - echo 'will not be able to use additional IPs properly.' - echo '' - echo 'If you wish to continue and force the installation,' - echo 'run this script with -f option:' - echo "Example: bash $0 --force" - echo - echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!' - echo - check_result 1 "Unable to detect netplan configuration." - fi -fi - -# Validate whether installation script matches release version before continuing with install -if [ -z "$withdebs" ] || [ ! -d "$withdebs" ]; then - release_branch_ver=$(curl -s https://dev.brepo.ru/bayrepo/hestiacp/raw/branch/master/src/deb/hestia/control | grep "Version:" | awk '{print $2}') - if [ "$HESTIA_INSTALL_VER" != "$release_branch_ver" ]; then - echo - echo -e "\e[91mInstallation aborted\e[0m" - echo "====================================================================" - echo -e "\e[33mERROR: Install script version does not match package version!\e[0m" - echo -e "\e[33mPlease download the installer from the release branch in order to continue:\e[0m" - echo "" - echo -e "\e[33mhttps://dev.brepo.ru/bayrepo/hestiacp/raw/branch/master/install/hst-install.sh\e[0m" - echo "" - echo -e "\e[33mTo test pre-release versions, build the .deb packages and re-run the installer:\e[0m" - echo -e " \e[33m./hst_autocompile.sh \e[1m--hestia branchname no\e[21m\e[0m" - echo -e " \e[33m./hst-install.sh .. \e[1m--with-debs /tmp/hestiacp-src/debs\e[21m\e[0m" - echo "" - check_result 1 "Installation aborted" - fi -fi - -case $architecture in - x86_64) - ARCH="amd64" - ;; - aarch64) - ARCH="arm64" - ;; - *) - echo - echo -e "\e[91mInstallation aborted\e[0m" - echo "====================================================================" - echo -e "\e[33mERROR: $architecture is currently not supported!\e[0m" - echo -e "\e[33mPlease verify the achitecture used is currenlty supported\e[0m" - echo "" - echo -e "\e[33mhttps://github.com/hestiacp/hestiacp/blob/main/README.md\e[0m" - echo "" - check_result 1 "Installation aborted" - ;; -esac - -#----------------------------------------------------------# -# Brief Info # -#----------------------------------------------------------# - -install_welcome_message() { - DISPLAY_VER=$(echo $HESTIA_INSTALL_VER | sed "s|~alpha||g" | sed "s|~beta||g") - echo - echo ' _ _ _ _ ____ ____ ' - echo ' | | | | ___ ___| |_(_) __ _ / ___| _ \ ' - echo ' | |_| |/ _ \/ __| __| |/ _` | | | |_) | ' - echo ' | _ | __/\__ \ |_| | (_| | |___| __/ ' - echo ' |_| |_|\___||___/\__|_|\__,_|\____|_| ' - echo " " - echo " Hestia Control Panel " - if [[ "$HESTIA_INSTALL_VER" =~ "beta" ]]; then - echo " BETA RELEASE " - fi - if [[ "$HESTIA_INSTALL_VER" =~ "alpha" ]]; then - echo " DEVELOPMENT SNAPSHOT " - echo " NOT INTENDED FOR PRODUCTION USE " - echo " USE AT YOUR OWN RISK " - fi - echo " ${DISPLAY_VER} " - echo " www.hestiacp.com " - echo - echo "========================================================================" - echo - echo "Thank you for downloading Hestia Control Panel! In a few moments," - echo "we will begin installing the following components on your server:" - echo -} - -# Printing nice ASCII logo -clear -install_welcome_message - -# Web stack -echo ' - NGINX Web / Proxy Server' -if [ "$apache" = 'yes' ]; then - echo ' - Apache Web Server (as backend)' -fi -if [ "$phpfpm" = 'yes' ] && [ "$multiphp" = 'no' ]; then - echo ' - PHP-FPM Application Server' -fi -if [ "$multiphp" = 'yes' ]; then - phpfpm='yes' - echo ' - Multi-PHP Environment' -fi - -# DNS stack -if [ "$named" = 'yes' ]; then - echo ' - Bind DNS Server' -fi - -# Mail stack -if [ "$exim" = 'yes' ]; then - echo -n ' - Exim Mail Server' - if [ "$clamd" = 'yes' ] || [ "$spamd" = 'yes' ]; then - echo -n ' + ' - if [ "$clamd" = 'yes' ]; then - echo -n 'ClamAV ' - fi - if [ "$spamd" = 'yes' ]; then - if [ "$clamd" = 'yes' ]; then - echo -n '+ ' - fi - echo -n 'SpamAssassin' - fi - fi - echo - if [ "$dovecot" = 'yes' ]; then - echo -n ' - Dovecot POP3/IMAP Server' - if [ "$sieve" = 'yes' ]; then - echo -n '+ Sieve' - fi - fi -fi - -echo - -# Database stack -if [ "$mysql" = 'yes' ]; then - echo ' - MariaDB Database Server' -fi -if [ "$mysql8" = 'yes' ]; then - echo ' - MySQL8 Database Server' -fi -if [ "$postgresql" = 'yes' ]; then - echo ' - PostgreSQL Database Server' -fi - -# FTP stack -if [ "$vsftpd" = 'yes' ]; then - echo ' - Vsftpd FTP Server' -fi -if [ "$proftpd" = 'yes' ]; then - echo ' - ProFTPD FTP Server' -fi - -# Firewall stack -if [ "$iptables" = 'yes' ]; then - echo -n ' - Firewall (iptables)' -fi -if [ "$iptables" = 'yes' ] && [ "$fail2ban" = 'yes' ]; then - echo -n ' + Fail2Ban Access Monitor' -fi -echo -e "\n" -echo "========================================================================" -echo -e "\n" - -# Asking for confirmation to proceed -if [ "$interactive" = 'yes' ]; then - read -p 'Would you like to continue with the installation? [Y/N]: ' answer - if [ "$answer" != 'y' ] && [ "$answer" != 'Y' ]; then - echo 'Goodbye' - exit 1 - fi -fi - -# Validate Email / Hostname even when interactive = no -# Asking for contact email -if [ -z "$email" ]; then - while validate_email; do - echo -e "\nPlease use a valid emailadress (ex. info@domain.tld)." - read -p 'Please enter admin email address: ' email - done -else - if validate_email; then - echo "Please use a valid emailadress (ex. info@domain.tld)." - exit 1 - fi -fi - -# Asking to set FQDN hostname -if [ -z "$servername" ]; then - # Ask and validate FQDN hostname. - read -p "Please enter FQDN hostname [$(hostname -f)]: " servername - - # Set hostname if it wasn't set - if [ -z "$servername" ]; then - servername=$(hostname -f) - fi - - # Validate Hostname, go to loop if the validation fails. - while validate_hostname; do - echo -e "\nPlease use a valid hostname according to RFC1178 (ex. hostname.domain.tld)." - read -p "Please enter FQDN hostname [$(hostname -f)]: " servername - done -else - # Validate FQDN hostname if it is preset - if validate_hostname; then - echo "Please use a valid hostname according to RFC1178 (ex. hostname.domain.tld)." - exit 1 - fi -fi - -# Generating admin password if it wasn't set -displaypass="The password you chose during installation." -if [ -z "$vpass" ]; then - vpass=$(gen_pass) - displaypass=$vpass -fi - -# Set FQDN if it wasn't set -mask1='(([[:alnum:]](-?[[:alnum:]])*)\.)' -mask2='*[[:alnum:]](-?[[:alnum:]])+\.[[:alnum:]]{2,}' -if ! [[ "$servername" =~ ^${mask1}${mask2}$ ]]; then - if [[ -n "$servername" ]]; then - servername="$servername.example.com" - else - servername="example.com" - fi - echo "127.0.0.1 $servername" >> /etc/hosts -fi - -if [[ -z $(grep -i "$servername" /etc/hosts) ]]; then - echo "127.0.0.1 $servername" >> /etc/hosts -fi - -# Set email if it wasn't set -if [[ -z "$email" ]]; then - email="admin@$servername" -fi - -# Defining backup directory -echo -e "Installation backup directory: $hst_backups" - -# Print Log File Path -echo "Installation log file: $LOG" - -# Print new line -echo - -#----------------------------------------------------------# -# Checking swap # -#----------------------------------------------------------# - -# Checking swap on small instances -if [ -z "$(swapon -s)" ] && [ "$memory" -lt 1000000 ]; then - fallocate -l 1G /swapfile - chmod 600 /swapfile - mkswap /swapfile - swapon /swapfile - echo "/swapfile none swap sw 0 0" >> /etc/fstab -fi - -#----------------------------------------------------------# -# Install repository # -#----------------------------------------------------------# - -# Define apt conf location -apt=/etc/apt/sources.list.d - -# Create new folder if not all-ready exists -mkdir -p /root/.gnupg/ && chmod 700 /root/.gnupg/ - -# Updating system -echo "Adding required repositories to proceed with installation:" -echo - -# Installing Nginx repo - -echo "[ * ] NGINX" -echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/nginx-keyring.gpg] https://nginx.org/packages/mainline/$VERSION/ $codename nginx" > $apt/nginx.list -curl -s https://nginx.org/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-keyring.gpg > /dev/null 2>&1 - -# Installing sury PHP repo -# add-apt-repository does not yet support signed-by see: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1862764 -echo "[ * ] PHP" -LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php > /dev/null 2>&1 - -# Installing sury Apache2 repo -if [ "$apache" = 'yes' ]; then - echo "[ * ] Apache2" - echo "deb http://ppa.launchpad.net/ondrej/apache2/ubuntu $codename main" > $apt/apache2.list -fi - -# Installing MariaDB repo -if [ "$mysql" = 'yes' ]; then - echo "[ * ] MariaDB" - echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/mariadb-keyring.gpg] https://dlm.mariadb.com/repo/mariadb-server/$mariadb_v/repo/$VERSION $codename main" > $apt/mariadb.list - curl -s https://mariadb.org/mariadb_release_signing_key.asc | gpg --dearmor | tee /usr/share/keyrings/mariadb-keyring.gpg > /dev/null 2>&1 -fi - -# Installing HestiaCP repo -echo "[ * ] Hestia Control Panel" -echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/hestia-keyring.gpg] https://$RHOST/ $codename main" > $apt/hestia.list -gpg --no-default-keyring --keyring /usr/share/keyrings/hestia-keyring.gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys A189E93654F0B0E5 > /dev/null 2>&1 - -# Installing PostgreSQL repo -if [ "$postgresql" = 'yes' ]; then - echo "[ * ] PostgreSQL" - echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/postgresql-keyring.gpg] https://apt.postgresql.org/pub/repos/apt/ $codename-pgdg main" > $apt/postgresql.list - curl -s https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor | tee /usr/share/keyrings/postgresql-keyring.gpg > /dev/null 2>&1 -fi - -# Echo for a new line -echo - -# Updating system -echo -ne "Updating currently installed packages, please wait... " -apt-get -qq update -apt-get -y upgrade >> $LOG & -BACK_PID=$! - -# Check if package installation is done, print a spinner -spin_i=1 -while kill -0 $BACK_PID > /dev/null 2>&1; do - printf "\b${spinner:spin_i++%${#spinner}:1}" - sleep 0.5 -done - -# Do a blank echo to get the \n back -echo - -# Check Installation result -wait $BACK_PID -check_result $? 'apt-get upgrade failed' - -#----------------------------------------------------------# -# Backup # -#----------------------------------------------------------# - -# Creating backup directory tree -mkdir -p $hst_backups -cd $hst_backups -mkdir nginx apache2 php vsftpd proftpd bind exim4 dovecot clamd -mkdir spamassassin mysql postgresql openssl hestia - -# Backup OpenSSL configuration -cp /etc/ssl/openssl.cnf $hst_backups/openssl > /dev/null 2>&1 - -# Backup nginx configuration -systemctl stop nginx > /dev/null 2>&1 -cp -r /etc/nginx/* $hst_backups/nginx > /dev/null 2>&1 - -# Backup Apache configuration -systemctl stop apache2 > /dev/null 2>&1 -cp -r /etc/apache2/* $hst_backups/apache2 > /dev/null 2>&1 -rm -f /etc/apache2/conf.d/* > /dev/null 2>&1 - -# Backup PHP-FPM configuration -systemctl stop php*-fpm > /dev/null 2>&1 -cp -r /etc/php/* $hst_backups/php > /dev/null 2>&1 - -# Backup Bind configuration -systemctl stop bind9 > /dev/null 2>&1 -cp -r /etc/bind/* $hst_backups/bind > /dev/null 2>&1 - -# Backup Vsftpd configuration -systemctl stop vsftpd > /dev/null 2>&1 -cp /etc/vsftpd.conf $hst_backups/vsftpd > /dev/null 2>&1 - -# Backup ProFTPD configuration -systemctl stop proftpd > /dev/null 2>&1 -cp /etc/proftpd/* $hst_backups/proftpd > /dev/null 2>&1 - -# Backup Exim configuration -systemctl stop exim4 > /dev/null 2>&1 -cp -r /etc/exim4/* $hst_backups/exim4 > /dev/null 2>&1 - -# Backup ClamAV configuration -systemctl stop clamav-daemon > /dev/null 2>&1 -cp -r /etc/clamav/* $hst_backups/clamav > /dev/null 2>&1 - -# Backup SpamAssassin configuration -systemctl stop spamassassin > /dev/null 2>&1 -cp -r /etc/spamassassin/* $hst_backups/spamassassin > /dev/null 2>&1 - -# Backup Dovecot configuration -systemctl stop dovecot > /dev/null 2>&1 -cp /etc/dovecot.conf $hst_backups/dovecot > /dev/null 2>&1 -cp -r /etc/dovecot/* $hst_backups/dovecot > /dev/null 2>&1 - -# Backup MySQL/MariaDB configuration and data -systemctl stop mysql > /dev/null 2>&1 -killall -9 mysqld > /dev/null 2>&1 -mv /var/lib/mysql $hst_backups/mysql/mysql_datadir > /dev/null 2>&1 -cp -r /etc/mysql/* $hst_backups/mysql > /dev/null 2>&1 -mv -f /root/.my.cnf $hst_backups/mysql > /dev/null 2>&1 - -# Backup Hestia -systemctl stop hestia > /dev/null 2>&1 -cp -r $HESTIA/* $hst_backups/hestia > /dev/null 2>&1 -apt-get -y purge hestia hestia-nginx hestia-php > /dev/null 2>&1 -rm -rf $HESTIA > /dev/null 2>&1 - -#----------------------------------------------------------# -# Package Includes # -#----------------------------------------------------------# - -if [ "$phpfpm" = 'yes' ]; then - fpm="php$fpm_v php$fpm_v-common php$fpm_v-bcmath php$fpm_v-cli - php$fpm_v-curl php$fpm_v-fpm php$fpm_v-gd php$fpm_v-intl - php$fpm_v-mysql php$fpm_v-soap php$fpm_v-xml php$fpm_v-zip - php$fpm_v-mbstring php$fpm_v-bz2 php$fpm_v-pspell - php$fpm_v-imagick" - software="$software $fpm" -fi - -#----------------------------------------------------------# -# Package Excludes # -#----------------------------------------------------------# - -# Excluding packages -software=$(echo "$software" | sed -e "s/apache2.2-common//") - -if [ "$apache" = 'no' ]; then - software=$(echo "$software" | sed -e "s/apache2 //") - software=$(echo "$software" | sed -e "s/apache2-bin//") - software=$(echo "$software" | sed -e "s/apache2-utils//") - software=$(echo "$software" | sed -e "s/apache2-suexec-custom//") - software=$(echo "$software" | sed -e "s/apache2.2-common//") - software=$(echo "$software" | sed -e "s/libapache2-mod-rpaf//") - software=$(echo "$software" | sed -e "s/libapache2-mod-fcgid//") - software=$(echo "$software" | sed -e "s/libapache2-mod-php$fpm_v//") -fi -if [ "$vsftpd" = 'no' ]; then - software=$(echo "$software" | sed -e "s/vsftpd//") -fi -if [ "$proftpd" = 'no' ]; then - software=$(echo "$software" | sed -e "s/proftpd-basic//") - software=$(echo "$software" | sed -e "s/proftpd-mod-vroot//") -fi -if [ "$named" = 'no' ]; then - software=$(echo "$software" | sed -e "s/bind9//") -fi -if [ "$exim" = 'no' ]; then - software=$(echo "$software" | sed -e "s/exim4 //") - software=$(echo "$software" | sed -e "s/exim4-daemon-heavy//") - software=$(echo "$software" | sed -e "s/dovecot-imapd//") - software=$(echo "$software" | sed -e "s/dovecot-pop3d//") - software=$(echo "$software" | sed -e "s/clamav-daemon//") - software=$(echo "$software" | sed -e "s/spamassassin//") - software=$(echo "$software" | sed -e "s/dovecot-sieve//") - software=$(echo "$software" | sed -e "s/dovecot-managesieved//") -fi -if [ "$clamd" = 'no' ]; then - software=$(echo "$software" | sed -e "s/clamav-daemon//") -fi -if [ "$spamd" = 'no' ]; then - software=$(echo "$software" | sed -e "s/spamassassin//") -fi -if [ "$dovecot" = 'no' ]; then - software=$(echo "$software" | sed -e "s/dovecot-imapd//") - software=$(echo "$software" | sed -e "s/dovecot-pop3d//") -fi -if [ "$sieve" = 'no' ]; then - software=$(echo "$software" | sed -e "s/dovecot-sieve//") - software=$(echo "$software" | sed -e "s/dovecot-managesieved//") -fi -if [ "$mysql" = 'no' ]; then - software=$(echo "$software" | sed -e "s/mariadb-server//") - software=$(echo "$software" | sed -e "s/mariadb-client//") - software=$(echo "$software" | sed -e "s/mariadb-common//") -fi -if [ "$mysql8" = 'no' ]; then - software=$(echo "$software" | sed -e "s/mysql-server//") - software=$(echo "$software" | sed -e "s/mysql-client//") - software=$(echo "$software" | sed -e "s/mysql-common//") -fi -if [ "$mysql" = 'no' ] && [ "$mysql8" = 'no' ]; then - software=$(echo "$software" | sed -e "s/php$fpm_v-mysql//") - if [ "$multiphp" = 'yes' ]; then - for v in "${multiphp_v[@]}"; do - software=$(echo "$software" | sed -e "s/php$v-mysql//") - software=$(echo "$software" | sed -e "s/php$v-bz2//") - done - fi -fi -if [ "$postgresql" = 'no' ]; then - software=$(echo "$software" | sed -e "s/postgresql-contrib//") - software=$(echo "$software" | sed -e "s/postgresql//") - software=$(echo "$software" | sed -e "s/php$fpm_v-pgsql//") -fi -if [ "$fail2ban" = 'no' ]; then - software=$(echo "$software" | sed -e "s/fail2ban//") -fi -if [ "$iptables" = 'no' ]; then - software=$(echo "$software" | sed -e "s/ipset//") - software=$(echo "$software" | sed -e "s/fail2ban//") -fi -if [ "$phpfpm" = 'yes' ]; then - software=$(echo "$software" | sed -e "s/php$fpm_v-cgi//") - software=$(echo "$software" | sed -e "s/libapache2-mod-ruid2//") - software=$(echo "$software" | sed -e "s/libapache2-mod-php$fpm_v//") -fi -if [ -d "$withdebs" ]; then - software=$(echo "$software" | sed -e "s/hestia-nginx//") - software=$(echo "$software" | sed -e "s/hestia-php//") - software=$(echo "$software" | sed -e "s/hestia=${HESTIA_INSTALL_VER}//") -fi -if [ "$release" = '20.04' ]; then - software=$(echo "$software" | sed -e "s/setpriv/util-linux/") - software=$(echo "$software" | sed -e "s/libzip4/libzip5/") -fi -if [ "$release" = '22.04' ]; then - software=$(echo "$software" | sed -e "s/setpriv/util-linux/") -fi - -#----------------------------------------------------------# -# Disable Apparmor on LXC # -#----------------------------------------------------------# - -if grep --quiet lxc /proc/1/environ; then - if [ -f /etc/init.d/apparmor ]; then - systemctl stop apparmor > /dev/null 2>&1 - systemctl disable apparmor > /dev/null 2>&1 - fi -fi - -#----------------------------------------------------------# -# Install packages # -#----------------------------------------------------------# - -# Enable en_US.UTF-8 -sed -i "s/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/g" /etc/locale.gen -locale-gen > /dev/null 2>&1 - -# Disabling daemon autostart on apt-get install -echo -e '#!/bin/sh\nexit 101' > /usr/sbin/policy-rc.d -chmod a+x /usr/sbin/policy-rc.d - -# Installing apt packages -echo "The installer is now downloading and installing all required packages." -echo -ne "NOTE: This process may take 10 to 15 minutes to complete, please wait... " -echo -apt-get -y install $software > $LOG -BACK_PID=$! - -# Check if package installation is done, print a spinner -spin_i=1 -while kill -0 $BACK_PID > /dev/null 2>&1; do - printf "\b${spinner:spin_i++%${#spinner}:1}" - sleep 0.5 -done - -# Do a blank echo to get the \n back -echo - -# Check Installation result -wait $BACK_PID -check_result $? "apt-get install failed" - -echo -echo "========================================================================" -echo - -# Install Hestia packages from local folder -if [ -n "$withdebs" ] && [ -d "$withdebs" ]; then - echo "[ * ] Installing local package files..." - echo " - hestia core package" - dpkg -i $withdebs/hestia_*.deb > /dev/null 2>&1 - - if [ -z $(ls $withdebs/hestia-php_*.deb 2> /dev/null) ]; then - echo " - hestia-php backend package (from apt)" - apt-get -y install hestia-php > /dev/null 2>&1 - else - echo " - hestia-php backend package" - dpkg -i $withdebs/hestia-php_*.deb > /dev/null 2>&1 - fi - - if [ -z $(ls $withdebs/hestia-nginx_*.deb 2> /dev/null) ]; then - echo " - hestia-nginx backend package (from apt)" - apt-get -y install hestia-nginx > /dev/null 2>&1 - else - echo " - hestia-nginx backend package" - dpkg -i $withdebs/hestia-nginx_*.deb > /dev/null 2>&1 - fi -fi - -# Restoring autostart policy -rm -f /usr/sbin/policy-rc.d - -#----------------------------------------------------------# -# Configure system # -#----------------------------------------------------------# - -echo "[ * ] Configuring system settings..." - -# Enable SFTP subsystem for SSH -sftp_subsys_enabled=$(grep -iE "^#?.*subsystem.+(sftp )?sftp-server" /etc/ssh/sshd_config) -if [ -n "$sftp_subsys_enabled" ]; then - sed -i -E "s/^#?.*Subsystem.+(sftp )?sftp-server/Subsystem sftp internal-sftp/g" /etc/ssh/sshd_config -fi - -# Reduce SSH login grace time -sed -i "s/[#]LoginGraceTime [[:digit:]]m/LoginGraceTime 1m/g" /etc/ssh/sshd_config - -# Disable SSH suffix broadcast -if [ -z "$(grep "^DebianBanner no" /etc/ssh/sshd_config)" ]; then - sed -i '/^[#]Banner .*/a DebianBanner no' /etc/ssh/sshd_config - if [ -z "$(grep "^DebianBanner no" /etc/ssh/sshd_config)" ]; then - # If first attempt fails just add it - echo '' >> /etc/ssh/sshd_config - echo 'DebianBanner no' >> /etc/ssh/sshd_config - fi -fi - -# Restart SSH daemon -systemctl restart ssh - -# Disable AWStats cron -rm -f /etc/cron.d/awstats -# Replace awstatst function -cp -f $HESTIA_INSTALL_DIR/logrotate/httpd-prerotate/* /etc/logrotate.d/httpd-prerotate/ - -# Set directory color -if [ -z "$(grep 'LS_COLORS="$LS_COLORS:di=00;33"' /etc/profile)" ]; then - echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile -fi - -# Register /usr/sbin/nologin -if [ -z "$(grep nologin /etc/shells)" ]; then - echo "/usr/sbin/nologin" >> /etc/shells -fi - -# Configuring NTP -sed -i 's/#NTP=/NTP=pool.ntp.org/' /etc/systemd/timesyncd.conf -systemctl enable systemd-timesyncd -systemctl start systemd-timesyncd - -# Check iptables paths and add symlinks when necessary -if [ ! -e "/sbin/iptables" ]; then - if which iptables > /dev/null; then - ln -s "$(which iptables)" /sbin/iptables - elif [ -e "/usr/sbin/iptables" ]; then - ln -s /usr/sbin/iptables /sbin/iptables - elif whereis -B /bin /sbin /usr/bin /usr/sbin -f -b iptables; then - autoiptables=$(whereis -B /bin /sbin /usr/bin /usr/sbin -f -b iptables | cut -d '' -f 2) - if [ -x "$autoiptables" ]; then - ln -s "$autoiptables" /sbin/iptables - fi - fi -fi - -if [ ! -e "/sbin/iptables-save" ]; then - if which iptables-save > /dev/null; then - ln -s "$(which iptables-save)" /sbin/iptables-save - elif [ -e "/usr/sbin/iptables-save" ]; then - ln -s /usr/sbin/iptables-save /sbin/iptables-save - elif whereis -B /bin /sbin /usr/bin /usr/sbin -f -b iptables-save; then - autoiptables_save=$(whereis -B /bin /sbin /usr/bin /usr/sbin -f -b iptables-save | cut -d '' -f 2) - if [ -x "$autoiptables_save" ]; then - ln -s "$autoiptables_save" /sbin/iptables-save - fi - fi -fi - -if [ ! -e "/sbin/iptables-restore" ]; then - if which iptables-restore > /dev/null; then - ln -s "$(which iptables-restore)" /sbin/iptables-restore - elif [ -e "/usr/sbin/iptables-restore" ]; then - ln -s /usr/sbin/iptables-restore /sbin/iptables-restore - elif whereis -B /bin /sbin /usr/bin /usr/sbin -f -b iptables-restore; then - autoiptables_restore=$(whereis -B /bin /sbin /usr/bin /usr/sbin -f -b iptables-restore | cut -d '' -f 2) - if [ -x "$autoiptables_restore" ]; then - ln -s "$autoiptables_restore" /sbin/iptables-restore - fi - fi -fi - -# Restrict access to /proc fs -# - Prevent unpriv users from seeing each other running processes -mount -o remount,defaults,hidepid=2 /proc > /dev/null 2>&1 -if [ $? -ne 0 ]; then - echo "Info: Cannot remount /proc (LXC containers require additional perm added to host apparmor profile)" -else - echo "@reboot root sleep 5 && mount -o remount,defaults,hidepid=2 /proc" > /etc/cron.d/hestia-proc -fi - -#----------------------------------------------------------# -# Configure Hestia # -#----------------------------------------------------------# - -echo "[ * ] Configuring Hestia Control Panel..." -# Installing sudo configuration -mkdir -p /etc/sudoers.d -cp -f $HESTIA_INSTALL_DIR/sudo/admin /etc/sudoers.d/ -chmod 440 /etc/sudoers.d/admin - -# Add Hestia global config -if [[ ! -e /etc/hestiacp/hestia.conf ]]; then - mkdir -p /etc/hestiacp - echo -e "# Do not edit this file, will get overwritten on next upgrade, use /etc/hestiacp/local.conf instead\n\nexport HESTIA='/usr/local/hestia'\n\n[[ -f /etc/hestiacp/local.conf ]] && source /etc/hestiacp/local.conf" > /etc/hestiacp/hestia.conf -fi - -# Configuring system env -echo "export HESTIA='$HESTIA'" > /etc/profile.d/hestia.sh -echo 'PATH=$PATH:'$HESTIA'/bin' >> /etc/profile.d/hestia.sh -echo 'export PATH' >> /etc/profile.d/hestia.sh -chmod 755 /etc/profile.d/hestia.sh -source /etc/profile.d/hestia.sh - -# Configuring logrotate for Hestia logs -cp -f $HESTIA_INSTALL_DIR/logrotate/hestia /etc/logrotate.d/hestia - -# Create log path and symbolic link -rm -f /var/log/hestia -mkdir -p /var/log/hestia -ln -s /var/log/hestia $HESTIA/log - -# Building directory tree and creating some blank files for Hestia -mkdir -p $HESTIA/conf $HESTIA/ssl $HESTIA/data/ips \ - $HESTIA/data/queue $HESTIA/data/users $HESTIA/data/firewall \ - $HESTIA/data/sessions -touch $HESTIA/data/queue/backup.pipe $HESTIA/data/queue/disk.pipe \ - $HESTIA/data/queue/webstats.pipe $HESTIA/data/queue/restart.pipe \ - $HESTIA/data/queue/traffic.pipe $HESTIA/data/queue/daily.pipe $HESTIA/log/system.log \ - $HESTIA/log/nginx-error.log $HESTIA/log/auth.log $HESTIA/log/backup.log -chmod 750 $HESTIA/conf $HESTIA/data/users $HESTIA/data/ips $HESTIA/log -chmod -R 750 $HESTIA/data/queue -chmod 660 /var/log/hestia/* -chmod 770 $HESTIA/data/sessions - -# Generating Hestia configuration -rm -f $HESTIA/conf/hestia.conf > /dev/null 2>&1 -touch $HESTIA/conf/hestia.conf -chmod 660 $HESTIA/conf/hestia.conf - -# Write default port value to hestia.conf -# If a custom port is specified it will be set at the end of the installation process. -write_config_value "BACKEND_PORT" "8083" - -# Web stack -if [ "$apache" = 'yes' ]; then - write_config_value "WEB_SYSTEM" "apache2" - write_config_value "WEB_RGROUPS" "www-data" - write_config_value "WEB_PORT" "8080" - write_config_value "WEB_SSL_PORT" "8443" - write_config_value "WEB_SSL" "mod_ssl" - write_config_value "PROXY_SYSTEM" "nginx" - write_config_value "PROXY_PORT" "80" - write_config_value "PROXY_SSL_PORT" "443" - write_config_value "STATS_SYSTEM" "awstats" -fi -if [ "$apache" = 'no' ]; then - write_config_value "WEB_SYSTEM" "nginx" - write_config_value "WEB_PORT" "80" - write_config_value "WEB_SSL_PORT" "443" - write_config_value "WEB_SSL" "openssl" - write_config_value "STATS_SYSTEM" "awstats" -fi -if [ "$phpfpm" = 'yes' ] || [ "$multiphp" = 'yes' ]; then - write_config_value "WEB_BACKEND" "php-fpm" -fi - -# Database stack -if [ "$mysql" = 'yes' ] || [ "$mysql8" = 'yes' ]; then - installed_db_types='mysql' -fi -if [ "$postgresql" = 'yes' ]; then - installed_db_types="$installed_db_types,pgsql" -fi -if [ -n "$installed_db_types" ]; then - db=$(echo "$installed_db_types" \ - | sed "s/,/\n/g" \ - | sort -r -u \ - | sed "/^$/d" \ - | sed ':a;N;$!ba;s/\n/,/g') - write_config_value "DB_SYSTEM" "$db" -fi - -# FTP stack -if [ "$vsftpd" = 'yes' ]; then - write_config_value "FTP_SYSTEM" "vsftpd" -fi -if [ "$proftpd" = 'yes' ]; then - write_config_value "FTP_SYSTEM" "proftpd" -fi - -# DNS stack -if [ "$named" = 'yes' ]; then - write_config_value "DNS_SYSTEM" "bind9" -fi - -# Mail stack -if [ "$exim" = 'yes' ]; then - write_config_value "MAIL_SYSTEM" "exim4" - if [ "$clamd" = 'yes' ]; then - write_config_value "ANTIVIRUS_SYSTEM" "clamav-daemon" - fi - if [ "$spamd" = 'yes' ]; then - write_config_value "ANTISPAM_SYSTEM" "spamassassin" - fi - if [ "$dovecot" = 'yes' ]; then - write_config_value "IMAP_SYSTEM" "dovecot" - fi - if [ "$sieve" = 'yes' ]; then - write_config_value "SIEVE_SYSTEM" "yes" - fi -fi - -# Cron daemon -write_config_value "CRON_SYSTEM" "cron" - -# Firewall stack -if [ "$iptables" = 'yes' ]; then - write_config_value "FIREWALL_SYSTEM" "iptables" -fi -if [ "$iptables" = 'yes' ] && [ "$fail2ban" = 'yes' ]; then - write_config_value "FIREWALL_EXTENSION" "fail2ban" -fi - -# Disk quota -if [ "$quota" = 'yes' ]; then - write_config_value "DISK_QUOTA" "yes" -else - write_config_value "DISK_QUOTA" "no" -fi - -# Backups -write_config_value "BACKUP_SYSTEM" "local" -write_config_value "BACKUP_GZIP" "4" -write_config_value "BACKUP_MODE" "zstd" - -# Language -write_config_value "LANGUAGE" "$lang" - -# Login in screen -write_config_value "LOGIN_STYLE" "default" - -# Theme -write_config_value "THEME" "dark" - -# Inactive session timeout -write_config_value "INACTIVE_SESSION_TIMEOUT" "60" - -# Version & Release Branch -write_config_value "VERSION" "${HESTIA_INSTALL_VER}" -write_config_value "RELEASE_BRANCH" "release" - -# Email notifications after upgrade -write_config_value "UPGRADE_SEND_EMAIL" "true" -write_config_value "UPGRADE_SEND_EMAIL_LOG" "false" - -# Installing hosting packages -cp -rf $HESTIA_COMMON_DIR/packages $HESTIA/data/ - -# Update nameservers in hosting package -IFS='.' read -r -a domain_elements <<< "$servername" -if [ -n "${domain_elements[-2]}" ] && [ -n "${domain_elements[-1]}" ]; then - serverdomain="${domain_elements[-2]}.${domain_elements[-1]}" - sed -i s/"domain.tld"/"$serverdomain"/g $HESTIA/data/packages/*.pkg -fi - -# Installing templates -cp -rf $HESTIA_INSTALL_DIR/templates $HESTIA/data/ -cp -rf $HESTIA_COMMON_DIR/templates/web/ $HESTIA/data/templates -cp -rf $HESTIA_COMMON_DIR/templates/dns/ $HESTIA/data/templates - -mkdir -p /var/www/html -mkdir -p /var/www/document_errors - -# Install default success page -cp -rf $HESTIA_COMMON_DIR/templates/web/unassigned/index.html /var/www/html/ -cp -rf $HESTIA_COMMON_DIR/templates/web/skel/document_errors/* /var/www/document_errors/ - -# Installing firewall rules -cp -rf $HESTIA_COMMON_DIR/firewall $HESTIA/data/ -rm -f $HESTIA/data/firewall/ipset/blacklist.sh $HESTIA/data/firewall/ipset/blacklist.ipv6.sh - -# Installing apis -cp -rf $HESTIA_COMMON_DIR/api $HESTIA/data/ - -# Configuring server hostname -$HESTIA/bin/v-change-sys-hostname $servername > /dev/null 2>&1 - -# Configuring global OpenSSL options -echo "[ * ] Configuring OpenSSL to improve TLS performance..." -tls13_ciphers="TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384" -if [ "$release" = "20.04" ]; then - if ! grep -qw "^openssl_conf = default_conf$" /etc/ssl/openssl.cnf 2> /dev/null; then - sed -i '/^oid_section = new_oids$/a \\n# System default\nopenssl_conf = default_conf' /etc/ssl/openssl.cnf - fi - if ! grep -qw "^[default_conf]$" /etc/ssl/openssl.cnf 2> /dev/null; then - sed -i '$a [default_conf]\nssl_conf = ssl_sect\n\n[ssl_sect]\nsystem_default = hestia_openssl_sect\n\n[hestia_openssl_sect]\nCiphersuites = '"$tls13_ciphers"'\nOptions = PrioritizeChaCha' /etc/ssl/openssl.cnf - elif grep -qw "^system_default = system_default_sect$" /etc/ssl/openssl.cnf 2> /dev/null; then - sed -i '/^system_default = system_default_sect$/a system_default = hestia_openssl_sect\n\n[hestia_openssl_sect]\nCiphersuites = '"$tls13_ciphers"'\nOptions = PrioritizeChaCha' /etc/ssl/openssl.cnf - fi -elif [ "$release" = "22.04" ]; then - sed -i '/^system_default = system_default_sect$/a system_default = hestia_openssl_sect\n\n[hestia_openssl_sect]\nCiphersuites = '"$tls13_ciphers"'\nOptions = PrioritizeChaCha' /etc/ssl/openssl.cnf -fi - -# Generating SSL certificate -echo "[ * ] Generating default self-signed SSL certificate..." -$HESTIA/bin/v-generate-ssl-cert $(hostname) '' 'US' 'California' \ - 'San Francisco' 'Hestia Control Panel' 'IT' > /tmp/hst.pem - -# Parsing certificate file -crt_end=$(grep -n "END CERTIFICATE-" /tmp/hst.pem | cut -f 1 -d:) -if [ "$release" = "22.04" ]; then - key_start=$(grep -n "BEGIN PRIVATE KEY" /tmp/hst.pem | cut -f 1 -d:) - key_end=$(grep -n "END PRIVATE KEY" /tmp/hst.pem | cut -f 1 -d:) -else - key_start=$(grep -n "BEGIN RSA" /tmp/hst.pem | cut -f 1 -d:) - key_end=$(grep -n "END RSA" /tmp/hst.pem | cut -f 1 -d:) -fi - -# Adding SSL certificate -echo "[ * ] Adding SSL certificate to Hestia Control Panel..." -cd $HESTIA/ssl -sed -n "1,${crt_end}p" /tmp/hst.pem > certificate.crt -sed -n "$key_start,${key_end}p" /tmp/hst.pem > certificate.key -chown root:mail $HESTIA/ssl/* -chmod 660 $HESTIA/ssl/* -rm /tmp/hst.pem - -# Install dhparam.pem -cp -f $HESTIA_INSTALL_DIR/ssl/dhparam.pem /etc/ssl - -# Deleting old admin user -if [ -n "$(grep ^admin: /etc/passwd)" ] && [ "$force" = 'yes' ]; then - chattr -i /home/admin/conf > /dev/null 2>&1 - userdel -f admin > /dev/null 2>&1 - chattr -i /home/admin/conf > /dev/null 2>&1 - mv -f /home/admin $hst_backups/home/ > /dev/null 2>&1 - rm -f /tmp/sess_* > /dev/null 2>&1 -fi -if [ -n "$(grep ^admin: /etc/group)" ] && [ "$force" = 'yes' ]; then - groupdel admin > /dev/null 2>&1 -fi - -# Remove sudo "default" sudo permission admin user group should not exists any way -sed -i "s/%admin ALL=(ALL) ALL/#%admin ALL=(ALL) ALL/g" /etc/sudoers - -# Enable sftp jail -echo "[ * ] Enabling SFTP jail..." -$HESTIA/bin/v-add-sys-sftp-jail > /dev/null 2>&1 -check_result $? "can't enable sftp jail" - -# Adding Hestia admin account -echo "[ * ] Creating default admin account..." -$HESTIA/bin/v-add-user admin $vpass $email "system" "System Administrator" -check_result $? "can't create admin user" -$HESTIA/bin/v-change-user-shell admin nologin -$HESTIA/bin/v-change-user-role admin admin -$HESTIA/bin/v-change-user-language admin $lang -$HESTIA/bin/v-change-sys-config-value 'POLICY_SYSTEM_PROTECTED_ADMIN' 'yes' - -#----------------------------------------------------------# -# Configure Nginx # -#----------------------------------------------------------# - -echo "[ * ] Configuring NGINX..." -rm -f /etc/nginx/conf.d/*.conf -cp -f $HESTIA_INSTALL_DIR/nginx/nginx.conf /etc/nginx/ -cp -f $HESTIA_INSTALL_DIR/nginx/status.conf /etc/nginx/conf.d/ -cp -f $HESTIA_INSTALL_DIR/nginx/0rtt-anti-replay.conf /etc/nginx/conf.d/ -cp -f $HESTIA_INSTALL_DIR/nginx/agents.conf /etc/nginx/conf.d/ -cp -f $HESTIA_INSTALL_DIR/nginx/phpmyadmin.inc /etc/nginx/conf.d/ -cp -f $HESTIA_INSTALL_DIR/nginx/phppgadmin.inc /etc/nginx/conf.d/ -cp -f $HESTIA_INSTALL_DIR/logrotate/nginx /etc/logrotate.d/ -mkdir -p /etc/nginx/conf.d/domains -mkdir -p /etc/nginx/conf.d/main -mkdir -p /etc/nginx/modules-enabled -mkdir -p /var/log/nginx/domains - -# Update dns servers in nginx.conf -for nameserver in $(grep -is '^nameserver' /etc/resolv.conf | cut -d' ' -f2 | tr '\r\n' ' ' | xargs); do - if [[ "$nameserver" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; then - if [ -z "$resolver" ]; then - resolver="$nameserver" - else - resolver="$resolver $nameserver" - fi - fi -done -if [ -n "$resolver" ]; then - sed -i "s/1.0.0.1 8.8.4.4 1.1.1.1 8.8.8.8/$resolver/g" /etc/nginx/nginx.conf -fi - -# https://github.com/ergin/nginx-cloudflare-real-ip/ -cf_ips="$(curl -fsLm5 --retry 2 https://api.cloudflare.com/client/v4/ips)" - -if [ -n "$cf_ips" ] && [ "$(echo "$cf_ips" | jq -r '.success//""')" = "true" ]; then - cf_inc="/etc/nginx/conf.d/cloudflare.inc" - - echo "[ * ] Updating Cloudflare IP Ranges for Nginx..." - echo "# Cloudflare IP Ranges" > $cf_inc - echo "" >> $cf_inc - echo "# IPv4" >> $cf_inc - for ipv4 in $(echo "$cf_ips" | jq -r '.result.ipv4_cidrs[]//""' | sort); do - echo "set_real_ip_from $ipv4;" >> $cf_inc - done - echo "" >> $cf_inc - echo "# IPv6" >> $cf_inc - for ipv6 in $(echo "$cf_ips" | jq -r '.result.ipv6_cidrs[]//""' | sort); do - echo "set_real_ip_from $ipv6;" >> $cf_inc - done - echo "" >> $cf_inc - echo "real_ip_header CF-Connecting-IP;" >> $cf_inc -fi - -update-rc.d nginx defaults > /dev/null 2>&1 -systemctl start nginx >> $LOG -check_result $? "nginx start failed" - -#----------------------------------------------------------# -# Configure Apache # -#----------------------------------------------------------# - -if [ "$apache" = 'yes' ]; then - echo "[ * ] Configuring Apache Web Server..." - - mkdir -p /etc/apache2/conf.d - mkdir -p /etc/apache2/conf.d/domains - - # Copy configuration files - cp -f $HESTIA_INSTALL_DIR/apache2/apache2.conf /etc/apache2/ - cp -f $HESTIA_INSTALL_DIR/apache2/status.conf /etc/apache2/mods-available/hestia-status.conf - cp -f /etc/apache2/mods-available/status.load /etc/apache2/mods-available/hestia-status.load - cp -f $HESTIA_INSTALL_DIR/logrotate/apache2 /etc/logrotate.d/ - - # Enable needed modules - a2enmod rewrite > /dev/null 2>&1 - a2enmod suexec > /dev/null 2>&1 - a2enmod ssl > /dev/null 2>&1 - a2enmod actions > /dev/null 2>&1 - a2dismod --quiet status > /dev/null 2>&1 - a2enmod --quiet hestia-status > /dev/null 2>&1 - - # Enable mod_ruid/mpm_itk or mpm_event - if [ "$phpfpm" = 'yes' ]; then - # Disable prefork and php, enable event - a2dismod php$fpm_v > /dev/null 2>&1 - a2dismod mpm_prefork > /dev/null 2>&1 - a2enmod mpm_event > /dev/null 2>&1 - cp -f $HESTIA_INSTALL_DIR/apache2/hestia-event.conf /etc/apache2/conf.d/ - else - a2enmod ruid2 > /dev/null 2>&1 - fi - - echo "# Powered by hestia" > /etc/apache2/sites-available/default - echo "# Powered by hestia" > /etc/apache2/sites-available/default-ssl - echo "# Powered by hestia" > /etc/apache2/ports.conf - echo -e "/home\npublic_html/cgi-bin" > /etc/apache2/suexec/www-data - touch /var/log/apache2/access.log /var/log/apache2/error.log - mkdir -p /var/log/apache2/domains - chmod a+x /var/log/apache2 - chmod 640 /var/log/apache2/access.log /var/log/apache2/error.log - chmod 751 /var/log/apache2/domains - - # Prevent remote access to server-status page - sed -i '/Allow from all/d' /etc/apache2/mods-available/hestia-status.conf - - update-rc.d apache2 defaults > /dev/null 2>&1 - systemctl start apache2 >> $LOG - check_result $? "apache2 start failed" -else - update-rc.d apache2 disable > /dev/null 2>&1 - systemctl stop apache2 > /dev/null 2>&1 -fi - -#----------------------------------------------------------# -# Configure PHP-FPM # -#----------------------------------------------------------# - -if [ "$phpfpm" = "yes" ]; then - if [ "$multiphp" = 'yes' ]; then - for v in "${multiphp_v[@]}"; do - echo "[ * ] Installing PHP $v..." - $HESTIA/bin/v-add-web-php "$v" > /dev/null 2>&1 - done - else - echo "[ * ] Installing PHP $fpm_v..." - $HESTIA/bin/v-add-web-php "$fpm_v" > /dev/null 2>&1 - fi - - echo "[ * ] Configuring PHP-FPM $fpm_v..." - # Create www.conf for webmail and php(*)admin - cp -f $HESTIA_INSTALL_DIR/php-fpm/www.conf /etc/php/$fpm_v/fpm/pool.d/www.conf - update-rc.d php$fpm_v-fpm defaults > /dev/null 2>&1 - systemctl start php$fpm_v-fpm >> $LOG - check_result $? "php-fpm start failed" - # Set default php version to $fpm_v - update-alternatives --set php /usr/bin/php$fpm_v > /dev/null 2>&1 -fi - -#----------------------------------------------------------# -# Configure PHP # -#----------------------------------------------------------# - -echo "[ * ] Configuring PHP..." -ZONE=$(timedatectl > /dev/null 2>&1 | grep Timezone | awk '{print $2}') -if [ -z "$ZONE" ]; then - ZONE='UTC' -fi -for pconf in $(find /etc/php* -name php.ini); do - sed -i "s%;date.timezone =%date.timezone = $ZONE%g" $pconf - sed -i 's%_open_tag = Off%_open_tag = On%g' $pconf -done - -# Cleanup php session files not changed in the last 7 days (60*24*7 minutes) -echo '#!/bin/sh' > /etc/cron.daily/php-session-cleanup -echo "find -O3 /home/*/tmp/ -ignore_readdir_race -depth -mindepth 1 -name 'sess_*' -type f -cmin '+10080' -delete > /dev/null 2>&1" >> /etc/cron.daily/php-session-cleanup -echo "find -O3 $HESTIA/data/sessions/ -ignore_readdir_race -depth -mindepth 1 -name 'sess_*' -type f -cmin '+10080' -delete > /dev/null 2>&1" >> /etc/cron.daily/php-session-cleanup -chmod 755 /etc/cron.daily/php-session-cleanup - -#----------------------------------------------------------# -# Configure Vsftpd # -#----------------------------------------------------------# - -if [ "$vsftpd" = 'yes' ]; then - echo "[ * ] Configuring Vsftpd server..." - cp -f $HESTIA_INSTALL_DIR/vsftpd/vsftpd.conf /etc/ - touch /var/log/vsftpd.log - chown root:adm /var/log/vsftpd.log - chmod 640 /var/log/vsftpd.log - touch /var/log/xferlog - chown root:adm /var/log/xferlog - chmod 640 /var/log/xferlog - update-rc.d vsftpd defaults > /dev/null 2>&1 - systemctl start vsftpd >> $LOG - check_result $? "vsftpd start failed" -fi - -#----------------------------------------------------------# -# Configure ProFTPD # -#----------------------------------------------------------# - -if [ "$proftpd" = 'yes' ]; then - echo "[ * ] Configuring ProFTPD server..." - echo "127.0.0.1 $servername" >> /etc/hosts - cp -f $HESTIA_INSTALL_DIR/proftpd/proftpd.conf /etc/proftpd/ - cp -f $HESTIA_INSTALL_DIR/proftpd/tls.conf /etc/proftpd/ - - # Disable TLS 1.3 support for ProFTPD versions older than v1.3.7a - if [ "$release" = '20.04' ]; then - sed -i 's/TLSProtocol TLSv1.2 TLSv1.3/TLSProtocol TLSv1.2/' /etc/proftpd/tls.conf - fi - - update-rc.d proftpd defaults > /dev/null 2>&1 - systemctl start proftpd >> $LOG - check_result $? "proftpd start failed" - - if [ "$release" = '22.04' ]; then - unit_files="$(systemctl list-unit-files | grep proftpd)" - if [[ "$unit_files" =~ "disabled" ]]; then - systemctl enable proftpd - fi - fi -fi - -#----------------------------------------------------------# -# Configure MariaDB / MySQL # -#----------------------------------------------------------# - -if [ "$mysql" = 'yes' ] || [ "$mysql8" = 'yes' ]; then - [ "$mysql" = 'yes' ] && mysql_type="MariaDB" || mysql_type="MySQL" - echo "[ * ] Configuring $mysql_type database server..." - mycnf="my-small.cnf" - if [ $memory -gt 1200000 ]; then - mycnf="my-medium.cnf" - fi - if [ $memory -gt 3900000 ]; then - mycnf="my-large.cnf" - fi - - if [ "$mysql_type" = 'MariaDB' ]; then - # Run mysql_install_db - mysql_install_db >> $LOG - fi - - # Remove symbolic link - rm -f /etc/mysql/my.cnf - # Configuring MariaDB - cp -f $HESTIA_INSTALL_DIR/mysql/$mycnf /etc/mysql/my.cnf - - # Switch MariaDB inclusions to the MySQL - if [ "$mysql_type" = 'MySQL' ]; then - sed -i '/query_cache_size/d' /etc/mysql/my.cnf - sed -i 's|mariadb.conf.d|mysql.conf.d|g' /etc/mysql/my.cnf - fi - - if [ "$mysql_type" = 'MariaDB' ]; then - update-rc.d mariadb defaults > /dev/null 2>&1 - systemctl -q enable mariadb 2> /dev/null - systemctl start mariadb >> $LOG - check_result $? "${mysql_type,,} start failed" - fi - - if [ "$mysql_type" = 'MySQL' ]; then - update-rc.d mysql defaults > /dev/null 2>&1 - systemctl -q enable mysql 2> /dev/null - systemctl start mysql >> $LOG - check_result $? "${mysql_type,,} start failed" - fi - - # Securing MariaDB/MySQL installation - mpass=$(gen_pass) - echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf - chmod 600 /root/.my.cnf - - if [ -f '/usr/bin/mariadb' ]; then - mysql_server="mariadb" - else - mysql_server="mysql" - fi - # Alter root password - $mysql_server -e "ALTER USER 'root'@'localhost' IDENTIFIED BY '$mpass'; FLUSH PRIVILEGES;" - if [ "$mysql_type" = 'MariaDB' ]; then - # Allow mysql access via socket for startup - $mysql_server -e "UPDATE mysql.global_priv SET priv=json_set(priv, '$.password_last_changed', UNIX_TIMESTAMP(), '$.plugin', 'mysql_native_password', '$.authentication_string', 'invalid', '$.auth_or', json_array(json_object(), json_object('plugin', 'unix_socket'))) WHERE User='root';" - # Disable anonymous users - $mysql_server -e "DELETE FROM mysql.global_priv WHERE User='';" - else - $mysql_server -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH caching_sha2_password BY '$mpass';" - $mysql_server -e "DELETE FROM mysql.user WHERE User='';" - $mysql_server -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" - fi - # Drop test database - $mysql_server -e "DROP DATABASE IF EXISTS test" - $mysql_server -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'" - # Flush privileges - $mysql_server -e "FLUSH PRIVILEGES;" -fi - -#----------------------------------------------------------# -# Configure phpMyAdmin # -#----------------------------------------------------------# - -# Source upgrade.conf with phpmyadmin versions -# shellcheck source=/usr/local/hestia/install/upgrade/upgrade.conf -source $HESTIA/install/upgrade/upgrade.conf - -if [ "$mysql" = 'yes' ] || [ "$mysql8" = 'yes' ]; then - # Display upgrade information - echo "[ * ] Installing phpMyAdmin version v$pma_v..." - - # Download latest phpmyadmin release - wget --quiet --retry-connrefused https://files.phpmyadmin.net/phpMyAdmin/$pma_v/phpMyAdmin-$pma_v-all-languages.tar.gz - - # Unpack files - tar xzf phpMyAdmin-$pma_v-all-languages.tar.gz - - # Create folders - mkdir -p /usr/share/phpmyadmin - mkdir -p /etc/phpmyadmin - mkdir -p /etc/phpmyadmin/conf.d/ - mkdir /usr/share/phpmyadmin/tmp - - # Configuring Apache2 for PHPMYADMIN - if [ "$apache" = 'yes' ]; then - touch /etc/apache2/conf.d/phpmyadmin.inc - fi - - # Overwrite old files - cp -rf phpMyAdmin-$pma_v-all-languages/* /usr/share/phpmyadmin - - # Create copy of config file - cp -f $HESTIA_COMMON_DIR/phpmyadmin/config.inc.php /etc/phpmyadmin/ - mkdir -p /var/lib/phpmyadmin/tmp - chmod 770 /var/lib/phpmyadmin/tmp - chown root:www-data /usr/share/phpmyadmin/tmp - - # Set config and log directory - sed -i "s|'configFile' => ROOT_PATH . 'config.inc.php',|'configFile' => '/etc/phpmyadmin/config.inc.php',|g" /usr/share/phpmyadmin/libraries/vendor_config.php - - # Create temporary folder and change permission - chmod 770 /usr/share/phpmyadmin/tmp - chown root:www-data /usr/share/phpmyadmin/tmp - - # Generate blow fish - blowfish=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 32) - sed -i "s|%blowfish_secret%|$blowfish|" /etc/phpmyadmin/config.inc.php - - # Clean Up - rm -fr phpMyAdmin-$pma_v-all-languages - rm -f phpMyAdmin-$pma_v-all-languages.tar.gz - - write_config_value "DB_PMA_ALIAS" "phpmyadmin" - $HESTIA/bin/v-change-sys-db-alias 'pma' "phpmyadmin" - - # Special thanks to Pavel Galkin (https://skurudo.ru) - # https://github.com/skurudo/phpmyadmin-fixer - # shellcheck source=/usr/local/hestia/install/deb/phpmyadmin/pma.sh - source $HESTIA_COMMON_DIR/phpmyadmin/pma.sh > /dev/null 2>&1 - - # limit access to /etc/phpmyadmin/ - chown -R root:www-data /etc/phpmyadmin/ - chmod -R 640 /etc/phpmyadmin/* - chmod 750 /etc/phpmyadmin/conf.d/ -fi - -#----------------------------------------------------------# -# Configure PostgreSQL # -#----------------------------------------------------------# - -if [ "$postgresql" = 'yes' ]; then - echo "[ * ] Configuring PostgreSQL database server..." - ppass=$(gen_pass) - cp -f $HESTIA_INSTALL_DIR/postgresql/pg_hba.conf /etc/postgresql/*/main/ - systemctl restart postgresql - sudo -iu postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" > /dev/null 2>&1 - - mkdir -p /etc/phppgadmin/ - mkdir -p /usr/share/phppgadmin/ - - wget --retry-connrefused --quiet https://github.com/hestiacp/phppgadmin/releases/download/v$pga_v/phppgadmin-v$pga_v.tar.gz - tar xzf phppgadmin-v$pga_v.tar.gz -C /usr/share/phppgadmin/ - - cp -f $HESTIA_INSTALL_DIR/pga/config.inc.php /etc/phppgadmin/ - - ln -s /etc/phppgadmin/config.inc.php /usr/share/phppgadmin/conf/ - - # Configuring phpPgAdmin - if [ "$apache" = 'yes' ]; then - cp -f $HESTIA_INSTALL_DIR/pga/phppgadmin.conf /etc/apache2/conf.d/phppgadmin.inc - fi - - rm phppgadmin-v$pga_v.tar.gz - write_config_value "DB_PGA_ALIAS" "phppgadmin" - $HESTIA/bin/v-change-sys-db-alias 'pga' "phppgadmin" -fi - -#----------------------------------------------------------# -# Configure Bind # -#----------------------------------------------------------# - -if [ "$named" = 'yes' ]; then - echo "[ * ] Configuring Bind DNS server..." - cp -f $HESTIA_INSTALL_DIR/bind/named.conf /etc/bind/ - cp -f $HESTIA_INSTALL_DIR/bind/named.conf.options /etc/bind/ - chown root:bind /etc/bind/named.conf - chown root:bind /etc/bind/named.conf.options - chown bind:bind /var/cache/bind - chmod 640 /etc/bind/named.conf - chmod 640 /etc/bind/named.conf.options - aa-complain /usr/sbin/named > /dev/null 2>&1 - echo "/home/** rwm," >> /etc/apparmor.d/local/usr.sbin.named 2> /dev/null - if ! grep --quiet lxc /proc/1/environ; then - systemctl status apparmor > /dev/null 2>&1 - if [ $? -ne 0 ]; then - systemctl restart apparmor >> $LOG - fi - fi - update-rc.d bind9 defaults > /dev/null 2>&1 - systemctl start bind9 - check_result $? "bind9 start failed" - - # Workaround for OpenVZ/Virtuozzo - if [ -e "/proc/vz/veinfo" ] && [ -e "/etc/rc.local" ]; then - sed -i "s/^exit 0/service bind9 restart\nexit 0/" /etc/rc.local - fi -fi - -#----------------------------------------------------------# -# Configure Exim # -#----------------------------------------------------------# - -if [ "$exim" = 'yes' ]; then - echo "[ * ] Configuring Exim mail server..." - gpasswd -a Debian-exim mail > /dev/null 2>&1 - exim_version=$(exim4 --version | head -1 | awk '{print $3}' | cut -f -2 -d .) - # if Exim version > 4.9.4 or greater! - if ! version_ge "4.9.4" "$exim_version"; then - # Ubuntu 22.04 (Jammy) uses Exim 4.95 instead but config works with Exim4.94 - cp -f $HESTIA_INSTALL_DIR/exim/exim4.conf.4.95.template /etc/exim4/exim4.conf.template - else - cp -f $HESTIA_INSTALL_DIR/exim/exim4.conf.template /etc/exim4/ - fi - cp -f $HESTIA_INSTALL_DIR/exim/dnsbl.conf /etc/exim4/ - cp -f $HESTIA_INSTALL_DIR/exim/spam-blocks.conf /etc/exim4/ - cp -f $HESTIA_INSTALL_DIR/exim/limit.conf /etc/exim4/ - cp -f $HESTIA_INSTALL_DIR/exim/system.filter /etc/exim4/ - touch /etc/exim4/white-blocks.conf - - if [ "$spamd" = 'yes' ]; then - sed -i "s/#SPAM/SPAM/g" /etc/exim4/exim4.conf.template - fi - if [ "$clamd" = 'yes' ]; then - sed -i "s/#CLAMD/CLAMD/g" /etc/exim4/exim4.conf.template - fi - - # Generate SRS KEY If not support just created it will get ignored anyway - srs=$(gen_pass) - echo $srs > /etc/exim4/srs.conf - chmod 640 /etc/exim4/srs.conf - chmod 640 /etc/exim4/exim4.conf.template - chown root:Debian-exim /etc/exim4/srs.conf - - rm -rf /etc/exim4/domains - mkdir -p /etc/exim4/domains - - rm -f /etc/alternatives/mta - ln -s /usr/sbin/exim4 /etc/alternatives/mta - update-rc.d -f sendmail remove > /dev/null 2>&1 - systemctl stop sendmail > /dev/null 2>&1 - update-rc.d -f postfix remove > /dev/null 2>&1 - systemctl stop postfix > /dev/null 2>&1 - update-rc.d exim4 defaults - systemctl start exim4 >> $LOG - check_result $? "exim4 start failed" -fi - -#----------------------------------------------------------# -# Configure Dovecot # -#----------------------------------------------------------# - -if [ "$dovecot" = 'yes' ]; then - echo "[ * ] Configuring Dovecot POP/IMAP mail server..." - gpasswd -a dovecot mail > /dev/null 2>&1 - cp -rf $HESTIA_COMMON_DIR/dovecot /etc/ - cp -f $HESTIA_INSTALL_DIR/logrotate/dovecot /etc/logrotate.d/ - rm -f /etc/dovecot/conf.d/15-mailboxes.conf - chown -R root:root /etc/dovecot* - - #Alter config for 2.2 - version=$(dovecot --version | cut -f -2 -d .) - if [ "$version" = "2.2" ]; then - echo "[ * ] Downgrade dovecot config to sync with 2.2 settings" - sed -i 's|#ssl_dh_parameters_length = 4096|ssl_dh_parameters_length = 4096|g' /etc/dovecot/conf.d/10-ssl.conf - sed -i 's|ssl_dh = > $LOG - check_result $? "dovecot start failed" -fi - -#----------------------------------------------------------# -# Configure ClamAV # -#----------------------------------------------------------# - -if [ "$clamd" = 'yes' ]; then - gpasswd -a clamav mail > /dev/null 2>&1 - gpasswd -a clamav Debian-exim > /dev/null 2>&1 - cp -f $HESTIA_INSTALL_DIR/clamav/clamd.conf /etc/clamav/ - update-rc.d clamav-daemon defaults - echo -ne "[ * ] Installing ClamAV anti-virus definitions... " - /usr/bin/freshclam >> $LOG > /dev/null 2>&1 - BACK_PID=$! - spin_i=1 - while kill -0 $BACK_PID > /dev/null 2>&1; do - printf "\b${spinner:spin_i++%${#spinner}:1}" - sleep 0.5 - done - echo - systemctl start clamav-daemon >> $LOG - check_result $? "clamav-daemon start failed" -fi - -#----------------------------------------------------------# -# Configure SpamAssassin # -#----------------------------------------------------------# - -if [ "$spamd" = 'yes' ]; then - echo "[ * ] Configuring SpamAssassin..." - update-rc.d spamassassin defaults > /dev/null 2>&1 - sed -i "s/ENABLED=0/ENABLED=1/" /etc/default/spamassassin - systemctl start spamassassin >> $LOG - check_result $? "spamassassin start failed" - unit_files="$(systemctl list-unit-files | grep spamassassin)" - if [[ "$unit_files" =~ "disabled" ]]; then - systemctl enable spamassassin > /dev/null 2>&1 - fi - sed -i "s/#CRON=1/CRON=1/" /etc/default/spamassassin -fi - -#----------------------------------------------------------# -# Configure Fail2Ban # -#----------------------------------------------------------# - -if [ "$fail2ban" = 'yes' ]; then - echo "[ * ] Configuring fail2ban access monitor..." - cp -rf $HESTIA_INSTALL_DIR/fail2ban /etc/ - if [ "$dovecot" = 'no' ]; then - fline=$(cat /etc/fail2ban/jail.local | grep -n dovecot-iptables -A 2) - fline=$(echo "$fline" | grep enabled | tail -n1 | cut -f 1 -d -) - sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local - fi - if [ "$exim" = 'no' ]; then - fline=$(cat /etc/fail2ban/jail.local | grep -n exim-iptables -A 2) - fline=$(echo "$fline" | grep enabled | tail -n1 | cut -f 1 -d -) - sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local - fi - if [ "$vsftpd" = 'yes' ]; then - # Create vsftpd Log File - if [ ! -f "/var/log/vsftpd.log" ]; then - touch /var/log/vsftpd.log - fi - fline=$(cat /etc/fail2ban/jail.local | grep -n vsftpd-iptables -A 2) - fline=$(echo "$fline" | grep enabled | tail -n1 | cut -f 1 -d -) - sed -i "${fline}s/false/true/" /etc/fail2ban/jail.local - fi - if [ -f /etc/fail2ban/jail.d/defaults-debian.conf ]; then - rm -f /etc/fail2ban/jail.d/defaults-debian.conf - fi - - update-rc.d fail2ban defaults - # Ubuntu 22.04 doesn't start F2B by default on boot - update-rc.d fail2ban enable - systemctl start fail2ban >> $LOG - check_result $? "fail2ban start failed" -fi - -# Configuring MariaDB/MySQL host -if [ "$mysql" = 'yes' ] || [ "$mysql8" = 'yes' ]; then - $HESTIA/bin/v-add-database-host mysql localhost root $mpass -fi - -# Configuring PostgreSQL host -if [ "$postgresql" = 'yes' ]; then - $HESTIA/bin/v-add-database-host pgsql localhost postgres $ppass -fi - -#----------------------------------------------------------# -# Install Roundcube # -#----------------------------------------------------------# - -# Min requirements Dovecot + Exim + Mysql -if ([ "$mysql" == 'yes' ] || [ "$mysql8" == 'yes' ]) && [ "$dovecot" == "yes" ]; then - echo "[ * ] Installing Roundcube..." - $HESTIA/bin/v-add-sys-roundcube - write_config_value "WEBMAIL_ALIAS" "webmail" -else - write_config_value "WEBMAIL_ALIAS" "" - write_config_value "WEBMAIL_SYSTEM" "" -fi - -#----------------------------------------------------------# -# Install Sieve # -#----------------------------------------------------------# - -# Min requirements Dovecot + Exim + Mysql + Roundcube -if [ "$sieve" = 'yes' ]; then - # Folder paths - RC_INSTALL_DIR="/var/lib/roundcube" - RC_CONFIG_DIR="/etc/roundcube" - - echo "[ * ] Installing Sieve Mail Filter..." - - # dovecot.conf install - sed -i "s/namespace/service stats \{\n unix_listener stats-writer \{\n group = mail\n mode = 0660\n user = dovecot\n \}\n\}\n\nnamespace/g" /etc/dovecot/dovecot.conf - - # Dovecot conf files - # 10-master.conf - sed -i -E -z "s/ }\n user = dovecot\n}/ \}\n unix_listener auth-master \{\n group = mail\n mode = 0660\n user = dovecot\n \}\n user = dovecot\n\}/g" /etc/dovecot/conf.d/10-master.conf - # 15-lda.conf - sed -i "s/\#mail_plugins = \\\$mail_plugins/mail_plugins = \$mail_plugins quota sieve\n auth_socket_path = \/var\/run\/dovecot\/auth-master/g" /etc/dovecot/conf.d/15-lda.conf - # 20-imap.conf - sed -i "s/mail_plugins = quota imap_quota/mail_plugins = quota imap_quota imap_sieve/g" /etc/dovecot/conf.d/20-imap.conf - - # Replace dovecot-sieve config files - cp -f $HESTIA_COMMON_DIR/dovecot/sieve/* /etc/dovecot/conf.d - - # Dovecot default file install - echo -e "require [\"fileinto\"];\n# rule:[SPAM]\nif header :contains \"X-Spam-Flag\" \"YES\" {\n fileinto \"INBOX.Spam\";\n}\n" > /etc/dovecot/sieve/default - - # exim4 install - sed -i "s/\stransport = local_delivery/ transport = dovecot_virtual_delivery/" /etc/exim4/exim4.conf.template - sed -i "s/address_pipe:/dovecot_virtual_delivery:\n driver = pipe\n command = \/usr\/lib\/dovecot\/dovecot-lda -e -d \${extract{1}{:}{\${lookup{\$local_part}lsearch{\/etc\/exim4\/domains\/\${lookup{\$domain}dsearch{\/etc\/exim4\/domains\/}}\/accounts}}}}@\${lookup{\$domain}dsearch{\/etc\/exim4\/domains\/}}\n delivery_date_add\n envelope_to_add\n return_path_add\n log_output = true\n log_defer_output = true\n user = \${extract{2}{:}{\${lookup{\$local_part}lsearch{\/etc\/exim4\/domains\/\${lookup{\$domain}dsearch{\/etc\/exim4\/domains\/}}\/passwd}}}}\n group = mail\n return_output\n\naddress_pipe:/g" /etc/exim4/exim4.conf.template - - # Permission changes - chown -R dovecot:mail /var/log/dovecot.log - chmod 660 /var/log/dovecot.log - - if [ -d "/var/lib/roundcube" ]; then - # Modify Roundcube config - mkdir -p $RC_CONFIG_DIR/plugins/managesieve - cp -f $HESTIA_COMMON_DIR/roundcube/plugins/config_managesieve.inc.php $RC_CONFIG_DIR/plugins/managesieve/config.inc.php - ln -s $RC_CONFIG_DIR/plugins/managesieve/config.inc.php $RC_INSTALL_DIR/plugins/managesieve/config.inc.php - chown -R root:www-data $RC_CONFIG_DIR/ - chmod 751 -R $RC_CONFIG_DIR - chmod 644 $RC_CONFIG_DIR/*.php - chmod 644 $RC_CONFIG_DIR/plugins/managesieve/config.inc.php - sed -i "s/\"archive\"/\"archive\", \"managesieve\"/g" $RC_CONFIG_DIR/config.inc.php - fi - - # Restart Dovecot and exim4 - systemctl restart dovecot > /dev/null 2>&1 - systemctl restart exim4 > /dev/null 2>&1 -fi - -#----------------------------------------------------------# -# Configure API # -#----------------------------------------------------------# - -if [ "$api" = "yes" ]; then - # Keep legacy api enabled until transition is complete - write_config_value "API" "yes" - write_config_value "API_SYSTEM" "1" - write_config_value "API_ALLOWED_IP" "" -else - write_config_value "API" "no" - write_config_value "API_SYSTEM" "0" - write_config_value "API_ALLOWED_IP" "" - $HESTIA/bin/v-change-sys-api disable -fi - -#----------------------------------------------------------# -# Configure File Manager # -#----------------------------------------------------------# - -echo "[ * ] Configuring File Manager..." -$HESTIA/bin/v-add-sys-filemanager quiet - -#----------------------------------------------------------# -# Configure dependencies # -#----------------------------------------------------------# - -echo "[ * ] Configuring PHP dependencies..." -$HESTIA/bin/v-add-sys-dependencies quiet - -echo "[ * ] Installing Rclone..." -curl -s https://rclone.org/install.sh | bash > /dev/null 2>&1 - -#----------------------------------------------------------# -# Configure IP # -#----------------------------------------------------------# - -# Configuring system IPs -echo "[ * ] Configuring System IP..." -$HESTIA/bin/v-update-sys-ip > /dev/null 2>&1 - -# Get primary IP -default_nic="$(ip -d -j route show | jq -r '.[] | if .dst == "default" then .dev else empty end')" -# IPv4 -primary_ipv4="$(ip -4 -d -j addr show "$default_nic" | jq -r '.[] | select(length > 0) | .addr_info[] | if .scope == "global" then .local else empty end' | head -n1)" -# IPv6 -#primary_ipv6="$(ip -6 -d -j addr show "$default_nic" | jq -r '.[] | select(length > 0) | .addr_info[] | if .scope == "global" then .local else empty end' | head -n1)" -ip="$primary_ipv4" -local_ip="$primary_ipv4" - -# Configuring firewall -if [ "$iptables" = 'yes' ]; then - $HESTIA/bin/v-update-firewall -fi - -# Get public IP -pub_ipv4="$(curl -fsLm5 --retry 2 --ipv4 -H "Simple-Hestiacp: yes" https://hestiaip.brepo.ru/)" -if [ -n "$pub_ipv4" ] && [ "$pub_ipv4" != "$ip" ]; then - if [ -e /etc/rc.local ]; then - sed -i '/exit 0/d' /etc/rc.local - else - touch /etc/rc.local - fi - - check_rclocal=$(cat /etc/rc.local | grep "#!") - if [ -z "$check_rclocal" ]; then - echo "#!/bin/sh" >> /etc/rc.local - fi - - # Fix for Proxmox VE containers where hostname is reset to non-FQDN format on reboot - check_pve=$(uname -r | grep pve) - if [ ! -z "$check_pve" ]; then - echo 'hostname=$(hostname --fqdn)' >> /etc/rc.local - echo ""$HESTIA/bin/v-change-sys-hostname" "'"$hostname"'"" >> /etc/rc.local - fi - echo "$HESTIA/bin/v-update-sys-ip" >> /etc/rc.local - echo "exit 0" >> /etc/rc.local - chmod +x /etc/rc.local - systemctl enable rc-local > /dev/null 2>&1 - $HESTIA/bin/v-change-sys-ip-nat "$ip" "$pub_ipv4" > /dev/null 2>&1 - ip="$pub_ipv4" -fi - -# Configuring libapache2-mod-remoteip -if [ "$apache" = 'yes' ] && [ "$nginx" = 'yes' ]; then - cd /etc/apache2/mods-available - echo "" > remoteip.conf - echo " RemoteIPHeader X-Real-IP" >> remoteip.conf - if [ "$local_ip" != "127.0.0.1" ] && [ "$pub_ipv4" != "127.0.0.1" ]; then - echo " RemoteIPInternalProxy 127.0.0.1" >> remoteip.conf - fi - if [ -n "$local_ip" ] && [ "$local_ip" != "$pub_ipv4" ]; then - echo " RemoteIPInternalProxy $local_ip" >> remoteip.conf - fi - if [ -n "$pub_ipv4" ]; then - echo " RemoteIPInternalProxy $pub_ipv4" >> remoteip.conf - fi - echo "" >> remoteip.conf - sed -i "s/LogFormat \"%h/LogFormat \"%a/g" /etc/apache2/apache2.conf - a2enmod remoteip >> $LOG - systemctl restart apache2 -fi - -# Adding default domain -$HESTIA/bin/v-add-web-domain admin "$servername" "$ip" -check_result $? "can't create $servername domain" - -# Adding cron jobs -export SCHEDULED_RESTART="yes" -command="sudo $HESTIA/bin/v-update-sys-queue restart" -$HESTIA/bin/v-add-cron-job 'admin' '*/2' '*' '*' '*' '*' "$command" -systemctl restart cron - -command="sudo $HESTIA/bin/v-update-sys-queue daily" -$HESTIA/bin/v-add-cron-job 'admin' '10' '00' '*' '*' '*' "$command" -command="sudo $HESTIA/bin/v-update-sys-queue disk" -$HESTIA/bin/v-add-cron-job 'admin' '15' '02' '*' '*' '*' "$command" -command="sudo $HESTIA/bin/v-update-sys-queue traffic" -$HESTIA/bin/v-add-cron-job 'admin' '10' '00' '*' '*' '*' "$command" -command="sudo $HESTIA/bin/v-update-sys-queue webstats" -$HESTIA/bin/v-add-cron-job 'admin' '30' '03' '*' '*' '*' "$command" -command="sudo $HESTIA/bin/v-update-sys-queue backup" -$HESTIA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" -command="sudo $HESTIA/bin/v-backup-users" -$HESTIA/bin/v-add-cron-job 'admin' '10' '05' '*' '*' '*' "$command" -command="sudo $HESTIA/bin/v-update-user-stats" -$HESTIA/bin/v-add-cron-job 'admin' '20' '00' '*' '*' '*' "$command" -command="sudo $HESTIA/bin/v-update-sys-rrd" -$HESTIA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" -command="sudo $HESTIA/bin/v-update-letsencrypt-ssl" -min=$(gen_pass '012345' '2') -hour=$(gen_pass '1234567' '1') -$HESTIA/bin/v-add-cron-job 'admin' "$min" "$hour" '*' '*' '*' "$command" - -# Enable automatic updates -$HESTIA/bin/v-add-cron-hestia-autoupdate apt - -# Building initital rrd images -$HESTIA/bin/v-update-sys-rrd - -# Enabling file system quota -if [ "$quota" = 'yes' ]; then - $HESTIA/bin/v-add-sys-quota -fi - -# Set backend port -$HESTIA/bin/v-change-sys-port $port > /dev/null 2>&1 - -# Create default configuration files -$HESTIA/bin/v-update-sys-defaults - -# Update remaining packages since repositories have changed -echo -ne "[ * ] Installing remaining software updates..." -apt-get -qq update -apt-get -y upgrade >> $LOG & -BACK_PID=$! -echo - -# Starting Hestia service -update-rc.d hestia defaults -systemctl start hestia -check_result $? "hestia start failed" -chown admin:admin $HESTIA/data/sessions - -# Create backup folder and set correct permission -mkdir -p /backup/ -chmod 755 /backup/ - -# Create cronjob to generate ssl -echo "@reboot root sleep 10 && rm /etc/cron.d/hestia-ssl && PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:' && /usr/local/hestia/bin/v-add-letsencrypt-host" > /etc/cron.d/hestia-ssl - -#----------------------------------------------------------# -# Set hestia.conf default values # -#----------------------------------------------------------# - -echo "[ * ] Updating configuration files..." -BIN="$HESTIA/bin" -source $HESTIA/func/syshealth.sh -syshealth_repair_system_config - -# Add /usr/local/hestia/bin/ to path variable -echo 'if [ "${PATH#*/usr/local/hestia/bin*}" = "$PATH" ]; then - . /etc/profile.d/hestia.sh -fi' >> /root/.bashrc - -#----------------------------------------------------------# -# Hestia Access Info # -#----------------------------------------------------------# - -# Comparing hostname and IP -host_ip=$(host $servername | head -n 1 | awk '{print $NF}') -if [ "$host_ip" = "$ip" ]; then - ip="$servername" -fi - -echo -e "\n" -echo "====================================================================" -echo -e "\n" - -# Sending notification to admin email -echo -e "Congratulations! - -You have successfully installed Hestia Control Panel on your server. - -Ready to get started? Log in using the following credentials: - - Admin URL: https://$servername:$port" > $tmpfile -if [ "$host_ip" != "$ip" ]; then - echo " Backup URL: https://$ip:$port" >> $tmpfile -fi -echo -e -n " Username: admin - Password: $displaypass - -Thank you for choosing Hestia Control Panel to power your full stack web server, -we hope that you enjoy using it as much as we do! - -Please feel free to contact us at any time if you have any questions, -or if you encounter any bugs or problems: - -Documentation: https://docs.hestiacp.com/ -Forum: https://forum.hestiacp.com/ -GitHub: https://www.github.com/hestiacp/hestiacp - -Note: Automatic updates are enabled by default. If you would like to disable them, -please log in and navigate to Server > Updates to turn them off. - -Help support the Hestia Control Panel project by donating via PayPal: -https://www.hestiacp.com/donate - --- -Sincerely yours, -The Hestia Control Panel development team - -Made with love & pride by the open-source community around the world. -" >> $tmpfile - -send_mail="$HESTIA/web/inc/mail-wrapper.php" -cat $tmpfile | $send_mail -s "Hestia Control Panel" $email - -# Congrats -echo -cat $tmpfile -rm -f $tmpfile - -# Add welcome message to notification panel -$HESTIA/bin/v-add-user-notification admin 'Welcome to Hestia Control Panel!' '

You are now ready to begin adding user accounts and domains. For help and assistance, view the documentation or visit our forum.

Please report any issues via GitHub.

Have a wonderful day!

The Hestia Control Panel development team

' - -# Clean-up -# Sort final configuration file -sort_config_file - -if [ "$interactive" = 'yes' ]; then - echo "[ ! ] IMPORTANT: The system will now reboot to complete the installation process." - read -n 1 -s -r -p "Press any key to continue" - reboot -else - echo "[ ! ] IMPORTANT: You must restart the system before continuing!" -fi -# EOF diff --git a/install/hst-install.sh b/install/hst-install.sh index 193f112..afbea2d 100755 --- a/install/hst-install.sh +++ b/install/hst-install.sh @@ -4,13 +4,11 @@ # # Hestia Control Panel Installation Routine # Automatic OS detection wrapper -# https://www.hestiacp.com/ +# https://hestiadocs.brepo.ru/ # -# Currently Supported Operating Systems: +# Supported Operating Systems: # -# Debian 10, 11 -# Ubuntu 20.04, 22.04 -# AlmaLinux, EuroLinux, Red Hat EnterPrise Linux, Rocky Linux 8, 9 +# AlmaLinux, EuroLinux, Red Hat EnterPrise Linux, Rocky Linux, MSVSphere 9 # # ======================================================== # @@ -42,21 +40,7 @@ fi # Detect OS if [ -e "/etc/os-release" ] && [ ! -e "/etc/redhat-release" ]; then - type=$(grep "^ID=" /etc/os-release | cut -f 2 -d '=') - if [ "$type" = "ubuntu" ]; then - # Check if lsb_release is installed - if [ -e '/usr/bin/lsb_release' ]; then - release="$(lsb_release -s -r)" - VERSION='ubuntu' - else - echo "lsb_release is currently not installed, please install it:" - echo "apt-get update && apt-get install lsb-release" - exit 1 - fi - elif [ "$type" = "debian" ]; then - release=$(cat /etc/debian_version | grep -o "[0-9]\{1,2\}" | head -n1) - VERSION='debian' - fi + type="NoSupport" elif [ -e "/etc/os-release" ] && [ -e "/etc/redhat-release" ]; then type=$(grep "^ID=" /etc/os-release | cut -f 2 -d '"') VERSION=$type @@ -71,13 +55,10 @@ fi no_support_message() { echo "****************************************************" echo "Your operating system (OS) is not supported by" - echo "Hestia Control Panel. Officially supported releases:" + echo "Hestia Control Panel (RPM edition). Officially supported releases:" echo "****************************************************" - echo " Debian 10, 11" - echo " Ubuntu 20.04, 22.04 LTS" - # Commenting this out for now - echo " Red Hat Enterprise Linux 8, 9 and related versions of" - echo " AlmaLinux, Rocky Linux, Oracle Linux Server and EuroLinux" + echo " Red Hat Enterprise Linux 9 and related versions of" + echo " AlmaLinux, Rocky Linux, Oracle Linux Server and EuroLinux, MSVSphere" echo "" exit 1 }