#!/usr/bin/env bash
# Official Sentora Automated Installation Script
# =============================================
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
#
# Supported Operating Systems:
# CentOS 8.* Minimal,
# Ubuntu server 18.04/20.04
# Debian 9.*/10.* COMING SOON!!!
# 32bit and 64bit
#
# Contributions from:
#
# Anthony DeBeaulieu (anthony.d@sentora.org
# Pascal Peyremorte (ppeyremorte@sentora.org)
# Mehdi Blagui
# Kevin Andrews (kevin@zvps.uk)
#
# and all those who participated to this and to previous installers.
# Thanks to all.
##
# SENTORA_CORE/INSTALLER_VERSION
# master - latest unstable
# 1.0.3 - example stable tag
##
SENTORA_INSTALLER_VERSION="2.0.1"
SENTORA_CORE_VERSION="2.0.1"
PANEL_PATH="/etc/sentora"
PANEL_DATA="/var/sentora"
PANEL_CONF="/etc/sentora/configs"
PANEL_UPGRADE=false
#--- Display the 'welcome' splash/user warning info..
echo ""
echo "############################################################"
echo "# Welcome to the Official Sentora Installer v.$SENTORA_INSTALLER_VERSION #"
echo "############################################################"
echo -e "\nChecking that minimal requirements are ok"
# Ensure the OS is compatible with the launcher
if [ -f /etc/centos-release ]; then
OS="CentOs"
VERFULL=$(sed 's/^.*release //;s/ (Fin.*$//' /etc/centos-release)
VER=${VERFULL:0:1} # return 8
elif [ -f /etc/lsb-release ]; then
OS=$(grep DISTRIB_ID /etc/lsb-release | sed 's/^.*=//')
VER=$(grep DISTRIB_RELEASE /etc/lsb-release | sed 's/^.*=//')
elif [ -f /etc/os-release ]; then
OS=$(grep -w ID /etc/os-release | sed 's/^.*=//')
VER=$(grep VERSION_ID /etc/os-release | sed 's/^.*"\(.*\)"/\1/')
else
OS=$(uname -s)
VER=$(uname -r)
fi
ARCH=$(uname -m)
echo "Detected : $OS $VER $ARCH"
if [[ "$OS" = "CentOs" && ( "$VER" = "8" ) ||
"$OS" = "Ubuntu" && ( "$VER" = "18.04" || "$VER" = "20.04" ) ]] ; then
echo "Ok."
else
echo "Sorry, this OS is not supported by Sentora."
exit 1
fi
# Centos uses repo directory that depends of architecture. Ensure it is compatible
if [[ "$OS" = "CentOs" ]] ; then
if [[ "$ARCH" == "i386" || "$ARCH" == "i486" || "$ARCH" == "i586" || "$ARCH" == "i686" ]]; then
ARCH="i386"
elif [[ "$ARCH" != "x86_64" ]]; then
echo "Unexpected architecture name was returned ($ARCH ). :-("
echo "The installer have been designed for i[3-6]8- and x86_64' architectures. If you"
echo " think it may work on your, please report it to the Sentora forum or bugtracker."
exit 1
fi
fi
# Check if the user is 'root' before allowing installation to commence
if [ $UID -ne 0 ]; then
echo "Install failed: you must be logged in as 'root' to install."
echo "Use command 'sudo -i', then enter root password and then try again."
exit 1
fi
# Check for some common control panels that we know will affect the installation/operating of Sentora.
if [ -e /usr/local/cpanel ] || [ -e /usr/local/directadmin ] || [ -e /usr/local/solusvm/www ] || [ -e /usr/local/home/admispconfig ] || [ -e /usr/local/lxlabs/kloxo ] ; then
echo "It appears that a control panel is already installed on your server; This installer"
echo "is designed to install and configure Sentora on a clean OS installation only."
echo -e "\nPlease re-install your OS before attempting to install using this script."
exit 1
fi
# Check for some common packages that we know will affect the installation/operating of Sentora.
if [[ "$OS" = "CentOs" ]] ; then
if [[ "$VER" = "8" ]] ; then
PACKAGE_INSTALLER="dnf -y -q install"
PACKAGE_REMOVER="dnf -y -q remove"
else
PACKAGE_INSTALLER="yum -y -q install"
PACKAGE_REMOVER="yum -y -q remove"
fi
inst() {
rpm -q "$1" &> /dev/null
}
if [[ "$VER" = "7" || "$VER" = "8" ]]; then
DB_PCKG="mariadb" && echo "DB server will be mariaDB"
else
DB_PCKG="mysql" && echo "DB server will be mySQL"
fi
HTTP_PCKG="httpd"
PHP_PCKG="php"
BIND_PCKG="bind"
elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
PACKAGE_INSTALLER="apt-get -yqq install"
PACKAGE_REMOVER="apt-get -yqq remove"
inst() {
dpkg -l "$1" 2> /dev/null | grep '^ii' &> /dev/null
}
DB_PCKG="mysql-server"
HTTP_PCKG="apache2"
PHP_PCKG="apache2-mod-php5"
BIND_PCKG="bind9"
fi
# Note : Postfix is installed by default on centos netinstall / minimum install.
# The installer seems to work fine even if Postfix is already installed.
# -> The check of postfix is removed, but this comment remains to remember
# only check for sentora installed systems zpanel can now upgrade using this script
if [ -L "/etc/zpanel" ] && [ -d "/etc/zpanel" ]; then
pkginst="n"
pkginstlist=""
for package in "$DB_PCKG" "dovecot-mysql" "$HTTP_PCKG" "$PHP_PCKG" "proftpd" "$BIND_PCKG" ; do
if (inst "$package"); then
pkginst="y" # At least one package is installed
pkginstlist="$package $pkginstlist"
fi
done
if [ $pkginst = "y" ]; then
echo "It appears that the folowing package(s) are already installed:"
echo "$pkginstlist"
echo "This installer is designed to install and configure Sentora on a clean OS installation only!"
echo -e "\nPlease re-install your OS before attempting to install using this script."
exit 1
fi
unset pkginst
unset pkginstlist
fi
# *************************************************
#--- Prepare or query informations required to install
# Update repositories and Install wget and util used to grab server IP
echo -e "\n-- Installing wget and dns utils required to manage inputs"
if [[ "$OS" = "CentOs" ]]; then
yum -y update
$PACKAGE_INSTALLER bind-utils
elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
apt-get -yqq update #ensure we can install
$PACKAGE_INSTALLER dnsutils
fi
$PACKAGE_INSTALLER wget
extern_ip="$(wget -qO- http://api.sentora.org/ip.txt)"
#local_ip=$(ifconfig eth0 | sed -En 's|.*inet [^0-9]*(([0-9]*\.){3}[0-9]*).*$|\1|p')
local_ip=$(ip addr show | awk '$1 == "inet" && $3 == "brd" { sub (/\/.*/,""); print $2 }')
# Enable parameters to be entered on commandline, required for vagrant install
# -d
# -i (or -i local or -i public, see below)
# -t
# like :
# sentora_install.sh -t Europe/Paris -d panel.domain.tld -i xxx.xxx.xxx.xxx
# notes:
# -d and -i must be both present or both absent
# -i local force use of local detected ip
# -i public force use of public detected ip
# if -t is used without -d/-i, timezone is set from value given and not asked to user
# if -t absent and -d/-i are present, timezone is not set at all
while getopts d:i:t: opt; do
case $opt in
d)
PANEL_FQDN=$OPTARG
INSTALL="auto"
;;
i)
PUBLIC_IP=$OPTARG
if [[ "$PUBLIC_IP" == "local" ]] ; then
PUBLIC_IP=$local_ip
elif [[ "$PUBLIC_IP" == "public" ]] ; then
PUBLIC_IP=$extern_ip
fi
;;
t)
echo "$OPTARG" > /etc/timezone
tz=$(cat /etc/timezone)
;;
esac
done
if [[ ("$PANEL_FQDN" != "" && "$PUBLIC_IP" == "") ||
("$PANEL_FQDN" == "" && "$PUBLIC_IP" != "") ]] ; then
echo "-d and -i must be both present or both absent."
exit 2
fi
if [[ "$tz" == "" && "$PANEL_FQDN" == "" ]] ; then
# Propose selection list for the time zone
echo "Preparing to select timezone, please wait a few seconds..."
$PACKAGE_INSTALLER tzdata
# setup server timezone
if [[ "$OS" = "CentOs" ]]; then
# make tzselect to save TZ in /etc/timezone
echo "echo \$TZ > /etc/timezone" >> /usr/bin/tzselect
tzselect
tz=$(cat /etc/timezone)
elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
dpkg-reconfigure tzdata
tz=$(cat /etc/timezone)
fi
fi
# clear timezone information to focus user on important notice
clear
# Installer parameters
if [[ "$PANEL_FQDN" == "" ]] ; then
echo -e "\n\e[1;33m=== Informations required to build your server ===\e[0m"
echo 'The installer requires 2 pieces of information:'
echo ' 1) the sub-domain that you want to use to access Sentora panel,'
echo ' - do not use your main domain (like domain.com)'
echo ' - use a sub-domain, e.g panel.domain.com'
echo ' - or use the server hostname, e.g server1.domain.com'
echo ' - DNS must already be configured and pointing to the server IP'
echo ' for this sub-domain'
echo ' 2) The public IP of the server.'
echo ''
PANEL_FQDN="$(/bin/hostname)"
PUBLIC_IP=$extern_ip
while true; do
echo ""
read -r -e -p "Enter the sub-domain you want to access Sentora panel: " -i "$PANEL_FQDN" PANEL_FQDN
if [[ "$PUBLIC_IP" != "$local_ip" ]]; then
echo -e "\nThe public IP of the server is $PUBLIC_IP. Its local IP is $local_ip"
echo " For a production server, the PUBLIC IP must be used."
