mirror of
https://github.com/tommytran732/Pterodactyl-Script
synced 2024-11-09 05:01:33 -05:00
2144 lines
87 KiB
Bash
2144 lines
87 KiB
Bash
#!/bin/bash
|
|
|
|
output(){
|
|
echo -e '\e[36m'$1'\e[0m';
|
|
}
|
|
|
|
warn(){
|
|
echo -e '\e[31m'$1'\e[0m';
|
|
}
|
|
|
|
PANEL=v1.2.0
|
|
WINGS=v1.2.0
|
|
PANEL_LEGACY=v0.7.19
|
|
DAEMON_LEGACY=v0.6.13
|
|
PHPMYADMIN=5.0.4
|
|
|
|
preflight(){
|
|
output "Pterodactyl Installation & Upgrade Script"
|
|
output "Copyright © 2020 Thien Tran <contact@thientran.io>."
|
|
output "Please join my Telegram for community support: https://t.me/revenact"
|
|
output ""
|
|
|
|
output "Please note that this script is meant to be installed on a fresh OS. Installing it on a non-fresh OS may cause problems."
|
|
output "Automatic operating system detection initialized..."
|
|
|
|
os_check
|
|
|
|
if [ "$EUID" -ne 0 ]; then
|
|
output "Please run as root."
|
|
exit 3
|
|
fi
|
|
|
|
output "Automatic architecture detection initialized..."
|
|
MACHINE_TYPE=`uname -m`
|
|
if [ ${MACHINE_TYPE} == 'x86_64' ]; then
|
|
output "64-bit server detected! Good to go."
|
|
output ""
|
|
else
|
|
output "Unsupported architecture detected! Please switch to 64-bit (x86_64)."
|
|
exit 4
|
|
fi
|
|
|
|
output "Automatic virtualization detection initialized..."
|
|
if [ "$lsb_dist" = "ubuntu" ]; then
|
|
apt-get update --fix-missing
|
|
apt-get -y install software-properties-common
|
|
add-apt-repository -y universe
|
|
apt-get -y install virt-what curl
|
|
elif [ "$lsb_dist" = "debian" ]; then
|
|
apt update --fix-missing
|
|
apt-get -y install software-properties-common virt-what wget curl dnsutils
|
|
elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
|
|
yum -y install virt-what wget bind-utils
|
|
fi
|
|
virt_serv=$(echo $(virt-what))
|
|
if [ "$virt_serv" = "" ]; then
|
|
output "Virtualization: Bare Metal detected."
|
|
elif [ "$virt_serv" = "openvz lxc" ]; then
|
|
output "Virtualization: OpenVZ 7 detected."
|
|
elif [ "$virt_serv" = "xen xen-hvm" ]; then
|
|
output "Virtualization: Xen-HVM detected."
|
|
elif [ "$virt_serv" = "xen xen-hvm aws" ]; then
|
|
output "Virtualization: Xen-HVM on AWS detected."
|
|
warn "When creating allocations for this node, please use the internal IP as Google Cloud uses NAT routing."
|
|
warn "Resuming in 10 seconds..."
|
|
sleep 10
|
|
else
|
|
output "Virtualization: $virt_serv detected."
|
|
fi
|
|
output ""
|
|
if [ "$virt_serv" != "" ] && [ "$virt_serv" != "kvm" ] && [ "$virt_serv" != "vmware" ] && [ "$virt_serv" != "hyperv" ] && [ "$virt_serv" != "openvz lxc" ] && [ "$virt_serv" != "xen xen-hvm" ] && [ "$virt_serv" != "xen xen-hvm aws" ]; then
|
|
warn "Unsupported type of virtualization detected. Please consult with your hosting provider whether your server can run Docker or not. Proceed at your own risk."
|
|
warn "No support would be given if your server breaks at any point in the future."
|
|
warn "Proceed?\n[1] Yes.\n[2] No."
|
|
read choice
|
|
case $choice in
|
|
1) output "Proceeding..."
|
|
;;
|
|
2) output "Cancelling installation..."
|
|
exit 5
|
|
;;
|
|
esac
|
|
output ""
|
|
fi
|
|
|
|
output "Kernel detection initialized..."
|
|
if echo $(uname -r) | grep -q xxxx; then
|
|
output "OVH kernel detected. This script will not work. Please reinstall your server using a generic/distribution kernel."
|
|
output "When you are reinstalling your server, click on 'custom installation' and click on 'use distribution' kernel after that."
|
|
output "You might also want to do custom partitioning, remove the /home partition and give / all the remaining space."
|
|
output "Please do not hesitate to contact us if you need help regarding this issue."
|
|
exit 6
|
|
elif echo $(uname -r) | grep -q pve; then
|
|
output "Proxmox LXE kernel detected. You have chosen to continue in the last step, therefore we are proceeding at your own risk."
|
|
output "Proceeding with a risky operation..."
|
|
elif echo $(uname -r) | grep -q stab; then
|
|
if echo $(uname -r) | grep -q 2.6; then
|
|
output "OpenVZ 6 detected. This server will definitely not work with Docker, regardless of what your provider might say. Exiting to avoid further damages."
|
|
exit 6
|
|
fi
|
|
elif echo $(uname -r) | grep -q gcp; then
|
|
output "Google Cloud Platform detected."
|
|
warn "Please make sure you have a static IP setup, otherwise the system will not work after a reboot."
|
|
warn "Please also make sure the GCP firewall allows the ports needed for the server to function normally."
|
|
warn "When creating allocations for this node, please use the internal IP as Google Cloud uses NAT routing."
|
|
warn "Resuming in 10 seconds..."
|
|
sleep 10
|
|
else
|
|
output "Did not detect any bad kernel. Moving forward..."
|
|
output ""
|
|
fi
|
|
}
|
|
|
|
os_check(){
|
|
if [ -r /etc/os-release ]; then
|
|
lsb_dist="$(. /etc/os-release && echo "$ID")"
|
|
dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
|
|
if [ $lsb_dist = "rhel" ]; then
|
|
dist_version="$(echo $dist_version | awk -F. '{print $1}')"
|
|
fi
|
|
else
|
|
exit 1
|
|
fi
|
|
|
|
if [ "$lsb_dist" = "ubuntu" ]; then
|
|
if [ "$dist_version" != "20.04" ] && [ "$dist_version" != "18.04" ]; then
|
|
output "Unsupported Ubuntu version. Only Ubuntu 20.04 and 18.04 are supported."
|
|
exit 2
|
|
fi
|
|
elif [ "$lsb_dist" = "debian" ]; then
|
|
if [ "$dist_version" != "10" ]; then
|
|
output "Unsupported Debian version. Only Debian 10 is supported."
|
|
exit 2
|
|
fi
|
|
elif [ "$lsb_dist" = "fedora" ]; then
|
|
if [ "$dist_version" != "33" ] && [ "$dist_version" != "32" ]; then
|
|
output "Unsupported Fedora version. Only Fedora 33 and 32 are supported."
|
|
exit 2
|
|
fi
|
|
elif [ "$lsb_dist" = "centos" ]; then
|
|
if [ "$dist_version" != "8" ]; then
|
|
output "Unsupported CentOS version. Only CentOS Stream and 8 are supported."
|
|
exit 2
|
|
fi
|
|
elif [ "$lsb_dist" = "rhel" ]; then
|
|
if [ $dist_version != "8" ]; then
|
|
output "Unsupported RHEL version. Only RHEL 8 is supported."
|
|
exit 2
|
|
fi
|
|
elif [ "$lsb_dist" != "ubuntu" ] && [ "$lsb_dist" != "debian" ] && [ "$lsb_dist" != "centos" ]; then
|
|
output "Unsupported operating system."
|
|
output ""
|
|
output "Supported OS:"
|
|
output "Ubuntu: 20.04, 18.04"
|
|
output "Debian: 10"
|
|
output "Fedora: 33, 32"
|
|
output "CentOS: 8, 7"
|
|
output "RHEL: 8"
|
|
exit 2
|
|
fi
|
|
}
|
|
|
|
install_options(){
|
|
output "Please select your installation option:"
|
|
output "[1] Install the panel ${PANEL}."
|
|
output "[2] Install the panel ${PANEL_LEGACY}."
|
|
output "[3] Install the wings ${WINGS}."
|
|
output "[4] Install the daemon ${DAEMON_LEGACY}."
|
|
output "[5] Install the panel ${PANEL} and wings ${WINGS}."
|
|
output "[6] Install the panel ${PANEL_LEGACY} and daemon ${DAEMON_LEGACY}."
|
|
output "[7] Install the standalone SFTP server."
|
|
output "[8] Upgrade (1.x) panel to ${PANEL}."
|
|
output "[9] Upgrade (0.7.x) panel to ${PANEL}."
|
|
output "[10] Upgrade (0.7.x) panel to ${PANEL_LEGACY}."
|
|
output "[11] Upgrade (0.6.x) daemon to ${DAEMON_LEGACY}."
|
|
output "[12] Migrating daemon to wings."
|
|
output "[13] Upgrade the panel to ${PANEL} and Migrate to wings"
|
|
output "[14] Upgrade the panel to ${PANEL_LEGACY} and daemon to ${DAEMON_LEGACY}"
|
|
output "[15] Upgrade the standalone SFTP server to (1.0.5)."
|
|
output "[16] Make Pterodactyl compatible with the mobile app (only use this after you have installed the panel - check out https://pterodactyl.cloud for more information)."
|
|
output "[17] Update mobile compatibility."
|
|
output "[18] Install or update to phpMyAdmin (${PHPMYADMIN}) (only use this after you have installed the panel)."
|
|
output "[19] Install a standalone database host (only for use on daemon-only installations)."
|
|
output "[20] Change Pterodactyl theme (${PANEL_LEGACY} Only)."
|
|
output "[21] Emergency MariaDB root password reset."
|
|
output "[22] Emergency database host information reset."
|
|
read choice
|
|
case $choice in
|
|
1 ) installoption=1
|
|
output "You have selected ${PANEL} panel installation only."
|
|
;;
|
|
2 ) installoption=2
|
|
output "You have selected ${PANEL_LEGACY} panel installation only."
|
|
;;
|
|
3 ) installoption=3
|
|
output "You have selected wings ${WINGS} installation only."
|
|
;;
|
|
4 ) installoption=4
|
|
output "You have selected daemon ${DAEMON_LEGACY} installation only."
|
|
;;
|
|
5 ) installoption=5
|
|
output "You have selected ${PANEL} panel and wings ${WINGS} installation."
|
|
;;
|
|
6 ) installoption=6
|
|
output "You have selected ${PANEL_LEGACY} panel and daemon installation."
|
|
;;
|
|
7 ) installoption=7
|
|
output "You have selected to install the standalone SFTP server."
|
|
;;
|
|
8 ) installoption=8
|
|
output "You have selected to upgrade the panel to ${PANEL}."
|
|
;;
|
|
9 ) installoption=9
|
|
output "You have selected to upgrade the panel to ${PANEL}."
|
|
;;
|
|
10 ) installoption=10
|
|
output "You have selected to upgrade the panel to ${PANEL_LEGACY}."
|
|
;;
|
|
11 ) installoption=11
|
|
output "You have selected to upgrade the daemon to ${DAEMON_LEGACY}."
|
|
;;
|
|
12 ) installoption=12
|
|
output "You have selected to migrate daemon ${DAEMON_LEGACY} to wings ${WINGS}."
|
|
;;
|
|
13 ) installoption=13
|
|
output "You have selected to upgrade both the panel to ${PANEL} and migrating to wings ${WINGS}."
|
|
;;
|
|
14 ) installoption=14
|
|
output "You have selected to upgrade both the panel to ${PANEL} and daemon to ${DAEMON_LEGACY}."
|
|
;;
|
|
15 ) installoption=15
|
|
output "You have selected to upgrade the standalone SFTP."
|
|
;;
|
|
16 ) installoption=16
|
|
output "You have activated mobile app compatibility."
|
|
;;
|
|
17 ) installoption=17
|
|
output "You have selected to update the mobile app compatibility."
|
|
;;
|
|
18 ) installoption=18
|
|
output "You have selected to install or update phpMyAdmin ${PHPMYADMIN}."
|
|
;;
|
|
19 ) installoption=19
|
|
output "You have selected to install a Database host."
|
|
;;
|
|
20 ) installoption=20
|
|
output "You have selected to change Pterodactyl ${PANEL_LEGACY} only."
