forked from plesk/wordpress-edition
-
Notifications
You must be signed in to change notification settings - Fork 3
/
install_plesk.sh
559 lines (481 loc) · 20.4 KB
/
install_plesk.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
#!/usr/bin/env bash
# -------------------------------------------------------------------------
# Ubuntu Plesk server - Installation script for Plesk on Ubuntu
# -------------------------------------------------------------------------
# Website: https://virtubox.net
# GitHub: https://github.com/VirtuBox/ubuntu-plesk-server
# Source : https://github.com/plesk/wordpress-edition
# Copyright (c) 2019 VirtuBox <contact@virtubox.net>
# This script is licensed under Apache 2.0
# -------------------------------------------------------------------------
# Version 1.0.0 - 2019-08-21
# -------------------------------------------------------------------------
# Edit variables for Plesk pre-configuration
plesk_email='admin@test.tst'
plesk_pass='PleskUbuntu123@@'
plesk_name='admin'
# Plesk UI View - can be set to Service Provider View (spv) or Power User View (puv)
plesk_ui=spv
# Turn on Fail2Ban, yes or no, Keep in mind you need to provide temp license for initialization for this to work
fail2ban=yes
# Turn on http2
http2=yes
# PCI COMPLIANCE
pci_compliance=false
# Turn on Cloning - Set to "on" if this it to make a Golden Image, set to "off" if for remote installation
clone=off
# Check if user is root
if [ "$(id -u)" != "0" ]; then
echo "Error: You must be root to run this script, please use the root user to install the software."
echo ""
echo "Use 'su - root' to login as root"
exit 1
fi
if {
plesk version >/dev/null 2>&1
}; then
readonly plesk_installed="y"
else
plesk_installed=""
fi
readonly plesk_linux_distro=$(lsb_release -is)
readonly plesk_distro_version=$(lsb_release -sc)
readonly plesk_distro_id=$(lsb_release -rs)
readonly plesk_srv_arch="$(uname -m)"
readonly plesk_kvm_detec=$(systemd-detect-virt)
##################################
# Welcome
##################################
echo ""
echo "Welcome to ubuntu-plesk-server-setup script."
echo ""
while [ "$#" -gt 0 ]; do
case "$1" in
--interactive)
interactive_install="y"
;;
--travis)
travis="y"
release_tiers="testing"
agreement="true"
mariadb_server_install="y"
mariadb_version_install="10.5"
;;
-n | --name)
plesk_name="$2"
shift
;;
-p | --password)
plesk_pass="$2"
shift
;;
--email)
plesk_email="$2"
shift
;;
--testing)
release_tiers="testing"
;;
-r | --release)
release_tiers="$2"
shift
;;
-y | --agreement)
agreement="true"
;;
-i | --license)
activation_key="$2"
shift
;;
-m | --mariadb)
mariadb_server_install="y"
mariadb_version_install="$2"
shift
;;
*) ;;
esac
shift
done
##################################
# Menu
##################################
echo "#####################################"
echo " Warning "
echo "#####################################"
echo "This script will only allow ssh connection with ssh-keys"
echo "Make sure you have properly installed your public key in $HOME/.ssh/authorized_keys"
echo "#####################################"
sleep 1
if [ "$interactive_install" = "y" ]; then
if [ ! -d /etc/mysql ]; then
echo "#####################################"
echo "MariaDB server"
echo "#####################################"
echo ""
echo "Do you want to install MariaDB-server ? (y/n)"
while [[ $mariadb_server_install != "y" && $mariadb_server_install != "n" ]]; do
echo -e "Select an option [y/n]: "
read -r mariadb_server_install
done
if [[ "$mariadb_server_install" == "y" ]]; then
echo ""
echo "What version of MariaDB Client/Server do you want to install, 10.2, 10.3 or 10.5 ?"
while [[ $mariadb_version_install != "10.2" && $mariadb_version_install != "10.3" && $mariadb_version_install != "10.5" ]]; do
echo -e "Select an option [10.2 / 10.3 / 10.5 / 10.6]: "
read -r mariadb_version_install
done
fi
sleep 1
fi
if [ -z "$agreement" ]; then
echo -e "Do you agree with Plesk license terms ? (See : https://www.plesk.com/legal/)"
while [[ $agreement != "y" && $agreement != "n" ]]; do
echo -e "Select an option [y/n]: "
read -r agreement
done
fi
fi
if [ -z "$plesk_installed" ]; then
if [ -z "$mariadb_server_install" ]; then
mariadb_server_install="y"
fi
if [ -z "$mariadb_version_install" ]; then
mariadb_version_install="10.6"
fi
fi
# Test to make sure all initialization values are set
if [[ -z "$plesk_email" || -z "$plesk_pass" || -z "$plesk_name" || -z "$agreement" ]]; then
echo 'One or more variables are undefined. Please check your initialization values.'
exit 1
fi
echo ""
echo "#####################################"
echo "Starting server setup in 5 seconds"
echo "use CTRL + C if you want to cancel installation"
echo "#####################################"
sleep 5
export DEBIAN_FRONTEND=noninteractive
##################################
# Update packages
##################################
echo "##########################################"
echo " Updating Packages"
echo "##########################################"
if [ -z "$travis" ]; then
apt-get update -qq
apt-get --option=Dpkg::options::=--force-confmiss \
--option=Dpkg::options::=--force-confold \
--option=Dpkg::options::=--force-unsafe-io \
dist-upgrade --assume-yes --quiet
apt-get autoremove --purge -qq
apt-get autoclean -qq
fi
##################################
# Useful packages
##################################
echo "##########################################"
echo " Installing useful packages"
echo "##########################################"
apt-get \
--option=Dpkg::options::=--force-confmiss \
--option=Dpkg::options::=--force-confold \
--assume-yes install haveged curl git unzip zip htop \
nload nmon ntp gnupg gnupg2 wget pigz tree tzdata ccze --quiet
# set default ntp pools
if ! grep -q "time.cloudflare.com" /etc/systemd/timesyncd.conf; then
sed -e 's/^#NTP=/NTP=time.cloudflare.com 0.ubuntu.pool.ntp.org 1.ubuntu.pool.ntp.org 2.ubuntu.pool.ntp.org 3.ubuntu.pool.ntp.org/' -i /etc/systemd/timesyncd.conf
# enable ntp
timedatectl set-ntp 1
fi
# increase history size
export HISTSIZE=10000
##################################
# clone repository
##################################
echo "###########################################"
echo " Cloning Ubuntu-nginx-web-server repository"
echo "###########################################"
if [ ! -d "$HOME/ubuntu-nginx-web-server" ]; then
git clone https://github.com/VirtuBox/ubuntu-nginx-web-server.git "$HOME/ubuntu-nginx-web-server"
else
git -C "$HOME/ubuntu-nginx-web-server" pull origin master
fi
##################################
# Secure SSH server
##################################
# get current ssh port
CURRENT_SSH_PORT=$(grep "Port" /etc/ssh/sshd_config | awk -F " " '{print $2}')
# download secure sshd_config
cp -f "$HOME/ubuntu-nginx-web-server/etc/ssh/sshd_config" /etc/ssh/sshd_config
if [ "$CURRENT_SSH_PORT" != "22" ]; then
# change ssh default port
sed -i "s/Port 22/Port $CURRENT_SSH_PORT/" /etc/ssh/sshd_config
fi
# restart ssh service
service ssh restart
##################################
# Sysctl tweaks + open_files limits
##################################
echo "##########################################"
echo " Applying Linux Kernel tweaks"
echo "##########################################"
# download sysctl tweaks
if [ ! -f /etc/sysctl.d/60-plesk-tweaks.conf ]; then
if [ "$plesk_srv_arch" = "x86_64" ]; then
wget -qO /etc/sysctl.d/60-plesk-tweaks.conf \
https://raw.githubusercontent.com/WordOps/WordOps/master/wo/cli/templates/sysctl.mustache
if [ "$plesk_distro_version" = "bionic" ] || [ "$plesk_distro_version" = "focal" ] || [ "$plesk_distro_version" = "buster" ]; then
modprobe tcp_bbr && echo 'tcp_bbr' >>/etc/modules-load.d/bbr.conf
echo -e '\nnet.ipv4.tcp_congestion_control = bbr\nnet.ipv4.tcp_notsent_lowat = 16384' >>/etc/sysctl.d/60-plesk-tweaks.conf
else
modprobe tcp_htcp && echo 'tcp_htcp' >>/etc/modules-load.d/htcp.conf
echo 'net.ipv4.tcp_congestion_control = htcp' >>/etc/sysctl.d/60-plesk-tweaks.conf
fi
# apply sysctl tweaks
sysctl -eq -p /etc/sysctl.d/60-plesk-tweaks.conf
fi
fi
if [ ! -x /opt/kernel-tweak.sh ]; then
{
# download and setup wo-kernel systemd service to apply kernel tweaks for netdata and redis on server startup
wget -qO /opt/kernel-tweak.sh https://raw.githubusercontent.com/VirtuBox/kernel-tweak/master/kernel-tweak.sh
chmod +x /opt/kernel-tweak.sh
wget -qO /lib/systemd/system/kernel-tweak.service https://raw.githubusercontent.com/VirtuBox/kernel-tweak/master/kernel-tweak.service
systemctl enable kernel-tweak.service
systemctl start kernel-tweak.service
} >>/tmp/plesk-install.log 2>&1
fi
# additional systcl configuration with network interface name
# get network interface names like eth0, ens18 or eno1
# for each interface found, add the following configuration to sysctl
NET_INTERFACES_WAN=$(ip -4 route get 8.8.8.8 | grep -oP "dev [^[:space:]]+ " | cut -d ' ' -f 2)
{
echo ""
echo "# do not autoconfigure IPv6 on $NET_INTERFACES_WAN"
echo "net.ipv6.conf.$NET_INTERFACES_WAN.autoconf = 0"
echo "net.ipv6.conf.$NET_INTERFACES_WAN.accept_ra = 0"
echo "net.ipv6.conf.$NET_INTERFACES_WAN.accept_ra = 0"
echo "net.ipv6.conf.$NET_INTERFACES_WAN.autoconf = 0"
echo "net.ipv6.conf.$NET_INTERFACES_WAN.accept_ra_defrtr = 0"
} >>/etc/sysctl.d/60-ubuntu-nginx-web-server.conf
##################################
# Add MariaDB 10.3 repository
##################################
if [ "$mariadb_server_install" = "y" ]; then
echo ""
echo "##########################################"
echo " Adding MariaDB $mariadb_version_install repository"
echo "##########################################"
{
wget -qO mariadb_repo_setup https://downloads.mariadb.com/MariaDB/mariadb_repo_setup
chmod +x mariadb_repo_setup
./mariadb_repo_setup --mariadb-server-version=$mariadb_version_install --skip-maxscale -y
rm mariadb_repo_setup
apt-get update -qq
} >>/tmp/plesk-install.log 2>&1
fi
##################################
# MariaDB 10.3 install
##################################
# install mariadb server non-interactive way
if [ "$mariadb_server_install" = "y" ]; then
if [ ! -d /etc/mysql ]; then
echo ""
echo "##########################################"
echo " Installing MariaDB server $mariadb_version_install"
echo "##########################################"
if [ "$mariadb_version_install" = "10.2" ] || [ "$mariadb_version_install" = "10.3" ]; then
# generate random password
MYSQL_ROOT_PASS=""
echo "mariadb-server-${mariadb_version_install} mysql-server/root_password password ${MYSQL_ROOT_PASS}" | debconf-set-selections
echo "mariadb-server-${mariadb_version_install} mysql-server/root_password_again password ${MYSQL_ROOT_PASS}" | debconf-set-selections
fi
# debconf-set-selections <<<"mariadb-server-${mariadb_version_install} mysql-server/root_password password ${MYSQL_ROOT_PASS}"
# debconf-set-selections <<<"mariadb-server-${mariadb_version_install} mysql-server/root_password_again password ${MYSQL_ROOT_PASS}"
# # install mariadb server
apt-get install -qq mariadb-server # -qq implies -y --force-yes
# mysql_secure_installation non-interactive way
# remove anonymous users
mysql -e "DROP USER ''@'localhost'" >/dev/null 2>&1
mysql -e "DROP USER ''@'$(hostname)'" >/dev/null 2>&1
# remove test database
mysql -e "DROP DATABASE test" >/dev/null 2>&1
# flush privileges
mysql -e "FLUSH PRIVILEGES"
fi
fi
##################################
# MariaDB tweaks
##################################
if [ "$mariadb_server_install" = "y" ]; then
if [ "$mariadb_version_install" = "10.2" ] || [ "$mariadb_version_install" = "10.3" ]; then
echo "##########################################"
echo " Optimizing MariaDB configuration"
echo "##########################################"
cp /etc/mysql/my.cnf /etc/mysql/my.cnf.bak
cp -f "$HOME/ubuntu-nginx-web-server/etc/mysql/my.cnf" /etc/mysql/my.cnf
# stop mysql service to apply new InnoDB log file size
service mysql stop
# mv previous log file
mv /var/lib/mysql/ib_logfile0 /var/lib/mysql/ib_logfile0.bak
mv /var/lib/mysql/ib_logfile1 /var/lib/mysql/ib_logfile1.bak
# increase mariadb open_files_limit
echo -e '[Service]\nLimitNOFILE=500000' >/etc/systemd/system/mariadb.service.d/limits.conf
# reload daemon
systemctl daemon-reload
# restart mysql
service mysql start
fi
fi
######### Do not edit below this line ###################
#########################################################
# Download Plesk AutoInstaller
if [ -z "$plesk_installed" ]; then
echo "Downloading Plesk Auto-Installer"
wget -O plesk-installer https://installer.plesk.com/plesk-installer
echo
# Make Installed Executable
echo "Making Plesk Auto-Installer Executable"
chmod +x ./plesk-installer
echo
# Install Plesk testing with Required Components
echo "Starting Plesk Installation"
if ! { ./plesk-installer install release --components panel bind fail2ban \
l10n pmm mysqlgroup repair-kit \
roundcube spamassassin postfix dovecot \
proftpd awstats mod_fcgid webservers git \
nginx php7.4 php8.0 config-troubleshooter \
psa-firewall wp-toolkit letsencrypt \
imunifyav sslit; } >>/tmp/plesk-install.log 2>&1; then
echo
echo "An error occurred! The installation of Plesk failed. Please see logged lines above for error handling!"
tail -f 50 /tmp/plesk-install.log | ccze -A
exit 1
fi
#./plesk-installer --select-product-id plesk --select-release-latest --installation-type Recommended
if [ "$plesk_kvm_detec" = "kvm" ]; then
# Enable VPS Optimized Mode
echo "Enable VPS Optimized Mode"
plesk bin vps_optimized --turn-on >>/tmp/plesk-install.log 2>&1
echo
fi
# If Ruby and NodeJS are needed then run install Plesk using the following command:
# ./plesk-installer install plesk --preset Recommended --with fail2ban modsecurity spamassassin mailman psa-firewall pmm health-monitor passenger ruby nodejs gems-preecho
echo ""
echo ""
# Initalize Plesk before Additional Configuration
# https://docs.plesk.com/en-US/onyx/cli-linux/using-command-line-utilities/init_conf-server-configuration.37843/
# Install Plesk Activation Key if provided
# https://docs.plesk.com/en-US/onyx/cli-linux/using-command-line-utilities/license-license-keys.71029/
export PSA_PASSWORD=$plesk_pass
if [ -n "$activation_key" ]; then
echo "Starting initialization process of your Plesk server"
/usr/sbin/plesk bin init_conf --init -email "$plesk_email" -passwd "" -name "$plesk_name" -license_agreed "$agreement"
echo "Installing Plesk Activation Code"
/usr/sbin/plesk bin license --install "$activation_key"
echo
else
echo "Starting initialization process of your Plesk server"
/usr/sbin/plesk bin init_conf --init -email "$plesk_email" -passwd "" -name "$plesk_name" -license_agreed "$agreement" -trial_license true
fi
# Configure Service Provider View On
if [ "$plesk_ui" = "spv" ]; then
echo "Setting to Service Provider View"
/usr/sbin/plesk bin poweruser --off
echo
else
echo "Setting to Power user View"
/usr/sbin/plesk bin poweruser --on
echo
fi
# Make sure Plesk UI and Plesk Update ports are allowed
echo "Setting Firewall to allow proper ports."
{
iptables -I INPUT -p tcp --dport 21 -j ACCEPT
iptables -I INPUT -p tcp --dport 22 -j ACCEPT
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp --dport 443 -j ACCEPT
iptables -I INPUT -p tcp --dport 465 -j ACCEPT
iptables -I INPUT -p tcp --dport 993 -j ACCEPT
iptables -I INPUT -p tcp --dport 995 -j ACCEPT
iptables -I INPUT -p tcp --dport 8443 -j ACCEPT
iptables -I INPUT -p tcp --dport 8447 -j ACCEPT
iptables -I INPUT -p tcp --dport 8880 -j ACCEPT
} >>/tmp/plesk-install.log 2>&1
echo
fi
# Enable Modsecurity
# https://docs.plesk.com/en-US/onyx/administrator-guide/server-administration/web-application-firewall-modsecurity.73383/
#echo "Turning on Modsecurity WAF Rules"
#plesk bin server_pref --update-web-app-firewall -waf-rule-engine on -waf-rule-set tortix -waf-rule-set-update-period daily -waf-config-preset tradeoff
#echo
# Enable Fail2Ban and Jails
# https://docs.plesk.com/en-US/onyx/cli-linux/using-command-line-utilities/ip_ban-ip-address-banning-fail2ban.73594/
if [ "$fail2ban" = "yes" ]; then
echo "Configuring Fail2Ban and its Jails"
/usr/sbin/plesk bin ip_ban --enable
/usr/sbin/plesk bin ip_ban --enable-jails ssh
/usr/sbin/plesk bin ip_ban --enable-jails recidive
/usr/sbin/plesk bin ip_ban --enable-jails plesk-proftpd
/usr/sbin/plesk bin ip_ban --enable-jails plesk-postfix
/usr/sbin/plesk bin ip_ban --enable-jails plesk-dovecot
/usr/sbin/plesk bin ip_ban --enable-jails plesk-roundcube
/usr/sbin/plesk bin ip_ban --enable-jails plesk-apache-badbot
/usr/sbin/plesk bin ip_ban --enable-jails plesk-panel
/usr/sbin/plesk bin ip_ban --enable-jails plesk-wordpress
/usr/sbin/plesk bin ip_ban --enable-jails plesk-apache
echo
fi
# Turn on http2
# https://docs.plesk.com/en-US/onyx/administrator-guide/web-servers/apache-and-nginx-web-servers-linux/http2-support-in-plesk.76461/
if [ "$http2" = "yes" ]; then
echo "Activating http2"
/usr/sbin/plesk bin http2_pref --enable
echo
fi
# Enable PCI Compliance
if [ "$pci_compliance" = "yes" ]; then
/usr/sbin/plesk sbin pci_compliance_resolver --enable all
fi
# Install Bundle Extensions
# https://docs.plesk.com/en-US/onyx/cli-linux/using-command-line-utilities/extension-extensions.71031/
echo "Installing Requested Plesk Extensions"
echo
echo "Installing SEO Toolkit"
/usr/sbin/plesk bin extension --install-url https://ext.plesk.com/packages/2ae9cd0b-bc5c-4464-a12d-bd882c651392-xovi/download
echo
echo "Installing Revisium Antivirus for Websites"
/usr/sbin/plesk bin extension --install-url https://ext.plesk.com/packages/b71916cf-614e-4b11-9644-a5fe82060aaf-revisium-antivirus/download
echo ""
echo "Installing Plesk Migration Manager"
/usr/sbin/plesk bin extension --install-url https://ext.plesk.com/packages/bebc4866-d171-45fb-91a6-4b139b8c9a1b-panel-migrator/download
echo
echo "Installing Code Editor"
/usr/sbin/plesk bin extension --install-url https://ext.plesk.com/packages/e789f164-5896-4544-ab72-594632bcea01-rich-editor/download
echo
echo "Installing MagicSpam"
/usr/sbin/plesk bin extension --install-url https://ext.plesk.com/packages/b49f9b1b-e8cf-41e1-bd59-4509d92891f7-magicspam/download
echo
echo "Installing Panel.ini Extension"
/usr/sbin/plesk bin extension --install-url https://ext.plesk.com/packages/05bdda39-792b-441c-9e93-76a6ab89c85a-panel-ini-editor/download
echo
echo "Installing Schedule Backup list Extension"
/usr/sbin/plesk bin extension --install-url https://ext.plesk.com/packages/17ffcf2a-8e8f-4cb2-9265-1543ff530984-scheduled-backups-list/download
echo
echo "Set custom panel.ini config"
wget https://raw.githubusercontent.com/VirtuBox/ubuntu-plesk-onyx/master/usr/local/psa/admin/conf/panel.ini -O /usr/local/psa/admin/conf/panel.ini
echo
# Prepair for Cloning
# https://docs.plesk.com/en-US/onyx/cli-linux/using-command-line-utilities/cloning-server-cloning-settings.71035/
if [ "$clone" = "on" ]; then
echo "Setting Plesk Cloning feature."
/usr/sbin/plesk bin cloning --update -prepare-public-image true -reset-license true -skip-update true
echo "Plesk initialization will be wiped on next boot. Ready for Cloning."
else
echo "Here is your login"
/usr/sbin/plesk login
fi
echo
echo "Your Ubuntu Plesk Server is ready."
echo "Give ubuntu-plesk-server a GitHub star : https://github.com/VirtuBox/ubuntu-plesk-server"
echo