fi
read -r -e -p "Enter (or confirm) the public IP for this server: " -i "$PUBLIC_IP" PUBLIC_IP
echo ""
# Checks if the panel domain is a subdomain
sub=$(echo "$PANEL_FQDN" | sed -n 's|\(.*\)\..*\..*|\1|p')
if [[ "$sub" == "" ]]; then
echo -e "\e[1;31mWARNING: $PANEL_FQDN is not a subdomain!\e[0m"
confirm="true"
fi
# Checks if the panel domain is already assigned in DNS
# Obsolete now using external source for FQDN to IP.
#dns_panel_ip=$(host "$PANEL_FQDN"|grep address|cut -d" " -f4) // Obsolete for modern VM's due to hostname setup in /etc/hosts
dns_panel_ip=$(wget -qO- http://api.sentora.org/hostname.txt?domain="$PANEL_FQDN")
if [[ "$dns_panel_ip" == "" ]]; then
echo -e "\e[1;31mWARNING: $PANEL_FQDN is not defined in your DNS!\e[0m"
echo " You must add records in your DNS manager (and then wait until propagation is done)."
echo " For more information, read the Sentora documentation:"
echo " - http://docs.sentora.org/index.php?node=7 (Installing Sentora)"
echo " - http://docs.sentora.org/index.php?node=51 (Installer questions)"
echo " If this is a production installation, set the DNS up as soon as possible."
confirm="true"
else
echo -e "\e[1;32mOK\e[0m: DNS successfully resolves $PANEL_FQDN to $dns_panel_ip"
# Check if panel domain matches public IP
if [[ "$dns_panel_ip" != "$PUBLIC_IP" ]]; then
echo -e -n "\e[1;31mWARNING: $PANEL_FQDN DNS record does not point to $PUBLIC_IP!\e[0m"
echo " Sentora will not be reachable from http://$PANEL_FQDN"
confirm="true"
fi
fi
if [[ "$PUBLIC_IP" != "$extern_ip" && "$PUBLIC_IP" != "$local_ip" ]]; then
echo -e -n "\e[1;31mWARNING: $PUBLIC_IP does not match detected IP !\e[0m"
echo " Sentora will not work with this IP..."
confirm="true"
fi
echo ""
# if any warning, ask confirmation to continue or propose to change
if [[ "$confirm" != "" ]] ; then
echo "There are some warnings..."
echo "Are you really sure that you want to setup Sentora with these parameters?"
read -r -e -p "(y):Accept and install, (n):Change domain or IP, (q):Quit installer? " yn
case $yn in
[Yy]* ) break;;
[Nn]* ) continue;;
[Qq]* ) exit;;
esac
else
read -r -e -p "All is ok. Do you want to install Sentora now (y/n)? " yn
case $yn in
[Yy]* ) break;;
[Nn]* ) exit;;
esac
fi
done
fi
# ***************************************
# Installation really starts here
echo -e "\n# -------------------------------------------------------------------------------"
#--- Setup Sentora Admin contact info
echo -e "\n--- Please Enter vaild contact info for the Sentora system admin or owner below:\n"
# Get Admin contact info
# ---- Name
while true
do
read -r -e -p "Enter Full name: " -i "$ADMIN_NAME" ADMIN_NAME
echo
if [ -n "$ADMIN_NAME" ]
then
break
else
echo "Entry is Blank. Try again."
fi
done
# --- Email
while true
do
read -r -e -p "Enter admin email: " -i "$ADMIN_EMAIL" ADMIN_EMAIL
echo
if [[ "$ADMIN_EMAIL" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$ ]]
then
break
else
echo "Email address $ADMIN_EMAIL is invalid."
fi
done
# ---- Phone Number
while true
do
read -r -e -p "Enter Phone Number: " -i "$ADMIN_PHONE" ADMIN_PHONE
echo
if [ -n "$ADMIN_PHONE" ]
then
break
else
echo "Entry is Blank. Try again."
fi
done
# ---- Address
while true
do
read -r -e -p "Enter Street Address: " -i "$ADMIN_ADDRESS" ADMIN_ADDRESS
echo
if [ -n "$ADMIN_ADDRESS" ]
then
break
else
echo "Entry is Blank. Try again."
fi
done
# ---- Address - City, State or Province
while true
do
read -r -e -p "Enter City, State or Province: " -i "$ADMIN_PROVINCE" ADMIN_PROVINCE
echo
if [ -n "$ADMIN_PROVINCE" ]
then
break
else
echo "Entry is Blank. Try again."
fi
done
# ---- Address - Postal code
while true
do
read -r -e -p "Enter Postal code: " -i "$ADMIN_POSTALCODE" ADMIN_POSTALCODE
echo
if [ -n "$ADMIN_POSTALCODE" ]
then
break
else
echo "Entry is Blank. Try again."
fi
done
# ---- Address - Country
while true
do
read -r -e -p "Enter Country: " -i "$ADMIN_COUNTRY" ADMIN_COUNTRY
echo
if [ -n "$ADMIN_COUNTRY" ]
then
break
else
echo "Entry is Blank. Try again."
fi
done
echo -e "\n# -------------------------------------------------------------------------------\n"
#--- Set custom logging methods so we create a log file in the current working directory.
logfile=$(date +%Y-%m-%d_%H.%M.%S_sentora_install.log)
touch "$logfile"
exec > >(tee "$logfile")
exec 2>&1
echo "Installer version $SENTORA_INSTALLER_VERSION"
echo "Sentora core version $SENTORA_CORE_VERSION"
echo ""
echo "Installing Sentora $SENTORA_CORE_VERSION at http://$PANEL_FQDN and ip $PUBLIC_IP"
echo "on server under: $OS $VER $ARCH"
uname -a
# Function to disable a file by appending its name with _disabled
disable_file() {
mv "$1" "$1_disabled_by_sentora" &> /dev/null
}
#--- AppArmor must be disabled to avoid problems
if [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
[ -f /etc/init.d/apparmor ]
if [ $? = "0" ]; then
echo -e "\n-- Disabling and removing AppArmor, please wait..."
/etc/init.d/apparmor stop &> /dev/null
update-rc.d -f apparmor remove &> /dev/null
apt-get remove -y --purge apparmor* &> /dev/null
disable_file /etc/init.d/apparmor &> /dev/null
echo -e "AppArmor has been removed."
fi
fi
#--- Adapt repositories and packages sources
echo -e "\n-- Updating repositories and packages sources"
if [[ "$OS" = "CentOs" ]]; then
#EPEL Repo Install
EPEL_BASE_URL="http://dl.fedoraproject.org/pub/epel/$VER/$ARCH";
if [[ "$VER" = "7" ]]; then
EPEL_FILE=$(wget -q -O- "$EPEL_BASE_URL/Packages/e/" | grep -oP '(?<=href=")epel-release.*(?=">)')
wget "$EPEL_BASE_URL/Packages/e/$EPEL_FILE"
elif [[ "$VER" = "8" ]]; then
EPEL_BASE_URL="http://dl.fedoraproject.org/pub/epel/$VER/Everything/$ARCH";
EPEL_FILE=$(wget -q -O- "$EPEL_BASE_URL/Packages/e/" | grep -oP '(?<=href=")epel-release.*(?=">)')
wget "$EPEL_BASE_URL/Packages/e/$EPEL_FILE"
else
EPEL_FILE=$(wget -q -O- "$EPEL_BASE_URL/" | grep -oP '(?<=href=")epel-release.*(?=">)')
wget "$EPEL_BASE_URL/$EPEL_FILE"
fi
$PACKAGE_INSTALLER epel-release*.rpm # CHECK THIS
rm "$EPEL_FILE"
#To fix some problems of compatibility use of mirror centos.org to all users
#Replace all mirrors by base repos to avoid any problems.
sed -i 's|mirrorlist=http://mirrorlist.centos.org|#mirrorlist=http://mirrorlist.centos.org|' "/etc/yum.repos.d/CentOS-Base.repo"
sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://mirror.centos.org|' "/etc/yum.repos.d/CentOS-Base.repo"
#check if the machine and on openvz
if [ -f "/etc/yum.repos.d/vz.repo" ]; then
sed -i "s|mirrorlist=http://vzdownload.swsoft.com/download/mirrors/centos-$VER|baseurl=http://vzdownload.swsoft.com/ez/packages/centos/$VER/$ARCH/os/|" "/etc/yum.repos.d/vz.repo"
sed -i "s|mirrorlist=http://vzdownload.swsoft.com/download/mirrors/updates-released-ce$VER|baseurl=http://vzdownload.swsoft.com/ez/packages/centos/$VER/$ARCH/updates/|" "/etc/yum.repos.d/vz.repo"
fi
#disable deposits that could result in installation errors
disablerepo() {
if [ -f "/etc/yum.repos.d/$1.repo" ]; then
sed -i 's/enabled=1/enabled=0/g' "/etc/yum.repos.d/$1.repo"
fi
}
disablerepo "elrepo"
disablerepo "epel-testing"
disablerepo "remi"
disablerepo "rpmforge"
disablerepo "rpmfusion-free-updates"
disablerepo "rpmfusion-free-updates-testing"
# We need to disable SELinux...
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
# Stop conflicting services and iptables to ensure all services will work
service sendmail stop
chkconfig sendmail off
# disable firewall
if [[ "$VER" = "7" || "$VER" = "8" ]]; then
FIREWALL_SERVICE="firewalld"
else
FIREWALL_SERVICE="iptables"
fi
service "$FIREWALL_SERVICE" save
service "$FIREWALL_SERVICE" stop
chkconfig "$FIREWALL_SERVICE" off
# Removal of conflicting packages prior to Sentora installation.
if (inst bind-chroot) ; then
$PACKAGE_REMOVER bind-chroot
fi
if (inst qpid-cpp-client) ; then
$PACKAGE_REMOVER qpid-cpp-client
fi
elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
# Update the enabled Aptitude repositories
echo -ne "\nUpdating Aptitude Repos: " >/dev/tty
mkdir -p "/etc/apt/sources.list.d.save"
cp -R "/etc/apt/sources.list.d/*" "/etc/apt/sources.list.d.save" &> /dev/null
rm -rf "/etc/apt/sources.list/*"
cp "/etc/apt/sources.list" "/etc/apt/sources.list.save"
if [[ "$VER" = "14.04" || "$VER" = "16.04" || "$VER" = "18.04" || "$VER" = "20.04" ]]; then
cat > /etc/apt/sources.list < /etc/apt/sources.list < /etc/apt/sources.list < /etc/apt/sources.list < /etc/hostname
# In file hosts
sed -i "/127.0.1.1[\t ]*$old_hostname/d" /etc/hosts
sed -i "s|$old_hostname|$PANEL_FQDN|" /etc/hosts
# For current session
hostname "$PANEL_FQDN"
# In network file
if [[ "$OS" = "CentOs" && "$VER" = "6" ]]; then
sed -i "s|^\(HOSTNAME=\).*\$|HOSTNAME=$PANEL_FQDN|" /etc/sysconfig/network
/etc/init.d/network restart
fi
#--- Some functions used many times below
# Random password generator function
passwordgen() {
l=$1
[ "$l" == "" ] && l=16
tr -dc A-Za-z0-9 < /dev/urandom | head -c ${l} | xargs
}
# Add first parameter in hosts file as local IP domain
add_local_domain() {
if ! grep -q "127.0.0.1 $1" /etc/hosts; then
echo "127.0.0.1 $1" >> /etc/hosts;
fi
}
#-----------------------------------------------------------
# Install all softwares and dependencies required by Sentora.
if [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
# Disable the DPKG prompts before we run the software install to enable fully automated install.
export DEBIAN_FRONTEND=noninteractive
fi
#--- MySQL
echo -e "\n-- Installing MySQL"
$PACKAGE_INSTALLER "$DB_PCKG" ######## This isnt right
if [[ "$OS" = "CentOs" ]]; then
######## This isnt right
$PACKAGE_INSTALLER "$DB_PCKG-devel" "$DB_PCKG-server"
MY_CNF_PATH="/etc/my.cnf"
if [[ "$VER" = "7" || "$VER" = "8" ]]; then
DB_SERVICE="mariadb"
else
DB_SERVICE="mysqld"
fi
elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
$PACKAGE_INSTALLER bsdutils libsasl2-modules-sql libsasl2-modules
if [[ "$VER" = "12.04" || "$VER" = "7" ]]; then
$PACKAGE_INSTALLER db4.7-util
fi
MY_CNF_PATH="/etc/mysql/my.cnf"
DB_SERVICE="mysql"
fi
service $DB_SERVICE start
# setup mysql root password only if mysqlpassword is empty
if [ -z "$mysqlpassword" ]; then
mysqlpassword=$(passwordgen);
if [[ "$OS" = "CentOs" ]]; then
if [[ "$VER" = "8" ]]; then
#mysql -u root -e "UPDATE mysql.user SET plugin = 'mysql_native_password', authentication_string = PASSWORD('$mysqlpassword') WHERE User = 'root' AND Host = 'localhost'";
# MariaDB 10.0 or >
mysql -u root -e "ALTER USER root@localhost IDENTIFIED VIA mysql_native_password";
mysql -u root -e "SET PASSWORD = PASSWORD('$mysqlpassword')";
else
# Mysql 5.6 or below
mysqladmin -u root password "$mysqlpassword"
fi
elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
# Ubuntu 16.04-20.04 w/Mysql 5.7
if [[ "$VER" = "16.04" || "$VER" = "18.04" ]]; then
# Mysql 8.0 or <
mysql -u root -e "UPDATE mysql.user SET plugin = 'mysql_native_password', authentication_string = PASSWORD('$mysqlpassword') WHERE User = 'root' AND Host = 'localhost'";
elif [[ "$VER" = "20.04" ]]; then
# Mysql 8.0
mysql -u root -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '$mysqlpassword';";
fi
fi
fi
# small cleaning of mysql access
mysql -u root -p"$mysqlpassword" -e "DELETE FROM mysql.user WHERE User='root' AND Host != 'localhost'";
mysql -u root -p"$mysqlpassword" -e "DELETE FROM mysql.user WHERE User=''";
mysql -u root -p"$mysqlpassword" -e "FLUSH PRIVILEGES";
# remove test table that is no longer used
mysql -u root -p"$mysqlpassword" -e "DROP DATABASE IF EXISTS test";
# secure SELECT "hacker-code" INTO OUTFILE
sed -i "s|\[mysqld\]|&\nsecure-file-priv = /var/tmp|" $MY_CNF_PATH
# setup sentora access and core database
if [ $PANEL_UPGRADE == true ]; then
mysql -u root -p"$mysqlpassword" < $PANEL_CONF/sentora-update/zpanel/sql/update-structure.sql
mysql -u root -p"$mysqlpassword" < $PANEL_CONF/sentora-update/zpanel/sql/update-data.sql
mysqldump -u root -p"$mysqlpassword" zpanel_core | mysql -u root -p"$mysqlpassword" -D sentora_core
mysqldump -u root -p"$mysqlpassword" zpanel_postfix | mysql -u root -p"$mysqlpassword" -D sentora_postfix
mysqldump -u root -p"$mysqlpassword" zpanel_proftpd | mysql -u root -p"$mysqlpassword" -D sentora_proftpd
mysqldump -u root -p"$mysqlpassword" zpanel_roundcube | mysql -u root -p"$mysqlpassword" -D sentora_roundcube
sed -i "s|zpanel_core|sentora_core|" $PANEL_PATH/panel/cnf/db.php
else
sed -i "s|YOUR_ROOT_MYSQL_PASSWORD|$mysqlpassword|" $PANEL_PATH/panel/cnf/db.php
mysql -u root -p"$mysqlpassword" < $PANEL_CONF/sentora-install/sql/sentora_core.sql
fi
# Register mysql/mariadb service for autostart
if [[ "$OS" = "CentOs" ]]; then
if [[ "$VER" == "7" || "$VER" == "8" ]]; then
systemctl enable "$DB_SERVICE".service
else
chkconfig "$DB_SERVICE" on
fi
fi
# NEED TO FIX UBUNTU 16.04 SETTING MYSQL-BIND option TO SERVER IP (127.0.0.1) NOT LOCALHOST
if [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
sed -i "s|bind-address = .*|bind-address = 127.0.0.1|" /etc/mysql/mysql.conf.d/mysqld.cnf
fi
#--- Postfix
echo -e "\n-- Installing Postfix"
if [[ "$OS" = "CentOs" ]]; then
$PACKAGE_INSTALLER postfix postfix-perl-scripts
USR_LIB_PATH="/usr/libexec"
elif [[ "$OS" = "Ubuntu" ]]; then
$PACKAGE_INSTALLER postfix postfix-mysql
USR_LIB_PATH="/usr/lib"
fi
postfixpassword=$(passwordgen);
if [ $PANEL_UPGRADE == false ]; then
mysql -u root -p"$mysqlpassword" < $PANEL_CONF/sentora-install/sql/sentora_postfix.sql
fi
# OLD
## grant will also create users which don't exist and update existing users with password ##
##mysql -u root -p"$mysqlpassword" -e "GRANT ALL ON sentora_postfix .* TO 'postfix'@'localhost' identified by '$postfixpassword';";
# Add User for Postfix DB
mysql -u root -p"$mysqlpassword" -e "CREATE USER postfix@localhost IDENTIFIED BY '$postfixpassword';";
# Grant ALL PRIVILEGES to Postfix User
mysql -u root -p"$mysqlpassword" -e "GRANT ALL PRIVILEGES ON sentora_postfix .* TO 'postfix'@'localhost';";
mkdir $PANEL_DATA/vmail
useradd -r -g mail -d $PANEL_DATA/vmail -s /sbin/nologin -c "Virtual maildir" vmail
chown -R vmail:mail $PANEL_DATA/vmail
chmod -R 770 $PANEL_DATA/vmail
mkdir -p /var/spool/vacation
useradd -r -d /var/spool/vacation -s /sbin/nologin -c "Virtual vacation" vacation
chown -R vacation:vacation /var/spool/vacation
chmod -R 770 /var/spool/vacation
#Removed optional transport that was leaved empty, until it is fully handled.
#ln -s $PANEL_CONF/postfix/transport /etc/postfix/transport
#postmap /etc/postfix/transport
add_local_domain "$PANEL_FQDN"
add_local_domain "autoreply.$PANEL_FQDN"
rm -rf /etc/postfix/main.cf /etc/postfix/master.cf
ln -s $PANEL_CONF/postfix/master.cf /etc/postfix/master.cf
ln -s $PANEL_CONF/postfix/main.cf /etc/postfix/main.cf
ln -s $PANEL_CONF/postfix/vacation.pl /var/spool/vacation/vacation.pl
sed -i "s|!POSTFIX_PASSWORD!|$postfixpassword|" $PANEL_CONF/postfix/*.cf
sed -i "s|!POSTFIX_PASSWORD!|$postfixpassword|" $PANEL_CONF/postfix/vacation.conf
sed -i "s|!PANEL_FQDN!|$PANEL_FQDN|" $PANEL_CONF/postfix/main.cf
sed -i "s|!USR_LIB!|$USR_LIB_PATH|" $PANEL_CONF/postfix/master.cf
sed -i "s|!USR_LIB!|$USR_LIB_PATH|" $PANEL_CONF/postfix/main.cf
sed -i "s|!SERVER_IP!|$PUBLIC_IP|" $PANEL_CONF/postfix/main.cf
VMAIL_UID=$(id -u vmail)
MAIL_GID=$(sed -nr "s/^mail:x:([0-9]+):.*/\1/p" /etc/group)
