#!/bin/bash source /opt/webinoly/lib/install system_info() { [[ $ram == 0 ]] && local ramv="${ramb}Mb" || ramv="${ram}Gb" [[ $swap == 0 ]] && local swapv="${swapm}Mb" || swapv="${swap}Gb" echo "" echo "${blu}${bol}[Operating System]${end}" echo "${blu}OS Info:${end}${dim} $(sudo cat /proc/version) ${end}" echo "${blu}Description:${end}${dim} $(sudo lsb_release -d | cut -d':' -f 2- -s) ${end}" echo "${blu}Codename:${end}${dim} $(sudo lsb_release -c | cut -d':' -f 2- -s) ${end}" echo "${blu}RAM:${end}${dim} $ramv ${end}" echo "${blu}SWAP:${end}${dim} $swapv ${end}" echo "" echo "${blu}CPU Model:${end}${dim} $(lscpu | grep "Model name:" | cut -d ":" -f 2 -s | sed 's/^[ \t]*//') ${end}" echo "${blu}Architecture:${end}${dim} $(lscpu | grep "Vendor ID:" | cut -d ":" -f 2 -s | sed 's/^[ \t]*//') ($(lscpu | grep "Architecture:" | cut -d ":" -f 2 -s | sed 's/^[ \t]*//')) ${end}" echo "${blu}Cores:${end}${dim} $cores ${end}" echo "${blu}Threads per core:${end}${dim} $(lscpu | grep "Thread(s) per core:" | cut -d ":" -f 2 -s | sed 's/^[ \t]*//') ${end}" echo "" echo "${blu}Hostname:${end}${dim} $(sudo hostname) ${end}" echo "${blu}File descriptors (OS):${end}${dim} $(sudo cat /proc/sys/fs/file-max) ${end}" echo "${blu}File descriptors (root):${end}${dim} $(ulimit -Hn) ${end}" [[ $(conf_read nginx) == "true" ]] && echo "${blu}File descriptors (nginx/per process):${end}${dim} $(grep 'Max open files' /proc/$(cat /run/nginx.pid)/limits | cut -f 15 -d ' ') ${end}" echo "" echo "${blu}${bol}[Disk Usage]${end}${dim}" sudo df -Th / echo "${end}" echo "${blu}${bol}[NGINX]${end}" if [[ $(conf_read nginx) == "true" ]]; then echo "${blu}Branch:${end}${dim} $(conf_read nginx-ppa) ${end}" echo "${blu}Version:${end}${dim} $(sudo nginx -v 2>&1 | cut -d'/' -f 2- -s) ${end}" echo "${blu}worker_processes:${end}${dim} $(grep worker_processes /etc/nginx/nginx.conf | cut -f 2 -d ' ' | tr -d ';') ${end}" echo "${blu}worker_connections:${end}${dim} $(grep worker_connections /etc/nginx/nginx.conf | cut -f 2 -d ' ' | tr -d ';') ${end}" echo "${blu}worker_rlimit_nofile:${end}${dim} $(grep worker_rlimit_nofile /etc/nginx/nginx.conf | cut -f 2 -d ' ' | tr -d ';') ${end}" echo "${blu}client_max_body_size:${end}${dim} $(grep client_max_body_size /etc/nginx/nginx.conf | cut -f 2 -d ' ' | tr -d ';') ${end}" echo "" echo "${blu}${bol}[NGINX Cache Settings]${end}" echo "${blu}FastCGI 200:${end}${dim} $( grep -F "fastcgi_cache_valid 200" /etc/nginx/conf.d/fastcgi.conf | rev | cut -d' ' -f 1 | rev | tr -d ';') ${end}" echo "${blu}FastCGI 3xx/4xx:${end}${dim} $( grep -F "fastcgi_cache_valid 301 " /etc/nginx/conf.d/fastcgi.conf | rev | cut -d' ' -f 1 | rev | tr -d ';' ) ${end}" echo "${blu}FastCGI inactive:${end}${dim} $( grep -F "fastcgi_cache_path" /etc/nginx/conf.d/fastcgi.conf | rev | cut -d' ' -f 1 | rev | cut -d'=' -f 2 | tr -d ';') ${end}" echo "${blu}FastCGI max-size:${end}${dim} $( grep -F "fastcgi_cache_path" /etc/nginx/conf.d/fastcgi.conf | rev | cut -d' ' -f 2 | rev | cut -f 2 -d '=' ) ${end}" echo "${blu}open_file_cache_valid:${end}${dim} $(grep open_file_cache_valid /etc/nginx/nginx.conf | cut -f 2 -d ' ' | tr -d ';') ${end}" echo "${blu}open_file_cache max:${end}${dim} $(grep -w open_file_cache /etc/nginx/nginx.conf | cut -f 2 -d ' ' | cut -f 2 -d '=') ${end}" echo "${blu}open_file_cache inactive:${end}${dim} $(grep -w open_file_cache /etc/nginx/nginx.conf | cut -f 3 -d ' ' | cut -f 2 -d '=' | tr -d ';') ${end}" echo "" else echo "${red}${dim} NGINX is not installed! ${end}" echo "" fi echo "${blu}${bol}[PHP]${end}" if [[ $(conf_read php) == "true" ]]; then echo "${blu}Info:${end}${dim} $(php -v | grep -m1 "") ${end}" echo "${blu}memory_limit:${end}${dim} $(grep memory_limit /etc/php/$(conf_read php-ver)/fpm/php.ini | cut -f 2 -d '=' -s ) ${end}" echo "${blu}post_max_size:${end}${dim} $(grep post_max_size /etc/php/$(conf_read php-ver)/fpm/php.ini | cut -f 2 -d '=' -s ) ${end}" echo "${blu}upload_max_filesize:${end}${dim} $(grep upload_max_filesize /etc/php/$(conf_read php-ver)/fpm/php.ini | cut -f 2 -d '=' -s ) ${end}" echo "${blu}max_file_uploads:${end}${dim} $(grep max_file_uploads /etc/php/$(conf_read php-ver)/fpm/php.ini | cut -f 2 -d '=' -s ) ${end}" echo "${blu}max_execution_time:${end}${dim} $(grep max_execution_time /etc/php/$(conf_read php-ver)/fpm/php.ini | cut -f 2 -d '=' -s ) ${end}" echo "" echo "${blu}Process Manager:${end}${dim} $(grep -E "^pm.?=.?*+" /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf | cut -f 2 -d '=' -s ) ${end}" echo "${blu}pm.max_children:${end}${dim} $(grep -E "^pm.max_children.?=.?*+" /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf | cut -f 2 -d '=' -s ) ${end}" echo "${blu}pm.start_servers:${end}${dim} $(grep -E "^pm.start_servers.?=.?*+" /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf | cut -f 2 -d '=' -s ) ${end}" echo "${blu}pm.min_spare_servers:${end}${dim} $(grep -E "^pm.min_spare_servers.?=.?*+" /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf | cut -f 2 -d '=' -s ) ${end}" echo "${blu}pm.max_spare_servers:${end}${dim} $(grep -E "^pm.max_spare_servers.?=.?*+" /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf | cut -f 2 -d '=' -s ) ${end}" echo "" else echo "${red}${dim} PHP is not installed! ${end}" echo "" fi echo "${blu}${bol}[MYSQL]${end}" if [[ $(conf_read mysql) == "true" ]]; then # Check if file exist because in legacy it doesn't! if [[ $(conf_read mysql-tool-pma) == "true" && -f /var/www/$(conf_read tools-port)/htdocs/pma/libraries/classes/Version.php ]]; then local pmaver=$(grep -E "public const VERSION = '[0-9\.]+'.*;" /var/www/$(conf_read tools-port)/htdocs/pma/libraries/classes/Version.php | cut -f 2 -d "'") # Legacy support: before v5.1.0 (Feb 23, 2021) version is found here: elif [[ $(conf_read mysql-tool-pma) == "true" ]]; then local pmaver=$(grep -e "\$this->set('PMA_VERSION',.*'[0-9\.]*');" /var/www/$(conf_read tools-port)/htdocs/pma/libraries/classes/Config.php | cut -f 4 -d "'") elif [[ $(conf_read mysql-tool-pma) != "true" ]]; then local pmaver="Not installed!" fi echo "${blu}Info:${end}${dim} $(sudo mysql --version) ${end}" echo "${blu}phpMyAdmin:${end}${dim} $pmaver ${end}" echo "" else echo "${red}${dim} MySQL is not installed! ${end}" echo "" fi echo "${blu}${bol}[Webinoly]${end}" [[ -n $(conf_read default-site) ]] && local ds=$(conf_read default-site) || local ds="default" [[ -n $(conf_read tools-site) ]] && local ts=$(conf_read tools-site) || local ts="default" [[ -n $(conf_read timezone) ]] && local tz=$(conf_read timezone) || local tz="Undefined" echo "${blu}Default site:${end}${dim} $ds ${end}" echo "${blu}Tools site:${end}${dim} $ts ${end}" echo "${blu}Tools port:${end}${dim} $(conf_read tools-port) ${end}" echo "${blu}Timezone:${end}${dim} $tz ${end}" if [[ $(conf_read smtp) == "true" ]]; then echo "${blu}SMTP Host:${end}${dim} $(grep -E "^relayhost.?=.?*+" /etc/postfix/main.cf | cut -f 2 -d '=' -s) ${end}" echo "${blu}SMTP Mainsite:${end}${dim} $(sudo cat /etc/mailname | head -n 1) ${end}" else echo "${blu}SMTP:${end}${dim} None ${end}" fi echo "" echo "${blu}${bol}[Internal]${end}" if [[ -f /opt/webinoly/webinoly.conf ]]; then sudo sed -nr "s/^([a-z\-]+)\:(.*)$/${blu}\1\:${end}${dim}\2${end}/p" /opt/webinoly/webinoly.conf else echo "${red} [ERROR] Configuration File not found! ${end}" fi echo "" } smtp_setup() { if [[ $smtp == true ]]; then local hostname=$(grep -E "^myhostname[ ]?=[ ]?.*$" /etc/postfix/main.cf | cut -d "=" -f 2 -s | sed "s/ //") [[ -n $hostname && -f /etc/nginx/sites-available/$hostname ]] && local default_host=" [$hostname]" echo "${gre}" echo "**********************************" echo "********** SMTP Setup **********" echo "**********************************" echo "" echo " * We only support TLS and Port 587." echo "" read -p "${blu} + SMTP Host: ${end}" host read -p "${blu} + User: ${end}" user read -p "${blu} + Password: ${end}" pass read -p "${blu} + Main Hostname/Domain${default_host}: ${end}" mainhost [[ -z $mainhost && -n $default_host ]] && mainhost=$hostname echo "" elif [[ $(echo "${smtp}" | cut -c-1) == "[" && $(echo "${smtp}" | rev | cut -c-1) == "]" ]]; then # No need for check var lenght to prevent errors, the previous condition is enough in this case. userdata=${smtp:1:-1} host=$(echo "${userdata}" | cut -d',' -f 1 -s) user=$(echo "${userdata}" | cut -d',' -f 2 -s) pass=$(echo "${userdata}" | cut -d',' -f 3 -s) mainhost=$(echo "${userdata}" | cut -d',' -f 4 -s) else echo "${red}[ERROR] Invalid SMTP data!${end}" exit 1 fi if [[ -z $user || -z $pass || -z $host || -z $mainhost ]]; then echo "${red}[ERROR] Invalid SMTP data!${end}" exit 1 elif [[ ! -f /etc/nginx/sites-available/$mainhost ]]; then echo "${red}[ERROR] Main Host site not found in your server!${end}" exit 1 elif [[ $(is_url $host) != "true" ]]; then if [[ $(is_url $host) =~ ^(http|https)$ ]]; then echo "${red}[ERROR] Invalid SMTP host! (HTTP/HTTPS can not be used in conjunction with SMTP protocol)${end}" else echo "${red}[ERROR] Invalid SMTP host!${end}" fi exit 1 else is_url $host -split if [[ -n $url_port ]]; then echo "${red}[ERROR] Invalid SMTP host! (Custom port is not supported)${end}" exit 1 fi fi [[ ! -f /opt/webinoly/templates/source/main.cf ]] && sudo cp -p /etc/postfix/main.cf /opt/webinoly/templates/source/ sudo touch /etc/mailname echo "$mainhost" > /etc/mailname sudo chown root:root /etc/mailname sudo chmod 0644 /etc/mailname sudo sed -i '/myorigin =/c \myorigin = /etc/mailname' /etc/postfix/main.cf sudo sed -i "/myhostname =/c\myhostname = $mainhost" /etc/postfix/main.cf sudo sed -i "/relayhost/c\relayhost = $host:587" /etc/postfix/main.cf sudo sed -i '/mydestination =/c \mydestination = localhost' /etc/postfix/main.cf # Ensure we have no duplicate parameters sudo sed -i '/^smtp_tls_security_level/s/^/#/' /etc/postfix/main.cf sudo sed -i '/^smtp_tls_note_starttls_offer/s/^/#/' /etc/postfix/main.cf sudo sed -i '/^smtp_use_tls/s/^/#/' /etc/postfix/main.cf sudo sed -i '/^smtp_sasl_password_maps/s/^/#/' /etc/postfix/main.cf sudo sed -i '/^smtp_sasl_security_options/s/^/#/' /etc/postfix/main.cf sudo sed -i '/^smtp_sasl_auth_enable/s/^/#/' /etc/postfix/main.cf sudo sed -i '/relayhost/a \smtp_tls_security_level = encrypt' /etc/postfix/main.cf sudo sed -i '/relayhost/a \smtp_tls_note_starttls_offer = yes' /etc/postfix/main.cf sudo sed -i '/relayhost/a \smtp_use_tls = yes' /etc/postfix/main.cf sudo sed -i '/relayhost/a \smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd' /etc/postfix/main.cf sudo sed -i '/relayhost/a \smtp_sasl_security_options = noanonymous' /etc/postfix/main.cf sudo sed -i '/relayhost/a \smtp_sasl_auth_enable = yes' /etc/postfix/main.cf sudo postconf -e 'smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt' echo "$host:587 $user:$pass" > /etc/postfix/sasl_passwd sudo chown root:root /etc/postfix/sasl_passwd sudo chmod 0600 /etc/postfix/sasl_passwd sudo postmap hash:/etc/postfix/sasl_passwd sudo chown root:root /etc/postfix/sasl_passwd.db sudo chmod 0600 /etc/postfix/sasl_passwd.db conf_write smtp true sudo systemctl restart postfix echo "${gre}SMTP was successfully enabled!${end}" } mysql_change_password() { if ! sudo mysql --connect-timeout=10 --user=admin -p$ADMIN_PASS -e "quit" 2>/dev/null; then echo "${red}[ERROR] MySQL Connection to localhost failed! ${dim}(admin)${end}" exit 1 fi if [[ $mysql_password == true ]]; then echo "" read -p "${blu}MySQL User: ${end}" user read -p "${blu}New Password: ${end}" pass echo "" elif [[ $(echo "${mysql_password}" | cut -c-1) == "[" && $(echo "${mysql_password}" | rev | cut -c-1) == "]" ]]; then # No need for check var lenght to prevent errors, the previous condition is enough in this case. userdata=${mysql_password:1:-1} user=$(echo "${userdata}" | cut -d',' -f 1 -s) pass=$(echo "${userdata}" | cut -d',' -f 2 -s) else echo "${red}[ERROR] Please enter a valid value for username and password!${end}" exit 1 fi if [[ -z $user || -z $pass || $user == *"'"* || $pass == *"'"* || ${#pass} -lt 8 ]]; then echo "${red}[ERROR] Please, enter a valid username and password!" echo "Password can not contain a 'single quote' and must be at least 8 characters long.${end}" exit 1 elif [[ -z $(sudo mysql --connect-timeout=10 --user=admin -p$ADMIN_PASS -e "SELECT User FROM mysql.user;" | grep -ow $user) ]]; then echo "${red}[ERROR] User ${blu}$user ${red}doesn't exists!${end}" exit 1 fi # First get the User host: 'localhost' or '%' local userhost=$(sudo mysql -ss --connect-timeout=10 --user=admin -p$ADMIN_PASS -e "SELECT Host FROM mysql.user WHERE User='${user}' LIMIT 1;") sudo mysql --connect-timeout=10 --user=admin -p$ADMIN_PASS -e "ALTER USER '${user}'@'${userhost}' IDENTIFIED BY '${pass}';FLUSH PRIVILEGES;" if [[ $? == 0 ]]; then [[ $user =~ ^(root|admin)$ ]] && conf_write mysql-${user} $( echo $pass | openssl enc -a -salt ) echo "${gre}MySQL Password successfully changed! ${dim}('${user}'@'${userhost}')${end}" else echo "${red}[ERROR] Unexpected error!${end}" exit 1 fi } mysql_public_access() { if ! [[ $mysql_public_access =~ ^(on|off)$ ]]; then echo "${red}[ERROR] Please, enter a valid value! ${dim}(on/off)${end}" exit 1 fi check_for_mysql -ask if [[ $mysql_public_access == "on" ]]; then cnf_write skip-networking 0 cnf_write skip-bind-address echo "" echo "${red}[WARNING] Please, be careful and take the proper security actions to protect your server, now that MySQL is open for public access you should at least set your firewall to prevent against any unwanted request.${end}" echo "" [[ -z $create_master_user ]] && echo "${dim}[INFO] Be sure you have a MySQL User with public access!${end}" echo "${gre}MySQL public access successfully enabled!${end}" elif [[ $mysql_public_access == "off" ]]; then cnf_delete skip-networking cnf_delete skip-bind-address echo "${gre}MySQL public access successfully disabled!${end}" fi sudo systemctl restart mysql if [[ -n $create_master_user ]]; then if [[ $create_master_user != true && $(echo "${create_master_user}" | cut -c-1) == "[" && $(echo "${create_master_user}" | rev | cut -c-1) == "]" ]]; then local user=$(echo ${create_master_user:1:-1} | cut -d',' -f 1 -s) local pass=$(echo ${create_master_user:1:-1} | cut -d',' -f 2 -s) fi if [[ -z $user || -z $pass ]]; then read -p "${blu}Master User Name: ${end}" user read -p "${blu}Master User Password: ${end}" pass fi [[ ${pass,,} == "random" ]] && local pass=`pwgen -s -1 16` if [[ -z $user || -z $pass || $user == *"'"* || $pass == *"'"* || ${#pass} -lt 8 ]]; then echo "${red}[ERROR] Please, enter a valid username and password!" echo "Password can not contain a 'single quote' and must be at least 8 characters long.${end}" exit 1 elif [[ $user != $(dbword_check $user user) ]]; then echo "${red}[ERROR] The DB Name can not be a reserved word or should only contain allowed characters!${blu}" exit 1 elif [[ -n $(sudo mysql --connect-timeout=10 --user=admin -p$ADMIN_PASS -e "SELECT User FROM mysql.user;" | grep -ow $user) ]]; then echo "${red}[ERROR] User ${blu}$user ${red}already exists!${end}" exit 1 else [[ -n $replication_slave ]] && local priv="replication slave" || local priv="ALL PRIVILEGES" [[ -n $replication_slave ]] && local grant="" || local grant="WITH GRANT OPTION" sudo mysql --connect-timeout=10 --user=admin -p$ADMIN_PASS <<_EOF_ CREATE USER '${user}'@'%' IDENTIFIED BY '${pass}'; GRANT ${priv} ON *.* TO '${user}'@'%' ${grant}; FLUSH PRIVILEGES; _EOF_ [[ $? == 0 ]] && echo "${gre}${dim}Master User${blu} $user ${gre}with password ${blu}${pass}${gre} successfully created!${end}" || echo "${red}[ERROR] Unexpected error!${end}" fi fi } remove_domain_default_site() { # In case we have a domain as default before. if ! [[ $(conf_read default-site) =~ ^(default|blackhole)$ || -z $(conf_read default-site) ]]; then [[ ! -L /etc/nginx/sites-enabled/default && -f /etc/nginx/sites-available/default ]] && sudo ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default remove_nginx_default_server $(conf_read default-site) fi } create_blackhole_cert() { if [[ ! -f /etc/ssl/certs/webinoly-blackhole.crt.pem ]]; then # REMOVE: Temporal fix affecting openssl 1.1.1 - https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1603717.html sudo touch /root/.rnd sudo openssl req -new -newkey rsa:2048 -days 36500 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=blackhole" -keyout /etc/ssl/private/webinoly-blackhole.key.pem -out /etc/ssl/certs/webinoly-blackhole.crt.pem > /dev/null 2>&1 fi } webinoly_update() { # Update: sudo webinoly -update # Update from branch: sudo webinoly -update=beta # Downgrade: sudo webinoly -update=1.14.0 if [[ $(conf_read branch) =~ ^(alpha|beta)$ ]] && ! [[ $update =~ ^(alpha|beta)$ ]]; then echo "${red}[ERROR] Beta/alpha versions can not be updated to stable versions!${end}" exit 1 fi local currentver=$(conf_read app-version) if [[ -n $update && $update != true ]]; then local branch="-ver=${update}" else local checkver=$(wget --timeout=10 -t 1 -qO- https://api.webinoly.com/check?text=true) if [[ -z $checkver || -z $currentver ]] || ! [[ $checkver =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then echo "${red}[ERROR] Version check service unavailable!${dim} (Webinoly API)${end}" exit 1 elif [[ ${currentver//.} -ge ${checkver//.} ]]; then echo "${gre}You currently have the latest version!${dim} (v${checkver})${end}" exit 0 else echo "${dim}Updating...${end}" echo "${blu}${dim}Your current version 'v${currentver}' will be updated to the newest 'v${checkver}' ${end}" fi fi sudo wget --timeout=15 -t 1 --referer="https://update.webinoly.com/?ver=${app_version}" -qrO weby https://qrok.es/wyupd && sudo bash weby upd $branch if [[ $? == 0 ]]; then echo "${gre}Webinoly App has been updated successfully!${dim} (Updated to: v$(conf_read app-version))${end}" else sudo rm weby echo "${red}[ERROR] Update process has failed!${end}" exit 1 fi api-events_update wy1s } fix_permissions() { # https://github.com/QROkes/webinoly/issues/49 sudo find /var/www ! -path "/var/www/\.*" -type d -print0 | sudo xargs -r -0 chmod 755 sudo find /var/www ! -path "/var/www/\.*" -type f -print0 | sudo xargs -r -0 chmod 644 if [[ -d /var/www/.ssh ]]; then sudo find /var/www/.ssh -type d -print0 | sudo xargs -r -0 chmod 700 sudo find /var/www/.ssh ! -path "/var/www/.ssh/*.pub" -type f -print0 | sudo xargs -r -0 chmod 600 sudo find /var/www/.ssh -path "/var/www/.ssh/*.pub" -type f -print0 | sudo xargs -r -0 chmod 644 fi if [[ -d $CURRENT_HOME/.ssh ]]; then sudo find $CURRENT_HOME/.ssh -type d -print0 | sudo xargs -r -0 chmod 700 sudo find $CURRENT_HOME/.ssh ! -path "$CURRENT_HOME/.ssh/*.pub" -type f -print0 | sudo xargs -r -0 chmod 600 sudo find $CURRENT_HOME/.ssh -path "$CURRENT_HOME/.ssh/*.pub" -type f -print0 | sudo xargs -r -0 chmod 644 sudo chown -R ${CURRENT_USER}:${CURRENT_USER} $CURRENT_HOME/.ssh fi sudo chown -R www-data:www-data /var/www [[ $(conf_read login-www-data) == "true" ]] && sudo chown root:root /var/www } server_reset() { # Regenerate NGINX conf files if [[ $(conf_read nginx-optim) == "true" && $server_reset =~ ^(nginx|all)$ ]]; then # Backup files will be restored in nginx_optim function [[ -f /etc/nginx/conf.d/blockips.conf ]] && sudo cp -p /etc/nginx/conf.d/blockips.conf /tmp/webinoly_blockips_backup [[ -f /etc/nginx/conf.d/webinoly.conf ]] && sudo cp -p /etc/nginx/conf.d/webinoly.conf /tmp/webinoly_backup linux_purge sudo sed -i '/WebinolyCustom/,/WebinolyCustomEnd/{/.*/d}' /etc/nginx/fastcgi_params sudo rm -rf /etc/nginx/common sudo rm -rf /etc/nginx/conf.d/* nginx_optim echo "${gre}Nginx settings has been updated successfully!${end}" fix_permissions echo "${gre}Permissions fixed successfully!${end}" elif [[ $(conf_read nginx-optim) != "true" && $server_reset == "nginx" ]]; then echo "${red}[ERROR] Nginx settings couldn't been updated, seems like is not installed in your server!${end}" err_cont=true fi # Regenerate PHP conf files if [[ $(conf_read php-optim) == "true" && $server_reset =~ ^(php|all)$ ]]; then if [[ -f /opt/webinoly/templates/source/php.ini && -f /opt/webinoly/templates/source/www.conf ]]; then sudo cat /opt/webinoly/templates/source/php.ini > /etc/php/$(conf_read php-ver)/fpm/php.ini sudo cat /opt/webinoly/templates/source/www.conf > /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf # Added in v1.11.0, will fail if stack was built before: [[ -f /opt/webinoly/templates/source/php-fpm.conf ]] && sudo cat /opt/webinoly/templates/source/php-fpm.conf > /etc/php/$(conf_read php-ver)/fpm/php-fpm.conf sudo rm -rf /etc/php/$(conf_read php-ver)/fpm/pool.d/debug.conf php_optim echo "${gre}PHP settings has been updated successfully!${end}" else echo "${red}[ERROR] PHP could not been updated, source files not found!${end}" err_cont=true fi elif [[ $(conf_read php-optim) != "true" && $server_reset == "php" ]]; then echo "${red}[ERROR] PHP settings couldn't been updated, seems like is not installed in your server!${end}" err_cont=true fi # Check MySQL Conf if [[ $(conf_read mysql-optim) == "true" && $server_reset =~ ^(mysql|all)$ ]]; then mysql_optim echo "${gre}MySQL settings has been updated successfully!${end}" elif [[ $(conf_read mysql-optim) != "true" && $server_reset == "mysql" ]]; then echo "${red}[ERROR] MySQL settings couldn't been updated, seems like is not installed in your server!${end}" err_cont=true fi # Permissions if [[ $(conf_read nginx) == "true" && $server_reset == "permissions" ]]; then fix_permissions echo "${gre}Permissions fixed successfully!${end}" nginx_not="true" # Nginx-Reload not-needed. elif [[ $(conf_read nginx) != "true" && $server_reset == "permissions" ]]; then echo "${red}[ERROR] Nginx not found, seems like is not installed in your server!${end}" err_cont=true fi # Display message just to show we are alive. if [[ $server_reset == "all" && $(conf_read php-optim) != "true" && $(conf_read nginx-optim) != "true" ]]; then echo "${blu}Nothing to do here! ${dim}(NGINX, PHP or MySQL are not installed yet)${end}" fi } show_db_data() { if [[ -n $(conf_read external-dbu) && -n $(conf_read external-dbp) ]]; then local extu=$(conf_read external-dbu) local extp=$(conf_read external-dbp) if [[ -n $(conf_read external-dbh) && -n $(conf_read external-dbx) ]]; then local exth="$(conf_read external-dbh):$(conf_read external-dbx)" elif [[ -n $(conf_read external-dbh) ]]; then local exth=$(conf_read external-dbh) fi fi if [[ -n $(conf_read mysql-root) || -n $(conf_read mysql-admin) ]]; then local rpass=$( echo $(conf_read mysql-root) | openssl enc -d -a -salt ) local apass=$( echo $(conf_read mysql-admin) | openssl enc -d -a -salt ) echo "" [[ ( $dbpass == "raw" || -n $raw ) || -z $extu ]] || echo "${gre}Localhost Credentials${end}" [[ $dbpass == "raw" || -n $raw ]] && echo "root:$rpass" || echo "${blu}${bol} root:${end}${blu}${dim} $rpass ${end}" [[ $dbpass == "raw" || -n $raw ]] && echo "admin:$apass" || echo "${blu}${bol} admin:${end}${blu}${dim} $apass ${end}" echo "" else echo "${blu}" echo "Localhost credentials not found!" echo "${end}" fi if [[ -n $extu ]]; then echo "" [[ $dbpass == "raw" || -n $raw ]] || echo "${gre}External DB Credentials${end}" [[ ( $dbpass == "raw" || -n $raw ) && -n $exth ]] && echo "Host:$exth" [[ ( $dbpass != "raw" && -z $raw ) && -n $exth ]] && echo "${blu}${bol} Host:${end}${blu}${dim} $exth ${end}" [[ $dbpass == "raw" || -n $raw ]] && echo "User:$extu" || echo "${blu}${bol} User:${end}${blu}${dim} $extu ${end}" [[ $dbpass == "raw" || -n $raw ]] && echo "Password:$extp" || echo "${blu}${bol} Password:${end}${blu}${dim} $extp ${end}" echo "" fi if [[ -z $rpass && -z $extu ]]; then echo "${red}" echo "[ERROR] DB Credentials not found!" echo "${end}" exit 1 fi } change_tools_port() { local oldport=$(conf_read tools-port) if [[ $tools_port == true ]]; then [[ -z $oldport ]] && local oldport=$tools_port_default read -p "${blu}Tools Port [Current: $oldport]: " port else port=$tools_port fi if [[ -z $port || ( -n $oldport && $port == $oldport ) ]]; then echo "${gre}Tools-Port not changed! ${end}" elif [[ $port =~ ^[0-9]+$ && $port -ge 0 && $port -le 65535 ]]; then if [[ -f /etc/nginx/sites-available/$port ]]; then echo "${red}[ERROR] Conflict naming found $tools_port sitename is already in use!${end}" exit 1 fi if [[ $(conf_read nginx) == "true" && -d /var/www/$oldport ]]; then # MV in some edge cases fails to rename, specially when so much files are within the directories. sudo mkdir -p /var/www/$port sudo cp -rp /var/www/$oldport/* /var/www/$port sudo rm -rf /var/www/$oldport sudo mv /etc/nginx/sites-available/$oldport /etc/nginx/sites-available/$port sudo rm /etc/nginx/sites-enabled/$oldport sudo ln -s /etc/nginx/sites-available/$port /etc/nginx/sites-enabled/$port sudo sed -i "s/${oldport}/${port}/g" /etc/nginx/sites-available/$port fi conf_write tools-port $port conf_write tools-port-set $port echo "${gre}Port${blu} $port ${gre}has been enabled to access all your Tools! ${end}" else echo "${red}[ERROR] Please, enter a valid port number (1-65535)!${end}" exit 1 fi } set_tools_site() { if [[ $tools_site == true ]]; then echo "${gre}Please, enter a valid domain to access the Tools Section! ${end}" read -p "${blu}Domain: ${end}" tools_site tools_site=${tools_site,,} fi if [[ -z $tools_site ]]; then echo "${red}[ERROR] Please, enter a valid value!${end}" exit 1 elif [[ -f /etc/nginx/sites-available/$tools_site && -f /etc/nginx/sites-available/$(conf_read tools-port) && $tools_site != "default" ]]; then # Check for previous assigned domain and remove if [[ -n $(conf_read tools-site) ]]; then sudo sed -i '/server_name/d' /etc/nginx/sites-available/$(conf_read tools-port) # In case SSL is enabled sudo sed -i "/listen $(conf_read tools-port)/c \ listen $(conf_read tools-port) default_server deferred;" /etc/nginx/sites-available/$(conf_read tools-port) sudo sed -i "/listen \[::\]:$(conf_read tools-port)/c \ listen [::]:$(conf_read tools-port) default_server;" /etc/nginx/sites-available/$(conf_read tools-port) sudo sed -i '/headers-https.conf/d' /etc/nginx/sites-available/$(conf_read tools-port) sudo sed -i '/WebinolySSLstart/,/WebinolySSLend/{/.*/d}' /etc/nginx/sites-available/$(conf_read tools-port) sudo sed -i '/WebinolyToolsStartBlackhole/,/WebinolyToolsEndBlackhole/{/.*/d}' /etc/nginx/sites-available/$(conf_read tools-port) fi # Assign new domain/site sername=$(sed -n -e '/WebinolyNginxServerStart/,$p' /etc/nginx/sites-available/$tools_site | grep -F "server_name" | sed -e 's/^[ \t]*//') sudo sed -i "/error_log/a \ ${sername}" /etc/nginx/sites-available/$(conf_read tools-port) sudo sed -i "/listen $(conf_read tools-port)/c \ listen $(conf_read tools-port) deferred;" /etc/nginx/sites-available/$(conf_read tools-port) sudo sed -i "/listen \[::\]:$(conf_read tools-port)/c \ listen [::]:$(conf_read tools-port);" /etc/nginx/sites-available/$(conf_read tools-port) # If SSL is enabled if [[ $(is_ssl $tools_site) == "true" ]]; then sudo sed -i "/listen $(conf_read tools-port)/c \ listen $(conf_read tools-port) ssl http2 deferred;" /etc/nginx/sites-available/$(conf_read tools-port) sudo sed -i "/listen \[::\]:$(conf_read tools-port)/c \ listen [::]:$(conf_read tools-port) ssl http2;" /etc/nginx/sites-available/$(conf_read tools-port) sudo sed -i '/server_name /r /opt/webinoly/templates/template-site-ssl' /etc/nginx/sites-available/$(conf_read tools-port) local ssl_cer=$(sed -n -e '/WebinolyNginxServerStart/,$p' /etc/nginx/sites-available/$tools_site | grep -F "ssl_certificate " | tr -d '\t') local ssl_key=$(sed -n -e '/WebinolyNginxServerStart/,$p' /etc/nginx/sites-available/$tools_site | grep -F "ssl_certificate_key " | tr -d '\t') local ssl_tru=$(sed -n -e '/WebinolyNginxServerStart/,$p' /etc/nginx/sites-available/$tools_site | grep -F "ssl_trusted_certificate " | tr -d '\t') sudo sed -i "/WebinolySSLstart/,/WebinolySSLend/{s#ssl_certificate .*;#$ssl_cer#}" /etc/nginx/sites-available/$(conf_read tools-port) sudo sed -i "/WebinolySSLstart/,/WebinolySSLend/{s#ssl_certificate_key .*;#$ssl_key#}" /etc/nginx/sites-available/$(conf_read tools-port) if [[ -z $ssl_tru ]]; then sudo sed -i '/WebinolySSLstart/,/WebinolySSLend/{/ssl_stapling/d}' /etc/nginx/sites-available/$(conf_read tools-port) sudo sed -i '/WebinolySSLstart/,/WebinolySSLend/{/ssl_trusted_certificate/d}' /etc/nginx/sites-available/$(conf_read tools-port) else sudo sed -i "/WebinolySSLstart/,/WebinolySSLend/{s#ssl_trusted_certificate .*;#$ssl_tru#}" /etc/nginx/sites-available/$(conf_read tools-port) fi sudo sed -i '/locations.conf/a \ include common/headers-https.conf;' /etc/nginx/sites-available/$(conf_read tools-port) sudo sed -i "/WebinolySSLend/i \ error_page 497 https:\/\/\$host:\$server_port\$request_uri;" /etc/nginx/sites-available/$(conf_read tools-port) create_blackhole_cert fi # Default blackhole for requests different from our assigned Tools-Site sudo sed -i '/Webinoly Admin-Tools NGINX CONFIGURATION/r /opt/webinoly/templates/general/tools-site-blackhole' /etc/nginx/sites-available/$(conf_read tools-port) sudo sed -i "/WebinolyToolsStartBlackhole/,/WebinolyToolsEndBlackhole/{s//$(conf_read tools-port)/}" /etc/nginx/sites-available/$(conf_read tools-port) if [[ $(is_ssl $tools_site) == "false" ]]; then sudo sed -i "/WebinolyToolsStartBlackhole/,/WebinolyToolsEndBlackhole/{/ssl_certificate/d}" /etc/nginx/sites-available/$(conf_read tools-port) sudo sed -i "/WebinolyToolsStartBlackhole/,/WebinolyToolsEndBlackhole/{/error_page/d}" /etc/nginx/sites-available/$(conf_read tools-port) sudo sed -i "/WebinolyToolsStartBlackhole/,/WebinolyToolsEndBlackhole/{s/ssl //}" /etc/nginx/sites-available/$(conf_read tools-port) echo "${red}It's highly recommended having an SSL Cert enabled on this site. ${end}" fi conf_write tools-site $tools_site echo "${gre}Domain${blu} ${tools_site}:$(conf_read tools-port) ${gre}was successfully assigned to access your server tools!${end}" elif [[ $tools_site == "default" ]]; then sudo rm -rf /etc/nginx/sites-available/$(conf_read tools-port) sudo cp /opt/webinoly/templates/nginx/admin_tools.conf /etc/nginx/sites-available/$(conf_read tools-port) sudo sed -i "s//$(conf_read tools-port)/g" /etc/nginx/sites-available/$(conf_read tools-port) conf_write tools-site default echo "${gre}Tools Site settings has been reset successfully!${end}" elif [[ -f /etc/nginx/sites-available/$tools_site && ! -f /etc/nginx/sites-available/$(conf_read tools-port) ]]; then echo "${red}[ERROR] Tools Site is not enabled! ${end}" exit 1 else echo "${red}[ERROR] Domain/site not found. ${end}" exit 1 fi # Warning Message if [[ ( ! -s /etc/nginx/.htpasswd && $tools_site == "default" ) || ( ! -s /etc/nginx/.htpasswd && $tools_site != "default" && -f /etc/nginx/sites-available/$tools_site && ! -s /etc/nginx/apps.d/.htpasswd-$tools_site ) ]]; then echo "${dim}[WARNING] HTTP Authentication Credentials not found and you may need it to access these tools!${end}" fi } www_data_sftp_access() { if [[ $login_www_data == "on" && $(conf_read login-www-data) == "true" ]]; then echo "${gre}SFTP access for www-data user is already enabled! ${end}" elif [[ $login_www_data == "off" && $(conf_read login-www-data) != "true" ]]; then echo "${gre}SFTP access for www-data user is already disabled! ${end}" elif [[ $login_www_data == "on" ]]; then # Allow access for www-data user if [[ -f $CURRENT_HOME/.ssh/authorized_keys ]]; then echo "${blu}${dim}Copying your SSH keys from '${CURRENT_USER}' to www-data access!${end}" sudo mkdir -p /var/www/.ssh sudo chmod 700 /var/www/.ssh sudo cat $CURRENT_HOME/.ssh/authorized_keys > /var/www/.ssh/authorized_keys sudo chmod 600 /var/www/.ssh/* fi sudo chown -R www-data:www-data /var/www # www-data sftp-only access jail - if fails usrlib must be listed in /etc/shells sudo usermod -s /usr/lib/openssh/sftp-server www-data sudo addgroup --system sftponly > /dev/null 2>&1 sudo usermod -G sftponly www-data sudo chown root:root /var/www sudo sed -i "/Subsystem sftp/c\Subsystem sftp internal-sftp" /etc/ssh/sshd_config sudo echo '# WebinolySFTPstart Match Group sftponly ChrootDirectory /var/www X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp # WebinolySFTPend' >> /etc/ssh/sshd_config falus=$( grep -Gi "^AllowUsers " /etc/ssh/sshd_config ) [[ -n $falus ]] && sudo sed -i "s/$falus/$falus www-data/" /etc/ssh/sshd_config conf_write login-www-data true conf_write sftp-www-data true sudo systemctl restart ssh echo "${gre}SFTP access for www-data user has been successfuly enabled! ${end}" elif [[ $login_www_data == "off" ]]; then sudo rm -rf /var/www/.ssh sudo sed -i '/www-data:/c\www-data:x:33:33:www-data:\/var\/www:\/usr\/sbin\/nologin' /etc/passwd sudo gpasswd -d www-data sftponly > /dev/null 2>&1 sudo delgroup sftponly > /dev/null 2>&1 sudo chown www-data:www-data /var/www sudo sed -i "/Subsystem sftp/c\Subsystem sftp \/usr\/lib\/openssh\/sftp-server" /etc/ssh/sshd_config sudo sed -i '/WebinolySFTPstart/,/WebinolySFTPend/{/.*/d}' /etc/ssh/sshd_config falus=$( grep -Gi "^AllowUsers " /etc/ssh/sshd_config ) if [[ -n $falus ]]; then suffix=" www-data" foo=${falus%$suffix} sudo sed -i "s/$falus/$foo/" /etc/ssh/sshd_config fi conf_write login-www-data purged conf_write sftp-www-data purged sudo systemctl restart ssh echo "${gre}SFTP access for www-data user has been successfuly disabled! ${end}" else echo "${red}[ERROR] Invalid value for login-www-data! ${end}" exit 1 fi } webinoly_uninstall() { echo "${red}" echo "You are about to completely remove Webinoly App from your server!!" echo "${blu}Are you sure [y/N]? " while read -r -n 1 -s answer; do answer=${answer:-n} echo "" [[ $answer = [YyNn] ]] && break done if [[ $answer == [Yy] ]]; then [[ -z $no_recovery ]] && sudo tar -Pcf $HOME/.webinoly-conf-restore_dont-remove /opt/webinoly/webinoly.conf /opt/webinoly/templates/source [[ -z $no_recovery ]] && echo "${gre}${dim}Configuration saved!${end}" sudo rm -rf /opt/webinoly sudo rm /usr/bin/webinoly sudo rm /usr/bin/stack sudo rm /usr/bin/site sudo rm /usr/bin/httpauth sudo rm /usr/bin/log echo "${gre}Webinoly App has been removed successfully from your server!${end}" exit 0 # Only allowed here because after this Webinoly does not exist in the server! else echo "${red}Action aborted!${end}" exit 1 fi } external_sources_update() { echo "${blu}- Downloading Public Suffix List!${end}" sudo wget --timeout=15 -t 1 -qrO /tmp/temp-public_suffix_list.dat https://publicsuffix.org/list/public_suffix_list.dat if [[ -s /tmp/temp-public_suffix_list.dat ]]; then echo "${blu}- Processing file!${end}" sudo sed -i '/^\/\// d' /tmp/temp-public_suffix_list.dat sudo sed -i '/^$/d' /tmp/temp-public_suffix_list.dat sudo sed -i 's/[!]\+//g' /tmp/temp-public_suffix_list.dat sudo sed -i 's/^\*\.\+//g' /tmp/temp-public_suffix_list.dat sudo mv /tmp/temp-public_suffix_list.dat /opt/webinoly/lib/public_suffix_list.dat echo "${gre}Domain list has been successfully updated!${end}" else echo "${red}[ERROR] Domain list not updated!${end}" err_cont=true fi echo "" echo "${blu}- Downloading Timezone Database!${end}" sudo wget --timeout=15 -t 1 -qrO /tmp/timezonedb.tgz https://pecl.php.net/get/timezonedb if [[ -s /tmp/timezonedb.tgz ]]; then echo "${blu}- Processing file!${end}" sudo tar -xf /tmp/timezonedb.tgz -C /tmp/ --wildcards --no-anchored timezonedb-*/timezonedb.h --strip-components=1 sudo sed -i '/^\t{.*},$/!d' /tmp/timezonedb.h sudo cut -d'"' -f2 /tmp/timezonedb.h > /opt/webinoly/lib/timezone.dat sudo rm /tmp/timezonedb.* echo "${gre}Timezone Database has been successfully updated!${end}" else echo "${red}[ERROR] Timezone Database not updated!${end}" exit 1 fi } clear_caches() { if [[ $clear_cache =~ ^(redis|all)$ ]]; then if [[ $(conf_read php-tool-redis) == "true" && -f /etc/redis/redis.conf ]]; then sudo redis-cli flushall echo "${gre}- Redis Cache has been successfully cleared!${end}" else echo "${red}[ERROR] We can not clear Redis Cache because is not installed!${end}" err_cont=true fi fi if [[ $clear_cache =~ ^(memcache|memcached|all)$ ]]; then if [[ $(conf_read php-tool-memcached) == "true" && -f /etc/memcached.conf ]]; then memhost=$(grep ^-l /etc/memcached.conf | cut -f 2 -d ' ') memport=$(grep ^-p /etc/memcached.conf | cut -f 2 -d ' ') echo flush_all > /dev/tcp/$memhost/$memport echo "${gre}- Memcached has been successfully cleared!${end}" else echo "${red}[ERROR] We can not clear Memcache because is not installed!${end}" err_cont=true fi fi if [[ $clear_cache =~ ^(opcache|all)$ ]]; then if [[ $(conf_read nginx) == "true" && $(conf_read php) == "true" ]]; then port=$(conf_read tools-port) if [[ ! -f /var/www/$port/htdocs/php/opcache/index.php ]]; then sudo mkdir /var/www/$port/htdocs/php/opcache sudo touch /var/www/$port/htdocs/php/opcache/index.php echo ' /var/www/$port/htdocs/php/opcache/index.php sudo chown -R www-data:www-data /var/www/$port/htdocs/php/opcache sudo chmod 644 /var/www/$port/htdocs/php/opcache/index.php fi wget --spider --no-check-certificate --timeout=15 -t 1 localhost:$port/php/opcache/ > /dev/null 2>&1 & echo "${gre}- OpCache has been successfully cleared!${end}" else echo "${red}[ERROR] We can not clear OpCache because PHP or NGINX are not installed!${end}" err_cont=true fi fi if [[ $clear_cache =~ ^(fastcgi|all)$ ]]; then if [[ $(conf_read nginx) == "true" ]]; then sudo rm -Rf /run/nginx-cache/* echo "${gre}- FastCgi Cache has been successfully cleared!${end}" else echo "${red}[ERROR] We can not clear FastCGI Cache because NGINX is not installed!${end}" err_cont=true fi fi if [[ -f /etc/nginx/sites-available/$clear_cache ]]; then if [[ $(conf_read nginx) == "true" && $(is_cache $clear_cache $subfolder) =~ ^(custom|proxy)$ ]]; then sudo rm -Rf /run/nginx-cache/$(echo $domain | sed 's/[^0-9A-Za-z]/_/g')$(echo $subfolder | sed "s/\//_/g") echo "${gre}Custom Nginx Cache for${blu} ${clear_cache}${subfolder} ${gre}has been successfully cleared!${end}" elif ! [[ $(is_cache $clear_cache $subfolder) =~ ^(custom|proxy)$ ]]; then echo "${red}[ERROR] Custom Cache is not enabled for this site!${end}" err_cont=true elif [[ $(conf_read nginx) != "true" ]]; then echo "${red}[ERROR] We can not clear Nginx Cache because NGINX is not installed!${end}" err_cont=true fi fi } nginx_blockip() { if [[ -z $purge ]]; then if [[ -n $list ]]; then echo "" [[ $list == "raw" || -n $raw ]] && sign="" || sign="${blu}+ " if [[ -s /etc/nginx/conf.d/blockips.conf ]]; then sudo sed -n "s/^deny /${sign}/p;" /etc/nginx/conf.d/blockips.conf | sudo sed -n 's/;$//p' else [[ $list != "raw" && -z $raw ]] && echo "${blu}[Empty] No IP's were found!" fi [[ $list == "raw" || -n $raw ]] && echo "" || echo "${end}" else [[ $blockip == true ]] && read -p "${blu}IP address to block: ${end}" blockip # Check for list of IP's if [[ -n $(echo $blockip | cut -d',' -f 2 -s) ]]; then local c=1 while [[ -n $(echo $blockip | cut -d',' -f $c -s) ]] do [[ $(is_ip $(echo $blockip | cut -d',' -f $c -s)) == "true" ]] && sudo webinoly -blockip=$(echo $blockip | cut -d',' -f $c -s) local c=$(($c+1)) done exit 0 fi if [[ $(is_ip $blockip) == "true" ]]; then if [[ ! -f /etc/nginx/conf.d/blockips.conf ]]; then sudo touch /etc/nginx/conf.d/blockips.conf sudo chmod 644 /etc/nginx/conf.d/blockips.conf sudo chown -R root:root /etc/nginx/conf.d/blockips.conf fi exist=$( grep -E "^deny $blockip;$" /etc/nginx/conf.d/blockips.conf ) if [[ -z $exist ]]; then echo "deny $blockip;" >> /etc/nginx/conf.d/blockips.conf echo "${gre}The IP address ${blu}'$blockip'${gre} was successfully blocked!${end}" else echo "${gre}IP '$blockip' is already blocked!${end}" fi else echo "${red}[ERROR] Please, enter a valid IP value!${end}" exit 1 fi fi elif [[ -n $purge ]]; then [[ $blockip == true ]] && read -p "${blu}IP address to unblock: ${end}" blockip # Check for list of IP's if [[ -n $(echo $blockip | cut -d',' -f 2 -s) ]]; then local c=1 while [[ -n $(echo $blockip | cut -d',' -f $c -s) ]] do [[ $(is_ip $(echo $blockip | cut -d',' -f $c -s)) == "true" ]] && sudo webinoly -blockip=$(echo $blockip | cut -d',' -f $c -s) -purge local c=$(($c+1)) done exit 0 fi if [[ $(is_ip $blockip) == "true" ]]; then # https://stackoverflow.com/questions/1797906/delete-using-a-different-delimiter-with-sed [[ -f /etc/nginx/conf.d/blockips.conf ]] && sed -i "\#^deny ${blockip};#d" /etc/nginx/conf.d/blockips.conf # Remove site-auth-file if empty. [[ -f /etc/nginx/conf.d/blockips.conf && ! -s /etc/nginx/conf.d/blockips.conf ]] && sudo rm /etc/nginx/conf.d/blockips.conf echo "${gre}The IP address ${blu}'$blockip'${gre} was successfully unblocked!${end}" else echo "${red}[ERROR] Please, enter a valid IP value!${end}" exit 1 fi else echo "${red}[ERROR] Nginx file not found!${end}" exit 1 fi } set_default_nginx_response() { if [[ $default_site == true ]]; then echo "${gre}Please, enter a valid option to set the Default-Site server response! ${end}" read -p "${blu}default/blackhole or any existing domain: ${end}" default_site default_site=${default_site:-NeverMatchDotCom} fi if [[ $default_site == "default" ]]; then if [[ -f /opt/webinoly/templates/source/default ]]; then sudo cat /opt/webinoly/templates/source/default >| /etc/nginx/sites-available/default remove_domain_default_site conf_write default-site default conf_write default-response default echo "${gre}Default Nginx was successfully assigned as default site!${end}" else echo "${red}[ERROR] Nginx Default file backup not found! ${end}" exit 1 fi elif [[ $default_site == "blackhole" ]]; then sudo cat /opt/webinoly/templates/general/nginx-blackhole >| /etc/nginx/sites-available/default remove_domain_default_site create_blackhole_cert conf_write default-site blackhole conf_write default-response blackhole echo "${gre}Blackhole Nginx site was successfully assigned as default site!${end}" else # Domain option if [[ -L /etc/nginx/sites-enabled/$default_site ]]; then remove_domain_default_site sudo sed -i '/WebinolyNginxServerStart/,/WebinolyNginxServerEnd/{s/listen 80;/listen 80 default_server;/}' /etc/nginx/sites-available/$default_site sudo sed -i '/WebinolyNginxServerStart/,/WebinolyNginxServerEnd/{s/listen \[::\]:80;/listen [::]:80 default_server;/}' /etc/nginx/sites-available/$default_site sudo sed -i '/WebinolyNginxServerStart/,/WebinolyNginxServerEnd/{s/listen 443 ssl http2;/listen 443 ssl http2 default_server;/}' /etc/nginx/sites-available/$default_site sudo sed -i '/WebinolyNginxServerStart/,/WebinolyNginxServerEnd/{s/listen \[::\]:443 ssl http2;/listen [::]:443 ssl http2 default_server;/}' /etc/nginx/sites-available/$default_site # If default site is Non-SSL, we need add a blackhole for port 443. if [[ $(is_ssl $default_site) == "false" ]]; then create_blackhole_cert sudo sed -i '1r /opt/webinoly/templates/general/nginx-blackhole' /etc/nginx/sites-available/$default_site sudo sed -i '/NonSSL/,/NonSSLend/{/.*/d}' /etc/nginx/sites-available/$default_site else sudo sed -i '/WebinolySSLredirectStart/,/WebinolySSLredirectEnd/{s/listen 80;/listen 80 default_server;/}' /etc/nginx/sites-available/$default_site sudo sed -i '/WebinolySSLredirectStart/,/WebinolySSLredirectEnd/{s/listen \[::\]:80;/listen [::]:80 default_server;/}' /etc/nginx/sites-available/$default_site fi sudo rm -rf /etc/nginx/sites-enabled/default conf_write default-site $default_site conf_write default-response $default_site echo "${gre}Site${blu} ${default_site} ${gre}was successfully assigned as default site!${end}" else [[ -f /etc/nginx/sites-available/$default_site ]] && echo "${red}Site found but is disabled.${end}" echo "${red}[ERROR] Please, enter a valid option (default, blackhole or domain.com). ${end}" exit 1 fi fi } aws_s3_credentials() { if [[ $aws_s3_credentials == true ]]; then echo "" read -p "${blu}Access Key ID: ${end}" user read -p "${blu}Secret Access Key: ${end}" pass echo "" elif [[ $(echo "${aws_s3_credentials}" | cut -c-1) == "[" && $(echo "${aws_s3_credentials}" | rev | cut -c-1) == "]" ]]; then # No need for check var lenght to prevent errors, the previous condition is enough in this case. cred=${aws_s3_credentials:1:-1} user=$(echo "${cred}" | cut -d',' -f 1 -s) pass=$(echo "${cred}" | cut -d',' -f 2 -s) elif [[ $aws_s3_credentials == "awsiamrole" ]]; then conf_write awsiamrole true sudo rm -rf $HOME/.aws else echo "${red}[ERROR] Invalid AWS S3 Credentials!${end}" exit 1 fi if [[ $aws_s3_credentials != "awsiamrole" ]]; then if [[ -z $user || -z $pass ]]; then echo "${red}[ERROR] Please, enter a valid AWS S3 Access and Secret Key!${end}" exit 1 fi sudo rm -rf $HOME/.aws/credentials sudo mkdir -p $HOME/.aws sudo touch $HOME/.aws/credentials sudo echo "[default] aws_access_key_id = $user aws_secret_access_key = $pass" >> $HOME/.aws/credentials [[ -n $(conf_read awsiamrole) ]] && conf_write awsiamrole purged fi echo "${gre}AWS S3 Credentials successfully added!${end}" } database_import() { [[ -z $file ]] && read -p "${blu}SQL file path to import: ${end}" file if [[ -z $file || ! -f $file ]]; then echo "${red}[ERROR] Please, enter a valid file path!${end}" exit 1 fi check_external_db_saved if [[ -n $external_db ]]; then external_db_parse if [[ $(check_mysql_connection $extdb_url $extdb_port $extdb_user $extdb_pass) != "true" ]]; then echo "${red}[ERROR] Cannot connect with your External Database!${end}" exit 1 fi echo "${dim}Wait while we import your db... ${end}" sudo mysql --connect-timeout=10 -h "$extdb_url" -P "$extdb_port" -u"$extdb_user" -p"$extdb_pass" < $file sudo mysql --connect-timeout=10 -h "$extdb_url" -P "$extdb_port" -u"$extdb_user" -p"$extdb_pass" -e "FLUSH PRIVILEGES;" echo "${gre}Database successfully imported!${end}" elif [[ -z $external_db && $(check_mysql_connection localhost) == "true" ]]; then check_for_mysql -ask sudo mysql -u admin -p$ADMIN_PASS < $file sudo mysql --connect-timeout=10 --user=admin -p$ADMIN_PASS -e "FLUSH PRIVILEGES;" echo "${gre}Database successfully imported!${end}" else echo "${red}[ERROR] A connection can not be established with MySQL localhost!${end}" exit 1 fi } http_header_custom() { if ! [[ $custom_headers =~ ^(reload|remove)$ ]]; then echo "${red}[ERROR] Please, enter a valid option Custom Headers!${end}" exit 1 fi if [[ $(conf_read nginx) == "true" ]]; then sudo sed -i '/WebinolyCustomHeaders/,/WebinolyCustomHeadersEnd/{/.*/d}' /etc/nginx/common/headers-http.conf sudo sed -i '/WebinolyCustomHeaders/,/WebinolyCustomHeadersEnd/{/.*/d}' /etc/nginx/common/headers-https.conf sudo sed -i '/WebinolyCustomHeaders/,/WebinolyCustomHeadersEnd/{/.*/d}' /etc/nginx/common/headers-html.conf fi if [[ $custom_headers == "reload" && $(conf_read nginx) == "true" ]]; then if [[ -s /opt/webinoly/templates/source/custom_header_http_webinoly.data ]]; then local http="$(sudo grep -E "^add_header .*;$" /opt/webinoly/templates/source/custom_header_http_webinoly.data)" if [[ -n $http ]]; then echo "# WebinolyCustomHeaders $http # WebinolyCustomHeadersEnd" >> /etc/nginx/common/headers-http.conf fi fi if [[ -s /opt/webinoly/templates/source/custom_header_https_webinoly.data ]]; then local https="$(sudo grep -E "^add_header .*;$" /opt/webinoly/templates/source/custom_header_https_webinoly.data)" if [[ -n $https ]]; then echo "# WebinolyCustomHeaders $https # WebinolyCustomHeadersEnd" >> /etc/nginx/common/headers-https.conf fi fi if [[ -s /opt/webinoly/templates/source/custom_header_html_webinoly.data ]]; then local html="$(sudo grep -E "^add_header .*;$" /opt/webinoly/templates/source/custom_header_html_webinoly.data)" if [[ -n $html ]]; then echo "# WebinolyCustomHeaders $html # WebinolyCustomHeadersEnd" >> /etc/nginx/common/headers-html.conf fi fi conf_write header-custom true echo "${gre}Custom Headers successfully configured!${end}" elif [[ $custom_headers == "reload" ]]; then conf_write header-custom true echo "${gre}Custom Headers successfully configured and it will be used next time NGINX is installed!${end}" else conf_write header-custom false echo "${gre}Custom Headers successfully removed!${end}" fi }