From efe44d0f8a21dcb94381d3d662c4cfc537817f3e Mon Sep 17 00:00:00 2001 From: TommyTran732 <57488583+tommytran732@users.noreply.github.com> Date: Thu, 25 Jun 2020 05:31:54 -0400 Subject: [PATCH] Create install.sh --- install.sh | 1517 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1517 insertions(+) create mode 100644 install.sh diff --git a/install.sh b/install.sh new file mode 100644 index 0000000..aaea377 --- /dev/null +++ b/install.sh @@ -0,0 +1,1517 @@ +#!/bin/bash + +output(){ + echo -e '\e[36m'$1'\e[0m'; +} + +warn(){ + echo -e '\e[31m'$1'\e[0m'; +} + +version=v1.0 + +preflight(){ + output "Pterodactyl Installation & Upgrade script ${version}" + output "Copyright © 2020 Thien Tran ." + output "Please join my Discord for community support: https://thientran.io/discord" + output "" + + output "Please note that this script is meant to be installed on a fresh OS. Installing it on a non-fresh OS may cause problems." + output "Automatic Operating System Detection initialized." + + os_check + + if [ "$EUID" -ne 0 ]; then + output "Please run as root." + exit 3 + fi + + output "Automatic Architecture Detection initialized." + MACHINE_TYPE=`uname -m` + if [ ${MACHINE_TYPE} == 'x86_64' ]; then + output "64-bit server detected! Good to go." + output "" + else + output "Unsupported architecture detected! Please switch to 64-bit (x86_64)." + exit 4 + fi + + output "Automatic Virtualization Detection initialized." + if [ "$lsb_dist" = "ubuntu" ]; then + apt-get update --fix-missing + apt-get -y install software-properties-common + add-apt-repository -y universe + apt-get -y install virt-what curl + elif [ "$lsb_dist" = "debian" ]; then + apt update --fix-missing + apt-get -y install software-properties-common virt-what wget curl + elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then + yum -y install virt-what wget + fi + virt_serv=$(echo $(virt-what)) + if [ "$virt_serv" = "" ]; then + output "Virtualization: Bare Metal detected." + elif [ "$virt_serv" = "openvz lxc" ]; then + output "Virtualization: OpenVZ 7 detected." + elif [ "$virt_serv" = "xen xen-hvm" ]; then + output "Virtualization: Xen-HVM detected." + elif [ "$virt_serv" = "xen xen-hvm aws" ]; then + output "Virtualization: Xen-HVM on AWS detected." + warn "When doing allocation for the node, please use the internal ip as Google Cloud uses NAT." + warn "Resuming in 10 seconds." + sleep 10 + else + output "Virtualization: $virt_serv detected." + fi + output "" + if [ "$virt_serv" != "" ] && [ "$virt_serv" != "kvm" ] && [ "$virt_serv" != "vmware" ] && [ "$virt_serv" != "hyperv" ] && [ "$virt_serv" != "openvz lxc" ] && [ "$virt_serv" != "xen xen-hvm" ] && [ "$virt_serv" != "xen xen-hvm aws" ]; then + warn "Unsupported Virtualization method. Please consult with your provider whether your server can run Docker or not. Proceed at your own risk." + warn "No support would be given if your server breaks at any point in the future." + warn "Proceed?\n[1] Yes.\n[2] No." + read choice + case $choice in + 1) output "Proceeding..." + ;; + 2) output "Cancelling installation..." + exit 5 + ;; + esac + output "" + fi + + output "Kernel Detection Initialized." + if echo $(uname -r) | grep -q xxxx; then + output "OVH Kernel Detected. The script will not work. Please install your server with a generic/distribution kernel." + output "When you are reinstalling your server, click on 'custom installation' and click on 'use distribution' kernel after that." + output "You might also want to do custom partritioning, remove the /home partrition and give / all the remaining space." + output "Please do not hesitate to contact us if you need help regarding this issue." + exit 6 + elif echo $(uname -r) | grep -q pve; then + output "Proxmox LXE Kernel Detected. You have chosen to continue in the last step, therefore we are proceeding at your own risk." + output "Proceeding with a risky operation..." + elif echo $(uname -r) | grep -q stab; then + if echo $(uname -r) | grep -q 2.6; then + output "OpenVZ 6 detected. This server will definitely not work with Docker, regardless of what your provider might say. Exiting to avoid further damages." + exit 6 + fi + elif echo $(uname -r) | grep -q gcp; then + output "Google Cloud Platform Detected." + warn "Please make sure you have static ip setup, otherwise the system will not work after a reboot." + warn "Please also make sure the google firewall allows the ports needed for the server to function normally." + warn "When doing allocation for the node, please use the internal ip as Google Cloud uses NAT." + warn "Resuming in 10 seconds." + sleep 10 + else + output "Did not detect any bad kernel. Moving forward." + output "" + fi +} + +os_check(){ + if [ -r /etc/os-release ]; then + lsb_dist="$(. /etc/os-release && echo "$ID")" + dist_version="$(. /etc/os-release && echo "$VERSION_ID")" + if [ $lsb_dist = "rhel" ]; then + dist_version="$(echo $dist_version | awk -F. '{print $1}')" + fi + else + exit 1 + fi + + if [ "$lsb_dist" = "ubuntu" ]; then + if [ "$dist_version" != "20.04" ] && [ "$dist_version" != "18.04" ] && [ "$dist_version" != "16.04" ]; then + output "Unsupported Ubuntu version. Only Ubuntu 20.04, 18.04 and 16.04 are supported." + exit 2 + fi + elif [ "$lsb_dist" = "debian" ]; then + if [ "$dist_version" != "10" ] &&[ "$dist_version" != "9" ]; then + output "Unsupported Debian version. Only Debian 10, and 9 are supported.." + exit 2 + fi + elif [ "$lsb_dist" = "fedora" ]; then + if [ "$dist_version" != "32" ] && [ "$dist_version" != "31" ]; then + output "Unsupported Fedora version. Only 32 and 31 is supported." + exit 2 + fi + elif [ "$lsb_dist" = "centos" ]; then + if [ "$dist_version" != "8" ] && [ "$dist_version" != "7" ]; then + output "Unsupported CentOS version. Only CentOS 8 and 7 are supported." + exit 2 + fi + elif [ "$lsb_dist" = "rhel" ]; then + if [ $dist_version != "8" ]; then + output "Unsupported RHEL version. Only RHEL 8 is supported." + exit 2 + fi + elif [ "$lsb_dist" != "ubuntu" ] && [ "$lsb_dist" != "debian" ] && [ "$lsb_dist" != "centos" ]; then + output "Unsupported Operating System." + output "" + output "Supported OS:" + output "Ubuntu: 20.04 18.04, 16.04" + output "Debian: 10, 9" + output "Fedora: 32, 31" + output "CentOS: 8, 7" + output "RHEL: 8" + exit 2 + fi +} + +install_options(){ + output "Please select your installation option:" + output "[1] Install the panel." + output "[2] Install the daemon." + output "[3] Install the panel and daemon." + output "[4] Install the standalone SFTP server." + output "[5] Upgrade 0.7.x panel to 0.7.17." + output "[6] Upgrade 0.6.x daemon to 0.6.13." + output "[7] Upgrade the panel to 0.7.17 and daemon to 0.6.13" + output "[8] Upgrade the standalone SFTP server to 1.0.4." + output "[9] Make Pterodactyl compatible with the mobile app. (Only use this after you have installed the panel. Check out https://pterodactyl.cloud for the mobile app.)" + output "[10] Update Mobile compatibility." + output "[11] Install or Update to phpMyAdmin 5.0.2 (Only use this after you have installed the panel.)" + output "[12] Install a standalone database host (For use on Daemon only installations only.)" + output "[13] Change Pterodactyl theme." + output "[14] Emergency MariaDB root password reset." + output "[15] Emergency Database host information reset." + read choice + case $choice in + 1 ) installoption=1 + output "You have selected panel installation only." + ;; + 2 ) installoption=2 + output "You have selected daemon installation only." + ;; + 3 ) installoption=3 + output "You have selected panel and daemon installation." + ;; + 4 ) installoption=4 + output "You have selected to install the standalone SFTP server." + ;; + 5 ) installoption=5 + output "You have selected to upgrade the panel." + ;; + 6 ) installoption=6 + output "You have selected to upgrade the daemon." + ;; + 7 ) installoption=7 + output "You have selected to upgrade both the panel and daemon." + ;; + 8 ) installoption=8 + output "You have selected to upgrade the standalone SFTP." + ;; + 9 ) installoption=9 + output "You have activated mobile app compatibility." + ;; + 10 ) installoption=10 + output "you have selected to update the mobile app compatibility." + ;; + 11 ) installoption=11 + output "You have selected to install or update phpMyAdmin." + ;; + 12 ) installoption=12 + output "You have selected to install a Database host." + ;; + 13 ) installoption=13 + output "You have selected to change Pterodactyl's theme." + ;; + 14 ) installoption=14 + output "You have selected MariaDB root password reset." + ;; + 15 ) installoption=15 + output "You have selected Database Host information reset." + ;; + * ) output "You did not enter a valid selection." + install_options + esac +} + +webserver_options() { + output "Please select which web server you would like to use:\n[1] Nginx (Recommended).\n[2] Apache2/Httpd." + read choice + case $choice in + 1 ) webserver=1 + output "You have selected Nginx." + output "" + ;; + 2 ) webserver=2 + output "You have selected Apache2 / Httpd." + output "" + ;; + * ) output "You did not enter a valid selection." + webserver_options + esac +} + +theme_options() { + output "Would you like to install Fonix's themes?" + output "[1] No." + output "[2] Super Pink and Fluffy." + output "[3] Tango Twist." + output "[4] Blue Brick." + output "[5] Minecraft Madness." + output "[6] Lime Stitch." + output "[7] Red Ape." + output "[8] BlackEnd Space." + output "[9] Nothing But Graphite." + output "" + output "You can find out about Fonix's themes here: https://github.com/TheFonix/Pterodactyl-Themes" + read choice + case $choice in + 1 ) themeoption=1 + output "You have selected to install vanilla Pterodactyl theme." + output "" + ;; + 2 ) themeoption=2 + output "You have selected to install Fonix's Super Pink and Fluffy theme." + output "" + ;; + 3 ) themeoption=3 + output "You have selected to install Fonix's Tango Twist theme." + output "" + ;; + 4 ) themeoption=4 + output "You have selected to install Fonix's Blue Brick theme." + output "" + ;; + 5 ) themeoption=5 + output "You have selected to install Fonix's Minecraft Madness theme." + output "" + ;; + 6 ) themeoption=6 + output "You have selected to install Fonix's Lime Stitch theme." + output "" + ;; + 7 ) themeoption=7 + output "You have selected to install Fonix's Red Ape theme." + output "" + ;; + 8 ) themeoption=8 + output "You have selected to install Fonix's BlackEnd Space theme." + output "" + ;; + 9 ) themeoption=9 + output "You have selected to install Fonix's Nothing But Graphite theme." + output "" + ;; + * ) output "You did not enter a a valid selection." + theme_options + esac +} + +required_infos() { + output "Please enter the desired user email address:" + read email + dns_check +} + +dns_check(){ + output "Please enter your FQDN (panel.yourdomain.com):" + read FQDN + + output "Resolving DNS." + SERVER_IP=$(curl -s http://checkip.amazonaws.com) + DOMAIN_RECORD=$(dig +short ${FQDN}) + if [ "${SERVER_IP}" != "${DOMAIN_RECORD}" ]; then + output "" + output "The entered domain does not resolve to the primary public IP of this server." + output "Please make an A record pointing to your server's ip. For example, if you make an A record called 'panel' pointing to your server's ip, your FQDN is panel.yourdomain.tld" + output "If you are using Cloudflare, please disable the orange cloud." + output "If you do not have a domain, you can get a free one at https://www.freenom.com/en/index.html?lang=en." + dns_check + else + output "Domain resolved correctly. Good to go." + fi +} + +theme() { + output "Theme installation initialized." + cd /var/www/pterodactyl + if [ "$themeoption" = "1" ]; then + output "Keeping Pterodactyl's vanilla theme." + elif [ "$themeoption" = "2" ]; then + curl https://raw.githubusercontent.com/TheFonix/Pterodactyl-Themes/master/MasterThemes/PinkAnFluffy/build.sh | sh + elif [ "$themeoption" = "3" ]; then + curl https://raw.githubusercontent.com/TheFonix/Pterodactyl-Themes/master/MasterThemes/TangoTwist/build.sh | sh + elif [ "$themeoption" = "4" ]; then + curl https://raw.githubusercontent.com/TheFonix/Pterodactyl-Themes/master/MasterThemes/BlueBrick/build.sh | sh + elif [ "$themeoption" = "5" ]; then + curl https://raw.githubusercontent.com/TheFonix/Pterodactyl-Themes/master/MasterThemes/MinecraftMadness/build.sh | sh + elif [ "$themeoption" = "6" ]; then + curl https://raw.githubusercontent.com/TheFonix/Pterodactyl-Themes/master/MasterThemes/LimeStitch/build.sh | sh + elif [ "$themeoption" = "7" ]; then + curl https://raw.githubusercontent.com/TheFonix/Pterodactyl-Themes/master/MasterThemes/RedApe/build.sh | sh + elif [ "$themeoption" = "8" ]; then + curl https://raw.githubusercontent.com/TheFonix/Pterodactyl-Themes/master/MasterThemes/BlackEndSpace/build.sh | sh + elif [ "$themeoption" = "9" ]; then + curl https://raw.githubusercontent.com/TheFonix/Pterodactyl-Themes/master/MasterThemes/NothingButGraphite/build.sh | sh + fi + php artisan view:clear + php artisan cache:clear +} + +repositories_setup(){ + output "Configuring your repositories." + if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then + apt-get -y install sudo + apt-get -y install software-properties-common dnsutils gpg-agent + dpkg --remove-architecture i386 + echo 'Acquire::ForceIPv4 "true";' | sudo tee /etc/apt/apt.conf.d/99force-ipv4 + apt-get -y update + curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash + if [ "$lsb_dist" = "ubuntu" ]; then + LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php + add-apt-repository -y ppa:chris-lea/redis-server + if [ "$dist_version" != "20.04" ]; then + add-apt-repository -y ppa:certbot/certbot + add-apt-repository -y ppa:nginx/development + fi + apt -y install tuned + tuned-adm profile latency-performance + elif [ "$lsb_dist" = "debian" ]; then + apt-get -y install ca-certificates apt-transport-https + echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/php.list + if [ "$dist_version" = "10" ]; then + apt -y install dirmngr + wget -q https://packages.sury.org/php/apt.gpg -O- | sudo apt-key add - + sudo apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc' + sudo add-apt-repository 'deb [arch=amd64] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.4/debian buster main' + apt -y install tuned + tuned-adm profile latency-performance + elif [ "$dist_version" = "9" ]; then + apt -y install dirmngr + wget -q https://packages.sury.org/php/apt.gpg -O- | sudo apt-key add - + sudo apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc' + sudo add-apt-repository 'deb [arch=amd64,i386,ppc64el] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.4/debian stretch main' + fi + fi + apt-get -y update + apt-get -y upgrade + apt-get -y autoremove + apt-get -y autoclean + apt-get -y install dnsutils curl + elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ]; then + if [ "$lsb_dist" = "fedora" ] ; then + if [ "$dist_version" = "32" ]; then + dnf -y install http://rpms.remirepo.net/fedora/remi-release-32.rpm + elif [ "$dist_version" = "31" ]; then + dnf -y install http://rpms.remirepo.net/fedora/remi-release-31.rpm + fi + dnf -y install dnf-plugins-core python2 libsemanage-devel + dnf config-manager --set-enabled remi + dnf -y module enable php:remi-7.3 + dnf -y module enable nginx:mainline/common + dnf -y module enable mariadb:14/server + elif [ "$lsb_dist" = "centos" ] && [ "$dist_version" = "8" ]; then + dnf -y install epel-release boost-program-options + dnf -y install http://rpms.remirepo.net/enterprise/remi-release-8.rpm + dnf config-manager --set-enabled remi + dnf -y module enable php:remi-7.3 + dnf -y module enable nginx:mainline/common + curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash + dnf config-manager --set-enabled mariadb + elif [ "$lsb_dist" = "centos" ] && [ "$dist_version" = "7" ]; then + + bash -c 'cat > /etc/yum.repos.d/nginx.repo' <<-'EOF' +[nginx-mainline] +name=nginx mainline repo +baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/ +gpgcheck=1 +enabled=0 +gpgkey=https://nginx.org/keys/nginx_signing.key +module_hotfixes=true +EOF + bash -c 'cat > /etc/yum.repos.d/mariadb.repo' <<-'EOF' +[mariadb] +name = MariaDB +baseurl = http://yum.mariadb.org/10.4/centos7-amd64 +gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB +gpgcheck=1 +EOF + + yum -y install epel-release + yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm + yum -y install policycoreutils-python yum-utils libsemanage-devel + yum-config-manager --enable remi + yum-config-manager --enable remi-php73 + yum-config-manager --enable nginx-mainline + yum-config-manager --enable mariadb + elif [ "$lsb_dist" = "rhel" ] && [ "$dist_version" = "8" ]; then + dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm + dnf -y install boost-program-options + dnf -y install http://rpms.remirepo.net/enterprise/remi-release-8.rpm + dnf config-manager --set-enabled remi + dnf -y module enable php:remi-7.3 + dnf -y module enable nginx:mainline/common + curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash + dnf config-manager --set-enabled mariadb + fi + yum -y install yum-utils tuned + tuned-adm profile latency-performance + yum -y upgrade + yum -y autoremove + yum -y clean packages + yum -y install curl bind-utils cronie + fi +} + +install_dependencies(){ + output "Installing dependencies." + if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then + if [ "$webserver" = "1" ]; then + apt-get -y install php7.3 php7.3-cli php7.3-gd php7.3-mysql php7.3-pdo php7.3-mbstring php7.3-tokenizer php7.3-bcmath php7.3-xml php7.3-fpm php7.3-curl php7.3-zip curl tar unzip git redis-server nginx git wget expect + elif [ "$webserver" = "2" ]; then + apt-get -y install php7.3 php7.3-cli php7.3-gd php7.3-mysql php7.3-pdo php7.3-mbstring php7.3-tokenizer php7.3-bcmath php7.3-xml php7.3-fpm php7.3-curl php7.3-zip curl tar unzip git redis-server apache2 libapache2-mod-php7.3 redis-server git wget expect + fi + sh -c "DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-unauthenticated mariadb-server" + elif [ "$lsb_dist" = "centos" ] && [ "$dist_version" = "7" ]; then + if [ "$webserver" = "1" ]; then + yum -y install php php-common php-fpm php-cli php-json php-mysqlnd php-mcrypt php-gd php-mbstring php-pdo php-zip php-bcmath php-dom php-opcache MariaDB-server redis nginx git policycoreutils-python-utils unzip wget expect tar + elif [ "$webserver" = "2" ]; then + yum -y install php php-common php-fpm php-cli php-json php-mysqlnd php-mcrypt php-gd php-mbstring php-pdo php-zip php-bcmath php-dom php-opcache MariaDB-server redis httpd git policycoreutils-python-utils mod_ssl unzip wget expect tar + fi + else + if [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then + if [ "$dist_version" = "8" ]; then + dnf -y install MariaDB-server MariaDB-client --disablerepo=AppStream + fi + else + dnf -y install MariaDB-server + fi + dnf -y module install php:remi-7.3 + if [ "$webserver" = "1" ]; then + dnf -y install redis nginx git policycoreutils-python-utils unzip wget expect jq php-mysql php-zip php-bcmath tar + elif [ "$webserver" = "2" ]; then + dnf -y install redis httpd git policycoreutils-python-utils mod_ssl unzip wget expect jq php-mysql php-zip php-mcmath tar + fi + fi + + output "Enabling Services." + if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then + systemctl enable redis-server + service redis-server start + systemctl enable php7.3-fpm + service php7.3-fpm start + elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then + systemctl enable redis + service redis start + systemctl enable php-fpm + service php-fpm start + fi + + systemctl enable cron + systemctl enable mariadb + + if [ "$webserver" = "1" ]; then + systemctl enable nginx + service nginx start + elif [ "$webserver" = "2" ]; then + if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then + systemctl enable apache2 + service apache2 start + elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then + systemctl enable httpd + service httpd start + fi + fi + service mysql start +} + +install_pterodactyl() { + output "Creating the databases and setting root password." + password=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` + adminpassword=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` + rootpassword=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` + Q0="DROP DATABASE IF EXISTS test;" + Q1="CREATE DATABASE IF NOT EXISTS panel;" + Q2="SET old_passwords=0;" + Q3="GRANT ALL ON panel.* TO 'pterodactyl'@'127.0.0.1' IDENTIFIED BY '$password';" + Q4="GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, ALTER, INDEX, DROP, EXECUTE, PROCESS, RELOAD, LOCK TABLES, CREATE USER ON *.* TO 'admin'@'$SERVER_IP' IDENTIFIED BY '$adminpassword' WITH GRANT OPTION;" + Q5="SET PASSWORD FOR 'root'@'localhost' = PASSWORD('$rootpassword');" + Q6="DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" + Q7="DELETE FROM mysql.user WHERE User='';" + Q8="DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%';" + Q9="FLUSH PRIVILEGES;" + SQL="${Q0}${Q1}${Q2}${Q3}${Q4}${Q5}${Q6}${Q7}${Q8}${Q9}" + mysql -u root -e "$SQL" + + output "Binding MariaDB/MySQL to 0.0.0.0." + if [ -f /etc/mysql/my.cnf ] ; then + sed -i -- 's/bind-address/# bind-address/g' /etc/mysql/my.cnf + sed -i '/\[mysqld\]/a bind-address = 0.0.0.0' /etc/mysql/my.cnf + output 'Restarting MySQL process...' + service mysql restart + elif [ -f /etc/my.cnf ] ; then + sed -i -- 's/bind-address/# bind-address/g' /etc/my.cnf + sed -i '/\[mysqld\]/a bind-address = 0.0.0.0' /etc/my.cnf + output 'Restarting MySQL process...' + service mysql restart + elif [ -f /etc/mysql/my.conf.d/mysqld.cnf ] ; then + sed -i -- 's/bind-address/# bind-address/g' /etc/my.cnf + sed -i '/\[mysqld\]/a bind-address = 0.0.0.0' /etc/my.cnf + output 'Restarting MySQL process...' + service mysql restart + else + output 'File my.cnf was not found! Please contact support.' + fi + + output "Downloading Pterodactyl." + mkdir -p /var/www/pterodactyl + cd /var/www/pterodactyl + curl -Lo panel.tar.gz https://github.com/pterodactyl/panel/releases/download/v0.7.17/panel.tar.gz + tar --strip-components=1 -xzvf panel.tar.gz + chmod -R 755 storage/* bootstrap/cache/ + + output "Installing Pterodactyl." + curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer + cp .env.example .env + /usr/local/bin/composer install --no-dev --optimize-autoloader + php artisan key:generate --force + php artisan p:environment:setup -n --author=$email --url=https://$FQDN --timezone=America/New_York --cache=redis --session=database --queue=redis --redis-host=127.0.0.1 --redis-pass= --redis-port=6379 + php artisan p:environment:database --host=127.0.0.1 --port=3306 --database=panel --username=pterodactyl --password=$password + output "To use PHP's internal mail sending, select [mail]. To use a custom SMTP server, select [smtp]. TLS Encryption is recommended." + php artisan p:environment:mail + php artisan migrate --seed --force + php artisan p:user:make --email=$email --admin=1 + if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then + chown -R www-data:www-data * /var/www/pterodactyl + elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then + if [ "$webserver" = "1" ]; then + chown -R nginx:nginx * /var/www/pterodactyl + elif [ "$webserver" = "2" ]; then + chown -R apache:apache * /var/www/pterodactyl + fi + semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/pterodactyl/storage(/.*)?" + restorecon -R /var/www/pterodactyl + fi + + output "Creating panel queue listeners" + (crontab -l ; echo "* * * * * php /var/www/pterodactyl/artisan schedule:run >> /dev/null 2>&1")| crontab - + service cron restart + + if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then + cat > /etc/systemd/system/pteroq.service <<- 'EOF' +[Unit] +Description=Pterodactyl Queue Worker +After=redis-server.service +[Service] +User=www-data +Group=www-data +Restart=always +ExecStart=/usr/bin/php /var/www/pterodactyl/artisan queue:work --queue=high,standard,low --sleep=3 --tries=3 +[Install] +WantedBy=multi-user.target +EOF + elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then + if [ "$webserver" = "1" ]; then + cat > /etc/systemd/system/pteroq.service <<- 'EOF' +Description=Pterodactyl Queue Worker +After=redis-server.service +[Service] +User=nginx +Group=nginx +Restart=always +ExecStart=/usr/bin/php /var/www/pterodactyl/artisan queue:work --queue=high,standard,low --sleep=3 --tries=3 +[Install] +WantedBy=multi-user.target +EOF + elif [ "$webserver" = "2" ]; then + cat > /etc/systemd/system/pteroq.service <<- 'EOF' +[Unit] +Description=Pterodactyl Queue Worker +After=redis-server.service +[Service] +User=apache +Group=apache +Restart=always +ExecStart=/usr/bin/php /var/www/pterodactyl/artisan queue:work --queue=high,standard,low --sleep=3 --tries=3 +[Install] +WantedBy=multi-user.target +EOF + fi + setsebool -P httpd_can_network_connect 1 + setsebool -P httpd_execmem 1 + setsebool -P httpd_unified 1 + fi + sudo systemctl daemon-reload + systemctl enable pteroq.service + systemctl start pteroq +} + +upgrade_pterodactyl(){ + cd /var/www/pterodactyl + php artisan down + curl -L https://github.com/pterodactyl/panel/releases/download/v0.7.17/panel.tar.gz | tar --strip-components=1 -xzv + chmod -R 755 storage/* bootstrap/cache + composer install --no-dev --optimize-autoloader + php artisan view:clear + php artisan config:clear + php artisan migrate --force + php artisan db:seed --force + if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then + chown -R www-data:www-data * /var/www/pterodactyl + elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then + chown -R apache:apache * /var/www/pterodactyl + chown -R nginx:nginx * /var/www/pterodactyl + semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/pterodactyl/storage(/.*)?" + restorecon -R /var/www/pterodactyl + fi + output "Your panel has been updated to version 0.7.17." + php artisan up + php artisan queue:restart +} + +nginx_config() { + output "Disabling default configuration" + rm -rf /etc/nginx/sites-enabled/default + output "Configuring Nginx Webserver" + +echo ' +server_tokens off; +set_real_ip_from 103.21.244.0/22; +set_real_ip_from 103.22.200.0/22; +set_real_ip_from 103.31.4.0/22; +set_real_ip_from 104.16.0.0/12; +set_real_ip_from 108.162.192.0/18; +set_real_ip_from 131.0.72.0/22; +set_real_ip_from 141.101.64.0/18; +set_real_ip_from 162.158.0.0/15; +set_real_ip_from 172.64.0.0/13; +set_real_ip_from 173.245.48.0/20; +set_real_ip_from 188.114.96.0/20; +set_real_ip_from 190.93.240.0/20; +set_real_ip_from 197.234.240.0/22; +set_real_ip_from 198.41.128.0/17; +set_real_ip_from 2400:cb00::/32; +set_real_ip_from 2606:4700::/32; +set_real_ip_from 2803:f800::/32; +set_real_ip_from 2405:b500::/32; +set_real_ip_from 2405:8100::/32; +set_real_ip_from 2c0f:f248::/32; +set_real_ip_from 2a06:98c0::/29; +real_ip_header X-Forwarded-For; +server { + listen 80 default_server; + server_name '"$FQDN"'; + return 301 https://$server_name$request_uri; +} +server { + listen 443 ssl http2 default_server; + server_name '"$FQDN"'; + root /var/www/pterodactyl/public; + index index.php; + access_log /var/log/nginx/pterodactyl.app-access.log; + error_log /var/log/nginx/pterodactyl.app-error.log error; + # allow larger file uploads and longer script runtimes + client_max_body_size 100m; + client_body_timeout 120s; + sendfile off; + # SSL Configuration + ssl_certificate /etc/letsencrypt/live/'"$FQDN"'/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/'"$FQDN"'/privkey.pem; + ssl_session_cache shared:SSL:10m; + ssl_protocols TLSv1.2; + ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; + ssl_prefer_server_ciphers on; + # See https://hstspreload.org/ before uncommenting the line below. + # add_header Strict-Transport-Security "max-age=15768000; preload;"; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header Content-Security-Policy "frame-ancestors 'self'"; + add_header X-Frame-Options DENY; + add_header Referrer-Policy same-origin; + location / { + try_files $uri $uri/ /index.php?$query_string; + } + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/var/run/php/php7.3-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M"; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param HTTP_PROXY ""; + fastcgi_intercept_errors off; + fastcgi_buffer_size 16k; + fastcgi_buffers 4 16k; + fastcgi_connect_timeout 300; + fastcgi_send_timeout 300; + fastcgi_read_timeout 300; + include /etc/nginx/fastcgi_params; + } + location ~ /\.ht { + deny all; + } +} +' | sudo -E tee /etc/nginx/sites-available/pterodactyl.conf >/dev/null 2>&1 + if [ "$lsb_dist" = "debian" ] && [ "$dist_version" = "8" ]; then + sed -i 's/http2//g' /etc/nginx/sites-available/pterodactyl.conf + fi + ln -s /etc/nginx/sites-available/pterodactyl.conf /etc/nginx/sites-enabled/pterodactyl.conf + service nginx restart +} + +apache_config() { + output "Disabling default configuration" + rm -rf /etc/nginx/sites-enabled/default + output "Configuring Apache2" +echo ' + + ServerName '"$FQDN"' + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] + + + ServerName '"$FQDN"' + DocumentRoot "/var/www/pterodactyl/public" + AllowEncodedSlashes On + php_value upload_max_filesize 100M + php_value post_max_size 100M + + AllowOverride all + + SSLEngine on + SSLCertificateFile /etc/letsencrypt/live/'"$FQDN"'/fullchain.pem + SSLCertificateKeyFile /etc/letsencrypt/live/'"$FQDN"'/privkey.pem + +' | sudo -E tee /etc/apache2/sites-available/pterodactyl.conf >/dev/null 2>&1 + + ln -s /etc/apache2/sites-available/pterodactyl.conf /etc/apache2/sites-enabled/pterodactyl.conf + a2enmod ssl + a2enmod rewrite + service apache2 restart +} + +nginx_config_redhat(){ + output "Configuring Nginx Webserver" + +echo ' +server_tokens off; +set_real_ip_from 103.21.244.0/22; +set_real_ip_from 103.22.200.0/22; +set_real_ip_from 103.31.4.0/22; +set_real_ip_from 104.16.0.0/12; +set_real_ip_from 108.162.192.0/18; +set_real_ip_from 131.0.72.0/22; +set_real_ip_from 141.101.64.0/18; +set_real_ip_from 162.158.0.0/15; +set_real_ip_from 172.64.0.0/13; +set_real_ip_from 173.245.48.0/20; +set_real_ip_from 188.114.96.0/20; +set_real_ip_from 190.93.240.0/20; +set_real_ip_from 197.234.240.0/22; +set_real_ip_from 198.41.128.0/17; +set_real_ip_from 2400:cb00::/32; +set_real_ip_from 2606:4700::/32; +set_real_ip_from 2803:f800::/32; +set_real_ip_from 2405:b500::/32; +set_real_ip_from 2405:8100::/32; +set_real_ip_from 2c0f:f248::/32; +set_real_ip_from 2a06:98c0::/29; +real_ip_header X-Forwarded-For; +server { + listen 80 default_server; + server_name '"$FQDN"'; + return 301 https://$server_name$request_uri; +} +server { + listen 443 ssl http2 default_server; + server_name '"$FQDN"'; + root /var/www/pterodactyl/public; + index index.php; + access_log /var/log/nginx/pterodactyl.app-access.log; + error_log /var/log/nginx/pterodactyl.app-error.log error; + # allow larger file uploads and longer script runtimes + client_max_body_size 100m; + client_body_timeout 120s; + + sendfile off; + # strengthen ssl security + ssl_certificate /etc/letsencrypt/live/'"$FQDN"'/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/'"$FQDN"'/privkey.pem; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + + # See the link below for more SSL information: + # https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html + # + # ssl_dhparam /etc/ssl/certs/dhparam.pem; + # Add headers to serve security related headers + add_header Strict-Transport-Security "max-age=15768000; preload;"; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header Content-Security-Policy "frame-ancestors 'self'"; + location / { + try_files $uri $uri/ /index.php?$query_string; + } + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/var/run/php-fpm/pterodactyl.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M"; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param HTTP_PROXY ""; + fastcgi_intercept_errors off; + fastcgi_buffer_size 16k; + fastcgi_buffers 4 16k; + fastcgi_connect_timeout 300; + fastcgi_send_timeout 300; + fastcgi_read_timeout 300; + include /etc/nginx/fastcgi_params; + } + location ~ /\.ht { + deny all; + } +} +' | sudo -E tee /etc/nginx/conf.d/pterodactyl.conf >/dev/null 2>&1 + + service nginx restart + chown -R nginx:nginx $(pwd) + semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/pterodactyl/storage(/.*)?" + restorecon -R /var/www/pterodactyl +} + +apache_config_redhat() { + output "Configuring Apache2" +echo ' + + ServerName '"$FQDN"' + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] + + + ServerName '"$FQDN"' + DocumentRoot "/var/www/pterodactyl/public" + AllowEncodedSlashes On + + AllowOverride all + + SSLEngine on + SSLCertificateFile /etc/letsencrypt/live/'"$FQDN"'/fullchain.pem + SSLCertificateKeyFile /etc/letsencrypt/live/'"$FQDN"'/privkey.pem + +' | sudo -E tee /etc/httpd/conf.d/pterodactyl.conf >/dev/null 2>&1 + service httpd restart +} + +php_config(){ + output "Configuring PHP socket." + bash -c 'cat > /etc/php-fpm.d/www-pterodactyl.conf' <<-'EOF' +[pterodactyl] +user = nginx +group = nginx +listen = /var/run/php-fpm/pterodactyl.sock +listen.owner = nginx +listen.group = nginx +listen.mode = 0750 +pm = ondemand +pm.max_children = 9 +pm.process_idle_timeout = 10s +pm.max_requests = 200 +EOF + systemctl restart php-fpm +} + +webserver_config(){ + if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then + if [ "$webserver" = "1" ]; then + nginx_config + elif [ "$webserver" = "2" ]; then + apache_config + fi + elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then + if [ "$webserver" = "1" ]; then + php_config + nginx_config_redhat + elif [ "$webserver" = "2" ]; then + apache_config_redhat + fi + fi +} + +setup_pterodactyl(){ + install_dependencies + install_pterodactyl + ssl_certs + webserver_config + theme +} + +install_daemon() { + cd /root + output "Installing Pterodactyl Daemon dependencies." + if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then + apt-get -y install curl tar unzip + elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then + yum -y install curl tar unzip + fi + + if [[ ( "$lsb_dist" = "centos" || "$lsb_dist" = "rhel" ) && "$dist_version" = "8" ]]; then + curl -sSL https://raw.githubusercontent.com/tommytran732/CentOS-8-Docker-Script/master/get-docker.sh | sudo bash + else + output "Installing Docker" + curl -sSL https://get.docker.com/ | CHANNEL=stable bash + fi + + service docker start + systemctl enable docker + output "Enabling Swap support for Docker & Installing NodeJS." + sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="[^"]*/& swapaccount=1/' /etc/default/grub + if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then + update-grub + curl -sL https://deb.nodesource.com/setup_12.x | sudo bash - + if [ "$lsb_dist" = "ubuntu" ] && [ "$dist_version" = "20.04" ]; then + apt -y install nodejs make gcc g++ + npm install node-gyp + elif [ "$lsb_dist" = "debian" ] && [ "$dist_version" = "10" ]; then + apt -y install nodejs make gcc g++ + else + apt -y install nodejs make gcc g++ node-gyp + fi + apt-get -y update + apt-get -y upgrade + apt-get -y autoremove + apt-get -y autoclean + elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ]; then + grub2-mkconfig -o "$(readlink /etc/grub2.conf)" + if [ "$lsb_dist" = "fedora" ]; then + dnf -y module install nodejs:12/minimal + dnf install -y tar unzip make gcc gcc-c++ python2 + elif [ "$lsb_dist" = "centos" ] && [ "$dist_version" = "8" ]; then + dnf -y module install nodejs:12/minimal + dnf install -y tar unzip make gcc gcc-c++ python2 + elif [ "$lsb_dist" = "centos" ] && [ "$dist_version" = "7" ]; then + curl --silent --location https://rpm.nodesource.com/setup_12.x | sudo bash - + yum -y install nodejs tar unzip make gcc-c++ node-gyp + fi + yum -y upgrade + yum -y autoremove + yum -y clean packages + fi + output "Installing the Pterodactyl Daemon." + mkdir -p /srv/daemon /srv/daemon-data + cd /srv/daemon + curl -L https://github.com/pterodactyl/daemon/releases/download/v0.6.13/daemon.tar.gz | tar --strip-components=1 -xzv + npm install --only=production --no-audit --unsafe-perm + bash -c 'cat > /etc/systemd/system/wings.service' <<-'EOF' +[Unit] +Description=Pterodactyl Wings Daemon +After=docker.service +[Service] +User=root +#Group=some_group +WorkingDirectory=/srv/daemon +LimitNOFILE=4096 +PIDFile=/var/run/wings/daemon.pid +ExecStart=/usr/bin/node /srv/daemon/src/index.js +Restart=on-failure +StartLimitInterval=600 +[Install] +WantedBy=multi-user.target +EOF + + systemctl daemon-reload + systemctl enable wings + + output "Daemon installation is nearly complete, Please go to the panel and get your 'Auto deploy' command in the node configuration tab." + output "Paste your auto deploy command below: " + read AUTODEPLOY + ${AUTODEPLOY} + service wings start +} + +upgrade_daemon(){ + cd /srv/daemon + service wings stop + curl -L https://github.com/pterodactyl/daemon/releases/download/v0.6.13/daemon.tar.gz | tar --strip-components=1 -xzv + npm install -g npm + npm install --only=production --no-audit --unsafe-perm + service wings restart + output "Your daemon has been updated to version 0.6.13." + output "npm has been updated to the latest version." +} + +install_standalone_sftp(){ + os_check + if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then + apt-get -y install jq + elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ]; then + yum -y install jq + fi + if [ ! -f /srv/daemon/config/core.json ]; then + warn "YOU MUST CONFIGURE YOUR DAEMON PROPERLY BEFORE INSTALLING THE STANDALONE SFTP SERVER!!!" + exit 11 + fi + cd /srv/daemon + if [ $(cat /srv/daemon/config/core.json | jq -r '.sftp.enabled') == "null" ]; then + output "Updating config to enable sftp-server." + cat /srv/daemon/config/core.json | jq '.sftp.enabled |= false' > /tmp/core + cat /tmp/core > /srv/daemon/config/core.json + rm -rf /tmp/core + elif [ $(cat /srv/daemon/config/core.json | jq -r '.sftp.enabled') == "false" ]; then + output "Config already set up for golang sftp server." + else + output "You may have purposly set the sftp to true and that will fail." + fi + service wings restart + output "Installing standalone SFTP server." + curl -Lo sftp-server https://github.com/pterodactyl/sftp-server/releases/download/v1.0.4/sftp-server + chmod +x sftp-server + bash -c 'cat > /etc/systemd/system/pterosftp.service' <<-'EOF' +[Unit] +Description=Pterodactyl Standalone SFTP Server +After=wings.service +[Service] +User=root +WorkingDirectory=/srv/daemon +LimitNOFILE=4096 +PIDFile=/var/run/wings/sftp.pid +ExecStart=/srv/daemon/sftp-server +Restart=on-failure +StartLimitInterval=600 +[Install] +WantedBy=multi-user.target +EOF + systemctl enable pterosftp + service pterosftp restart +} + +upgrade_standalone_sftp(){ + output "Turning off the standalone SFTP server." + service pterosftp stop + curl -Lo sftp-server https://github.com/pterodactyl/sftp-server/releases/download/v1.0.4/sftp-server + chmod +x sftp-server + service pterosftp start + output "Your standalone SFTP server has been updated to v1.0.4" +} + +install_mobile(){ + cd /var/www/pterodactyl + composer config repositories.cloud composer https://packages.pterodactyl.cloud + composer require friendsofphp/php-cs-fixer 2.15.1 --dev + composer require pterodactyl/mobile-addon --update-no-dev --optimize-autoloader + php artisan migrate --force +} + + +install_phpmyadmin(){ + output "Installing phpMyAdmin." + cd /var/www/pterodactyl/public + rm -rf phpmyadmin + wget https://files.phpmyadmin.net/phpMyAdmin/5.0.2/phpMyAdmin-5.0.2-all-languages.zip + unzip phpMyAdmin-5.0.2-all-languages.zip + mv phpMyAdmin-5.0.2-all-languages phpmyadmin + rm -rf phpMyAdmin-5.0.2-all-languages.zip + cd /var/www/pterodactyl/public/phpmyadmin + + SERVER_IP=$(curl -s http://checkip.amazonaws.com) + BOWFISH=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 34 | head -n 1` + bash -c 'cat > /var/www/pterodactyl/public/phpmyadmin/config.inc.php' < +EOF + output "Installation completed." + if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then + chown -R www-data:www-data * /var/www/pterodactyl + elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then + chown -R apache:apache * /var/www/pterodactyl + chown -R nginx:nginx * /var/www/pterodactyl + semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/pterodactyl/storage(/.*)?" + restorecon -R /var/www/pterodactyl + fi +} + +ssl_certs(){ + output "Installing LetsEncrypt and creating an SSL certificate." + cd /root + if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then + if [ "$lsb_dist" = "debian" ] && [ "$dist_version" = "8" ]; then + wget https://dl.eff.org/certbot-auto + chmod a+x certbot-auto + else + apt-get -y install certbot + fi + elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then + yum -y install certbot + fi + if [ "$webserver" = "1" ]; then + service nginx stop + elif [ "$webserver" = "2" ]; then + if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then + service apache2 stop + elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then + service httpd stop + fi + fi + + if [ "$lsb_dist" = "debian" ] && [ "$dist_version" = "8" ]; then + ./certbot-auto certonly --standalone --email "$email" --agree-tos -d "$FQDN" --non-interactive + else + certbot certonly --standalone --email "$email" --agree-tos -d "$FQDN" --non-interactive + fi + if [ "$installoption" = "2" ]; then + if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then + ufw deny 80 + elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then + firewall-cmd --permanent --remove-port=80/tcp + firewall-cmd --reload + fi + else + if [ "$webserver" = "1" ]; then + service nginx restart + elif [ "$webserver" = "2" ]; then + if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then + service apache2 restart + elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then + service httpd restart + fi + fi + fi + + if [ "$lsb_dist" = "debian" ] && [ "$dist_version" = "8" ]; then + if [ "$installoption" = "1" ]; then + if [ "$webserver" = "1" ]; then + (crontab -l ; echo '0 0,12 * * * ./certbot-auto renew --pre-hook "service nginx stop" --post-hook "service nginx restart" >> /dev/null 2>&1')| crontab - + elif [ "$webserver" = "2" ]; then + (crontab -l ; echo '0 0,12 * * * ./certbot-auto renew --pre-hook "service apache2 stop" --post-hook "service apache2 restart" >> /dev/null 2>&1')| crontab - + fi + elif [ "$installoption" = "2" ]; then + (crontab -l ; echo '0 0,12 * * * ./certbot-auto renew --pre-hook "ufw allow 80" --pre-hook "service wings stop" --post-hook "ufw deny 80" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab - + elif [ "$installoption" = "3" ]; then + if [ "$webserver" = "1" ]; then + (crontab -l ; echo '0 0,12 * * * ./certbot-auto renew --pre-hook "service nginx stop" --pre-hook "service wings stop" --post-hook "service nginx restart" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab - + elif [ "$webserver" = "2" ]; then + (crontab -l ; echo '0 0,12 * * * ./certbot-auto renew --pre-hook "service apache2 stop" --pre-hook "service wings stop" --post-hook "service apache2 restart" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab - + fi + fi + elif [ "$lsb_dist" = "debian" ] || [ "$lsb_dist" = "ubuntu" ]; then + if [ "$installoption" = "1" ]; then + if [ "$webserver" = "1" ]; then + (crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service nginx stop" --post-hook "service nginx restart" >> /dev/null 2>&1')| crontab - + elif [ "$webserver" = "2" ]; then + (crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service apache2 stop" --post-hook "service apache2 restart" >> /dev/null 2>&1')| crontab - + fi + elif [ "$installoption" = "2" ]; then + (crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "ufw allow 80" --pre-hook "service wings stop" --post-hook "ufw deny 80" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab - + elif [ "$installoption" = "3" ]; then + if [ "$webserver" = "1" ]; then + (crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service nginx stop" --pre-hook "service wings stop" --post-hook "service nginx restart" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab - + elif [ "$webserver" = "2" ]; then + (crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service apache2 stop" --pre-hook "service wings stop" --post-hook "service apache2 restart" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab - + fi + fi + elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then + if [ "$installoption" = "1" ]; then + if [ "$webserver" = "1" ]; then + (crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service nginx stop" --post-hook "service nginx restart" >> /dev/null 2>&1')| crontab - + elif [ "$webserver" = "2" ]; then + (crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service httpd stop" --post-hook "service httpd restart" >> /dev/null 2>&1')| crontab - + fi + elif [ "$installoption" = "2" ]; then + (crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "firewall-cmd --add-port=80/tcp && firewall-cmd --reload" --pre-hook "service wings stop" --post-hook "firewall-cmd --remove-port=80/tcp && firewall-cmd --reload" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab - + elif [ "$installoption" = "3" ]; then + if [ "$webserver" = "1" ]; then + (crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service nginx stop" --pre-hook "service wings stop" --post-hook "service nginx restart" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab - + elif [ "$webserver" = "2" ]; then + (crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service httpd stop" --pre-hook "service wings stop" --post-hook "service httpd restart" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab - + fi + fi + fi +} + +firewall(){ + if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then + apt -y install iptables + elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "rhel" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "cloudlinux" ]; then + yum -y install iptables + fi + + curl -sSL https://raw.githubusercontent.com/tommytran732/Anti-DDOS-Iptables/master/iptables-no-prompt.sh | sudo bash + block_icmp + javapipe_kernel + output "Setting up Fail2Ban" + if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then + apt -y install fail2ban + elif [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "rhel" ]; then + yum -y install fail2ban + fi + systemctl enable fail2ban + bash -c 'cat > /etc/fail2ban/jail.local' <<-'EOF' +[DEFAULT] +# Ban hosts for ten hours: +bantime = 36000 +# Override /etc/fail2ban/jail.d/00-firewalld.conf: +banaction = iptables-multiport +[sshd] +enabled = true +EOF + service fail2ban restart + + output "Configuring your firewall." + if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then + apt-get -y install ufw + ufw allow 22 + if [ "$installoption" = "1" ]; then + ufw allow 80 + ufw allow 443 + ufw allow 3306 + elif [ "$installoption" = "2" ]; then + ufw allow 80 + ufw allow 8080 + ufw allow 2022 + elif [ "$installoption" = "3" ]; then + ufw allow 80 + ufw allow 443 + ufw allow 8080 + ufw allow 2022 + ufw allow 3306 + fi + yes |ufw enable + elif [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "rhel" ]; then + yum -y install firewalld + systemctl enable firewalld + systemctl start firewalld + if [ "$installoption" = "1" ]; then + firewall-cmd --add-service=http --permanent + firewall-cmd --add-service=https --permanent + firewall-cmd --add-service=mysql --permanent + elif [ "$installoption" = "2" ]; then + firewall-cmd --permanent --add-service=80/tcp + firewall-cmd --permanent --add-port=2022/tcp + firewall-cmd --permanent --add-port=8080/tcp + elif [ "$installoption" = "3" ]; then + firewall-cmd --add-service=http --permanent + firewall-cmd --add-service=https --permanent + firewall-cmd --permanent --add-port=2022/tcp + firewall-cmd --permanent --add-port=8080/tcp + firewall-cmd --permanent --add-service=mysql + fi + fi +} + +block_icmp(){ + output "Block ICMP (Ping) Packets?" + output "You should choose [1] if you are not using a monitoring system and [2] otherwise." + output "[1] Yes." + output "[2] No." + read icmp + case $icmp in + 1 ) /sbin/iptables -t mangle -A PREROUTING -p icmp -j DROP + (crontab -l ; echo "@reboot /sbin/iptables -t mangle -A PREROUTING -p icmp -j DROP >> /dev/null 2>&1")| crontab - + ;; + 2 ) output "Skipping rule..." + ;; + * ) output "You did not enter a valid selection." + block_icmp + esac +} + +javapipe_kernel(){ + output "Apply JavaPipe's kernel configurations? (https://javapipe.com/blog/iptables-ddos-protection/)" + output "[1] Yes." + output "[2] No." + read javapipe + case $javapipe in + 1) sh -c "$(curl -sSL https://raw.githubusercontent.com/tommytran732/Anti-DDOS-Iptables/master/javapipe_kernel.sh)" + ;; + 2) output "Javapipe kernel modifications not applied." + ;; + * ) output "You did not enter a valid selection." + javapipe_kernel + esac +} + +install_database() { + if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then + apt -y install mariadb-server + elif [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then + if [ "$dist_version" = "8" ]; then + dnf -y install MariaDB-server MariaDB-client --disablerepo=AppStream + fi + else + dnf -y install MariaDB-server + fi + + output "Creating the databases and setting root password." + password=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` + adminpassword=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` + rootpassword=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` + Q0="DROP DATABASE IF EXISTS test;" + Q1="CREATE DATABASE IF NOT EXISTS panel;" + Q2="SET old_passwords=0;" + Q3="GRANT ALL ON panel.* TO 'pterodactyl'@'127.0.0.1' IDENTIFIED BY '$password';" + Q4="GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, ALTER, INDEX, DROP, EXECUTE, PROCESS, RELOAD, LOCK TABLES, CREATE USER ON *.* TO 'admin'@'$SERVER_IP' IDENTIFIED BY '$adminpassword' WITH GRANT OPTION;" + Q5="SET PASSWORD FOR 'root'@'localhost' = PASSWORD('$rootpassword');" + Q6="DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" + Q7="DELETE FROM mysql.user WHERE User='';" + Q8="DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%';" + Q9="FLUSH PRIVILEGES;" + SQL="${Q0}${Q1}${Q2}${Q3}${Q4}${Q5}${Q6}${Q7}${Q8}${Q9}" + mysql -u root -e "$SQL" + + output "Binding MariaDB/MySQL to 0.0.0.0." + if [ -f /etc/mysql/my.cnf ] ; then + sed -i -- 's/bind-address/# bind-address/g' /etc/mysql/my.cnf + sed -i '/\[mysqld\]/a bind-address = 0.0.0.0' /etc/mysql/my.cnf + output 'Restarting MySQL process...' + service mysql restart + elif [ -f /etc/my.cnf ] ; then + sed -i -- 's/bind-address/# bind-address/g' /etc/my.cnf + sed -i '/\[mysqld\]/a bind-address = 0.0.0.0' /etc/my.cnf + output 'Restarting MySQL process...' + service mysql restart + elif [ -f /etc/mysql/my.conf.d/mysqld.cnf ] ; then + sed -i -- 's/bind-address/# bind-address/g' /etc/my.cnf + sed -i '/\[mysqld\]/a bind-address = 0.0.0.0' /etc/my.cnf + output 'Restarting MySQL process...' + service mysql restart + else + output 'File my.cnf was not found! Please contact support.' + fi + + if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then + yes | ufw allow 3306 + elif [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "rhel" ]; then + firewall-cmd --permanent --add-service=mysql + firewall-cmd --reload + fi + + broadcast_database +} + +database_host_reset(){ + SERVER_IP=$(curl -s http://checkip.amazonaws.com) + adminpassword=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` + Q0="SET old_passwords=0;" + Q1="SET PASSWORD FOR 'admin'@'$SERVER_IP' = PASSWORD('$adminpassword');" + Q2="FLUSH PRIVILEGES;" + SQL="${Q0}${Q1}${Q2}" + mysql mysql -e "$SQL" + output "New database host information:" + output "Host: $SERVER_IP" + output "Port: 3306" + output "User: admin" + output "Password: $adminpassword" +} + +broadcast(){ + if [ "$installoption" = "1" ] || [ "$installoption" = "3" ]; then + broadcast_database + fi + output "###############################################################" + output "FIREWALL INFORMATION" + output "" + output "All unnecessary ports are blocked by default." + if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then + output "Use 'ufw allow ' to enable your desired ports" + elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] && [ "$dist_version" != "8" ]; then + output "Use 'firewall-cmd --permanent --add-port=/tcp' to enable your desired ports." + fi + output "###############################################################" + output "" +} + +broadcast_database(){ + output "###############################################################" + output "MARIADB/MySQL INFORMATION" + output "" + output "Your MariaDB/MySQL root password is $rootpassword" + output "" + output "Create your MariaDB/MySQL host with the following information:" + output "Host: $SERVER_IP" + output "Port: 3306" + output "User: admin" + output "Password: $adminpassword" + output "###############################################################" + output "" +} + +#Execution +preflight +install_options +case $installoption in + 1) webserver_options + theme_options + repositories_setup + required_infos + firewall + setup_pterodactyl + broadcast + ;; + 2) repositories_setup + required_infos + firewall + ssl_certs + install_daemon + broadcast + ;; + 3) webserver_options + theme_options + repositories_setup + required_infos + firewall + setup_pterodactyl + install_daemon + broadcast + ;; + 4) install_standalone_sftp + ;; + 5) theme_options + upgrade_pterodactyl + theme + ;; + 6) upgrade_daemon + ;; + 7) theme_options + upgrade_pterodactyl + theme + upgrade_daemon + ;; + 8) upgrade_standalone_sftp + ;; + 9) install_mobile + ;; + 10) cd /var/www/pterodactyl + composer update pterodactyl/mobile-addon + ;; + 11) install_phpmyadmin + ;; + 12) repositories_setup + install_database + ;; + 13) theme_options + if [ "$themeoption" = "1" ]; then + upgrade_pterodactyl + fi + theme + ;; + 14) curl -sSL https://raw.githubusercontent.com/tommytran732/MariaDB-Root-Password-Reset/master/mariadb-104.sh | sudo bash + ;; + 15) database_host_reset + ;; +esac