Created
April 12, 2018 09:36
-
-
Save psyray/ade8649109d45e2efdf0182d8b385698 to your computer and use it in GitHub Desktop.
Install ISPConfig 3.x on Debian 8/9 64Bits
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
## Install ISPConfig 3.x on Debian 8/9 64Bits | |
## ISPConfig3 3.x + Apache2 + Debian 8/9 64Bits | |
## VM HD 50GB, swap 2GB, / 20GB, /var/www all | |
## Filesystem ext4 | |
## Run as root | |
## Link: https://www.howtoforge.com/tutorial/perfect-server-debian-8-4-jessie-apache-bind-dovecot-ispconfig-3-1/ | |
# Check if user has root privileges | |
if [[ $EUID -ne 0 ]]; then | |
echo "You must run the script as root or using sudo" | |
exit 1 | |
fi | |
## Reconfigure Dash | |
echo "dash dash/sh boolean false" | debconf-set-selections | |
dpkg-reconfigure -f noninteractive dash > /dev/null 2>&1 | |
MY_FQDN=$(hostname) | |
MY_IP=$(ip a s|sed -ne '/127.0.0.1/!{s/^[ \t]*inet[ \t]*\([0-9.]\+\)\/.*$/\1/p}' | tr '\n' ' ') | |
echo -e "Set Server Name Ex: $MY_FQDN []: \c " | |
read SERVER_FQDN | |
echo -e "Set Server IP Ex: $MY_IP []: \c " | |
read SERVER_IP | |
echo "" >>/etc/hosts | |
echo "$SERVER_IP $SERVER_FQDN" >>/etc/hosts | |
hostnamectl set-hostname $SERVER_FQDN | |
echo "$SERVER_FQDN" > /proc/sys/kernel/hostname | |
apt-get -y install lsb-release | |
mv /etc/apt/sources.list /etc/apt/sources.list_$$.bkp | |
echo "deb http://ftp.br.debian.org/debian/ $(lsb_release -sc) main contrib non-free | |
deb-src http://ftp.br.debian.org/debian/ $(lsb_release -sc) main contrib non-free | |
deb http://security.debian.org/ $(lsb_release -sc)/updates main contrib non-free | |
deb-src http://security.debian.org/ $(lsb_release -sc)/updates main contrib non-free | |
# updates, previously known as 'volatile' | |
deb http://ftp.br.debian.org/debian/ $(lsb_release -sc)-updates main contrib non-free | |
deb-src http://ftp.br.debian.org/debian/ $(lsb_release -sc)-updates main contrib non-free" > /etc/apt/sources.list | |
apt-get update && apt-get upgrade -y | |
apt-get -y install net-tools ssh openssh-server ntp ntpdate dirmngr | |
apt-get -y install postfix postfix-mysql mariadb-client mariadb-server openssl getmail4 | |
apt-get -y install binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-lmtpd sudo | |
## To secure the MariaDB / MySQL installation and to disable the test database, run this command: | |
sed -i 's|bind-address|#bind-address|' /etc/mysql/mariadb.conf.d/50-server.cnf | |
sed -i 's|# this is only for embedded server|sql_mode=NO_ENGINE_SUBSTITUTION|' /etc/mysql/mariadb.conf.d/50-server.cnf | |
mysql_secure_installation | |
service mysql restart | |
## Config Postfix /etc/postfix/master.cf | |
mkdir -p /etc/postfix/backup && cp -aR /etc/postfix/* /etc/postfix/backup/ | |
sed -i 's|#submission|submission|' /etc/postfix/master.cf | |
sed -i 's|# -o syslog_name=postfix/submission| -o syslog_name=postfix/submission|' /etc/postfix/master.cf | |
sed -i 's|# -o smtpd_tls_security_level=encrypt| -o smtpd_tls_security_level=may|' /etc/postfix/master.cf | |
sed -i 's|# -o smtpd_sasl_auth_enable=yes| -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf | |
sed -i 's|# -o smtpd_reject_unlisted_recipient=no| -o smtpd_client_restrictions=permit_sasl_authenticated,reject|' /etc/postfix/master.cf | |
sed -i 's|#smtps|smtps|' /etc/postfix/master.cf | |
sed -i 's|# -o syslog_name=postfix/smtps| -o syslog_name=postfix/smtps|' /etc/postfix/master.cf | |
sed -i 's|# -o smtpd_tls_wrappermode=yes| -o smtpd_tls_wrappermode=yes|' /etc/postfix/master.cf | |
sed -i 's|# -o smtpd_sasl_auth_enable=yes| -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf | |
sed -i 's|# -o smtpd_reject_unlisted_recipient=no| -o smtpd_client_restrictions=permit_sasl_authenticated,reject|' /etc/postfix/master.cf | |
## Restart Postfix and Mysql | |
service postfix restart | |
apt-get -y install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract | |
apt-get -y install apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon | |
apt-get -y install libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl postgrey | |
## The ISPConfig 3 setup uses amavisd which loads the SpamAssassin filter library internally, | |
## so we can stop SpamAssassin to free up some RAM: | |
service spamassassin stop | |
systemctl disable spamassassin | |
apt-get -y install apache2 apache2-utils libexpat1 ssl-cert | |
apt-get -y install apache2-dev build-essential autoconf automake libtool flex bison debhelper binutils | |
apt-get -y install libapache2-mod-fcgid php-pear mcrypt imagemagick memcached | |
if [ "$(lsb_release -sc)" = "stretch" ]; then | |
apt-get -y install apache2 apache2-data libapache2-mpm-itk | |
apt-get -y install libapache2-mod-php apache2-suexec-pristine php php-common php-gd php-mysql php-imap php-cli php-cgi | |
apt-get -y install php-mcrypt php-imagick php-memcache php-memcached php-pspell php-mbstring | |
apt-get -y install php-curl php-intl php-recode php-sqlite3 php-tidy php-xmlrpc php-xml | |
apt-get -y install php-fpm | |
else | |
apt-get -y install apache2.2-common apache2-mpm-prefork | |
apt-get -y install libapache2-mod-php5 apache2-suexec php5 php5-common php5-gd php5-mysql php5-imap php5-cli php5-cgi | |
apt-get -y install php-auth php5-mcrypt php5-imagick php5-memcache php5-memcached php5-pspell | |
apt-get -y install php5-curl php5-intl php5-recode php5-sqlite php5-tidy php5-xmlrpc php5-xsl | |
apt-get -y install php-auth | |
apt-get -y install libapache2-mod-fastcgi php5-fpm php5-xcache | |
fi | |
if [ "$(lsb_release -sc)" = "stretch" ]; then | |
apt-get -y install git-core patch | |
cd /tmp | |
git clone https://github.com/ByteInternet/libapache-mod-fastcgi.git | |
cd libapache-mod-fastcgi | |
patch -p1 < debian/patches/byte-compile-against-apache24.diff | |
apxs -i -a -o mod_fastcgi.so -c *.c | |
fi | |
echo "<IfModule mod_headers.c> | |
RequestHeader unset Proxy early | |
</IfModule>" > /etc/apache2/conf-available/httpoxy.conf | |
a2enmod suexec rewrite ssl actions include dav_fs dav auth_digest cgi headers fastcgi alias actions | |
a2enconf httpoxy | |
service apache2 restart | |
### Install HHVM | |
apt-get install -y apt-transport-https software-properties-common | |
apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xB4112585D386EB94 | |
add-apt-repository https://dl.hhvm.com/debian | |
apt-get update && apt-get -y install hhvm | |
update-rc.d -f hhvm remove | |
echo 'hhvm.mysql.socket = /var/run/mysqld/mysqld.sock' >> /etc/hhvm/php.ini | |
## Install Let's Encrypt | apt-get install -y certbot | |
mkdir /opt/certbot && cd /opt/certbot | |
wget https://dl.eff.org/certbot-auto | |
chmod a+x ./certbot-auto && ./certbot-auto | |
apt-get -y install pure-ftpd-common pure-ftpd-mysql quota quotatool | |
### Enable Quota /var/www | |
# sed -i 's|defaults|defaults,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0|' /etc/fstab | |
# mount -o remount /var/www | |
# quotacheck -avugm | |
# quotaon -avug | |
## echo 1 > /etc/pure-ftpd/conf/TLS | |
mkdir -p /etc/ssl/private/ | |
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem | |
chmod 600 /etc/ssl/private/pure-ftpd.pem && service pure-ftpd-mysql restart | |
apt-get -y install bind9 dnsutils vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl | |
rm -f /etc/cron.d/awstats | |
## Download ISPConfig 3.1.X | |
cd /tmp | |
get_isp=https://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz | |
wget -c ${get_isp} | |
tar xvfz $(basename ${get_isp}) | |
cd ispconfig3_install/install && php -q install.php | |
## Install PHPMyadmin | |
## Para Instalar o PHPMyadmin Execute o Script abaixo | |
## https://gist.github.com/jniltinho/9af397c8ddb035a322b75aecce7cdeae | |
## Fix Dovecot | |
#if [ "$(lsb_release -sc)" != "stretch" ]; then | |
# sed -i 's|ssl_protocols = !SSLv2 !SSLv3|ssl_protocols = !SSLv3|' /etc/dovecot/dovecot.conf | |
# service dovecot restart | |
#fi | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment