Last active
April 26, 2020 05:49
-
-
Save Sn1p0r/9f227a74eaf9451ab243d8b9f9bf56a2 to your computer and use it in GitHub Desktop.
full_install_pteroq_panel_v0.7.17_and_wings_daemon_v0.6.13_centos_7.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
## Input environmental vars | |
echo "FQDN:" ; read "host" | |
echo "IP:" ; read "ip" | |
echo "Admin email:" ; read "email" | |
echo "DB password:" ; read "pass" | |
echo "#####################" | |
echo "FQDN hostname is $host" | |
echo "IP fort this FQDN is $ip" | |
echo "Admin email is $email" | |
echo "DB password is $pass" | |
echo "#####################" | |
## Set hostname and setup /etc/hosts accordingly | |
hostnamectl set-hostname $host | |
echo "127.0.0.1 localhost localhost.localdomain" > /etc/hosts | |
echo "${ip} ${host}" >> /etc/hosts | |
## Add SWAP 4G /swap | |
dd if=/dev/zero of=/swap count=4096 bs=1MiB | |
chmod 600 /swap | |
mkswap /swap | |
swapon /swap | |
echo "/swap swap swap sw 0 0" >> /etc/fstab | |
## Install Repos for MariaDB | |
cat <<EOF > /etc/yum.repos.d/mariadb.repo | |
[mariadb] | |
name = MariaDB | |
baseurl = http://yum.mariadb.org/10.2/centos7-amd64 | |
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB | |
gpgcheck=1 | |
EOF | |
## Install epel | |
yum install -y epel-release | |
## Install Repos for PHP 7.3 (after disabling repos for PHP 5.4) | |
yum install -y epel-release http://rpms.remirepo.net/enterprise/remi-release-7.rpm | |
yum install -y yum-utils | |
yum-config-manager --disable remi-php54 | |
yum-config-manager --enable remi-php73 | |
yum update -y | |
## Install dependency packages | |
yum install -y policycoreutils policycoreutils-python selinux-policy selinux-policy-targeted libselinux-utils setroubleshoot-server setools setools-console mcstrans php php-common php-fpm php-cli php-json php-mysqlnd php-mcrypt php-gd php-mbstring php-pdo php-zip php-bcmath php-dom php-opcache chrony net-tools vim htop mlocate telnet MariaDB-common MariaDB-server firewalld zip unzip tar nginx certbot wget | |
## Install Redis | |
yum install -y --enablerepo=remi redis | |
## Configure NTP pool chrony | |
echo 'pool 0.be.pool.ntp.org iburst | |
driftfile /var/lib/chrony/drift | |
makestep 1.0 3 | |
rtcsync | |
keyfile /etc/chrony.keys | |
leapsectz right/UTC | |
logdir /var/log/chrony | |
' > /etc/chrony.conf | |
## Create PHP-FPM worker for pterodactyl (www-pterodactyl.conf) | |
cat <<EOF > /etc/php-fpm.d/www-pterodactyl.conf | |
[pterodactyl] | |
user = nginx | |
group = nginx | |
listen = /var/run/php-fpm/pterodactyl.sock | |
listen.owner = nginx | |
listen.group = nginx | |
listen.mode = 0750 | |
pm = ondemand | |
pm.max_children = 9 | |
pm.process_idle_timeout = 10s | |
pm.max_requests = 200 | |
EOF | |
## Create service for pterodactyl (pteroq.service) | |
cat <<EOF > /etc/systemd/system/pteroq.service | |
# Pterodactyl Queue Worker File | |
# ---------------------------------- | |
[Unit] | |
Description=Pterodactyl Queue Worker | |
After=redis.service | |
[Service] | |
User=nginx | |
Group=nginx | |
Restart=always | |
ExecStart=/usr/bin/php /var/www/pterodactyl/artisan queue:work --queue=high,standard,low --sleep=3 --tries=3 | |
[Install] | |
WantedBy=multi-user.target | |
EOF | |
## Configure NginX for pterodactyl | |
echo 'server_tokens off; | |
server { | |
listen 80; | |
server_name h0stn4m3; | |
return 301 https://$server_name$request_uri; | |
} | |
server { | |
listen 443 ssl http2; | |
server_name h0stn4m3; | |
root /var/www/pterodactyl/public; | |
index index.php; | |
access_log /var/log/nginx/pterodactyl.app-access.log; | |
error_log /var/log/nginx/pterodactyl.app-error.log error; | |
# allow larger file uploads and longer script runtimes | |
client_max_body_size 100m; | |
client_body_timeout 120s; | |
sendfile off; | |
# SSL Configuration | |
ssl_certificate /etc/letsencrypt/live/h0stn4m3/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/h0stn4m3/privkey.pem; | |
ssl_session_cache shared:SSL:10m; | |
ssl_protocols TLSv1.2; | |
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; | |
ssl_prefer_server_ciphers on; | |
# See https://hstspreload.org/ before uncommenting the line below. | |
# add_header Strict-Transport-Security "max-age=15768000; preload;"; | |
add_header X-Content-Type-Options nosniff; | |
add_header X-XSS-Protection "1; mode=block"; | |
add_header X-Robots-Tag none; | |
add_header Content-Security-Policy "frame-ancestors 'self'"; | |
add_header X-Frame-Options DENY; | |
add_header Referrer-Policy same-origin; | |
location / { | |
try_files $uri $uri/ /index.php?$query_string; | |
} | |
location ~ \.php$ { | |
fastcgi_split_path_info ^(.+\.php)(/.+)$; | |
fastcgi_pass unix:/var/run/php-fpm/pterodactyl.sock; | |
fastcgi_index index.php; | |
include fastcgi_params; | |
fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M"; | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
fastcgi_param HTTP_PROXY ""; | |
fastcgi_intercept_errors off; | |
fastcgi_buffer_size 16k; | |
fastcgi_buffers 4 16k; | |
fastcgi_connect_timeout 300; | |
fastcgi_send_timeout 300; | |
fastcgi_read_timeout 300; | |
include /etc/nginx/fastcgi_params; | |
} | |
location ~ /\.ht { | |
deny all; | |
} | |
} | |
' > /etc/nginx/conf.d/www-pteroq.conf | |
sed -i -e 's/h0stn4m3/'"${host}"'/g' /etc/nginx/conf.d/www-pteroq.conf | |
## Install compozer | |
curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer | |
## Add firewall rules | |
firewall-cmd --add-service=http --permanent | |
firewall-cmd --add-service=https --permanent | |
firewall-cmd --reload | |
## Add SEL Policies | |
setsebool -P httpd_can_network_connect 1 | |
setsebool -P httpd_execmem 1 | |
setsebool -P httpd_unified 1 | |
## Restart all services | |
systemctl restart php-fpm ; systemctl restart redis ; systemctl restart mariadb ; systemctl restart firewalld ; systemctl restart chronyd | |
## Install Pterodactyl files | |
mkdir -p /var/www/pterodactyl | |
cd /var/www/pterodactyl | |
curl -Lo panel.tar.gz https://github.com/pterodactyl/panel/releases/download/v0.7.17/panel.tar.gz | |
tar --strip-components=1 -xzvf panel.tar.gz | |
chmod -R 755 storage/* bootstrap/cache/ | |
cp .env.example .env | |
composer install --no-dev --optimize-autoloader | |
php artisan key:generate --force | |
## Adding MySQL users and finalising SQL setup | |
mysql -u root << SQL_QUERY | |
USE mysql; | |
CREATE USER 'pterodactyl'@'127.0.0.1' IDENTIFIED BY '${pass}'; | |
CREATE DATABASE panel; | |
GRANT ALL PRIVILEGES ON panel.* TO 'pterodactyl'@'127.0.0.1' WITH GRANT OPTION; | |
FLUSH PRIVILEGES; | |
USE mysql; | |
CREATE USER 'pterodactyluser'@'127.0.0.1' IDENTIFIED BY '${pass}'; | |
GRANT ALL PRIVILEGES ON *.* TO 'pterodactyluser'@'127.0.0.1' WITH GRANT OPTION; | |
FLUSH PRIVILEGES; | |
SQL_QUERY | |
mysql_secure_installation <<EOF | |
y | |
echo "${pass}" | |
echo "${pass}" | |
y | |
y | |
y | |
y | |
EOF | |
## Enable all services | |
systemctl enable php-fpm ; systemctl enable redis ; systemctl enable mariadb ; systemctl enable firewalld ; systemctl enable chronyd ; systemctl enable pteroq.service | |
## Add crontab entries | |
crontab <<EOF | |
* * * * * php /var/www/pterodactyl/artisan schedule:run >> /dev/null 2>&1 | |
0 0,12 * * * certbot certonly --non-interactive --standalone --agree-tos --email "${email}" --domains "${host}" | |
EOF | |
## Finally installing and configuring the pterodactyl panel itself | |
cd /var/www/pterodactyl | |
php artisan p:environment:setup | |
php artisan p:environment:database | |
php artisan p:environment:mail | |
php artisan migrate --seed | |
php artisan p:user:make | |
chown -R nginx:nginx * | |
## Secure with letsencrypt after stopping serving on port 80 | |
systemctl stop nginx ; systemctl stop apache ; systemctl stop httpd | |
certbot certonly --non-interactive --standalone --agree-tos --email "${email}" --domains "${host}" | |
## Restart/Enable all installed services | |
systemctl enable --now nginx ; systemctl restart php-fpm ; systemctl restart mariadb ; systemctl restart redis ; systemctl restart pteroq.service | |
## info & pause | |
echo "#####################" | |
echo "FQDN hostname is $host" | |
echo "IP fort this FQDN is $ip" | |
echo "Admin email is $email" | |
echo "DB password is $pass" | |
echo "#####################" | |
sleep 30 | |
## Installing Daemon "Wings" | |
echo "Installing Daemon "Wings"" | |
yum install -y tar unzip make gcc gcc-c++ python | |
yum install -y yum-utils device-mapper-persistent-data lvm2 | |
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo | |
yum install -y docker-ce | |
systemctl enable docker | |
systemctl start docker | |
curl --silent --location https://rpm.nodesource.com/setup_10.x | bash - | |
yum install -y nodejs | |
firewall-cmd --add-port 8080/tcp --permanent | |
firewall-cmd --add-port 2022/tcp --permanent | |
firewall-cmd --permanent --zone=trusted --change-interface=docker0 | |
firewall-cmd --reload | |
mkdir -p /srv/daemon /srv/daemon-data | |
cd /srv/daemon | |
curl -L https://github.com/pterodactyl/daemon/releases/download/v0.6.13/daemon.tar.gz | tar --strip-components=1 -xzv | |
npm install --only=production --no-audit --unsafe-perm | |
echo ' | |
' > /srv/daemon/config/core.json | |
cat <<EOF > /etc/systemd/system/wings.service | |
[Unit] | |
Description=Pterodactyl Wings Daemon | |
After=docker.service | |
[Service] | |
User=root | |
#Group=some_group | |
WorkingDirectory=/srv/daemon | |
LimitNOFILE=4096 | |
PIDFile=/var/run/wings/daemon.pid | |
ExecStart=/usr/bin/node /srv/daemon/src/index.js | |
Restart=on-failure | |
StartLimitInterval=600 | |
[Install] | |
WantedBy=multi-user.target | |
EOF | |
systemctl enable --now wings | |
## Reboot | |
shutdown -r now |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment