-
Notifications
You must be signed in to change notification settings - Fork 14
/
deploy.sh
executable file
·261 lines (199 loc) · 6.91 KB
/
deploy.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
#!/bin/bash
# This is a work in progress for deploying new MXroute servers
# Variables
HOSTNAME=$1
IFACENAME=$(route | grep default | awk '{print $8}')
IP4=$(/sbin/ip -o -4 addr list $IFACENAME | awk '{print $4}' | cut -d/ -f1)
# Prep for scripts
apt install git net-tools -y
cd /root && git clone https://github.com/mxroute/da_server_updates
for bashscript in $(find /root/da_server_updates ".sh" | grep -v ".git"); do chmod +x $bashscript; done
# Set hostname
hostnamectl set-hostname $HOSTNAME
# Install DirectAdmin
wget https://www.directadmin.com/setup.sh
chmod 755 setup.sh
./setup.sh auto
# Set hostname SSL
cd /usr/local/directadmin/scripts
./letsencrypt.sh request_single $HOSTNAME 4096
cd /usr/local/directadmin
./directadmin set ssl 1
./directadmin set carootcert /usr/local/directadmin/conf/carootcert.pem
./directadmin set ssl_redirect_host $HOSTNAME
service directadmin restart
# Setup custom subdomains
mkdir -p /usr/local/directadmin/data/templates/custom
cat >> /usr/local/directadmin/data/templates/custom/virtual_host2.conf.CUSTOM.4.post <<EOL
</VirtualHost>
<VirtualHost |IP|:|PORT_80| |MULTI_IP|>
ServerName webmail.|DOMAIN|
ServerAdmin |ADMIN|
DocumentRoot /var/www/html/roundcube
CustomLog /var/log/httpd/domains/|DOMAIN|.bytes bytes
CustomLog /var/log/httpd/domains/|DOMAIN|.log combined
ErrorLog /var/log/httpd/domains/|DOMAIN|.error.log
<IfModule !mod_ruid2.c>
SuexecUserGroup webapps webapps
</IfModule>
EOL
cat >> /usr/local/directadmin/data/templates/custom/virtual_host2_secure.conf.CUSTOM.4.post <<EOL
</VirtualHost>
<VirtualHost |IP|:|PORT_443| |MULTI_IP|>
ServerName webmail.|DOMAIN|
ServerAdmin |ADMIN|
DocumentRoot /var/www/html/roundcube
SSLEngine on
SSLCertificateFile |CERT|
SSLCertificateKeyFile |KEY|
|CAROOT|
CustomLog /var/log/httpd/domains/|DOMAIN|.bytes bytes
CustomLog /var/log/httpd/domains/|DOMAIN|.log combined
ErrorLog /var/log/httpd/domains/|DOMAIN|.error.log
<IfModule !mod_ruid2.c>
SuexecUserGroup webapps webapps
</IfModule>
EOL
# Update custombuild
cd /usr/local/directadmin
mv custombuild custombuild_1.x
wget -O custombuild.tar.gz http://files.directadmin.com/services/custombuild/2.0/custombuild.tar.gz
tar xvzf custombuild.tar.gz
cd custombuild
./build
./build all d
./build rewrite_confs
# Set LE defaults
cd /usr/local/directadmin
./directadmin set letsencrypt_list mail:webmail
./directadmin set letsencrypt_list_selected mail:webmail
./directadmin set letsencrypt_max_requests_per_week 20
./directadmin set letsencrypt_multidomain_cert 2
./directadmin set letsencrypt_renewal_success_notice 1
# Custom RBLs
cat >> /etc/exim.strings.conf.custom <<EOL
RBL_DNS_LIST==bl.mxrbl.com
EOL
# Custom Exim variables
cp /root/da_server_updates/exim/exim.variables.conf.custom /etc
# Mail SNI
cd /usr/local/directadmin
echo mail_sni=1 >> conf/directadmin.conf
service directadmin restart
cd custombuild
./build update
./build set eximconf yes
./build set eximconf_release 4.5
./build set dovecot_conf yes
./build exim_conf
./build dovecot_conf
# DKIM
cd /usr/local/directadmin
./directadmin set dkim 1
cd /usr/local/directadmin/custombuild
./build update
./build exim
./build eximconf
# Webmail one-click
cd /usr/local/directadmin
./directadmin set one_click_webmail_login 1
service directadmin restart
cd custombuild
./build update
./build dovecot_conf
./build exim_conf
./build roundcube
# CSF Profile
mv /etc/csf/csf.conf /etc/csf/csf.conf.original
wget https://raw.githubusercontent.com/mxroute/da_server_updates/master/csf.conf -P /etc/csf
yum install unzip -y
unzip csf.zip
csf -r
# Exim plus aliasing
mkdir -p /etc/exim
cat >> /etc/exim/local_part_suffix.conf <<"EOF"
local_part_suffix = +*
local_part_suffix_optional
EOF
# SFTP Backups
yum install sshpass -y
cd /usr/local/directadmin/scripts/custom/
git clone https://github.com/poralix/directadmin-sftp-backups.git
cp -f directadmin-sftp-backups/ftp_download.php ./
cp -f directadmin-sftp-backups/ftp_list.php ./
cp -f directadmin-sftp-backups/ftp_upload.php ./
chmod 700 ftp_*.php
chown diradmin:diradmin ftp_*.php
# Install rspamd
cd /usr/local/directadmin/custombuild
./build update
./build set eximconf yes
./build set eximconf_release 4.5
./build set blockcracking no
./build set easy_spam_fighter yes
./build set spamd rspamd
./build set exim yes
./build exim
./build rspamd
./build exim_conf
# Custom DA Templates
mkdir -p /usr/local/directadmin/data/templates/custom
cat >> /usr/local/directadmin/data/templates/custom/mail_settings.html <<EOL
|LANG_ACCOUNT_READY|:<br><br>
<table class=list cellpadding=3 cellspacing=1>
<tr><td class=list2 align=right><b>|LANG_USERNAME|:</b></td><td class=list2>|USER|@|DOMAIN|</td></tr>
<tr><td class=list align=right><b>|LANG_PASSWORD|:</b></td><td class=list >|EMAIL_PASS|</td></tr>
<tr><td class=list2 align=right><b>|LANG_POP_IMAP|:</b></td><td class=list2>$HOSTNAME</td></tr>
<tr><td class=list align=right><b>|LANG_SMTP|:</b></td><td class=list>$HOSTNAME</td></tr>
</table>
EOL
# Fix IP session tie
/usr/local/directadmin/directadmin set disable_ip_check 1 && systemctl restart directadmin
# Fix WHMCS referrer
echo "https://accounts.mxroute.com" >> /usr/local/directadmin/data/templates/custom/referer_check.allow
systemctl restart directadmin
# Deploy ClamAV
cd /usr/local/directadmin/custombuild
./build update
./build set clamav yes
./build clamav
# Set DA Admin Pass
PASS=$(uuidgen)
echo -e "$PASS\n$PASS" | (passwd --stdin admin)
echo "DA Username: admin" >> /root/creds
echo "DA Password: $PASS" >> /root/creds
unset PASS
chmod 600 /root/creds
# Get packages
#cd /usr/local/directadmin/data/users/admin
#wget https://config.mxroute.com/deploy/packages.zip
yum install unzip -y
#unzip packages.zip
#for i in $(ls /usr/local/directadmin/data/users/admin/packages); do echo $i >> /usr/local/directadmin/data/users/admin/packages.list; done
#sed -i 's/.pkg//g' /usr/local/directadmin/data/users/admin/packages.list
#chown diradmin. /usr/local/directadmin/data/users/admin/packages.list
#chown -R diradmin. /usr/local/directadmin/data/users/admin/packages
# Fix admin skin
sed -i 's/skin=evolution/skin=power_user/g' /usr/local/directadmin/data/users/admin/user.conf
# Disable DA ticket system
rm -f /usr/local/directadmin/data/users/admin/ticket.conf
cat >> /usr/local/directadmin/data/users/admin/ticket.conf <<"EOF"
ON=yes
active=no
html=Follow <a href="https://mxroute.com/support">this link</a> for support.
new=0
newticket=0
EOF
chown diradmin. /usr/local/directadmin/data/users/admin/ticket.conf
# Set Limits
echo "0" > /etc/virtual/limit
echo "7200" > /etc/virtual/user_limit
# Run updates/customizations
sh /root/da_server_updates/exim/update_exim.sh
sh /root/da_server_updates/roundcube/update_roundcube.sh
sh /root/da_server_updates/rspamd/update_rspamd.sh
# Install template customizations
sh /root/da_server_updates/directadmin/updatetheme.sh
# Finisher
echo "Don't forget to add $IP4 to the filter servers and install Crossbox"