-
Notifications
You must be signed in to change notification settings - Fork 9
/
INSTALL.sh
1295 lines (973 loc) · 41.5 KB
/
INSTALL.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
#!/bin/bash
################################################################################
# Script Name: INSTALL.sh
# Description: Install the latest version of OpenPanel
# Usage: cd /home && (curl -sSL https://get.openpanel.co || wget -O - https://get.openpanel.co) | bash
# Author: Stefan Pejcic
# Created: 11.07.2023
# Last Modified: 28.06.2024
# Company: openpanel.co
# Copyright (c) OPENPANEL
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
################################################################################
# Colors for output
GREEN='\033[0;32m'
RED='\033[0;31m'
RESET='\033[0m'
# Defaults
CUSTOM_VERSION=false
INSTALL_TIMEOUT=600 # 10 min
DEBUG=false
SKIP_APT_UPDATE=false
SKIP_IMAGES=false
REPAIR=false
LOCALES=true
NO_SSH=false
INSTALL_FTP=false
INSTALL_MAIL=false
OVERLAY=false
IPSETS=true
SET_HOSTNAME_NOW=false
SETUP_SWAP_ANYWAY=false
SWAP_FILE="1"
SELFHOSTED_SCREENSHOTS=false
SEND_EMAIL_AFTER_INSTALL=false
SET_PREMIUM=false
# Paths
ETC_DIR="/etc/openpanel/"
LOG_FILE="openpanel_install.log"
LOCK_FILE="/root/openpanel.lock"
OPENPANEL_DIR="/usr/local/panel/"
OPENPADMIN_DIR="/usr/local/admin/"
OPENCLI_DIR="/usr/local/admin/scripts/"
OPENPANEL_ERR_DIR="/var/log/openpanel/"
SERVICES_DIR="/etc/systemd/system/"
TEMP_DIR="/tmp/"
# Domains
SCREENSHOTS_API_URL="http://screenshots-api.openpanel.co/screenshot"
# Redirect output to the log file
exec > >(tee -a "$LOG_FILE") 2>&1
#####################################################################
# #
# START helper functions #
# #
#####################################################################
# logo
print_header() {
printf '%*s\n' "${COLUMNS:-$(tput cols)}" '' | tr ' ' -
echo -e " ____ _____ _ "
echo -e " / __ \ | __ \ | | "
echo -e " | | | | _ __ ___ _ __ | |__) | __ _ _ __ ___ | | "
echo -e " | | | || '_ \ / _ \| '_ \ | ___/ / _\" || '_ \ / _ \| | "
echo -e " | |__| || |_) || __/| | | | | | | (_| || | | || __/| | "
echo -e " \____/ | .__/ \___||_| |_| |_| \__,_||_| |_| \___||_| "
echo -e " | | "
echo -e " |_| version: $version "
printf '%*s\n' "${COLUMNS:-$(tput cols)}" '' | tr ' ' -
}
install_started_message(){
echo -e ""
echo -e "\nStarting the installation of OpenPanel. This process will take approximately 3-5 minutes."
echo -e "During this time, we will:"
echo -e "- Install necessary services and tools."
echo -e "- Create an admin account for you."
echo -e "- Set up the firewall for enhanced security."
echo -e "- Install needed Docker images."
echo -e "- Set up basic hosting plans so you can start right away."
echo -e "\nThank you for your patience. We're setting everything up for your seamless OpenPanel experience!\n"
printf '%*s\n' "${COLUMNS:-$(tput cols)}" '' | tr ' ' -
echo -e ""
}
# Display error and exit
radovan() {
echo -e "${RED}Error: $2${RESET}" >&2
exit $1
}
# print the command and its output if debug, else run and echo to /dev/null
debug_log() {
if [ "$DEBUG" = true ]; then
echo "Running: $@"
"$@"
else
"$@" > /dev/null 2>&1
fi
}
# Check if a package is already installed
is_package_installed() {
if [ "$DEBUG" = false ]; then
$PACKAGE_MANAGER -qq list "$1" 2>/dev/null | grep -qE "^ii"
else
$PACKAGE_MANAGER -qq list "$1" | grep -qE "^ii"
echo "Updating package manager.."
fi
}
# Get server ipv4 from ip.openpanel.co
current_ip=$(curl -s https://ip.openpanel.co || wget -qO- https://ip.openpanel.co)
# If site is not available, get the ipv4 from the hostname -I
if [ -z "$current_ip" ]; then
# current_ip=$(hostname -I | awk '{print $1}')
# ip addr command is more reliable then hostname - to avoid getting private ip
current_ip=$(ip addr|grep 'inet '|grep global|head -n1|awk '{print $2}'|cut -f1 -d/)
fi
if [ "$CUSTOM_VERSION" = false ]; then
# Fetch the latest version
version=$(curl -s https://get.openpanel.co/version)
if [[ $version =~ [0-9]+\.[0-9]+\.[0-9]+ ]]; then
version=$version
else
version="0.2.1"
fi
fi
# print fullwidth line
print_space_and_line() {
echo " "
printf '%*s\n' "${COLUMNS:-$(tput cols)}" '' | tr ' ' -
echo " "
}
# Progress bar script
PROGRESS_BAR_URL="https://raw.githubusercontent.com/pollev/bash_progress_bar/master/progress_bar.sh"
PROGRESS_BAR_FILE="progress_bar.sh"
wget "$PROGRESS_BAR_URL" -O "$PROGRESS_BAR_FILE" > /dev/null 2>&1
if [ ! -f "$PROGRESS_BAR_FILE" ]; then
echo "Failed to download progress_bar.sh"
exit 1
fi
# Source the progress bar script
source "$PROGRESS_BAR_FILE"
# Dsiplay progress bar
FUNCTIONS=(
#FUNKCIJE
detect_os_and_package_manager
update_package_manager
install_packages
download_skeleton_directory_from_github
install_openadmin
opencli_setup
add_file_watcher
configure_docker
download_and_import_docker_images
docker_compose_up
#docker_compose_check_health
panel_customize
set_premium_features
configure_nginx
helper_function_for_nginx_on_aws_and_azure
configure_modsecurity
setup_email
setup_ftp
set_system_cronjob
set_custom_hostname
generate_and_set_ssl_for_panels
setup_ufw
setup_swap
clean_apt_cache
verify_license
)
TOTAL_STEPS=${#FUNCTIONS[@]}
CURRENT_STEP=0
update_progress() {
CURRENT_STEP=$((CURRENT_STEP + 1))
PERCENTAGE=$(($CURRENT_STEP * 100 / $TOTAL_STEPS))
draw_progress_bar $PERCENTAGE
}
main() {
# Make sure that the progress bar is cleaned up when user presses ctrl+c
enable_trapping
# Create progress bar
setup_scroll_area
for func in "${FUNCTIONS[@]}"
do
# Execute each function
$func
update_progress
done
destroy_scroll_area
}
# END helper functions
#####################################################################
# #
# START main functions #
# #
#####################################################################
check_requirements() {
if [ -z "$SKIP_REQUIREMENTS" ]; then
# https://github.com/stefanpejcic/openpanel/issues/63
architecture=$(lscpu | grep Architecture | awk '{print $2}')
if [ "$architecture" == "aarch64" ]; then
echo -e "${RED}Error: ARM CPU is not supported!${RESET}" >&2
exit 1
fi
# check if the current user is root
if [ "$(id -u)" != "0" ]; then
echo -e "${RED}Error: you must be root to execute this script.${RESET}" >&2
exit 1
# check if OS is MacOS
elif [ "$(uname)" = "Darwin" ]; then
echo -e "${RED}Error: MacOS is not currently supported.${RESET}" >&2
exit 1
# check if running inside a container
elif [[ -f /.dockerenv || $(grep -sq 'docker\|lxc' /proc/1/cgroup) ]]; then
echo -e "${RED}Error: running openpanel inside a container is not supported.${RESET}" >&2
exit 1
fi
# check if python version is supported
current_python_version=$(python3 --version 2>&1 | cut -d " " -f 2 | cut -d "." -f 1,2 | tr -d '.')
allowed_versions=("39" "310" "311" "312" "38")
if [[ ! " ${allowed_versions[@]} " =~ " ${current_python_version} " ]]; then
echo -e "${RED}Error: Unsupported Python version $current_python_version. No corresponding branch available.${RESET}" >&2
exit 1
fi
fi
}
parse_args() {
show_help() {
echo "Available options:"
echo " --key=<key_here> Set the license key for OpenPanel Enterprise edition."
echo " --hostname=<hostname> Set the hostname."
echo " --version=<version> Set a custom OpenPanel version to be installed."
echo " --email=<stefan@example.net> Set email address to receive email with admin credentials and future notifications."
echo " --skip-requirements Skip the requirements check."
echo " --skip-panel-check Skip checking if existing panels are installed."
echo " --skip-apt-update Skip the APT update."
echo " --overlay2 Enable overlay2 storage driver instead of device-mapper."
echo " --skip-firewall Skip UFW setup UFW - Only do this if you will set another Firewall manually!"
echo " --skip-images Skip installing openpanel/nginx and openpanel/apache docker images."
echo " --skip-blacklists Do not set up IP sets and blacklists."
echo " --skip-ssl Skip SSL setup."
echo " --with_modsec Enable ModSecurity for Nginx."
echo " --ips Whiteliste IP addresses of OpenPanel Support Team."
echo " --no-ssh Disable port 22 and whitelist the IP address of user installing the panel."
echo " --enable-ftp Install FTP (experimental)."
echo " --enable-mail Install Mail (experimental)."
echo " --post_install=<path> Specify the post install script path."
echo " --screenshots=<url> Set the screenshots API URL."
echo " --swap=<2> Set space in GB to be allocated for SWAP."
echo " --debug Display debug information during installation."
echo " --repair Retry and overwrite everything."
echo " -h, --help Show this help message and exit."
}
while [[ $# -gt 0 ]]; do
case $1 in
--key=*)
SET_PREMIUM=true
license_key="${1#*=}"
;;
--hostname=*)
SET_HOSTNAME_NOW=true
new_hostname="${1#*=}"
;;
--skip-requirements)
SKIP_REQUIREMENTS=true
;;
--skip-panel-check)
SKIP_PANEL_CHECK=true
;;
--skip-apt-update)
SKIP_APT_UPDATE=true
;;
--repair)
REPAIR=true
SKIP_PANEL_CHECK=true
SKIP_REQUIREMENTS=true
;;
--overlay2)
OVERLAY=true
;;
--skip-firewall)
SKIP_FIREWALL=true
;;
--skip-images)
SKIP_IMAGES=true
;;
--skip-blacklists)
IPSETS=false
;;
--skip-ssl)
SKIP_SSL=true
;;
--with_modsec)
MODSEC=true
;;
--debug)
DEBUG=true
;;
--ips)
SUPPORT_IPS=true
;;
--no-ssh)
NO_SSH=true
;;
--enable-ftp)
INSTALL_FTP=true
;;
--enable-mail)
INSTALL_MAIL=true
;;
--post_install=*)
post_install_path="${1#*=}"
;;
--screenshots=*)
SCREENSHOTS_API_URL="${1#*=}"
;;
--version=*)
CUSTOM_VERSION=true
version="${1#*=}"
;;
--swap=*)
SETUP_SWAP_ANYWAY=true
SWAP="${1#*=}"
;;
--email=*)
SEND_EMAIL_AFTER_INSTALL=true
EMAIL="${1#*=}"
;;
-h|--help)
show_help
exit 0
;;
*)
echo "Unknown option: $1"
show_help
exit 1
;;
esac
shift
done
}
detect_installed_panels() {
if [ -z "$SKIP_PANEL_CHECK" ]; then
# Define an associative array with key as the directory path and value as the error message
declare -A paths=(
["/usr/local/panel"]="You already have OpenPanel installed. ${RESET}\nInstead, did you want to update? Run ${GREEN}'opencli update --force' to update OpenPanel."
["/usr/local/cpanel/whostmgr"]="cPanel WHM is installed. OpenPanel only supports servers without any hosting control panel installed."
["/opt/psa/version"]="Plesk is installed. OpenPanel only supports servers without any hosting control panel installed."
["/usr/local/psa/version"]="Plesk is installed. OpenPanel only supports servers without any hosting control panel installed."
["/usr/local/CyberPanel"]="CyberPanel is installed. OpenPanel only supports servers without any hosting control panel installed."
["/usr/local/directadmin"]="DirectAdmin is installed. OpenPanel only supports servers without any hosting control panel installed."
["/usr/local/cwpsrv"]="CentOS Web Panel (CWP) is installed. OpenPanel only supports servers without any hosting control panel installed."
["/usr/local/httpd"]="Apache WebServer is already installed. OpenPanel only supports servers without any webservers installed."
["/usr/local/apache2"]="Apache WebServer is already installed. OpenPanel only supports servers without any webservers installed."
["/usr/sbin/httpd"]="Apache WebServer is already installed. OpenPanel only supports servers without any webservers installed."
["/usr/lib/nginx"]="Nginx WebServer is already installed. OpenPanel only supports servers without any webservers installed."
)
for path in "${!paths[@]}"; do
if [ -d "$path" ] || [ -e "$path" ]; then
radovan 1 "${paths[$path]}"
fi
done
echo -e "${GREEN}No currently installed hosting control panels or webservers found. Proceeding with the installation process.${RESET}"
fi
}
detect_os_and_package_manager() {
if [ -f "/etc/os-release" ]; then
. /etc/os-release
case "$ID" in
"debian"|"ubuntu")
PACKAGE_MANAGER="apt-get"
;;
"centos"|"cloudlinux"|"rhel"|"fedora"|"almalinux")
PACKAGE_MANAGER="yum"
if [ "$(command -v dnf)" ]; then
PACKAGE_MANAGER="dnf"
fi
;;
*)
echo -e "${RED}Unsupported distribution: $ID. Exiting.${RESET}"
echo -e "${RED}INSTALL FAILED${RESET}"
exit 1
;;
esac
else
echo -e "${RED}Could not detect Linux distribution. Exiting..${RESET}"
echo -e "${RED}INSTALL FAILED${RESET}"
exit 1
fi
}
download_and_import_docker_images() {
echo "Downloading docker images in the background.."
if [ "$SKIP_IMAGES" = false ]; then
# See https://github.com/moby/moby/issues/16106#issuecomment-310781836 for pulling images in parallel
# Nohup (no hang up) with trailing ampersand allows running the command in the background
# The </dev/null bits redirects the outputs to files rather than strout/err
nohup sh -c "echo openpanel/nginx:latest openpanel/apache:latest | xargs -P4 -n1 docker pull" </dev/null >nohup.out 2>nohup.err &
fi
}
check_lock_file_age() {
if [ "$REPAIR" = true ]; then
rm "$LOCK_FILE"
# and if lock file exists
if [ -e "$LOCK_FILE" ]; then
local current_time=$(date +%s)
local file_time=$(stat -c %Y "$LOCK_FILE")
local age=$((current_time - file_time))
if [ "$age" -ge "$INSTALL_TIMEOUT" ]; then
echo -e "${GREEN}Identified a prior interrupted OpenPanel installation; initiating a fresh installation attempt.${RESET}"
rm "$LOCK_FILE" # Remove the old lock file
else
echo -e "${RED}Detected another OpenPanel installation already running. Exiting.${RESET}"
exit 1
fi
else
# Create the lock file
touch "$LOCK_FILE"
echo "OpenPanel installation started at: $(date)"
fi
fi
}
configure_docker() {
#########apt-get install docker.io -y
docker_daemon_json_path="/etc/docker/daemon.json"
mkdir -p $(dirname "$docker_daemon_json_path")
if [ "$OVERLAY" = true ]; then
echo "Setting 'overlay2' as the default storage driver for Docker.."
cp ${ETC_DIR}docker/overlay2/daemon.json "$docker_daemon_json_path"
else
echo "Setting 'devicemapper' as the default storage driver for Docker.."
cp ${ETC_DIR}docker/devicemapper/daemon.json "$docker_daemon_json_path"
fi
echo -e "Docker is configured."
systemctl daemon-reload
systemctl restart docker
}
docker_compose_check_health(){
all_healthy=true
containers=$(docker ps --format '{{.Names}}\t{{.Status}}')
while IFS=$'\t' read -r name status; do
if [[ "$status" != *"(healthy)"* ]]; then
echo "Container $name is not healthy. Status: $status"
all_healthy=false
fi
done <<< "$containers"
# Proceed if all containers are healthy
if $all_healthy; then
echo "All containers are healthy. Proceeding with next installation steps..."
else
echo "Some containers are not healthy. Investigate and retry."
exit 1
fi
}
docker_compose_up(){
echo "Setting Openpanel and MySQL docker containers.."
echo ""
# install docker compose
DOCKER_CONFIG=${DOCKER_CONFIG:-$HOME/.docker}
mkdir -p $DOCKER_CONFIG/cli-plugins
curl -SL https://github.com/docker/compose/releases/download/v2.27.1/docker-compose-linux-x86_64 -o $DOCKER_CONFIG/cli-plugins/docker-compose > /dev/null 2>&1
chmod +x $DOCKER_CONFIG/cli-plugins/docker-compose
chmod +x /usr/local/lib/docker/cli-plugins/docker-compose
# TOFO: CHECK WITH
#docker compose version
# mysql image needs this!
wget -O /root/initialize.sql https://gist.githubusercontent.com/stefanpejcic/8efe541c2b24b9cd6e1861e5ab7282f1/raw/140e69a5c8c7805bc9a6e6c4fa968f390a6d5c8c/structure.sql > /dev/null 2>&1
# compose doesnt alllow /
cd /root
# generate random password for mysql
MYSQL_ROOT_PASSWORD=$(openssl rand -base64 -hex 9)
echo "MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD" >> .env
echo ""
echo "MYSQL_ROOT_PASSWORD = $MYSQL_ROOT_PASSWORD"
echo ""
# save it to /etc/my.cnf
ln -s /etc/openpanel/mysql/db.cnf /etc/my.cnf > /dev/null 2>&1
sed -i 's/password = .*/password = '"${MYSQL_ROOT_PASSWORD}"'/g' ${ETC_DIR}mysql/db.cnf > /dev/null 2>&1
wget -O docker-compose.yml https://gist.githubusercontent.com/stefanpejcic/206d04b2561015734e4b625ee923b4db/raw/e6b5c3b3feba92b6a3fb01ed07838095bf14f478/newer_compose.yml > /dev/null 2>&1
# start the stack
docker compose up -d
}
clean_apt_cache(){
# clear /var/cache/apt/archives/
apt-get clean
# TODO: cover https://github.com/debuerreotype/debuerreotype/issues/95
}
setup_ftp() {
if [ "$INSTALL_FTP" = true ]; then
echo "Installing experimental FTP service."
curl -sSL https://raw.githubusercontent.com/stefanpejcic/OpenPanel-FTP/master/setup.sh | bash
fi
}
setup_email() {
if [ "$INSTALL_MAIL" = true ]; then
echo "Installing experimental Email service."
curl -sSL https://raw.githubusercontent.com/stefanpejcic/OpenMail/master/setup.sh | bash --dovecot
fi
}
add_file_watcher(){
bash <(curl -sSL https://raw.githubusercontent.com/stefanpejcic/file-watcher/main/install.sh)
}
setup_ufw() {
if [ -z "$SKIP_FIREWALL" ]; then
echo "Setting up the firewall.."
debug_log wget -qO /usr/local/bin/ufw-docker https://github.com/chaifeng/ufw-docker/raw/master/ufw-docker > /dev/null 2>&1 &&
debug_log chmod +x /usr/local/bin/ufw-docker
# block all docker ports so we can manually open only what is needed
debug_log ufw-docker install
debug_log ufw allow 80/tcp #http
debug_log ufw allow 53 #dns
debug_log ufw allow 443/tcp # https
debug_log ufw allow 2083/tcp #openpanel
debug_log ufw allow 2087/tcp #openadmin
if [ "$NO_SSH" = false ]; then
# whitelist user running the script
ip_of_user_running_the_script=$(w -h | grep -m1 -oP '\d+\.\d+\.\d+\.\d+')
debug_log ufw allow from $ip_of_user_running_the_script
# close port 22
debug_log ufw allow 22 #ssh
fi
# set https://github.com/stefanpejcic/ipset-blacklist
if [ "$IPSETS" = true ]; then
if [ "$REPAIR" = true ]; then
rm -rf ipset-blacklist-master
fi
if [ "$DEBUG" = true ]; then
bash <(curl -sSL https://raw.githubusercontent.com/stefanpejcic/ipset-blacklist/master/setup.sh)
else
bash <(curl -sSL https://raw.githubusercontent.com/stefanpejcic/ipset-blacklist/master/setup.sh) > /dev/null 2>&1
fi
fi
if [ "$SUPPORT_IPS" = true ]; then
# Whitelisting our VPN ip addresses from https://ip.openpanel.co/ips/
ip_list=$(curl -s https://ip.openpanel.co/ips/)
ip_list=$(echo "$ip_list" | sed 's/<br \/>/\n/g')
echo "Whitelisting IPs from https://ip.openpanel.co/ips/"
while IFS= read -r ip; do
ip=$(echo "$ip" | tr -d '[:space:]')
debug_log ufw allow from $ip
done <<< "$ip_list"
fi
debug_log ufw --force enable
debug_log ufw reload
debug_log service ufw restart
fi
}
update_package_manager() {
if [ "$SKIP_APT_UPDATE" = false ]; then
echo "Updating package manager.."
debug_log $PACKAGE_MANAGER update -y
fi
}
install_packages() {
echo "Installing required services.."
# https://www.faqforge.com/linux/fixed-ubuntu-apt-get-upgrade-auto-restart-services/
debug_log sed -i 's/#$nrconf{restart} = '"'"'i'"'"';/$nrconf{restart} = '"'"'a'"'"';/g' /etc/needrestart/needrestart.conf
packages=("docker.io" "default-mysql-client" "nginx" "zip" "bind9" "unzip" "python3-pip" "pip" "gunicorn" "jc" "certbot" "python3-certbot-nginx" "sqlite3" "geoip-bin" "ufw")
if [ "$PACKAGE_MANAGER" == "apt-get" ]; then
#only once..
debug_log $PACKAGE_MANAGER -qq install apt-transport-https ca-certificates -y
echo "Updating certificates.."
if [ "$DEBUG" = false ]; then
update-ca-certificates > /dev/null 2>&1
else
update-ca-certificates
fi
echo -e "Installing services.."
for package in "${packages[@]}"; do
echo -e "Installing ${GREEN}$package${RESET}"
debug_log $PACKAGE_MANAGER -qq install "$package" -y
done
for package in "${packages[@]}"; do
if is_package_installed "$package"; then
echo -e "${GREEN}$package is already installed. Skipping.${RESET}"
else
debug_log $PACKAGE_MANAGER -qq install "$package"
if [ $? -ne 0 ]; then
echo "Error: Installation of $package failed. Retrying.."
$PACKAGE_MANAGER -qq install "$package"
if [ $? -ne 0 ]; then
radovan 1 "ERROR: Installation failed. Please retry installation with '--retry' flag."
exit 1
fi
fi
fi
done
elif [ "$PACKAGE_MANAGER" == "yum" ]; then
for package in "${packages[@]}"; do
echo -e "Installing ${GREEN}$package${RESET}"
$PACKAGE_MANAGER install "$package" -y
done
elif [ "$PACKAGE_MANAGER" == "dnf" ]; then
# MORA DRUGI ZA ALMU..
packages=("python3-flask" "python3-pip" "docker-ce" "docker-compose" "docker-ce-cli" "mysql-client-core-8.0" "containerd.io" "docker-compose-plugin" "nginx" "zip" "unzip" "ufw" "certbot" "python3-certbot-nginx" "sqlite3" "geoip-bin")
#utils must be added first, then install from that repo
dnf install yum-utils -y
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# needed for ufw and gunicorn
dnf install epel-release
# ovo za gunicorn
dnf install python3-pip python3-devel gcc -y
# bind radi ovako
dnf install bind bind-utils -y
for package in "${packages[@]}"; do
echo -e "Installing ${GREEN}$package${RESET}"
$PACKAGE_MANAGER install "$package" -y
done
#gunicorn mora preko pip na almi..
pip3 install gunicorn flask
else
echo -e "${RED}Unsupported package manager: $PACKAGE_MANAGER${RESET}"
return 1
fi
}
configure_modsecurity() {
# ModSecurity
#
# https://openpanel.co/docs/admin/settings/waf/#install-modsecurity
#
if [ "$MODSEC" ]; then
echo "Installing ModSecurity and setting OWASP core ruleset.."
debug_log opencli nginx-install_modsec
fi
}
set_system_cronjob(){
echo "Setting cronjobs.."
mv ${ETC_DIR}cron /etc/cron.d/openpanel
chown root:root /etc/cron.d/openpanel
chmod 0600 /etc/cron.d/openpanel
}
cleanup() {
echo "Cleaning up.."
# https://www.faqforge.com/linux/fixed-ubuntu-apt-get-upgrade-auto-restart-services/
sed -i 's/$nrconf{restart} = '"'"'a'"'"';/#$nrconf{restart} = '"'"'i'"'"';/g' /etc/needrestart/needrestart.conf
}
helper_function_for_nginx_on_aws_and_azure(){
#
# FIX FOR:
#
# https://stackoverflow.com/questions/3191509/nginx-error-99-cannot-assign-requested-address/13141104#13141104
#
# Check the status of nginx service and capture the output
nginx_status=$(systemctl status nginx 2>&1)
# Search for "Cannot assign requested address" in the output
if echo "$nginx_status" | grep -q "Cannot assign requested address"; then
# If found, append the required line to /etc/sysctl.conf
echo "net.ipv4.ip_nonlocal_bind = 1" >> /etc/sysctl.conf
# Reload the sysctl configuration
sysctl -p /etc/sysctl.conf
# Change the bind ip in default nginx config
sed -i "s/IP_HERE/*/" /etc/nginx/sites-enabled/default
debug_log "echo Configuration updated and applied."
else
debug_log "echo Nginx started normally."
fi
}
set_custom_hostname(){
if [ "$SET_HOSTNAME_NOW" = true ]; then
# Check if the provided hostname is a valid FQDN
if [[ $new_hostname =~ ^[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then
# Check if PTR record is set to the provided hostname
ptr=$(dig +short -x $current_ip)
if [ "$ptr" != "$new_hostname." ]; then
echo "Warning: PTR record is not set to $new_hostname"
fi
# Check if A record for provided hostname points to server IP
a_record_ip=$(dig +short $new_hostname)
if [ "$a_record_ip" != "$current_ip" ]; then
echo "WARNING: A record for $new_hostname does not point to server IP: $current_ip"
echo "After pointing the domain run this command to set domain for panel: opencli config update force_domain $new_hostname"
else
opencli config update force_domain "$new_hostname"
fi
else
echo "Hostname provided: $new_hostname is not a valid FQDN, OpenPanel will use IP address $current_ip for access."
fi
# Set the provided hostname as the system hostname
hostnamectl set-hostname $new_hostname
fi
}
opencli_setup(){
echo "Downloading OpenCLI and adding to path.."
