· 6 years ago · Nov 06, 2019, 11:10 AM
1#!/usr/bin/env bash
2
3# Official Sentora Automated Installation Script
4# =============================================
5#
6# This program is free software: you can redistribute it and/or modify
7# it under the terms of the GNU General Public License as published by
8# the Free Software Foundation, either version 3 of the License, or
9# (at your option) any later version.
10#
11# This program is distributed in the hope that it will be useful,
12# but WITHOUT ANY WARRANTY; without even the implied warranty of
13# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14# GNU General Public License for more details.
15#
16# You should have received a copy of the GNU General Public License
17# along with this program. If not, see <http://www.gnu.org/licenses/>.
18#
19# Supported Operating Systems:
20# CentOS 6.*/7.* Minimal,
21# Ubuntu server 12.04/19.04
22# Debian 7.*/8.*
23# 32bit and 64bit
24#
25# Contributions from:
26#
27# Pascal Peyremorte (ppeyremorte@sentora.org)
28# Mehdi Blagui
29# Kevin Andrews (kevin@zvps.uk)
30#
31# and all those who participated to this and to previous installers.
32# Thanks to all.
33
34##
35# SENTORA_CORE/INSTALLER_VERSION
36# master - latest unstable
37# 1.0.3 - example stable tag
38##
39SENTORA_INSTALLER_VERSION="master"
40SENTORA_CORE_VERSION="1.0.1"
41
42PANEL_PATH="/etc/sentora"
43PANEL_DATA="/var/sentora"
44PANEL_UPGRADE=false
45
46#--- Display the 'welcome' splash/user warning info..
47echo ""
48echo "############################################################"
49echo "# Welcome to the Official Sentora Installer $SENTORA_INSTALLER_VERSION #"
50echo "############################################################"
51
52echo -e "\nChecking that minimal requirements are ok"
53
54# Ensure the OS is compatible with the launcher
55if [ -f /etc/centos-release ]; then
56 OS="CentOs"
57 VERFULL=$(sed 's/^.*release //;s/ (Fin.*$//' /etc/centos-release)
58 VER=${VERFULL:0:1} # return 6 or 7
59elif [ -f /etc/lsb-release ]; then
60 OS=$(grep DISTRIB_ID /etc/lsb-release | sed 's/^.*=//')
61 VER=$(grep DISTRIB_RELEASE /etc/lsb-release | sed 's/^.*=//')
62elif [ -f /etc/os-release ]; then
63 OS=$(grep -w ID /etc/os-release | sed 's/^.*=//')
64 VER=$(grep VERSION_ID /etc/os-release | sed 's/^.*"\(.*\)"/\1/')
65 else
66 OS=$(uname -s)
67 VER=$(uname -r)
68fi
69ARCH=$(uname -m)
70
71echo "Detected : $OS $VER $ARCH"
72
73if [[ "$OS" = "CentOs" && ("$VER" = "6" || "$VER" = "7" ) ||
74 "$OS" = "Ubuntu" && ("$VER" = "12.04" || "$VER" = "19.04" ) ||
75 "$OS" = "debian" && ("$VER" = "7" || "$VER" = "8" ) ]] ; then
76 echo "Ok."
77else
78 echo "Sorry, this OS is not supported by Sentora."
79 exit 1
80fi
81
82# Centos uses repo directory that depends of architecture. Ensure it is compatible
83if [[ "$OS" = "CentOs" ]] ; then
84 if [[ "$ARCH" == "i386" || "$ARCH" == "i486" || "$ARCH" == "i586" || "$ARCH" == "i686" ]]; then
85 ARCH="i386"
86 elif [[ "$ARCH" != "x86_64" ]]; then
87 echo "Unexpected architecture name was returned ($ARCH ). :-("
88 echo "The installer have been designed for i[3-6]8- and x86_64' architectures. If you"
89 echo " think it may work on your, please report it to the Sentora forum or bugtracker."
90 exit 1
91 fi
92fi
93
94# Check if the user is 'root' before allowing installation to commence
95if [ $UID -ne 0 ]; then
96 echo "Install failed: you must be logged in as 'root' to install."
97 echo "Use command 'sudo -i', then enter root password and then try again."
98 exit 1
99fi
100
101# Check for some common control panels that we know will affect the installation/operating of Sentora.
102if [ -e /usr/local/cpanel ] || [ -e /usr/local/directadmin ] || [ -e /usr/local/solusvm/www ] || [ -e /usr/local/home/admispconfig ] || [ -e /usr/local/lxlabs/kloxo ] ; then
103 echo "It appears that a control panel is already installed on your server; This installer"
104 echo "is designed to install and configure Sentora on a clean OS installation only."
105 echo -e "\nPlease re-install your OS before attempting to install using this script."
106 exit 1
107fi
108
109# Check for some common packages that we know will affect the installation/operating of Sentora.
110if [[ "$OS" = "CentOs" ]] ; then
111 PACKAGE_INSTALLER="yum -y -q install"
112 PACKAGE_REMOVER="yum -y -q remove"
113
114 inst() {
115 rpm -q "$1" &> /dev/null
116 }
117
118 if [[ "$VER" = "7" ]]; then
119 DB_PCKG="mariadb" && echo "DB server will be mariaDB"
120 else
121 DB_PCKG="mysql" && echo "DB server will be mySQL"
122 fi
123 HTTP_PCKG="httpd"
124 PHP_PCKG="php"
125 BIND_PCKG="bind"
126elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
127 PACKAGE_INSTALLER="apt-get -yqq install"
128 PACKAGE_REMOVER="apt-get -yqq remove"
129
130 inst() {
131 dpkg -l "$1" 2> /dev/null | grep '^ii' &> /dev/null
132 }
133
134 DB_PCKG="mysql-server"
135 HTTP_PCKG="apache2"
136 PHP_PCKG="apache2-mod-php5"
137 BIND_PCKG="bind9"
138fi
139
140# Note : Postfix is installed by default on centos netinstall / minimum install.
141# The installer seems to work fine even if Postfix is already installed.
142# -> The check of postfix is removed, but this comment remains to remember
143# only check for sentora installed systems zpanel can now upgrade using this script
144if [ -L "/etc/zpanel" ] && [ -d "/etc/zpanel" ]; then
145 pkginst="n"
146 pkginstlist=""
147 for package in "$DB_PCKG" "dovecot-mysql" "$HTTP_PCKG" "$PHP_PCKG" "proftpd" "$BIND_PCKG" ; do
148 if (inst "$package"); then
149 pkginst="y" # At least one package is installed
150 pkginstlist="$package $pkginstlist"
151 fi
152 done
153 if [ $pkginst = "y" ]; then
154 echo "It appears that the folowing package(s) are already installed:"
155 echo "$pkginstlist"
156 echo "This installer is designed to install and configure Sentora on a clean OS installation only!"
157 echo -e "\nPlease re-install your OS before attempting to install using this script."
158 exit 1
159 fi
160 unset pkginst
161 unset pkginstlist
162fi
163
164# *************************************************
165#--- Prepare or query informations required to install
166
167# Update repositories and Install wget and util used to grab server IP
168echo -e "\n-- Installing wget and dns utils required to manage inputs"
169if [[ "$OS" = "CentOs" ]]; then
170 yum -y update
171 $PACKAGE_INSTALLER bind-utils
172elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
173 apt-get -yqq update #ensure we can install
174 $PACKAGE_INSTALLER dnsutils
175fi
176$PACKAGE_INSTALLER wget
177
178extern_ip="$(wget -qO- http://api.sentora.org/ip.txt)"
179#local_ip=$(ifconfig eth0 | sed -En 's|.*inet [^0-9]*(([0-9]*\.){3}[0-9]*).*$|\1|p')
180local_ip=$(ip addr show | awk '$1 == "inet" && $3 == "brd" { sub (/\/.*/,""); print $2 }')
181
182# Enable parameters to be entered on commandline, required for vagrant install
183# -d <panel-domain>
184# -i <server-ip> (or -i local or -i public, see below)
185# -t <timezone-string>
186# like :
187# sentora_install.sh -t Europe/Paris -d panel.domain.tld -i xxx.xxx.xxx.xxx
188# notes:
189# -d and -i must be both present or both absent
190# -i local force use of local detected ip
191# -i public force use of public detected ip
192# if -t is used without -d/-i, timezone is set from value given and not asked to user
193# if -t absent and -d/-i are present, timezone is not set at all
194
195while getopts d:i:t: opt; do
196 case $opt in
197 d)
198 PANEL_FQDN=$OPTARG
199 INSTALL="auto"
200 ;;
201 i)
202 PUBLIC_IP=$OPTARG
203 if [[ "$PUBLIC_IP" == "local" ]] ; then
204 PUBLIC_IP=$local_ip
205 elif [[ "$PUBLIC_IP" == "public" ]] ; then
206 PUBLIC_IP=$extern_ip
207 fi
208 ;;
209 t)
210 echo "$OPTARG" > /etc/timezone
211 tz=$(cat /etc/timezone)
212 ;;
213 esac
214done
215if [[ ("$PANEL_FQDN" != "" && "$PUBLIC_IP" == "") ||
216 ("$PANEL_FQDN" == "" && "$PUBLIC_IP" != "") ]] ; then
217 echo "-d and -i must be both present or both absent."
218 exit 2
219fi
220
221
222if [[ "$tz" == "" && "$PANEL_FQDN" == "" ]] ; then
223 # Propose selection list for the time zone
224 echo "Preparing to select timezone, please wait a few seconds..."
225 $PACKAGE_INSTALLER tzdata
226 # setup server timezone
227 if [[ "$OS" = "CentOs" ]]; then
228 # make tzselect to save TZ in /etc/timezone
229 echo "echo \$TZ > /etc/timezone" >> /usr/bin/tzselect
230 tzselect
231 tz=$(cat /etc/timezone)
232 elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
233 dpkg-reconfigure tzdata
234 tz=$(cat /etc/timezone)
235 fi
236fi
237# clear timezone information to focus user on important notice
238clear
239
240# Installer parameters
241if [[ "$PANEL_FQDN" == "" ]] ; then
242 echo -e "\n\e[1;33m=== Informations required to build your server ===\e[0m"
243 echo 'The installer requires 2 pieces of information:'
244 echo ' 1) the sub-domain that you want to use to access Sentora panel,'
245 echo ' - do not use your main domain (like domain.com)'
246 echo ' - use a sub-domain, e.g panel.domain.com'
247 echo ' - or use the server hostname, e.g server1.domain.com'
248 echo ' - DNS must already be configured and pointing to the server IP'
249 echo ' for this sub-domain'
250 echo ' 2) The public IP of the server.'
251 echo ''
252
253 PANEL_FQDN="$(/bin/hostname)"
254 PUBLIC_IP=$extern_ip
255 while true; do
256 echo ""
257 read -e -p "Enter the sub-domain you want to access Sentora panel: " -i "$PANEL_FQDN" PANEL_FQDN
258
259 if [[ "$PUBLIC_IP" != "$local_ip" ]]; then
260 echo -e "\nThe public IP of the server is $PUBLIC_IP. Its local IP is $local_ip"
261 echo " For a production server, the PUBLIC IP must be used."
262 fi
263 read -e -p "Enter (or confirm) the public IP for this server: " -i "$PUBLIC_IP" PUBLIC_IP
264 echo ""
265
266 # Checks if the panel domain is a subdomain
267 sub=$(echo "$PANEL_FQDN" | sed -n 's|\(.*\)\..*\..*|\1|p')
268 if [[ "$sub" == "" ]]; then
269 echo -e "\e[1;31mWARNING: $PANEL_FQDN is not a subdomain!\e[0m"
270 confirm="true"
271 fi
272
273 # Checks if the panel domain is already assigned in DNS
274 dns_panel_ip=$(host "$PANEL_FQDN"|grep address|cut -d" " -f4)
275 if [[ "$dns_panel_ip" == "" ]]; then
276 echo -e "\e[1;31mWARNING: $PANEL_FQDN is not defined in your DNS!\e[0m"
277 echo " You must add records in your DNS manager (and then wait until propagation is done)."
278 echo " For more information, read the Sentora documentation:"
279 echo " - http://docs.sentora.org/index.php?node=7 (Installing Sentora)"
280 echo " - http://docs.sentora.org/index.php?node=51 (Installer questions)"
281 echo " If this is a production installation, set the DNS up as soon as possible."
282 confirm="true"
283 else
284 echo -e "\e[1;32mOK\e[0m: DNS successfully resolves $PANEL_FQDN to $dns_panel_ip"
285
286 # Check if panel domain matches public IP
287 if [[ "$dns_panel_ip" != "$PUBLIC_IP" ]]; then
288 echo -e -n "\e[1;31mWARNING: $PANEL_FQDN DNS record does not point to $PUBLIC_IP!\e[0m"
289 echo " Sentora will not be reachable from http://$PANEL_FQDN"
290 confirm="true"
291 fi
292 fi
293
294 if [[ "$PUBLIC_IP" != "$extern_ip" && "$PUBLIC_IP" != "$local_ip" ]]; then
295 echo -e -n "\e[1;31mWARNING: $PUBLIC_IP does not match detected IP !\e[0m"
296 echo " Sentora will not work with this IP..."
297 confirm="true"
298 fi
299
300 echo ""
301 # if any warning, ask confirmation to continue or propose to change
302 if [[ "$confirm" != "" ]] ; then
303 echo "There are some warnings..."
304 echo "Are you really sure that you want to setup Sentora with these parameters?"
305 read -e -p "(y):Accept and install, (n):Change domain or IP, (q):Quit installer? " yn
306 case $yn in
307 [Yy]* ) break;;
308 [Nn]* ) continue;;
309 [Qq]* ) exit;;
310 esac
311 else
312 read -e -p "All is ok. Do you want to install Sentora now (y/n)? " yn
313 case $yn in
314 [Yy]* ) break;;
315 [Nn]* ) exit;;
316 esac
317 fi
318 done
319fi
320
321# ***************************************
322# Installation really starts here
323
324#--- Set custom logging methods so we create a log file in the current working directory.
325logfile=$(date +%Y-%m-%d_%H.%M.%S_sentora_install.log)
326touch "$logfile"
327exec > >(tee "$logfile")
328exec 2>&1
329
330echo "Installer version $SENTORA_INSTALLER_VERSION"
331echo "Sentora core version $SENTORA_CORE_VERSION"
332echo ""
333echo "Installing Sentora $SENTORA_CORE_VERSION at http://$PANEL_FQDN and ip $PUBLIC_IP"
334echo "on server under: $OS $VER $ARCH"
335uname -a
336
337# Function to disable a file by appending its name with _disabled
338disable_file() {
339 mv "$1" "$1_disabled_by_sentora" &> /dev/null
340}
341
342#--- AppArmor must be disabled to avoid problems
343if [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
344 [ -f /etc/init.d/apparmor ]
345 if [ $? = "0" ]; then
346 echo -e "\n-- Disabling and removing AppArmor, please wait..."
347 /etc/init.d/apparmor stop &> /dev/null
348 update-rc.d -f apparmor remove &> /dev/null
349 apt-get remove -y --purge apparmor* &> /dev/null
350 disable_file /etc/init.d/apparmor &> /dev/null
351 echo -e "AppArmor has been removed."
352 fi
353fi
354
355#--- Adapt repositories and packages sources
356echo -e "\n-- Updating repositories and packages sources"
357if [[ "$OS" = "CentOs" ]]; then
358#EPEL Repo Install
359 EPEL_BASE_URL="http://dl.fedoraproject.org/pub/epel/$VER/$ARCH";
360 if [[ "$VER" = "7" ]]; then
361 EPEL_FILE=$(wget -q -O- "$EPEL_BASE_URL/Packages/e/" | grep -oP '(?<=href=")epel-release.*(?=">)')
362 wget "$EPEL_BASE_URL/Packages/e/$EPEL_FILE"
363 else
364 EPEL_FILE=$(wget -q -O- "$EPEL_BASE_URL/" | grep -oP '(?<=href=")epel-release.*(?=">)')
365 wget "$EPEL_BASE_URL/$EPEL_FILE"
366 fi
367 $PACKAGE_INSTALLER -y install epel-release*.rpm
368 rm "$EPEL_FILE"
369
370 #To fix some problems of compatibility use of mirror centos.org to all users
371 #Replace all mirrors by base repos to avoid any problems.
372 sed -i 's|mirrorlist=http://mirrorlist.centos.org|#mirrorlist=http://mirrorlist.centos.org|' "/etc/yum.repos.d/CentOS-Base.repo"
373 sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://mirror.centos.org|' "/etc/yum.repos.d/CentOS-Base.repo"
374
375 #check if the machine and on openvz
376 if [ -f "/etc/yum.repos.d/vz.repo" ]; then
377 sed -i "s|mirrorlist=http://vzdownload.swsoft.com/download/mirrors/centos-$VER|baseurl=http://vzdownload.swsoft.com/ez/packages/centos/$VER/$ARCH/os/|" "/etc/yum.repos.d/vz.repo"
378 sed -i "s|mirrorlist=http://vzdownload.swsoft.com/download/mirrors/updates-released-ce$VER|baseurl=http://vzdownload.swsoft.com/ez/packages/centos/$VER/$ARCH/updates/|" "/etc/yum.repos.d/vz.repo"
379 fi
380
381 #disable deposits that could result in installation errors
382 disablerepo() {
383 if [ -f "/etc/yum.repos.d/$1.repo" ]; then
384 sed -i 's/enabled=1/enabled=0/g' "/etc/yum.repos.d/$1.repo"
385 fi
386 }
387 disablerepo "elrepo"
388 disablerepo "epel-testing"
389 disablerepo "remi"
390 disablerepo "rpmforge"
391 disablerepo "rpmfusion-free-updates"
392 disablerepo "rpmfusion-free-updates-testing"
393
394 # We need to disable SELinux...
395 sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
396 setenforce 0
397
398 # Stop conflicting services and iptables to ensure all services will work
399 service sendmail stop
400 chkconfig sendmail off
401
402 # disable firewall
403 if [[ "$VER" = "7" ]]; then
404 FIREWALL_SERVICE="firewalld"
405 else
406 FIREWALL_SERVICE="iptables"
407 fi
408 service "$FIREWALL_SERVICE" save
409 service "$FIREWALL_SERVICE" stop
410 chkconfig "$FIREWALL_SERVICE" off
411
412 # Removal of conflicting packages prior to Sentora installation.
