Sn1p0r/full_install_pteroq_panel_v0.7.17_and_wings_daemon_v0.6.13_centos_7.sh

## full_install_pteroq_panel_v0.7.17_and_wings_daemon_v0.6.13_centos_7.sh
#!/bin/bash

## Input environmental vars
echo "FQDN:" ; read "host"
echo "IP:" ; read "ip"
echo "Admin email:" ; read "email"
echo "DB password:" ; read "pass"
echo "#####################"
echo "FQDN hostname is $host"
echo "IP fort this FQDN is $ip"
echo "Admin email is $email"
echo "DB password is $pass"
echo "#####################"

## Set hostname and setup /etc/hosts accordingly
hostnamectl set-hostname $host
echo "127.0.0.1 localhost localhost.localdomain" > /etc/hosts
echo "${ip} ${host}" >> /etc/hosts

## Add SWAP 4G /swap
dd if=/dev/zero of=/swap count=4096 bs=1MiB
chmod 600 /swap
mkswap /swap
swapon /swap
echo "/swap swap swap sw 0 0" >> /etc/fstab

## Install Repos for MariaDB
cat <<EOF > /etc/yum.repos.d/mariadb.repo
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.2/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
EOF

## Install epel
yum install -y epel-release

## Install Repos for PHP 7.3 (after disabling repos for PHP 5.4)
yum install -y epel-release http://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum install -y yum-utils
yum-config-manager --disable remi-php54
yum-config-manager --enable remi-php73
yum update -y

## Install dependency packages
yum install -y policycoreutils policycoreutils-python selinux-policy selinux-policy-targeted libselinux-utils setroubleshoot-server setools setools-console mcstrans php php-common php-fpm php-cli php-json php-mysqlnd php-mcrypt php-gd php-mbstring php-pdo php-zip php-bcmath php-dom php-opcache chrony net-tools vim htop mlocate telnet MariaDB-common MariaDB-server firewalld zip unzip tar nginx certbot wget

## Install Redis
yum install -y --enablerepo=remi redis

## Configure NTP pool chrony
echo 'pool 0.be.pool.ntp.org iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
keyfile /etc/chrony.keys
leapsectz right/UTC
logdir /var/log/chrony
' > /etc/chrony.conf

## Create PHP-FPM worker for pterodactyl (www-pterodactyl.conf)
cat <<EOF > /etc/php-fpm.d/www-pterodactyl.conf
[pterodactyl]
user = nginx
group = nginx
listen = /var/run/php-fpm/pterodactyl.sock
listen.owner = nginx
listen.group = nginx
listen.mode = 0750
pm = ondemand
pm.max_children = 9
pm.process_idle_timeout = 10s
pm.max_requests = 200
EOF

## Create service for pterodactyl (pteroq.service)
cat <<EOF > /etc/systemd/system/pteroq.service
# Pterodactyl Queue Worker File
# ----------------------------------
[Unit]
Description=Pterodactyl Queue Worker
After=redis.service
[Service]
User=nginx
Group=nginx
Restart=always
ExecStart=/usr/bin/php /var/www/pterodactyl/artisan queue:work --queue=high,standard,low --sleep=3 --tries=3
[Install]
WantedBy=multi-user.target
EOF

## Configure NginX for pterodactyl
echo 'server_tokens off;
server {
    listen 80;
    server_name h0stn4m3;
    return 301 https://$server_name$request_uri;
}
server {
    listen 443 ssl http2;
    server_name h0stn4m3;
    root /var/www/pterodactyl/public;
    index index.php;
    access_log /var/log/nginx/pterodactyl.app-access.log;
    error_log  /var/log/nginx/pterodactyl.app-error.log error;
    # allow larger file uploads and longer script runtimes
    client_max_body_size 100m;
    client_body_timeout 120s;

    sendfile off;
    # SSL Configuration
    ssl_certificate /etc/letsencrypt/live/h0stn4m3/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/h0stn4m3/privkey.pem;
    ssl_session_cache shared:SSL:10m;
    ssl_protocols TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    ssl_prefer_server_ciphers on;
    # See https://hstspreload.org/ before uncommenting the line below.
    # add_header Strict-Transport-Security "max-age=15768000; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header Content-Security-Policy "frame-ancestors 'self'";
    add_header X-Frame-Options DENY;
    add_header Referrer-Policy same-origin;
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }
    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php-fpm/pterodactyl.sock;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M";
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param HTTP_PROXY "";
        fastcgi_intercept_errors off;
        fastcgi_buffer_size 16k;
        fastcgi_buffers 4 16k;
        fastcgi_connect_timeout 300;
        fastcgi_send_timeout 300;
        fastcgi_read_timeout 300;
        include /etc/nginx/fastcgi_params;
    }
    location ~ /\.ht {
        deny all;
    }
}
' > /etc/nginx/conf.d/www-pteroq.conf
sed -i -e 's/h0stn4m3/'"${host}"'/g' /etc/nginx/conf.d/www-pteroq.conf

## Install compozer
curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer

## Add firewall rules
firewall-cmd --add-service=http --permanent
firewall-cmd --add-service=https --permanent
firewall-cmd --reload

## Add SEL Policies
setsebool -P httpd_can_network_connect 1
setsebool -P httpd_execmem 1
setsebool -P httpd_unified 1

## Restart all services
systemctl restart php-fpm ; systemctl restart redis ; systemctl restart mariadb ; systemctl restart firewalld ; systemctl restart chronyd

## Install Pterodactyl files
mkdir -p /var/www/pterodactyl
cd /var/www/pterodactyl
curl -Lo panel.tar.gz https://github.com/pterodactyl/panel/releases/download/v0.7.17/panel.tar.gz
tar --strip-components=1 -xzvf panel.tar.gz
chmod -R 755 storage/* bootstrap/cache/
cp .env.example .env
composer install --no-dev --optimize-autoloader
php artisan key:generate --force

## Adding MySQL users and finalising SQL setup
mysql -u root << SQL_QUERY
USE mysql;
CREATE USER 'pterodactyl'@'127.0.0.1' IDENTIFIED BY '${pass}';
CREATE DATABASE panel;
GRANT ALL PRIVILEGES ON panel.* TO 'pterodactyl'@'127.0.0.1' WITH GRANT OPTION;
FLUSH PRIVILEGES;
USE mysql;
CREATE USER 'pterodactyluser'@'127.0.0.1' IDENTIFIED BY '${pass}';
GRANT ALL PRIVILEGES ON *.* TO 'pterodactyluser'@'127.0.0.1' WITH GRANT OPTION;
FLUSH PRIVILEGES;
SQL_QUERY
mysql_secure_installation <<EOF

y
echo "${pass}"
echo "${pass}"
y
y
y
y
EOF

## Enable all services
systemctl enable php-fpm ; systemctl enable redis ; systemctl enable mariadb ; systemctl enable firewalld ; systemctl enable chronyd ; systemctl enable pteroq.service

## Add crontab entries
crontab <<EOF
* * * * * php /var/www/pterodactyl/artisan schedule:run >> /dev/null 2>&1
0 0,12 * * * certbot certonly --non-interactive --standalone --agree-tos --email "${email}" --domains "${host}"
EOF

## Finally installing and configuring the pterodactyl panel itself
cd /var/www/pterodactyl
php artisan p:environment:setup
php artisan p:environment:database
php artisan p:environment:mail
php artisan migrate --seed
php artisan p:user:make
chown -R nginx:nginx *

## Secure with letsencrypt after stopping serving on port 80
systemctl stop nginx ; systemctl stop apache ; systemctl stop httpd
certbot certonly --non-interactive --standalone --agree-tos --email "${email}" --domains "${host}"

## Restart/Enable all installed services
systemctl enable --now nginx ; systemctl restart php-fpm ; systemctl restart mariadb ; systemctl restart redis ; systemctl restart pteroq.service

## info & pause
echo "#####################"
echo "FQDN hostname is $host"
echo "IP fort this FQDN is $ip"
echo "Admin email is $email"
echo "DB password is $pass"
echo "#####################"
sleep 30

## Installing Daemon "Wings"
echo "Installing Daemon "Wings""
yum install -y tar unzip make gcc gcc-c++ python
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install -y docker-ce
systemctl enable docker
systemctl start docker
curl --silent --location https://rpm.nodesource.com/setup_10.x | bash -
yum install -y nodejs
firewall-cmd --add-port 8080/tcp --permanent
firewall-cmd --add-port 2022/tcp --permanent
firewall-cmd --permanent --zone=trusted --change-interface=docker0
firewall-cmd --reload
mkdir -p /srv/daemon /srv/daemon-data
cd /srv/daemon
curl -L https://github.com/pterodactyl/daemon/releases/download/v0.6.13/daemon.tar.gz | tar --strip-components=1 -xzv
npm install --only=production --no-audit --unsafe-perm
echo '
' > /srv/daemon/config/core.json

cat <<EOF > /etc/systemd/system/wings.service
[Unit]
Description=Pterodactyl Wings Daemon
After=docker.service
[Service]
User=root
#Group=some_group
WorkingDirectory=/srv/daemon
LimitNOFILE=4096
PIDFile=/var/run/wings/daemon.pid
ExecStart=/usr/bin/node /srv/daemon/src/index.js
Restart=on-failure
StartLimitInterval=600
[Install]
WantedBy=multi-user.target
EOF
systemctl enable --now wings

## Reboot
shutdown -r now
	#!/bin/bash

	## Input environmental vars
	echo "FQDN:" ; read "host"
	echo "IP:" ; read "ip"
	echo "Admin email:" ; read "email"
	echo "DB password:" ; read "pass"
	echo "#####################"
	echo "FQDN hostname is $host"
	echo "IP fort this FQDN is $ip"
	echo "Admin email is $email"
	echo "DB password is $pass"
	echo "#####################"

	## Set hostname and setup /etc/hosts accordingly
	hostnamectl set-hostname $host
	echo "127.0.0.1 localhost localhost.localdomain" > /etc/hosts
	echo "${ip} ${host}" >> /etc/hosts

	## Add SWAP 4G /swap
	dd if=/dev/zero of=/swap count=4096 bs=1MiB
	chmod 600 /swap
	mkswap /swap
	swapon /swap
	echo "/swap swap swap sw 0 0" >> /etc/fstab

	## Install Repos for MariaDB
	cat <<EOF > /etc/yum.repos.d/mariadb.repo
	[mariadb]
	name = MariaDB
	baseurl = http://yum.mariadb.org/10.2/centos7-amd64
	gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
	gpgcheck=1
	EOF

	## Install epel
	yum install -y epel-release

	## Install Repos for PHP 7.3 (after disabling repos for PHP 5.4)
	yum install -y epel-release http://rpms.remirepo.net/enterprise/remi-release-7.rpm
	yum install -y yum-utils
	yum-config-manager --disable remi-php54
	yum-config-manager --enable remi-php73
	yum update -y

	## Install dependency packages
	yum install -y policycoreutils policycoreutils-python selinux-policy selinux-policy-targeted libselinux-utils setroubleshoot-server setools setools-console mcstrans php php-common php-fpm php-cli php-json php-mysqlnd php-mcrypt php-gd php-mbstring php-pdo php-zip php-bcmath php-dom php-opcache chrony net-tools vim htop mlocate telnet MariaDB-common MariaDB-server firewalld zip unzip tar nginx certbot wget

	## Install Redis
	yum install -y --enablerepo=remi redis

	## Configure NTP pool chrony
	echo 'pool 0.be.pool.ntp.org iburst
	driftfile /var/lib/chrony/drift
	makestep 1.0 3
	rtcsync
	keyfile /etc/chrony.keys
	leapsectz right/UTC
	logdir /var/log/chrony
	' > /etc/chrony.conf

	## Create PHP-FPM worker for pterodactyl (www-pterodactyl.conf)
	cat <<EOF > /etc/php-fpm.d/www-pterodactyl.conf
	[pterodactyl]
	user = nginx
	group = nginx
	listen = /var/run/php-fpm/pterodactyl.sock
	listen.owner = nginx
	listen.group = nginx
	listen.mode = 0750
	pm = ondemand
	pm.max_children = 9
	pm.process_idle_timeout = 10s
	pm.max_requests = 200
	EOF

	## Create service for pterodactyl (pteroq.service)
	cat <<EOF > /etc/systemd/system/pteroq.service
	# Pterodactyl Queue Worker File
	# ----------------------------------
	[Unit]
	Description=Pterodactyl Queue Worker
	After=redis.service
	[Service]
	User=nginx
	Group=nginx
	Restart=always
	ExecStart=/usr/bin/php /var/www/pterodactyl/artisan queue:work --queue=high,standard,low --sleep=3 --tries=3
	[Install]
	WantedBy=multi-user.target
	EOF

	## Configure NginX for pterodactyl
	echo 'server_tokens off;
	server {
	listen 80;
	server_name h0stn4m3;
	return 301 https://$server_name$request_uri;
	}
	server {
	listen 443 ssl http2;
	server_name h0stn4m3;
	root /var/www/pterodactyl/public;
	index index.php;
	access_log /var/log/nginx/pterodactyl.app-access.log;
	error_log /var/log/nginx/pterodactyl.app-error.log error;
	# allow larger file uploads and longer script runtimes
	client_max_body_size 100m;
	client_body_timeout 120s;

	sendfile off;
	# SSL Configuration
	ssl_certificate /etc/letsencrypt/live/h0stn4m3/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/h0stn4m3/privkey.pem;
	ssl_session_cache shared:SSL:10m;
	ssl_protocols TLSv1.2;
	ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
	ssl_prefer_server_ciphers on;
	# See https://hstspreload.org/ before uncommenting the line below.
	# add_header Strict-Transport-Security "max-age=15768000; preload;";
	add_header X-Content-Type-Options nosniff;
	add_header X-XSS-Protection "1; mode=block";
	add_header X-Robots-Tag none;
	add_header Content-Security-Policy "frame-ancestors 'self'";
	add_header X-Frame-Options DENY;
	add_header Referrer-Policy same-origin;
	location / {
	try_files $uri $uri/ /index.php?$query_string;
	}
	location ~ \.php$ {
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	fastcgi_pass unix:/var/run/php-fpm/pterodactyl.sock;
	fastcgi_index index.php;
	include fastcgi_params;
	fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M";
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_param HTTP_PROXY "";
	fastcgi_intercept_errors off;
	fastcgi_buffer_size 16k;
	fastcgi_buffers 4 16k;
	fastcgi_connect_timeout 300;
	fastcgi_send_timeout 300;
	fastcgi_read_timeout 300;
	include /etc/nginx/fastcgi_params;
	}
	location ~ /\.ht {
	deny all;
	}
	}
	' > /etc/nginx/conf.d/www-pteroq.conf
	sed -i -e 's/h0stn4m3/'"${host}"'/g' /etc/nginx/conf.d/www-pteroq.conf

	## Install compozer
	curl -sS https://getcomposer.org/installer \| php -- --install-dir=/usr/local/bin --filename=composer

	## Add firewall rules
	firewall-cmd --add-service=http --permanent
	firewall-cmd --add-service=https --permanent
	firewall-cmd --reload

	## Add SEL Policies
	setsebool -P httpd_can_network_connect 1
	setsebool -P httpd_execmem 1
	setsebool -P httpd_unified 1

	## Restart all services
	systemctl restart php-fpm ; systemctl restart redis ; systemctl restart mariadb ; systemctl restart firewalld ; systemctl restart chronyd

	## Install Pterodactyl files
	mkdir -p /var/www/pterodactyl
	cd /var/www/pterodactyl
	curl -Lo panel.tar.gz https://github.com/pterodactyl/panel/releases/download/v0.7.17/panel.tar.gz
	tar --strip-components=1 -xzvf panel.tar.gz
	chmod -R 755 storage/* bootstrap/cache/
	cp .env.example .env
	composer install --no-dev --optimize-autoloader
	php artisan key:generate --force