|
|
;;
|
|
21 ) installoption=21
|
|
output "You have selected MariaDB root password reset."
|
|
;;
|
|
22 ) installoption=22
|
|
output "You have selected Database Host information reset."
|
|
;;
|
|
* ) output "You did not enter a valid selection."
|
|
install_options
|
|
esac
|
|
}
|
|
|
|
webserver_options() {
|
|
output "Please select which web server you would like to use:\n[1] Nginx (recommended).\n[2] Apache2/httpd."
|
|
read choice
|
|
case $choice in
|
|
1 ) webserver=1
|
|
output "You have selected Nginx."
|
|
output ""
|
|
;;
|
|
2 ) webserver=2
|
|
output "You have selected Apache2/httpd."
|
|
output ""
|
|
;;
|
|
* ) output "You did not enter a valid selection."
|
|
webserver_options
|
|
esac
|
|
}
|
|
|
|
theme_options() {
|
|
output "Would you like to install one of Fonix's themes?"
|
|
warn "AS OF NOW, FONIX HAS NOT UPDATED HIS THEME TO 0.7.19 TO FIX THE XSS EXPLOIT IN PTERODACTYL <=0.7.18 YET. DO NOT USE THESE IN PRODUCTION. I HIGHLY RECOMMEND THAT YOU SELECT [1]."
|
|
output "[1] No."
|
|
output "[2] Super Pink and Fluffy."
|
|
output "[3] Tango Twist."
|
|
output "[4] Blue Brick."
|
|
output "[5] Minecraft Madness."
|
|
output "[6] Lime Stitch."
|
|
output "[7] Red Ape."
|
|
output "[8] BlackEnd Space."
|
|
output "[9] Nothing But Graphite."
|
|
output ""
|
|
output "You can find out about Fonix's themes here: https://github.com/TheFonix/Pterodactyl-Themes"
|
|
read choice
|
|
case $choice in
|
|
1 ) themeoption=1
|
|
output "You have selected to install the vanilla Pterodactyl theme."
|
|
output ""
|
|
;;
|
|
2 ) themeoption=2
|
|
output "You have selected to install Fonix's Super Pink and Fluffy theme."
|
|
output ""
|
|
;;
|
|
3 ) themeoption=3
|
|
output "You have selected to install Fonix's Tango Twist theme."
|
|
output ""
|
|
;;
|
|
4 ) themeoption=4
|
|
output "You have selected to install Fonix's Blue Brick theme."
|
|
output ""
|
|
;;
|
|
5 ) themeoption=5
|
|
output "You have selected to install Fonix's Minecraft Madness theme."
|
|
output ""
|
|
;;
|
|
6 ) themeoption=6
|
|
output "You have selected to install Fonix's Lime Stitch theme."
|
|
output ""
|
|
;;
|
|
7 ) themeoption=7
|
|
output "You have selected to install Fonix's Red Ape theme."
|
|
output ""
|
|
;;
|
|
8 ) themeoption=8
|
|
output "You have selected to install Fonix's BlackEnd Space theme."
|
|
output ""
|
|
;;
|
|
9 ) themeoption=9
|
|
output "You have selected to install Fonix's Nothing But Graphite theme."
|
|
output ""
|
|
;;
|
|
* ) output "You did not enter a valid selection."
|
|
theme_options
|
|
esac
|
|
}
|
|
|
|
required_infos() {
|
|
output "Please enter the desired user email address:"
|
|
read email
|
|
dns_check
|
|
}
|
|
|
|
dns_check(){
|
|
output "Please enter your FQDN (panel.domain.tld):"
|
|
read FQDN
|
|
|
|
output "Resolving DNS..."
|
|
SERVER_IP=$(curl -s http://checkip.amazonaws.com)
|
|
DOMAIN_RECORD=$(dig +short ${FQDN})
|
|
if [ "${SERVER_IP}" != "${DOMAIN_RECORD}" ]; then
|
|
output ""
|
|
output "The entered domain does not resolve to the primary public IP of this server."
|
|
output "Please make an A record pointing to your server's IP. For example, if you make an A record called 'panel' pointing to your server's IP, your FQDN is panel.domain.tld"
|
|
output "If you are using Cloudflare, please disable the orange cloud."
|
|
output "If you do not have a domain, you can get a free one at https://freenom.com"
|
|
dns_check
|
|
else
|
|
output "Domain resolved correctly. Good to go..."
|
|
fi
|
|
}
|
|
|
|
theme() {
|
|
output "Theme installation initialized..."
|
|
cd /var/www/pterodactyl
|
|
if [ "$themeoption" = "1" ]; then
|
|
output "Keeping Pterodactyl's vanilla theme."
|
|
elif [ "$themeoption" = "2" ]; then
|
|
curl https://raw.githubusercontent.com/TheFonix/Pterodactyl-Themes/master/MasterThemes/PinkAnFluffy/build.sh | sh
|
|
elif [ "$themeoption" = "3" ]; then
|
|
curl https://raw.githubusercontent.com/TheFonix/Pterodactyl-Themes/master/MasterThemes/TangoTwist/build.sh | sh
|
|
elif [ "$themeoption" = "4" ]; then
|
|
curl https://raw.githubusercontent.com/TheFonix/Pterodactyl-Themes/master/MasterThemes/BlueBrick/build.sh | sh
|
|
elif [ "$themeoption" = "5" ]; then
|
|
curl https://raw.githubusercontent.com/TheFonix/Pterodactyl-Themes/master/MasterThemes/MinecraftMadness/build.sh | sh
|
|
elif [ "$themeoption" = "6" ]; then
|
|
curl https://raw.githubusercontent.com/TheFonix/Pterodactyl-Themes/master/MasterThemes/LimeStitch/build.sh | sh
|
|
elif [ "$themeoption" = "7" ]; then
|
|
curl https://raw.githubusercontent.com/TheFonix/Pterodactyl-Themes/master/MasterThemes/RedApe/build.sh | sh
|
|
elif [ "$themeoption" = "8" ]; then
|
|
curl https://raw.githubusercontent.com/TheFonix/Pterodactyl-Themes/master/MasterThemes/BlackEndSpace/build.sh | sh
|
|
elif [ "$themeoption" = "9" ]; then
|
|
curl https://raw.githubusercontent.com/TheFonix/Pterodactyl-Themes/master/MasterThemes/NothingButGraphite/build.sh | sh
|
|
fi
|
|
php artisan view:clear
|
|
php artisan cache:clear
|
|
}
|
|
|
|
repositories_setup(){
|
|
output "Configuring your repositories..."
|
|
if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
|
|
apt-get -y install sudo
|
|
apt-get -y install software-properties-common curl apt-transport-https ca-certificates gnupg
|
|
dpkg --remove-architecture i386
|
|
echo 'Acquire::ForceIPv4 "true";' | sudo tee /etc/apt/apt.conf.d/99force-ipv4
|
|
apt-get -y update
|
|
curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash
|
|
if [ "$lsb_dist" = "ubuntu" ]; then
|
|
LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php
|
|
add-apt-repository -y ppa:chris-lea/redis-server
|
|
if [ "$dist_version" != "20.04" ]; then
|
|
add-apt-repository -y ppa:certbot/certbot
|
|
add-apt-repository -y ppa:nginx/development
|
|
fi
|
|
apt -y install tuned dnsutils
|
|
tuned-adm profile latency-performance
|
|
elif [ "$lsb_dist" = "debian" ]; then
|
|
apt-get -y install ca-certificates apt-transport-https
|
|
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/php.list
|
|
if [ "$dist_version" = "10" ]; then
|
|
apt -y install dirmngr
|
|
wget -q https://packages.sury.org/php/apt.gpg -O- | sudo apt-key add -
|
|
sudo apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc'
|
|
apt -y install tuned
|
|
tuned-adm profile latency-performance
|
|
fi
|
|
apt-get -y update
|
|
apt-get -y upgrade
|
|
apt-get -y autoremove
|
|
apt-get -y autoclean
|
|
apt-get -y install curl
|
|
elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ]; then
|
|
if [ "$lsb_dist" = "fedora" ] ; then
|
|
if [ "$dist_version" = "33" ]; then
|
|
dnf -y install http://rpms.remirepo.net/fedora/remi-release-33.rpm
|
|
elif [ "$dist_version" = "32" ]; then
|
|
dnf -y install http://rpms.remirepo.net/fedora/remi-release-32.rpm
|
|
fi
|
|
dnf -y install dnf-plugins-core python2 libsemanage-devel
|
|
dnf config-manager --set-enabled remi
|
|
dnf -y module enable php:remi-7.4
|
|
dnf -y module enable nginx:mainline/common
|
|
dnf -y module enable mariadb:14/server
|
|
elif [ "$lsb_dist" = "centos" ] && [ "$dist_version" = "8" ]; then
|
|
dnf -y install epel-release boost-program-options
|
|
dnf -y install http://rpms.remirepo.net/enterprise/remi-release-8.rpm
|
|
dnf config-manager --set-enabled remi
|
|
dnf -y module enable php:remi-7.4
|
|
dnf -y module enable nginx:mainline/common
|
|
curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash
|
|
dnf config-manager --set-enabled mariadb
|
|
fi
|
|
bash -c 'cat > /etc/yum.repos.d/nginx.repo' <<-'EOF'
|
|
[nginx-mainline]
|
|
name=nginx mainline repo
|
|
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
|
|
gpgcheck=1
|
|
enabled=0
|
|
gpgkey=https://nginx.org/keys/nginx_signing.key
|
|
module_hotfixes=true
|
|
EOF
|
|
bash -c 'cat > /etc/yum.repos.d/mariadb.repo' <<-'EOF'
|
|
[mariadb]
|
|
name = MariaDB
|
|
baseurl = http://yum.mariadb.org/10.5/centos7-amd64
|
|
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
|
|
gpgcheck=1
|
|
EOF
|
|
|
|
yum -y install epel-release
|
|
yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
|
|
yum -y install policycoreutils-python yum-utils libsemanage-devel
|
|
yum-config-manager --enable remi
|
|
yum-config-manager --enable remi-php74
|
|
yum-config-manager --enable nginx-mainline
|
|
yum-config-manager --enable mariadb
|
|
elif [ "$lsb_dist" = "rhel" ] && [ "$dist_version" = "8" ]; then
|
|
dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
|
|
dnf -y install boost-program-options
|
|
dnf -y install http://rpms.remirepo.net/enterprise/remi-release-8.rpm
|
|
dnf config-manager --set-enabled remi
|
|
dnf -y module enable php:remi-7.4
|
|
dnf -y module enable nginx:mainline/common
|
|
curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash
|
|
dnf config-manager --set-enabled mariadb
|
|
fi
|
|
yum -y install yum-utils tuned
|
|
tuned-adm profile latency-performance
|
|
yum -y upgrade
|
|
yum -y autoremove
|
|
yum -y clean packages
|
|
yum -y install curl bind-utils cronie
|
|
fi
|
|
}
|
|
|
|
repositories_setup_0.7.19(){
|
|
output "Configuring your repositories..."
