LBRYFoundation/pool
1
0
Fork 0
mirror of https://github.com/LBRYFoundation/pool.git synced 2025-09-05 14:01:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Improved installer

Browse source
This commit is contained in:
Marko Lorentz 2021-05-24 21:53:17 +02:00
parent 1acdbb94e9
commit 0647b2666d
1 changed files with 351 additions and 291 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

376
install.sh
View file

@ -6,46 +6,81 @@
# #
# Program: # Program:
# Install Lbry Pool on Ubuntu 18.04 running Nginx, MariaDB, and php7.x # Install Lbry Pool on Ubuntu 18.04 running Nginx, MariaDB, and php7.x
#
################################################################################ ################################################################################
output() { output() {
printf "\E[0;33;40m" printf "\E[0;33;40m"
echo $1 echo "$1"
printf "\E[0m" printf "\E[0m"
} }
displayErr() { displayErr() {
echo echo
echo $1; echo "$1"
echo echo
exit 1; exit 1
} }
################################################################################
# Main routine
################################################################################
# Capture all output in a log file
LOG_FILE="${0%.sh}.log"
{
echo "-----------------------------------------------------------------------"
echo "LBRY Pool install log of" "$(date)"
echo "Use less -R to view without control characters."
echo "-----------------------------------------------------------------------"
echo
} >"${LOG_FILE}"
exec &> >(tee -a "${LOG_FILE}")
# Phase 0: Ask user to enter configuration data ################################
clear clear
output "LBRY Pool Installer"
output ""
output "Make sure you double check before hitting enter! Only one shot at these!" output "Make sure you double check before hitting enter! Only one shot at these!"
output "" output ""
read -e -p "Enter time zone (e.g. America/New_York) : " TIME
read -e -p "Server name (no http:// or www. just example.com) : " server_name
read -e -p "Are you using a subdomain (pool.example.com?) [y/N] : " sub_domain
read -e -p "Enter support email (e.g. admin@example.com) : " EMAIL
read -e -p "Set stratum to AutoExchange? i.e. mine any coin with BTC address? [y/N] : " BTC
read -e -p "Please enter a new location for /site/adminRights this is to customize the admin entrance url (e.g. myAdminpanel) : " admin_panel
read -e -p "Enter your Public IP for admin access (http://www.whatsmyip.org/) : " Public
read -e -p "Install Fail2ban? [Y/n] : " install_fail2ban
read -e -p "Install UFW and configure ports? [Y/n] : " UFW
read -e -p "Install LetsEncrypt SSL? IMPORTANT! You MUST have your domain name pointed to this server prior to running the script!! [Y/n]: " ssl_install
# Load file with last configuration data if available
CONF_FILE="${0%.sh}.conf"
if [[ -f "${CONF_FILE}" ]]; then
# shellcheck source=install.conf
source "${CONF_FILE}"
else
declare -A CONFMAP=(["TIME_ZONE"]="" ["SERVER_NAME"]="" ["SUB_DOMAIN"]="" ["EMAIL"]="" ['SEND_EMAIL']=""
["BTC"]="" ["ADMIN_PANEL"]="" ["PUBLIC_IP"]="" ["INSTALL_FAIL2BAN"]="" ["UFW"]="" ["SSL_INSTALL"]="")
fi
# Ask user to enter/change configuration data
read -e -r -p "Enter time zone (e.g. America/New_York): " -i "${CONFMAP['TIME_ZONE']}" CONFMAP['TIME_ZONE']
read -e -r -p "Server name (no http:// or www. just example.com): " -i "${CONFMAP['SERVER_NAME']}" CONFMAP['SERVER_NAME']
read -e -r -p "Are you using a subdomain (e.g. pool.example.com?) [y/N] : " -i "${CONFMAP['SUB_DOMAIN']}" CONFMAP['SUB_DOMAIN']
read -e -r -p "Enter support email (e.g. admin@example.com) : " -i "${CONFMAP['EMAIL']}" CONFMAP['EMAIL']
read -e -r -p "Send a test email to the support address? [Y/n] : " -i "${CONFMAP['SEND_EMAIL']}" CONFMAP['SEND_EMAIL']
read -e -r -p "Set stratum to AutoExchange? i.e. mine any coin with BTC address? [y/N] : " -i "${CONFMAP['BTC']}" CONFMAP['BTC']
read -e -r -p "Please enter a new location for /site/adminRights this is to customize the admin entrance url (e.g. myAdminpanel) : " -i "${CONFMAP['ADMIN_PANEL']}" CONFMAP['ADMIN_PANEL']
read -e -r -p "Enter your Public IP for admin access (http://www.whatsmyip.org/) : " -i "${CONFMAP['PUBLIC_IP']}" CONFMAP['PUBLIC_IP']
read -e -r -p "Install Fail2ban? [Y/n] : " -i "${CONFMAP['INSTALL_FAIL2BAN']}" CONFMAP['INSTALL_FAIL2BAN']
read -e -r -p "Install UFW and configure ports? [Y/n] : " -i "${CONFMAP['UFW']}" CONFMAP['UFW']
read -e -r -p "Install LetsEncrypt SSL? IMPORTANT! You MUST have your domain name pointed to this server prior to running the script!! [Y/n]: " -i "${CONFMAP['SSL_INSTALL']}" CONFMAP['SSL_INSTALL']
# Save configuration data to file
declare -p CONFMAP >"${CONF_FILE}"
# Phase 1: Install dependencies ################################################
clear clear
output "If you found this helpful, please donate to BTC Donation: " output "LBRY Pool Installer"
output "" output ""
output "Updating system and installing required packages." output "Updating system and installing required packages."
output "" output ""
# update package and upgrade Ubuntu # 1.a: Update packages and upgrade Ubuntu
output "Updating System through apt" output "... updating system through apt"
sudo apt update sudo apt update
sudo apt upgrade -y sudo apt upgrade -y
sudo apt autoremove -y sudo apt autoremove -y
output "Removing Snapd, and Cloud-Init (Ubuntu 18.x+) output ""
output "... removing Snapd, and Cloud-Init (Ubuntu 18.x+)"
sudo snap stop lxc && sudo snap remove lxc sudo snap stop lxc && sudo snap remove lxc
sudo snap stop core18 && sudo snap remove core18 sudo snap stop core18 && sudo snap remove core18
sudo snap remove snapd sudo snap remove snapd
@ -53,17 +88,16 @@ output ""
sudo apt purge cloud-init* sudo apt purge cloud-init*
sudo rm -rf /etc/cloud sudo rm -rf /etc/cloud
sudo apt autoremove -y sudo apt autoremove -y
# 1.b: Install all dependencies
clear clear
# install all dependencies output "Installing MySQL repository."
output "Installing MySQL Repository."
output "" output ""
wget https://dev.mysql.com/get/mysql-apt-config_0.8.14-1_all.deb wget https://dev.mysql.com/get/mysql-apt-config_0.8.17-1_all.deb
sudo dpkg -i ./mysql-apt-config_0.8.14-1_all.deb sudo dpkg -i ./mysql-apt-config_0.8.17-1_all.deb
sudo apt update sudo apt update
# create random password
rootpasswd=$(openssl rand -base64 12)
export DEBIAN_FRONTEND="noninteractive" export DEBIAN_FRONTEND="noninteractive"
output "Installing pre-requisite repos." output "Installing pre-requisite repositories."
output "" output ""
sudo apt install software-properties-common -y sudo apt install software-properties-common -y
sudo add-apt-repository ppa:ondrej/php -y sudo add-apt-repository ppa:ondrej/php -y
@ -71,13 +105,14 @@ output ""
sudo apt update sudo apt update
output "Installing Required Software." output "Installing Required Software."
output "" output ""
sudo apt install nginx mysql-server php7.4-opcache php7.4-fpm php7.4-common php7.4-gd php7.4-mysql php7.4-imap php7.4-cli php7.4-cgi php7.4-curl php7.4-intl php7.4-pspell recode php7.4-sqlite3 php7.4-tidy php7.4-xmlrpc php7.4-xsl php7.4-memcache php7.4-imagick php7.4-zip php7.4-mbstring php-pear php-auth-sasl mcrypt imagemagick libruby memcached libgmp3-dev libmysqlclient-dev libcurl4-gnutls-dev libkrb5-dev libldap2-dev libidn11-dev gnutls-dev librtmp-dev build-essential libtool autotools-dev automake pkg-config libssl-dev libevent-dev bsdmainutils sendmail git pwgen unzip libdb4.8-dev libdb4.8++-dev libssl-dev libboost-all-dev libminiupnpc-dev libqt5gui5 libqt5core5a libqt5webkit5-dev libqt5dbus5 qttools5-dev qttools5-dev-tools libprotobuf-dev protobuf-compiler libqrencode-dev libnghttp2-dev libpsl-dev -y sudo apt install nginx mysql-server php7.4-opcache php7.4-fpm php7.4-common php7.4-gd php7.4-mysql php7.4-imap php7.4-cli php7.4-cgi php7.4-curl php7.4-intl php7.4-pspell recode php7.4-sqlite3 php7.4-tidy php7.4-xmlrpc php7.4-xsl php7.4-memcache php7.4-imagick php7.4-zip php7.4-mbstring php-pear php-auth-sasl mcrypt imagemagick libruby memcached libgmp3-dev libmysqlclient-dev libcurl4-gnutls-dev libkrb5-dev libldap2-dev libidn11-dev gnutls-dev librtmp-dev build-essential libtool autotools-dev automake pkg-config libssl-dev libevent-dev bsdmainutils sendmail git pwgen unzip libdb4.8-dev libdb4.8++-dev libssl-dev libboost-all-dev libminiupnpc-dev libqt5gui5 libqt5core5a libqt5webkit5-dev libqt5dbus5 qttools5-dev qttools5-dev-tools libprotobuf-dev protobuf-compiler libqrencode-dev libnghttp2-dev libpsl-dev tmux -y
output "Configuring Nginx server." output "Configuring Nginx server."
output "" output ""
sudo rm /etc/nginx/sites-enabled/default sudo rm -f /etc/nginx/sites-enabled/default
sudo service nginx start sudo service nginx start
sudo service cron start sudo service cron start
# Making Nginx a bit hard # Making Nginx a bit hard
# shellcheck disable=SC2016
echo 'map $http_user_agent $blockedagent { echo 'map $http_user_agent $blockedagent {
default 0; default 0;
~*malicious 1; ~*malicious 1;
@ -88,33 +123,35 @@ default 0;
} }
' | sudo -E tee /etc/nginx/blockuseragents.rules >/dev/null 2>&1 ' | sudo -E tee /etc/nginx/blockuseragents.rules >/dev/null 2>&1
#Generating Random Passwords # 1.c: Check email
password=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` output "Testing to see if server emails are sent."
password2=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1`
AUTOGENERATED_PASS=`pwgen -c -1 20`
output "Testing to see if server emails are sent"
output "" output ""
if [[ "$root_email" != "" ]]; then if [[ "${CONFMAP['EMAIL']}" != "" ]]; then
echo $root_email > sudo tee --append ~/.email echo "${CONFMAP['EMAIL']}" >~/.email
echo $root_email > sudo tee --append ~/.forward echo "${CONFMAP['EMAIL']}" >~/.forward
if [[ ("$send_email" == "y" || "$send_email" == "Y" || "$send_email" == "") ]]; then if [[ ("${CONFMAP['SEND_EMAIL']}" == "y" || "${CONFMAP['SEND_EMAIL']}" == "Y" || "${CONFMAP['SEND_EMAIL']}" == "") ]]; then
echo "This is a mail test for the SMTP Service." > sudo tee --append /tmp/email.message {
echo "You should receive this !" >> sudo tee --append /tmp/email.message echo "Subject: SMTP Test Mail"
echo "" >> sudo tee --append /tmp/email.message echo "This is a mail test for the SMTP Service."
echo "Cheers" >> sudo tee --append /tmp/email.message echo "You should receive this !"
