#!/bin/bash ##--------------------## # Legacy/Main Menu # ##--------------------## sed -i -e 's/magenta/blue/g' /etc/newt/palette if [ "$1" != "-l" ]; then echo "Normal mode" PKGM="debconf-apt-progress -- apt" OUTPUT='/dev/null' IMODE=n fi if [ "$1" = "-l" ]; then echo "Legacy mode"; PKGM="apt" OUTPUT='/dev/tty' IMODE=l fi ##---------------## # Functions # ##---------------## msg () { if [ $IMODE = n ]; then TERM=ansi whiptail --title "Info" --infobox "$1" 8 52 fi if [ $IMODE = l ]; then echo "$1" fi } function PasswordQuest { passdiaone=$(whiptail --nocancel --passwordbox "Please enter your password (should contain at least 2 digits and 6 characters)" 11 82 --title "Config" 3>&1 1>&2 2>&3) if [ -z $passdiaone ]; then PasswordQuest; fi if [[ ${#passdiaone} -ge 8 && "$passdiaone" == *[[:lower:]]* && "$passdiaone" == *[[:upper:]]* && "$passdiaone" == *[0-9]* && "$passdiaone" == *['!'@#%^\&*()_+]* ]]; then PasswordCheck else whiptail --ok-button Done --msgbox "Password is invalid!" 10 30 && PasswordQuest fi } function PasswordCheck { #Checking password passdiatwo=$(whiptail --nocancel --passwordbox "Please re-enter your password" 11 82 --title "Config" 3>&1 1>&2 2>&3) if [ -z $passdiatwo ]; then PasswordCheck; else if [ $passdiaone != $passdiatwo ]; then whiptail --ok-button Done --msgbox "Password does not match!" 10 30 && PasswordQuest;else password="$passdiaone"; unset passdiaone passdiatwo; fi fi } function LegacyPasswordQuest { echo "Enter password (Requires: 8 chars, 1 capital and 1 num)" read -s passdiaone if [ -z $passdiaone ]; then PasswordQuest; fi if [[ ${#passdiaone} -ge 8 && "$passdiaone" == *[[:lower:]]* && "$passdiaone" == *[[:upper:]]* && "$passdiaone" == *[0-9]* && "$passdiaone" == *['!'@#%^\&*()_+]* ]]; then LegacyPasswordCheck else echo "Password is invalid!" 10 30 && LegacyPasswordQuest fi } function LegacyPasswordCheck { #Checking password echo "Please re-enter your password" read -s passdiatwo if [ -z $passdiatwo ]; then LegacyPasswordCheck; else if [ $passdiaone != $passdiatwo ]; then echo "Password does not match!" && LegacyPasswordQuest; password="$passdiaone"; unset passdiaone passdiatwo; fi fi } ##---------------## # Static-Vars # ##---------------## #Git-repo repo=https://git.ictmaatwerk.com/bprieshof/UBU-Web-V2 branch=master #Installer-config phpver=7.4 sqlver=8.0 cockpit=1 PHPMyadmin=1 #PackageManager-config PKGA="add-apt-repository" PKGI="${PKGM} install -y" OUTPUT='/dev/null' ##--------------------------## # Installer-Requirements # ##--------------------------## msg "Starting installer." 8 78 $PKGM update > $OUTPUT 2>&1 $PKGI curl > $OUTPUT 2>&1 ##--------## # Menu # ##--------## if [ $IMODE = n ]; then domain=$(whiptail --nocancel --inputbox " Enter the domain without WWW " 11 82 --title "Config" 3>&1 1>&2 2>&3) if (whiptail --title "Config" --yesno "Does www.${domain} exist in DNS" 8 78); then domainwww=1; else domainwww=1; fi if (whiptail --title "Config" --yesno "Hostname with nxdi.nl" 11 82); then hostname=$(whiptail --nocancel --inputbox " SystemID (eg: VCH001) without ".nxdi.nl" " 11 82 --title "Config" 3>&1 1>&2 2>&3) hostname=$hostname".nxdi.nl" else hostname=$(whiptail --nocancel --inputbox " Hostname " 11 82 --title "Config" 3>&1 1>&2 2>&3) fi if (whiptail --title "Config" --yesno "Enable SSL on installation?" 11 82); then sslenable=1 else sslenable=0 fi PasswordQuest email=$(whiptail --nocancel --inputbox " Enter the administrator e-mail" 11 82 --title "Config" 3>&1 1>&2 2>&3) webserv=$(whiptail --title "Select Webserver" --radiolist "WebServer" 11 53 5 "Nginx:" "Will install NGINX Webserver." ON "Apache:" "Will install Apache Webserver." OFF 3>&1 1>&2 2>&3) esws=$? [[ "$esws" = 1 ]] && msg "Quiting installer." 8 78 && exit; fi if [ $IMODE = l ]; then echo "" >/dev/null echo "Enter the domain without WWW:" read domain while true; do read -p "Does www.${domain} exist in DNS -> yes/no?" yn case $yn in [Yy]* ) domainwww=1 break;; [Nn]* ) domainwww=0 break;; * ) echo "Choose yes of no.";; esac done while true; do read -p "Hostname with nxdi.nl -> yes/no?" yn case $yn in [Nn]* ) echo 'Enter full hostname:' read hostname break;; [Yy]* ) echo 'Hostname (eg: VCH001) without ".nxdi.nl":' read hostname hostname=$hostname".nxdi.nl" break;; * )echo "Choose yes or no.";; esac done while true; do read -p "Enable SSL on installation? -> yes/no?" yn case $yn in [Yy]* ) sslenable=1 break;; [Nn]* ) sslenable=0 break;; * ) echo "Choose yes of no.";; esac done LegacyPasswordQuest echo "Administrator E-mail:" read email echo "Select Webserver:" PS3='Selected:' options=("Nginx" "Apache" "Quit") select opt in "${options[@]}" do case $opt in "Nginx") webserv=Nginx: break;; "Apache") webserv=Apache: break;; "Quit") exit;; *) echo "$REPLY is not a valid option!";; esac done fi webserv="${webserv//:}" && webserv="${webserv,,}" curl "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/apt.list >>/tmp/apt.list ##----------## # Addons # ##----------## if [[ $webserv = "nginx" ]]; then #NGINX Addon menu if [ $IMODE = n ]; then option=$(whiptail --nocancel --title "Which Nginx addons should be installed?" --checklist "Features" 11 110 5 "Memcached:" "Memcached is an open source, high-performance, distributed memory caching system." OFF "Redis Cache:" "Redis is an open source BSD licensed, in-memory data structure store." OFF 3>&1 1>&2 2>&3) fi if [ $IMODE = l ]; then choice () { local choice=$1 if [[ ${opts[choice]} ]] # toggle then opts[choice]= else opts[choice]=+ fi } PS3='Which Nginx addons should be installed?' while : do echo "" options=("Memcached ${opts[1]}" "Redis Cache ${opts[2]}" "Done") select opt in "${options[@]}" do case $opt in "Memcached ${opts[1]}") choice 1 option="$option Memcache:" break ;; "Redis Cache ${opts[2]}") choice 2 option="$option Redis Cache:" break ;; "Done") break 2 ;; *) printf '%s\n' 'invalid option';; esac done done fi fi if [[ $webserv = "apache" ]]; then #Apache Addon menu if [ $IMODE = n ]; then option=$(whiptail --nocancel --title "Which Apache addons should be installed?" --checklist "Features" 11 110 5 "Memcached:" "Memcached is an open source, high-performance, distributed memory caching system." OFF "Redis Cache:" "Redis is an open source BSD licensed, in-memory data structure store." OFF 3>&1 1>&2 2>&3) fi if [ $IMODE = l ]; then choice () { local choice=$1 if [[ ${opts[choice]} ]] # toggle then opts[choice]= else opts[choice]=+ fi } PS3='Which Apache addons should be installed?' while : do clear options=("Memcached ${opts[1]}" "Redis Cache ${opts[2]}" "Done") select opt in "${options[@]}" do case $opt in "Memcached ${opts[1]}") choice 1 option="$option Memcache:" break ;; "Redis Cache ${opts[2]}") choice 2 option="$option Redis Cache:" break ;; "Done") break 2 ;; *) printf '%s\n' 'invalid option';; esac done done fi fi option="${option// /}" && option="${option/:/ }" && option="${option//:}" && option="${option,,}" && option="${option//'"'}" echo "Generating apt list for Options" for val1 in ${option[*]}; do echo "$val1" #TMP modListed=$(wget -t7 -qO - "$repo"/raw/branch/master/extModules.txt|grep "$val1") #Checking if test -z "$modListed" then #Fetching from local repo if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/SubModules/"$val1"/apt.list; then curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/SubModules/"$val1"/apt.list >>/tmp/apt.list fi if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/SubModules/"$val1"/"$webserv"-apt.list; then curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/SubModules/"$val1"/"$webserv"-apt.list >>/tmp/apt.list fi else #Fetching from remote repo if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed"apt.list; then curl --retry 7 --retry-delay 5 -s "$modListed"apt.list >>/tmp/apt.list fi if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed""$webserv"-apt.list; then curl "$modListed""$webserv"-apt.list >>/tmp/apt.list fi fi done ##-------## # CMS # ##-------## if [ $IMODE = n ]; then function CMSM { CMS=$(whiptail --nocancel --title "What CMS should be installed?" --radiolist "Features" 11 118 5 "Nextcloud:" "Nextcloud is a suite of client-server software for creating and using file hosting services." OFF "Wordpress:" "WordPress is a content management system based on PHP." OFF "None:" "A plain webserver will be setup." OFF 3>&1 1>&2 2>&3) if [ -z $CMS ]; then CMSM; fi } CMSM fi if [ $IMODE = l ]; then echo "What CMS should be installed?" PS3='Selected:' options=("Nextcloud" "Wordpress" "None") select opt in "${options[@]}" do case $opt in "Nextcloud") CMS=Nextcloud: break;; "Wordpress") CMS=Wordpress: break;; "None") CMS=None: break;; *) echo "$REPLY is not a valid option!";; esac done fi CMS="${CMS//:}" && CMS="${CMS,,}" echo "Generating Apt List for CMS" if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CMS/"$CMS"/apt.list >>/tmp/apt.list; then curl "$repo"/raw/branch/"$branch"/CMS/"$CMS"/apt.list >>/tmp/apt.list fi if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CMS/"$CMS"/"$webserv"-apt.list; then curl "$repo"/raw/branch/"$branch"/CMS/"$CMS"/"$webserv"-apt.list >>/tmp/apt.list fi ##--------------------## # Pre-Requirements # ##--------------------## sed -i '/Port 22/c\Port 4242' /etc/ssh/sshd_config msg "Preconfiguring." $PKGI software-properties-common gnupg > $OUTPUT 2>&1 $PKGA universe -y > $OUTPUT 2>&1 $PKGA ppa:ondrej/php -y > $OUTPUT 2>&1 $PKGA ppa:certbot/certbot -y > $OUTPUT 2>&1 $PKGA ppa:chris-lea/redis-server -y > $OUTPUT 2>&1 $PKGM update $PKGM upgrade -y ##-------------------## # Pre-configuring # ##-------------------## echo "Running preconf for Webserv" if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/preconf.sh; then source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/preconf.sh) fi echo "Running preconf for Options" for val1 in ${option[*]}; do echo "$val1" #TMP modListed=$(wget -t7 -qO - "$repo"/raw/branch/master/extModules.txt|grep "$val1") #Checking if test -z "$modListed" then #Fetching from local repo if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/SubModules/"$val1"/preconf.sh; then source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/SubModules/"$val1"/preconf.sh) fi if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/SubModules/"$val1"/"$webserv"-preconf.sh; then source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/SubModules/"$val1"/"$webserv"-preconf.sh) fi else #Fetching from remote repo if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed"preconf.sh; then source <(curl --retry 7 --retry-delay 5 -s "$modListed"preconf.sh) fi if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed""$webserv"-preconf.sh; then source <(curl --retry 7 --retry-delay 5 -s "$modListed""$webserv"-preconf.sh) fi fi done echo "Running preconf for CMS" if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CMS/"$CMS"/preconf.sh; then source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CMS/"$CMS"/preconf.sh) fi if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CMS/"$CMS"/"$webserv"-preconf.sh; then source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CMS/"$CMS"/"$webserv"-preconf.sh) fi ##-------------## # Installer # ##-------------## $PKGM update sed -i 's/PHPver/'$phpver'/g' /tmp/apt.list cat /tmp/apt.list | xargs $PKGI ##---------------## # Configuring # ##---------------## echo "Running conf for Webserv" if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/conf.sh; then source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/conf.sh) fi echo "Running conf for Options" for val1 in ${option[*]}; do echo "$val1" #TMP modListed=$(wget -t7 -qO - "$repo"/raw/branch/master/extModules.txt|grep "$val1") #Checking if test -z "$modListed" then #Fetching from local repo if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/SubModules/"$val1"/conf.sh; then source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/SubModules/"$val1"/conf.sh) fi if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/SubModules/"$val1"/"$webserv"-conf.sh; then source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/SubModules/"$val1"/"$webserv"-conf.sh) fi else #Fetching from remote repo if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed"conf.sh; then source <(curl --retry 7 --retry-delay 5 -s "$modListed"conf.sh) fi if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$modListed""$webserv"-conf.sh; then source <(curl --retry 7 --retry-delay 5 -s "$modListed""$webserv"-conf.sh) fi fi done echo "Setting up SSL" if [ $sslenable = 1 ]; then if [ $domainwww = 1 ]; then certbot --"$webserv" -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos elif [ $domainwww = 0 ]; then certbot --"$webserv" -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos fi certbot --"$webserv" -n -d "$hostname" -m "$email" --hsts --redirect --no-eff-email --agree-tos fi wget -q -t7 "$repo"/raw/branch/"$branch"/Scripts/EnableSSL.sh -O ~/activateSSL-$domain.sh sed -i -e 's/DOMAINname/'$domain'/' -e 's/CONFname/'$domain'/' -e 's/DomainWWW/'$domainwww'/' -e 's/Email/'$email'/' -e 's/WebServer/'$webserv'/' ~/activateSSL-$domain.sh wget -q -t7 "$repo"/raw/branch/"$branch"/Scripts/EnableSSL.sh -O ~/activateSSL-Backend.sh sed -i -e 's/DOMAINname/'$hostname'/' -e 's/CONFname/'Backend'/' -e 's/DomainWWW/'0'/' -e 's/Email/'$email'/' -e 's/WebServer/'$webserv'/' ~/activateSSL-Backend.sh echo "Running conf for CMS" if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CMS/"$CMS"/conf.sh; then source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CMS/"$CMS"/conf.sh) fi if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CMS/"$CMS"/"$webserv"-conf.sh; then source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CMS/"$CMS"/"$webserv"-conf.sh) fi echo "Running conf for Backend" if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CMS/Backend/"$webserv"-conf.sh; then source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CMS/Backend/"$webserv"-conf.sh) fi ##------------## # Fail2Ban # ##------------## sed -i 's/root@localhost/'$email'/g' /etc/fail2ban/jail.conf wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/sshd.local -O /etc/fail2ban/jail.d/sshd.local if [[ $CMS == "Nextcloud" ]]; then wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/nextcloud.conf -O /etc/fail2ban/filter.d/nextcloud.conf wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/nextcloud.local -O /etc/fail2ban/jail.d/nextcloud.local fi if [[ $CMS == "Wordpress" ]]; then wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/wordpress.conf -O /etc/fail2ban/filter.d/wordpress.conf wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/wordpress.local -O /etc/fail2ban/jail.d/wordpress.local fi ##-------## # UFW # ##-------## sed -i '/IPV6=/c\IPV6=yes' /etc/default/ufw ufw default deny incoming > $OUTPUT 2>&1 ufw default allow outgoing > $OUTPUT 2>&1 ufw allow 80/tcp > $OUTPUT 2>&1 ufw allow 443/tcp > $OUTPUT 2>&1 ufw limit 4242/tcp > $OUTPUT 2>&1 echo "y" | ufw enable > $OUTPUT 2>&1 ##------------## # Services # ##------------## systemctl restart sshd