413 if (inst bind-chroot) ; then
414 $PACKAGE_REMOVER bind-chroot
415 fi
416 if (inst qpid-cpp-client) ; then
417 $PACKAGE_REMOVER qpid-cpp-client
418 fi
419
420elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
421 # Update the enabled Aptitude repositories
422 echo -ne "\nUpdating Aptitude Repos: " >/dev/tty
423
424 mkdir -p "/etc/apt/sources.list.d.save"
425 cp -R "/etc/apt/sources.list.d/*" "/etc/apt/sources.list.d.save" &> /dev/null
426 rm -rf "/etc/apt/sources.list/*"
427 cp "/etc/apt/sources.list" "/etc/apt/sources.list.save"
428
429 if [ "$VER" = "19.04" ]; then
430 cat > /etc/apt/sources.list <<EOF
431#Depots main restricted
432deb http://archive.ubuntu.com/ubuntu $(lsb_release -sc) main restricted universe multiverse
433deb http://archive.ubuntu.com/ubuntu $(lsb_release -sc)-security main restricted universe multiverse
434deb http://archive.ubuntu.com/ubuntu $(lsb_release -sc)-updates main restricted universe multiverse
435EOF
436 elif [ "$VER" = "8" ]; then
437 cat > /etc/apt/sources.list <<EOF
438deb http://httpredir.debian.org/debian $(lsb_release -sc) main
439deb-src http://httpredir.debian.org/debian $(lsb_release -sc) main
440
441deb http://httpredir.debian.org/debian $(lsb_release -sc)-updates main
442deb-src http://httpredir.debian.org/debian $(lsb_release -sc)-updates main
443
444deb http://security.debian.org/ $(lsb_release -sc)/updates main
445deb-src http://security.debian.org/ $(lsb_release -sc)/updates main
446EOF
447 elif [ "$VER" = "7" ]; then
448 cat > /etc/apt/sources.list <<EOF
449deb http://httpredir.debian.org/debian $(lsb_release -sc) main
450deb-src http://httpredir.debian.org/debian $(lsb_release -sc) main
451
452deb http://httpredir.debian.org/debian $(lsb_release -sc)-updates main
453deb-src http://httpredir.debian.org/debian $(lsb_release -sc)-updates main
454
455deb http://security.debian.org/ $(lsb_release -sc)/updates main
456deb-src http://security.debian.org/ $(lsb_release -sc)/updates main
457EOF
458 else
459 cat > /etc/apt/sources.list <<EOF
460#Depots main restricted
461deb http://archive.ubuntu.com/ubuntu/ $(lsb_release -sc) main restricted
462deb http://security.ubuntu.com/ubuntu $(lsb_release -sc)-security main restricted
463deb http://archive.ubuntu.com/ubuntu/ $(lsb_release -sc)-updates main restricted
464
465deb-src http://archive.ubuntu.com/ubuntu/ $(lsb_release -sc) main restricted
466deb-src http://archive.ubuntu.com/ubuntu/ $(lsb_release -sc)-updates main restricted
467deb-src http://security.ubuntu.com/ubuntu $(lsb_release -sc)-security main restricted
468
469#Depots Universe Multiverse
470deb http://archive.ubuntu.com/ubuntu/ $(lsb_release -sc) universe multiverse
471deb http://security.ubuntu.com/ubuntu $(lsb_release -sc)-security universe multiverse
472deb http://archive.ubuntu.com/ubuntu/ $(lsb_release -sc)-updates universe multiverse
473
474deb-src http://archive.ubuntu.com/ubuntu/ $(lsb_release -sc) universe multiverse
475deb-src http://security.ubuntu.com/ubuntu $(lsb_release -sc)-security universe multiverse
476deb-src http://archive.ubuntu.com/ubuntu/ $(lsb_release -sc)-updates universe multiverse
477EOF
478 fi
479fi
480
481#--- List all already installed packages (may help to debug)
482echo -e "\n-- Listing of all packages installed:"
483if [[ "$OS" = "CentOs" ]]; then
484 rpm -qa | sort
485elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
486 dpkg --get-selections
487fi
488
489#--- Ensures that all packages are up to date
490echo -e "\n-- Updating+upgrading system, it may take some time..."
491if [[ "$OS" = "CentOs" ]]; then
492 yum -y update
493 yum -y upgrade
494elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
495 apt-get -yqq update
496 apt-get -yqq upgrade
497fi
498
499#--- Install utility packages required by the installer and/or Sentora.
500echo -e "\n-- Downloading and installing required tools..."
501if [[ "$OS" = "CentOs" ]]; then
502 $PACKAGE_INSTALLER sudo vim make zip unzip chkconfig bash-completion
503 $PACKAGE_INSTALLER ld-linux.so.2 libbz2.so.1 libdb-4.7.so libgd.so.2
504 $PACKAGE_INSTALLER curl curl-devel perl-libwww-perl libxml2 libxml2-devel zip bzip2-devel gcc gcc-c++ at make
505 $PACKAGE_INSTALLER redhat-lsb-core ca-certificates e2fsprogs
506elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
507 $PACKAGE_INSTALLER sudo vim make zip unzip debconf-utils at build-essential bash-completion ca-certificates e2fslibs
508fi
509
510#--- Download Sentora archive from GitHub
511echo -e "\n-- Downloading Sentora, Please wait, this may take several minutes, the installer will continue after this is complete!"
512# Get latest sentora
513while true; do
514 wget -nv -O sentora_core.zip https://github.com/sentora/sentora-core/archive/$SENTORA_CORE_VERSION.zip
515 if [[ -f sentora_core.zip ]]; then
516 break;
517 else
518 echo "Failed to download sentora core from Github"
519 echo "If you quit now, you can run again the installer later."
520 read -e -p "Press r to retry or q to quit the installer? " resp
521 case $resp in
522 [Rr]* ) continue;;
523 [Qq]* ) exit 3;;
524 esac
525 fi
526done
527
528
529###
530# Sentora Core Install
531###
532mkdir -p $PANEL_PATH
533mkdir -p $PANEL_DATA
534chown -R root:root $PANEL_PATH
535unzip -oq sentora_core.zip -d $PANEL_PATH
536
537#
538# Remove PHPUnit module test files (coming soon to the code base).
539#
540rm -rf $PANEL_PATH/panel/modules/*/tests/
541rm -rf $PANEL_PATH/composer.json
542rm -rf $PANEL_PATH/composer.lock
543
544###
545# ZPanel Upgrade - Clear down all old code (stops orphaned files)
546###
547if [ ! -L "/etc/zpanel" ] && [ -d "/etc/zpanel" ]; then
548
549 echo -e "Upgrading ZPanelCP 10.1.0 to Sentora 1.0.1";
550
551 PANEL_UPGRADE=true
552
553 mv /etc/zpanel/configs /root/zpanel_configs_backup
554
555 ## Move main directories to new sentora location ##
556 mv /etc/zpanel/* $PANEL_PATH
557 mv /var/zpanel/* $PANEL_DATA
558
559 rm -rf /etc/zpanel/
560 rm -rf /var/zpanel/
561
562 ## Removing core for upgrade
563 rm -rf $PANEL_PATH/panel/bin/
564 rm -rf $PANEL_PATH/panel/dryden/
565 rm -rf $PANEL_PATH/panel/etc/
566 rm -rf $PANEL_PATH/panel/inc/
567 rm -rf $PANEL_PATH/panel/index.php
568 rm -rf $PANEL_PATH/panel/LICENSE.md
569 rm -rf $PANEL_PATH/panel/README.md
570 rm -rf $PANEL_PATH/panel/robots.txt
571 rm -rf $PANEL_PATH/panel/modules/aliases
572 rm -rf $PANEL_PATH/panel/modules/apache_admin
573 rm -rf $PANEL_PATH/panel/modules/backup_admin
574 rm -rf $PANEL_PATH/panel/modules/backupmgr
575 rm -rf $PANEL_PATH/panel/modules/client_notices
576 rm -rf $PANEL_PATH/panel/modules/cron
577 rm -rf $PANEL_PATH/panel/modules/distlists
578 rm -rf $PANEL_PATH/panel/modules/dns_admin
579 rm -rf $PANEL_PATH/panel/modules/dns_manager
580 rm -rf $PANEL_PATH/panel/modules/domains
581 rm -rf $PANEL_PATH/panel/modules/faqs
582 rm -rf $PANEL_PATH/panel/modules/forwarders
583 rm -rf $PANEL_PATH/panel/modules/ftp_admin
584 rm -rf $PANEL_PATH/panel/modules/ftp_management
585 rm -rf $PANEL_PATH/panel/modules/mail_admin
586 rm -rf $PANEL_PATH/panel/modules/mailboxes
587 rm -rf $PANEL_PATH/panel/modules/manage_clients
588 rm -rf $PANEL_PATH/panel/modules/manage_groups
589 rm -rf $PANEL_PATH/panel/modules/moduleadmin
590 rm -rf $PANEL_PATH/panel/modules/my_account
591 rm -rf $PANEL_PATH/panel/modules/mysql_databases
592 rm -rf $PANEL_PATH/panel/modules/mysql_users
593 rm -rf $PANEL_PATH/panel/modules/news
594 rm -rf $PANEL_PATH/panel/modules/packages
595 rm -rf $PANEL_PATH/panel/modules/parked_domains
596 rm -rf $PANEL_PATH/panel/modules/password_assistant
597 rm -rf $PANEL_PATH/panel/modules/phpinfo
598 rm -rf $PANEL_PATH/panel/modules/phpmyadmin
599 rm -rf $PANEL_PATH/panel/modules/phpsysinfo
600 rm -rf $PANEL_PATH/panel/modules/services
601 rm -rf $PANEL_PATH/panel/modules/shadowing
602 rm -rf $PANEL_PATH/panel/modules/sub_domains
603 rm -rf $PANEL_PATH/panel/modules/theme_manager
604 rm -rf $PANEL_PATH/panel/modules/updates
605 rm -rf $PANEL_PATH/panel/modules/usage_viewer
606 rm -rf $PANEL_PATH/panel/modules/webalizer_stats
607 rm -rf $PANEL_PATH/panel/modules/webmail
608 rm -rf $PANEL_PATH/panel/modules/zpanelconfig
609 rm -rf $PANEL_PATH/panel/modules/zpx_core_module
610
611 ###
612 # Remove links and files created by installer
613 ###
614 rm -f /usr/bin/zppy
615 rm -f /usr/bin/setso
616 rm -f /usr/bin/setzadmin
617
618 rm -f /etc/postfix/master.cf
619 rm -f /etc/postfix/main.cf
620 rm -f /var/spool/vacation/vacation.pl
621 rm -f /var/sentora/sieve/globalfilter.sieve
622 rm -f /etc/dovecot/dovecot.conf
623 rm -f /etc/proftpd.conf
624
625 mysqlpassword=$(cat /etc/sentora/panel/cnf/db.php | grep "pass" | cut -d \' -f 2);
626
627 ## Do NOT copy the new cnf directory
628 rm -rf "$PANEL_PATH/sentora-core-$SENTORA_CORE_VERSION/cnf"
629
630fi
631
632## cp can be aliased to stop overwriting of files in centos use full path to cp
633/bin/cp -rf "$PANEL_PATH/sentora-core-$SENTORA_CORE_VERSION/." "$PANEL_PATH/panel/"
634rm sentora_core.zip
635rm "$PANEL_PATH/panel/LICENSE.md" "$PANEL_PATH/panel/README.md" "$PANEL_PATH/panel/.gitignore"
636rm -rf "$PANEL_PATH/_delete_me" "$PANEL_PATH/.gitignore"
637
638
639#--- Set-up Sentora directories and configure permissions
640PANEL_CONF="$PANEL_PATH/configs"
641
642mkdir -p $PANEL_CONF
643mkdir -p $PANEL_PATH/docs
644chmod -R 777 $PANEL_PATH
645
646mkdir -p $PANEL_DATA/backups
647chmod -R 777 $PANEL_DATA/
648
649# Links for compatibility with zpanel access
650ln -s $PANEL_PATH /etc/zpanel
651ln -s $PANEL_DATA /var/zpanel
652
653#--- Prepare Sentora executables
654chmod +x $PANEL_PATH/panel/bin/zppy
655ln -s $PANEL_PATH/panel/bin/zppy /usr/bin/zppy
656
657chmod +x $PANEL_PATH/panel/bin/setso
658ln -s $PANEL_PATH/panel/bin/setso /usr/bin/setso
659
660chmod +x $PANEL_PATH/panel/bin/setzadmin
661ln -s $PANEL_PATH/panel/bin/setzadmin /usr/bin/setzadmin
662
663#--- Install preconfig
664while true; do
665 wget -nv -O sentora_preconfig.zip https://github.com/sentora/sentora-installers/archive/$SENTORA_INSTALLER_VERSION.zip
666 if [[ -f sentora_preconfig.zip ]]; then
667 break;
668 else
669 echo "Failed to download sentora preconfig from Github"
670 echo "If you quit now, you can run again the installer later."
671 read -e -p "Press r to retry or q to quit the installer? " resp
672 case $resp in
673 [Rr]* ) continue;;
674 [Qq]* ) exit 3;;
675 esac
676 fi
677done
678
679unzip -oq sentora_preconfig.zip
680/bin/cp -rf sentora-installers-$SENTORA_INSTALLER_VERSION/preconf/* $PANEL_CONF
681rm sentora_preconfig*
682rm -rf sentora-*
683
684#--- Prepare zsudo
685cc -o $PANEL_PATH/panel/bin/zsudo $PANEL_CONF/bin/zsudo.c
686sudo chown root $PANEL_PATH/panel/bin/zsudo
687chmod +s $PANEL_PATH/panel/bin/zsudo
688
689#--- Resolv.conf protect
690chattr +i /etc/resolv.conf
691
692#--- Prepare hostname
693old_hostname=$(cat /etc/hostname)
694# In file hostname
695echo "$PANEL_FQDN" > /etc/hostname
696
697# In file hosts
698sed -i "/127.0.1.1[\t ]*$old_hostname/d" /etc/hosts
699sed -i "s|$old_hostname|$PANEL_FQDN|" /etc/hosts
700
701# For current session
702hostname "$PANEL_FQDN"
703
704# In network file
705if [[ "$OS" = "CentOs" && "$VER" = "6" ]]; then
706 sed -i "s|^\(HOSTNAME=\).*\$|HOSTNAME=$PANEL_FQDN|" /etc/sysconfig/network
707 /etc/init.d/network restart
708fi
709
710#--- Some functions used many times below
711# Random password generator function
712passwordgen() {
713 l=$1
714 [ "$l" == "" ] && l=16
715 tr -dc A-Za-z0-9 < /dev/urandom | head -c ${l} | xargs
716}
717
718# Add first parameter in hosts file as local IP domain
719add_local_domain() {
720 if ! grep -q "127.0.0.1 $1" /etc/hosts; then
721 echo "127.0.0.1 $1" >> /etc/hosts;
722 fi
723}
724
725#-----------------------------------------------------------
726# Install all softwares and dependencies required by Sentora.
727
728if [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
729 # Disable the DPKG prompts before we run the software install to enable fully automated install.
730 export DEBIAN_FRONTEND=noninteractive
731fi
732
733#--- MySQL
734echo -e "\n-- Installing MySQL"
735$PACKAGE_INSTALLER "$DB_PCKG"
736if [[ "$OS" = "CentOs" ]]; then
737 $PACKAGE_INSTALLER "DB_PCKG-devel" "$DB_PCKG-server"
738 MY_CNF_PATH="/etc/my.cnf"
739 if [[ "$VER" = "7" ]]; then
740 DB_SERVICE="mariadb"
741 else
742 DB_SERVICE="mysqld"
743 fi
744elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
745 $PACKAGE_INSTALLER bsdutils libsasl2-modules-sql libsasl2-modules
746 if [[ "$VER" = "12.04" || "$VER" = "7" ]]; then
747 $PACKAGE_INSTALLER db4.7-util
748 fi
749 MY_CNF_PATH="/etc/mysql/my.cnf"
750 DB_SERVICE="mysql"
751fi
752service $DB_SERVICE start
753
754# setup mysql root password only if mysqlpassword is empty
755if [ -z "$mysqlpassword" ]; then
756 mysqlpassword=$(passwordgen);
757 mysqladmin -u root password "$mysqlpassword"
758fi
759
760# small cleaning of mysql access
761mysql -u root -p"$mysqlpassword" -e "DELETE FROM mysql.user WHERE User='root' AND Host != 'localhost'";
762mysql -u root -p"$mysqlpassword" -e "DELETE FROM mysql.user WHERE User=''";
763mysql -u root -p"$mysqlpassword" -e "FLUSH PRIVILEGES";
764
765# remove test table that is no longer used
766mysql -u root -p"$mysqlpassword" -e "DROP DATABASE IF EXISTS test";
767
768# secure SELECT "hacker-code" INTO OUTFILE
769sed -i "s|\[mysqld\]|&\nsecure-file-priv = /var/tmp|" $MY_CNF_PATH
770
771# setup sentora access and core database
772if [ $PANEL_UPGRADE == true ]; then
773
774 mysql -u root -p"$mysqlpassword" < $PANEL_CONF/sentora-update/zpanel/sql/update-structure.sql
775 mysql -u root -p"$mysqlpassword" < $PANEL_CONF/sentora-update/zpanel/sql/update-data.sql
776
777 mysqldump -u root -p"$mysqlpassword" zpanel_core | mysql -u root -p"$mysqlpassword" -D sentora_core
778 mysqldump -u root -p"$mysqlpassword" zpanel_postfix | mysql -u root -p"$mysqlpassword" -D sentora_postfix
779 mysqldump -u root -p"$mysqlpassword" zpanel_proftpd | mysql -u root -p"$mysqlpassword" -D sentora_proftpd
780 mysqldump -u root -p"$mysqlpassword" zpanel_roundcube | mysql -u root -p"$mysqlpassword" -D sentora_roundcube
781
782 sed -i "s|zpanel_core|sentora_core|" $PANEL_PATH/panel/cnf/db.php
783
784else
785 sed -i "s|YOUR_ROOT_MYSQL_PASSWORD|$mysqlpassword|" $PANEL_PATH/panel/cnf/db.php
786 mysql -u root -p"$mysqlpassword" < $PANEL_CONF/sentora-install/sql/sentora_core.sql
787fi
788# Register mysql/mariadb service for autostart
789if [[ "$OS" = "CentOs" ]]; then
790 if [[ "$VER" == "7" ]]; then
791 systemctl enable "$DB_SERVICE".service
792 else
793 chkconfig "$DB_SERVICE" on
794 fi
795fi
796
797
798#--- Postfix
799echo -e "\n-- Installing Postfix"
800if [[ "$OS" = "CentOs" ]]; then
801 $PACKAGE_INSTALLER postfix postfix-perl-scripts
802 USR_LIB_PATH="/usr/libexec"
803elif [[ "$OS" = "Ubuntu" ]]; then
804 $PACKAGE_INSTALLER postfix postfix-mysql
805 USR_LIB_PATH="/usr/lib"
806fi
807
808postfixpassword=$(passwordgen);
809if [ $PANEL_UPGRADE == false ]; then
810 mysql -u root -p"$mysqlpassword" < $PANEL_CONF/sentora-install/sql/sentora_postfix.sql
811fi
812
813## grant will also create users which don't exist and update existing users with password ##
814mysql -u root -p"$mysqlpassword" -e "GRANT ALL PRIVILEGES ON sentora_postfix .* TO 'postfix'@'localhost' identified by '$postfixpassword';";
815
816mkdir $PANEL_DATA/vmail
817useradd -r -g mail -d $PANEL_DATA/vmail -s /sbin/nologin -c "Virtual maildir" vmail
818chown -R vmail:mail $PANEL_DATA/vmail
819chmod -R 770 $PANEL_DATA/vmail
820
821mkdir -p /var/spool/vacation
822useradd -r -d /var/spool/vacation -s /sbin/nologin -c "Virtual vacation" vacation
823chown -R vacation:vacation /var/spool/vacation
824chmod -R 770 /var/spool/vacation
825
826#Removed optional transport that was leaved empty, until it is fully handled.