sudo sendmail -s "SMTP Testing" $root_email < sudo tee --append /tmp/email.message echo
echo "Cheers"
sudo rm -f /tmp/email.message echo
} >/tmp/email.message
# shellcheck disable=SC2024
sudo sendmail "${CONFMAP['EMAIL']}" </tmp/email.message
rm -f /tmp/email.message
echo "Mail sent" echo "Mail sent"
fi fi
fi fi
# 1.d: Optional installs
output "Some optional installs" output "Some optional installs"
if [[ ("$install_fail2ban" == "y" || "$install_fail2ban" == "Y" || "$install_fail2ban" == "") ]]; then if [[ ("${CONFMAP['INSTALL_FAIL2BAN']}" == "y" || "${CONFMAP['INSTALL_FAIL2BAN']}" == "Y" || "${CONFMAP['INSTALL_FAIL2BAN']}" == "") ]]; then
sudo apt install fail2ban -y sudo apt install fail2ban -y
fi fi
if [[ ("$UFW" == "y" || "$UFW" == "Y" || "$UFW" == "") ]]; then if [[ ("${CONFMAP['UFW']}" == "y" || "${CONFMAP['UFW']}" == "Y" || "${CONFMAP['UFW']}" == "") ]]; then
sudo apt-get install ufw -y sudo apt-get install ufw -y
sudo ufw default deny incoming sudo ufw default deny incoming
sudo ufw default allow outgoing sudo ufw default allow outgoing
@ -125,45 +162,55 @@ default 0;
sudo ufw --force enable sudo ufw --force enable
fi fi
# Phase 2: YIIMP ###############################################################
clear clear
output " Installing yiimp" output " Installing yiimp"
output "" output ""
output "Grabbing yiimp fron Github, building files and setting file structure." output "Grabbing yiimp from Github, building files and setting file structure."
output "" output ""
#Generating Random Password for stratum cd ~ || exit
blckntifypass=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1`
cd ~
git clone https://github.com/lbryio/pool.git yiimp git clone https://github.com/lbryio/pool.git yiimp
cd $HOME/yiimp/blocknotify
sudo sed -i 's/tu8tu5/'$blckntifypass'/' blocknotify.cpp # 2.a: Build blocknotify
# Generating Random Password for stratum (to be used blocknotify and stratum config further down)
BLCKNOTIFYPASS=$(pwgen -cn 32 1)
cd "${HOME}"/yiimp/blocknotify || exit
sudo sed -i 's/tu8tu5/'"${BLCKNOTIFYPASS}"'/' blocknotify.cpp
sudo make sudo make
cd $HOME/yiimp/stratum/iniparser
# 2.b: Build iniparser
cd "${HOME}"/yiimp/stratum/iniparser || exit
sudo make sudo make
cd $HOME/yiimp/stratum
if [[ ("$BTC" == "y" || "$BTC" == "Y") ]]; then # 2.c: Build stratum
sudo sed -i 's/CFLAGS += -DNO_EXCHANGE/#CFLAGS += -DNO_EXCHANGE/' $HOME/yiimp/stratum/Makefile cd "${HOME}"/yiimp/stratum || exit
if [[ ("${CONFMAP['BTC']}" == "y" || "${CONFMAP['BTC']}" == "Y") ]]; then
# If exchange to BTC is desired, remove the NO_EXCHANGE macro definition
sudo sed -i 's/CFLAGS += -DNO_EXCHANGE/#CFLAGS += -DNO_EXCHANGE/' "${HOME}"/yiimp/stratum/Makefile
sudo make sudo make
fi fi
sudo make sudo make
cd $HOME/yiimp
sudo sed -i 's/AdminRights/'$admin_panel'/' $HOME/yiimp/web/yaamp/modules/site/SiteController.php # 2.d: Compose yiimp runtime environment
sudo cp -r $HOME/yiimp/web /var/ cd "${HOME}"/yiimp || exit
sudo sed -i 's/AdminRights/'"${CONFMAP['ADMIN_PANEL']}"'/' "${HOME}"/yiimp/web/yaamp/modules/site/SiteController.php
sudo cp -r "${HOME}"/yiimp/web /var/
sudo mkdir -p /var/stratum sudo mkdir -p /var/stratum
cd $HOME/yiimp/stratum cd "${HOME}"/yiimp/stratum || exit
sudo cp -a config.sample/. /var/stratum/config sudo cp -a config.sample/. /var/stratum/config
sudo cp -r stratum /var/stratum sudo cp -r stratum /var/stratum
sudo cp -r run.sh /var/stratum sudo cp -r run.sh /var/stratum
cd $HOME/yiimp cd "${HOME}"/yiimp || exit
sudo cp -r $HOME/yiimp/bin/. /bin/ sudo cp -r "${HOME}"/yiimp/bin/. /usr/bin/
# sudo cp -r $HOME/yiimp/blocknotify/blocknotify /var/stratum # sudo cp -r $HOME/yiimp/blocknotify/blocknotify /var/stratum
sudo cp -r $HOME/yiimp/blocknotify/blocknotify /usr/bin sudo cp -r "${HOME}"/yiimp/blocknotify/blocknotify /usr/bin
sudo mkdir -p /etc/yiimp sudo mkdir -p /etc/yiimp
sudo mkdir -p /$HOME/backup/ sudo mkdir -p "${HOME}"/backup/
#fixing yiimp #fixing yiimp
sed -i "s|ROOTDIR=/data/yiimp|ROOTDIR=/var|g" /bin/yiimp sudo sed -i "s|ROOTDIR=/data/yiimp|ROOTDIR=/var/yiimp|g" /usr/bin/yiimp
#fixing run.sh #fixing run.sh
sudo rm -r /var/stratum/config/run.sh sudo rm -r /var/stratum/config/run.sh
# shellcheck disable=SC2016
echo ' echo '
#!/bin/bash #!/bin/bash
ulimit -n 10240 ulimit -n 10240
@ -181,17 +228,20 @@ sudo chmod +x /var/stratum/config/run.sh
# check if link file # check if link file
sudo [ -L /etc/localtime ] && sudo unlink /etc/localtime sudo [ -L /etc/localtime ] && sudo unlink /etc/localtime
# update time zone # update time zone
sudo ln -sf /usr/share/zoneinfo/$TIME /etc/localtime sudo ln -sf /usr/share/zoneinfo/"${CONFMAP['TIME_ZONE']}" /etc/localtime
sudo apt install -y ntpdate sudo apt install -y ntpdate
# write time to clock. # write time to clock if possible
sudo hwclock -w sudo hwclock -w
# Phase 3: Web Server configuration ############################################
clear clear
output "Making Web Server Magic Happen!" output "Making Web Server Magic Happen!"
# adding user to group, creating dir structure, setting permissions # adding user to group, creating dir structure, setting permissions
sudo mkdir -p /var/www/$server_name/html sudo mkdir -p /var/www/"${CONFMAP['SERVER_NAME']}"/html
output "Creating webserver initial config file" output "Creating webserver initial config file"
output "" output ""
if [[ ("$sub_domain" == "y" || "$sub_domain" == "Y") ]]; then if [[ ("${CONFMAP['SUB_DOMAIN']}" == "y" || "${CONFMAP['SUB_DOMAIN']}" == "Y") ]]; then
# shellcheck disable=SC2016
echo 'include /etc/nginx/blockuseragents.rules; echo 'include /etc/nginx/blockuseragents.rules;
server { server {
if ($blockedagent) { if ($blockedagent) {
@ -202,8 +252,8 @@ echo 'include /etc/nginx/blockuseragents.rules;
} }
listen 80; listen 80;
listen [::]:80; listen [::]:80;
server_name '"${server_name}"'; server_name '"${CONFMAP['SERVER_NAME']}"';
root "/var/www/'"${server_name}"'/html/web"; root "/var/www/'"${CONFMAP['SERVER_NAME']}"'/html/web";
index index.html index.htm index.php; index index.html index.htm index.php;
charset utf-8; charset utf-8;
@ -218,7 +268,7 @@ echo 'include /etc/nginx/blockuseragents.rules;
location = /robots.txt { access_log off; log_not_found off; } location = /robots.txt { access_log off; log_not_found off; }
access_log off; access_log off;
error_log /var/log/nginx/'"${server_name}"'.app-error.log error; error_log /var/log/nginx/'"${CONFMAP['SERVER_NAME']}"'.app-error.log error;
# allow larger file uploads and longer script runtimes # allow larger file uploads and longer script runtimes
client_body_buffer_size 50k; client_body_buffer_size 50k;
@ -268,22 +318,23 @@ echo 'include /etc/nginx/blockuseragents.rules;
} }
} }
} }
' | sudo -E tee /etc/nginx/sites-available/$server_name.conf >/dev/null 2>&1 ' | sudo -E tee /etc/nginx/sites-available/"${CONFMAP['SERVER_NAME']}".conf >/dev/null 2>&1
sudo ln -s /etc/nginx/sites-available/$server_name.conf /etc/nginx/sites-enabled/$server_name.conf sudo ln -s /etc/nginx/sites-available/"${CONFMAP['SERVER_NAME']}".conf /etc/nginx/sites-enabled/"${CONFMAP['SERVER_NAME']}".conf
sudo ln -s /var/web /var/www/$server_name/html sudo ln -s /var/web /var/www/"${CONFMAP['SERVER_NAME']}"/html
sudo service nginx restart sudo service nginx restart
if [[ ("$ssl_install" == "y" || "$ssl_install" == "Y" || "$ssl_install" == "") ]]; then if [[ ("${CONFMAP['SSL_INSTALL']}" == "y" || "${CONFMAP['SSL_INSTALL']}" == "Y" || "${CONFMAP['SSL_INSTALL']}" == "") ]]; then
output "Install LetsEncrypt and setting SSL" output "Install LetsEncrypt and setting SSL"
sudo apt install software-properties-common sudo apt install software-properties-common
sudo add-apt-repository universe sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot sudo add-apt-repository ppa:certbot/certbot
sudo apt update sudo apt update
sudo apt install -y certbot python-certbot-nginx sudo apt install -y certbot python-certbot-nginx
sudo certbot certonly -a webroot --webroot-path=/var/web --email "$EMAIL" --agree-tos -d "$server_name" sudo certbot certonly -a webroot --webroot-path=/var/web --email "${CONFMAP['EMAIL']}" --agree-tos -d "${CONFMAP['SERVER_NAME']}"
sudo rm /etc/nginx/sites-available/$server_name.conf sudo rm /etc/nginx/sites-available/"${CONFMAP['SERVER_NAME']}".conf
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
# I am SSL Man! # I am SSL Man!
# shellcheck disable=SC2016
echo 'include /etc/nginx/blockuseragents.rules; echo 'include /etc/nginx/blockuseragents.rules;
server { server {
if ($blockedagent) { if ($blockedagent) {
@ -294,9 +345,9 @@ echo 'include /etc/nginx/blockuseragents.rules;
} }
listen 80; listen 80;
listen [::]:80; listen [::]:80;
server_name '"${server_name}"'; server_name '"${CONFMAP['SERVER_NAME']}"';
# enforce https # enforce https
return 301 https://$server_name$request_uri; return 301 https://'"${CONFMAP['SERVER_NAME']}"'$request_uri;
} }
server { server {
@ -308,13 +359,13 @@ echo 'include /etc/nginx/blockuseragents.rules;
} }
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name '"${server_name}"'; server_name '"${CONFMAP['SERVER_NAME']}"';
root /var/www/'"${server_name}"'/html/web; root /var/www/'"${CONFMAP['SERVER_NAME']}"'/html/web;
index index.php; index index.php;
access_log /var/log/nginx/'"${server_name}"'.app-accress.log; access_log /var/log/nginx/'"${CONFMAP['SERVER_NAME']}"'.app-accress.log;
error_log /var/log/nginx/'"${server_name}"'.app-error.log error; error_log /var/log/nginx/'"${CONFMAP['SERVER_NAME']}"'.app-error.log error;
# allow larger file uploads and longer script runtimes # allow larger file uploads and longer script runtimes
client_body_buffer_size 50k; client_body_buffer_size 50k;
@ -324,8 +375,8 @@ echo 'include /etc/nginx/blockuseragents.rules;
sendfile off; sendfile off;
# strengthen ssl security # strengthen ssl security
ssl_certificate /etc/letsencrypt/live/'"${server_name}"'/fullchain.pem; ssl_certificate /etc/letsencrypt/live/'"${CONFMAP['SERVER_NAME']}"'/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/'"${server_name}"'/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/'"${CONFMAP['SERVER_NAME']}"'/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m; ssl_session_cache shared:SSL:10m;
@ -337,7 +388,7 @@ echo 'include /etc/nginx/blockuseragents.rules;
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block"; add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none; add_header X-Robots-Tag none;
add_header Content-Security-Policy "frame-ancestors 'self'"; add_header Content-Security-Policy "frame-ancestors '"'"'self'"'"';
location / { location / {
try_files $uri $uri/ /index.php?$args; try_files $uri $uri/ /index.php?$args;
@ -388,11 +439,12 @@ echo 'include /etc/nginx/blockuseragents.rules;
} }
} }
' | sudo -E tee /etc/nginx/sites-available/$server_name.conf >/dev/null 2>&1 ' | sudo -E tee /etc/nginx/sites-available/"${CONFMAP['SERVER_NAME']}".conf >/dev/null 2>&1
fi fi
sudo service nginx restart sudo service nginx restart
sudo service php7.4-fpm reload sudo service php7.4-fpm reload
else else
# shellcheck disable=SC2016
echo 'include /etc/nginx/blockuseragents.rules; echo 'include /etc/nginx/blockuseragents.rules;
server { server {
if ($blockedagent) { if ($blockedagent) {
@ -403,8 +455,8 @@ echo 'include /etc/nginx/blockuseragents.rules;
} }
listen 80; listen 80;
listen [::]:80; listen [::]:80;
server_name '"${server_name}"' www.'"${server_name}"'; server_name '"${CONFMAP['SERVER_NAME']}"' www.'"${CONFMAP['SERVER_NAME']}"';
root "/var/www/'"${server_name}"'/html/web"; root "/var/www/'"${CONFMAP['SERVER_NAME']}"'/html/web";
index index.html index.htm index.php; index index.html index.htm index.php;
charset utf-8; charset utf-8;
@ -419,7 +471,7 @@ echo 'include /etc/nginx/blockuseragents.rules;
location = /robots.txt { access_log off; log_not_found off; } location = /robots.txt { access_log off; log_not_found off; }
access_log off; access_log off;
error_log /var/log/nginx/'"${server_name}"'.app-error.log error; error_log /var/log/nginx/'"${CONFMAP['SERVER_NAME']}"'.app-error.log error;
# allow larger file uploads and longer script runtimes # allow larger file uploads and longer script runtimes
client_body_buffer_size 50k; client_body_buffer_size 50k;
@ -469,22 +521,23 @@ echo 'include /etc/nginx/blockuseragents.rules;
} }
} }
} }
' | sudo -E tee /etc/nginx/sites-available/$server_name.conf >/dev/null 2>&1 ' | sudo -E tee /etc/nginx/sites-available/"${CONFMAP['SERVER_NAME']}".conf >/dev/null 2>&1
sudo ln -s /etc/nginx/sites-available/$server_name.conf /etc/nginx/sites-enabled/$server_name.conf sudo ln -s /etc/nginx/sites-available/"${CONFMAP['SERVER_NAME']}".conf /etc/nginx/sites-enabled/"${CONFMAP['SERVER_NAME']}".conf
sudo ln -s /var/web /var/www/$server_name/html sudo ln -s /var/web /var/www/"${CONFMAP['SERVER_NAME']}"/html
sudo service nginx restart sudo service nginx restart
if [[ ("$ssl_install" == "y" || "$ssl_install" == "Y" || "$ssl_install" == "") ]]; then if [[ ("${CONFMAP['SSL_INSTALL']}" == "y" || "${CONFMAP['SSL_INSTALL']}" == "Y" || "${CONFMAP['SSL_INSTALL']}" == "") ]]; then
output "Install LetsEncrypt and setting SSL" output "Install LetsEncrypt and setting SSL"
sudo apt install software-properties-common sudo apt install software-properties-common
sudo add-apt-repository universe sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot sudo add-apt-repository ppa:certbot/certbot
sudo apt update sudo apt update
sudo apt install -y certbot python-certbot-nginx sudo apt install -y certbot python-certbot-nginx
sudo certbot certonly -a webroot --webroot-path=/var/web --email "$EMAIL" --agree-tos -d "$server_name" -d www."$server_name" sudo certbot certonly -a webroot --webroot-path=/var/web --email "${CONFMAP['EMAIL']}" --agree-tos -d "${CONFMAP['SERVER_NAME']}" -d www."${CONFMAP['SERVER_NAME']}"
sudo rm /etc/nginx/sites-available/$server_name.conf sudo rm /etc/nginx/sites-available/"${CONFMAP['SERVER_NAME']}".conf
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
# I am SSL Man! # I am SSL Man!
# shellcheck disable=SC2016
echo 'include /etc/nginx/blockuseragents.rules; echo 'include /etc/nginx/blockuseragents.rules;
server { server {
if ($blockedagent) { if ($blockedagent) {
@ -495,9 +548,9 @@ echo 'include /etc/nginx/blockuseragents.rules;
} }
listen 80; listen 80;
listen [::]:80; listen [::]:80;
server_name '"${server_name}"'; server_name '"${CONFMAP['SERVER_NAME']}"';
# enforce https # enforce https
return 301 https://$server_name$request_uri; return 301 https://'"${CONFMAP['SERVER_NAME']}"'$request_uri;
} }
server { server {
@ -509,13 +562,13 @@ echo 'include /etc/nginx/blockuseragents.rules;
} }
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name '"${server_name}"' www.'"${server_name}"'; server_name '"${CONFMAP['SERVER_NAME']}"' www.'"${CONFMAP['SERVER_NAME']}"';
root /var/www/'"${server_name}"'/html/web; root /var/www/'"${CONFMAP['SERVER_NAME']}"'/html/web;
index index.php; index index.php;
access_log /var/log/nginx/'"${server_name}"'.app-accress.log; access_log /var/log/nginx/'"${CONFMAP['SERVER_NAME']}"'.app-accress.log;
error_log /var/log/nginx/'"${server_name}"'.app-error.log error; error_log /var/log/nginx/'"${CONFMAP['SERVER_NAME']}"'.app-error.log error;
# allow larger file uploads and longer script runtimes # allow larger file uploads and longer script runtimes
client_body_buffer_size 50k; client_body_buffer_size 50k;
@ -525,8 +578,8 @@ echo 'include /etc/nginx/blockuseragents.rules;
sendfile off; sendfile off;
# strengthen ssl security # strengthen ssl security
ssl_certificate /etc/letsencrypt/live/'"${server_name}"'/fullchain.pem; ssl_certificate /etc/letsencrypt/live/'"${CONFMAP['SERVER_NAME']}"'/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/'"${server_name}"'/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/'"${CONFMAP['SERVER_NAME']}"'/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m; ssl_session_cache shared:SSL:10m;
@ -538,7 +591,7 @@ echo 'include /etc/nginx/blockuseragents.rules;
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block"; add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none; add_header X-Robots-Tag none;
add_header Content-Security-Policy "frame-ancestors 'self'"; add_header Content-Security-Policy "frame-ancestors '"'"'self'"'"'";
location / { location / {
try_files $uri $uri/ /index.php?$args; try_files $uri $uri/ /index.php?$args;
@ -589,23 +642,32 @@ echo 'include /etc/nginx/blockuseragents.rules;
} }
} }
' | sudo -E tee /etc/nginx/sites-available/$server_name.conf >/dev/null 2>&1 ' | sudo -E tee /etc/nginx/sites-available/"${CONFMAP['SERVER_NAME']}".conf >/dev/null 2>&1
fi fi
sudo service nginx restart sudo service nginx restart
sudo service php7.4-fpm reload sudo service php7.4-fpm reload
fi fi
# Phase 4: Database configuration ##############################################
clear clear
output "Now for the database fun!" output "Now for the database fun!"
# Generate passwords for MySQL
MYSQL_ROOTPASSWD=$(pwgen -cn 20 1)
MYSQL_PANELPASSWD=$(pwgen -cn 20 1)
MYSQL_STRATUMPASSWD=$(pwgen -cn 20 1)
MYSQL_PHPADMINPASSWD=$(pwgen -cn 20 1)
# create database # create database
Q1="CREATE DATABASE IF NOT EXISTS yiimpfrontend;" Q1="CREATE DATABASE IF NOT EXISTS yiimpfrontend;"
Q2="GRANT ALL ON *.* TO 'panel'@'localhost' IDENTIFIED BY '$password';" Q2="CREATE USER 'panel'@'localhost' IDENTIFIED BY '${MYSQL_PANELPASSWD}';"
Q3="FLUSH PRIVILEGES;" Q3="GRANT ALL ON *.* TO 'panel'@'localhost';"
SQL="${Q1}${Q2}${Q3}" Q4="FLUSH PRIVILEGES;"
SQL="${Q1}${Q2}${Q3}${Q4}"
sudo mysql -u root -p="" -e "$SQL" sudo mysql -u root -p="" -e "$SQL"
# create stratum user # create stratum user
Q1="GRANT ALL ON *.* TO 'stratum'@'localhost' IDENTIFIED BY '$password2';" Q1="CREATE USER 'stratum'@'localhost' IDENTIFIED BY '${MYSQL_STRATUMPASSWD}';"
Q2="FLUSH PRIVILEGES;" Q2="GRANT ALL ON *.* TO 'stratum'@'localhost';"
SQL="${Q1}${Q2}" Q3="FLUSH PRIVILEGES;"
SQL="${Q1}${Q2}${Q3}"
sudo mysql -u root -p="" -e "$SQL" sudo mysql -u root -p="" -e "$SQL"
#Create my.cnf #Create my.cnf
@ -613,31 +675,29 @@ fi
echo ' echo '
[clienthost1] [clienthost1]
user=panel user=panel
password='"${password}"' password='"${MYSQL_PANELPASSWD}"'
database=yiimpfrontend database=yiimpfrontend
host=localhost host=localhost
[clienthost2] [clienthost2]
user=stratum user=stratum
password='"${password2}"' password='"${MYSQL_STRATUMPASSWD}"'
database=yiimpfrontend database=yiimpfrontend
host=localhost host=localhost
[mysql] [mysql]
user=root user=root
password='"${rootpasswd}"' password='"${MYSQL_ROOTPASSWD}"'
[myphpadmin] [myphpadmin]
user=root user=root
password='"${AUTOGENERATED_PASS}"' password='"${MYSQL_PHPADMINPASSWD}"'
' | sudo -E tee ~/.my.cnf >/dev/null 2>&1 ' | sudo -E tee ~/.my.cnf >/dev/null 2>&1
sudo chmod 0600 ~/.my.cnf sudo chmod 0600 ~/.my.cnf
#Create keys file #Create keys file
echo ' echo '
<?php <?php
/* Sample config file to put in /etc/yiimp/keys.php */ /* Sample config file to put in /etc/yiimp/keys.php */
define('"'"'YIIMP_MYSQLDUMP_USER'"'"', '"'"'panel'"'"'); define('"'"'YIIMP_MYSQLDUMP_USER'"'"', '"'"'panel'"'"');
define('"'"'YIIMP_MYSQLDUMP_PASS'"'"', '"'"''"${password}"''"'"'); define('"'"'YIIMP_MYSQLDUMP_PASS'"'"', '"'"''"${MYSQL_PANELPASSWD}"''"'"');
/* Keys required to create/cancel orders and access your balances/deposit addresses */ /* Keys required to create/cancel orders and access your balances/deposit addresses */
define('"'"'EXCH_BITTREX_SECRET'"'"', '"'"'<my_bittrex_api_secret_key>'"'"'); define('"'"'EXCH_BITTREX_SECRET'"'"', '"'"'<my_bittrex_api_secret_key>'"'"');
define('"'"'EXCH_BITSTAMP_SECRET'"'"','"'"''"'"'); define('"'"'EXCH_BITSTAMP_SECRET'"'"','"'"''"'"');
@ -657,8 +717,8 @@ define('"'"'EXCH_YOBIT_SECRET'"'"', '"'"''"'"');
output "Peforming the SQL import" output "Peforming the SQL import"
output "" output ""
cd ~ cd ~ || exit
cd yiimp/sql cd yiimp/sql || exit
# import sql dump # import sql dump
sudo zcat 2016-04-03-yaamp.sql.gz | sudo mysql --defaults-group-suffix=host1 sudo zcat 2016-04-03-yaamp.sql.gz | sudo mysql --defaults-group-suffix=host1
# oh the humanity! # oh the humanity!
@ -682,6 +742,7 @@ define('"'"'EXCH_YOBIT_SECRET'"'"', '"'"''"'"');
output "Generating a basic serverconfig.php" output "Generating a basic serverconfig.php"
output "" output ""
# make config file # make config file
# shellcheck disable=SC2016
echo ' echo '
<?php <?php
ini_set('"'"'date.timezone'"'"', '"'"'UTC'"'"'); ini_set('"'"'date.timezone'"'"', '"'"'UTC'"'"');
@ -691,7 +752,7 @@ define('"'"'YAAMP_BIN'"'"', '"'"'/var/bin'"'"');
define('"'"'YAAMP_DBHOST'"'"', '"'"'localhost'"'"'); define('"'"'YAAMP_DBHOST'"'"', '"'"'localhost'"'"');
define('"'"'YAAMP_DBNAME'"'"', '"'"'yiimpfrontend'"'"'); define('"'"'YAAMP_DBNAME'"'"', '"'"'yiimpfrontend'"'"');
define('"'"'YAAMP_DBUSER'"'"', '"'"'panel'"'"'); define('"'"'YAAMP_DBUSER'"'"', '"'"'panel'"'"');
define('"'"'YAAMP_DBPASSWORD'"'"', '"'"''"${password}"''"'"'); define('"'"'YAAMP_DBPASSWORD'"'"', '"'"''"${MYSQL_PANELPASSWD}"''"'"');
define('"'"'YAAMP_PRODUCTION'"'"', true); define('"'"'YAAMP_PRODUCTION'"'"', true);
define('"'"'YAAMP_RENTAL'"'"', false); define('"'"'YAAMP_RENTAL'"'"', false);
define('"'"'YAAMP_LIMIT_ESTIMATE'"'"', false); define('"'"'YAAMP_LIMIT_ESTIMATE'"'"', false);
@ -707,11 +768,11 @@ define('"'"'YIIMP_PUBLIC_BENCHMARK'"'"', true);
define('"'"'YIIMP_FIAT_ALTERNATIVE'"'"', '"'"'USD'"'"'); // USD is main define('"'"'YIIMP_FIAT_ALTERNATIVE'"'"', '"'"'USD'"'"'); // USD is main
define('"'"'YAAMP_USE_NICEHASH_API'"'"', false); define('"'"'YAAMP_USE_NICEHASH_API'"'"', false);
define('"'"'YAAMP_BTCADDRESS'"'"', '"'"'1NMDeanjyad2gcpumbZmF13fMLqDKNxxQ5'"'"'); define('"'"'YAAMP_BTCADDRESS'"'"', '"'"'1NMDeanjyad2gcpumbZmF13fMLqDKNxxQ5'"'"');
define('"'"'YAAMP_SITE_URL'"'"', '"'"''"${server_name}"''"'"'); define('"'"'YAAMP_SITE_URL'"'"', '"'"''"${CONFMAP['SERVER_NAME']}"''"'"');
define('"'"'YAAMP_STRATUM_URL'"'"', YAAMP_SITE_URL); // change if your stratum server is on a different host define('"'"'YAAMP_STRATUM_URL'"'"', YAAMP_SITE_URL); // change if your stratum server is on a different host
define('"'"'YAAMP_SITE_NAME'"'"', '"'"'Crypto'"'"'); define('"'"'YAAMP_SITE_NAME'"'"', '"'"'Crypto'"'"');
define('"'"'YAAMP_ADMIN_EMAIL'"'"', '"'"''"${EMAIL}"''"'"'); define('"'"'YAAMP_ADMIN_EMAIL'"'"', '"'"''"${CONFMAP['EMAIL']}"''"'"');
define('"'"'YAAMP_ADMIN_IP'"'"', '"'"''"${Public}"''"'"'); // samples: "80.236.118.26,90.234.221.11" or "10.0.0.1/8" define('"'"'YAAMP_ADMIN_IP'"'"', '"'"''"${CONFMAP['PUBLIC_IP']}"''"'"'); // samples: "80.236.118.26,90.234.221.11" or "10.0.0.1/8"
define('"'"'YAAMP_ADMIN_WEBCONSOLE'"'"', true); define('"'"'YAAMP_ADMIN_WEBCONSOLE'"'"', true);
define('"'"'YAAMP_NOTIFY_NEW_COINS'"'"', false); define('"'"'YAAMP_NOTIFY_NEW_COINS'"'"', false);
define('"'"'YAAMP_DEFAULT_ALGO'"'"', '"'"'lbry'"'"'); define('"'"'YAAMP_DEFAULT_ALGO'"'"', '"'"'lbry'"'"');
@ -759,6 +820,7 @@ $configAlgoNormCoef = array(
' | sudo -E tee /var/web/serverconfig.php >/dev/null 2>&1 ' | sudo -E tee /var/web/serverconfig.php >/dev/null 2>&1
output "Adding tmux start file to ~/" output "Adding tmux start file to ~/"
# shellcheck disable=SC2016
echo ' echo '
#!/bin/bash #!/bin/bash
LOG_DIR=/var/log LOG_DIR=/var/log
@ -782,63 +844,61 @@ sudo chmod +x ~/pool-start.sh
output "Updating stratum config files with database connection info." output "Updating stratum config files with database connection info."
