Newer
Older
);
$this->installPackages($packages);
ISPConfigLog::info('Enabling TLS for pureftpd', true);
if(!is_dir('/etc/pure-ftpd/conf')) {
mkdir('/etc/pure-ftpd/conf', 0755);
}
file_put_contents('/etc/pure-ftpd/conf/TLS', '1');
if(!is_dir('/etc/ssl/private')) {
mkdir('/etc/ssl/private', 0755, true);
}
$ssl_subject = '/C=DE/ST=None/L=None/O=IT/CN=' . $host_name;
$cmd = 'openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -subj ' . escapeshellarg($ssl_subject) . ' -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem > /dev/null 2>&1';
$result = $this->exec($cmd);
if($result === false) {
throw new ISPConfigOSException('Command ' . $cmd . ' failed.');
}
chmod('/etc/ssl/private/pure-ftpd.pem', 0600);
// set passive port range if needed
$ftp_ports = ISPConfig::getFTPPassivePorts();
if($ftp_ports) {
file_put_contents('/etc/pure-ftpd/conf/PassivePortRange', $ftp_ports['from'] . ' ' . $ftp_ports['to']);
}
$this->restartService('pure-ftpd-mysql');
ISPConfigLog::info('Disabling awstats cron.', true);
$entries = array(
array(
'first_line' => '/.*/',
'last_line' => '/####nomatch###/',
'search' => '/.*/'
)
);
$this->commentLines('/etc/cron.d/awstats', $entries);
if($this->shallCompileJailkit()) {
$cmd = 'cd /tmp ; ( wget -O jailkit-2.20.tar.gz "http://olivier.sessink.nl/jailkit/jailkit-2.20.tar.gz" > /dev/null 2>&1 && tar xzf jailkit-2.20.tar.gz 2>&1 ) && ( cd jailkit-2.20 ; echo 5 > debian/compat ; ./debian/rules binary 2>&1 ) && ( cd /tmp ; dpkg -i jailkit_2.20-1_*.deb 2>&1 ; rm -rf jailkit-2.20* )';
$result = $this->exec($cmd, array(), 3);
if($result === false) {
throw new ISPConfigOSException('Command ' . $cmd . ' failed.');
}
if(ISPConfig::shallInstall('firewall')) {
$packages[] = 'ufw';
$this->installPackages($packages);
file_put_contents('/etc/fail2ban/jail.local', $jk_jail);
$this->restartService('fail2ban');
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
if(ISPConfig::shallInstall('mail') && ISPConfig::shallInstall('roundcube')) {
ISPConfigLog::info('Installing roundcube.', true);
$cmd = 'APP_PASS="' . ISPConfigFunctions::generatePassword(15) . '"' . "\n";
$cmd .= 'ROOT_PASS="' . $mysql_root_pw . '"' . "\n";
$cmd .= 'APP_DB_PASS="' . ISPConfigFunctions::generatePassword(15) . '"' . "\n";
$cmd .= 'echo "roundcube-core roundcube/dbconfig-install boolean true" | debconf-set-selections 2>&1' . "\n";
$cmd .= 'echo "roundcube-core roundcube/database-type select mysql" | debconf-set-selections 2>&1' . "\n";
$cmd .= 'echo "roundcube-core roundcube/mysql/admin-user string root" | debconf-set-selections 2>&1' . "\n";
$cmd .= 'echo "roundcube-core roundcube/mysql/admin-pass password $ROOT_PASS" | debconf-set-selections 2>&1' . "\n";
$cmd .= 'echo "roundcube-core roundcube/mysql/app-pass password $APP_DB_PASS" | debconf-set-selections 2>&1' . "\n";
$cmd .= 'echo "roundcube-core roundcube/reconfigure-webserver multiselect apache2" | debconf-set-selections 2>&1' . "\n";
$result = $this->exec($cmd);
if($result === false) {
throw new ISPConfigOSException('Command ' . $cmd . ' failed.');
}
$packages = array(
'roundcube',
'roundcube-core',
'roundcube-mysql',
'roundcube-plugins'
);
$this->installPackages($packages);
$replacements = array(
'/^\s*\$config\s*\[["\']default_host["\']\]\s*=.*$/m' => '$config[\'default_host\'] = \'localhost\';',
'/^\s*\$config\s*\[["\']smtp_server["\']\]\s*=.*$/m' => '$config[\'smtp_server\'] = \'%h\';',
'/^\s*\$config\s*\[["\']smtp_user["\']\]\s*=.*$/m' => '$config[\'smtp_user\'] = \'%u\';',
'/^\s*\$config\s*\[["\']smtp_pass["\']\]\s*=.*$/m' => '$config[\'smtp_pass\'] = \'%p\';'
);
$result = $this->replaceContents('/etc/roundcube/config.inc.php', $replacements);
if(ISPConfig::$WEBSERVER === ISPC_WEBSERVER_APACHE) {
$replacements = array(
'/^\s*#*\s*Alias\s+\/roundcube\s+\/var\/lib\/roundcube\s*$/m' => 'Alias /webmail /var/lib/roundcube'
);
$result = $this->replaceContents('/etc/apache2/conf-enabled/roundcube.conf', $replacements);
} elseif(ISPConfig::$WEBSERVER === ISPC_WEBSERVER_NGINX) {
symlink('/usr/share/roundcube', '/usr/share/squirrelmail');
}
if(ISPConfig::shallInstall('web')) {
if(ISPConfig::$WEBSERVER === ISPC_WEBSERVER_APACHE) {
$this->restartService('apache2');
} else {
$this->restartService('nginx');
}
ISPConfigLog::info('Installing ISPConfig3.', true);
$ispconfig_admin_pw = ISPConfigFunctions::generatePassword(15);
if(!ISPConfig::wantsInteractive()) {
$autoinstall = '[install]
language=' . (isset($_GET['lang']) && $_GET['lang'] === 'de' ? 'de' : 'en') . '
install_mode=expert
hostname=' . $host_name . '
mysql_hostname=localhost
mysql_port=3306
mysql_root_user=root
mysql_root_password=' . $mysql_root_pw . '
mysql_database=dbispconfig
mysql_charset=utf8
http_server=' . (ISPConfig::$WEBSERVER === ISPC_WEBSERVER_APACHE ? 'apache' : 'nginx') . '
ispconfig_port=8080
ispconfig_use_ssl=y
ispconfig_admin_password=' . $ispconfig_admin_pw . '
create_ssl_server_certs=y
ignore_hostname_dns=n
ispconfig_postfix_ssl_symlink=y
ispconfig_pureftpd_ssl_symlink=y
[ssl_cert]
ssl_cert_country=DE
ssl_cert_state=None
ssl_cert_locality=None
ssl_cert_organisation=None
ssl_cert_organisation_unit=IT
ssl_cert_common_name=' . $host_name . '
ssl_cert_email=
[expert]
mysql_ispconfig_user=ispconfig
mysql_ispconfig_password=' . ISPConfigFunctions::generatePassword(15) . '
join_multiserver_setup=n
mysql_master_hostname=
mysql_master_root_user=
mysql_master_root_password=
mysql_master_database=
configure_mail=' . (ISPConfig::shallInstall('mail') ? 'y' : 'n') . '
configure_jailkit=' . (ISPConfig::shallInstall('web') ? 'y' : 'n') . '
configure_ftp=' . (ISPConfig::shallInstall('web') ? 'y' : 'n') . '
configure_dns=' . (ISPConfig::shallInstall('dns') ? 'y' : 'n') . '
configure_apache=' . (ISPConfig::shallInstall('web') && ISPConfig::$WEBSERVER === ISPC_WEBSERVER_APACHE ? 'y' : 'n') . '
configure_nginx=' . (ISPConfig::shallInstall('web') && ISPConfig::$WEBSERVER === ISPC_WEBSERVER_NGINX ? 'y' : 'n') . '
configure_firewall=' . (ISPConfig::shallInstall('firewall') ? 'y' : 'n') . '
configure_webserver=' . (ISPConfig::shallInstall('web') ? 'y' : 'n') . '
install_ispconfig_web_interface=' . (ISPConfig::shallInstall('web') ? 'y' : 'n') . '
[update]
do_backup=yes
mysql_root_password=' . $mysql_root_pw . '
mysql_master_hostname=
mysql_master_root_user=
mysql_master_root_password=
mysql_master_database=
reconfigure_permissions_in_master_database=no
reconfigure_services=yes
ispconfig_port=8080
create_new_ispconfig_ssl_cert=no
reconfigure_crontab=yes
create_ssl_server_certs=y
ignore_hostname_dns=n
ispconfig_postfix_ssl_symlink=y
ispconfig_pureftpd_ssl_symlink=y
; These are for service-detection (defaulting to old behaviour where alle changes were automatically accepted)
svc_detect_change_mail_server=yes
svc_detect_change_web_server=yes
svc_detect_change_dns_server=yes
svc_detect_change_xmpp_server=yes
svc_detect_change_firewall_server=yes
svc_detect_change_vserver_server=yes
svc_detect_change_db_server=yes';
file_put_contents('/tmp/ispconfig.autoinstall.ini', $autoinstall);
$ai_argument = '--autoinstall=/tmp/ispconfig.autoinstall.ini';
} else {
$ai_argument = '';
}
if(ISPConfig::wantsInteractive()) {
ISPConfigLog::info('Your MySQL root password is: ' . $mysql_root_pw, true);
}
$cmd = 'cd /tmp ; rm -rf ispconfig3_install 2>&1';
if(ISPConfig::getISPConfigChannel() === 'dev') {
$cmd .= ' ; wget -O ispconfig.tar.gz "https://git.ispconfig.org/ispconfig/ispconfig3/-/archive/develop/ispconfig3-develop.tar.gz" >/dev/null 2>&1 ; tar xzf ispconfig.tar.gz ; mv ispconfig3-develop ispconfig3_install';
} else {
$cmd .= ' ; wget -O ispconfig.tar.gz "https://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz" >/dev/null 2>&1 ; tar xzf ispconfig.tar.gz';
}
$cmd .= ' ; cd ispconfig3_install ; cd install ; php -q install.php ' . $ai_argument . ' 2>&1 ; cd /tmp ; rm -rf ispconfig3_install 2>&1';
if(ISPConfig::wantsInteractive()) {
$result = $this->passthru($cmd);
} else {
$result = $this->exec($cmd);
}
if($result === false) {
throw new ISPConfigOSException('Command ' . $cmd . ' failed.');
if(!ISPConfig::wantsInteractive() && is_file('/tmp/ispconfig.autoinstall.ini')) {
unlink('/tmp/ispconfig.autoinstall.ini');
}
if(ISPConfig::shallInstall('web')) {
ISPConfigLog::info('Adding php versions to ISPConfig.', true);
$server_id = 0;
$ispc_config = ISPConfigConnector::getLocalConfig();
if(!$ispc_config || !isset($ispc_config['server_id']) || !$ispc_config['server_id']) {
throw new ISPConfigOSException('Could not read ISPConfig settings file.');
}
$server_id = $ispc_config['server_id'];
foreach($php_versions as $curver) {
$qry = 'INSERT IGNORE INTO `dbispconfig`.`server_php` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `client_id`, `name`, `php_fastcgi_binary`, `php_fastcgi_ini_dir`, `php_fpm_init_script`, `php_fpm_ini_dir`, `php_fpm_pool_dir`, `active`) VALUES (1, 1, \'riud\', \'riud\', \'\', ' . intval($server_id) . ', 0, \'PHP ' . $curver . '\', \'/usr/bin/php-cgi' . $curver . '\', \'/etc/php/' . $curver . '/cgi/php.ini\', \'/etc/init.d/php' . $curver . '-fpm\', \'/etc/php/' . $curver . '/fpm/php.ini\', \'/etc/php/' . $curver . '/fpm/pool.d\', \'y\')'; $cmd = 'mysql --defaults-file=/etc/mysql/debian.cnf -e ' . escapeshellarg($qry);
$result = $this->exec($cmd);
if($result === false) {
throw new ISPConfigOSException('Command ' . $cmd . ' failed.');
}
$this->restartService('clamav-daemon');
if(ISPConfig::wantsAmavis()) {
$this->restartService('amavis');
} else {
$this->startService('rspamd');
}
ISPConfigLog::info('Checking all services are running.', true);
$check_services = array(
'mysql',
'clamav-daemon',
'postfix',
);
Marius Burkard
committed
if(ISPConfig::wantsUnbound()) {
$check_services[] = 'unbound';
} else {
$check_services[] = 'bind9';
}
Marius Burkard
committed
}
if(ISPConfig::shallInstall('web')) {
$check_services[] = 'pureftpd';
if(ISPConfig::$WEBSERVER === ISPC_WEBSERVER_APACHE) {
$check_services[] = 'apache2';
} elseif(ISPConfig::$WEBSERVER === ISPC_WEBSERVER_NGINX) {
$check_services[] = 'nginx';
}
}
if(ISPConfig::shallInstall('mail')) {
if(!ISPConfig::wantsAmavis()) {
$check_services[] = 'rspamd';
$check_services[] = 'redis-server';
} else {
$check_services[] = 'amavis';
}
$check_services[] = 'dovecot';
}
foreach($check_services as $service) {
$status = $this->isServiceRunning($service);
ISPConfigLog::info($service . ': ' . ($status ? '<green>OK</green>' : '<lightred>FAILED</lightred>'), true);
if(!$status) {
ISPConfigLog::warn($service . ' seems not to be running!', true);
}
}
ISPConfigLog::info('Installation ready.', true);
if(ISPConfig::shallInstall('mailman') && $mailman_password != '') {
ISPConfigLog::info('Your Mailman password is: ' . $mailman_password, true);
}
if(ISPConfig::shallInstall('web') && !ISPConfig::wantsInteractive()) {
ISPConfigLog::info('Your ISPConfig admin password is: ' . $ispconfig_admin_pw, true);
}
ISPConfigLog::info('Your MySQL root password is: ' . $mysql_root_pw, true);
protected function getSystemPHPVersion() {
return '7.0';
}