From 5a96cbaeb388c3d60b49de570ac4729217eb2118 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sun, 27 Aug 2017 03:27:30 -0400 Subject: [PATCH 01/59] corrections Added missing directory creations and updated the permissions to be the correct ones. --- install.sh | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/install.sh b/install.sh index 326f7bc6..36f43f3f 100644 --- a/install.sh +++ b/install.sh @@ -81,12 +81,16 @@ clear sudo make cd .. sudo cp -r web /var/ + sudo mkdir /var/stratum + cd stratum + sudo cp -a config.sample/. /var/stratum/config sudo cp -r stratum /var/stratum + sudo cp -r run.sh /var/stratum sudo cp -a bin/. /bin/ sudo cp -r blocknotify/blocknotify /var/stratum - sudo mkdir /etc/yiimp - sudo cp /etc/stratum/config /etc/stratum/config.old - sudo cp /etc/stratum.config.sample /etc/stratum/config + sudo mkdir /etc/yiimp + sudo mkdir /root/backup/ + sudo cp -r /var/web/keys.sample.php /etc/yiimp output "Update default timezone." output "Thanks for using this installation script. Donations welcome" # check if link file @@ -426,15 +430,13 @@ $configAlgoNormCoef = array( output "Final Directory permissions" sudo usermod -aG www-data $whoami -sudo chown -R www-data:www-data /var/www/$SERVNAME/html sudo chown -R www-data:www-data /var/log sudo chown -R www-data:www-data /var/stratum -sudo chmod -R 775 /var/www/$SERVNAME/html -sudo chmod -R 775 /var/log -sudo chmod -R 775 /var/stratum sudo chown -R www-data:www-data /var/web -sudo chmod -R 775 /var/web -sudo mkdir /root/backup/ +sudo chmod -R 777 /var/web +sudo chmod -R 777 /var/stratum +sudo chmod -R 777 /root/backup/ +sudo chmod -R 777 /var/log sudo service nginx restart sudo service php7.0-fpm reload clear From 0a232b4e894ef8b2666ceebbb01ef2a0a9776767 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sun, 27 Aug 2017 11:13:30 -0400 Subject: [PATCH 02/59] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index ef9dff4c..3dba833b 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,7 @@ After you add the missing information to those files then run: ./block.sh curl -Lo install.sh https://raw.githubusercontent.com/crombiecrunch/yiimp/master/install.sh + bash install.sh You will be prompted for email, FDQN, and time zone. You onkly get one shot to enter this information correctly! From a6957ca23f7734eb7fad071e0f1f1b55e5bf7fa1 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sun, 27 Aug 2017 11:19:08 -0400 Subject: [PATCH 03/59] typo fix added spacing --- install.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/install.sh b/install.sh index 36f43f3f..0f81f06b 100644 --- a/install.sh +++ b/install.sh @@ -428,6 +428,7 @@ $configAlgoNormCoef = array( ); ' | sudo -E tee /var/web/serverconfig.php >/dev/null 2>&1 + output "Final Directory permissions" sudo usermod -aG www-data $whoami sudo chown -R www-data:www-data /var/log @@ -440,9 +441,12 @@ sudo chmod -R 777 /var/log sudo service nginx restart sudo service php7.0-fpm reload clear -output "Whew that was fun, just some reminders. Your mysql information is saved in ~/.my.conf. this installer did not directly install anything required to build coins." +output "Whew that was fun, just some reminders. Your mysql information is saved in ~/.my.cnf. this installer did not directly install anything required to build coins." +output "" output "Please make sure to chnage your wallet addresses in the /var/web/serverconfig.php file." +output "" output "Please make sure to add your public and private keys." +output "" output "If you found this script helpful please consider donating some BTC Donation: 1AxK9a7dgeHvf3VFuwZ2adGiQTX6S1nhrp" From f18924c0dc66aab5888f016daec927751820bcda Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sun, 27 Aug 2017 12:40:46 -0400 Subject: [PATCH 04/59] More Updates Added option to install fail2ban. Added additional input questions. Added silent install of phpmyaqdmin. --- install.sh | 162 +++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 131 insertions(+), 31 deletions(-) diff --git a/install.sh b/install.sh index 0f81f06b..acd8d271 100644 --- a/install.sh +++ b/install.sh @@ -22,12 +22,34 @@ displayErr() { exit 1; } clear - read -p "Enter admin email (e.g. admin@example.com) : " EMAIL - read -p "Enter servername (e.g. portal.example.com) : " SERVNAME +output "Make sure you double check before hitting enter! Only one shot at these! +output "" + read -p "Enter support email (e.g. admin@example.com) : " EMAIL read -p "Enter time zone (e.g. America/New_York) : " TIME + read -e -p "New server name (like srv.company.tld) : " server_name + read -e -p "Install Fail2ban? [Y/n] : " install_fail2ban + if [[ "$server_name" != "" ]]; then + echo $server_name > /etc/hostname + IP=$(ip addr show | grep eth0 | grep inet | tr -s " " | cut -f3 -d " " | cut -f1 -d "/") + + hosts_ip=$(grep -q $IP /etc/hosts) + if [[ "$hosts_ip" != "" ]]; then + sed -i "s/$IP.*/$IP $server_name/" /etc/hosts + else + echo "$IP $server_name" >> /etc/hosts + fi + + hostname $server_name + + /etc/init.d/hostname.sh + fi + read -e -p "Server Admin contact email : " root_email + fi output "If you found this helpful, please donate to BTC Donation: 1AxK9a7dgeHvf3VFuwZ2adGiQTX6S1nhrp" + output "" output "Updating system and installing required packages." + output "" #Disable AppArmor sudo service apparmor stop @@ -40,20 +62,24 @@ clear sudo apt-get -y autoremove clear output "Switching to Aptitude" + output "" sudo apt-get -y install aptitude output "Installing Nginx server." + output "" sudo aptitude -y install nginx sudo service nginx start sudo service cron start output "Installing Mariadb Server." + output "" # create random password rootpasswd=$(openssl rand -base64 12) export DEBIAN_FRONTEND="noninteractive" sudo aptitude -y install mariadb-server output "Installing php7.x and other needed files" + output "" sudo aptitude -y install php7.0-fpm sudo aptitude -y install php7.0-opcache php7.0-fpm php7.0 php7.0-common php7.0-gd php7.0-mysql php7.0-imap php7.0-cli php7.0-cgi php-pear php-auth php7.0-mcrypt mcrypt imagemagick libruby php7.0-curl php7.0-intl php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy php7.0-xmlrpc php7.0-xsl memcached php-memcache php-imagick php-gettext php7.0-zip php7.0-mbstring sudo phpenmod mcrypt @@ -68,8 +94,51 @@ clear sudo aptitude -y install librtmp-dev sudo aptitude -y install build-essential libtool autotools-dev automake pkg-config libssl-dev libevent-dev bsdmainutils sudo aptitude -y install sendmail + sudo aptitude -y install pwgen -y + clear + + #Generating Random Passwords + password=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` + password2=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` + AUTOGENERATED_PASS=`pwgen -c -1 20` + output "Testing to see if server emails are sent" + output "" + if [[ "$root_email" != "" ]]; then + echo $root_email > ~/.email + echo $root_email > ~/.forward + + read -e -p "Send an mail to test the smtp service? [Y/n] : " send_email + if [[ ("$send_email" == "y" || "$send_email" == "Y" || "$send_email" == "") ]]; then + echo "This is a mail test for the SMTP Service." > /tmp/email.message + echo "You should receive this !" >> /tmp/email.message + echo "" >> /tmp/email.message + echo "Cheers" >> /tmp/email.message + sendmail -s "SMTP Testing" $root_email < /tmp/email.message + + rm -f /tmp/email.message + echo "Mail sent" + fi + + output "Some optional installs" + if [[ ("$install_fail2ban" == "y" || "$install_fail2ban" == "Y" || "$install_fail2ban" == "") ]]; then + sudo aptitude -y install fail2ban + fi + clear + output "Installing phpmyadmin" + output "" + echo "phpmyadmin phpmyadmin/reconfigure-webserver multiselect" | debconf-set-selections + echo "phpmyadmin phpmyadmin/dbconfig-install boolean true" | debconf-set-selections + echo "phpmyadmin phpmyadmin/mysql/admin-user string root" | debconf-set-selections + echo "phpmyadmin phpmyadmin/mysql/admin-pass password $rootpasswd" | debconf-set-selections + echo "phpmyadmin phpmyadmin/mysql/app-pass password $AUTOGENERATED_PASS" |debconf-set-selections + echo "phpmyadmin phpmyadmin/app-password-confirm password $AUTOGENERATED_PASS" | debconf-set-selections + sudo aptitude -y install phpmyadmin + + output " Installing yiimp" + output "" output "Grabbing yiimp fron Github, building files and setting file structure." + output "" cd ~ git clone https://github.com/tpruvot/yiimp.git cd yiimp @@ -90,7 +159,7 @@ clear sudo cp -r blocknotify/blocknotify /var/stratum sudo mkdir /etc/yiimp sudo mkdir /root/backup/ - sudo cp -r /var/web/keys.sample.php /etc/yiimp + sudo cp -r /var/web/keys.sample.php /etc/yiimp/ output "Update default timezone." output "Thanks for using this installation script. Donations welcome" # check if link file @@ -104,18 +173,19 @@ clear output "Making Web Server Magic Happen!" # adding user to group, creating dir structure, setting permissions whoami=`whoami` - sudo mkdir -p /var/www/$SERVNAME/html - sudo chown -R $whoami:$whoami /var/www/$SERVNAME/html - sudo chmod -R 775 /var/www/$SERVNAME/html + sudo mkdir -p /var/www/$server_name/html + sudo chown -R $whoami:$whoami /var/www/$server_name/html + sudo chmod -R 775 /var/www/$server_name/html output "Creating webserver initial config file" + output "" echo ' server { listen 80; listen [::]:80; - server_name '"${SERVNAME}"'; + server_name '"${server_name}"'; - root "/var/www/'"${SERVNAME}"'/html/web"; + root "/var/www/'"${server_name}"'/html/web"; index index.html index.htm index.php; charset utf-8; @@ -130,7 +200,7 @@ echo ' location = /robots.txt { access_log off; log_not_found off; } access_log off; - error_log /var/log/nginx/'"${SERVNAME}"'.app-error.log error; + error_log /var/log/nginx/'"${server_name}"'.app-error.log error; # allow larger file uploads and longer script runtimes client_max_body_size 100m; @@ -159,22 +229,22 @@ echo ' allow all; } } -' | sudo -E tee /etc/nginx/sites-available/$SERVNAME.conf >/dev/null 2>&1 +' | sudo -E tee /etc/nginx/sites-available/$server_name.conf >/dev/null 2>&1 -sudo ln -s /etc/nginx/sites-available/$SERVNAME.conf /etc/nginx/sites-enabled/$SERVNAME.conf -sudo ln -s /var/web /var/www/$SERVNAME/html +sudo ln -s /etc/nginx/sites-available/$server_name.conf /etc/nginx/sites-enabled/$server_name.conf +sudo ln -s /var/web /var/www/$server_name/html sudo service nginx restart output "Install LetsEncrypt and setting SSL" sudo aptitude -y install letsencrypt - sudo letsencrypt certonly -a webroot --webroot-path=/var/web --email "$EMAIL" --agree-tos -d "$SERVNAME" - sudo rm /etc/nginx/sites-available/$SERVNAME.conf + sudo letsencrypt certonly -a webroot --webroot-path=/var/web --email "$EMAIL" --agree-tos -d "$server_name" + sudo rm /etc/nginx/sites-available/$server_name.conf sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 # I am SSL Man! echo ' server { listen 80; listen [::]:80; - server_name '"${SERVNAME}"'; + server_name '"${server_name}"'; # enforce https return 301 https://$server_name$request_uri; } @@ -182,13 +252,13 @@ sudo service nginx restart server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name '"${SERVNAME}"'; + server_name '"${server_name}"'; - root /var/www/'"${SERVNAME}"'/html/web; + root /var/www/'"${server_name}"'/html/web; index index.php; - access_log /var/log/nginx/'"${SERVNAME}"'.app-accress.log; - error_log /var/log/nginx/'"${SERVNAME}"'.app-error.log error; + access_log /var/log/nginx/'"${server_name}"'.app-accress.log; + error_log /var/log/nginx/'"${server_name}"'.app-error.log error; # allow larger file uploads and longer script runtimes client_max_body_size 100m; @@ -197,8 +267,8 @@ sudo service nginx restart sendfile off; # strengthen ssl security - ssl_certificate /etc/letsencrypt/live/'"${SERVNAME}"'/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/'"${SERVNAME}"'/privkey.pem; + ssl_certificate /etc/letsencrypt/live/'"${server_name}"'/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/'"${server_name}"'/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; @@ -238,28 +308,43 @@ sudo service nginx restart location ~ /\.ht { deny all; } - } + location /phpmyadmin { + root /usr/share/; + index index.php; + try_files $uri $uri/ =404; + + location ~ ^/phpmyadmin/(doc|sql|setup)/ { + deny all; + } + + location ~ /phpmyadmin/(.+\.php)$ { + fastcgi_pass unix:/run/php/php7.0-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + include snippets/fastcgi-php.conf; + } + } + } -' | sudo -E tee /etc/nginx/sites-available/thecryptopool.com.conf >/dev/null 2>&1 +' | sudo -E tee /etc/nginx/sites-available/$server_name.conf >/dev/null 2>&1 sudo service nginx restart sudo service php7.0-fpm reload clear output "Now for the database fun!" # create database - password=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` Q1="CREATE DATABASE IF NOT EXISTS yiimpfrontend;" Q2="GRANT ALL ON *.* TO 'panel'@'localhost' IDENTIFIED BY '$password';" Q3="FLUSH PRIVILEGES;" SQL="${Q1}${Q2}${Q3}" - sudo mysql -u root -p="" -e "$SQL" # create stratum user - password2=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` Q1="GRANT ALL ON *.* TO 'stratum'@'localhost' IDENTIFIED BY '$password2';" Q2="FLUSH PRIVILEGES;" SQL="${Q1}${Q2}" - sudo mysql -u root -p="" -e "$SQL" + + #Create my.cnf + echo ' [clienthost1] user=panel @@ -277,6 +362,7 @@ password='"${rootpasswd}"' ' | sudo -E tee ~/.my.cnf >/dev/null 2>&1 sudo chmod 0600 ~/.my.cnf +#Create keys file echo ' /dev/null 2>&1 +output "Updating stratum config files with database connection info." +output "" +cd /var/stratum/config +sudo sed -i 's/server = yaamp.com/server = '$server_name'/g' *.conf +sudo sed -i 's/host = yaampdb/host = localhost/g' *.conf +sudo sed -i 's/database = yaamp/database = yiimpfrontend/g' *.conf +sudo sed -i 's/username = root/username = stratum/g' *.conf +sudo sed -i 's/password = patofpaq/password = '$password2}'/g' *.conf +cd ~ - output "Final Directory permissions" + +output "Final Directory permissions" +output "" sudo usermod -aG www-data $whoami sudo chown -R www-data:www-data /var/log sudo chown -R www-data:www-data /var/stratum @@ -443,7 +543,7 @@ sudo service php7.0-fpm reload clear output "Whew that was fun, just some reminders. Your mysql information is saved in ~/.my.cnf. this installer did not directly install anything required to build coins." output "" -output "Please make sure to chnage your wallet addresses in the /var/web/serverconfig.php file." +output "Please make sure to change your wallet addresses in the /var/web/serverconfig.php file." output "" output "Please make sure to add your public and private keys." output "" From 9399b600229001bf1388b5f75bc3015cf986499b Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sun, 27 Aug 2017 12:48:55 -0400 Subject: [PATCH 05/59] bah missing " --- install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install.sh b/install.sh index acd8d271..de2b0e0b 100644 --- a/install.sh +++ b/install.sh @@ -22,7 +22,7 @@ displayErr() { exit 1; } clear -output "Make sure you double check before hitting enter! Only one shot at these! +output "Make sure you double check before hitting enter! Only one shot at these!" output "" read -p "Enter support email (e.g. admin@example.com) : " EMAIL read -p "Enter time zone (e.g. America/New_York) : " TIME From 2db2493e2d0ff4d7b2545dd24a7ca54c09797f76 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sun, 27 Aug 2017 12:59:41 -0400 Subject: [PATCH 06/59] more bugs fixed permission issues with the new inputs --- install.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/install.sh b/install.sh index de2b0e0b..9d07df4a 100644 --- a/install.sh +++ b/install.sh @@ -28,15 +28,16 @@ output "" read -p "Enter time zone (e.g. America/New_York) : " TIME read -e -p "New server name (like srv.company.tld) : " server_name read -e -p "Install Fail2ban? [Y/n] : " install_fail2ban + read -e -p "Send an mail to test the smtp service? [Y/n] : " send_email if [[ "$server_name" != "" ]]; then - echo $server_name > /etc/hostname + echo $server_name > sudo tee --append /etc/hostname IP=$(ip addr show | grep eth0 | grep inet | tr -s " " | cut -f3 -d " " | cut -f1 -d "/") hosts_ip=$(grep -q $IP /etc/hosts) if [[ "$hosts_ip" != "" ]]; then sed -i "s/$IP.*/$IP $server_name/" /etc/hosts else - echo "$IP $server_name" >> /etc/hosts + echo "$IP $server_name" >> sudo tee --append /etc/hosts fi hostname $server_name @@ -104,10 +105,9 @@ output "" output "Testing to see if server emails are sent" output "" if [[ "$root_email" != "" ]]; then - echo $root_email > ~/.email - echo $root_email > ~/.forward + echo $root_email > sudo tee --append ~/.email + echo $root_email > sudo tee --append ~/.forward - read -e -p "Send an mail to test the smtp service? [Y/n] : " send_email if [[ ("$send_email" == "y" || "$send_email" == "Y" || "$send_email" == "") ]]; then echo "This is a mail test for the SMTP Service." > /tmp/email.message echo "You should receive this !" >> /tmp/email.message From 3b4e0c56d2c06f8040944012fb254fb01cb5a42a Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sun, 27 Aug 2017 18:46:08 -0400 Subject: [PATCH 07/59] Update install.sh --- install.sh | 41 ++++++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/install.sh b/install.sh index 9d07df4a..ccd0190b 100644 --- a/install.sh +++ b/install.sh @@ -24,27 +24,30 @@ displayErr() { clear output "Make sure you double check before hitting enter! Only one shot at these!" output "" - read -p "Enter support email (e.g. admin@example.com) : " EMAIL - read -p "Enter time zone (e.g. America/New_York) : " TIME - read -e -p "New server name (like srv.company.tld) : " server_name + read -e -p "Enter time zone (e.g. America/New_York) : " TIME + read -e -p "Server name (like srv.company.tld) : " server_name + ifconfig | perl -nle'/dr:(\S+)/ && print $1' + read -e -p "Please enter your servers IP address, if only 127.0.0.1 is shown, enter that : " server_ip + read -e -p "Enter support email (e.g. admin@example.com) : " EMAIL + read -e -p "Server Admin contact email : " root_email read -e -p "Install Fail2ban? [Y/n] : " install_fail2ban read -e -p "Send an mail to test the smtp service? [Y/n] : " send_email - if [[ "$server_name" != "" ]]; then - echo $server_name > sudo tee --append /etc/hostname - IP=$(ip addr show | grep eth0 | grep inet | tr -s " " | cut -f3 -d " " | cut -f1 -d "/") - - hosts_ip=$(grep -q $IP /etc/hosts) - if [[ "$hosts_ip" != "" ]]; then - sed -i "s/$IP.