kosenka/ubuntu.22.04
1
0
Fork 0
Code Actions Wiki
ubuntu.22.04/2-install.sh

371 lines
15 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
# wget https://git.kosenka.ru/kosenka/ubuntu.22.04/raw/branch/master/2-install.sh -O 2-install.sh && bash 2-install.sh
# Устанавливаемая версия PHP
FPM_V="8.2"
# В системе будет создан пользователь: admin
USERNAME="admin"
# Email пользователя
USERNAME_EMAIL="eis-web@rfclass.ru"
# Пароль пользователя
USERNAME_PASS="nhb[jgjk#786"
# Имя сайта. Будет создана папка /home/$USERNAME/$SITE_NAME
SITE_NAME="eis"
# Путь до папки
SITE_ROOT="/home/$USERNAME/$SITE_NAME"
ANGIE_SITECONF="/etc/angie/sites-available/$SITE_NAME.conf"
ANGIE_ENABLED="/etc/angie/sites-enabled/$SITE_NAME"
# Пароль для системного пользователя postgres
PGPASSWORD="6v5sgf79Qq9mGEku"
# Имя создаваемой базы данных в PostgreSQL
PGDB="admin_eis_pg"
# Имя пользователя для создаваемой базы данных в PostgreSQL
PGDBUSER="admin_eis_pg"
# Пароль пользователя для создаваемой базы данных в PostgreSQL
PGDBUSERPASS="A3liDUC72XDzFGLZ"
FOTOSVIDPASS="rDrh6inT2lYPhzjBEp!"
# Проверка на запуск от имени root
if [[ $EUID -ne 0 ]]; then
echo "Этот скрипт должен быть запущен с правами root (sudo)."
exit 1
fi
# Функция проверки результата
check_result() {
if [ $1 -ne 0 ]; then
echo "Ошибка: $2"
exit $1
fi
}
# Функция генерации пароля
gen_pass() {
matrix=$1
length=$2
if [ -z "$matrix" ]; then
matrix="A-Za-z0-9"
fi
if [ -z "$length" ]; then
length=20
fi
head /dev/urandom | tr -dc $matrix | head -c$length
}
# Функция отображает запрос и ждет ответа
function confirm() {
while true; do
read -p "$1? (y/n) " yn
case $yn in
[Yy]* ) return 0;;
[Nn]* ) return 1;;
esac
done
}
# Проверка на то, что нет пользователя admin
if [ -n "$(grep ^admin: /etc/passwd /etc/group)" ]; then
echo "Пожалуйста, удалите пользователя $USERNAME: userdel -r $USERNAME"
check_result 1 "Пользователь $USERNAME существует"
fi
install_user() {
/usr/sbin/useradd "$USERNAME" -s "/bin/bash" -c "$USERNAME_EMAIL" -m -d "/home/$USERNAME" -U
check_result $? "user creation failed" "$E_INVALID"
echo "$USERNAME:$USERNAME_PASS" | /usr/sbin/chpasswd
if [ $? -ne 0 ]; then
# Delete user on failure
/usr/sbin/deluser "$USERNAME" > /dev/null 2>&1
check_result 2 "Пароль не соответствует правилам парольной защиты"
exit 2
fi
chmod a+x /home/$USERNAME
#usermod -aG wheel "$USERNAME"
usermod -aG users "$USERNAME"
}
# Функция для установки Angie (форк Nginx)
install_angie() {
echo "[ * ] Установка Angie (форк Nginx)..."
# https://angie.software/angie/docs/installation/oss_packages/#angie-install-deb-oss
mkdir -p /etc/ssl/angie/
apt-get -qq install -y curl apt-https
curl -o /etc/apt/trusted.gpg.d/angie-signing.gpg https://angie.software/keys/angie-signing.gpg
echo "deb https://download.angie.software/angie/$(. /etc/os-release && echo "$ID/$VERSION_ID $VERSION_CODENAME") main" | sudo tee /etc/apt/sources.list.d/angie.list > /dev/null
apt-get update
apt-get install -y angie
# Создаём структуру для виртуальных хостов
mkdir -p /etc/angie/sites-available /etc/angie/sites-enabled 2>/dev/null || true
# Добавляем include в основной конфиг, если ещё нет
ANGIE_CONF_FILE="/etc/angie/angie.conf"
if ! grep -q "sites-enabled" "$ANGIE_CONF_FILE"; then
sed -i '/http {/a \ include /etc/angie/sites-enabled/*;' "$ANGIE_CONF_FILE"
echo "Добавлен include для sites-enabled в $ANGIE_CONF_FILE"
fi
sed -i -e "s/user angie;/user $USERNAME;/g" "$ANGIE_CONF_FILE"
# Включаем и запускаем Angie
systemctl enable angie
systemctl start angie
}
# Создание сайта
create_site() {
echo "[ * ] Создание сайта: $SITE_NAME"
# 1. Создаём директорию сайта
mkdir -p "$SITE_ROOT"
mkdir -p "$SITE_ROOT/web"
chown -R $USERNAME:$USERNAME "$SITE_ROOT"
chmod -R 755 "$SITE_ROOT"
# 2. Создаём index.php
cat << 'EOF' > "$SITE_ROOT/web/index.php"
<?php
echo "<h1>Привет от Angie + PHP $FPM_V!</h1>";
echo "<p>Сайт работает: <?php echo \$_SERVER['SERVER_NAME']; ?></p>";
// Информация о PostgreSQL
if (extension_loaded('pgsql')) {
echo "<p>✅ Расширение pgsql загружено.</p>";
} else {
echo "<p>❌ Расширение pgsql НЕ загружено.</p>";
}
// Информация о подключении к MS SQL (через FreeTDS)
if (function_exists('mssql_connect') || function_exists('sqlsrv_connect')) {
echo "<p>✅ Поддержка MSSQL (FreeTDS) доступна.</p>";
} else {
echo "<p>❌ Поддержка MSSQL недоступна. Установите pdo_dblib или sqlsrv при необходимости.</p>";
}
phpinfo();
?>
EOF
# 3. Создаём конфиг Angie
cat << EOF > "$ANGIE_SITECONF"
server {
charset utf-8;
client_max_body_size 128M;
listen 80; ## listen for ipv4
#listen [::]:80 default_server ipv6only=on; ## listen for ipv6
server_name eis;
root $SITE_ROOT/web;
index index.php;
access_log /var/log/angie/$SITE_NAME-access.log;
error_log /var/log/angie/$SITE_NAME-error.log;
location / {
# Redirect everything that isn't a real file to index.php
try_files \$uri \$uri/ /index.php\$is_args\$args;
}
# uncomment to avoid processing of calls to non-existing static files by Yii
location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
try_files \$uri =404;
}
#error_page 404 /404.html;
# deny accessing php files for the /assets directory
location ~ ^/assets/.*\.php$ {
deny all;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
fastcgi_pass 127.0.0.1:9000;
#fastcgi_pass unix:/var/run/php5-fpm.sock;
try_files \$uri =404;
}
location ~* /\. {
deny all;
}
}
EOF
# 4. Включаем сайт
ln -sf "$ANGIE_SITECONF" "$ANGIE_ENABLED"
# 5. Перезагружаем Angie
systemctl reload angie
}
# Установка PostgreSQL
install_postgresql() {
echo "[ * ] Установка PostgreSQL 16..."
echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list
curl -fsSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/postgresql.gpg
apt-get update
apt-get -qq install -y postgresql-16 postgresql-contrib-16
#rm -rf /var/lib/pgsql
#mkdir -p /var/lib/pgsql
#chown postgres:postgres /var/lib/pgsql
#sudo -u postgres initdb -D /var/lib/pgsql/data
sudo -u postgres wget https://git.kosenka.ru/kosenka/AltLinuxWeb/raw/branch/master/pg_hba.conf -O /var/lib/postgresql/16/main/pg_hba.conf
# Включаем автозапуск
systemctl enable postgresql
systemctl start postgresql
sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$PGPASSWORD'" > /dev/null 2>&1
sudo -u postgres psql -c "CREATE DATABASE $PGDB ENCODING UTF8 TEMPLATE template0;" > /dev/null 2>&1
sudo -u postgres psql -c "CREATE USER $PGDBUSER WITH PASSWORD '$PGDBUSERPASS';" > /dev/null 2>&1
sudo -u postgres psql -c "ALTER DATABASE $PGDB OWNER TO $PGDBUSER;" > /dev/null 2>&1
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $PGDB TO $PGDBUSER;" > /dev/null 2>&1
sudo -u postgres psql -c "GRANT CONNECT ON DATABASE template0 to $PGDBUSER;" > /dev/null 2>&1
}
# Установка fail2ban
install_fail2ban() {
echo "[ * ] Установка fail2ban..."
apt-get -qq install -y fail2ban
# Создаем базовую конфигурацию
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local 2>/dev/null || true
systemctl enable fail2ban
systemctl start fail2ban
}
# Установка PHP-FPM
install_php_fpm() {
echo "[ * ] Установка PHP-FPM $FPM_V..."
apt-get -qq install -y lsb-release ca-certificates
add-apt-repository -y ppa:ondrej/php
apt-get -qq update
apt-get -qq install -y php$FPM_V-fpm php$FPM_V-cli php$FPM_V-common php$FPM_V-xsl php$FPM_V-sockets
apt-get -qq install -y php$FPM_V-readline php$FPM_V-pdo php$FPM_V-memcached php$FPM_V-smbclient
apt-get -qq install -y php$FPM_V-imap php$FPM_V-imagick php$FPM_V-igbinary php$FPM_V-exif php$FPM_V-mbstring php$FPM_V-pgsql
apt-get -qq install -y php$FPM_V-curl php$FPM_V-zip php$FPM_V-gd php$FPM_V-opcache php$FPM_V-intl php$FPM_V-xml php$FPM_V-xmlrpc
apt-get -qq install -y php$FPM_V-ldap php$FPM_V-soap php$FPM_V-json php$FPM_V-xmlreader php$FPM_V-fileinfo php$FPM_V-sodium composer
sed -i -e "s/user = _php_fpm/user = $USERNAME/g" /etc/fpm$FPM_V/php-fpm.d/www.conf
sed -i -e "s/group = _webserver/group = $USERNAME/g" /etc/fpm$FPM_V/php-fpm.d/www.conf
sed -i -e 's/;listen = 127/listen = 127/g' /etc/fpm$FPM_V/php-fpm.d/www.conf
sed -i -e 's/listen=/;listen=/g' /etc/fpm$FPM_V/php-fpm.d/www.conf
sed -i -e 's/pm = dynamic/pm = ondemand/g' /etc/fpm$FPM_V/php-fpm.d/www.conf
sed -i -e 's/pm.max_children = 5/pm.max_children = 8/g' /etc/fpm$FPM_V/php-fpm.d/www.conf
sed -i -e 's/pm.max_requests = 500/pm.max_requests = 4000/g' /etc/fpm$FPM_V/php-fpm.d/www.conf
sed -i -e 's/;pm.process_idle_timeout/pm.process_idle_timeout/g' /etc/fpm$FPM_V/php-fpm.d/www.conf
sed -i -e 's/;pm.status_path/pm.status_path/g' /etc/fpm$FPM_V/php-fpm.d/www.conf
sed -i -e 's/;env/env/g' /etc/fpm$FPM_V/php-fpm.d/www.conf
sed -i -e 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/$FPM_V/fpm-fcgi/php.ini
sed -i -e 's/session.save_handler = files/session.save_handler = files/g' /etc/php/$FPM_V/fpm-fcgi/php.ini
sed -i -e 's/;session.save_path = "\/tmp"/session.save_path = "\/tmp"/g' /etc/php/$FPM_V/fpm-fcgi/php.ini
sed -i -e 's/short_open_tag = On/short_open_tag = Off/g' /etc/php/$FPM_V/fpm-fcgi/php.ini
sed -i -e 's/post_max_size = 20M/post_max_size = 128M/g' /etc/php/$FPM_V/fpm-fcgi/php.ini
sed -i -e 's/upload_max_filesize = 20M/upload_max_filesize = 128M/g' /etc/php/$FPM_V/fpm-fcgi/php.ini
sed -i -e "s/;open_basedir =/open_basedir =\/mnt\/FOTOSVID:\/home\/$USERNAME\/$SITE_NAME:\/tmp:\/bin:\/usr\/bin:\/usr\/local\/bin:\/usr\/share:\/opt/g" /etc/php/$FPM_V/fpm-fcgi/php.ini
sed -i -e 's/disable_functions =/disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,system,passthru,shell_exec,popen/g' /etc/php/$FPM_V/fpm-fcgi/php.ini
sed -i -e 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/$FPM_V/cli/php.ini
sed -i -e 's/session.save_handler = files/session.save_handler = files/g' /etc/php/$FPM_V/cli/php.ini
sed -i -e 's/;session.save_path = "\/tmp"/session.save_path = "\/tmp"/g' /etc/php/$FPM_V/cli/php.ini
sed -i -e 's/short_open_tag = On/short_open_tag = Off/g' /etc/php/$FPM_V/cli/php.ini
sed -i -e 's/post_max_size = 20M/post_max_size = 128M/g' /etc/php/$FPM_V/cli/php.ini
sed -i -e 's/upload_max_filesize = 20M/upload_max_filesize = 128M/g' /etc/php/$FPM_V/cli/php.ini
sed -i -e "s/;open_basedir =/open_basedir =\/mnt\/FOTOSVID:\/home\/$USERNAME\/$SITE_NAME:\/home\/$USERNAME\/.config:\/home\/$USERNAME\/.cache:\/home\/$USERNAME\/.local:\/tmp:\/bin:\/usr\/bin:\/usr\/local\/bin:\/usr\/share:\/opt/g" /etc/php/$FPM_V/cli/php.ini
sed -i -e 's/disable_functions =/disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,system,passthru,shell_exec,popen/g' /etc/php/$FPM_V/cli/php.ini
# Включаем и запускаем PHP-FPM
systemctl enable php$FPM_V-fpm
systemctl start php$FPM_V-fpm
}
# Установка FreeTDS (для подключения к MS SQL)
install_freetds() {
echo "[ * ] Установка FreeTDS..."
apt-get -qq install -y freetds-dev freetds-bin freetds-common tdsodbc odbcinst
# sed -i -e 's/tds version = auto/tds version = 7.3/g' /etc/freetds/freetds.conf
echo "[FreeTDS]
Description=FreeTDS
Driver=/usr/lib64/libtdsodbc.so
Setup=/usr/lib64/libtdsodbc.so
" >> /etc/odbcinst.ini
odbcinst -i -d -f /etc/odbcinst.ini
}
# Основная логика установки
main() {
echo "[ * ] Начинаем установку компонентов..."
# Обновление системы
apt-get -qq update
apt-get -qq dist-upgrade -y
# Установка утилит
apt-get -qq install -y memcached cifs-utils pwgen wget curl gnupg lsb-release pwgen git htop ca-certificates
apt-get -qq install -y apt-utils aptitude squashfs-tools tzdata fdisk gdisk mc net-tools locales iproute2 smbclient
apt-get -qq install -y libreoffice-core --no-install-recommends libreoffice-writer default-jre libreoffice-java-common
apt-get -qq install -y gnupg2 apt-transport-https software-properties-common
control sudowheel enabled
# Вызов функций установки
install_user
install_angie
create_site
install_postgresql
install_fail2ban
install_php_fpm
#install_freetds
systemctl enable memcached
systemctl start memcached
mkdir /mnt/FOTOSVID
echo "[Unit]
Description=Mount SMB share
After=network.target
Wants=network.target
[Service]
Type=oneshot
ExecStartPre=sleep 15
ExecStart=/bin/mount -t cifs //10.77.1.250/FOTOSVID /mnt/FOTOSVID -o username=fotosvid,password=$FOTOSVIDPASS,rw,file_mode=0666,dir_mode=0777
[Install]
WantedBy=multi-user.target
" > /etc/systemd/system/mnt-fotosvid.service
systemctl daemon-reload
systemctl enable mnt-fotosvid.service
systemctl start mnt-fotosvid.service
echo "[ * ] Установка завершена!"
echo "Проверьте службы:"
echo " systemctl status angie"
echo " systemctl status postgresql"
echo " systemctl status php$FPM_V-fpm"
echo " systemctl status fail2ban"
}
# Запуск
main
View Git Blame Copy Permalink