diff --git a/README.md b/README.md index ef9dff4c..08938862 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,42 @@ # yiimp Install script for yiimp on Ubuntu 16.04 -This script will install yimmp on your Ubuntu 16.04 system. -Before running this script make sure you are on a fresh server and running as a user. Do not run this script under root! +While I did add some server security to the script, it is every server owners responsibility to fully secure their own servers. After the installation you will still need to customize your serverconfig.php file to your liking, add your API keys, and build/add your coins to the control panel. + +There will be several wallets already in yiimp. These have nothing to do with the installation script and are from the database import from the yiimp github. + +If you need further assistance we have a small but growing discord channel at https://discord.gg/uQ5wdTC + +*****Do not run the script as root***** + +This script has an interactive beginning and will ask for the following information: + +Your time zone +Server Name +Support Email Address +Server Admin Email Address +If you would like fail2ban installed +If you would like to have SSL (LetsEncrypt) installed - Your domain must be pointed to your server prior to running the script or SSL will fail to install. +New custom location for yiimp admin login. + +Once those questions are answered the script will then be fully automated for the rest of the install. + +1. Update and Upgrade Ubuntu Packages +2. Install Aptitude +3. Install and configure Nginx +4. Install MariaDB with random root password +5. Install php7 +6. Install various dev packages required for building blocknotify and stratum +7. Install SendMail +8. Install Fail2Ban if selected +9. Install and configur phpmyadmin with random password for phpmyadmin user +10. Clone yiimp build packages, create directory structure, set file permissions, and more +11. Update server clock +12. Install LetsEncrypt if selected +13. Create yiimp database, create 2 users with random passwords - passwords saved in ~/.my.cnf +14. Import the sql dumps from yiimp +15. Create base yiimp serverconfig.php file to get you going +16. Updates all directory permissions This install script will get you 95% ready to go with yiimp. There are a few things you need to do after the main install is finished. @@ -12,15 +46,19 @@ You must update the following files: 2. /etc/yiimp/keys.php - update with secrect keys from the exchanges. After you add the missing information to those files then run: -./main.sh -./loop2.sh -./block.sh +bash main.sh +bash loop2.sh +bash block.sh + +To download and run + +curl -Lo install.sh https://raw.githubusercontent.com/crombiecrunch/yiimp_install_scrypt/master/install.sh -curl -Lo install.sh https://raw.githubusercontent.com/crombiecrunch/yiimp/master/install.sh bash install.sh -You will be prompted for email, FDQN, and time zone. You onkly get one shot to enter this information correctly! -If this helped you or you feel giving please donate BTC Donation: 1AxK9a7dgeHvf3VFuwZ2adGiQTX6S1nhrp +If this helped you or you feel giving please donate BTC Donation: 16xpWzWP2ZaBQWQCDAaseMZBFwnwRUL4bD + +Feel free to join our Discord channel at https://discord.gg/zdBbAQ Crombie Crunch diff --git a/install.sh b/install.sh index 326f7bc6..0e658017 100644 --- a/install.sh +++ b/install.sh @@ -1,12 +1,12 @@ #!/bin/bash ################################################################################ -# Author: crombiecrunch -# -# Web: www.thecryptopool.com +# Original Author: crombiecrunch +# Current Author: manfromafar +# Web: yiimp.poolofd32th.club # # Program: # Install yiimp on Ubuntu 16.04 running Nginx, MariaDB, and php7.x -# BTC Donation: 1AxK9a7dgeHvf3VFuwZ2adGiQTX6S1nhrp +# BTC Donation: 18AwGT19befE4Z3siEiAzsF8n9MoJEifiH # ################################################################################ output() { @@ -22,17 +22,24 @@ displayErr() { exit 1; } clear - read -p "Enter admin email (e.g. admin@example.com) : " EMAIL - read -p "Enter servername (e.g. portal.example.com) : " SERVNAME - read -p "Enter time zone (e.g. America/New_York) : " TIME +output "Make sure you double check before hitting enter! Only one shot at these!" +output "" + read -e -p "Enter time zone (e.g. America/New_York) : " TIME +# read -e -p "Server name (no http:// or www. just example.com) : " server_name + read -e -p "Are you using a subdomain (pool.example.com?) [y/N] : " sub_domain + read -e -p "Enter support email (e.g. admin@example.com) : " EMAIL + read -e -p "Set stratum to AutoExchange? i.e. mine any coinf with BTC address? [y/N] : " BTC + read -e -p "Please enter a new location for /site/adminRights this is to customize the admin entrance url (e.g. myAdminpanel) : " admin_panel + read -e -p "Enter your Public IP for admin access (http://www.whatsmyip.org/) : " Public + read -e -p "Install Fail2ban? [Y/n] : " install_fail2ban + read -e -p "Install UFW and configure ports? [Y/n] : " UFW + read -e -p "Install LetsEncrypt SSL? IMPORTANT! You MUST have your domain name pointed to this server prior to running the script!! [Y/n]: " ssl_install - output "If you found this helpful, please donate to BTC Donation: 1AxK9a7dgeHvf3VFuwZ2adGiQTX6S1nhrp" + clear + output "If you found this helpful, please donate to BTC Donation: 18AwGT19befE4Z3siEiAzsF8n9MoJEifiH" + output "" output "Updating system and installing required packages." - - #Disable AppArmor - sudo service apparmor stop - sudo update-rc.d -f apparmor remove - sudo apt-get -y remove apparmor apparmor-utils + output "" # update package and upgrade Ubuntu sudo apt-get -y update @@ -40,20 +47,35 @@ clear sudo apt-get -y autoremove clear output "Switching to Aptitude" + output "" sudo apt-get -y install aptitude output "Installing Nginx server." + output "" sudo aptitude -y install nginx + sudo rm /etc/nginx/sites-enabled/default sudo service nginx start sudo service cron start - + #Making Nginx a bit hard + echo 'map $http_user_agent $blockedagent { +default 0; +~*malicious 1; +~*bot 1; +~*backdoor 1; +~*crawler 1; +~*bandit 1; +} +' | sudo -E tee /etc/nginx/blockuseragents.rules >/dev/null 2>&1 + output "Installing Mariadb Server." + output "" # create random password rootpasswd=$(openssl rand -base64 12) export DEBIAN_FRONTEND="noninteractive" sudo aptitude -y install mariadb-server output "Installing php7.x and other needed files" + output "" sudo aptitude -y install php7.0-fpm sudo aptitude -y install php7.0-opcache php7.0-fpm php7.0 php7.0-common php7.0-gd php7.0-mysql php7.0-imap php7.0-cli php7.0-cgi php-pear php-auth php7.0-mcrypt mcrypt imagemagick libruby php7.0-curl php7.0-intl php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy php7.0-xmlrpc php7.0-xsl memcached php-memcache php-imagick php-gettext php7.0-zip php7.0-mbstring sudo phpenmod mcrypt @@ -68,25 +90,132 @@ clear sudo aptitude -y install librtmp-dev sudo aptitude -y install build-essential libtool autotools-dev automake pkg-config libssl-dev libevent-dev bsdmainutils sudo aptitude -y install sendmail + sudo aptitude -y install git + sudo aptitude -y install pwgen -y + clear + + #Generating Random Passwords + password=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` + password2=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` + AUTOGENERATED_PASS=`pwgen -c -1 20` + output "Testing to see if server emails are sent" + output "" + if [[ "$root_email" != "" ]]; then + echo $root_email > sudo tee --append ~/.email + echo $root_email > sudo tee --append ~/.forward + + if [[ ("$send_email" == "y" || "$send_email" == "Y" || "$send_email" == "") ]]; then + echo "This is a mail test for the SMTP Service." > sudo tee --append /tmp/email.message + echo "You should receive this !" >> sudo tee --append /tmp/email.message + echo "" >> sudo tee --append /tmp/email.message + echo "Cheers" >> sudo tee --append /tmp/email.message + sudo sendmail -s "SMTP Testing" $root_email < sudo tee --append /tmp/email.message + + sudo rm -f /tmp/email.message + echo "Mail sent" + fi + fi + + output "Some optional installs" + if [[ ("$install_fail2ban" == "y" || "$install_fail2ban" == "Y" || "$install_fail2ban" == "") ]]; then + sudo aptitude -y install fail2ban + fi + if [[ ("$UFW" == "y" || "$UFW" == "Y" || "$UFW" == "") ]]; then + sudo apt-get install ufw + sudo ufw default deny incoming + sudo ufw default allow outgoing + sudo ufw allow ssh + sudo ufw allow http + sudo ufw allow https + sudo ufw allow 2142/tcp + sudo ufw allow 3739/tcp + sudo ufw allow 3525/tcp + sudo ufw allow 4233/tcp + sudo ufw allow 3747/tcp + sudo ufw allow 5033/tcp + sudo ufw allow 4262/tcp + sudo ufw allow 3737/tcp + sudo ufw allow 3556/tcp + sudo ufw allow 3553/tcp + sudo ufw allow 4633/tcp + sudo ufw allow 8433/tcp + sudo ufw allow 3555/tcp + sudo ufw allow 3833/tcp + sudo ufw allow 4533/tcp + sudo ufw allow 4133/tcp + sudo ufw allow 5339/tcp + sudo ufw allow 8533/tcp + sudo ufw allow 3334/tcp + sudo ufw allow 4933/tcp + sudo ufw allow 3333/tcp + sudo ufw allow 6033/tcp + sudo ufw allow 5766/tcp + sudo ufw allow 3533/tcp + sudo ufw allow 4033/tcp + sudo ufw allow 3433/tcp + sudo ufw allow 3633/tcp + sudo ufw --force enable + fi + clear + output "Installing phpmyadmin" + output "" + echo "phpmyadmin phpmyadmin/reconfigure-webserver multiselect" | sudo debconf-set-selections + echo "phpmyadmin phpmyadmin/dbconfig-install boolean true" | sudo debconf-set-selections + echo "phpmyadmin phpmyadmin/mysql/admin-user string root" | sudo debconf-set-selections + echo "phpmyadmin phpmyadmin/mysql/admin-pass password $rootpasswd" | sudo debconf-set-selections + echo "phpmyadmin phpmyadmin/mysql/app-pass password $AUTOGENERATED_PASS" | sudo debconf-set-selections + echo "phpmyadmin phpmyadmin/app-password-confirm password $AUTOGENERATED_PASS" | sudo debconf-set-selections + sudo aptitude -y install phpmyadmin + + output " Installing yiimp" + output "" output "Grabbing yiimp fron Github, building files and setting file structure." + output "" + #Generating Random Password for stratum + blckntifypass=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` cd ~ git clone https://github.com/tpruvot/yiimp.git - cd yiimp - cd blocknotify + cd $HOME/yiimp/blocknotify + sudo sed -i 's/tu8tu5/'$blckntifypass'/' blocknotify.cpp + sudo make + cd $HOME/yiimp/stratum/iniparser sudo make - cd ~/yiimp/stratum/iniparser + cd $HOME/yiimp/stratum + if [[ ("$BTC" == "y" || "$BTC" == "Y") ]]; then + sudo sed -i 's/CFLAGS += -DNO_EXCHANGE/#CFLAGS += -DNO_EXCHANGE/' $HOME/yiimp/stratum/Makefile sudo make - cd .. + fi sudo make - cd .. - sudo cp -r web /var/ - sudo cp -r stratum /var/stratum - sudo cp -a bin/. /bin/ - sudo cp -r blocknotify/blocknotify /var/stratum - sudo mkdir /etc/yiimp - sudo cp /etc/stratum/config /etc/stratum/config.old - sudo cp /etc/stratum.config.sample /etc/stratum/config + cd $HOME/yiimp + sudo sed -i 's/AdminRights/'$admin_panel'/' $HOME/yiimp/web/yaamp/modules/site/SiteController.php + sudo cp -r $HOME/yiimp/web /var/ + sudo mkdir -p /var/stratum + cd $HOME/yiimp/stratum + sudo cp -a config.sample/. /var/stratum/config +sudo cp -r stratum /var/stratum +sudo cp -r run.sh /var/stratum +cd $HOME/yiimp +sudo cp -r $HOME/yiimp/bin/. /bin/ +sudo cp -r $HOME/yiimp/blocknotify/blocknotify /usr/local/bin/ +sudo mkdir -p /etc/yiimp +sudo mkdir -p /$HOME/backup/ +#fixing yiimp + sed -i "s|ROOTDIR=/data/yiimp|ROOTDIR=/var|g" /bin/yiimp + #fixing run.sh + sudo rm -r /var/stratum/config/run.sh +echo ' +#!/bin/bash +ulimit -n 10240 +ulimit -u 10240 +cd /var/stratum +while true; do + ./stratum /var/stratum/config/$1 + sleep 2 +done +exec bash +' | sudo -E tee /var/stratum/config/run.sh >/dev/null 2>&1 +sudo chmod +x /var/stratum/config/run.sh output "Update default timezone." output "Thanks for using this installation script. Donations welcome" # check if link file @@ -99,19 +228,22 @@ clear clear output "Making Web Server Magic Happen!" # adding user to group, creating dir structure, setting permissions - whoami=`whoami` - sudo mkdir -p /var/www/$SERVNAME/html - sudo chown -R $whoami:$whoami /var/www/$SERVNAME/html - sudo chmod -R 775 /var/www/$SERVNAME/html - + sudo mkdir -p /var/www/$server_name/html output "Creating webserver initial config file" -echo ' - server { + output "" + if [[ ("$sub_domain" == "y" || "$sub_domain" == "Y") ]]; then +echo 'include /etc/nginx/blockuseragents.rules; + server { + if ($blockedagent) { + return 403; + } + if ($request_method !~ ^(GET|HEAD|POST)$) { + return 444; + } listen 80; listen [::]:80; - server_name '"${SERVNAME}"'; - - root "/var/www/'"${SERVNAME}"'/html/web"; + server_name '"${server_name}"'; + root "/var/www/'"${server_name}"'/html/web"; index index.html index.htm index.php; charset utf-8; @@ -126,15 +258,16 @@ echo ' location = /robots.txt { access_log off; log_not_found off; } access_log off; - error_log /var/log/nginx/'"${SERVNAME}"'.app-error.log error; + error_log /var/log/nginx/'"${server_name}"'.app-error.log error; # allow larger file uploads and longer script runtimes - client_max_body_size 100m; - client_body_timeout 120s; - + client_body_buffer_size 50k; + client_header_buffer_size 50k; + client_max_body_size 50k; + large_client_header_buffers 2 50k; sendfile off; - location ~ \.php$ { + location ~ ^/index\.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; fastcgi_index index.php; @@ -146,55 +279,89 @@ echo ' fastcgi_connect_timeout 300; fastcgi_send_timeout 300; fastcgi_read_timeout 300; + try_files $uri $uri/ =404; } - - location ~ /\.ht { - deny all; + location ~ \.php$ { + return 404; + } + location ~ \.sh { + return 404; } - location ~ /.well-known { - allow all; + location ~ /\.ht { + deny all; } - } -' | sudo -E tee /etc/nginx/sites-available/$SERVNAME.conf >/dev/null 2>&1 + location ~ /.well-known { + allow all; + } + location /phpmyadmin { + root /usr/share/; + index index.php; + try_files $uri $uri/ =404; + location ~ ^/phpmyadmin/(doc|sql|setup)/ { + deny all; + } + location ~ /phpmyadmin/(.+\.php)$ { + fastcgi_pass unix:/run/php/php7.0-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + include snippets/fastcgi-php.conf; + } + } + } +' | sudo -E tee /etc/nginx/sites-available/$server_name.conf >/dev/null 2>&1 -sudo ln -s /etc/nginx/sites-available/$SERVNAME.conf /etc/nginx/sites-enabled/$SERVNAME.conf -sudo ln -s /var/web /var/www/$SERVNAME/html +sudo ln -s /etc/nginx/sites-available/$server_name.conf /etc/nginx/sites-enabled/$server_name.conf +sudo ln -s /var/web /var/www/$server_name/html sudo service nginx restart + if [[ ("$ssl_install" == "y" || "$ssl_install" == "Y" || "$ssl_install" == "") ]]; then output "Install LetsEncrypt and setting SSL" sudo aptitude -y install letsencrypt - sudo letsencrypt certonly -a webroot --webroot-path=/var/web --email "$EMAIL" --agree-tos -d "$SERVNAME" - sudo rm /etc/nginx/sites-available/$SERVNAME.conf + sudo letsencrypt certonly -a webroot --webroot-path=/var/web --email "$EMAIL" --agree-tos -d "$server_name" + sudo rm /etc/nginx/sites-available/$server_name.conf sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 # I am SSL Man! - echo ' - server { +echo 'include /etc/nginx/blockuseragents.rules; + server { + if ($blockedagent) { + return 403; + } + if ($request_method !~ ^(GET|HEAD|POST)$) { + return 444; + } listen 80; listen [::]:80; - server_name '"${SERVNAME}"'; + server_name '"${server_name}"'; # enforce https return 301 https://$server_name$request_uri; } server { + if ($blockedagent) { + return 403; + } + if ($request_method !~ ^(GET|HEAD|POST)$) { + return 444; + } listen 443 ssl http2; listen [::]:443 ssl http2; - server_name '"${SERVNAME}"'; + server_name '"${server_name}"'; - root /var/www/'"${SERVNAME}"'/html/web; + root /var/www/'"${server_name}"'/html/web; index index.php; - access_log /var/log/nginx/'"${SERVNAME}"'.app-accress.log; - error_log /var/log/nginx/'"${SERVNAME}"'.app-error.log error; + access_log /var/log/nginx/'"${server_name}"'.app-accress.log; + error_log /var/log/nginx/'"${server_name}"'.app-error.log error; # allow larger file uploads and longer script runtimes - client_max_body_size 100m; - client_body_timeout 120s; - - sendfile off; + client_body_buffer_size 50k; + client_header_buffer_size 50k; + client_max_body_size 50k; + large_client_header_buffers 2 50k; + sendfile off; # strengthen ssl security - ssl_certificate /etc/letsencrypt/live/'"${SERVNAME}"'/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/'"${SERVNAME}"'/privkey.pem; + ssl_certificate /etc/letsencrypt/live/'"${server_name}"'/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/'"${server_name}"'/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; @@ -216,7 +383,7 @@ sudo service nginx restart } - location ~ \.php$ { + location ~ ^/index\.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; fastcgi_index index.php; @@ -229,33 +396,252 @@ sudo service nginx restart fastcgi_send_timeout 300; fastcgi_read_timeout 300; include /etc/nginx/fastcgi_params; - } + try_files $uri $uri/ =404; + } + location ~ \.php$ { + return 404; + } + location ~ \.sh { + return 404; + } location ~ /\.ht { deny all; } + location /phpmyadmin { + root /usr/share/; + index index.php; + try_files $uri $uri/ =404; + location ~ ^/phpmyadmin/(doc|sql|setup)/ { + deny all; + } + location ~ /phpmyadmin/(.+\.php)$ { + fastcgi_pass unix:/run/php/php7.0-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + include snippets/fastcgi-php.conf; + } + } + } + +' | sudo -E tee /etc/nginx/sites-available/$server_name.conf >/dev/null 2>&1 + fi +sudo service nginx restart +sudo service php7.0-fpm reload +else +echo 'include /etc/nginx/blockuseragents.rules; + server { + if ($blockedagent) { + return 403; + } + if ($request_method !~ ^(GET|HEAD|POST)$) { + return 444; + } + listen 80; + listen [::]:80; + server_name '"${server_name}"' www.'"${server_name}"'; + root "/var/www/'"${server_name}"'/html/web"; + index index.html index.htm index.php; + charset utf-8; + + location / { + try_files $uri $uri/ /index.php?$args; + } + location @rewrite { + rewrite ^/(.*)$ /index.php?r=$1; + } + + location = /favicon.ico { access_log off; log_not_found off; } + location = /robots.txt { access_log off; log_not_found off; } + + access_log off; + error_log /var/log/nginx/'"${server_name}"'.app-error.log error; + + # allow larger file uploads and longer script runtimes + client_body_buffer_size 50k; + client_header_buffer_size 50k; + client_max_body_size 50k; + large_client_header_buffers 2 50k; + sendfile off; + + location ~ ^/index\.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_intercept_errors off; + fastcgi_buffer_size 16k; + fastcgi_buffers 4 16k; + fastcgi_connect_timeout 300; + fastcgi_send_timeout 300; + fastcgi_read_timeout 300; + try_files $uri $uri/ =404; + } + location ~ \.php$ { + return 404; + } + location ~ \.sh { + return 404; + } + location ~ /\.ht { + deny all; } + location ~ /.well-known { + allow all; + } + location /phpmyadmin { + root /usr/share/; + index index.php; + try_files $uri $uri/ =404; + location ~ ^/phpmyadmin/(doc|sql|setup)/ { + deny all; + } + location ~ /phpmyadmin/(.+\.php)$ { + fastcgi_pass unix:/run/php/php7.0-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + include snippets/fastcgi-php.conf; + } + } + } +' | sudo -E tee /etc/nginx/sites-available/$server_name.conf >/dev/null 2>&1 + +sudo ln -s /etc/nginx/sites-available/$server_name.conf /etc/nginx/sites-enabled/$server_name.conf +sudo ln -s /var/web /var/www/$server_name/html +sudo service nginx restart + if [[ ("$ssl_install" == "y" || "$ssl_install" == "Y" || "$ssl_install" == "") ]]; then + output "Install LetsEncrypt and setting SSL" + sudo aptitude -y install letsencrypt + sudo letsencrypt certonly -a webroot --webroot-path=/var/web --email "$EMAIL" --agree-tos -d "$server_name" -d www."$server_name" + sudo rm /etc/nginx/sites-available/$server_name.conf + sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 + # I am SSL Man! +echo 'include /etc/nginx/blockuseragents.rules; + server { + if ($blockedagent) { + return 403; + } + if ($request_method !~ ^(GET|HEAD|POST)$) { + return 444; + } + listen 80; + listen [::]:80; + server_name '"${server_name}"'; + # enforce https + return 301 https://$server_name$request_uri; + } + + server { + if ($blockedagent) { + return 403; + } + if ($request_method !~ ^(GET|HEAD|POST)$) { + return 444; + } + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name '"${server_name}"' www.'"${server_name}"'; + + root /var/www/'"${server_name}"'/html/web; + index index.php; + + access_log /var/log/nginx/'"${server_name}"'.app-accress.log; + error_log /var/log/nginx/'"${server_name}"'.app-error.log error; + + # allow larger file uploads and longer script runtimes + client_body_buffer_size 50k; + client_header_buffer_size 50k; + client_max_body_size 50k; + large_client_header_buffers 2 50k; + sendfile off; + + # strengthen ssl security + ssl_certificate /etc/letsencrypt/live/'"${server_name}"'/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/'"${server_name}"'/privkey.pem; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + + # Add headers to serve security related headers + add_header Strict-Transport-Security "max-age=15768000; preload;"; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header Content-Security-Policy "frame-ancestors 'self'"; + + location / { + try_files $uri $uri/ /index.php?$args; + } + location @rewrite { + rewrite ^/(.*)$ /index.php?r=$1; + } + -' | sudo -E tee /etc/nginx/sites-available/thecryptopool.com.conf >/dev/null 2>&1 + location ~ ^/index\.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_intercept_errors off; + fastcgi_buffer_size 16k; + fastcgi_buffers 4 16k; + fastcgi_connect_timeout 300; + fastcgi_send_timeout 300; + fastcgi_read_timeout 300; + include /etc/nginx/fastcgi_params; + try_files $uri $uri/ =404; + } + location ~ \.php$ { + return 404; + } + location ~ \.sh { + return 404; + } + + location ~ /\.ht { + deny all; + } + location /phpmyadmin { + root /usr/share/; + index index.php; + try_files $uri $uri/ =404; + location ~ ^/phpmyadmin/(doc|sql|setup)/ { + deny all; + } + location ~ /phpmyadmin/(.+\.php)$ { + fastcgi_pass unix:/run/php/php7.0-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + include snippets/fastcgi-php.conf; + } + } + } + +' | sudo -E tee /etc/nginx/sites-available/$server_name.conf >/dev/null 2>&1 + fi sudo service nginx restart sudo service php7.0-fpm reload +fi clear output "Now for the database fun!" # create database - password=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` Q1="CREATE DATABASE IF NOT EXISTS yiimpfrontend;" Q2="GRANT ALL ON *.* TO 'panel'@'localhost' IDENTIFIED BY '$password';" Q3="FLUSH PRIVILEGES;" SQL="${Q1}${Q2}${Q3}" - sudo mysql -u root -p="" -e "$SQL" # create stratum user - password2=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` Q1="GRANT ALL ON *.* TO 'stratum'@'localhost' IDENTIFIED BY '$password2';" Q2="FLUSH PRIVILEGES;" SQL="${Q1}${Q2}" - sudo mysql -u root -p="" -e "$SQL" + + #Create my.cnf + echo ' [clienthost1] user=panel @@ -273,13 +659,12 @@ password='"${rootpasswd}"' ' | sudo -E tee ~/.my.cnf >/dev/null 2>&1 sudo chmod 0600 ~/.my.cnf +#Create keys file echo ' '"'"'); define('"'"'EXCH_BITSTAMP_SECRET'"'"','"'"''"'"'); @@ -299,23 +684,17 @@ define('"'"'EXCH_YOBIT_SECRET'"'"', '"'"''"'"'); output "Database 'yiimpfrontend' and users 'panel' and 'stratum' created with password $password and $password2, will be saved for you" - output "BTC Donation: 1AxK9a7dgeHvf3VFuwZ2adGiQTX6S1nhrp" - wait 35 + output "" + output "BTC Donation: 1KuE2LMZMPXJ4gsVniWLuyyPsqqZs5Av4y" + output "" output "Peforming the SQL import" + output "" cd ~ cd yiimp/sql # import sql dump sudo zcat 2016-04-03-yaamp.sql.gz | sudo mysql --defaults-group-suffix=host1 # oh the humanity! - sudo mysql --defaults-group-suffix=host1 --force < 2015-07-01-accounts_hostaddr.sql - sudo mysql --defaults-group-suffix=host1 --force < 2015-07-15-coins_hasmasternodes.sql - sudo mysql --defaults-group-suffix=host1 --force < 2015-09-20-blocks_worker.sql - sudo mysql --defaults-group-suffix=host1 --force < 2016-02-17-payouts_errmsg.sql - sudo mysql --defaults-group-suffix=host1 --force < 2016-02-23-shares_diff.sql - sudo mysql --defaults-group-suffix=host1 --force < 2016-03-26-markets.sql - sudo mysql --defaults-group-suffix=host1 --force < 2016-03-30-coins.sql - sudo mysql --defaults-group-suffix=host1 --force < 2016-04-03-accounts.sql sudo mysql --defaults-group-suffix=host1 --force < 2016-04-24-market_history.sql sudo mysql --defaults-group-suffix=host1 --force < 2016-04-27-settings.sql sudo mysql --defaults-group-suffix=host1 --force < 2016-05-11-coins.sql @@ -328,53 +707,50 @@ define('"'"'EXCH_YOBIT_SECRET'"'"', '"'"''"'"'); sudo mysql --defaults-group-suffix=host1 --force < 2017-03-31-earnings_index.sql sudo mysql --defaults-group-suffix=host1 --force < 2017-05-accounts_case_swaptime.sql sudo mysql --defaults-group-suffix=host1 --force < 2017-06-payouts_coinid_memo.sql + sudo mysql --defaults-group-suffix=host1 --force < 2017-09-notifications.sql + sudo mysql --defaults-group-suffix=host1 --force < 2017-10-bookmarks.sql + sudo mysql --defaults-group-suffix=host1 --force < 2017-11-segwit.sql + sudo mysql --defaults-group-suffix=host1 --force < 2018-01-stratums_ports.sql + sudo mysql --defaults-group-suffix=host1 --force < 2018-02-coins_getinfo.sql clear output "Generating a basic serverconfig.php" + output "" # make config file echo ' 0.3 define('"'"'EXCH_AUTO_WITHDRAW'"'"', 0.3); - // nicehash keys deposit account & amount to deposit at a time define('"'"'NICEHASH_API_KEY'"'"','"'"'521c254d-8cc7-4319-83d2-ac6c604b5b49'"'"'); define('"'"'NICEHASH_API_ID'"'"','"'"'9205'"'"'); define('"'"'NICEHASH_DEPOSIT'"'"','"'"'3J9tapPoFCtouAZH7Th8HAPsD8aoykEHzk'"'"'); define('"'"'NICEHASH_DEPOSIT_AMOUNT'"'"','"'"'0.01'"'"'); - - $cold_wallet_table = array( - '"'"'1C23KmLeCaQSLLyKVykHEUse1R7jRDv9j9'"'"' => 0.10, + '"'"'18AwGT19befE4Z3siEiAzsF8n9MoJEifiH'"'"' => 0.10, ); - // Sample fixed pool fees $configFixedPoolFees = array( '"'"'zr5'"'"' => 2.0, '"'"'scrypt'"'"' => 20.0, '"'"'sha256'"'"' => 5.0, ); - // Sample custom stratum ports $configCustomPorts = array( // '"'"'x11'"'"' => 7000, ); - // mBTC Coefs per algo (default is 1.0) $configAlgoNormCoef = array( // '"'"'x11'"'"' => 5.0, ); ' | sudo -E tee /var/web/serverconfig.php >/dev/null 2>&1 - output "Final Directory permissions" -sudo usermod -aG www-data $whoami -sudo chown -R www-data:www-data /var/www/$SERVNAME/html -sudo chown -R www-data:www-data /var/log +output "Updating stratum config files with database connection info." +output "" +cd /var/stratum/config +sudo sed -i 's/password = tu8tu5/password = '$blckntifypass'/g' *.conf +sudo sed -i 's/server = yaamp.com/server = '$server_name'/g' *.conf +sudo sed -i 's/host = yaampdb/host = localhost/g' *.conf +sudo sed -i 's/database = yaamp/database = yiimpfrontend/g' *.conf +sudo sed -i 's/username = root/username = stratum/g' *.conf +sudo sed -i 's/password = patofpaq/password = '$password2'/g' *.conf +cd ~ + + +output "Final Directory permissions" +output "" +whoami=`whoami` +#sudo usermod -aG www-data $whoami +#sudo chown -R www-data:www-data /var/log sudo chown -R www-data:www-data /var/stratum -sudo chmod -R 775 /var/www/$SERVNAME/html -sudo chmod -R 775 /var/log -sudo chmod -R 775 /var/stratum sudo chown -R www-data:www-data /var/web +sudo touch /var/log/debug.log +sudo chown -R www-data:www-data /var/log/debug.log +sudo chmod -R 775 /var/www/$server_name/html sudo chmod -R 775 /var/web -sudo mkdir /root/backup/ +sudo chmod -R 775 /var/stratum +sudo chmod -R 775 /var/web/yaamp/runtime +sudo chmod -R 664 /root/backup/ +sudo chmod -R 644 /var/log/debug.log +sudo chmod -R 775 /var/web/serverconfig.php +sudo mv $HOME/yiimp/ $HOME/yiimp-install-only-do-not-run-commands-from-this-folder sudo service nginx restart sudo service php7.0-fpm reload clear -output "Whew that was fun, just some reminders. Your mysql information is saved in ~/.my.conf. this installer did not directly install anything required to build coins." -output "Please make sure to chnage your wallet addresses in the /var/web/serverconfig.php file." +output "Whew that was fun, just some reminders. Your mysql information is saved in ~/.my.cnf. this installer did not directly install anything required to build coins." +output "" +output "Please make sure to change your wallet addresses in the /var/web/serverconfig.php file." +output "" output "Please make sure to add your public and private keys." -output "If you found this script helpful please consider donating some BTC Donation: 1AxK9a7dgeHvf3VFuwZ2adGiQTX6S1nhrp" - - +output "" +output "If you found this script helpful please consider donating some BTC Donation: 18AwGT19befE4Z3siEiAzsF8n9MoJEifiH"