*/$IP $server_name/" /etc/hosts - else - echo "$IP $server_name" >> sudo tee --append /etc/hosts - fi - - hostname $server_name - - /etc/init.d/hostname.sh - fi - read -e -p "Server Admin contact email : " root_email + +otput "adding host"; + HOSTS_LINE="$server_ip\t$server_name" + if [ -n "$(grep $HOSTNAME /etc/hosts)" ] + then + echo "$HOSTNAME already exists : $(grep $HOSTNAME $ETC_HOSTS)" + else + echo "Adding $HOSTNAME to your $ETC_HOSTS"; + sudo -- sh -c -e "echo '$HOSTS_LINE' >> /etc/hosts"; + + if [ -n "$(grep $HOSTNAME /etc/hosts)" ] + then + echo "$HOSTNAME was added succesfully \n $(grep $HOSTNAME /etc/hosts)"; + else + echo "Failed to Add $HOSTNAME, Try again!"; + fi fi output "If you found this helpful, please donate to BTC Donation: 1AxK9a7dgeHvf3VFuwZ2adGiQTX6S1nhrp" From f7030fb0244a9151102461eb21fc2e5adb72fe76 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sun, 27 Aug 2017 18:53:25 -0400 Subject: [PATCH 08/59] missing sudo added missing sudo to myphpadmin isnstall --- install.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/install.sh b/install.sh index ccd0190b..85b57acb 100644 --- a/install.sh +++ b/install.sh @@ -130,12 +130,12 @@ otput "adding host"; clear output "Installing phpmyadmin" output "" - echo "phpmyadmin phpmyadmin/reconfigure-webserver multiselect" | debconf-set-selections - echo "phpmyadmin phpmyadmin/dbconfig-install boolean true" | debconf-set-selections - echo "phpmyadmin phpmyadmin/mysql/admin-user string root" | debconf-set-selections - echo "phpmyadmin phpmyadmin/mysql/admin-pass password $rootpasswd" | debconf-set-selections - echo "phpmyadmin phpmyadmin/mysql/app-pass password $AUTOGENERATED_PASS" |debconf-set-selections - echo "phpmyadmin phpmyadmin/app-password-confirm password $AUTOGENERATED_PASS" | debconf-set-selections + echo "phpmyadmin phpmyadmin/reconfigure-webserver multiselect" | sudo debconf-set-selections + echo "phpmyadmin phpmyadmin/dbconfig-install boolean true" | sudo debconf-set-selections + echo "phpmyadmin phpmyadmin/mysql/admin-user string root" | sudo debconf-set-selections + echo "phpmyadmin phpmyadmin/mysql/admin-pass password $rootpasswd" | sudo debconf-set-selections + echo "phpmyadmin phpmyadmin/mysql/app-pass password $AUTOGENERATED_PASS" | sudo debconf-set-selections + echo "phpmyadmin phpmyadmin/app-password-confirm password $AUTOGENERATED_PASS" | sudo debconf-set-selections sudo aptitude -y install phpmyadmin output " Installing yiimp" From a0bd81e8c0ded85e7ec35b66e1917ddacd2f8ba0 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sun, 27 Aug 2017 19:27:11 -0400 Subject: [PATCH 09/59] fi foo sudo missed a fi or two with a sudo here and there --- install.sh | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/install.sh b/install.sh index 85b57acb..7c191447 100644 --- a/install.sh +++ b/install.sh @@ -112,15 +112,16 @@ otput "adding host"; echo $root_email > sudo tee --append ~/.forward if [[ ("$send_email" == "y" || "$send_email" == "Y" || "$send_email" == "") ]]; then - echo "This is a mail test for the SMTP Service." > /tmp/email.message - echo "You should receive this !" >> /tmp/email.message - echo "" >> /tmp/email.message - echo "Cheers" >> /tmp/email.message - sendmail -s "SMTP Testing" $root_email < /tmp/email.message + echo "This is a mail test for the SMTP Service." > sudo tee --append /tmp/email.message + echo "You should receive this !" >> sudo tee --append /tmp/email.message + echo "" >> sudo tee --append /tmp/email.message + echo "Cheers" >> sudo tee --append /tmp/email.message + sudo sendmail -s "SMTP Testing" $root_email < sudo tee --append /tmp/email.message - rm -f /tmp/email.message + sudo rm -f /tmp/email.message echo "Mail sent" fi + fi output "Some optional installs" if [[ ("$install_fail2ban" == "y" || "$install_fail2ban" == "Y" || "$install_fail2ban" == "") ]]; then From 2014fdf156e848929458ae06e0775366c28de52d Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sun, 27 Aug 2017 19:42:19 -0400 Subject: [PATCH 10/59] damn random ; removed the random ; --- install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install.sh b/install.sh index 7c191447..2bbcb626 100644 --- a/install.sh +++ b/install.sh @@ -33,7 +33,7 @@ output "" read -e -p "Install Fail2ban? [Y/n] : " install_fail2ban read -e -p "Send an mail to test the smtp service? [Y/n] : " send_email -otput "adding host"; +output "adding host" HOSTS_LINE="$server_ip\t$server_name" if [ -n "$(grep $HOSTNAME /etc/hosts)" ] then From 1217271b9961fc38c592d2f3bf53287abf519992 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sun, 27 Aug 2017 20:22:51 -0400 Subject: [PATCH 11/59] fixed run.sh and /bin/yiimp fixed run.sh and /bin/yiimp --- install.sh | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/install.sh b/install.sh index 2bbcb626..90574c2d 100644 --- a/install.sh +++ b/install.sh @@ -159,7 +159,26 @@ output "adding host" sudo cp -a config.sample/. /var/stratum/config sudo cp -r stratum /var/stratum sudo cp -r run.sh /var/stratum + cd .. sudo cp -a bin/. /bin/ + #fixing yiimp + sudo sed -i 's/ROOTDIR=/data/yiimp/ROOTDIR=/data//g' /bin/yiimp + #fixing run.sh + sudo rm -r /var/stratum/config/run.sh +echo ' +#!/bin/bash + +ulimit -n 10240 +ulimit -u 10240 + +cd /var/stratum +while true; do + ./stratum /var/stratum/config/$1 + sleep 2 +done +exec bash +' | sudo -E tee /var/stratum/config/run.sh >/dev/null 2>&1 +sudo chmod +x run.sh sudo cp -r blocknotify/blocknotify /var/stratum sudo mkdir /etc/yiimp sudo mkdir /root/backup/ From 23d1653938711009d6d9604f68555c4746c1e897 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sun, 27 Aug 2017 20:56:53 -0400 Subject: [PATCH 12/59] Update README.md --- README.md | 34 ++++++++++++++++++++++++++++++++-- 1 file changed, 32 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 3dba833b..02821808 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,38 @@ # yiimp Install script for yiimp on Ubuntu 16.04 -This script will install yimmp on your Ubuntu 16.04 system. Before running this script make sure you are on a fresh server and running as a user. Do not run this script under root! +This script has an interactive begining and will ask for the following information: +1. Your time zone +2. Server Name - IMPORTANT - You must already have your domain name pointed to your server before running the script or else the SSL install will fail! +3. Server IP for hosts file update +4. Support Email Address +5. Server Admin Email Address +6. If you would like fail2ban installed +7. Send test email from server + +Once those questions are answered the script will then be fully automated for the rest of the install. + +The script will update your hosts file with server ip and server name. +Disable and remove AppAromor +Update and Upgrade Ubuntu Packages +Install Aptitude +Install and configure Nginx +Install MariaDB with random root password +Install php7 +Install various dev packages required for building blocknotify and stratum +Install SendMail +Install Fail2Ban if selected +Install and configur phpmyadmin with random password for phpmyadmin user +Clone yiimp build packages, create directory structure, set file permissions, and more +Update server clock +Install LetsEncrypt +Create yiimp database, create 2 users with random passwords - passwords saved in ~/.my.cnf +Import the sql dumps from yiimp +Create base yiimp serverconfig.php file to get you going +Updates all directory permissions + This install script will get you 95% ready to go with yiimp. There are a few things you need to do after the main install is finished. You must update the following files: @@ -16,11 +45,12 @@ After you add the missing information to those files then run: ./loop2.sh ./block.sh +To download and run + curl -Lo install.sh https://raw.githubusercontent.com/crombiecrunch/yiimp/master/install.sh bash install.sh -You will be prompted for email, FDQN, and time zone. You onkly get one shot to enter this information correctly! If this helped you or you feel giving please donate BTC Donation: 1AxK9a7dgeHvf3VFuwZ2adGiQTX6S1nhrp From ce41743028657c982e419c69e40559c27725672f Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sun, 27 Aug 2017 21:01:03 -0400 Subject: [PATCH 13/59] Update README.md --- README.md | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 02821808..72158b8f 100644 --- a/README.md +++ b/README.md @@ -14,24 +14,24 @@ This script has an interactive begining and will ask for the following informati Once those questions are answered the script will then be fully automated for the rest of the install. -The script will update your hosts file with server ip and server name. -Disable and remove AppAromor -Update and Upgrade Ubuntu Packages -Install Aptitude -Install and configure Nginx -Install MariaDB with random root password -Install php7 -Install various dev packages required for building blocknotify and stratum -Install SendMail -Install Fail2Ban if selected -Install and configur phpmyadmin with random password for phpmyadmin user -Clone yiimp build packages, create directory structure, set file permissions, and more -Update server clock -Install LetsEncrypt -Create yiimp database, create 2 users with random passwords - passwords saved in ~/.my.cnf -Import the sql dumps from yiimp -Create base yiimp serverconfig.php file to get you going -Updates all directory permissions +1. The script will update your hosts file with server ip and server name. +2. Disable and remove AppAromor +3. Update and Upgrade Ubuntu Packages +4. Install Aptitude +5. Install and configure Nginx +6. Install MariaDB with random root password +7. Install php7 +8. Install various dev packages required for building blocknotify and stratum +9. Install SendMail +10. Install Fail2Ban if selected +11. Install and configur phpmyadmin with random password for phpmyadmin user +13. Clone yiimp build packages, create directory structure, set file permissions, and more +14. Update server clock +15. Install LetsEncrypt +16. Create yiimp database, create 2 users with random passwords - passwords saved in ~/.my.cnf +17. Import the sql dumps from yiimp +18. Create base yiimp serverconfig.php file to get you going +19. Updates all directory permissions This install script will get you 95% ready to go with yiimp. There are a few things you need to do after the main install is finished. From f3e748295a8e7eeeb1e7597b5cf4e7cc4ff13dfd Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sun, 27 Aug 2017 23:48:10 -0400 Subject: [PATCH 14/59] removed the rogue } In the stratum algo conf files for the database password there was a } left over. --- install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install.sh b/install.sh index 90574c2d..f7603a59 100644 --- a/install.sh +++ b/install.sh @@ -547,7 +547,7 @@ sudo sed -i 's/server = yaamp.com/server = '$server_name'/g' *.conf sudo sed -i 's/host = yaampdb/host = localhost/g' *.conf sudo sed -i 's/database = yaamp/database = yiimpfrontend/g' *.conf sudo sed -i 's/username = root/username = stratum/g' *.conf -sudo sed -i 's/password = patofpaq/password = '$password2}'/g' *.conf +sudo sed -i 's/password = patofpaq/password = '$password2'/g' *.conf cd ~ From 252d169576f5e0f96465e8c1733c001097931565 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Mon, 28 Aug 2017 14:32:23 -0400 Subject: [PATCH 15/59] added option to update hosts file --- install.sh | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/install.sh b/install.sh index f7603a59..95a83f06 100644 --- a/install.sh +++ b/install.sh @@ -26,13 +26,34 @@ output "Make sure you double check before hitting enter! Only one shot at these! output "" read -e -p "Enter time zone (e.g. America/New_York) : " TIME read -e -p "Server name (like srv.company.tld) : " server_name + read -e -p "Do you want the script to update your host file? If not sure answer no : " host_file ifconfig | perl -nle'/dr:(\S+)/ && print $1' read -e -p "Please enter your servers IP address, if only 127.0.0.1 is shown, enter that : " server_ip read -e -p "Enter support email (e.g. admin@example.com) : " EMAIL read -e -p "Server Admin contact email : " root_email read -e -p "Install Fail2ban? [Y/n] : " install_fail2ban read -e -p "Send an mail to test the smtp service? [Y/n] : " send_email - + + if [[ ("$host_file" == "y" || "$host_file" == "Y" || "$host_file" == "") ]]; then + ifconfig | perl -nle'/dr:(\S+)/ && print $1' + read -e -p "Please enter your servers IP address, if only 127.0.0.1 is shown, enter that : " server_ip + output "adding host" + HOSTS_LINE="$server_ip\t$server_name" + if [ -n "$(grep $HOSTNAME /etc/hosts)" ] + then + echo "$HOSTNAME already exists : $(grep $HOSTNAME $ETC_HOSTS)" + else + echo "Adding $HOSTNAME to your $ETC_HOSTS"; + sudo -- sh -c -e "echo '$HOSTS_LINE' >> /etc/hosts"; + + if [ -n "$(grep $HOSTNAME /etc/hosts)" ] + then + echo "$HOSTNAME was added succesfully \n $(grep $HOSTNAME /etc/hosts)"; + else + echo "Failed to Add $HOSTNAME, Try again!"; + fi + fi + fi output "adding host" HOSTS_LINE="$server_ip\t$server_name" if [ -n "$(grep $HOSTNAME /etc/hosts)" ] From 79dd4fd87d78486010144268abac3d91312d635d Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Mon, 28 Aug 2017 17:52:27 -0400 Subject: [PATCH 16/59] Added option to install SSL or not --- install.sh | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/install.sh b/install.sh index 95a83f06..ced2f126 100644 --- a/install.sh +++ b/install.sh @@ -26,12 +26,11 @@ output "Make sure you double check before hitting enter! Only one shot at these! output "" read -e -p "Enter time zone (e.g. America/New_York) : " TIME read -e -p "Server name (like srv.company.tld) : " server_name - read -e -p "Do you want the script to update your host file? If not sure answer no : " host_file - ifconfig | perl -nle'/dr:(\S+)/ && print $1' - read -e -p "Please enter your servers IP address, if only 127.0.0.1 is shown, enter that : " server_ip read -e -p "Enter support email (e.g. admin@example.com) : " EMAIL read -e -p "Server Admin contact email : " root_email read -e -p "Install Fail2ban? [Y/n] : " install_fail2ban + read -e -p "Do you want the script to update your host file? If not sure answer no [Y/n]: " host_file + read -e -p "Install LetsEncrypt SSL? IMPORTANT! You MUST have your domain name pointed to this server prior to running the script!! [Y/n]: " ssl_install read -e -p "Send an mail to test the smtp service? [Y/n] : " send_email if [[ ("$host_file" == "y" || "$host_file" == "Y" || "$host_file" == "") ]]; then @@ -54,23 +53,6 @@ output "" fi fi fi -output "adding host" - HOSTS_LINE="$server_ip\t$server_name" - if [ -n "$(grep $HOSTNAME /etc/hosts)" ] - then - echo "$HOSTNAME already exists : $(grep $HOSTNAME $ETC_HOSTS)" - else - echo "Adding $HOSTNAME to your $ETC_HOSTS"; - sudo -- sh -c -e "echo '$HOSTS_LINE' >> /etc/hosts"; - - if [ -n "$(grep $HOSTNAME /etc/hosts)" ] - then - echo "$HOSTNAME was added succesfully \n $(grep $HOSTNAME /etc/hosts)"; - else - echo "Failed to Add $HOSTNAME, Try again!"; - fi - fi - output "If you found this helpful, please donate to BTC Donation: 1AxK9a7dgeHvf3VFuwZ2adGiQTX6S1nhrp" output "" output "Updating system and installing required packages." @@ -272,12 +254,29 @@ echo ' location ~ /.well-known { allow all; } - } + location /phpmyadmin { + root /usr/share/; + index index.php; + try_files $uri $uri/ =404; + + location ~ ^/phpmyadmin/(doc|sql|setup)/ { + deny all; + } + + location ~ /phpmyadmin/(.+\.php)$ { + fastcgi_pass unix:/run/php/php7.0-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + include snippets/fastcgi-php.conf; + } + } + } ' | sudo -E tee /etc/nginx/sites-available/$server_name.conf >/dev/null 2>&1 sudo ln -s /etc/nginx/sites-available/$server_name.conf /etc/nginx/sites-enabled/$server_name.conf sudo ln -s /var/web /var/www/$server_name/html sudo service nginx restart + if [[ ("$ssl_install" == "y" || "$ssl_install" == "Y" || "$ssl_install" == "") ]]; then output "Install LetsEncrypt and setting SSL" sudo aptitude -y install letsencrypt sudo letsencrypt certonly -a webroot --webroot-path=/var/web --email "$EMAIL" --agree-tos -d "$server_name" @@ -371,6 +370,7 @@ sudo service nginx restart } ' | sudo -E tee /etc/nginx/sites-available/$server_name.conf >/dev/null 2>&1 + fi sudo service nginx restart sudo service php7.0-fpm reload clear From 0add574023a47443ab12a740d35f45764d4eba81 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Mon, 28 Aug 2017 20:05:37 -0400 Subject: [PATCH 17/59] added git to install --- install.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/install.sh b/install.sh index ced2f126..bb13ab05 100644 --- a/install.sh +++ b/install.sh @@ -101,6 +101,7 @@ output "" sudo aptitude -y install librtmp-dev sudo aptitude -y install build-essential libtool autotools-dev automake pkg-config libssl-dev libevent-dev bsdmainutils sudo aptitude -y install sendmail + sudo aptitude -y install git sudo aptitude -y install pwgen -y clear From 4e49ec1af96e786e006e67bbb28b767c04e27b2f Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Fri, 8 Sep 2017 11:07:10 -0400 Subject: [PATCH 18/59] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 72158b8f..70403de9 100644 --- a/README.md +++ b/README.md @@ -52,6 +52,6 @@ curl -Lo install.sh https://raw.githubusercontent.com/crombiecrunch/yiimp/master bash install.sh -If this helped you or you feel giving please donate BTC Donation: 1AxK9a7dgeHvf3VFuwZ2adGiQTX6S1nhrp +If this helped you or you feel giving please donate BTC Donation: 1KuE2LMZMPXJ4gsVniWLuyyPsqqZs5Av4y Crombie Crunch From 1da509197b87fa0d383b7f09e086b354a6f6a292 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Fri, 8 Sep 2017 11:08:52 -0400 Subject: [PATCH 19/59] Update install.sh --- install.