diff --git a/install.sh b/install.sh index 3577c39..e40621c 100644 --- a/install.sh +++ b/install.sh @@ -6,79 +6,114 @@ # # Program: # Install Lbry Pool on Ubuntu 18.04 running Nginx, MariaDB, and php7.x -# ################################################################################ + output() { - printf "\E[0;33;40m" - echo $1 - printf "\E[0m" + printf "\E[0;33;40m" + echo "$1" + printf "\E[0m" } displayErr() { - echo - echo $1; - echo - exit 1; + echo + echo "$1" + echo + exit 1 } + +################################################################################ +# Main routine +################################################################################ + +# Capture all output in a log file +LOG_FILE="${0%.sh}.log" +{ + echo "-----------------------------------------------------------------------" + echo "LBRY Pool install log of" "$(date)" + echo "Use less -R to view without control characters." + echo "-----------------------------------------------------------------------" + echo +} >"${LOG_FILE}" +exec &> >(tee -a "${LOG_FILE}") + +# Phase 0: Ask user to enter configuration data ################################ clear +output "LBRY Pool Installer" +output "" output "Make sure you double check before hitting enter! Only one shot at these!" output "" - read -e -p "Enter time zone (e.g. America/New_York) : " TIME - read -e -p "Server name (no http:// or www. just example.com) : " server_name - read -e -p "Are you using a subdomain (pool.example.com?) [y/N] : " sub_domain - read -e -p "Enter support email (e.g. admin@example.com) : " EMAIL - read -e -p "Set stratum to AutoExchange? i.e. mine any coin with BTC address? [y/N] : " BTC - read -e -p "Please enter a new location for /site/adminRights this is to customize the admin entrance url (e.g. myAdminpanel) : " admin_panel - read -e -p "Enter your Public IP for admin access (http://www.whatsmyip.org/) : " Public - read -e -p "Install Fail2ban? [Y/n] : " install_fail2ban - read -e -p "Install UFW and configure ports? [Y/n] : " UFW - read -e -p "Install LetsEncrypt SSL? IMPORTANT! You MUST have your domain name pointed to this server prior to running the script!! [Y/n]: " ssl_install - - clear - output "If you found this helpful, please donate to BTC Donation: " - output "" - output "Updating system and installing required packages." - output "" - - # update package and upgrade Ubuntu - output "Updating System through apt" - sudo apt update - sudo apt upgrade -y - sudo apt autoremove -y - output "Removing Snapd, and Cloud-Init (Ubuntu 18.x+) - sudo snap stop lxc && sudo snap remove lxc - sudo snap stop core18 && sudo snap remove core18 - sudo snap remove snapd - sudo apt purge -y snapd* - sudo apt purge cloud-init* - sudo rm -rf /etc/cloud - sudo apt autoremove -y - clear - # install all dependencies - output "Installing MySQL Repository." - output "" - wget https://dev.mysql.com/get/mysql-apt-config_0.8.14-1_all.deb - sudo dpkg -i ./mysql-apt-config_0.8.14-1_all.deb - sudo apt update - # create random password - rootpasswd=$(openssl rand -base64 12) - export DEBIAN_FRONTEND="noninteractive" - output "Installing pre-requisite repos." - output "" - sudo apt install software-properties-common -y - sudo add-apt-repository ppa:ondrej/php -y - sudo add-apt-repository ppa:bitcoin/bitcoin -y - sudo apt update - output "Installing Required Software." - output "" -sudo apt install nginx mysql-server php7.4-opcache php7.4-fpm php7.4-common php7.4-gd php7.4-mysql php7.4-imap php7.4-cli php7.4-cgi php7.4-curl php7.4-intl php7.4-pspell recode php7.4-sqlite3 php7.4-tidy php7.4-xmlrpc php7.4-xsl php7.4-memcache php7.4-imagick php7.4-zip php7.4-mbstring php-pear php-auth-sasl mcrypt imagemagick libruby memcached libgmp3-dev libmysqlclient-dev libcurl4-gnutls-dev libkrb5-dev libldap2-dev libidn11-dev gnutls-dev librtmp-dev build-essential libtool autotools-dev automake pkg-config libssl-dev libevent-dev bsdmainutils sendmail git pwgen unzip libdb4.8-dev libdb4.8++-dev libssl-dev libboost-all-dev libminiupnpc-dev libqt5gui5 libqt5core5a libqt5webkit5-dev libqt5dbus5 qttools5-dev qttools5-dev-tools libprotobuf-dev protobuf-compiler libqrencode-dev libnghttp2-dev libpsl-dev -y - output "Configuring Nginx server." - output "" - sudo rm /etc/nginx/sites-enabled/default - sudo service nginx start - sudo service cron start - #Making Nginx a bit hard - echo 'map $http_user_agent $blockedagent { + +# Load file with last configuration data if available +CONF_FILE="${0%.sh}.conf" +if [[ -f "${CONF_FILE}" ]]; then + # shellcheck source=install.conf + source "${CONF_FILE}" +else + declare -A CONFMAP=(["TIME_ZONE"]="" ["SERVER_NAME"]="" ["SUB_DOMAIN"]="" ["EMAIL"]="" ['SEND_EMAIL']="" + ["BTC"]="" ["ADMIN_PANEL"]="" ["PUBLIC_IP"]="" ["INSTALL_FAIL2BAN"]="" ["UFW"]="" ["SSL_INSTALL"]="") +fi +# Ask user to enter/change configuration data +read -e -r -p "Enter time zone (e.g. America/New_York): " -i "${CONFMAP['TIME_ZONE']}" CONFMAP['TIME_ZONE'] +read -e -r -p "Server name (no http:// or www. just example.com): " -i "${CONFMAP['SERVER_NAME']}" CONFMAP['SERVER_NAME'] +read -e -r -p "Are you using a subdomain (e.g. pool.example.com?) [y/N] : " -i "${CONFMAP['SUB_DOMAIN']}" CONFMAP['SUB_DOMAIN'] +read -e -r -p "Enter support email (e.g. admin@example.com) : " -i "${CONFMAP['EMAIL']}" CONFMAP['EMAIL'] +read -e -r -p "Send a test email to the support address? [Y/n] : " -i "${CONFMAP['SEND_EMAIL']}" CONFMAP['SEND_EMAIL'] +read -e -r -p "Set stratum to AutoExchange? i.e. mine any coin with BTC address? [y/N] : " -i "${CONFMAP['BTC']}" CONFMAP['BTC'] +read -e -r -p "Please enter a new location for /site/adminRights this is to customize the admin entrance url (e.g. myAdminpanel) : " -i "${CONFMAP['ADMIN_PANEL']}" CONFMAP['ADMIN_PANEL'] +read -e -r -p "Enter your Public IP for admin access (http://www.whatsmyip.org/) : " -i "${CONFMAP['PUBLIC_IP']}" CONFMAP['PUBLIC_IP'] +read -e -r -p "Install Fail2ban? [Y/n] : " -i "${CONFMAP['INSTALL_FAIL2BAN']}" CONFMAP['INSTALL_FAIL2BAN'] +read -e -r -p "Install UFW and configure ports? [Y/n] : " -i "${CONFMAP['UFW']}" CONFMAP['UFW'] +read -e -r -p "Install LetsEncrypt SSL? IMPORTANT! You MUST have your domain name pointed to this server prior to running the script!! [Y/n]: " -i "${CONFMAP['SSL_INSTALL']}" CONFMAP['SSL_INSTALL'] +# Save configuration data to file +declare -p CONFMAP >"${CONF_FILE}" + +# Phase 1: Install dependencies ################################################ +clear +output "LBRY Pool Installer" +output "" +output "Updating system and installing required packages." +output "" + +# 1.a: Update packages and upgrade Ubuntu +output "... updating system through apt" +sudo apt update +sudo apt upgrade -y +sudo apt autoremove -y +output "" +output "... removing Snapd, and Cloud-Init (Ubuntu 18.x+)" +sudo snap stop lxc && sudo snap remove lxc +sudo snap stop core18 && sudo snap remove core18 +sudo snap remove snapd +sudo apt purge -y snapd* +sudo apt purge cloud-init* +sudo rm -rf /etc/cloud +sudo apt autoremove -y + +# 1.b: Install all dependencies +clear +output "Installing MySQL repository." +output "" +wget https://dev.mysql.com/get/mysql-apt-config_0.8.17-1_all.deb +sudo dpkg -i ./mysql-apt-config_0.8.17-1_all.deb +sudo apt update +export DEBIAN_FRONTEND="noninteractive" +output "Installing pre-requisite repositories." +output "" +sudo apt install software-properties-common -y +sudo add-apt-repository ppa:ondrej/php -y +sudo add-apt-repository ppa:bitcoin/bitcoin -y +sudo apt update +output "Installing Required Software." +output "" +sudo apt install nginx mysql-server php7.4-opcache php7.4-fpm php7.4-common php7.4-gd php7.4-mysql php7.4-imap php7.4-cli php7.4-cgi php7.4-curl php7.4-intl php7.4-pspell recode php7.4-sqlite3 php7.4-tidy php7.4-xmlrpc php7.4-xsl php7.4-memcache php7.4-imagick php7.4-zip php7.4-mbstring php-pear php-auth-sasl mcrypt imagemagick libruby memcached libgmp3-dev libmysqlclient-dev libcurl4-gnutls-dev libkrb5-dev libldap2-dev libidn11-dev gnutls-dev librtmp-dev build-essential libtool autotools-dev automake pkg-config libssl-dev libevent-dev bsdmainutils sendmail git pwgen unzip libdb4.8-dev libdb4.8++-dev libssl-dev libboost-all-dev libminiupnpc-dev libqt5gui5 libqt5core5a libqt5webkit5-dev libqt5dbus5 qttools5-dev qttools5-dev-tools libprotobuf-dev protobuf-compiler libqrencode-dev libnghttp2-dev libpsl-dev tmux -y +output "Configuring Nginx server." +output "" +sudo rm -f /etc/nginx/sites-enabled/default +sudo service nginx start +sudo service cron start +# Making Nginx a bit hard +# shellcheck disable=SC2016 +echo 'map $http_user_agent $blockedagent { default 0; ~*malicious 1; ~*bot 1; @@ -87,83 +122,95 @@ default 0; ~*bandit 1; } ' | sudo -E tee /etc/nginx/blockuseragents.rules >/dev/null 2>&1 - - #Generating Random Passwords - password=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` - password2=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` - AUTOGENERATED_PASS=`pwgen -c -1 20` - output "Testing to see if server emails are sent" - output "" - if [[ "$root_email" != "" ]]; then - echo $root_email > sudo tee --append ~/.email - echo $root_email > sudo tee --append ~/.forward - if [[ ("$send_email" == "y" || "$send_email" == "Y" || "$send_email" == "") ]]; then - echo "This is a mail test for the SMTP Service." > sudo tee --append /tmp/email.message - echo "You should receive this !" >> sudo tee --append /tmp/email.message - echo "" >> sudo tee --append /tmp/email.message - echo "Cheers" >> sudo tee --append /tmp/email.message - sudo sendmail -s "SMTP Testing" $root_email < sudo tee --append /tmp/email.message +# 1.c: Check email +output "Testing to see if server emails are sent." +output "" +if [[ "${CONFMAP['EMAIL']}" != "" ]]; then + echo "${CONFMAP['EMAIL']}" >~/.email + echo "${CONFMAP['EMAIL']}" >~/.forward - sudo rm -f /tmp/email.message - echo "Mail sent" - fi - fi - - output "Some optional installs" - if [[ ("$install_fail2ban" == "y" || "$install_fail2ban" == "Y" || "$install_fail2ban" == "") ]]; then - sudo apt install fail2ban -y - fi - if [[ ("$UFW" == "y" || "$UFW" == "Y" || "$UFW" == "") ]]; then - sudo apt-get install ufw -y - sudo ufw default deny incoming - sudo ufw default allow outgoing - sudo ufw allow ssh - sudo ufw allow http - sudo ufw allow https - sudo ufw allow 3334/tcp - sudo ufw --force enable - fi - - clear - - output " Installing yiimp" - output "" - output "Grabbing yiimp fron Github, building files and setting file structure." - output "" - #Generating Random Password for stratum - blckntifypass=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` - cd ~ - git clone https://github.com/lbryio/pool.git yiimp - cd $HOME/yiimp/blocknotify - sudo sed -i 's/tu8tu5/'$blckntifypass'/' blocknotify.cpp - sudo make - cd $HOME/yiimp/stratum/iniparser - sudo make - cd $HOME/yiimp/stratum - if [[ ("$BTC" == "y" || "$BTC" == "Y") ]]; then - sudo sed -i 's/CFLAGS += -DNO_EXCHANGE/#CFLAGS += -DNO_EXCHANGE/' $HOME/yiimp/stratum/Makefile - sudo make - fi - sudo make - cd $HOME/yiimp - sudo sed -i 's/AdminRights/'$admin_panel'/' $HOME/yiimp/web/yaamp/modules/site/SiteController.php - sudo cp -r $HOME/yiimp/web /var/ - sudo mkdir -p /var/stratum - cd $HOME/yiimp/stratum - sudo cp -a config.sample/. /var/stratum/config + if [[ ("${CONFMAP['SEND_EMAIL']}" == "y" || "${CONFMAP['SEND_EMAIL']}" == "Y" || "${CONFMAP['SEND_EMAIL']}" == "") ]]; then + { + echo "Subject: SMTP Test Mail" + echo "This is a mail test for the SMTP Service." + echo "You should receive this !" + echo + echo "Cheers" + echo + } >/tmp/email.message + # shellcheck disable=SC2024 + sudo sendmail "${CONFMAP['EMAIL']}" /dev/null 2>&1 sudo chmod +x /var/stratum/config/run.sh - output "Update default timezone." - output "Thanks for using this installation script. Donations welcome" - # check if link file - sudo [ -L /etc/localtime ] && sudo unlink /etc/localtime - # update time zone - sudo ln -sf /usr/share/zoneinfo/$TIME /etc/localtime - sudo apt install -y ntpdate - # write time to clock. - sudo hwclock -w - clear - output "Making Web Server Magic Happen!" - # adding user to group, creating dir structure, setting permissions - sudo mkdir -p /var/www/$server_name/html - output "Creating webserver initial config file" - output "" - if [[ ("$sub_domain" == "y" || "$sub_domain" == "Y") ]]; then -echo 'include /etc/nginx/blockuseragents.rules; +output "Update default timezone." +output "Thanks for using this installation script. Donations welcome" +# check if link file +sudo [ -L /etc/localtime ] && sudo unlink /etc/localtime +# update time zone +sudo ln -sf /usr/share/zoneinfo/"${CONFMAP['TIME_ZONE']}" /etc/localtime +sudo apt install -y ntpdate +# write time to clock if possible +sudo hwclock -w + +# Phase 3: Web Server configuration ############################################ +clear +output "Making Web Server Magic Happen!" +# adding user to group, creating dir structure, setting permissions +sudo mkdir -p /var/www/"${CONFMAP['SERVER_NAME']}"/html +output "Creating webserver initial config file" +output "" +if [[ ("${CONFMAP['SUB_DOMAIN']}" == "y" || "${CONFMAP['SUB_DOMAIN']}" == "Y") ]]; then + # shellcheck disable=SC2016 + echo 'include /etc/nginx/blockuseragents.rules; server { if ($blockedagent) { return 403; @@ -202,8 +252,8 @@ echo 'include /etc/nginx/blockuseragents.rules; } listen 80; listen [::]:80; - server_name '"${server_name}"'; - root "/var/www/'"${server_name}"'/html/web"; + server_name '"${CONFMAP['SERVER_NAME']}"'; + root "/var/www/'"${CONFMAP['SERVER_NAME']}"'/html/web"; index index.html index.htm index.php; charset utf-8; @@ -218,10 +268,10 @@ echo 'include /etc/nginx/blockuseragents.rules; location = /robots.txt { access_log off; log_not_found off; } access_log off; - error_log /var/log/nginx/'"${server_name}"'.app-error.log error; + error_log /var/log/nginx/'"${CONFMAP['SERVER_NAME']}"'.app-error.log error; # allow larger file uploads and longer script runtimes - client_body_buffer_size 50k; + client_body_buffer_size 50k; client_header_buffer_size 50k; client_max_body_size 50k; large_client_header_buffers 2 50k; @@ -268,23 +318,24 @@ echo 'include /etc/nginx/blockuseragents.rules; } } } -' | sudo -E tee /etc/nginx/sites-available/$server_name.conf >/dev/null 2>&1 +' | sudo -E tee /etc/nginx/sites-available/"${CONFMAP['SERVER_NAME']}".conf >/dev/null 2>&1 -sudo ln -s /etc/nginx/sites-available/$server_name.conf /etc/nginx/sites-enabled/$server_name.conf -sudo ln -s /var/web /var/www/$server_name/html -sudo service nginx restart - if [[ ("$ssl_install" == "y" || "$ssl_install" == "Y" || "$ssl_install" == "") ]]; then + sudo ln -s /etc/nginx/sites-available/"${CONFMAP['SERVER_NAME']}".conf /etc/nginx/sites-enabled/"${CONFMAP['SERVER_NAME']}".conf + sudo ln -s /var/web /var/www/"${CONFMAP['SERVER_NAME']}"/html + sudo service nginx restart + if [[ ("${CONFMAP['SSL_INSTALL']}" == "y" || "${CONFMAP['SSL_INSTALL']}" == "Y" || "${CONFMAP['SSL_INSTALL']}" == "") ]]; then output "Install LetsEncrypt and setting SSL" sudo apt install software-properties-common sudo add-apt-repository universe sudo add-apt-repository ppa:certbot/certbot sudo apt update sudo apt install -y certbot python-certbot-nginx - sudo certbot certonly -a webroot --webroot-path=/var/web --email "$EMAIL" --agree-tos -d "$server_name" - sudo rm /etc/nginx/sites-available/$server_name.conf + sudo certbot certonly -a webroot --webroot-path=/var/web --email "${CONFMAP['EMAIL']}" --agree-tos -d "${CONFMAP['SERVER_NAME']}" + sudo rm /etc/nginx/sites-available/"${CONFMAP['SERVER_NAME']}".conf sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 # I am SSL Man! -echo 'include /etc/nginx/blockuseragents.rules; + # shellcheck disable=SC2016 + echo 'include /etc/nginx/blockuseragents.rules; server { if ($blockedagent) { return 403; @@ -294,9 +345,9 @@ echo 'include /etc/nginx/blockuseragents.rules; } listen 80; listen [::]:80; - server_name '"${server_name}"'; + server_name '"${CONFMAP['SERVER_NAME']}"'; # enforce https - return 301 https://$server_name$request_uri; + return 301 https://'"${CONFMAP['SERVER_NAME']}"'$request_uri; } server { @@ -308,24 +359,24 @@ echo 'include /etc/nginx/blockuseragents.rules; } listen 443 ssl http2; listen [::]:443 ssl http2; - server_name '"${server_name}"'; + server_name '"${CONFMAP['SERVER_NAME']}"'; - root /var/www/'"${server_name}"'/html/web; + root /var/www/'"${CONFMAP['SERVER_NAME']}"'/html/web; index index.php; - access_log /var/log/nginx/'"${server_name}"'.app-accress.log; - error_log /var/log/nginx/'"${server_name}"'.app-error.log error; + access_log /var/log/nginx/'"${CONFMAP['SERVER_NAME']}"'.app-accress.log; + error_log /var/log/nginx/'"${CONFMAP['SERVER_NAME']}"'.app-error.log error; # allow larger file uploads and longer script runtimes - client_body_buffer_size 50k; + client_body_buffer_size 50k; client_header_buffer_size 50k; client_max_body_size 50k; large_client_header_buffers 2 50k; sendfile off; # strengthen ssl security - ssl_certificate /etc/letsencrypt/live/'"${server_name}"'/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/'"${server_name}"'/privkey.pem; + ssl_certificate /etc/letsencrypt/live/'"${CONFMAP['SERVER_NAME']}"'/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/'"${CONFMAP['SERVER_NAME']}"'/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; @@ -337,7 +388,7 @@ echo 'include /etc/nginx/blockuseragents.rules; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; - add_header Content-Security-Policy "frame-ancestors 'self'"; + add_header Content-Security-Policy "frame-ancestors '"'"'self'"'"'; location / { try_files $uri $uri/ /index.php?$args; @@ -388,12 +439,13 @@ echo 'include /etc/nginx/blockuseragents.rules; } } -' | sudo -E tee /etc/nginx/sites-available/$server_name.conf >/dev/null 2>&1 - fi -sudo service nginx restart -sudo service php7.4-fpm reload +' | sudo -E tee /etc/nginx/sites-available/"${CONFMAP['SERVER_NAME']}".conf >/dev/null 2>&1 + fi + sudo service nginx restart + sudo service php7.4-fpm reload else -echo 'include /etc/nginx/blockuseragents.rules; + # shellcheck disable=SC2016 + echo 'include /etc/nginx/blockuseragents.rules; server { if ($blockedagent) { return 403; @@ -403,8 +455,8 @@ echo 'include /etc/nginx/blockuseragents.rules; } listen 80; listen [::]:80; - server_name '"${server_name}"' www.'"${server_name}"'; - root "/var/www/'"${server_name}"'/html/web"; + server_name '"${CONFMAP['SERVER_NAME']}"' www.'"${CONFMAP['SERVER_NAME']}"'; + root "/var/www/'"${CONFMAP['SERVER_NAME']}"'/html/web"; index index.html index.htm index.php; charset utf-8; @@ -419,7 +471,7 @@ echo 'include /etc/nginx/blockuseragents.rules; location = /robots.txt { access_log off; log_not_found off; } access_log off; - error_log /var/log/nginx/'"${server_name}"'.app-error.log error; + error_log /var/log/nginx/'"${CONFMAP['SERVER_NAME']}"'.app-error.log error; # allow larger file uploads and longer script runtimes client_body_buffer_size 50k; @@ -469,23 +521,24 @@ echo 'include /etc/nginx/blockuseragents.rules; } } } -' | sudo -E tee /etc/nginx/sites-available/$server_name.conf >/dev/null 2>&1 +' | sudo -E tee /etc/nginx/sites-available/"${CONFMAP['SERVER_NAME']}".conf >/dev/null 2>&1 -sudo ln -s /etc/nginx/sites-available/$server_name.conf /etc/nginx/sites-enabled/$server_name.conf -sudo ln -s /var/web /var/www/$server_name/html -sudo service nginx restart - if [[ ("$ssl_install" == "y" || "$ssl_install" == "Y" || "$ssl_install" == "") ]]; then + sudo ln -s /etc/nginx/sites-available/"${CONFMAP['SERVER_NAME']}".conf /etc/nginx/sites-enabled/"${CONFMAP['SERVER_NAME']}".conf + sudo ln -s /var/web /var/www/"${CONFMAP['SERVER_NAME']}"/html + sudo service nginx restart + if [[ ("${CONFMAP['SSL_INSTALL']}" == "y" || "${CONFMAP['SSL_INSTALL']}" == "Y" || "${CONFMAP['SSL_INSTALL']}" == "") ]]; then output "Install LetsEncrypt and setting SSL" sudo apt install software-properties-common sudo add-apt-repository universe sudo add-apt-repository ppa:certbot/certbot sudo apt update sudo apt install -y certbot python-certbot-nginx - sudo certbot certonly -a webroot --webroot-path=/var/web --email "$EMAIL" --agree-tos -d "$server_name" -d www."$server_name" - sudo rm /etc/nginx/sites-available/$server_name.conf + sudo certbot certonly -a webroot --webroot-path=/var/web --email "${CONFMAP['EMAIL']}" --agree-tos -d "${CONFMAP['SERVER_NAME']}" -d www."${CONFMAP['SERVER_NAME']}" + sudo rm /etc/nginx/sites-available/"${CONFMAP['SERVER_NAME']}".conf sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 # I am SSL Man! -echo 'include /etc/nginx/blockuseragents.rules; + # shellcheck disable=SC2016 + echo 'include /etc/nginx/blockuseragents.rules; server { if ($blockedagent) { return 403; @@ -495,9 +548,9 @@ echo 'include /etc/nginx/blockuseragents.rules; } listen 80; listen [::]:80; - server_name '"${server_name}"'; + server_name '"${CONFMAP['SERVER_NAME']}"'; # enforce https - return 301 https://$server_name$request_uri; + return 301 https://'"${CONFMAP['SERVER_NAME']}"'$request_uri; } server { @@ -509,13 +562,13 @@ echo 'include /etc/nginx/blockuseragents.rules; } listen 443 ssl http2; listen [::]:443 ssl http2; - server_name '"${server_name}"' www.'"${server_name}"'; + server_name '"${CONFMAP['SERVER_NAME']}"' www.'"${CONFMAP['SERVER_NAME']}"'; - root /var/www/'"${server_name}"'/html/web; + root /var/www/'"${CONFMAP['SERVER_NAME']}"'/html/web; index index.php; - access_log /var/log/nginx/'"${server_name}"'.app-accress.log; - error_log /var/log/nginx/'"${server_name}"'.app-error.log error; + access_log /var/log/nginx/'"${CONFMAP['SERVER_NAME']}"'.app-accress.log; + error_log /var/log/nginx/'"${CONFMAP['SERVER_NAME']}"'.app-error.log error; # allow larger file uploads and longer script runtimes client_body_buffer_size 50k; @@ -525,8 +578,8 @@ echo 'include /etc/nginx/blockuseragents.rules; sendfile off; # strengthen ssl security - ssl_certificate /etc/letsencrypt/live/'"${server_name}"'/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/'"${server_name}"'/privkey.pem; + ssl_certificate /etc/letsencrypt/live/'"${CONFMAP['SERVER_NAME']}"'/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/'"${CONFMAP['SERVER_NAME']}"'/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; @@ -538,7 +591,7 @@ echo 'include /etc/nginx/blockuseragents.rules; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; - add_header Content-Security-Policy "frame-ancestors 'self'"; + add_header Content-Security-Policy "frame-ancestors '"'"'self'"'"'"; location / { try_files $uri $uri/ /index.php?$args; @@ -589,55 +642,62 @@ echo 'include /etc/nginx/blockuseragents.rules; } } -' | sudo -E tee /etc/nginx/sites-available/$server_name.conf >/dev/null 2>&1 - fi -sudo service nginx restart -sudo service php7.4-fpm reload +' | sudo -E tee /etc/nginx/sites-available/"${CONFMAP['SERVER_NAME']}".conf >/dev/null 2>&1 + fi + sudo service nginx restart + sudo service php7.4-fpm reload fi - clear - output "Now for the database fun!" - # create database - Q1="CREATE DATABASE IF NOT EXISTS yiimpfrontend;" - Q2="GRANT ALL ON *.* TO 'panel'@'localhost' IDENTIFIED BY '$password';" - Q3="FLUSH PRIVILEGES;" - SQL="${Q1}${Q2}${Q3}" - sudo mysql -u root -p="" -e "$SQL" - # create stratum user - Q1="GRANT ALL ON *.* TO 'stratum'@'localhost' IDENTIFIED BY '$password2';" - Q2="FLUSH PRIVILEGES;" - SQL="${Q1}${Q2}" - sudo mysql -u root -p="" -e "$SQL" - - #Create my.cnf - - echo ' + +# Phase 4: Database configuration ############################################## +clear +output "Now for the database fun!" +# Generate passwords for MySQL +MYSQL_ROOTPASSWD=$(pwgen -cn 20 1) +MYSQL_PANELPASSWD=$(pwgen -cn 20 1) +MYSQL_STRATUMPASSWD=$(pwgen -cn 20 1) +MYSQL_PHPADMINPASSWD=$(pwgen -cn 20 1) +# create database +Q1="CREATE DATABASE IF NOT EXISTS yiimpfrontend;" +Q2="CREATE USER 'panel'@'localhost' IDENTIFIED BY '${MYSQL_PANELPASSWD}';" +Q3="GRANT ALL ON *.* TO 'panel'@'localhost';" +Q4="FLUSH PRIVILEGES;" +SQL="${Q1}${Q2}${Q3}${Q4}" +sudo mysql -u root -p="" -e "$SQL" +# create stratum user +Q1="CREATE USER 'stratum'@'localhost' IDENTIFIED BY '${MYSQL_STRATUMPASSWD}';" +Q2="GRANT ALL ON *.* TO 'stratum'@'localhost';" +Q3="FLUSH PRIVILEGES;" +SQL="${Q1}${Q2}${Q3}" +sudo mysql -u root -p="" -e "$SQL" + +#Create my.cnf + +echo ' [clienthost1] user=panel -password='"${password}"' +password='"${MYSQL_PANELPASSWD}"' database=yiimpfrontend host=localhost [clienthost2] user=stratum -password='"${password2}"' +password='"${MYSQL_STRATUMPASSWD}"' database=yiimpfrontend host=localhost [mysql] user=root -password='"${rootpasswd}"' +password='"${MYSQL_ROOTPASSWD}"' [myphpadmin] user=root -password='"${AUTOGENERATED_PASS}"' +password='"${MYSQL_PHPADMINPASSWD}"' ' | sudo -E tee ~/.my.cnf >/dev/null 2>&1 sudo chmod 0600 ~/.my.cnf - - #Create keys file - echo ' +echo ' '"'"'); define('"'"'EXCH_BITSTAMP_SECRET'"'"','"'"''"'"'); @@ -654,34 +714,35 @@ define('"'"'EXCH_NOVA_SECRET'"'"','"'"''"'"'); define('"'"'EXCH_POLONIEX_SECRET'"'"', '"'"''"'"'); define('"'"'EXCH_YOBIT_SECRET'"'"', '"'"''"'"'); ' | sudo -E tee /etc/yiimp/keys.php >/dev/null 2>&1 - - output "Peforming the SQL import" - output "" - cd ~ - cd yiimp/sql - # import sql dump - sudo zcat 2016-04-03-yaamp.sql.gz | sudo mysql --defaults-group-suffix=host1 - # oh the humanity! - sudo mysql --defaults-group-suffix=host1 --force < 2016-04-24-market_history.sql - sudo mysql --defaults-group-suffix=host1 --force < 2016-04-27-settings.sql - sudo mysql --defaults-group-suffix=host1 --force < 2016-05-11-coins.sql - sudo mysql --defaults-group-suffix=host1 --force < 2016-05-15-benchmarks.sql - sudo mysql --defaults-group-suffix=host1 --force < 2016-05-23-bookmarks.sql - sudo mysql --defaults-group-suffix=host1 --force < 2016-06-01-notifications.sql - sudo mysql --defaults-group-suffix=host1 --force < 2016-06-04-bench_chips.sql - sudo mysql --defaults-group-suffix=host1 --force < 2016-11-23-coins.sql - sudo mysql --defaults-group-suffix=host1 --force < 2017-02-05-benchmarks.sql - sudo mysql --defaults-group-suffix=host1 --force < 2017-03-31-earnings_index.sql - sudo mysql --defaults-group-suffix=host1 --force < 2017-05-accounts_case_swaptime.sql - sudo mysql --defaults-group-suffix=host1 --force < 2017-06-payouts_coinid_memo.sql - sudo mysql --defaults-group-suffix=host1 --force < 2017-09-notifications.sql - sudo mysql --defaults-group-suffix=host1 --force < 2017-11-segwit.sql - sudo mysql --defaults-group-suffix=host1 --force < 2018-01-stratums_ports.sql - sudo mysql --defaults-group-suffix=host1 --force < 2018-02-coins_getinfo.sql - clear - output "Generating a basic serverconfig.php" - output "" - # make config file + +output "Peforming the SQL import" +output "" +cd ~ || exit +cd yiimp/sql || exit +# import sql dump +sudo zcat 2016-04-03-yaamp.sql.gz | sudo mysql --defaults-group-suffix=host1 +# oh the humanity! +sudo mysql --defaults-group-suffix=host1 --force <2016-04-24-market_history.sql +sudo mysql --defaults-group-suffix=host1 --force <2016-04-27-settings.sql +sudo mysql --defaults-group-suffix=host1 --force <2016-05-11-coins.sql +sudo mysql --defaults-group-suffix=host1 --force <2016-05-15-benchmarks.sql +sudo mysql --defaults-group-suffix=host1 --force <2016-05-23-bookmarks.sql +sudo mysql --defaults-group-suffix=host1 --force <2016-06-01-notifications.sql +sudo mysql --defaults-group-suffix=host1 --force <2016-06-04-bench_chips.sql +sudo mysql --defaults-group-suffix=host1 --force <2016-11-23-coins.sql +sudo mysql --defaults-group-suffix=host1 --force <2017-02-05-benchmarks.sql +sudo mysql --defaults-group-suffix=host1 --force <2017-03-31-earnings_index.sql +sudo mysql --defaults-group-suffix=host1 --force <2017-05-accounts_case_swaptime.sql +sudo mysql --defaults-group-suffix=host1 --force <2017-06-payouts_coinid_memo.sql +sudo mysql --defaults-group-suffix=host1 --force <2017-09-notifications.sql +sudo mysql --defaults-group-suffix=host1 --force <2017-11-segwit.sql +sudo mysql --defaults-group-suffix=host1 --force <2018-01-stratums_ports.sql +sudo mysql --defaults-group-suffix=host1 --force <2018-02-coins_getinfo.sql +clear +output "Generating a basic serverconfig.php" +output "" +# make config file +# shellcheck disable=SC2016 echo ' /dev/null 2>&1 output "Adding tmux start file to ~/" +# shellcheck disable=SC2016 echo ' #!