|
|
if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
|
|
apt-get -y install sudo
|
|
apt-get -y install software-properties-common dnsutils gpg-agent
|
|
dpkg --remove-architecture i386
|
|
echo 'Acquire::ForceIPv4 "true";' | sudo tee /etc/apt/apt.conf.d/99force-ipv4
|
|
apt-get -y update
|
|
curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash
|
|
if [ "$lsb_dist" = "ubuntu" ]; then
|
|
LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php
|
|
add-apt-repository -y ppa:chris-lea/redis-server
|
|
if [ "$dist_version" != "20.04" ]; then
|
|
add-apt-repository -y ppa:certbot/certbot
|
|
add-apt-repository -y ppa:nginx/development
|
|
fi
|
|
apt -y install tuned dnsutils
|
|
tuned-adm profile latency-performance
|
|
elif [ "$lsb_dist" = "debian" ]; then
|
|
apt-get -y install ca-certificates apt-transport-https
|
|
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/php.list
|
|
if [ "$dist_version" = "10" ]; then
|
|
apt -y install dirmngr
|
|
wget -q https://packages.sury.org/php/apt.gpg -O- | sudo apt-key add -
|
|
sudo apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc'
|
|
apt -y install tuned
|
|
tuned-adm profile latency-performance
|
|
fi
|
|
apt-get -y update
|
|
apt-get -y upgrade
|
|
apt-get -y autoremove
|
|
apt-get -y autoclean
|
|
apt-get -y install curl
|
|
elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ]; then
|
|
if [ "$lsb_dist" = "fedora" ] ; then
|
|
if [ "$dist_version" = "33" ]; then
|
|
dnf -y install http://rpms.remirepo.net/fedora/remi-release-33.rpm
|
|
elif [ "$dist_version" = "32" ]; then
|
|
dnf -y install http://rpms.remirepo.net/fedora/remi-release-32.rpm
|
|
fi
|
|
dnf -y install dnf-plugins-core python2 libsemanage-devel
|
|
dnf config-manager --set-enabled remi
|
|
dnf -y module enable php:remi-7.3
|
|
dnf -y module enable nginx:mainline/common
|
|
dnf -y module enable mariadb:14/server
|
|
elif [ "$lsb_dist" = "centos" ] && [ "$dist_version" = "8" ]; then
|
|
dnf -y install epel-release boost-program-options
|
|
dnf -y install http://rpms.remirepo.net/enterprise/remi-release-8.rpm
|
|
dnf config-manager --set-enabled remi
|
|
dnf -y module enable php:remi-7.3
|
|
dnf -y module enable nginx:mainline/common
|
|
curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash
|
|
dnf config-manager --set-enabled mariadb
|
|
fi
|
|
bash -c 'cat > /etc/yum.repos.d/nginx.repo' <<-'EOF'
|
|
[nginx-mainline]
|
|
name=nginx mainline repo
|
|
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
|
|
gpgcheck=1
|
|
enabled=0
|
|
gpgkey=https://nginx.org/keys/nginx_signing.key
|
|
module_hotfixes=true
|
|
EOF
|
|
bash -c 'cat > /etc/yum.repos.d/mariadb.repo' <<-'EOF'
|
|
[mariadb]
|
|
name = MariaDB
|
|
baseurl = http://yum.mariadb.org/10.5/centos7-amd64
|
|
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
|
|
gpgcheck=1
|
|
EOF
|
|
|
|
yum -y install epel-release
|
|
yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
|
|
yum -y install policycoreutils-python yum-utils libsemanage-devel
|
|
yum-config-manager --enable remi
|
|
yum-config-manager --enable remi-php73
|
|
yum-config-manager --enable nginx-mainline
|
|
yum-config-manager --enable mariadb
|
|
elif [ "$lsb_dist" = "rhel" ] && [ "$dist_version" = "8" ]; then
|
|
dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
|
|
dnf -y install boost-program-options
|
|
dnf -y install http://rpms.remirepo.net/enterprise/remi-release-8.rpm
|
|
dnf config-manager --set-enabled remi
|
|
dnf -y module enable php:remi-7.3
|
|
dnf -y module enable nginx:mainline/common
|
|
curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash
|
|
dnf config-manager --set-enabled mariadb
|
|
fi
|
|
yum -y install yum-utils tuned
|
|
tuned-adm profile latency-performance
|
|
yum -y upgrade
|
|
yum -y autoremove
|
|
yum -y clean packages
|
|
yum -y install curl bind-utils cronie
|
|
fi
|
|
}
|
|
|
|
install_dependencies(){
|
|
output "Installing dependencies..."
|
|
if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
|
|
if [ "$webserver" = "1" ]; then
|
|
apt -y install php7.4 php7.4-{cli,gd,mysql,pdo,mbstring,tokenizer,bcmath,xml,fpm,curl,zip} nginx tar unzip git redis-server nginx git wget expect
|
|
elif [ "$webserver" = "2" ]; then
|
|
apt -y install php7.4 php7.4-{cli,gd,mysql,pdo,mbstring,tokenizer,bcmath,xml,fpm,curl,zip} curl tar unzip git redis-server apache2 libapache2-mod-php7.4 redis-server git wget expect
|
|
fi
|
|
sh -c "DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-unauthenticated mariadb-server"
|
|
else
|
|
if [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
|
|
if [ "$dist_version" = "8" ]; then
|
|
dnf -y install MariaDB-server MariaDB-client --disablerepo=AppStream
|
|
fi
|
|
else
|
|
dnf -y install MariaDB-server
|
|
fi
|
|
dnf -y module install php:remi-7.4
|
|
if [ "$webserver" = "1" ]; then
|
|
dnf -y install redis nginx git policycoreutils-python-utils unzip wget expect jq php-mysql php-zip php-bcmath tar
|
|
elif [ "$webserver" = "2" ]; then
|
|
dnf -y install redis httpd git policycoreutils-python-utils mod_ssl unzip wget expect jq php-mysql php-zip php-mcmath tar
|
|
fi
|
|
fi
|
|
|
|
output "Enabling Services..."
|
|
if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
|
|
systemctl enable redis-server
|
|
service redis-server start
|
|
systemctl enable php7.4-fpm
|
|
service php7.4-fpm start
|
|
elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
|
|
systemctl enable redis
|
|
service redis start
|
|
systemctl enable php-fpm
|
|
service php-fpm start
|
|
fi
|
|
|
|
systemctl enable cron
|
|
systemctl enable mariadb
|
|
|
|
if [ "$webserver" = "1" ]; then
|
|
systemctl enable nginx
|
|
service nginx start
|
|
elif [ "$webserver" = "2" ]; then
|
|
if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
|
|
systemctl enable apache2
|
|
service apache2 start
|
|
elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
|
|
systemctl enable httpd
|
|
service httpd start
|
|
fi
|
|
fi
|
|
service mysql start
|
|
}
|
|
|
|
install_dependencies_0.7.19(){
|
|
output "Installing dependencies..."
|
|
if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
|
|
if [ "$webserver" = "1" ]; then
|
|
apt-get -y install php7.3 php7.3-cli php7.3-gd php7.3-mysql php7.3-pdo php7.3-mbstring php7.3-tokenizer php7.3-bcmath php7.3-xml php7.3-fpm php7.3-curl php7.3-zip curl tar unzip git redis-server nginx git wget expect
|
|
elif [ "$webserver" = "2" ]; then
|
|
apt-get -y install php7.3 php7.3-cli php7.3-gd php7.3-mysql php7.3-pdo php7.3-mbstring php7.3-tokenizer php7.3-bcmath php7.3-xml php7.3-fpm php7.3-curl php7.3-zip curl tar unzip git redis-server apache2 libapache2-mod-php7.3 redis-server git wget expect
|
|
fi
|
|
sh -c "DEBIAN_FRONTEND=noninteractive apt-get install -y --allow-unauthenticated mariadb-server"
|
|
else
|
|
if [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
|
|
if [ "$dist_version" = "8" ]; then
|
|
dnf -y install MariaDB-server MariaDB-client --disablerepo=AppStream
|
|
fi
|
|
else
|
|
dnf -y install MariaDB-server
|
|
fi
|
|
dnf -y module install php:remi-7.3
|
|
if [ "$webserver" = "1" ]; then
|
|
dnf -y install redis nginx git policycoreutils-python-utils unzip wget expect jq php-mysql php-zip php-bcmath tar
|
|
elif [ "$webserver" = "2" ]; then
|
|
dnf -y install redis httpd git policycoreutils-python-utils mod_ssl unzip wget expect jq php-mysql php-zip php-mcmath tar
|
|
fi
|
|
fi
|
|
|
|
output "Enabling Services..."
|
|
if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
|
|
systemctl enable redis-server
|
|
service redis-server start
|
|
systemctl enable php7.3-fpm
|
|
service php7.3-fpm start
|
|
elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
|
|
systemctl enable redis
|
|
service redis start
|
|
systemctl enable php-fpm
|
|
service php-fpm start
|
|
fi
|
|
|
|
systemctl enable cron
|
|
systemctl enable mariadb
|
|
|
|
if [ "$webserver" = "1" ]; then
|
|
systemctl enable nginx
|
|
service nginx start
|
|
elif [ "$webserver" = "2" ]; then
|
|
if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
|
|
systemctl enable apache2
|
|
service apache2 start
|
|
elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
|
|
systemctl enable httpd
|
|
service httpd start
|
|
fi
|
|
fi
|
|
service mysql start
|
|
}
|
|
|
|
install_pterodactyl() {
|
|
output "Creating the databases and setting root password..."
|
|
password=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1`
|
|
adminpassword=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1`
|
|
rootpassword=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1`
|
|
Q0="DROP DATABASE IF EXISTS test;"
|
|
Q1="CREATE DATABASE IF NOT EXISTS panel;"
|
|
Q2="SET old_passwords=0;"
|
|
Q3="GRANT ALL ON panel.* TO 'pterodactyl'@'127.0.0.1' IDENTIFIED BY '$password';"
|
|
Q4="GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, ALTER, INDEX, DROP, EXECUTE, PROCESS, RELOAD, LOCK TABLES, CREATE USER ON *.* TO 'admin'@'$SERVER_IP' IDENTIFIED BY '$adminpassword' WITH GRANT OPTION;"
|
|
Q5="SET PASSWORD FOR 'root'@'localhost' = PASSWORD('$rootpassword');"
|
|
Q6="DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
|
|
Q7="DELETE FROM mysql.user WHERE User='';"
|
|
Q8="DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%';"
|
|
Q9="FLUSH PRIVILEGES;"
|
|
SQL="${Q0}${Q1}${Q2}${Q3}${Q4}${Q5}${Q6}${Q7}${Q8}${Q9}"
|
|
mysql -u root -e "$SQL"
|
|
|
|
output "Binding MariaDB/MySQL to 0.0.0.0."
|
|
if grep -Fqs "bind-address" /etc/mysql/mariadb.conf.d/50-server.cnf ; then
|
|
sed -i -- '/bind-address/s/#//g' /etc/mysql/mariadb.conf.d/50-server.cnf
|
|
sed -i -- '/bind-address/s/127.0.0.1/0.0.0.0/g' /etc/mysql/mariadb.conf.d/50-server.cnf
|
|
output 'Restarting MySQL process...'
|
|
service mysql restart
|
|
elif grep -Fqs "bind-address" /etc/mysql/my.cnf ; then
|
|
sed -i -- '/bind-address/s/#//g' /etc/mysql/my.cnf
|
|
sed -i -- '/bind-address/s/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
|
|
output 'Restarting MySQL process...'
|
|
service mysql restart
|
|
elif grep -Fqs "bind-address" /etc/my.cnf ; then
|
|
sed -i -- '/bind-address/s/#//g' /etc/my.cnf
|
|
sed -i -- '/bind-address/s/127.0.0.1/0.0.0.0/g' /etc/my.cnf
|
|
output 'Restarting MySQL process...'
|
|
service mysql restart
|
|
elif grep -Fqs "bind-address" /etc/mysql/my.conf.d/mysqld.cnf ; then
|
|
sed -i -- '/bind-address/s/#//g' /etc/mysql/my.conf.d/mysqld.cnf
|
|
sed -i -- '/bind-address/s/127.0.0.1/0.0.0.0/g' /etc/mysql/my.conf.d/mysqld.cnf
|
|
output 'Restarting MySQL process...'
|
|
service mysql restart
|
|
else
|
|
output 'A MySQL configuration file could not be detected! Please contact support.'
|
|
fi
|
|
|
|
output "Downloading Pterodactyl..."
|
|
mkdir -p /var/www/pterodactyl
|
|
cd /var/www/pterodactyl
|
|
curl -Lo panel.tar.gz https://github.com/pterodactyl/panel/releases/download/${PANEL}/panel.tar.gz
|
|
tar -xzvf panel.tar.gz
|
|
chmod -R 755 storage/* bootstrap/cache/
|
|
|
|
output "Installing Pterodactyl..."
|
|
curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer
|
|
cp .env.example .env
|
|
/usr/local/bin/composer install --no-dev --optimize-autoloader
|
|
php artisan key:generate --force
|
|
php artisan p:environment:setup -n --author=$email --url=https://$FQDN --timezone=America/New_York --cache=redis --session=database --queue=redis --redis-host=127.0.0.1 --redis-pass= --redis-port=6379
|
|
php artisan p:environment:database --host=127.0.0.1 --port=3306 --database=panel --username=pterodactyl --password=$password
|
|
output "To use PHP's internal mail sending, select [mail]. To use a custom SMTP server, select [smtp]. TLS Encryption is recommended."
|
|
php artisan p:environment:mail
|
|
php artisan migrate --seed --force
|
|
php artisan p:user:make --email=$email --admin=1
|
|
if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
|
|
chown -R www-data:www-data * /var/www/pterodactyl
|
|
elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
|
|
if [ "$webserver" = "1" ]; then
|
|
chown -R nginx:nginx * /var/www/pterodactyl
|
|
elif [ "$webserver" = "2" ]; then
|
|
chown -R apache:apache * /var/www/pterodactyl
|
|
fi
|
|
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/pterodactyl/storage(/.*)?"
|
|
restorecon -R /var/www/pterodactyl
|
|
fi
|
|
|
|
output "Creating panel queue listeners..."
|
|
(crontab -l ; echo "* * * * * php /var/www/pterodactyl/artisan schedule:run >> /dev/null 2>&1")| crontab -
|
|
service cron restart
|
|
|
|
if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
|
|
cat > /etc/systemd/system/pteroq.service <<- 'EOF'
|
|
[Unit]
|
|
Description=Pterodactyl Queue Worker
|
|
After=redis-server.service
|
|
[Service]
|
|
User=www-data
|
|
Group=www-data
|
|
Restart=always
|
|
ExecStart=/usr/bin/php /var/www/pterodactyl/artisan queue:work --queue=high,standard,low --sleep=3 --tries=3
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
|
|
if [ "$webserver" = "1" ]; then
|
|
cat > /etc/systemd/system/pteroq.service <<- 'EOF'
|
|
Description=Pterodactyl Queue Worker
|
|
After=redis-server.service
|
|
[Service]
|
|
User=nginx
|
|
Group=nginx
|
|
Restart=always
|
|
ExecStart=/usr/bin/php /var/www/pterodactyl/artisan queue:work --queue=high,standard,low --sleep=3 --tries=3
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
elif [ "$webserver" = "2" ]; then
|
|
cat > /etc/systemd/system/pteroq.service <<- 'EOF'
|
|
[Unit]
|
|
Description=Pterodactyl Queue Worker
|
|
After=redis-server.service
|
|
[Service]
|
|
User=apache
|
|
Group=apache
|
|
Restart=always
|
|
ExecStart=/usr/bin/php /var/www/pterodactyl/artisan queue:work --queue=high,standard,low --sleep=3 --tries=3
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
fi
|
|
setsebool -P httpd_can_network_connect 1
|
|
setsebool -P httpd_execmem 1
|
|
setsebool -P httpd_unified 1
|
|
fi
|
|
sudo systemctl daemon-reload
|
|
systemctl enable pteroq.service
|
|
systemctl start pteroq
|
|
}
|
|
|
|
install_pterodactyl_0.7.19() {
|
|
output "Creating the databases and setting root password..."
|
|
password=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1`
|
|
adminpassword=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1`
|
|
rootpassword=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1`
|
|
Q0="DROP DATABASE IF EXISTS test;"
|
|
Q1="CREATE DATABASE IF NOT EXISTS panel;"
|
|
Q2="SET old_passwords=0;"
|
|
Q3="GRANT ALL ON panel.* TO 'pterodactyl'@'127.0.0.1' IDENTIFIED BY '$password';"
|
|
Q4="GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, ALTER, INDEX, DROP, EXECUTE, PROCESS, RELOAD, LOCK TABLES, CREATE USER ON *.* TO 'admin'@'$SERVER_IP' IDENTIFIED BY '$adminpassword' WITH GRANT OPTION;"
|
|
Q5="SET PASSWORD FOR 'root'@'localhost' = PASSWORD('$rootpassword');"
|
|
Q6="DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
|
|
Q7="DELETE FROM mysql.user WHERE User='';"
|
|
Q8="DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%';"
|
|
Q9="FLUSH PRIVILEGES;"
|
|
SQL="${Q0}${Q1}${Q2}${Q3}${Q4}${Q5}${Q6}${Q7}${Q8}${Q9}"
|
|
mysql -u root -e "$SQL"
|
|
|
|
output "Binding MariaDB/MySQL to 0.0.0.0."
|
|
if grep -Fqs "bind-address" /etc/mysql/mariadb.conf.d/50-server.cnf ; then
|
|
sed -i -- '/bind-address/s/#//g' /etc/mysql/mariadb.conf.d/50-server.cnf
|
|
sed -i -- '/bind-address/s/127.0.0.1/0.0.0.0/g' /etc/mysql/mariadb.conf.d/50-server.cnf
|
|
output 'Restarting MySQL process...'
|
|
service mysql restart
|
|
elif grep -Fqs "bind-address" /etc/mysql/my.cnf ; then
|
|
sed -i -- '/bind-address/s/#//g' /etc/mysql/my.cnf
|
|
sed -i -- '/bind-address/s/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
|
|
output 'Restarting MySQL process...'
|
|
service mysql restart
|
|
elif grep -Fqs "bind-address" /etc/my.cnf ; then
|
|
sed -i -- '/bind-address/s/#//g' /etc/my.cnf
|
|
sed -i -- '/bind-address/s/127.0.0.1/0.0.0.0/g' /etc/my.cnf
|
|
output 'Restarting MySQL process...'
|
|
service mysql restart
|
|
elif grep -Fqs "bind-address" /etc/mysql/my.conf.d/mysqld.cnf ; then
|
|
sed -i -- '/bind-address/s/#//g' /etc/mysql/my.conf.d/mysqld.cnf
|
|
sed -i -- '/bind-address/s/127.0.0.1/0.0.0.0/g' /etc/mysql/my.conf.d/mysqld.cnf
|
|
output 'Restarting MySQL process...'
|
|
service mysql restart
|
|
else
|
|
output 'A MySQL configuration file could not be detected! Please contact support.'
|
|
fi
|
|
|
|
output "Downloading Pterodactyl..."
|
|
mkdir -p /var/www/pterodactyl
|
|
cd /var/www/pterodactyl
|
|
curl -Lo panel.tar.gz https://github.com/pterodactyl/panel/releases/download/${PANEL_LEGACY}/panel.tar.gz
|
|
tar --strip-components=1 -xzvf panel.tar.gz
|
|
chmod -R 755 storage/* bootstrap/cache/
|
|
|
|
output "Installing Pterodactyl..."
|
|
curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer
|
|
cp .env.example .env
|
|
/usr/local/bin/composer install --no-dev --optimize-autoloader
|
|
php artisan key:generate --force
|
|
php artisan p:environment:setup -n --author=$email --url=https://$FQDN --timezone=America/New_York --cache=redis --session=database --queue=redis --redis-host=127.0.0.1 --redis-pass= --redis-port=6379
|
|
php artisan p:environment:database --host=127.0.0.1 --port=3306 --database=panel --username=pterodactyl --password=$password
|
|
output "To use PHP's internal mail sending, select [mail]. To use a custom SMTP server, select [smtp]. TLS Encryption is recommended."
|
|
php artisan p:environment:mail
|
|
php artisan migrate --seed --force
|
|
php artisan p:user:make --email=$email --admin=1
|
|
if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
|
|
chown -R www-data:www-data * /var/www/pterodactyl
|
|
elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
|
|
if [ "$webserver" = "1" ]; then
|
|
chown -R nginx:nginx * /var/www/pterodactyl
|
|
elif [ "$webserver" = "2" ]; then
|
|
chown -R apache:apache * /var/www/pterodactyl
|
|
fi
|
|
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/pterodactyl/storage(/.*)?"
|
|
restorecon -R /var/www/pterodactyl
|
|
fi
|
|
|
|
output "Creating panel queue listeners..."
|
|
(crontab -l ; echo "* * * * * php /var/www/pterodactyl/artisan schedule:run >> /dev/null 2>&1")| crontab -
|
|
service cron restart
|
|
|
|
if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
|
|
cat > /etc/systemd/system/pteroq.service <<- 'EOF'
|
|
[Unit]
|
|
Description=Pterodactyl Queue Worker
|
|
After=redis-server.service
|
|
[Service]
|
|
User=www-data
|
|
Group=www-data
|
|
Restart=always
|
|
ExecStart=/usr/bin/php /var/www/pterodactyl/artisan queue:work --queue=high,standard,low --sleep=3 --tries=3
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
|
|
if [ "$webserver" = "1" ]; then
|
|
cat > /etc/systemd/system/pteroq.service <<- 'EOF'
|
|
Description=Pterodactyl Queue Worker
|
|
After=redis-server.service
|
|
[Service]
|
|
User=nginx
|
|
Group=nginx
|
|
Restart=always
|
|
ExecStart=/usr/bin/php /var/www/pterodactyl/artisan queue:work --queue=high,standard,low --sleep=3 --tries=3
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
elif [ "$webserver" = "2" ]; then
|
|
cat > /etc/systemd/system/pteroq.service <<- 'EOF'
|
|
[Unit]
|
|
Description=Pterodactyl Queue Worker
|
|
After=redis-server.service
|
|
[Service]
|
|
User=apache
|
|
Group=apache
|
|
Restart=always
|
|
ExecStart=/usr/bin/php /var/www/pterodactyl/artisan queue:work --queue=high,standard,low --sleep=3 --tries=3
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
fi
|
|
setsebool -P httpd_can_network_connect 1
|
|
setsebool -P httpd_execmem 1
|
|
setsebool -P httpd_unified 1
|
|
fi
|
|
sudo systemctl daemon-reload
|
|
systemctl enable pteroq.service
|
|
systemctl start pteroq
|
|
}
|
|
|
|
upgrade_pterodactyl(){
|
|
cd /var/www/pterodactyl
|
|
php artisan down
|
|
curl -L https://github.com/pterodactyl/panel/releases/download/${PANEL}/panel.tar.gz | tar --strip-components=1 -xzv
|
|
chmod -R 755 storage/* bootstrap/cache
|
|
composer install --no-dev --optimize-autoloader
|
|
php artisan view:clear
|
|
php artisan config:clear
|
|
php artisan migrate --force
|
|
php artisan db:seed --force
|
|
if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
|
|
chown -R www-data:www-data * /var/www/pterodactyl
|
|
elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
|
|
chown -R apache:apache * /var/www/pterodactyl
|
|
chown -R nginx:nginx * /var/www/pterodactyl
|
|
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/pterodactyl/storage(/.*)?"
|
|
restorecon -R /var/www/pterodactyl
|
|
fi
|
|
output "Your panel has successfully been updated to version ${PANEL}"
|
|
php artisan up
|
|
php artisan queue:restart
|
|
}
|
|
|
|
upgrade_pterodactyl_1.0(){
|
|
cd /var/www/pterodactyl
|
|
php artisan down
|
|
curl -L https://github.com/pterodactyl/panel/releases/download/${PANEL}/panel.tar.gz | tar --strip-components=1 -xzv
|
|
rm -rf $(find app public resources -depth | head -n -1 | grep -Fv "$(tar -tf panel.tar.gz)")
|
|
tar -xzvf panel.tar.gz && rm -f panel.tar.gz
|
|
chmod -R 755 storage/* bootstrap/cache
|
|
composer install --no-dev --optimize-autoloader
|
|
php artisan view:clear
|
|
php artisan config:clear
|
|
php artisan migrate --force
|
|
php artisan db:seed --force
|
|
if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
|
|
chown -R www-data:www-data * /var/www/pterodactyl
|
|
elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
|
|
chown -R apache:apache * /var/www/pterodactyl
|
|
chown -R nginx:nginx * /var/www/pterodactyl
|
|
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/pterodactyl/storage(/.*)?"
|
|
restorecon -R /var/www/pterodactyl
|
|
fi
|
|
output "Your panel has successfully been updated to version ${PANEL}"
|
|
php artisan up
|
|
php artisan queue:restart
|
|
}
|
|
|
|
upgrade_pterodactyl_0.7.19(){
|
|
cd /var/www/pterodactyl
|
|
php artisan down
|
|
curl -L https://github.com/pterodactyl/panel/releases/download/${PANEL_LEGACY}/panel.tar.gz | tar --strip-components=1 -xzv
|
|
chmod -R 755 storage/* bootstrap/cache
|
|
composer install --no-dev --optimize-autoloader
|
|
php artisan view:clear
|
|
php artisan config:clear
|
|
php artisan migrate --force
|
|
php artisan db:seed --force
|
|
if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
|
|
chown -R www-data:www-data * /var/www/pterodactyl
|
|
elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
|
|
chown -R apache:apache * /var/www/pterodactyl
|
|
chown -R nginx:nginx * /var/www/pterodactyl
|
|
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/pterodactyl/storage(/.*)?"
|
|
restorecon -R /var/www/pterodactyl
|
|
fi
|
|
output "Your panel has successfully been updated to version ${PANEL_LEGACY}."
