zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-05-10 16:58:34 +02:00
Code Issues Projects Releases Packages Wiki Activity
getnamingo-registry/docs/install.sh
Pinga 5156802dc3 Work on #63; hidden software version
2024-01-02 11:06:30 +02:00

297 lines
13 KiB
Bash
Raw Blame History

#!/bin/bash
# Function to prompt for user input
prompt_for_input() {
read -p "$1: " response
echo $response
}
# Function to edit or add a configuration line in php.ini
edit_php_ini() {
local file=$1
local setting=$2
local value=$3
if grep -q "^;\?\s*${setting}\s*=" "$file"; then
sed -i "s/^\(;?\s*${setting}\s*=\).*/\1 ${value}/" "$file"
else
echo "${setting} = ${value}" >> "$file"
fi
}
# Check the Linux distribution and version
if [[ -e /etc/os-release ]]; then
. /etc/os-release
OS=$NAME
VER=$VERSION_ID
fi
# Proceed if it's Ubuntu 22.04 or Debian 12
if [[ ("$OS" == "Ubuntu" && "$VER" == "22.04") || ("$OS" == "Debian GNU/Linux" && "$VER" == "12") ]]; then
# Prompt for details
REGISTRY_DOMAIN=$(prompt_for_input "Enter main domain for registry")
YOUR_IPV4_ADDRESS=$(prompt_for_input "Enter your IPv4 address")
YOUR_IPV6_ADDRESS=$(prompt_for_input "Enter your IPv6 address (leave blank if not available)")
YOUR_EMAIL=$(prompt_for_input "Enter your email for TLS")
DB_TYPE=$(prompt_for_input "Enter preferred database type (MariaDB/PostgreSQL)")
DB_USER=$(prompt_for_input "Enter database user")
DB_PASSWORD=$(prompt_for_input "Enter database password")
PANEL_USER=$(prompt_for_input "Enter panel user")
PANEL_PASSWORD=$(prompt_for_input "Enter panel password")
# Step 1 - Components Installation
echo "Installing required packages..."
apt install -y curl software-properties-common ufw
echo "Adding PHP repository..."
add-apt-repository ppa:ondrej/php
apt install -y debian-keyring debian-archive-keyring apt-transport-https
echo "Setting up Caddy repository..."
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' -o caddy-stable.gpg.key
gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg caddy-stable.gpg.key
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
echo "Updating package lists and upgrading packages..."
apt update && apt upgrade
echo "Installing additional required packages..."
apt install -y bzip2 caddy composer gettext git gnupg2 net-tools php8.2 php8.2-cli php8.2-common php8.2-curl php8.2-ds php8.2-fpm php8.2-gd php8.2-gmp php8.2-gnupg php8.2-igbinary php8.2-imap php8.2-intl php8.2-mbstring php8.2-opcache php8.2-readline php8.2-redis php8.2-soap php8.2-swoole php8.2-uuid php8.2-xml pv redis unzip wget whois
# Set timezone to UTC if it's not already
currentTimezone=$(timedatectl status | grep "Time zone" | awk '{print $3}')
if [ "$currentTimezone" != "UTC" ]; then
echo "Setting timezone to UTC..."
timedatectl set-timezone UTC
fi
# Edit php.ini files
phpIniCli='/etc/php/8.2/cli/php.ini'
phpIniFpm='/etc/php/8.2/fpm/php.ini'
echo "Updating PHP configuration..."
for file in "$phpIniCli" "$phpIniFpm"; do
edit_php_ini "$file" "opcache.enable" "1"
edit_php_ini "$file" "opcache.enable_cli" "1"
edit_php_ini "$file" "opcache.jit_buffer_size" "100M"
edit_php_ini "$file" "opcache.jit" "1255"
edit_php_ini "$file" "session.cookie_secure" "1"
edit_php_ini "$file" "session.cookie_httponly" "1"
edit_php_ini "$file" "session.cookie_samesite" "\"Strict\""
edit_php_ini "$file" "session.cookie_domain" "example.com"
edit_php_ini "$file" "memory_limit" "512M"
done
edit_php_ini "/etc/php/8.2/mods-available/opcache.ini" "opcache.jit" "1255"
edit_php_ini "/etc/php/8.2/mods-available/opcache.ini" "opcache.jit_buffer_size" "100M"
# Restart PHP-FPM service
echo "Restarting PHP 8.2-FPM service..."
systemctl restart php8.2-fpm
echo "PHP configuration update complete!"
if [ "$DB_TYPE" == "MariaDB" ]; then
echo "Setting up MariaDB..."
curl -o /etc/apt/keyrings/mariadb-keyring.pgp 'https://mariadb.org/mariadb_release_signing_key.pgp'
cat > /etc/apt/sources.list.d/mariadb.sources << EOF
# MariaDB 10.11 repository list - created 2023-12-02 22:16 UTC
# https://mariadb.org/download/
X-Repolib-Name: MariaDB
Types: deb
# URIs: https://deb.mariadb.org/10.11/ubuntu
URIs: https://mirrors.chroot.ro/mariadb/repo/10.11/ubuntu
Suites: jammy
Components: main main/debug
Signed-By: /etc/apt/keyrings/mariadb-keyring.pgp
EOF
apt-get update
apt install -y mariadb-client mariadb-server php8.2-mysql
echo "Please follow the prompts for secure installation of MariaDB."
mysql_secure_installation
# Import SQL file into MariaDB, which includes database creation
echo "Importing SQL file into MariaDB..."
mysql -u root < /opt/registry/database/registry.mariadb.sql
echo "SQL import completed."
# Create user and grant privileges
echo "Creating user $DB_USER and setting privileges..."
mysql -u root -e "CREATE USER IF NOT EXISTS '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASSWORD';"
mysql -u root -e "GRANT ALL PRIVILEGES ON registry.* TO '$DB_USER'@'localhost';"
mysql -u root -e "GRANT ALL PRIVILEGES ON registryTransaction.* TO '$DB_USER'@'localhost';"
mysql -u root -e "GRANT ALL PRIVILEGES ON registryAudit.* TO '$DB_USER'@'localhost';"
mysql -u root -e "FLUSH PRIVILEGES;"
elif [ "$DB_TYPE" == "PostgreSQL" ]; then
echo "Setting up PostgreSQL..."
sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
wget -qO- https://www.postgresql.org/media/keys/ACCC4CF8.asc | tee /etc/apt/trusted.gpg.d/pgdg.asc &>/dev/null
apt update
apt install -y postgresql postgresql-client php8.2-pgsql
psql --version
echo "Configuring PostgreSQL..."
sudo -u postgres psql -c "ALTER USER postgres PASSWORD '$DB_PASSWORD';"
sudo -u postgres psql -c "CREATE DATABASE registry;"
fi
mkdir /usr/share/adminer
wget "http://www.adminer.org/latest.php" -O /usr/share/adminer/latest.php
ln -s /usr/share/adminer/latest.php /usr/share/adminer/adminer.php
git clone https://github.com/getnamingo/registry /opt/registry
mkdir -p /var/log/namingo
chown -R www-data:www-data /var/log/namingo
echo "Setting up firewall rules..."
ufw allow 43/tcp
ufw allow 80/tcp
ufw allow 80/udp
ufw allow 443/tcp
ufw allow 443/udp
ufw allow 700/tcp
ufw allow 700/udp
ufw allow 53/tcp
ufw allow 53/udp
# Enable the firewall
echo "Enabling the firewall..."
ufw enable
# Function to generate bind line
generate_bind_line() {
local ipv4=$1
local ipv6=$2
local bind_line="bind $ipv4"
if [ ! -z "$ipv6" ]; then
bind_line="$bind_line $ipv6"
fi
echo $bind_line
}
# Prepare bind line
BIND_LINE=$(generate_bind_line $YOUR_IPV4_ADDRESS $YOUR_IPV6_ADDRESS)
# Update Caddyfile
cat > /etc/caddy/Caddyfile << EOF
rdap.$REGISTRY_DOMAIN {
$BIND_LINE
reverse_proxy localhost:7500
encode gzip
file_server
tls $YOUR_EMAIL
header -Server
header * {
Referrer-Policy "no-referrer"
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-XSS-Protection "1; mode=block"
Content-Security-Policy "default-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; img-src https:; font-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'none'; form-action 'self'; worker-src 'none'; frame-src 'none';"
Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'self'; speaker 'none'; usb 'none'; vr 'none';"
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(self), speaker=(), usb=(), vr=();
}
}
whois.$REGISTRY_DOMAIN {
$BIND_LINE
root * /var/www/whois
encode gzip
php_fastcgi unix//run/php/php8.2-fpm.sock
file_server
tls $YOUR_EMAIL
header -Server
header * {
Referrer-Policy "no-referrer"
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-XSS-Protection "1; mode=block"
Content-Security-Policy: default-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; img-src https:; font-src 'self'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; script-src 'none'; form-action 'self'; worker-src 'none'; frame-src 'none';
Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'self'; speaker 'none'; usb 'none'; vr 'none';"
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(self), speaker=(), usb=(), vr=();
}
}
cp.$REGISTRY_DOMAIN {
$BIND_LINE
root * /var/www/cp/public
php_fastcgi unix//run/php/php8.2-fpm.sock
encode gzip
file_server
tls $YOUR_EMAIL
header -Server
log {
output file /var/log/caddy/access.log
format console
}
log {
output file /var/log/caddy/error.log
level ERROR
}
# Adminer Configuration
route /adminer.php* {
root * /usr/share/adminer
php_fastcgi unix//run/php/php8.2-fpm.sock
}
header * {
Referrer-Policy "same-origin"
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-XSS-Protection "1; mode=block"
Content-Security-Policy: default-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; img-src https:; font-src 'self'; style-src 'self' 'unsafe-inline' https://rsms.me; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/xlsx/0.18.5/; form-action 'self'; worker-src 'none'; frame-src 'none';
Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'self'; speaker 'none'; usb 'none'; vr 'none';"
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(self), speaker=(), usb=(), vr=();
}
}
EOF
systemctl enable caddy
systemctl restart caddy
echo "Control Panel Setup..."
cp -r /opt/registry/cp /var/www/
mv /var/www/cp/env-sample /var/www/cp/.env
# Update .env file with the actual values
echo "Updating configuration..."
sed -i "s|https://cp.example.com|https://cp.$REGISTRY_DOMAIN|g" /var/www/cp/.env
sed -i "s|example.com|$REGISTRY_DOMAIN|g" /var/www/cp/.env
sed -i "s/DB_USERNAME=root/DB_USERNAME=$DB_USER/g" /var/www/cp/.env
sed -i "s/DB_PASSWORD=/DB_PASSWORD=$DB_PASSWORD/g" /var/www/cp/.env
cd /var/www/cp
composer install
echo "Control Panel configured."
mkdir -p /var/www/whois
cd /opt/registry/whois/web
cp -r * /var/www/whois
cd /var/www/whois
composer require gregwar/captcha
mv config.php.dist config.php
echo "Installing WHOIS Server."
cd /opt/registry/whois/port43
composer install
mv config.php.dist config.php
echo "Installing RDAP Server."
cd /opt/registry/rdap
composer install
mv config.php.dist config.php
echo "Installing EPP Server."
cd /opt/registry/epp
composer install
mv config.php.dist config.php
echo "Installing Automation Scripts."
cd /opt/registry/automation
composer install
mv config.php.dist config.php
echo "Installing DAS Server."
cd /opt/registry/das
composer install
mv config.php.dist config.php
echo "Installation complete! Please now configure components according to the instructions and start them one by one."
else
echo "Unsupported Linux distribution or version"
fi
Reference in a new issue View git blame Copy permalink