nginx-ispconfig3-debian8.sh

#!/bin/bash
## Install ISPConfig3 on Debian 8 x86_64
## Author: Marcin Sągol
## See: http://linuxqu.web.id/2015/12/16/the-perfect-server-debian-wheezy-nginx-bind-dovecot-ispconfig-3/

apt update

apt install dialog

dpkg-reconfigure locales 
dpkg-reconfigure tzdata

apt install ssh openssh-server -y


apt full-upgrade -y

apt install nano

# Use dash as the default system shell (/bin/sh)? <– No (or ISPConfig installation will fail.)
dpkg-reconfigure dash

apt install -y ntp ntpdate

apt install -y postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve sudo

## Open the TLS/SSL and submission ports in Postfix (/etc/postfix/master.cf):
sed -i 's|#submission|submission|' /etc/postfix/master.cf
sed -i 's|#  -o syslog_name=postfix/submission|  -o syslog_name=postfix/submission|' /etc/postfix/master.cf
sed -i 's|#  -o smtpd_tls_security_level=encrypt|  -o smtpd_tls_security_level=encrypt|' /etc/postfix/master.cf
sed -i 's|#  -o smtpd_sasl_auth_enable=yes|  -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf
sed -i 's|#  -o smtpd_reject_unlisted_recipient=no|  -o smtpd_client_restrictions=permit_sasl_authenticated,reject|' /etc/postfix/master.cf

sed -i 's|#smtps|smtps|' /etc/postfix/master.cf
sed -i 's|#  -o syslog_name=postfix/smtps|  -o syslog_name=postfix/smtps|' /etc/postfix/master.cf
sed -i 's|#  -o smtpd_tls_wrappermode=yes|  -o smtpd_tls_wrappermode=yes|' /etc/postfix/master.cf
sed -i 's|#  -o smtpd_sasl_auth_enable=yes|  -o smtpd_sasl_auth_enable=yes|' /etc/postfix/master.cf
sed -i 's|#  -o smtpd_reject_unlisted_recipient=no|  -o smtpd_client_restrictions=permit_sasl_authenticated,reject|' /etc/postfix/master.cf

/etc/init.d/postfix restart

# Let MySQL listen on all interfaces, not just localhost:
sed -i 's|bind-address|#bind-address|' /etc/mysql/my.cnf

/etc/init.d/mysql restart

# check that networking is enabled,
# outpu should be like: tcp 0  0  *:mysql *:*  LISTEN 7500/mysqld

netstat -tap | grep mysql


# ----------------------------------------------------------------
# Install Amavisd-new, SpamAssassin, And Clamav
# ----------------------------------------------------------------

apt install -y amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl

# The ISPConfig 3 setup uses amavisd which loads the SpamAssassin filter library 
# internally, so we can stop SpamAssassin to free up some RAM:

/etc/init.d/spamassassin stop
update-rc.d -f spamassassin remove


# ----------------------------------------------------------------
# Install Nginx, PHP5 (PHP-FPM), And Fcgiwrap
# ----------------------------------------------------------------

/etc/init.d/apache2 stop
update-rc.d -f apache2 remove

apt install -y nginx

/etc/init.d/nginx start


apt install -y php5-fpm

apt install -y php5-mysql php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-memcached php5-pspell php5-snmp php5-recode php5-sqlite php5-tidy php5-xmlrpc php5-xsl curl memcached snmp

php5enmod mcrypt

sed -i 's|;cgi.fix_pathinfo=1|cgi.fix_pathinfo=0|' /etc/php5/fpm/php.ini
sed -i 's|;date.timezone =|date.timezone="Europe/Warsaw"|' /etc/php5/fpm/php.ini


/etc/init.d/php5-fpm reload

apt install -y fcgiwrap

/etc/init.d/fcgiwrap start


# ----------------------------------------------------------------
# Install phpMyAdmin
# ----------------------------------------------------------------

apt install -y phpmyadmin
# - Configure database for phpmyadmin with dbconfig-common? <– No
# - Web server to reconfigure automatically: <– select none 

# The ISPConfig apps vhost on port 8081 for nginx comes with a 
# phpMyAdmin configuration, so you can use 
# http://server1.example.com:8081/phpmyadmin or 
# http://server1.example.com:8081/phpMyAdmin to access phpMyAdmin.

# ----------------------------------------------------------------
# Install PureFTPd And Quota
# ----------------------------------------------------------------

apt install -y pure-ftpd-common pure-ftpd-mysql quota quotatool

sed -i 's|VIRTUALCHROOT=false|VIRTUALCHROOT=true|' /etc/default/pure-ftpd-common
# allow FTP and TLS session
echo 1 > /etc/pure-ftpd/conf/TLS
# in order to use TLS, we must create an SSL certificate
mkdir -p /etc/ssl/private/
# generate SSL certificate
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
# change the permissions of the SSL certificate
chmod 600 /etc/ssl/private/pure-ftpd.pem
# restart PureFTPd
/etc/init.d/pure-ftpd-mysql restart


# ----------------------------------------------------------------
# Install Vlogger, Webalizer, And AWstats
# ----------------------------------------------------------------

apt install -y vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl

rm -f /etc/cron.d/awstats


# ----------------------------------------------------------------
# Install Jailkit
# ----------------------------------------------------------------

apt install -y build-essential autoconf automake1.11 libtool flex bison debhelper binutils

cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.19.tar.gz
tar xvfz jailkit-2.19.tar.gz
cd jailkit-2.19
./debian/rules binary
cd ..
dpkg -i jailkit_2.19-1_*.deb
rm -rf jailkit-2.19* jailkit_2.19-1_amd64.deb

# ----------------------------------------------------------------
# Install fail2ban
# ----------------------------------------------------------------

apt install -y fail2ban

# make fail2ban monitor PureFTPd and Dovecot
echo '[pureftpd]
enabled  = true
port     = ftp
filter   = pureftpd
logpath  = /var/log/syslog
maxretry = 3

[dovecot-pop3imap]
enabled = true
filter = dovecot-pop3imap
action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
logpath = /var/log/mail.log
maxretry = 5

[sasl]
enabled  = true
port     = smtp
filter   = sasl
logpath  = /var/log/mail.log
maxretry = 3' > /etc/fail2ban/jail.local

echo '[Definition]
failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.*
ignoreregex =' > /etc/fail2ban/filter.d/pureftpd.conf

echo '[Definition]
failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.*
ignoreregex =' > /etc/fail2ban/filter.d/dovecot-pop3imap.conf

/etc/init.d/fail2ban restart


# ----------------------------------------------------------------
# Install ISPConfig 3
# ----------------------------------------------------------------

#make sure nginx is running
/etc/init.d/nginx restart

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/

php -q install.php

# ----------------------------------------------------------------
# Development packages
# ----------------------------------------------------------------

curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer

apt install -y git