/bin/bash LOG_DIR=/var/log @@ -782,63 +844,61 @@ sudo chmod +x ~/pool-start.sh output "Updating stratum config files with database connection info." output "" -cd /var/stratum/config -sudo sed -i 's/password = tu8tu5/password = '$blckntifypass'/g' *.conf -sudo sed -i 's/server = yaamp.com/server = '$server_name'/g' *.conf -sudo sed -i 's/host = yaampdb/host = localhost/g' *.conf -sudo sed -i 's/database = yaamp/database = yiimpfrontend/g' *.conf -sudo sed -i 's/username = root/username = stratum/g' *.conf -sudo sed -i 's/password = patofpaq/password = '$password2'/g' *.conf -cd ~ +cd /var/stratum/config || exit +sudo sed -i 's/password = tu8tu5/password = '"${BLCKNOTIFYPASS}"'/g' ./*.conf +sudo sed -i 's/server = yaamp.com/server = '"${CONFMAP['SERVER_NAME']}"'/g' ./*.conf +sudo sed -i 's/host = yaampdb/host = localhost/g' ./*.conf +sudo sed -i 's/database = yaamp/database = yiimpfrontend/g' ./*.conf +sudo sed -i 's/username = root/username = stratum/g' ./*.conf +sudo sed -i 's/password = patofpaq/password = '"${MYSQL_STRATUMPASSWD}"'/g' ./*.conf +cd ~ || exit -sudo rm -rf $HOME/yiimp +sudo rm -rf "${HOME}"/yiimp sudo service nginx restart sudo service php7.3-fpm reload -cd ~ -wget https://github.com/lbryio/lbrycrd/releases/download/v0.17.3.2/lbrycrd-linux-1732.zip -sudo unzip lbrycrd-linux-1732.zip -d /usr/bin +cd ~ || exit +wget https://github.com/lbryio/lbrycrd/releases/download/v0.17.3.3/lbrycrd-linux-1733.zip +sudo unzip lbrycrd-linux-1733.zip -d /usr/bin -lbrycrdd -daemon +lbrycrdd -daemon -server sleep 3 lbrycrd-cli stop - # Create config for Lbry echo && echo "Configuring Lbrycrd.conf" sleep 3 -rpcuser=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` -rpcpassword=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` +RPCUSER=$(pwgen -cn 32 1) +RPCPASSWORD=$(pwgen -cn 32 1) echo ' -rpcuser='$rpcuser' -rpcpassword='$rpcpassword' +rpcuser='"${RPCUSER}"' +rpcpassword='"${RPCPASSWORD}"' rpcport=14390 rpcthreads=24 rpcallowip=127.0.0.1 # onlynet=ipv4 maxconnections=36 daemon=1 +server=1 deprecatedrpc=accounts gen=0 -alertnotify=echo %s | mail -s "LBRY Credits alert!" ${EMAIL} +alertnotify=echo %s | mail -s "LBRY Credits alert!" '"${CONFMAP['EMAIL']}"' blocknotify=blocknotify 127.0.0.1:3334 1439 %s ' | sudo -E tee ~/.lbrycrd/lbrycrd.conf sleep 3 - - output "Final Directory permissions" output "" -whoami=`whoami` -sudo usermod -aG www-data $whoami +WHOAMI=$(whoami) +sudo usermod -aG www-data "${WHOAMI}" sudo mkdir /root/backup/ -sudo mkdir /data -sudo mkdir /data/yiimp -sudo ln -s /var/web /data/yiimp/web -sudo chown -R www-data:www-data /var/log +sudo mkdir /var/yiimp +sudo ln -s /var/web /var/yiimp/web sudo chown -R www-data:www-data /var/stratum sudo chown -R www-data:www-data /var/web -sudo chmod -R 775 /var/www/$server_name/html +sudo chown -R www-data:www-data /var/yiimp +sudo chmod -R 775 /var/www/"${CONFMAP['SERVER_NAME']}"/html sudo chmod -R 775 /var/web +sudo chmod -R 775 /var/yiimp sudo chmod -R 775 /var/stratum sudo chmod -R 775 /var/web/yaamp/runtime sudo chmod -R 775 /root/backup/ @@ -848,12 +908,12 @@ sudo chmod a+w /var/web/yaamp/runtime sudo chmod a+w /var/log sudo chmod a+w /var/web/assets -lbrycrdd -daemon +lbrycrdd -daemon -server clear output "Your mysql information is saved in ~/.my.cnf" output "" -output "Please login to the admin panel at http://${server_name}/site/${admin_panel}" +output "Please login to the admin panel at http://${CONFMAP['SERVER_NAME']}/site/${CONFMAP['ADMIN_PANEL']}" output "" -output "Your RPC username is ${rpcuser}" -output "Your RPC Password is ${rpcpassword}" +output "Your RPC username is ${RPCUSER}" +output "Your RPC Password is ${RPCPASSWORD}"