Skip to content

Instantly share code, notes, and snippets.

@nntoan

nntoan/runcloud_installer.sh

Created March 26, 2019 16:49
Show Gist options
  • Save nntoan/2733f083585facaa6e51927cd56e36aa to your computer and use it in GitHub Desktop.
Save nntoan/2733f083585facaa6e51927cd56e36aa to your computer and use it in GitHub Desktop.
Download ZIP
runcloud_installer.sh
Raw
runcloud_installer.sh
#!/bin/bash
#
#
# RunCloud installer script for server AlmarDental Production (103.101.163.205)
# Do not use in other server
OSNAME=`lsb_release -s -i`
OSVERSION=`lsb_release -s -r`
OSCODENAME=`lsb_release -s -c`
SUPPORTEDVERSION="16.04 18.04"
PHPCLIVERSION="php73rc"
INSTALLPACKAGE="nginx-rc apache2-rc runcloud-agent curl git wget mariadb-server expect nano openssl redis-server python-setuptools python-pip perl zip unzip net-tools bc fail2ban augeas-tools libaugeas0 augeas-lenses firewalld build-essential acl memcached beanstalkd passwd unattended-upgrades postfix nodejs make "
function ReplaceWholeLine {
sed -i "s/$1.*/$2/" $3
}
function ReplaceTrueWholeLine {
sed -i "s/.*$1.*/$2/" $3
}
function checkServiceInstalled {
if rpm -qa | grep -q $1; then
return 1
else
return 0
fi
}
function RandomString {
head /dev/urandom | tr -dc _A-Za-z0-9 | head -c55
}
function FixAutoUpdate() {
AUTOUPDATEFILE50="/etc/apt/apt.conf.d/50unattended-upgrades"
AUTOUPDATEFILE20="/etc/apt/apt.conf.d/20auto-upgrades"
sed -i 's/Unattended-Upgrade::Allowed-Origins {/Unattended-Upgrade::Allowed-Origins {\n "RunCloud:${distro_codename}";/g' $AUTOUPDATEFILE50
ReplaceTrueWholeLine "\"\${distro_id}:\${distro_codename}-security\";" " \"\${distro_id}:\${distro_codename}-security\";" $AUTOUPDATEFILE50
ReplaceTrueWholeLine "\/\/Unattended-Upgrade::AutoFixInterruptedDpkg" "Unattended-Upgrade::AutoFixInterruptedDpkg \"true\";" $AUTOUPDATEFILE50
ReplaceTrueWholeLine "\/\/Unattended-Upgrade::Remove-Unused-Dependencies" "Unattended-Upgrade::Remove-Unused-Dependencies \"true\";" $AUTOUPDATEFILE50
echo -ne "\n\n
Dpkg::Options {
\"--force-confdef\";
\"--force-confold\";
}" >> $AUTOUPDATEFILE50
echo "APT::Periodic::Update-Package-Lists \"1\";" > $AUTOUPDATEFILE20
echo "APT::Periodic::Unattended-Upgrade \"1\";" >> $AUTOUPDATEFILE20
}
function BootstrapInstaller {
rm -f /etc/apt/apt.conf.d/50unattended-upgrades.ucf-dist
apt install software-properties-common apt-transport-https -y
# Install Key
# RunCloud
wget -qO - https://release.runcloud.io/runcloud.key | apt-key add -
# MariaDB
apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
# Install RunCloud Source List
echo "deb [arch=amd64] https://release.runcloud.io/ $OSCODENAME main" > /etc/apt/sources.list.d/runcloud.list
# LTS version nodejs
curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
if [[ "$OSCODENAME" == 'xenial' ]]; then
add-apt-repository 'deb [arch=amd64] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.2/ubuntu xenial main'
add-apt-repository 'deb [arch=amd64] http://sfo1.mirrors.digitalocean.com/mariadb/repo/10.2/ubuntu xenial main'
INSTALLPACKAGE+="php55rc php55rc-essentials php56rc php56rc-essentials php70rc php70rc-essentials php71rc php71rc-essentials php72rc php72rc-essentials php73rc php73rc-essentials"
elif [[ "$OSCODENAME" == 'bionic' ]]; then
add-apt-repository 'deb [arch=amd64] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.2/ubuntu bionic main'
add-apt-repository 'deb [arch=amd64] http://sfo1.mirrors.digitalocean.com/mariadb/repo/10.2/ubuntu bionic main'
NSTALLPACKAGE+="php70rc php70rc-essentials php71rc php71rc-essentials php72rc php72rc-essentials php73rc php73rc-essentials"
fi
# APT PINNING
echo "Package: *
Pin: release o=MariaDB
Pin-Priority: 900" > /etc/apt/preferences
}
function EnableSwap {
totalRAM=`grep MemTotal /proc/meminfo | awk '{print $2}'`
if [[ $totalRAM -lt 4000000 ]]; then # kalau RAM less than 4GB, enable swap
swapEnabled=`swapon --show | wc -l`
if [[ $swapEnabled -eq 0 ]]; then # swap belum enable
# create 2GB swap space
fallocate -l 2G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
# backup fstab
cp /etc/fstab /etc/fstab.bak
# register the swap to fstab
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
fi
fi
}
function InstallPackage {
apt update
apt remove mysql-common --purge -y
apt install $INSTALLPACKAGE -y
}
function CheckingPortAccessible {
echo -ne "\n\n\nChecking if port 34210 is accessible...\n"
# send command to check wait 2 seconds inside jobs before trying
curl -4 -H "Content-Type: application/json" -X POST https://manage.runcloud.io/services/installing/testport/z9hCIXFBVOAK5grdKS5ooerWtP1553618867PNicFCWHLw76T5qOMBIlBL8WFtFgeRVQpYoYPLJSPm9bGNY1eWjDtTOeUVKt8xwt/GhbCq6lb1qdnUydijLE9dqTND4WSpVAjjMyQdS9N36PmRy2Dy8qh1ThLcS6E3ShVDM1J7X96x973cx1q5WZbDvzousNeXivPBbTjKnHxCTGyGb0Jib2JGhdNuxPC2Yw8
if [[ "$OSCODENAME" == 'xenial' ]]; then
timeout 15 bash -c "echo -e 'HTTP/1.1 200 OK\r\n' | nc -l 34210"
else
timeout 15 bash -c "echo -e 'HTTP/1.1 200 OK\r\n' | nc -N -l 34210"
fi
ncstatus=$?
