Skip to content

Instantly share code, notes, and snippets.

@rez0n

rez0n/sentora-install.sh

Created November 29, 2015 20:24
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save rez0n/b6eb99daf66cba432cec to your computer and use it in GitHub Desktop.
Save rez0n/b6eb99daf66cba432cec to your computer and use it in GitHub Desktop.
Download ZIP
Install sentora on raspbian
Raw
sentora-install.sh
#!/usr/bin/env bash
# Official Sentora Automated Installation Script
# =============================================
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# Supported Operating Systems:
# CentOS 6.*/7.* Minimal,
# Ubuntu server 12.04/14.04
# Debian 7.*/8.*
# 32bit and 64bit
#
# Contributions from:
#
# Pascal Peyremorte (ppeyremorte@sentora.org)
# Mehdi Blagui
# Kevin Andrews (kevin@zvps.uk)
#
# and all those who participated to this and to previous installers.
# Thanks to all.
##
# SENTORA_CORE/INSTALLER_VERSION
# master - latest unstable
# 1.0.3 - example stable tag
##
SENTORA_INSTALLER_VERSION="master"
SENTORA_CORE_VERSION="1.0.1"
PANEL_PATH="/etc/sentora"
PANEL_DATA="/var/sentora"
PANEL_UPGRADE=false
#--- Display the 'welcome' splash/user warning info..
echo ""
echo "############################################################"
echo "# Welcome to the Official Sentora Installer $SENTORA_INSTALLER_VERSION #"
echo "############################################################"
echo -e "\nChecking that minimal requirements are ok"
# Ensure the OS is compatible with the launcher
if [ -f /etc/centos-release ]; then
OS="CentOs"
VERFULL=$(sed 's/^.*release //;s/ (Fin.*$//' /etc/centos-release)
VER=${VERFULL:0:1} # return 6 or 7
elif [ -f /etc/lsb-release ]; then
OS=$(grep DISTRIB_ID /etc/lsb-release | sed 's/^.*=//')
VER=$(grep DISTRIB_RELEASE /etc/lsb-release | sed 's/^.*=//')
elif [ -f /etc/os-release ]; then
OS=$(grep -w ID /etc/os-release | sed 's/^.*=//')
VER=$(grep VERSION_ID /etc/os-release | sed 's/^.*"\(.*\)"/\1/')
else
OS=$(uname -s)
VER=$(uname -r)
fi
ARCH=$(uname -m)
echo "Detected : $OS $VER $ARCH"
if [[ "$OS" = "CentOs" && ("$VER" = "6" || "$VER" = "7" ) ||
"$OS" = "Ubuntu" && ("$VER" = "12.04" || "$VER" = "14.04" ) ||
"$OS" = "raspbian" && ("$VER" = "7" || "$VER" = "8" ) ]] ; then
echo "Ok."
else
echo "Sorry, this OS is not supported by Sentora."
exit 1
fi
# Centos uses repo directory that depends of architecture. Ensure it is compatible
if [[ "$OS" = "CentOs" ]] ; then
if [[ "$ARCH" == "i386" || "$ARCH" == "i486" || "$ARCH" == "i586" || "$ARCH" == "i686" ]]; then
ARCH="i386"
elif [[ "$ARCH" != "x86_64" ]]; then
echo "Unexpected architecture name was returned ($ARCH ). :-("
echo "The installer have been designed for i[3-6]8- and x86_64' architectures. If you"
echo " think it may work on your, please report it to the Sentora forum or bugtracker."
exit 1
fi
fi
# Check if the user is 'root' before allowing installation to commence
if [ $UID -ne 0 ]; then
echo "Install failed: you must be logged in as 'root' to install."
echo "Use command 'sudo -i', then enter root password and then try again."
exit 1
fi
# Check for some common control panels that we know will affect the installation/operating of Sentora.
if [ -e /usr/local/cpanel ] || [ -e /usr/local/directadmin ] || [ -e /usr/local/solusvm/www ] || [ -e /usr/local/home/admispconfig ] || [ -e /usr/local/lxlabs/kloxo ] ; then
echo "It appears that a control panel is already installed on your server; This installer"
echo "is designed to install and configure Sentora on a clean OS installation only."
echo -e "\nPlease re-install your OS before attempting to install using this script."
exit 1
fi
# Check for some common packages that we know will affect the installation/operating of Sentora.
if [[ "$OS" = "CentOs" ]] ; then
PACKAGE_INSTALLER="yum -y -q install"
PACKAGE_REMOVER="yum -y -q remove"
inst() {
rpm -q "$1" &> /dev/null
}
if [[ "$VER" = "7" ]]; then
DB_PCKG="mariadb" && echo "DB server will be mariaDB"
else
DB_PCKG="mysql" && echo "DB server will be mySQL"
fi
HTTP_PCKG="httpd"
PHP_PCKG="php"
BIND_PCKG="bind"
elif [[ "$OS" = "Ubuntu" || "$OS" = "raspbian" ]]; then
PACKAGE_INSTALLER="apt-get -yqq install"
PACKAGE_REMOVER="apt-get -yqq remove"
inst() {
dpkg -l "$1" 2> /dev/null | grep '^ii' &> /dev/null
}
DB_PCKG="mysql-server"
HTTP_PCKG="apache2"
PHP_PCKG="apache2-mod-php5"
BIND_PCKG="bind9"
fi
# Note : Postfix is installed by default on centos netinstall / minimum install.
# The installer seems to work fine even if Postfix is already installed.
# -> The check of postfix is removed, but this comment remains to remember
# only check for sentora installed systems zpanel can now upgrade using this script
if [ -L "/etc/zpanel" ] && [ -d "/etc/zpanel" ]; then
pkginst="n"
pkginstlist=""
for package in "$DB_PCKG" "dovecot-mysql" "$HTTP_PCKG" "$PHP_PCKG" "proftpd" "$BIND_PCKG" ; do
if (inst "$package"); then
pkginst="y" # At least one package is installed
pkginstlist="$package $pkginstlist"
fi
done
if [ $pkginst = "y" ]; then
echo "It appears that the folowing package(s) are already installed:"
echo "$pkginstlist"
echo "This installer is designed to install and configure Sentora on a clean OS installation only!"
echo -e "\nPlease re-install your OS before attempting to install using this script."
exit 1
fi
unset pkginst
unset pkginstlist
fi
# *************************************************
#--- Prepare or query informations required to install
# Update repositories and Install wget and util used to grab server IP
echo -e "\n-- Installing wget and dns utils required to manage inputs"
if [[ "$OS" = "CentOs" ]]; then
yum -y update
$PACKAGE_INSTALLER bind-utils
elif [[ "$OS" = "Ubuntu" || "$OS" = "raspbian" ]]; then
apt-get -yqq update #ensure we can install
$PACKAGE_INSTALLER dnsutils
fi
$PACKAGE_INSTALLER wget
extern_ip="$(wget -qO- http://api.sentora.org/ip.txt)"
#local_ip=$(ifconfig eth0 | sed -En 's|.*inet [^0-9]*(([0-9]*\.){3}[0-9]*).*$|\1|p')
local_ip=$(ip addr show | awk '$1 == "inet" && $3 == "brd" { sub (/\/.*/,""); print $2 }')
# Enable parameters to be entered on commandline, required for vagrant install
# -d <panel-domain>
# -i <server-ip> (or -i local or -i public, see below)
# -t <timezone-string>
# like :
# sentora_install.sh -t Europe/Paris -d panel.domain.tld -i xxx.xxx.xxx.xxx
# notes:
# -d and -i must be both present or both absent
# -i local force use of local detected ip
# -i public force use of public detected ip
# if -t is used without -d/-i, timezone is set from value given and not asked to user
# if -t absent and -d/-i are present, timezone is not set at all
while getopts d:i:t: opt; do
case $opt in
d)
PANEL_FQDN=$OPTARG
INSTALL="auto"
;;
i)
PUBLIC_IP=$OPTARG
if [[ "$PUBLIC_IP" == "local" ]] ; then
PUBLIC_IP=$local_ip
elif [[ "$PUBLIC_IP" == "public" ]] ; then
PUBLIC_IP=$extern_ip
fi
;;
t)
echo "$OPTARG" > /etc/timezone
tz=$(cat /etc/timezone)
;;
esac
done
if [[ ("$PANEL_FQDN" != "" && "$PUBLIC_IP" == "") ||
("$PANEL_FQDN" == "" && "$PUBLIC_IP" != "") ]] ; then
echo "-d and -i must be both present or both absent."
exit 2
fi
if [[ "$tz" == "" && "$PANEL_FQDN" == "" ]] ; then
# Propose selection list for the time zone
echo "Preparing to select timezone, please wait a few seconds..."
$PACKAGE_INSTALLER tzdata
# setup server timezone
if [[ "$OS" = "CentOs" ]]; then
# make tzselect to save TZ in /etc/timezone
echo "echo \$TZ > /etc/timezone" >> /usr/bin/tzselect
tzselect
tz=$(cat /etc/timezone)
elif [[ "$OS" = "Ubuntu" || "$OS" = "raspbian" ]]; then
dpkg-reconfigure tzdata
tz=$(cat /etc/timezone)
fi
fi
# clear timezone information to focus user on important notice
clear
# Installer parameters
if [[ "$PANEL_FQDN" == "" ]] ; then
echo -e "\n\e[1;33m=== Informations required to build your server ===\e[0m"
echo 'The installer requires 2 pieces of information:'
echo ' 1) the sub-domain that you want to use to access Sentora panel,'
echo ' - do not use your main domain (like domain.com)'
echo ' - use a sub-domain, e.g panel.domain.com'
echo ' - or use the server hostname, e.g server1.domain.com'
echo ' - DNS must already be configured and pointing to the server IP'
echo ' for this sub-domain'
echo ' 2) The public IP of the server.'
echo ''
PANEL_FQDN="$(/bin/hostname)"
PUBLIC_IP=$extern_ip
while true; do
echo ""
read -e -p "Enter the sub-domain you want to access Sentora panel: " -i "$PANEL_FQDN" PANEL_FQDN
if [[ "$PUBLIC_IP" != "$local_ip" ]]; then
echo -e "\nThe public IP of the server is $PUBLIC_IP. Its local IP is $local_ip"
echo " For a production server, the PUBLIC IP must be used."
fi
read -e -p "Enter (or confirm) the public IP for this server: " -i "$PUBLIC_IP" PUBLIC_IP
echo ""
# Checks if the panel domain is a subdomain
sub=$(echo "$PANEL_FQDN" | sed -n 's|\(.*\)\..*\..*|\1|p')
if [[ "$sub" == "" ]]; then
echo -e "\e[1;31mWARNING: $PANEL_FQDN is not a subdomain!\e[0m"
confirm="true"
fi
# Checks if the panel domain is already assigned in DNS
dns_panel_ip=$(host "$PANEL_FQDN"|grep address|cut -d" " -f4)
if [[ "$dns_panel_ip" == "" ]]; then
echo -e "\e[1;31mWARNING: $PANEL_FQDN is not defined in your DNS!\e[0m"
echo " You must add records in your DNS manager (and then wait until propagation is done)."
echo " For more information, read the Sentora documentation:"
echo " - http://docs.sentora.org/index.php?node=7 (Installing Sentora)"
echo " - http://docs.sentora.org/index.php?node=51 (Installer questions)"
echo " If this is a production installation, set the DNS up as soon as possible."
confirm="true"
else
echo -e "\e[1;32mOK\e[0m: DNS successfully resolves $PANEL_FQDN to $dns_panel_ip"
# Check if panel domain matches public IP
if [[ "$dns_panel_ip" != "$PUBLIC_IP" ]]; then
echo -e -n "\e[1;31mWARNING: $PANEL_FQDN DNS record does not point to $PUBLIC_IP!\e[0m"
echo " Sentora will not be reachable from http://$PANEL_FQDN"
confirm="true"
fi
fi
if [[ "$PUBLIC_IP" != "$extern_ip" && "$PUBLIC_IP" != "$local_ip" ]]; then
echo -e -n "\e[1;31mWARNING: $PUBLIC_IP does not match detected IP !\e[0m"
echo " Sentora will not work with this IP..."
confirm="true"
fi
echo ""
# if any warning, ask confirmation to continue or propose to change
if [[ "$confirm" != "" ]] ; then
echo "There are some warnings..."
echo "Are you really sure that you want to setup Sentora with these parameters?"
read -e -p "(y):Accept and install, (n):Change domain or IP, (q):Quit installer? " yn
case $yn in
[Yy]* ) break;;
[Nn]* ) continue;;
[Qq]* ) exit;;
esac
else
read -e -p "All is ok. Do you want to install Sentora now (y/n)? " yn
case $yn in
[Yy]* ) break;;
[Nn]* ) exit;;
esac
fi
done
fi
# ***************************************
# Installation really starts here
#--- Set custom logging methods so we create a log file in the current working directory.
logfile=$(date +%Y-%m-%d_%H.%M.%S_sentora_install.log)
touch "$logfile"
exec > >(tee "$logfile")
exec 2>&1
echo "Installer version $SENTORA_INSTALLER_VERSION"
echo "Sentora core version $SENTORA_CORE_VERSION"
echo ""
echo "Installing Sentora $SENTORA_CORE_VERSION at http://$PANEL_FQDN and ip $PUBLIC_IP"
echo "on server under: $OS $VER $ARCH"
uname -a
# Function to disable a file by appending its name with _disabled
disable_file() {
mv "$1" "$1_disabled_by_sentora" &> /dev/null
}
#--- AppArmor must be disabled to avoid problems
if [[ "$OS" = "Ubuntu" || "$OS" = "raspbian" ]]; then
[ -f /etc/init.d/apparmor ]
if [ $? = "0" ]; then
echo -e "\n-- Disabling and removing AppArmor, please wait..."
/etc/init.d/apparmor stop &> /dev/null
update-rc.d -f apparmor remove &> /dev/null
apt-get remove -y --purge apparmor* &> /dev/null
disable_file /etc/init.d/apparmor &> /dev/null
echo -e "AppArmor has been removed."
fi
fi
#--- Adapt repositories and packages sources
echo -e "\n-- Updating repositories and packages sources"
if [[ "$OS" = "CentOs" ]]; then
#EPEL Repo Install
EPEL_BASE_URL="http://dl.fedoraproject.org/pub/epel/$VER/$ARCH";
if [[ "$VER" = "7" ]]; then
EPEL_FILE=$(wget -q -O- "$EPEL_BASE_URL/e/" | grep -oP '(?<=href=")epel-release.*(?=">)')
wget "$EPEL_BASE_URL/e/$EPEL_FILE"
else
EPEL_FILE=$(wget -q -O- "$EPEL_BASE_URL/" | grep -oP '(?<=href=")epel-release.*(?=">)')
wget "$EPEL_BASE_URL/$EPEL_FILE"
fi
$PACKAGE_INSTALLER -y install epel-release*.rpm
rm "$EPEL_FILE"
#To fix some problems of compatibility use of mirror centos.org to all users
#Replace all mirrors by base repos to avoid any problems.
sed -i 's|mirrorlist=http://mirrorlist.centos.org|#mirrorlist=http://mirrorlist.centos.org|' "/etc/yum.repos.d/CentOS-Base.repo"
sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://mirror.centos.org|' "/etc/yum.repos.d/CentOS-Base.repo"
#check if the machine and on openvz
if [ -f "/etc/yum.repos.d/vz.repo" ]; then
sed -i "s|mirrorlist=http://vzdownload.swsoft.com/download/mirrors/centos-$VER|baseurl=http://vzdownload.swsoft.com/ez/packages/centos/$VER/$ARCH/os/|" "/etc/yum.repos.d/vz.repo"
sed -i "s|mirrorlist=http://vzdownload.swsoft.com/download/mirrors/updates-released-ce$VER|baseurl=http://vzdownload.swsoft.com/ez/packages/centos/$VER/$ARCH/updates/|" "/etc/yum.repos.d/vz.repo"
fi
#disable deposits that could result in installation errors
disablerepo() {
if [ -f "/etc/yum.repos.d/$1.repo" ]; then
sed -i 's/enabled=1/enabled=0/g' "/etc/yum.repos.d/$1.repo"
fi
}
disablerepo "elrepo"
disablerepo "epel-testing"
disablerepo "remi"
disablerepo "rpmforge"
disablerepo "rpmfusion-free-updates"
disablerepo "rpmfusion-free-updates-testing"
# We need to disable SELinux...
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
# Stop conflicting services and iptables to ensure all services will work
service sendmail stop
chkconfig sendmail off
# disable firewall
if [[ "$VER" = "7" ]]; then
FIREWALL_SERVICE="firewalld"
else
FIREWALL_SERVICE="iptables"
fi
service "$FIREWALL_SERVICE" save
service "$FIREWALL_SERVICE" stop
chkconfig "$FIREWALL_SERVICE" off
# Removal of conflicting packages prior to Sentora installation.
if (inst bind-chroot) ; then
$PACKAGE_REMOVER bind-chroot
fi
if (inst qpid-cpp-client) ; then
$PACKAGE_REMOVER qpid-cpp-client
fi
elif [[ "$OS" = "Ubuntu" || "$OS" = "raspbian" ]]; then
# Update the enabled Aptitude repositories
echo -ne "\nUpdating Aptitude Repos: " >/dev/tty
mkdir -p "/etc/apt/sources.list.d.save"
cp -R "/etc/apt/sources.list.d/*" "/etc/apt/sources.list.d.save" &> /dev/null
rm -rf "/etc/apt/sources.list/*"
cp "/etc/apt/sources.list" "/etc/apt/sources.list.save"
if [ "$VER" = "14.04" ]; then
cat > /etc/apt/sources.list <<EOF
deb http://mirrordirector.raspbian.org/raspbian/ wheezy main contrib non-free rpi
EOF
elif [ "$VER" = "8" ]; then
cat > /etc/apt/sources.list <<EOF
deb http://mirrordirector.raspbian.org/raspbian/ wheezy main contrib non-free rpi
EOF
elif [ "$VER" = "7" ]; then
cat > /etc/apt/sources.list <<EOF
deb http://mirrordirector.raspbian.org/raspbian/ wheezy main contrib non-free rpi
EOF
else
cat > /etc/apt/sources.list <<EOF
deb http://mirrordirector.raspbian.org/raspbian/ wheezy main contrib non-free rpi
EOF
fi
fi
#--- List all already installed packages (may help to debug)
echo -e "\n-- Listing of all packages installed:"
if [[ "$OS" = "CentOs" ]]; then
rpm -qa | sort
elif [[ "$OS" = "Ubuntu" || "$OS" = "raspbian" ]]; then
dpkg --get-selections
fi
#--- Ensures that all packages are up to date
echo -e "\n-- Updating+upgrading system, it may take some time..."
if [[ "$OS" = "CentOs" ]]; then
yum -y update
yum -y upgrade
elif [[ "$OS" = "Ubuntu" || "$OS" = "raspbian" ]]; then
apt-get -yqq update
apt-get -yqq upgrade
fi
#--- Install utility packages required by the installer and/or Sentora.
echo -e "\n-- Downloading and installing required tools..."
if [[ "$OS" = "CentOs" ]]; then
$PACKAGE_INSTALLER sudo vim make zip unzip chkconfig bash-completion
$PACKAGE_INSTALLER ld-linux.so.2 libbz2.so.1 libdb-4.7.so libgd.so.2
$PACKAGE_INSTALLER curl curl-devel perl-libwww-perl libxml2 libxml2-devel zip bzip2-devel gcc gcc-c++ at make
$PACKAGE_INSTALLER redhat-lsb-core ca-certificates e2fsprogs
elif [[ "$OS" = "Ubuntu" || "$OS" = "raspbian" ]]; then
$PACKAGE_INSTALLER sudo vim make zip unzip debconf-utils at build-essential bash-completion ca-certificates e2fslibs
fi
#--- Download Sentora archive from GitHub
echo -e "\n-- Downloading Sentora, Please wait, this may take several minutes, the installer will continue after this is complete!"
# Get latest sentora
while true; do
wget -nv -O sentora_core.zip https://github.com/sentora/sentora-core/archive/$SENTORA_CORE_VERSION.zip
if [[ -f sentora_core.zip ]]; then
break;
else
echo "Failed to download sentora core from Github"
echo "If you quit now, you can run again the installer later."
read -e -p "Press r to retry or q to quit the installer? " resp
case $resp in
[Rr]* ) continue;;
[Qq]* ) exit 3;;
esac
fi
done
###
# Sentora Core Install
###
mkdir -p $PANEL_PATH
mkdir -p $PANEL_DATA
chown -R root:root $PANEL_PATH
unzip -oq sentora_core.zip -d $PANEL_PATH
#
# Remove PHPUnit module test files (coming soon to the code base).
#
rm -rf $PANEL_PATH/panel/modules/*/tests/
rm -rf $PANEL_PATH/composer.json
rm -rf $PANEL_PATH/composer.lock
###
# ZPanel Upgrade - Clear down all old code (stops orphaned files)
###
if [ ! -L "/etc/zpanel" ] && [ -d "/etc/zpanel" ]; then
echo -e "Upgrading ZPanelCP 10.1.0 to Sentora 1.0.1";
PANEL_UPGRADE=true
mv /etc/zpanel/configs /root/zpanel_configs_backup
## Move main directories to new sentora location ##
mv /etc/zpanel/* $PANEL_PATH
mv /var/zpanel/* $PANEL_DATA
rm -rf /etc/zpanel/
rm -rf /var/zpanel/
## Removing core for upgrade
rm -rf $PANEL_PATH/panel/bin/
rm -rf $PANEL_PATH/panel/dryden/
rm -rf $PANEL_PATH/panel/etc/
rm -rf $PANEL_PATH/panel/inc/
rm -rf $PANEL_PATH/panel/index.php
rm -rf $PANEL_PATH/panel/LICENSE.md
rm -rf $PANEL_PATH/panel/README.md
rm -rf $PANEL_PATH/panel/robots.txt
rm -rf $PANEL_PATH/panel/modules/aliases
rm -rf $PANEL_PATH/panel/modules/apache_admin
rm -rf $PANEL_PATH/panel/modules/backup_admin
rm -rf $PANEL_PATH/panel/modules/backupmgr
rm -rf $PANEL_PATH/panel/modules/client_notices
rm -rf $PANEL_PATH/panel/modules/cron
rm -rf $PANEL_PATH/panel/modules/distlists
rm -rf $PANEL_PATH/panel/modules/dns_admin
rm -rf $PANEL_PATH/panel/modules/dns_manager
rm -rf $PANEL_PATH/panel/modules/domains
rm -rf $PANEL_PATH/panel/modules/faqs
rm -rf $PANEL_PATH/panel/modules/forwarders
rm -rf $PANEL_PATH/panel/modules/ftp_admin
rm -rf $PANEL_PATH/panel/modules/ftp_management
rm -rf $PANEL_PATH/panel/modules/mail_admin
rm -rf $PANEL_PATH/panel/modules/mailboxes
rm -rf $PANEL_PATH/panel/modules/manage_clients
rm -rf $PANEL_PATH/panel/modules/manage_groups
rm -rf $PANEL_PATH/panel/modules/moduleadmin
rm -rf $PANEL_PATH/panel/modules/my_account
rm -rf $PANEL_PATH/panel/modules/mysql_databases
rm -rf $PANEL_PATH/panel/modules/mysql_users
rm -rf $PANEL_PATH/panel/modules/news
rm -rf $PANEL_PATH/panel/modules/packages
rm -rf $PANEL_PATH/panel/modules/parked_domains
rm -rf $PANEL_PATH/panel/modules/password_assistant
rm -rf $PANEL_PATH/panel/modules/phpinfo
rm -rf $PANEL_PATH/panel/modules/phpmyadmin
rm -rf $PANEL_PATH/panel/modules/phpsysinfo
rm -rf $PANEL_PATH/panel/modules/services
rm -rf $PANEL_PATH/panel/modules/shadowing
rm -rf $PANEL_PATH/panel/modules/sub_domains
rm -rf $PANEL_PATH/panel/modules/theme_manager
rm -rf $PANEL_PATH/panel/modules/updates
rm -rf $PANEL_PATH/panel/modules/usage_viewer
rm -rf $PANEL_PATH/panel/modules/webalizer_stats
rm -rf $PANEL_PATH/panel/modules/webmail
rm -rf $PANEL_PATH/panel/modules/zpanelconfig
rm -rf $PANEL_PATH/panel/modules/zpx_core_module
###
# Remove links and files created by installer
###
rm -f /usr/bin/zppy
rm -f /usr/bin/setso
rm -f /usr/bin/setzadmin
rm -f /etc/postfix/master.cf
rm -f /etc/postfix/main.cf
rm -f /var/spool/vacation/vacation.pl
rm -f /var/sentora/sieve/globalfilter.sieve
rm -f /etc/dovecot/dovecot.conf
rm -f /etc/proftpd.conf
mysqlpassword=$(cat /etc/sentora/panel/cnf/db.php | grep "pass" | cut -d \' -f 2);
## Do NOT copy the new cnf directory
rm -rf "$PANEL_PATH/sentora-core-$SENTORA_CORE_VERSION/cnf"
fi
## cp can be aliased to stop overwriting of files in centos use full path to cp
/bin/cp -rf "$PANEL_PATH/sentora-core-$SENTORA_CORE_VERSION/." "$PANEL_PATH/panel/"
rm sentora_core.zip
rm "$PANEL_PATH/panel/LICENSE.md" "$PANEL_PATH/panel/README.md" "$PANEL_PATH/panel/.gitignore"
rm -rf "$PANEL_PATH/_delete_me" "$PANEL_PATH/.gitignore"
#--- Set-up Sentora directories and configure permissions
PANEL_CONF="$PANEL_PATH/configs"
mkdir -p $PANEL_CONF
mkdir -p $PANEL_PATH/docs
chmod -R 777 $PANEL_PATH
mkdir -p $PANEL_DATA/backups
chmod -R 777 $PANEL_DATA/
# Links for compatibility with zpanel access
ln -s $PANEL_PATH /etc/zpanel
ln -s $PANEL_DATA /var/zpanel
#--- Prepare Sentora executables
chmod +x $PANEL_PATH/panel/bin/zppy
ln -s $PANEL_PATH/panel/bin/zppy /usr/bin/zppy
chmod +x $PANEL_PATH/panel/bin/setso
ln -s $PANEL_PATH/panel/bin/setso /usr/bin/setso
chmod +x $PANEL_PATH/panel/bin/setzadmin
ln -s $PANEL_PATH/panel/bin/setzadmin /usr/bin/setzadmin
#--- Install preconfig
while true; do
wget -nv -O sentora_preconfig.zip https://github.com/sentora/sentora-installers/archive/$SENTORA_INSTALLER_VERSION.zip
if [[ -f sentora_preconfig.zip ]]; then
break;
else
echo "Failed to download sentora preconfig from Github"
echo "If you quit now, you can run again the installer later."
read -e -p "Press r to retry or q to quit the installer? " resp
case $resp in
[Rr]* ) continue;;
[Qq]* ) exit 3;;
esac
fi
done
unzip -oq sentora_preconfig.zip
/bin/cp -rf sentora-installers-$SENTORA_INSTALLER_VERSION/preconf/* $PANEL_CONF
rm sentora_preconfig*
rm -rf sentora-*
#--- Prepare zsudo
cc -o $PANEL_PATH/panel/bin/zsudo $PANEL_CONF/bin/zsudo.c
sudo chown root $PANEL_PATH/panel/bin/zsudo
chmod +s $PANEL_PATH/panel/bin/zsudo
#--- Resolv.conf protect
chattr +i /etc/resolv.conf
#--- Prepare hostname
old_hostname=$(cat /etc/hostname)
# In file hostname
echo "$PANEL_FQDN" > /etc/hostname
# In file hosts
sed -i "/127.0.1.1[\t ]*$old_hostname/d" /etc/hosts
sed -i "s|$old_hostname|$PANEL_FQDN|" /etc/hosts
# For current session
hostname "$PANEL_FQDN"
# In network file
if [[ "$OS" = "CentOs" && "$VER" = "6" ]]; then
sed -i "s|^\(HOSTNAME=\).*\$|HOSTNAME=$PANEL_FQDN|" /etc/sysconfig/network
/etc/init.d/network restart
fi
#--- Some functions used many times below
# Random password generator function
passwordgen() {
l=$1
[ "$l" == "" ] && l=16
tr -dc A-Za-z0-9 < /dev/urandom | head -c ${l} | xargs
}
# Add first parameter in hosts file as local IP domain
add_local_domain() {
if ! grep -q "127.0.0.1 $1" /etc/hosts; then
echo "127.0.0.1 $1" >> /etc/hosts;
fi
}
#-----------------------------------------------------------
# Install all softwares and dependencies required by Sentora.
if [[ "$OS" = "Ubuntu" || "$OS" = "raspbian" ]]; then
# Disable the DPKG prompts before we run the software install to enable fully automated install.
export DEBIAN_FRONTEND=noninteractive
fi
#--- MySQL
echo -e "\n-- Installing MySQL"
$PACKAGE_INSTALLER "$DB_PCKG"
if [[ "$OS" = "CentOs" ]]; then
$PACKAGE_INSTALLER "DB_PCKG-devel" "$DB_PCKG-server"
MY_CNF_PATH="/etc/my.cnf"
if [[ "$VER" = "7" ]]; then
DB_SERVICE="mariadb"
else
DB_SERVICE="mysqld"
fi
elif [[ "$OS" = "Ubuntu" || "$OS" = "raspbian" ]]; then
$PACKAGE_INSTALLER bsdutils libsasl2-modules-sql libsasl2-modules
if [[ "$VER" = "12.04" || "$VER" = "7" ]]; then
$PACKAGE_INSTALLER db4.7-util
fi
MY_CNF_PATH="/etc/mysql/my.cnf"
DB_SERVICE="mysql"
fi
service $DB_SERVICE start
# setup mysql root password only if mysqlpassword is empty
if [ -z "$mysqlpassword" ]; then
mysqlpassword=$(passwordgen);
mysqladmin -u root password "$mysqlpassword"
fi
# small cleaning of mysql access
mysql -u root -p"$mysqlpassword" -e "DELETE FROM mysql.user WHERE User='root' AND Host != 'localhost'";
mysql -u root -p"$mysqlpassword" -e "DELETE FROM mysql.user WHERE User=''";
mysql -u root -p"$mysqlpassword" -e "FLUSH PRIVILEGES";
# remove test table that is no longer used
mysql -u root -p"$mysqlpassword" -e "DROP DATABASE IF EXISTS test";
# secure SELECT "hacker-code" INTO OUTFILE
sed -i "s|\[mysqld\]|&\nsecure-file-priv = /var/tmp|" $MY_CNF_PATH
# setup sentora access and core database
if [ $PANEL_UPGRADE == true ]; then
mysql -u root -p"$mysqlpassword" < $PANEL_CONF/sentora-update/zpanel/sql/update-structure.sql
mysql -u root -p"$mysqlpassword" < $PANEL_CONF/sentora-update/zpanel/sql/update-data.sql
mysqldump -u root -p"$mysqlpassword" zpanel_core | mysql -u root -p"$mysqlpassword" -D sentora_core
mysqldump -u root -p"$mysqlpassword" zpanel_postfix | mysql -u root -p"$mysqlpassword" -D sentora_postfix
mysqldump -u root -p"$mysqlpassword" zpanel_proftpd | mysql -u root -p"$mysqlpassword" -D sentora_proftpd
mysqldump -u root -p"$mysqlpassword" zpanel_roundcube | mysql -u root -p"$mysqlpassword" -D sentora_roundcube
sed -i "s|zpanel_core|sentora_core|" $PANEL_PATH/panel/cnf/db.php
else
sed -i "s|YOUR_ROOT_MYSQL_PASSWORD|$mysqlpassword|" $PANEL_PATH/panel/cnf/db.php
mysql -u root -p"$mysqlpassword" < $PANEL_CONF/sentora-install/sql/sentora_core.sql
fi
# Register mysql/mariadb service for autostart
if [[ "$OS" = "CentOs" ]]; then
if [[ "$VER" == "7" ]]; then
systemctl enable "$DB_SERVICE".service
else
chkconfig "$DB_SERVICE" on
fi
fi
#--- Postfix
echo -e "\n-- Installing Postfix"
if [[ "$OS" = "CentOs" ]]; then
$PACKAGE_INSTALLER postfix postfix-perl-scripts
USR_LIB_PATH="/usr/libexec"
elif [[ "$OS" = "Ubuntu" ]]; then
$PACKAGE_INSTALLER postfix postfix-mysql
USR_LIB_PATH="/usr/lib"
fi
postfixpassword=$(passwordgen);
if [ $PANEL_UPGRADE == false ]; then
mysql -u root -p"$mysqlpassword" < $PANEL_CONF/sentora-install/sql/sentora_postfix.sql
fi
## grant will also create users which don't exist and update existing users with password ##
mysql -u root -p"$mysqlpassword" -e "GRANT ALL PRIVILEGES ON sentora_postfix .* TO 'postfix'@'localhost' identified by '$postfixpassword';";
mkdir $PANEL_DATA/vmail
useradd -r -g mail -d $PANEL_DATA/vmail -s /sbin/nologin -c "Virtual maildir" vmail
chown -R vmail:mail $PANEL_DATA/vmail
chmod -R 770 $PANEL_DATA/vmail
mkdir -p /var/spool/vacation
useradd -r -d /var/spool/vacation -s /sbin/nologin -c "Virtual vacation" vacation
chown -R vacation:vacation /var/spool/vacation
chmod -R 770 /var/spool/vacation
#Removed optional transport that was leaved empty, until it is fully handled.
#ln -s $PANEL_CONF/postfix/transport /etc/postfix/transport
#postmap /etc/postfix/transport
add_local_domain "$PANEL_FQDN"
add_local_domain "autoreply.$PANEL_FQDN"
rm -rf /etc/postfix/main.cf /etc/postfix/master.cf
ln -s $PANEL_CONF/postfix/master.cf /etc/postfix/master.cf
ln -s $PANEL_CONF/postfix/main.cf /etc/postfix/main.cf
ln -s $PANEL_CONF/postfix/vacation.pl /var/spool/vacation/vacation.pl
sed -i "s|!POSTFIX_PASSWORD!|$postfixpassword|" $PANEL_CONF/postfix/*.cf
sed -i "s|!POSTFIX_PASSWORD!|$postfixpassword|" $PANEL_CONF/postfix/vacation.conf
sed -i "s|!PANEL_FQDN!|$PANEL_FQDN|" $PANEL_CONF/postfix/main.cf
sed -i "s|!USR_LIB!|$USR_LIB_PATH|" $PANEL_CONF/postfix/master.cf
sed -i "s|!USR_LIB!|$USR_LIB_PATH|" $PANEL_CONF/postfix/main.cf
sed -i "s|!SERVER_IP!|$PUBLIC_IP|" $PANEL_CONF/postfix/main.cf
VMAIL_UID=$(id -u vmail)
MAIL_GID=$(sed -nr "s/^mail:x:([0-9]+):.*/\1/p" /etc/group)
sed -i "s|!POS_UID!|$VMAIL_UID|" $PANEL_CONF/postfix/main.cf
sed -i "s|!POS_GID!|$MAIL_GID|" $PANEL_CONF/postfix/main.cf
# remove unusued directives that issue warnings
sed -i '/virtual_mailbox_limit_maps/d' $PANEL_CONF/postfix/main.cf
sed -i '/smtpd_bind_address/d' $PANEL_CONF/postfix/master.cf
# Register postfix service for autostart (it is automatically started)
if [[ "$OS" = "CentOs" ]]; then
if [[ "$VER" == "7" ]]; then
systemctl enable postfix.service
# systemctl start postfix.service
else
chkconfig postfix on
# /etc/init.d/postfix start
fi
fi
#--- Dovecot (includes Sieve)
echo -e "\n-- Installing Dovecot"
if [[ "$OS" = "CentOs" ]]; then
$PACKAGE_INSTALLER dovecot dovecot-mysql dovecot-pigeonhole
sed -i "s|#first_valid_uid = ?|first_valid_uid = $VMAIL_UID\n#last_valid_uid = $VMAIL_UID\n\nfirst_valid_gid = $MAIL_GID\n#last_valid_gid = $MAIL_GID|" $PANEL_CONF/dovecot2/dovecot.conf
elif [[ "$OS" = "Ubuntu" || "$OS" = "raspbian" ]]; then
$PACKAGE_INSTALLER dovecot-mysql dovecot-imapd dovecot-pop3d dovecot-common dovecot-managesieved dovecot-lmtpd
sed -i "s|#first_valid_uid = ?|first_valid_uid = $VMAIL_UID\nlast_valid_uid = $VMAIL_UID\n\nfirst_valid_gid = $MAIL_GID\nlast_valid_gid = $MAIL_GID|" $PANEL_CONF/dovecot2/dovecot.conf
fi
mkdir -p $PANEL_DATA/sieve
chown -R vmail:mail $PANEL_DATA/sieve
mkdir -p /var/lib/dovecot/sieve/
touch /var/lib/dovecot/sieve/default.sieve
ln -s $PANEL_CONF/dovecot2/globalfilter.sieve $PANEL_DATA/sieve/globalfilter.sieve
rm -rf /etc/dovecot/dovecot.conf
ln -s $PANEL_CONF/dovecot2/dovecot.conf /etc/dovecot/dovecot.conf
sed -i "s|!POSTMASTER_EMAIL!|postmaster@$PANEL_FQDN|" $PANEL_CONF/dovecot2/dovecot.conf
sed -i "s|!POSTFIX_PASSWORD!|$postfixpassword|" $PANEL_CONF/dovecot2/dovecot-dict-quota.conf
sed -i "s|!POSTFIX_PASSWORD!|$postfixpassword|" $PANEL_CONF/dovecot2/dovecot-mysql.conf
sed -i "s|!DOV_UID!|$VMAIL_UID|" $PANEL_CONF/dovecot2/dovecot-mysql.conf
sed -i "s|!DOV_GID!|$MAIL_GID|" $PANEL_CONF/dovecot2/dovecot-mysql.conf
touch /var/log/dovecot.log /var/log/dovecot-info.log /var/log/dovecot-debug.log
chown vmail:mail /var/log/dovecot*
chmod 660 /var/log/dovecot*
# Register dovecot service for autostart and start it
if [[ "$OS" = "CentOs" ]]; then
if [[ "$VER" == "7" ]]; then
systemctl enable dovecot.service
systemctl start dovecot.service
else
chkconfig dovecot on
/etc/init.d/dovecot start
fi
fi
#--- Apache server
echo -e "\n-- Installing and configuring Apache"
$PACKAGE_INSTALLER "$HTTP_PCKG"
if [[ "$OS" = "CentOs" ]]; then
$PACKAGE_INSTALLER "$HTTP_PCKG-devel"
HTTP_CONF_PATH="/etc/httpd/conf/httpd.conf"
HTTP_VARS_PATH="/etc/sysconfig/httpd"
HTTP_SERVICE="httpd"
HTTP_USER="apache"
HTTP_GROUP="apache"
if [[ "$VER" = "7" ]]; then
# Disable extra modules in centos 7
disable_file /etc/httpd/conf.modules.d/01-cgi.conf
disable_file /etc/httpd/conf.modules.d/00-lua.conf
disable_file /etc/httpd/conf.modules.d/00-dav.conf
else
disable_file /etc/httpd/conf.d/welcome.conf
disable_file /etc/httpd/conf.d/webalizer.conf
# Disable more extra modules in centos 6.x /etc/httpd/httpd.conf dav/ldap/cgi/proxy_ajp
sed -i "s|LoadModule suexec_module modules|#LoadModule suexec_module modules|" "$HTTP_CONF_PATH"
sed -i "s|LoadModule cgi_module modules|#LoadModule cgi_module modules|" "$HTTP_CONF_PATH"
sed -i "s|LoadModule dav_module modules|#LoadModule dav_module modules|" "$HTTP_CONF_PATH"
sed -i "s|LoadModule dav_fs_module modules|#LoadModule dav_fs_module modules|" "$HTTP_CONF_PATH"
sed -i "s|LoadModule proxy_ajp_module modules|#LoadModule proxy_ajp_module modules|" "$HTTP_CONF_PATH"
fi
elif [[ "$OS" = "Ubuntu" || "$OS" = "raspbian" ]]; then
$PACKAGE_INSTALLER libapache2-mod-bw
HTTP_CONF_PATH="/etc/apache2/apache2.conf"
HTTP_VARS_PATH="/etc/apache2/envvars"
HTTP_SERVICE="apache2"
HTTP_USER="www-data"
HTTP_GROUP="www-data"
a2enmod rewrite
fi
if ! grep -q "Include $PANEL_CONF/apache/httpd.conf" "$HTTP_CONF_PATH"; then
echo "Include $PANEL_CONF/apache/httpd.conf" >> "$HTTP_CONF_PATH";
## Remove old include
if [ $PANEL_UPGRADE == true ]; then
sed -i "s|Include /etc/zpanel/configs/apache/httpd.conf||" "$HTTP_CONF_PATH";
fi
fi
add_local_domain "$(hostname)"
if ! grep -q "apache ALL=NOPASSWD: $PANEL_PATH/panel/bin/zsudo" /etc/sudoers; then
echo "apache ALL=NOPASSWD: $PANEL_PATH/panel/bin/zsudo" >> /etc/sudoers;
fi
# Create root directory for public HTTP docs
mkdir -p $PANEL_DATA/hostdata/zadmin/public_html
chown -R $HTTP_USER:$HTTP_GROUP $PANEL_DATA/hostdata/
chmod -R 770 $PANEL_DATA/hostdata/
mysql -u root -p"$mysqlpassword" -e "UPDATE sentora_core.x_settings SET so_value_tx='$HTTP_SERVICE' WHERE so_name_vc='httpd_exe'"
mysql -u root -p"$mysqlpassword" -e "UPDATE sentora_core.x_settings SET so_value_tx='$HTTP_SERVICE' WHERE so_name_vc='apache_sn'"
#Set keepalive on (default is off)
sed -i "s|KeepAlive Off|KeepAlive On|" "$HTTP_CONF_PATH"
# Permissions fix for Apache and ProFTPD (to enable them to play nicely together!)
if ! grep -q "umask 002" "$HTTP_VARS_PATH"; then
echo "umask 002" >> "$HTTP_VARS_PATH";
fi
# remove default virtual site to ensure Sentora is the default vhost
if [[ "$OS" = "CentOs" ]]; then
sed -i "s|DocumentRoot \"/var/www/html\"|DocumentRoot $PANEL_PATH/panel|" "$HTTP_CONF_PATH"
elif [[ "$OS" = "Ubuntu" || "$OS" = "raspbian" ]]; then
# disable completely sites-enabled/000-default.conf
if [[ "$VER" = "14.04" || "$VER" = "8" ]]; then
sed -i "s|IncludeOptional sites-enabled|#&|" "$HTTP_CONF_PATH"
else
sed -i "s|Include sites-enabled|#&|" "$HTTP_CONF_PATH"
fi
fi
# Comment "NameVirtualHost" and Listen directives that are handled in vhosts file
if [[ "$OS" = "CentOs" ]]; then
sed -i "s|^\(NameVirtualHost .*$\)|#\1\n# NameVirtualHost is now handled in Sentora vhosts file|" "$HTTP_CONF_PATH"
sed -i 's|^\(Listen .*$\)|#\1\n# Listen is now handled in Sentora vhosts file|' "$HTTP_CONF_PATH"
elif [[ "$OS" = "Ubuntu" || "$OS" = "raspbian" ]]; then
sed -i "s|\(Include ports.conf\)|#\1\n# Ports are now handled in Sentora vhosts file|" "$HTTP_CONF_PATH"
disable_file /etc/apache2/ports.conf
fi
# adjustments for apache 2.4
if [[ ("$OS" = "CentOs" && "$VER" = "7") ||
("$OS" = "Ubuntu" && "$VER" = "14.04") ||
("$OS" = "raspbian" && "$VER" = "8") ]] ; then
# Order deny,allow / Deny from all -> Require all denied
sed -i 's|Order deny,allow|Require all denied|I' $PANEL_CONF/apache/httpd.conf
sed -i '/Deny from all/d' $PANEL_CONF/apache/httpd.conf
# Order allow,deny / Allow from all -> Require all granted
sed -i 's|Order allow,deny|Require all granted|I' $PANEL_CONF/apache/httpd-vhosts.conf
sed -i '/Allow from all/d' $PANEL_CONF/apache/httpd-vhosts.conf
sed -i 's|Order allow,deny|Require all granted|I' $PANEL_PATH/panel/modules/apache_admin/hooks/OnDaemonRun.hook.php
sed -i '/Allow from all/d' $PANEL_PATH/panel/modules/apache_admin/hooks/OnDaemonRun.hook.php
# Remove NameVirtualHost that is now without effect and generate warning
sed -i '/NameVirtualHost/{N;d}' $PANEL_CONF/apache/httpd-vhosts.conf
sed -i '/# NameVirtualHost is/ {N;N;N;N;N;d}' $PANEL_PATH/panel/modules/apache_admin/hooks/OnDaemonRun.hook.php
# Options must have ALL (or none) +/- prefix, disable listing directories
sed -i 's| FollowSymLinks [-]Indexes| +FollowSymLinks -Indexes|' $PANEL_PATH/panel/modules/apache_admin/hooks/OnDaemonRun.hook.php
fi
#--- PHP
echo -e "\n-- Installing and configuring PHP"
if [[ "$OS" = "CentOs" ]]; then
$PACKAGE_INSTALLER php php-devel php-gd php-mbstring php-intl php-mysql php-xml php-xmlrpc
$PACKAGE_INSTALLER php-mcrypt php-imap #Epel packages
PHP_INI_PATH="/etc/php.ini"
PHP_EXT_PATH="/etc/php.d"
elif [[ "$OS" = "Ubuntu" || "$OS" = "raspbian" ]]; then
$PACKAGE_INSTALLER libapache2-mod-php5 php5-common php5-cli php5-mysql php5-gd php5-mcrypt php5-curl php-pear php5-imap php5-xmlrpc php5-xsl php5-intl
if [ "$VER" = "14.04" ]; then
php5enmod mcrypt # missing in the package for Ubuntu 14, is this needed for debian 8 as well?
else
$PACKAGE_INSTALLER php5-suhosin
fi
PHP_INI_PATH="/etc/php5/apache2/php.ini"
fi
# Setup php upload dir
mkdir -p $PANEL_DATA/temp
chmod 1777 $PANEL_DATA/temp/
chown -R $HTTP_USER:$HTTP_GROUP $PANEL_DATA/temp/
# Setup php session save directory
mkdir "$PANEL_DATA/sessions"
chown $HTTP_USER:$HTTP_GROUP "$PANEL_DATA/sessions"
chmod 733 "$PANEL_DATA/sessions"
chmod +t "$PANEL_DATA/sessions"
if [[ "$OS" = "CentOs" ]]; then
# Remove session & php values from apache that cause override
sed -i "/php_value/d" /etc/httpd/conf.d/php.conf
elif [[ "$OS" = "Ubuntu" || "$OS" = "raspbian" ]]; then
sed -i "s|;session.save_path = \"/var/lib/php5\"|session.save_path = \"$PANEL_DATA/sessions\"|" $PHP_INI_PATH
fi
sed -i "/php_value/d" $PHP_INI_PATH
echo "session.save_path = $PANEL_DATA/sessions;">> $PHP_INI_PATH
# setup timezone and upload temp dir
sed -i "s|;date.timezone =|date.timezone = $tz|" $PHP_INI_PATH
sed -i "s|;upload_tmp_dir =|upload_tmp_dir = $PANEL_DATA/temp/|" $PHP_INI_PATH
# Disable php signature in headers to hide it from hackers
sed -i "s|expose_php = On|expose_php = Off|" $PHP_INI_PATH
# Build suhosin for PHP 5.x which is required by Sentora.
if [[ "$OS" = "CentOs" || "$OS" = "raspbian" || ( "$OS" = "Ubuntu" && "$VER" = "14.04") ]] ; then
echo -e "\n# Building suhosin"
if [[ "$OS" = "Ubuntu" || "$OS" = "raspbian" ]]; then
$PACKAGE_INSTALLER php5-dev
fi
SUHOSIN_VERSION="0.9.37.1"
wget -nv -O suhosin.zip https://github.com/stefanesser/suhosin/archive/$SUHOSIN_VERSION.zip
unzip -q suhosin.zip
rm -f suhosin.zip
cd suhosin-$SUHOSIN_VERSION
phpize &> /dev/null
./configure &> /dev/null
make &> /dev/null
make install
cd ..
rm -rf suhosin-$SUHOSIN_VERSION
if [[ "$OS" = "CentOs" ]]; then
echo 'extension=suhosin.so' > $PHP_EXT_PATH/suhosin.ini
elif [[ "$OS" = "Ubuntu" || "$OS" = "raspbian" ]]; then
sed -i 'N;/default extension directory./a\extension=suhosin.so' $PHP_INI_PATH
fi
fi
# Register apache(+php) service for autostart and start it
if [[ "$OS" = "CentOs" ]]; then
if [[ "$VER" == "7" ]]; then
systemctl enable "$HTTP_SERVICE.service"
systemctl start "$HTTP_SERVICE.service"
else
chkconfig "$HTTP_SERVICE" on
"/etc/init.d/$HTTP_SERVICE" start
fi
fi
#--- ProFTPd
echo -e "\n-- Installing ProFTPD"
if [[ "$OS" = "CentOs" ]]; then
$PACKAGE_INSTALLER proftpd proftpd-mysql
FTP_CONF_PATH='/etc/proftpd.conf'
sed -i "s|nogroup|nobody|" $PANEL_CONF/proftpd/proftpd-mysql.conf
elif [[ "$OS" = "Ubuntu" || "$OS" = "raspbian" ]]; then
$PACKAGE_INSTALLER proftpd-mod-mysql
FTP_CONF_PATH='/etc/proftpd/proftpd.conf'
fi
# Create and init proftpd database
if [ $PANEL_UPGRADE == false ]; then
mysql -u root -p"$mysqlpassword" < $PANEL_CONF/sentora-install/sql/sentora_proftpd.sql
fi
# Create and configure mysql password for proftpd
proftpdpassword=$(passwordgen);
sed -i "s|!SQL_PASSWORD!|$proftpdpassword|" $PANEL_CONF/proftpd/proftpd-mysql.conf
mysql -u root -p"$mysqlpassword" -e "GRANT ALL PRIVILEGES ON sentora_proftpd .* TO 'proftpd'@'localhost' identified by '$proftpdpassword';";
# Assign httpd user and group to all users that will be created
HTTP_UID=$(id -u "$HTTP_USER")
HTTP_GID=$(sed -nr "s/^$HTTP_GROUP:x:([0-9]+):.*/\1/p" /etc/group)
mysql -u root -p"$mysqlpassword" -e "ALTER TABLE sentora_proftpd.ftpuser ALTER COLUMN uid SET DEFAULT $HTTP_UID"
mysql -u root -p"$mysqlpassword" -e "ALTER TABLE sentora_proftpd.ftpuser ALTER COLUMN gid SET DEFAULT $HTTP_GID"
sed -i "s|!SQL_MIN_ID!|$HTTP_UID|" $PANEL_CONF/proftpd/proftpd-mysql.conf
# Setup proftpd base file to call sentora config
rm -f "$FTP_CONF_PATH"
#touch "$FTP_CONF_PATH"
#echo "include $PANEL_CONF/proftpd/proftpd-mysql.conf" >> "$FTP_CONF_PATH";
ln -s "$PANEL_CONF/proftpd/proftpd-mysql.conf" "$FTP_CONF_PATH"
# setup proftpd log dir
mkdir -p $PANEL_DATA/logs/proftpd
chmod -R 644 $PANEL_DATA/logs/proftpd
# Correct bug from package in Ubutu14.04 which screw service proftpd restart
# see https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/1246245
if [[ "$OS" = "Ubuntu" && "$VER" = "14.04" ]]; then
sed -i 's|\([ \t]*start-stop-daemon --stop --signal $SIGNAL \)\(--quiet --pidfile "$PIDFILE"\)$|\1--retry 1 \2|' /etc/init.d/proftpd
fi
# Register proftpd service for autostart and start it
if [[ "$OS" = "CentOs" ]]; then
if [[ "$VER" == "7" ]]; then
systemctl enable proftpd.service
systemctl start proftpd.service
else
chkconfig proftpd on
/etc/init.d/proftpd start
fi
fi
#--- BIND
echo -e "\n-- Installing and configuring Bind"
if [[ "$OS" = "CentOs" ]]; then
$PACKAGE_INSTALLER bind bind-utils bind-libs
BIND_PATH="/etc/named/"
BIND_FILES="/etc"
BIND_SERVICE="named"
BIND_USER="named"
elif [[ "$OS" = "Ubuntu" || "$OS" = "raspbian" ]]; then
$PACKAGE_INSTALLER bind9 bind9utils
BIND_PATH="/etc/bind/"
BIND_FILES="/etc/bind"
BIND_SERVICE="bind9"
BIND_USER="bind"
mysql -u root -p"$mysqlpassword" -e "UPDATE sentora_core.x_settings SET so_value_tx='' WHERE so_name_vc='bind_log'"
fi
mysql -u root -p"$mysqlpassword" -e "UPDATE sentora_core.x_settings SET so_value_tx='$BIND_PATH' WHERE so_name_vc='bind_dir'"
mysql -u root -p"$mysqlpassword" -e "UPDATE sentora_core.x_settings SET so_value_tx='$BIND_SERVICE' WHERE so_name_vc='bind_service'"
chmod -R 777 $PANEL_CONF/bind/zones/
# Setup logging directory
mkdir $PANEL_DATA/logs/bind
touch $PANEL_DATA/logs/bind/bind.log $PANEL_DATA/logs/bind/debug.log
chown $BIND_USER $PANEL_DATA/logs/bind/bind.log $PANEL_DATA/logs/bind/debug.log
chmod 660 $PANEL_DATA/logs/bind/bind.log $PANEL_DATA/logs/bind/debug.log
if [[ "$OS" = "CentOs" ]]; then
chmod 751 /var/named
chmod 771 /var/named/data
sed -i 's|bind/zones.rfc1918|named.rfc1912.zones|' $PANEL_CONF/bind/named.conf
elif [[ "$OS" = "Ubuntu" || "$OS" = "raspbian" ]]; then
mkdir -p /var/named/dynamic
touch /var/named/dynamic/managed-keys.bind
chown -R bind:bind /var/named/
chmod -R 777 $PANEL_CONF/bind/etc
chown root:root $BIND_FILES/rndc.key
chmod 755 $BIND_FILES/rndc.key
fi
# Some link to enable call from path
ln -s /usr/sbin/named-checkconf /usr/bin/named-checkconf
ln -s /usr/sbin/named-checkzone /usr/bin/named-checkzone
ln -s /usr/sbin/named-compilezone /usr/bin/named-compilezone
# Setup acl IP to forbid zone transfer
sed -i "s|!SERVER_IP!|$PUBLIC_IP|" $PANEL_CONF/bind/named.conf
# Build key and conf files
rm -rf $BIND_FILES/named.conf $BIND_FILES/rndc.conf $BIND_FILES/rndc.key
rndc-confgen -a -r /dev/urandom
cat $BIND_FILES/rndc.key $PANEL_CONF/bind/named.conf > $BIND_FILES/named.conf
cat $BIND_FILES/rndc.key $PANEL_CONF/bind/rndc.conf > $BIND_FILES/rndc.conf
rm -f $BIND_FILES/rndc.key
# Register Bind service for autostart and start it
if [[ "$OS" = "CentOs" ]]; then
if [[ "$VER" == "7" ]]; then
systemctl enable named.service
systemctl start named.service
else
chkconfig named on
/etc/init.d/named start
fi
fi
#--- CRON and ATD
echo -e "\n-- Installing and configuring cron tasks"
if [[ "$OS" = "CentOs" ]]; then
#cronie & crontabs may be missing
$PACKAGE_INSTALLER cronie crontabs
CRON_DIR="/var/spool/cron"
CRON_SERVICE="crond"
elif [[ "$OS" = "Ubuntu" || "$OS" = "raspbian" ]]; then
$PACKAGE_INSTALLER cron
CRON_DIR="/var/spool/cron/crontabs"
CRON_SERVICE="cron"
fi
CRON_USER="$HTTP_USER"
# prepare daemon crontab
# sed -i "s|!USER!|$CRON_USER|" "$PANEL_CONF/cron/zdaemon" #it screw update search!#
sed -i "s|!USER!|root|" "$PANEL_CONF/cron/zdaemon"
cp "$PANEL_CONF/cron/zdaemon" /etc/cron.d/zdaemon
chmod 644 /etc/cron.d/zdaemon
# prepare user crontabs
CRON_FILE="$CRON_DIR/$CRON_USER"
mysql -u root -p"$mysqlpassword" -e "UPDATE sentora_core.x_settings SET so_value_tx='$CRON_FILE' WHERE so_name_vc='cron_file'"
mysql -u root -p"$mysqlpassword" -e "UPDATE sentora_core.x_settings SET so_value_tx='$CRON_FILE' WHERE so_name_vc='cron_reload_path'"
mysql -u root -p"$mysqlpassword" -e "UPDATE sentora_core.x_settings SET so_value_tx='$CRON_USER' WHERE so_name_vc='cron_reload_user'"
{
echo "SHELL=/bin/bash"
echo "PATH=/sbin:/bin:/usr/sbin:/usr/bin"
echo ""
} > mycron
crontab -u $HTTP_USER mycron
rm -f mycron
chmod 744 "$CRON_DIR"
chown -R $HTTP_USER:$HTTP_USER "$CRON_DIR"
chmod 644 "$CRON_FILE"
# Register cron and atd services for autostart and start them
if [[ "$OS" = "CentOs" ]]; then
if [[ "$VER" == "7" ]]; then
systemctl enable crond.service
systemctl start crond.service
systemctl start atd.service
else
chkconfig crond on
/etc/init.d/crond start
/etc/init.d/atd start
fi
fi
#--- phpMyAdmin
echo -e "\n-- Configuring phpMyAdmin"
phpmyadminsecret=$(passwordgen);
chmod 644 $PANEL_CONF/phpmyadmin/config.inc.php
sed -i "s|\$cfg\['blowfish_secret'\] \= 'SENTORA';|\$cfg\['blowfish_secret'\] \= '$phpmyadminsecret';|" $PANEL_CONF/phpmyadmin/config.inc.php
ln -s $PANEL_CONF/phpmyadmin/config.inc.php $PANEL_PATH/panel/etc/apps/phpmyadmin/config.inc.php
# Remove phpMyAdmin's setup folder in case it was left behind
rm -rf $PANEL_PATH/panel/etc/apps/phpmyadmin/setup
#--- Roundcube
echo -e "\n-- Configuring Roundcube"
# Import roundcube default table
if [ $PANEL_UPGRADE == false ]; then
mysql -u root -p"$mysqlpassword" < $PANEL_CONF/sentora-install/sql/sentora_roundcube.sql
fi
# Create and configure mysql password for roundcube
roundcubepassword=$(passwordgen);
sed -i "s|!ROUNDCUBE_PASSWORD!|$roundcubepassword|" $PANEL_CONF/roundcube/roundcube_config.inc.php
mysql -u root -p"$mysqlpassword" -e "GRANT ALL PRIVILEGES ON sentora_roundcube .* TO 'roundcube'@'localhost' identified by '$roundcubepassword';";
# Create and configure des key
roundcube_des_key=$(passwordgen 24);
sed -i "s|!ROUNDCUBE_DESKEY!|$roundcube_des_key|" $PANEL_CONF/roundcube/roundcube_config.inc.php
# Create and configure specials directories and rights
chown "$HTTP_USER:$HTTP_GROUP" "$PANEL_PATH/panel/etc/apps/webmail/temp"
mkdir "$PANEL_DATA/logs/roundcube"
chown "$HTTP_USER:$HTTP_GROUP" "$PANEL_DATA/logs/roundcube"
# Map config file in roundcube with symbolic links
ln -s $PANEL_CONF/roundcube/roundcube_config.inc.php $PANEL_PATH/panel/etc/apps/webmail/config/config.inc.php
ln -s $PANEL_CONF/roundcube/sieve_config.inc.php $PANEL_PATH/panel/etc/apps/webmail/plugins/managesieve/config.inc.php
#--- Webalizer
echo -e "\n-- Configuring Webalizer"
$PACKAGE_INSTALLER webalizer
if [[ "$OS" = "CentOs" ]]; then
rm -rf /etc/webalizer.conf
elif [[ "$OS" = "Ubuntu" || "$OS" = "raspbian" ]]; then
rm -rf /etc/webalizer/webalizer.conf
fi
#--- Set some Sentora database entries using. setso and setzadmin (require PHP)
echo -e "\n-- Configuring Sentora"
zadminpassword=$(passwordgen);
setzadmin --set "$zadminpassword";
$PANEL_PATH/panel/bin/setso --set sentora_domain "$PANEL_FQDN"
$PANEL_PATH/panel/bin/setso --set server_ip "$PUBLIC_IP"
# if not release, set beta version in database
if [[ $(echo "$SENTORA_CORE_VERSION" | sed 's|.*-\(beta\).*$|\1|') = "beta" ]] ; then
$PANEL_PATH/panel/bin/setso --set dbversion "$SENTORA_CORE_VERSION"
fi
# make the daemon to build vhosts file.
$PANEL_PATH/panel/bin/setso --set apache_changed "true"
php -q $PANEL_PATH/panel/bin/daemon.php
#--- Firewall ?
#--- Resolv.conf deprotect
chattr -i /etc/resolv.conf
#--- Restart all services to capture output messages, if any
if [[ "$OS" = "CentOs" && "$VER" == "7" ]]; then
# CentOs7 does not return anything except redirection to systemctl :-(
service() {
echo "Restarting $1"
systemctl restart "$1.service"
}
fi
service "$DB_SERVICE" restart
service "$HTTP_SERVICE" restart
service postfix restart
service dovecot restart
service "$CRON_SERVICE" restart
service "$BIND_SERVICE" restart
service proftpd restart
service atd restart
#--- Store the passwords for user reference
{
echo "Server IP address : $PUBLIC_IP"
echo "Panel URL : http://$PANEL_FQDN"
echo "zadmin Password : $zadminpassword"
echo ""
echo "MySQL Root Password : $mysqlpassword"
echo "MySQL Postfix Password : $postfixpassword"
echo "MySQL ProFTPd Password : $proftpdpassword"
echo "MySQL Roundcube Password : $roundcubepassword"
} >> /root/passwords.txt
#--- Advise the admin that Sentora is now installed and accessible.
{
echo "########################################################"
echo " Congratulations Sentora has now been installed on your"
echo " server. Please review the log file left in /root/ for "
echo " any errors encountered during installation."
echo ""
echo " Login to Sentora at http://$PANEL_FQDN"
echo " Sentora Username : zadmin"
echo " Sentora Password : $zadminpassword"
echo ""
echo " MySQL Root Password : $mysqlpassword"
echo " MySQL Postfix Password : $postfixpassword"
echo " MySQL ProFTPd Password : $proftpdpassword"
echo " MySQL Roundcube Password : $roundcubepassword"
echo " (theses passwords are saved in /root/passwords.txt)"
echo "########################################################"
echo ""
} &>/dev/tty
# Wait until the user have read before restarts the server...
if [[ "$INSTALL" != "auto" ]] ; then
while true; do
read -e -p "Restart your server now to complete the install (y/n)? " rsn
case $rsn in
[Yy]* ) break;;
[Nn]* ) exit;
esac
done
shutdown -r now
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment