#!/bin/bash output(){ echo -e '\e[36m'$1'\e[0m'; } warn(){ echo -e '\e[31m'$1'\e[0m'; } PANEL=v1.3.1 WINGS=v1.3.1 PANEL_LEGACY=v0.7.19 DAEMON_LEGACY=v0.6.13 PHPMYADMIN=5.0.4 preflight(){ output "Pterodactyl Installation & Upgrade Script" output "Copyright © 2020 Thien Tran ." output "Please join my Telegram for community support: https://t.me/revenact" output "" output "Please note that this script is meant to be installed on a fresh OS. Installing it on a non-fresh OS may cause problems." output "Automatic operating system detection initialized..." os_check if [ "$EUID" -ne 0 ]; then output "Please run as root." exit 3 fi output "Automatic architecture detection initialized..." MACHINE_TYPE=`uname -m` if [ ${MACHINE_TYPE} == 'x86_64' ]; then output "64-bit server detected! Good to go." output "" else output "Unsupported architecture detected! Please switch to 64-bit (x86_64)." exit 4 fi output "Automatic virtualization detection initialized..." if [ "$lsb_dist" = "ubuntu" ]; then apt-get update --fix-missing apt-get -y install software-properties-common add-apt-repository -y universe apt-get -y install virt-what curl elif [ "$lsb_dist" = "debian" ]; then apt update --fix-missing apt-get -y install software-properties-common virt-what wget curl dnsutils elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then yum -y install virt-what wget bind-utils fi virt_serv=$(echo $(virt-what)) if [ "$virt_serv" = "" ]; then output "Virtualization: Bare Metal detected." elif [ "$virt_serv" = "openvz lxc" ]; then output "Virtualization: OpenVZ 7 detected." elif [ "$virt_serv" = "xen xen-hvm" ]; then output "Virtualization: Xen-HVM detected." elif [ "$virt_serv" = "xen xen-hvm aws" ]; then output "Virtualization: Xen-HVM on AWS detected." warn "When creating allocations for this node, please use the internal IP as Google Cloud uses NAT routing." warn "Resuming in 10 seconds..." sleep 10 else output "Virtualization: $virt_serv detected." fi output "" if [ "$virt_serv" != "" ] && [ "$virt_serv" != "kvm" ] && [ "$virt_serv" != "vmware" ] && [ "$virt_serv" != "hyperv" ] && [ "$virt_serv" != "openvz lxc" ] && [ "$virt_serv" != "xen xen-hvm" ] && [ "$virt_serv" != "xen xen-hvm aws" ]; then warn "Unsupported type of virtualization detected. Please consult with your hosting provider whether your server can run Docker or not. Proceed at your own risk." warn "No support would be given if your server breaks at any point in the future." warn "Proceed?\n[1] Yes.\n[2] No." read choice case $choice in 1) output "Proceeding..." ;; 2) output "Cancelling installation..." exit 5 ;; esac output "" fi output "Kernel detection initialized..." if echo $(uname -r) | grep -q xxxx; then output "OVH kernel detected. This script will not work. Please reinstall your server using a generic/distribution kernel." output "When you are reinstalling your server, click on 'custom installation' and click on 'use distribution' kernel after that." output "You might also want to do custom partitioning, remove the /home partition and give / all the remaining space." output "Please do not hesitate to contact us if you need help regarding this issue." exit 6 elif echo $(uname -r) | grep -q pve; then output "Proxmox LXE kernel detected. You have chosen to continue in the last step, therefore we are proceeding at your own risk." output "Proceeding with a risky operation..." elif echo $(uname -r) | grep -q stab; then if echo $(uname -r) | grep -q 2.6; then output "OpenVZ 6 detected. This server will definitely not work with Docker, regardless of what your provider might say. Exiting to avoid further damages." exit 6 fi elif echo $(uname -r) | grep -q gcp; then output "Google Cloud Platform detected." warn "Please make sure you have a static IP setup, otherwise the system will not work after a reboot." warn "Please also make sure the GCP firewall allows the ports needed for the server to function normally." warn "When creating allocations for this node, please use the internal IP as Google Cloud uses NAT routing." warn "Resuming in 10 seconds..." sleep 10 else output "Did not detect any bad kernel. Moving forward..." output "" fi } os_check(){ if [ -r /etc/os-release ]; then lsb_dist="$(. /etc/os-release && echo "$ID")" dist_version="$(. /etc/os-release && echo "$VERSION_ID")" if [ $lsb_dist = "rhel" ]; then dist_version="$(echo $dist_version | awk -F. '{print $1}')" fi else exit 1 fi if [ "$lsb_dist" = "ubuntu" ]; then if [ "$dist_version" != "20.04" ] && [ "$dist_version" != "18.04" ]; then output "Unsupported Ubuntu version. Only Ubuntu 20.04 and 18.04 are supported." exit 2 fi elif [ "$lsb_dist" = "debian" ]; then if [ "$dist_version" != "10" ]; then output "Unsupported Debian version. Only Debian 10 is supported." exit 2 fi elif [ "$lsb_dist" = "fedora" ]; then if [ "$dist_version" != "33" ] && [ "$dist_version" != "32" ]; then output "Unsupported Fedora version. Only Fedora 33 and 32 are supported." exit 2 fi elif [ "$lsb_dist" = "centos" ]; then if [ "$dist_version" != "8" ]; then output "Unsupported CentOS version. Only CentOS Stream and 8 are supported." exit 2 fi elif [ "$lsb_dist" = "rhel" ]; then if [ $dist_version != "8" ]; then output "Unsupported RHEL version. Only RHEL 8 is supported." exit 2 fi elif [ "$lsb_dist" != "ubuntu" ] && [ "$lsb_dist" != "debian" ] && [ "$lsb_dist" != "centos" ]; then output "Unsupported operating system." output "" output "Supported OS:" output "Ubuntu: 20.04, 18.04" output "Debian: 10" output "Fedora: 33, 32" output "CentOS: 8, 7" output "RHEL: 8" exit 2 fi } install_options(){ output "Please select your installation option:" output "[1] Install the panel ${PANEL}." output "[2] Install the panel ${PANEL_LEGACY}." output "[3] Install the wings ${WINGS}." output "[4] Install the daemon ${DAEMON_LEGACY}." output "[5] Install the panel ${PANEL} and wings ${WINGS}." output "[6] Install the panel ${PANEL_LEGACY} and daemon ${DAEMON_LEGACY}." output "[7] Install the standalone SFTP server." output "[8] Upgrade (1.x) panel to ${PANEL}." output "[9] Upgrade (0.7.x) panel to ${PANEL}." output "[10] Upgrade (0.7.x) panel to ${PANEL_LEGACY}." output "[11] Upgrade (0.6.x) daemon to ${DAEMON_LEGACY}." output "[12] Migrating daemon to wings." output "[13] Upgrade the panel to ${PANEL} and Migrate to wings" output "[14] Upgrade the panel to ${PANEL_LEGACY} and daemon to ${DAEMON_LEGACY}" output "[15] Upgrade the standalone SFTP server to (1.0.5)." output "[16] Make Pterodactyl compatible with the mobile app (only use this after you have installed the panel - check out https://pterodactyl.cloud for more information)." output "[17] Update mobile compatibility." output "[18] Install or update to phpMyAdmin (${PHPMYADMIN}) (only use this after you have installed the panel)." output "[19] Install a standalone database host (only for use on daemon-only installations)." output "[20] Change Pterodactyl theme (${PANEL_LEGACY} Only)." output "[21] Emergency MariaDB root password reset." output "[22] Emergency database host information reset." read choice case $choice in 1 ) installoption=1 output "You have selected ${PANEL} panel installation only." ;; 2 ) installoption=2 output "You have selected ${PANEL_LEGACY} panel installation only." ;; 3 ) installoption=3 output "You have selected wings ${WINGS} installation only." ;; 4 ) installoption=4 output "You have selected daemon ${DAEMON_LEGACY} installation only." ;; 5 ) installoption=5 output "You have selected ${PANEL} panel and wings ${WINGS} installation." ;; 6 ) installoption=6 output "You have selected ${PANEL_LEGACY} panel and daemon installation." ;; 7 ) installoption=7 output "You have selected to install the standalone SFTP server." ;; 8 ) installoption=8 output "You have selected to upgrade the panel to ${PANEL}." ;; 9 ) installoption=9 output "You have selected to upgrade the panel to ${PANEL}." ;; 10 ) installoption=10 output "You have selected to upgrade the panel to ${PANEL_LEGACY}." ;; 11 ) installoption=11 output "You have selected to upgrade the daemon to ${DAEMON_LEGACY}." ;; 12 ) installoption=12 output "You have selected to migrate daemon ${DAEMON_LEGACY} to wings ${WINGS}." ;; 13 ) installoption=13 output "You have selected to upgrade both the panel to ${PANEL} and migrating to wings ${WINGS}." ;; 14 ) installoption=14 output "You have selected to upgrade both the panel to ${PANEL} and daemon to ${DAEMON_LEGACY}." ;; 15 ) installoption=15 output "You have selected to upgrade the standalone SFTP." ;; 16 ) installoption=16 output "You have activated mobile app compatibility." ;; 17 ) installoption=17 output "You have selected to update the mobile app compatibility." ;; 18 ) installoption=18 output "You have selected to install or update phpMyAdmin ${PHPMYADMIN}." ;; 19 ) installoption=19 output "You have selected to install a Database host." ;; 20 ) installoption=20 output "You have selected to change Pterodactyl ${PANEL_LEGACY} only." ;; 21 ) installoption=21 output "You have selected MariaDB root password reset." ;; 22 ) installoption=22 output "You have selected Database Host information reset." ;; * ) output "You did not enter a valid selection." install_options esac } webserver_options() { output "Please select which web server you would like to use:\n[1] Nginx (recommended).\n[2] Apache2/httpd." read choice case $choice in 1 ) webserver=1 output "You have selected Nginx." output "" ;; 2 ) webserver=2 output "You have selected Apache2/httpd." output "" ;; * ) output "You did not enter a valid selection." webserver_options esac } theme_options() { output "Would you like to install one of Fonix's themes?" warn "AS OF NOW, FONIX HAS NOT UPDATED HIS THEME TO 0.7.19 TO FIX THE XSS EXPLOIT IN PTERODACTYL <=0.7.18 YET. DO NOT USE THESE IN PRODUCTION. I HIGHLY RECOMMEND THAT YOU SELECT [1]." output "[1] No." output "[2] Super Pink and Fluffy." output "[3] Tango Twist." output "[4] Blue Brick." output "[5] Minecraft Madness." output "[6] Lime Stitch." output "[7] Red Ape." output "[8] BlackEnd Space." output "[9] Nothing But Graphite." output "" output "You can find out about Fonix's themes here: https://github.com/TheFonix/Pterodactyl-Themes" read choice case $choice in 1 ) themeoption=1 output "You have selected to install the vanilla Pterodactyl theme." output "" ;; 2 ) themeoption=2 output "You have selected to install Fonix's Super Pink and Fluffy theme." output "" ;; 3 ) themeoption=3 output "You have selected to install Fonix's Tango Twist theme." output "" ;; 4 ) themeoption=4 output "You have selected to install Fonix's Blue Brick theme." output "" ;; 5 ) themeoption=5 output "You have selected to install Fonix's Minecraft Madness theme." output "" ;; 6 ) themeoption=6 output "You have selected to install Fonix's Lime Stitch theme." output "" ;; 7 ) themeoption=7 output "You have selected to install Fonix's Red Ape theme." output "" ;; 8 ) themeoption=8 output "You have selected to install Fonix's BlackEnd Space theme." output "" ;; 9 ) themeoption=9 output "You have selected to install Fonix's Nothing But Graphite theme." output "" ;; * ) output "You did not enter a valid selection." theme_options esac } required_infos() { output "Please enter the desired user email address:" read email dns_check } dns_check(){ output "Please enter your FQDN (panel.domain.tld):" read FQDN output "Resolving DNS..." SERVER_IP=$(dig +short myip.opendns.com @resolver1.opendns.com) DOMAIN_RECORD=$(dig +short ${FQDN}) if [ "${SERVER_IP}" != "${DOMAIN_RECORD}" ]; then output "" output "The entered domain does not resolve to the primary public IP of this server." output "Please make an A record pointing to your server's IP. For example, if you make an A record called 'panel' pointing to your server's IP, your FQDN is panel.domain.tld" output "If you are using Cloudflare, please disable the orange cloud." output "If you do not have a domain, you can get a free one at https://freenom.com" dns_check else output "Domain resolved correctly. Good to go..." fi } theme() { output "Theme installation initialized..." cd /var/www/pterodactyl if [ "$themeoption" = "1" ]; then output "Keeping Pterodactyl's vanilla theme." elif [ "$themeoption" = "2" ]; then curl https://raw.githubusercontent.com/TheFonix/Pterodactyl-Themes/master/MasterThemes/PinkAnFluffy/build.sh | sh elif [ "$themeoption" = "3" ]; then curl https://raw.githubusercontent.com/TheFonix/Pterodactyl-Themes/master/MasterThemes/TangoTwist/build.sh | sh elif [ "$themeoption" = "4" ]; then curl https://raw.githubusercontent.com/TheFonix/Pterodactyl-Themes/master/MasterThemes/BlueBrick/build.sh | sh elif [ "$themeoption" = "5" ]; then curl https://raw.githubusercontent.com/TheFonix/Pterodactyl-Themes/master/MasterThemes/MinecraftMadness/build.sh | sh elif [ "$themeoption" = "6" ]; then curl https://raw.githubusercontent.com/TheFonix/Pterodactyl-Themes/master/MasterThemes/LimeStitch/build.sh | sh elif [ "$themeoption" = "7" ]; then curl https://raw.githubusercontent.com/TheFonix/Pterodactyl-Themes/master/MasterThemes/RedApe/build.sh | sh elif [ "$themeoption" = "8" ]; then curl https://raw.githubusercontent.com/TheFonix/Pterodactyl-Themes/master/MasterThemes/BlackEndSpace/build.sh | sh elif [ "$themeoption" = "9" ]; then curl https://raw.githubusercontent.com/TheFonix/Pterodactyl-Themes/master/MasterThemes/NothingButGraphite/build.sh | sh fi php artisan view:clear php artisan cache:clear } repositories_setup(){ output "Configuring your repositories..." if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then apt-get -y install sudo apt-get -y install software-properties-common curl apt-transport-https ca-certificates gnupg dpkg --remove-architecture i386 echo 'Acquire::ForceIPv4 "true";' | sudo tee /etc/apt/apt.conf.d/99force-ipv4 apt-get -y update curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash if [ "$lsb_dist" = "ubuntu" ]; then LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php add-apt-repository -y ppa:chris-lea/redis-server if [ "$dist_version" != "20.04" ]; then add-apt-repository -y ppa:certbot/certbot add-apt-repository -y ppa:nginx/development fi apt -y install tuned dnsutils tuned-adm profile latency-performance elif [ "$lsb_dist" = "debian" ]; then apt-get -y install ca-certificates apt-transport-https echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/php.list if [ "$dist_version" = "10" ]; then apt -y install dirmngr wget -q https://packages.sury.org/php/apt.gpg -O- | sudo apt-key add - sudo apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc' apt -y install tuned tuned-adm profile latency-performance fi apt-get -y update apt-get -y upgrade apt-get -y autoremove apt-get -y autoclean apt-get -y install curl elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ]; then if [ "$lsb_dist" = "fedora" ] ; then if [ "$dist_version" = "33" ]; then dnf -y install http://rpms.remirepo.net/fedora/remi-release-33.rpm elif [ "$dist_version" = "32" ]; then dnf -y install http://rpms.remirepo.net/fedora/remi-release-32.rpm fi dnf -y install dnf-plugins-core python2 libsemanage-devel dnf config-manager --set-enabled remi dnf -y module enable php:remi-7.4 dnf -y module enable nginx:mainline/common dnf -y module enable mariadb:14/server elif [ "$lsb_dist" = "centos" ] && [ "$dist_version" = "8" ]; then dnf -y install epel-release boost-program-options dnf -y install http://rpms.remirepo.net/enterprise/remi-release-8.rpm dnf config-manager --set-enabled remi dnf -y module enable php:remi-7.4 dnf -y module enable nginx:mainline/common curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash dnf config-manager --set-enabled mariadb fi bash -c 'cat > /etc/yum.repos.d/nginx.repo' <<-'EOF' [nginx-mainline] name=nginx mainline repo baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/ gpgcheck=1 enabled=0 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true EOF bash -c 'cat > /etc/yum.repos.d/mariadb.repo' <<-'EOF' [mariadb] name = MariaDB baseurl = http://yum.mariadb.org/10.5/centos7-amd64 gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB gpgcheck=1 EOF yum -y install epel-release yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm yum -y install policycoreutils-python yum-utils libsemanage-devel yum-config-manager --enable remi yum-config-manager --enable remi-php74 yum-config-manager --enable nginx-mainline yum-config-manager --enable mariadb elif [ "$lsb_dist" = "rhel" ] && [ "$dist_version" = "8" ]; then dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm dnf -y install boost-program-options dnf -y install http://rpms.remirepo.net/enterprise/remi-release-8.rpm dnf config-manager --set-enabled remi dnf -y module enable php:remi-7.4 dnf -y module enable nginx:mainline/common curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash dnf config-manager --set-enabled mariadb fi yum -y install yum-utils tuned tuned-adm profile latency-performance yum -y upgrade yum -y autoremove yum -y clean packages yum -y install curl bind-utils cronie fi } repositories_setup_0.7.19(){ output "Configuring your repositories..." if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then apt-get -y install sudo apt-get -y install software-properties-common dnsutils gpg-agent dpkg --remove-architecture i386 echo 'Acquire::ForceIPv4 "true";' | sudo tee /etc/apt/apt.conf.d/99force-ipv4 apt-get -y update curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash if [ "$lsb_dist" = "ubuntu" ]; then LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php add-apt-repository -y ppa:chris-lea/redis-server if [ "$dist_version" != "20.04" ]; then add-apt-repository -y ppa:certbot/certbot add-apt-repository -y ppa:nginx/development fi apt -y install tuned dnsutils tuned-adm profile latency-performance elif [ "$lsb_dist" = "debian" ]; then apt-get -y install ca-certificates apt-transport-https echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/php.list if [ "$dist_version" = "10" ]; then apt -y install dirmngr wget -q https://packages.sury.org/php/apt.gpg -O- | sudo apt-key add - sudo apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc' apt -y install tuned tuned-adm profile latency-performance fi apt-get -y update apt-get -y upgrade apt-get -y autoremove apt-get -y autoclean apt-get -y install curl elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ]; then if [ "$lsb_dist" = "fedora" ] ; then if [ "$dist_version" = "33" ]; then dnf -y install http://rpms.remirepo.net/fedora/remi-release-33.rpm elif [ "$dist_version" = "32" ]; then dnf -y install http://rpms.remirepo.net/fedora/remi-release-32.rpm fi dnf -y install dnf-plugins-core python2 libsemanage-devel dnf config-manager --set-enabled remi dnf -y module enable php:remi-7.3 dnf -y module enable nginx:mainline/common dnf -y module enable mariadb:14/server elif [ "$lsb_dist" = "centos" ] && [ "$dist_version" = "8" ]; then dnf -y install epel-release boost-program-options dnf -y install http://rpms.remirepo.net/enterprise/remi-release-8.rpm dnf config-manager --set-enabled remi dnf -y module enable php:remi-7.3 dnf -y module enable nginx:mainline/common curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash dnf config-manager --set-enabled mariadb fi bash -c 'cat > /etc/yum.repos.d/nginx.repo' <<-'EOF' [nginx-mainline] name=nginx mainline repo baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/ gpgcheck=1 enabled=0 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true EOF bash -c 'cat > /etc/yum.repos.d/mariadb.repo' <<-'EOF' [mariadb] name = MariaDB baseurl = http://yum.mariadb.org/10.5/centos7-amd64 gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB gpgcheck=1 EOF yum -y install epel-release yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm yum -y install policycoreutils-python yum-utils libsemanage-devel yum-config-manager --enable remi yum-config-manager --enable remi-php73 yum-config-manager --enable nginx-mainline yum-config-manager --enable mariadb elif [ "$lsb_dist" = "rhel" ] && [ "$dist_version" = "8" ]; then dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm dnf -y install boost-program-options dnf -y install http://rpms.remirepo.net/enterprise/remi-release-8.rpm dnf config-manager --set-enabled remi dnf -y module enable php:remi-7.3 dnf -y module enable nginx:mainline/common curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash dnf config-manager --set-enabled mariadb fi yum -y install yum-utils tuned tuned-adm profile latency-performance yum -y upgrade yum -y autoremove yum -y clean packages yum -y install curl bind-utils cronie fi } install_dependencies(){ output "Installing dependencies..." if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then if [ "$webserver" = "1" ]; then apt -y install php7.4 php7.4-{cli,gd,mysql,pdo,mbstring,tokenizer,bcmath,xml,fpm,curl,zip} nginx tar unzip git redis-server nginx git wget expect elif [ "$webserver" = "2" ]; then apt -y install php7.4 php7.4-{cli,gd,mysql,pdo,mbstring,tokenizer,bcmath,xml,fpm,curl,zip} curl tar unzip git redis-server apache2 libapache2-mod-php7.4 redis-server git wget expect fi sh -c "DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-unauthenticated mariadb-server" else if [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then if [ "$dist_version" = "8" ]; then dnf -y install MariaDB-server MariaDB-client --disablerepo=AppStream fi else dnf -y install MariaDB-server fi dnf -y module install php:remi-7.4 if [ "$webserver" = "1" ]; then dnf -y install redis nginx git policycoreutils-python-utils unzip wget expect jq php-mysql php-zip php-bcmath tar elif [ "$webserver" = "2" ]; then dnf -y install redis httpd git policycoreutils-python-utils mod_ssl unzip wget expect jq php-mysql php-zip php-mcmath tar fi fi output "Enabling Services..." if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then systemctl enable redis-server service redis-server start systemctl enable php7.4-fpm service php7.4-fpm start elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then systemctl enable redis service redis start systemctl enable php-fpm service php-fpm start fi systemctl enable cron systemctl enable mariadb if [ "$webserver" = "1" ]; then systemctl enable nginx service nginx start elif [ "$webserver" = "2" ]; then if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then systemctl enable apache2 service apache2 start elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then systemctl enable httpd service httpd start fi fi service mysql start } install_dependencies_0.7.19(){ output "Installing dependencies..." if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then if [ "$webserver" = "1" ]; then apt-get -y install php7.3 php7.3-cli php7.3-gd php7.3-mysql php7.3-pdo php7.3-mbstring php7.3-tokenizer php7.3-bcmath php7.3-xml php7.3-fpm php7.3-curl php7.3-zip curl tar unzip git redis-server nginx git wget expect elif [ "$webserver" = "2" ]; then apt-get -y install php7.3 php7.3-cli php7.3-gd php7.3-mysql php7.3-pdo php7.3-mbstring php7.3-tokenizer php7.3-bcmath php7.3-xml php7.3-fpm php7.3-curl php7.3-zip curl tar unzip git redis-server apache2 libapache2-mod-php7.3 redis-server git wget expect fi sh -c "DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-unauthenticated mariadb-server" else if [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then if [ "$dist_version" = "8" ]; then dnf -y install MariaDB-server MariaDB-client --disablerepo=AppStream fi else dnf -y install MariaDB-server fi dnf -y module install php:remi-7.3 if [ "$webserver" = "1" ]; then dnf -y install redis nginx git policycoreutils-python-utils unzip wget expect jq php-mysql php-zip php-bcmath tar elif [ "$webserver" = "2" ]; then dnf -y install redis httpd git policycoreutils-python-utils mod_ssl unzip wget expect jq php-mysql php-zip php-mcmath tar fi fi output "Enabling Services..." if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then systemctl enable redis-server service redis-server start systemctl enable php7.3-fpm service php7.3-fpm start elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then systemctl enable redis service redis start systemctl enable php-fpm service php-fpm start fi systemctl enable cron systemctl enable mariadb if [ "$webserver" = "1" ]; then systemctl enable nginx service nginx start elif [ "$webserver" = "2" ]; then if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then systemctl enable apache2 service apache2 start elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then systemctl enable httpd service httpd start fi fi service mysql start } install_pterodactyl() { output "Creating the databases and setting root password..." password=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` adminpassword=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` rootpassword=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` Q0="DROP DATABASE IF EXISTS test;" Q1="CREATE DATABASE IF NOT EXISTS panel;" Q2="SET old_passwords=0;" Q3="GRANT ALL ON panel.* TO 'pterodactyl'@'127.0.0.1' IDENTIFIED BY '$password';" Q4="GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, ALTER, INDEX, DROP, EXECUTE, PROCESS, RELOAD, LOCK TABLES, CREATE USER ON *.* TO 'admin'@'$SERVER_IP' IDENTIFIED BY '$adminpassword' WITH GRANT OPTION;" Q5="SET PASSWORD FOR 'root'@'localhost' = PASSWORD('$rootpassword');" Q6="DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" Q7="DELETE FROM mysql.user WHERE User='';" Q8="DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%';" Q9="FLUSH PRIVILEGES;" SQL="${Q0}${Q1}${Q2}${Q3}${Q4}${Q5}${Q6}${Q7}${Q8}${Q9}" mysql -u root -e "$SQL" output "Binding MariaDB/MySQL to 0.0.0.0." if grep -Fqs "bind-address" /etc/mysql/mariadb.conf.d/50-server.cnf ; then sed -i -- '/bind-address/s/#//g' /etc/mysql/mariadb.conf.d/50-server.cnf sed -i -- '/bind-address/s/127.0.0.1/0.0.0.0/g' /etc/mysql/mariadb.conf.d/50-server.cnf output 'Restarting MySQL process...' service mysql restart elif grep -Fqs "bind-address" /etc/mysql/my.cnf ; then sed -i -- '/bind-address/s/#//g' /etc/mysql/my.cnf sed -i -- '/bind-address/s/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf output 'Restarting MySQL process...' service mysql restart elif grep -Fqs "bind-address" /etc/my.cnf ; then sed -i -- '/bind-address/s/#//g' /etc/my.cnf sed -i -- '/bind-address/s/127.0.0.1/0.0.0.0/g' /etc/my.cnf output 'Restarting MySQL process...' service mysql restart elif grep -Fqs "bind-address" /etc/mysql/my.conf.d/mysqld.cnf ; then sed -i -- '/bind-address/s/#//g' /etc/mysql/my.conf.d/mysqld.cnf sed -i -- '/bind-address/s/127.0.0.1/0.0.0.0/g' /etc/mysql/my.conf.d/mysqld.cnf output 'Restarting MySQL process...' service mysql restart else output 'A MySQL configuration file could not be detected! Please contact support.' fi output "Downloading Pterodactyl..." mkdir -p /var/www/pterodactyl cd /var/www/pterodactyl curl -Lo panel.tar.gz https://github.com/pterodactyl/panel/releases/download/${PANEL}/panel.tar.gz tar -xzvf panel.tar.gz chmod -R 755 storage/* bootstrap/cache/ output "Installing Pterodactyl..." if [ "$installoption" = "2" ] || [ "$installoption" = "6" ]; then curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer --version=1.10.16 else curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer fi cp .env.example .env /usr/local/bin/composer install --no-dev --optimize-autoloader --no-interaction php artisan key:generate --force php artisan p:environment:setup -n --author=$email --url=https://$FQDN --timezone=America/New_York --cache=redis --session=database --queue=redis --redis-host=127.0.0.1 --redis-pass= --redis-port=6379 php artisan p:environment:database --host=127.0.0.1 --port=3306 --database=panel --username=pterodactyl --password=$password output "To use PHP's internal mail sending, select [mail]. To use a custom SMTP server, select [smtp]. TLS Encryption is recommended." php artisan p:environment:mail php artisan migrate --seed --force php artisan p:user:make --email=$email --admin=1 if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then chown -R www-data:www-data * /var/www/pterodactyl elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then if [ "$webserver" = "1" ]; then chown -R nginx:nginx * /var/www/pterodactyl elif [ "$webserver" = "2" ]; then chown -R apache:apache * /var/www/pterodactyl fi semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/pterodactyl/storage(/.*)?" restorecon -R /var/www/pterodactyl fi output "Creating panel queue listeners..." (crontab -l ; echo "* * * * * php /var/www/pterodactyl/artisan schedule:run >> /dev/null 2>&1")| crontab - service cron restart if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then cat > /etc/systemd/system/pteroq.service <<- 'EOF' [Unit] Description=Pterodactyl Queue Worker After=redis-server.service [Service] User=www-data Group=www-data Restart=always ExecStart=/usr/bin/php /var/www/pterodactyl/artisan queue:work --queue=high,standard,low --sleep=3 --tries=3 [Install] WantedBy=multi-user.target EOF elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then if [ "$webserver" = "1" ]; then cat > /etc/systemd/system/pteroq.service <<- 'EOF' Description=Pterodactyl Queue Worker After=redis-server.service [Service] User=nginx Group=nginx Restart=always ExecStart=/usr/bin/php /var/www/pterodactyl/artisan queue:work --queue=high,standard,low --sleep=3 --tries=3 [Install] WantedBy=multi-user.target EOF elif [ "$webserver" = "2" ]; then cat > /etc/systemd/system/pteroq.service <<- 'EOF' [Unit] Description=Pterodactyl Queue Worker After=redis-server.service [Service] User=apache Group=apache Restart=always ExecStart=/usr/bin/php /var/www/pterodactyl/artisan queue:work --queue=high,standard,low --sleep=3 --tries=3 [Install] WantedBy=multi-user.target EOF fi setsebool -P httpd_can_network_connect 1 setsebool -P httpd_execmem 1 setsebool -P httpd_unified 1 fi sudo systemctl daemon-reload systemctl enable pteroq.service systemctl start pteroq } install_pterodactyl_0.7.19() { output "Creating the databases and setting root password..." password=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` adminpassword=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` rootpassword=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` Q0="DROP DATABASE IF EXISTS test;" Q1="CREATE DATABASE IF NOT EXISTS panel;" Q2="SET old_passwords=0;" Q3="GRANT ALL ON panel.* TO 'pterodactyl'@'127.0.0.1' IDENTIFIED BY '$password';" Q4="GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, ALTER, INDEX, DROP, EXECUTE, PROCESS, RELOAD, LOCK TABLES, CREATE USER ON *.* TO 'admin'@'$SERVER_IP' IDENTIFIED BY '$adminpassword' WITH GRANT OPTION;" Q5="SET PASSWORD FOR 'root'@'localhost' = PASSWORD('$rootpassword');" Q6="DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" Q7="DELETE FROM mysql.user WHERE User='';" Q8="DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%';" Q9="FLUSH PRIVILEGES;" SQL="${Q0}${Q1}${Q2}${Q3}${Q4}${Q5}${Q6}${Q7}${Q8}${Q9}" mysql -u root -e "$SQL" output "Binding MariaDB/MySQL to 0.0.0.0." if grep -Fqs "bind-address" /etc/mysql/mariadb.conf.d/50-server.cnf ; then sed -i -- '/bind-address/s/#//g' /etc/mysql/mariadb.conf.d/50-server.cnf sed -i -- '/bind-address/s/127.0.0.1/0.0.0.0/g' /etc/mysql/mariadb.conf.d/50-server.cnf output 'Restarting MySQL process...' service mysql restart elif grep -Fqs "bind-address" /etc/mysql/my.cnf ; then sed -i -- '/bind-address/s/#//g' /etc/mysql/my.cnf sed -i -- '/bind-address/s/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf output 'Restarting MySQL process...' service mysql restart elif grep -Fqs "bind-address" /etc/my.cnf ; then sed -i -- '/bind-address/s/#//g' /etc/my.cnf sed -i -- '/bind-address/s/127.0.0.1/0.0.0.0/g' /etc/my.cnf output 'Restarting MySQL process...' service mysql restart elif grep -Fqs "bind-address" /etc/mysql/my.conf.d/mysqld.cnf ; then sed -i -- '/bind-address/s/#//g' /etc/mysql/my.conf.d/mysqld.cnf sed -i -- '/bind-address/s/127.0.0.1/0.0.0.0/g' /etc/mysql/my.conf.d/mysqld.cnf output 'Restarting MySQL process...' service mysql restart else output 'A MySQL configuration file could not be detected! Please contact support.' fi output "Downloading Pterodactyl..." mkdir -p /var/www/pterodactyl cd /var/www/pterodactyl curl -Lo panel.tar.gz https://github.com/pterodactyl/panel/releases/download/${PANEL_LEGACY}/panel.tar.gz tar --strip-components=1 -xzvf panel.tar.gz chmod -R 755 storage/* bootstrap/cache/ output "Installing Pterodactyl..." curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer cp .env.example .env /usr/local/bin/composer install --no-dev --optimize-autoloader php artisan key:generate --force php artisan p:environment:setup -n --author=$email --url=https://$FQDN --timezone=America/New_York --cache=redis --session=database --queue=redis --redis-host=127.0.0.1 --redis-pass= --redis-port=6379 php artisan p:environment:database --host=127.0.0.1 --port=3306 --database=panel --username=pterodactyl --password=$password output "To use PHP's internal mail sending, select [mail]. To use a custom SMTP server, select [smtp]. TLS Encryption is recommended." php artisan p:environment:mail php artisan migrate --seed --force php artisan p:user:make --email=$email --admin=1 if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then chown -R www-data:www-data * /var/www/pterodactyl elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then if [ "$webserver" = "1" ]; then chown -R nginx:nginx * /var/www/pterodactyl elif [ "$webserver" = "2" ]; then chown -R apache:apache * /var/www/pterodactyl fi semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/pterodactyl/storage(/.*)?" restorecon -R /var/www/pterodactyl fi output "Creating panel queue listeners..." (crontab -l ; echo "* * * * * php /var/www/pterodactyl/artisan schedule:run >> /dev/null 2>&1")| crontab - service cron restart if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then cat > /etc/systemd/system/pteroq.service <<- 'EOF' [Unit] Description=Pterodactyl Queue Worker After=redis-server.service [Service] User=www-data Group=www-data Restart=always ExecStart=/usr/bin/php /var/www/pterodactyl/artisan queue:work --queue=high,standard,low --sleep=3 --tries=3 [Install] WantedBy=multi-user.target EOF elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then if [ "$webserver" = "1" ]; then cat > /etc/systemd/system/pteroq.service <<- 'EOF' Description=Pterodactyl Queue Worker After=redis-server.service [Service] User=nginx Group=nginx Restart=always ExecStart=/usr/bin/php /var/www/pterodactyl/artisan queue:work --queue=high,standard,low --sleep=3 --tries=3 [Install] WantedBy=multi-user.target EOF elif [ "$webserver" = "2" ]; then cat > /etc/systemd/system/pteroq.service <<- 'EOF' [Unit] Description=Pterodactyl Queue Worker After=redis-server.service [Service] User=apache Group=apache Restart=always ExecStart=/usr/bin/php /var/www/pterodactyl/artisan queue:work --queue=high,standard,low --sleep=3 --tries=3 [Install] WantedBy=multi-user.target EOF fi setsebool -P httpd_can_network_connect 1 setsebool -P httpd_execmem 1 setsebool -P httpd_unified 1 fi sudo systemctl daemon-reload systemctl enable pteroq.service systemctl start pteroq } upgrade_pterodactyl(){ cd /var/www/pterodactyl php artisan down curl -L https://github.com/pterodactyl/panel/releases/download/${PANEL}/panel.tar.gz | tar --strip-components=1 -xzv chmod -R 755 storage/* bootstrap/cache composer install --no-dev --optimize-autoloader php artisan view:clear php artisan config:clear php artisan migrate --force php artisan db:seed --force if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then chown -R www-data:www-data * /var/www/pterodactyl elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then chown -R apache:apache * /var/www/pterodactyl chown -R nginx:nginx * /var/www/pterodactyl semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/pterodactyl/storage(/.*)?" restorecon -R /var/www/pterodactyl fi output "Your panel has successfully been updated to version ${PANEL}" php artisan up php artisan queue:restart } upgrade_pterodactyl_1.0(){ cd /var/www/pterodactyl php artisan down curl -L https://github.com/pterodactyl/panel/releases/download/${PANEL}/panel.tar.gz | tar --strip-components=1 -xzv rm -rf $(find app public resources -depth | head -n -1 | grep -Fv "$(tar -tf panel.tar.gz)") tar -xzvf panel.tar.gz && rm -f panel.tar.gz chmod -R 755 storage/* bootstrap/cache composer install --no-dev --optimize-autoloader php artisan view:clear php artisan config:clear php artisan migrate --force php artisan db:seed --force if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then chown -R www-data:www-data * /var/www/pterodactyl elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then chown -R apache:apache * /var/www/pterodactyl chown -R nginx:nginx * /var/www/pterodactyl semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/pterodactyl/storage(/.*)?" restorecon -R /var/www/pterodactyl fi output "Your panel has successfully been updated to version ${PANEL}" php artisan up php artisan queue:restart } upgrade_pterodactyl_0.7.19(){ cd /var/www/pterodactyl php artisan down curl -L https://github.com/pterodactyl/panel/releases/download/${PANEL_LEGACY}/panel.tar.gz | tar --strip-components=1 -xzv chmod -R 755 storage/* bootstrap/cache composer install --no-dev --optimize-autoloader php artisan view:clear php artisan config:clear php artisan migrate --force php artisan db:seed --force if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then chown -R www-data:www-data * /var/www/pterodactyl elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then chown -R apache:apache * /var/www/pterodactyl chown -R nginx:nginx * /var/www/pterodactyl semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/pterodactyl/storage(/.*)?" restorecon -R /var/www/pterodactyl fi output "Your panel has successfully been updated to version ${PANEL_LEGACY}." php artisan up php artisan queue:restart } nginx_config() { output "Disabling default configuration..." rm -rf /etc/nginx/sites-enabled/default output "Configuring Nginx Webserver..." echo ' server_tokens off; set_real_ip_from 103.21.244.0/22; set_real_ip_from 103.22.200.0/22; set_real_ip_from 103.31.4.0/22; set_real_ip_from 104.16.0.0/12; set_real_ip_from 108.162.192.0/18; set_real_ip_from 131.0.72.0/22; set_real_ip_from 141.101.64.0/18; set_real_ip_from 162.158.0.0/15; set_real_ip_from 172.64.0.0/13; set_real_ip_from 173.245.48.0/20; set_real_ip_from 188.114.96.0/20; set_real_ip_from 190.93.240.0/20; set_real_ip_from 197.234.240.0/22; set_real_ip_from 198.41.128.0/17; set_real_ip_from 2400:cb00::/32; set_real_ip_from 2606:4700::/32; set_real_ip_from 2803:f800::/32; set_real_ip_from 2405:b500::/32; set_real_ip_from 2405:8100::/32; set_real_ip_from 2c0f:f248::/32; set_real_ip_from 2a06:98c0::/29; real_ip_header X-Forwarded-For; server { listen 80 default_server; server_name '"$FQDN"'; return 301 https://$server_name$request_uri; } server { listen 443 ssl http2 default_server; server_name '"$FQDN"'; root /var/www/pterodactyl/public; index index.php; access_log /var/log/nginx/pterodactyl.app-access.log; error_log /var/log/nginx/pterodactyl.app-error.log error; # allow larger file uploads and longer script runtimes client_max_body_size 100m; client_body_timeout 120s; sendfile off; # SSL Configuration ssl_certificate /etc/letsencrypt/live/'"$FQDN"'/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/'"$FQDN"'/privkey.pem; ssl_session_cache shared:SSL:10m; ssl_protocols TLSv1.2; ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; ssl_prefer_server_ciphers on; # See https://hstspreload.org/ before uncommenting the line below. # add_header Strict-Transport-Security "max-age=15768000; preload;"; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header Content-Security-Policy "frame-ancestors 'self'"; add_header X-Frame-Options DENY; add_header Referrer-Policy same-origin; location / { try_files $uri $uri/ /index.php?$query_string; } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M"; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param HTTP_PROXY ""; fastcgi_intercept_errors off; fastcgi_buffer_size 16k; fastcgi_buffers 4 16k; fastcgi_connect_timeout 300; fastcgi_send_timeout 300; fastcgi_read_timeout 300; include /etc/nginx/fastcgi_params; } location ~ /\.ht { deny all; } } ' | sudo -E tee /etc/nginx/sites-available/pterodactyl.conf >/dev/null 2>&1 if [ "$lsb_dist" = "debian" ] && [ "$dist_version" = "8" ]; then sed -i 's/http2//g' /etc/nginx/sites-available/pterodactyl.conf fi ln -s /etc/nginx/sites-available/pterodactyl.conf /etc/nginx/sites-enabled/pterodactyl.conf service nginx restart } nginx_config_0.7.19() { output "Disabling default configuration..." rm -rf /etc/nginx/sites-enabled/default output "Configuring Nginx Webserver..." echo ' server_tokens off; set_real_ip_from 103.21.244.0/22; set_real_ip_from 103.22.200.0/22; set_real_ip_from 103.31.4.0/22; set_real_ip_from 104.16.0.0/12; set_real_ip_from 108.162.192.0/18; set_real_ip_from 131.0.72.0/22; set_real_ip_from 141.101.64.0/18; set_real_ip_from 162.158.0.0/15; set_real_ip_from 172.64.0.0/13; set_real_ip_from 173.245.48.0/20; set_real_ip_from 188.114.96.0/20; set_real_ip_from 190.93.240.0/20; set_real_ip_from 197.234.240.0/22; set_real_ip_from 198.41.128.0/17; set_real_ip_from 2400:cb00::/32; set_real_ip_from 2606:4700::/32; set_real_ip_from 2803:f800::/32; set_real_ip_from 2405:b500::/32; set_real_ip_from 2405:8100::/32; set_real_ip_from 2c0f:f248::/32; set_real_ip_from 2a06:98c0::/29; real_ip_header X-Forwarded-For; server { listen 80 default_server; server_name '"$FQDN"'; return 301 https://$server_name$request_uri; } server { listen 443 ssl http2 default_server; server_name '"$FQDN"'; root /var/www/pterodactyl/public; index index.php; access_log /var/log/nginx/pterodactyl.app-access.log; error_log /var/log/nginx/pterodactyl.app-error.log error; # allow larger file uploads and longer script runtimes client_max_body_size 100m; client_body_timeout 120s; sendfile off; # SSL Configuration ssl_certificate /etc/letsencrypt/live/'"$FQDN"'/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/'"$FQDN"'/privkey.pem; ssl_session_cache shared:SSL:10m; ssl_protocols TLSv1.2; ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; ssl_prefer_server_ciphers on; # See https://hstspreload.org/ before uncommenting the line below. # add_header Strict-Transport-Security "max-age=15768000; preload;"; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header Content-Security-Policy "frame-ancestors 'self'"; add_header X-Frame-Options DENY; add_header Referrer-Policy same-origin; location / { try_files $uri $uri/ /index.php?$query_string; } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php/php7.3-fpm.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M"; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param HTTP_PROXY ""; fastcgi_intercept_errors off; fastcgi_buffer_size 16k; fastcgi_buffers 4 16k; fastcgi_connect_timeout 300; fastcgi_send_timeout 300; fastcgi_read_timeout 300; include /etc/nginx/fastcgi_params; } location ~ /\.ht { deny all; } } ' | sudo -E tee /etc/nginx/sites-available/pterodactyl.conf >/dev/null 2>&1 if [ "$lsb_dist" = "debian" ] && [ "$dist_version" = "8" ]; then sed -i 's/http2//g' /etc/nginx/sites-available/pterodactyl.conf fi ln -s /etc/nginx/sites-available/pterodactyl.conf /etc/nginx/sites-enabled/pterodactyl.conf service nginx restart } apache_config() { output "Disabling default configuration..." rm -rf /etc/nginx/sites-enabled/default output "Configuring Apache2 web server..." echo ' ServerName '"$FQDN"' RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] ServerName '"$FQDN"' DocumentRoot "/var/www/pterodactyl/public" AllowEncodedSlashes On php_value upload_max_filesize 100M php_value post_max_size 100M AllowOverride all SSLEngine on SSLCertificateFile /etc/letsencrypt/live/'"$FQDN"'/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/'"$FQDN"'/privkey.pem ' | sudo -E tee /etc/apache2/sites-available/pterodactyl.conf >/dev/null 2>&1 ln -s /etc/apache2/sites-available/pterodactyl.conf /etc/apache2/sites-enabled/pterodactyl.conf a2enmod ssl a2enmod rewrite service apache2 restart } nginx_config_redhat(){ output "Configuring Nginx web server..." echo ' server_tokens off; set_real_ip_from 103.21.244.0/22; set_real_ip_from 103.22.200.0/22; set_real_ip_from 103.31.4.0/22; set_real_ip_from 104.16.0.0/12; set_real_ip_from 108.162.192.0/18; set_real_ip_from 131.0.72.0/22; set_real_ip_from 141.101.64.0/18; set_real_ip_from 162.158.0.0/15; set_real_ip_from 172.64.0.0/13; set_real_ip_from 173.245.48.0/20; set_real_ip_from 188.114.96.0/20; set_real_ip_from 190.93.240.0/20; set_real_ip_from 197.234.240.0/22; set_real_ip_from 198.41.128.0/17; set_real_ip_from 2400:cb00::/32; set_real_ip_from 2606:4700::/32; set_real_ip_from 2803:f800::/32; set_real_ip_from 2405:b500::/32; set_real_ip_from 2405:8100::/32; set_real_ip_from 2c0f:f248::/32; set_real_ip_from 2a06:98c0::/29; real_ip_header X-Forwarded-For; server { listen 80 default_server; server_name '"$FQDN"'; return 301 https://$server_name$request_uri; } server { listen 443 ssl http2 default_server; server_name '"$FQDN"'; root /var/www/pterodactyl/public; index index.php; access_log /var/log/nginx/pterodactyl.app-access.log; error_log /var/log/nginx/pterodactyl.app-error.log error; # allow larger file uploads and longer script runtimes client_max_body_size 100m; client_body_timeout 120s; sendfile off; # strengthen ssl security ssl_certificate /etc/letsencrypt/live/'"$FQDN"'/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/'"$FQDN"'/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; # See the link below for more SSL information: # https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html # # ssl_dhparam /etc/ssl/certs/dhparam.pem; # Add headers to serve security related headers add_header Strict-Transport-Security "max-age=15768000; preload;"; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header Content-Security-Policy "frame-ancestors 'self'"; location / { try_files $uri $uri/ /index.php?$query_string; } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php-fpm/pterodactyl.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M"; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param HTTP_PROXY ""; fastcgi_intercept_errors off; fastcgi_buffer_size 16k; fastcgi_buffers 4 16k; fastcgi_connect_timeout 300; fastcgi_send_timeout 300; fastcgi_read_timeout 300; include /etc/nginx/fastcgi_params; } location ~ /\.ht { deny all; } } ' | sudo -E tee /etc/nginx/conf.d/pterodactyl.conf >/dev/null 2>&1 service nginx restart chown -R nginx:nginx $(pwd) semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/pterodactyl/storage(/.*)?" restorecon -R /var/www/pterodactyl } apache_config_redhat() { output "Configuring Apache2 web server..." echo ' ServerName '"$FQDN"' RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] ServerName '"$FQDN"' DocumentRoot "/var/www/pterodactyl/public" AllowEncodedSlashes On AllowOverride all SSLEngine on SSLCertificateFile /etc/letsencrypt/live/'"$FQDN"'/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/'"$FQDN"'/privkey.pem ' | sudo -E tee /etc/httpd/conf.d/pterodactyl.conf >/dev/null 2>&1 service httpd restart } php_config(){ output "Configuring PHP socket..." bash -c 'cat > /etc/php-fpm.d/www-pterodactyl.conf' <<-'EOF' [pterodactyl] user = nginx group = nginx listen = /var/run/php-fpm/pterodactyl.sock listen.owner = nginx listen.group = nginx listen.mode = 0750 pm = ondemand pm.max_children = 9 pm.process_idle_timeout = 10s pm.max_requests = 200 EOF systemctl restart php-fpm } webserver_config(){ if [ "$lsb_dist" = "debian" ] || [ "$lsb_dist" = "ubuntu" ]; then if [ "$installoption" = "1" ]; then if [ "$webserver" = "1" ]; then nginx_config elif [ "$webserver" = "2" ]; then apache_config fi elif [ "$installoption" = "2" ]; then if [ "$webserver" = "1" ]; then nginx_config_0.7.19 elif [ "$webserver" = "2" ]; then apache_config fi elif [ "$installoption" = "3" ]; then if [ "$webserver" = "1" ]; then nginx_config elif [ "$webserver" = "2" ]; then apache_config fi elif [ "$installoption" = "4" ]; then if [ "$webserver" = "1" ]; then nginx_config_0.7.19 elif [ "$webserver" = "2" ]; then apache_config fi elif [ "$installoption" = "5" ]; then if [ "$webserver" = "1" ]; then nginx_config elif [ "$webserver" = "2" ]; then apache_config fi elif [ "$installoption" = "6" ]; then if [ "$webserver" = "1" ]; then nginx_config_0.7.19 elif [ "$webserver" = "2" ]; then apache_config fi fi elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then if [ "$webserver" = "1" ]; then php_config nginx_config_redhat chown -R nginx:nginx /var/lib/php/session elif [ "$webserver" = "2" ]; then apache_config_redhat fi fi } setup_pterodactyl(){ install_dependencies install_pterodactyl ssl_certs webserver_config } setup_pterodactyl_0.7.19(){ install_dependencies_0.7.19 install_pterodactyl_0.7.19 ssl_certs webserver_config theme } install_wings() { cd /root output "Installing Pterodactyl Wings dependencies..." if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then apt-get -y install curl tar unzip elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then yum -y install curl tar unzip fi output "Installing Docker" curl -sSL https://get.docker.com/ | CHANNEL=stable bash service docker start systemctl enable docker output "Enabling SWAP support for Docker." sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="[^"]*/& swapaccount=1/' /etc/default/grub output "Installing the Pterodactyl wings..." mkdir -p /etc/pterodactyl /srv/daemon-data cd /etc/pterodactyl curl -L -o /usr/local/bin/wings https://github.com/pterodactyl/wings/releases/download/${WINGS}/wings_linux_amd64 chmod u+x /usr/local/bin/wings bash -c 'cat > /etc/systemd/system/wings.service' <<-'EOF' [Unit] Description=Pterodactyl Wings Daemon After=docker.service [Service] User=root WorkingDirectory=/etc/pterodactyl LimitNOFILE=4096 PIDFile=/var/run/wings/daemon.pid ExecStart=/usr/local/bin/wings Restart=on-failure StartLimitInterval=600 [Install] WantedBy=multi-user.target EOF systemctl enable wings systemctl start wings output "Wings ${WINGS} has now been installed on your system." } install_daemon() { cd /root output "Installing Pterodactyl Daemon dependencies..." if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then apt-get -y install curl tar unzip elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then yum -y install curl tar unzip fi output "Installing Docker" curl -sSL https://get.docker.com/ | CHANNEL=stable bash service docker start systemctl enable docker output "Enabling SWAP support for Docker & installing NodeJS..." sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="[^"]*/& swapaccount=1/' /etc/default/grub if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then update-grub curl -sL https://deb.nodesource.com/setup_12.x | sudo bash - if [ "$lsb_dist" = "ubuntu" ] && [ "$dist_version" = "20.04" ]; then apt -y install nodejs make gcc g++ npm install node-gyp elif [ "$lsb_dist" = "debian" ] && [ "$dist_version" = "10" ]; then apt -y install nodejs make gcc g++ else apt -y install nodejs make gcc g++ node-gyp fi apt-get -y update apt-get -y upgrade apt-get -y autoremove apt-get -y autoclean elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ]; then grub2-mkconfig -o "$(readlink /etc/grub2.conf)" if [ "$lsb_dist" = "fedora" ]; then dnf -y module install nodejs:12/minimal dnf install -y tar unzip make gcc gcc-c++ python2 fi elif [ "$lsb_dist" = "centos" ] && [ "$dist_version" = "8" ]; then dnf -y module install nodejs:12/minimal dnf install -y tar unzip make gcc gcc-c++ python2 yum -y upgrade yum -y autoremove yum -y clean packages fi output "Installing the Pterodactyl daemon..." mkdir -p /srv/daemon /srv/daemon-data cd /srv/daemon curl -L https://github.com/pterodactyl/daemon/releases/download/${DAEMON_LEGACY}/daemon.tar.gz | tar --strip-components=1 -xzv npm install --only=production --no-audit --unsafe-perm bash -c 'cat > /etc/systemd/system/wings.service' <<-'EOF' [Unit] Description=Pterodactyl Wings Daemon After=docker.service [Service] User=root #Group=some_group WorkingDirectory=/srv/daemon LimitNOFILE=4096 PIDFile=/var/run/wings/daemon.pid ExecStart=/usr/bin/node /srv/daemon/src/index.js Restart=on-failure StartLimitInterval=600 [Install] WantedBy=multi-user.target EOF systemctl daemon-reload systemctl enable wings output "Daemon installation is nearly complete, please go to the panel and get your 'Auto Deploy' command in the node configuration tab." output "Paste your auto deploy command below: " read AUTODEPLOY ${AUTODEPLOY} service wings start output "Daemon ${DAEMON_LEGACY} has now been installed on your system." } migrate_wings(){ mkdir -p /etc/pterodactyl curl -L -o /usr/local/bin/wings https://github.com/pterodactyl/wings/releases/download/${WINGS}/wings_linux_amd64 chmod u+x /usr/local/bin/wings systemctl stop wings rm -rf /srv/daemon systemctl disable --now pterosftp rm /etc/systemd/system/pterosftp.service bash -c 'cat > /etc/systemd/system/wings.service' <<-'EOF' [Unit] Description=Pterodactyl Wings Daemon After=docker.service [Service] User=root WorkingDirectory=/etc/pterodactyl LimitNOFILE=4096 PIDFile=/var/run/wings/daemon.pid ExecStart=/usr/local/bin/wings Restart=on-failure StartLimitInterval=600 [Install] WantedBy=multi-user.target EOF systemctl daemon-reload systemctl enable --now wings output "Your daemon has been migrated to wings." } upgrade_daemon(){ cd /srv/daemon service wings stop curl -L https://github.com/pterodactyl/daemon/releases/download/${DAEMON_LEGACY}/daemon.tar.gz | tar --strip-components=1 -xzv npm install -g npm npm install --only=production --no-audit --unsafe-perm service wings restart output "Your daemon has been updated to version ${DAEMON_LEGACY}." output "npm has been updated to the latest version." } install_standalone_sftp(){ os_check if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then apt-get -y install jq elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ]; then yum -y install jq fi if [ ! -f /srv/daemon/config/core.json ]; then warn "YOU MUST CONFIGURE YOUR DAEMON PROPERLY BEFORE INSTALLING THE STANDALONE SFTP SERVER!" exit 11 fi cd /srv/daemon if [ $(cat /srv/daemon/config/core.json | jq -r '.sftp.enabled') == "null" ]; then output "Updating config to enable sftp-server..." cat /srv/daemon/config/core.json | jq '.sftp.enabled |= false' > /tmp/core cat /tmp/core > /srv/daemon/config/core.json rm -rf /tmp/core elif [ $(cat /srv/daemon/config/core.json | jq -r '.sftp.enabled') == "false" ]; then output "Config already set up for Golang SFTP server." else output "You may have purposely set the SFTP to true which will cause this to fail." fi service wings restart output "Installing standalone SFTP server..." curl -Lo sftp-server https://github.com/pterodactyl/sftp-server/releases/download/v1.0.5/sftp-server chmod +x sftp-server bash -c 'cat > /etc/systemd/system/pterosftp.service' <<-'EOF' [Unit] Description=Pterodactyl Standalone SFTP Server After=wings.service [Service] User=root WorkingDirectory=/srv/daemon LimitNOFILE=4096 PIDFile=/var/run/wings/sftp.pid ExecStart=/srv/daemon/sftp-server Restart=on-failure StartLimitInterval=600 [Install] WantedBy=multi-user.target EOF systemctl enable pterosftp service pterosftp restart } upgrade_standalone_sftp(){ output "Turning off the standalone SFTP server..." service pterosftp stop curl -Lo sftp-server https://github.com/pterodactyl/sftp-server/releases/download/v1.0.5/sftp-server chmod +x sftp-server service pterosftp start output "Your standalone SFTP server has successfully been updated to v1.0.5." } install_mobile(){ cd /var/www/pterodactyl composer config repositories.cloud composer https://packages.pterodactyl.cloud composer require pterodactyl/mobile-addon --update-no-dev --optimize-autoloader php artisan migrate --force } upgrade_mobile(){ cd /var/www/pterodactyl composer update pterodactyl/mobile-addon php artisan migrate --force } install_phpmyadmin(){ output "Installing phpMyAdmin..." cd /var/www/pterodactyl/public rm -rf phpmyadmin wget https://files.phpmyadmin.net/phpMyAdmin/${PHPMYADMIN}/phpMyAdmin-${PHPMYADMIN}-all-languages.zip unzip phpMyAdmin-${PHPMYADMIN}-all-languages.zip mv phpMyAdmin-${PHPMYADMIN}-all-languages phpmyadmin rm -rf phpMyAdmin-${PHPMYADMIN}-all-languages.zip cd /var/www/pterodactyl/public/phpmyadmin SERVER_IP=$(curl -s http://checkip.amazonaws.com) BOWFISH=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 34 | head -n 1` bash -c 'cat > /var/www/pterodactyl/public/phpmyadmin/config.inc.php' < EOF output "Installation completed." if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then chown -R www-data:www-data * /var/www/pterodactyl elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then chown -R apache:apache * /var/www/pterodactyl chown -R nginx:nginx * /var/www/pterodactyl semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/pterodactyl/storage(/.*)?" restorecon -R /var/www/pterodactyl fi } ssl_certs(){ output "Installing Let's Encrypt and creating an SSL certificate..." cd /root if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then apt-get -y install certbot elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then yum -y install certbot fi if [ "$webserver" = "1" ]; then service nginx stop elif [ "$webserver" = "2" ]; then if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then service apache2 stop elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then service httpd stop fi fi certbot certonly --standalone --email "$email" --agree-tos -d "$FQDN" --non-interactive if [ "$installoption" = "2" ]; then if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then ufw deny 80 elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then firewall-cmd --permanent --remove-port=80/tcp firewall-cmd --reload fi else if [ "$webserver" = "1" ]; then service nginx restart elif [ "$webserver" = "2" ]; then if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then service apache2 restart elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then service httpd restart fi fi fi if [ "$lsb_dist" = "debian" ] || [ "$lsb_dist" = "ubuntu" ]; then if [ "$installoption" = "1" ]; then if [ "$webserver" = "1" ]; then (crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service nginx stop" --post-hook "service nginx restart" >> /dev/null 2>&1')| crontab - elif [ "$webserver" = "2" ]; then (crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service apache2 stop" --post-hook "service apache2 restart" >> /dev/null 2>&1')| crontab - fi elif [ "$installoption" = "2" ]; then if [ "$webserver" = "1" ]; then (crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service nginx stop" --post-hook "service nginx restart" >> /dev/null 2>&1')| crontab - elif [ "$webserver" = "2" ]; then (crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service apache2 stop" --post-hook "service apache2 restart" >> /dev/null 2>&1')| crontab - fi elif [ "$installoption" = "3" ]; then (crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "ufw allow 80" --pre-hook "service wings stop" --post-hook "ufw deny 80" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab - elif [ "$installoption" = "4" ]; then (crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "ufw allow 80" --pre-hook "service wings stop" --post-hook "ufw deny 80" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab - elif [ "$installoption" = "5" ]; then if [ "$webserver" = "1" ]; then (crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service nginx stop" --pre-hook "service wings stop" --post-hook "service nginx restart" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab - elif [ "$webserver" = "2" ]; then (crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service apache2 stop" --pre-hook "service wings stop" --post-hook "service apache2 restart" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab - fi elif [ "$installoption" = "6" ]; then if [ "$webserver" = "1" ]; then (crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service nginx stop" --pre-hook "service wings stop" --post-hook "service nginx restart" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab - elif [ "$webserver" = "2" ]; then (crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service apache2 stop" --pre-hook "service wings stop" --post-hook "service apache2 restart" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab - fi fi elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then if [ "$installoption" = "1" ]; then if [ "$webserver" = "1" ]; then (crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service nginx stop" --post-hook "service nginx restart" >> /dev/null 2>&1')| crontab - elif [ "$webserver" = "2" ]; then (crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service httpd stop" --post-hook "service httpd restart" >> /dev/null 2>&1')| crontab - fi elif [ "$installoption" = "2" ]; then if [ "$webserver" = "1" ]; then (crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service nginx stop" --post-hook "service nginx restart" >> /dev/null 2>&1')| crontab - elif [ "$webserver" = "2" ]; then (crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service httpd stop" --post-hook "service httpd restart" >> /dev/null 2>&1')| crontab - fi elif [ "$installoption" = "3" ]; then (crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "firewall-cmd --add-port=80/tcp && firewall-cmd --reload" --pre-hook "service wings stop" --post-hook "firewall-cmd --remove-port=80/tcp && firewall-cmd --reload" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab - elif [ "$installoption" = "4" ]; then (crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "firewall-cmd --add-port=80/tcp && firewall-cmd --reload" --pre-hook "service wings stop" --post-hook "firewall-cmd --remove-port=80/tcp && firewall-cmd --reload" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab - elif [ "$installoption" = "5" ]; then if [ "$webserver" = "1" ]; then (crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service nginx stop" --pre-hook "service wings stop" --post-hook "service nginx restart" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab - elif [ "$webserver" = "2" ]; then (crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service httpd stop" --pre-hook "service wings stop" --post-hook "service httpd restart" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab - fi elif [ "$installoption" = "5" ]; then if [ "$webserver" = "1" ]; then (crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service nginx stop" --pre-hook "service wings stop" --post-hook "service nginx restart" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab - elif [ "$webserver" = "2" ]; then (crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service httpd stop" --pre-hook "service wings stop" --post-hook "service httpd restart" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab - fi elif [ "$installoption" = "6" ]; then if [ "$webserver" = "1" ]; then (crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service nginx stop" --pre-hook "service wings stop" --post-hook "service nginx restart" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab - elif [ "$webserver" = "2" ]; then (crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service httpd stop" --pre-hook "service wings stop" --post-hook "service httpd restart" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab - fi fi fi } firewall(){ if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then apt -y install iptables elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "rhel" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "cloudlinux" ]; then yum -y install iptables fi curl -sSL https://raw.githubusercontent.com/tommytran732/Anti-DDOS-Iptables/master/iptables-no-prompt.sh | sudo bash block_icmp javapipe_kernel output "Setting up Fail2Ban..." if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then apt -y install fail2ban elif [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "rhel" ]; then yum -y install fail2ban fi systemctl enable fail2ban bash -c 'cat > /etc/fail2ban/jail.local' <<-'EOF' [DEFAULT] # Ban hosts for ten hours: bantime = 36000 # Override /etc/fail2ban/jail.d/00-firewalld.conf: banaction = iptables-multiport [sshd] enabled = true EOF service fail2ban restart output "Configuring your firewall..." if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then apt-get -y install ufw ufw allow 22 if [ "$installoption" = "1" ]; then ufw allow 80 ufw allow 443 ufw allow 3306 elif [ "$installoption" = "2" ]; then ufw allow 80 ufw allow 443 ufw allow 3306 elif [ "$installoption" = "3" ]; then ufw allow 80 ufw allow 8080 ufw allow 2022 elif [ "$installoption" = "4" ]; then ufw allow 80 ufw allow 8080 ufw allow 2022 elif [ "$installoption" = "5" ]; then ufw allow 80 ufw allow 443 ufw allow 8080 ufw allow 2022 ufw allow 3306 elif [ "$installoption" = "6" ]; then ufw allow 80 ufw allow 443 ufw allow 8080 ufw allow 2022 ufw allow 3306 fi yes |ufw enable elif [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "rhel" ]; then yum -y install firewalld systemctl enable firewalld systemctl start firewalld if [ "$installoption" = "1" ]; then firewall-cmd --add-service=http --permanent firewall-cmd --add-service=https --permanent firewall-cmd --add-service=mysql --permanent elif [ "$installoption" = "2" ]; then firewall-cmd --add-service=http --permanent firewall-cmd --add-service=https --permanent firewall-cmd --add-service=mysql --permanent elif [ "$installoption" = "3" ]; then firewall-cmd --permanent --add-service=80/tcp firewall-cmd --permanent --add-port=2022/tcp firewall-cmd --permanent --add-port=8080/tcp elif [ "$installoption" = "4" ]; then firewall-cmd --permanent --add-service=80/tcp firewall-cmd --permanent --add-port=2022/tcp firewall-cmd --permanent --add-port=8080/tcp elif [ "$installoption" = "5" ]; then firewall-cmd --add-service=http --permanent firewall-cmd --add-service=https --permanent firewall-cmd --permanent --add-port=2022/tcp firewall-cmd --permanent --add-port=8080/tcp firewall-cmd --permanent --add-service=mysql elif [ "$installoption" = "6" ]; then firewall-cmd --add-service=http --permanent firewall-cmd --add-service=https --permanent firewall-cmd --permanent --add-port=2022/tcp firewall-cmd --permanent --add-port=8080/tcp firewall-cmd --permanent --add-service=mysql fi fi } block_icmp(){ output "Block ICMP (Ping) Packets?" output "You should choose [1] if you are not using a monitoring system and [2] otherwise." output "[1] Yes." output "[2] No." read icmp case $icmp in 1 ) /sbin/iptables -t mangle -A PREROUTING -p icmp -j DROP (crontab -l ; echo "@reboot /sbin/iptables -t mangle -A PREROUTING -p icmp -j DROP >> /dev/null 2>&1")| crontab - ;; 2 ) output "Skipping rule..." ;; * ) output "You did not enter a valid selection." block_icmp esac } javapipe_kernel(){ output "Apply JavaPipe's kernel configurations (https://javapipe.com/blog/iptables-ddos-protection)?" output "[1] Yes." output "[2] No." read javapipe case $javapipe in 1) sh -c "$(curl -sSL https://raw.githubusercontent.com/tommytran732/Anti-DDOS-Iptables/master/javapipe_kernel.sh)" ;; 2) output "JavaPipe kernel modifications not applied." ;; * ) output "You did not enter a valid selection." javapipe_kernel esac } install_database() { if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then apt -y install mariadb-server elif [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then if [ "$dist_version" = "8" ]; then dnf -y install MariaDB-server MariaDB-client --disablerepo=AppStream fi else dnf -y install MariaDB-server fi output "Creating the databases and setting root password..." password=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` adminpassword=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` rootpassword=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` Q0="DROP DATABASE IF EXISTS test;" Q1="CREATE DATABASE IF NOT EXISTS panel;" Q2="SET old_passwords=0;" Q3="GRANT ALL ON panel.* TO 'pterodactyl'@'127.0.0.1' IDENTIFIED BY '$password';" Q4="GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, ALTER, INDEX, DROP, EXECUTE, PROCESS, RELOAD, LOCK TABLES, CREATE USER ON *.* TO 'admin'@'$SERVER_IP' IDENTIFIED BY '$adminpassword' WITH GRANT OPTION;" Q5="SET PASSWORD FOR 'root'@'localhost' = PASSWORD('$rootpassword');" Q6="DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" Q7="DELETE FROM mysql.user WHERE User='';" Q8="DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%';" Q9="FLUSH PRIVILEGES;" SQL="${Q0}${Q1}${Q2}${Q3}${Q4}${Q5}${Q6}${Q7}${Q8}${Q9}" mysql -u root -e "$SQL" output "Binding MariaDB/MySQL to 0.0.0.0." if [ -f /etc/mysql/my.cnf ] ; then sed -i -- 's/bind-address/# bind-address/g' /etc/mysql/my.cnf sed -i '/\[mysqld\]/a bind-address = 0.0.0.0' /etc/mysql/my.cnf output 'Restarting MySQL process...' service mysql restart elif [ -f /etc/my.cnf ] ; then sed -i -- 's/bind-address/# bind-address/g' /etc/my.cnf sed -i '/\[mysqld\]/a bind-address = 0.0.0.0' /etc/my.cnf output 'Restarting MySQL process...' service mysql restart elif [ -f /etc/mysql/my.conf.d/mysqld.cnf ] ; then sed -i -- 's/bind-address/# bind-address/g' /etc/my.cnf sed -i '/\[mysqld\]/a bind-address = 0.0.0.0' /etc/my.cnf output 'Restarting MySQL process...' service mysql restart else output 'File my.cnf was not found! Please contact support.' fi if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then yes | ufw allow 3306 elif [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "rhel" ]; then firewall-cmd --permanent --add-service=mysql firewall-cmd --reload fi broadcast_database } database_host_reset(){ SERVER_IP=$(curl -s http://checkip.amazonaws.com) adminpassword=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` Q0="SET old_passwords=0;" Q1="SET PASSWORD FOR 'admin'@'$SERVER_IP' = PASSWORD('$adminpassword');" Q2="FLUSH PRIVILEGES;" SQL="${Q0}${Q1}${Q2}" mysql mysql -e "$SQL" output "New database host information:" output "Host: $SERVER_IP" output "Port: 3306" output "User: admin" output "Password: $adminpassword" } broadcast(){ if [ "$installoption" = "1" ] || [ "$installoption" = "3" ]; then broadcast_database fi output "###############################################################" output "FIREWALL INFORMATION" output "" output "All unnecessary ports are blocked by default." if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then output "Use 'ufw allow ' to enable your desired ports." elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] && [ "$dist_version" != "8" ]; then output "Use 'firewall-cmd --permanent --add-port=/tcp' to enable your desired ports." fi output "###############################################################" output "" } broadcast_database(){ output "###############################################################" output "MARIADB/MySQL INFORMATION" output "" output "Your MariaDB/MySQL root password is $rootpassword" output "" output "Create your MariaDB/MySQL host with the following information:" output "Host: $SERVER_IP" output "Port: 3306" output "User: admin" output "Password: $adminpassword" output "###############################################################" output "" } #Execution preflight install_options case $installoption in 1) webserver_options repositories_setup required_infos firewall setup_pterodactyl broadcast broadcast_database ;; 2) webserver_options theme_options repositories_setup_0.7.19 required_infos firewall setup_pterodactyl_0.7.19 broadcast ;; 3) repositories_setup required_infos firewall ssl_certs install_wings broadcast broadcast_database ;; 4) repositories_setup_0.7.19 required_infos firewall ssl_certs install_daemon broadcast ;; 5) webserver_options repositories_setup required_infos firewall ssl_certs setup_pterodactyl install_wings broadcast ;; 6) webserver_options theme_options repositories_setup_0.7.19 required_infos firewall setup_pterodactyl_0.7.19 install_daemon broadcast ;; 7) install_standalone_sftp ;; 8) upgrade_pterodactyl ;; 9) upgrade_pterodactyl_1.0 ;; 10) theme_options upgrade_pterodactyl_0.7.19 theme ;; 11) upgrade_daemon ;; 12) migrate_wings ;; 13) upgrade_pterodactyl_1.0 migrate_wings ;; 14) theme_options upgrade_pterodactyl_0.7.19 theme upgrade_daemon ;; 15) upgrade_standalone_sftp ;; 16) install_mobile ;; 17) upgrade_mobile ;; 18) install_phpmyadmin ;; 19) repositories_setup install_database ;; 20) theme_options if [ "$themeoption" = "1" ]; then upgrade_pterodactyl_0.7.19 fi theme ;; 21) curl -sSL https://raw.githubusercontent.com/tommytran732/MariaDB-Root-Password-Reset/master/mariadb-104.sh | sudo bash ;; 22) database_host_reset ;; esac