Skip to content

Instantly share code, notes, and snippets.

@jult
Forked from jniltinho/install_ispconfig_nginx_debian.sh
Last active August 14, 2018 14:51
Show Gist options
  • Save jult/182d524b79c60b4c3691a4d231d091bf to your computer and use it in GitHub Desktop.
Save jult/182d524b79c60b4c3691a4d231d091bf to your computer and use it in GitHub Desktop.
ISPconfig 3.x install with NGINX 1.13.x + PHP 7.1 on Debian 9 x64 (Stretch) server
#!/bin/bash
## Install ISPConfig + NGINX + PHP 7.1 on Debian 9 x64 (Stretch)
## Filesystem ext4
## Run as root
## Based on: https://www.howtoforge.com/tutorial/perfect-server-debian-jessie-nginx-bind-dovecot-ispconfig-3.1/
## and: https://www.howtoforge.com/tutorial/perfect-server-debian-9-stretch-apache-bind-dovecot-ispconfig-3-1/
## ! For Postfix config see https://www.howtoforge.com/tutorial/perfect-server-debian-9-stretch-apache-bind-dovecot-ispconfig-3-1/
# Check if user has root privileges
if [[ $EUID -ne 0 ]]; then
echo "You must run the script as root or using sudo"
exit 1
fi
apt-get update && apt install lsb-release wget bash curl debhelper apt-transport-https -y
OSRELEASE=$(lsb_release -si | awk '{print tolower($0)}')
CODENAME=$(lsb_release -sc)
## Reconfigure Dash
echo "dash dash/sh boolean false" | debconf-set-selections
dpkg-reconfigure -f noninteractive dash > /dev/null 2>&1
MY_IP=$(ip a s|sed -ne '/127.0.0.1/!{s/^[ \t]*inet[ \t]*\([0-9.]\+\)\/.*$/\1/p}' | tr '\n' ' ')
echo -e "Set Server Name Ex: mail.juliushost.org []: \c "
read SERVER_FQDN
echo -e "Set Server IP Ex: $MY_IP []: \c "
read SERVER_IP
echo "" >>/etc/hosts
echo "$SERVER_IP $SERVER_FQDN" >>/etc/hosts
hostnamectl set-hostname $SERVER_FQDN
echo "$SERVER_FQDN" > /proc/sys/kernel/hostname
mv /etc/apt/sources.list /etc/apt/sources.list_$$.bkp
echo "deb http://ftp.stw-bonn.de/debian/ stretch main contrib non-free
deb-src http://ftp.stw-bonn.de/debian/ stretch main contrib non-free
deb http://security.debian.org/ stretch/updates main contrib non-free
deb-src http://security.debian.org/ stretch/updates main contrib non-free
deb http://ftp.stw-bonn.de/debian/ stretch-updates main contrib non-free
deb-src http://ftp.stw-bonn.de/debian/ stretch-updates main contrib non-free
# stretch-backports
deb http://httpredir.debian.org/debian/ stretch-backports main contrib non-free
deb-src http://httpredir.debian.org/debian/ stretch-backports main contrib non-free
# debian multimedia
deb [arch=i386,amd64] http://www.deb-multimedia.org stretch main non-free" > /etc/apt/sources.list
echo "# nginx pre built packages
deb http://nginx.org/packages/mainline/debian/ stretch nginx
deb-src http://nginx.org/packages/mainline/debian/ stretch nginx" > /etc/apt/sources.list.d/nginx.list
echo "# php7.1 | curl https://packages.sury.org/php/apt.gpg | apt-key add -
deb https://packages.sury.org/php/ stretch main" > /etc/apt/sources.list.d/php7.list
wget http://www.deb-multimedia.org/pool/main/d/deb-multimedia-keyring/deb-multimedia-keyring_2016.8.1_all.deb && dpkg -i deb-multimedia-keyring_2016.8.1_all.deb && wget https://nginx.org/keys/nginx_signing.key && apt-key add nginx_signing.key && curl https://packages.sury.org/php/apt.gpg | apt-key add -
apt update && apt dist-upgrade && apt autoclean && apt autoremove -y
# avoid another webserver taking over by accident when you install some tool that assumes NGINX is not your main webserver;
apt-mark hold apache2 lighttpd nodejs
apt-get -y install mc binutils net-tools sudo htop multitail rsync ssh openssh-server openssl dnsmasq resolvconf ntp ntpdate
apt-get -y install unattended-upgrades apt-listchanges ca-certificates
apt-get -y install git autoconf automake libtool build-essential flex bison software-properties-common dirmngr
apt-get -y install postfix postfix-mysql postfix-doc mariadb-client mariadb-server getmail4 rkhunter
apt-get -y install -t stretch-backports dovecot-lucene dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-lmtpd --allow-unauthenticated
## To secure the MariaDB / MySQL installation and to disable the test database, run this command:
sed -i 's|bind-address|#bind-address|' /etc/mysql/mariadb.conf.d/50-server.cnf
sed -i 's|# this is only for embedded server|sql_mode=NO_ENGINE_SUBSTITUTION|' /etc/mysql/mariadb.conf.d/50-server.cnf
mysql_secure_installation
service mysql restart
apt-get -y install amavisd-new spamassassin clamav clamav-daemon clamav-docs zoo unzip bzip2 arj nomarch lzop cabextract
apt-get -y install libnet-ldap-perl libauthen-sasl-perl libio-string-perl libio-socket-ssl-perl libnet-ident-perl daemon zip libnet-dns-perl postgrey
## The ISPConfig 3 setup uses amavisd which loads the SpamAssassin filter library internally,
## so we can stop SpamAssassin to free up some RAM:
service spamassassin stop
systemctl disable spamassassin
# Path to the PHP FastCGI binary: php-cgi7.1
# Path to the php.ini directory: /etc/php/7.1/cgi/php.ini
# Path to the PHP-FPM init script: php7.1-fpm
# Path to the php.ini directory: /etc/php/7.1/fpm/php.ini
# Path to the PHP-FPM pool directory: /etc/php/7.1/fpm/pool.d
# The cli version for e.g. cron jobs has the name php7.1.
apt-get -y install php7.1 php7.1-cli php7.1-cgi php7.1-fpm php7.1-mysql php7.1-curl php7.1-gd php7.1-intl php7.1-imap php7.1-mcrypt php7.1-memcached php7.1-pspell php7.1-recode php7.1-sqlite3 php7.1-tidy php7.1-xmlrpc php7.1-xsl php7.1-mbstring
apt-get -y install php-pear php-imagick php-bcmath php-zipphp-memcache php-gettext
apt-get -y install mcrypt imagemagick ssl-cert
# nginx 1.13.x with ALPN and HTTP 2.0 etc.
apt-get -y install -t stretch-backports nginx --allow-unauthenticated
### Install HHVM
apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xB4112585D386EB94
add-apt-repository https://dl.hhvm.com/debian
apt-get update && apt-get -y install hhvm
update-rc.d -f hhvm remove
echo 'hhvm.mysql.socket = /var/run/mysqld/mysqld.sock' >> /etc/hhvm/php.ini
# Change ini do PHP
sed -i 's|;cgi.fix_pathinfo=1|cgi.fix_pathinfo=0|' /etc/ph*/*/php.ini
sed -i 's|upload_max_filesize = 2M|upload_max_filesize = 256M|' /etc/ph*/*/php.ini
sed -i 's|post_max_size = 8M|post_max_size = 256M|' /etc/ph*/*/php.ini
sed -i 's|error_reporting = E_ALL & ~E_DEPRECATED|error_reporting = E_ERROR|' /etc/ph*/*/php.ini
sed -i 's|short_open_tag = Off|short_open_tag = On|' /etc/ph*/*/php.ini
sed -i "s|;date.timezone =|date.timezone = 'Europe\/Ljubljana'|" /etc/ph*/*/php.ini
service php7.1-fpm restart
apt-get -y install pure-ftpd-common pure-ftpd-mysql fcgiwrap
sed -i 's|VIRTUALCHROOT=false|VIRTUALCHROOT=true|' /etc/default/pure-ftpd-common
## echo 1 > /etc/pure-ftpd/conf/TLS
mkdir -p /etc/ssl/private/
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
chmod 600 /etc/ssl/private/pure-ftpd.pem && service pure-ftpd-mysql restart
apt-get -y install haveged dnsutils awstats geoip-database libclass-dbi-mysql-perl
rm -f /etc/cron.d/awstats
# for Jailkit (chroot ssh users) do before ISPcfg install! https://olivier.sessink.nl/jailkit/faq.html
cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.19.tar.gz
tar xvfz jailkit-2.19.tar.gz
cd jailkit-2.19
echo 5 > debian/compat
./debian/rules binary
cd ..
dpkg -i jailkit_2.19-1_*.deb
rm -rf jailkit-2.19*
## Download ISPConfig 3.1.X
cd /tmp
wget -O ISPConfig-3.1-dev.tar.gz https://git.ispconfig.org/ispconfig/ispconfig3/repository/archive.tar.gz?ref=stable-3.1
tar xfz ISPConfig-3.1-dev.tar.gz
cd ispconfig3-stable-3.1*
cd install
php -q install.php
## Install PHPMyadmin
cd /tmp/
get_file=https://files.phpmyadmin.net/phpMyAdmin/4.7.7/phpMyAdmin-4.7.7-all-languages.tar.gz
wget ${get_file}
tar -xzvf $(basename ${get_file})
rm -f $(basename ${get_file}) && mv phpMyAdmin-*-all-languages myadmin
if [ -d "/usr/local/ispconfig/interface/web/myadmin" ]; then rm -rf /usr/local/ispconfig/interface/web/myadmin; fi
echo '<?php
$cfg['blowfish_secret'] = "BLOWFISHSECRET";
$i = 0;
$i++;
$cfg["Servers"][$i]["auth_type"] = "cookie";
$cfg["Servers"][$i]["host"] = "localhost";
$cfg["Servers"][$i]["connect_type"] = "tcp";
$cfg["Servers"][$i]["compress"] = false;
$cfg["Servers"][$i]["AllowNoPassword"] = false;
$cfg["Servers"][$i]["extension"] = "mysqli";
$cfg["UploadDir"] = "";
$cfg["SaveDir"] = "";
if ($_SERVER["SERVER_PORT"] != 81){$cfg["Servers"][$i]["AllowRoot"] = FALSE;
$cfg["Servers"][$i]["hide_db"] = "(information_schema|phpmyadmin|mysql|test)";
}
$cfg["Lang"] = "en";' > myadmin/config.inc.php
blowfish_secret=$(openssl rand -base64 32)
sed -i "s|BLOWFISHSECRET|$blowfish_secret|" myadmin/config.inc.php
For Nginx Env
if [ -d "/etc/nginx" ]; then
echo 'location /phpmyadmin {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
fastcgi_pass unix:/var/run/FMP_SOCK;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include /etc/nginx/fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
location /phpMyAdmin {
rewrite ^/* /phpmyadmin last;
}' > /etc/nginx/phpmyadmin.conf
if [ -S "/var/run/php/php7.0-fpm.sock" ]; then sed -i "s|FMP_SOCK|php/php7.0-fpm.sock|" /etc/nginx/phpmyadmin.conf; fi
if [ -S "/var/run/php5-fpm.sock" ]; then sed -i "s|FMP_SOCK|php5-fpm.sock|" /etc/nginx/phpmyadmin.conf; fi
cp -aR myadmin /usr/share/phpmyadmin
chown -R ispconfig:ispconfig myadmin
cp -aR myadmin /usr/local/ispconfig/interface/web/
## For Nginx , Include in site
## include /etc/nginx/phpmyadmin.conf;
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment