1
0
mirror of https://github.com/tommytran732/Pterodactyl-Script synced 2024-11-22 10:31:34 -05:00

Fix firewalling

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2022-12-07 07:37:25 -05:00
parent 567d2371f7
commit 5e3df84d80
No known key found for this signature in database
GPG Key ID: 060B29EB996BD9F2

View File

@ -214,11 +214,40 @@ install_pterodactyl() {
php artisan p:environment:mail php artisan p:environment:mail
php artisan migrate --seed --force php artisan migrate --seed --force
php artisan p:user:make --email=$email --admin=1 php artisan p:user:make --email=$email --admin=1
sed -i 's/PTERODACTYL_TELEMETRY_ENABLED=true/PTERODACTYL_TELEMETRY_ENABLED=false/' /var/www/pterodactyl/.env
chown -R nginx:nginx * /var/www/pterodactyl chown -R nginx:nginx * /var/www/pterodactyl
output "Creating panel queue listeners..." cat > /etc/systemd/system/pteros.service <<- 'EOF'
(crontab -l ; echo "* * * * * php /var/www/pterodactyl/artisan schedule:run >> /dev/null 2>&1")| crontab - # Pterodactyl Schedule Service
# ----------------------------------
[Unit]
Description=Pterodactyl Schedule Service
[Service]
# On some systems the user and group might be different.
# Some systems use `apache` or `nginx` as the user and group.
User=nginx
Group=nginx
ExecStart=php /var/www/pterodactyl/artisan schedule:run
StandardOutput=null
Type=oneshot
EOF
cat > /etc/systemd/system/pteros.timer <<- 'EOF'
# Pterodactyl Schedule Service Timer
# ----------------------------------
[Unit]
Description=Pterodactyl Schedule Service Timer
[Timer]
OnCalendar=*-*-* *:*:00
[Install]
WantedBy=timers.target
EOF
cat > /etc/systemd/system/pteroq.service <<- 'EOF' cat > /etc/systemd/system/pteroq.service <<- 'EOF'
# Pterodactyl Queue Worker File # Pterodactyl Queue Worker File
@ -242,10 +271,9 @@ RestartSec=5s
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
EOF EOF
setsebool -P httpd_can_network_connect 1
setsebool -P httpd_execmem 1
setsebool -P httpd_unified 1
sudo systemctl daemon-reload sudo systemctl daemon-reload
systemctl enable --now pteros.timer
systemctl enable --now pteroq.service systemctl enable --now pteroq.service
} }
@ -327,6 +355,9 @@ server {
service nginx restart service nginx restart
chown -R nginx:nginx $(pwd) chown -R nginx:nginx $(pwd)
restorecon -R /var/www/pterodactyl restorecon -R /var/www/pterodactyl
setsebool -P httpd_can_network_connect 1
setsebool -P httpd_execmem 1
setsebool -P httpd_unified 1
} }
php_config(){ php_config(){
@ -356,14 +387,6 @@ webserver_config(){
chown -R nginx:nginx /var/lib/php/session chown -R nginx:nginx /var/lib/php/session
} }
setup_pterodactyl(){
install_dependencies
install_pterodactyl
ssl_certs
webserver_config
}
install_wings() { install_wings() {
cd /root || exit cd /root || exit
output "Installing Pterodactyl Wings dependencies..." output "Installing Pterodactyl Wings dependencies..."
@ -484,7 +507,6 @@ EOF
ssl_certs(){ ssl_certs(){
output "Installing Let's Encrypt and creating an SSL certificate..." output "Installing Let's Encrypt and creating an SSL certificate..."
cd /root || exit
dnf -y install certbot dnf -y install certbot
if [ "$installoption" = "1" ] || [ "$installoption" = "3" ]; then if [ "$installoption" = "1" ] || [ "$installoption" = "3" ]; then
@ -501,29 +523,39 @@ ssl_certs(){
if [ "$installoption" = "2" ]; then if [ "$installoption" = "2" ]; then
certbot certonly --standalone --no-eff-email --email "$email" --agree-tos -d "$FQDN" --non-interactive certbot certonly --standalone --no-eff-email --email "$email" --agree-tos -d "$FQDN" --non-interactive
fi fi
systemctl enable --now certbot.timer systemctl enable --now certbot-renew.timer
} }
firewall(){ firewall(){
if [ "$installoption" = "2" ]; then
if [ "$lsb_dist" != "rhel" ]; then
subscription-manager repos --enable codeready-builder-for-rhel-9-$(arch)-rpms
rpm --import https://raw.githubusercontent.com/tommytran732/Pterodactyl-Script/master/epel9.asc
dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
elif [ "$lsb_dist" != "centos" ]; then
dnf config-manager --set-enabled crb
dnf install -y epel-release epel-next-release
else
dnf config-manager --set-enabled crb
dnf install -y epel-release
fi
fi
output "Setting up Fail2Ban..." output "Setting up Fail2Ban..."
dnf -y install fail2ban dnf -y install fail2ban
systemctl enable fail2ban systemctl enable --now fail2ban
bash -c 'cat > /etc/fail2ban/jail.local' <<-'EOF' bash -c 'cat > /etc/fail2ban/jail.local' <<-'EOF'
[DEFAULT] [DEFAULT]
# Ban hosts for ten hours: # Ban hosts for ten hours:
bantime = 36000 bantime = 36000
# Override /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = iptables-multiport
[sshd] [sshd]
enabled = true enabled = true
EOF EOF
service fail2ban restart systemctl restart fail2ban
output "Configuring your firewall..." output "Configuring your firewall..."
dnf -y install firewalld dnf -y install firewalld
systemctl enable firewalld systemctl enable --now firewalld
systemctl start firewalld
if [ "$installoption" = "1" ]; then if [ "$installoption" = "1" ]; then
firewall-cmd --add-service=http --permanent firewall-cmd --add-service=http --permanent
firewall-cmd --add-service=https --permanent firewall-cmd --add-service=https --permanent
@ -543,6 +575,7 @@ EOF
firewall-cmd --permanent --zone=trusted --change-interface=pterodactyl0 firewall-cmd --permanent --zone=trusted --change-interface=pterodactyl0
firewall-cmd --zone=trusted --add-masquerade --permanent firewall-cmd --zone=trusted --add-masquerade --permanent
fi fi
firewall-cmd --reload
} }
database_host_reset(){ database_host_reset(){
@ -593,8 +626,11 @@ preflight
install_options install_options
case $installoption in case $installoption in
1) required_infos 1) required_infos
install_dependencies
install_pterodactyl
firewall firewall
setup_pterodactyl ssl_certs
webserver_config
broadcast broadcast
broadcast_database broadcast_database
;; ;;
@ -606,8 +642,11 @@ case $installoption in
broadcast_database broadcast_database
;; ;;
3) required_infos 3) required_infos
install_dependencies
install_pterodactyl
firewall firewall
setup_pterodactyl ssl_certs
webserver_config
install_wings install_wings
broadcast broadcast
;; ;;