sed -i "s|!POS_UID!|$VMAIL_UID|" $PANEL_CONF/postfix/main.cf
sed -i "s|!POS_GID!|$MAIL_GID|" $PANEL_CONF/postfix/main.cf
# remove unusued directives that issue warnings
sed -i '/virtual_mailbox_limit_maps/d' $PANEL_CONF/postfix/main.cf
sed -i '/smtpd_bind_address/d' $PANEL_CONF/postfix/master.cf
# Register postfix service for autostart (it is automatically started)
if [[ "$OS" = "CentOs" ]]; then
if [[ "$VER" == "7" || "$VER" == "8" ]]; then
systemctl enable postfix.service
# systemctl start postfix.service
else
chkconfig postfix on
# /etc/init.d/postfix start
fi
fi
# Edit deamon_directory in postfix main.cf to fix startup issue.
if [[ "$OS" = "Ubuntu" ]]; then
if [[ "$VER" = "16.04" || "$VER" = "18.04" || "$VER" = "20.04" ]]; then
sed -i "s|daemon_directory = /usr/lib/postfix|daemon_directory = /usr/lib/postfix/sbin|" $PANEL_CONF/postfix/main.cf
fi
fi
#--- Dovecot (includes Sieve)
echo -e "\n-- Installing Dovecot"
if [[ "$OS" = "CentOs" ]]; then
$PACKAGE_INSTALLER dovecot dovecot-mysql dovecot-pigeonhole
sed -i "s|#first_valid_uid = ?|first_valid_uid = $VMAIL_UID\n#last_valid_uid = $VMAIL_UID\n\nfirst_valid_gid = $MAIL_GID\n#last_valid_gid = $MAIL_GID|" $PANEL_CONF/dovecot2/dovecot.conf
elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
$PACKAGE_INSTALLER dovecot-mysql dovecot-imapd dovecot-pop3d dovecot-common dovecot-managesieved dovecot-lmtpd
sed -i "s|#first_valid_uid = ?|first_valid_uid = $VMAIL_UID\nlast_valid_uid = $VMAIL_UID\n\nfirst_valid_gid = $MAIL_GID\nlast_valid_gid = $MAIL_GID|" $PANEL_CONF/dovecot2/dovecot.conf
fi
mkdir -p $PANEL_DATA/sieve
chown -R vmail:mail $PANEL_DATA/sieve
mkdir -p /var/lib/dovecot/sieve/
touch /var/lib/dovecot/sieve/default.sieve
ln -s $PANEL_CONF/dovecot2/globalfilter.sieve $PANEL_DATA/sieve/globalfilter.sieve
rm -rf /etc/dovecot/dovecot.conf
ln -s $PANEL_CONF/dovecot2/dovecot.conf /etc/dovecot/dovecot.conf
sed -i "s|!POSTMASTER_EMAIL!|postmaster@$PANEL_FQDN|" $PANEL_CONF/dovecot2/dovecot.conf
sed -i "s|!POSTFIX_PASSWORD!|$postfixpassword|" $PANEL_CONF/dovecot2/dovecot-dict-quota.conf
sed -i "s|!POSTFIX_PASSWORD!|$postfixpassword|" $PANEL_CONF/dovecot2/dovecot-mysql.conf
sed -i "s|!DOV_UID!|$VMAIL_UID|" $PANEL_CONF/dovecot2/dovecot-mysql.conf
sed -i "s|!DOV_GID!|$MAIL_GID|" $PANEL_CONF/dovecot2/dovecot-mysql.conf
touch /var/log/dovecot.log /var/log/dovecot-info.log /var/log/dovecot-debug.log
chown vmail:mail /var/log/dovecot*
chmod 660 /var/log/dovecot*
# Register dovecot service for autostart and start it
if [[ "$OS" = "CentOs" ]]; then
if [[ "$VER" == "7" || "$VER" == "8" ]]; then
systemctl enable dovecot.service
systemctl start dovecot.service
else
chkconfig dovecot on
/etc/init.d/dovecot start
fi
fi
#--- Spamassassin - IN THE WORKS!!!
#--- Apache server
echo -e "\n-- Installing and configuring Apache"
$PACKAGE_INSTALLER "$HTTP_PCKG"
if [[ "$OS" = "CentOs" ]]; then
$PACKAGE_INSTALLER "$HTTP_PCKG-devel"
HTTP_CONF_PATH="/etc/httpd/conf/httpd.conf"
HTTP_VARS_PATH="/etc/sysconfig/httpd"
HTTP_SERVICE="httpd"
HTTP_USER="apache"
HTTP_GROUP="apache"
if [[ "$VER" = "7" ]]; then
# Disable extra modules in centos 7
disable_file /etc/httpd/conf.modules.d/01-cgi.conf
disable_file /etc/httpd/conf.modules.d/00-lua.conf
disable_file /etc/httpd/conf.modules.d/00-dav.conf
else
disable_file /etc/httpd/conf.d/welcome.conf
disable_file /etc/httpd/conf.d/webalizer.conf
# Disable more extra modules in centos 6.x /etc/httpd/httpd.conf dav/ldap/cgi/proxy_ajp
sed -i "s|LoadModule suexec_module modules|#LoadModule suexec_module modules|" "$HTTP_CONF_PATH"
sed -i "s|LoadModule cgi_module modules|#LoadModule cgi_module modules|" "$HTTP_CONF_PATH"
sed -i "s|LoadModule dav_module modules|#LoadModule dav_module modules|" "$HTTP_CONF_PATH"
sed -i "s|LoadModule dav_fs_module modules|#LoadModule dav_fs_module modules|" "$HTTP_CONF_PATH"
sed -i "s|LoadModule proxy_ajp_module modules|#LoadModule proxy_ajp_module modules|" "$HTTP_CONF_PATH"
fi
elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
$PACKAGE_INSTALLER libapache2-mod-bw
HTTP_CONF_PATH="/etc/apache2/apache2.conf"
HTTP_VARS_PATH="/etc/apache2/envvars"
HTTP_SERVICE="apache2"
HTTP_USER="www-data"
HTTP_GROUP="www-data"
a2enmod rewrite
fi
if ! grep -q "Include $PANEL_CONF/apache/httpd.conf" "$HTTP_CONF_PATH"; then
echo "Include $PANEL_CONF/apache/httpd.conf" >> "$HTTP_CONF_PATH";
## Remove old include
if [ $PANEL_UPGRADE == true ]; then
sed -i "s|Include /etc/zpanel/configs/apache/httpd.conf||" "$HTTP_CONF_PATH";
fi
fi
add_local_domain "$(hostname)"
if ! grep -q "apache ALL=NOPASSWD: $PANEL_PATH/panel/bin/zsudo" /etc/sudoers; then
echo "apache ALL=NOPASSWD: $PANEL_PATH/panel/bin/zsudo" >> /etc/sudoers;
fi
# Create root directory for public HTTP docs
mkdir -p $PANEL_DATA/hostdata/zadmin/public_html
chown -R $HTTP_USER:$HTTP_GROUP $PANEL_DATA/hostdata/
chmod -R 770 $PANEL_DATA/hostdata/
mysql -u root -p"$mysqlpassword" -e "UPDATE sentora_core.x_settings SET so_value_tx='$HTTP_SERVICE' WHERE so_name_vc='httpd_exe'"
mysql -u root -p"$mysqlpassword" -e "UPDATE sentora_core.x_settings SET so_value_tx='$HTTP_SERVICE' WHERE so_name_vc='apache_sn'"
#Set keepalive on (default is off)
sed -i "s|KeepAlive Off|KeepAlive On|" "$HTTP_CONF_PATH"
# Permissions fix for Apache and ProFTPD (to enable them to play nicely together!)
if ! grep -q "umask 002" "$HTTP_VARS_PATH"; then
echo "umask 002" >> "$HTTP_VARS_PATH";
fi
# remove default virtual site to ensure Sentora is the default vhost
if [[ "$OS" = "CentOs" ]]; then
sed -i "s|DocumentRoot \"/var/www/html\"|DocumentRoot $PANEL_PATH/panel|" "$HTTP_CONF_PATH"
elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
# disable completely sites-enabled/000-default.conf
if [[ "$VER" = "14.04" || "$VER" = "16.04" || "$VER" = "18.04" || "$VER" = "20.04" || "$VER" = "8" ]]; then
sed -i "s|IncludeOptional sites-enabled|#&|" "$HTTP_CONF_PATH"
else
sed -i "s|Include sites-enabled|#&|" "$HTTP_CONF_PATH"
fi
fi
# Comment "NameVirtualHost" and Listen directives that are handled in vhosts file
if [[ "$OS" = "CentOs" ]]; then
sed -i "s|^\(NameVirtualHost .*$\)|#\1\n# NameVirtualHost is now handled in Sentora vhosts file|" "$HTTP_CONF_PATH"
sed -i 's|^\(Listen .*$\)|#\1\n# Listen is now handled in Sentora vhosts file|' "$HTTP_CONF_PATH"
elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
sed -i "s|\(Include ports.conf\)|#\1\n# Ports are now handled in Sentora vhosts file|" "$HTTP_CONF_PATH"
disable_file /etc/apache2/ports.conf
fi
# adjustments for apache 2.4
if [[ ("$OS" = "CentOs" && "$VER" = "7") ||
("$OS" = "Ubuntu" && "$VER" = "16.04" || "$VER" = "18.04" || "$VER" = "20.04") ||
("$OS" = "debian" && "$VER" = "8") ]] ; then
# Order deny,allow / Deny from all -> Require all denied
sed -i 's|Order deny,allow|Require all denied|I' $PANEL_CONF/apache/httpd.conf
sed -i '/Deny from all/d' $PANEL_CONF/apache/httpd.conf
# Order allow,deny / Allow from all -> Require all granted
sed -i 's|Order allow,deny|Require all granted|I' $PANEL_CONF/apache/httpd-vhosts.conf
sed -i '/Allow from all/d' $PANEL_CONF/apache/httpd-vhosts.conf
sed -i 's|Order allow,deny|Require all granted|I' $PANEL_PATH/panel/modules/apache_admin/hooks/OnDaemonRun.hook.php
sed -i '/Allow from all/d' $PANEL_PATH/panel/modules/apache_admin/hooks/OnDaemonRun.hook.php
# Remove NameVirtualHost that is now without effect and generate warning
sed -i '/NameVirtualHost/{N;d}' $PANEL_CONF/apache/httpd-vhosts.conf
sed -i '/# NameVirtualHost is/ {N;N;N;N;N;d}' $PANEL_PATH/panel/modules/apache_admin/hooks/OnDaemonRun.hook.php
# Options must have ALL (or none) +/- prefix, disable listing directories
sed -i 's| FollowSymLinks [-]Indexes| +FollowSymLinks -Indexes|' $PANEL_PATH/panel/modules/apache_admin/hooks/OnDaemonRun.hook.php
fi
#--- Apache+Mod_SSL
if [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
if [[ "$VER" = "16.04" || "$VER" = "18.04" || "$VER" = "20.04" || "$VER" = "8" ]]; then
# Install Mod_ssl & openssl
#$PACKAGE_INSTALLER mod_ssl
$PACKAGE_INSTALLER openssl
# Activate mod_ssl
a2enmod ssl
fi
elif [[ "$OS" = "CentOs" ]]; then
if [[ "$VER" = "7" || "$VER" = "8" ]]; then
# Install Mod_ssl & openssl
$PACKAGE_INSTALLER mod_ssl
$PACKAGE_INSTALLER openssl
# Disable/Comment out Listen 443
sed -i 's|Listen 443 https|#Listen 443 https|g' /etc/httpd/conf.d/ssl.conf
fi
fi
#--- PHP
echo -e "\n-- Installing and configuring PHP"
if [[ $1 = PHP* ]]; then
if [[ $1 = "PHP73" ]]; then
echo -e "\n-Installing PHP 7.3..."
# Install PHP 7.3 version
# Start PHP 7.3 & tools install here
# Install PHP 7.3 & Repos
if [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
if [[ "$VER" = "14.04" || "$VER" = "8" ]]; then
$PACKAGE_INSTALLER libapache2-mod-php5 php5-common php5-cli php5-mysql php5-gd php5-mcrypt php5-curl php-pear php5-imap php5-xmlrpc php5-xsl php5-intl
elif [[ "$VER" = "16.04" || "$VER" = "18.04" || "$VER" = "20.04" ]]; then
# Install PHP 7.3 Repos & enable
$PACKAGE_INSTALLER software-properties-common
add-apt-repository -y ppa:ondrej/apache2
add-apt-repository -y ppa:ondrej/php
apt-get -yqq update
#apt-get -yqq upgrade
# Remove and purge installed PHP 7.0
$PACKAGE_REMOVER php7.*
apt-get purge php7.*
# Install PHP 7.3 and install modules
$PACKAGE_INSTALLER install php7.3 php7.3-common
$PACKAGE_INSTALLER php7.3-mysql php7.3-mbstring
$PACKAGE_INSTALLER php7.3-zip php7.3-xml php7.3-gd
$PACKAGE_INSTALLER php7.0-dev libapache2-mod-php7.3
$PACKAGE_INSTALLER php7.3-dev
$PACKAGE_INSTALLER php7.3-curl
# PHP Mcrypt 1.0.2 install
if [ ! -f /etc/php/7.3/apache2/conf.d/20-mcrypt.ini ]
then
echo -e "\nInstalling php mcrypt 1.0.2"
$PACKAGE_INSTALLER gcc make autoconf libc-dev pkg-config
$PACKAGE_INSTALLER libmcrypt-dev
echo '' | sudo pecl install mcrypt-1.0.2
bash -c "echo extension=mcrypt.so > /etc/php/7.3/mods-available/mcrypt.ini"
ln -s /etc/php/7.3/mods-available/mcrypt.ini /etc/php/7.3/apache2/conf.d/20-mcrypt.ini
fi
# Set PHP 7.3 as system default in case upgrade to PHP 7.4+
update-alternatives --set php /usr/bin/php7.3
# Enable Apache mod_php7.3
a2enmod php7.3
# elif [[ "$VER" = "8" || "$VER" = "9" ]]; then
# Adding Support Soon!!!
# Enter code here
fi
PHP_INI_PATH="/etc/php/7.3/apache2/php.ini"
elif [[ "$OS" = "CentOs" ]]; then
if [[ "$VER" = "7" ]]; then
# Clean & clear cache
yum clean all
rm -rf /var/cache/yum/*
# Install PHP 7.3 Repos & enable
$PACKAGE_INSTALLER yum-utils
$PACKAGE_INSTALLER epel-release
$PACKAGE_INSTALLER http://rpms.remirepo.net/enterprise/remi-release-7.rpm
# Install PHP 7.3 and install modules
#yum -y install httpd mod_ssl php php-zip php-fpm php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-pecl-apc php-mbstring php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel mod_fcgid php-cli httpd-devel php-intl php-imagick php-pspell wget
yum -y --enablerepo=remi-php73 install php php-devel php-gd php-mcrypt php-mysql php-xml php-xmlrpc php-zip
elif [[ "$VER" = "8" ]]; then
# Install PHP 7.3 Repos & enable
rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
$PACKAGE_INSTALLER https://rpms.remirepo.net/enterprise/remi-release-8.rpm
dnf module enable php:remi-7.3 -y
# Enable powertools for PHP-DEVEL
dnf config-manager --set-enabled PowerTools
# Install PHP 7.3
$PACKAGE_INSTALLER php php-devel php-cli php-common
# Install PHP 7.3 and install modules
#dnf install -y php-dom php-simplexml php-ssh2 php-xml php-xmlreader php-curl php-date php-exif php-filter php-ftp php-gd php-hash php-iconv php-json php-libxml php-pecl-imagick php-mbstring php-mysqlnd php-openssl php-pcre php-posix php-sockets php-spl php-tokenizer php-zlib
$PACKAGE_INSTALLER php-curl php-date php-gd php-json php-mbstring php-mcrypt php-mysqlnd php-xml php-xmlreader php-zlib php-zip
# Disable PHP-FPM
systemctl disable php-fpm
# Enable Mod_php & Prefork for Apache/PHP 7.3
sed -i 's|#LoadModule mpm_prefork_module|LoadModule mpm_prefork_module|g' /etc/httpd/conf.modules.d/00-mpm.conf
sed -i 's|LoadModule mpm_event_module|#LoadModule mpm_event_module|g' /etc/httpd/conf.modules.d/00-mpm.conf
fi
PHP_INI_PATH="/etc/php.ini"
fi
elif [[ $1 = PHP7* ]]; then
# Display not supported for the rest
echo -e "\n$1 is not supported..."
fi
else
echo -e "\n-Installing OS Default PHP version..."
# Install OS Default PHP version
if [[ "$OS" = "CentOs" ]]; then
if [[ "$VER" = "7" ]]; then
## Start PHP 7.x install here
yum clean all
rm -rf /var/cache/yum/*
$PACKAGE_INSTALLER yum-utils
$PACKAGE_INSTALLER epel-release
$PACKAGE_INSTALLER http://rpms.remirepo.net/enterprise/remi-release-7.rpm
## Install PHP 7.3 and update modules
##yum -y install httpd mod_ssl php php-zip php-fpm php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-pecl-apc php-mbstring php-mcrypt php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel mod_fcgid php-cli httpd-devel php-intl php-imagick php-pspell wget
yum -y --enablerepo=remi-php73 install php php-devel php-gd php-mcrypt php-mysql php-xml php-xmlrpc php-zip
elif [[ "$VER" = "8" ]]; then
$PACKAGE_INSTALLER php php-devel php-bcmath php-gd php-json php-mbstring php-intl php-mysqlnd php-pear php-xml php-xmlrpc php-zip
# Get mcrypt files
echo -e "\n--- Getting PHP-mcrypt files..."
$PACKAGE_INSTALLER libmcrypt-devel libmcrypt #Epel packages
# Install php-imap
echo -e "\n--- Installing PHP-imap..."
wget https://rpms.remirepo.net/temp/epel-8-php-7.2/php-imap-7.2.24-1.epel8.7.2.x86_64.rpm
$PACKAGE_INSTALLER php-imap-7.2.24-1.epel8.7.2.x86_64.rpm
#rm -r php-imap-7.2.24-1.epel8.7.2.x86_64.rpm
# Enable Mod_php & Prefork for Apache/PHP 7.3
sed -i 's|#LoadModule mpm_prefork_module|LoadModule mpm_prefork_module|g' /etc/httpd/conf.modules.d/00-mpm.conf
sed -i 's|LoadModule mpm_event_module|#LoadModule mpm_event_module|g' /etc/httpd/conf.modules.d/00-mpm.conf
# Install php-imagick
# NEED TO ADD CODE SOON! Missing from os php repos
fi
PHP_INI_PATH="/etc/php.ini"
elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
if [[ "$VER" = "14.04" || "$VER" = "8" ]]; then # CHECK NEED TO ADD OTHER OS VERSIONS
$PACKAGE_INSTALLER libapache2-mod-php5 php5-common php5-cli php5-mysql php5-gd php5-mcrypt php5-curl php-pear php5-imap php5-xmlrpc php5-xsl php5-intl
elif [[ "$VER" = "16.04" || "$VER" = "18.04" || "$VER" = "20.04" ]]; then
$PACKAGE_INSTALLER libapache2-mod-php php-common php-bcmath php-cli php-mysql php-gd php-curl php-pear php-imagick php-imap php-xmlrpc php-xsl php-intl php-mbstring php-dev php-zip
# Get PHP mcrypt files
if [[ "$VER" = "16.04" ]]; then
$PACKAGE_INSTALLER php-mcrypt
else
# Prepare PHP-mcrypt files
$PACKAGE_INSTALLER -y build-essential
# Download needed files
$PACKAGE_INSTALLER libmcrypt-dev
fi
fi
# Set PHP.ini path
if [[ "$VER" = "16.04" ]]; then
PHP_INI_PATH="/etc/php/7.0/apache2/php.ini"
elif [[ "$VER" = "18.04" ]]; then
PHP_INI_PATH="/etc/php/7.2/apache2/php.ini"
elif [[ "$VER" = "20.04" ]]; then
PHP_INI_PATH="/etc/php/7.4/apache2/php.ini"
fi
fi
if [[ "$OS" = "CentOs" && ("$VER" = "8" ) ||
"$OS" = "Ubuntu" && ("$VER" = "18.04" || "$VER" = "20.04" ) ]] ; then
# PHP-mcrypt install code all OS - Check this!!!!!!
# Update Pecl Channels
echo -e "\n--- Updating PECL Channels..."