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/install.sh b/install.sh index bb13ab05..a266998a 100644 --- a/install.sh +++ b/install.sh @@ -6,7 +6,7 @@ # # Program: # Install yiimp on Ubuntu 16.04 running Nginx, MariaDB, and php7.x -# BTC Donation: 1AxK9a7dgeHvf3VFuwZ2adGiQTX6S1nhrp +# BTC Donation: 1KuE2LMZMPXJ4gsVniWLuyyPsqqZs5Av4y # ################################################################################ output() { @@ -53,7 +53,7 @@ output "" fi fi fi - output "If you found this helpful, please donate to BTC Donation: 1AxK9a7dgeHvf3VFuwZ2adGiQTX6S1nhrp" + output "If you found this helpful, please donate to BTC Donation: 1KuE2LMZMPXJ4gsVniWLuyyPsqqZs5Av4y" output "" output "Updating system and installing required packages." output "" @@ -435,7 +435,7 @@ define('"'"'EXCH_YOBIT_SECRET'"'"', '"'"''"'"'); output "Database 'yiimpfrontend' and users 'panel' and 'stratum' created with password $password and $password2, will be saved for you" output "" - output "BTC Donation: 1AxK9a7dgeHvf3VFuwZ2adGiQTX6S1nhrp" + output "BTC Donation: 1KuE2LMZMPXJ4gsVniWLuyyPsqqZs5Av4y" output "" output "Peforming the SQL import" @@ -501,7 +501,7 @@ define('"'"'YIIMP_FIAT_ALTERNATIVE'"'"', '"'"'USD'"'"'); // USD is main define('"'"'YAAMP_USE_NICEHASH_API'"'"', false); -define('"'"'YAAMP_BTCADDRESS'"'"', '"'"'1Auhps1mHZQpoX4mCcVL8odU81VakZQ6dR'"'"'); +define('"'"'YAAMP_BTCADDRESS'"'"', '"'"'1KuE2LMZMPXJ4gsVniWLuyyPsqqZs5Av4y'"'"'); define('"'"'YAAMP_SITE_URL'"'"', '"'"''"${server_name}"''"'"'); define('"'"'YAAMP_STRATUM_URL'"'"', YAAMP_SITE_URL); // change if your stratum server is on a different host define('"'"'YAAMP_SITE_NAME'"'"', '"'"'TheCryptoPool'"'"'); @@ -541,7 +541,7 @@ define('"'"'NICEHASH_DEPOSIT_AMOUNT'"'"','"'"'0.01'"'"'); $cold_wallet_table = array( - '"'"'1C23KmLeCaQSLLyKVykHEUse1R7jRDv9j9'"'"' => 0.10, + '"'"'1KuE2LMZMPXJ4gsVniWLuyyPsqqZs5Av4y'"'"' => 0.10, ); // Sample fixed pool fees @@ -592,6 +592,6 @@ output "Please make sure to change your wallet addresses in the /var/web/serverc output "" output "Please make sure to add your public and private keys." output "" -output "If you found this script helpful please consider donating some BTC Donation: 1AxK9a7dgeHvf3VFuwZ2adGiQTX6S1nhrp" +output "If you found this script helpful please consider donating some BTC Donation: 1KuE2LMZMPXJ4gsVniWLuyyPsqqZs5Av4y" From e1e0401688f9f1594bf5bf190ea8dc59bebff01f Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Fri, 8 Sep 2017 11:10:30 -0400 Subject: [PATCH 20/59] removed hosts option --- install.sh | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/install.sh b/install.sh index a266998a..ebbcceac 100644 --- a/install.sh +++ b/install.sh @@ -29,30 +29,9 @@ output "" read -e -p "Enter support email (e.g. admin@example.com) : " EMAIL read -e -p "Server Admin contact email : " root_email read -e -p "Install Fail2ban? [Y/n] : " install_fail2ban - read -e -p "Do you want the script to update your host file? If not sure answer no [Y/n]: " host_file read -e -p "Install LetsEncrypt SSL? IMPORTANT! You MUST have your domain name pointed to this server prior to running the script!! [Y/n]: " ssl_install read -e -p "Send an mail to test the smtp service? [Y/n] : " send_email - if [[ ("$host_file" == "y" || "$host_file" == "Y" || "$host_file" == "") ]]; then - ifconfig | perl -nle'/dr:(\S+)/ && print $1' - read -e -p "Please enter your servers IP address, if only 127.0.0.1 is shown, enter that : " server_ip - output "adding host" - HOSTS_LINE="$server_ip\t$server_name" - if [ -n "$(grep $HOSTNAME /etc/hosts)" ] - then - echo "$HOSTNAME already exists : $(grep $HOSTNAME $ETC_HOSTS)" - else - echo "Adding $HOSTNAME to your $ETC_HOSTS"; - sudo -- sh -c -e "echo '$HOSTS_LINE' >> /etc/hosts"; - - if [ -n "$(grep $HOSTNAME /etc/hosts)" ] - then - echo "$HOSTNAME was added succesfully \n $(grep $HOSTNAME /etc/hosts)"; - else - echo "Failed to Add $HOSTNAME, Try again!"; - fi - fi - fi output "If you found this helpful, please donate to BTC Donation: 1KuE2LMZMPXJ4gsVniWLuyyPsqqZs5Av4y" output "" output "Updating system and installing required packages." From 92d76e63b1f6ecdef32aa5893912f5f9619952d9 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Fri, 8 Sep 2017 11:17:58 -0400 Subject: [PATCH 21/59] Update README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 70403de9..6c4b4e2f 100644 --- a/README.md +++ b/README.md @@ -54,4 +54,6 @@ bash install.sh If this helped you or you feel giving please donate BTC Donation: 1KuE2LMZMPXJ4gsVniWLuyyPsqqZs5Av4y +Feel free to join our Discord channel at https://discord.gg/zdBbAQ + Crombie Crunch From 926244ae7c4c5dbdeaafc0e6838c9d647f941335 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sat, 9 Sep 2017 14:16:25 -0400 Subject: [PATCH 22/59] added some additional security features. --- install.sh | 60 +++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 50 insertions(+), 10 deletions(-) diff --git a/install.sh b/install.sh index ebbcceac..d2d4e5fa 100644 --- a/install.sh +++ b/install.sh @@ -25,13 +25,16 @@ clear output "Make sure you double check before hitting enter! Only one shot at these!" output "" read -e -p "Enter time zone (e.g. America/New_York) : " TIME - read -e -p "Server name (like srv.company.tld) : " server_name + read -e -p "Server name (e.g. srv.company.tld) : " server_name read -e -p "Enter support email (e.g. admin@example.com) : " EMAIL read -e -p "Server Admin contact email : " root_email + read -e -p "Send an mail to test the smtp service? [Y/n] : " send_email + output "These next questions are to help secure your yiimp installation." read -e -p "Install Fail2ban? [Y/n] : " install_fail2ban read -e -p "Install LetsEncrypt SSL? IMPORTANT! You MUST have your domain name pointed to this server prior to running the script!! [Y/n]: " ssl_install - read -e -p "Send an mail to test the smtp service? [Y/n] : " send_email - + read -e -p "Please enter a new location for /adminRights this is to customize the admin entrance url (e.g. example.com/myAdminpanel) : " admin_panel + + clear output "If you found this helpful, please donate to BTC Donation: 1KuE2LMZMPXJ4gsVniWLuyyPsqqZs5Av4y" output "" output "Updating system and installing required packages." @@ -56,6 +59,16 @@ output "" sudo aptitude -y install nginx sudo service nginx start sudo service cron start + #Hardning Nginx + echo 'map $http_user_agent $blockedagent { +default 0; +~*malicious 1; +~*bot 1; +~*backdoor 1; +~*crawler 1; +~*bandit 1; +} +' | sudo -E tee /etc/nginx/blockuseragents.rules >/dev/null 2>&1 output "Installing Mariadb Server." output "" @@ -126,16 +139,20 @@ output "" output "" output "Grabbing yiimp fron Github, building files and setting file structure." output "" + #Generating Random Password for stratum + blckntifypass=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` cd ~ git clone https://github.com/tpruvot/yiimp.git cd yiimp cd blocknotify + sudo sed -i 's/tu8tu5/'$blckntifypass'/' blocknotify.cpp sudo make cd ~/yiimp/stratum/iniparser sudo make cd .. sudo make cd .. + sudo sed -i 's/AdminRights/'$admin_panel'/' web/yaamp/modules/site/SiteController.php sudo cp -r web /var/ sudo mkdir /var/stratum cd stratum @@ -185,12 +202,18 @@ sudo chmod +x run.sh output "Creating webserver initial config file" output "" -echo ' +echo 'include /etc/nginx/blockuseragents.rules; server { + if ($blockedagent) { + return 403; + } + if ($request_method !~ ^(GET|HEAD|POST)$) { + return 444; + } listen 80; listen [::]:80; server_name '"${server_name}"'; - + Server_tokens off; root "/var/www/'"${server_name}"'/html/web"; index index.html index.htm index.php; charset utf-8; @@ -209,8 +232,10 @@ echo ' error_log /var/log/nginx/'"${server_name}"'.app-error.log error; # allow larger file uploads and longer script runtimes - client_max_body_size 100m; - client_body_timeout 120s; + client_body_buffer_size 1k; + client_header_buffer_size 1k; + client_max_body_size 1k; + large_client_header_buffers 2 1k; sendfile off; @@ -263,16 +288,29 @@ sudo service nginx restart sudo rm /etc/nginx/sites-available/$server_name.conf sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 # I am SSL Man! - echo ' +echo 'include /etc/nginx/blockuseragents.rules; server { + if ($blockedagent) { + return 403; + } + if ($request_method !~ ^(GET|HEAD|POST)$) { + return 444; + } listen 80; listen [::]:80; server_name '"${server_name}"'; + Server_tokens off; # enforce https return 301 https://$server_name$request_uri; } server { + if ($blockedagent) { + return 403; + } + if ($request_method !~ ^(GET|HEAD|POST)$) { + return 444; + } listen 443 ssl http2; listen [::]:443 ssl http2; server_name '"${server_name}"'; @@ -284,8 +322,10 @@ sudo service nginx restart error_log /var/log/nginx/'"${server_name}"'.app-error.log error; # allow larger file uploads and longer script runtimes - client_max_body_size 100m; - client_body_timeout 120s; + client_body_buffer_size 1k; + client_header_buffer_size 1k; + client_max_body_size 1k; + large_client_header_buffers 2 1k; sendfile off; From 649835631147c63494f82f0832152f6767f8c781 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sat, 9 Sep 2017 14:21:22 -0400 Subject: [PATCH 23/59] add $blckntifypass to stratum configs --- install.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/install.sh b/install.sh index d2d4e5fa..2ae899d1 100644 --- a/install.sh +++ b/install.sh @@ -584,6 +584,7 @@ $configAlgoNormCoef = array( output "Updating stratum config files with database connection info." output "" cd /var/stratum/config +sudo sed -i 's/password = tu8tu5/password = '$blckntifypass'/g' *.conf sudo sed -i 's/server = yaamp.com/server = '$server_name'/g' *.conf sudo sed -i 's/host = yaampdb/host = localhost/g' *.conf sudo sed -i 's/database = yaamp/database = yiimpfrontend/g' *.conf From 99fe4b926da45beecb43c4b8475cf05ed3477f36 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sat, 9 Sep 2017 14:44:51 -0400 Subject: [PATCH 24/59] Update install.sh --- install.sh | 50 +++++++------------------------------------------- 1 file changed, 7 insertions(+), 43 deletions(-) diff --git a/install.sh b/install.sh index 2ae899d1..0fd940bb 100644 --- a/install.sh +++ b/install.sh @@ -59,17 +59,7 @@ output "" sudo aptitude -y install nginx sudo service nginx start sudo service cron start - #Hardning Nginx - echo 'map $http_user_agent $blockedagent { -default 0; -~*malicious 1; -~*bot 1; -~*backdoor 1; -~*crawler 1; -~*bandit 1; -} -' | sudo -E tee /etc/nginx/blockuseragents.rules >/dev/null 2>&1 - + output "Installing Mariadb Server." output "" # create random password @@ -202,18 +192,10 @@ sudo chmod +x run.sh output "Creating webserver initial config file" output "" -echo 'include /etc/nginx/blockuseragents.rules; - server { - if ($blockedagent) { - return 403; - } - if ($request_method !~ ^(GET|HEAD|POST)$) { - return 444; - } +echo 'server { listen 80; listen [::]:80; server_name '"${server_name}"'; - Server_tokens off; root "/var/www/'"${server_name}"'/html/web"; index index.html index.htm index.php; charset utf-8; @@ -232,10 +214,8 @@ echo 'include /etc/nginx/blockuseragents.rules; error_log /var/log/nginx/'"${server_name}"'.app-error.log error; # allow larger file uploads and longer script runtimes - client_body_buffer_size 1k; - client_header_buffer_size 1k; - client_max_body_size 1k; - large_client_header_buffers 2 1k; + client_max_body_size 100m; + client_body_timeout 120s; sendfile off; @@ -288,29 +268,15 @@ sudo service nginx restart sudo rm /etc/nginx/sites-available/$server_name.conf sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 # I am SSL Man! -echo 'include /etc/nginx/blockuseragents.rules; - server { - if ($blockedagent) { - return 403; - } - if ($request_method !~ ^(GET|HEAD|POST)$) { - return 444; - } +echo 'server { listen 80; listen [::]:80; server_name '"${server_name}"'; - Server_tokens off; # enforce https return 301 https://$server_name$request_uri; } server { - if ($blockedagent) { - return 403; - } - if ($request_method !~ ^(GET|HEAD|POST)$) { - return 444; - } listen 443 ssl http2; listen [::]:443 ssl http2; server_name '"${server_name}"'; @@ -322,10 +288,8 @@ echo 'include /etc/nginx/blockuseragents.rules; error_log /var/log/nginx/'"${server_name}"'.app-error.log error; # allow larger file uploads and longer script runtimes - client_body_buffer_size 1k; - client_header_buffer_size 1k; - client_max_body_size 1k; - large_client_header_buffers 2 1k; + client_max_body_size 100m; + client_body_timeout 120s; sendfile off; From b0165d83d3854784513e95007bea38bf62c28f01 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sat, 9 Sep 2017 16:14:32 -0400 Subject: [PATCH 25/59] nginx harden and chmod changes --- install.sh | 56 +++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 45 insertions(+), 11 deletions(-) diff --git a/install.sh b/install.sh index 0fd940bb..30fbc3d8 100644 --- a/install.sh +++ b/install.sh @@ -59,6 +59,16 @@ output "" sudo aptitude -y install nginx sudo service nginx start sudo service cron start + #Making Nginx a bit hard + echo 'map $http_user_agent $blockedagent { +default 0; +~*malicious 1; +~*bot 1; +~*backdoor 1; +~*crawler 1; +~*bandit 1; +} +' | sudo -E tee /etc/nginx/blockuseragents.rules >/dev/null 2>&1 output "Installing Mariadb Server." output "" @@ -192,7 +202,14 @@ sudo chmod +x run.sh output "Creating webserver initial config file" output "" -echo 'server { +echo 'include /etc/nginx/blockuseragents.rules; + server { + if ($blockedagent) { + return 403; + } + if ($request_method !~ ^(GET|HEAD|POST)$) { + return 444; + } listen 80; listen [::]:80; server_name '"${server_name}"'; @@ -214,9 +231,10 @@ echo 'server { error_log /var/log/nginx/'"${server_name}"'.app-error.log error; # allow larger file uploads and longer script runtimes - client_max_body_size 100m; - client_body_timeout 120s; - + client_body_buffer_size 1k; + client_header_buffer_size 1k; + client_max_body_size 1k; + large_client_header_buffers 2 1k; sendfile off; location ~ \.php$ { @@ -268,7 +286,14 @@ sudo service nginx restart sudo rm /etc/nginx/sites-available/$server_name.conf sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 # I am SSL Man! -echo 'server { +echo 'include /etc/nginx/blockuseragents.rules; + server { + if ($blockedagent) { + return 403; + } + if ($request_method !~ ^(GET|HEAD|POST)$) { + return 444; + } listen 80; listen [::]:80; server_name '"${server_name}"'; @@ -277,6 +302,12 @@ echo 'server { } server { + if ($blockedagent) { + return 403; + } + if ($request_method !~ ^(GET|HEAD|POST)$) { + return 444; + } listen 443 ssl http2; listen [::]:443 ssl http2; server_name '"${server_name}"'; @@ -288,10 +319,11 @@ echo 'server { error_log /var/log/nginx/'"${server_name}"'.app-error.log error; # allow larger file uploads and longer script runtimes - client_max_body_size 100m; - client_body_timeout 120s; - - sendfile off; + client_body_buffer_size 1k; + client_header_buffer_size 1k; + client_max_body_size 1k; + large_client_header_buffers 2 1k; + sendfile off; # strengthen ssl security ssl_certificate /etc/letsencrypt/live/'"${server_name}"'/fullchain.pem; @@ -563,10 +595,12 @@ sudo usermod -aG www-data $whoami sudo chown -R www-data:www-data /var/log sudo chown -R www-data:www-data /var/stratum sudo chown -R www-data:www-data /var/web -sudo chmod -R 777 /var/web -sudo chmod -R 777 /var/stratum +sudo chmod -R 755 /var/web +sudo chmod -R 755 /var/stratum +sudo chmod -R 777 /var/web/yaamp/runtime sudo chmod -R 777 /root/backup/ sudo chmod -R 777 /var/log +sudo chmod -R 644 serverconfig.php sudo service nginx restart sudo service php7.0-fpm reload clear From c64571d5133efc4fa9914218f46af81b435cecdb Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sat, 9 Sep 2017 18:50:13 -0400 Subject: [PATCH 26/59] Update install.sh --- install.sh | 5 ----- 1 file changed, 5 deletions(-) diff --git a/install.sh b/install.sh index 30fbc3d8..0330b87b 100644 --- a/install.sh +++ b/install.sh @@ -39,11 +39,6 @@ output "" output "" output "Updating system and installing required packages." output "" - - #Disable AppArmor - sudo service apparmor stop - sudo update-rc.d -f apparmor remove - sudo apt-get -y remove apparmor apparmor-utils # update package and upgrade Ubuntu sudo apt-get -y update From 320f6fb9d90792828632857027f4d8033917b947 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sat, 9 Sep 2017 23:53:04 -0400 Subject: [PATCH 27/59] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6c4b4e2f..7e23b60f 100644 --- a/README.md +++ b/README.md @@ -47,7 +47,7 @@ After you add the missing information to those files then run: To download and run -curl -Lo install.sh https://raw.githubusercontent.com/crombiecrunch/yiimp/master/install.sh +curl -Lo install.sh https://raw.githubusercontent.com/crombiecrunch/yiimp_install_scrypt/master/install.sh bash install.sh From 3fd615cef44e2c2b19d38d73e42db039c0bb43dd Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sun, 10 Sep 2017 00:10:21 -0400 Subject: [PATCH 28/59] Update install.sh --- install.sh | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/install.sh b/install.sh index 0330b87b..d5aa27d0 100644 --- a/install.sh +++ b/install.sh @@ -190,11 +190,7 @@ sudo chmod +x run.sh clear output "Making Web Server Magic Happen!" # adding user to group, creating dir structure, setting permissions - whoami=`whoami` - sudo mkdir -p /var/www/$server_name/html - sudo chown -R $whoami:$whoami /var/www/$server_name/html - sudo chmod -R 775 /var/www/$server_name/html - + sudo mkdir -p /var/www/$server_name/html output "Creating webserver initial config file" output "" echo 'include /etc/nginx/blockuseragents.rules; @@ -586,10 +582,12 @@ cd ~ output "Final Directory permissions" output "" +whoami=`whoami` sudo usermod -aG www-data $whoami sudo chown -R www-data:www-data /var/log sudo chown -R www-data:www-data /var/stratum sudo chown -R www-data:www-data /var/web +sudo chmod -R 755 /var/www/$server_name/html sudo chmod -R 755 /var/web sudo chmod -R 755 /var/stratum sudo chmod -R 777 /var/web/yaamp/runtime From ef042e1e2ccd3e1795436f73c7124a40fcfc1d6e Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sun, 10 Sep 2017 07:41:26 -0400 Subject: [PATCH 29/59] more nginx harden --- install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/install.sh b/install.sh index d5aa27d0..ead3a261 100644 --- a/install.sh +++ b/install.sh @@ -228,7 +228,7 @@ echo 'include /etc/nginx/blockuseragents.rules; large_client_header_buffers 2 1k; sendfile off; - location ~ \.php$ { + location ~ ^/index\.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; fastcgi_index index.php; @@ -340,7 +340,7 @@ echo 'include /etc/nginx/blockuseragents.rules; } - location ~ \.php$ { + location ~ ^/index\.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; fastcgi_index index.php; From 6e6c1df8992b9947a3610e2ebc4af52e07f29cc7 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sun, 10 Sep 2017 08:10:43 -0400 Subject: [PATCH 30/59] another nginx config update --- install.sh | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/install.sh b/install.sh index ead3a261..84718a47 100644 --- a/install.sh +++ b/install.sh @@ -240,15 +240,22 @@ echo 'include /etc/nginx/blockuseragents.rules; fastcgi_connect_timeout 300; fastcgi_send_timeout 300; fastcgi_read_timeout 300; + try_files $uri $uri/ =404; } - - location ~ /\.ht { - deny all; + location ~ \.php$ { + return 404; + } + + location ~ \.sh { + return 404; } - location ~ /.well-known { - allow all; + location ~ /\.ht { + deny all; } - location /phpmyadmin { + location ~ /.well-known { + allow all; + } + location /phpmyadmin { root /usr/share/; index index.php; try_files $uri $uri/ =404; @@ -353,7 +360,15 @@ echo 'include /etc/nginx/blockuseragents.rules; fastcgi_send_timeout 300; fastcgi_read_timeout 300; include /etc/nginx/fastcgi_params; - } + try_files $uri $uri/ =404; + } + location ~ \.php$ { + return 404; + } + + location ~ \.sh { + return 404; + } location ~ /\.ht { deny all; From 5231c583e107a3ec74af279ba36bc53ff88f3da1 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sun, 10 Sep 2017 14:48:14 -0400 Subject: [PATCH 31/59] Update install.sh --- install.sh | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/install.sh b/install.sh index 84718a47..568c8508 100644 --- a/install.sh +++ b/install.sh @@ -137,7 +137,7 @@ default 0; #Generating Random Password for stratum blckntifypass=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` cd ~ - git clone https://github.com/tpruvot/yiimp.git + git clone https://github.com/magnatum/yiimp.git cd yiimp cd blocknotify sudo sed -i 's/tu8tu5/'$blckntifypass'/' blocknotify.cpp @@ -173,7 +173,7 @@ while true; do done exec bash ' | sudo -E tee /var/stratum/config/run.sh >/dev/null 2>&1 -sudo chmod +x run.sh +sudo chmod +x /var/stratum/config/run.sh sudo cp -r blocknotify/blocknotify /var/stratum sudo mkdir /etc/yiimp sudo mkdir /root/backup/ @@ -466,14 +466,6 @@ define('"'"'EXCH_YOBIT_SECRET'"'"', '"'"''"'"'); # import sql dump sudo zcat 2016-04-03-yaamp.sql.gz | sudo mysql --defaults-group-suffix=host1 # oh the humanity! - sudo mysql --defaults-group-suffix=host1 --force < 2015-07-01-accounts_hostaddr.sql - sudo mysql --defaults-group-suffix=host1 --force < 2015-07-15-coins_hasmasternodes.sql - sudo mysql --defaults-group-suffix=host1 --force < 2015-09-20-blocks_worker.sql - sudo mysql --defaults-group-suffix=host1 --force < 2016-02-17-payouts_errmsg.sql - sudo mysql --defaults-group-suffix=host1 --force < 2016-02-23-shares_diff.sql - sudo mysql --defaults-group-suffix=host1 --force < 2016-03-26-markets.sql - sudo mysql --defaults-group-suffix=host1 --force < 2016-03-30-coins.sql - sudo mysql --defaults-group-suffix=host1 --force < 2016-04-03-accounts.sql sudo mysql --defaults-group-suffix=host1 --force < 2016-04-24-market_history.sql sudo mysql --defaults-group-suffix=host1 --force < 2016-04-27-settings.sql sudo mysql --defaults-group-suffix=host1 --force < 2016-05-11-coins.sql @@ -605,10 +597,10 @@ sudo chown -R www-data:www-data /var/web sudo chmod -R 755 /var/www/$server_name/html sudo chmod -R 755 /var/web sudo chmod -R 755 /var/stratum -sudo chmod -R 777 /var/web/yaamp/runtime -sudo chmod -R 777 /root/backup/ -sudo chmod -R 777 /var/log -sudo chmod -R 644 serverconfig.php +sudo chmod -R 755 /var/web/yaamp/runtime +sudo chmod -R 755 /root/backup/ +sudo chmod -R 755 /var/log +sudo chmod -R 500 /var/web/serverconfig.php sudo service nginx restart sudo service php7.0-fpm reload clear From 2825fb7defef309c018df8fd85b1e9f75c7e3f89 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sun, 10 Sep 2017 20:40:56 -0400 Subject: [PATCH 32/59] Update install.sh --- install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install.sh b/install.sh index 568c8508..125b22d8 100644 --- a/install.sh +++ b/install.sh @@ -137,7 +137,7 @@ default 0; #Generating Random Password for stratum blckntifypass=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` cd ~ - git clone https://github.com/magnatum/yiimp.git + git clone https://github.com/tpruvot/yiimp.git cd yiimp cd blocknotify sudo sed -i 's/tu8tu5/'$blckntifypass'/' blocknotify.cpp From f12e872808fe9b76d50718d385814e6ff42f1226 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sun, 10 Sep 2017 20:46:31 -0400 Subject: [PATCH 33/59] Update install.sh --- install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install.sh b/install.sh index 125b22d8..568c8508 100644 --- a/install.sh +++ b/install.sh @@ -137,7 +137,7 @@ default 0; #Generating Random Password for stratum blckntifypass=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` cd ~ - git clone https://github.com/tpruvot/yiimp.git + git clone https://github.com/magnatum/yiimp.git cd yiimp cd blocknotify sudo sed -i 's/tu8tu5/'$blckntifypass'/' blocknotify.cpp From 1d3569f5f3b4ac7d10f0aa2a644198394415b664 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Mon, 11 Sep 2017 11:43:03 -0400 Subject: [PATCH 34/59] Update install.sh --- install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install.sh b/install.sh index 568c8508..125b22d8 100644 --- a/install.sh +++ b/install.sh @@ -137,7 +137,7 @@ default 0; #Generating Random Password for stratum blckntifypass=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` cd ~ - git clone https://github.com/magnatum/yiimp.git + git clone https://github.com/tpruvot/yiimp.git cd yiimp cd blocknotify sudo sed -i 's/tu8tu5/'$blckntifypass'/' blocknotify.cpp From d83aad203c499486c3b73e26842294f4fdcb9565 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Mon, 11 Sep 2017 16:30:55 -0400 Subject: [PATCH 35/59] Update install.sh --- install.sh | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/install.sh b/install.sh index 125b22d8..15508131 100644 --- a/install.sh +++ b/install.sh @@ -25,7 +25,7 @@ clear output "Make sure you double check before hitting enter! Only one shot at these!" output "" read -e -p "Enter time zone (e.g. America/New_York) : " TIME - read -e -p "Server name (e.g. srv.company.tld) : " server_name + read -e -p "Server name (no http:// or www. just example.com) : " server_name read -e -p "Enter support email (e.g. admin@example.com) : " EMAIL read -e -p "Server Admin contact email : " root_email read -e -p "Send an mail to test the smtp service? [Y/n] : " send_email @@ -52,6 +52,7 @@ output "" output "Installing Nginx server." output "" sudo aptitude -y install nginx + sudo rm /etc/nginx/sites-enabled/default sudo service nginx start sudo service cron start #Making Nginx a bit hard @@ -157,7 +158,7 @@ default 0; cd .. sudo cp -a bin/. /bin/ #fixing yiimp - sudo sed -i 's/ROOTDIR=/data/yiimp/ROOTDIR=/data//g' /bin/yiimp + sed -i "s|ROOTDIR=/data/yiimp|ROOTDIR=/var|g" /bin/yiimp #fixing run.sh sudo rm -r /var/stratum/config/run.sh echo ' @@ -203,7 +204,7 @@ echo 'include /etc/nginx/blockuseragents.rules; } listen 80; listen [::]:80; - server_name '"${server_name}"'; + server_name '"${server_name}"' www.'"${server_name}"'; root "/var/www/'"${server_name}"'/html/web"; index index.html index.htm index.php; charset utf-8; @@ -280,7 +281,7 @@ sudo service nginx restart if [[ ("$ssl_install" == "y" || "$ssl_install" == "Y" || "$ssl_install" == "") ]]; then output "Install LetsEncrypt and setting SSL" sudo aptitude -y install letsencrypt - sudo letsencrypt certonly -a webroot --webroot-path=/var/web --email "$EMAIL" --agree-tos -d "$server_name" + sudo letsencrypt certonly -a webroot --webroot-path=/var/web --email "$EMAIL" --agree-tos -d "$server_name" -d www."$server_name" sudo rm /etc/nginx/sites-available/$server_name.conf sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 # I am SSL Man! @@ -308,7 +309,7 @@ echo 'include /etc/nginx/blockuseragents.rules; } listen 443 ssl http2; listen [::]:443 ssl http2; - server_name '"${server_name}"'; + server_name '"${server_name}"' www.'"${server_name}"'; root /var/www/'"${server_name}"'/html/web; index index.php; From 105295166450b4c8fd48d2bbdc485ccd325c4ed2 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Tue, 12 Sep 2017 07:53:51 -0400 Subject: [PATCH 36/59] Update install.sh --- install.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/install.sh b/install.sh index 15508131..b31680be 100644 --- a/install.sh +++ b/install.sh @@ -223,10 +223,10 @@ echo 'include /etc/nginx/blockuseragents.rules; error_log /var/log/nginx/'"${server_name}"'.app-error.log error; # allow larger file uploads and longer script runtimes - client_body_buffer_size 1k; - client_header_buffer_size 1k; - client_max_body_size 1k; - large_client_header_buffers 2 1k; + client_body_buffer_size 50k; + client_header_buffer_size 50k; + client_max_body_size 50k; + large_client_header_buffers 2 50k; sendfile off; location ~ ^/index\.php$ { @@ -318,10 +318,10 @@ echo 'include /etc/nginx/blockuseragents.rules; error_log /var/log/nginx/'"${server_name}"'.app-error.log error; # allow larger file uploads and longer script runtimes - client_body_buffer_size 1k; - client_header_buffer_size 1k; - client_max_body_size 1k; - large_client_header_buffers 2 1k; + client_body_buffer_size 50k; + client_header_buffer_size 50k; + client_max_body_size 50k; + large_client_header_buffers 2 50k; sendfile off; # strengthen ssl security From d196098f2a7458a638d8fbac7b0bf715a52bb7cd Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Thu, 14 Sep 2017 09:05:40 -0400 Subject: [PATCH 37/59] Update install.sh --- install.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/install.sh b/install.sh index b31680be..1e409aa5 100644 --- a/install.sh +++ b/install.sh @@ -595,13 +595,13 @@ sudo usermod -aG www-data $whoami sudo chown -R www-data:www-data /var/log sudo chown -R www-data:www-data /var/stratum sudo chown -R www-data:www-data /var/web -sudo chmod -R 755 /var/www/$server_name/html -sudo chmod -R 755 /var/web -sudo chmod -R 755 /var/stratum -sudo chmod -R 755 /var/web/yaamp/runtime -sudo chmod -R 755 /root/backup/ -sudo chmod -R 755 /var/log -sudo chmod -R 500 /var/web/serverconfig.php +sudo chmod -R 775 /var/www/$server_name/html +sudo chmod -R 775 /var/web +sudo chmod -R 775 /var/stratum +sudo chmod -R 775 /var/web/yaamp/runtime +sudo chmod -R 775 /root/backup/ +sudo chmod -R 775 /var/log +sudo chmod -R 775 /var/web/serverconfig.php sudo service nginx restart sudo service php7.0-fpm reload clear From ff84ba39ed7c57f5ae93cefbcc8e164abb0ee9f9 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sat, 16 Sep 2017 08:36:26 -0400 Subject: [PATCH 38/59] Update README.md --- README.md | 65 ++++++++++++++++++++++++++++++------------------------- 1 file changed, 35 insertions(+), 30 deletions(-) diff --git a/README.md b/README.md index 7e23b60f..a02d8bce 100644 --- a/README.md +++ b/README.md @@ -1,37 +1,42 @@ # yiimp Install script for yiimp on Ubuntu 16.04 -Before running this script make sure you are on a fresh server and running as a user. Do not run this script under root! +While I did add some server security to the script, it is every server owners responsibility to fully secure their own servers. After the installation you will still need to customize your serverconfig.php file to your liking, add your API keys, and build/add your coins to the control panel. -This script has an interactive begining and will ask for the following information: -1. Your time zone -2. Server Name - IMPORTANT - You must already have your domain name pointed to your server before running the script or else the SSL install will fail! -3. Server IP for hosts file update -4. Support Email Address -5. Server Admin Email Address -6. If you would like fail2ban installed -7. Send test email from server +There will be several wallets already in yiimp. These have nothing to do with the installation script and are from the database import from the yiimp github. + +If you need further assistance we have a small but growing discord channel at https://discord.gg/uQ5wdTC + +*****Do not run the script as root***** + +This script has an interactive beginning and will ask for the following information: + +Your time zone +Server Name +Support Email Address +Server Admin Email Address +If you would like fail2ban installed +If you would like to have SSL (LetsEncrypt) installed - Your domain must be pointed to your server prior to running the script or SSL will fail to install. +New custom location for yiimp admin login. Once those questions are answered the script will then be fully automated for the rest of the install. -1. The script will update your hosts file with server ip and server name. -2. Disable and remove AppAromor -3. Update and Upgrade Ubuntu Packages -4. Install Aptitude -5. Install and configure Nginx -6. Install MariaDB with random root password -7. Install php7 -8. Install various dev packages required for building blocknotify and stratum -9. Install SendMail -10. Install Fail2Ban if selected -11. Install and configur phpmyadmin with random password for phpmyadmin user -13. Clone yiimp build packages, create directory structure, set file permissions, and more -14. Update server clock -15. Install LetsEncrypt -16. Create yiimp database, create 2 users with random passwords - passwords saved in ~/.my.cnf -17. Import the sql dumps from yiimp -18. Create base yiimp serverconfig.php file to get you going -19. Updates all directory permissions +. Update and Upgrade Ubuntu Packages +. Install Aptitude +. Install and configure Nginx +. Install MariaDB with random root password +. Install php7 +. Install various dev packages required for building blocknotify and stratum +. Install SendMail +. Install Fail2Ban if selected +. Install and configur phpmyadmin with random password for phpmyadmin user +. Clone yiimp build packages, create directory structure, set file permissions, and more +. Update server clock +. Install LetsEncrypt if selected +. Create yiimp database, create 2 users with random passwords - passwords saved in ~/.my.cnf +. Import the sql dumps from yiimp +. Create base yiimp serverconfig.php file to get you going +. Updates all directory permissions This install script will get you 95% ready to go with yiimp. There are a few things you need to do after the main install is finished. @@ -41,9 +46,9 @@ You must update the following files: 2. /etc/yiimp/keys.php - update with secrect keys from the exchanges. After you add the missing information to those files then run: -./main.sh -./loop2.sh -./block.sh +bash main.sh +bash loop2.sh +bash block.sh To download and run From 629a691e5dbd121e3b81dc6c6f5fc2ab4bec676b Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sat, 16 Sep 2017 23:04:38 -0400 Subject: [PATCH 39/59] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a02d8bce..7f029191 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,7 @@ curl -Lo install.sh https://raw.githubusercontent.com/crombiecrunch/yiimp_instal bash install.sh -If this helped you or you feel giving please donate BTC Donation: 1KuE2LMZMPXJ4gsVniWLuyyPsqqZs5Av4y +If this helped you or you feel giving please donate BTC Donation: 16xpWzWP2ZaBQWQCDAaseMZBFwnwRUL4bD Feel free to join our Discord channel at https://discord.gg/zdBbAQ From c26f2ccdb0f17c2bcc9d79310e0f06e92c358175 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sat, 16 Sep 2017 23:06:06 -0400 Subject: [PATCH 40/59] Update install.sh --- install.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/install.sh b/install.sh index 1e409aa5..eaa8c63d 100644 --- a/install.sh +++ b/install.sh @@ -6,7 +6,7 @@ # # Program: # Install yiimp on Ubuntu 16.04 running Nginx, MariaDB, and php7.x -# BTC Donation: 1KuE2LMZMPXJ4gsVniWLuyyPsqqZs5Av4y +# BTC Donation: 16xpWzWP2ZaBQWQCDAaseMZBFwnwRUL4bD # ################################################################################ output() { @@ -35,7 +35,7 @@ output "" read -e -p "Please enter a new location for /adminRights this is to customize the admin entrance url (e.g. example.com/myAdminpanel) : " admin_panel clear - output "If you found this helpful, please donate to BTC Donation: 1KuE2LMZMPXJ4gsVniWLuyyPsqqZs5Av4y" + output "If you found this helpful, please donate to BTC Donation: 16xpWzWP2ZaBQWQCDAaseMZBFwnwRUL4bD" output "" output "Updating system and installing required packages." output "" @@ -457,7 +457,7 @@ define('"'"'EXCH_YOBIT_SECRET'"'"', '"'"''"'"'); output "Database 'yiimpfrontend' and users 'panel' and 'stratum' created with password $password and $password2, will be saved for you" output "" - output "BTC Donation: 1KuE2LMZMPXJ4gsVniWLuyyPsqqZs5Av4y" + output "BTC Donation: 16xpWzWP2ZaBQWQCDAaseMZBFwnwRUL4bD" output "" output "Peforming the SQL import" @@ -515,7 +515,7 @@ define('"'"'YIIMP_FIAT_ALTERNATIVE'"'"', '"'"'USD'"'"'); // USD is main define('"'"'YAAMP_USE_NICEHASH_API'"'"', false); -define('"'"'YAAMP_BTCADDRESS'"'"', '"'"'1KuE2LMZMPXJ4gsVniWLuyyPsqqZs5Av4y'"'"'); +define('"'"'YAAMP_BTCADDRESS'"'"', '"'"'16xpWzWP2ZaBQWQCDAaseMZBFwnwRUL4bD'"'"'); define('"'"'YAAMP_SITE_URL'"'"', '"'"''"${server_name}"''"'"'); define('"'"'YAAMP_STRATUM_URL'"'"', YAAMP_SITE_URL); // change if your stratum server is on a different host define('"'"'YAAMP_SITE_NAME'"'"', '"'"'TheCryptoPool'"'"'); @@ -555,7 +555,7 @@ define('"'"'NICEHASH_DEPOSIT_AMOUNT'"'"','"'"'0.01'"'"'); $cold_wallet_table = array( - '"'"'1KuE2LMZMPXJ4gsVniWLuyyPsqqZs5Av4y'"'"' => 0.10, + '"'"'16xpWzWP2ZaBQWQCDAaseMZBFwnwRUL4bD'"'"' => 0.10, ); // Sample fixed pool fees @@ -611,6 +611,6 @@ output "Please make sure to change your wallet addresses in the /var/web/serverc output "" output "Please make sure to add your public and private keys." output "" -output "If you found this script helpful please consider donating some BTC Donation: 1KuE2LMZMPXJ4gsVniWLuyyPsqqZs5Av4y" +output "If you found this script helpful please consider donating some BTC Donation: 16xpWzWP2ZaBQWQCDAaseMZBFwnwRUL4bD" From f6677ea7d901da07bebb0c6a656127e4b854a644 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Mon, 18 Sep 2017 22:03:33 -0400 Subject: [PATCH 41/59] Update README.md --- README.md | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 7f029191..08938862 100644 --- a/README.md +++ b/README.md @@ -21,22 +21,22 @@ New custom location for yiimp admin login. Once those questions are answered the script will then be fully automated for the rest of the install. -. Update and Upgrade Ubuntu Packages -. Install Aptitude -. Install and configure Nginx -. Install MariaDB with random root password -. Install php7 -. Install various dev packages required for building blocknotify and stratum -. Install SendMail -. Install Fail2Ban if selected -. Install and configur phpmyadmin with random password for phpmyadmin user -. Clone yiimp build packages, create directory structure, set file permissions, and more -. Update server clock -. Install LetsEncrypt if selected -. Create yiimp database, create 2 users with random passwords - passwords saved in ~/.my.cnf -. Import the sql dumps from yiimp -. Create base yiimp serverconfig.php file to get you going -. Updates all directory permissions +1. Update and Upgrade Ubuntu Packages +2. Install Aptitude +3. Install and configure Nginx +4. Install MariaDB with random root password +5. Install php7 +6. Install various dev packages required for building blocknotify and stratum +7. Install SendMail +8. Install Fail2Ban if selected +9. Install and configur phpmyadmin with random password for phpmyadmin user +10. Clone yiimp build packages, create directory structure, set file permissions, and more +11. Update server clock +12. Install LetsEncrypt if selected +13. Create yiimp database, create 2 users with random passwords - passwords saved in ~/.my.cnf +14. Import the sql dumps from yiimp +15. Create base yiimp serverconfig.php file to get you going +16. Updates all directory permissions This install script will get you 95% ready to go with yiimp. There are a few things you need to do after the main install is finished. From 224f2a1e359854e9729da0e19eed29fdca6ecb97 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sat, 23 Sep 2017 21:31:52 -0400 Subject: [PATCH 42/59] ver2 Updated to use https://github.com/crombiecrunch/yiimp-reloaded.git, enhanced nginx security, option to enable autoexchange, code clean up --- install.sh | 444 +++++++++++++++++++++++++---------------------------- 1 file changed, 211 insertions(+), 233 deletions(-) diff --git a/install.sh b/install.sh index eaa8c63d..ac728149 100644 --- a/install.sh +++ b/install.sh @@ -27,12 +27,12 @@ output "" read -e -p "Enter time zone (e.g. America/New_York) : " TIME read -e -p "Server name (no http:// or www. just example.com) : " server_name read -e -p "Enter support email (e.g. admin@example.com) : " EMAIL - read -e -p "Server Admin contact email : " root_email - read -e -p "Send an mail to test the smtp service? [Y/n] : " send_email - output "These next questions are to help secure your yiimp installation." + read -e -p "Set stratum to AutoExchange? i.e. mine any coinf with BTC address? [y/N] : " BTC + read -e -p "Please enter a new location for /site/adminRights this is to customize the admin entrance url (e.g. myAdminpanel) : " admin_panel + read -e -p "Enter your Public IP for admin access (http://www.whatsmyip.org/) : " Public read -e -p "Install Fail2ban? [Y/n] : " install_fail2ban read -e -p "Install LetsEncrypt SSL? IMPORTANT! You MUST have your domain name pointed to this server prior to running the script!! [Y/n]: " ssl_install - read -e -p "Please enter a new location for /adminRights this is to customize the admin entrance url (e.g. example.com/myAdminpanel) : " admin_panel + clear output "If you found this helpful, please donate to BTC Donation: 16xpWzWP2ZaBQWQCDAaseMZBFwnwRUL4bD" @@ -55,16 +55,6 @@ output "" sudo rm /etc/nginx/sites-enabled/default sudo service nginx start sudo service cron start - #Making Nginx a bit hard - echo 'map $http_user_agent $blockedagent { -default 0; -~*malicious 1; -~*bot 1; -~*backdoor 1; -~*crawler 1; -~*bandit 1; -} -' | sudo -E tee /etc/nginx/blockuseragents.rules >/dev/null 2>&1 output "Installing Mariadb Server." output "" @@ -88,7 +78,6 @@ default 0; sudo aptitude -y install gnutls-dev sudo aptitude -y install librtmp-dev sudo aptitude -y install build-essential libtool autotools-dev automake pkg-config libssl-dev libevent-dev bsdmainutils - sudo aptitude -y install sendmail sudo aptitude -y install git sudo aptitude -y install pwgen -y clear @@ -97,24 +86,6 @@ default 0; password=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` password2=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` AUTOGENERATED_PASS=`pwgen -c -1 20` - output "Testing to see if server emails are sent" - output "" - if [[ "$root_email" != "" ]]; then - echo $root_email > sudo tee --append ~/.email - echo $root_email > sudo tee --append ~/.forward - - if [[ ("$send_email" == "y" || "$send_email" == "Y" || "$send_email" == "") ]]; then - echo "This is a mail test for the SMTP Service." > sudo tee --append /tmp/email.message - echo "You should receive this !" >> sudo tee --append /tmp/email.message - echo "" >> sudo tee --append /tmp/email.message - echo "Cheers" >> sudo tee --append /tmp/email.message - sudo sendmail -s "SMTP Testing" $root_email < sudo tee --append /tmp/email.message - - sudo rm -f /tmp/email.message - echo "Mail sent" - fi - fi - output "Some optional installs" if [[ ("$install_fail2ban" == "y" || "$install_fail2ban" == "Y" || "$install_fail2ban" == "") ]]; then sudo aptitude -y install fail2ban @@ -138,47 +109,32 @@ default 0; #Generating Random Password for stratum blckntifypass=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` cd ~ - git clone https://github.com/tpruvot/yiimp.git - cd yiimp - cd blocknotify + git clone https://github.com/crombiecrunch/yiimp-reloaded.git + cd $HOME/yiimp/blocknotify sudo sed -i 's/tu8tu5/'$blckntifypass'/' blocknotify.cpp sudo make - cd ~/yiimp/stratum/iniparser + cd $HOME/yiimp/stratum/iniparser sudo make - cd .. + cd $HOME/yiimp/stratum + if [[ ("$BTC" == "y" || "$BTC" == "Y") ]]; then + sudo sed -i 's/CFLAGS += -DNO_EXCHANGE/#CFLAGS += -DNO_EXCHANGE/' $HOME/yiimp/stratum/Makefile sudo make - cd .. - sudo sed -i 's/AdminRights/'$admin_panel'/' web/yaamp/modules/site/SiteController.php - sudo cp -r web /var/ - sudo mkdir /var/stratum - cd stratum + fi + sudo make + cd $HOME/yiimp + sudo sed -i 's/AdminRights/'$admin_panel'/' $HOME/yiimp/web/yaamp/modules/site/SiteController.php + sudo cp -r $HOME/yiimp/web /var/ + sudo mkdir -p /var/stratum + cd $HOME/yiimp/stratum sudo cp -a config.sample/. /var/stratum/config sudo cp -r stratum /var/stratum sudo cp -r run.sh /var/stratum - cd .. - sudo cp -a bin/. /bin/ - #fixing yiimp - sed -i "s|ROOTDIR=/data/yiimp|ROOTDIR=/var|g" /bin/yiimp - #fixing run.sh - sudo rm -r /var/stratum/config/run.sh -echo ' -#!/bin/bash - -ulimit -n 10240 -ulimit -u 10240 - -cd /var/stratum -while true; do - ./stratum /var/stratum/config/$1 - sleep 2 -done -exec bash -' | sudo -E tee /var/stratum/config/run.sh >/dev/null 2>&1 -sudo chmod +x /var/stratum/config/run.sh - sudo cp -r blocknotify/blocknotify /var/stratum - sudo mkdir /etc/yiimp - sudo mkdir /root/backup/ - sudo cp -r /var/web/keys.sample.php /etc/yiimp/ + cd $HOME/yiimp + sudo cp -a $HOME/yiimp/bin/. /bin/ + sudo cp -r $HOME/yiimp/blocknotify/blocknotify /var/stratum + sudo mkdir -p /etc/yiimp + sudo mkdir -p /$HOME/backup/ + sudo cp -r $HOME/yiimp/var/web/keys.sample.php /etc/yiimp/ output "Update default timezone." output "Thanks for using this installation script. Donations welcome" # check if link file @@ -191,10 +147,26 @@ sudo chmod +x /var/stratum/config/run.sh clear output "Making Web Server Magic Happen!" # adding user to group, creating dir structure, setting permissions - sudo mkdir -p /var/www/$server_name/html + sudo mkdir -p /var/www/$server_name/html output "Creating webserver initial config file" output "" +#Making Nginx a bit hard +echo 'map $http_user_agent $blockedagent { +default 0; +~*malicious 1; +~*bot 1; +~*backdoor 1; +~*crawler 1; +~*bandit 1; +} +' | sudo -E tee /etc/nginx/blockuseragents.rules >/dev/null 2>&1 + echo 'include /etc/nginx/blockuseragents.rules; + server_tokens off; + add_header X-Frame-Options SAMEORIGIN; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'"; server { if ($blockedagent) { return 403; @@ -275,23 +247,29 @@ echo 'include /etc/nginx/blockuseragents.rules; } ' | sudo -E tee /etc/nginx/sites-available/$server_name.conf >/dev/null 2>&1 -sudo ln -s /etc/nginx/sites-available/$server_name.conf /etc/nginx/sites-enabled/$server_name.conf -sudo ln -s /var/web /var/www/$server_name/html -sudo service nginx restart + sudo ln -s /etc/nginx/sites-available/$server_name.conf /etc/nginx/sites-enabled/$server_name.conf + sudo ln -s /var/web /var/www/$server_name/html + sudo service nginx restart if [[ ("$ssl_install" == "y" || "$ssl_install" == "Y" || "$ssl_install" == "") ]]; then - output "Install LetsEncrypt and setting SSL" - sudo aptitude -y install letsencrypt - sudo letsencrypt certonly -a webroot --webroot-path=/var/web --email "$EMAIL" --agree-tos -d "$server_name" -d www."$server_name" - sudo rm /etc/nginx/sites-available/$server_name.conf - sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 - # I am SSL Man! -echo 'include /etc/nginx/blockuseragents.rules; + output "Install LetsEncrypt and setting SSL" + sudo aptitude -y install letsencrypt + sudo letsencrypt certonly -a webroot --webroot-path=/var/web --email "$EMAIL" --agree-tos -d "$server_name" -d www."$server_name" + sudo rm /etc/nginx/sites-available/$server_name.conf + sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 + # I am SSL Man! + echo 'include /etc/nginx/blockuseragents.rules; + server_tokens off; + add_header X-Frame-Options SAMEORIGIN; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'"; server { if ($blockedagent) { return 403; } if ($request_method !~ ^(GET|HEAD|POST)$) { return 444; + } listen 80; listen [::]:80; @@ -307,110 +285,107 @@ echo 'include /etc/nginx/blockuseragents.rules; if ($request_method !~ ^(GET|HEAD|POST)$) { return 444; } - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name '"${server_name}"' www.'"${server_name}"'; - - root /var/www/'"${server_name}"'/html/web; - index index.php; + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name '"${server_name}"' www.'"${server_name}"'; - access_log /var/log/nginx/'"${server_name}"'.app-accress.log; - error_log /var/log/nginx/'"${server_name}"'.app-error.log error; + root /var/www/'"${server_name}"'/html/web; + index index.php; + + ssl_certificate /etc/letsencrypt/live/'"${server_name}"'/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/'"${server_name}"'/privkey.pem; + + access_log /var/log/nginx/'"${server_name}"'.app-accress.log; + error_log /var/log/nginx/'"${server_name}"'.app-error.log error; + + ssl_session_cache shared:SSL:50m; + ssl_session_timeout 1d; + ssl_session_tickets off; + + ssl_dhparam /etc/nginx/ssl/dhparam.pem; + ssl_prefer_server_ciphers on; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - # allow larger file uploads and longer script runtimes client_body_buffer_size 50k; client_header_buffer_size 50k; client_max_body_size 50k; large_client_header_buffers 2 50k; - sendfile off; - - # strengthen ssl security - ssl_certificate /etc/letsencrypt/live/'"${server_name}"'/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/'"${server_name}"'/privkey.pem; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_prefer_server_ciphers on; - ssl_session_cache shared:SSL:10m; - ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; - ssl_dhparam /etc/ssl/certs/dhparam.pem; - - # Add headers to serve security related headers - add_header Strict-Transport-Security "max-age=15768000; preload;"; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header Content-Security-Policy "frame-ancestors 'self'"; - + sendfile off; + + ssl_session_cache shared:SSL:10m; + ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; location / { try_files $uri $uri/ /index.php?$args; - } + } + location @rewrite { rewrite ^/(.*)$ /index.php?r=$1; - } - - - location ~ ^/index\.php$ { - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; - fastcgi_index index.php; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_intercept_errors off; - fastcgi_buffer_size 16k; - fastcgi_buffers 4 16k; - fastcgi_connect_timeout 300; - fastcgi_send_timeout 300; - fastcgi_read_timeout 300; - include /etc/nginx/fastcgi_params; - try_files $uri $uri/ =404; - } - location ~ \.php$ { - return 404; - } - - location ~ \.sh { - return 404; - } + } + + location ~ ^/index\.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_intercept_errors off; + fastcgi_buffer_size 16k; + fastcgi_buffers 4 16k; + fastcgi_connect_timeout 300; + fastcgi_send_timeout 300; + fastcgi_read_timeout 300; + include /etc/nginx/fastcgi_params; + try_files $uri $uri/ =404; + } + + location ~ \.php$ { + return 404; + } + + location ~ \.sh { + return 404; + } - location ~ /\.ht { - deny all; - } - location /phpmyadmin { - root /usr/share/; - index index.php; - try_files $uri $uri/ =404; - - location ~ ^/phpmyadmin/(doc|sql|setup)/ { - deny all; - } + location ~ /\.ht { + deny all; + } + + location /phpmyadmin { + root /usr/share/; + index index.php; + try_files $uri $uri/ =404; + location ~ ^/phpmyadmin/(doc|sql|setup)/ { + deny all; + } - location ~ /phpmyadmin/(.+\.php)$ { - fastcgi_pass unix:/run/php/php7.0-fpm.sock; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include fastcgi_params; - include snippets/fastcgi-php.conf; - } - } + location ~ /phpmyadmin/(.+\.php)$ { + fastcgi_pass unix:/run/php/php7.0-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + include snippets/fastcgi-php.conf; + } } +} ' | sudo -E tee /etc/nginx/sites-available/$server_name.conf >/dev/null 2>&1 fi -sudo service nginx restart -sudo service php7.0-fpm reload - clear - output "Now for the database fun!" - # create database - Q1="CREATE DATABASE IF NOT EXISTS yiimpfrontend;" - Q2="GRANT ALL ON *.* TO 'panel'@'localhost' IDENTIFIED BY '$password';" - Q3="FLUSH PRIVILEGES;" - SQL="${Q1}${Q2}${Q3}" - sudo mysql -u root -p="" -e "$SQL" - # create stratum user - Q1="GRANT ALL ON *.* TO 'stratum'@'localhost' IDENTIFIED BY '$password2';" - Q2="FLUSH PRIVILEGES;" - SQL="${Q1}${Q2}" - sudo mysql -u root -p="" -e "$SQL" + sudo service nginx restart + sudo service php7.0-fpm reload + clear + output "Now for the database fun!" + # create database + Q1="CREATE DATABASE IF NOT EXISTS yiimpfrontend;" + Q2="GRANT ALL ON *.* TO 'panel'@'localhost' IDENTIFIED BY '$password';" + Q3="FLUSH PRIVILEGES;" + SQL="${Q1}${Q2}${Q3}" + sudo mysql -u root -p="" -e "$SQL" + # create stratum user + Q1="GRANT ALL ON *.* TO 'stratum'@'localhost' IDENTIFIED BY '$password2';" + Q2="FLUSH PRIVILEGES;" + SQL="${Q1}${Q2}" + sudo mysql -u root -p="" -e "$SQL" - #Create my.cnf + #Create my.cnf echo ' [clienthost1] @@ -455,37 +430,36 @@ define('"'"'EXCH_YOBIT_SECRET'"'"', '"'"''"'"'); ' | sudo -E tee /etc/yiimp/keys.php >/dev/null 2>&1 - output "Database 'yiimpfrontend' and users 'panel' and 'stratum' created with password $password and $password2, will be saved for you" - output "" - output "BTC Donation: 16xpWzWP2ZaBQWQCDAaseMZBFwnwRUL4bD" - output "" + output "Database 'yiimpfrontend' and users 'panel' and 'stratum' created with password $password and $password2, will be saved for you" + output "" + output "BTC Donation: 16xpWzWP2ZaBQWQCDAaseMZBFwnwRUL4bD" + output "" - output "Peforming the SQL import" - output "" - cd ~ - cd yiimp/sql - # import sql dump - sudo zcat 2016-04-03-yaamp.sql.gz | sudo mysql --defaults-group-suffix=host1 - # oh the humanity! - sudo mysql --defaults-group-suffix=host1 --force < 2016-04-24-market_history.sql - sudo mysql --defaults-group-suffix=host1 --force < 2016-04-27-settings.sql - sudo mysql --defaults-group-suffix=host1 --force < 2016-05-11-coins.sql - sudo mysql --defaults-group-suffix=host1 --force < 2016-05-15-benchmarks.sql - sudo mysql --defaults-group-suffix=host1 --force < 2016-05-23-bookmarks.sql - sudo mysql --defaults-group-suffix=host1 --force < 2016-06-01-notifications.sql - sudo mysql --defaults-group-suffix=host1 --force < 2016-06-04-bench_chips.sql - sudo mysql --defaults-group-suffix=host1 --force < 2016-11-23-coins.sql - sudo mysql --defaults-group-suffix=host1 --force < 2017-02-05-benchmarks.sql - sudo mysql --defaults-group-suffix=host1 --force < 2017-03-31-earnings_index.sql - sudo mysql --defaults-group-suffix=host1 --force < 2017-05-accounts_case_swaptime.sql - sudo mysql --defaults-group-suffix=host1 --force < 2017-06-payouts_coinid_memo.sql - - clear - output "Generating a basic serverconfig.php" - output "" - # make config file -echo ' - 2.0, - '"'"'scrypt'"'"' => 20.0, - '"'"'sha256'"'"' => 5.0, +// $configFixedPoolFees = array( +// '"'"'zr5'"'"' => 2.0, +// '"'"'scrypt'"'"' => 20.0, +// '"'"'sha256'"'"' => 5.0, ); // Sample custom stratum ports @@ -576,35 +552,37 @@ $configAlgoNormCoef = array( ); ' | sudo -E tee /var/web/serverconfig.php >/dev/null 2>&1 -output "Updating stratum config files with database connection info." -output "" -cd /var/stratum/config -sudo sed -i 's/password = tu8tu5/password = '$blckntifypass'/g' *.conf -sudo sed -i 's/server = yaamp.com/server = '$server_name'/g' *.conf -sudo sed -i 's/host = yaampdb/host = localhost/g' *.conf -sudo sed -i 's/database = yaamp/database = yiimpfrontend/g' *.conf -sudo sed -i 's/username = root/username = stratum/g' *.conf -sudo sed -i 's/password = patofpaq/password = '$password2'/g' *.conf -cd ~ - - -output "Final Directory permissions" -output "" -whoami=`whoami` -sudo usermod -aG www-data $whoami -sudo chown -R www-data:www-data /var/log -sudo chown -R www-data:www-data /var/stratum -sudo chown -R www-data:www-data /var/web -sudo chmod -R 775 /var/www/$server_name/html -sudo chmod -R 775 /var/web -sudo chmod -R 775 /var/stratum -sudo chmod -R 775 /var/web/yaamp/runtime -sudo chmod -R 775 /root/backup/ -sudo chmod -R 775 /var/log -sudo chmod -R 775 /var/web/serverconfig.php -sudo service nginx restart -sudo service php7.0-fpm reload -clear + output "Updating stratum config files with database connection info." + output "" + cd /var/stratum/config + sudo sed -i 's/password = tu8tu5/password = '$blckntifypass'/g' *.conf + sudo sed -i 's/server = yaamp.com/server = '$server_name'/g' *.conf + sudo sed -i 's/host = yaampdb/host = localhost/g' *.conf + sudo sed -i 's/database = yaamp/database = yiimpfrontend/g' *.conf + sudo sed -i 's/username = root/username = stratum/g' *.conf + sudo sed -i 's/password = patofpaq/password = '$password2'/g' *.conf + cd /var/web + + + output "Final Directory permissions" + output "" + whoami=`whoami` + sudo usermod -aG www-data $whoami + sudo chown -R www-data:www-data /var/log + sudo chown -R www-data:www-data /var/stratum + sudo chown -R www-data:www-data /var/web + sudo chmod -R 775 /var/www/$server_name/html + sudo chmod -R 775 /var/web + sudo chmod -R 775 /var/stratum + sudo chmod -R 775 /var/web/yaamp/runtime + sudo chmod -R 775 /$HOME/backup/ + sudo chmod -R 775 /var/log + sudo chmod -R 775 /var/web/serverconfig.php + sudo mv /$HOME/yiimp /$HOME/yiimp-install-folder-only-do-not-for-use + sudo service nginx restart + sudo service php7.0-fpm reload + clear + clear output "Whew that was fun, just some reminders. Your mysql information is saved in ~/.my.cnf. this installer did not directly install anything required to build coins." output "" output "Please make sure to change your wallet addresses in the /var/web/serverconfig.php file." From 1b554ea71406bbdf79f864028e4906c031eb5982 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sat, 23 Sep 2017 21:39:35 -0400 Subject: [PATCH 43/59] Update install.sh --- install.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/install.sh b/install.sh index ac728149..5b2f7104 100644 --- a/install.sh +++ b/install.sh @@ -259,6 +259,7 @@ echo 'include /etc/nginx/blockuseragents.rules; # I am SSL Man! echo 'include /etc/nginx/blockuseragents.rules; server_tokens off; + add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; @@ -302,7 +303,7 @@ echo 'include /etc/nginx/blockuseragents.rules; ssl_session_timeout 1d; ssl_session_tickets off; - ssl_dhparam /etc/nginx/ssl/dhparam.pem; + ssl_dhparam /etc/ssl/certs/dhparam.pem; ssl_prefer_server_ciphers on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; From ac869e2ca67342c825d5b3adfe4a35c994ea7924 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sat, 23 Sep 2017 22:49:41 -0400 Subject: [PATCH 44/59] dded UFW and Ports --- install.sh | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/install.sh b/install.sh index 5b2f7104..c9677412 100644 --- a/install.sh +++ b/install.sh @@ -31,6 +31,7 @@ output "" read -e -p "Please enter a new location for /site/adminRights this is to customize the admin entrance url (e.g. myAdminpanel) : " admin_panel read -e -p "Enter your Public IP for admin access (http://www.whatsmyip.org/) : " Public read -e -p "Install Fail2ban? [Y/n] : " install_fail2ban + read -e -p "Install UFW and configure ports? [Y/n] : " UFW read -e -p "Install LetsEncrypt SSL? IMPORTANT! You MUST have your domain name pointed to this server prior to running the script!! [Y/n]: " ssl_install @@ -90,6 +91,43 @@ output "" if [[ ("$install_fail2ban" == "y" || "$install_fail2ban" == "Y" || "$install_fail2ban" == "") ]]; then sudo aptitude -y install fail2ban fi + if [[ ("$UFW" == "y" || "$UFW" == "Y" || "$UFW" == "") ]]; then + sudo apt-get install ufw + sudo ufw default deny incoming + sudo ufw default allow outgoing + sudo ufw allow ssh + sudo ufw allow http + sudo ufw allow https + sudo ufw allow 2142/tcp + sudo ufw allow 3739/tcp + sudo ufw allow 3525/tcp + sudo ufw allow 4233/tcp + sudo ufw allow 3747/tcp + sudo ufw allow 5033/tcp + sudo ufw allow 4262/tcp + sudo ufw allow 3737/tcp + sudo ufw allow 3556/tcp + sudo ufw allow 3553/tcp + sudo ufw allow 4633/tcp + sudo ufw allow 8433/tcp + sudo ufw allow 3555/tcp + sudo ufw allow 3833/tcp + sudo ufw allow 4533/tcp + sudo ufw allow 4133/tcp + sudo ufw allow 5339/tcp + sudo ufw allow 8533/tcp + sudo ufw allow 3334/tcp + sudo ufw allow 4933/tcp + sudo ufw allow 3333/tcp + sudo ufw allow 6033/tcp + sudo ufw allow 3739/tcp + sudo ufw allow 5766/tcp + sudo ufw allow 3533/tcp + sudo ufw allow 4033/tcp + sudo ufw allow 3433/tcp + sudo ufw allow 3633/tcp + sudo ufw enable + fi clear output "Installing phpmyadmin" From 8882ae8c6b5493d0c6c2d0f0e3ff95fb97b48921 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sat, 23 Sep 2017 23:12:30 -0400 Subject: [PATCH 45/59] Update install.sh --- install.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/install.sh b/install.sh index c9677412..d1eac341 100644 --- a/install.sh +++ b/install.sh @@ -120,13 +120,12 @@ output "" sudo ufw allow 4933/tcp sudo ufw allow 3333/tcp sudo ufw allow 6033/tcp - sudo ufw allow 3739/tcp sudo ufw allow 5766/tcp sudo ufw allow 3533/tcp sudo ufw allow 4033/tcp sudo ufw allow 3433/tcp sudo ufw allow 3633/tcp - sudo ufw enable + sudo ufw --force enable fi clear @@ -147,7 +146,7 @@ output "" #Generating Random Password for stratum blckntifypass=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` cd ~ - git clone https://github.com/crombiecrunch/yiimp-reloaded.git + git clone https://github.com/crombiecrunch/yiimp-reloaded.git yiimp cd $HOME/yiimp/blocknotify sudo sed -i 's/tu8tu5/'$blckntifypass'/' blocknotify.cpp sudo make From 1d7e4c571a4f432cba2d2043c9eeb7600c2904f6 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sun, 24 Sep 2017 00:54:59 -0400 Subject: [PATCH 46/59] Update install.sh --- install.sh | 180 ++++++++++++++++++++++++++--------------------------- 1 file changed, 88 insertions(+), 92 deletions(-) diff --git a/install.sh b/install.sh index d1eac341..da8908c8 100644 --- a/install.sh +++ b/install.sh @@ -164,29 +164,29 @@ output "" sudo mkdir -p /var/stratum cd $HOME/yiimp/stratum sudo cp -a config.sample/. /var/stratum/config - sudo cp -r stratum /var/stratum - sudo cp -r run.sh /var/stratum - cd $HOME/yiimp - sudo cp -a $HOME/yiimp/bin/. /bin/ - sudo cp -r $HOME/yiimp/blocknotify/blocknotify /var/stratum - sudo mkdir -p /etc/yiimp - sudo mkdir -p /$HOME/backup/ - sudo cp -r $HOME/yiimp/var/web/keys.sample.php /etc/yiimp/ - output "Update default timezone." - output "Thanks for using this installation script. Donations welcome" +sudo cp -r stratum /var/stratum +sudo cp -r run.sh /var/stratum +cd $HOME/yiimp +sudo cp -a $HOME/yiimp/bin/. /bin/ +sudo cp -r $HOME/yiimp/blocknotify/blocknotify /var/stratum +sudo mkdir -p /etc/yiimp +sudo mkdir -p /$HOME/backup/ +sudo cp -r $HOME/yiimp/var/web/keys.sample.php /etc/yiimp/ +output "Update default timezone." +output "Thanks for using this installation script. Donations welcome" # check if link file - sudo [ -L /etc/localtime ] && sudo unlink /etc/localtime +sudo [ -L /etc/localtime ] && sudo unlink /etc/localtime # update time zone - sudo ln -sf /usr/share/zoneinfo/$TIME /etc/localtime - sudo aptitude -y install ntpdate +sudo ln -sf /usr/share/zoneinfo/$TIME /etc/localtime +sudo aptitude -y install ntpdate # write time to clock. - sudo hwclock -w - clear - output "Making Web Server Magic Happen!" +sudo hwclock -w +clear +output "Making Web Server Magic Happen!" # adding user to group, creating dir structure, setting permissions - sudo mkdir -p /var/www/$server_name/html - output "Creating webserver initial config file" - output "" +sudo mkdir -p /var/www/$server_name/html +output "Creating webserver initial config file" +output "" #Making Nginx a bit hard echo 'map $http_user_agent $blockedagent { default 0; @@ -407,26 +407,25 @@ echo 'include /etc/nginx/blockuseragents.rules; ' | sudo -E tee /etc/nginx/sites-available/$server_name.conf >/dev/null 2>&1 fi - sudo service nginx restart - sudo service php7.0-fpm reload - clear - output "Now for the database fun!" +sudo service nginx restart +sudo service php7.0-fpm reload +clear +output "Now for the database fun!" # create database - Q1="CREATE DATABASE IF NOT EXISTS yiimpfrontend;" - Q2="GRANT ALL ON *.* TO 'panel'@'localhost' IDENTIFIED BY '$password';" - Q3="FLUSH PRIVILEGES;" - SQL="${Q1}${Q2}${Q3}" - sudo mysql -u root -p="" -e "$SQL" +Q1="CREATE DATABASE IF NOT EXISTS yiimpfrontend;" +Q2="GRANT ALL ON *.* TO 'panel'@'localhost' IDENTIFIED BY '$password';" +Q3="FLUSH PRIVILEGES;" +SQL="${Q1}${Q2}${Q3}" +sudo mysql -u root -p="" -e "$SQL" # create stratum user - Q1="GRANT ALL ON *.* TO 'stratum'@'localhost' IDENTIFIED BY '$password2';" - Q2="FLUSH PRIVILEGES;" - SQL="${Q1}${Q2}" - sudo mysql -u root -p="" -e "$SQL" +Q1="GRANT ALL ON *.* TO 'stratum'@'localhost' IDENTIFIED BY '$password2';" +Q2="FLUSH PRIVILEGES;" +SQL="${Q1}${Q2}" +sudo mysql -u root -p="" -e "$SQL" #Create my.cnf - echo ' -[clienthost1] +echo '[clienthost1] user=panel password='"${password}"' database=yiimpfrontend @@ -468,33 +467,33 @@ define('"'"'EXCH_YOBIT_SECRET'"'"', '"'"''"'"'); ' | sudo -E tee /etc/yiimp/keys.php >/dev/null 2>&1 - output "Database 'yiimpfrontend' and users 'panel' and 'stratum' created with password $password and $password2, will be saved for you" - output "" - output "BTC Donation: 16xpWzWP2ZaBQWQCDAaseMZBFwnwRUL4bD" - output "" +output "Database 'yiimpfrontend' and users 'panel' and 'stratum' created with password $password and $password2, will be saved for you" +output "" +output "BTC Donation: 16xpWzWP2ZaBQWQCDAaseMZBFwnwRUL4bD" +output "" - output "Peforming the SQL import" - output "" - cd ~ - cd yiimp/sql +output "Peforming the SQL import" +output "" +cd ~ +cd yiimp/sql # import sql dump - sudo zcat 2016-04-03-yaamp.sql.gz | sudo mysql --defaults-group-suffix=host1 +sudo zcat 2016-04-03-yaamp.sql.gz | sudo mysql --defaults-group-suffix=host1 # oh the humanity! - sudo mysql --defaults-group-suffix=host1 --force < 2016-04-24-market_history.sql - sudo mysql --defaults-group-suffix=host1 --force < 2016-04-27-settings.sql - sudo mysql --defaults-group-suffix=host1 --force < 2016-05-11-coins.sql - sudo mysql --defaults-group-suffix=host1 --force < 2016-05-15-benchmarks.sql - sudo mysql --defaults-group-suffix=host1 --force < 2016-05-23-bookmarks.sql - sudo mysql --defaults-group-suffix=host1 --force < 2016-06-01-notifications.sql - sudo mysql --defaults-group-suffix=host1 --force < 2016-06-04-bench_chips.sql - sudo mysql --defaults-group-suffix=host1 --force < 2016-11-23-coins.sql - sudo mysql --defaults-group-suffix=host1 --force < 2017-02-05-benchmarks.sql - sudo mysql --defaults-group-suffix=host1 --force < 2017-03-31-earnings_index.sql - sudo mysql --defaults-group-suffix=host1 --force < 2017-05-accounts_case_swaptime.sql - sudo mysql --defaults-group-suffix=host1 --force < 2017-06-payouts_coinid_memo.sql - sudo mysql --defaults-group-suffix=host1 --force < 2017-09-notifications.sql - clear - output "Generating a basic serverconfig.php" +sudo mysql --defaults-group-suffix=host1 --force < 2016-04-24-market_history.sql +sudo mysql --defaults-group-suffix=host1 --force < 2016-04-27-settings.sql +sudo mysql --defaults-group-suffix=host1 --force < 2016-05-11-coins.sql +sudo mysql --defaults-group-suffix=host1 --force < 2016-05-15-benchmarks.sql +sudo mysql --defaults-group-suffix=host1 --force < 2016-05-23-bookmarks.sql +sudo mysql --defaults-group-suffix=host1 --force < 2016-06-01-notifications.sql +sudo mysql --defaults-group-suffix=host1 --force < 2016-06-04-bench_chips.sql +sudo mysql --defaults-group-suffix=host1 --force < 2016-11-23-coins.sql +sudo mysql --defaults-group-suffix=host1 --force < 2017-02-05-benchmarks.sql +sudo mysql --defaults-group-suffix=host1 --force < 2017-03-31-earnings_index.sql +sudo mysql --defaults-group-suffix=host1 --force < 2017-05-accounts_case_swaptime.sql +sudo mysql --defaults-group-suffix=host1 --force < 2017-06-payouts_coinid_memo.sql +sudo mysql --defaults-group-suffix=host1 --force < 2017-09-notifications.sql +clear +output "Generating a basic serverconfig.php" output "" # make config file echo '/dev/null 2>&1 - output "Updating stratum config files with database connection info." - output "" - cd /var/stratum/config - sudo sed -i 's/password = tu8tu5/password = '$blckntifypass'/g' *.conf - sudo sed -i 's/server = yaamp.com/server = '$server_name'/g' *.conf - sudo sed -i 's/host = yaampdb/host = localhost/g' *.conf - sudo sed -i 's/database = yaamp/database = yiimpfrontend/g' *.conf - sudo sed -i 's/username = root/username = stratum/g' *.conf - sudo sed -i 's/password = patofpaq/password = '$password2'/g' *.conf - cd /var/web - - - output "Final Directory permissions" - output "" - whoami=`whoami` - sudo usermod -aG www-data $whoami - sudo chown -R www-data:www-data /var/log - sudo chown -R www-data:www-data /var/stratum - sudo chown -R www-data:www-data /var/web - sudo chmod -R 775 /var/www/$server_name/html - sudo chmod -R 775 /var/web - sudo chmod -R 775 /var/stratum - sudo chmod -R 775 /var/web/yaamp/runtime - sudo chmod -R 775 /$HOME/backup/ - sudo chmod -R 775 /var/log - sudo chmod -R 775 /var/web/serverconfig.php - sudo mv /$HOME/yiimp /$HOME/yiimp-install-folder-only-do-not-for-use - sudo service nginx restart - sudo service php7.0-fpm reload - clear - clear +output "Updating stratum config files with database connection info." +output "" +cd /var/stratum/config +sudo sed -i 's/password = tu8tu5/password = '$blckntifypass'/g' *.conf +sudo sed -i 's/server = yaamp.com/server = '$server_name'/g' *.conf +sudo sed -i 's/host = yaampdb/host = localhost/g' *.conf +sudo sed -i 's/database = yaamp/database = yiimpfrontend/g' *.conf +sudo sed -i 's/username = root/username = stratum/g' *.conf +sudo sed -i 's/password = patofpaq/password = '$password2'/g' *.conf +cd /var/web + + +output "Final Directory permissions" +output "" +whoami=`whoami` +sudo usermod -aG www-data $whoami +sudo chown -R www-data:www-data /var/log +sudo chown -R www-data:www-data /var/stratum +sudo chown -R www-data:www-data /var/web +sudo chmod -R 775 /var/www/$server_name/html +sudo chmod -R 775 /var/web +sudo chmod -R 775 /var/stratum +sudo chmod -R 775 /var/web/yaamp/runtime +sudo chmod -R 775 /$HOME/backup/ +sudo chmod -R 775 /var/log +sudo chmod -R 775 /var/web/serverconfig.php +sudo mv /$HOME/yiimp /$HOME/yiimp-install-folder-only-do-not-for-use +sudo service nginx restart +sudo service php7.0-fpm reload +clear +clear output "Whew that was fun, just some reminders. Your mysql information is saved in ~/.my.cnf. this installer did not directly install anything required to build coins." output "" output "Please make sure to change your wallet addresses in the /var/web/serverconfig.php file." From 162b7ad921565a1728c83de021ba90817839fece Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sun, 24 Sep 2017 02:03:58 -0400 Subject: [PATCH 47/59] Update install.sh --- install.sh | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/install.sh b/install.sh index da8908c8..fba08486 100644 --- a/install.sh +++ b/install.sh @@ -203,7 +203,6 @@ echo 'include /etc/nginx/blockuseragents.rules; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; - add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'"; server { if ($blockedagent) { return 403; @@ -300,7 +299,6 @@ echo 'include /etc/nginx/blockuseragents.rules; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; - add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'"; server { if ($blockedagent) { return 403; @@ -350,7 +348,6 @@ echo 'include /etc/nginx/blockuseragents.rules; large_client_header_buffers 2 50k; sendfile off; - ssl_session_cache shared:SSL:10m; ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; location / { try_files $uri $uri/ /index.php?$args; @@ -569,7 +566,7 @@ $cold_wallet_table = array( ); // Sample fixed pool fees -// $configFixedPoolFees = array( +$configFixedPoolFees = array( // '"'"'zr5'"'"' => 2.0, // '"'"'scrypt'"'"' => 20.0, // '"'"'sha256'"'"' => 5.0, From cf293e870c20ab971e00959e4cbfbbe85a6285cf Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Mon, 25 Sep 2017 16:23:41 -0400 Subject: [PATCH 48/59] Update install.sh --- install.sh | 37 ++++++++++++++++++++++--------------- 1 file changed, 22 insertions(+), 15 deletions(-) diff --git a/install.sh b/install.sh index fba08486..b90eac15 100644 --- a/install.sh +++ b/install.sh @@ -146,7 +146,7 @@ output "" #Generating Random Password for stratum blckntifypass=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` cd ~ - git clone https://github.com/crombiecrunch/yiimp-reloaded.git yiimp + git clone https://github.com/tpruvot/yiimp.git cd $HOME/yiimp/blocknotify sudo sed -i 's/tu8tu5/'$blckntifypass'/' blocknotify.cpp sudo make @@ -172,6 +172,22 @@ sudo cp -r $HOME/yiimp/blocknotify/blocknotify /var/stratum sudo mkdir -p /etc/yiimp sudo mkdir -p /$HOME/backup/ sudo cp -r $HOME/yiimp/var/web/keys.sample.php /etc/yiimp/ +#fixing yiimp + sed -i "s|ROOTDIR=/data/yiimp|ROOTDIR=/var|g" /bin/yiimp + #fixing run.sh + sudo rm -r /var/stratum/config/run.sh +echo ' +#!/bin/bash +ulimit -n 10240 +ulimit -u 10240 +cd /var/stratum +while true; do + ./stratum /var/stratum/config/$1 + sleep 2 +done +exec bash +' | sudo -E tee /var/stratum/config/run.sh >/dev/null 2>&1 +sudo chmod +x /var/stratum/config/run.sh output "Update default timezone." output "Thanks for using this installation script. Donations welcome" # check if link file @@ -334,10 +350,6 @@ echo 'include /etc/nginx/blockuseragents.rules; access_log /var/log/nginx/'"${server_name}"'.app-accress.log; error_log /var/log/nginx/'"${server_name}"'.app-error.log error; - ssl_session_cache shared:SSL:50m; - ssl_session_timeout 1d; - ssl_session_tickets off; - ssl_dhparam /etc/ssl/certs/dhparam.pem; ssl_prefer_server_ciphers on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; @@ -599,16 +611,11 @@ output "Final Directory permissions" output "" whoami=`whoami` sudo usermod -aG www-data $whoami -sudo chown -R www-data:www-data /var/log -sudo chown -R www-data:www-data /var/stratum -sudo chown -R www-data:www-data /var/web -sudo chmod -R 775 /var/www/$server_name/html -sudo chmod -R 775 /var/web -sudo chmod -R 775 /var/stratum -sudo chmod -R 775 /var/web/yaamp/runtime -sudo chmod -R 775 /$HOME/backup/ -sudo chmod -R 775 /var/log -sudo chmod -R 775 /var/web/serverconfig.php +sudo find /var/web -type d -exec chmod 755 {} + +sudo find /var/web -type f -exec chmod 644 {} + +sudo chgrp $whoami /var/yaamp/runtime +sudo chmod g+w /var/yaamp/runtime +sudo chmod -R 777 /$HOME/backup/ sudo mv /$HOME/yiimp /$HOME/yiimp-install-folder-only-do-not-for-use sudo service nginx restart sudo service php7.0-fpm reload From 9ae3466e9417410b4a83bff46b116c330011cddc Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Mon, 25 Sep 2017 16:48:39 -0400 Subject: [PATCH 49/59] Update install.sh --- install.sh | 381 ++++++++++++++++++++++++++--------------------------- 1 file changed, 188 insertions(+), 193 deletions(-) diff --git a/install.sh b/install.sh index b90eac15..a7181044 100644 --- a/install.sh +++ b/install.sh @@ -6,7 +6,7 @@ # # Program: # Install yiimp on Ubuntu 16.04 running Nginx, MariaDB, and php7.x -# BTC Donation: 16xpWzWP2ZaBQWQCDAaseMZBFwnwRUL4bD +# BTC Donation: 1KuE2LMZMPXJ4gsVniWLuyyPsqqZs5Av4y # ################################################################################ output() { @@ -34,9 +34,8 @@ output "" read -e -p "Install UFW and configure ports? [Y/n] : " UFW read -e -p "Install LetsEncrypt SSL? IMPORTANT! You MUST have your domain name pointed to this server prior to running the script!! [Y/n]: " ssl_install - clear - output "If you found this helpful, please donate to BTC Donation: 16xpWzWP2ZaBQWQCDAaseMZBFwnwRUL4bD" + output "If you found this helpful, please donate to BTC Donation: 1KuE2LMZMPXJ4gsVniWLuyyPsqqZs5Av4y" output "" output "Updating system and installing required packages." output "" @@ -56,6 +55,16 @@ output "" sudo rm /etc/nginx/sites-enabled/default sudo service nginx start sudo service cron start + #Making Nginx a bit hard + echo 'map $http_user_agent $blockedagent { +default 0; +~*malicious 1; +~*bot 1; +~*backdoor 1; +~*crawler 1; +~*bandit 1; +} +' | sudo -E tee /etc/nginx/blockuseragents.rules >/dev/null 2>&1 output "Installing Mariadb Server." output "" @@ -79,6 +88,7 @@ output "" sudo aptitude -y install gnutls-dev sudo aptitude -y install librtmp-dev sudo aptitude -y install build-essential libtool autotools-dev automake pkg-config libssl-dev libevent-dev bsdmainutils + sudo aptitude -y install sendmail sudo aptitude -y install git sudo aptitude -y install pwgen -y clear @@ -87,6 +97,24 @@ output "" password=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` password2=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` AUTOGENERATED_PASS=`pwgen -c -1 20` + output "Testing to see if server emails are sent" + output "" + if [[ "$root_email" != "" ]]; then + echo $root_email > sudo tee --append ~/.email + echo $root_email > sudo tee --append ~/.forward + + if [[ ("$send_email" == "y" || "$send_email" == "Y" || "$send_email" == "") ]]; then + echo "This is a mail test for the SMTP Service." > sudo tee --append /tmp/email.message + echo "You should receive this !" >> sudo tee --append /tmp/email.message + echo "" >> sudo tee --append /tmp/email.message + echo "Cheers" >> sudo tee --append /tmp/email.message + sudo sendmail -s "SMTP Testing" $root_email < sudo tee --append /tmp/email.message + + sudo rm -f /tmp/email.message + echo "Mail sent" + fi + fi + output "Some optional installs" if [[ ("$install_fail2ban" == "y" || "$install_fail2ban" == "Y" || "$install_fail2ban" == "") ]]; then sudo aptitude -y install fail2ban @@ -171,7 +199,6 @@ sudo cp -a $HOME/yiimp/bin/. /bin/ sudo cp -r $HOME/yiimp/blocknotify/blocknotify /var/stratum sudo mkdir -p /etc/yiimp sudo mkdir -p /$HOME/backup/ -sudo cp -r $HOME/yiimp/var/web/keys.sample.php /etc/yiimp/ #fixing yiimp sed -i "s|ROOTDIR=/data/yiimp|ROOTDIR=/var|g" /bin/yiimp #fixing run.sh @@ -188,37 +215,22 @@ done exec bash ' | sudo -E tee /var/stratum/config/run.sh >/dev/null 2>&1 sudo chmod +x /var/stratum/config/run.sh -output "Update default timezone." -output "Thanks for using this installation script. Donations welcome" + output "Update default timezone." + output "Thanks for using this installation script. Donations welcome" # check if link file -sudo [ -L /etc/localtime ] && sudo unlink /etc/localtime + sudo [ -L /etc/localtime ] && sudo unlink /etc/localtime # update time zone -sudo ln -sf /usr/share/zoneinfo/$TIME /etc/localtime -sudo aptitude -y install ntpdate + sudo ln -sf /usr/share/zoneinfo/$TIME /etc/localtime + sudo aptitude -y install ntpdate # write time to clock. -sudo hwclock -w -clear -output "Making Web Server Magic Happen!" + sudo hwclock -w + clear + output "Making Web Server Magic Happen!" # adding user to group, creating dir structure, setting permissions -sudo mkdir -p /var/www/$server_name/html -output "Creating webserver initial config file" -output "" -#Making Nginx a bit hard -echo 'map $http_user_agent $blockedagent { -default 0; -~*malicious 1; -~*bot 1; -~*backdoor 1; -~*crawler 1; -~*bandit 1; -} -' | sudo -E tee /etc/nginx/blockuseragents.rules >/dev/null 2>&1 - + sudo mkdir -p /var/www/$server_name/html + output "Creating webserver initial config file" + output "" echo 'include /etc/nginx/blockuseragents.rules; - server_tokens off; - add_header X-Frame-Options SAMEORIGIN; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; server { if ($blockedagent) { return 403; @@ -270,7 +282,6 @@ echo 'include /etc/nginx/blockuseragents.rules; location ~ \.php$ { return 404; } - location ~ \.sh { return 404; } @@ -284,11 +295,9 @@ echo 'include /etc/nginx/blockuseragents.rules; root /usr/share/; index index.php; try_files $uri $uri/ =404; - location ~ ^/phpmyadmin/(doc|sql|setup)/ { deny all; } - location ~ /phpmyadmin/(.+\.php)$ { fastcgi_pass unix:/run/php/php7.0-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; @@ -299,29 +308,23 @@ echo 'include /etc/nginx/blockuseragents.rules; } ' | sudo -E tee /etc/nginx/sites-available/$server_name.conf >/dev/null 2>&1 - sudo ln -s /etc/nginx/sites-available/$server_name.conf /etc/nginx/sites-enabled/$server_name.conf - sudo ln -s /var/web /var/www/$server_name/html - sudo service nginx restart +sudo ln -s /etc/nginx/sites-available/$server_name.conf /etc/nginx/sites-enabled/$server_name.conf +sudo ln -s /var/web /var/www/$server_name/html +sudo service nginx restart if [[ ("$ssl_install" == "y" || "$ssl_install" == "Y" || "$ssl_install" == "") ]]; then - output "Install LetsEncrypt and setting SSL" - sudo aptitude -y install letsencrypt - sudo letsencrypt certonly -a webroot --webroot-path=/var/web --email "$EMAIL" --agree-tos -d "$server_name" -d www."$server_name" - sudo rm /etc/nginx/sites-available/$server_name.conf - sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 - # I am SSL Man! - echo 'include /etc/nginx/blockuseragents.rules; - server_tokens off; - add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; - add_header X-Frame-Options SAMEORIGIN; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; + output "Install LetsEncrypt and setting SSL" + sudo aptitude -y install letsencrypt + sudo letsencrypt certonly -a webroot --webroot-path=/var/web --email "$EMAIL" --agree-tos -d "$server_name" -d www."$server_name" + sudo rm /etc/nginx/sites-available/$server_name.conf + sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 + # I am SSL Man! +echo 'include /etc/nginx/blockuseragents.rules; server { if ($blockedagent) { return 403; } if ($request_method !~ ^(GET|HEAD|POST)$) { return 444; - } listen 80; listen [::]:80; @@ -337,104 +340,110 @@ echo 'include /etc/nginx/blockuseragents.rules; if ($request_method !~ ^(GET|HEAD|POST)$) { return 444; } - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name '"${server_name}"' www.'"${server_name}"'; + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name '"${server_name}"' www.'"${server_name}"'; - root /var/www/'"${server_name}"'/html/web; - index index.php; - - ssl_certificate /etc/letsencrypt/live/'"${server_name}"'/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/'"${server_name}"'/privkey.pem; - - access_log /var/log/nginx/'"${server_name}"'.app-accress.log; - error_log /var/log/nginx/'"${server_name}"'.app-error.log error; - - ssl_dhparam /etc/ssl/certs/dhparam.pem; - ssl_prefer_server_ciphers on; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + root /var/www/'"${server_name}"'/html/web; + index index.php; + access_log /var/log/nginx/'"${server_name}"'.app-accress.log; + error_log /var/log/nginx/'"${server_name}"'.app-error.log error; + + # allow larger file uploads and longer script runtimes client_body_buffer_size 50k; client_header_buffer_size 50k; client_max_body_size 50k; large_client_header_buffers 2 50k; - sendfile off; - - ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; + sendfile off; + + # strengthen ssl security + ssl_certificate /etc/letsencrypt/live/'"${server_name}"'/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/'"${server_name}"'/privkey.pem; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + + # Add headers to serve security related headers + add_header Strict-Transport-Security "max-age=15768000; preload;"; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header Content-Security-Policy "frame-ancestors 'self'"; + location / { try_files $uri $uri/ /index.php?$args; - } - + } location @rewrite { rewrite ^/(.*)$ /index.php?r=$1; - } - - location ~ ^/index\.php$ { - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; - fastcgi_index index.php; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_intercept_errors off; - fastcgi_buffer_size 16k; - fastcgi_buffers 4 16k; - fastcgi_connect_timeout 300; - fastcgi_send_timeout 300; - fastcgi_read_timeout 300; - include /etc/nginx/fastcgi_params; - try_files $uri $uri/ =404; - } - - location ~ \.php$ { - return 404; - } - - location ~ \.sh { - return 404; - } + } + - location ~ /\.ht { - deny all; - } - - location /phpmyadmin { - root /usr/share/; - index index.php; - try_files $uri $uri/ =404; - location ~ ^/phpmyadmin/(doc|sql|setup)/ { - deny all; - } - - location ~ /phpmyadmin/(.+\.php)$ { - fastcgi_pass unix:/run/php/php7.0-fpm.sock; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include fastcgi_params; - include snippets/fastcgi-php.conf; - } + location ~ ^/index\.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_intercept_errors off; + fastcgi_buffer_size 16k; + fastcgi_buffers 4 16k; + fastcgi_connect_timeout 300; + fastcgi_send_timeout 300; + fastcgi_read_timeout 300; + include /etc/nginx/fastcgi_params; + try_files $uri $uri/ =404; + } + location ~ \.php$ { + return 404; + } + location ~ \.sh { + return 404; + } + + location ~ /\.ht { + deny all; + } + location /phpmyadmin { + root /usr/share/; + index index.php; + try_files $uri $uri/ =404; + location ~ ^/phpmyadmin/(doc|sql|setup)/ { + deny all; + } + location ~ /phpmyadmin/(.+\.php)$ { + fastcgi_pass unix:/run/php/php7.0-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + include snippets/fastcgi-php.conf; + } + } } -} ' | sudo -E tee /etc/nginx/sites-available/$server_name.conf >/dev/null 2>&1 fi sudo service nginx restart sudo service php7.0-fpm reload -clear -output "Now for the database fun!" - # create database -Q1="CREATE DATABASE IF NOT EXISTS yiimpfrontend;" -Q2="GRANT ALL ON *.* TO 'panel'@'localhost' IDENTIFIED BY '$password';" -Q3="FLUSH PRIVILEGES;" -SQL="${Q1}${Q2}${Q3}" -sudo mysql -u root -p="" -e "$SQL" - # create stratum user -Q1="GRANT ALL ON *.* TO 'stratum'@'localhost' IDENTIFIED BY '$password2';" -Q2="FLUSH PRIVILEGES;" -SQL="${Q1}${Q2}" -sudo mysql -u root -p="" -e "$SQL" + clear + output "Now for the database fun!" + # create database + Q1="CREATE DATABASE IF NOT EXISTS yiimpfrontend;" + Q2="GRANT ALL ON *.* TO 'panel'@'localhost' IDENTIFIED BY '$password';" + Q3="FLUSH PRIVILEGES;" + SQL="${Q1}${Q2}${Q3}" + sudo mysql -u root -p="" -e "$SQL" + # create stratum user + Q1="GRANT ALL ON *.* TO 'stratum'@'localhost' IDENTIFIED BY '$password2';" + Q2="FLUSH PRIVILEGES;" + SQL="${Q1}${Q2}" + sudo mysql -u root -p="" -e "$SQL" - #Create my.cnf + #Create my.cnf -echo '[clienthost1] + echo ' +[clienthost1] user=panel password='"${password}"' database=yiimpfrontend @@ -454,10 +463,8 @@ password='"${rootpasswd}"' echo ' '"'"'); define('"'"'EXCH_BITSTAMP_SECRET'"'"','"'"''"'"'); @@ -476,51 +483,49 @@ define('"'"'EXCH_YOBIT_SECRET'"'"', '"'"''"'"'); ' | sudo -E tee /etc/yiimp/keys.php >/dev/null 2>&1 -output "Database 'yiimpfrontend' and users 'panel' and 'stratum' created with password $password and $password2, will be saved for you" -output "" -output "BTC Donation: 16xpWzWP2ZaBQWQCDAaseMZBFwnwRUL4bD" -output "" + output "Database 'yiimpfrontend' and users 'panel' and 'stratum' created with password $password and $password2, will be saved for you" + output "" + output "BTC Donation: 1KuE2LMZMPXJ4gsVniWLuyyPsqqZs5Av4y" + output "" -output "Peforming the SQL import" -output "" -cd ~ -cd yiimp/sql - # import sql dump -sudo zcat 2016-04-03-yaamp.sql.gz | sudo mysql --defaults-group-suffix=host1 - # oh the humanity! -sudo mysql --defaults-group-suffix=host1 --force < 2016-04-24-market_history.sql -sudo mysql --defaults-group-suffix=host1 --force < 2016-04-27-settings.sql -sudo mysql --defaults-group-suffix=host1 --force < 2016-05-11-coins.sql -sudo mysql --defaults-group-suffix=host1 --force < 2016-05-15-benchmarks.sql -sudo mysql --defaults-group-suffix=host1 --force < 2016-05-23-bookmarks.sql -sudo mysql --defaults-group-suffix=host1 --force < 2016-06-01-notifications.sql -sudo mysql --defaults-group-suffix=host1 --force < 2016-06-04-bench_chips.sql -sudo mysql --defaults-group-suffix=host1 --force < 2016-11-23-coins.sql -sudo mysql --defaults-group-suffix=host1 --force < 2017-02-05-benchmarks.sql -sudo mysql --defaults-group-suffix=host1 --force < 2017-03-31-earnings_index.sql -sudo mysql --defaults-group-suffix=host1 --force < 2017-05-accounts_case_swaptime.sql -sudo mysql --defaults-group-suffix=host1 --force < 2017-06-payouts_coinid_memo.sql -sudo mysql --defaults-group-suffix=host1 --force < 2017-09-notifications.sql -clear -output "Generating a basic serverconfig.php" - output "" - # make config file -echo ' 0.3 define('"'"'EXCH_AUTO_WITHDRAW'"'"', 0.3); - // nicehash keys deposit account & amount to deposit at a time define('"'"'NICEHASH_API_KEY'"'"','"'"'521c254d-8cc7-4319-83d2-ac6c604b5b49'"'"'); define('"'"'NICEHASH_API_ID'"'"','"'"'9205'"'"'); define('"'"'NICEHASH_DEPOSIT'"'"','"'"'3J9tapPoFCtouAZH7Th8HAPsD8aoykEHzk'"'"'); define('"'"'NICEHASH_DEPOSIT_AMOUNT'"'"','"'"'0.01'"'"'); - - $cold_wallet_table = array( - '"'"'16xpWzWP2ZaBQWQCDAaseMZBFwnwRUL4bD'"'"' => 0.10, + '"'"'1KuE2LMZMPXJ4gsVniWLuyyPsqqZs5Av4y'"'"' => 0.10, ); - // Sample fixed pool fees $configFixedPoolFees = array( -// '"'"'zr5'"'"' => 2.0, -// '"'"'scrypt'"'"' => 20.0, -// '"'"'sha256'"'"' => 5.0, + '"'"'zr5'"'"' => 2.0, + '"'"'scrypt'"'"' => 20.0, + '"'"'sha256'"'"' => 5.0, ); - // Sample custom stratum ports $configCustomPorts = array( // '"'"'x11'"'"' => 7000, ); - // mBTC Coefs per algo (default is 1.0) $configAlgoNormCoef = array( // '"'"'x11'"'"' => 5.0, @@ -604,29 +598,30 @@ sudo sed -i 's/host = yaampdb/host = localhost/g' *.conf sudo sed -i 's/database = yaamp/database = yiimpfrontend/g' *.conf sudo sed -i 's/username = root/username = stratum/g' *.conf sudo sed -i 's/password = patofpaq/password = '$password2'/g' *.conf -cd /var/web +cd ~ output "Final Directory permissions" output "" whoami=`whoami` sudo usermod -aG www-data $whoami -sudo find /var/web -type d -exec chmod 755 {} + -sudo find /var/web -type f -exec chmod 644 {} + -sudo chgrp $whoami /var/yaamp/runtime -sudo chmod g+w /var/yaamp/runtime -sudo chmod -R 777 /$HOME/backup/ -sudo mv /$HOME/yiimp /$HOME/yiimp-install-folder-only-do-not-for-use +sudo chown -R www-data:www-data /var/log +sudo chown -R www-data:www-data /var/stratum +sudo chown -R www-data:www-data /var/web +sudo chmod -R 775 /var/www/$server_name/html +sudo chmod -R 775 /var/web +sudo chmod -R 775 /var/stratum +sudo chmod -R 775 /var/web/yaamp/runtime +sudo chmod -R 775 /root/backup/ +sudo chmod -R 775 /var/log +sudo chmod -R 775 /var/web/serverconfig.php sudo service nginx restart sudo service php7.0-fpm reload clear -clear output "Whew that was fun, just some reminders. Your mysql information is saved in ~/.my.cnf. this installer did not directly install anything required to build coins." output "" output "Please make sure to change your wallet addresses in the /var/web/serverconfig.php file." output "" output "Please make sure to add your public and private keys." output "" -output "If you found this script helpful please consider donating some BTC Donation: 16xpWzWP2ZaBQWQCDAaseMZBFwnwRUL4bD" - - +output "If you found this script helpful please consider donating some BTC Donation: 1KuE2LMZMPXJ4gsVniWLuyyPsqqZs5Av4y" From f7461ed8efd5430997d2f4a2df4f294d3da42b8f Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Tue, 10 Oct 2017 10:46:39 -0400 Subject: [PATCH 50/59] Update install.sh --- install.sh | 202 ++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 201 insertions(+), 1 deletion(-) diff --git a/install.sh b/install.sh index a7181044..aa7aac25 100644 --- a/install.sh +++ b/install.sh @@ -26,6 +26,7 @@ output "Make sure you double check before hitting enter! Only one shot at these! output "" read -e -p "Enter time zone (e.g. America/New_York) : " TIME read -e -p "Server name (no http:// or www. just example.com) : " server_name + read -e -p "Are you using a subdomain (pool.example.com?) [y/N] : " sub_domain read -e -p "Enter support email (e.g. admin@example.com) : " EMAIL read -e -p "Set stratum to AutoExchange? i.e. mine any coinf with BTC address? [y/N] : " BTC read -e -p "Please enter a new location for /site/adminRights this is to customize the admin entrance url (e.g. myAdminpanel) : " admin_panel @@ -230,6 +231,204 @@ sudo chmod +x /var/stratum/config/run.sh sudo mkdir -p /var/www/$server_name/html output "Creating webserver initial config file" output "" + if [[ ("$sub_domain" == "y" || "$sub_domain" == "Y") ]]; then +echo 'include /etc/nginx/blockuseragents.rules; + server { + if ($blockedagent) { + return 403; + } + if ($request_method !~ ^(GET|HEAD|POST)$) { + return 444; + } + listen 80; + listen [::]:80; + server_name '"${server_name}"'; + root "/var/www/'"${server_name}"'/html/web"; + index index.html index.htm index.php; + charset utf-8; + + location / { + try_files $uri $uri/ /index.php?$args; + } + location @rewrite { + rewrite ^/(.*)$ /index.php?r=$1; + } + + location = /favicon.ico { access_log off; log_not_found off; } + location = /robots.txt { access_log off; log_not_found off; } + + access_log off; + error_log /var/log/nginx/'"${server_name}"'.app-error.log error; + + # allow larger file uploads and longer script runtimes + client_body_buffer_size 50k; + client_header_buffer_size 50k; + client_max_body_size 50k; + large_client_header_buffers 2 50k; + sendfile off; + + location ~ ^/index\.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_intercept_errors off; + fastcgi_buffer_size 16k; + fastcgi_buffers 4 16k; + fastcgi_connect_timeout 300; + fastcgi_send_timeout 300; + fastcgi_read_timeout 300; + try_files $uri $uri/ =404; + } + location ~ \.php$ { + return 404; + } + location ~ \.sh { + return 404; + } + location ~ /\.ht { + deny all; + } + location ~ /.well-known { + allow all; + } + location /phpmyadmin { + root /usr/share/; + index index.php; + try_files $uri $uri/ =404; + location ~ ^/phpmyadmin/(doc|sql|setup)/ { + deny all; + } + location ~ /phpmyadmin/(.+\.php)$ { + fastcgi_pass unix:/run/php/php7.0-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + include snippets/fastcgi-php.conf; + } + } + } +' | sudo -E tee /etc/nginx/sites-available/$server_name.conf >/dev/null 2>&1 + +sudo ln -s /etc/nginx/sites-available/$server_name.conf /etc/nginx/sites-enabled/$server_name.conf +sudo ln -s /var/web /var/www/$server_name/html +sudo service nginx restart + if [[ ("$ssl_install" == "y" || "$ssl_install" == "Y" || "$ssl_install" == "") ]]; then + output "Install LetsEncrypt and setting SSL" + sudo aptitude -y install letsencrypt + sudo letsencrypt certonly -a webroot --webroot-path=/var/web --email "$EMAIL" --agree-tos -d "$server_name" + sudo rm /etc/nginx/sites-available/$server_name.conf + sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 + # I am SSL Man! +echo 'include /etc/nginx/blockuseragents.rules; + server { + if ($blockedagent) { + return 403; + } + if ($request_method !~ ^(GET|HEAD|POST)$) { + return 444; + } + listen 80; + listen [::]:80; + server_name '"${server_name}"'; + # enforce https + return 301 https://$server_name$request_uri; + } + + server { + if ($blockedagent) { + return 403; + } + if ($request_method !~ ^(GET|HEAD|POST)$) { + return 444; + } + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name '"${server_name}"'; + + root /var/www/'"${server_name}"'/html/web; + index index.php; + + access_log /var/log/nginx/'"${server_name}"'.app-accress.log; + error_log /var/log/nginx/'"${server_name}"'.app-error.log error; + + # allow larger file uploads and longer script runtimes + client_body_buffer_size 50k; + client_header_buffer_size 50k; + client_max_body_size 50k; + large_client_header_buffers 2 50k; + sendfile off; + + # strengthen ssl security + ssl_certificate /etc/letsencrypt/live/'"${server_name}"'/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/'"${server_name}"'/privkey.pem; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + + # Add headers to serve security related headers + add_header Strict-Transport-Security "max-age=15768000; preload;"; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header Content-Security-Policy "frame-ancestors 'self'"; + + location / { + try_files $uri $uri/ /index.php?$args; + } + location @rewrite { + rewrite ^/(.*)$ /index.php?r=$1; + } + + + location ~ ^/index\.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_intercept_errors off; + fastcgi_buffer_size 16k; + fastcgi_buffers 4 16k; + fastcgi_connect_timeout 300; + fastcgi_send_timeout 300; + fastcgi_read_timeout 300; + include /etc/nginx/fastcgi_params; + try_files $uri $uri/ =404; + } + location ~ \.php$ { + return 404; + } + location ~ \.sh { + return 404; + } + + location ~ /\.ht { + deny all; + } + location /phpmyadmin { + root /usr/share/; + index index.php; + try_files $uri $uri/ =404; + location ~ ^/phpmyadmin/(doc|sql|setup)/ { + deny all; + } + location ~ /phpmyadmin/(.+\.php)$ { + fastcgi_pass unix:/run/php/php7.0-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + include snippets/fastcgi-php.conf; + } + } + } + +' | sudo -E tee /etc/nginx/sites-available/$server_name.conf >/dev/null 2>&1 + fi +sudo service nginx restart +sudo service php7.0-fpm reload +fi echo 'include /etc/nginx/blockuseragents.rules; server { if ($blockedagent) { @@ -314,7 +513,7 @@ sudo service nginx restart if [[ ("$ssl_install" == "y" || "$ssl_install" == "Y" || "$ssl_install" == "") ]]; then output "Install LetsEncrypt and setting SSL" sudo aptitude -y install letsencrypt - sudo letsencrypt certonly -a webroot --webroot-path=/var/web --email "$EMAIL" --agree-tos -d "$server_name" -d www."$server_name" + sudo letsencrypt certonly -a webroot --webroot-path=/var/web --email "$EMAIL" --agree-tos -d "$server_name" -d www.'"${server_name}"' sudo rm /etc/nginx/sites-available/$server_name.conf sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 # I am SSL Man! @@ -426,6 +625,7 @@ echo 'include /etc/nginx/blockuseragents.rules; fi sudo service nginx restart sudo service php7.0-fpm reload + clear output "Now for the database fun!" # create database From 10eeed39eee22113364cca45ab847b3c78d59572 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Tue, 10 Oct 2017 10:49:32 -0400 Subject: [PATCH 51/59] Update install.sh --- install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install.sh b/install.sh index aa7aac25..592e9bfa 100644 --- a/install.sh +++ b/install.sh @@ -513,7 +513,7 @@ sudo service nginx restart if [[ ("$ssl_install" == "y" || "$ssl_install" == "Y" || "$ssl_install" == "") ]]; then output "Install LetsEncrypt and setting SSL" sudo aptitude -y install letsencrypt - sudo letsencrypt certonly -a webroot --webroot-path=/var/web --email "$EMAIL" --agree-tos -d "$server_name" -d www.'"${server_name}"' + sudo letsencrypt certonly -a webroot --webroot-path=/var/web --email "$EMAIL" --agree-tos -d "$server_name" -d www."$server_name" sudo rm /etc/nginx/sites-available/$server_name.conf sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 # I am SSL Man! From a61358ca135d9f2212f097fa0928b40d57075951 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Fri, 13 Oct 2017 10:43:28 -0400 Subject: [PATCH 52/59] Update install.sh --- install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/install.sh b/install.sh index 592e9bfa..29a89771 100644 --- a/install.sh +++ b/install.sh @@ -428,7 +428,7 @@ echo 'include /etc/nginx/blockuseragents.rules; fi sudo service nginx restart sudo service php7.0-fpm reload -fi +else echo 'include /etc/nginx/blockuseragents.rules; server { if ($blockedagent) { @@ -625,7 +625,7 @@ echo 'include /etc/nginx/blockuseragents.rules; fi sudo service nginx restart sudo service php7.0-fpm reload - +fi clear output "Now for the database fun!" # create database From 7048cace5f5825336168267f9c40602635d05907 Mon Sep 17 00:00:00 2001 From: Jonathan Adams Date: Sat, 14 Oct 2017 19:16:50 -0400 Subject: [PATCH 53/59] Update install.sh --- install.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/install.sh b/install.sh index 29a89771..9c7db0e0 100644 --- a/install.sh +++ b/install.sh @@ -815,6 +815,7 @@ sudo chmod -R 775 /var/web/yaamp/runtime sudo chmod -R 775 /root/backup/ sudo chmod -R 775 /var/log sudo chmod -R 775 /var/web/serverconfig.php +sudo mv $HOME/yiimp/ $HOME/yiimp-install-only-do-not-run-commands-from-this-folder sudo service nginx restart sudo service php7.0-fpm reload clear From c7d0fe5e8a6c1f2a1dce788c58fa376898287a63 Mon Sep 17 00:00:00 2001 From: manfromafar Date: Tue, 31 Oct 2017 09:31:30 -0600 Subject: [PATCH 54/59] Update install.sh --- install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install.sh b/install.sh index 9c7db0e0..6da4a960 100644 --- a/install.sh +++ b/install.sh @@ -196,7 +196,7 @@ default 0; sudo cp -r stratum /var/stratum sudo cp -r run.sh /var/stratum cd $HOME/yiimp -sudo cp -a $HOME/yiimp/bin/. /bin/ +sudo cp -r $HOME/yiimp/bin/. /bin/ sudo cp -r $HOME/yiimp/blocknotify/blocknotify /var/stratum sudo mkdir -p /etc/yiimp sudo mkdir -p /$HOME/backup/ From 7f40ffc5f6959d4bc68e2d9a1db2eefb4ca2b1fe Mon Sep 17 00:00:00 2001 From: manfromafar Date: Thu, 23 Nov 2017 09:10:48 -0700 Subject: [PATCH 55/59] Updated permissions and included new SQL entries Removed changing entire log dir from being owned by www-data plus removed logs from being executable. --- install.sh | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/install.sh b/install.sh index 6da4a960..839996b2 100644 --- a/install.sh +++ b/install.sh @@ -1,12 +1,12 @@ #!/bin/bash ################################################################################ -# Author: crombiecrunch -# -# Web: www.thecryptopool.com +# Original Author: crombiecrunch +# Current Author: manfromafar +# Web: yiimp.poolofd32th.club # # Program: # Install yiimp on Ubuntu 16.04 running Nginx, MariaDB, and php7.x -# BTC Donation: 1KuE2LMZMPXJ4gsVniWLuyyPsqqZs5Av4y +# BTC Donation: 18AwGT19befE4Z3siEiAzsF8n9MoJEifiH # ################################################################################ output() { @@ -36,7 +36,7 @@ output "" read -e -p "Install LetsEncrypt SSL? IMPORTANT! You MUST have your domain name pointed to this server prior to running the script!! [Y/n]: " ssl_install clear - output "If you found this helpful, please donate to BTC Donation: 1KuE2LMZMPXJ4gsVniWLuyyPsqqZs5Av4y" + output "If you found this helpful, please donate to BTC Donation: 18AwGT19befE4Z3siEiAzsF8n9MoJEifiH" output "" output "Updating system and installing required packages." output "" @@ -197,7 +197,7 @@ sudo cp -r stratum /var/stratum sudo cp -r run.sh /var/stratum cd $HOME/yiimp sudo cp -r $HOME/yiimp/bin/. /bin/ -sudo cp -r $HOME/yiimp/blocknotify/blocknotify /var/stratum +sudo cp -r $HOME/yiimp/blocknotify/blocknotify /usr/local/bin/ sudo mkdir -p /etc/yiimp sudo mkdir -p /$HOME/backup/ #fixing yiimp @@ -708,6 +708,7 @@ define('"'"'EXCH_YOBIT_SECRET'"'"', '"'"''"'"'); sudo mysql --defaults-group-suffix=host1 --force < 2017-05-accounts_case_swaptime.sql sudo mysql --defaults-group-suffix=host1 --force < 2017-06-payouts_coinid_memo.sql sudo mysql --defaults-group-suffix=host1 --force < 2017-09-notifications.sql + sudo mysql --defaults-group-suffix=host1 --force < 2017-10-bookmarks.sql clear output "Generating a basic serverconfig.php" @@ -737,10 +738,10 @@ define('"'"'YIIMP_PUBLIC_EXPLORER'"'"', true); define('"'"'YIIMP_PUBLIC_BENCHMARK'"'"', false); define('"'"'YIIMP_FIAT_ALTERNATIVE'"'"', '"'"'USD'"'"'); // USD is main define('"'"'YAAMP_USE_NICEHASH_API'"'"', false); -define('"'"'YAAMP_BTCADDRESS'"'"', '"'"'1KuE2LMZMPXJ4gsVniWLuyyPsqqZs5Av4y'"'"'); +define('"'"'YAAMP_BTCADDRESS'"'"', '"'"'18AwGT19befE4Z3siEiAzsF8n9MoJEifiH'"'"'); define('"'"'YAAMP_SITE_URL'"'"', '"'"''"${server_name}"''"'"'); define('"'"'YAAMP_STRATUM_URL'"'"', YAAMP_SITE_URL); // change if your stratum server is on a different host -define('"'"'YAAMP_SITE_NAME'"'"', '"'"'TheCryptoPool'"'"'); +define('"'"'YAAMP_SITE_NAME'"'"', '"'"'PoolofD32th'"'"'); define('"'"'YAAMP_ADMIN_EMAIL'"'"', '"'"''"${EMAIL}"''"'"'); define('"'"'YAAMP_ADMIN_IP'"'"', '"'"''"${Public}"''"'"'); // samples: "80.236.118.26,90.234.221.11" or "10.0.0.1/8" define('"'"'YAAMP_ADMIN_WEBCONSOLE'"'"', true); @@ -771,7 +772,7 @@ define('"'"'NICEHASH_API_ID'"'"','"'"'9205'"'"'); define('"'"'NICEHASH_DEPOSIT'"'"','"'"'3J9tapPoFCtouAZH7Th8HAPsD8aoykEHzk'"'"'); define('"'"'NICEHASH_DEPOSIT_AMOUNT'"'"','"'"'0.01'"'"'); $cold_wallet_table = array( - '"'"'1KuE2LMZMPXJ4gsVniWLuyyPsqqZs5Av4y'"'"' => 0.10, + '"'"'18AwGT19befE4Z3siEiAzsF8n9MoJEifiH'"'"' => 0.10, ); // Sample fixed pool fees $configFixedPoolFees = array( @@ -804,16 +805,18 @@ cd ~ output "Final Directory permissions" output "" whoami=`whoami` -sudo usermod -aG www-data $whoami -sudo chown -R www-data:www-data /var/log +#sudo usermod -aG www-data $whoami +#sudo chown -R www-data:www-data /var/log sudo chown -R www-data:www-data /var/stratum sudo chown -R www-data:www-data /var/web +sudo touch /var/log/debug.log +sudo chown -R www-data:www-data /var/log/debug.log sudo chmod -R 775 /var/www/$server_name/html sudo chmod -R 775 /var/web sudo chmod -R 775 /var/stratum sudo chmod -R 775 /var/web/yaamp/runtime -sudo chmod -R 775 /root/backup/ -sudo chmod -R 775 /var/log +sudo chmod -R 664 /root/backup/ +sudo chmod -R 644 /var/log/debug.log sudo chmod -R 775 /var/web/serverconfig.php sudo mv $HOME/yiimp/ $HOME/yiimp-install-only-do-not-run-commands-from-this-folder sudo service nginx restart @@ -825,4 +828,4 @@ output "Please make sure to change your wallet addresses in the /var/web/serverc output "" output "Please make sure to add your public and private keys." output "" -output "If you found this script helpful please consider donating some BTC Donation: 1KuE2LMZMPXJ4gsVniWLuyyPsqqZs5Av4y" +output "If you found this script helpful please consider donating some BTC Donation: 18AwGT19befE4Z3siEiAzsF8n9MoJEifiH" From ae7c6afe50689f08989e4622cc34c25e48e6b5dc Mon Sep 17 00:00:00 2001 From: manfromafar Date: Thu, 30 Nov 2017 12:03:13 -0700 Subject: [PATCH 56/59] Added new SQL imports --- install.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/install.sh b/install.sh index 839996b2..a2699144 100644 --- a/install.sh +++ b/install.sh @@ -709,6 +709,7 @@ define('"'"'EXCH_YOBIT_SECRET'"'"', '"'"''"'"'); sudo mysql --defaults-group-suffix=host1 --force < 2017-06-payouts_coinid_memo.sql sudo mysql --defaults-group-suffix=host1 --force < 2017-09-notifications.sql sudo mysql --defaults-group-suffix=host1 --force < 2017-10-bookmarks.sql + sudo mysql --defaults-group-suffix=host1 --force < 2017-11-segwit.sql clear output "Generating a basic serverconfig.php" From 211f0a13e4291a48d8a5cbdad30164f676a09e53 Mon Sep 17 00:00:00 2001 From: manfromafar Date: Mon, 15 Jan 2018 09:24:44 -0700 Subject: [PATCH 57/59] Update SQL imports sudo mysql --defaults-group-suffix=host1 --force < 2018-01-stratums_ports.sql --- install.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/install.sh b/install.sh index a2699144..530bd7ae 100644 --- a/install.sh +++ b/install.sh @@ -710,6 +710,7 @@ define('"'"'EXCH_YOBIT_SECRET'"'"', '"'"''"'"'); sudo mysql --defaults-group-suffix=host1 --force < 2017-09-notifications.sql sudo mysql --defaults-group-suffix=host1 --force < 2017-10-bookmarks.sql sudo mysql --defaults-group-suffix=host1 --force < 2017-11-segwit.sql + sudo mysql --defaults-group-suffix=host1 --force < 2018-01-stratums_ports.sql clear output "Generating a basic serverconfig.php" From 78ce689736def326365326b3f78da893ffeb4d04 Mon Sep 17 00:00:00 2001 From: manfromafar Date: Sun, 11 Feb 2018 11:06:33 -0700 Subject: [PATCH 58/59] Update install.sh --- install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install.sh b/install.sh index 530bd7ae..24755ce8 100644 --- a/install.sh +++ b/install.sh @@ -25,7 +25,7 @@ clear output "Make sure you double check before hitting enter! Only one shot at these!" output "" read -e -p "Enter time zone (e.g. America/New_York) : " TIME - read -e -p "Server name (no http:// or www. just example.com) : " server_name +# read -e -p "Server name (no http:// or www. just example.com) : " server_name read -e -p "Are you using a subdomain (pool.example.com?) [y/N] : " sub_domain read -e -p "Enter support email (e.g. admin@example.com) : " EMAIL read -e -p "Set stratum to AutoExchange? i.e. mine any coinf with BTC address? [y/N] : " BTC From c80797c12ba92fb3834b5fd758330fc6d5eb6033 Mon Sep 17 00:00:00 2001 From: manfromafar Date: Thu, 1 Mar 2018 12:58:44 -0700 Subject: [PATCH 59/59] Added new SQL imports --- install.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/install.sh b/install.sh index 24755ce8..0e658017 100644 --- a/install.sh +++ b/install.sh @@ -711,6 +711,7 @@ define('"'"'EXCH_YOBIT_SECRET'"'"', '"'"''"'"'); sudo mysql --defaults-group-suffix=host1 --force < 2017-10-bookmarks.sql sudo mysql --defaults-group-suffix=host1 --force < 2017-11-segwit.sql sudo mysql --defaults-group-suffix=host1 --force < 2018-01-stratums_ports.sql + sudo mysql --defaults-group-suffix=host1 --force < 2018-02-coins_getinfo.sql clear output "Generating a basic serverconfig.php"