827#ln -s $PANEL_CONF/postfix/transport /etc/postfix/transport
828#postmap /etc/postfix/transport
829
830add_local_domain "$PANEL_FQDN"
831add_local_domain "autoreply.$PANEL_FQDN"
832
833rm -rf /etc/postfix/main.cf /etc/postfix/master.cf
834ln -s $PANEL_CONF/postfix/master.cf /etc/postfix/master.cf
835ln -s $PANEL_CONF/postfix/main.cf /etc/postfix/main.cf
836ln -s $PANEL_CONF/postfix/vacation.pl /var/spool/vacation/vacation.pl
837
838sed -i "s|!POSTFIX_PASSWORD!|$postfixpassword|" $PANEL_CONF/postfix/*.cf
839sed -i "s|!POSTFIX_PASSWORD!|$postfixpassword|" $PANEL_CONF/postfix/vacation.conf
840sed -i "s|!PANEL_FQDN!|$PANEL_FQDN|" $PANEL_CONF/postfix/main.cf
841
842sed -i "s|!USR_LIB!|$USR_LIB_PATH|" $PANEL_CONF/postfix/master.cf
843sed -i "s|!USR_LIB!|$USR_LIB_PATH|" $PANEL_CONF/postfix/main.cf
844sed -i "s|!SERVER_IP!|$PUBLIC_IP|" $PANEL_CONF/postfix/main.cf
845
846VMAIL_UID=$(id -u vmail)
847MAIL_GID=$(sed -nr "s/^mail:x:([0-9]+):.*/\1/p" /etc/group)
848sed -i "s|!POS_UID!|$VMAIL_UID|" $PANEL_CONF/postfix/main.cf
849sed -i "s|!POS_GID!|$MAIL_GID|" $PANEL_CONF/postfix/main.cf
850
851# remove unusued directives that issue warnings
852sed -i '/virtual_mailbox_limit_maps/d' $PANEL_CONF/postfix/main.cf
853sed -i '/smtpd_bind_address/d' $PANEL_CONF/postfix/master.cf
854
855# Register postfix service for autostart (it is automatically started)
856if [[ "$OS" = "CentOs" ]]; then
857 if [[ "$VER" == "7" ]]; then
858 systemctl enable postfix.service
859 # systemctl start postfix.service
860 else
861 chkconfig postfix on
862 # /etc/init.d/postfix start
863 fi
864fi
865
866
867#--- Dovecot (includes Sieve)
868echo -e "\n-- Installing Dovecot"
869if [[ "$OS" = "CentOs" ]]; then
870 $PACKAGE_INSTALLER dovecot dovecot-mysql dovecot-pigeonhole
871 sed -i "s|#first_valid_uid = ?|first_valid_uid = $VMAIL_UID\n#last_valid_uid = $VMAIL_UID\n\nfirst_valid_gid = $MAIL_GID\n#last_valid_gid = $MAIL_GID|" $PANEL_CONF/dovecot2/dovecot.conf
872elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
873 $PACKAGE_INSTALLER dovecot-mysql dovecot-imapd dovecot-pop3d dovecot-common dovecot-managesieved dovecot-lmtpd
874 sed -i "s|#first_valid_uid = ?|first_valid_uid = $VMAIL_UID\nlast_valid_uid = $VMAIL_UID\n\nfirst_valid_gid = $MAIL_GID\nlast_valid_gid = $MAIL_GID|" $PANEL_CONF/dovecot2/dovecot.conf
875fi
876
877mkdir -p $PANEL_DATA/sieve
878chown -R vmail:mail $PANEL_DATA/sieve
879mkdir -p /var/lib/dovecot/sieve/
880touch /var/lib/dovecot/sieve/default.sieve
881ln -s $PANEL_CONF/dovecot2/globalfilter.sieve $PANEL_DATA/sieve/globalfilter.sieve
882
883rm -rf /etc/dovecot/dovecot.conf
884ln -s $PANEL_CONF/dovecot2/dovecot.conf /etc/dovecot/dovecot.conf
885sed -i "s|!POSTMASTER_EMAIL!|postmaster@$PANEL_FQDN|" $PANEL_CONF/dovecot2/dovecot.conf
886sed -i "s|!POSTFIX_PASSWORD!|$postfixpassword|" $PANEL_CONF/dovecot2/dovecot-dict-quota.conf
887sed -i "s|!POSTFIX_PASSWORD!|$postfixpassword|" $PANEL_CONF/dovecot2/dovecot-mysql.conf
888sed -i "s|!DOV_UID!|$VMAIL_UID|" $PANEL_CONF/dovecot2/dovecot-mysql.conf
889sed -i "s|!DOV_GID!|$MAIL_GID|" $PANEL_CONF/dovecot2/dovecot-mysql.conf
890
891touch /var/log/dovecot.log /var/log/dovecot-info.log /var/log/dovecot-debug.log
892chown vmail:mail /var/log/dovecot*
893chmod 660 /var/log/dovecot*
894
895# Register dovecot service for autostart and start it
896if [[ "$OS" = "CentOs" ]]; then
897 if [[ "$VER" == "7" ]]; then
898 systemctl enable dovecot.service
899 systemctl start dovecot.service
900 else
901 chkconfig dovecot on
902 /etc/init.d/dovecot start
903 fi
904fi
905
906#--- Apache server
907echo -e "\n-- Installing and configuring Apache"
908$PACKAGE_INSTALLER "$HTTP_PCKG"
909if [[ "$OS" = "CentOs" ]]; then
910 $PACKAGE_INSTALLER "$HTTP_PCKG-devel"
911 HTTP_CONF_PATH="/etc/httpd/conf/httpd.conf"
912 HTTP_VARS_PATH="/etc/sysconfig/httpd"
913 HTTP_SERVICE="httpd"
914 HTTP_USER="apache"
915 HTTP_GROUP="apache"
916 if [[ "$VER" = "7" ]]; then
917 # Disable extra modules in centos 7
918 disable_file /etc/httpd/conf.modules.d/01-cgi.conf
919 disable_file /etc/httpd/conf.modules.d/00-lua.conf
920 disable_file /etc/httpd/conf.modules.d/00-dav.conf
921 else
922 disable_file /etc/httpd/conf.d/welcome.conf
923 disable_file /etc/httpd/conf.d/webalizer.conf
924 # Disable more extra modules in centos 6.x /etc/httpd/httpd.conf dav/ldap/cgi/proxy_ajp
925 sed -i "s|LoadModule suexec_module modules|#LoadModule suexec_module modules|" "$HTTP_CONF_PATH"
926 sed -i "s|LoadModule cgi_module modules|#LoadModule cgi_module modules|" "$HTTP_CONF_PATH"
927 sed -i "s|LoadModule dav_module modules|#LoadModule dav_module modules|" "$HTTP_CONF_PATH"
928 sed -i "s|LoadModule dav_fs_module modules|#LoadModule dav_fs_module modules|" "$HTTP_CONF_PATH"
929 sed -i "s|LoadModule proxy_ajp_module modules|#LoadModule proxy_ajp_module modules|" "$HTTP_CONF_PATH"
930
931 fi
932elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
933 $PACKAGE_INSTALLER libapache2-mod-bw
934 HTTP_CONF_PATH="/etc/apache2/apache2.conf"
935 HTTP_VARS_PATH="/etc/apache2/envvars"
936 HTTP_SERVICE="apache2"
937 HTTP_USER="www-data"
938 HTTP_GROUP="www-data"
939 a2enmod rewrite
940fi
941
942if ! grep -q "Include $PANEL_CONF/apache/httpd.conf" "$HTTP_CONF_PATH"; then
943 echo "Include $PANEL_CONF/apache/httpd.conf" >> "$HTTP_CONF_PATH";
944 ## Remove old include
945 if [ $PANEL_UPGRADE == true ]; then
946 sed -i "s|Include /etc/zpanel/configs/apache/httpd.conf||" "$HTTP_CONF_PATH";
947 fi
948fi
949add_local_domain "$(hostname)"
950
951if ! grep -q "apache ALL=NOPASSWD: $PANEL_PATH/panel/bin/zsudo" /etc/sudoers; then
952 echo "apache ALL=NOPASSWD: $PANEL_PATH/panel/bin/zsudo" >> /etc/sudoers;
953fi
954
955# Create root directory for public HTTP docs
956mkdir -p $PANEL_DATA/hostdata/zadmin/public_html
957chown -R $HTTP_USER:$HTTP_GROUP $PANEL_DATA/hostdata/
958chmod -R 770 $PANEL_DATA/hostdata/
959
960mysql -u root -p"$mysqlpassword" -e "UPDATE sentora_core.x_settings SET so_value_tx='$HTTP_SERVICE' WHERE so_name_vc='httpd_exe'"
961mysql -u root -p"$mysqlpassword" -e "UPDATE sentora_core.x_settings SET so_value_tx='$HTTP_SERVICE' WHERE so_name_vc='apache_sn'"
962
963#Set keepalive on (default is off)
964sed -i "s|KeepAlive Off|KeepAlive On|" "$HTTP_CONF_PATH"
965
966# Permissions fix for Apache and ProFTPD (to enable them to play nicely together!)