pecl channel-update pecl.php.net
pecl update-channels
if [[ "$VER" = "20.04" ]]; then
# Make pear cache folder to stop error "Trying to access array offset on value of type bool in PEAR/REST.php on line 187"
mkdir -p /tmp/pear/cache
fi
# Install PHP-Mcrypt
echo -e "\n--- Installing PHP-mcrypt..."
echo -ne '\n' | sudo pecl install mcrypt
fi
# Setup PHP mcrypt config files by OS
if [[ "$OS" = "CentOs" ]]; then
if [[ "$VER" = "8" ]]; then
# Set mcrypt files
touch /etc/php.d/20-mcrypt.ini
echo 'extension=mcrypt.so' >> /etc/php.d/20-mcrypt.ini
# Create links to activate PHP-mcrypt
#ln -s /etc/php/7.2/mods-available/mcrypt.ini /etc/php/7.2/apache2/conf.d/20-mcrypt.ini
#ln -s /etc/php/7.2/mods-available/mcrypt.ini /etc/php/7.2/cli/conf.d/20-mcrypt.ini
fi
elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
if [[ "$VER" = "18.04" ]]; then
# Create php-mcrypt modules file
touch /etc/php/7.2/mods-available/mcrypt.ini
echo 'extension=mcrypt.so' >> /etc/php/7.2/mods-available/mcrypt.ini
# Create links to activate PHP-mcrypt
ln -s /etc/php/7.2/mods-available/mcrypt.ini /etc/php/7.2/apache2/conf.d/20-mcrypt.ini
ln -s /etc/php/7.2/mods-available/mcrypt.ini /etc/php/7.2/cli/conf.d/20-mcrypt.ini
elif [[ "$VER" = "20.04" ]]; then
# Create php-mcrypt modules file
touch /etc/php/7.4/mods-available/mcrypt.ini
echo 'extension=mcrypt.so' >> /etc/php/7.4/mods-available/mcrypt.ini
# Create links to activate PHP-mcrypt
ln -s /etc/php/7.4/mods-available/mcrypt.ini /etc/php/7.4/apache2/conf.d/20-mcrypt.ini
ln -s /etc/php/7.4/mods-available/mcrypt.ini /etc/php/7.4/cli/conf.d/20-mcrypt.ini
fi
fi
fi
# Set PHP Memory limit
echo -e "\n-- Setting PHP memory limit to 256MB..."
sed -i "s|memory_limit = .*|memory_limit = 256M|g" $PHP_INI_PATH
# Setup php upload dir
mkdir -p $PANEL_DATA/temp
chmod 1777 $PANEL_DATA/temp/
chown -R $HTTP_USER:$HTTP_GROUP $PANEL_DATA/temp/
# Setup php session save directory
mkdir "$PANEL_DATA/sessions"
chown $HTTP_USER:$HTTP_GROUP "$PANEL_DATA/sessions"
chmod 733 "$PANEL_DATA/sessions"
chmod +t "$PANEL_DATA/sessions"
if [[ "$OS" = "CentOs" ]]; then
# Remove session & php values from apache that cause override
sed -i '/php_value/d' /etc/httpd/conf.d/php.conf
elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
sed -i "s|;session.save_path = .*|session.save_path = \"$PANEL_DATA/sessions\"|g" $PHP_INI_PATH
fi
sed -i "/php_value/d" $PHP_INI_PATH
echo "session.save_path = $PANEL_DATA/sessions;" >> $PHP_INI_PATH
# setup timezone and upload temp dir
sed -i "s|;date.timezone =|date.timezone = $tz|g" $PHP_INI_PATH
sed -i "s|;upload_tmp_dir =|upload_tmp_dir = $PANEL_DATA/temp/|g" $PHP_INI_PATH
# Disable php signature in headers to hide it from hackers
sed -i 's|expose_php = On|expose_php = Off|g' $PHP_INI_PATH
#########################################################################################
if [[ "$VER" = "16.04" || "$VER" = "18.04" || "$VER" = "20.04" || "$VER" = "7" || "$VER" = "8" ]]; then
##### Check php 7.x was installed or quit installer.
PHPVERFULL=$(php -r 'echo phpversion();')
PHPVER=${PHPVERFULL:0:3} # return 5.x or 7.x
echo -e "\nDetected PHP: $PHPVER "
if [[ "$PHPVER" == 7.* ]]; then
echo -e "\nPHP $PHPVER installed. Procced installing ..."
else
echo -e "\nPHP 7.x not installed. $PHPVER installed. Exiting installer. Please contact script admin"
exit 1
fi
# -------------------------------------------------------------------------------
# Start Snuffleupagus install with lastest version Below
# -------------------------------------------------------------------------------
echo -e "\n-- Installing and configuring Snuffleupagus..."
# Install Snuffleupagus
# Install git
$PACKAGE_INSTALLER git
#setup PHP_PERDIR in Snuffleupagus.c in src
mkdir -p /etc/snuffleupagus
cd /etc || exit
# Clone Snuffleupagus
git clone https://github.com/jvoisin/snuffleupagus
cd /etc/snuffleupagus/src || exit
sed -i 's|PHP_INI_SYSTEM|PHP_INI_PERDIR|g' snuffleupagus.c
# Update PCRE for CentOs 8 - Fix issue with building Snuffleupagus
if [[ "$OS" = "CentOs" && ( "$VER" = "8" ) ]]; then
$PACKAGE_INSTALLER pcre-devel
elif [[ "$OS" = "Ubuntu" && ( "$VER" = "20.04" ) ]]; then
$PACKAGE_INSTALLER libpcre3 libpcre3-dev
fi
# Build Snuffleupagus
phpize
./configure --enable-snuffleupagus
make clean
make
make install
cd ~ || exit
if [[ "$OS" = "CentOs" && ( "$VER" = "7" || "$VER" = "8" ) ]]; then
# Enable snuffleupagus in PHP.ini
echo -e "\nUpdating CentOS PHP.ini Enable snuffleupagus..."
echo "extension=snuffleupagus.so" >> /etc/php.d/20-snuffleupagus.ini
echo "sp.configuration_file=/etc/sentora/configs/php/sp/snuffleupagus.rules" >> /etc/php.d/20-snuffleupagus.ini
elif [[ "$OS" = "Ubuntu" && ( "$VER" = "16.04" || "$VER" = "18.04" || "$VER" = "20.04") ]]; then
# Enable snuffleupagus in PHP.ini
echo -e "\nUpdating Ubuntu PHP.ini Enable snuffleupagus..."
