File: //proc/self/root/bigscoots/bsi-nginx-dedi.sh
#!/bin/bash
# New Server Install - BigScoots.com
# Install Tools and update system
dnf upgrade almalinux-release --nogpgcheck -y
dnf install epel-release -y
dnf -y --setopt=strict=0 install nano network-scripts ntp mailx pciutils bind-utils traceroute nmap screen yum-utils net-tools dos2unix lshw python python-ctypes iotop ncurses-devel libpcap-devel gcc make wget curl chrony postfix iftop
dnf -y update
systemctl enable chronyd
systemctl start chronyd
chronyc tracking
chronyc sources
# Disabale SELinux and Configure time
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
# Disable IPv6 at runtime
sysctl -w net.ipv6.conf.all.disable_ipv6=1
sysctl -w net.ipv6.conf.default.disable_ipv6=1
# Create persistent sysctl config
cat <<EOF > /etc/sysctl.d/99-disable-ipv6.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
EOF
# Apply the new persistent settings
sysctl -p /etc/sysctl.d/99-disable-ipv6.conf
# Check for raid
grep Personalities /proc/mdstat | grep raid 2>/dev/null
if [ "$?" -eq "0" ]; then
rm -f /etc/cron.daily/raid
kill -9 "$(pgrep mdadm)"
sed -i '/MAILADDR/c\MAILADDR [email protected]' /etc/mdadm.conf
echo "DEVICE partitions" >> /etc/mdadm.conf
echo "/sbin/mdadm --monitor --scan --daemonize" >> /etc/rc.local
/sbin/mdadm --monitor /dev/md125 --test &
sleep 5 ; kill -9 "$(pgrep mdadm)"
/sbin/mdadm --monitor --scan --daemonize
elif [ "$?" -eq "1" ]; then
lshw -C storage | grep "vendor: LSI\|vendor: Broadcom" 2>/dev/null
if [ "$?" -eq "0" ]; then
mkdir -p /tmp/lsi
cd /tmp/lsi || exit
wget https://docs.broadcom.com/docs-and-downloads/raid-controllers/raid-controllers-common-files/8-07-14_MegaCLI.zip
unzip ./*MegaCLI.zip
rpm -ivh ./*inux/MegaCli-*.noarch.rpm
ln -s /opt/MegaRAID/MegaCli/MegaCli64 /sbin/
ln -s /opt/MegaRAID/MegaCli/MegaCli64 /usr/local/sbin/
cd ~ || exit ; wget https://www.bigscoots.com/downloads/lsi.zip ; unzip lsi.zip
chmod +x lsi.sh
(crontab -l ; echo "0 * * * * ~/lsi.sh checkNemail") | crontab - .
rm -f /etc/cron.daily/raid
fi
fi
sed -ie 's/#Port.*[0-9]$/Port 2222/gI' /etc/ssh/sshd_config
sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin yes/PermitRootLogin without-password/g' /etc/ssh/sshd_config
#PHPVER=$(curl -s http://php.net/downloads.php |grep -o "php-7.2.[0-9]*.tar.gz" | sed 's/php-//g; s/.tar.gz//g' | uniq)
#PHPVER_REPLACE=$(grep PHP_VERSION betainstaller.sh | sed 's/# //g' | sed "s/PHP_VERSION='[0-9].*'/PHP_VERSION='$PHPVER'/g")
#sed -i '/PHP_VERSION/c\'"$PHPVER_REPLACE" betainstaller.sh
mkdir -p /etc/centminmod
{
echo NGXDYNAMIC_BROTLI='y'
echo NGINX_LIBBROTLI='y'
echo ZSTD_LOGROTATE_NGINX='y'
echo ZSTD_LOGROTATE_PHPFPM='y'
echo MARIADB_INSTALLTENTHREE='y'
echo PHP_BROTLI='y'
echo PHP_LZFOUR='y'
echo PHP_LZF='y'
echo PHP_ZSTD='y'
echo PHPFINFO='y'
echo DISABLE_IPVSIX='y'
echo LETSENCRYPT_DETECT='y'
echo "DUALCERTS='y'"
} >> /etc/centminmod/custom_config.inc
cd /root
curl -O https://centminmod.com/installer82.sh && chmod 0700 installer82.sh
sed -i '/^ exit$/d' /root/installer82.sh
bash /root/installer82.sh
export EDITOR=nano
timedatectl set-timezone America/Chicago
sed -i '/UDPFLOOD = /c\UDPFLOOD = "0"' /etc/csf/csf.conf
sed -i '/PORTFLOOD = "21/c\PORTFLOOD = ""' /etc/csf/csf.conf
sed -i '/LF_FTPD = "3"/c\LF_FTPD = "25"' /etc/csf/csf.conf
sed -i '/^TLS/c\TLS 1' /etc/pure-ftpd/pure-ftpd.conf
csf -ra
/bin/systemctl restart pure-ftpd.service
touch /etc/centminmod/email-primary.ini
touch /etc/centminmod/email-secondary.ini
echo "root" > /etc/centminmod/email-primary.ini
echo "root" > /etc/centminmod/email-secondary.ini
sed -i '/#root/c\root: /dev/null' /etc/aliases
newaliases
ln -s /usr/local/bin/php /usr/sbin/php
rm -rf /usr/local/nginx/conf/conf.d/demodomain.com.conf /home/nginx/domains/demodomain.com
yum -y install redis lftp --enablerepo=remi --disableplugin=priorities
echo "set ftp:ssl-allow false" >> /etc/lftp.conf
systemctl enable redis
systemctl start redis
cd /
mkdir -p /root/.bigscoots
wget -q -O /root/.bigscoots/rkey https://bigscoots.com/downloads/rkey --no-check-certificate
chmod 600 /root/.bigscoots/rkey
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -q -N "" <<< y >/dev/null 2>&1
fupdate() {
if [[ -d "${BS_INSTALLDIR}/.git" ]]
then
cd "${BS_INSTALLDIR}"
git stash
if ! grep -q "^github.com" /root/.ssh/known_hosts >/dev/null 2>&1
then
ssh-keyscan github.com >> /root/.ssh/known_hosts
fi
git pull [email protected]:jcatello/bigscoots.git
else
rm -rf "${BS_INSTALLDIR}"
cd /
if ! grep -q "^github.com" /root/.ssh/known_hosts >/dev/null 2>&1
then
ssh-keyscan github.com >> /root/.ssh/known_hosts
fi
git clone [email protected]:jcatello/bigscoots.git
fi
}
ghubsshconf() {
cat <<EOT >> /root/.ssh/config
Host github.com
HostName github.com
IdentityFile /root/.bigscoots/rkey
EOT
}
rm -rf /bigscoots
if [ ! -f /root/.ssh/config ]
then
touch /root/.ssh/config
chmod 600 /root/.ssh/config
ghubsshconf
elif
! grep -q github.com /root/.ssh/config
then
ghubsshconf
fi
fupdate
chown -R nginx: /var/log/php-fpm
serverip=$($(which ifconfig) | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*' | grep -v '127.0.0.1' | head -1)
sed -i '/inet_protocols/c\inet_protocols = ipv4' /etc/postfix/main.cf
systemctl restart postfix
# crontab -l | { cat; echo "* * * * * /bigscoots/chkphpfpm_nginx"; } | crontab -
crontab -l | { cat; echo "0 */8 * * * /bigscoots/wpo_backups_ovz.sh"; } | crontab -
crontab -l | { cat; echo "*/15 * * * * /bigscoots/mon_disk.sh"; } | crontab -
crontab -l | { cat; echo "* * * * * /bigscoots/wpo_servicechk.sh"; } | crontab -
crontab -l | { cat; echo "0 */6 * * * /usr/bin/cmupdate 2>/dev/null ; /bigscoots/wpo_update.sh 2>/dev/null"; } | crontab -
crontab -l | sed 's/.*autoprotect/#&/' | crontab -
sed -i 's/#include \/usr\/local\/nginx\/conf\/cloudflare.conf;/include \/usr\/local\/nginx\/conf\/cloudflare.conf;/g' /usr/local/nginx/conf/nginx.conf
/usr/local/src/centminmod/tools/csfcf.sh auto
cat <<EOT >> /usr/local/nginx/conf/cloudflare_customips.conf
# Sucuri
set_real_ip_from 208.109.0.0/22;
set_real_ip_from 66.248.200.0/22;
set_real_ip_from 192.88.134.0/23;
set_real_ip_from 185.93.228.0/22;
set_real_ip_from 192.124.249.0/24;
EOT
mkdir -p /root/.bigscoots/php/
echo '/home/nginx/domains/*.bigscoots-staging.com/public/*' >> /root/.bigscoots/php/opcache-blacklist.txt
/bigscoots/wpo/extras/phpmyadmin.sh install
yum -y remove mlocate
BSPATH=/root/.bigscoots
mkdir -p "$BSPATH"
touch "$BSPATH"/backupinfo
echo "destination=local" >> "$BSPATH"/backupinfo
/usr/bin/cmupdate 2>/dev/null ; /bigscoots/wpo_update.sh 2>/dev/null ; /bigscoots/wpo_update.sh 2>/dev/null
bash /usr/local/src/centminmod/tools/jetpackips.sh
touch /root/.bigscoots/wpo.installed
bash /bigscoots/general/slack.sh "#team-chat" ":warning: $(hostname) - ${serverip} - WPO Dedi install completed on $newip" 2>&1 /root/.bigscoots/ovzinstaller.log