|
|
php artisan up
|
|
php artisan queue:restart
|
|
}
|
|
|
|
nginx_config() {
|
|
output "Disabling default configuration..."
|
|
rm -rf /etc/nginx/sites-enabled/default
|
|
output "Configuring Nginx Webserver..."
|
|
|
|
echo '
|
|
server_tokens off;
|
|
set_real_ip_from 103.21.244.0/22;
|
|
set_real_ip_from 103.22.200.0/22;
|
|
set_real_ip_from 103.31.4.0/22;
|
|
set_real_ip_from 104.16.0.0/12;
|
|
set_real_ip_from 108.162.192.0/18;
|
|
set_real_ip_from 131.0.72.0/22;
|
|
set_real_ip_from 141.101.64.0/18;
|
|
set_real_ip_from 162.158.0.0/15;
|
|
set_real_ip_from 172.64.0.0/13;
|
|
set_real_ip_from 173.245.48.0/20;
|
|
set_real_ip_from 188.114.96.0/20;
|
|
set_real_ip_from 190.93.240.0/20;
|
|
set_real_ip_from 197.234.240.0/22;
|
|
set_real_ip_from 198.41.128.0/17;
|
|
set_real_ip_from 2400:cb00::/32;
|
|
set_real_ip_from 2606:4700::/32;
|
|
set_real_ip_from 2803:f800::/32;
|
|
set_real_ip_from 2405:b500::/32;
|
|
set_real_ip_from 2405:8100::/32;
|
|
set_real_ip_from 2c0f:f248::/32;
|
|
set_real_ip_from 2a06:98c0::/29;
|
|
real_ip_header X-Forwarded-For;
|
|
server {
|
|
listen 80 default_server;
|
|
server_name '"$FQDN"';
|
|
return 301 https://$server_name$request_uri;
|
|
}
|
|
server {
|
|
listen 443 ssl http2 default_server;
|
|
server_name '"$FQDN"';
|
|
root /var/www/pterodactyl/public;
|
|
index index.php;
|
|
access_log /var/log/nginx/pterodactyl.app-access.log;
|
|
error_log /var/log/nginx/pterodactyl.app-error.log error;
|
|
# allow larger file uploads and longer script runtimes
|
|
client_max_body_size 100m;
|
|
client_body_timeout 120s;
|
|
sendfile off;
|
|
# SSL Configuration
|
|
ssl_certificate /etc/letsencrypt/live/'"$FQDN"'/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/'"$FQDN"'/privkey.pem;
|
|
ssl_session_cache shared:SSL:10m;
|
|
ssl_protocols TLSv1.2;
|
|
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
|
|
ssl_prefer_server_ciphers on;
|
|
# See https://hstspreload.org/ before uncommenting the line below.
|
|
# add_header Strict-Transport-Security "max-age=15768000; preload;";
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
add_header X-Robots-Tag none;
|
|
add_header Content-Security-Policy "frame-ancestors 'self'";
|
|
add_header X-Frame-Options DENY;
|
|
add_header Referrer-Policy same-origin;
|
|
location / {
|
|
try_files $uri $uri/ /index.php?$query_string;
|
|
}
|
|
location ~ \.php$ {
|
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
|
|
fastcgi_index index.php;
|
|
include fastcgi_params;
|
|
fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M";
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
fastcgi_param HTTP_PROXY "";
|
|
fastcgi_intercept_errors off;
|
|
fastcgi_buffer_size 16k;
|
|
fastcgi_buffers 4 16k;
|
|
fastcgi_connect_timeout 300;
|
|
fastcgi_send_timeout 300;
|
|
fastcgi_read_timeout 300;
|
|
include /etc/nginx/fastcgi_params;
|
|
}
|
|
location ~ /\.ht {
|
|
deny all;
|
|
}
|
|
}
|
|
' | sudo -E tee /etc/nginx/sites-available/pterodactyl.conf >/dev/null 2>&1
|
|
if [ "$lsb_dist" = "debian" ] && [ "$dist_version" = "8" ]; then
|
|
sed -i 's/http2//g' /etc/nginx/sites-available/pterodactyl.conf
|
|
fi
|
|
ln -s /etc/nginx/sites-available/pterodactyl.conf /etc/nginx/sites-enabled/pterodactyl.conf
|
|
service nginx restart
|
|
}
|
|
|
|
nginx_config_0.7.19() {
|
|
output "Disabling default configuration..."
|
|
rm -rf /etc/nginx/sites-enabled/default
|
|
output "Configuring Nginx Webserver..."
|
|
|
|
echo '
|
|
server_tokens off;
|
|
set_real_ip_from 103.21.244.0/22;
|
|
set_real_ip_from 103.22.200.0/22;
|
|
set_real_ip_from 103.31.4.0/22;
|
|
set_real_ip_from 104.16.0.0/12;
|
|
set_real_ip_from 108.162.192.0/18;
|
|
set_real_ip_from 131.0.72.0/22;
|
|
set_real_ip_from 141.101.64.0/18;
|
|
set_real_ip_from 162.158.0.0/15;
|
|
set_real_ip_from 172.64.0.0/13;
|
|
set_real_ip_from 173.245.48.0/20;
|
|
set_real_ip_from 188.114.96.0/20;
|
|
set_real_ip_from 190.93.240.0/20;
|
|
set_real_ip_from 197.234.240.0/22;
|
|
set_real_ip_from 198.41.128.0/17;
|
|
set_real_ip_from 2400:cb00::/32;
|
|
set_real_ip_from 2606:4700::/32;
|
|
set_real_ip_from 2803:f800::/32;
|
|
set_real_ip_from 2405:b500::/32;
|
|
set_real_ip_from 2405:8100::/32;
|
|
set_real_ip_from 2c0f:f248::/32;
|
|
set_real_ip_from 2a06:98c0::/29;
|
|
real_ip_header X-Forwarded-For;
|
|
server {
|
|
listen 80 default_server;
|
|
server_name '"$FQDN"';
|
|
return 301 https://$server_name$request_uri;
|
|
}
|
|
server {
|
|
listen 443 ssl http2 default_server;
|
|
server_name '"$FQDN"';
|
|
root /var/www/pterodactyl/public;
|
|
index index.php;
|
|
access_log /var/log/nginx/pterodactyl.app-access.log;
|
|
error_log /var/log/nginx/pterodactyl.app-error.log error;
|
|
# allow larger file uploads and longer script runtimes
|
|
client_max_body_size 100m;
|
|
client_body_timeout 120s;
|
|
sendfile off;
|
|
# SSL Configuration
|
|
ssl_certificate /etc/letsencrypt/live/'"$FQDN"'/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/'"$FQDN"'/privkey.pem;
|
|
ssl_session_cache shared:SSL:10m;
|
|
ssl_protocols TLSv1.2;
|
|
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
|
|
ssl_prefer_server_ciphers on;
|
|
# See https://hstspreload.org/ before uncommenting the line below.
|
|
# add_header Strict-Transport-Security "max-age=15768000; preload;";
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
add_header X-Robots-Tag none;
|
|
add_header Content-Security-Policy "frame-ancestors 'self'";
|
|
add_header X-Frame-Options DENY;
|
|
add_header Referrer-Policy same-origin;
|
|
location / {
|
|
try_files $uri $uri/ /index.php?$query_string;
|
|
}
|
|
location ~ \.php$ {
|
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
|
|
fastcgi_index index.php;
|
|
include fastcgi_params;
|
|
fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M";
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
fastcgi_param HTTP_PROXY "";
|
|
fastcgi_intercept_errors off;
|
|
fastcgi_buffer_size 16k;
|
|
fastcgi_buffers 4 16k;
|
|
fastcgi_connect_timeout 300;
|
|
fastcgi_send_timeout 300;
|
|
fastcgi_read_timeout 300;
|
|
include /etc/nginx/fastcgi_params;
|
|
}
|
|
location ~ /\.ht {
|
|
deny all;
|
|
}
|
|
}
|
|
' | sudo -E tee /etc/nginx/sites-available/pterodactyl.conf >/dev/null 2>&1
|
|
if [ "$lsb_dist" = "debian" ] && [ "$dist_version" = "8" ]; then
|
|
sed -i 's/http2//g' /etc/nginx/sites-available/pterodactyl.conf
|
|
fi
|
|
ln -s /etc/nginx/sites-available/pterodactyl.conf /etc/nginx/sites-enabled/pterodactyl.conf
|
|
service nginx restart
|
|
}
|
|
|
|
apache_config() {
|
|
output "Disabling default configuration..."
|
|
rm -rf /etc/nginx/sites-enabled/default
|
|
output "Configuring Apache2 web server..."
|
|
echo '
|
|
<VirtualHost *:80>
|
|
ServerName '"$FQDN"'
|
|
RewriteEngine On
|
|
RewriteCond %{HTTPS} !=on
|
|
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
|
|
</VirtualHost>
|
|
<VirtualHost *:443>
|
|
ServerName '"$FQDN"'
|
|
DocumentRoot "/var/www/pterodactyl/public"
|
|
AllowEncodedSlashes On
|
|
php_value upload_max_filesize 100M
|
|
php_value post_max_size 100M
|
|
<Directory "/var/www/pterodactyl/public">
|
|
AllowOverride all
|
|
</Directory>
|
|
SSLEngine on
|
|
SSLCertificateFile /etc/letsencrypt/live/'"$FQDN"'/fullchain.pem
|
|
SSLCertificateKeyFile /etc/letsencrypt/live/'"$FQDN"'/privkey.pem
|
|
</VirtualHost>
|
|
' | sudo -E tee /etc/apache2/sites-available/pterodactyl.conf >/dev/null 2>&1
|
|
|
|
ln -s /etc/apache2/sites-available/pterodactyl.conf /etc/apache2/sites-enabled/pterodactyl.conf
|
|
a2enmod ssl
|
|
a2enmod rewrite
|
|
service apache2 restart
|
|
}
|
|
|
|
nginx_config_redhat(){
|
|
output "Configuring Nginx web server..."
|
|
|
|
echo '
|
|
server_tokens off;
|
|
set_real_ip_from 103.21.244.0/22;
|
|
set_real_ip_from 103.22.200.0/22;
|
|
set_real_ip_from 103.31.4.0/22;
|
|
set_real_ip_from 104.16.0.0/12;
|
|
set_real_ip_from 108.162.192.0/18;
|
|
set_real_ip_from 131.0.72.0/22;
|
|
set_real_ip_from 141.101.64.0/18;
|
|
set_real_ip_from 162.158.0.0/15;
|
|
set_real_ip_from 172.64.0.0/13;
|
|
set_real_ip_from 173.245.48.0/20;
|
|
set_real_ip_from 188.114.96.0/20;
|
|
set_real_ip_from 190.93.240.0/20;
|
|
set_real_ip_from 197.234.240.0/22;
|
|
set_real_ip_from 198.41.128.0/17;
|
|
set_real_ip_from 2400:cb00::/32;
|
|
set_real_ip_from 2606:4700::/32;
|
|
set_real_ip_from 2803:f800::/32;
|
|
set_real_ip_from 2405:b500::/32;
|
|
set_real_ip_from 2405:8100::/32;
|
|
set_real_ip_from 2c0f:f248::/32;
|
|
set_real_ip_from 2a06:98c0::/29;
|
|
real_ip_header X-Forwarded-For;
|
|
server {
|
|
listen 80 default_server;
|
|
server_name '"$FQDN"';
|
|
return 301 https://$server_name$request_uri;
|
|
}
|
|
server {
|
|
listen 443 ssl http2 default_server;
|
|
server_name '"$FQDN"';
|
|
root /var/www/pterodactyl/public;
|
|
index index.php;
|
|
access_log /var/log/nginx/pterodactyl.app-access.log;
|
|
error_log /var/log/nginx/pterodactyl.app-error.log error;
|
|
# allow larger file uploads and longer script runtimes
|
|
client_max_body_size 100m;
|
|
client_body_timeout 120s;
|
|
|
|
sendfile off;
|
|
# strengthen ssl security
|
|
ssl_certificate /etc/letsencrypt/live/'"$FQDN"'/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/'"$FQDN"'/privkey.pem;
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_session_cache shared:SSL:10m;
|
|
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
|
|
|
|
# See the link below for more SSL information:
|
|
# https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
|
|
#
|
|
# ssl_dhparam /etc/ssl/certs/dhparam.pem;
|
|
# Add headers to serve security related headers
|
|
add_header Strict-Transport-Security "max-age=15768000; preload;";
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
add_header X-Robots-Tag none;
|
|
add_header Content-Security-Policy "frame-ancestors 'self'";
|
|
location / {
|
|
try_files $uri $uri/ /index.php?$query_string;
|
|
}
|
|
location ~ \.php$ {
|
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
fastcgi_pass unix:/var/run/php-fpm/pterodactyl.sock;
|
|
fastcgi_index index.php;
|
|
include fastcgi_params;
|
|
fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M";
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
fastcgi_param HTTP_PROXY "";
|
|
fastcgi_intercept_errors off;
|
|
fastcgi_buffer_size 16k;
|
|
fastcgi_buffers 4 16k;
|
|
fastcgi_connect_timeout 300;
|
|
fastcgi_send_timeout 300;
|
|
fastcgi_read_timeout 300;
|
|
include /etc/nginx/fastcgi_params;
|
|
}
|
|
location ~ /\.ht {
|
|
deny all;
|
|
}
|
|
}
|
|
' | sudo -E tee /etc/nginx/conf.d/pterodactyl.conf >/dev/null 2>&1
|
|
|
|
service nginx restart
|
|
chown -R nginx:nginx $(pwd)
|
|
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/pterodactyl/storage(/.*)?"
|
|
restorecon -R /var/www/pterodactyl
|
|
}
|
|
|
|
apache_config_redhat() {
|
|
output "Configuring Apache2 web server..."
|
|
echo '
|
|
<VirtualHost *:80>
|
|
ServerName '"$FQDN"'
|
|
RewriteEngine On
|
|
RewriteCond %{HTTPS} !=on
|
|
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
|
|
</VirtualHost>
|
|
<VirtualHost *:443>
|
|
ServerName '"$FQDN"'
|
|
DocumentRoot "/var/www/pterodactyl/public"
|
|
AllowEncodedSlashes On
|
|
<Directory "/var/www/pterodactyl/public">
|
|
AllowOverride all
|
|
</Directory>
|
|
SSLEngine on
|
|
SSLCertificateFile /etc/letsencrypt/live/'"$FQDN"'/fullchain.pem
|
|
SSLCertificateKeyFile /etc/letsencrypt/live/'"$FQDN"'/privkey.pem
|
|
</VirtualHost>
|
|
' | sudo -E tee /etc/httpd/conf.d/pterodactyl.conf >/dev/null 2>&1
|
|
service httpd restart
|
|
}
|
|
|
|
php_config(){
|
|
output "Configuring PHP socket..."
|
|
bash -c 'cat > /etc/php-fpm.d/www-pterodactyl.conf' <<-'EOF'
|
|
[pterodactyl]
|
|
user = nginx
|
|
group = nginx
|
|
listen = /var/run/php-fpm/pterodactyl.sock
|
|
listen.owner = nginx
|
|
listen.group = nginx
|
|
listen.mode = 0750
|
|
pm = ondemand
|
|
pm.max_children = 9
|
|
pm.process_idle_timeout = 10s
|
|
pm.max_requests = 200
|
|
EOF
|
|
systemctl restart php-fpm
|
|
}
|
|
|
|
webserver_config(){
|
|
if [ "$lsb_dist" = "debian" ] || [ "$lsb_dist" = "ubuntu" ]; then
|
|
if [ "$installoption" = "1" ]; then
|
|
if [ "$webserver" = "1" ]; then
|
|
nginx_config
|
|
elif [ "$webserver" = "2" ]; then
|
|
apache_config
|
|
fi
|
|
elif [ "$installoption" = "2" ]; then
|
|
if [ "$webserver" = "1" ]; then
|
|
nginx_config_0.7.19
|
|
elif [ "$webserver" = "2" ]; then
|
|
apache_config
|
|
fi
|
|
elif [ "$installoption" = "3" ]; then
|
|
if [ "$webserver" = "1" ]; then
|
|
nginx_config
|
|
elif [ "$webserver" = "2" ]; then
|
|
apache_config
|
|
fi
|
|
elif [ "$installoption" = "4" ]; then
|
|
if [ "$webserver" = "1" ]; then
|
|
nginx_config_0.7.19
|
|
elif [ "$webserver" = "2" ]; then
|
|
apache_config
|
|
fi
|
|
elif [ "$installoption" = "5" ]; then
|
|
if [ "$webserver" = "1" ]; then
|
|
nginx_config
|
|
elif [ "$webserver" = "2" ]; then
|
|
apache_config
|
|
fi
|
|
elif [ "$installoption" = "6" ]; then
|
|
if [ "$webserver" = "1" ]; then
|
|
nginx_config_0.7.19
|
|
elif [ "$webserver" = "2" ]; then
|
|
apache_config
|
|
fi
|
|
fi
|
|
elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
|
|
if [ "$webserver" = "1" ]; then
|
|
php_config
|
|
nginx_config_redhat
|
|
chown -R nginx:nginx /var/lib/php/session
|
|
elif [ "$webserver" = "2" ]; then
|
|
apache_config_redhat
|
|
fi
|
|
fi
|
|
}
|
|
|
|
setup_pterodactyl(){
|
|
install_dependencies
|
|
install_pterodactyl
|
|
ssl_certs
|
|
webserver_config
|
|
}
|
|
|
|
|
|
setup_pterodactyl_0.7.19(){
|
|
install_dependencies_0.7.19
|
|
install_pterodactyl_0.7.19
|
|
ssl_certs
|
|
webserver_config
|
|
theme
|
|
}
|
|
|
|
install_wings() {
|
|
cd /root
|
|
output "Installing Pterodactyl Wings dependencies..."
|
|
if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
|
|
apt-get -y install curl tar unzip
|
|
elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
|
|
yum -y install curl tar unzip
|
|
fi
|
|
|
|
output "Installing Docker"
|
|
curl -sSL https://get.docker.com/ | CHANNEL=stable bash
|
|
|
|
service docker start
|
|
systemctl enable docker
|
|
output "Enabling SWAP support for Docker."
|
|
sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="[^"]*/& swapaccount=1/' /etc/default/grub
|
|
output "Installing the Pterodactyl wings..."
|
|
mkdir -p /etc/pterodactyl /srv/daemon-data
|
|
cd /etc/pterodactyl
|
|
curl -L -o /usr/local/bin/wings https://github.com/pterodactyl/wings/releases/download/${WINGS}/wings_linux_amd64
|
|
chmod u+x /usr/local/bin/wings
|
|
bash -c 'cat > /etc/systemd/system/wings.service' <<-'EOF'
|
|
[Unit]
|
|
Description=Pterodactyl Wings Daemon
|
|
After=docker.service
|
|
|
|
[Service]
|
|
User=root
|
|
WorkingDirectory=/etc/pterodactyl
|
|
LimitNOFILE=4096
|
|
PIDFile=/var/run/wings/daemon.pid
|
|
ExecStart=/usr/local/bin/wings
|
|
Restart=on-failure
|
|
StartLimitInterval=600
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
|
|
systemctl enable wings
|
|
systemctl start wings
|
|
output "Wings ${WINGS} has now been installed on your system."
|
|
}
|
|
|
|
install_daemon() {
|
|
cd /root
|
|
output "Installing Pterodactyl Daemon dependencies..."
|
|
if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
|
|
apt-get -y install curl tar unzip
|
|
elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
|
|
yum -y install curl tar unzip
|
|
fi
|
|
|
|
output "Installing Docker"
|
|
curl -sSL https://get.docker.com/ | CHANNEL=stable bash
|
|
|
|
service docker start
|
|
systemctl enable docker
|
|
output "Enabling SWAP support for Docker & installing NodeJS..."
|
|
sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="[^"]*/& swapaccount=1/' /etc/default/grub
|
|
if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
|
|
update-grub
|
|
curl -sL https://deb.nodesource.com/setup_12.x | sudo bash -
|
|
if [ "$lsb_dist" = "ubuntu" ] && [ "$dist_version" = "20.04" ]; then
|
|
apt -y install nodejs make gcc g++
|
|
npm install node-gyp
|
|
elif [ "$lsb_dist" = "debian" ] && [ "$dist_version" = "10" ]; then
|
|
apt -y install nodejs make gcc g++
|
|
else
|
|
apt -y install nodejs make gcc g++ node-gyp
|
|
fi
|
|
apt-get -y update
|
|
apt-get -y upgrade
|
|
apt-get -y autoremove
|
|
apt-get -y autoclean
|
|
elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ]; then
|
|
grub2-mkconfig -o "$(readlink /etc/grub2.conf)"
|
|
if [ "$lsb_dist" = "fedora" ]; then
|
|
dnf -y module install nodejs:12/minimal
|
|
dnf install -y tar unzip make gcc gcc-c++ python2
|
|
fi
|
|
elif [ "$lsb_dist" = "centos" ] && [ "$dist_version" = "8" ]; then
|
|
dnf -y module install nodejs:12/minimal
|
|
dnf install -y tar unzip make gcc gcc-c++ python2
|
|
yum -y upgrade
|
|
yum -y autoremove
|
|
yum -y clean packages
|
|
fi
|
|
output "Installing the Pterodactyl daemon..."
|
|
mkdir -p /srv/daemon /srv/daemon-data
|
|
cd /srv/daemon
|
|
curl -L https://github.com/pterodactyl/daemon/releases/download/${DAEMON_LEGACY}/daemon.tar.gz | tar --strip-components=1 -xzv
|
|
npm install --only=production --no-audit --unsafe-perm
|
|
bash -c 'cat > /etc/systemd/system/wings.service' <<-'EOF'
|
|
[Unit]
|
|
Description=Pterodactyl Wings Daemon
|
|
After=docker.service
|
|
[Service]
|
|
User=root
|
|
#Group=some_group
|
|
WorkingDirectory=/srv/daemon
|
|
LimitNOFILE=4096
|
|
PIDFile=/var/run/wings/daemon.pid
|
|
ExecStart=/usr/bin/node /srv/daemon/src/index.js
|
|
Restart=on-failure
|
|
StartLimitInterval=600
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
|
|
systemctl daemon-reload
|
|
systemctl enable wings
|
|
|
|
output "Daemon installation is nearly complete, please go to the panel and get your 'Auto Deploy' command in the node configuration tab."
|
|
output "Paste your auto deploy command below: "
|
|
read AUTODEPLOY
|
|
${AUTODEPLOY}
|
|
service wings start
|
|
output "Daemon ${DAEMON_LEGACY} has now been installed on your system."
|
|
}
|
|
|
|
migrate_wings(){
|
|
mkdir -p /etc/pterodactyl
|
|
curl -L -o /usr/local/bin/wings https://github.com/pterodactyl/wings/releases/download/${WINGS}/wings_linux_amd64
|
|
chmod u+x /usr/local/bin/wings
|
|
systemctl stop wings
|
|
rm -rf /srv/daemon
|
|
systemctl disable --now pterosftp
|
|
rm /etc/systemd/system/pterosftp.service
|
|
bash -c 'cat > /etc/systemd/system/wings.service' <<-'EOF'
|
|
[Unit]
|
|
Description=Pterodactyl Wings Daemon
|
|
After=docker.service
|
|
|
|
[Service]
|
|
User=root
|
|
WorkingDirectory=/etc/pterodactyl
|
|
LimitNOFILE=4096
|
|
PIDFile=/var/run/wings/daemon.pid
|
|
ExecStart=/usr/local/bin/wings
|
|
Restart=on-failure
|
|
StartLimitInterval=600
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
systemctl daemon-reload
|
|
systemctl enable --now wings
|
|
output "Your daemon has been migrated to wings."
|
|
}
|
|
|
|
upgrade_daemon(){
|
|
cd /srv/daemon
|
|
service wings stop
|
|
curl -L https://github.com/pterodactyl/daemon/releases/download/${DAEMON_LEGACY}/daemon.tar.gz | tar --strip-components=1 -xzv
|
|
npm install -g npm
|
|
npm install --only=production --no-audit --unsafe-perm
|
|
service wings restart
|
|
output "Your daemon has been updated to version ${DAEMON_LEGACY}."
|
|
output "npm has been updated to the latest version."
|
|
}
|
|
|
|
install_standalone_sftp(){
|
|
os_check
|
|
if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
|
|
apt-get -y install jq
|
|
elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ]; then
|
|
yum -y install jq
|
|
fi
|
|
if [ ! -f /srv/daemon/config/core.json ]; then
|
|
warn "YOU MUST CONFIGURE YOUR DAEMON PROPERLY BEFORE INSTALLING THE STANDALONE SFTP SERVER!"
