forked from unkn0w/noobs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
chce_moodle.sh
executable file
·176 lines (154 loc) · 5.14 KB
/
chce_moodle.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
#!/bin/bash
#Michał Giza
echo -e "\e[1;32mSprawdzenie uprawnień \e[0m"
if [ $EUID != 0 ]
then
echo "Uruchom poprzez sudo bash chce_moodle.sh lub jako root"
exit
fi
echo -e "\e[1;32mAktualizacja pakietów \e[0m"
apt update
echo -e "\e[1;32mDodanie repozytorium z PHP \e[0m"
apt install software-properties-common -y
add-apt-repository ppa:ondrej/php -y
apt update
echo -e "\e[1;32mInstalacja pakietów \e[0m"
apt install vsftpd nginx php7.4-fpm php7.4-common php7.4-iconv php7.4-mysql php7.4-curl php7.4-mbstring php7.4-xmlrpc php7.4-soap php7.4-zip php7.4-gd php7.4-xml php7.4-intl php7.4-json libpcre3 libpcre3-dev graphviz aspell ghostscript clamav mariadb-server -y
echo -e "\e[1;32mBlokada dostępu SSH \e[0m"
cat >> /etc/ssh/sshd_config <<EOL
Match User moodle
ChrootDirectory /home/moodle
EOL
echo -e "\e[1;32mRestart SSH \e[0m"
systemctl restart ssh
echo -e "\e[1;32mKonfiguracja FTP \e[0m"
cp /etc/vsftpd.conf /etc/vsftpd.conf.backup
cat > /etc/vsftpd.conf <<EOL
listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO
write_enable=YES
local_umask=022
chroot_local_user=YES
allow_writeable_chroot=YES
pasv_enable=Yes
pasv_min_port=40000
pasv_max_port=40100
EOL
echo -e "\e[1;32mRestart vsftpd \e[0m"
systemctl restart vsftpd
echo -e "\e[1;32mDodanie dedykowanego usera dla web servera \e[0m"
SSH_PASS="$(openssl rand -base64 12)"
useradd -m moodle -s /bin/bash
echo moodle:${SSH_PASS} | chpasswd
echo -e "\e[1;32mZmiana ustawień PHP \e[0m"
cat >> /etc/php/7.4/fpm/php.ini <<EOL
max_input_vars = 5000
EOL
echo -e "\e[1;32mUtworzenie dedykowanego PHP pool \e[0m"
cp /etc/php/7.4/fpm/pool.d/www.conf /etc/php/7.4/fpm/pool.d/moodle.conf
cat > /etc/php/7.4/fpm/pool.d/moodle.conf <<EOL
[moodle]
user = moodle
group = moodle
listen = /run/php/moodle.sock
listen.owner = www-data
listen.group = www-data
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
EOL
echo -e "\e[1;32mRestart PHP-FPM \e[0m"
systemctl restart php7.4-fpm
echo -e "\e[1;32mZmiana konfiguracji MySQL \e[0m"
cat > /etc/mysql/mariadb.conf.d/50-server.cnf <<EOL
[server]
[mysqld]
innodb_file_format = Barracuda
innodb_large_prefix = 1
user = mysql
pid-file = /run/mysqld/mysqld.pid
socket = /run/mysqld/mysqld.sock
#port = 3306
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
lc-messages-dir = /usr/share/mysql
bind-address = 127.0.0.1
query_cache_size = 16M
log_error = /var/log/mysql/error.log
expire_logs_days = 10
character-set-server = utf8mb4
collation-server = utf8mb4_general_ci
[embedded]
[mariadb]
[mariadb-10.3]
EOL
echo -e "\e[1;32mRestart MySQL \e[0m"
systemctl restart mariadb
echo -e "\e[1;32mTworzenie bazy i usera \e[0m"
HASLO="$(openssl rand -base64 12)"
mysql -e "CREATE DATABASE moodle;"
mysql -e "CREATE USER 'moodle'@'localhost' IDENTIFIED BY '${HASLO}'"
mysql -e "GRANT ALL PRIVILEGES ON moodle.* TO 'moodle'@'localhost';"
mysql -e "FLUSH PRIVILEGES;"
echo -e "\e[1;32mPobieranie Moodle \e[0m"
wget https://download.moodle.org/stable311/moodle-3.11.2.tgz -O /tmp/moodle.tgz
echo -e "\e[1;32mRozpakowanie archiwum \e[0m"
tar -zvxf /tmp/moodle.tgz -C /home/moodle
mv /home/moodle/moodle /home/moodle/public_html
echo -e "\e[1;32mZmiana uprawnień \e[0m"
chown moodle:moodle -R /home/moodle/public_html
chmod 755 -R /home/moodle/public_html
echo -e "\e[1;32mUtworzenie katalogu na dane użytkowników \e[0m"
mkdir /var/moodledata
chmod 755 -R /var/moodledata
chown moodle:moodle -R /var/moodledata
echo -e "\e[1;32mDodanie konfiguracji Nginx \e[0m"
unlink /etc/nginx/sites-enabled/default
cat > /etc/nginx/sites-available/moodle <<EOL
server{
listen 80;
server_name _;
root /home/moodle/public_html;
index index.php;
location / {
try_files \$uri \$uri/ /index.php?\$query_string;
}
location ~ ^(.+\.php)(.*)$ {
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_index index.php;
fastcgi_pass unix:/run/php/moodle.sock;
include /etc/nginx/mime.types;
include fastcgi_params;
fastcgi_param PATH_INFO \$fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
}
}
EOL
ln -s /etc/nginx/sites-available/moodle /etc/nginx/sites-enabled/
echo -e "\e[1;32mRestart Nginx \e[0m"
systemctl restart nginx
echo -e "\e[1;32mDalsze instrukcje w pliku moodle.txt \e[0m"
GATEWAY="$(/sbin/ip route | awk '/default/ { print $3 }')"
IP="$(ip route get ${GATEWAY} | grep -oP 'src \K[^ ]+')"
cat > moodle.txt <<EOL
Moodle jest gotowe do instalacji pod http://${IP}.
Katalog danych Moodle to /var/moodledata
Wybierz MariaDB jako typ bazy.
Nazwa bazy i użytkownika to moodle.
Hasło do bazy: ${HASLO}
Hasło FTP dla lokalnego użytkownika moodle: ${SSH_PASS}
EOL