967if ! grep -q "umask 002" "$HTTP_VARS_PATH"; then
968 echo "umask 002" >> "$HTTP_VARS_PATH";
969fi
970
971# remove default virtual site to ensure Sentora is the default vhost
972if [[ "$OS" = "CentOs" ]]; then
973 sed -i "s|DocumentRoot \"/var/www/html\"|DocumentRoot $PANEL_PATH/panel|" "$HTTP_CONF_PATH"
974elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
975 # disable completely sites-enabled/000-default.conf
976 if [[ "$VER" = "19.04" || "$VER" = "8" ]]; then
977 sed -i "s|IncludeOptional sites-enabled|#&|" "$HTTP_CONF_PATH"
978 else
979 sed -i "s|Include sites-enabled|#&|" "$HTTP_CONF_PATH"
980 fi
981fi
982
983# Comment "NameVirtualHost" and Listen directives that are handled in vhosts file
984if [[ "$OS" = "CentOs" ]]; then
985 sed -i "s|^\(NameVirtualHost .*$\)|#\1\n# NameVirtualHost is now handled in Sentora vhosts file|" "$HTTP_CONF_PATH"
986 sed -i 's|^\(Listen .*$\)|#\1\n# Listen is now handled in Sentora vhosts file|' "$HTTP_CONF_PATH"
987elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
988 sed -i "s|\(Include ports.conf\)|#\1\n# Ports are now handled in Sentora vhosts file|" "$HTTP_CONF_PATH"
989 disable_file /etc/apache2/ports.conf
990fi
991
992# adjustments for apache 2.4
993if [[ ("$OS" = "CentOs" && "$VER" = "7") ||
994 ("$OS" = "Ubuntu" && "$VER" = "19.04") ||
995 ("$OS" = "debian" && "$VER" = "8") ]] ; then
996 # Order deny,allow / Deny from all -> Require all denied
997 sed -i 's|Order deny,allow|Require all denied|I' $PANEL_CONF/apache/httpd.conf
998 sed -i '/Deny from all/d' $PANEL_CONF/apache/httpd.conf
999
1000 # Order allow,deny / Allow from all -> Require all granted
1001 sed -i 's|Order allow,deny|Require all granted|I' $PANEL_CONF/apache/httpd-vhosts.conf
1002 sed -i '/Allow from all/d' $PANEL_CONF/apache/httpd-vhosts.conf
1003
1004 sed -i 's|Order allow,deny|Require all granted|I' $PANEL_PATH/panel/modules/apache_admin/hooks/OnDaemonRun.hook.php
1005 sed -i '/Allow from all/d' $PANEL_PATH/panel/modules/apache_admin/hooks/OnDaemonRun.hook.php
1006
1007 # Remove NameVirtualHost that is now without effect and generate warning
1008 sed -i '/NameVirtualHost/{N;d}' $PANEL_CONF/apache/httpd-vhosts.conf
1009 sed -i '/# NameVirtualHost is/ {N;N;N;N;N;d}' $PANEL_PATH/panel/modules/apache_admin/hooks/OnDaemonRun.hook.php
1010
1011 # Options must have ALL (or none) +/- prefix, disable listing directories
1012 sed -i 's| FollowSymLinks [-]Indexes| +FollowSymLinks -Indexes|' $PANEL_PATH/panel/modules/apache_admin/hooks/OnDaemonRun.hook.php
1013fi
1014
1015
1016#--- PHP
1017echo -e "\n-- Installing and configuring PHP"
1018if [[ "$OS" = "CentOs" ]]; then
1019 $PACKAGE_INSTALLER php php-devel php-gd php-mbstring php-intl php-mysql php-xml php-xmlrpc
1020 $PACKAGE_INSTALLER php-mcrypt php-imap #Epel packages
1021 PHP_INI_PATH="/etc/php.ini"
1022 PHP_EXT_PATH="/etc/php.d"
1023elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
1024 $PACKAGE_INSTALLER libapache2-mod-php5 php5-common php5-cli php5-mysql php5-gd php5-mcrypt php5-curl php-pear php5-imap php5-xmlrpc php5-xsl php5-intl
1025 if [ "$VER" = "19.04" ]; then
1026 php5enmod mcrypt # missing in the package for Ubuntu 14, is this needed for debian 8 as well?
1027 else
1028 $PACKAGE_INSTALLER php5-suhosin
1029 fi
1030 PHP_INI_PATH="/etc/php5/apache2/php.ini"
1031fi
1032# Setup php upload dir
1033mkdir -p $PANEL_DATA/temp
1034chmod 1777 $PANEL_DATA/temp/
1035chown -R $HTTP_USER:$HTTP_GROUP $PANEL_DATA/temp/
1036
1037# Setup php session save directory
1038mkdir "$PANEL_DATA/sessions"
1039chown $HTTP_USER:$HTTP_GROUP "$PANEL_DATA/sessions"
1040chmod 733 "$PANEL_DATA/sessions"
1041chmod +t "$PANEL_DATA/sessions"
1042
1043if [[ "$OS" = "CentOs" ]]; then
1044 # Remove session & php values from apache that cause override
1045 sed -i "/php_value/d" /etc/httpd/conf.d/php.conf
1046elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
1047 sed -i "s|;session.save_path = \"/var/lib/php5\"|session.save_path = \"$PANEL_DATA/sessions\"|" $PHP_INI_PATH
1048fi
1049sed -i "/php_value/d" $PHP_INI_PATH
1050echo "session.save_path = $PANEL_DATA/sessions;">> $PHP_INI_PATH
1051
1052# setup timezone and upload temp dir
1053sed -i "s|;date.timezone =|date.timezone = $tz|" $PHP_INI_PATH
1054sed -i "s|;upload_tmp_dir =|upload_tmp_dir = $PANEL_DATA/temp/|" $PHP_INI_PATH
1055
1056# Disable php signature in headers to hide it from hackers
1057sed -i "s|expose_php = On|expose_php = Off|" $PHP_INI_PATH
1058
1059# Build suhosin for PHP 5.x which is required by Sentora.
1060if [[ "$OS" = "CentOs" || "$OS" = "debian" || ( "$OS" = "Ubuntu" && "$VER" = "19.04") ]] ; then
1061 echo -e "\n# Building suhosin"
1062 if [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
1063 $PACKAGE_INSTALLER php5-dev
1064 fi
1065 SUHOSIN_VERSION="0.9.37.1"
1066 wget -nv -O suhosin.zip https://github.com/stefanesser/suhosin/archive/$SUHOSIN_VERSION.zip
1067 unzip -q suhosin.zip
1068 rm -f suhosin.zip
1069 cd suhosin-$SUHOSIN_VERSION
1070 phpize &> /dev/null
1071 ./configure &> /dev/null
1072 make &> /dev/null
1073 make install
1074 cd ..