|
|
exit 11
|
|
fi
|
|
cd /srv/daemon
|
|
if [ $(cat /srv/daemon/config/core.json | jq -r '.sftp.enabled') == "null" ]; then
|
|
output "Updating config to enable sftp-server..."
|
|
cat /srv/daemon/config/core.json | jq '.sftp.enabled |= false' > /tmp/core
|
|
cat /tmp/core > /srv/daemon/config/core.json
|
|
rm -rf /tmp/core
|
|
elif [ $(cat /srv/daemon/config/core.json | jq -r '.sftp.enabled') == "false" ]; then
|
|
output "Config already set up for Golang SFTP server."
|
|
else
|
|
output "You may have purposely set the SFTP to true which will cause this to fail."
|
|
fi
|
|
service wings restart
|
|
output "Installing standalone SFTP server..."
|
|
curl -Lo sftp-server https://github.com/pterodactyl/sftp-server/releases/download/v1.0.5/sftp-server
|
|
chmod +x sftp-server
|
|
bash -c 'cat > /etc/systemd/system/pterosftp.service' <<-'EOF'
|
|
[Unit]
|
|
Description=Pterodactyl Standalone SFTP Server
|
|
After=wings.service
|
|
[Service]
|
|
User=root
|
|
WorkingDirectory=/srv/daemon
|
|
LimitNOFILE=4096
|
|
PIDFile=/var/run/wings/sftp.pid
|
|
ExecStart=/srv/daemon/sftp-server
|
|
Restart=on-failure
|
|
StartLimitInterval=600
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
systemctl enable pterosftp
|
|
service pterosftp restart
|
|
}
|
|
|
|
upgrade_standalone_sftp(){
|
|
output "Turning off the standalone SFTP server..."
|
|
service pterosftp stop
|
|
curl -Lo sftp-server https://github.com/pterodactyl/sftp-server/releases/download/v1.0.5/sftp-server
|
|
chmod +x sftp-server
|
|
service pterosftp start
|
|
output "Your standalone SFTP server has successfully been updated to v1.0.5."
|
|
}
|
|
|
|
install_mobile(){
|
|
cd /var/www/pterodactyl
|
|
composer config repositories.cloud composer https://packages.pterodactyl.cloud
|
|
composer require pterodactyl/mobile-addon --update-no-dev --optimize-autoloader
|
|
php artisan migrate --force
|
|
}
|
|
|
|
upgrade_mobile(){
|
|
cd /var/www/pterodactyl
|
|
composer update pterodactyl/mobile-addon
|
|
php artisan migrate --force
|
|
}
|
|
|
|
install_phpmyadmin(){
|
|
output "Installing phpMyAdmin..."
|
|
cd /var/www/pterodactyl/public
|
|
rm -rf phpmyadmin
|
|
wget https://files.phpmyadmin.net/phpMyAdmin/${PHPMYADMIN}/phpMyAdmin-${PHPMYADMIN}-all-languages.zip
|
|
unzip phpMyAdmin-${PHPMYADMIN}-all-languages.zip
|
|
mv phpMyAdmin-${PHPMYADMIN}-all-languages phpmyadmin
|
|
rm -rf phpMyAdmin-${PHPMYADMIN}-all-languages.zip
|
|
cd /var/www/pterodactyl/public/phpmyadmin
|
|
|
|
SERVER_IP=$(curl -s http://checkip.amazonaws.com)
|
|
BOWFISH=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 34 | head -n 1`
|
|
bash -c 'cat > /var/www/pterodactyl/public/phpmyadmin/config.inc.php' <<EOF
|
|
<?php
|
|
/* Servers configuration */
|
|
\$i = 0;
|
|
/* Server: MariaDB [1] */
|
|
\$i++;
|
|
\$cfg['Servers'][\$i]['verbose'] = 'MariaDB';
|
|
\$cfg['Servers'][\$i]['host'] = '${SERVER_IP}';
|
|
\$cfg['Servers'][\$i]['port'] = '';
|
|
\$cfg['Servers'][\$i]['socket'] = '';
|
|
\$cfg['Servers'][\$i]['auth_type'] = 'cookie';
|
|
\$cfg['Servers'][\$i]['user'] = 'root';
|
|
\$cfg['Servers'][\$i]['password'] = '';
|
|
/* End of servers configuration */
|
|
\$cfg['blowfish_secret'] = '${BOWFISH}';
|
|
\$cfg['DefaultLang'] = 'en';
|
|
\$cfg['ServerDefault'] = 1;
|
|
\$cfg['UploadDir'] = '';
|
|
\$cfg['SaveDir'] = '';
|
|
\$cfg['CaptchaLoginPublicKey'] = '6LcJcjwUAAAAAO_Xqjrtj9wWufUpYRnK6BW8lnfn';
|
|
\$cfg['CaptchaLoginPrivateKey'] = '6LcJcjwUAAAAALOcDJqAEYKTDhwELCkzUkNDQ0J5'
|
|
?>
|
|
EOF
|
|
output "Installation completed."
|
|
if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
|
|
chown -R www-data:www-data * /var/www/pterodactyl
|
|
elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
|
|
chown -R apache:apache * /var/www/pterodactyl
|
|
chown -R nginx:nginx * /var/www/pterodactyl
|
|
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/pterodactyl/storage(/.*)?"
|
|
restorecon -R /var/www/pterodactyl
|
|
fi
|
|
}
|
|
|
|
ssl_certs(){
|
|
output "Installing Let's Encrypt and creating an SSL certificate..."
|
|
cd /root
|
|
if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
|
|
apt-get -y install certbot
|
|
elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
|
|
yum -y install certbot
|
|
fi
|
|
if [ "$webserver" = "1" ]; then
|
|
service nginx stop
|
|
elif [ "$webserver" = "2" ]; then
|
|
if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
|
|
service apache2 stop
|
|
elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
|
|
service httpd stop
|
|
fi
|
|
fi
|
|
|
|
certbot certonly --standalone --email "$email" --agree-tos -d "$FQDN" --non-interactive
|
|
|
|
if [ "$installoption" = "2" ]; then
|
|
if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
|
|
ufw deny 80
|
|
elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
|
|
firewall-cmd --permanent --remove-port=80/tcp
|
|
firewall-cmd --reload
|
|
fi
|
|
else
|
|
if [ "$webserver" = "1" ]; then
|
|
service nginx restart
|
|
elif [ "$webserver" = "2" ]; then
|
|
if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
|
|
service apache2 restart
|
|
elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
|
|
service httpd restart
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
if [ "$lsb_dist" = "debian" ] || [ "$lsb_dist" = "ubuntu" ]; then
|
|
if [ "$installoption" = "1" ]; then
|
|
if [ "$webserver" = "1" ]; then
|
|
(crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service nginx stop" --post-hook "service nginx restart" >> /dev/null 2>&1')| crontab -
|
|
elif [ "$webserver" = "2" ]; then
|
|
(crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service apache2 stop" --post-hook "service apache2 restart" >> /dev/null 2>&1')| crontab -
|
|
fi
|
|
elif [ "$installoption" = "2" ]; then
|
|
if [ "$webserver" = "1" ]; then
|
|
(crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service nginx stop" --post-hook "service nginx restart" >> /dev/null 2>&1')| crontab -
|
|
elif [ "$webserver" = "2" ]; then
|
|
(crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service apache2 stop" --post-hook "service apache2 restart" >> /dev/null 2>&1')| crontab -
|
|
fi
|
|
elif [ "$installoption" = "3" ]; then
|
|
(crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "ufw allow 80" --pre-hook "service wings stop" --post-hook "ufw deny 80" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab -
|
|
elif [ "$installoption" = "4" ]; then
|
|
(crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "ufw allow 80" --pre-hook "service wings stop" --post-hook "ufw deny 80" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab -
|
|
elif [ "$installoption" = "5" ]; then
|
|
if [ "$webserver" = "1" ]; then
|
|
(crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service nginx stop" --pre-hook "service wings stop" --post-hook "service nginx restart" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab -
|
|
elif [ "$webserver" = "2" ]; then
|
|
(crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service apache2 stop" --pre-hook "service wings stop" --post-hook "service apache2 restart" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab -
|
|
fi
|
|
elif [ "$installoption" = "6" ]; then
|
|
if [ "$webserver" = "1" ]; then
|
|
(crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service nginx stop" --pre-hook "service wings stop" --post-hook "service nginx restart" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab -
|
|
elif [ "$webserver" = "2" ]; then
|
|
(crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service apache2 stop" --pre-hook "service wings stop" --post-hook "service apache2 restart" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab -
|
|
fi
|
|
fi
|
|
elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
|
|
if [ "$installoption" = "1" ]; then
|
|
if [ "$webserver" = "1" ]; then
|
|
(crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service nginx stop" --post-hook "service nginx restart" >> /dev/null 2>&1')| crontab -
|
|
elif [ "$webserver" = "2" ]; then
|
|
(crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service httpd stop" --post-hook "service httpd restart" >> /dev/null 2>&1')| crontab -
|
|
fi
|
|
elif [ "$installoption" = "2" ]; then
|
|
if [ "$webserver" = "1" ]; then
|
|
(crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service nginx stop" --post-hook "service nginx restart" >> /dev/null 2>&1')| crontab -
|
|
elif [ "$webserver" = "2" ]; then
|
|
(crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service httpd stop" --post-hook "service httpd restart" >> /dev/null 2>&1')| crontab -
|
|
fi
|
|
elif [ "$installoption" = "3" ]; then
|
|
(crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "firewall-cmd --add-port=80/tcp && firewall-cmd --reload" --pre-hook "service wings stop" --post-hook "firewall-cmd --remove-port=80/tcp && firewall-cmd --reload" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab -
|
|
elif [ "$installoption" = "4" ]; then
|
|
(crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "firewall-cmd --add-port=80/tcp && firewall-cmd --reload" --pre-hook "service wings stop" --post-hook "firewall-cmd --remove-port=80/tcp && firewall-cmd --reload" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab -
|
|
elif [ "$installoption" = "5" ]; then
|
|
if [ "$webserver" = "1" ]; then
|
|
(crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service nginx stop" --pre-hook "service wings stop" --post-hook "service nginx restart" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab -
|
|
elif [ "$webserver" = "2" ]; then
|
|
(crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service httpd stop" --pre-hook "service wings stop" --post-hook "service httpd restart" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab -
|
|
fi
|
|
elif [ "$installoption" = "5" ]; then
|
|
if [ "$webserver" = "1" ]; then
|
|
(crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service nginx stop" --pre-hook "service wings stop" --post-hook "service nginx restart" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab -
|
|
elif [ "$webserver" = "2" ]; then
|
|
(crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service httpd stop" --pre-hook "service wings stop" --post-hook "service httpd restart" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab -
|
|
fi
|
|
elif [ "$installoption" = "6" ]; then
|
|
if [ "$webserver" = "1" ]; then
|
|
(crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service nginx stop" --pre-hook "service wings stop" --post-hook "service nginx restart" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab -
|
|
elif [ "$webserver" = "2" ]; then
|
|
(crontab -l ; echo '0 0,12 * * * certbot renew --pre-hook "service httpd stop" --pre-hook "service wings stop" --post-hook "service httpd restart" --post-hook "service wings restart" >> /dev/null 2>&1')| crontab -
|
|
fi
|
|
fi
|
|
fi
|
|
}
|
|
|
|
firewall(){
|
|
if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
|
|
apt -y install iptables
|
|
elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "rhel" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "cloudlinux" ]; then
|
|
yum -y install iptables
|
|
fi
|
|
|
|
curl -sSL https://raw.githubusercontent.com/tommytran732/Anti-DDOS-Iptables/master/iptables-no-prompt.sh | sudo bash
|
|
block_icmp
|
|
javapipe_kernel
|
|
output "Setting up Fail2Ban..."
|
|
if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
|
|
apt -y install fail2ban
|
|
elif [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "rhel" ]; then
|
|
yum -y install fail2ban
|
|
fi
|
|
systemctl enable fail2ban
|
|
bash -c 'cat > /etc/fail2ban/jail.local' <<-'EOF'
|
|
[DEFAULT]
|
|
# Ban hosts for ten hours:
|
|
bantime = 36000
|
|
# Override /etc/fail2ban/jail.d/00-firewalld.conf:
|
|
banaction = iptables-multiport
|
|
[sshd]
|
|
enabled = true
|
|
EOF
|
|
service fail2ban restart
|
|
|
|
output "Configuring your firewall..."
