-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathinstall.sh
382 lines (321 loc) · 13.2 KB
/
install.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
#!/bin/bash
# only run as root
if [[ $EUID -gt 0 ]]; then
echo "Please run as root"
exit
fi
#######################################################################################
######### ########
######## PARSE PARAMS ##########
####### ###########
#######################################################################################
POSITIONAL_ARGS=()
while [[ $# -gt 0 ]]; do
case $1 in
-c|--cert-type)
CERT_TYPE="$2"
shift # past argument
shift # past value
;;
-d|--debug)
DEBUG="$2"
shift # past argument
shift # past value
;;
-*|--*)
echo "Unknown option $1"
exit 1
;;
*)
POSITIONAL_ARGS+=("$1") # save positional arg
shift # past argument
;;
esac
done
set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters
# script fails on error
set -e
if [ "$DEBUG" == "true" ]; then
set -x
fi
#######################################################################################
######### ########
######## SETUP FUNCTIONS ##########
####### ###########
#######################################################################################
declare process_echo_history
declare last_process_status
spinner() {
set +x
#spinner animation
local pid=$!
local delay=0.20
local spinstr='|/-\'
while [ "$(ps a | awk '{print $1}' | grep $pid)" ]; do
local temp=${spinstr#?}
printf " [%c] " "$spinstr"
local spinstr=$temp${spinstr%"$temp"}
sleep $delay
printf "\b\b\b\b\b\b"
done
wait $pid
last_process_status=$?
printf " \b\b\b\b"
if [[ $DEBUG == "true" ]]; then
set -x
fi
}
process_echo() {
if [[ $DEBUG == "true" ]]; then
echo "$@ "
spinner
else
local RED=$(tput setaf 1)
local GREEN=$(tput setaf 2)
local YELLOW=$(tput setaf 3)
local ENDCOLOR=$(tput sgr0)
local text="$1"
local text_color=${!2:-$(tput sgr0)}
local characters=${#text}
local start_col=$(($(tput cols) / 2 - $characters / 2))
local start_line=$(($(tput lines) / 2))
local spinner_col=$(($(tput cols) - 7))
tput civis
clear
echo -e "$process_echo_history"
tput cup $start_line $start_col
tput el
echo -en "${text_color}$text${ENDCOLOR}"
tput cup $start_line $spinner_col
spinner
p_status=$([ "$last_process_status" -eq 0 ] && echo "${GREEN}[DONE]${ENDCOLOR}" || echo "${RED}[FAIL]${ENDCOLOR}")
echo -e "${GREEN}${p_status}${ENDCOLOR}"
process_echo_history+="\n $text ${p_status}"
sleep 0.5
tput clear
echo -e "$process_echo_history $ENDCOLOR"
sleep 0.2
tput cvvis
tput cnorm
fi
}
# install dependencies function
dep_install() {
apt install -y software-properties-common
add-apt-repository ppa:deadsnakes/ppa
apt update -y
apt install -y dialog dropbear squid stunnel cmake make wget gcc build-essential nodejs acl unzip zip tmux socat python3.10 python3.10-venv vnstat
}
# function to enable and start vnstat service
vnstat_setup() {
systemctl enable --now vnstat.service
systemctl restart vnstat.service
}
# build and install function
build_install_badvpn() {
# add-apt-repository ppa:ambrop7/badvpn && apt-get update -y && apt-get install badvpn -y # todo: test this installation method
wget https://github.com/ambrop72/badvpn/archive/master.zip && unzip master.zip && rm master.zip
mkdir -p badvpn-master/build
cd badvpn-master/build
cmake .. -DBUILD_NOTHING_BY_DEFAULT=1 -DBUILD_UDPGW=1 && make install
}
# zerossl setup function
zerossl_setup() {
mkdir ../../certs
cd ../../certs
local certs_dir=${PWD}
TERMINAL=$(tty)
HEIGHT=15
WIDTH=40
CHOICE_HEIGHT=4
BACKTITLE="Coded by @BlurryFlurry & @noobconner21"
TITLE="Zerossl setup"
MENU="Choose one of the following methods for zerossl setup:"
OPTIONS=(1 "Manually upload zerossl zip file to $(pwd) directory"
2 "Provide a direct remote download link to fetch the zerossl certificate zip file"
3 "acme.sh easy automation")
CHOICE=$(dialog --clear --nocancel \
--backtitle "$BACKTITLE" \
--title "$TITLE" \
--menu "$MENU" \
$HEIGHT $WIDTH $CHOICE_HEIGHT \
"${OPTIONS[@]}" \
2>&1 >"$TERMINAL")
clear
case $CHOICE in
1)
echo "Manually upload zerossl zip file to $(pwd) directory"
# zerossl cert files steps for manually upload
clear
echo -e " Step 1: visit https://zerossl.com, \n Step 2: login, \n Step 3: verify domain and download certificate files, \n Step 4: upload the zip file to $(pwd)/ directory \n"
echo .
read -r -s -p $'Press ESCAPE to continue...\n' -d $'\e'
until [ "$(ls ./*.zip)" ]; do
read -r -s -p $'Certs directory is still empty, Please upload files and press ESCAPE to continue...\n' -d $'\e'
done
;;
2)
echo "Provide a direct remote download link to fetch the zerossl certificate zip file"
read -p "What's your zerossl zip file link? (Dropbox): " zerofileslink
until [ "$(curl -o /dev/null --silent --head --write-out '%{http_code}' "$zerofileslink" 2>/dev/null)" -eq 200 ]; do
read -p $'\e[31mPlease provide a valid download url to your zerossl zip file (Dropbox)\e[0m: ' zerofileslink
done
wget "$zerofileslink"
until [ "$(ls ./*.zip)" ]; do
read -r -s -p $'\e[31m Certs directory is still empty, Please upload files and press ESCAPE to continue...\e[0m \n' -d $'\e'
done
;;
3)
echo -e "acme.sh standalone webserver (Beta)\n\n"
read -p "Please provide a valid email address: " zerossl_email
read -p "Please provide the domain name: " zerossl_domain
systemctl stop nodews1 2>&1 >/dev/null
process_echo "Disabling nodews1 proxy script to clear the port 80 temporary"
# curl https://get.acme.sh | sh -s email="$zerossl_email" --issue -d "$zerossl_domain" --standalone --server letsencrypt --staging --test
# cat ~/.acme.sh/"$zerossl_domain"/"$zerossl_domain".key ~/.acme.sh/"$zerossl_domain"/"$zerossl_domain" ~/.acme.sh/"$zerossl_domain"/fullchain.cer >/etc/stunnel/stunnel.pem
curl https://get.acme.sh | sh -s email="$zerossl_email" >/dev/null 2>&1 &
process_echo "Installing acme.sh..."
bash ~/.acme.sh/acme.sh --register-account -m "$zerossl_email" >/dev/null 2>&1 &
process_echo "Registering zerossl account..."
# bash ~/.acme.sh/acme.sh --issue --standalone -d "$zerossl_domain" --force --staging --test >/dev/null 2>&1 &
if [[ $CERT_TYPE == "staging" ]]; then
bash ~/.acme.sh/acme.sh --issue --standalone -d "$zerossl_domain" --force --staging --test >/dev/null 2>&1 &
process_echo "Issuing staging certificates..."
else
bash ~/.acme.sh/acme.sh --issue --standalone -d "$zerossl_domain" --force >/dev/null 2>&1 &
process_echo "issuing standalone certificates..."
fi
bash ~/.acme.sh/acme.sh --installcert -d "$zerossl_domain" --fullchainpath "$certs_dir"/bundle.cer --keypath "$certs_dir"/private.key >/dev/null 2>&1 &
process_echo "Installing certificates..."
cat "$certs_dir"/private.key "$certs_dir"/bundle.cer >/etc/stunnel/stunnel.pem
chmod 400 /etc/stunnel/stunnel.pem
systemctl start nodews1 2>&1 >/dev/null
process_echo "Starting service nodews1 proxy script back online"
;;
esac
# unzip certs, create stunnel.pem, start stunnel service
if [ ! -f "/etc/stunnel/stunnel.pem" ]; then
unzip ./*.zip
cat private.key certificate.crt ca_bundle.crt >/etc/stunnel/stunnel.pem
chmod 400 >/etc/stunnel/stunnel.pem
fi
systemctl start stunnel4
systemctl enable stunnel4
}
telegram_bot_setup() {
read -p "Enter a username for the Telegram bot service (default is 'ptb'): " username
username=${username:-ptb} # use 'ptb' as default username if none was provided
useradd -m -s /bin/false "$username" # create a new Linux user with the specified username
cd /home/"$username"
git clone https://github.com/BlurryFlurry/tg-vps-manager.git bot >/dev/null 2>&1 &
process_echo "Cloning repository to /home/$username/bot ..." YELLOW
cd bot
/usr/bin/env python3.10 -m venv venv
source venv/bin/activate
pip3.10 install --upgrade pip >/dev/null 2>&1 &
process_echo "Upgrading pip3.10" YELLOW
pip3.10 install wheel >/dev/null 2>&1 &
process_echo "Installing wheel" YELLOW
pip3.10 install -r requirements.txt >/dev/null 2>&1 &
process_echo "Installing requirements..." YELLOW
deactivate
sudo chown -R "$username":"$username" /home/"$username"
systemctl link /home/"$username"/bot/[email protected]
echo "Use https://t.me/BotFather to create a new telegram bot for your vps manager"
echo "Copy the bot token and paste it here"
read -p "Telegram Bot token: " bot_token
echo "Use https://t.me/raw_data_bot to find your Telegram ID and paste it here"
echo "This telegram user ID will be the only user ID that have /grant command permission"
echo "(you can change these values by editing the env_vars file)"
read -p "Admin telegram ID: " admin_id
echo "grant_perm_id=$admin_id" >env_vars
echo "telegram_bot_token=$bot_token" >>env_vars
mkdir -p "$HOME"/.config
echo "$username" >"$HOME/.config/ptb-service-user"
systemctl daemon-reload # reload systemd configuration
curl -sSL https://raw.githubusercontent.com/BlurryFlurry/dig-my-tunnel/main/perm_fixer.sh | sh -s -- $username
systemctl start ptb@"$username".service && echo "Telegram bot service has started!"
systemctl enable ptb@"$username".service 2>&1
}
#######################################################################################
######### ########
######## INSTALL PROCESS ##########
####### ###########
#######################################################################################
ufw disable || echo "ufw is not found. Continuing.."
# install updates
apt update -qq -y >/dev/null 2>&1 &
process_echo "Updating packages..." YELLOW
apt upgrade -qq -y >/dev/null 2>&1 &
process_echo "Upgrading..." YELLOW
# install dependencies
dep_install >/dev/null 2>&1 &
process_echo "Installing dependencies..." YELLOW
# build and install badvpn
build_install_badvpn >/dev/null 2>&1 &
process_echo "Building and installing badvpn..." YELLOW
# dropbear config
sed -i 's/NO_START=1/NO_START=0/' /etc/default/dropbear
sed -i 's/DROPBEAR_PORT=22/DROPBEAR_PORT=40000/' /etc/default/dropbear
# set banner
read -p "Set custom banner?[Y/n]" -n 1 -r
if [[ $REPLY =~ ^[Yy]$ ]]; then
sed -i 's|DROPBEAR_BANNER=""|DROPBEAR_BANNER="/etc/dropbear/banner.dat"|' /etc/default/dropbear
clear
echo "Paste your banner and then type EOF (in uppercase) and hit ENTER"
while read line; do
[[ "$line" == "EOF" ]] && break
echo "$line" >>"/etc/dropbear/banner.dat"
done
fi
# systemd unit file node javascript proxy
wget -P /etc/systemd/system/ https://cdn.jsdelivr.net/gh/BlurryFlurry/dig-my-tunnel@main/nodews1.service >/dev/null 2>&1 &
process_echo "Downloading systemd unit file of nodejs proxy..." YELLOW
mkdir /etc/p7common
# proxy script
wget -P /etc/p7common https://gitlab.com/PANCHO7532/scripts-and-random-code/-/raw/master/nfree/proxy3.js >/dev/null 2>&1 &
process_echo "Downloading nodejs proxy script..." YELLOW
# enable startup and run service
systemctl enable --now nodews1.service >/dev/null 2>&1 &
process_echo "Enabling and starting the service..." YELLOW
# stunnel config listens on port 443
wget -P /etc/stunnel/ https://cdn.jsdelivr.net/gh/BlurryFlurry/dig-my-tunnel@main/stunnel.conf >/dev/null 2>&1 &
process_echo "Configuring stunnel..." YELLOW
zerossl_setup
# badvpn systemd service unit file, and start the service
wget -P /etc/systemd/system/ https://cdn.jsdelivr.net/gh/BlurryFlurry/dig-my-tunnel@main/badvpn.service >/dev/null 2>&1 &
process_echo "Downloading badvpn systemd service unit file..." YELLOW
systemctl enable --now badvpn >/dev/null 2>&1 &
process_echo "starting badvpn unit file..." YELLOW
vnstat_setup >/dev/null 2>&1 &
process_echo "Configuring vnstat..." YELLOW
echo "Configuring security settings.."
# pam service disable enforce_for_root option if exists
sed -i 's/enforce_for_root//' /etc/pam.d/common-password
# add fake shell paths to prevent interractive shell login
echo '/bin/false' >>/etc/shells
echo '/usr/sbin/nologin' >>/etc/shells
echo "Done."
sleep 1
clear
telegram_bot_setup
# create user
read -p "Create a user?[N/y]" -n 1 -r
if [[ $REPLY =~ ^[Yy]$ ]]; then
echo ""
read -p "Enter username (characters): " ssh_user
until [[ "$ssh_user" =~ ^[0-9a-zA-Z]{2,8}$ ]]; do
read -p $'\e[31mPlease enter a valid username\e[0m: ' ssh_user
done
useradd -M "$ssh_user" -s /bin/false && echo "$ssh_user user has successfully created."
set +e
until passwd $ssh_user; do
echo "Try again"
sleep 1
done
read -p "Max logins limit: " maxlogins
echo "$ssh_user hard maxlogins ${maxlogins}" >/etc/security/limits.d/"$ssh_user".conf
fi
echo "GET / HTTP/1.1[crlf]Host: [host][crlf]Connection: upgrade [crlf] Upgrade: websocket[crlf][crlf]"
read -rp "Press <Enter> to restart the server"
reboot