mirror of
https://github.com/tommytran732/Pterodactyl-Script
synced 2024-11-22 10:31:34 -05:00
Fix firewalling
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
parent
567d2371f7
commit
5e3df84d80
87
install.sh
87
install.sh
@ -214,11 +214,40 @@ install_pterodactyl() {
|
|||||||
php artisan p:environment:mail
|
php artisan p:environment:mail
|
||||||
php artisan migrate --seed --force
|
php artisan migrate --seed --force
|
||||||
php artisan p:user:make --email=$email --admin=1
|
php artisan p:user:make --email=$email --admin=1
|
||||||
|
sed -i 's/PTERODACTYL_TELEMETRY_ENABLED=true/PTERODACTYL_TELEMETRY_ENABLED=false/' /var/www/pterodactyl/.env
|
||||||
|
|
||||||
chown -R nginx:nginx * /var/www/pterodactyl
|
chown -R nginx:nginx * /var/www/pterodactyl
|
||||||
|
|
||||||
output "Creating panel queue listeners..."
|
cat > /etc/systemd/system/pteros.service <<- 'EOF'
|
||||||
(crontab -l ; echo "* * * * * php /var/www/pterodactyl/artisan schedule:run >> /dev/null 2>&1")| crontab -
|
# Pterodactyl Schedule Service
|
||||||
|
# ----------------------------------
|
||||||
|
|
||||||
|
[Unit]
|
||||||
|
Description=Pterodactyl Schedule Service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
# On some systems the user and group might be different.
|
||||||
|
# Some systems use `apache` or `nginx` as the user and group.
|
||||||
|
User=nginx
|
||||||
|
Group=nginx
|
||||||
|
ExecStart=php /var/www/pterodactyl/artisan schedule:run
|
||||||
|
StandardOutput=null
|
||||||
|
Type=oneshot
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cat > /etc/systemd/system/pteros.timer <<- 'EOF'
|
||||||
|
# Pterodactyl Schedule Service Timer
|
||||||
|
# ----------------------------------
|
||||||
|
|
||||||
|
[Unit]
|
||||||
|
Description=Pterodactyl Schedule Service Timer
|
||||||
|
|
||||||
|
[Timer]
|
||||||
|
OnCalendar=*-*-* *:*:00
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=timers.target
|
||||||
|
EOF
|
||||||
|
|
||||||
cat > /etc/systemd/system/pteroq.service <<- 'EOF'
|
cat > /etc/systemd/system/pteroq.service <<- 'EOF'
|
||||||
# Pterodactyl Queue Worker File
|
# Pterodactyl Queue Worker File
|
||||||
@ -242,10 +271,9 @@ RestartSec=5s
|
|||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
EOF
|
EOF
|
||||||
setsebool -P httpd_can_network_connect 1
|
|
||||||
setsebool -P httpd_execmem 1
|
|
||||||
setsebool -P httpd_unified 1
|
|
||||||
sudo systemctl daemon-reload
|
sudo systemctl daemon-reload
|
||||||
|
systemctl enable --now pteros.timer
|
||||||
systemctl enable --now pteroq.service
|
systemctl enable --now pteroq.service
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -327,6 +355,9 @@ server {
|
|||||||
service nginx restart
|
service nginx restart
|
||||||
chown -R nginx:nginx $(pwd)
|
chown -R nginx:nginx $(pwd)
|
||||||
restorecon -R /var/www/pterodactyl
|
restorecon -R /var/www/pterodactyl
|
||||||
|
setsebool -P httpd_can_network_connect 1
|
||||||
|
setsebool -P httpd_execmem 1
|
||||||
|
setsebool -P httpd_unified 1
|
||||||
}
|
}
|
||||||
|
|
||||||
php_config(){
|
php_config(){
|
||||||
@ -356,14 +387,6 @@ webserver_config(){
|
|||||||
chown -R nginx:nginx /var/lib/php/session
|
chown -R nginx:nginx /var/lib/php/session
|
||||||
}
|
}
|
||||||
|
|
||||||
setup_pterodactyl(){
|
|
||||||
install_dependencies
|
|
||||||
install_pterodactyl
|
|
||||||
ssl_certs
|
|
||||||
webserver_config
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
install_wings() {
|
install_wings() {
|
||||||
cd /root || exit
|
cd /root || exit
|
||||||
output "Installing Pterodactyl Wings dependencies..."
|
output "Installing Pterodactyl Wings dependencies..."
|
||||||
@ -484,7 +507,6 @@ EOF
|
|||||||
|
|
||||||
ssl_certs(){
|
ssl_certs(){
|
||||||
output "Installing Let's Encrypt and creating an SSL certificate..."
|
output "Installing Let's Encrypt and creating an SSL certificate..."
|
||||||
cd /root || exit
|
|
||||||
dnf -y install certbot
|
dnf -y install certbot
|
||||||
|
|
||||||
if [ "$installoption" = "1" ] || [ "$installoption" = "3" ]; then
|
if [ "$installoption" = "1" ] || [ "$installoption" = "3" ]; then
|
||||||
@ -501,29 +523,39 @@ ssl_certs(){
|
|||||||
if [ "$installoption" = "2" ]; then
|
if [ "$installoption" = "2" ]; then
|
||||||
certbot certonly --standalone --no-eff-email --email "$email" --agree-tos -d "$FQDN" --non-interactive
|
certbot certonly --standalone --no-eff-email --email "$email" --agree-tos -d "$FQDN" --non-interactive
|
||||||
fi
|
fi
|
||||||
systemctl enable --now certbot.timer
|
systemctl enable --now certbot-renew.timer
|
||||||
}
|
}
|
||||||
|
|
||||||
firewall(){
|
firewall(){
|
||||||
|
if [ "$installoption" = "2" ]; then
|
||||||
|
if [ "$lsb_dist" != "rhel" ]; then
|
||||||
|
subscription-manager repos --enable codeready-builder-for-rhel-9-$(arch)-rpms
|
||||||
|
rpm --import https://raw.githubusercontent.com/tommytran732/Pterodactyl-Script/master/epel9.asc
|
||||||
|
dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
|
||||||
|
elif [ "$lsb_dist" != "centos" ]; then
|
||||||
|
dnf config-manager --set-enabled crb
|
||||||
|
dnf install -y epel-release epel-next-release
|
||||||
|
else
|
||||||
|
dnf config-manager --set-enabled crb
|
||||||
|
dnf install -y epel-release
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
output "Setting up Fail2Ban..."
|
output "Setting up Fail2Ban..."
|
||||||
dnf -y install fail2ban
|
dnf -y install fail2ban
|
||||||
systemctl enable fail2ban
|
systemctl enable --now fail2ban
|
||||||
bash -c 'cat > /etc/fail2ban/jail.local' <<-'EOF'
|
bash -c 'cat > /etc/fail2ban/jail.local' <<-'EOF'
|
||||||
[DEFAULT]
|
[DEFAULT]
|
||||||
# Ban hosts for ten hours:
|
# Ban hosts for ten hours:
|
||||||
bantime = 36000
|
bantime = 36000
|
||||||
# Override /etc/fail2ban/jail.d/00-firewalld.conf:
|
|
||||||
banaction = iptables-multiport
|
|
||||||
[sshd]
|
[sshd]
|
||||||
enabled = true
|
enabled = true
|
||||||
|
|
||||||
EOF
|
EOF
|
||||||
service fail2ban restart
|
systemctl restart fail2ban
|
||||||
|
|
||||||
output "Configuring your firewall..."
|
output "Configuring your firewall..."
|
||||||
dnf -y install firewalld
|
dnf -y install firewalld
|
||||||
systemctl enable firewalld
|
systemctl enable --now firewalld
|
||||||
systemctl start firewalld
|
|
||||||
if [ "$installoption" = "1" ]; then
|
if [ "$installoption" = "1" ]; then
|
||||||
firewall-cmd --add-service=http --permanent
|
firewall-cmd --add-service=http --permanent
|
||||||
firewall-cmd --add-service=https --permanent
|
firewall-cmd --add-service=https --permanent
|
||||||
@ -543,6 +575,7 @@ EOF
|
|||||||
firewall-cmd --permanent --zone=trusted --change-interface=pterodactyl0
|
firewall-cmd --permanent --zone=trusted --change-interface=pterodactyl0
|
||||||
firewall-cmd --zone=trusted --add-masquerade --permanent
|
firewall-cmd --zone=trusted --add-masquerade --permanent
|
||||||
fi
|
fi
|
||||||
|
firewall-cmd --reload
|
||||||
}
|
}
|
||||||
|
|
||||||
database_host_reset(){
|
database_host_reset(){
|
||||||
@ -593,8 +626,11 @@ preflight
|
|||||||
install_options
|
install_options
|
||||||
case $installoption in
|
case $installoption in
|
||||||
1) required_infos
|
1) required_infos
|
||||||
|
install_dependencies
|
||||||
|
install_pterodactyl
|
||||||
firewall
|
firewall
|
||||||
setup_pterodactyl
|
ssl_certs
|
||||||
|
webserver_config
|
||||||
broadcast
|
broadcast
|
||||||
broadcast_database
|
broadcast_database
|
||||||
;;
|
;;
|
||||||
@ -606,8 +642,11 @@ case $installoption in
|
|||||||
broadcast_database
|
broadcast_database
|
||||||
;;
|
;;
|
||||||
3) required_infos
|
3) required_infos
|
||||||
|
install_dependencies
|
||||||
|
install_pterodactyl
|
||||||
firewall
|
firewall
|
||||||
setup_pterodactyl
|
ssl_certs
|
||||||
|
webserver_config
|
||||||
install_wings
|
install_wings
|
||||||
broadcast
|
broadcast
|
||||||
;;
|
;;
|
||||||
|
Loading…
Reference in New Issue
Block a user