Добавить 2-install.sh

2025-09-01 20:45:24 +03:00 · 2025-09-01 20:45:24 +03:00 · 0c764b60f7
commit 0c764b60f7
parent 8f8de4bc47
1 changed files with 363 additions and 0 deletions
--- a/2-install.sh
+++ b/2-install.sh
@ -0,0 +1,363 @@
+#!/bin/bash
+
+# wget https://git.kosenka.ru/kosenka/ubuntu.22.04/raw/branch/master/2-install.sh -O 2-install.sh && bash 2-install.sh
+
+# Устанавливаемая версия PHP
+FPM_V="8.2"
+
+# В системе будет создан пользователь: admin
+USERNAME="admin"
+# Email пользователя
+USERNAME_EMAIL="eis-web@rfclass.ru"
+# Пароль пользователя
+USERNAME_PASS="nhb[jgjk#786"
+
+# Имя сайта. Будет создана папка /home/$USERNAME/$SITE_NAME
+SITE_NAME="eis"
+# Путь до папки
+SITE_ROOT="/home/$USERNAME/$SITE_NAME"
+ANGIE_SITECONF="/etc/angie/sites-available/$SITE_NAME.conf"
+ANGIE_ENABLED="/etc/angie/sites-enabled/$SITE_NAME"
+
+# Пароль для системного пользователя postgres
+PGPASSWORD="6v5sgf79Qq9mGEku"
+# Имя создаваемой базы данных в PostgreSQL
+PGDB="admin_eis_pg"
+# Имя пользователя для создаваемой базы данных в PostgreSQL
+PGDBUSER="admin_eis_pg"
+# Пароль пользователя для создаваемой базы данных в PostgreSQL
+PGDBUSERPASS="A3liDUC72XDzFGLZ"
+
+FOTOSVIDPASS="rDrh6inT2lYPhzjBEp!"
+
+# Проверка на запуск от имени root
+if [[ $EUID -ne 0 ]]; then
+   echo "Этот скрипт должен быть запущен с правами root (sudo)."
+   exit 1
+fi
+
+# Функция проверки результата
+check_result() {
+	if [ $1 -ne 0 ]; then
+		echo "Ошибка: $2"
+		exit $1
+	fi
+}
+
+# Функция генерации пароля
+gen_pass() {
+	matrix=$1
+	length=$2
+	if [ -z "$matrix" ]; then
+		matrix="A-Za-z0-9"
+	fi
+	if [ -z "$length" ]; then
+		length=20
+	fi
+	head /dev/urandom | tr -dc $matrix | head -c$length
+}
+
+# Функция отображает запрос и ждет ответа
+function confirm() {
+    while true; do
+        read -p "$1? (y/n) " yn
+        case $yn in
+            [Yy]* ) return 0;;
+            [Nn]* ) return 1;;
+        esac
+    done
+}
+
+# Проверка на то, что нет пользователя admin
+if [ -n "$(grep ^admin: /etc/passwd /etc/group)" ]; then
+	echo "Пожалуйста, удалите пользователя $USERNAME: userdel -r $USERNAME"
+	check_result 1 "Пользователь $USERNAME существует"
+fi
+
+install_user() {
+    /usr/sbin/useradd "$USERNAME" -s "/bin/bash" -c "$USERNAME_EMAIL" -m -d "/home/$USERNAME" -U
+    check_result $? "user creation failed" "$E_INVALID"
+    echo "$USERNAME:$USERNAME_PASS" | /usr/sbin/chpasswd
+    if [ $? -ne 0 ]; then
+        # Delete user on failure
+        /usr/sbin/deluser "$USERNAME" > /dev/null 2>&1
+        check_result 2 "Пароль не соответствует правилам парольной защиты"
+        exit 2
+    fi
+    chmod a+x /home/$USERNAME
+
+    usermod -aG wheel "$USERNAME"
+    usermod -aG users "$USERNAME"
+}
+
+# Функция для установки Angie (форк Nginx)
+install_angie() {
+    echo "[ * ] Установка Angie (форк Nginx)..."