1075 rm -rf suhosin-$SUHOSIN_VERSION
1076 if [[ "$OS" = "CentOs" ]]; then
1077 echo 'extension=suhosin.so' > $PHP_EXT_PATH/suhosin.ini
1078 elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
1079 sed -i 'N;/default extension directory./a\extension=suhosin.so' $PHP_INI_PATH
1080 fi
1081fi
1082
1083# Register apache(+php) service for autostart and start it
1084if [[ "$OS" = "CentOs" ]]; then
1085 if [[ "$VER" == "7" ]]; then
1086 systemctl enable "$HTTP_SERVICE.service"
1087 systemctl start "$HTTP_SERVICE.service"
1088 else
1089 chkconfig "$HTTP_SERVICE" on
1090 "/etc/init.d/$HTTP_SERVICE" start
1091 fi
1092fi
1093
1094
1095#--- ProFTPd
1096echo -e "\n-- Installing ProFTPD"
1097if [[ "$OS" = "CentOs" ]]; then
1098 $PACKAGE_INSTALLER proftpd proftpd-mysql
1099 FTP_CONF_PATH='/etc/proftpd.conf'
1100 sed -i "s|nogroup|nobody|" $PANEL_CONF/proftpd/proftpd-mysql.conf
1101elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
1102 $PACKAGE_INSTALLER proftpd-mod-mysql
1103 FTP_CONF_PATH='/etc/proftpd/proftpd.conf'
1104fi
1105
1106# Create and init proftpd database
1107if [ $PANEL_UPGRADE == false ]; then
1108 mysql -u root -p"$mysqlpassword" < $PANEL_CONF/sentora-install/sql/sentora_proftpd.sql
1109fi
1110# Create and configure mysql password for proftpd
1111proftpdpassword=$(passwordgen);
1112sed -i "s|!SQL_PASSWORD!|$proftpdpassword|" $PANEL_CONF/proftpd/proftpd-mysql.conf
1113mysql -u root -p"$mysqlpassword" -e "GRANT ALL PRIVILEGES ON sentora_proftpd .* TO 'proftpd'@'localhost' identified by '$proftpdpassword';";
1114
1115# Assign httpd user and group to all users that will be created
1116HTTP_UID=$(id -u "$HTTP_USER")
1117HTTP_GID=$(sed -nr "s/^$HTTP_GROUP:x:([0-9]+):.*/\1/p" /etc/group)
1118mysql -u root -p"$mysqlpassword" -e "ALTER TABLE sentora_proftpd.ftpuser ALTER COLUMN uid SET DEFAULT $HTTP_UID"
1119mysql -u root -p"$mysqlpassword" -e "ALTER TABLE sentora_proftpd.ftpuser ALTER COLUMN gid SET DEFAULT $HTTP_GID"
1120sed -i "s|!SQL_MIN_ID!|$HTTP_UID|" $PANEL_CONF/proftpd/proftpd-mysql.conf
1121
1122# Setup proftpd base file to call sentora config
1123rm -f "$FTP_CONF_PATH"
1124#touch "$FTP_CONF_PATH"
1125#echo "include $PANEL_CONF/proftpd/proftpd-mysql.conf" >> "$FTP_CONF_PATH";
1126ln -s "$PANEL_CONF/proftpd/proftpd-mysql.conf" "$FTP_CONF_PATH"
1127
1128# setup proftpd log dir
1129mkdir -p $PANEL_DATA/logs/proftpd
1130chmod -R 644 $PANEL_DATA/logs/proftpd
1131
1132# Correct bug from package in Ubutu19.04 which screw service proftpd restart
1133# see https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/1246245
1134if [[ "$OS" = "Ubuntu" && "$VER" = "19.04" ]]; then
1135 sed -i 's|\([ \t]*start-stop-daemon --stop --signal $SIGNAL \)\(--quiet --pidfile "$PIDFILE"\)$|\1--retry 1 \2|' /etc/init.d/proftpd
1136fi
1137
1138# Register proftpd service for autostart and start it
1139if [[ "$OS" = "CentOs" ]]; then
1140 if [[ "$VER" == "7" ]]; then
1141 systemctl enable proftpd.service
1142 systemctl start proftpd.service
1143 else
1144 chkconfig proftpd on
1145 /etc/init.d/proftpd start
1146 fi
1147fi
1148
1149#--- BIND
1150echo -e "\n-- Installing and configuring Bind"
1151if [[ "$OS" = "CentOs" ]]; then
1152 $PACKAGE_INSTALLER bind bind-utils bind-libs
1153 BIND_PATH="/etc/named/"
1154 BIND_FILES="/etc"
1155 BIND_SERVICE="named"
1156 BIND_USER="named"
1157elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
1158 $PACKAGE_INSTALLER bind9 bind9utils
1159 BIND_PATH="/etc/bind/"
1160 BIND_FILES="/etc/bind"
1161 BIND_SERVICE="bind9"
1162 BIND_USER="bind"
1163 mysql -u root -p"$mysqlpassword" -e "UPDATE sentora_core.x_settings SET so_value_tx='' WHERE so_name_vc='bind_log'"
1164fi
1165mysql -u root -p"$mysqlpassword" -e "UPDATE sentora_core.x_settings SET so_value_tx='$BIND_PATH' WHERE so_name_vc='bind_dir'"
1166mysql -u root -p"$mysqlpassword" -e "UPDATE sentora_core.x_settings SET so_value_tx='$BIND_SERVICE' WHERE so_name_vc='bind_service'"
1167chmod -R 777 $PANEL_CONF/bind/zones/
1168
1169# Setup logging directory
1170mkdir $PANEL_DATA/logs/bind
1171touch $PANEL_DATA/logs/bind/bind.log $PANEL_DATA/logs/bind/debug.log
1172chown $BIND_USER $PANEL_DATA/logs/bind/bind.log $PANEL_DATA/logs/bind/debug.log
1173chmod 660 $PANEL_DATA/logs/bind/bind.log $PANEL_DATA/logs/bind/debug.log
1174
1175if [[ "$OS" = "CentOs" ]]; then
1176 chmod 751 /var/named
1177 chmod 771 /var/named/data
1178 sed -i 's|bind/zones.rfc1918|named.rfc1912.zones|' $PANEL_CONF/bind/named.conf
1179elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
1180 mkdir -p /var/named/dynamic
1181 touch /var/named/dynamic/managed-keys.bind
1182 chown -R bind:bind /var/named/
1183 chmod -R 777 $PANEL_CONF/bind/etc
1184
1185 chown root:root $BIND_FILES/rndc.key
1186 chmod 755 $BIND_FILES/rndc.key
1187fi
1188# Some link to enable call from path
1189ln -s /usr/sbin/named-checkconf /usr/bin/named-checkconf
1190ln -s /usr/sbin/named-checkzone /usr/bin/named-checkzone
1191ln -s /usr/sbin/named-compilezone /usr/bin/named-compilezone
1192
1193# Setup acl IP to forbid zone transfer
1194sed -i "s|!SERVER_IP!|$PUBLIC_IP|" $PANEL_CONF/bind/named.conf
1195
1196# Build key and conf files
1197rm -rf $BIND_FILES/named.conf $BIND_FILES/rndc.conf $BIND_FILES/rndc.key
1198rndc-confgen -a -r /dev/urandom
1199cat $BIND_FILES/rndc.key $PANEL_CONF/bind/named.conf > $BIND_FILES/named.conf
1200cat $BIND_FILES/rndc.key $PANEL_CONF/bind/rndc.conf > $BIND_FILES/rndc.conf
1201rm -f $BIND_FILES/rndc.key
1202
1203# Register Bind service for autostart and start it
1204if [[ "$OS" = "CentOs" ]]; then
1205 if [[ "$VER" == "7" ]]; then
1206 systemctl enable named.service
1207 systemctl start named.service
1208 else
1209 chkconfig named on
1210 /etc/init.d/named start
1211 fi
1212fi
1213
1214
1215#--- CRON and ATD
1216echo -e "\n-- Installing and configuring cron tasks"
1217if [[ "$OS" = "CentOs" ]]; then
1218 #cronie & crontabs may be missing
1219 $PACKAGE_INSTALLER cronie crontabs
1220 CRON_DIR="/var/spool/cron"
1221 CRON_SERVICE="crond"
1222elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
1223 $PACKAGE_INSTALLER cron
1224 CRON_DIR="/var/spool/cron/crontabs"
1225 CRON_SERVICE="cron"
1226fi
1227CRON_USER="$HTTP_USER"
1228
1229# prepare daemon crontab
1230# sed -i "s|!USER!|$CRON_USER|" "$PANEL_CONF/cron/zdaemon" #it screw update search!#
1231sed -i "s|!USER!|root|" "$PANEL_CONF/cron/zdaemon"
1232cp "$PANEL_CONF/cron/zdaemon" /etc/cron.d/zdaemon
1233chmod 644 /etc/cron.d/zdaemon
1234
1235# prepare user crontabs
1236CRON_FILE="$CRON_DIR/$CRON_USER"
1237mysql -u root -p"$mysqlpassword" -e "UPDATE sentora_core.x_settings SET so_value_tx='$CRON_FILE' WHERE so_name_vc='cron_file'"
1238mysql -u root -p"$mysqlpassword" -e "UPDATE sentora_core.x_settings SET so_value_tx='$CRON_FILE' WHERE so_name_vc='cron_reload_path'"
1239mysql -u root -p"$mysqlpassword" -e "UPDATE sentora_core.x_settings SET so_value_tx='$CRON_USER' WHERE so_name_vc='cron_reload_user'"
1240{
1241 echo "SHELL=/bin/bash"
1242 echo "PATH=/sbin:/bin:/usr/sbin:/usr/bin"
1243 echo ""
1244} > mycron
1245crontab -u $HTTP_USER mycron
1246rm -f mycron
1247
1248chmod 744 "$CRON_DIR"
1249chown -R $HTTP_USER:$HTTP_USER "$CRON_DIR"
1250chmod 644 "$CRON_FILE"
1251
1252# Register cron and atd services for autostart and start them
1253if [[ "$OS" = "CentOs" ]]; then
1254 if [[ "$VER" == "7" ]]; then
1255 systemctl enable crond.service
1256 systemctl start crond.service
1257 systemctl start atd.service
1258 else
1259 chkconfig crond on
1260 /etc/init.d/crond start
1261 /etc/init.d/atd start
1262 fi
1263fi
1264
1265
1266#--- phpMyAdmin
1267echo -e "\n-- Configuring phpMyAdmin"
1268phpmyadminsecret=$(passwordgen);
1269chmod 644 $PANEL_CONF/phpmyadmin/config.inc.php
1270sed -i "s|\$cfg\['blowfish_secret'\] \= 'SENTORA';|\$cfg\['blowfish_secret'\] \= '$phpmyadminsecret';|" $PANEL_CONF/phpmyadmin/config.inc.php
1271ln -s $PANEL_CONF/phpmyadmin/config.inc.php $PANEL_PATH/panel/etc/apps/phpmyadmin/config.inc.php
1272# Remove phpMyAdmin's setup folder in case it was left behind
1273rm -rf $PANEL_PATH/panel/etc/apps/phpmyadmin/setup
1274
1275
1276#--- Roundcube
1277echo -e "\n-- Configuring Roundcube"
1278
1279# Import roundcube default table
1280if [ $PANEL_UPGRADE == false ]; then
1281 mysql -u root -p"$mysqlpassword" < $PANEL_CONF/sentora-install/sql/sentora_roundcube.sql
1282fi
1283# Create and configure mysql password for roundcube
1284roundcubepassword=$(passwordgen);
1285sed -i "s|!ROUNDCUBE_PASSWORD!|$roundcubepassword|" $PANEL_CONF/roundcube/roundcube_config.inc.php
1286mysql -u root -p"$mysqlpassword" -e "GRANT ALL PRIVILEGES ON sentora_roundcube .* TO 'roundcube'@'localhost' identified by '$roundcubepassword';";
1287
1288# Create and configure des key
1289roundcube_des_key=$(passwordgen 24);
1290sed -i "s|!ROUNDCUBE_DESKEY!|$roundcube_des_key|" $PANEL_CONF/roundcube/roundcube_config.inc.php
1291
1292# Create and configure specials directories and rights
1293chown "$HTTP_USER:$HTTP_GROUP" "$PANEL_PATH/panel/etc/apps/webmail/temp"
1294mkdir "$PANEL_DATA/logs/roundcube"
1295chown "$HTTP_USER:$HTTP_GROUP" "$PANEL_DATA/logs/roundcube"
1296
1297# Map config file in roundcube with symbolic links
1298ln -s $PANEL_CONF/roundcube/roundcube_config.inc.php $PANEL_PATH/panel/etc/apps/webmail/config/config.inc.php
1299ln -s $PANEL_CONF/roundcube/sieve_config.inc.php $PANEL_PATH/panel/etc/apps/webmail/plugins/managesieve/config.inc.php
1300
1301
1302#--- Webalizer
1303echo -e "\n-- Configuring Webalizer"
1304$PACKAGE_INSTALLER webalizer
1305if [[ "$OS" = "CentOs" ]]; then
1306 rm -rf /etc/webalizer.conf
1307elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
1308 rm -rf /etc/webalizer/webalizer.conf
1309fi
1310
1311
1312#--- Set some Sentora database entries using. setso and setzadmin (require PHP)
1313echo -e "\n-- Configuring Sentora"
1314zadminpassword=$(passwordgen);
1315setzadmin --set "$zadminpassword";
1316$PANEL_PATH/panel/bin/setso --set sentora_domain "$PANEL_FQDN"
1317$PANEL_PATH/panel/bin/setso --set server_ip "$PUBLIC_IP"
1318
1319# if not release, set beta version in database
1320if [[ $(echo "$SENTORA_CORE_VERSION" | sed 's|.*-\(beta\).*$|\1|') = "beta" ]] ; then
1321 $PANEL_PATH/panel/bin/setso --set dbversion "$SENTORA_CORE_VERSION"
1322fi
1323
1324# make the daemon to build vhosts file.
1325$PANEL_PATH/panel/bin/setso --set apache_changed "true"
1326php -q $PANEL_PATH/panel/bin/daemon.php
1327
1328
1329#--- Firewall ?
1330
1331#--- Fail2ban
1332
1333#--- Logrotate
1334# Download and install logrotate
1335echo -e "\n-- Installing Logrotate"
1336$PACKAGE_INSTALLER logrotate
1337
1338# Link the configfiles
1339ln -s $PANEL_CONF/logrotate/Sentora-apache /etc/logrotate.d/Sentora-apache
1340ln -s $PANEL_CONF/logrotate/Sentora-proftpd /etc/logrotate.d/Sentora-proftpd
1341ln -s $PANEL_CONF/logrotate/Sentora-dovecot /etc/logrotate.d/Sentora-dovecot
1342
1343# Configure the postrotatesyntax for different OS
1344if [[ "$OS" = "CentOs" && "$VER" == "6" ]]; then
1345 sed -i 's|systemctl reload httpd > /dev/null|service httpd reload > /dev/null|' $PANEL_CONF/logrotate/Sentora-apache
1346 sed -i 's|systemctl reload proftpd > /dev/null|service proftpd reload > /dev/null|' $PANEL_CONF/logrotate/Sentora-proftpd
1347
1348elif [[ "$OS" = "Ubuntu" || "$OS" = "debian" ]]; then
1349 sed -i 's|systemctl reload httpd > /dev/null|/etc/init.d/apache2 reload > /dev/null|' $PANEL_CONF/logrotate/Sentora-apache
1350 sed -i 's|systemctl reload proftpd > /dev/null|/etc/init.d/proftpd force-reload > /dev/null|' $PANEL_CONF/logrotate/Sentora-proftpd
1351
1352fi
1353
1354#--- Resolv.conf deprotect
1355chattr -i /etc/resolv.conf
1356
1357
1358#--- Restart all services to capture output messages, if any
1359if [[ "$OS" = "CentOs" && "$VER" == "7" ]]; then
1360 # CentOs7 does not return anything except redirection to systemctl :-(
1361 service() {
1362 echo "Restarting $1"
1363 systemctl restart "$1.service"
1364 }
1365fi
1366
1367service "$DB_SERVICE" restart
1368service "$HTTP_SERVICE" restart
1369service postfix restart
1370service dovecot restart
1371service "$CRON_SERVICE" restart
1372service "$BIND_SERVICE" restart
1373service proftpd restart
1374service atd restart
1375
1376#--- Store the passwords for user reference
1377{
1378 echo "Server IP address : $PUBLIC_IP"
1379 echo "Panel URL : http://$PANEL_FQDN"
1380 echo "zadmin Password : $zadminpassword"
1381 echo ""
1382 echo "MySQL Root Password : $mysqlpassword"
1383 echo "MySQL Postfix Password : $postfixpassword"
1384 echo "MySQL ProFTPd Password : $proftpdpassword"
1385 echo "MySQL Roundcube Password : $roundcubepassword"
1386} >> /root/passwords.txt
1387chmod 600 /root/passwords.txt
1388
1389#--- Advise the admin that Sentora is now installed and accessible.
1390{
1391echo "########################################################"
1392echo " Congratulations Sentora has now been installed on your"
1393echo " server. Please review the log file left in /root/ for "
1394echo " any errors encountered during installation."
1395echo ""
1396echo " Login to Sentora at http://$PANEL_FQDN"
1397echo " Sentora Username : zadmin"
1398echo " Sentora Password : $zadminpassword"
1399echo ""
1400echo " MySQL Root Password : $mysqlpassword"
1401echo " MySQL Postfix Password : $postfixpassword"
1402echo " MySQL ProFTPd Password : $proftpdpassword"
1403echo " MySQL Roundcube Password : $roundcubepassword"
1404echo " (theses passwords are saved in /root/passwords.txt)"
1405echo "########################################################"
1406echo ""
1407} &>/dev/tty
1408
1409# Wait until the user have read before restarts the server...
1410if [[ "$INSTALL" != "auto" ]] ; then
1411 while true; do
1412 read -e -p "Restart your server now to complete the install (y/n)? " rsn
1413 case $rsn in
1414 [Yy]* ) break;;
1415 [Nn]* ) exit;
1416 esac
1417 done
1418 shutdown -r now
1419fi