echo "extension=snuffleupagus.so" >> /etc/php/"$PHPVER"/mods-available/snuffleupagus.ini
echo "sp.configuration_file=/etc/sentora/configs/php/sp/snuffleupagus.rules" >> /etc/php/"$PHPVER"/mods-available/snuffleupagus.ini
ln -s /etc/php/"$PHPVER"/mods-available/snuffleupagus.ini /etc/php/"$PHPVER"/apache2/conf.d/20-snuffleupagus.ini
fi
fi
# Register apache(+php) service for autostart and start it
if [[ "$OS" = "CentOs" ]]; then
if [[ "$VER" == "7" || "$VER" == "8" ]]; then
systemctl enable "$HTTP_SERVICE.service"
systemctl start "$HTTP_SERVICE.service"
else
chkconfig "$HTTP_SERVICE" on
"/etc/init.d/$HTTP_SERVICE" start
fi
fi
#--- ProFTPd
echo -e "\n-- Installing ProFTPD"
if [[ "$OS" = "CentOs" ]]; then
$PACKAGE_INSTALLER proftpd proftpd-mysql
FTP_CONF_PATH='/etc/proftpd.conf'
sed -i "s|nogroup|nobody|" $PANEL_CONF/proftpd/proftpd-mysql.conf
elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
$PACKAGE_INSTALLER proftpd-mod-mysql
FTP_CONF_PATH='/etc/proftpd/proftpd.conf'
fi
# Create and init proftpd database
if [ $PANEL_UPGRADE == false ]; then
mysql -u root -p"$mysqlpassword" < $PANEL_CONF/sentora-install/sql/sentora_proftpd.sql
fi
# Create and configure mysql password for proftpd
proftpdpassword=$(passwordgen);
sed -i "s|!SQL_PASSWORD!|$proftpdpassword|" $PANEL_CONF/proftpd/proftpd-mysql.conf
# OLD
#mysql -u root -p"$mysqlpassword" -e "GRANT ALL ON sentora_proftpd .* TO 'proftpd'@'localhost' identified by '$proftpdpassword';";
# Add User for Proftpd DB
mysql -u root -p"$mysqlpassword" -e "CREATE USER proftpd@localhost IDENTIFIED BY '$proftpdpassword';";
# Grant ALL PRIVILEGES to Proftpd User
mysql -u root -p"$mysqlpassword" -e "GRANT ALL PRIVILEGES ON sentora_proftpd .* TO 'proftpd'@'localhost';";
# Assign httpd user and group to all users that will be created
HTTP_UID=$(id -u "$HTTP_USER")
HTTP_GID=$(sed -nr "s/^$HTTP_GROUP:x:([0-9]+):.*/\1/p" /etc/group)
mysql -u root -p"$mysqlpassword" -e "ALTER TABLE sentora_proftpd.ftpuser ALTER COLUMN uid SET DEFAULT $HTTP_UID"
mysql -u root -p"$mysqlpassword" -e "ALTER TABLE sentora_proftpd.ftpuser ALTER COLUMN gid SET DEFAULT $HTTP_GID"
sed -i "s|!SQL_MIN_ID!|$HTTP_UID|" $PANEL_CONF/proftpd/proftpd-mysql.conf
# Setup proftpd base file to call sentora config
rm -f "$FTP_CONF_PATH"
#touch "$FTP_CONF_PATH"
#echo "include $PANEL_CONF/proftpd/proftpd-mysql.conf" >> "$FTP_CONF_PATH";
ln -s "$PANEL_CONF/proftpd/proftpd-mysql.conf" "$FTP_CONF_PATH"
# setup proftpd log dir
mkdir -p $PANEL_DATA/logs/proftpd
chmod -R 644 $PANEL_DATA/logs/proftpd
# Correct bug from package in Ubutu14.04 which screw service proftpd restart
# see https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/1246245
if [[ "$OS" = "Ubuntu" && ( "$VER" = "14.04" || "$VER" = "16.04" || "$VER" = "20.04" ) ]]; then
sed -i "s|\([ \t]*start-stop-daemon --stop --signal $SIGNAL \)\(--quiet --pidfile \"$PIDFILE\"\)$|\1--retry 1 \2|" /etc/init.d/proftpd
fi
# Register proftpd service for autostart and start it
if [[ "$OS" = "CentOs" ]]; then
if [[ "$VER" == "7" || "$VER" == "8" ]]; then
systemctl enable proftpd.service
systemctl start proftpd.service
else
chkconfig proftpd on
/etc/init.d/proftpd start
fi
fi
#--- BIND
echo -e "\n-- Installing and configuring Bind"
if [[ "$OS" = "CentOs" ]]; then
$PACKAGE_INSTALLER bind bind-utils bind-libs
BIND_PATH="/etc/named/"
BIND_FILES="/etc"
BIND_SERVICE="named"
BIND_USER="named"
elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
$PACKAGE_INSTALLER bind9 bind9utils
BIND_PATH="/etc/bind/"
BIND_FILES="/etc/bind"
BIND_SERVICE="bind9"
BIND_USER="bind"
mysql -u root -p"$mysqlpassword" -e "UPDATE sentora_core.x_settings SET so_value_tx='/var/sentora/logs/bind/bind.log' WHERE so_name_vc='bind_log'"
fi
mysql -u root -p"$mysqlpassword" -e "UPDATE sentora_core.x_settings SET so_value_tx='$BIND_PATH' WHERE so_name_vc='bind_dir'"
mysql -u root -p"$mysqlpassword" -e "UPDATE sentora_core.x_settings SET so_value_tx='$BIND_SERVICE' WHERE so_name_vc='bind_service'"
chmod -R 777 $PANEL_CONF/bind/zones/
# Setup logging directory
mkdir $PANEL_DATA/logs/bind
touch $PANEL_DATA/logs/bind/bind.log $PANEL_DATA/logs/bind/debug.log
chown $BIND_USER $PANEL_DATA/logs/bind/bind.log $PANEL_DATA/logs/bind/debug.log
chmod 660 $PANEL_DATA/logs/bind/bind.log $PANEL_DATA/logs/bind/debug.log
if [[ "$OS" = "CentOs" ]]; then
chmod 751 /var/named
chmod 771 /var/named/data
sed -i 's|bind/zones.rfc1918|named.rfc1912.zones|' $PANEL_CONF/bind/named.conf
elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
mkdir -p /var/named/dynamic
touch /var/named/dynamic/managed-keys.bind
chown -R bind:bind /var/named/
chmod -R 777 $PANEL_CONF/bind/etc
chown root:root $BIND_FILES/rndc.key
chmod 755 $BIND_FILES/rndc.key
fi
# Some link to enable call from path
ln -s /usr/sbin/named-checkconf /usr/bin/named-checkconf
ln -s /usr/sbin/named-checkzone /usr/bin/named-checkzone
ln -s /usr/sbin/named-compilezone /usr/bin/named-compilezone
# Setup acl IP to forbid zone transfer
sed -i "s|!SERVER_IP!|$PUBLIC_IP|" $PANEL_CONF/bind/named.conf
# Build key and conf files
rm -rf $BIND_FILES/named.conf $BIND_FILES/rndc.conf $BIND_FILES/rndc.key
if [[ "$OS" = "CentOs" && ("$VER" = "8" ) ||
"$OS" = "Ubuntu" && ("$VER" = "16.04" || "$VER" = "18.04" ) ]] ; then
# Create rndc-key
rndc-confgen -a -r /dev/urandom
elif [[ "$OS" = "Ubuntu" && ("$VER" = "20.04" ) ]] ; then
# Create rndc-key
rndc-confgen -a -A hmac-sha256
fi
cat $BIND_FILES/rndc.key $PANEL_CONF/bind/named.conf > $BIND_FILES/named.conf
cat $BIND_FILES/rndc.key $PANEL_CONF/bind/rndc.conf > $BIND_FILES/rndc.conf
rm -f $BIND_FILES/rndc.key
# Register Bind service for autostart and start it
if [[ "$OS" = "CentOs" ]]; then
if [[ "$VER" == "7" || "$VER" == "8" ]]; then
systemctl enable named.service
systemctl start named.service
else
chkconfig named on
/etc/init.d/named start
fi
fi
# Ubuntu 16.04 - 18.04 Bind9 Fixes
if [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
if [[ "$VER" = "16.04" || "$VER" = "18.04" ]]; then
# Disable Bind9(Named) from Apparmor. Apparmor reinstalls with apps(MySQL & Bind9) for some reason.
ln -s /etc/apparmor.d/usr.sbin.named /etc/apparmor.d/disable/
apparmor_parser -R /etc/apparmor.d/usr.sbin.named
fi
fi
# Fix/Disable Named/bind dnssec-lookaside
if [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
# Bind/Named v.9.10 or OLDER
if [[ "$VER" = "18.04" || "$VER" = "20.04" ]]; then
sed -i "s|dnssec-lookaside no|#dnssec-lookaside no|g" $BIND_FILES/named.conf
fi
elif [[ "$OS" = "CentOs" ]]; then
# Bind/Named v.9.11 or NEWER
if [[ "$VER" = "8" ]]; then
sed -i "s|dnssec-lookaside no|#dnssec-lookaside no|g" $BIND_FILES/named.conf
fi
fi
#--- CRON and ATD
echo -e "\n-- Installing and configuring cron tasks"
if [[ "$OS" = "CentOs" ]]; then
#cronie & crontabs may be missing
$PACKAGE_INSTALLER cronie crontabs
CRON_DIR="/var/spool/cron"
CRON_SERVICE="crond"
elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
$PACKAGE_INSTALLER cron
CRON_DIR="/var/spool/cron/crontabs"
CRON_SERVICE="cron"
fi
CRON_USER="$HTTP_USER"
# prepare daemon crontab
# sed -i "s|!USER!|$CRON_USER|" "$PANEL_CONF/cron/zdaemon" #it screw update search!#
sed -i "s|!USER!|root|" "$PANEL_CONF/cron/zdaemon"
cp "$PANEL_CONF/cron/zdaemon" /etc/cron.d/zdaemon
chmod 644 /etc/cron.d/zdaemon
# prepare user crontabs
CRON_FILE="$CRON_DIR/$CRON_USER"
mysql -u root -p"$mysqlpassword" -e "UPDATE sentora_core.x_settings SET so_value_tx='$CRON_FILE' WHERE so_name_vc='cron_file'"
mysql -u root -p"$mysqlpassword" -e "UPDATE sentora_core.x_settings SET so_value_tx='$CRON_FILE' WHERE so_name_vc='cron_reload_path'"
mysql -u root -p"$mysqlpassword" -e "UPDATE sentora_core.x_settings SET so_value_tx='$CRON_USER' WHERE so_name_vc='cron_reload_user'"
{
echo "SHELL=/bin/bash"
echo "PATH=/sbin:/bin:/usr/sbin:/usr/bin"
echo ""
} > mycron
crontab -u $HTTP_USER mycron
rm -f mycron
chmod 744 "$CRON_DIR"
chown -R $HTTP_USER:$HTTP_USER "$CRON_DIR"
chmod 644 "$CRON_FILE"
# Register cron and atd services for autostart and start them
if [[ "$OS" = "CentOs" ]]; then
if [[ "$VER" == "7" || "$VER" == "8" ]]; then
systemctl enable crond.service
systemctl start crond.service
systemctl start atd.service
else
chkconfig crond on
/etc/init.d/crond start
/etc/init.d/atd start
fi
fi
#--- phpMyAdmin
echo -e "\n-- Configuring phpMyAdmin"
phpmyadminsecret=$(passwordgen 32);
chmod 644 $PANEL_CONF/phpmyadmin/config.inc.php
sed -i "s|\$cfg\['blowfish_secret'\] \= 'SENTORA';|\$cfg\['blowfish_secret'\] \= '$phpmyadminsecret';|" $PANEL_CONF/phpmyadmin/config.inc.php
ln -s $PANEL_CONF/phpmyadmin/config.inc.php $PANEL_PATH/panel/etc/apps/phpmyadmin/config.inc.php
# Remove phpMyAdmin's setup folder in case it was left behind
rm -rf $PANEL_PATH/panel/etc/apps/phpmyadmin/setup
#--- PHPsysinfo
echo -e "\n-- Configuring PHPsysinfo"
# Setup config file
mv -f /etc/sentora/panel/etc/apps/phpsysinfo/phpsysinfo.ini.new /etc/sentora/panel/etc/apps/phpsysinfo/phpsysinfo.ini
#--- Roundcube
echo -e "\n-- Configuring Roundcube"
# Import roundcube default MYSQL table
if [ $PANEL_UPGRADE == false ]; then
mysql -u root -p"$mysqlpassword" < $PANEL_CONF/sentora-install/sql/sentora_roundcube.sql
fi
# Create and configure mysql password for roundcube
roundcubepassword=$(passwordgen);
sed -i "s|!ROUNDCUBE_PASSWORD!|$roundcubepassword|" $PANEL_CONF/roundcube/roundcube_config.inc.php
# OLD
#mysql -u root -p"$mysqlpassword" -e "GRANT ALL PRIVILEGES ON sentora_roundcube .* TO 'roundcube'@'localhost' identified by '$roundcubepassword';";
# Add User for Roundcube DB
mysql -u root -p"$mysqlpassword" -e "CREATE USER roundcube@localhost IDENTIFIED BY '$roundcubepassword';";
# Grant ALL PRIVILEGES to Roundcube User
mysql -u root -p"$mysqlpassword" -e "GRANT ALL PRIVILEGES ON sentora_roundcube .* TO 'roundcube'@'localhost';";
# Delete Roundcube setup files
rm -r $PANEL_PATH/panel/etc/apps/webmail/SQL
rm -r $PANEL_PATH/panel/etc/apps/webmail/installer
# Create and configure des key
roundcube_des_key=$(passwordgen 24);
sed -i "s|!ROUNDCUBE_DESKEY!|$roundcube_des_key|" $PANEL_CONF/roundcube/roundcube_config.inc.php
# Create and configure specials directories and rights
chown "$HTTP_USER:$HTTP_GROUP" "$PANEL_PATH/panel/etc/apps/webmail/temp"
mkdir "$PANEL_DATA/logs/roundcube"
chown "$HTTP_USER:$HTTP_GROUP" "$PANEL_DATA/logs/roundcube"
# Map config file in roundcube with symbolic links
ln -s $PANEL_CONF/roundcube/roundcube_config.inc.php $PANEL_PATH/panel/etc/apps/webmail/config/config.inc.php
ln -s $PANEL_CONF/roundcube/sieve_config.inc.php $PANEL_PATH/panel/etc/apps/webmail/plugins/managesieve/config.inc.php
#--- Webalizer
echo -e "\n-- Configuring Webalizer"
if [[ "$OS" = "CentOs" ]]; then
if [[ $VER = "7" ]]; then
$PACKAGE_INSTALLER webalizer
elif [[ $VER = "8" ]]; then
# Install required packages
#$PACKAGE_INSTALLER gd-devel libpng-devel
# Download Webalizer and decompress
#wget -c ftp://ftp.mrunix.net/pub/webalizer/webalizer-2.23-08-src.tar.Z -O - | tar -xz
# Chnage to webalizer dir
#cd webalizer-2.23-08 || exit
# Build and configure webalizer
#./configure
#make
#make install
# Change to $HOME DIR
#cd "$HOME" || exit
# Delete/cleanup webalizer source file
#rm -rf webalizer-2.23-08
#rm -rf /etc/webalizer.conf
$PACKAGE_INSTALLER webalizer.x86_64
fi
elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
$PACKAGE_INSTALLER webalizer
rm -rf /etc/webalizer/webalizer.conf
fi
#--- Set some Sentora database entries using. setso and setzadmin (require PHP)
echo -e "\n-- Configuring Sentora"
zadminpassword=$(passwordgen);
setzadmin --set "$zadminpassword";
$PANEL_PATH/panel/bin/setso --set sentora_domain "$PANEL_FQDN"
$PANEL_PATH/panel/bin/setso --set server_ip "$PUBLIC_IP"
# if not release, set beta version in database
if [[ $(echo "$SENTORA_CORE_VERSION" | sed 's|.*-\(beta\).*$|\1|') = "beta" ]] ; then
$PANEL_PATH/panel/bin/setso --set dbversion "$SENTORA_CORE_VERSION"
fi
# Make the daemon to run/build vhosts file.
$PANEL_PATH/panel/bin/setso --set apache_changed "true"
php -q $PANEL_PATH/panel/bin/daemon.php
#--- Firewall ? SHOULD WE???
#--- Fail2ban - This should be standard with install. We need a module to help user with settings. Maybe soon!
#--- Logrotate
# Download and install logrotate
echo -e "\n-- Installing Logrotate"
$PACKAGE_INSTALLER logrotate
# Link the configfiles
ln -s $PANEL_CONF/logrotate/Sentora-apache /etc/logrotate.d/Sentora-apache
ln -s $PANEL_CONF/logrotate/Sentora-proftpd /etc/logrotate.d/Sentora-proftpd
ln -s $PANEL_CONF/logrotate/Sentora-dovecot /etc/logrotate.d/Sentora-dovecot
# Configure the postrotatesyntax for different OS
if [[ "$OS" = "CentOs" && "$VER" == "6" ]]; then
sed -i 's|systemctl reload httpd > /dev/null|service httpd reload > /dev/null|' $PANEL_CONF/logrotate/Sentora-apache
sed -i 's|systemctl reload proftpd > /dev/null|service proftpd reload > /dev/null|' $PANEL_CONF/logrotate/Sentora-proftpd
elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
sed -i 's|systemctl reload httpd > /dev/null|/etc/init.d/apache2 reload > /dev/null|' $PANEL_CONF/logrotate/Sentora-apache
sed -i 's|systemctl reload proftpd > /dev/null|/etc/init.d/proftpd force-reload > /dev/null|' $PANEL_CONF/logrotate/Sentora-proftpd
fi
#--- LetsEncrypt - We need a module to help user with SSL Certs/settings. Module coming soon!!!!
# Ubuntu 20.04 LetsEncrypt has issues with their code for 20.04. Will resolve later when when they resolve. Maybe i will fix not sure..
#if [[ "$OS" = "CentOs" && ( "$VER" = "7" || "$VER" = "8" ) ||
#"$OS" = "Ubuntu" && ("$VER" = "16.04" || "$VER" = "18.04" ) ||
#"$OS" = "debian" && ("$VER" = "9" || "$VER" = "10" ) ]] ; then
#$PACKAGE_INSTALLER git
#git clone https://github.com/letsencrypt/letsencrypt
#cd letsencrypt || exit
#./letsencrypt-auto --help
#fi
#--- Resolv.conf deprotect
chattr -i /etc/resolv.conf
#--- Restart all services to capture output messages, if any
if [[ "$OS" = "CentOs" && "$VER" == "7" || "$VER" == "8" ]]; then
# CentOs7 does not return anything except redirection to systemctl :-(
service() {
echo "Restarting $1"
systemctl restart "$1.service"
}
fi
# Clean up files needed for install/update
# N/A
echo -e "# -------------------------------------------------------------------------------"
# Set admin contact info to zadmin profile
echo -e "\n--- Updating Admin contact Info..."
mysql -u root -p"$mysqlpassword" -e "UPDATE sentora_core.x_accounts SET ac_email_vc='$ADMIN_EMAIL' WHERE sentora_core.x_accounts.ac_id_pk = 1"
mysql -u root -p"$mysqlpassword" -e "UPDATE sentora_core.x_profiles SET ud_fullname_vc='$ADMIN_NAME', ud_phone_vc='$ADMIN_PHONE', ud_address_tx='$ADMIN_ADDRESS\r\n$ADMIN_PROVINCE $ADMIN_POSTALCODE\r\n$ADMIN_COUNTRY', ud_postcode_vc='$ADMIN_POSTALCODE' WHERE sentora_core.x_profiles.ud_id_pk = 1"
echo -e "\n--- Done Updating admin contact info.\n"
echo -e "# -------------------------------------------------------------------------------"
echo -e "\n--- Restarting Services"
echo -e "Restarting $DB_SERVICE..."
service "$DB_SERVICE" restart
echo -e "Restarting $HTTP_SERVICE..."
service "$HTTP_SERVICE" restart
echo -e "Restarting Postfix..."
service postfix restart
echo -e "Restarting Dovecot..."
service dovecot restart
echo -e "Restarting CRON..."
service "$CRON_SERVICE" restart
echo -e "Restarting Bind9/Named..."
service "$BIND_SERVICE" restart
echo -e "Restarting Proftpd..."
service proftpd restart
echo -e "Restarting ATD..."
service atd restart
echo -e "\n--- Finished Restarting Services...\n"
#--- Store the passwords for user reference
{
echo "Server IP address : $PUBLIC_IP"
echo "Panel URL : http://$PANEL_FQDN"
echo "zadmin Password : $zadminpassword"
echo ""
echo "MySQL Root Password : $mysqlpassword"
echo "MySQL Postfix Password : $postfixpassword"
echo "MySQL ProFTPd Password : $proftpdpassword"
echo "MySQL Roundcube Password : $roundcubepassword"
} >> /root/passwords.txt
chmod 600 /root/passwords.txt
#--- Advise the admin that Sentora is now installed and accessible.
{
echo "########################################################"
echo " Congratulations Sentora has now been installed on your"
echo " server. Please review the log file left in /root/ for "
echo " any errors encountered during installation."
echo ""
echo " Login to Sentora at http://$PANEL_FQDN"
echo " Sentora Username : zadmin"
echo " Sentora Password : $zadminpassword"
echo ""
echo " MySQL Root Password : $mysqlpassword"
echo " MySQL Postfix Password : $postfixpassword"
echo " MySQL ProFTPd Password : $proftpdpassword"
echo " MySQL Roundcube Password : $roundcubepassword"
echo " (theses passwords are saved in /root/passwords.txt)"
echo "########################################################"
echo ""
} &>/dev/tty
# Wait until the user have read before restarts the server...
if [[ "$INSTALL" != "auto" ]] ; then
while true; do
read -r -e -p "Restart your server now to complete the install (y/n)? " rsn
case $rsn in
[Yy]* ) break;;
[Nn]* ) exit;
esac
done
shutdown -r now
fi