0ct0pu5/webinoly
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
webinoly/lib/webin
Cristhian Martínez Ochoa af49aaf3ae import db 
Fixed successfull message even when error.
Also, missing mysql package check.
2024-02-23 11:44:05 -07:00

1165 lines
54 KiB
Bash
Raw Permalink Blame History

#!/bin/bash
source /opt/webinoly/lib/install
system_info() {
[[ $ram == 0 ]] && local ramv="${ramb}Mb" || ramv="${ram}Gb"
[[ $swap == 0 ]] && local swapv="${swapm}Mb" || swapv="${swap}Gb"
echo ""
echo "${blu}${bol}[Operating System]${end}"
echo "${blu}OS Info:${end}${dim} $(sudo cat /proc/version) ${end}"
echo "${blu}Description:${end}${dim} $(sudo lsb_release -d | cut -d':' -f 2- -s) ${end}"
echo "${blu}Codename:${end}${dim} $(sudo lsb_release -c | cut -d':' -f 2- -s) ${end}"
echo "${blu}RAM:${end}${dim} $ramv ${end}"
echo "${blu}SWAP:${end}${dim} $swapv ${end}"
echo ""
echo "${blu}CPU Model:${end}${dim} $(lscpu | grep "Model name:" | cut -d ":" -f 2 -s | sed 's/^[ \t]*//') ${end}"
echo "${blu}Architecture:${end}${dim} $(lscpu | grep "Vendor ID:" | cut -d ":" -f 2 -s | sed 's/^[ \t]*//') ($(lscpu | grep "Architecture:" | cut -d ":" -f 2 -s | sed 's/^[ \t]*//')) ${end}"
echo "${blu}Cores:${end}${dim} $cores ${end}"
echo "${blu}Threads per core:${end}${dim} $(lscpu | grep "Thread(s) per core:" | cut -d ":" -f 2 -s | sed 's/^[ \t]*//') ${end}"
echo ""
echo "${blu}Hostname:${end}${dim} $(sudo hostname) ${end}"
echo "${blu}File descriptors (OS):${end}${dim} $(sudo cat /proc/sys/fs/file-max) ${end}"
echo "${blu}File descriptors (root):${end}${dim} $(ulimit -Hn) ${end}"
[[ $(conf_read nginx) == "true" ]] && echo "${blu}File descriptors (nginx/per process):${end}${dim} $(grep 'Max open files' /proc/$(cat /run/nginx.pid)/limits | cut -f 15 -d ' ') ${end}"
echo ""
echo "${blu}${bol}[Disk Usage]${end}${dim}"
sudo df -Th /
echo "${end}"
echo "${blu}${bol}[NGINX]${end}"
if [[ $(conf_read nginx) == "true" ]]; then
[[ -z $(conf_read nginx-ppa) ]] && local nginxbranch="stable" || local nginxbranch=$(conf_read nginx-ppa)
echo "${blu}Branch:${end}${dim} ${nginxbranch} ${end}"
echo "${blu}Version:${end}${dim} $(sudo nginx -v 2>&1 | cut -d'/' -f 2- -s) ${end}"
echo "${blu}worker_processes:${end}${dim} $(grep worker_processes /etc/nginx/nginx.conf | cut -f 2 -d ' ' | tr -d ';') ${end}"
echo "${blu}worker_connections:${end}${dim} $(grep worker_connections /etc/nginx/nginx.conf | cut -f 2 -d ' ' | tr -d ';') ${end}"
echo "${blu}worker_rlimit_nofile:${end}${dim} $(grep worker_rlimit_nofile /etc/nginx/nginx.conf | cut -f 2 -d ' ' | tr -d ';') ${end}"
echo "${blu}client_max_body_size:${end}${dim} $(grep client_max_body_size /etc/nginx/nginx.conf | cut -f 2 -d ' ' | tr -d ';') ${end}"
echo ""
echo "${blu}${bol}[NGINX Cache Settings]${end}"
echo "${blu}FastCGI 200:${end}${dim} $( grep -F "fastcgi_cache_valid 200" /etc/nginx/conf.d/fastcgi.conf | rev | cut -d' ' -f 1 | rev | tr -d ';') ${end}"
echo "${blu}FastCGI 3xx/4xx:${end}${dim} $( grep -F "fastcgi_cache_valid 301 " /etc/nginx/conf.d/fastcgi.conf | rev | cut -d' ' -f 1 | rev | tr -d ';' ) ${end}"
echo "${blu}FastCGI inactive:${end}${dim} $( grep -F "fastcgi_cache_path" /etc/nginx/conf.d/fastcgi.conf | rev | cut -d' ' -f 1 | rev | cut -d'=' -f 2 | tr -d ';') ${end}"
echo "${blu}FastCGI max-size:${end}${dim} $( grep -F "fastcgi_cache_path" /etc/nginx/conf.d/fastcgi.conf | rev | cut -d' ' -f 2 | rev | cut -f 2 -d '=' ) ${end}"
echo "${blu}open_file_cache_valid:${end}${dim} $(grep open_file_cache_valid /etc/nginx/nginx.conf | cut -f 2 -d ' ' | tr -d ';') ${end}"
echo "${blu}open_file_cache max:${end}${dim} $(grep -w open_file_cache /etc/nginx/nginx.conf | cut -f 2 -d ' ' | cut -f 2 -d '=') ${end}"
echo "${blu}open_file_cache inactive:${end}${dim} $(grep -w open_file_cache /etc/nginx/nginx.conf | cut -f 3 -d ' ' | cut -f 2 -d '=' | tr -d ';') ${end}"
echo ""
else
echo "${red}${dim} NGINX is not installed! ${end}"
echo ""
fi
echo "${blu}${bol}[PHP]${end}"
if [[ $(conf_read php) == "true" ]]; then
echo "${blu}Info:${end}${dim} $(php -v | grep -m1 "") ${end}"
echo "${blu}memory_limit:${end}${dim} $(grep memory_limit /etc/php/$(conf_read php-ver)/fpm/php.ini | cut -f 2 -d '=' -s ) ${end}"
echo "${blu}post_max_size:${end}${dim} $(grep post_max_size /etc/php/$(conf_read php-ver)/fpm/php.ini | cut -f 2 -d '=' -s ) ${end}"
echo "${blu}upload_max_filesize:${end}${dim} $(grep upload_max_filesize /etc/php/$(conf_read php-ver)/fpm/php.ini | cut -f 2 -d '=' -s ) ${end}"
echo "${blu}max_file_uploads:${end}${dim} $(grep max_file_uploads /etc/php/$(conf_read php-ver)/fpm/php.ini | cut -f 2 -d '=' -s ) ${end}"
echo "${blu}max_execution_time:${end}${dim} $(grep max_execution_time /etc/php/$(conf_read php-ver)/fpm/php.ini | cut -f 2 -d '=' -s ) ${end}"
echo ""
echo "${blu}Process Manager:${end}${dim} $(grep -E "^pm.?=.?*+" /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf | cut -f 2 -d '=' -s ) ${end}"
echo "${blu}pm.max_children:${end}${dim} $(grep -E "^pm.max_children.?=.?*+" /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf | cut -f 2 -d '=' -s ) ${end}"
echo "${blu}pm.start_servers:${end}${dim} $(grep -E "^pm.start_servers.?=.?*+" /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf | cut -f 2 -d '=' -s ) ${end}"
echo "${blu}pm.min_spare_servers:${end}${dim} $(grep -E "^pm.min_spare_servers.?=.?*+" /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf | cut -f 2 -d '=' -s ) ${end}"
echo "${blu}pm.max_spare_servers:${end}${dim} $(grep -E "^pm.max_spare_servers.?=.?*+" /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf | cut -f 2 -d '=' -s ) ${end}"
echo ""
else
echo "${red}${dim} PHP is not installed! ${end}"
echo ""
fi
echo "${blu}${bol}[MYSQL]${end}"
if [[ $(conf_read mysql) == "true" ]]; then
# Check if file exist because in legacy it doesn't!
if [[ $(conf_read mysql-tool-pma) == "true" && -f /var/www/$ADMIN_TOOLS_SITE/htdocs/pma/libraries/classes/Version.php ]]; then
local pmaver=$(grep -E "public const VERSION = '[0-9\.]+'.*;" /var/www/$ADMIN_TOOLS_SITE/htdocs/pma/libraries/classes/Version.php | cut -f 2 -d "'")
# Legacy support: before v5.1.0 (Feb 23, 2021) version is found here:
elif [[ $(conf_read mysql-tool-pma) == "true" ]]; then
local pmaver=$(grep -e "\$this->set('PMA_VERSION',.*'[0-9\.]*');" /var/www/$ADMIN_TOOLS_SITE/htdocs/pma/libraries/classes/Config.php | cut -f 4 -d "'")
elif [[ $(conf_read mysql-tool-pma) != "true" ]]; then
local pmaver="Not installed!"
fi
echo "${blu}Info:${end}${dim} $(sudo mysql --version) ${end}"
echo "${blu}phpMyAdmin:${end}${dim} $pmaver ${end}"
echo ""
else
echo "${red}${dim} MySQL/MariaDB is not installed! ${end}"
echo ""
fi
echo "${blu}${bol}[Webinoly]${end}"
[[ -n $(conf_read default-site) ]] && local ds=$(conf_read default-site) || local ds="default"
[[ -n $(conf_read tools-site) ]] && local ts=$(conf_read tools-site) || local ts="default"
[[ -n $(conf_read timezone) ]] && local tz=$(conf_read timezone) || local tz="Undefined"
echo "${blu}Default site:${end}${dim} $ds ${end}"
echo "${blu}Tools site:${end}${dim} $ts ${end}"
echo "${blu}Tools port:${end}${dim} $(conf_read tools-port) ${end}"
echo "${blu}Timezone:${end}${dim} $tz ${end}"
if [[ $(conf_read smtp) == "true" ]]; then
echo "${blu}SMTP Host:${end}${dim} $(grep -E "^relayhost.?=.?*+" /etc/postfix/main.cf | cut -f 2 -d '=' -s) ${end}"
echo "${blu}SMTP Mainsite:${end}${dim} $(sudo cat /etc/mailname | head -n 1) ${end}"
else
echo "${blu}SMTP:${end}${dim} None ${end}"
fi
echo ""
echo "${blu}${bol}[Internal]${end}"
if [[ -f /opt/webinoly/webinoly.conf ]]; then
sudo sed -nr "s/^([a-z\-]+)\:(.*)$/${blu}\1\:${end}${dim}\2${end}/p" /opt/webinoly/webinoly.conf
else
echo "${red} [ERROR] Configuration File not found! ${end}"
fi
echo ""
}
smtp_setup() {
if [[ $smtp == true ]]; then
local hostname=$(grep -E "^myhostname[ ]?=[ ]?.*$" /etc/postfix/main.cf | cut -d "=" -f 2 -s | sed "s/ //")
[[ -n $hostname && -f /etc/nginx/sites-available/$hostname ]] && local default_host=" [$hostname]"
echo "${gre}"
echo "**********************************"
echo "********** SMTP Setup **********"
echo "**********************************"
echo ""
echo " * We only support TLS and Port 587."
echo ""
read -p "${blu} + SMTP Host: ${end}" host
read -p "${blu} + User: ${end}" user
read -p "${blu} + Password: ${hid}" pass
echo "${hidend}"
read -p "${blu} + Main Hostname/Domain${default_host}: ${end}" mainhost
[[ -z $mainhost && -n $default_host ]] && mainhost=$hostname
echo ""
elif [[ $(echo "${smtp}" | cut -c-1) == "[" && $(echo "${smtp}" | rev | cut -c-1) == "]" ]]; then
# No need for check var lenght to prevent errors, the previous condition is enough in this case.
userdata=${smtp:1:-1}
host=$(echo "${userdata}" | cut -d',' -f 1 -s)
user=$(echo "${userdata}" | cut -d',' -f 2 -s)
pass=$(echo "${userdata}" | cut -d',' -f 3 -s)
mainhost=$(echo "${userdata}" | cut -d',' -f 4 -s)
else
echo "${red}[ERROR] Invalid SMTP data!${end}"
exit 1
fi
if [[ -z $user || -z $pass || -z $host || -z $mainhost ]]; then
echo "${red}[ERROR] Invalid SMTP data!${end}"
exit 1
elif [[ ! -f /etc/nginx/sites-available/$mainhost ]]; then
echo "${red}[ERROR] Main Host site not found in your server!${end}"
exit 1
fi
is_url $host -split
if [[ $url_type != "true" ]]; then
if [[ $url_type =~ ^(http|https)$ ]]; then
echo "${red}[ERROR] Invalid SMTP host! (HTTP/HTTPS scheme can not be used in conjunction with SMTP protocol)${end}"
else
echo "${red}[ERROR] Invalid SMTP host!${end}"
fi
exit 1
else
if [[ -n $url_port ]]; then
echo "${red}[ERROR] Invalid SMTP host! (Custom port is not supported)${end}"
exit 1
fi
fi
[[ ! -f /opt/webinoly/templates/source/main.cf ]] && sudo cp -p /etc/postfix/main.cf /opt/webinoly/templates/source/
sudo touch /etc/mailname
echo "$mainhost" > /etc/mailname
sudo chown root:root /etc/mailname
sudo chmod 0644 /etc/mailname
sudo sed -i '/myorigin =/c \myorigin = /etc/mailname' /etc/postfix/main.cf
sudo sed -i "/myhostname =/c\myhostname = $mainhost" /etc/postfix/main.cf
sudo sed -i "/relayhost/c\relayhost = $host:587" /etc/postfix/main.cf
sudo sed -i '/mydestination =/c \mydestination = localhost' /etc/postfix/main.cf
# Ensure we have no duplicate parameters
sudo sed -i '/^smtp_tls_security_level/s/^/#/' /etc/postfix/main.cf
sudo sed -i '/^smtp_tls_note_starttls_offer/s/^/#/' /etc/postfix/main.cf
sudo sed -i '/^smtp_use_tls/s/^/#/' /etc/postfix/main.cf
sudo sed -i '/^smtp_sasl_password_maps/s/^/#/' /etc/postfix/main.cf
sudo sed -i '/^smtp_sasl_security_options/s/^/#/' /etc/postfix/main.cf
sudo sed -i '/^smtp_sasl_auth_enable/s/^/#/' /etc/postfix/main.cf
sudo sed -i '/relayhost/a \smtp_tls_security_level = encrypt' /etc/postfix/main.cf
sudo sed -i '/relayhost/a \smtp_tls_note_starttls_offer = yes' /etc/postfix/main.cf
sudo sed -i '/relayhost/a \smtp_use_tls = yes' /etc/postfix/main.cf
sudo sed -i '/relayhost/a \smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd' /etc/postfix/main.cf
sudo sed -i '/relayhost/a \smtp_sasl_security_options = noanonymous' /etc/postfix/main.cf
sudo sed -i '/relayhost/a \smtp_sasl_auth_enable = yes' /etc/postfix/main.cf
sudo postconf -e 'smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt'
echo "$host:587 $user:$pass" > /etc/postfix/sasl_passwd
sudo chown root:root /etc/postfix/sasl_passwd
sudo chmod 0600 /etc/postfix/sasl_passwd
sudo postmap hash:/etc/postfix/sasl_passwd
sudo chown root:root /etc/postfix/sasl_passwd.db
sudo chmod 0600 /etc/postfix/sasl_passwd.db
conf_write smtp true
sudo systemctl restart postfix
echo "${gre}SMTP was successfully enabled!${end}"
}
mysql_change_password() {
if [[ $mysql_password == true ]]; then
echo ""
read -p "${blu}MySQL/MariaDB User: ${end}" user
read -p "${blu}New Password: ${hid}" pass
echo "${hidend}"
elif [[ $(echo "${mysql_password}" | cut -c-1) == "[" && $(echo "${mysql_password}" | rev | cut -c-1) == "]" ]]; then
# No need for check var lenght to prevent errors, the previous condition is enough in this case.
userdata=${mysql_password:1:-1}
user=$(echo "${userdata}" | cut -d',' -f 1 -s)
pass=$(echo "${userdata}" | cut -d',' -f 2 -s)
else
echo "${red}[ERROR] Please enter a valid value for username and password!${end}"
exit 1
fi
if [[ -z $user || -z $pass || $user == *"'"* || $pass == *"'"* || ${#pass} -lt 8 ]]; then
echo "${red}[ERROR] Please, enter a valid username and password!"
echo "Password can not contain a 'single quote' and must be at least 8 characters long.${end}"
exit 1
elif [[ -z $(sudo mysql --connect-timeout=10 --user=admin -e "SELECT User FROM mysql.user;" | grep -ow $user) ]]; then
echo "${red}[ERROR] User ${blu}$user ${red}doesn't exists!${end}"
exit 1
fi
# First get the User host: 'localhost' or '%'
local userhost=$(sudo mysql -ss --connect-timeout=10 --user=admin -e "SELECT Host FROM mysql.user WHERE User='${user}' LIMIT 1;")
sudo mysql --connect-timeout=10 --user=admin -e "ALTER USER '${user}'@'${userhost}' IDENTIFIED BY '${pass}';FLUSH PRIVILEGES;"
if [[ $? == 0 ]]; then
# Check if dynvar exist, because user can remove it for security, and it's valid!
[[ $user =~ ^(root|admin)$ && -n $(conf_read mysql-${user}) ]] && conf_write mysql-${user} $( echo $pass | openssl enc -a -salt )
if [[ $user == "admin" ]]; then
# MySQL/MariaDB login data
mysql_login_cnf
sudo sed -i '/\[client\]/,/# ClientEnd/{/.*/d}' $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly-login.cnf
echo "[client]
user = admin
password = $pass
host = localhost
# ClientEnd" >> $MYSQL_CONF_PATH/${MYSQL_CONF_PREF}-webinoly-login.cnf
echo "${blu}${dim}Internal Webinoly login data updated!${end}"
fi
echo "${gre}MySQL/MariaDB Password successfully changed! ${dim}('${user}'@'${userhost}')${end}"
else
echo "${red}[ERROR] Unexpected error!${end}"
exit 1
fi
}
mysql_public_access() {
if ! [[ $mysql_public_access =~ ^(on|off)$ ]]; then
echo "${red}[ERROR] Please, enter a valid value! ${dim}(on/off)${end}"
exit 1
fi
check_for_mysql -ask
if [[ $mysql_public_access == "on" ]]; then
cnf_write skip-networking 0
cnf_write skip-bind-address
echo ""
echo "${red}[WARNING] Please, be careful and take the proper security actions to protect your server, now that MySQL/MariaDB is open for public access you should at least set your firewall to prevent against any unwanted request.${end}"
echo ""
[[ -z $create_master_user ]] && echo "${dim}[INFO] Be sure you have a MySQL/MariaDB User with public access!${end}"
conf_write mysql-public-access true
echo "${gre}MySQL/MariaDB public access successfully enabled!${end}"
elif [[ $mysql_public_access == "off" ]]; then
cnf_delete skip-networking
cnf_delete skip-bind-address
conf_write mysql-public-access false
echo "${gre}MySQL/MariaDB public access successfully disabled!${end}"
fi
sudo systemctl restart mysql
if [[ -n $create_master_user ]]; then
if [[ $create_master_user != true && $(echo "${create_master_user}" | cut -c-1) == "[" && $(echo "${create_master_user}" | rev | cut -c-1) == "]" ]]; then
local user=$(echo ${create_master_user:1:-1} | cut -d',' -f 1 -s)
local pass=$(echo ${create_master_user:1:-1} | cut -d',' -f 2 -s)
fi
if [[ -z $user || -z $pass ]]; then
read -p "${blu}Master User Name: ${end}" user
read -p "${blu}Master User Password: ${hid}" pass
echo "${hidend}"
fi
[[ ${pass,,} == "random" ]] && local pass=`pwgen -s -1 16`
if [[ -z $user || -z $pass || $user == *"'"* || $pass == *"'"* || ${#pass} -lt 8 ]]; then
echo "${red}[ERROR] Please, enter a valid username and password!"
echo "Password can not contain a 'single quote' and must be at least 8 characters long.${end}"
exit 1
elif [[ $user != $(dbword_check $user user) ]]; then
echo "${red}[ERROR] The DB Name can not be a reserved word or should only contain allowed characters!${blu}"
exit 1
elif [[ -n $(sudo mysql --connect-timeout=10 --user=admin -e "SELECT User FROM mysql.user;" | grep -ow $user) ]]; then
echo "${red}[ERROR] User ${blu}$user ${red}already exists!${end}"
exit 1
else
[[ -n $replication_slave ]] && local priv="replication slave" || local priv="ALL PRIVILEGES"
[[ -n $replication_slave ]] && local grant="" || local grant="WITH GRANT OPTION"
sudo mysql --connect-timeout=10 --user=admin <<_EOF_
CREATE USER '${user}'@'%' IDENTIFIED BY '${pass}';
GRANT ${priv} ON *.* TO '${user}'@'%' ${grant};
FLUSH PRIVILEGES;
_EOF_
[[ $? == 0 ]] && echo "${gre}${dim}Master User${blu} $user ${gre}successfully created!${end}" || echo "${red}[ERROR] Unexpected error!${end}"
fi
fi
}
remove_domain_default_site() {
# In case we have a domain as default before.
if ! [[ $(conf_read default-site) =~ ^(default|blackhole)$ || -z $(conf_read default-site) ]]; then
[[ ! -L /etc/nginx/sites-enabled/default && -f /etc/nginx/sites-available/default ]] && sudo ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
remove_nginx_default_server $(conf_read default-site)
fi
}
create_blackhole_cert() {
if [[ ! -f /etc/ssl/certs/webinoly-blackhole.crt.pem ]]; then
# REMOVE: Temporal fix affecting openssl 1.1.1 - https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1603717.html
sudo touch /root/.rnd
sudo openssl req -new -newkey rsa:2048 -days 36500 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=blackhole" -keyout /etc/ssl/private/webinoly-blackhole.key.pem -out /etc/ssl/certs/webinoly-blackhole.crt.pem > /dev/null 2>&1
fi
}
webinoly_update() {
# Update: sudo webinoly -update
# Update from branch: sudo webinoly -update=beta
# Downgrade: sudo webinoly -update=1.14.0
if [[ $(conf_read branch) =~ ^(alpha|beta)$ ]] && ! [[ $update =~ ^(alpha|beta)$ ]]; then
echo "${red}[ERROR] Beta/alpha versions can not be updated to stable versions!${end}"
exit 1
fi
local currentver=$(conf_read app-version)
if [[ -n $update && $update != true ]]; then
local branch="-ver=${update}"
else
local checkver=$(wget --timeout=10 -t 1 -qO- https://api.webinoly.com/check?text=true)
if [[ -z $checkver || -z $currentver ]] || ! [[ $checkver =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "${red}[ERROR] Version check service unavailable!${dim} (Webinoly API)${end}"
exit 1
elif [[ ${currentver//.} -ge ${checkver//.} ]]; then
echo "${gre}You currently have the latest version!${dim} (v${checkver})${end}"
exit 0
else
echo "${dim}Updating...${end}"
echo "${blu}${dim}Your current version 'v${currentver}' will be updated to the newest 'v${checkver}' ${end}"
fi
fi
sudo wget --timeout=15 -t 1 --referer="https://update.webinoly.com/?ver=${app_version}" -qrO weby https://qrok.es/wyupd && sudo bash weby upd $branch
if [[ $? == 0 ]]; then
echo "${gre}Webinoly App has been updated successfully!${dim} (Updated to: v$(conf_read app-version))${end}"
else
# Check if exist, because it can be deleted before if an error is triggered in the installer, for instance.
[[ -f weby ]] && sudo rm weby
echo "${red}[ERROR] Update process has failed!${end}"
exit 1
fi
api-events_update wy1s
}
fix_permissions() {
# https://github.com/QROkes/webinoly/issues/49
sudo find /var/www ! -path "/var/www/\.*" -type d -print0 | sudo xargs -r -0 chmod 755
sudo find /var/www ! -path "/var/www/\.*" -type f -print0 | sudo xargs -r -0 chmod 644
if [[ -d /var/www/.ssh ]]; then
sudo find /var/www/.ssh -type d -print0 | sudo xargs -r -0 chmod 700
sudo find /var/www/.ssh ! -path "/var/www/.ssh/*.pub" -type f -print0 | sudo xargs -r -0 chmod 600
sudo find /var/www/.ssh -path "/var/www/.ssh/*.pub" -type f -print0 | sudo xargs -r -0 chmod 644
fi
if [[ -d $CURRENT_HOME/.ssh ]]; then
sudo find $CURRENT_HOME/.ssh -type d -print0 | sudo xargs -r -0 chmod 700
sudo find $CURRENT_HOME/.ssh ! -path "$CURRENT_HOME/.ssh/*.pub" -type f -print0 | sudo xargs -r -0 chmod 600
sudo find $CURRENT_HOME/.ssh -path "$CURRENT_HOME/.ssh/*.pub" -type f -print0 | sudo xargs -r -0 chmod 644
sudo chown -R ${CURRENT_USER}:${CURRENT_USER} $CURRENT_HOME/.ssh
fi
# Always check root when logname user is different!
if [[ $CURRENT_HOME != "/root" && -d /root/.ssh ]]; then
sudo find /root/.ssh -type d -print0 | sudo xargs -r -0 chmod 700
sudo find /root/.ssh ! -path "/root/.ssh/*.pub" -type f -print0 | sudo xargs -r -0 chmod 600
sudo find /root/.ssh -path "/root/.ssh/*.pub" -type f -print0 | sudo xargs -r -0 chmod 644
sudo chown -R root:root /root/.ssh
fi
sudo chown -R www-data:www-data /var/www
[[ $(conf_read login-www-data) == "true" ]] && sudo chown root:root /var/www
}
server_reset() {
# Operating System - Linux Optim
if [[ $(conf_read pre-packs) == true && $server_reset =~ ^(os|all)$ ]]; then
linux_purge
linux_optim
echo "${gre}Operating System optimization settings has been updated successfully!${end}"
elif [[ $(conf_read pre-packs) != true && $server_reset == "os" ]]; then
echo "${red}[ERROR] Operating System settings couldn't been updated, seems like the stack not still built!${end}"
err_cont=true
fi
# Regenerate NGINX conf files
if [[ $(conf_read nginx-optim) == "true" && $server_reset =~ ^(nginx|all)$ ]]; then
sudo rm -rf /etc/nginx/common
#sudo rm -rf /etc/nginx/conf.d/* - Some custom files can be in this folder, so don't remove it, just the core files!
[[ -f /etc/nginx/conf.d/upstream.conf ]] && sudo rm -rf /etc/nginx/conf.d/upstream.conf
[[ -f /etc/nginx/conf.d/fastcgi.conf ]] && sudo rm -rf /etc/nginx/conf.d/fastcgi.conf
nginx_optim
echo "${gre}Nginx settings has been updated successfully!${end}"
fix_permissions
echo "${gre}Permissions fixed successfully!${end}"
elif [[ $(conf_read nginx-optim) != "true" && $server_reset == "nginx" ]]; then
echo "${red}[ERROR] Nginx settings couldn't been updated, seems like is not installed in your server!${end}"
err_cont=true
fi
# Regenerate PHP conf files
if [[ $(conf_read php-optim) == "true" && $server_reset =~ ^(php|all)$ ]]; then
if [[ -f /opt/webinoly/templates/source/php.ini && -f /opt/webinoly/templates/source/www.conf ]]; then
sudo cat /opt/webinoly/templates/source/php.ini > /etc/php/$(conf_read php-ver)/fpm/php.ini
sudo cat /opt/webinoly/templates/source/www.conf > /etc/php/$(conf_read php-ver)/fpm/pool.d/www.conf
# Added in v1.11.0, will fail if stack was built before:
[[ -f /opt/webinoly/templates/source/php-fpm.conf ]] && sudo cat /opt/webinoly/templates/source/php-fpm.conf > /etc/php/$(conf_read php-ver)/fpm/php-fpm.conf
sudo rm -rf /etc/php/$(conf_read php-ver)/fpm/pool.d/debug.conf
php_optim
echo "${gre}PHP settings has been updated successfully!${end}"
else
echo "${red}[ERROR] PHP could not been updated, source files not found!${end}"
err_cont=true
fi
elif [[ $(conf_read php-optim) != "true" && $server_reset == "php" ]]; then
echo "${red}[ERROR] PHP settings couldn't been updated, seems like is not installed in your server!${end}"
err_cont=true
fi
# Check MySQL/MariaDB Conf
# Here we don't check for optim variable because in very old installations don't exist and it breaks the update process!
if [[ $(conf_read mysql) == "true" && $server_reset =~ ^(mysql|all)$ ]]; then
mysql_optim
echo "${gre}MySQL/MariaDB settings has been updated successfully!${end}"
elif [[ $(conf_read mysql) != "true" && $server_reset == "mysql" ]]; then
echo "${red}[ERROR] MySQL/MariaDB settings couldn't been updated, seems like is not installed in your server!${end}"
err_cont=true
fi
# Permissions
if [[ $(conf_read nginx) == "true" && $server_reset == "permissions" ]]; then
fix_permissions
echo "${gre}Permissions fixed successfully!${end}"
nginx_not="true" # Nginx-Reload not-needed.
elif [[ $(conf_read nginx) != "true" && $server_reset == "permissions" ]]; then
echo "${red}[ERROR] Nginx not found, seems like is not installed in your server!${end}"
err_cont=true
fi
# Display message just to show we are alive.
if [[ $server_reset == "all" && $(conf_read php-optim) != "true" && $(conf_read nginx-optim) != "true" ]]; then
echo "${blu}Nothing to do here! ${dim}(NGINX, PHP or MySQL/MariaDB are not installed yet)${end}"
fi
}
show_db_data() {
if [[ -n $(conf_read external-dbu) && -n $(conf_read external-dbp) ]]; then
local extu=$(conf_read external-dbu)
local extp=$(conf_read external-dbp)
if [[ -n $(conf_read external-dbh) && -n $(conf_read external-dbx) ]]; then
local exth="$(conf_read external-dbh):$(conf_read external-dbx)"
elif [[ -n $(conf_read external-dbh) ]]; then
local exth=$(conf_read external-dbh)
fi
fi
[[ -n $(conf_read mysql-root) ]] && local rpass=$( echo $(conf_read mysql-root) | openssl enc -d -a -salt ) || local rpass="Not-Available!"
[[ -n $(conf_read mysql-admin) ]] && local apass=$( echo $(conf_read mysql-admin) | openssl enc -d -a -salt ) || local apass="Not-Available!"
echo ""
[[ ( $dbpass == "raw" || -n $raw ) || -z $extu ]] || echo "${gre}Localhost Credentials${end}"
[[ $dbpass == "raw" || -n $raw ]] && echo "root:$rpass" || echo "${blu}${bol} root:${end}${blu}${dim} $rpass ${end}"
[[ $dbpass == "raw" || -n $raw ]] && echo "admin:$apass" || echo "${blu}${bol} admin:${end}${blu}${dim} $apass ${end}"
echo ""
if [[ -n $extu ]]; then
echo ""
[[ $dbpass == "raw" || -n $raw ]] || echo "${gre}External DB Credentials${end}"
[[ ( $dbpass == "raw" || -n $raw ) && -n $exth ]] && echo "Host:$exth"
[[ ( $dbpass != "raw" && -z $raw ) && -n $exth ]] && echo "${blu}${bol} Host:${end}${blu}${dim} $exth ${end}"
[[ $dbpass == "raw" || -n $raw ]] && echo "User:$extu" || echo "${blu}${bol} User:${end}${blu}${dim} $extu ${end}"
[[ $dbpass == "raw" || -n $raw ]] && echo "Password:$extp" || echo "${blu}${bol} Password:${end}${blu}${dim} $extp ${end}"
echo ""
fi
if [[ -z $rpass && -z $extu ]]; then
echo "${red}"
echo "[ERROR] DB Credentials not found!"
echo "${end}"
exit 1
fi
}
change_tools_port() {
local oldport=$(conf_read tools-port)
if [[ $tools_port == true ]]; then
[[ -z $oldport ]] && local oldport=$tools_port_default
read -p "${blu}Tools Port [Current: $oldport]: " port
else
port=$tools_port
fi
if [[ -z $port || ( -n $oldport && $port == $oldport ) ]]; then
echo "${gre}Tools-Port not changed! ${end}"
elif [[ $port =~ ^[0-9]+$ && $port -ge 0 && $port -le 65535 ]]; then
if [[ -n $(conf_read tools-site) && -f /etc/nginx/sites-available/$(conf_read tools-site) ]]; then
readonly NEW_ADMIN_TOOLS_SITE="$(conf_read tools-site):${port}"
else
readonly NEW_ADMIN_TOOLS_SITE="default:${port}"
fi
if [[ -f /etc/nginx/sites-available/$NEW_ADMIN_TOOLS_SITE ]]; then
echo "${red}[ERROR] Conflict naming found $NEW_ADMIN_TOOLS_SITE sitename is already in use!${end}"
exit 1
fi
if [[ $(conf_read nginx) == "true" && -d /var/www/$ADMIN_TOOLS_SITE ]]; then
# MV in some edge cases fails to rename, specially when so much files are within the directories.
sudo mkdir -p /var/www/$NEW_ADMIN_TOOLS_SITE
sudo cp -rp /var/www/$ADMIN_TOOLS_SITE/* /var/www/$NEW_ADMIN_TOOLS_SITE
sudo rm -rf /var/www/$ADMIN_TOOLS_SITE
sudo mv /etc/nginx/sites-available/$ADMIN_TOOLS_SITE /etc/nginx/sites-available/$NEW_ADMIN_TOOLS_SITE
sudo rm /etc/nginx/sites-enabled/$ADMIN_TOOLS_SITE
sudo ln -s /etc/nginx/sites-available/$NEW_ADMIN_TOOLS_SITE /etc/nginx/sites-enabled/$NEW_ADMIN_TOOLS_SITE
sudo sed -i "s/${oldport}/${port}/g" /etc/nginx/sites-available/$NEW_ADMIN_TOOLS_SITE
sudo sed -i "s/$ADMIN_TOOLS_SITE/$NEW_ADMIN_TOOLS_SITE/g" /etc/nginx/sites-available/$NEW_ADMIN_TOOLS_SITE
fi
conf_write tools-port $port
conf_write tools-port-set $port
echo "${gre}Port${blu} $port ${gre}has been enabled to access all your Tools! ${end}"
else
echo "${red}[ERROR] Please, enter a valid port number (1-65535)!${end}"
exit 1
fi
}
set_tools_site() {
if [[ $tools_site == true ]]; then
echo "${gre}Please, enter a valid domain to access the Tools Section! ${end}"
read -p "${blu}Domain: ${end}" tools_site
tools_site=${tools_site,,}
fi
if [[ -z $tools_site ]]; then
echo "${red}[ERROR] Please, enter a valid value!${end}"
exit 1
elif [[ $tools_site == $(conf_read tools-site) ]]; then
echo "${gre}Tools-Site not changed! ${end}"
elif [[ -f /etc/nginx/sites-available/$tools_site && -f /etc/nginx/sites-available/$ADMIN_TOOLS_SITE && $tools_site != "default" ]]; then
# Check for previous assigned domain and remove
if [[ -n $(conf_read tools-site) ]]; then
sudo sed -i '/server_name/d' /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
# In case SSL is enabled
sudo sed -i "/listen $(conf_read tools-port)/c \ listen $(conf_read tools-port) default_server deferred;" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
sudo sed -i "/listen \[::\]:$(conf_read tools-port)/c \ listen [::]:$(conf_read tools-port) default_server;" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
sudo sed -i '/headers-https.conf/d' /etc/nginx/sites-available/$ADMIN_TOOLS_SITE # For legacy (old sites) support!
sudo sed -i '/headers.conf;/c \ include common/header.conf;' /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
sudo sed -i '/WebinolySSLstart/,/WebinolySSLend/{/.*/d}' /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
sudo sed -i '/WebinolyToolsStartBlackhole/,/WebinolyToolsEndBlackhole/{/.*/d}' /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
fi
# Assign new domain/site
sername=$(sed -n -e '/WebinolyNginxServerStart/,$p' /etc/nginx/sites-available/$tools_site | grep -F "server_name" | sed -e 's/^[ \t]*//')
sudo sed -i "/error_log/a \ ${sername}" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
sudo sed -i "/listen $(conf_read tools-port)/c \ listen $(conf_read tools-port) deferred;" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
sudo sed -i "/listen \[::\]:$(conf_read tools-port)/c \ listen [::]:$(conf_read tools-port);" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
sudo sed -i "s/$ADMIN_TOOLS_SITE/${tools_site}:$(conf_read tools-port)/g" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
# If SSL is enabled
if [[ $(is_ssl $tools_site) == "true" ]]; then
sudo sed -i "/listen $(conf_read tools-port)/c \ listen $(conf_read tools-port) ssl http2 deferred;" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
sudo sed -i "/listen \[::\]:$(conf_read tools-port)/c \ listen [::]:$(conf_read tools-port) ssl http2;" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
sudo sed -i '/server_name /r /opt/webinoly/templates/template-site-ssl' /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
local ssl_cer=$(sed -n -e '/WebinolyNginxServerStart/,$p' /etc/nginx/sites-available/$tools_site | grep -F "ssl_certificate " | tr -d '\t')
local ssl_key=$(sed -n -e '/WebinolyNginxServerStart/,$p' /etc/nginx/sites-available/$tools_site | grep -F "ssl_certificate_key " | tr -d '\t')
local ssl_tru=$(sed -n -e '/WebinolyNginxServerStart/,$p' /etc/nginx/sites-available/$tools_site | grep -F "ssl_trusted_certificate " | tr -d '\t')
sudo sed -i "/WebinolySSLstart/,/WebinolySSLend/{s#ssl_certificate .*;#$ssl_cer#}" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
sudo sed -i "/WebinolySSLstart/,/WebinolySSLend/{s#ssl_certificate_key .*;#$ssl_key#}" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
if [[ -z $ssl_tru ]]; then
sudo sed -i '/WebinolySSLstart/,/WebinolySSLend/{/ssl_stapling/d}' /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
sudo sed -i '/WebinolySSLstart/,/WebinolySSLend/{/ssl_trusted_certificate/d}' /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
else
sudo sed -i "/WebinolySSLstart/,/WebinolySSLend/{s#ssl_trusted_certificate .*;#$ssl_tru#}" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
fi
sudo sed -i '/header.conf;/c \ include common/headers.conf;' /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
sudo sed -i "/WebinolySSLend/i \ error_page 497 https:\/\/\$host:\$server_port\$request_uri;" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
create_blackhole_cert
fi
# Default blackhole for requests different from our assigned Tools-Site
sudo sed -i '/Webinoly Admin-Tools NGINX CONFIGURATION/r /opt/webinoly/templates/general/tools-site-blackhole' /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
sudo sed -i "/WebinolyToolsStartBlackhole/,/WebinolyToolsEndBlackhole/{s/<port>/$(conf_read tools-port)/}" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
if [[ $(is_ssl $tools_site) == "false" ]]; then
sudo sed -i "/WebinolyToolsStartBlackhole/,/WebinolyToolsEndBlackhole/{/ssl_certificate/d}" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
sudo sed -i "/WebinolyToolsStartBlackhole/,/WebinolyToolsEndBlackhole/{/error_page/d}" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
sudo sed -i "/WebinolyToolsStartBlackhole/,/WebinolyToolsEndBlackhole/{s/ssl //}" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
echo "${red}It's highly recommended having an SSL Cert enabled on this site. ${end}"
fi
# MV in some edge cases fails to rename, specially when so much files are within the directories.
sudo mkdir -p /var/www/${tools_site}:$(conf_read tools-port)
sudo cp -rp /var/www/$ADMIN_TOOLS_SITE/* /var/www/${tools_site}:$(conf_read tools-port)
sudo rm -rf /var/www/$ADMIN_TOOLS_SITE
sudo mv /etc/nginx/sites-available/$ADMIN_TOOLS_SITE /etc/nginx/sites-available/${tools_site}:$(conf_read tools-port)
sudo rm -rf /etc/nginx/sites-enabled/$ADMIN_TOOLS_SITE
sudo ln -s /etc/nginx/sites-available/${tools_site}:$(conf_read tools-port) /etc/nginx/sites-enabled/${tools_site}:$(conf_read tools-port)
sudo chown -R www-data:www-data /var/www
[[ $(conf_read login-www-data) == "true" ]] && sudo chown root:root /var/www
conf_write tools-site $tools_site
echo "${gre}Domain${blu} ${tools_site}:$(conf_read tools-port) ${gre}was successfully assigned to access your server tools!${end}"
elif [[ $tools_site == "default" ]]; then
if [[ $ADMIN_TOOLS_SITE != "default:$(conf_read tools-port)" ]]; then
# MV in some edge cases fails to rename, specially when so much files are within the directories.
sudo mkdir -p /var/www/default:$(conf_read tools-port)
sudo cp -rp /var/www/$ADMIN_TOOLS_SITE/* /var/www/default:$(conf_read tools-port)
sudo rm -rf /var/www/$ADMIN_TOOLS_SITE
sudo rm -rf /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
sudo cp /opt/webinoly/templates/general/admin_tools.conf /etc/nginx/sites-available/default:$(conf_read tools-port)
sudo sed -i "s/<port>/$(conf_read tools-port)/g" /etc/nginx/sites-available/default:$(conf_read tools-port)
sudo sed -i "s/<admin_tools_sitename>/default:$(conf_read tools-port)/g" /etc/nginx/sites-available/default:$(conf_read tools-port)
sudo rm -rf /etc/nginx/sites-enabled/$ADMIN_TOOLS_SITE
sudo ln -s /etc/nginx/sites-available/default:$(conf_read tools-port) /etc/nginx/sites-enabled/default:$(conf_read tools-port)
sudo chown -R www-data:www-data /var/www
[[ $(conf_read login-www-data) == "true" ]] && sudo chown root:root /var/www
else
# This is the case when importing a full site from backup!
echo "${blu}${dim}Tools data folder already exist, no need to re-create it!${end}"
fi
conf_write tools-site default
echo "${gre}Tools Site settings has been reset successfully!${end}"
elif [[ -f /etc/nginx/sites-available/$tools_site && ! -f /etc/nginx/sites-available/$ADMIN_TOOLS_SITE ]]; then
echo "${red}[ERROR] Tools Site is not enabled! ${end}"
exit 1
else
echo "${red}[ERROR] Domain/site not found. ${end}"
exit 1
fi
# Warning Message
if [[ (( ! -s /etc/nginx/.htpasswd || -z $(cat -v /etc/nginx/.htpasswd | grep '[^[:space:]]')) && $tools_site == "default" ) || (( ! -s /etc/nginx/.htpasswd || -z $(cat -v /etc/nginx/.htpasswd | grep '[^[:space:]]')) && $tools_site != "default" && -f /etc/nginx/sites-available/$tools_site && ( ! -s /etc/nginx/apps.d/.htpasswd-$tools_site || -z $(cat -v /etc/nginx/apps.d/.htpasswd-$tools_site | grep -m 1 '[^[:space:]]'))) ]]; then
echo "${dim}[WARNING] HTTP Authentication Credentials not found and you may need it to access these tools!${end}"
fi
}
www_data_sftp_access() {
if [[ $login_www_data == "on" && $(conf_read login-www-data) == "true" ]]; then
echo "${gre}SFTP access for www-data user is already enabled! ${end}"
elif [[ $login_www_data == "off" && $(conf_read login-www-data) != "true" ]]; then
echo "${gre}SFTP access for www-data user is already disabled! ${end}"
elif [[ $login_www_data == "on" ]]; then
# Remove if empty! (prevent empty files with spaces taken as valid)
if [[ -f /var/www/.ssh/authorized_keys && ( ! -s /var/www/.ssh/authorized_keys || -z $(cat -v /var/www/.ssh/authorized_keys | grep -m 1 '[^[:space:]]')) ]]; then
sudo rm -rf /var/www/.ssh/authorized_keys
fi
# Allow access for www-data user
if [[ -f /var/www/.ssh/authorized_keys ]]; then
echo "${blu}${dim}SSH keys already exists in www-data folder!${end}"
elif [[ ! -f /var/www/.ssh/authorized_keys && -f $CURRENT_HOME/.ssh/authorized_keys ]]; then
echo "${blu}${dim}Copying your SSH keys from '${CURRENT_USER}' to www-data access!${end}"
sudo mkdir -p /var/www/.ssh
sudo chmod 700 /var/www/.ssh
sudo cat $CURRENT_HOME/.ssh/authorized_keys > /var/www/.ssh/authorized_keys
sudo chmod 600 /var/www/.ssh/*
else
echo "${red}${dim}[WARNING] SSH keys not found!${end}"
fi
sudo chown -R www-data:www-data /var/www
# www-data sftp-only access jail - if fails usrlib must be listed in /etc/shells
sudo usermod -s /usr/lib/openssh/sftp-server www-data
sudo addgroup --system sftponly > /dev/null 2>&1
sudo usermod -G sftponly www-data
sudo chown root:root /var/www
sudo sed -i "/Subsystem sftp/c\Subsystem sftp internal-sftp" /etc/ssh/sshd_config
sudo echo '# WebinolySFTPstart
Match Group sftponly
ChrootDirectory /var/www
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
# WebinolySFTPend' >> /etc/ssh/sshd_config
falus=$( grep -Gi "^AllowUsers " /etc/ssh/sshd_config )
[[ -n $falus ]] && sudo sed -i "s/$falus/$falus www-data/" /etc/ssh/sshd_config
conf_write login-www-data true
conf_write sftp-www-data true
sudo systemctl restart ssh
echo "${gre}SFTP access for www-data user has been successfuly enabled! ${end}"
elif [[ $login_www_data == "off" ]]; then
sudo sed -i '/www-data:/c\www-data:x:33:33:www-data:\/var\/www:\/usr\/sbin\/nologin' /etc/passwd
sudo gpasswd -d www-data sftponly > /dev/null 2>&1
sudo delgroup sftponly > /dev/null 2>&1
sudo chown www-data:www-data /var/www
sudo sed -i "/Subsystem sftp/c\Subsystem sftp \/usr\/lib\/openssh\/sftp-server" /etc/ssh/sshd_config
sudo sed -i '/WebinolySFTPstart/,/WebinolySFTPend/{/.*/d}' /etc/ssh/sshd_config
falus=$( grep -Gi "^AllowUsers " /etc/ssh/sshd_config )
if [[ -n $falus ]]; then
suffix=" www-data"
foo=${falus%$suffix}
sudo sed -i "s/$falus/$foo/" /etc/ssh/sshd_config
fi
conf_write login-www-data false
conf_write sftp-www-data false
sudo systemctl restart ssh
echo "${gre}SFTP access for www-data user has been successfuly disabled! ${end}"
else
echo "${red}[ERROR] Invalid value for login-www-data! ${end}"
exit 1
fi
}
webinoly_uninstall() {
echo "${red}"
echo "You are about to completely remove Webinoly App from your server!!"
echo "${blu}Are you sure [y/N]? "
while read -r -n 1 -s answer; do
answer=${answer:-n}
echo ""
[[ $answer = [YyNn] ]] && break
done
if [[ $answer == [Yy] ]]; then
[[ -z $no_recovery ]] && sudo tar -Pcf $HOME/.webinoly-conf-restore_dont-remove /opt/webinoly/webinoly.conf /opt/webinoly/templates/source
[[ -z $no_recovery ]] && echo "${gre}${dim}Configuration saved!${end}"
sudo rm -rf /opt/webinoly
sudo rm /usr/bin/webinoly
sudo rm /usr/bin/stack
sudo rm /usr/bin/site
sudo rm /usr/bin/httpauth
sudo rm /usr/bin/log
echo "${gre}Webinoly App has been removed successfully from your server!${end}"
exit 0 # Only allowed here because after this Webinoly does not exist in the server!
else
echo "${red}Action aborted!${end}"
exit 1
fi
}
external_sources_update() {
echo "${blu}- Downloading Public Suffix List!${end}"
sudo wget --timeout=15 -t 1 -qrO /tmp/temp-public_suffix_list.dat https://publicsuffix.org/list/public_suffix_list.dat
if [[ -s /tmp/temp-public_suffix_list.dat ]]; then
echo "${blu}- Processing file!${end}"
sudo sed -i '/^\/\// d' /tmp/temp-public_suffix_list.dat
sudo sed -i '/^$/d' /tmp/temp-public_suffix_list.dat
sudo sed -i 's/[!]\+//g' /tmp/temp-public_suffix_list.dat
sudo sed -i 's/^\*\.\+//g' /tmp/temp-public_suffix_list.dat
sudo mv /tmp/temp-public_suffix_list.dat /opt/webinoly/lib/public_suffix_list.dat
echo "${gre}Domain list has been successfully updated!${end}"
else
echo "${red}[ERROR] Domain list not updated!${end}"
err_cont=true
fi
echo ""
echo "${blu}- Downloading Timezone Database!${end}"
sudo wget --timeout=15 -t 1 -qrO /tmp/timezonedb.tgz https://pecl.php.net/get/timezonedb
if [[ -s /tmp/timezonedb.tgz ]]; then
echo "${blu}- Processing file!${end}"
sudo tar -xf /tmp/timezonedb.tgz -C /tmp/ --wildcards --no-anchored timezonedb-*/timezonedb.h --strip-components=1
sudo sed -i '/^\t{.*},$/!d' /tmp/timezonedb.h
sudo cut -d'"' -f2 /tmp/timezonedb.h > /opt/webinoly/lib/timezone.dat
sudo rm /tmp/timezonedb.*
echo "${gre}Timezone Database has been successfully updated!${end}"
else
echo "${red}[ERROR] Timezone Database not updated!${end}"
exit 1
fi
}
clear_caches() {
if [[ $clear_cache =~ ^(redis|all)$ ]]; then
if [[ $(conf_read php-tool-redis) == "true" && -f /etc/redis/redis.conf ]]; then
sudo redis-cli flushall
echo "${gre}- Redis Cache has been successfully cleared!${end}"
else
[[ $clear_cache != "all" ]] && echo "${red}[ERROR] We can not clear Redis Cache because is not installed!${end}"
err_cont=true
fi
fi
if [[ $clear_cache =~ ^(memcache|memcached|all)$ ]]; then
if [[ $(conf_read php-tool-memcached) == "true" && -f /etc/memcached.conf ]]; then
memhost=$(grep ^-l /etc/memcached.conf | cut -f 2 -d ' ')
memport=$(grep ^-p /etc/memcached.conf | cut -f 2 -d ' ')
echo flush_all > /dev/tcp/$memhost/$memport
echo "${gre}- Memcached has been successfully cleared!${end}"
else
[[ $clear_cache != "all" ]] && echo "${red}[ERROR] We can not clear Memcache because is not installed!${end}"
err_cont=true
fi
fi
if [[ $clear_cache =~ ^(opcache|all)$ ]]; then
if [[ $(conf_read nginx) == "true" && $(conf_read php) == "true" ]]; then
if [[ ! -f /var/www/$ADMIN_TOOLS_SITE/htdocs/php/opcache/index.php ]]; then
sudo mkdir /var/www/$ADMIN_TOOLS_SITE/htdocs/php/opcache
sudo touch /var/www/$ADMIN_TOOLS_SITE/htdocs/php/opcache/index.php
echo '<?php opcache_reset(); echo "OK\n";' > /var/www/$ADMIN_TOOLS_SITE/htdocs/php/opcache/index.php
sudo chown -R www-data:www-data /var/www/$ADMIN_TOOLS_SITE/htdocs/php/opcache
sudo chmod 644 /var/www/$ADMIN_TOOLS_SITE/htdocs/php/opcache/index.php
fi
wget --spider --no-check-certificate --timeout=15 -t 1 localhost:$(conf_read tools-port)/php/opcache/ > /dev/null 2>&1 &
echo "${gre}- OpCache has been successfully cleared!${end}"
else
[[ $clear_cache != "all" ]] && echo "${red}[ERROR] We can not clear OpCache because PHP or NGINX are not installed!${end}"
err_cont=true
fi
fi
if [[ $clear_cache =~ ^(fastcgi|all)$ ]]; then
if [[ $(conf_read nginx) == "true" ]]; then
sudo rm -Rf /run/nginx-cache/*
echo "${gre}- FastCgi Cache has been successfully cleared!${end}"
else
[[ $clear_cache != "all" ]] && echo "${red}[ERROR] We can not clear FastCGI Cache because NGINX is not installed!${end}"
err_cont=true
fi
fi
if [[ -f /etc/nginx/sites-available/$clear_cache ]]; then
if [[ $(conf_read nginx) == "true" && $(is_cache $clear_cache $subfolder) =~ ^(custom|proxy)$ ]]; then
sudo rm -Rf /run/nginx-cache/$(echo $domain | sed 's/[^0-9A-Za-z]/_/g')$(echo $subfolder | sed "s/\//_/g")
echo "${gre}Custom Nginx Cache for${blu} ${clear_cache}${subfolder} ${gre}has been successfully cleared!${end}"
elif [[ $(is_subfolder $clear_cache $subfolder) == "false" ]]; then
echo "${red}[ERROR] Please, enter a valid site! ${dim}(${clear_cache}${subfolder})${end}"
err_cont=true
elif ! [[ $(is_cache $clear_cache $subfolder) =~ ^(custom|proxy)$ ]]; then
echo "${red}[ERROR] Custom Cache is not enabled for this site!${end}"
err_cont=true
elif [[ $(conf_read nginx) != "true" ]]; then
echo "${red}[ERROR] We can not clear Nginx Cache because NGINX is not installed!${end}"
err_cont=true
fi
fi
}
nginx_blockip() {
if [[ -z $purge ]]; then
if [[ -n $list ]]; then
echo ""
[[ $list == "raw" || -n $raw ]] && sign="" || sign="${blu}+ "
if [[ -s /etc/nginx/conf.d/blockips.conf ]]; then
sudo sed -n "s/^deny /${sign}/p;" /etc/nginx/conf.d/blockips.conf | sudo sed -n 's/;$//p'
else
[[ $list != "raw" && -z $raw ]] && echo "${blu}[Empty] No IP's were found!"
fi
[[ $list == "raw" || -n $raw ]] && echo "" || echo "${end}"
else
[[ $blockip == true ]] && read -p "${blu}IP address to block: ${end}" blockip
# Check for list of IP's
if [[ -n $(echo $blockip | cut -d',' -f 2 -s) ]]; then
local c=1
while [[ -n $(echo $blockip | cut -d',' -f $c -s) ]]
do
[[ $(is_ip $(echo $blockip | cut -d',' -f $c -s)) == "true" ]] && sudo webinoly -blockip=$(echo $blockip | cut -d',' -f $c -s)
local c=$(($c+1))
done
exit 0
fi
if [[ $(is_ip $blockip) == "true" ]]; then
if [[ ! -f /etc/nginx/conf.d/blockips.conf ]]; then
sudo touch /etc/nginx/conf.d/blockips.conf
sudo chmod 644 /etc/nginx/conf.d/blockips.conf
sudo chown -R root:root /etc/nginx/conf.d/blockips.conf
fi
exist=$( grep -E "^deny $blockip;$" /etc/nginx/conf.d/blockips.conf )
if [[ -z $exist ]]; then
echo "deny $blockip;" >> /etc/nginx/conf.d/blockips.conf
echo "${gre}The IP address ${blu}'$blockip'${gre} was successfully blocked!${end}"
else
echo "${gre}IP '$blockip' is already blocked!${end}"
fi
else
echo "${red}[ERROR] Please, enter a valid IP value!${end}"
exit 1
fi
fi
elif [[ -n $purge ]]; then
[[ $blockip == true ]] && read -p "${blu}IP address to unblock: ${end}" blockip
# Check for list of IP's
if [[ -n $(echo $blockip | cut -d',' -f 2 -s) ]]; then
local c=1
while [[ -n $(echo $blockip | cut -d',' -f $c -s) ]]
do
[[ $(is_ip $(echo $blockip | cut -d',' -f $c -s)) == "true" ]] && sudo webinoly -blockip=$(echo $blockip | cut -d',' -f $c -s) -purge
local c=$(($c+1))
done
exit 0
fi
if [[ $(is_ip $blockip) == "true" ]]; then
# https://stackoverflow.com/questions/1797906/delete-using-a-different-delimiter-with-sed
[[ -f /etc/nginx/conf.d/blockips.conf ]] && sed -i "\#^deny ${blockip};#d" /etc/nginx/conf.d/blockips.conf
# Remove site-auth-file if empty.
[[ -f /etc/nginx/conf.d/blockips.conf && ( ! -s /etc/nginx/conf.d/blockips.conf || -z $(cat -v /etc/nginx/conf.d/blockips.conf | grep -m 1 '[^[:space:]]')) ]] && sudo rm /etc/nginx/conf.d/blockips.conf
echo "${gre}The IP address ${blu}'$blockip'${gre} was successfully unblocked!${end}"
else
echo "${red}[ERROR] Please, enter a valid IP value!${end}"
exit 1
fi
else
echo "${red}[ERROR] Nginx file not found!${end}"
exit 1
fi
}
set_default_nginx_response() {
if [[ $default_site == true ]]; then
echo "${gre}Please, enter a valid option to set the Default-Site server response! ${end}"
read -p "${blu}default/blackhole or any existing domain: ${end}" default_site
default_site=${default_site:-NeverMatchDotCom}
fi
if [[ $default_site == "default" ]]; then
if [[ -f /opt/webinoly/templates/source/default ]]; then
sudo cat /opt/webinoly/templates/source/default >| /etc/nginx/sites-available/default
remove_domain_default_site
conf_write default-site default
conf_write default-response default
echo "${gre}Default Nginx was successfully assigned as default site!${end}"
else
echo "${red}[ERROR] Nginx Default file backup not found! ${end}"
exit 1
fi
elif [[ $default_site == "blackhole" ]]; then
sudo cat /opt/webinoly/templates/general/nginx-blackhole >| /etc/nginx/sites-available/default
remove_domain_default_site
create_blackhole_cert
conf_write default-site blackhole
conf_write default-response blackhole
echo "${gre}Blackhole Nginx site was successfully assigned as default site!${end}"
else
# Domain option
if [[ -L /etc/nginx/sites-enabled/$default_site ]]; then
remove_domain_default_site
sudo sed -i '/WebinolyNginxServerStart/,/WebinolyNginxServerEnd/{s/listen 80;/listen 80 default_server;/}' /etc/nginx/sites-available/$default_site
sudo sed -i '/WebinolyNginxServerStart/,/WebinolyNginxServerEnd/{s/listen \[::\]:80;/listen [::]:80 default_server;/}' /etc/nginx/sites-available/$default_site
sudo sed -i '/WebinolyNginxServerStart/,/WebinolyNginxServerEnd/{s/listen 443 ssl http2;/listen 443 ssl http2 default_server;/}' /etc/nginx/sites-available/$default_site
sudo sed -i '/WebinolyNginxServerStart/,/WebinolyNginxServerEnd/{s/listen \[::\]:443 ssl http2;/listen [::]:443 ssl http2 default_server;/}' /etc/nginx/sites-available/$default_site
# If default site is Non-SSL, we need add a blackhole for port 443.
if [[ $(is_ssl $default_site) == "false" ]]; then
create_blackhole_cert
sudo sed -i '1r /opt/webinoly/templates/general/nginx-blackhole' /etc/nginx/sites-available/$default_site
sudo sed -i '/NonSSL/,/NonSSLend/{/.*/d}' /etc/nginx/sites-available/$default_site
else
sudo sed -i '/WebinolySSLredirectStart/,/WebinolySSLredirectEnd/{s/listen 80;/listen 80 default_server;/}' /etc/nginx/sites-available/$default_site
sudo sed -i '/WebinolySSLredirectStart/,/WebinolySSLredirectEnd/{s/listen \[::\]:80;/listen [::]:80 default_server;/}' /etc/nginx/sites-available/$default_site
fi
sudo rm -rf /etc/nginx/sites-enabled/default
conf_write default-site $default_site
conf_write default-response $default_site
echo "${gre}Site${blu} ${default_site} ${gre}was successfully assigned as default site!${end}"
else
[[ -f /etc/nginx/sites-available/$default_site ]] && echo "${red}Site found but is disabled.${end}"
echo "${red}[ERROR] Please, enter a valid option (default, blackhole or domain.com). ${end}"
exit 1
fi
fi
}
aws_s3_credentials() {
if [[ $aws_s3_credentials == true ]]; then
echo ""
read -p "${blu}Access Key ID: ${end}" user
read -p "${blu}Secret Access Key: ${end}" pass
echo ""
elif [[ $(echo "${aws_s3_credentials}" | cut -c-1) == "[" && $(echo "${aws_s3_credentials}" | rev | cut -c-1) == "]" ]]; then
# No need for check var lenght to prevent errors, the previous condition is enough in this case.
cred=${aws_s3_credentials:1:-1}
user=$(echo "${cred}" | cut -d',' -f 1 -s)
pass=$(echo "${cred}" | cut -d',' -f 2 -s)
elif [[ $aws_s3_credentials == "awsiamrole" ]]; then
conf_write awsiamrole true
sudo rm -rf $HOME/.aws
else
echo "${red}[ERROR] Invalid AWS S3 Credentials!${end}"
exit 1
fi
if [[ $aws_s3_credentials != "awsiamrole" ]]; then
if [[ -z $user || -z $pass ]]; then
echo "${red}[ERROR] Please, enter a valid AWS S3 Access and Secret Key!${end}"
exit 1
fi
sudo rm -rf $HOME/.aws/credentials
sudo mkdir -p $HOME/.aws
sudo touch $HOME/.aws/credentials
sudo echo "[default]
aws_access_key_id = $user
aws_secret_access_key = $pass" >> $HOME/.aws/credentials
[[ -n $(conf_read awsiamrole) ]] && conf_write awsiamrole purged
fi
echo "${gre}AWS S3 Credentials successfully added!${end}"
}
database_import() {
[[ -z $file ]] && read -p "${blu}SQL file path to import: ${end}" file
if [[ -z $file || ! -f $file ]]; then
echo "${red}[ERROR] Please, enter a valid file path!${end}"
exit 1
fi
check_external_db_saved
echo "${dim}Wait while we import your db... ${end}"
if [[ -n $external_db ]]; then
external_db_parse
if [[ $(check_mysql_connection $extdb_url $extdb_port any -login-file -master-admin) != "true" ]]; then
echo "${red}[ERROR] Cannot connect with your External Database!${end}"
exit 1
fi
sudo mysql --defaults-group-suffix=_${extdb_url}:${extdb_port}_default --connect-timeout=10 -h "$extdb_url" -P "$extdb_port" < $file
if [[ $? == "0" ]]; then
sudo mysql --defaults-group-suffix=_${extdb_url}:${extdb_port}_default --connect-timeout=10 -h "$extdb_url" -P "$extdb_port" -e "FLUSH PRIVILEGES;"
echo "${gre}Database successfully imported!${end}"
else
echo "${red}[ERROR] An error occurred while we tried to import your database!${end}"
fi
elif [[ -z $external_db && $(check_mysql_connection localhost) == "true" ]]; then
check_for_mysql -ask
sudo mysql -u admin < $file
if [[ $? == "0" ]]; then
sudo mysql --connect-timeout=10 --user=admin -e "FLUSH PRIVILEGES;"
echo "${gre}Database successfully imported!${end}"
else
echo "${red}[ERROR] An error occurred while we tried to import your database!${end}"
fi
else
echo "${red}[ERROR] A connection can not be established with MySQL/MariaDB localhost!${end}"
exit 1
fi
}
http_header_custom() {
if ! [[ $custom_headers =~ ^(reload|remove)$ ]]; then
echo "${red}[ERROR] Please, enter a valid option Custom Headers!${end}"
exit 1
fi
if [[ $(conf_read nginx) == "true" ]]; then
sudo sed -i '/WebinolyCustomHeaders/,/WebinolyCustomHeadersEnd/{/.*/d}' /etc/nginx/common/headers-http.conf
sudo sed -i '/WebinolyCustomHeaders/,/WebinolyCustomHeadersEnd/{/.*/d}' /etc/nginx/common/headers-https.conf
sudo sed -i '/WebinolyCustomHeaders/,/WebinolyCustomHeadersEnd/{/.*/d}' /etc/nginx/common/headers-html.conf
fi
if [[ $custom_headers == "reload" && $(conf_read nginx) == "true" ]]; then
if [[ -s /opt/webinoly/templates/source/custom_header_http_webinoly.data ]]; then
local http="$(sudo grep -E "^add_header .*;$" /opt/webinoly/templates/source/custom_header_http_webinoly.data)"
if [[ -n $http ]]; then
echo "# WebinolyCustomHeaders
$http
# WebinolyCustomHeadersEnd" >> /etc/nginx/common/headers-http.conf
fi
fi
if [[ -s /opt/webinoly/templates/source/custom_header_https_webinoly.data ]]; then
local https="$(sudo grep -E "^add_header .*;$" /opt/webinoly/templates/source/custom_header_https_webinoly.data)"
if [[ -n $https ]]; then
echo "# WebinolyCustomHeaders
$https
# WebinolyCustomHeadersEnd" >> /etc/nginx/common/headers-https.conf
fi
fi
if [[ -s /opt/webinoly/templates/source/custom_header_html_webinoly.data ]]; then
local html="$(sudo grep -E "^add_header .*;$" /opt/webinoly/templates/source/custom_header_html_webinoly.data)"
if [[ -n $html ]]; then
echo "# WebinolyCustomHeaders
$html
# WebinolyCustomHeadersEnd" >> /etc/nginx/common/headers-html.conf
fi
fi
conf_write header-custom true
echo "${gre}Custom Headers successfully configured!${end}"
elif [[ $custom_headers == "reload" ]]; then
conf_write header-custom true
echo "${gre}Custom Headers successfully configured and it will be used next time NGINX is installed!${end}"
else
conf_write header-custom false
echo "${gre}Custom Headers successfully removed!${end}"
fi
}
Reference in a new issue View git blame Copy permalink