309 lines
8.8 KiB
Bash
309 lines
8.8 KiB
Bash
#!/bin/bash -e
|
|
|
|
APP_DB='q2w'
|
|
APP_DB_PASS=$(< /dev/urandom tr -dc _A-Za-z0-9 | head -c32);
|
|
DATA_DIR='/var/www/data'
|
|
CACHE_DIR='/var/www/cache'
|
|
APPS_DIR='/var/www/html/apps'
|
|
|
|
PG_VER='16'
|
|
PG_PASS=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32);
|
|
|
|
HNAME=$(hostname -I | sed -n 1p | cut -f1 -d' ' | tr -d '\n')
|
|
|
|
USE_SSL='no'
|
|
|
|
declare -x STEPS=('Initializing')
|
|
declare -x CMDS=('init_installer')
|
|
|
|
function install_postgresql(){
|
|
RELEASE=$(lsb_release -cs)
|
|
|
|
#3. Install PostgreSQL
|
|
echo "deb http://apt.postgresql.org/pub/repos/apt/ ${RELEASE}-pgdg main" > /etc/apt/sources.list.d/pgdg.list
|
|
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
|
|
|
|
apt-get update -y || true
|
|
|
|
apt-get install -y postgresql-${PG_VER} postgresql-client-${PG_VER} postgresql-contrib-${PG_VER} \
|
|
python3-postgresql postgresql-plperl-${PG_VER} \
|
|
postgresql-pltcl-${PG_VER} postgresql-${PG_VER}-postgis-3 \
|
|
odbc-postgresql libpostgresql-jdbc-java
|
|
if [ ! -f /usr/lib/postgresql/${PG_VER}/bin/postgres ]; then
|
|
echo "Error: Get PostgreSQL version"; exit 1;
|
|
fi
|
|
|
|
ln -sf /usr/lib/postgresql/${PG_VER}/bin/pg_config /usr/bin
|
|
ln -sf /var/lib/postgresql/${PG_VER}/main/ /var/lib/postgresql
|
|
ln -sf /var/lib/postgresql/${PG_VER}/backups /var/lib/postgresql
|
|
|
|
systemctl start postgresql
|
|
|
|
#5. Set postgres Password
|
|
if [ $(grep -m 1 -c 'pg pass' /root/auth.txt) -eq 0 ]; then
|
|
sudo -u postgres psql 2>/dev/null -c "alter user postgres with password '${PG_PASS}'"
|
|
echo "pg pass: ${PG_PASS}" > /root/auth.txt
|
|
fi
|
|
|
|
#4. Add Postgre variables to environment
|
|
if [ $(grep -m 1 -c 'PGDATA' /etc/environment) -eq 0 ]; then
|
|
cat >>/etc/environment <<CMD_EOF
|
|
PGDATA=/var/lib/postgresql/${PG_VER}/main
|
|
CMD_EOF
|
|
fi
|
|
|
|
#6. Configure ph_hba.conf
|
|
cat >/etc/postgresql/${PG_VER}/main/pg_hba.conf <<CMD_EOF
|
|
local all all trust
|
|
host all all 127.0.0.1 255.255.255.255 trust
|
|
host all all 0.0.0.0/0 scram-sha-256
|
|
host all all ::1/128 scram-sha-256
|
|
hostssl all all 127.0.0.1 255.255.255.255 scram-sha-256
|
|
hostssl all all 0.0.0.0/0 scram-sha-256
|
|
hostssl all all ::1/128 scram-sha-256
|
|
CMD_EOF
|
|
sed -i.save "s/.*listen_addresses.*/listen_addresses = '*'/" /etc/postgresql/${PG_VER}/main/postgresql.conf
|
|
sed -i.save "s/.*ssl =.*/ssl = on/" /etc/postgresql/${PG_VER}/main/postgresql.conf
|
|
|
|
#10. Create Symlinks for Backward Compatibility from PostgreSQL 9 to PostgreSQL 8
|
|
#ln -sf /usr/pgsql-9.4/bin/pg_config /usr/bin
|
|
mkdir -p /var/lib/pgsql
|
|
ln -sf /var/lib/postgresql/${PG_VER}/main /var/lib/pgsql
|
|
ln -sf /var/lib/postgresql/${PG_VER}/backups /var/lib/pgsql
|
|
|
|
#create SSL certificates
|
|
if [ ! -f /var/lib/postgresql/${PG_VER}/main/server.key -o ! -f /var/lib/postgresql/${PG_VER}/main/server.crt ]; then
|
|
SSL_PASS=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32);
|
|
if [ $(grep -m 1 -c 'ssl pass' /root/auth.txt) -eq 0 ]; then
|
|
echo "ssl pass: ${SSL_PASS}" >> /root/auth.txt
|
|
else
|
|
sed -i.save "s/ssl pass:.*/ssl pass: ${SSL_PASS}/" /root/auth.txt
|
|
fi
|
|
openssl genrsa -des3 -passout pass:${SSL_PASS} -out server.key 2048
|
|
openssl rsa -in server.key -passin pass:${SSL_PASS} -out server.key
|
|
|
|
chmod 400 server.key
|
|
|
|
openssl req -new -key server.key -days 3650 -out server.crt -passin pass:${SSL_PASS} -x509 -subj '/C=CA/ST=Frankfurt/L=Frankfurt/O=acuciva-de.com/CN=acuciva-de.com/emailAddress=info@acugis.com'
|
|
chown postgres.postgres server.key server.crt
|
|
mv server.key server.crt /var/lib/postgresql/${PG_VER}/main
|
|
fi
|
|
|
|
systemctl restart postgresql
|
|
}
|
|
|
|
function install_webmin(){
|
|
|
|
if [ -f "/etc/letsencrypt/live/${HNAME}/cert.pem" ]; then
|
|
cat /etc/letsencrypt/live/${HNAME}/cert.pem > /etc/webmin/miniserv.pem
|
|
cat /etc/letsencrypt/live/${HNAME}/privkey.pem >> /etc/webmin/miniserv.pem
|
|
echo "extracas=/etc/letsencrypt/live/${HNAME}/fullchain.pem" >> /etc/webmin/miniserv.conf
|
|
fi
|
|
|
|
systemctl restart webmin
|
|
|
|
echo "deb http://download.webmin.com/download/repository sarge contrib" > /etc/apt/sources.list.d/webmin.list
|
|
wget --quiet -qO - http://www.webmin.com/jcameron-key.asc | apt-key add -
|
|
apt-get -y update
|
|
apt-get -y install webmin
|
|
}
|
|
|
|
function install_proftpd(){
|
|
apt-get -y install proftpd
|
|
sed -i.save '
|
|
s/#DefaultRoot~/DefaultRoot ~/
|
|
s/# RequireValidShelloff/RequireValidShell off/' /etc/proftpd/proftpd.conf
|
|
systemctl enable proftpd
|
|
systemctl restart proftpd
|
|
|
|
cat >/etc/sudoers.d/q2w <<CAT_EOF
|
|
www-data ALL = NOPASSWD: /usr/local/bin/create_ftp_user.sh, /usr/local/bin/delete_ftp_user.sh
|
|
CAT_EOF
|
|
}
|
|
|
|
function install_qat_application(){
|
|
# 1. Install packages (assume PG is preinstalled)
|
|
apt-get -y install apache2 libapache2-mod-php php-{pgsql,zip,gd}
|
|
|
|
# setup apache
|
|
a2enmod ssl headers expires
|
|
|
|
cp installer/apache2.conf /etc/apache2/sites-available/default-ssl.conf
|
|
sed -i.save "s/#ServerName example.com/#ServerName ${HNAME}/" /etc/apache2/sites-available/default-ssl.conf
|
|
|
|
a2ensite default-ssl
|
|
a2dissite 000-default
|
|
systemctl reload apache2
|
|
|
|
# 2. Create db
|
|
su postgres <<CMD_EOF
|
|
createdb ${APP_DB}
|
|
createuser -sd ${APP_DB}
|
|
psql -c "alter user ${APP_DB} with password '${APP_DB_PASS}'"
|
|
psql -c "ALTER DATABASE ${APP_DB} OWNER TO ${APP_DB}"
|
|
CMD_EOF
|
|
|
|
echo "${APP_DB} pass: ${APP_DB_PASS}" >> /root/auth.txt
|
|
|
|
mkdir -p "${APPS_DIR}"
|
|
mkdir -p "${CACHE_DIR}"
|
|
mkdir -p "${DATA_DIR}"
|
|
|
|
chown -R www-data:www-data "${APPS_DIR}"
|
|
chown -R www-data:www-data "${CACHE_DIR}"
|
|
chown -R www-data:www-data "${DATA_DIR}"
|
|
|
|
cat >admin/incl/const.php <<CAT_EOF
|
|
<?php
|
|
define("DB_HOST", "localhost");
|
|
define("DB_NAME", "${APP_DB}");
|
|
define("DB_USER", "${APP_DB}");
|
|
define("DB_PASS", "${APP_DB_PASS}");
|
|
define("DB_PORT", 5432);
|
|
define("DB_SCMA", 'public');
|
|
define("APPS_DIR", "${APPS_DIR}");
|
|
define("CACHE_DIR", "${APPS_DIR}");
|
|
define("DATA_DIR", "${DATA_DIR}");
|
|
?>
|
|
CAT_EOF
|
|
|
|
cp -r . /var/www/html/
|
|
chown -R www-data:www-data /var/www/html
|
|
rm -rf /var/www/html/installer
|
|
|
|
systemctl restart apache2
|
|
|
|
# create group for all FTP users
|
|
groupadd qatusers
|
|
|
|
# install ftp user creation script
|
|
for f in create delete; do
|
|
cp installer/${f}_ftp_user.sh /usr/local/bin/
|
|
chown www-data:www-data /usr/local/bin/${f}_ftp_user.sh
|
|
chmod 0550 /usr/local/bin/${f}_ftp_user.sh
|
|
done
|
|
}
|
|
|
|
function install_certbot(){
|
|
apt-get -y install apache2 python3-certbot-apache
|
|
service apache2 restart
|
|
certbot --apache --agree-tos --email hostmaster@${HNAME} --no-eff-email -d ${HNAME}
|
|
}
|
|
|
|
function install_postfix(){
|
|
apt-get -y install postgix
|
|
}
|
|
|
|
function init_installer(){
|
|
add-apt-repository -y universe
|
|
apt-get -y update || true
|
|
apt-get -y install wget unzip whiptail
|
|
}
|
|
|
|
function info_for_user(){
|
|
#End message for user
|
|
echo -e "Installation is now completed."
|
|
echo -e "Complete the QAT Application installer at http://${HNAME}/admin/setup.php"
|
|
echo -e "postgres and other passwords are saved in /root/auth.txt file"
|
|
}
|
|
|
|
function menu(){
|
|
|
|
CHOICES=$(whiptail --separate-output --checklist "Choose options" 20 55 7 \
|
|
"1." "Change Hostname" OFF \
|
|
"2." "Install Let's Encrypt SSL" OFF \
|
|
"3." "Install PostgreSQL" ON \
|
|
"4." "Install Postfix" OFF \
|
|
"5." "Install ProFTPD" ON \
|
|
"6." "Install Webmin" ON \
|
|
"7." "QAP Application" ON 3>&1 1>&2 2>&3)
|
|
|
|
if [ -z "${CHOICES}" ]; then
|
|
echo "No option was selected (user hit Cancel or unselected all options)"
|
|
else
|
|
for CHOICE in ${CHOICES}; do
|
|
case "${CHOICE}" in
|
|
"1.")
|
|
HNAME=$(whiptail --inputbox "Please enter hostname" 10 100 3>&1 1>&2 2>&3)
|
|
hostname -s "${HNAME}"
|
|
;;
|
|
"2.")
|
|
USE_SSL='yes'
|
|
;;
|
|
"3.")
|
|
STEPS+=("PostgreSQL")
|
|
CMDS+=("install_postgresql")
|
|
;;
|
|
"4.")
|
|
STEPS+=("Postfix")
|
|
CMDS+=("install_postfix")
|
|
;;
|
|
"5.")
|
|
STEPS+=("ProFTPd")
|
|
CMDS+=("install_proftpd")
|
|
;;
|
|
"6.")
|
|
STEPS+=("Webmin")
|
|
CMDS+=("install_webmin")
|
|
;;
|
|
"7.")
|
|
STEPS+=("QAT Application")
|
|
CMDS+=("install_qat_application")
|
|
|
|
if [ "${USE_SSL}" == "yes" ]; then
|
|
STEPS+=("Let's Encrypt SSL")
|
|
CMDS+=("install_certbot")
|
|
fi
|
|
;;
|
|
*)
|
|
echo "Unsupported item ${CHOICE}!" >&2
|
|
exit 1
|
|
;;
|
|
esac
|
|
done
|
|
fi
|
|
}
|
|
|
|
function progress_bar(){
|
|
local MAX_STEPS=${#STEPS[@]}
|
|
local BAR_SIZE="##########"
|
|
local MAX_BAR_SIZE="${#BAR_SIZE}"
|
|
local CLEAR_LINE="\\033[K"
|
|
|
|
#tput civis -- invisible
|
|
|
|
for step in "${!STEPS[@]}"; do
|
|
perc=$((step * 100 / MAX_STEPS))
|
|
percBar=$((perc * MAX_BAR_SIZE / 100))
|
|
echo -ne "\\r- ${STEPS[step]} [ ]$CLEAR_LINE\\n"
|
|
echo -ne "\\r[${BAR_SIZE:0:percBar}] $perc %$CLEAR_LINE"
|
|
|
|
${CMDS[$step]} 1>"/tmp/${CMDS[$step]}.log" 2>&1
|
|
|
|
perc=$(((step + 1) * 100 / MAX_STEPS))
|
|
percBar=$((perc * MAX_BAR_SIZE / 100))
|
|
echo -ne "\\r\\033[1A- ${STEPS[step]} [✔]$CLEAR_LINE\\n"
|
|
echo -ne "\\r[${BAR_SIZE:0:percBar}] $perc %$CLEAR_LINE"
|
|
done
|
|
echo ""
|
|
|
|
#tput cnorm -- normal
|
|
}
|
|
|
|
################################################################################
|
|
|
|
touch /root/auth.txt
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
|
|
if [ ! -d installer ]; then
|
|
echo "Usage: ./installer/gui-installer.sh"
|
|
exit 1
|
|
fi
|
|
|
|
progress_bar;
|
|
declare -x STEPS=()
|
|
declare -x CMDS=()
|
|
|
|
menu;
|
|
progress_bar;
|
|
info_for_user |