+
+    # https://angie.software/angie/docs/installation/oss_packages/#angie-install-deb-oss
+    mkdir -p /etc/ssl/angie/
+    apt-get -qq install -y curl apt-https
+    curl -o /etc/apt/trusted.gpg.d/angie-signing.gpg https://angie.software/keys/angie-signing.gpg
+    echo "deb https://download.angie.software/angie/$(. /etc/os-release && echo "$ID/$VERSION_ID $VERSION_CODENAME") main" | sudo tee /etc/apt/sources.list.d/angie.list > /dev/null
+    apt-get update
+    apt-get install -y angie
+    # Создаём структуру для виртуальных хостов
+    mkdir -p /etc/angie/sites-available /etc/angie/sites-enabled 2>/dev/null || true
+
+    # Добавляем include в основной конфиг, если ещё нет
+    ANGIE_CONF_FILE="/etc/angie/angie.conf"
+    if ! grep -q "sites-enabled" "$ANGIE_CONF_FILE"; then
+        sed -i '/http {/a \    include /etc/angie/sites-enabled/*;' "$ANGIE_CONF_FILE"
+        echo "Добавлен include для sites-enabled в $ANGIE_CONF_FILE"
+    fi
+
+    sed -i -e "s/user  angie;/user $USERNAME;/g" "$ANGIE_CONF_FILE"
+
+    # Включаем и запускаем Angie
+    systemctl enable angie
+    systemctl start angie
+}
+
+# Создание сайта
+create_site() {
+    echo "[ * ] Создание сайта: $SITE_NAME"
+
+    # 1. Создаём директорию сайта
+    mkdir -p "$SITE_ROOT"
+    mkdir -p "$SITE_ROOT/web"
+    chown -R $USERNAME:$USERNAME "$SITE_ROOT"
+    chmod -R 755 "$SITE_ROOT"    
+
+    # 2. Создаём index.php
+    cat << 'EOF' > "$SITE_ROOT/web/index.php"
+<?php
+echo "<h1>Привет от Angie + PHP $FPM_V!</h1>";
+echo "<p>Сайт работает: <?php echo \$_SERVER['SERVER_NAME']; ?></p>";
+
+// Информация о PostgreSQL
+if (extension_loaded('pgsql')) {
+    echo "<p>✅ Расширение pgsql загружено.</p>";
+} else {
+    echo "<p>❌ Расширение pgsql НЕ загружено.</p>";
+}
+
+// Информация о подключении к MS SQL (через FreeTDS)
+if (function_exists('mssql_connect') || function_exists('sqlsrv_connect')) {
+    echo "<p>✅ Поддержка MSSQL (FreeTDS) доступна.</p>";
+} else {
+    echo "<p>❌ Поддержка MSSQL недоступна. Установите pdo_dblib или sqlsrv при необходимости.</p>";
+}
+
+phpinfo();
+?>
+EOF
+
+    # 3. Создаём конфиг Angie
+    cat << EOF > "$ANGIE_SITECONF"
+server {
+    charset utf-8;
+    client_max_body_size 128M;
+
+    listen 80; ## listen for ipv4
+    #listen [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+    server_name eis;
+    root        $SITE_ROOT/web;
+    index       index.php;
+
+    access_log /var/log/angie/$SITE_NAME-access.log;
+    error_log /var/log/angie/$SITE_NAME-error.log;
+
+    location / {
+        # Redirect everything that isn't a real file to index.php
+        try_files \$uri \$uri/ /index.php\$is_args\$args;
+    }
+
+    # uncomment to avoid processing of calls to non-existing static files by Yii
+    location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
+        try_files \$uri =404;
+    }
+    #error_page 404 /404.html;
+
+    # deny accessing php files for the /assets directory
+    location ~ ^/assets/.*\.php$ {
+        deny all;
+    }
+
+    location ~ \.php$ {
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
+        fastcgi_pass 127.0.0.1:9000;
+        #fastcgi_pass unix:/var/run/php5-fpm.sock;
+        try_files \$uri =404;
+    }
+
+    location ~* /\. {
+        deny all;
+    }
+}
+
+EOF
+
+    # 4. Включаем сайт
+    ln -sf "$ANGIE_SITECONF" "$ANGIE_ENABLED"
+
+    # 5. Перезагружаем Angie
+    systemctl reload angie
+}
+
+
+# Установка PostgreSQL
+install_postgresql() {
+    echo "[ * ] Установка PostgreSQL..."
+
+    apt-get -qq install -y postgresql16 postgresql16-server postgresql16-contrib
+	
+    rm -rf /var/lib/pgsql
+    mkdir -p /var/lib/pgsql
+    chown postgres:postgres /var/lib/pgsql
+    sudo -u postgres initdb -D /var/lib/pgsql/data
+
+    sudo -u postgres wget https://git.kosenka.ru/kosenka/AltLinuxWeb/raw/branch/master/pg_hba.conf -O /var/lib/pgsql/data/pg_hba.conf
+
+    # Включаем автозапуск 
+    systemctl enable postgresql
+    systemctl start postgresql
+    
+	sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$PGPASSWORD'" > /dev/null 2>&1
+    sudo -u postgres psql -c "CREATE DATABASE $PGDB ENCODING UTF8 TEMPLATE template0;" > /dev/null 2>&1
+    sudo -u postgres psql -c "CREATE USER $PGDBUSER WITH PASSWORD '$PGDBUSERPASS';" > /dev/null 2>&1
+    sudo -u postgres psql -c "ALTER DATABASE $PGDB OWNER TO $PGDBUSER;" > /dev/null 2>&1
+    sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $PGDB TO $PGDBUSER;" > /dev/null 2>&1
+    sudo -u postgres psql -c "GRANT CONNECT ON DATABASE template0 to $PGDBUSER;" > /dev/null 2>&1
+}
+
+# Установка fail2ban
+install_fail2ban() {
+    echo "[ * ] Установка fail2ban..."
+    apt-get -qq install -y fail2ban
+
+    # Создаем базовую конфигурацию
+    cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local 2>/dev/null || true
+    systemctl enable fail2ban
+    systemctl start fail2ban
+}
+
+# Установка PHP-FPM
+install_php_fpm() {
+    echo "[ * ] Установка PHP-FPM $FPM_V..."
+
+    apt-get -qq install -y lsb-release ca-certificates apt-https
+
+    apt-get -qq update
+    apt-get -qq install -y --fix-missing php$FPM_V-openssl php$FPM_V-fpm-fcgi php$FPM_V-xsl php$FPM_V-sockets php$FPM_V-pcntl
+    apt-get -qq install -y --fix-missing php$FPM_V-readline php$FPM_V-pdo php$FPM_V-pdo_pgsql php$FPM_V-pdo_odbc php$FPM_V-memcached php$FPM_V-smbclient 
+    apt-get -qq install -y --fix-missing php$FPM_V-imap php$FPM_V-imagick php$FPM_V-igbinary php$FPM_V-exif php$FPM_V-mbstring php$FPM_V-pgsql 
+    apt-get -qq install -y --fix-missing php$FPM_V-curl php$FPM_V-zip php$FPM_V-gd php$FPM_V-opcache php$FPM_V-intl php$FPM_V-xml php$FPM_V-xmlrpc 
+    apt-get -qq install -y --fix-missing php$FPM_V-ldap php$FPM_V-soap php$FPM_V-json php$FPM_V-xmlreader php$FPM_V-fileinfo php$FPM_V-sodium composer
+
+    sed -i -e "s/user = _php_fpm/user = $USERNAME/g" /etc/fpm$FPM_V/php-fpm.d/www.conf
+    sed -i -e "s/group = _webserver/group = $USERNAME/g" /etc/fpm$FPM_V/php-fpm.d/www.conf
+
+    sed -i -e 's/;listen = 127/listen = 127/g' /etc/fpm$FPM_V/php-fpm.d/www.conf
+    sed -i -e 's/listen=/;listen=/g' /etc/fpm$FPM_V/php-fpm.d/www.conf
+    sed -i -e 's/pm = dynamic/pm = ondemand/g' /etc/fpm$FPM_V/php-fpm.d/www.conf
+    sed -i -e 's/pm.max_children = 5/pm.max_children = 8/g' /etc/fpm$FPM_V/php-fpm.d/www.conf
+    sed -i -e 's/pm.max_requests = 500/pm.max_requests = 4000/g' /etc/fpm$FPM_V/php-fpm.d/www.conf
+    sed -i -e 's/;pm.process_idle_timeout/pm.process_idle_timeout/g' /etc/fpm$FPM_V/php-fpm.d/www.conf
+    sed -i -e 's/;pm.status_path/pm.status_path/g' /etc/fpm$FPM_V/php-fpm.d/www.conf
+    sed -i -e 's/;env/env/g' /etc/fpm$FPM_V/php-fpm.d/www.conf
+    
+    sed -i -e 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/$FPM_V/fpm-fcgi/php.ini
+    sed -i -e 's/session.save_handler = files/session.save_handler = files/g' /etc/php/$FPM_V/fpm-fcgi/php.ini
+    sed -i -e 's/;session.save_path = "\/tmp"/session.save_path = "\/tmp"/g' /etc/php/$FPM_V/fpm-fcgi/php.ini
+    sed -i -e 's/short_open_tag = On/short_open_tag = Off/g' /etc/php/$FPM_V/fpm-fcgi/php.ini
+    sed -i -e 's/post_max_size = 20M/post_max_size = 128M/g' /etc/php/$FPM_V/fpm-fcgi/php.ini
+    sed -i -e 's/upload_max_filesize = 20M/upload_max_filesize = 128M/g' /etc/php/$FPM_V/fpm-fcgi/php.ini
+    sed -i -e "s/;open_basedir =/open_basedir =\/mnt\/FOTOSVID:\/home\/$USERNAME\/$SITE_NAME:\/tmp:\/bin:\/usr\/bin:\/usr\/local\/bin:\/usr\/share:\/opt/g" /etc/php/$FPM_V/fpm-fcgi/php.ini
+    sed -i -e 's/disable_functions =/disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,system,passthru,shell_exec,popen/g' /etc/php/$FPM_V/fpm-fcgi/php.ini
+
+    sed -i -e 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/$FPM_V/cli/php.ini
+    sed -i -e 's/session.save_handler = files/session.save_handler = files/g' /etc/php/$FPM_V/cli/php.ini
+    sed -i -e 's/;session.save_path = "\/tmp"/session.save_path = "\/tmp"/g' /etc/php/$FPM_V/cli/php.ini
+    sed -i -e 's/short_open_tag = On/short_open_tag = Off/g' /etc/php/$FPM_V/cli/php.ini
+    sed -i -e 's/post_max_size = 20M/post_max_size = 128M/g' /etc/php/$FPM_V/cli/php.ini
+    sed -i -e 's/upload_max_filesize = 20M/upload_max_filesize = 128M/g' /etc/php/$FPM_V/cli/php.ini
+    sed -i -e "s/;open_basedir =/open_basedir =\/mnt\/FOTOSVID:\/home\/$USERNAME\/$SITE_NAME:\/home\/$USERNAME\/.config:\/home\/$USERNAME\/.cache:\/home\/$USERNAME\/.local:\/tmp:\/bin:\/usr\/bin:\/usr\/local\/bin:\/usr\/share:\/opt/g" /etc/php/$FPM_V/cli/php.ini
+    sed -i -e 's/disable_functions =/disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,system,passthru,shell_exec,popen/g' /etc/php/$FPM_V/cli/php.ini
+
+    # Включаем и запускаем PHP-FPM
+    systemctl enable php$FPM_V-fpm
+    systemctl start php$FPM_V-fpm
+}
+
+# Установка FreeTDS (для подключения к MS SQL)
+install_freetds() {
+    echo "[ * ] Установка FreeTDS..."
+    apt-get -qq install -y freetds-utils libfreetds libfreetds-unixodbc libfreetds-devel
+
+    # sed -i -e 's/tds version = auto/tds version = 7.3/g' /etc/freetds/freetds.conf
+
+    echo "[FreeTDS]
+Description=FreeTDS
+Driver=/usr/lib64/libtdsodbc.so
+Setup=/usr/lib64/libtdsodbc.so
+" >> /etc/odbcinst.ini
+
+odbcinst -i -d -f /etc/odbcinst.ini
+
+}
+
+# Основная логика установки
+main() {
+    echo "[ * ] Начинаем установку компонентов..."
+
+    # Обновление системы
+    apt-get -qq update
+    apt-get -qq dist-upgrade -y
+
+    # Установка утилит
+    apt-get -qq install -y memcached cifs-utils pwgen wget curl gnupg lsb-release pwgen LibreOffice-still git htop ca-certificates apt-utils aptitude squashfs-tools tzdata fdisk gdisk mc net-tools locales iproute2
+
+    control sudowheel enabled
+    
+    # Вызов функций установки
+    install_user
+    install_angie
+    create_site    
+    install_postgresql
+    install_fail2ban
+    #install_php_fpm
+    #install_freetds
+
+    systemctl enable memcached
+    systemctl start memcached
+
+    mkdir /mnt/FOTOSVID
+    echo "[Unit]
+Description=Mount SMB share
+After=network.target
+Wants=network.target
+
+[Service]
+Type=oneshot
+ExecStartPre=sleep 15
+ExecStart=/bin/mount -t cifs //10.77.1.250/FOTOSVID /mnt/FOTOSVID -o username=fotosvid,password=$FOTOSVIDPASS,rw,file_mode=0666,dir_mode=0777
+
+[Install]
+WantedBy=multi-user.target
+" > /etc/systemd/system/mnt-fotosvid.service
+    systemctl daemon-reload
+    systemctl enable mnt-fotosvid.service 
+    systemctl start mnt-fotosvid.service
+
+    echo "[ * ] Установка завершена!"
+    echo "Проверьте службы:"
+    echo "  systemctl status angie"
+    echo "  systemctl status postgresql"
+    echo "  systemctl status php$FPM_V-fpm"
+    echo "  systemctl status fail2ban"
+}
+
+# Запуск
+main