#!/bin/bash source /opt/webinoly/lib/install system_info() { [[ $ram == 0 ]] && local ramv="${ramb}Mb" || ramv="${ram}Gb" [[ $swap == 0 ]] && local swapv="${swapm}Mb" || swapv="${swap}Gb" echo "" echo "${blu}${bol}[Operating System]${end}" echo "${blu}OS Info:${end}${dim} $(sudo cat /proc/version) ${end}" echo "${blu}Description:${end}${dim} $(sudo lsb_release -d | cut -d':' -f 2- -s) ${end}" echo "${blu}Codename:${end}${dim} $(sudo lsb_release -c | cut -d':' -f 2- -s) ${end}" echo "${blu}RAM:${end}${dim} $ramv ${end}" echo "${blu}SWAP:${end}${dim} $swapv ${end}" echo "" echo "${blu}CPU Model:${end}${dim} $(lscpu | grep "Model name:" | cut -d ":" -f 2 -s | sed 's/^[ \t]*//') ${end}" echo "${blu}Architecture:${end}${dim} $(lscpu | grep "Vendor ID:" | cut -d ":" -f 2 -s | sed 's/^[ \t]*//') ($(lscpu | grep "Architecture:" | cut -d ":" -f 2 -s | sed 's/^[ \t]*//')) ${end}" echo "${blu}Cores:${end}${dim} $cores ${end}" echo "${blu}Threads per core:${end}${dim} $(lscpu | grep "Thread(s) per core:" | cut -d ":" -f 2 -s | sed 's/^[ \t]*//') ${end}" echo "" echo "${blu}Hostname:${end}${dim} $(sudo hostname) ${end}" echo "${blu}File descriptors (OS):${end}${dim} $(sudo cat /proc/sys/fs/file-max) ${end}" echo "${blu}File descriptors (root):${end}${dim} $(ulimit -Hn) ${end}" [[ $(conf_read nginx) == "true" ]] && echo "${blu}File descriptors (nginx/per process):${end}${dim} $(grep 'Max open files' /proc/$(cat /run/nginx.pid)/limits | cut -f 15 -d ' ') ${end}" echo "" echo "${blu}${bol}[Disk Usage]${end}${dim}" sudo df -Th / echo "${end}" echo "${blu}${bol}[NGINX]${end}" if [[ $(conf_read nginx) == "true" ]]; then echo "${blu}Branch:${end}${dim} $(conf_read nginx-ppa) ${end}" echo "${blu}Version:${end}${dim} $(sudo nginx -v 2>&1 | cut -d'/' -f 2- -s) ${end}" echo "${blu}worker_processes:${end}${dim} $(grep worker_processes /etc/nginx/nginx.conf | cut -f 2 -d ' ' | tr -d ';') ${end}" echo "${blu}worker_connections:${end}${dim} $(grep worker_connections /etc/nginx/nginx.conf | cut -f 2 -d ' ' | tr -d ';') ${end}" echo "${blu}worker_rlimit_nofile:${end}${dim} $(grep worker_rlimit_nofile /etc/nginx/nginx.conf | cut -f 2 -d ' ' | tr -d ';') ${end}" echo "${blu}client_max_body_size:${end}${dim} $(grep client_max_body_size /etc/nginx/nginx.conf | cut -f 2 -d ' ' | tr -d ';') ${end}" echo "" echo "${blu}${bol}[NGINX Cache Settings]${end}" echo "${blu}FastCGI 200:${end}${dim} $( grep -F "fastcgi_cache_valid 200" /etc/nginx/conf.d/fastcgi.conf | rev | cut -d' ' -f 1 | rev | tr -d ';') ${end}" echo "${blu}FastCGI 3xx/4xx:${end}${dim} $( grep -F "fastcgi_cache_valid 301 " /etc/nginx/conf.d/fastcgi.conf | rev | cut -d' ' -f 1 | rev | tr -d ';' ) ${end}" echo "${blu}FastCGI inactive:${end}${dim} $( grep -F "fastcgi_cache_path" /etc/nginx/conf.d/fastcgi.conf | rev | cut -d' ' -f 1 | rev | cut -d'=' -f 2 | tr -d ';') ${end}" echo "${blu}FastCGI max-size:${end}${dim} $( grep -F "fastcgi_cache_path" /etc/nginx/conf.d/fastcgi.conf | rev | cut -d' ' -f 2 | rev | cut -f 2 -d '=' ) ${end}" echo "${blu}open_file_cache_valid:${end}${dim} $(grep open_file_cache_valid /etc/nginx/nginx.conf | cut -f 2 -d ' ' | tr -d ';') ${end}" echo "${blu}open_file_cache max:${end}${dim} $(grep -w open_file_cache /etc/nginx/nginx.conf | cut -f 2 -d ' ' | cut -f 2 -d '=') ${end}" echo "${blu}open_file_cache inactive:${end}${dim} $(grep -w open_file_cache /etc/nginx/nginx.conf | cut -f 3 -d ' ' | cut -f 2 -d '=' | tr -d ';') ${end}" echo "" else echo "${red}${dim} NGINX is not installed! ${end}" echo "" fi echo "${blu}${bol}[PHP]${end}" if [[ $(conf_read php) == "true" ]]; then echo "${blu}Info:${end}${dim} $(php -v | grep -m1 "") ${end}" echo "${blu}memory_limit:${end}${dim} $(grep memory_limit /etc/php/$(conf_read php-ver)/fpm/php.ini | cut -f 2 -d '=' -s ) ${end}" echo "${blu}post_max_size:${end}${dim} $(grep post_max_size /etc/php/$(conf_read php-ver)/fpm/php.ini | cut -f 2 -d '=' -s ) ${end}" echo "${blu}upload_max_filesize:${end}${dim} $(grep upload_max_filesize /etc/php/$(conf_read php-ver)/fpm/php.ini | cut -f 2 -d '=' -s ) ${end}" echo "${blu}max_file_uploads:${end}${dim} $(grep max_file_uploads /etc/php/$(conf_read php-ver)/fpm/php.ini | cut -f 2 -d '=' -s ) ${end}" echo "${blu}max_execution_time:${end}${dim} $(grep max_execution_time /etc/php/$(conf_read php-ver)/fpm/php.ini | cut -f 2 -d '=' -s ) ${end}" echo "" echo "${blu}Process Manager:${end}${dim} $(grep -E "^pm.?=.?*+" /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf | cut -f 2 -d '=' -s ) ${end}" echo "${blu}pm.max_children:${end}${dim} $(grep -E "^pm.max_children.?=.?*+" /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf | cut -f 2 -d '=' -s ) ${end}" echo "${blu}pm.start_servers:${end}${dim} $(grep -E "^pm.start_servers.?=.?*+" /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf | cut -f 2 -d '=' -s ) ${end}" echo "${blu}pm.min_spare_servers:${end}${dim} $(grep -E "^pm.min_spare_servers.?=.?*+" /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf | cut -f 2 -d '=' -s ) ${end}" echo "${blu}pm.max_spare_servers:${end}${dim} $(grep -E "^pm.max_spare_servers.?=.?*+" /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf | cut -f 2 -d '=' -s ) ${end}" echo "" else echo "${red}${dim} PHP is not installed! ${end}" echo "" fi echo "${blu}${bol}[MYSQL]${end}" if [[ $(conf_read mysql) == "true" ]]; then # Check if file exist because in legacy it doesn't! if [[ $(conf_read mysql-tool-pma) == "true" && -f /var/www/$ADMIN_TOOLS_SITE/htdocs/pma/libraries/classes/Version.php ]]; then local pmaver=$(grep -E "public const VERSION = '[0-9\.]+'.*;" /var/www/$ADMIN_TOOLS_SITE/htdocs/pma/libraries/classes/Version.php | cut -f 2 -d "'") # Legacy support: before v5.1.0 (Feb 23, 2021) version is found here: elif [[ $(conf_read mysql-tool-pma) == "true" ]]; then local pmaver=$(grep -e "\$this->set('PMA_VERSION',.*'[0-9\.]*');" /var/www/$ADMIN_TOOLS_SITE/htdocs/pma/libraries/classes/Config.php | cut -f 4 -d "'") elif [[ $(conf_read mysql-tool-pma) != "true" ]]; then local pmaver="Not installed!" fi echo "${blu}Info:${end}${dim} $(sudo mysql --version) ${end}" echo "${blu}phpMyAdmin:${end}${dim} $pmaver ${end}" echo "" else echo "${red}${dim} MySQL/MariaDB is not installed! ${end}" echo "" fi echo "${blu}${bol}[Webinoly]${end}" [[ -n $(conf_read default-site) ]] && local ds=$(conf_read default-site) || local ds="default" [[ -n $(conf_read tools-site) ]] && local ts=$(conf_read tools-site) || local ts="default" [[ -n $(conf_read timezone) ]] && local tz=$(conf_read timezone) || local tz="Undefined" echo "${blu}Default site:${end}${dim} $ds ${end}" echo "${blu}Tools site:${end}${dim} $ts ${end}" echo "${blu}Tools port:${end}${dim} $(conf_read tools-port) ${end}" echo "${blu}Timezone:${end}${dim} $tz ${end}" if [[ $(conf_read smtp) == "true" ]]; then echo "${blu}SMTP Host:${end}${dim} $(grep -E "^relayhost.?=.?*+" /etc/postfix/main.cf | cut -f 2 -d '=' -s) ${end}" echo "${blu}SMTP Mainsite:${end}${dim} $(sudo cat /etc/mailname | head -n 1) ${end}" else echo "${blu}SMTP:${end}${dim} None ${end}" fi echo "" echo "${blu}${bol}[Internal]${end}" if [[ -f /opt/webinoly/webinoly.conf ]]; then sudo sed -nr "s/^([a-z\-]+)\:(.*)$/${blu}\1\:${end}${dim}\2${end}/p" /opt/webinoly/webinoly.conf else echo "${red} [ERROR] Configuration File not found! ${end}" fi echo "" } smtp_setup() { if [[ $smtp == true ]]; then local hostname=$(grep -E "^myhostname[ ]?=[ ]?.*$" /etc/postfix/main.cf | cut -d "=" -f 2 -s | sed "s/ //") [[ -n $hostname && -f /etc/nginx/sites-available/$hostname ]] && local default_host=" [$hostname]" echo "${gre}" echo "**********************************" echo "********** SMTP Setup **********" echo "**********************************" echo "" echo " * We only support TLS and Port 587." echo "" read -p "${blu} + SMTP Host: ${end}" host read -p "${blu} + User: ${end}" user read -p "${blu} + Password: ${hid}" pass echo "${hidend}" read -p "${blu} + Main Hostname/Domain${default_host}: ${end}" mainhost [[ -z $mainhost && -n $default_host ]] && mainhost=$hostname echo "" elif [[ $(echo "${smtp}" | cut -c-1) == "[" && $(echo "${smtp}" | rev | cut -c-1) == "]" ]]; then # No need for check var lenght to prevent errors, the previous condition is enough in this case. userdata=${smtp:1:-1} host=$(echo "${userdata}" | cut -d',' -f 1 -s) user=$(echo "${userdata}" | cut -d',' -f 2 -s) pass=$(echo "${userdata}" | cut -d',' -f 3 -s) mainhost=$(echo "${userdata}" | cut -d',' -f 4 -s) else echo "${red}[ERROR] Invalid SMTP data!${end}" exit 1 fi if [[ -z $user || -z $pass || -z $host || -z $mainhost ]]; then echo "${red}[ERROR] Invalid SMTP data!${end}" exit 1 elif [[ ! -f /etc/nginx/sites-available/$mainhost ]]; then echo "${red}[ERROR] Main Host site not found in your server!${end}" exit 1 fi is_url $host -split if [[ $url_type != "true" ]]; then if [[ $url_type =~ ^(http|https)$ ]]; then echo "${red}[ERROR] Invalid SMTP host! (HTTP/HTTPS scheme can not be used in conjunction with SMTP protocol)${end}" else echo "${red}[ERROR] Invalid SMTP host!${end}" fi exit 1 else if [[ -n $url_port ]]; then echo "${red}[ERROR] Invalid SMTP host! (Custom port is not supported)${end}" exit 1 fi fi [[ ! -f /opt/webinoly/templates/source/main.cf ]] && sudo cp -p /etc/postfix/main.cf /opt/webinoly/templates/source/ sudo touch /etc/mailname echo "$mainhost" > /etc/mailname sudo chown root:root /etc/mailname sudo chmod 0644 /etc/mailname sudo sed -i '/myorigin =/c \myorigin = /etc/mailname' /etc/postfix/main.cf sudo sed -i "/myhostname =/c\myhostname = $mainhost" /etc/postfix/main.cf sudo sed -i "/relayhost/c\relayhost = $host:587" /etc/postfix/main.cf sudo sed -i '/mydestination =/c \mydestination = localhost' /etc/postfix/main.cf # Ensure we have no duplicate parameters sudo sed -i '/^smtp_tls_security_level/s/^/#/' /etc/postfix/main.cf sudo sed -i '/^smtp_tls_note_starttls_offer/s/^/#/' /etc/postfix/main.cf sudo sed -i '/^smtp_use_tls/s/^/#/' /etc/postfix/main.cf sudo sed -i '/^smtp_sasl_password_maps/s/^/#/' /etc/postfix/main.cf sudo sed -i '/^smtp_sasl_security_options/s/^/#/' /etc/postfix/main.cf sudo sed -i '/^smtp_sasl_auth_enable/s/^/#/' /etc/postfix/main.cf sudo sed -i '/relayhost/a \smtp_tls_security_level = encrypt' /etc/postfix/main.cf sudo sed -i '/relayhost/a \smtp_tls_note_starttls_offer = yes' /etc/postfix/main.cf sudo sed -i '/relayhost/a \smtp_use_tls = yes' /etc/postfix/main.cf sudo sed -i '/relayhost/a \smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd' /etc/postfix/main.cf sudo sed -i '/relayhost/a \smtp_sasl_security_options = noanonymous' /etc/postfix/main.cf sudo sed -i '/relayhost/a \smtp_sasl_auth_enable = yes' /etc/postfix/main.cf sudo postconf -e 'smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt' echo "$host:587 $user:$pass" > /etc/postfix/sasl_passwd sudo chown root:root /etc/postfix/sasl_passwd sudo chmod 0600 /etc/postfix/sasl_passwd sudo postmap hash:/etc/postfix/sasl_passwd sudo chown root:root /etc/postfix/sasl_passwd.db sudo chmod 0600 /etc/postfix/sasl_passwd.db conf_write smtp true sudo systemctl restart postfix echo "${gre}SMTP was successfully enabled!${end}" } mysql_change_password() { if [[ $mysql_password == true ]]; then echo "" read -p "${blu}MySQL/MariaDB User: ${end}" user read -p "${blu}New Password: ${hid}" pass echo "${hidend}" elif [[ $(echo "${mysql_password}" | cut -c-1) == "[" && $(echo "${mysql_password}" | rev | cut -c-1) == "]" ]]; then # No need for check var lenght to prevent errors, the previous condition is enough in this case. userdata=${mysql_password:1:-1} user=$(echo "${userdata}" | cut -d',' -f 1 -s) pass=$(echo "${userdata}" | cut -d',' -f 2 -s) else echo "${red}[ERROR] Please enter a valid value for username and password!${end}" exit 1 fi if [[ -z $user || -z $pass || $user == *"'"* || $pass == *"'"* || ${#pass} -lt 8 ]]; then echo "${red}[ERROR] Please, enter a valid username and password!" echo "Password can not contain a 'single quote' and must be at least 8 characters long.${end}" exit 1 elif [[ -z $(sudo mysql --connect-timeout=10 --user=admin -e "SELECT User FROM mysql.user;" | grep -ow $user) ]]; then echo "${red}[ERROR] User ${blu}$user ${red}doesn't exists!${end}" exit 1 fi # First get the User host: 'localhost' or '%' local userhost=$(sudo mysql -ss --connect-timeout=10 --user=admin -e "SELECT Host FROM mysql.user WHERE User='${user}' LIMIT 1;") sudo mysql --connect-timeout=10 --user=admin -e "ALTER USER '${user}'@'${userhost}' IDENTIFIED BY '${pass}';FLUSH PRIVILEGES;" if [[ $? == 0 ]]; then # Check if dynvar exist, because user can remove it for security, and it's valid! [[ $user =~ ^(root|admin)$ && -n $(conf_read mysql-${user}) ]] && conf_write mysql-${user} $( echo $pass | openssl enc -a -salt ) if [[ $user == "admin" ]]; then # MySQL/MariaDB login data mysql_login_cnf sudo sed -i '/\[client\]/,/# ClientEnd/{/.*/d}' $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly-login.cnf echo "[client] user = admin password = $pass host = localhost # ClientEnd" >> $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly-login.cnf echo "${blu}${dim}Internal Webinoly login data updated!${end}" fi echo "${gre}MySQL/MariaDB Password successfully changed! ${dim}('${user}'@'${userhost}')${end}" else echo "${red}[ERROR] Unexpected error!${end}" exit 1 fi } mysql_public_access() { if ! [[ $mysql_public_access =~ ^(on|off)$ ]]; then echo "${red}[ERROR] Please, enter a valid value! ${dim}(on/off)${end}" exit 1 fi check_for_mysql -ask if [[ $mysql_public_access == "on" ]]; then cnf_write skip-networking 0 cnf_write skip-bind-address echo "" echo "${red}[WARNING] Please, be careful and take the proper security actions to protect your server, now that MySQL/MariaDB is open for public access you should at least set your firewall to prevent against any unwanted request.${end}" echo "" [[ -z $create_master_user ]] && echo "${dim}[INFO] Be sure you have a MySQL/MariaDB User with public access!${end}" conf_write mysql-public-access true echo "${gre}MySQL/MariaDB public access successfully enabled!${end}" elif [[ $mysql_public_access == "off" ]]; then cnf_delete skip-networking cnf_delete skip-bind-address conf_write mysql-public-access false echo "${gre}MySQL/MariaDB public access successfully disabled!${end}" fi sudo systemctl restart mysql if [[ -n $create_master_user ]]; then if [[ $create_master_user != true && $(echo "${create_master_user}" | cut -c-1) == "[" && $(echo "${create_master_user}" | rev | cut -c-1) == "]" ]]; then local user=$(echo ${create_master_user:1:-1} | cut -d',' -f 1 -s) local pass=$(echo ${create_master_user:1:-1} | cut -d',' -f 2 -s) fi if [[ -z $user || -z $pass ]]; then read -p "${blu}Master User Name: ${end}" user read -p "${blu}Master User Password: ${hid}" pass echo "${hidend}" fi [[ ${pass,,} == "random" ]] && local pass=`pwgen -s -1 16` if [[ -z $user || -z $pass || $user == *"'"* || $pass == *"'"* || ${#pass} -lt 8 ]]; then echo "${red}[ERROR] Please, enter a valid username and password!" echo "Password can not contain a 'single quote' and must be at least 8 characters long.${end}" exit 1 elif [[ $user != $(dbword_check $user user) ]]; then echo "${red}[ERROR] The DB Name can not be a reserved word or should only contain allowed characters!${blu}" exit 1 elif [[ -n $(sudo mysql --connect-timeout=10 --user=admin -e "SELECT User FROM mysql.user;" | grep -ow $user) ]]; then echo "${red}[ERROR] User ${blu}$user ${red}already exists!${end}" exit 1 else [[ -n $replication_slave ]] && local priv="replication slave" || local priv="ALL PRIVILEGES" [[ -n $replication_slave ]] && local grant="" || local grant="WITH GRANT OPTION" sudo mysql --connect-timeout=10 --user=admin <<_EOF_ CREATE USER '${user}'@'%' IDENTIFIED BY '${pass}'; GRANT ${priv} ON *.* TO '${user}'@'%' ${grant}; FLUSH PRIVILEGES; _EOF_ [[ $? == 0 ]] && echo "${gre}${dim}Master User${blu} $user ${gre}successfully created!${end}" || echo "${red}[ERROR] Unexpected error!${end}" fi fi } remove_domain_default_site() { # In case we have a domain as default before. if ! [[ $(conf_read default-site) =~ ^(default|blackhole)$ || -z $(conf_read default-site) ]]; then [[ ! -L /etc/nginx/sites-enabled/default && -f /etc/nginx/sites-available/default ]] && sudo ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default remove_nginx_default_server $(conf_read default-site) fi } create_blackhole_cert() { if [[ ! -f /etc/ssl/certs/webinoly-blackhole.crt.pem ]]; then # REMOVE: Temporal fix affecting openssl 1.1.1 - https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1603717.html sudo touch /root/.rnd sudo openssl req -new -newkey rsa:2048 -days 36500 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=blackhole" -keyout /etc/ssl/private/webinoly-blackhole.key.pem -out /etc/ssl/certs/webinoly-blackhole.crt.pem > /dev/null 2>&1 fi } webinoly_update() { # Update: sudo webinoly -update # Update from branch: sudo webinoly -update=beta # Downgrade: sudo webinoly -update=1.14.0 if [[ $(conf_read branch) =~ ^(alpha|beta)$ ]] && ! [[ $update =~ ^(alpha|beta)$ ]]; then echo "${red}[ERROR] Beta/alpha versions can not be updated to stable versions!${end}" exit 1 fi local currentver=$(conf_read app-version) if [[ -n $update && $update != true ]]; then local branch="-ver=${update}" else local checkver=$(wget --timeout=10 -t 1 -qO- https://api.webinoly.com/check?text=true) if [[ -z $checkver || -z $currentver ]] || ! [[ $checkver =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then echo "${red}[ERROR] Version check service unavailable!${dim} (Webinoly API)${end}" exit 1 elif [[ ${currentver//.} -ge ${checkver//.} ]]; then echo "${gre}You currently have the latest version!${dim} (v${checkver})${end}" exit 0 else echo "${dim}Updating...${end}" echo "${blu}${dim}Your current version 'v${currentver}' will be updated to the newest 'v${checkver}' ${end}" fi fi sudo wget --timeout=15 -t 1 --referer="https://update.webinoly.com/?ver=${app_version}" -qrO weby https://qrok.es/wyupd && sudo bash weby upd $branch if [[ $? == 0 ]]; then echo "${gre}Webinoly App has been updated successfully!${dim} (Updated to: v$(conf_read app-version))${end}" else # Check if exist, because it can be deleted before if an error is triggered in the installer, for instance. [[ -f weby ]] && sudo rm weby echo "${red}[ERROR] Update process has failed!${end}" exit 1 fi api-events_update wy1s } fix_permissions() { # https://github.com/QROkes/webinoly/issues/49 sudo find /var/www ! -path "/var/www/\.*" -type d -print0 | sudo xargs -r -0 chmod 755 sudo find /var/www ! -path "/var/www/\.*" -type f -print0 | sudo xargs -r -0 chmod 644 if [[ -d /var/www/.ssh ]]; then sudo find /var/www/.ssh -type d -print0 | sudo xargs -r -0 chmod 700 sudo find /var/www/.ssh ! -path "/var/www/.ssh/*.pub" -type f -print0 | sudo xargs -r -0 chmod 600 sudo find /var/www/.ssh -path "/var/www/.ssh/*.pub" -type f -print0 | sudo xargs -r -0 chmod 644 fi if [[ -d $CURRENT_HOME/.ssh ]]; then sudo find $CURRENT_HOME/.ssh -type d -print0 | sudo xargs -r -0 chmod 700 sudo find $CURRENT_HOME/.ssh ! -path "$CURRENT_HOME/.ssh/*.pub" -type f -print0 | sudo xargs -r -0 chmod 600 sudo find $CURRENT_HOME/.ssh -path "$CURRENT_HOME/.ssh/*.pub" -type f -print0 | sudo xargs -r -0 chmod 644 sudo chown -R ${CURRENT_USER}:${CURRENT_USER} $CURRENT_HOME/.ssh fi # Always check root when logname user is different! if [[ $CURRENT_HOME != "/root" && -d /root/.ssh ]]; then sudo find /root/.ssh -type d -print0 | sudo xargs -r -0 chmod 700 sudo find /root/.ssh ! -path "/root/.ssh/*.pub" -type f -print0 | sudo xargs -r -0 chmod 600 sudo find /root/.ssh -path "/root/.ssh/*.pub" -type f -print0 | sudo xargs -r -0 chmod 644 sudo chown -R root:root /root/.ssh fi sudo chown -R www-data:www-data /var/www [[ $(conf_read login-www-data) == "true" ]] && sudo chown root:root /var/www } server_reset() { # Operating System - Linux Optim if [[ $(conf_read pre-packs) == true && $server_reset =~ ^(os|all)$ ]]; then linux_purge linux_optim echo "${gre}Operating System optimization settings has been updated successfully!${end}" elif [[ $(conf_read pre-packs) != true && $server_reset == "os" ]]; then echo "${red}[ERROR] Operating System settings couldn't been updated, seems like the stack not still built!${end}" err_cont=true fi # Regenerate NGINX conf files if [[ $(conf_read nginx-optim) == "true" && $server_reset =~ ^(nginx|all)$ ]]; then sudo rm -rf /etc/nginx/common #sudo rm -rf /etc/nginx/conf.d/* - Some custom files can be in this folder, so don't remove it, just the core files! [[ -f /etc/nginx/conf.d/upstream.conf ]] && sudo rm -rf /etc/nginx/conf.d/upstream.conf [[ -f /etc/nginx/conf.d/fastcgi.conf ]] && sudo rm -rf /etc/nginx/conf.d/fastcgi.conf nginx_optim echo "${gre}Nginx settings has been updated successfully!${end}" fix_permissions echo "${gre}Permissions fixed successfully!${end}" elif [[ $(conf_read nginx-optim) != "true" && $server_reset == "nginx" ]]; then echo "${red}[ERROR] Nginx settings couldn't been updated, seems like is not installed in your server!${end}" err_cont=true fi # Regenerate PHP conf files if [[ $(conf_read php-optim) == "true" && $server_reset =~ ^(php|all)$ ]]; then if [[ -f /opt/webinoly/templates/source/php.ini && -f /opt/webinoly/templates/source/www.conf ]]; then sudo cat /opt/webinoly/templates/source/php.ini > /etc/php/$(conf_read php-ver)/fpm/php.ini sudo cat /opt/webinoly/templates/source/www.conf > /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf # Added in v1.11.0, will fail if stack was built before: [[ -f /opt/webinoly/templates/source/php-fpm.conf ]] && sudo cat /opt/webinoly/templates/source/php-fpm.conf > /etc/php/$(conf_read php-ver)/fpm/php-fpm.conf sudo rm -rf /etc/php/$(conf_read php-ver)/fpm/pool.d/debug.conf php_optim echo "${gre}PHP settings has been updated successfully!${end}" else echo "${red}[ERROR] PHP could not been updated, source files not found!${end}" err_cont=true fi elif [[ $(conf_read php-optim) != "true" && $server_reset == "php" ]]; then echo "${red}[ERROR] PHP settings couldn't been updated, seems like is not installed in your server!${end}" err_cont=true fi # Check MySQL/MariaDB Conf # Here we don't check for optim variable because in very old installations don't exist and it breaks the update process! if [[ $(conf_read mysql) == "true" && $server_reset =~ ^(mysql|all)$ ]]; then mysql_optim echo "${gre}MySQL/MariaDB settings has been updated successfully!${end}" elif [[ $(conf_read mysql) != "true" && $server_reset == "mysql" ]]; then echo "${red}[ERROR] MySQL/MariaDB settings couldn't been updated, seems like is not installed in your server!${end}" err_cont=true fi # Permissions if [[ $(conf_read nginx) == "true" && $server_reset == "permissions" ]]; then fix_permissions echo "${gre}Permissions fixed successfully!${end}" nginx_not="true" # Nginx-Reload not-needed. elif [[ $(conf_read nginx) != "true" && $server_reset == "permissions" ]]; then echo "${red}[ERROR] Nginx not found, seems like is not installed in your server!${end}" err_cont=true fi # Display message just to show we are alive. if [[ $server_reset == "all" && $(conf_read php-optim) != "true" && $(conf_read nginx-optim) != "true" ]]; then echo "${blu}Nothing to do here! ${dim}(NGINX, PHP or MySQL/MariaDB are not installed yet)${end}" fi } show_db_data() { if [[ -n $(conf_read external-dbu) && -n $(conf_read external-dbp) ]]; then local extu=$(conf_read external-dbu) local extp=$(conf_read external-dbp) if [[ -n $(conf_read external-dbh) && -n $(conf_read external-dbx) ]]; then local exth="$(conf_read external-dbh):$(conf_read external-dbx)" elif [[ -n $(conf_read external-dbh) ]]; then local exth=$(conf_read external-dbh) fi fi [[ -n $(conf_read mysql-root) ]] && local rpass=$( echo $(conf_read mysql-root) | openssl enc -d -a -salt ) || local rpass="Not-Available!" [[ -n $(conf_read mysql-admin) ]] && local apass=$( echo $(conf_read mysql-admin) | openssl enc -d -a -salt ) || local apass="Not-Available!" echo "" [[ ( $dbpass == "raw" || -n $raw ) || -z $extu ]] || echo "${gre}Localhost Credentials${end}" [[ $dbpass == "raw" || -n $raw ]] && echo "root:$rpass" || echo "${blu}${bol} root:${end}${blu}${dim} $rpass ${end}" [[ $dbpass == "raw" || -n $raw ]] && echo "admin:$apass" || echo "${blu}${bol} admin:${end}${blu}${dim} $apass ${end}" echo "" if [[ -n $extu ]]; then echo "" [[ $dbpass == "raw" || -n $raw ]] || echo "${gre}External DB Credentials${end}" [[ ( $dbpass == "raw" || -n $raw ) && -n $exth ]] && echo "Host:$exth" [[ ( $dbpass != "raw" && -z $raw ) && -n $exth ]] && echo "${blu}${bol} Host:${end}${blu}${dim} $exth ${end}" [[ $dbpass == "raw" || -n $raw ]] && echo "User:$extu" || echo "${blu}${bol} User:${end}${blu}${dim} $extu ${end}" [[ $dbpass == "raw" || -n $raw ]] && echo "Password:$extp" || echo "${blu}${bol} Password:${end}${blu}${dim} $extp ${end}" echo "" fi if [[ -z $rpass && -z $extu ]]; then echo "${red}" echo "[ERROR] DB Credentials not found!" echo "${end}" exit 1 fi } change_tools_port() { local oldport=$(conf_read tools-port) if [[ $tools_port == true ]]; then [[ -z $oldport ]] && local oldport=$tools_port_default read -p "${blu}Tools Port [Current: $oldport]: " port else port=$tools_port fi if [[ -z $port || ( -n $oldport && $port == $oldport ) ]]; then echo "${gre}Tools-Port not changed! ${end}" elif [[ $port =~ ^[0-9]+$ && $port -ge 0 && $port -le 65535 ]]; then if [[ -n $(conf_read tools-site) && -f /etc/nginx/sites-available/$(conf_read tools-site) ]]; then readonly NEW_ADMIN_TOOLS_SITE="$(conf_read tools-site):${port}" else readonly NEW_ADMIN_TOOLS_SITE="default:${port}" fi if [[ -f /etc/nginx/sites-available/$NEW_ADMIN_TOOLS_SITE ]]; then echo "${red}[ERROR] Conflict naming found $NEW_ADMIN_TOOLS_SITE sitename is already in use!${end}" exit 1 fi if [[ $(conf_read nginx) == "true" && -d /var/www/$ADMIN_TOOLS_SITE ]]; then # MV in some edge cases fails to rename, specially when so much files are within the directories. sudo mkdir -p /var/www/$NEW_ADMIN_TOOLS_SITE sudo cp -rp /var/www/$ADMIN_TOOLS_SITE/* /var/www/$NEW_ADMIN_TOOLS_SITE sudo rm -rf /var/www/$ADMIN_TOOLS_SITE sudo mv /etc/nginx/sites-available/$ADMIN_TOOLS_SITE /etc/nginx/sites-available/$NEW_ADMIN_TOOLS_SITE sudo rm /etc/nginx/sites-enabled/$ADMIN_TOOLS_SITE sudo ln -s /etc/nginx/sites-available/$NEW_ADMIN_TOOLS_SITE /etc/nginx/sites-enabled/$NEW_ADMIN_TOOLS_SITE sudo sed -i "s/${oldport}/${port}/g" /etc/nginx/sites-available/$NEW_ADMIN_TOOLS_SITE sudo sed -i "s/$ADMIN_TOOLS_SITE/$NEW_ADMIN_TOOLS_SITE/g" /etc/nginx/sites-available/$NEW_ADMIN_TOOLS_SITE fi conf_write tools-port $port conf_write tools-port-set $port echo "${gre}Port${blu} $port ${gre}has been enabled to access all your Tools! ${end}" else echo "${red}[ERROR] Please, enter a valid port number (1-65535)!${end}" exit 1 fi } set_tools_site() { if [[ $tools_site == true ]]; then echo "${gre}Please, enter a valid domain to access the Tools Section! ${end}" read -p "${blu}Domain: ${end}" tools_site tools_site=${tools_site,,} fi if [[ -z $tools_site ]]; then echo "${red}[ERROR] Please, enter a valid value!${end}" exit 1 elif [[ $tools_site == $(conf_read tools-site) ]]; then echo "${gre}Tools-Site not changed! ${end}" elif [[ -f /etc/nginx/sites-available/$tools_site && -f /etc/nginx/sites-available/$ADMIN_TOOLS_SITE && $tools_site != "default" ]]; then # Check for previous assigned domain and remove if [[ -n $(conf_read tools-site) ]]; then sudo sed -i '/server_name/d' /etc/nginx/sites-available/$ADMIN_TOOLS_SITE # In case SSL is enabled sudo sed -i "/listen $(conf_read tools-port)/c \ listen $(conf_read tools-port) default_server deferred;" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE sudo sed -i "/listen \[::\]:$(conf_read tools-port)/c \ listen [::]:$(conf_read tools-port) default_server;" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE sudo sed -i '/headers-https.conf/d' /etc/nginx/sites-available/$ADMIN_TOOLS_SITE # For legacy (old sites) support! sudo sed -i '/headers.conf;/c \ include common/header.conf;' /etc/nginx/sites-available/$ADMIN_TOOLS_SITE sudo sed -i '/WebinolySSLstart/,/WebinolySSLend/{/.*/d}' /etc/nginx/sites-available/$ADMIN_TOOLS_SITE sudo sed -i '/WebinolyToolsStartBlackhole/,/WebinolyToolsEndBlackhole/{/.*/d}' /etc/nginx/sites-available/$ADMIN_TOOLS_SITE fi # Assign new domain/site sername=$(sed -n -e '/WebinolyNginxServerStart/,$p' /etc/nginx/sites-available/$tools_site | grep -F "server_name" | sed -e 's/^[ \t]*//') sudo sed -i "/error_log/a \ ${sername}" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE sudo sed -i "/listen $(conf_read tools-port)/c \ listen $(conf_read tools-port) deferred;" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE sudo sed -i "/listen \[::\]:$(conf_read tools-port)/c \ listen [::]:$(conf_read tools-port);" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE sudo sed -i "s/$ADMIN_TOOLS_SITE/${tools_site}:$(conf_read tools-port)/g" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE # If SSL is enabled if [[ $(is_ssl $tools_site) == "true" ]]; then sudo sed -i "/listen $(conf_read tools-port)/c \ listen $(conf_read tools-port) ssl http2 deferred;" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE sudo sed -i "/listen \[::\]:$(conf_read tools-port)/c \ listen [::]:$(conf_read tools-port) ssl http2;" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE sudo sed -i '/server_name /r /opt/webinoly/templates/template-site-ssl' /etc/nginx/sites-available/$ADMIN_TOOLS_SITE local ssl_cer=$(sed -n -e '/WebinolyNginxServerStart/,$p' /etc/nginx/sites-available/$tools_site | grep -F "ssl_certificate " | tr -d '\t') local ssl_key=$(sed -n -e '/WebinolyNginxServerStart/,$p' /etc/nginx/sites-available/$tools_site | grep -F "ssl_certificate_key " | tr -d '\t') local ssl_tru=$(sed -n -e '/WebinolyNginxServerStart/,$p' /etc/nginx/sites-available/$tools_site | grep -F "ssl_trusted_certificate " | tr -d '\t') sudo sed -i "/WebinolySSLstart/,/WebinolySSLend/{s#ssl_certificate .*;#$ssl_cer#}" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE sudo sed -i "/WebinolySSLstart/,/WebinolySSLend/{s#ssl_certificate_key .*;#$ssl_key#}" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE if [[ -z $ssl_tru ]]; then sudo sed -i '/WebinolySSLstart/,/WebinolySSLend/{/ssl_stapling/d}' /etc/nginx/sites-available/$ADMIN_TOOLS_SITE sudo sed -i '/WebinolySSLstart/,/WebinolySSLend/{/ssl_trusted_certificate/d}' /etc/nginx/sites-available/$ADMIN_TOOLS_SITE else sudo sed -i "/WebinolySSLstart/,/WebinolySSLend/{s#ssl_trusted_certificate .*;#$ssl_tru#}" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE fi sudo sed -i '/header.conf;/c \ include common/headers.conf;' /etc/nginx/sites-available/$ADMIN_TOOLS_SITE sudo sed -i "/WebinolySSLend/i \ error_page 497 https:\/\/\$host:\$server_port\$request_uri;" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE create_blackhole_cert fi # Default blackhole for requests different from our assigned Tools-Site sudo sed -i '/Webinoly Admin-Tools NGINX CONFIGURATION/r /opt/webinoly/templates/general/tools-site-blackhole' /etc/nginx/sites-available/$ADMIN_TOOLS_SITE sudo sed -i "/WebinolyToolsStartBlackhole/,/WebinolyToolsEndBlackhole/{s//$(conf_read tools-port)/}" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE if [[ $(is_ssl $tools_site) == "false" ]]; then sudo sed -i "/WebinolyToolsStartBlackhole/,/WebinolyToolsEndBlackhole/{/ssl_certificate/d}" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE sudo sed -i "/WebinolyToolsStartBlackhole/,/WebinolyToolsEndBlackhole/{/error_page/d}" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE sudo sed -i "/WebinolyToolsStartBlackhole/,/WebinolyToolsEndBlackhole/{s/ssl //}" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE echo "${red}It's highly recommended having an SSL Cert enabled on this site. ${end}" fi # MV in some edge cases fails to rename, specially when so much files are within the directories. sudo mkdir -p /var/www/${tools_site}:$(conf_read tools-port) sudo cp -rp /var/www/$ADMIN_TOOLS_SITE/* /var/www/${tools_site}:$(conf_read tools-port) sudo rm -rf /var/www/$ADMIN_TOOLS_SITE sudo mv /etc/nginx/sites-available/$ADMIN_TOOLS_SITE /etc/nginx/sites-available/${tools_site}:$(conf_read tools-port) sudo rm -rf /etc/nginx/sites-enabled/$ADMIN_TOOLS_SITE sudo ln -s /etc/nginx/sites-available/${tools_site}:$(conf_read tools-port) /etc/nginx/sites-enabled/${tools_site}:$(conf_read tools-port) sudo chown -R www-data:www-data /var/www [[ $(conf_read login-www-data) == "true" ]] && sudo chown root:root /var/www conf_write tools-site $tools_site echo "${gre}Domain${blu} ${tools_site}:$(conf_read tools-port) ${gre}was successfully assigned to access your server tools!${end}" elif [[ $tools_site == "default" ]]; then if [[ $ADMIN_TOOLS_SITE != "default:$(conf_read tools-port)" ]]; then # MV in some edge cases fails to rename, specially when so much files are within the directories. sudo mkdir -p /var/www/default:$(conf_read tools-port) sudo cp -rp /var/www/$ADMIN_TOOLS_SITE/* /var/www/default:$(conf_read tools-port) sudo rm -rf /var/www/$ADMIN_TOOLS_SITE sudo rm -rf /etc/nginx/sites-available/$ADMIN_TOOLS_SITE sudo cp /opt/webinoly/templates/general/admin_tools.conf /etc/nginx/sites-available/default:$(conf_read tools-port) sudo sed -i "s//$(conf_read tools-port)/g" /etc/nginx/sites-available/default:$(conf_read tools-port) sudo sed -i "s//default:$(conf_read tools-port)/g" /etc/nginx/sites-available/default:$(conf_read tools-port) sudo rm -rf /etc/nginx/sites-enabled/$ADMIN_TOOLS_SITE sudo ln -s /etc/nginx/sites-available/default:$(conf_read tools-port) /etc/nginx/sites-enabled/default:$(conf_read tools-port) sudo chown -R www-data:www-data /var/www [[ $(conf_read login-www-data) == "true" ]] && sudo chown root:root /var/www else # This is the case when importing a full site from backup! echo "${blu}${dim}Tools data folder already exist, no need to re-create it!${end}" fi conf_write tools-site default echo "${gre}Tools Site settings has been reset successfully!${end}" elif [[ -f /etc/nginx/sites-available/$tools_site && ! -f /etc/nginx/sites-available/$ADMIN_TOOLS_SITE ]]; then echo "${red}[ERROR] Tools Site is not enabled! ${end}" exit 1 else echo "${red}[ERROR] Domain/site not found. ${end}" exit 1 fi # Warning Message if [[ (( ! -s /etc/nginx/.htpasswd || -z $(cat -v /etc/nginx/.htpasswd | grep '[^[:space:]]')) && $tools_site == "default" ) || (( ! -s /etc/nginx/.htpasswd || -z $(cat -v /etc/nginx/.htpasswd | grep '[^[:space:]]')) && $tools_site != "default" && -f /etc/nginx/sites-available/$tools_site && ( ! -s /etc/nginx/apps.d/.htpasswd-$tools_site || -z $(cat -v /etc/nginx/apps.d/.htpasswd-$tools_site | grep -m 1 '[^[:space:]]'))) ]]; then echo "${dim}[WARNING] HTTP Authentication Credentials not found and you may need it to access these tools!${end}" fi } www_data_sftp_access() { if [[ $login_www_data == "on" && $(conf_read login-www-data) == "true" ]]; then echo "${gre}SFTP access for www-data user is already enabled! ${end}" elif [[ $login_www_data == "off" && $(conf_read login-www-data) != "true" ]]; then echo "${gre}SFTP access for www-data user is already disabled! ${end}" elif [[ $login_www_data == "on" ]]; then # Allow access for www-data user if [[ -f $CURRENT_HOME/.ssh/authorized_keys ]]; then echo "${blu}${dim}Copying your SSH keys from '${CURRENT_USER}' to www-data access!${end}" sudo mkdir -p /var/www/.ssh sudo chmod 700 /var/www/.ssh sudo cat $CURRENT_HOME/.ssh/authorized_keys > /var/www/.ssh/authorized_keys sudo chmod 600 /var/www/.ssh/* fi sudo chown -R www-data:www-data /var/www # www-data sftp-only access jail - if fails usrlib must be listed in /etc/shells sudo usermod -s /usr/lib/openssh/sftp-server www-data sudo addgroup --system sftponly > /dev/null 2>&1 sudo usermod -G sftponly www-data sudo chown root:root /var/www sudo sed -i "/Subsystem sftp/c\Subsystem sftp internal-sftp" /etc/ssh/sshd_config sudo echo '# WebinolySFTPstart Match Group sftponly ChrootDirectory /var/www X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp # WebinolySFTPend' >> /etc/ssh/sshd_config falus=$( grep -Gi "^AllowUsers " /etc/ssh/sshd_config ) [[ -n $falus ]] && sudo sed -i "s/$falus/$falus www-data/" /etc/ssh/sshd_config conf_write login-www-data true conf_write sftp-www-data true sudo systemctl restart ssh echo "${gre}SFTP access for www-data user has been successfuly enabled! ${end}" elif [[ $login_www_data == "off" ]]; then sudo rm -rf /var/www/.ssh sudo sed -i '/www-data:/c\www-data:x:33:33:www-data:\/var\/www:\/usr\/sbin\/nologin' /etc/passwd sudo gpasswd -d www-data sftponly > /dev/null 2>&1 sudo delgroup sftponly > /dev/null 2>&1 sudo chown www-data:www-data /var/www sudo sed -i "/Subsystem sftp/c\Subsystem sftp \/usr\/lib\/openssh\/sftp-server" /etc/ssh/sshd_config sudo sed -i '/WebinolySFTPstart/,/WebinolySFTPend/{/.*/d}' /etc/ssh/sshd_config falus=$( grep -Gi "^AllowUsers " /etc/ssh/sshd_config ) if [[ -n $falus ]]; then suffix=" www-data" foo=${falus%$suffix} sudo sed -i "s/$falus/$foo/" /etc/ssh/sshd_config fi conf_write login-www-data false conf_write sftp-www-data false sudo systemctl restart ssh echo "${gre}SFTP access for www-data user has been successfuly disabled! ${end}" else echo "${red}[ERROR] Invalid value for login-www-data! ${end}" exit 1 fi } webinoly_uninstall() { echo "${red}" echo "You are about to completely remove Webinoly App from your server!!" echo "${blu}Are you sure [y/N]? " while read -r -n 1 -s answer; do answer=${answer:-n} echo "" [[ $answer = [YyNn] ]] && break done if [[ $answer == [Yy] ]]; then [[ -z $no_recovery ]] && sudo tar -Pcf $HOME/.webinoly-conf-restore_dont-remove /opt/webinoly/webinoly.conf /opt/webinoly/templates/source [[ -z $no_recovery ]] && echo "${gre}${dim}Configuration saved!${end}" sudo rm -rf /opt/webinoly sudo rm /usr/bin/webinoly sudo rm /usr/bin/stack sudo rm /usr/bin/site sudo rm /usr/bin/httpauth sudo rm /usr/bin/log echo "${gre}Webinoly App has been removed successfully from your server!${end}" exit 0 # Only allowed here because after this Webinoly does not exist in the server! else echo "${red}Action aborted!${end}" exit 1 fi } external_sources_update() { echo "${blu}- Downloading Public Suffix List!${end}" sudo wget --timeout=15 -t 1 -qrO /tmp/temp-public_suffix_list.dat https://publicsuffix.org/list/public_suffix_list.dat if [[ -s /tmp/temp-public_suffix_list.dat ]]; then echo "${blu}- Processing file!${end}" sudo sed -i '/^\/\// d' /tmp/temp-public_suffix_list.dat sudo sed -i '/^$/d' /tmp/temp-public_suffix_list.dat sudo sed -i 's/[!]\+//g' /tmp/temp-public_suffix_list.dat sudo sed -i 's/^\*\.\+//g' /tmp/temp-public_suffix_list.dat sudo mv /tmp/temp-public_suffix_list.dat /opt/webinoly/lib/public_suffix_list.dat echo "${gre}Domain list has been successfully updated!${end}" else echo "${red}[ERROR] Domain list not updated!${end}" err_cont=true fi echo "" echo "${blu}- Downloading Timezone Database!${end}" sudo wget --timeout=15 -t 1 -qrO /tmp/timezonedb.tgz https://pecl.php.net/get/timezonedb if [[ -s /tmp/timezonedb.tgz ]]; then echo "${blu}- Processing file!${end}" sudo tar -xf /tmp/timezonedb.tgz -C /tmp/ --wildcards --no-anchored timezonedb-*/timezonedb.h --strip-components=1 sudo sed -i '/^\t{.*},$/!d' /tmp/timezonedb.h sudo cut -d'"' -f2 /tmp/timezonedb.h > /opt/webinoly/lib/timezone.dat sudo rm /tmp/timezonedb.* echo "${gre}Timezone Database has been successfully updated!${end}" else echo "${red}[ERROR] Timezone Database not updated!${end}" exit 1 fi } clear_caches() { if [[ $clear_cache =~ ^(redis|all)$ ]]; then if [[ $(conf_read php-tool-redis) == "true" && -f /etc/redis/redis.conf ]]; then sudo redis-cli flushall echo "${gre}- Redis Cache has been successfully cleared!${end}" else [[ $clear_cache != "all" ]] && echo "${red}[ERROR] We can not clear Redis Cache because is not installed!${end}" err_cont=true fi fi if [[ $clear_cache =~ ^(memcache|memcached|all)$ ]]; then if [[ $(conf_read php-tool-memcached) == "true" && -f /etc/memcached.conf ]]; then memhost=$(grep ^-l /etc/memcached.conf | cut -f 2 -d ' ') memport=$(grep ^-p /etc/memcached.conf | cut -f 2 -d ' ') echo flush_all > /dev/tcp/$memhost/$memport echo "${gre}- Memcached has been successfully cleared!${end}" else [[ $clear_cache != "all" ]] && echo "${red}[ERROR] We can not clear Memcache because is not installed!${end}" err_cont=true fi fi if [[ $clear_cache =~ ^(opcache|all)$ ]]; then if [[ $(conf_read nginx) == "true" && $(conf_read php) == "true" ]]; then if [[ ! -f /var/www/$ADMIN_TOOLS_SITE/htdocs/php/opcache/index.php ]]; then sudo mkdir /var/www/$ADMIN_TOOLS_SITE/htdocs/php/opcache sudo touch /var/www/$ADMIN_TOOLS_SITE/htdocs/php/opcache/index.php echo ' /var/www/$ADMIN_TOOLS_SITE/htdocs/php/opcache/index.php sudo chown -R www-data:www-data /var/www/$ADMIN_TOOLS_SITE/htdocs/php/opcache sudo chmod 644 /var/www/$ADMIN_TOOLS_SITE/htdocs/php/opcache/index.php fi wget --spider --no-check-certificate --timeout=15 -t 1 localhost:$(conf_read tools-port)/php/opcache/ > /dev/null 2>&1 & echo "${gre}- OpCache has been successfully cleared!${end}" else [[ $clear_cache != "all" ]] && echo "${red}[ERROR] We can not clear OpCache because PHP or NGINX are not installed!${end}" err_cont=true fi fi if [[ $clear_cache =~ ^(fastcgi|all)$ ]]; then if [[ $(conf_read nginx) == "true" ]]; then sudo rm -Rf /run/nginx-cache/* echo "${gre}- FastCgi Cache has been successfully cleared!${end}" else [[ $clear_cache != "all" ]] && echo "${red}[ERROR] We can not clear FastCGI Cache because NGINX is not installed!${end}" err_cont=true fi fi if [[ -f /etc/nginx/sites-available/$clear_cache ]]; then if [[ $(conf_read nginx) == "true" && $(is_cache $clear_cache $subfolder) =~ ^(custom|proxy)$ ]]; then sudo rm -Rf /run/nginx-cache/$(echo $domain | sed 's/[^0-9A-Za-z]/_/g')$(echo $subfolder | sed "s/\//_/g") echo "${gre}Custom Nginx Cache for${blu} ${clear_cache}${subfolder} ${gre}has been successfully cleared!${end}" elif [[ $(is_subfolder $clear_cache $subfolder) == "false" ]]; then echo "${red}[ERROR] Please, enter a valid site! ${dim}(${clear_cache}${subfolder})${end}" err_cont=true elif ! [[ $(is_cache $clear_cache $subfolder) =~ ^(custom|proxy)$ ]]; then echo "${red}[ERROR] Custom Cache is not enabled for this site!${end}" err_cont=true elif [[ $(conf_read nginx) != "true" ]]; then echo "${red}[ERROR] We can not clear Nginx Cache because NGINX is not installed!${end}" err_cont=true fi fi } nginx_blockip() { if [[ -z $purge ]]; then if [[ -n $list ]]; then echo "" [[ $list == "raw" || -n $raw ]] && sign="" || sign="${blu}+ " if [[ -s /etc/nginx/conf.d/blockips.conf ]]; then sudo sed -n "s/^deny /${sign}/p;" /etc/nginx/conf.d/blockips.conf | sudo sed -n 's/;$//p' else [[ $list != "raw" && -z $raw ]] && echo "${blu}[Empty] No IP's were found!" fi [[ $list == "raw" || -n $raw ]] && echo "" || echo "${end}" else [[ $blockip == true ]] && read -p "${blu}IP address to block: ${end}" blockip # Check for list of IP's if [[ -n $(echo $blockip | cut -d',' -f 2 -s) ]]; then local c=1 while [[ -n $(echo $blockip | cut -d',' -f $c -s) ]] do [[ $(is_ip $(echo $blockip | cut -d',' -f $c -s)) == "true" ]] && sudo webinoly -blockip=$(echo $blockip | cut -d',' -f $c -s) local c=$(($c+1)) done exit 0 fi if [[ $(is_ip $blockip) == "true" ]]; then if [[ ! -f /etc/nginx/conf.d/blockips.conf ]]; then sudo touch /etc/nginx/conf.d/blockips.conf sudo chmod 644 /etc/nginx/conf.d/blockips.conf sudo chown -R root:root /etc/nginx/conf.d/blockips.conf fi exist=$( grep -E "^deny $blockip;$" /etc/nginx/conf.d/blockips.conf ) if [[ -z $exist ]]; then echo "deny $blockip;" >> /etc/nginx/conf.d/blockips.conf echo "${gre}The IP address ${blu}'$blockip'${gre} was successfully blocked!${end}" else echo "${gre}IP '$blockip' is already blocked!${end}" fi else echo "${red}[ERROR] Please, enter a valid IP value!${end}" exit 1 fi fi elif [[ -n $purge ]]; then [[ $blockip == true ]] && read -p "${blu}IP address to unblock: ${end}" blockip # Check for list of IP's if [[ -n $(echo $blockip | cut -d',' -f 2 -s) ]]; then local c=1 while [[ -n $(echo $blockip | cut -d',' -f $c -s) ]] do [[ $(is_ip $(echo $blockip | cut -d',' -f $c -s)) == "true" ]] && sudo webinoly -blockip=$(echo $blockip | cut -d',' -f $c -s) -purge local c=$(($c+1)) done exit 0 fi if [[ $(is_ip $blockip) == "true" ]]; then # https://stackoverflow.com/questions/1797906/delete-using-a-different-delimiter-with-sed [[ -f /etc/nginx/conf.d/blockips.conf ]] && sed -i "\#^deny ${blockip};#d" /etc/nginx/conf.d/blockips.conf # Remove site-auth-file if empty. [[ -f /etc/nginx/conf.d/blockips.conf && ( ! -s /etc/nginx/conf.d/blockips.conf || -z $(cat -v /etc/nginx/conf.d/blockips.conf | grep -m 1 '[^[:space:]]')) ]] && sudo rm /etc/nginx/conf.d/blockips.conf echo "${gre}The IP address ${blu}'$blockip'${gre} was successfully unblocked!${end}" else echo "${red}[ERROR] Please, enter a valid IP value!${end}" exit 1 fi else echo "${red}[ERROR] Nginx file not found!${end}" exit 1 fi } set_default_nginx_response() { if [[ $default_site == true ]]; then echo "${gre}Please, enter a valid option to set the Default-Site server response! ${end}" read -p "${blu}default/blackhole or any existing domain: ${end}" default_site default_site=${default_site:-NeverMatchDotCom} fi if [[ $default_site == "default" ]]; then if [[ -f /opt/webinoly/templates/source/default ]]; then sudo cat /opt/webinoly/templates/source/default >| /etc/nginx/sites-available/default remove_domain_default_site conf_write default-site default conf_write default-response default echo "${gre}Default Nginx was successfully assigned as default site!${end}" else echo "${red}[ERROR] Nginx Default file backup not found! ${end}" exit 1 fi elif [[ $default_site == "blackhole" ]]; then sudo cat /opt/webinoly/templates/general/nginx-blackhole >| /etc/nginx/sites-available/default remove_domain_default_site create_blackhole_cert conf_write default-site blackhole conf_write default-response blackhole echo "${gre}Blackhole Nginx site was successfully assigned as default site!${end}" else # Domain option if [[ -L /etc/nginx/sites-enabled/$default_site ]]; then remove_domain_default_site sudo sed -i '/WebinolyNginxServerStart/,/WebinolyNginxServerEnd/{s/listen 80;/listen 80 default_server;/}' /etc/nginx/sites-available/$default_site sudo sed -i '/WebinolyNginxServerStart/,/WebinolyNginxServerEnd/{s/listen \[::\]:80;/listen [::]:80 default_server;/}' /etc/nginx/sites-available/$default_site sudo sed -i '/WebinolyNginxServerStart/,/WebinolyNginxServerEnd/{s/listen 443 ssl http2;/listen 443 ssl http2 default_server;/}' /etc/nginx/sites-available/$default_site sudo sed -i '/WebinolyNginxServerStart/,/WebinolyNginxServerEnd/{s/listen \[::\]:443 ssl http2;/listen [::]:443 ssl http2 default_server;/}' /etc/nginx/sites-available/$default_site # If default site is Non-SSL, we need add a blackhole for port 443. if [[ $(is_ssl $default_site) == "false" ]]; then create_blackhole_cert sudo sed -i '1r /opt/webinoly/templates/general/nginx-blackhole' /etc/nginx/sites-available/$default_site sudo sed -i '/NonSSL/,/NonSSLend/{/.*/d}' /etc/nginx/sites-available/$default_site else sudo sed -i '/WebinolySSLredirectStart/,/WebinolySSLredirectEnd/{s/listen 80;/listen 80 default_server;/}' /etc/nginx/sites-available/$default_site sudo sed -i '/WebinolySSLredirectStart/,/WebinolySSLredirectEnd/{s/listen \[::\]:80;/listen [::]:80 default_server;/}' /etc/nginx/sites-available/$default_site fi sudo rm -rf /etc/nginx/sites-enabled/default conf_write default-site $default_site conf_write default-response $default_site echo "${gre}Site${blu} ${default_site} ${gre}was successfully assigned as default site!${end}" else [[ -f /etc/nginx/sites-available/$default_site ]] && echo "${red}Site found but is disabled.${end}" echo "${red}[ERROR] Please, enter a valid option (default, blackhole or domain.com). ${end}" exit 1 fi fi } aws_s3_credentials() { if [[ $aws_s3_credentials == true ]]; then echo "" read -p "${blu}Access Key ID: ${end}" user read -p "${blu}Secret Access Key: ${end}" pass echo "" elif [[ $(echo "${aws_s3_credentials}" | cut -c-1) == "[" && $(echo "${aws_s3_credentials}" | rev | cut -c-1) == "]" ]]; then # No need for check var lenght to prevent errors, the previous condition is enough in this case. cred=${aws_s3_credentials:1:-1} user=$(echo "${cred}" | cut -d',' -f 1 -s) pass=$(echo "${cred}" | cut -d',' -f 2 -s) elif [[ $aws_s3_credentials == "awsiamrole" ]]; then conf_write awsiamrole true sudo rm -rf $HOME/.aws else echo "${red}[ERROR] Invalid AWS S3 Credentials!${end}" exit 1 fi if [[ $aws_s3_credentials != "awsiamrole" ]]; then if [[ -z $user || -z $pass ]]; then echo "${red}[ERROR] Please, enter a valid AWS S3 Access and Secret Key!${end}" exit 1 fi sudo rm -rf $HOME/.aws/credentials sudo mkdir -p $HOME/.aws sudo touch $HOME/.aws/credentials sudo echo "[default] aws_access_key_id = $user aws_secret_access_key = $pass" >> $HOME/.aws/credentials [[ -n $(conf_read awsiamrole) ]] && conf_write awsiamrole purged fi echo "${gre}AWS S3 Credentials successfully added!${end}" } database_import() { [[ -z $file ]] && read -p "${blu}SQL file path to import: ${end}" file if [[ -z $file || ! -f $file ]]; then echo "${red}[ERROR] Please, enter a valid file path!${end}" exit 1 fi check_external_db_saved if [[ -n $external_db ]]; then external_db_parse if [[ $(check_mysql_connection $extdb_url $extdb_port any -login-file -master-admin) != "true" ]]; then echo "${red}[ERROR] Cannot connect with your External Database!${end}" exit 1 fi echo "${dim}Wait while we import your db... ${end}" sudo mysql --defaults-group-suffix=_${extdb_url}:${extdb_port}_default --connect-timeout=10 -h "$extdb_url" -P "$extdb_port" < $file sudo mysql --defaults-group-suffix=_${extdb_url}:${extdb_port}_default --connect-timeout=10 -h "$extdb_url" -P "$extdb_port" -e "FLUSH PRIVILEGES;" echo "${gre}Database successfully imported!${end}" elif [[ -z $external_db && $(check_mysql_connection localhost) == "true" ]]; then check_for_mysql -ask sudo mysql -u admin < $file sudo mysql --connect-timeout=10 --user=admin -e "FLUSH PRIVILEGES;" echo "${gre}Database successfully imported!${end}" else echo "${red}[ERROR] A connection can not be established with MySQL/MariaDB localhost!${end}" exit 1 fi } http_header_custom() { if ! [[ $custom_headers =~ ^(reload|remove)$ ]]; then echo "${red}[ERROR] Please, enter a valid option Custom Headers!${end}" exit 1 fi if [[ $(conf_read nginx) == "true" ]]; then sudo sed -i '/WebinolyCustomHeaders/,/WebinolyCustomHeadersEnd/{/.*/d}' /etc/nginx/common/headers-http.conf sudo sed -i '/WebinolyCustomHeaders/,/WebinolyCustomHeadersEnd/{/.*/d}' /etc/nginx/common/headers-https.conf sudo sed -i '/WebinolyCustomHeaders/,/WebinolyCustomHeadersEnd/{/.*/d}' /etc/nginx/common/headers-html.conf fi if [[ $custom_headers == "reload" && $(conf_read nginx) == "true" ]]; then if [[ -s /opt/webinoly/templates/source/custom_header_http_webinoly.data ]]; then local http="$(sudo grep -E "^add_header .*;$" /opt/webinoly/templates/source/custom_header_http_webinoly.data)" if [[ -n $http ]]; then echo "# WebinolyCustomHeaders $http # WebinolyCustomHeadersEnd" >> /etc/nginx/common/headers-http.conf fi fi if [[ -s /opt/webinoly/templates/source/custom_header_https_webinoly.data ]]; then local https="$(sudo grep -E "^add_header .*;$" /opt/webinoly/templates/source/custom_header_https_webinoly.data)" if [[ -n $https ]]; then echo "# WebinolyCustomHeaders $https # WebinolyCustomHeadersEnd" >> /etc/nginx/common/headers-https.conf fi fi if [[ -s /opt/webinoly/templates/source/custom_header_html_webinoly.data ]]; then local html="$(sudo grep -E "^add_header .*;$" /opt/webinoly/templates/source/custom_header_html_webinoly.data)" if [[ -n $html ]]; then echo "# WebinolyCustomHeaders $html # WebinolyCustomHeadersEnd" >> /etc/nginx/common/headers-html.conf fi fi conf_write header-custom true echo "${gre}Custom Headers successfully configured!${end}" elif [[ $custom_headers == "reload" ]]; then conf_write header-custom true echo "${gre}Custom Headers successfully configured and it will be used next time NGINX is installed!${end}" else conf_write header-custom false echo "${gre}Custom Headers successfully removed!${end}" fi }