Skip to content

Instantly share code, notes, and snippets.

@zudsniper

zudsniper/installDeb10Pt.sh

Last active December 14, 2022 13:20
Show Gist options
  • Save zudsniper/863d01f8c4b45b8556e7e3dea3aa707b to your computer and use it in GitHub Desktop.
Save zudsniper/863d01f8c4b45b8556e7e3dea3aa707b to your computer and use it in GitHub Desktop.
Download ZIP
Automatically install Pterodactyl panel on Debian 10.
Raw
installDeb10Pt.sh
#!/bin/bash
# zod.tf pterodactyl installation script
# based on https://pterodactyl.io/community/installation-guides/panel/debian10.html
# - debian 10
# - zodsuper's [`.bashrc` for Debian](https://gist.github.com/zudsniper/e5bbdb7d3384a2b5f76277b52d103e59)
# FLAGS
# [source](https://stackoverflow.com/questions/192249/how-do-i-parse-command-line-arguments-in-bash)
POSITIONAL_ARGS=()
while [[ $# -gt 0 ]]; do
case $1 in
-y|--Yes)
SKIP_PROMPTS_YES="Y"
shift # past argument
;;
-n|--No)
SKIN_PROMPTS_NO="n"
shift # past argument
;;
-P|--root_password)
ROOT_PASSWORD="$2"
shift # past argument
shift # past value!
;;
-D|--domains_file)
DOMAINS_FILE="$2"
shift # past argument
shift # past value!
;;
-m|--panel)
PANEL_DOMAIN="$2"
shift # past argument
shift # past value!
;;
-r|--redis)
USE_REDIS=1
shift # past argument
;;
-*|--*)
echo -ne "${A_RED}Unknown option${A_RESET} $1\n";
exit 1
;;
*)
POSITIONAL_ARGS+=("$1") # save positional arg
shift # past argument
;;
esac
done
set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters
echo -ne "${A_GREEN}${A_BOLD}let's get this show on the road.${A_RESET}\n";
echo -ne "${A_WHITE}INSTALLING PTERODACTYL PANEL FOR DEBIAN 10${A_RESET}\n\n";
ecjo -ne "${A_BOLD}${A_GREEN}Flags${A_RESET}\n";
if [[ SKIP_PROMPTS_YES -ne "Y" ]]; then
echo -ne "${A_BOLD}${A_WHITE} SKIP WITH ${A_RESET}${A_GREEN}YES!${A_RESET}\n";
fi
if [[ SKIP_PROMPTS_NO -ne "n" ]]; then
echo -ne "${A_BOLD}${A_WHITE} SKIP WITH ${A_RESET}${A_RED}no.${A_RESET}\n";
#if [[ SKIP_PROMPTS_YES -eq "Y" ]]; then
# echo -ne "${A_BOLD}${A_RED} Cannot have -Y & -n flag.${A_RESET}\n";
# exit 1;
#fi
fi
if [[ -z sudo ]]; then
apt install sudo
fi
# genuinely don't know at this point
export PT_NUMSTEPS=6;
echo -ne "\n";
# MariaDB
echo -ne "${A_YELLOW}${A_BOLD}Maria${A_BLACK}${A_INVERSE}DB${A_RESET}...\n";
apt install -y software-properties-common curl apt-transport-https ca-certificates
## Get apt updates
apt update
## Install MariaDB
apt install -y mariadb-common mariadb-server mariadb-client
## Start mariadb
systemctl start mariadb
systemctl enable mariadb
echo -ne "${A_INVERSE}------------------------------------------------${A_RESET}...\n";
# PHP 8.1
echo -ne "${A_PURPLE}${A_BOLD}PHP 8.1${A_RESET}...\n";
# Add repository for PHP
curl https://packages.sury.org/php/apt.gpg -o /etc/apt/trusted.gpg.d/php.gpg
echo "deb https://packages.sury.org/php/ buster main" | tee /etc/apt/sources.list.d/php.list
## Get apt updates
apt update
## Install PHP 8.1
apt install -y php8.1 php8.1-{cli,common,gd,mysql,mbstring,bcmath,xml,fpm,curl,zip}
echo -ne "${A_INVERSE}------------------------------------------------${A_RESET}...\n";
# NGiNX
echo -ne "${A_GRAY}${A_BOLD}NGiNX${A_RESET}...\n";
apt install -y nginx
echo -ne "${A_INVERSE}------------------------------------------------${A_RESET}...\n";
# Redis
echo -ne "${A_RED}REDIS${A_RESET}...\n";
apt install -y redis-server
systemctl start redis-server
systemctl enable redis-server
ehco -ne "${A_INVERSE}------------------------------------------------${A_RESET}...\n";
if [[ [ SKIP_PROMPTS_YES -ne "Y" ] && [ SKIP_PROMPTS_NO -ne "n" ] ]]; then
echo -ne "Install certbot? (Y/n) ";
select ctbt in Yes No
do
if [[ $ctbt -eq "Y" ]]; then
apt install -y certbot curl
fi
done
echo -ne "\nInstall composer? (Y/n) ";
select compo in Yes No
do
if [[ $compo -eq "Y" ]]; then
curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
fi
done
else if [[ SKIP_PROMPTS_YES -eq "Y" ]]; then
apt install -y certbot curl
curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
fi
echo -ne "${A_BLUE}${BOLD}STATUS ${A_RESET}(1/${PT_NUMSTEPS})...\n";
echo -ne "${A_INVERSE}${A_BLUE}------------------------------------------------${A_RESET}\n\n";
echo "${A_RED}${A_BOLD}MANUAL FOR AWHILE${A_RESET}\n";
# Set root password? [Y/n] Y
# Remove anonymous users? [Y/n] Y
# Disallow root login remotely? [Y/n] Y
# Remove test database and access to it? [Y/n] Y
# Reload privilege tables now? [Y/n] Y
if [[ ${SKIP_PROMPTS_YES} -eq "Y" ]]; then
mysql_secure_installation -y
else
mysql_secure_installation
fi
echo -ne "${A_INVERSE}------------------------------------------------${A_RESET}...\n";
echo -ne "${A_YELLOW}Adding users${A_RESET}...\n ${A_ITALIC}$this will REQUIRE your root password!${A_RESET}\n";
echo -ne "${A_RED}${A_BOLD}PRETTY SURE THE AUTOMATION IS BROKEN, FINISH MANUALLY! ${A_RESET}\n";
echo -ne "${A_BOLD}https://pterodactyl.io/tutorials/mysql_setup.html${A_RESET}";
select stopRN in Yes No
do
if [[ ${stopRN} -eq "Y" ]]; then
echo -ne "${A_BOLD}${A_RED}${A_INVERSE}QUITTING now :C${A_RESET}\ngo to that link, and finish those stes manually! \n";
exit 1;
fi
done
EOF > "./temp"; # rest file
## Remember to change 'somePassword' below to be a unique password specific to this account.
echo "CREATE USER 'pterodactyl'@'127.0.0.1' IDENTIFIED BY 'pogPassword'\n" >> ./temp
echo "CREATE DATABASE panel\n" >> ./temp
echo "GRANT ALL PRIVILEGES ON panel.* TO 'pterodactyl'@'127.0.0.1' WITH GRANT OPTION\n" >> ./temp
# You should change the username and password below to something unique.
echo "CREATE USER 'pterodactyluser'@'127.0.0.1' IDENTIFIED BY 'pogpassword'\n" >> ./temp
echo "GRANT ALL PRIVILEGES ON *.* TO 'pterodactyluser'@'127.0.0.1' WITH GRANT OPTION\n" >> ./temp
#TODO: this requires root password!
# also its just super weird...
$(("./temp" << EOF))
$(cat ./temp) | mysql -u root -p ${ROOT_PASSWORD}
# ALLOW EXTERNAL ACCESS
# get the first result
{ read first; } < "$(find /etc -iname my.cnf)"
# write external stuff to this file
echo -ne "${first}" << "\n\n[mysqld]\nbind-address 0.0.0.0\n"
# restart
systemctl restart mariadb
echo -ne "${A_BLUE}${BOLD}STATUS ${A_RESET}(2/${PT_NUMSTEPS})...\n";
echo -ne "${A_INVERSE}${A_BLUE}------------------------------------------------${A_RESET}\n\n";
echo -ne "Setting up ${A_PURPLE}${A_BOLD}PHP 8.1${A_RESET}...\n";
systemctl enable php8.1_fpm
systemctl start php8.1-fpm
# assuming we use `ufw`
echo -ne " ${A_GRAY}${A_ITALIC}opening port 80 for http challenge!${A_RESET}\n";
if which ufw >/dev/null; then
sudo apt update
sudo apt install -y ufw
fi
ufw allow 80/tcp
ufw reload
systemctl restart ufw
systemctl restart nginx
# generate our SSL certificates!
echo -ne " ${A_GRAY}${A_ITALIC}adding ca-certificates!${A_RESET}\n";
if which certbot >/dev/null; then
sudo apt update
sudo apt install -y certbot
fi
DOMAINS=""
if [[ -z DOMAINS_FILE ]]; then
while IFS="" read -r p || [ -n "$p" ]
do
DOMAINS="$(printf '-d %s %s' "$p" "${DOMAINS}")";
done < DOMAINS_FILE
else
DOMAINS="-d zod.tf -d www.zod.tf -d panel.zod.tf -d www.panel.zod.tf -d mge.zod.tf -d trade.boo.tf -d boo.tf -d zod.mge.tf"
fi
# https://pterodactyl.io/tutorials/creating_ssl_certificates.html
echo -ne " Trying to renew ${A_YELLOW}${A_BOLD}ca-certificates${A_RESET}...\n";
echo -ne " AUTORENEWAL with crontab: ${A_ITALIC}https://pterodactyl.io/tutorials/creating_ssl_certificates.html${A_RESET}...\n";
certbot certonly --nginx --expand "${DOMAINS}";
# SSL certificates (hopefully) done!
echo -ne "${A_BLUE}${BOLD}STATUS ${A_RESET}(3/${PT_NUMSTEPS})...\n";
echo -ne "${A_INVERSE}${A_BLUE}------------------------------------------------${A_RESET}\n\n";
# add SSL servers to NGiNX config
touch /etc/nginx/conf.d/ssl.conf;
# get my gist of the conf file
curl https://gist.githubusercontent.com/zudsniper/863d01f8c4b45b8556e7e3dea3aa707b/raw/97aca8dda4826e02ac4af496a60d5c8db6e40001/ssl.conf -o /etc/nginx/conf.d/ssl.conf;
# move the file to name it correctly
mv "/etc/nginx/conf.d/ssl.conf" "/etc/nginx/conf.d/${PANEL_DOMAIN}.conf"
# replace the instances of "<domain>" in file with the appropriate panel domain.
sed -i -e `s/\<domain\>/${PANEL_DOMAIN}/g` "/etc/nginx/conf.d/${PANEL_DOMAIN}.txt"
# this is truly a guess
chmod 644 /etc/nginx/conf.d/ssl.conf;
# SSL certificates (hopefully) done!
echo -ne "${A_BLUE}${BOLD}STATUS ${A_RESET}(4/${PT_NUMSTEPS})...\n";
echo -ne "${A_INVERSE}${A_BLUE}------------------------------------------------${A_RESET}\n\n";
echo -ne "${A_GREEN}${A_BOLD}INSTALLING PANEL. MADE IT THIS FAR!${A_RESET}\n";
# making panel dirs
mkdir -p /var/www/pterodactyl
cd /var/www/pterodactyl
# downloading, uncompressing, and setting permissions
curl -Lo panel.tar.gz https://github.com/pterodactyl/panel/releases/latest/download/panel.tar.gz
tar -xzvf panel.tar.gz
chmod -R 755 storage/* bootstrap/cache/
# copy env settings + other stuff, use artisan to generate first part of panel
cp .env.example .env
cp .env .env.backup
composer install --no-dev --optimize-autoloader
# Only run the command below if you are installing this Panel for
# the first time and do not have any Pterodactyl Panel data in the database.
php artisan key:generate --force
# CONFIGURE ENVIRONMENT
php artisan p:environment:setup
php artisan p:environment:database
# To use PHP's internal mail sending (not recommended), select "mail". To use a
# custom SMTP server, select "smtp".
php artisan p:environment:mail
# database setup
php artisan migrate --seed --force
# add the first user
php artisan p:user:make
# run ownership command for this OS
# If using NGINX or Apache (not on CentOS):
chown -R www-data:www-data /var/www/pterodactyl/*
echo -ne "${A_BLUE}${BOLD}STATUS ${A_RESET}(5/${PT_NUMSTEPS})...\n";
echo -ne "${A_INVERSE}${A_BLUE}------------------------------------------------${A_RESET}\n\n";
echo -ne "${A_PURPLE}setting QueueWorker crontab job${A_RESET}...\n";
# write crontab via bash script
crontab -l > mycron
echo "* * * * * php /var/www/pterodactyl/artisan schedule:run >> /dev/null 2>&1" >> mycron
crontab mycron
rm mycron
# create queue worker service within systemd
curl https://gist.githubusercontent.com/zudsniper/863d01f8c4b45b8556e7e3dea3aa707b/raw/988256e6b8db2c64307ff6660e6345f96d0a0162/pteroq.service -o /etc/systemd/system/pteroq.service
# if we are to use Redis, make sure it starts on boot.
if [[ -z ${USE_REDIS} ]]; then
systemctl enale --now redis-server
fi
# enable our service
systemctl enable --now pteroq.service
echo -ne "${A_BLUE}${BOLD}STATUS ${A_RESET}(6/${PT_NUMSTEPS})...\n";
echo -ne "${A_INVERSE}${A_BLUE}------------------------------------------------${A_RESET}\n\n";
echo -ne "${A_GREEN}${A_BOLD}INSTALLING WEBSERVER CONFIGURATION${A_RESET}...\n";
# remove default NGiNX
rm /etc/nginx/sites-enabled/default
# enable the current conf
ln -s /etc/nginx/sites-available/pterodactyl.conf /etc/nginx/sites-enabled/pterodactyl.conf
# You need to restart nginx regardless of OS.
systemctl restart nginx
echo -ne "${A_BLUE}${A_BOLD}STATUS ${A_RESET}(7/${PT_NUMSTEPS})...\n";
echo -ne "${A_INVERSE}${A_BLUE}------------------------------------------------${A_RESET}\n\n";
echo -ne "${A_GREEN}${A_BOLD}${A_INVERSE}PTERODACTYL BASE IS INSTALLED!!${A_RESET}\n\n";
echo -ne "${A_YELLOW}Installing Dependencies${A_RESET}...\n";
# install docker but not apt???
curl -sSL https://get.docker.com/ | CHANNEL=stable bash
# enable dcoker
systemctl enable --now docker
# check for swap
echo -ne "${A_RED}I hope we support swapping:@1${A_RESET}...\nif the following includes ${A_INVERSE}WARNING: No swap limit support${A_RESET}\n";
docker info;
echo -ne "${A_BOLD}${A_RED}Continue on & install Wings?${A_RESET} (y/N) ";
# unskippable
select stopNow in Yes No
do
if [[ $stopNow -ne "Y" ]]; then
echo -ne "${A_RED}${A_BOLD}go fix ur swap! C:${A_RESET}\n";
exit 1;
fi
done
echo -ne "${A_YELLOW}${A_BOLD}Good luck!${A_RESET}\n";
# get part 2 ... fuck man
curl https://gist.githubusercontent.com/zudsniper/863d01f8c4b45b8556e7e3dea3aa707b/raw/36b64071e5be01fd778e44cbe0fe656e05efa6f5/installDeb10Pt_wings.sh | bash;
Raw
installDeb10Pt_wings.sh
#!/bin/bash
# I would NOT run this without running the first script...
echo -ne "------------------------------------------------${A_RESET}\n";
echo -ne " ${A_GRAY}${A_BOLD}INSTALLING WINGS${A_RESET}\n";
echo -ne "------------------------------------------------${A_RESET}\n\n";
echo -ne "${A_BOLD}VISIT: ${A_RESET}https://pterodactyl.io/wings/1.0/installing.html#installing-wings-2\n";
# prepare for wings
mkdir -p /etc/pterodactyl
curl -L -o /usr/local/bin/wings "https://github.com/pterodactyl/wings/releases/latest/download/wings_linux_$([[ "$(uname -m)" == "x86_64" ]] && echo "amd64" || echo "arm64")"
chmod u+x /usr/local/bin/wings
# install wings daemon
curl https://gist.github.com/zudsniper/863d01f8c4b45b8556e7e3dea3aa707b#file-wings-service -o /etc/systemd/system/wings.service
# enable this new service on boot
systemctl enable --now wings
echo -ne "------------------------------------------------${A_RESET}\n";
echo -ne " ${A_GREEN}${A_BOLD}HOLY FUCK${A_RESET}\n";
echo -ne " ${A_GREEN}${A_BOLD}YOU MADE IT! ${A_RESET}\n";
echo -ne " ${A_GREEN}He's... He's alive!!!${A_RESET}\n";
echo -ne "------------------------------------------------${A_RESET}\n\n";
Raw
pteroq.service
# Pterodactyl Queue Worker File
# ----------------------------------
[Unit]
Description=Pterodactyl Queue Worker
After=redis-server.service
[Service]
# On some systems the user and group might be different.
# Some systems use `apache` or `nginx` as the user and group.
User=www-data
Group=www-data
Restart=always
ExecStart=/usr/bin/php /var/www/pterodactyl/artisan queue:work --queue=high,standard,low --sleep=3 --tries=3
StartLimitInterval=180
StartLimitBurst=30
RestartSec=5s
[Install]
WantedBy=multi-user.target
Raw
ssl.conf
server_tokens off;
server {
listen 80;
server_name <domain>;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name <domain>;
root /var/www/pterodactyl/public;
index index.php;
access_log /var/log/nginx/pterodactyl.app-access.log;
error_log /var/log/nginx/pterodactyl.app-error.log error;
# allow larger file uploads and longer script runtimes
client_max_body_size 100m;
client_body_timeout 120s;
sendfile off;
# SSL Configuration - Replace the example <domain> with your domain
ssl_certificate /etc/letsencrypt/live/<domain>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<domain>/privkey.pem;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
ssl_prefer_server_ciphers on;
# See https://hstspreload.org/ before uncommenting the line below.
# add_header Strict-Transport-Security "max-age=15768000; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header Content-Security-Policy "frame-ancestors 'self'";
add_header X-Frame-Options DENY;
add_header Referrer-Policy same-origin;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M";
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTP_PROXY "";
fastcgi_intercept_errors off;
fastcgi_buffer_size 16k;
fastcgi_buffers 4 16k;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
include /etc/nginx/fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
Raw
wings.service
[Unit]
Description=Pterodactyl Wings Daemon
After=docker.service
Requires=docker.service
PartOf=docker.service
[Service]
User=root
WorkingDirectory=/etc/pterodactyl
LimitNOFILE=4096
PIDFile=/var/run/wings/daemon.pid
ExecStart=/usr/local/bin/wings
Restart=on-failure
StartLimitInterval=180
StartLimitBurst=30
RestartSec=5s
[Install]
WantedBy=multi-user.target
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment