#!/bin/bash ##--------------------## # Legacy/Main Menu # ##--------------------## sed -i -e 's/magenta/blue/g' /etc/newt/palette if [ "$1" != "-l" ]; then echo "Normal mode" PKGM="debconf-apt-progress -- apt" OUTPUT='/dev/null' IMODE=n fi if [ "$1" = "-l" ]; then echo "Legacy mode"; PKGM="apt" OUTPUT='/dev/tty' IMODE=l fi ##---------------## # Functions # ##---------------## msg () { if [ $IMODE = n ]; then TERM=ansi whiptail --title "Info" --infobox "$1" 8 52 fi if [ $IMODE = l ]; then echo "$1" fi } ##---------------## # Static-Vars # ##---------------## #Git-repo repo=https://git.ictmaatwerk.com/bprieshof/UBU-Web-V2 branch=master #Installer-config phpver=7.3 sqlver=8.0 cockpit=1 PHPMyadmin=1 #PackageManager-config PKGA="add-apt-repository" PKGI="${PKGM} install -y" OUTPUT='/dev/null' ##--------------------------## # Installer-Requirements # ##--------------------------## msg "Starting installer." 8 78 $PKGM update > $OUTPUT 2>&1 $PKGI curl > $OUTPUT 2>&1 ##--------## # Menu # ##--------## if [ $IMODE = n ]; then domain=$(whiptail --nocancel --inputbox " Enter the domain without WWW " 11 82 --title "Config" 3>&1 1>&2 2>&3) password=$(whiptail --nocancel --passwordbox "Please enter your password (should contain at least 2 digits and 6 characters)" 11 82 --title "Config" 3>&1 1>&2 2>&3) email=$(whiptail --nocancel --inputbox " Enter the administrator e-mail" 11 82 --title "Config" 3>&1 1>&2 2>&3) webserv=$(whiptail --title "Select Webserver" --radiolist "WebServer" 11 53 5 "Nginx:" "Will install NGINX Webserver." ON "Apache:" "Will install Apache Webserver." OFF 3>&1 1>&2 2>&3) fi if [ $IMODE = l ]; then echo "" >/dev/null echo "Enter the domain without WWW:" read domain echo "Please enter your password (should contain at least 2 digits and 6 characters:" read password echo "Administrator E-mail:" read email fi if [[ $webserv == "Nginx:" ]]; then echo "nginx php-imagick php-pear php${phpver}-fpm php${phpver}-mysql php${phpver}-cgi php${phpver}-common php${phpver}-mbstring php${phpver}-curl php${phpver}-gd php${phpver}-intl php${phpver}-soap php${phpver}-xml php${phpver}-xmlrpc php${phpver}-zip" >> /tmp/install.txt fi if [[ $webserv == "Apache:" ]]; then echo "apache2 php-pear libapache2-mod-php php${phpver}-mysql php${phpver}-cgi php${phpver}-common php${phpver}-mbstring php${phpver}-curl php${phpver}-gd php${phpver}-intl php${phpver}-soap php${phpver}-xml php${phpver}-xmlrpc php${phpver}-zip" >> /tmp/install.txt fi ##----------## # Addons # ##----------## if [[ $webserv = "Nginx:" ]]; then #NGINX Addon menu option=$(whiptail --nocancel --title "Which Nginx addons should be installed?" --checklist "Features" 11 110 5 "Memcached:" "Memcached is an open source, high-performance, distributed memory caching system." OFF "Redis Cache:" "Redis is an open source BSD licensed, in-memory data structure store." OFF 3>&1 1>&2 2>&3) fi if [[ $webserv = "Apache:" ]]; then #Apache Addon menu option=$(whiptail --nocancel --title "Which Apache addons should be installed?" --checklist "Features" 11 110 5 "Memcached:" "Memcached is an open source, high-performance, distributed memory caching system." OFF "Redis Cache:" "Redis is an open source BSD licensed, in-memory data structure store." OFF 3>&1 1>&2 2>&3) fi if [[ $option == *"Memcached:"* ]]; then #curl -s "$repo"/raw/branch/"$branch"/modules/MODNAME/"$webserv"-aptlist >> /tmp/install.txt echo "php-memcached" >> /tmp/install.txt fi if [[ $option == *"Redis"* ]]; then echo "redis-server" >> /tmp/install.txt fi if [[ $option == *"Brotli:"* ]]; then echo "" >> /tmp/install.txt fi ##-------## # CMS # ##-------## CMS=$(whiptail --nocancel --title "What CMS should be installed?" --radiolist "Features" 11 118 5 "Nextcloud:" "Nextcloud is a suite of client-server software for creating and using file hosting services." OFF "Wordpress:" "WordPress is a content management system based on PHP." OFF "None:" "A plain webserver will be setup." OFF 3>&1 1>&2 2>&3) if [[ $CMS == "Nextcloud:" ]]; then echo "libxml2 openssl zlib1g libpng-dev redis-server" >> /tmp/install.txt fi if [[ $CMS == "Wordpress:" ]]; then echo "" >> /tmp/install.txt fi if [[ $CMS == "None:" ]]; then echo "" >> /tmp/install.txt fi ##--------------------## # Pre-Requirements # ##--------------------## sed -i '/Port 22/c\Port 4242' /etc/ssh/sshd_config msg "Preconfiguring." $PKGI software-properties-common > $OUTPUT 2>&1 $PKGA universe -y > $OUTPUT 2>&1 $PKGA ppa:ondrej/php -y > $OUTPUT 2>&1 $PKGA ppa:certbot/certbot -y > $OUTPUT 2>&1 $PKGA ppa:nginx/stable -y > $OUTPUT 2>&1 $PKGA ppa:chris-lea/redis-server -y > $OUTPUT 2>&1 $PKGM update $PKGM upgrade -y ##-------------## # Installer # ##-------------## echo "fail2ban" >> /tmp/install.txt cat /tmp/install.txt | xargs $PKGI ##---------------## # Configuring # ##---------------## if [[ $ModName == "1" ]]; then source <(curl -s "$repo"/raw/branch/"$branch"/modules/MODNAME/"$webserv"-config.sh) fi ##------------## # Fail2Ban # ##------------## sed -i 's/root@localhost/'$email'/g' /etc/fail2ban/jail.conf wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/sshd.local -O /etc/fail2ban/jail.d/sshd.local if [[ $CMS == "Nextcloud" ]]; then wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/nextcloud.conf -O /etc/fail2ban/filter.d/nextcloud.conf wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/nextcloud.local -O /etc/fail2ban/jail.d/nextcloud.local fi if [[ $CMS == "Wordpress" ]]; then wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/wordpress.conf -O /etc/fail2ban/filter.d/wordpress.conf wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/wordpress.local -O /etc/fail2ban/jail.d/wordpress.local fi ##-------## # UFW # ##-------## sed -i '/IPV6=/c\IPV6=yes' /etc/default/ufw ufw default deny incoming > $OUTPUT 2>&1 ufw default allow outgoing > $OUTPUT 2>&1 ufw allow 80/tcp > $OUTPUT 2>&1 ufw allow 443/tcp > $OUTPUT 2>&1 ufw limit 4242/tcp > $OUTPUT 2>&1 echo "y" | ufw enable > $OUTPUT 2>&1 ##------------## # Services # ##------------## systemctl restart sshd