if [[ $ncstatus -ne 0 ]]; then
clear
echo -ne "\n
##################################################
# Unable to connect through port 34210 inside #
# this server. Please disable firewall for this #
# port and rerun the installation script again! #
##################################################
\n\n\n
"
exit 1
fi
}
function BootstrapSupervisor {
export LC_ALL=C
pip install supervisor
echo_supervisord_conf > /etc/supervisord.conf
echo -ne "\n\n\n[include]\nfiles=/etc/supervisor.d/*.conf\n\n" >> /etc/supervisord.conf
mkdir -p /etc/supervisor.d
echo "[Unit]
Description=supervisord - Supervisor process control system for UNIX
Documentation=http://supervisord.org
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/bin/supervisord -c /etc/supervisord.conf
ExecReload=/usr/local/bin/supervisorctl reload
ExecStop=/usr/local/bin/supervisorctl shutdown
User=root
[Install]
WantedBy=multi-user.target" > /etc/systemd/system/supervisord.service
systemctl daemon-reload
}
function BootstrapFail2Ban {
echo "# RunCloud Server API configuration file
#
# Author: Ahmad Fikrizaman
#
[Definition]
failregex = Authentication error from <HOST>" > /etc/fail2ban/filter.d/runcloud-agent.conf
echo "[DEFAULT]
ignoreip = 127.0.0.1/8
bantime = 36000
findtime = 600
maxretry = 5
[sshd]
enabled = true
logpath = %(sshd_log)s
port = 22
banaction = iptables
[sshd-ddos]
enabled = true
logpath = %(sshd_log)s
banaction = iptables-multiport
[runcloud-agent]
enabled = true
logpath = /var/log/runcloud.log
port = 34210
banaction = iptables
maxretry = 2" > /etc/fail2ban/jail.local
}
function BootstrapMariaDB {
mkdir -p /tmp/lens
wget $RUNCLOUDURL/files/lenses/augeas-mysql.aug -O /tmp/lens/mysql.aug
ROOTPASS=$(RandomString)
# Start mariadb untuk initialize
systemctl start mysql
SECURE_MYSQL=$(expect -c "
set timeout 5
spawn mysql_secure_installation
expect \"Enter current password for root (enter for none):\"
send \"\r\"
expect \"Change the root password?\"
send \"y\r\"
expect \"New password:\"
send \"$ROOTPASS\r\"
expect \"Re-enter new password:\"
send \"$ROOTPASS\r\"
expect \"Remove anonymous users?\"
send \"y\r\"
expect \"Disallow root login remotely?\"
send \"y\r\"
expect \"Remove test database and access to it?\"
send \"y\r\"
expect \"Reload privilege tables now?\"
send \"y\r\"
expect eof
")
echo "$SECURE_MYSQL"
/usr/bin/augtool -I /tmp/lens/ <<EOF
set /files/etc/mysql/my.cnf/target[ . = "client" ]/user root
set /files/etc/mysql/my.cnf/target[ . = "client" ]/password $ROOTPASS
set /files/etc/mysql/my.cnf/target[ . = "mysqld" ]/bind-address 0.0.0.0
set /files/etc/mysql/conf.d/mariadb.cnf/target[ . = "mysqld" ]/innodb_file_per_table 1
set /files/etc/mysql/conf.d/mariadb.cnf/target[ . = "mysqld" ]/max_connections 100000
set /files/etc/mysql/conf.d/mariadb.cnf/target[ . = "mysqld" ]/query_cache_size 80M
set /files/etc/mysql/conf.d/mariadb.cnf/target[ . = "mysqld" ]/query_cache_type 1
set /files/etc/mysql/conf.d/mariadb.cnf/target[ . = "mysqld" ]/query_cache_limit 2M
set /files/etc/mysql/conf.d/mariadb.cnf/target[ . = "mysqld" ]/query_cache_min_res_unit 2k
set /files/etc/mysql/conf.d/mariadb.cnf/target[ . = "mysqld" ]/thread_cache_size 60
save
EOF
}
function BootstrapWebApplication {
USER="runcloud"
RUNCLOUDPASSWORD=$(RandomString)
HOMEDIR="/home/$USER/"
groupadd users-rc
adduser --disabled-password --gecos "" $USER
usermod -a -G users-rc $USER
echo "$USER:$RUNCLOUDPASSWORD" | chpasswd
chmod 755 /home
mkdir -p $HOMEDIR/logs/{nginx,apache2,fpm}
# FACL
setfacl -m g:users-rc:x /home
setfacl -Rm g:users-rc:- /home/$USER
setfacl -Rm g:users-rc:- /etc/mysql
setfacl -Rm g:$USER:rx /home/$USER/logs
mkdir -p /opt/RunCloud/{.ssh,letsencrypt}
echo "-----BEGIN DH PARAMETERS-----
MIICCAKCAgEAzZmGWVJjBWNtfh1Q4MrxFJ5uwTM6xkllSewPOdMq5BYmXOFAhYMr
vhbig5AJHDexbl/VFp64S6JaokQRbTtiibBfHV92LCK9hVRJ2eB7Wlg6t5+YYjKc
QiNxQ/uvSG3eqmAAr39V3oUWxeyCj/b1WdUVkDuKdJyHevDgfaoyFl7JHymxwvrn
HR9/x7lH5o2Uhl60uYaZxlhzbbrqMU/ygx9JCj6trL5C5pv9hpH+2uJdvkp/2NJj
BJCwiHmLMlfqXA3H8/T7L0vn/QLk1JUmqQeGdvZFqEmCe//LAT8llGofawtOUUwT
v65K1Ovagt7R9iu+nOFIh6XPsLVLemq2HFy+amk+Ti4UZ+EJxvO+s84LxSvAqjsk
clEE2v+AlIbe8Hjo6YzubXtqSrFLD049kxocPdQXqbDbvlI6br1UjYgWl08upKSZ
fIwCFFsqwE4y7zRg1VY7MKc0z6MCBU7om/gI4xlPSSBxAP1fN9hv6MbSV/LEvWxs
pFyShqTqefToDKiegPpqBs8LAsOtuH78eSm18SgKYpVPL1ph0VhhbphbsmKxmqaU
+EP6bSOc2tTwCMPWySQslHN4TdbsiQJE/gJuVeaCLM1+u4sd0rU9NQblThPuOILp
v03VfaTd1dUF1HmcqJSl/DYeeBVYjT8GtAKWI5JrvCKDIPvOB98xMysCAQI=
-----END DH PARAMETERS-----" > /etc/nginx-rc/dhparam.pem
}
function BootstrapAgent {
AGENTLOCATION="/RunCloud/Packages/RunCloudAgent"
cp $AGENTLOCATION/config.json.example $AGENTLOCATION/config.json
sed -i "s/{SERVERID}/z9hCIXFBVOAK5grdKS5ooerWtP1553618867PNicFCWHLw76T5qOMBIlBL8WFtFgeRVQpYoYPLJSPm9bGNY1eWjDtTOeUVKt8xwt/g" $AGENTLOCATION/config.json
sed -i "s/{SERVERKEY}/GhbCq6lb1qdnUydijLE9dqTND4WSpVAjjMyQdS9N36PmRy2Dy8qh1ThLcS6E3ShVDM1J7X96x973cx1q5WZbDvzousNeXivPBbTjKnHxCTGyGb0Jib2JGhdNuxPC2Yw8/g" $AGENTLOCATION/config.json
chmod 600 $AGENTLOCATION/config.json
mkdir -p $AGENTLOCATION/ssl/
echo "-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA2wp8f/QdykbdxR8/gerclQyPUwQosMN4wR/xtMYMbH5C53v7
QwnRLy/9lw4l7UrzJwMnwIzkkSGr4qblMG+QOKgz/nqW8nXvCbio+UvTbfxScykw
VPR1jllF3cBNvIDhUO6zX1VROvRVNLqlH8lEAX9XaDS+UPI2x0m7MSivAl0DE4yC
GNvcaxuLyLBtWsbO6YPxy4Pfw+n0OYaaDshww+UwUKsWi8f2FZ6qbJoQMgb2qSww
++t0D35Xxy61hllSOs+mkGZbzd1lhQ3A/ybUdi6ABG6nW2l2GM9K1whC/8ZrzWtP
b0NsTks80etcf7gTJ4mPJPoD3GeNiyXUVGYt8QIDAQABAoIBAHJI7GCObCSoCPna
rfYJJoIWBYnY96oSsySAmEorszvAPQQuahC2RJCMR5HS7fL7UhaezNToLjGTEe22
CorVCrik+kvihnOHGOtHj9JSv8P5DMPNT8xjqBpXdd6XgXfC/syNXsV07GcIKJTU
dWc6SeNGH8LdEheF6RLd429ovLdL/R47l3GvQ7oW78uJ+7qMbz1I8EzWKa4EJawI
vOB5vj5kNr3639rx55+HoqffT8cgrtPLoUcAmPGUc6ZHXcb9NK1yMOh+UJV8tGSV
xScJYlmR56+Fs9V7kLMxHkRHV22p7xe4GZcE1fzB2seZ7uYUf3qY4ijnWRkpeSAB
S8ja3oECgYEA9GkiV9szW1eVRa+pCDbIqxFZYtEubWZ67jUN/J/Mc/krqTrBMMow
AC01VxGvefPH6Qy5vPjDyX5T0+Rzx+y96/tG/JX42mtfHyeLzxZmXY0/i0uAjBpX
VeRKJ1XZ3GTNL2OHsYj3hhAp3XVzJD8MUMYOX2vr3HrRxHx75E6d6CkCgYEA5W1k
kT+KIKre23QomLhNi6RbY8vaWL6B6EOUtpRpxFdZ8a4AUFpmGE5Tawv2QPdnXKMX
gwLL6OZiV3vuJtNd83y9EXRFo2A1KSR82yDtjc/hi50N4oLad+YLwOT3grPwYYzb
p/fjFAEhRWqZYc29Xw3aJFg9tZRisaw5wjAbcIkCgYEAhYiDSPjsADXDyoUElwZH
cJ9T9NdQxFi/RTIbaDBuZdZ28ki1kFCHFTGd+Oois0BrsnpPaF2JqqaoahZg45QG
1807pXjSs5MCL2VNz2DvoKExXIttuh4SJU1K7l7LXsx8Bi4czvSEN+zQ0rv+ookH
04HCDIRMIvO/c9iHX99MCrECgYB9foDsEl1z0QNl9vvdzbJdF+IFjJQ6xro4Wf8W
f8f65e0FDbCOQ2RlFzL58ukYUDvxqCRMPVNcaeiRAfEau7NAZJLm4TrWSuHJR3Qk
SLaoQ3WT8KyPohPuUZ9MO/JHRDXQpkPgdO95GcUhO1X68ZcMT39rMflPQYNavGI7
niTkQQKBgQCswO5qIUTfoAjqVvtE6zN5DyfzkLp0PKQ93lPHpUvC15iHRfbRxqdl
YXvnlodMguvf6rQkzpaIbeJtflSwTmIRiHNm4JWo/QOvJySL4JkqARFjW1lcH6tk
dypO3u2AGXIZ0K/9j7mixLAk4luuJ14lqzqLzhGX8qfHJSkvIIuqCw==
-----END RSA PRIVATE KEY-----" > $AGENTLOCATION/ssl/server.key
echo "-----BEGIN CERTIFICATE-----
MIIEHDCCAwSgAwIBAgIUCITJhP8pputtlII4BOPqTcKjEGMwDQYJKoZIhvcNAQEL
BQAwgaoxCzAJBgNVBAYTAk1ZMQ4wDAYDVQQIDAVKb2hvcjEPMA0GA1UEBwwGU2t1
ZGFpMRwwGgYDVQQKDBNDb29sIENvZGUgU2RuLiBCaGQuMREwDwYDVQQLDAhSdW5D
bG91ZDEnMCUGA1UEAwweUnVuQ2xvdWQgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSAw
HgYJKoZIhvcNAQkBFhFmaWtyaUBydW5jbG91ZC5pbzAgFw0xOTAzMjQxNjQ3NDda
GA85OTk5MTIzMTIzNTk1OVowgYsxCzAJBgNVBAYMAk1ZMQ4wDAYDVQQIDAVKb2hv
cjEPMA0GA1UEBwwGU2t1ZGFpMRwwGgYDVQQKDBNDb29sIENvZGUgU2RuLiBCaGQu
MSMwIQYDVQQLDBpSdW5DbG91ZCBTZXJ2ZXIgQVJ1bkNsb3VkMTEYMBYGA1UEAwwP
MTAzLjEwMS4xNjMuMjA1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
2wp8f/QdykbdxR8/gerclQyPUwQosMN4wR/xtMYMbH5C53v7QwnRLy/9lw4l7Urz
JwMnwIzkkSGr4qblMG+QOKgz/nqW8nXvCbio+UvTbfxScykwVPR1jllF3cBNvIDh
UO6zX1VROvRVNLqlH8lEAX9XaDS+UPI2x0m7MSivAl0DE4yCGNvcaxuLyLBtWsbO
6YPxy4Pfw+n0OYaaDshww+UwUKsWi8f2FZ6qbJoQMgb2qSww++t0D35Xxy61hllS
Os+mkGZbzd1lhQ3A/ybUdi6ABG6nW2l2GM9K1whC/8ZrzWtPb0NsTks80etcf7gT
J4mPJPoD3GeNiyXUVGYt8QIDAQABo1UwUzAOBgNVHQ8BAf8EBAMCBeAwDwYDVR0T
AQH/BAUwAwIBADAPBgNVHREECDAGhwRnZaPNMB8GA1UdIwQYMBaAFHq6We761kAA
eZeMy5OuerSqODBFMA0GCSqGSIb3DQEBCwUAA4IBAQBOB0nNRcYQAaIoB06YJw9m
ffYLdJDmijqBRKDCxEt0PnsRKKpZmabfvLaAuuAf7qc9jctovPVJSTfWIvXV2dy3
B4ICxiuW9P1RYI3nx7du/1nIRjNBU3jK1JSibF+E6//jyBHwovNXuWhXrNgJYiin
oMIeiOP0qLSCPL78SjFPEIlmkEbFA3/kaf46ywl4Ul0N0Xw+qPI/8tZuAaby7XHM
nxpJL4j2CYnYX1z+d0YyfqpZxiYt7JTxMFlL779nh0/d9AY27spl4kE6KG/TCgqK
aRwY8d/UQL3YYc/ybwHuCk56UgeYpk1Hv6+tcmKUJRJEU13Ge6gRnzeK0qujCdyO
-----END CERTIFICATE-----" > $AGENTLOCATION/ssl/server.crt
echo "-----BEGIN CERTIFICATE-----
MIIEOzCCAyOgAwIBAgIJAKUwNSAp1Rc0MA0GCSqGSIb3DQEBCwUAMIGqMQswCQYD
VQQGEwJNWTEOMAwGA1UECAwFSm9ob3IxDzANBgNVBAcMBlNrdWRhaTEcMBoGA1UE
CgwTQ29vbCBDb2RlIFNkbi4gQmhkLjERMA8GA1UECwwIUnVuQ2xvdWQxJzAlBgNV
BAMMHlJ1bkNsb3VkIENlcnRpZmljYXRlIEF1dGhvcml0eTEgMB4GCSqGSIb3DQEJ
ARYRZmlrcmlAcnVuY2xvdWQuaW8wIBcNMTYwOTE2MTQyMTU3WhgPMjExNjA4MjMx
NDIxNTdaMIGqMQswCQYDVQQGEwJNWTEOMAwGA1UECAwFSm9ob3IxDzANBgNVBAcM
BlNrdWRhaTEcMBoGA1UECgwTQ29vbCBDb2RlIFNkbi4gQmhkLjERMA8GA1UECwwI
UnVuQ2xvdWQxJzAlBgNVBAMMHlJ1bkNsb3VkIENlcnRpZmljYXRlIEF1dGhvcml0
eTEgMB4GCSqGSIb3DQEJARYRZmlrcmlAcnVuY2xvdWQuaW8wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQC5Dhcl1VuuJcERr/Pz2Y9TNwI92/HGhNeib9+U
+vgYccKrWlzS477JOnDbeWq6COS6oCNgVugJwHPgd5jBs8qbe4L9LcvdHvGiBQ/j
s+Gbq0x0/DIAqYVot5G9T2EW9Nao6YTbXaNs8fEWHaWiQsDK9jVYLaHmCFdVk13t
PkG/0i2qc52PO1911fQ+iXNpt3HiOThWpUawPIV/IpFXjWar7wsZhEp9S5VdbsQL
iyluEDSlElBBj8FylaACc45gYn1m/YClGQPNdaOXK/O1F8TvOjRqkkUKLy5en4D7
YImjnnYkYNqOw+IBbylUytq0XdbT9QvBUzT6xbNwUqB6adM9AgMBAAGjYDBeMB0G
A1UdDgQWBBR6ulnu+tZAAHmXjMuTrnq0qjgwRTAfBgNVHSMEGDAWgBR6ulnu+tZA
AHmXjMuTrnq0qjgwRTAMBgNVHRMEBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkq
hkiG9w0BAQsFAAOCAQEAQK1lDleSMV/VCWaMQXK+R7IqY3dl2yYX12Vd9iF+0/Be
TiLgROoHWA527lHVZzaDm73F3ciayS3cnl8+pER8l0QSjGB4a2SD/Wn8FJ1Tsl+j
S6M++lSjeP358nVXjGkDFCmhTjEO5CNgZkb7w6IbjDfh6FkFAoY5F2SASoZpqxLV
w6KrK6vqdTmd+yfwFDtcheyUJvPM3l6hHVzjDOvROT4DMvZ9EictQrDYugDlBwW+
DjdGBnzCDaozBMND0sS/1IDm9fM6jaABjC1mNw9cAV6yvVQn4Jn/scKt6McgpGew
xmR8AAA7gTrrNnEkeRR8JxLiRTipWjykUwFIkRkreg==
-----END CERTIFICATE-----
" > $AGENTLOCATION/ssl/ca.crt
sleep 1
cat $AGENTLOCATION/ssl/server.crt $AGENTLOCATION/ssl/ca.crt > $AGENTLOCATION/ssl/bundle.crt
chmod 600 $AGENTLOCATION/ssl/server.key
}
function BootstrapFirewall {
# Stop iptables
systemctl stop iptables
systemctl stop ip6tables
systemctl mask iptables
systemctl mask ip6tables
# remove ufw
apt-get remove ufw -y
# Start firewalld
systemctl enable firewalld
systemctl start firewalld
# Add runcloud service to firewalld
echo "<?xml version=\"1.0\" encoding=\"utf-8\"?>
<service>
<short>RunCloud Agent (RCA)</short>
<description>Allow your server and RunCloud service to communicate to each other.</description>
<port protocol=\"tcp\" port=\"34210\"/>
</service>" > /etc/firewalld/services/rcsa.xml
echo "<?xml version=\"1.0\" encoding=\"utf-8\"?>
<zone>
<short>RunCloud</short>
<description>Default zone to use with RunCloud Server</description>
<service name=\"rcsa\"/>
<service name=\"dhcpv6-client\"/>
<port protocol=\"tcp\" port=\"22\"/>
<port protocol=\"tcp\" port=\"80\"/>
<port protocol=\"tcp\" port=\"443\"/>
</zone>" > /etc/firewalld/zones/runcloud.xml
sleep 3
firewall-cmd --reload # reload to get rcsa
firewall-cmd --set-default-zone=runcloud
firewall-cmd --reload # reload to enable new config
}
function InstallComposer {
ln -s /RunCloud/Packages/$PHPCLIVERSION/bin/php /usr/bin/php
source /etc/profile.d/runcloudpath.sh
# php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
wget -4 https://getcomposer.org/installer -O composer-setup.php
php composer-setup.php
php -r "unlink('composer-setup.php');"
mv composer.phar /usr/sbin/composer
}
function RegisterPathAndTweak {
echo "#!/bin/sh
export PATH=/RunCloud/Packages/httpd-rc/bin:\$PATH" > /etc/profile.d/runcloudpath.sh
echo fs.inotify.max_user_watches=524288 | tee -a /etc/sysctl.conf && sysctl -p
echo net.core.somaxconn = 65536 | tee -a /etc/sysctl.conf && sysctl -p
echo net.ipv4.tcp_max_tw_buckets = 1440000 | tee -a /etc/sysctl.conf && sysctl -p
echo vm.swappiness=10 | tee -a /etc/sysctl.conf && sysctl -p
echo vm.vfs_cache_pressure=50 | tee -a /etc/sysctl.conf && sysctl -p
echo vm.overcommit_memory=1 | tee -a /etc/sysctl.conf && sysctl -p
/usr/bin/augtool <<EOF
set /files/etc/ssh/sshd_config/UseDNS no
set /files/etc/ssh/sshd_config/PasswordAuthentication yes
set /files/etc/ssh/sshd_config/PermitRootLogin yes
save
EOF
systemctl restart sshd
}
function BootstrapSystemdService {
systemctl enable runcloud-agent
systemctl start runcloud-agent
systemctl disable supervisord
systemctl stop supervisord
systemctl disable redis-server
systemctl stop redis-server
systemctl disable memcached
systemctl stop memcached
systemctl disable beanstalkd
systemctl stop beanstalkd
# Fix fail2ban
touch /var/log/runcloud.log
systemctl enable fail2ban
systemctl start fail2ban
systemctl restart fail2ban
systemctl enable mysql
systemctl restart mysql
}
RUNCLOUDURL="https://manage.runcloud.io"
locale-gen en_US en_US.UTF-8
export LANGUAGE=en_US.utf8
export LC_ALL=en_US.utf8
export DEBIAN_FRONTEND=noninteractive
# Checker
if [[ $EUID -ne 0 ]]; then
echo "RunCloud installer must be run as root!" 1>&2
exit 1
fi
if [[ "$OSNAME" != "Ubuntu" ]]; then
echo "This installer only support $OSNAME"
exit 1
fi
if [[ $(uname -m) != "x86_64" ]]; then
echo "This installer only support x86_64 architecture"
exit 1
fi
grep -q $OSVERSION <<< $SUPPORTEDVERSION
if [[ $? -ne 0 ]]; then
echo "This installer does not support $OSNAME $OSVERSION"
exit 1
fi
# Checking open port
CheckingPortAccessible
# Bootstrap the installer
curl -4 -H "Content-Type: application/json" -X POST https://manage.runcloud.io/services/installing/z9hCIXFBVOAK5grdKS5ooerWtP1553618867PNicFCWHLw76T5qOMBIlBL8WFtFgeRVQpYoYPLJSPm9bGNY1eWjDtTOeUVKt8xwt/GhbCq6lb1qdnUydijLE9dqTND4WSpVAjjMyQdS9N36PmRy2Dy8qh1ThLcS6E3ShVDM1J7X96x973cx1q5WZbDvzousNeXivPBbTjKnHxCTGyGb0Jib2JGhdNuxPC2Yw8 -d '{"status": "upg"}'
BootstrapInstaller
# Enabling Swap if Not Enabled
curl -4 -H "Content-Type: application/json" -X POST https://manage.runcloud.io/services/installing/z9hCIXFBVOAK5grdKS5ooerWtP1553618867PNicFCWHLw76T5qOMBIlBL8WFtFgeRVQpYoYPLJSPm9bGNY1eWjDtTOeUVKt8xwt/GhbCq6lb1qdnUydijLE9dqTND4WSpVAjjMyQdS9N36PmRy2Dy8qh1ThLcS6E3ShVDM1J7X96x973cx1q5WZbDvzousNeXivPBbTjKnHxCTGyGb0Jib2JGhdNuxPC2Yw8 -d '{"status": "sw"}'
sleep 2
EnableSwap
# Install The Packages
curl -4 -H "Content-Type: application/json" -X POST https://manage.runcloud.io/services/installing/z9hCIXFBVOAK5grdKS5ooerWtP1553618867PNicFCWHLw76T5qOMBIlBL8WFtFgeRVQpYoYPLJSPm9bGNY1eWjDtTOeUVKt8xwt/GhbCq6lb1qdnUydijLE9dqTND4WSpVAjjMyQdS9N36PmRy2Dy8qh1ThLcS6E3ShVDM1J7X96x973cx1q5WZbDvzousNeXivPBbTjKnHxCTGyGb0Jib2JGhdNuxPC2Yw8 -d '{"status": "si"}'
sleep 2
InstallPackage
# Supervisor
curl -4 -H "Content-Type: application/json" -X POST https://manage.runcloud.io/services/installing/z9hCIXFBVOAK5grdKS5ooerWtP1553618867PNicFCWHLw76T5qOMBIlBL8WFtFgeRVQpYoYPLJSPm9bGNY1eWjDtTOeUVKt8xwt/GhbCq6lb1qdnUydijLE9dqTND4WSpVAjjMyQdS9N36PmRy2Dy8qh1ThLcS6E3ShVDM1J7X96x973cx1q5WZbDvzousNeXivPBbTjKnHxCTGyGb0Jib2JGhdNuxPC2Yw8 -d '{"status": "sv"}'
sleep 2
BootstrapSupervisor
# Fail2Ban
curl -4 -H "Content-Type: application/json" -X POST https://manage.runcloud.io/services/installing/z9hCIXFBVOAK5grdKS5ooerWtP1553618867PNicFCWHLw76T5qOMBIlBL8WFtFgeRVQpYoYPLJSPm9bGNY1eWjDtTOeUVKt8xwt/GhbCq6lb1qdnUydijLE9dqTND4WSpVAjjMyQdS9N36PmRy2Dy8qh1ThLcS6E3ShVDM1J7X96x973cx1q5WZbDvzousNeXivPBbTjKnHxCTGyGb0Jib2JGhdNuxPC2Yw8 -d '{"status": "cf"}'
sleep 2
BootstrapFail2Ban
# MariaDB
curl -4 -H "Content-Type: application/json" -X POST https://manage.runcloud.io/services/installing/z9hCIXFBVOAK5grdKS5ooerWtP1553618867PNicFCWHLw76T5qOMBIlBL8WFtFgeRVQpYoYPLJSPm9bGNY1eWjDtTOeUVKt8xwt/GhbCq6lb1qdnUydijLE9dqTND4WSpVAjjMyQdS9N36PmRy2Dy8qh1ThLcS6E3ShVDM1J7X96x973cx1q5WZbDvzousNeXivPBbTjKnHxCTGyGb0Jib2JGhdNuxPC2Yw8 -d '{"status": "cm"}'
sleep 2
BootstrapMariaDB
# Web Application
curl -4 -H "Content-Type: application/json" -X POST https://manage.runcloud.io/services/installing/z9hCIXFBVOAK5grdKS5ooerWtP1553618867PNicFCWHLw76T5qOMBIlBL8WFtFgeRVQpYoYPLJSPm9bGNY1eWjDtTOeUVKt8xwt/GhbCq6lb1qdnUydijLE9dqTND4WSpVAjjMyQdS9N36PmRy2Dy8qh1ThLcS6E3ShVDM1J7X96x973cx1q5WZbDvzousNeXivPBbTjKnHxCTGyGb0Jib2JGhdNuxPC2Yw8 -d '{"status": "cu"}'
sleep 2
BootstrapWebApplication
# Auto Update
curl -4 -H "Content-Type: application/json" -X POST https://manage.runcloud.io/services/installing/z9hCIXFBVOAK5grdKS5ooerWtP1553618867PNicFCWHLw76T5qOMBIlBL8WFtFgeRVQpYoYPLJSPm9bGNY1eWjDtTOeUVKt8xwt/GhbCq6lb1qdnUydijLE9dqTND4WSpVAjjMyQdS9N36PmRy2Dy8qh1ThLcS6E3ShVDM1J7X96x973cx1q5WZbDvzousNeXivPBbTjKnHxCTGyGb0Jib2JGhdNuxPC2Yw8 -d '{"status": "au"}'
sleep 2
FixAutoUpdate
# Agent
curl -4 -H "Content-Type: application/json" -X POST https://manage.runcloud.io/services/installing/z9hCIXFBVOAK5grdKS5ooerWtP1553618867PNicFCWHLw76T5qOMBIlBL8WFtFgeRVQpYoYPLJSPm9bGNY1eWjDtTOeUVKt8xwt/GhbCq6lb1qdnUydijLE9dqTND4WSpVAjjMyQdS9N36PmRy2Dy8qh1ThLcS6E3ShVDM1J7X96x973cx1q5WZbDvzousNeXivPBbTjKnHxCTGyGb0Jib2JGhdNuxPC2Yw8 -d '{"status": "cra"}'
sleep 2
BootstrapAgent
# Firewall
curl -4 -H "Content-Type: application/json" -X POST https://manage.runcloud.io/services/installing/z9hCIXFBVOAK5grdKS5ooerWtP1553618867PNicFCWHLw76T5qOMBIlBL8WFtFgeRVQpYoYPLJSPm9bGNY1eWjDtTOeUVKt8xwt/GhbCq6lb1qdnUydijLE9dqTND4WSpVAjjMyQdS9N36PmRy2Dy8qh1ThLcS6E3ShVDM1J7X96x973cx1q5WZbDvzousNeXivPBbTjKnHxCTGyGb0Jib2JGhdNuxPC2Yw8 -d '{"status": "cfd"}'
sleep 2
BootstrapFirewall
# Composer
curl -4 -H "Content-Type: application/json" -X POST https://manage.runcloud.io/services/installing/z9hCIXFBVOAK5grdKS5ooerWtP1553618867PNicFCWHLw76T5qOMBIlBL8WFtFgeRVQpYoYPLJSPm9bGNY1eWjDtTOeUVKt8xwt/GhbCq6lb1qdnUydijLE9dqTND4WSpVAjjMyQdS9N36PmRy2Dy8qh1ThLcS6E3ShVDM1J7X96x973cx1q5WZbDvzousNeXivPBbTjKnHxCTGyGb0Jib2JGhdNuxPC2Yw8 -d '{"status": "ic"}'
sleep 2
InstallComposer
# Tweak
curl -4 -H "Content-Type: application/json" -X POST https://manage.runcloud.io/services/installing/z9hCIXFBVOAK5grdKS5ooerWtP1553618867PNicFCWHLw76T5qOMBIlBL8WFtFgeRVQpYoYPLJSPm9bGNY1eWjDtTOeUVKt8xwt/GhbCq6lb1qdnUydijLE9dqTND4WSpVAjjMyQdS9N36PmRy2Dy8qh1ThLcS6E3ShVDM1J7X96x973cx1q5WZbDvzousNeXivPBbTjKnHxCTGyGb0Jib2JGhdNuxPC2Yw8 -d '{"status": "tw"}'
sleep 2
RegisterPathAndTweak
# Systemd Service
curl -4 -H "Content-Type: application/json" -X POST https://manage.runcloud.io/services/installing/z9hCIXFBVOAK5grdKS5ooerWtP1553618867PNicFCWHLw76T5qOMBIlBL8WFtFgeRVQpYoYPLJSPm9bGNY1eWjDtTOeUVKt8xwt/GhbCq6lb1qdnUydijLE9dqTND4WSpVAjjMyQdS9N36PmRy2Dy8qh1ThLcS6E3ShVDM1J7X96x973cx1q5WZbDvzousNeXivPBbTjKnHxCTGyGb0Jib2JGhdNuxPC2Yw8 -d '{"status": "sta"}'
sleep 2
BootstrapSystemdService
############################# MOTD ##################################
echo "
8888888b. .d8888b. 888 888
888 Y88b d88P Y88b 888 888
888 888 888 888 888 888
888 d88P 888 888 88888b. 888 888 .d88b. 888 888 .d88888
8888888P\" 888 888 888 \"88b 888 888 d88\"\"88b 888 888 d88\" 888
888 T88b 888 888 888 888 888 888 888 888 888 888 888 888 888
888 T88b Y88b 888 888 888 Y88b d88P 888 Y88..88P Y88b 888 Y88b 888
888 T88b \"Y88888 888 888 \"Y8888P\" 888 \"Y88P\" \"Y88888 \"Y88888
- Do not use \"root\" user to create/modify any web app files
- Do not edit any config commented with \"Do not edit\"
Made with ♥ by RunCloud Team
" > /etc/motd
############################# Register ##################################
# Try register as installed
# Don't attempt to try spam this link. Rate limit in action. 1 query per minute and will be block for a minute
sleep 2
curl -4 -H "Content-Type: application/json" -X POST https://manage.runcloud.io/services/firsttimeregister/z9hCIXFBVOAK5grdKS5ooerWtP1553618867PNicFCWHLw76T5qOMBIlBL8WFtFgeRVQpYoYPLJSPm9bGNY1eWjDtTOeUVKt8xwt/GhbCq6lb1qdnUydijLE9dqTND4WSpVAjjMyQdS9N36PmRy2Dy8qh1ThLcS6E3ShVDM1J7X96x973cx1q5WZbDvzousNeXivPBbTjKnHxCTGyGb0Jib2JGhdNuxPC2Yw8
systemctl restart runcloud-agent
###################################### INSTALL SUMMARY #####################################
clear
echo -ne "\n
#################################################
# Finished installation. Do not lose any of the
# data below.
##################################################
\n
\n
\nMySQL ROOT PASSWORD: $ROOTPASS
User: $USER
Password: $RUNCLOUDPASSWORD
\n
\n
You can now manage your server using $RUNCLOUDURL
##########################
# export DEBIAN_FRONTEND=noninteractive; echo 'Acquire::ForceIPv4 "true";' | tee /etc/apt/apt.conf.d/99force-ipv4; apt-get update; apt-get install curl netcat-openbsd -y; apt-get -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" upgrade -y; curl --silent --location https://manage.runcloud.io/script/installer/z9hCIXFBVOAK5grdKS5ooerWtP1553618867PNicFCWHLw76T5qOMBIlBL8WFtFgeRVQpYoYPLJSPm9bGNY1eWjDtTOeUVKt8xwt/GhbCq6lb1qdnUydijLE9dqTND4WSpVAjjMyQdS9N36PmRy2Dy8qh1ThLcS6E3ShVDM1J7X96x973cx1q5WZbDvzousNeXivPBbTjKnHxCTGyGb0Jib2JGhdNuxPC2Yw8 | bash -; export DEBIAN_FRONTEND=newt
##########################
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment