Last active
January 5, 2024 16:42
-
-
Save WerySkok/f213ebe8007ec25015e26dc1e88c29d0 to your computer and use it in GitHub Desktop.
OpenVK Installation script for Debian 11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [[ $(/usr/bin/id -u) -ne 0 ]]; then | |
| echo "Not running as root" | |
| exit | |
| fi | |
| INITIAL_PWD=$(pwd) | |
| ## Satisfying dependencies | |
| cd /tmp | |
| echo -e "\n\e[32mRunning apt update...\e[0m" | |
| apt update | |
| echo -e "\n\e[32mInstalling Curl...\e[0m" | |
| apt install -y curl | |
| # Installing Node Repo | |
| echo -e "\n\e[32mInstalling Node Repo...\e[0m" | |
| curl -fsSL https://deb.nodesource.com/setup_lts.x | bash - | |
| # Installing Yarn repo | |
| echo -e "\n\e[32mInstalling Yarn repo...\e[0m" | |
| curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor | sudo tee /usr/share/keyrings/yarnkey.gpg >/dev/null | |
| echo "deb [signed-by=/usr/share/keyrings/yarnkey.gpg] https://dl.yarnpkg.com/debian stable main" | tee /etc/apt/sources.list.d/yarn.list | |
| echo -e "\n\e[32mRunning apt update...\e[0m" | |
| apt update | |
| # Install everything | |
| echo -e "\n\e[32mInstalling Installing most of dependencies...\e[0m" | |
| apt install -y php7.4-{bz2,cli,curl,fpm,gd,json,mbstring,mysql,opcache,readline,xml,zip,intl} php-yaml nginx mariadb-server nodejs yarn ffmpeg git unzip expect | |
| # Install Composer | |
| echo -e "'\n\e[32mInstalling Composer...\e[0m" | |
| php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" | |
| php composer-setup.php | |
| rm composer-setup.php | |
| mv composer.phar /usr/local/bin/composer | |
| SQL_ROOT_PASSWORD=$(cat /dev/urandom | tr -dc a-zA-Z0-9 | fold -w 16 | head -n 1) | |
| SECURE_MYSQL=$(expect -c " | |
| set timeout 10 | |
| spawn mysql_secure_installation | |
| expect \"Enter current password for root (enter for none):\" | |
| send \"\r\" | |
| expect \"Switch to unix_socket authentication\" | |
| send \"n\r\" | |
| expect \"Change the root password?\" | |
| send \"y\r\" | |
| expect \"New password:\" | |
| send \"$SQL_ROOT_PASSWORD\r\" | |
| expect \"Re-enter new password:\" | |
| send \"$SQL_ROOT_PASSWORD\r\" | |
| expect \"Remove anonymous users?\" | |
| send \"y\r\" | |
| expect \"Disallow root login remotely?\" | |
| send \"y\r\" | |
| expect \"Remove test database and access to it?\" | |
| send \"y\r\" | |
| expect \"Reload privilege tables now?\" | |
| send \"y\r\" | |
| expect eof | |
| ") | |
| echo "$SECURE_MYSQL" | |
| ## Installing phpMyAdmin | |
| echo -e "\n\e[32mInstalling phpMyAdmin at /opt/phpmyadmin...\e[0m" | |
| cd /opt | |
| yes | composer create-project phpmyadmin/phpmyadmin | |
| chown -R www-data: phpmyadmin/ | |
| #PMA may require additional config | |
| ## Installing OpenVK | |
| echo -e "\n\e[32mInstalling Chandler with OpenVK at /opt/chandler...\e[0m" | |
| OPENVK_DB_PASSWORD=$(cat /dev/urandom | tr -dc a-zA-Z0-9 | fold -w 16 | head -n 1) | |
| git clone https://github.com/openvk/chandler.git | |
| cd chandler | |
| yes | composer install | |
| echo "chandler: | |
| debug: true | |
| websiteUrl: null | |
| rootApp: \"openvk\" | |
| preferences: | |
| appendExtension: \"xhtml\" | |
| adminUrl: \"/chandlerd\" | |
| exposeChandler: true | |
| extensions: | |
| path: null | |
| allEnabled: false | |
| database: | |
| dsn: \"mysql:unix_socket=/run/mysqld/mysqld.sock;dbname=openvk\" | |
| user: \"openvk\" | |
| password: \"${OPENVK_DB_PASSWORD}\" | |
| security: | |
| secret: \"$(cat /dev/random | tr -dc 'a-z0-9' | fold -w 128 | head -n 1)\" | |
| csrfProtection: \"permissive\" | |
| extendedValidation: false | |
| sessionDuration: 14" > chandler.yml | |
| cd extensions/available | |
| git clone https://github.com/openvk/commitcaptcha.git | |
| cd commitcaptcha/ | |
| yes | composer install | |
| cd .. | |