output "" output ""
cd /var/stratum/config cd /var/stratum/config || exit
sudo sed -i 's/password = tu8tu5/password = '$blckntifypass'/g' *.conf sudo sed -i 's/password = tu8tu5/password = '"${BLCKNOTIFYPASS}"'/g' ./*.conf
sudo sed -i 's/server = yaamp.com/server = '$server_name'/g' *.conf sudo sed -i 's/server = yaamp.com/server = '"${CONFMAP['SERVER_NAME']}"'/g' ./*.conf
sudo sed -i 's/host = yaampdb/host = localhost/g' *.conf sudo sed -i 's/host = yaampdb/host = localhost/g' ./*.conf
sudo sed -i 's/database = yaamp/database = yiimpfrontend/g' *.conf sudo sed -i 's/database = yaamp/database = yiimpfrontend/g' ./*.conf
sudo sed -i 's/username = root/username = stratum/g' *.conf sudo sed -i 's/username = root/username = stratum/g' ./*.conf
sudo sed -i 's/password = patofpaq/password = '$password2'/g' *.conf sudo sed -i 's/password = patofpaq/password = '"${MYSQL_STRATUMPASSWD}"'/g' ./*.conf
cd ~ cd ~ || exit
sudo rm -rf $HOME/yiimp sudo rm -rf "${HOME}"/yiimp
sudo service nginx restart sudo service nginx restart
sudo service php7.3-fpm reload sudo service php7.3-fpm reload
cd ~ cd ~ || exit
wget https://github.com/lbryio/lbrycrd/releases/download/v0.17.3.2/lbrycrd-linux-1732.zip wget https://github.com/lbryio/lbrycrd/releases/download/v0.17.3.3/lbrycrd-linux-1733.zip
sudo unzip lbrycrd-linux-1732.zip -d /usr/bin sudo unzip lbrycrd-linux-1733.zip -d /usr/bin
lbrycrdd -daemon lbrycrdd -daemon -server
sleep 3 sleep 3
lbrycrd-cli stop lbrycrd-cli stop
# Create config for Lbry # Create config for Lbry
echo && echo "Configuring Lbrycrd.conf" echo && echo "Configuring Lbrycrd.conf"
sleep 3 sleep 3
rpcuser=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` RPCUSER=$(pwgen -cn 32 1)
rpcpassword=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` RPCPASSWORD=$(pwgen -cn 32 1)
echo ' echo '
rpcuser='$rpcuser' rpcuser='"${RPCUSER}"'
rpcpassword='$rpcpassword' rpcpassword='"${RPCPASSWORD}"'
rpcport=14390 rpcport=14390
rpcthreads=24 rpcthreads=24
rpcallowip=127.0.0.1 rpcallowip=127.0.0.1
# onlynet=ipv4 # onlynet=ipv4
maxconnections=36 maxconnections=36
daemon=1 daemon=1
server=1
deprecatedrpc=accounts deprecatedrpc=accounts
gen=0 gen=0
alertnotify=echo %s | mail -s "LBRY Credits alert!" ${EMAIL} alertnotify=echo %s | mail -s "LBRY Credits alert!" '"${CONFMAP['EMAIL']}"'
blocknotify=blocknotify 127.0.0.1:3334 1439 %s blocknotify=blocknotify 127.0.0.1:3334 1439 %s
' | sudo -E tee ~/.lbrycrd/lbrycrd.conf ' | sudo -E tee ~/.lbrycrd/lbrycrd.conf
sleep 3 sleep 3
output "Final Directory permissions" output "Final Directory permissions"
output "" output ""
whoami=`whoami` WHOAMI=$(whoami)
sudo usermod -aG www-data $whoami sudo usermod -aG www-data "${WHOAMI}"
sudo mkdir /root/backup/ sudo mkdir /root/backup/
sudo mkdir /data sudo mkdir /var/yiimp
sudo mkdir /data/yiimp sudo ln -s /var/web /var/yiimp/web
sudo ln -s /var/web /data/yiimp/web
sudo chown -R www-data:www-data /var/log
sudo chown -R www-data:www-data /var/stratum sudo chown -R www-data:www-data /var/stratum
sudo chown -R www-data:www-data /var/web sudo chown -R www-data:www-data /var/web
sudo chmod -R 775 /var/www/$server_name/html sudo chown -R www-data:www-data /var/yiimp
sudo chmod -R 775 /var/www/"${CONFMAP['SERVER_NAME']}"/html
sudo chmod -R 775 /var/web sudo chmod -R 775 /var/web
sudo chmod -R 775 /var/yiimp
sudo chmod -R 775 /var/stratum sudo chmod -R 775 /var/stratum
sudo chmod -R 775 /var/web/yaamp/runtime sudo chmod -R 775 /var/web/yaamp/runtime
sudo chmod -R 775 /root/backup/ sudo chmod -R 775 /root/backup/
@ -848,12 +908,12 @@ sudo chmod a+w /var/web/yaamp/runtime
sudo chmod a+w /var/log sudo chmod a+w /var/log
sudo chmod a+w /var/web/assets sudo chmod a+w /var/web/assets
lbrycrdd -daemon lbrycrdd -daemon -server
clear clear
output "Your mysql information is saved in ~/.my.cnf" output "Your mysql information is saved in ~/.my.cnf"
output "" output ""
output "Please login to the admin panel at http://${server_name}/site/${admin_panel}" output "Please login to the admin panel at http://${CONFMAP['SERVER_NAME']}/site/${CONFMAP['ADMIN_PANEL']}"
output "" output ""
output "Your RPC username is ${rpcuser}" output "Your RPC username is ${RPCUSER}"
output "Your RPC Password is ${rpcpassword}" output "Your RPC Password is ${RPCPASSWORD}"