|
|
if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
|
|
apt-get -y install ufw
|
|
ufw allow 22
|
|
if [ "$installoption" = "1" ]; then
|
|
ufw allow 80
|
|
ufw allow 443
|
|
ufw allow 3306
|
|
elif [ "$installoption" = "2" ]; then
|
|
ufw allow 80
|
|
ufw allow 443
|
|
ufw allow 3306
|
|
elif [ "$installoption" = "3" ]; then
|
|
ufw allow 80
|
|
ufw allow 8080
|
|
ufw allow 2022
|
|
elif [ "$installoption" = "4" ]; then
|
|
ufw allow 80
|
|
ufw allow 8080
|
|
ufw allow 2022
|
|
elif [ "$installoption" = "5" ]; then
|
|
ufw allow 80
|
|
ufw allow 443
|
|
ufw allow 8080
|
|
ufw allow 2022
|
|
ufw allow 3306
|
|
elif [ "$installoption" = "6" ]; then
|
|
ufw allow 80
|
|
ufw allow 443
|
|
ufw allow 8080
|
|
ufw allow 2022
|
|
ufw allow 3306
|
|
fi
|
|
yes |ufw enable
|
|
elif [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "rhel" ]; then
|
|
yum -y install firewalld
|
|
systemctl enable firewalld
|
|
systemctl start firewalld
|
|
if [ "$installoption" = "1" ]; then
|
|
firewall-cmd --add-service=http --permanent
|
|
firewall-cmd --add-service=https --permanent
|
|
firewall-cmd --add-service=mysql --permanent
|
|
elif [ "$installoption" = "2" ]; then
|
|
firewall-cmd --add-service=http --permanent
|
|
firewall-cmd --add-service=https --permanent
|
|
firewall-cmd --add-service=mysql --permanent
|
|
elif [ "$installoption" = "3" ]; then
|
|
firewall-cmd --permanent --add-service=80/tcp
|
|
firewall-cmd --permanent --add-port=2022/tcp
|
|
firewall-cmd --permanent --add-port=8080/tcp
|
|
elif [ "$installoption" = "4" ]; then
|
|
firewall-cmd --permanent --add-service=80/tcp
|
|
firewall-cmd --permanent --add-port=2022/tcp
|
|
firewall-cmd --permanent --add-port=8080/tcp
|
|
elif [ "$installoption" = "5" ]; then
|
|
firewall-cmd --add-service=http --permanent
|
|
firewall-cmd --add-service=https --permanent
|
|
firewall-cmd --permanent --add-port=2022/tcp
|
|
firewall-cmd --permanent --add-port=8080/tcp
|
|
firewall-cmd --permanent --add-service=mysql
|
|
elif [ "$installoption" = "6" ]; then
|
|
firewall-cmd --add-service=http --permanent
|
|
firewall-cmd --add-service=https --permanent
|
|
firewall-cmd --permanent --add-port=2022/tcp
|
|
firewall-cmd --permanent --add-port=8080/tcp
|
|
firewall-cmd --permanent --add-service=mysql
|
|
fi
|
|
fi
|
|
}
|
|
|
|
block_icmp(){
|
|
output "Block ICMP (Ping) Packets?"
|
|
output "You should choose [1] if you are not using a monitoring system and [2] otherwise."
|
|
output "[1] Yes."
|
|
output "[2] No."
|
|
read icmp
|
|
case $icmp in
|
|
1 ) /sbin/iptables -t mangle -A PREROUTING -p icmp -j DROP
|
|
(crontab -l ; echo "@reboot /sbin/iptables -t mangle -A PREROUTING -p icmp -j DROP >> /dev/null 2>&1")| crontab -
|
|
;;
|
|
2 ) output "Skipping rule..."
|
|
;;
|
|
* ) output "You did not enter a valid selection."
|
|
block_icmp
|
|
esac
|
|
}
|
|
|
|
javapipe_kernel(){
|
|
output "Apply JavaPipe's kernel configurations (https://javapipe.com/blog/iptables-ddos-protection)?"
|
|
output "[1] Yes."
|
|
output "[2] No."
|
|
read javapipe
|
|
case $javapipe in
|
|
1) sh -c "$(curl -sSL https://raw.githubusercontent.com/tommytran732/Anti-DDOS-Iptables/master/javapipe_kernel.sh)"
|
|
;;
|
|
2) output "JavaPipe kernel modifications not applied."
|
|
;;
|
|
* ) output "You did not enter a valid selection."
|
|
javapipe_kernel
|
|
esac
|
|
}
|
|
|
|
install_database() {
|
|
if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
|
|
apt -y install mariadb-server
|
|
elif [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "rhel" ]; then
|
|
if [ "$dist_version" = "8" ]; then
|
|
dnf -y install MariaDB-server MariaDB-client --disablerepo=AppStream
|
|
fi
|
|
else
|
|
dnf -y install MariaDB-server
|
|
fi
|
|
|
|
output "Creating the databases and setting root password..."
|
|
password=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1`
|
|
adminpassword=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1`
|
|
rootpassword=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1`
|
|
Q0="DROP DATABASE IF EXISTS test;"
|
|
Q1="CREATE DATABASE IF NOT EXISTS panel;"
|
|
Q2="SET old_passwords=0;"
|
|
Q3="GRANT ALL ON panel.* TO 'pterodactyl'@'127.0.0.1' IDENTIFIED BY '$password';"
|
|
Q4="GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, ALTER, INDEX, DROP, EXECUTE, PROCESS, RELOAD, LOCK TABLES, CREATE USER ON *.* TO 'admin'@'$SERVER_IP' IDENTIFIED BY '$adminpassword' WITH GRANT OPTION;"
|
|
Q5="SET PASSWORD FOR 'root'@'localhost' = PASSWORD('$rootpassword');"
|
|
Q6="DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
|
|
Q7="DELETE FROM mysql.user WHERE User='';"
|
|
Q8="DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%';"
|
|
Q9="FLUSH PRIVILEGES;"
|
|
SQL="${Q0}${Q1}${Q2}${Q3}${Q4}${Q5}${Q6}${Q7}${Q8}${Q9}"
|
|
mysql -u root -e "$SQL"
|
|
|
|
output "Binding MariaDB/MySQL to 0.0.0.0."
|
|
if [ -f /etc/mysql/my.cnf ] ; then
|
|
sed -i -- 's/bind-address/# bind-address/g' /etc/mysql/my.cnf
|
|
sed -i '/\[mysqld\]/a bind-address = 0.0.0.0' /etc/mysql/my.cnf
|
|
output 'Restarting MySQL process...'
|
|
service mysql restart
|
|
elif [ -f /etc/my.cnf ] ; then
|
|
sed -i -- 's/bind-address/# bind-address/g' /etc/my.cnf
|
|
sed -i '/\[mysqld\]/a bind-address = 0.0.0.0' /etc/my.cnf
|
|
output 'Restarting MySQL process...'
|
|
service mysql restart
|
|
elif [ -f /etc/mysql/my.conf.d/mysqld.cnf ] ; then
|
|
sed -i -- 's/bind-address/# bind-address/g' /etc/my.cnf
|
|
sed -i '/\[mysqld\]/a bind-address = 0.0.0.0' /etc/my.cnf
|
|
output 'Restarting MySQL process...'
|
|
service mysql restart
|
|
else
|
|
output 'File my.cnf was not found! Please contact support.'
|
|
fi
|
|
|
|
if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
|
|
yes | ufw allow 3306
|
|
elif [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "rhel" ]; then
|
|
firewall-cmd --permanent --add-service=mysql
|
|
firewall-cmd --reload
|
|
fi
|
|
|
|
broadcast_database
|
|
}
|
|
|
|
database_host_reset(){
|
|
SERVER_IP=$(curl -s http://checkip.amazonaws.com)
|
|
adminpassword=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1`
|
|
Q0="SET old_passwords=0;"
|
|
Q1="SET PASSWORD FOR 'admin'@'$SERVER_IP' = PASSWORD('$adminpassword');"
|
|
Q2="FLUSH PRIVILEGES;"
|
|
SQL="${Q0}${Q1}${Q2}"
|
|
mysql mysql -e "$SQL"
|
|
output "New database host information:"
|
|
output "Host: $SERVER_IP"
|
|
output "Port: 3306"
|
|
output "User: admin"
|
|
output "Password: $adminpassword"
|
|
}
|
|
|
|
broadcast(){
|
|
if [ "$installoption" = "1" ] || [ "$installoption" = "3" ]; then
|
|
broadcast_database
|
|
fi
|
|
output "###############################################################"
|
|
output "FIREWALL INFORMATION"
|
|
output ""
|
|
output "All unnecessary ports are blocked by default."
|
|
if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
|
|
output "Use 'ufw allow <port>' to enable your desired ports."
|
|
elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "centos" ] && [ "$dist_version" != "8" ]; then
|
|
output "Use 'firewall-cmd --permanent --add-port=<port>/tcp' to enable your desired ports."
|
|
fi
|
|
output "###############################################################"
|
|
output ""
|
|
}
|
|
|
|
broadcast_database(){
|
|
output "###############################################################"
|
|
output "MARIADB/MySQL INFORMATION"
|
|
output ""
|
|
output "Your MariaDB/MySQL root password is $rootpassword"
|
|
output ""
|
|
output "Create your MariaDB/MySQL host with the following information:"
|
|
output "Host: $SERVER_IP"
|
|
output "Port: 3306"
|
|
output "User: admin"
|
|
output "Password: $adminpassword"
|
|
output "###############################################################"
|
|
output ""
|
|
}
|
|
|
|
#Execution
|
|
preflight
|
|
install_options
|
|
case $installoption in
|
|
1) webserver_options
|
|
repositories_setup
|
|
required_infos
|
|
firewall
|
|
setup_pterodactyl
|
|
broadcast
|
|
broadcast_database
|
|
;;
|
|
2) webserver_options
|
|
theme_options
|
|
repositories_setup_0.7.19
|
|
required_infos
|
|
firewall
|
|
setup_pterodactyl_0.7.19
|
|
broadcast
|
|
;;
|
|
3) repositories_setup
|
|
required_infos
|
|
firewall
|
|
ssl_certs
|
|
install_wings
|
|
broadcast
|
|
broadcast_database
|
|
;;
|
|
4) repositories_setup_0.7.19
|
|
required_infos
|
|
firewall
|
|
ssl_certs
|
|
install_daemon
|
|
broadcast
|
|
;;
|
|
5) webserver_options
|
|
repositories_setup
|
|
required_infos
|
|
firewall
|
|
ssl_certs
|
|
setup_pterodactyl
|
|
install_wings
|
|
broadcast
|
|
;;
|
|
6) webserver_options
|
|
theme_options
|
|
repositories_setup_0.7.19
|
|
required_infos
|
|
firewall
|
|
setup_pterodactyl_0.7.19
|
|
install_daemon
|
|
broadcast
|
|
;;
|
|
7) install_standalone_sftp
|
|
;;
|
|
8) upgrade_pterodactyl
|
|
;;
|
|
9) upgrade_pterodactyl_1.0
|
|
;;
|
|
10) theme_options
|
|
upgrade_pterodactyl_0.7.19
|
|
theme
|
|
;;
|
|
11) upgrade_daemon
|
|
;;
|
|
12) migrate_wings
|
|
;;
|
|
13) upgrade_pterodactyl_1.0
|
|
migrate_wings
|
|
;;
|
|
14) theme_options
|
|
upgrade_pterodactyl_0.7.19
|
|
theme
|
|
upgrade_daemon
|
|
;;
|
|
15) upgrade_standalone_sftp
|
|
;;
|
|
16) install_mobile
|
|
;;
|
|
17) upgrade_mobile
|
|
;;
|
|
18) install_phpmyadmin
|
|
;;
|
|
19) repositories_setup
|
|
install_database
|
|
;;
|
|
20) theme_options
|
|
if [ "$themeoption" = "1" ]; then
|
|
upgrade_pterodactyl_0.7.19
|
|
fi
|
|
theme
|
|
;;
|
|
21) curl -sSL https://raw.githubusercontent.com/tommytran732/MariaDB-Root-Password-Reset/master/mariadb-104.sh | sudo bash
|
|
;;
|
|
22) database_host_reset
|
|
;;
|
|
esac
|