echo ""
mkdir -p /usr/local/admin/
wget -O ${TEMP_DIR}opencli.tar.gz "https://storage.googleapis.com/openpanel/0.2.1/get.openpanel.co/downloads/0.2.1/opencli/opencli-main.tar.gz" > /dev/null 2>&1 || radovan 1 "download failed for https://storage.googleapis.com/openpanel/0.2.1/get.openpanel.co/downloads/0.2.1/opencli/opencli-main.tar.gz"
mkdir -p ${TEMP_DIR}opencli
cd ${TEMP_DIR} && tar -xzf opencli.tar.gz -C ${TEMP_DIR}opencli
cp -r ${TEMP_DIR}opencli/opencli-main /usr/local/admin/scripts
rm ${TEMP_DIR}opencli.tar.gz
rm -rf ${TEMP_DIR}opencli
cp /usr/local/admin/scripts/opencli /usr/local/bin/opencli
chmod +x /usr/local/bin/opencli
chmod +x -R /usr/local/admin/scripts/
#opencli commands
echo "# opencli aliases
ALIASES_FILE=\"/usr/local/admin/scripts/aliases.txt\"
generate_autocomplete() {
awk '{print \$NF}' \"\$ALIASES_FILE\"
}
complete -W \"\$(generate_autocomplete)\" opencli" >> ~/.bashrc
source ~/.bashrc
}
configure_nginx() {
# Nginx
echo "Setting Nginx configuration.."
# https://dev.openpanel.co/services/nginx
rm /etc/nginx/nginx.conf && ln -s /etc/openpanel/nginx/nginx.conf /etc/nginx/nginx.conf
# dir for domlogs
mkdir -p /var/log/nginx/domlogs
# 444 status for domains pointed to the IP but not added to nginx
rm /etc/nginx/sites-available/default
rm /etc/nginx/sites-enabled/default
ln -s /etc/openpanel/nginx/vhosts/default.conf /etc/nginx/sites-available/default
ln -s /etc/openpanel/nginx/vhosts/default.conf /etc/nginx/sites-enabled/default
# Replace IP_HERE with the value of $current_ip
#sed -i "s/listen 80;/listen $current_ip:80;/" /etc/nginx/sites-enabled/default
# MAKES PROBLEMS, REWRITE!
# Setting pretty error pages for nginx, but need to add them inside containers also!
mkdir /etc/nginx/snippets/ > /dev/null 2>&1
ln -s /etc/openpanel/nginx/error_pages/snippets/error_pages.conf /etc/nginx/snippets/error_pages.conf
ln -s /etc/openpanel/nginx/error_pages/snippets/error_pages_content.conf /etc/nginx/snippets/error_pages_content.conf
service nginx restart
}
set_premium_features(){
if [ "$SET_HOSTNAME_NOW" = true ]; then
echo "Setting OpenPanel enterprise version license key $license_key"
opencli config update key "$license_key"
fi
}
set_email_address_and_email_admin_logins(){
if [ "$SEND_EMAIL_AFTER_INSTALL" = true ]; then
# Check if the provided email is valid
if [[ $EMAIL =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then
echo "Setting email address $EMAIL for notifications"
opencli config update email "$EMAIL"
# Send an email alert
generate_random_token_one_time_only() {
local config_file="${OPENPANEL_DIR}conf/panel.config"
TOKEN_ONE_TIME="$(tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c 64)"
local new_value="mail_security_token=$TOKEN_ONE_TIME"
sed -i "s|^mail_security_token=.*$|$new_value|" "${OPENPANEL_DIR}conf/panel.config"
}
email_notification() {
local title="$1"
local message="$2"
generate_random_token_one_time_only
TRANSIENT=$(awk -F'=' '/^mail_security_token/ {print $2}' "${OPENPANEL_DIR}conf/panel.config")
SSL=$(awk -F'=' '/^ssl/ {print $2}' "${OPENPANEL_DIR}conf/panel.config")
# Determine protocol based on SSL configuration
if [ "$SSL" = "yes" ]; then
PROTOCOL="https"
else
PROTOCOL="http"
fi
# Send email using appropriate protocol
curl -k -X POST "$PROTOCOL://127.0.0.1:2087/send_email" -F "transient=$TRANSIENT" -F "recipient=$EMAIL" -F "subject=$title" -F "body=$message"
}
server_hostname=$(hostname)
email_notification "OpenPanel successfully installed" "OpenAdmin URL: http://$server_hostname:2087/ | username: admin | password: $admin_password"