| git clone --recursive https://github.com/openvk/openvk.git | |
| cd openvk/ | |
| yes | composer install | |
| cd Web/static/js | |
| yarn install | |
| cd ../../.. | |
| echo "openvk: | |
| debug: true | |
| appearance: | |
| name: \"OpenVK\" | |
| motd: \"Yet another OpenVK instance\" | |
| preferences: | |
| femaleGenderPriority: true | |
| uploads: | |
| disableLargeUploads: false | |
| mode: \"basic\" | |
| shortcodes: | |
| minLength: 3 # won't affect existing short urls or the ones set via admin panel | |
| forbiddenNames: | |
| - \"index.php\" | |
| security: | |
| requireEmail: false | |
| requirePhone: false | |
| forcePhoneVerification: false | |
| forceEmailVerification: false | |
| enableSu: true | |
| rateLimits: | |
| actions: 5 | |
| time: 20 | |
| maxViolations: 50 | |
| maxViolationsAge: 120 | |
| autoban: true | |
| registration: | |
| enable: true | |
| reason: \"\" # reason for disabling registration | |
| support: | |
| supportName: \"Moderator\" | |
| adminAccount: 1 # Change this ok | |
| fastAnswers: | |
| - \"This is a list of quick answers to common questions for support. Post your responses here and agents can send it quickly with just 3 clicks\" | |
| - \"There can be as many answers as you want, but it is best to have a maximum of 10.\\n\\nYou can also remove all answers from the list to disable this feature\" | |
| - \"Good luck filling! If you are a regular support agent, inform the administrator that he forgot to fill the config\" | |
| messages: | |
| strict: false | |
| wall: | |
| christian: false | |
| anonymousPosting: | |
| enable: false | |
| account: 100 | |
| postSizes: | |
| maxSize: 60000 | |
| processingLimit: 3000 | |
| emojiProcessingLimit: 1000 | |
| commerce: false | |
| menu: | |
| links: | |
| - name: \"@left_menu_donate\" | |
| url: \"/donate\" | |
| adPoster: | |
| enable: false | |
| src: \"https://example.org/ad_poster.jpeg\" | |
| caption: \"Ad caption\" | |
| link: \"https://example.org/product.aspx?id=10&from=ovk\" | |
| bellsAndWhistles: | |
| fartscroll: false | |
| testLabel: false | |
| telemetry: | |
| plausible: | |
| enable: false | |
| domain: \"\" | |
| server: \"\" | |
| credentials: | |
| smsc: | |
| enable: false | |
| client: \"\" | |
| secret: \"SECRET_KEY_HERE\" | |
| telegram: | |
| enable: false | |
| token: \"TOKEN_HERE\" | |
| helpdeskChat: \"\" | |
| eventDB: | |
| enable: false # Better enable this | |
| database: | |
| dsn: \"mysql:unix_socket=/run/mysqld/mysqld.sock;dbname=openvk_eventdb\" | |
| user: \"openvk\" | |
| password: \"${OPENVK_DB_PASSWORD}\" | |
| notificationsBroker: | |
| enable: false | |
| kafka: | |
| addr: \"127.0.0.1\" | |
| port: 9092 | |
| topic: \"OvkEvents\"" > openvk.yml | |
| ln -s /opt/chandler/extensions/available/commitcaptcha/ /opt/chandler/extensions/enabled/commitcaptcha | |
| ln -s /opt/chandler/extensions/available/openvk/ /opt/chandler/extensions/enabled/openvk | |
| cd /opt | |
| chown -R www-data: chandler/ | |
| echo -e "\n\e[32mCreating openvk user and creating openvk and openvk_eventdb databases...\e[0m" | |
| mysql -u root -p$SQL_ROOT_PASSWORD -Be "CREATE USER 'openvk'@'localhost' IDENTIFIED BY '${OPENVK_DB_PASSWORD}';CREATE DATABASE openvk;GRANT ALL PRIVILEGES ON openvk.* TO 'openvk'@'localhost';CREATE DATABASE openvk_eventdb;GRANT ALL PRIVILEGES ON openvk_eventdb.* TO 'openvk'@'localhost';FLUSH PRIVILEGES;" | |
| echo -e "\n\e[32mInstalling databases...\e[0m" | |
| mysql -u root -p$SQL_ROOT_PASSWORD openvk < /opt/chandler/install/init-db.sql | |
| mysql -u root -p$SQL_ROOT_PASSWORD openvk < /opt/chandler/extensions/enabled/openvk/install/init-static-db.sql | |
| cd /opt/chandler/extensions/enabled/openvk/install/sqls | |
| for i in * | |
| do | |
| if test -f "$i" | |
| then | |
| mysql -u root -p$SQL_ROOT_PASSWORD openvk < $i | |
| fi | |
| done | |
| mysql -u root -p$SQL_ROOT_PASSWORD openvk_eventdb < /opt/chandler/extensions/enabled/openvk/install/init-event-db.sql | |
| ## NGINX Configuration | |
| echo -e "\n\e[32mSwitching default nginx site off...\e[0m" | |
| rm /etc/nginx/sites-enabled/default | |
| echo -e "\n\e[32mCreating phpMyAdmin nginx config at \e[97mlocalhost:8080\e[0m" | |
| echo "server { | |
| listen 8080 default_server; | |
| listen [::]:8080 default_server; | |
| # SSL configuration | |
| # | |
| # listen 443 ssl default_server; | |
| # listen [::]:443 ssl default_server; | |
| # | |
| # Note: You should disable gzip for SSL traffic. | |
| # See: https://bugs.debian.org/773332 | |
| # | |
| # Read up on ssl_ciphers to ensure a secure configuration. | |
| # See: https://bugs.debian.org/765782 | |
| # | |
| # Self signed certs generated by the ssl-cert package | |
| # Don't use them in a production server! | |
| # | |
| # include snippets/snakeoil.conf; | |
| root /opt/phpmyadmin; | |
| index index.php; | |
| server_name _; | |
| location / { | |
| try_files \$uri \$uri/ =404; | |
| } | |
| # pass PHP scripts to FastCGI server | |
| location ~ \.php$ { | |
| include snippets/fastcgi-php.conf; | |
| # With php-fpm (or other unix sockets): | |
| fastcgi_pass unix:/run/php/php7.4-fpm.sock; | |
| } | |
| # deny access to .htaccess files, if Apache's document root | |
| # concurs with nginx's one | |
| location ~ /\.ht { | |
| deny all; | |
| } | |
| }" > /etc/nginx/sites-available/001-phpmyadmin | |
| ln -s /etc/nginx/sites-available/001-phpmyadmin /etc/nginx/sites-enabled/001-phpmyadmin | |
| echo -e "\n\e[32mCreating OpenVK nginx config at \e[97mlocalhost:80\e[0m" | |
| echo "server { | |
| listen 80 default_server; | |
| listen [::]:80 default_server; | |
| # SSL configuration | |
| # | |
| # listen 443 ssl default_server; | |
| # listen [::]:443 ssl default_server; | |
| # | |
| # Note: You should disable gzip for SSL traffic. | |
| # See: https://bugs.debian.org/773332 | |
| # | |
| # Read up on ssl_ciphers to ensure a secure configuration. | |
| # See: https://bugs.debian.org/765782 | |
| # | |
| # Self signed certs generated by the ssl-cert package | |
| # Don't use them in a production server! | |
| # | |
| # include snippets/snakeoil.conf; | |
| root /opt/chandler/htdocs; | |
| client_max_body_size 100m; | |
| index index.php; | |
| server_name _; | |
| location / { | |
| try_files \$uri \$uri/ /index.php\$is_args\$args; | |
| } | |
| # DO NOT DELETE \"(?!well-known).*\" if you want to use let's encrypt. | |
| location ~ /\.(?!well-known).* { | |
| deny all; | |
| access_log off; | |
| log_not_found off; | |
| } | |
| # pass PHP scripts to FastCGI server | |
| location ~ \index.php$ { | |
| include snippets/fastcgi-php.conf; | |
| # With php-fpm (or other unix sockets): | |
| fastcgi_pass unix:/run/php/php7.4-fpm.sock; | |
| fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; | |
| } | |
| }" > /etc/nginx/sites-available/002-openvk | |
| ln -s /etc/nginx/sites-available/002-openvk /etc/nginx/sites-enabled/002-openvk | |
| echo -e "\n\e[32mRestarting NGINX...\e[0m" | |
| sudo systemctl reload nginx | |
| cd $INITIAL_PWD | |
| echo -e "\n\n\e[32mDone! \e[0m" | |
| echo -e "\e[32m\e[97mphpMyAdmin\e[32m is installed at \e[97mlocalhost:8080\e[0m" | |
| echo -e "\e[32m\e[97mOpenVK\e[32m is installed at \e[97mlocalhost:80\e[0m" | |
| echo -e "\e[31mphpMyAdmin may require further configuration (creating config file at http://localhost:8080/setup) but it's working now at least\e[0m" | |
| echo -e "\e[32mSQL \e[97mroot\e[32m user password: \e[97m${SQL_ROOT_PASSWORD}\e[0m" | |
| echo -e "\e[32mSQL \e[97mopenvk\e[32m user password: \e[97m${OPENVK_DB_PASSWORD}\e[0m" | |
| echo -e "\e[32mPlease, save them in your password manager.\e[0m" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment