Newer
Older
$cmd = "curl --write-out '%{http_code}' --silent --output /dev/null -m 5 http://169.254.169.254/latest/dynamic/instance-identity/";
$result = $this->exec($cmd);
if($result == "200") {
$thisIsAWS = true;
} else {
$thisIsAWS = false;
}
if($thisIsAWS == true) {
// Necessary quota module is removed from the kernel - we will install it.
ISPConfigLog::info('This is a AWS instance.', true);
$packages = 'linux-modules-extra-aws';
$this->installPackages($packages);
// Run necessary commands to enable quota
$cmd = 'modprobe quota_v1; modprobe quota_v2';
$result = $this->exec($cmd);
if($result === false) {
throw new ISPConfigOSException('Command ' . $cmd . ' failed.');
}
}
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
// check kernel if it is virtual
$check = $this->getPackageVersion('linux-image-virtual');
if($check) {
ISPConfigLog::info('Installing extra quota package for virtual kernel.', true);
$this->installPackages('linux-image-extra-virtual');
// check kernel version from dpkg vs version running
$check = $this->getPackageVersion('linux-image-extra-virtual');
$running_version = php_uname('r');
if(!is_dir('/lib/modules/' . $running_version . '/kernel/fs/quota/') || !is_file('/lib/modules/' . $running_version . '/kernel/fs/quota/quota_v2.ko')) {
$running_version = preg_replace('/^([0-9\.]+(?:-\d+)?)(?:-.*?)?$/', '$1', $running_version);
try {
$this->installPackages('linux-image-extra-virtual=' . $running_version . '*');
} catch (Exception $ex) {
// ignore it
}
// check if quota module is available
if(!$this->exec('modinfo quota_v1 quota_v2 2>&1')) {
ISPConfigLog::error('The running kernel version (' . $running_version . ') does not match your installed kernel modules (' . $check . '). Currently there is no quota available! Please reboot your server to load the new kernel and run the autoinstaller again or start it with --no-quota to disable quota completely.', true);
throw new ISPConfigOSException('Installation aborted due to missing dependencies.');
}
}
ISPConfigLog::info('Enabling quota modules for virtual kernel.', true);
$cmd = 'modprobe quota_v2 quota_v1 2>&1';
$result = $this->exec($cmd);
if($result === false) {
throw new ISPConfigOSException('Enabling quota modules failed.');
}
}
ISPConfigLog::info('Adding quota to fstab.', true);
$replacements = array(
'/^(\S+\s+\/\s+ext\d)\s+(\S+)\s+(\d\s+\d)\s*$/m' => array(
'replace' => '$1 $2,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 $3',
'ifnot' => 'usrjquota='
)
);
$this->replaceContents('/etc/fstab', $replacements);
$cmd = 'mount -o remount / 2>&1 && quotaoff -avug 2>&1 && quotacheck -avugm 2>&1 && quotaon -avug 2>&1';
$result = $this->exec($cmd);
if($result === false) {
throw new ISPConfigOSException('Command ' . $cmd . ' failed.');
}
if(ISPConfig::shallInstall('web')) {
$cmd = 'echo "pure-ftpd-common pure-ftpd/standalone-or-inetd select standalone" | debconf-set-selections 2>&1' . "\n";
$cmd .= 'echo "pure-ftpd-common pure-ftpd/virtualchroot boolean true" | debconf-set-selections 2>&1';
$result = $this->exec($cmd);
if($result === false) {
throw new ISPConfigOSException('Command ' . $cmd . ' failed.');
}
$packages = array(
'pure-ftpd-common',
'pure-ftpd-mysql',
'webalizer',
);
$this->installPackages($packages);
ISPConfigLog::info('Enabling TLS for pureftpd', true);
if(!is_dir('/etc/pure-ftpd/conf')) {
mkdir('/etc/pure-ftpd/conf', 0755);
}
file_put_contents('/etc/pure-ftpd/conf/TLS', '1');
if(!is_dir('/etc/ssl/private')) {
mkdir('/etc/ssl/private', 0755, true);
}
$ssl_subject = '/C=DE/ST=None/L=None/O=IT/CN=' . $host_name;
$cmd = 'openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -subj ' . escapeshellarg($ssl_subject) . ' -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem > /dev/null 2>&1';
$result = $this->exec($cmd);
if($result === false) {
throw new ISPConfigOSException('Command ' . $cmd . ' failed.');
}
chmod('/etc/ssl/private/pure-ftpd.pem', 0600);
// set passive port range if needed
$ftp_ports = ISPConfig::getFTPPassivePorts();
if($ftp_ports) {
file_put_contents('/etc/pure-ftpd/conf/PassivePortRange', $ftp_ports['from'] . ' ' . $ftp_ports['to']);
}
$this->restartService('pure-ftpd-mysql');
ISPConfigLog::info('Disabling awstats cron.', true);
$entries = array(
array(
'first_line' => '/.*/',
'last_line' => '/####nomatch###/',
'search' => '/.*/'
)
);
$this->commentLines('/etc/cron.d/awstats', $entries);
if($this->shallCompileJailkit()) {
$cmd = 'cd /tmp ; ( wget -O jailkit-2.20.tar.gz "http://olivier.sessink.nl/jailkit/jailkit-2.20.tar.gz" > /dev/null 2>&1 && tar xzf jailkit-2.20.tar.gz 2>&1 ) && ( cd jailkit-2.20 ; echo 5 > debian/compat ; ./debian/rules binary 2>&1 ) && ( cd /tmp ; dpkg -i jailkit_2.20-1_*.deb 2>&1 ; rm -rf jailkit-2.20* )';
$result = $this->exec($cmd, array(), 3);
if($result === false) {
throw new ISPConfigOSException('Command ' . $cmd . ' failed.');
}
if(ISPConfig::shallInstall('firewall')) {
$packages[] = 'ufw';
$this->installPackages($packages);
file_put_contents('/etc/fail2ban/jail.local', $jk_jail);
$this->restartService('fail2ban');
if(ISPConfig::wantsUnattendedUpgrades()) {
$this->installUnattendedUpgrades();
}
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
if(ISPConfig::shallInstall('mail') && ISPConfig::shallInstall('roundcube')) {
ISPConfigLog::info('Installing roundcube.', true);
$cmd = 'APP_PASS="' . ISPConfigFunctions::generatePassword(15) . '"' . "\n";
$cmd .= 'ROOT_PASS="' . $mysql_root_pw . '"' . "\n";
$cmd .= 'APP_DB_PASS="' . ISPConfigFunctions::generatePassword(15) . '"' . "\n";
$cmd .= 'echo "roundcube-core roundcube/dbconfig-install boolean true" | debconf-set-selections 2>&1' . "\n";
$cmd .= 'echo "roundcube-core roundcube/database-type select mysql" | debconf-set-selections 2>&1' . "\n";
$cmd .= 'echo "roundcube-core roundcube/mysql/admin-user string root" | debconf-set-selections 2>&1' . "\n";
$cmd .= 'echo "roundcube-core roundcube/mysql/admin-pass password $ROOT_PASS" | debconf-set-selections 2>&1' . "\n";
$cmd .= 'echo "roundcube-core roundcube/mysql/app-pass password $APP_DB_PASS" | debconf-set-selections 2>&1' . "\n";
$cmd .= 'echo "roundcube-core roundcube/reconfigure-webserver multiselect apache2" | debconf-set-selections 2>&1' . "\n";
$result = $this->exec($cmd);
if($result === false) {
throw new ISPConfigOSException('Command ' . $cmd . ' failed.');
}
$packages = array(
'roundcube',
'roundcube-core',
'roundcube-mysql',
'roundcube-plugins'
);
$this->installPackages($packages);
$replacements = array(
'/^\s*\$config\s*\[["\']default_host["\']\]\s*=.*$/m' => '$config[\'default_host\'] = \'localhost\';',
'/^\s*\$config\s*\[["\']smtp_server["\']\]\s*=.*$/m' => '$config[\'smtp_server\'] = \'%h\';',
'/^\s*\$config\s*\[["\']smtp_port["\']\]\s*=.*$/m' => '$config[\'smtp_port\'] = 25;',
'/^\s*\$config\s*\[["\']smtp_user["\']\]\s*=.*$/m' => '$config[\'smtp_user\'] = \'%u\';',
'/^\s*\$config\s*\[["\']smtp_pass["\']\]\s*=.*$/m' => '$config[\'smtp_pass\'] = \'%p\';'
);
$result = $this->replaceContents('/etc/roundcube/config.inc.php', $replacements);
if(ISPConfig::$WEBSERVER === ISPC_WEBSERVER_APACHE) {
$replacements = array(
'/^\s*#*\s*Alias\s+\/roundcube\s+\/var\/lib\/roundcube\s*$/m' => 'Alias /webmail /var/lib/roundcube'
);
$result = $this->replaceContents('/etc/apache2/conf-enabled/roundcube.conf', $replacements);
} elseif(ISPConfig::$WEBSERVER === ISPC_WEBSERVER_NGINX) {
symlink('/usr/share/roundcube', '/usr/share/squirrelmail');
}
if(ISPConfig::shallInstall('web')) {
if(ISPConfig::$WEBSERVER === ISPC_WEBSERVER_APACHE) {
$this->restartService('apache2');
} else {
$this->restartService('nginx');
}
ISPConfigLog::info('Installing ISPConfig3.', true);
$ispconfig_admin_pw = ISPConfigFunctions::generatePassword(15);
if(!ISPConfig::wantsInteractive()) {
$autoinstall = '[install]
language=' . (isset($_GET['lang']) && $_GET['lang'] === 'de' ? 'de' : 'en') . '
install_mode=expert
hostname=' . $host_name . '
mysql_hostname=localhost
mysql_port=3306
mysql_root_user=root
mysql_root_password=' . $mysql_root_pw . '
mysql_database=dbispconfig
mysql_charset=utf8
http_server=' . (ISPConfig::$WEBSERVER === ISPC_WEBSERVER_APACHE ? 'apache' : 'nginx') . '
ispconfig_port=8080
ispconfig_use_ssl=y
ispconfig_admin_password=' . $ispconfig_admin_pw . '
create_ssl_server_certs=y
ignore_hostname_dns=n
ispconfig_postfix_ssl_symlink=y
ispconfig_pureftpd_ssl_symlink=y
[ssl_cert]
ssl_cert_country=DE
ssl_cert_state=None
ssl_cert_locality=None
ssl_cert_organisation=None
ssl_cert_organisation_unit=IT
ssl_cert_common_name=' . $host_name . '
ssl_cert_email=
[expert]
mysql_ispconfig_user=ispconfig
mysql_ispconfig_password=' . ISPConfigFunctions::generatePassword(15) . '
join_multiserver_setup=n
mysql_master_hostname=
mysql_master_root_user=
mysql_master_root_password=
mysql_master_database=
configure_mail=' . (ISPConfig::shallInstall('mail') ? 'y' : 'n') . '
configure_jailkit=' . (ISPConfig::shallInstall('web') ? 'y' : 'n') . '
configure_ftp=' . (ISPConfig::shallInstall('web') ? 'y' : 'n') . '
configure_dns=' . (ISPConfig::shallInstall('dns') ? 'y' : 'n') . '
configure_apache=' . (ISPConfig::shallInstall('web') && ISPConfig::$WEBSERVER === ISPC_WEBSERVER_APACHE ? 'y' : 'n') . '
configure_nginx=' . (ISPConfig::shallInstall('web') && ISPConfig::$WEBSERVER === ISPC_WEBSERVER_NGINX ? 'y' : 'n') . '
configure_firewall=' . (ISPConfig::shallInstall('firewall') ? 'y' : 'n') . '
configure_webserver=' . (ISPConfig::shallInstall('web') ? 'y' : 'n') . '
install_ispconfig_web_interface=' . (ISPConfig::shallInstall('web') ? 'y' : 'n') . '
[update]
do_backup=yes
mysql_root_password=' . $mysql_root_pw . '
mysql_master_hostname=
mysql_master_root_user=
mysql_master_root_password=
mysql_master_database=
reconfigure_permissions_in_master_database=no
reconfigure_services=yes
ispconfig_port=8080
create_new_ispconfig_ssl_cert=no
reconfigure_crontab=yes
create_ssl_server_certs=y
ignore_hostname_dns=n
ispconfig_postfix_ssl_symlink=y
ispconfig_pureftpd_ssl_symlink=y
; These are for service-detection (defaulting to old behaviour where alle changes were automatically accepted)
svc_detect_change_mail_server=yes
svc_detect_change_web_server=yes
svc_detect_change_dns_server=yes
svc_detect_change_xmpp_server=yes
svc_detect_change_firewall_server=yes
svc_detect_change_vserver_server=yes
svc_detect_change_db_server=yes';
file_put_contents('/tmp/ispconfig.autoinstall.ini', $autoinstall);
$ai_argument = '--autoinstall=/tmp/ispconfig.autoinstall.ini';
} else {
$ai_argument = '';
}
if(ISPConfig::wantsInteractive()) {
ISPConfigLog::info('Your MySQL root password is: ' . $mysql_root_pw, true);
}
$cmd = 'cd /tmp ; rm -rf ispconfig3_install 2>&1';
if(ISPConfig::getISPConfigChannel() === 'dev') {
$cmd .= ' ; wget -O ispconfig.tar.gz "https://git.ispconfig.org/ispconfig/ispconfig3/-/archive/develop/ispconfig3-develop.tar.gz" >/dev/null 2>&1 ; tar xzf ispconfig.tar.gz ; mv ispconfig3-develop ispconfig3_install';
} else {
$cmd .= ' ; wget -O ispconfig.tar.gz "https://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz" >/dev/null 2>&1 ; tar xzf ispconfig.tar.gz';
}
$cmd .= ' ; cd ispconfig3_install ; cd install ; php -q install.php ' . $ai_argument . ' 2>&1 ; cd /tmp ; rm -rf ispconfig3_install 2>&1';
if(ISPConfig::wantsInteractive()) {
$result = $this->passthru($cmd);
} else {
$result = $this->exec($cmd);
}
if($result === false) {
throw new ISPConfigOSException('Command ' . $cmd . ' failed.');
if(!ISPConfig::wantsInteractive() && is_file('/tmp/ispconfig.autoinstall.ini')) {
unlink('/tmp/ispconfig.autoinstall.ini');
}
if(ISPConfig::shallInstall('web')) {
ISPConfigLog::info('Adding php versions to ISPConfig.', true);
$server_id = 0;
$ispc_config = ISPConfigConnector::getLocalConfig();
if(!$ispc_config || !isset($ispc_config['server_id']) || !$ispc_config['server_id']) {
throw new ISPConfigOSException('Could not read ISPConfig settings file.');
}
$server_id = $ispc_config['server_id'];
foreach($php_versions as $curver) {
$qry = 'INSERT IGNORE INTO `dbispconfig`.`server_php` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `client_id`, `name`, `php_fastcgi_binary`, `php_fastcgi_ini_dir`, `php_fpm_init_script`, `php_fpm_ini_dir`, `php_fpm_pool_dir`, `active`) VALUES (1, 1, \'riud\', \'riud\', \'\', ' . intval($server_id) . ', 0, \'PHP ' . $curver . '\', \'/usr/bin/php-cgi' . $curver . '\', \'/etc/php/' . $curver . '/cgi/php.ini\', \'/etc/init.d/php' . $curver . '-fpm\', \'/etc/php/' . $curver . '/fpm/php.ini\', \'/etc/php/' . $curver . '/fpm/pool.d\', \'y\')'; $cmd = 'mysql --defaults-file=/etc/mysql/debian.cnf -e ' . escapeshellarg($qry);
$result = $this->exec($cmd);
if($result === false) {
throw new ISPConfigOSException('Command ' . $cmd . ' failed.');
}
$this->restartService('clamav-daemon');
if(ISPConfig::wantsAmavis()) {
$this->restartService('amavis');
} else {
$this->startService('rspamd');
}
ISPConfigLog::info('Checking all services are running.', true);
$check_services = array(
'mysql',
'clamav-daemon',
'postfix',
);
Marius Burkard
committed
if(ISPConfig::wantsUnbound()) {
$check_services[] = 'unbound';
} else {
$check_services[] = 'bind9';
}
Marius Burkard
committed
}
if(ISPConfig::shallInstall('web')) {
$check_services[] = 'pureftpd';
if(ISPConfig::$WEBSERVER === ISPC_WEBSERVER_APACHE) {
$check_services[] = 'apache2';
} elseif(ISPConfig::$WEBSERVER === ISPC_WEBSERVER_NGINX) {
$check_services[] = 'nginx';
}
}
if(ISPConfig::shallInstall('mail')) {
if(!ISPConfig::wantsAmavis()) {
$check_services[] = 'rspamd';
$check_services[] = 'redis-server';
} else {
$check_services[] = 'amavis';
}
$check_services[] = 'dovecot';
}
foreach($check_services as $service) {
$status = $this->isServiceRunning($service);
ISPConfigLog::info($service . ': ' . ($status ? '<green>OK</green>' : '<lightred>FAILED</lightred>'), true);
if(!$status) {
ISPConfigLog::warn($service . ' seems not to be running!', true);
}
}
ISPConfigLog::info('Installation ready.', true);
if(ISPConfig::shallInstall('mailman') && $mailman_password != '') {
ISPConfigLog::info('Your Mailman password is: ' . $mailman_password, true);
}
if(ISPConfig::shallInstall('web') && !ISPConfig::wantsInteractive()) {
ISPConfigLog::info('Your ISPConfig admin password is: ' . $ispconfig_admin_pw, true);
}
ISPConfigLog::info('Your MySQL root password is: ' . $mysql_root_pw, true);
protected function getSystemPHPVersion() {
return '7.0';
}