	## Adding MySQL users and finalising SQL setup
	mysql -u root << SQL_QUERY
	USE mysql;
	CREATE USER 'pterodactyl'@'127.0.0.1' IDENTIFIED BY '${pass}';
	CREATE DATABASE panel;
	GRANT ALL PRIVILEGES ON panel.* TO 'pterodactyl'@'127.0.0.1' WITH GRANT OPTION;
	FLUSH PRIVILEGES;
	USE mysql;
	CREATE USER 'pterodactyluser'@'127.0.0.1' IDENTIFIED BY '${pass}';
	GRANT ALL PRIVILEGES ON . TO 'pterodactyluser'@'127.0.0.1' WITH GRANT OPTION;
	FLUSH PRIVILEGES;
	SQL_QUERY
	mysql_secure_installation <<EOF

	y
	echo "${pass}"
	echo "${pass}"
	y
	y
	y
	y
	EOF

	## Enable all services
	systemctl enable php-fpm ; systemctl enable redis ; systemctl enable mariadb ; systemctl enable firewalld ; systemctl enable chronyd ; systemctl enable pteroq.service

	## Add crontab entries
	crontab <<EOF
	* * * * * php /var/www/pterodactyl/artisan schedule:run >> /dev/null 2>&1
	0 0,12 * * * certbot certonly --non-interactive --standalone --agree-tos --email "${email}" --domains "${host}"
	EOF

	## Finally installing and configuring the pterodactyl panel itself
	cd /var/www/pterodactyl
	php artisan p:environment:setup
	php artisan p:environment:database
	php artisan p:environment:mail
	php artisan migrate --seed
	php artisan p:user:make
	chown -R nginx:nginx *

	## Secure with letsencrypt after stopping serving on port 80
	systemctl stop nginx ; systemctl stop apache ; systemctl stop httpd
	certbot certonly --non-interactive --standalone --agree-tos --email "${email}" --domains "${host}"

	## Restart/Enable all installed services
	systemctl enable --now nginx ; systemctl restart php-fpm ; systemctl restart mariadb ; systemctl restart redis ; systemctl restart pteroq.service

	## info & pause
	echo "#####################"
	echo "FQDN hostname is $host"
	echo "IP fort this FQDN is $ip"
	echo "Admin email is $email"
	echo "DB password is $pass"
	echo "#####################"
	sleep 30

	## Installing Daemon "Wings"
	echo "Installing Daemon "Wings""
	yum install -y tar unzip make gcc gcc-c++ python
	yum install -y yum-utils device-mapper-persistent-data lvm2
	yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
	yum install -y docker-ce
	systemctl enable docker
	systemctl start docker
	curl --silent --location https://rpm.nodesource.com/setup_10.x \| bash -
	yum install -y nodejs
	firewall-cmd --add-port 8080/tcp --permanent
	firewall-cmd --add-port 2022/tcp --permanent
	firewall-cmd --permanent --zone=trusted --change-interface=docker0
	firewall-cmd --reload
	mkdir -p /srv/daemon /srv/daemon-data
	cd /srv/daemon
	curl -L https://github.com/pterodactyl/daemon/releases/download/v0.6.13/daemon.tar.gz \| tar --strip-components=1 -xzv
	npm install --only=production --no-audit --unsafe-perm
	echo '
	' > /srv/daemon/config/core.json

	cat <<EOF > /etc/systemd/system/wings.service
	[Unit]
	Description=Pterodactyl Wings Daemon
	After=docker.service
	[Service]
	User=root
	#Group=some_group
	WorkingDirectory=/srv/daemon
	LimitNOFILE=4096
	PIDFile=/var/run/wings/daemon.pid
	ExecStart=/usr/bin/node /srv/daemon/src/index.js
	Restart=on-failure
	StartLimitInterval=600
	[Install]
	WantedBy=multi-user.target
	EOF
	systemctl enable --now wings

	## Reboot
	shutdown -r now